path: root/data/CVE/2008.list

CVE-2008-7321 (The tubepress plugin before 1.6.5 for WordPress has XSS. ...)
	NOT-FOR-US: tubepress plugin for WordPress
CVE-2008-7320 (** DISPUTED ** GNOME Seahorse through 3.30 allows physically proximate ...)
	- seahorse <unfixed> (unimportant)
	NOTE: https://bugs.launchpad.net/ubuntu/+source/seahorse/+bug/189774
	NOTE: https://bugs.launchpad.net/ubuntu/+source/seahorse/+bug/189774/comments/13
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=551036
	NOTE: Explicitly a design decision by upstream and not considered a security issue
CVE-2008-7319 (The Net::Ping::External extension through 0.15 for Perl does not prope ...)
	- libnet-ping-external-perl <removed> (bug #881097)
	[wheezy] - libnet-ping-external-perl <ignored> (Package may be removed from Wheezy, see #881102)
	NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=33230
	NOTE: Proposed patch: http://matthias.sdfeu.org/devel/net-ping-external-cmd-injection.patch
CVE-2008-7318
	RESERVED
CVE-2008-7317
	RESERVED
CVE-2008-7316 (mm/filemap.c in the Linux kernel before 2.6.25 allows local users to c ...)
	- linux <not-affected> (Issue fixed before the src:linux-2.6 rename)
	- linux-2.6 2.6.25-1
	NOTE: https://git.kernel.org/linus/124d3b7041f9a0ca7c43a6293e1cae4576c32fd5 (v2.6.25-rc1)
CVE-2008-7315 (UI-Dialog 1.09 and earlier allows remote attackers to execute arbitrar ...)
	- libui-dialog-perl 1.21-0.1 (bug #496448)
	[jessie] - libui-dialog-perl <no-dsa> (Minor issue)
	[wheezy] - libui-dialog-perl <no-dsa> (Minor issue)
	[squeeze] - libui-dialog-perl <no-dsa> (Minor issue)
	NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=107364
	NOTE: https://www.openwall.com/lists/oss-security/2015/10/08/2
CVE-2008-7314 (mIRC before 6.35 allows attackers to cause a denial of service (crash) ...)
	NOT-FOR-US: mIRC
CVE-2008-7313 (The _httpsrequest function in Snoopy allows remote attackers to execut ...)
	{DSA-3248-1 DLA-357-1}
	- libphp-snoopy 2.0.0-1 (bug #778634)
	NOTE: additional commit missing, so fix for CVE-2008-4796 was incomplete
	NOTE: http://snoopy.cvs.sourceforge.net/viewvc/snoopy/Snoopy/Snoopy.class.php?view=log#rev1.27
CVE-2008-7312 (The Filtering Service in Websense Enterprise 5.2 through 6.3 does not  ...)
	NOT-FOR-US: Websense
CVE-2008-7311 (The session cookie store implementation in Spree 0.2.0 uses a hardcode ...)
	NOT-FOR-US: Spree
CVE-2008-7310 (Spree 0.2.0 does not properly restrict the use of a hash to provide va ...)
	NOT-FOR-US: Spree
CVE-2008-7309 (Insoshi before 20080920 does not properly restrict the use of a hash t ...)
	NOT-FOR-US: Insoshi
CVE-2008-7308
	REJECTED
CVE-2008-7307
	REJECTED
CVE-2008-7306
	REJECTED
CVE-2008-7305
	REJECTED
CVE-2008-7304
	REJECTED
CVE-2008-7303 (The nonet and nointernet sandbox profiles in Apple Mac OS X 10.5.x do  ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-7302 (SQL injection vulnerability in netinvoice.php in the nBill (com_netinv ...)
	NOT-FOR-US: Joomla extension
CVE-2008-7301 (SQL injection vulnerability in admin/login.php in jSite 1.0 OE allows  ...)
	NOT-FOR-US: jSite
CVE-2008-7300 (The labeled networking implementation in Solaris Trusted Extensions in ...)
	NOT-FOR-US: Oracle Solaris
CVE-2008-7299 (IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.2 uses ...)
	NOT-FOR-US: Tivoli
CVE-2008-7298 (The Android browser in Android cannot properly restrict modifications  ...)
	NOT-FOR-US: Android browser
CVE-2008-7297 (Opera cannot properly restrict modifications to cookies established in ...)
	NOT-FOR-US: Opera
CVE-2008-7296 (Apple Safari cannot properly restrict modifications to cookies establi ...)
	NOT-FOR-US: Safari, see CVE-2008-7294 for potential webkit ramifications
CVE-2008-7295 (Microsoft Internet Explorer cannot properly restrict modifications to  ...)
	NOT-FOR-US: Internet Explorer
CVE-2008-7294 (Google Chrome before 4.0.211.0 cannot properly restrict modifications  ...)
	- chromium-browser 4.0.211.0
	- webkit <not-affected>
CVE-2008-7293 (Mozilla Firefox before 4 cannot properly restrict modifications to coo ...)
	- iceweasel 4.0-1 (unimportant)
	NOTE: This is about the lack of HTTP Strict Transport Security, which is ultimately
	NOTE: a security feature enhancement
CVE-2008-7292 (Bugzilla 2.20.x before 2.20.5, 2.22.x before 2.22.3, and 3.0.x before  ...)
	- bugzilla 3.0.4-1
CVE-2008-7290 (Memory leak in the ldap_explode_rdn API function in IBM Tivoli Directo ...)
	NOT-FOR-US: Tivoli
CVE-2008-7289 (IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-LA0007 d ...)
	NOT-FOR-US: Tivoli
CVE-2008-7288 (IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-LA0007 o ...)
	NOT-FOR-US: Tivoli
CVE-2008-7287 (Multiple memory leaks in the (1) ldap_init and (2) ldap_url_search_dir ...)
	NOT-FOR-US: Tivoli
CVE-2008-7286 (IBM Lotus Quickr 8.1 before 8.1.0.2 services for Lotus Domino does not ...)
	NOT-FOR-US: IBM Lotus Quickr
CVE-2008-7285 (Unspecified vulnerability in the docnote string handling implementatio ...)
	NOT-FOR-US: IBM Lotus Quickr
CVE-2008-7284 (IBM Lotus Quickr 8.1 before 8100.003 services for Lotus Domino allows  ...)
	NOT-FOR-US: IBM Lotus Quickr
CVE-2008-7283 (Open Ticket Request System (OTRS) before 2.2.6, when customer group su ...)
	- otrs2 2.2.6-1
CVE-2008-7282 (Kernel/Output/HTML/CustomerNewTicketQueueSelectionGeneric.pm in Open T ...)
	- otrs2 2.2.6-1
CVE-2008-7281 (Open Ticket Request System (OTRS) before 2.2.7 sends e-mail containing ...)
	- otrs2 2.2.7-1
CVE-2008-7280 (Kernel/System/EmailParser.pm in PostmasterPOP3.pl in Open Ticket Reque ...)
	- otrs2 2.2.7-1
CVE-2008-7279 (The CustomerInterface component in Open Ticket Request System (OTRS) b ...)
	- otrs2 2.3.2-1
CVE-2008-7278 (The S/MIME feature in Open Ticket Request System (OTRS) before 2.2.5,  ...)
	- otrs2 2.3.2-1 (low)
CVE-2008-7277 (Open Ticket Request System (OTRS) before 2.3.0-beta4 checks for the rw ...)
	- otrs2 2.3.2-1 (low)
CVE-2008-7276 (Kernel/System/Web/Request.pm in Open Ticket Request System (OTRS) befo ...)
	- otrs2 2.3.2-1 (low)
CVE-2008-7275 (Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Req ...)
	- otrs2 2.3.3-1
CVE-2008-7274 (IBM WebSphere Application Server (WAS) 6.1.0.9, when the JAAS Login fu ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2008-7271 (Multiple cross-site scripting (XSS) vulnerabilities in the Help Conten ...)
	- eclipse <not-affected> (Fixed before the version now in Squeeze)
CVE-2008-7270 (OpenSSL before 0.9.8j, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is ...)
	- openssl 0.9.8k-1
	[lenny] - openssl 0.9.8g-15+lenny11
	NOTE: lenny was fixed as a side effect of the fix of CVE-2010-4180
	NOTE: which disabled the bug compatibility code
CVE-2008-7269 (Open redirect vulnerability in api.php in SiteEngine 5.x allows user-a ...)
	NOT-FOR-US: SiteEngine
CVE-2008-7268 (The phpinfo function in SiteEngine 5.x allows remote attackers to obta ...)
	NOT-FOR-US: SiteEngine
CVE-2008-7267 (SQL injection vulnerability in announcements.php in SiteEngine 5.x all ...)
	NOT-FOR-US: SiteEngine
CVE-2008-7266 (Cross-site scripting (XSS) vulnerability in an unspecified Shockwave F ...)
	NOT-FOR-US: RSA Adaptive Authentication
CVE-2008-7265 (The pr_data_xfer function in ProFTPD before 1.3.2rc3 allows remote aut ...)
	{DSA-2191-1}
	- proftpd-dfsg 1.3.2-1 (low)
CVE-2008-7264 (The ftp_QUIT function in ftpserver.py in pyftpdlib before 0.5.0 allows ...)
	- python-pyftpdlib <not-affected> (Fixed before initial upload to the archive)
CVE-2008-7263 (ftpserver.py in pyftpdlib before 0.5.0 does not delay its response aft ...)
	- python-pyftpdlib <not-affected> (Fixed before initial upload to the archive)
CVE-2008-7262 (Multiple directory traversal vulnerabilities in FTPServer.py in pyftpd ...)
	- python-pyftpdlib <not-affected> (Fixed before initial upload to the archive)
CVE-2008-7261 (The Workplace (aka WP) component in IBM FileNet P8 Application Engine  ...)
	NOT-FOR-US: IBM FileNet P8 Application Engine
CVE-2008-XXXX [greylistd bypass]
	- greylistd 0.8.7+nmu2 (low; bug #464084)
	[lenny] - greylistd <no-dsa> (Minor issue)
CVE-2008-7260
	RESERVED
CVE-2008-7259
	RESERVED
CVE-2008-7258
	- ssmtp <unfixed> (unimportant; bug #591515)
CVE-2008-7257 (CRLF injection vulnerability in +webvpn+/index.html in WebVPN on Cisco ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2008-7256 (mm/shmem.c in the Linux kernel before 2.6.28-rc8, when strict overcomm ...)
	- linux-2.6 2.6.28-1 (low)
	[lenny] - linux-2.6 2.6.26-23
CVE-2008-7255 (login_screen.tcl in aMSN (aka Alvaro's Messenger) before 0.97.1 saves  ...)
	- amsn 0.97.1~debian-1 (low)
CVE-2008-7254 (Directory traversal vulnerability in includes/template-loader.php in I ...)
	NOT-FOR-US: Pepsi CMS
CVE-2008-7253 (The default configuration of the web server in IBM Lotus Domino Server ...)
	NOT-FOR-US: IBM Lotus Domino Server
CVE-2008-7252 (libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 uses pred ...)
	{DSA-2034-1}
	- phpmyadmin 4:3.0.0-1
	NOTE: http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin?view=rev&revision=11528
CVE-2008-7251 (libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 creates a ...)
	{DSA-2034-1}
	- phpmyadmin 4:3.0.0-1
	NOTE: http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin?view=rev&revision=11536
CVE-2008-7250 (Cross-site scripting (XSS) vulnerability in Squid Analysis Report Gene ...)
	- sarg 2.2.5-1 (low)
CVE-2008-7249 (Buffer overflow in Squid Analysis Report Generator (Sarg) 2.2.3.1, and ...)
	- sarg 2.2.4-1 (medium)
CVE-2008-7247 (sql/sql_table.cc in MySQL 5.0.x through 5.0.88, 5.1.x through 5.1.41,  ...)
	- mysql-5.1 5.1.49-3 (low; bug #569484)
	- mysql-dfsg-5.0 <not-affected> (Vulnerable code not present)
CVE-2008-7248 (Ruby on Rails 2.1 before 2.1.3 and 2.2.x before 2.2.2 does not verify  ...)
	- rails 2.2.3-1 (medium; bug #558685)
	[lenny] - rails <not-affected> (Vulnerable code not present)
	NOTE: http://weblog.rubyonrails.org/2008/11/18/potential-circumvention-of-csrf-protection-in-rails-2-1
CVE-2008-7246 (Google Chrome 0.2.149.29 and earlier allows remote attackers to cause  ...)
	- chromium-browser <unfixed> (unimportant)
	NOTE: browser denial of services aren't considered security-relevant
CVE-2008-7245 (Opera 9.52 and earlier allows remote attackers to cause a denial of se ...)
	NOT-FOR-US: Opera
CVE-2008-7244 (Mozilla Firefox 3.0.1 and earlier allows remote attackers to cause a d ...)
	- xulrunner <unfixed> (unimportant)
	NOTE: browser denial-of-services are unimportant
CVE-2008-7243 (Cross-site request forgery (CSRF) vulnerability in page 34 in MODx CMS ...)
	NOT-FOR-US: MODx CMS
CVE-2008-7242 (Multiple cross-site scripting (XSS) vulnerabilities in MODx CMS 0.9.6. ...)
	NOT-FOR-US: MODx CMS
CVE-2008-7241 (Cross-site request forgery (CSRF) vulnerability in PunBB before 1.2.17 ...)
	NOT-FOR-US: PunBB
CVE-2008-7240 (Directory traversal vulnerability in include/unverified.inc.php in Lin ...)
	NOT-FOR-US: Linux Web Shop (LWS) php User Base
CVE-2008-7228 (Multiple format string vulnerabilities in White_Dune before 0.29beta85 ...)
	- whitedune <not-affected> (bug #546903)
	NOTE: The debian binary versions are not compiled with the --with-aflockdebug option
CVE-2008-7224 (Buffer overflow in entity_cache in ELinks before 0.11.4rc0 allows remo ...)
	{DSA-1902-1}
	- elinks 0.11.3-1 (low; bug #380347)
CVE-2008-7239 (Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.1 ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2008-7238 (Multiple unspecified vulnerabilities in Oracle E-Business Suite 12.0.3 ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2008-7237 (Unspecified vulnerability in the Oracle Internet Directory component i ...)
	NOT-FOR-US: Oracle Application Server
CVE-2008-7236 (Unspecified vulnerability in the Oracle JDeveloper component in Oracle ...)
	NOT-FOR-US: Oracle Application Server
CVE-2008-7235 (Unspecified vulnerability in the Oracle Forms component in Oracle Appl ...)
	NOT-FOR-US: Oracle Application Server
CVE-2008-7234 (Unspecified vulnerability in the Oracle BPEL Worklist Application comp ...)
	NOT-FOR-US: Oracle Application Server
CVE-2008-7233 (Unspecified vulnerability in the E-Business Application client, as use ...)
	NOT-FOR-US: E-Business Application client
CVE-2008-7232 (Buffer overflow in the report function in xtacacsd 4.1.2 and earlier a ...)
	NOT-FOR-US: xtacacsd
CVE-2008-7231 (Cross-site scripting (XSS) vulnerability in Meridio Document and Recor ...)
	NOT-FOR-US: Meridio Document and Records Management
CVE-2008-7230 (Unspecified vulnerability in Small Footprint CIM Broker (SFCB) before  ...)
	NOT-FOR-US: Small Footprint CIM Broker
CVE-2008-7229 (GreenSQL Firewall (greensql-fw) before 0.9.2 allows remote attackers t ...)
	NOT-FOR-US: GreenSQL Firewall
CVE-2008-7227 (PartialBufferOutputStream2 in GeoServer before 1.6.1 and 1.7.0-beta1 a ...)
	NOT-FOR-US: GeoServer
CVE-2008-7226 (SQL injection vulnerability in index.php in the Recipes module 1.3, 1. ...)
	NOT-FOR-US: Recipes module for PHP-Nuke
CVE-2008-7225 (Heap-based buffer overflow in Foxit Remote Access Server (aka WAC Serv ...)
	NOT-FOR-US: Foxit Remote Access Server
CVE-2008-7223 (Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before 1 ...)
	NOT-FOR-US: LinPHA
CVE-2008-7222 (Cross-site scripting (XSS) vulnerability in system/admin.php in RunCMS ...)
	NOT-FOR-US: RunCMS
CVE-2008-7221 (Cross-site request forgery (CSRF) vulnerability in RunCMS 1.6.1 allows ...)
	NOT-FOR-US: RunCMS
CVE-2008-7220 (Unspecified vulnerability in Prototype JavaScript framework (prototype ...)
	{DSA-1952-1}
	- prototypejs 1.6.0.2-1
	- asterisk 1:1.6.2.0~rc3-1 (low; bug #555220)
	[etch] - asterisk <end-of-life> (Etch Packages no longer covered by security support)
	[lenny] - asterisk <no-dsa> (Minor issue)
	- auth2db 0.2.5-2+dfsg-1 (low; bug #555217)
	- libaws 2.7-1 (low; bug #555221)
	[etch] - libaws <no-dsa> (minor issue)
	[lenny] - libaws <no-dsa> (minor issue)
	- libjson-ruby 1.1.4-1 (low; bug #555223)
	[lenny] - libjson-ruby 1.1.2-1+lenny1
	- lucene2 2.9.1+ds1-2 (unimportant; bug #555225)
	[etch] - lucene2 <not-affected> (prototype.js not present)
	NOTE: prototype.js copy unused per #555225
	- glpi 0.72.3-1 (low; bug #555228)
	[etch] - glpi <no-dsa> (minor issue)
	[lenny] - glpi <no-dsa> (minor issue)
	- knowledgeroot 0.9.9.5-1 (low; bug #555229)
	[etch] - knowledgeroot <no-dsa> (minor issue)
	[lenny] - knowledgeroot <not-affected> (Vulnerable code not present)
	- mt-daapd 0.9~r1696.dfsg-6 (low; bug #555231)
	[etch] - mt-daapd 0.2.4+r1376-1.1+etch3
	- mediatomb 0.12.0~svn2018-5 (low; bug #555232)
	[lenny] - mediatomb <no-dsa> (minor issue)
	- op-panel 0.30~dfsg-1 (low; bug #555234)
	- ebug-http 0.31-2.1 (low; bug #555235)
	[lenny] - ebug-http <no-dsa> (Minor issue)
	- poker-network 1.7.6-1 (low; bug #555237)
	[etch] - poker-network <no-dsa> (minor issue)
	- webhelpers 0.3.4-2 (low; bug #555239)
	- qwik <removed> (low; bug #555240)
	[etch] - qwik <no-dsa> (minor issue)
	[lenny] - qwik <no-dsa> (minor issue)
	- wordpress 2.5.0-2 (low; bug #555242)
	[etch] - wordpress <not-affected> (prototype.js not present)
	- exaile 0.2.14+debian-2.2 (low; bug #555244)
	[lenny] - exaile <no-dsa> (minor issue)
	- hobix 0.5~svn20070319-4 (low; bug #555246)
	[lenny] - hobix <no-dsa> (minor issue)
	- pixelpost 1.7.1-6 (low; bug #555248)
	[lenny] - pixelpost <no-dsa> (minor issue)
	- symfony 1.0.21-1.1 (low; bug #555250)
	[lenny] - symfony <no-dsa> (minor issue)
	- jscropperui 1.2.1-1 (low; bug #555255)
	[lenny] - jscropperui <no-dsa> (minor issue)
	- rt-extension-emailcompletion <not-affected> (prototype.js not included in the binary package; bug #555258)
	- scriptaculous 1.8.3-1 (low; bug #555259)
	[lenny] - scriptaculous <no-dsa> (Minor issue)
	- activeldap 1.0.9-1 (unimportant; bug #555263)
	NOTE: Only shipped in an example
	- otrs2 2.3.4-6 (low; bug #555266)
	[etch] - otrs2 <not-affected> (prototype.js not present)
	[lenny] - otrs2 <not-affected> (prototype.js not present)
	- webcalendar 1.2~b1-2 (low; bug #555268)
	[lenny] - webcalendar <not-affected> (prototype.js not present)
	- libhtml-prototype-perl 1.48-3 (low; bug #558977)
	[etch] - libhtml-prototype-perl <no-dsa> (minor issue)
	[lenny] - libhtml-prototype-perl <no-dsa> (minor issue)
	- plone3 <removed> (low; bug #555274)
	- wesnoth <not-affected> (prototype.js not included in any of the binary packages; bug #555266)
	- webcit <not-affected> (fixed since initial inclusion)
	- zabbix <not-affected> (fixed since initial inclusion)
	- chora2 <not-affected> (fixed since initial inclusion)
	- gollem <not-affected> (fixed since initial inclusion)
	- ingo1 <not-affected> (fixed since initial inclusion)
	- kronolith2 <not-affected> (fixed since initial inclusion)
	- jifty <not-affected> (fixed since initial inclusion)
	- jquery <not-affected> (fixed since initial inclusion)
	- passenger <not-affected> (fixed since initial inclusion)
CVE-2008-7219 (Horde Kronolith H3 2.1 before 2.1.7 and 2.2 before 2.2-RC2; Nag H3 2.1 ...)
	- kronolith2 2.1.7-1
	- nag2 2.1.4-1
	- mnemo2 2.1.2-1
CVE-2008-7218 (Unspecified vulnerability in the Horde API in Horde 3.1 before 3.1.6 a ...)
	{DSA-1897-1}
	- horde3 3.1.6-1
	- turba2 2.1.7-1
	- kronolith2 2.1.7-1
	- nag2 2.1.4-1
	- mnemo2 2.1.2-1
CVE-2008-7217 (Microsoft Office 2008 for Mac, when running on Macintosh systems that  ...)
	NOT-FOR-US: Microsoft Office
CVE-2008-7216 (Peter's Math Anti-Spam Spinoff plugin for WordPress generates audio CA ...)
	NOT-FOR-US: Math Anti-Spam Spinoff plugin for WordPress
CVE-2008-7215 (The Image Manager in MOStlyCE before 2.4, as used in Mambo 4.6.3 and e ...)
	NOT-FOR-US: MOStlyCE
CVE-2008-7214 (Cross-site request forgery (CSRF) vulnerability in administrator/index ...)
	NOT-FOR-US: MOStlyCE
CVE-2008-7213 (Cross-site scripting (XSS) vulnerability in mambots/editors/mostlyce/j ...)
	NOT-FOR-US: MOStlyCE
CVE-2008-7212 (MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote ...)
	NOT-FOR-US: MOStlyCE
CVE-2008-7211 (CreativeLabs es1371mp.sys 5.1.3612.0 WDM audio driver, as used in Enso ...)
	NOT-FOR-US: CreativeLabs WDM audio driver
CVE-2008-7210 (directory.php in AJchat 0.10 allows remote attackers to bypass input v ...)
	NOT-FOR-US: AJchat
CVE-2008-7209 (Unrestricted file upload vulnerability in the add2 action in a_upload. ...)
	NOT-FOR-US: OneCMS
CVE-2008-7208 (Multiple SQL injection vulnerabilities in OneCMS 2.4, and possibly ear ...)
	NOT-FOR-US: OneCMS
CVE-2008-7207 (RivetTracker before 1.0 stores passwords in cleartext in config.php, w ...)
	NOT-FOR-US: RivetTracker
CVE-2008-7206 (Unspecified vulnerability in Electronic Logbook (ELOG) before 2.7.2 ha ...)
	NOT-FOR-US: Electronic Logbook
CVE-2008-7205 (Unspecified vulnerability in the product view functionality in VirtueM ...)
	NOT-FOR-US: VirtueMart
CVE-2008-7204 (Cross-site request forgery (CSRF) vulnerability in VirtueMart 1.0.13a  ...)
	NOT-FOR-US: VirtueMart
CVE-2008-7203 (Valve Software Half-Life Counter-Strike 1.6 allows remote attackers to ...)
	NOT-FOR-US: Valve Software Half-Life Counter-Strike
CVE-2008-7202 (Multiple cross-site scripting (XSS) vulnerabilities in OpenWebMail bef ...)
	NOT-FOR-US: OpenWebMail
CVE-2008-7201 (Lantronix MSS485-T allows remote attackers to cause a denial of servic ...)
	NOT-FOR-US: Lantronix MSS485-T
CVE-2008-7200 (Double free vulnerability in Deliantra server engine before 2.4 has un ...)
	NOT-FOR-US: Deliantra server engine
CVE-2008-7199 (Phoenix Contact FL IL 24 BK-PAC allows remote attackers to cause a den ...)
	NOT-FOR-US: Phoenix Contact FL IL 24 BK-PAC
CVE-2008-7198 (Multiple unspecified vulnerabilities in phpns before 2.1.1beta1 have u ...)
	NOT-FOR-US: phpns
CVE-2008-7197 (Multiple unspecified vulnerabilities in G15Daemon before 1.9.4 have un ...)
	NOT-FOR-US: G15Daemon
CVE-2008-7196 (Unspecified vulnerability in metashell before 0.03 has unknown impact  ...)
	NOT-FOR-US: metashell
CVE-2008-7195 (Unspecified vulnerability in Fujitsu Interstage HTTP Server, as used i ...)
	NOT-FOR-US: Fujitsu Interstage HTTP Server
CVE-2008-7194 (Unspecified vulnerability in Fujitsu Interstage HTTP Server, as used i ...)
	NOT-FOR-US: Fujitsu Interstage HTTP Server
CVE-2008-7193 (PHPKIT 1.6.4 PL1 includes the session ID in the URL, which allows remo ...)
	NOT-FOR-US: PHPKIT
CVE-2008-7192 (Cross-site request forgery (CSRF) vulnerability in index.php in WoltLa ...)
	NOT-FOR-US: WoltLab Burning Board
CVE-2008-7191 (Unspecified vulnerability in Polipo before 1.0.4 allows remote attacke ...)
	- polipo 1.0.4-1 (low)
CVE-2008-7190 (Unspecified vulnerability in Adium before 1.2 has unknown impact and a ...)
	NOT-FOR-US: Adium
CVE-2008-7189 (Multiple unspecified vulnerabilities in Local Media Browser before 0.1 ...)
	NOT-FOR-US: Local Media Browser
CVE-2008-7188 (ClipShare 2.6 does not properly restrict access to certain functionali ...)
	NOT-FOR-US: ClipShare
CVE-2008-7187 (Coppermine Photo Gallery (CPG) 1.4.14 allows remote attackers to obtai ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2008-7186 (Coppermine Photo Gallery (CPG) 1.4.14 does not restrict access to upda ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2008-7185 (GNOME Rhythmbox 0.11.5 allows remote attackers to cause a denial of se ...)
	- rhythmbox <unfixed> (unimportant)
	NOTE: No practical security impact
CVE-2008-7184 (Cross-site scripting (XSS) vulnerability in Diigo Toolbar and Diigolet ...)
	NOT-FOR-US: Diigo Toolbar and Diigolet
CVE-2008-7183 (PHP remote file inclusion vulnerability in eva/index.php in EVA CMS 2. ...)
	NOT-FOR-US: EVA CMS
CVE-2008-7182 (Buffer overflow in the IMAP service in NetWin Surgemail 3.9e, and poss ...)
	NOT-FOR-US: Surgemail
CVE-2008-7181 (Butterfly Organizer 2.0.0 allows remote attackers to (1) delete arbitr ...)
	NOT-FOR-US: Butterfly Organizer
CVE-2008-7180 (del_query1.php in Telephone Directory 2008 allows remote attackers to  ...)
	NOT-FOR-US: Telephone Directory
CVE-2008-7179 (OTManager CMS 2.4 allows remote attackers to bypass authentication and ...)
	NOT-FOR-US: OTManager
CVE-2008-7178 (Directory traversal vulnerability in Uploader module 1.1 for XOOPS all ...)
	NOT-FOR-US: XOOPS
CVE-2008-7177 (Buffer overflow in the listing module in Netwide Assembler (NASM) befo ...)
	- nasm 2.03.01-1 (low)
CVE-2008-7176 (Multiple directory traversal vulnerabilities in Facil CMS 0.1RC allow  ...)
	NOT-FOR-US: Facil CMS
CVE-2008-7175 (Cross-site scripting (XSS) vulnerability in wp-admin/admin.php in Next ...)
	NOT-FOR-US: NextGEN Gallery third party plugin for wordpress
CVE-2008-7174 (Multiple buffer overflows in the Jura Internet Connection Kit for the  ...)
	NOT-FOR-US: Jura Impressa
CVE-2008-7173 (The Jura Internet Connection Kit for the Jura Impressa F90 coffee make ...)
	NOT-FOR-US: Jura Impressa
CVE-2008-7172 (Lightweight news portal (LNP) 1.0b does not properly restrict access t ...)
	NOT-FOR-US: Lightweight news portal
CVE-2008-7171 (Multiple cross-site scripting (XSS) vulnerabilities in Lightweight new ...)
	NOT-FOR-US: Lightweight news portal
CVE-2008-7170 (GSC build 2067 and earlier relies on the client to enforce administrat ...)
	NOT-FOR-US: GSC build
CVE-2008-7169 (SQL injection vulnerability in Jabode horoscope extension (com_jabode) ...)
	NOT-FOR-US: Joomla!
CVE-2008-7168 (Insecure method vulnerability in the UUSee UUUpgrade ActiveX control ( ...)
	NOT-FOR-US: ActiveX
CVE-2008-7167 (Unrestricted file upload vulnerability in upload.php in Page Manager 2 ...)
	NOT-FOR-US: Page Manager
CVE-2008-7166 (Buffer overflow in the web interface in BitTorrent 6.0.1 (build 7859)  ...)
	NOT-FOR-US: web interface in BitTorrent 6.0.1 (build 7859)
CVE-2008-7165 (Cross-site request forgery in cp06_wifi_m_nocifr.cgi in the administra ...)
	NOT-FOR-US: TELECOM ITALIA Alice Gate2 Plus Wi-Fi
CVE-2008-7164 (Multiple unspecified vulnerabilities in Shareaza before 2.3.1.0 have u ...)
	NOT-FOR-US: Shareaza
CVE-2008-7163 (Directory traversal vulnerability in mods/Integrated/index.php in Sine ...)
	NOT-FOR-US: SineCMS
CVE-2008-7162 (Buffer overflow in Hero Super Player 3000 allows remote attackers to c ...)
	NOT-FOR-US: Hero Super Player
CVE-2008-7161 (Fortinet FortiGuard Fortinet FortiGate-1000 3.00 build 040075,070111 a ...)
	NOT-FOR-US: Fortinet FortiGuard Fortinet
CVE-2008-7159 (The silc_asn1_encoder function in lib/silcasn1/silcasn1_encode.c in Se ...)
	{DSA-1879-1}
	[lenny] - silc-toolkit 1.1.7-2+lenny1
	- silc-toolkit 1.1.10-1 (low)
	- silc-client 1.1-2 (low)
	- silc-server <not-affected> (Vulnerable code not present)
	NOTE: silc-client uses libsilc from silc-toolkit since 1.1-2
CVE-2008-7160 (The silc_http_server_parse function in lib/silchttp/silchttpserver.c i ...)
	{DSA-1879-1}
	- silc-toolkit 1.1.10-1 (low)
	- silc-client 1.1-2 (low)
	- silc-server 1.1.2-1 (low)
	NOTE: silc-client/silc-server use libsilc from silc-toolkit since 1.1-2
CVE-2008-7158 (Numara FootPrints 7.5a through 7.5a1 and 8.0 through 8.0a allows remot ...)
	NOT-FOR-US: Numara FootPrints
CVE-2008-7157 (Unrestricted file upload vulnerability in EkinBoard 1.1.0 and earlier  ...)
	NOT-FOR-US: EkinBoard
CVE-2008-7156 (EkinBoard 1.1.0 and earlier, when register_globals is enabled, allows  ...)
	NOT-FOR-US: EkinBoard
CVE-2008-7155 (NetRisk 1.9.7 does not properly restrict access to admin/change_submit ...)
	NOT-FOR-US: NetRisk
CVE-2008-7154 (Docebo 3.5.0.3 and earlier allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Docebo
CVE-2008-7153 (SQL injection vulnerability in the autoDetectRegion function in docebo ...)
	NOT-FOR-US: Docebo
CVE-2008-7152 (Multiple PHP remote file inclusion vulnerabilities in Specimen Image D ...)
	NOT-FOR-US: Specimen Image Database
CVE-2008-7151 (Cross-site request forgery (CSRF) vulnerability in Live 5.x before 5.x ...)
	NOT-FOR-US: Live third-party Drupal module
CVE-2008-7150 (Cross-site scripting (XSS) vulnerability in Refine by Taxonomy 5.x bef ...)
	NOT-FOR-US: Refine by Taxonomy
CVE-2008-7149 (Unspecified vulnerability in AgileWiki before 0.10.1 has unknown impac ...)
	NOT-FOR-US: AgileWiki
CVE-2008-7148 (Unspecified vulnerability in Synfig Animation Studio before 0.61.08 al ...)
	- synfig 0.61.08-1
CVE-2008-7147 (Multiple cross-site scripting (XSS) vulnerabilities in IntraLearn Soft ...)
	NOT-FOR-US: IntraLearn Software IntraLearn
CVE-2008-7146 (IntraLearn Software IntraLearn 2.1, and possibly other versions before ...)
	NOT-FOR-US: IntraLearn Software IntraLearn
CVE-2008-7145 (Multiple SQL injection vulnerabilities in index.php in CoronaMatrix ph ...)
	NOT-FOR-US: CoronaMatrix phpAddressBook
CVE-2008-7144 (Multiple unspecified vulnerabilities in RARLAB WinRAR before 3.71 have ...)
	NOT-FOR-US: RARLAB WinRAR
CVE-2008-7143 (phpBB 2.0.23 includes the session ID in a request to modcp.php when th ...)
	- phpbb2 <removed>
CVE-2008-7142 (Absolute path traversal vulnerability in the Disk Usage module (fronte ...)
	NOT-FOR-US: cPanel
CVE-2008-7141 (Cross-site scripting (XSS) vulnerability in setup.php in @lex Poll 2.1 ...)
	NOT-FOR-US: @lex Poll
CVE-2008-7140 (Multiple cross-site scripting (XSS) vulnerabilities in @lex Guestbook  ...)
	NOT-FOR-US: @lex Guestbook
CVE-2008-7139 (Multiple cross-site request forgery (CSRF) vulnerabilities in WS-Proxy ...)
	NOT-FOR-US: Eye-Fi
CVE-2008-7138 (The Manager in Eye-Fi 1.1.2 generates predictable snonce values based  ...)
	NOT-FOR-US: Eye-Fi
CVE-2008-7137 (WS-Proxy in Eye-Fi 1.1.2 allows remote attackers to cause a denial of  ...)
	NOT-FOR-US: Eye-Fi
CVE-2008-7136 (toolbaru.dll in ICQ Toolbar (ICQToolbar) 2.3 allows remote attackers t ...)
	NOT-FOR-US: ICQ Toolbar
CVE-2008-7135 (toolbaru.dll in ICQ Toolbar (ICQToolbar) 2.3 allows remote attackers t ...)
	NOT-FOR-US: ICQ Toolbar
CVE-2008-7134 (Multiple cross-site scripting (XSS) vulnerabilities in the default URI ...)
	NOT-FOR-US: Chris LaPointe RedGalaxy Download Center
CVE-2008-7133 (Multiple cross-site scripting (XSS) vulnerabilities in onlinetools.org ...)
	NOT-FOR-US: onlinetools.org EasyImageCatalogue
CVE-2008-7132 (Cross-site scripting (XSS) vulnerability in index.php in Nuked-Klan 1. ...)
	NOT-FOR-US: Nuked-Klan
CVE-2008-7131 (Unspecified vulnerability in DB2 Monitoring Console 2.2.4 and earlier  ...)
	NOT-FOR-US: DB2 Monitoring Console
CVE-2008-7130 (Unspecified vulnerability in DB2 Monitoring Console 2.2.4 and earlier  ...)
	NOT-FOR-US: DB2 Monitoring Console
CVE-2008-7129 (XySSL before 0.9 allows remote attackers to cause a denial of service  ...)
	- xyssl 0.9-1
	- polarssl <not-affected> (fixed in xyssl before polarssl was forked from it)
	- pdkim <itp> (bug #543150)
	NOTE: check pdkim if/when it enters unstable (contains polarssl code copy)
CVE-2008-7128 (The ssl_parse_client_key_exchange function in XySSL before 0.9 does no ...)
	- xyssl 0.9-1
	- polarssl <not-affected> (fixed in xyssl before polarssl was forked from it)
	- pdkim <itp> (bug #543150)
	NOTE: check pdkim if/when it enters unstable (contains polarssl code copy)
CVE-2008-7127 (osagent.exe in Borland VisiBroker Smart Agent 08.00.00.C1.03 and earli ...)
	NOT-FOR-US: Borland VisiBroker Smart Agent
CVE-2008-7126 (Integer overflow in osagent.exe in Borland VisiBroker Smart Agent 08.0 ...)
	NOT-FOR-US: Borland VisiBroker Smart Agent
CVE-2008-7125 (pphoto in Ariadne before 2.6 allows remote authenticated users with ce ...)
	NOT-FOR-US: Ariadne
CVE-2008-7124 (zKup CMS 2.0 through 2.3 does not require administrative authenticatio ...)
	NOT-FOR-US: zKup CMS
CVE-2008-7123 (Static code injection vulnerability in admin/configuration/modifier.ph ...)
	NOT-FOR-US: zKup CMS
CVE-2008-7122 (Multiple insecure method vulnerabilities in an ActiveX control in (epR ...)
	NOT-FOR-US: ActiveX
CVE-2008-7121 (Cross-site scripting (XSS) vulnerability in Mr. CGI Guy Hot Links SQL- ...)
	NOT-FOR-US: Mr. CGI Guy Hot Links SQL-PHP
CVE-2008-7120 (SQL injection vulnerability in Mr. CGI Guy Hot Links SQL-PHP 3 and ear ...)
	NOT-FOR-US: Mr. CGI Guy Hot Links SQL-PHP
CVE-2008-7119 (SQL injection vulnerability in item.php in WeBid auction script 0.5.4  ...)
	NOT-FOR-US: WeBid auction script
CVE-2008-7118 (WeBid auction script 0.5.4 stores sensitive information under the web  ...)
	NOT-FOR-US: WeBid auction script
CVE-2008-7117 (eledicss.php in WeBid auction script 0.5.4 allows remote attackers to  ...)
	NOT-FOR-US: WeBid auction script
CVE-2008-7116 (SQL injection vulnerability in the admin panel (admin/) in WeBid aucti ...)
	NOT-FOR-US: WeBid auction script
CVE-2008-7115 (The web interface to the Belkin Wireless G router and ADSL2 modem F5D7 ...)
	NOT-FOR-US: Belkin Wireless G
CVE-2008-7114 (SQL injection vulnerability in members_search.php in iFusion Services  ...)
	NOT-FOR-US: iFusion Services
CVE-2008-7113 (The Scanner File Utility (aka listener) in Kyocera Mita (KM) 3.3.0.1 u ...)
	NOT-FOR-US: Kyocera Mita
CVE-2008-7112 (The Scanner File Utility (aka listener) in Kyocera Mita (KM) 3.3.0.1 a ...)
	NOT-FOR-US: Kyocera Mita
CVE-2008-7111 (The Scanner File Utility (aka listener) in Kyocera Mita (KM) 3.3.0.1 d ...)
	NOT-FOR-US: Kyocera Mita
CVE-2008-7110 (Directory traversal vulnerability in the Scanner File Utility (aka lis ...)
	NOT-FOR-US: Kyocera Mita
CVE-2008-7109 (The Scanner File Utility (aka listener) in Kyocera Mita (KM) 3.3.0.1 a ...)
	NOT-FOR-US: Kyocera Mita
CVE-2008-7108 (Multiple cross-site scripting (XSS) vulnerabilities in Carmosa phpCart ...)
	NOT-FOR-US: Carmosa phpCart
CVE-2008-7107 (easdrv.sys in ESET Smart Security 3.0.667.0 allows local users to caus ...)
	NOT-FOR-US: ESET Smart Security
CVE-2008-7106 (The installation of Sophos PureMessage for Microsoft Exchange 3.0 befo ...)
	NOT-FOR-US: Microsoft Exchange
CVE-2008-7105 (Sophos PureMessage for Microsoft Exchange 3.0 before 3.0.2 allows remo ...)
	NOT-FOR-US: Sophos PureMessage for Microsoft Exchange
CVE-2008-7104 (Sophos PureMessage Scanner service (PMScanner.exe) in PureMessage for  ...)
	NOT-FOR-US: Sophos PureMessage Scanner service
CVE-2008-7103 (Stack-based buffer overflow in an ActiveX control in najdisitoolbar.dl ...)
	NOT-FOR-US: Toolbar 2.0.4.1
CVE-2008-7102 (DotNetNuke 2.0 through 4.8.4 allows remote attackers to load .ascx fil ...)
	NOT-FOR-US: DotNetNuke
CVE-2008-7101 (Unspecified vulnerability in DotNetNuke 4.0 through 4.8.4 and 5.0 allo ...)
	NOT-FOR-US: DotNetNuke
CVE-2008-7100 (Unspecified vulnerability in DotNetNuke 4.4.1 through 4.8.4 allows rem ...)
	NOT-FOR-US: DotNetNuke
CVE-2008-7099 (Unspecified vulnerability in the Manage Templates feature in Qsoft K-R ...)
	NOT-FOR-US: Qsoft K-Rate Premium
CVE-2008-7098 (Multiple cross-site scripting (XSS) vulnerabilities in Qsoft K-Rate Pr ...)
	NOT-FOR-US: Qsoft K-Rate Premium
CVE-2008-7097 (Multiple SQL injection vulnerabilities in Qsoft K-Rate Premium allow r ...)
	NOT-FOR-US: Qsoft K-Rate Premium
CVE-2008-7096 (Intel Desktop and Intel Mobile Boards with BIOS firmware DQ35JO, DQ35M ...)
	NOT-FOR-US: Intel Desktop and Intel Mobile Boards
CVE-2008-7095 (The SNMP daemon in ArubaOS 3.3.2.6 in Aruba Mobility Controller does n ...)
	NOT-FOR-US: ArubaOS
CVE-2008-7094 (Campaign/CampaignListener in the listener server in Unica Affinium Cam ...)
	NOT-FOR-US: Affinium Campaign
CVE-2008-7093 (Multiple directory traversal vulnerabilities in Unica Affinium Campaig ...)
	NOT-FOR-US: Affinium Campaign
CVE-2008-7092 (Multiple cross-site scripting (XSS) vulnerabilities in Unica Affinium  ...)
	NOT-FOR-US: Affinium Campaign
CVE-2008-7091 (Multiple SQL injection vulnerabilities in Pligg 9.9 and earlier allow  ...)
	NOT-FOR-US: Pligg
CVE-2008-7090 (Multiple directory traversal vulnerabilities in Pligg 9.9 and earlier  ...)
	NOT-FOR-US: Pligg
CVE-2008-7089 (Cross-site scripting (XSS) vulnerability in Pligg 9.9 and earlier allo ...)
	NOT-FOR-US: Pligg
CVE-2008-7088 (Unrestricted file upload vulnerability in upload.php in PhotoPost vBGa ...)
	NOT-FOR-US: PhotoPost vBGallery
CVE-2008-7087 (PHP remote file inclusion vulnerability in search_wA.php in OpenPro 1. ...)
	NOT-FOR-US: OpenPro
CVE-2008-7086 (Maian Greetings 2.1 allows remote attackers to bypass authentication a ...)
	NOT-FOR-US: Maian Greetings
CVE-2008-7085 (Multiple SQL injection vulnerabilities in TheHockeyStop HockeySTATS On ...)
	NOT-FOR-US: TheHockeyStop HockeySTATS Online
CVE-2008-7084 (Directory traversal vulnerability in the web server 1.0 in Velocity Se ...)
	NOT-FOR-US: Velocity Security Management System
CVE-2008-7083 (Multiple SQL injection vulnerabilities in ReVou Micro Blogging Twitter ...)
	NOT-FOR-US: ReVou Micro Blogging Twitter clone
CVE-2008-7082 (MyBB (aka MyBulletinBoard) 1.4.3 includes the sensitive my_post_key pa ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2008-7081 (userHandler.cgi in RaidSonic ICY BOX NAS firmware 2.3.2.IB.2.RS.1 allo ...)
	NOT-FOR-US: RaidSonic ICY BOX NAS firmware
CVE-2008-7080 (Team PHP PHP Classifieds Script stores sensitive information under the ...)
	NOT-FOR-US: Team PHP PHP Classifieds Script
CVE-2008-7079 (Buffer overflow in Nero ShowTime 5.0.15.0 allows remote attackers to c ...)
	NOT-FOR-US: Nero ShowTime
CVE-2008-7078 (Multiple buffer overflows in Rumpus before 6.0.1 allow remote attacker ...)
	NOT-FOR-US: Rumpus
CVE-2008-7077 (Multiple SQL injection vulnerabilities in SailPlanner 0.3a allow remot ...)
	NOT-FOR-US: SailPlanner
CVE-2008-7076 (Unrestricted file upload vulnerability in user.modify.profile.php in K ...)
	NOT-FOR-US: Kalptaru Infotech Ltd. Star Articles
CVE-2008-7075 (Multiple SQL injection vulnerabilities in Kalptaru Infotech Ltd. Star  ...)
	NOT-FOR-US: Kalptaru Infotech Ltd. Star Articles
CVE-2008-7074 (Format string vulnerability in MemeCode Software i.Scribe 1.88 through ...)
	NOT-FOR-US: MemeCode Software i.Scribe
CVE-2008-7073 (PHP remote file inclusion vulnerability in lib/action/rss.php in RSS m ...)
	NOT-FOR-US: RSS module 0.1 for Pie Web M{a,e}sher
CVE-2008-7072 (Cross-site scripting (XSS) vulnerability in index.php in Chipmunk Tops ...)
	NOT-FOR-US: Chipmunk Topsites
CVE-2008-7071 (SQL injection vulnerability in authenticate.php in Chipmunk Topsites a ...)
	NOT-FOR-US: Chipmunk Topsites
CVE-2008-7070 (Argument injection vulnerability in the URI handler in KVIrc 3.4.2 Shi ...)
	- kvirc <not-affected> (Only affects Windows builds)
	NOTE: https://svn.kvirc.de/kvirc/ticket/274#comment:8
CVE-2008-7069 (All Club CMS (ACCMS) 0.0.2 and earlier stores sensitive information un ...)
	NOT-FOR-US: All Club CMS (ACCMS)
CVE-2008-7067 (PHP remote file inclusion vulnerability in admin/plugins/Online_Users/ ...)
	NOT-FOR-US: PageTree CMS
CVE-2008-7066 (OpenForum 0.66 Beta allows remote attackers to bypass authentication a ...)
	NOT-FOR-US: OpenForum
CVE-2008-7065 (Siemens C450 IP and C475 IP VoIP devices allow remote attackers to cau ...)
	NOT-FOR-US: Siemens C450 IP and C475 IP VoIP devices
CVE-2008-7064 (Directory traversal vulnerability in the get_lang function in global.p ...)
	NOT-FOR-US: Quicksilver Forums
CVE-2008-7063 (Ocean12 FAQ Manager Pro stores sensitive data under the web root with  ...)
	NOT-FOR-US: Ocean12 FAQ Manager Pro
CVE-2008-7062 (Unrestricted file upload vulnerability in admin/index.php in Download  ...)
	NOT-FOR-US: Download Manager module 1.0 for LoveCMS
CVE-2008-7061 (The tooltip manager (chrome/views/tooltip_manager.cc) in Google Chrome ...)
	- chromium-browser <not-affected> (Only 0.x is affected)
	- webkit <not-affected> (chrome-specific issue)
CVE-2008-7060 (Multiple cross-site scripting (XSS) vulnerabilities in One-News Beta 2 ...)
	NOT-FOR-US: One-News
CVE-2008-7059 (SQL injection vulnerability in index.php in One-News Beta 2 allows rem ...)
	NOT-FOR-US: One-News
CVE-2008-7058 (Cross-site request forgery (CSRF) vulnerability in BandSite CMS 1.1.4  ...)
	NOT-FOR-US: BandSite CMS
CVE-2008-7057 (Cross-site scripting (XSS) vulnerability in merchandise.php in BandSit ...)
	NOT-FOR-US: BandSite CMS
CVE-2008-7056 (BandSite CMS 1.1.4 does not perform access control for adminpanel/phpm ...)
	NOT-FOR-US: BandSite CMS
CVE-2008-7055 (module.php in ezContents 2.0.3 allows remote attackers to bypass the d ...)
	NOT-FOR-US: ezContents
CVE-2008-7054 (Multiple directory traversal vulnerabilities in ezContents 2.0.3 allow ...)
	NOT-FOR-US: ezContents
CVE-2008-7053 (LogMeIn Remote Access Utility ActiveX control (RACtrl.dll) allows remo ...)
	NOT-FOR-US: LogMeIn
CVE-2008-7052 (Unrestricted file upload vulnerability in profile.php in Pre Projects  ...)
	NOT-FOR-US: Pre Projects Pre Real Estate Listings
CVE-2008-7051 (AJ Square AJ Article allows remote attackers to bypass authentication  ...)
	NOT-FOR-US: AJ Square AJ Article
CVE-2008-7050 (The password_check function in auth/auth_phpbb3.php in WoW Raid Manage ...)
	NOT-FOR-US: WoW Raid Manager
CVE-2008-7049 (Multiple SQL injection vulnerabilities in login.asp in NatterChat 1.1  ...)
	NOT-FOR-US: NatterChat
CVE-2008-7048 (Multiple cross-site scripting (XSS) vulnerabilities in NatterChat 1.12 ...)
	NOT-FOR-US: NatterChat
CVE-2008-7047 (NatterChat 1.1 allows remote attackers to bypass authentication and ga ...)
	NOT-FOR-US: NatterChat
CVE-2008-7046 (AJ Square Free Polling Script (AJPoll) allows remote attackers to bypa ...)
	NOT-FOR-US: AJ Square Free Polling Script
CVE-2008-7045 (AJ Square Free Polling Script (AJPoll) Database version allows remote  ...)
	NOT-FOR-US: AJ Square Free Polling Script
CVE-2008-7044 (SQL injection vulnerability in admin/include/newpoll.php in AJ Square  ...)
	NOT-FOR-US: AJ Square Free Polling Script
CVE-2008-7043 (Cross-site scripting (XSS) vulnerability in register.php in FreshScrip ...)
	NOT-FOR-US: FreshScripts Fresh Email Script
CVE-2008-7042 (PHP remote file inclusion vulnerability in url.php in FreshScripts Fre ...)
	NOT-FOR-US: FreshScripts Fresh Email Script
CVE-2008-7041 (AJ Classifieds allows remote attackers to bypass authentication and ga ...)
	NOT-FOR-US: AJ Classifieds
CVE-2008-7040 (SQL injection vulnerability in ahah/sf-profile.php in the Yellow Sword ...)
	NOT-FOR-US: Yellow Swordfish Simple Forum module for Wordpress
CVE-2008-7039 (Cross-site scripting (XSS) vulnerability in admin/comments.php in Gela ...)
	NOT-FOR-US: Gelato CMS
CVE-2008-7038 (SQL injection vulnerability in the My_eGallery module for PHP-Nuke all ...)
	NOT-FOR-US: My_eGallery module for PHP-Nuke
CVE-2008-7037 (The Sidebar gadget in ITN News Gadget (aka ITN Hub Gadget) 1.06 for Wi ...)
	NOT-FOR-US: ITN News Gadget
CVE-2008-7036 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in De ...)
	NOT-FOR-US: DevTracker module 3.0 for bcoos
CVE-2008-7035 (Cross-site scripting (XSS) vulnerability in an unspecified component i ...)
	NOT-FOR-US: Simple Machines phpRaider
CVE-2008-7034 (PHP remote file inclusion vulnerability in kernel/smarty/Smarty.class. ...)
	NOT-FOR-US: PHPEcho CMS
CVE-2008-7033 (SQL injection vulnerability in the Simple Shop Galore (com_simpleshop) ...)
	NOT-FOR-US: component for Joomla!
CVE-2008-7032 (Web Management Console Cross-site request forgery (CSRF) vulnerability ...)
	NOT-FOR-US: web management console in F5 BIG-IP
CVE-2008-7031 (Heap-based buffer overflow in Foxit Remote Access Server (aka WAC Serv ...)
	NOT-FOR-US: Foxit Remote Access Server (aka WAC Server)
CVE-2008-7030 (Multiple SQL injection vulnerabilities in Site2Nite Real Estate Web al ...)
	NOT-FOR-US: Site2Nite Real Estate Web
CVE-2008-7029 (Unrestricted file upload vulnerability in usercp.php in AlilG Applicat ...)
	NOT-FOR-US: AlilG Application AliBoard
CVE-2008-7028 (RPG.Board 0.8 Beta2 and earlier allows remote attackers to bypass auth ...)
	NOT-FOR-US: RPG.Board
CVE-2008-7027 (Libra File Manager 1.18 and earlier allows remote attackers to bypass  ...)
	NOT-FOR-US: Libra File Manager
CVE-2008-7026 (Unrestricted file upload vulnerability in filesystem3.class.php in eFr ...)
	NOT-FOR-US: eFront
CVE-2008-7025 (TrueVector in Check Point ZoneAlarm 8.0.020.000, with vsmon.exe runnin ...)
	NOT-FOR-US: Check Point ZoneAlarm
CVE-2008-7024 (admin.php in Arz Development The Gemini Portal 4.7 and earlier allows  ...)
	NOT-FOR-US: Arz Development The Gemini Portal
CVE-2008-7023 (Aruba Mobility Controller running ArubaOS 3.3.1.16, and possibly other ...)
	NOT-FOR-US: ArubaOS
CVE-2008-7022 (Insecure method vulnerability in ChilkatMail_v7_9.dll in the Chilkat S ...)
	NOT-FOR-US: Chilkat Software IMAP ActiveX control
CVE-2008-7021 (Unrestricted file upload vulnerability in editlogo.php in AvailScript  ...)
	NOT-FOR-US: AvailScript Jobs Portal Script
CVE-2008-7020 (McAfee SafeBoot Device Encryption 4 build 4750 and earlier stores pre- ...)
	NOT-FOR-US: McAfee SafeBoot Device Encryption
CVE-2008-7019 (Esqlanelapse 2.6.1 and 2.6.2 allows remote attackers to bypass authent ...)
	NOT-FOR-US: Esqlanelapse
CVE-2008-7018 (Cross-site scripting (XSS) vulnerability in NashTech Easy PHP Calendar ...)
	NOT-FOR-US: NashTech Easy PHP Calendar
CVE-2008-7017 (Cross-site scripting (XSS) vulnerability in analyse.php in CAcert 2008 ...)
	NOT-FOR-US: CAcert
CVE-2008-7016 (tnftpd before 20080929 splits large command strings into multiple comm ...)
	NOT-FOR-US: tnftpd
CVE-2008-7015 (Unreal engine 3, as used in Unreal Tournament 3 1.3, Frontlines: Fuel  ...)
	NOT-FOR-US: Unreal Tournament
CVE-2008-7014 (fhttpd 0.4.2 allows remote attackers to cause a denial of service (cra ...)
	NOT-FOR-US: fhttpd
CVE-2008-7013 (NetService.dll in Baidu Hi IM allows remote servers to cause a denial  ...)
	NOT-FOR-US: Baidu Hi IM
CVE-2008-7012 (courier/1000@/api_error_email.html (aka "error reporting page") in Acc ...)
	NOT-FOR-US: Accellion File Transfer Appliance
CVE-2008-7011 (The Unreal engine, as used in Unreal Tournament 3 1.3, Unreal Tourname ...)
	NOT-FOR-US: Unreal Tournament
CVE-2008-7010 (Skalfa Software SkaLinks Exchange Script 1.5 allows remote attackers t ...)
	NOT-FOR-US: Skalfa Software SkaLinks Exchange Script
CVE-2008-7009 (Buffer overflow in multiscan.exe in Check Point ZoneAlarm Security Sui ...)
	NOT-FOR-US: Check Point ZoneAlarm Security Suite
CVE-2008-7008 (HyperStop Web Host Directory 1.2 allows remote attackers to bypass aut ...)
	NOT-FOR-US: HyperStop Web Host Directory
CVE-2008-7007 (Free PHP VX Guestbook 1.06 allows remote attackers to bypass authentic ...)
	NOT-FOR-US: Free PHP VX Guestbook
CVE-2008-7006 (Free PHP VX Guestbook 1.06 allows remote attackers to bypass authentic ...)
	NOT-FOR-US: Free PHP VX Guestbook
CVE-2008-7005 (include/modules/top/1-random_quote.php in Minb Is Not a Blog (minb) 0. ...)
	NOT-FOR-US: Minb Is Not a Blog
CVE-2008-7004 (Buffer overflow in Electronic Logbook (ELOG) before 2.7.1 has unknown  ...)
	NOT-FOR-US: Electronic Logbook
CVE-2008-7003 (Multiple SQL injection vulnerabilities in login.php in The Rat CMS Alp ...)
	NOT-FOR-US: The Rat CMS
CVE-2008-7002 (PHP 5.2.5 does not enforce (a) open_basedir and (b) safe_mode_exec_dir ...)
	- php5 <removed> (unimportant)
	NOTE: safe-mode and basedir violations not treated as security issues
CVE-2008-7001 (Unrestricted file upload vulnerability in the file manager in Creative ...)
	NOT-FOR-US: Creative Mind Creator CMS
CVE-2008-7000 (PHP remote file inclusion vulnerability in index.php in PHPAuction 3.2 ...)
	NOT-FOR-US: phpAuction
CVE-2008-6999 (phpAuction 3.2, and possibly 3.3.0 GPL Basic edition, allows remote at ...)
	NOT-FOR-US: phpAuction
CVE-2008-6998 (Stack-based buffer overflow in chrome/common/gfx/url_elider.cc in Goog ...)
	- chromium-browser <not-affected> (Only 0.x is affected)
	- webkit <not-affected> (chrome-specific issue)
CVE-2008-6997 (Google Chrome 0.2.149.27 allows user-assisted remote attackers to caus ...)
	- chromium-browser <not-affected> (Only 0.x is affected)
	- webkit <not-affected> (chrome-specific issue)
CVE-2008-6996 (Google Chrome BETA (0.2.149.27) does not prompt the user before saving ...)
	- chromium-browser <not-affected> (Only 0.x is affected)
	- webkit <not-affected> (chrome-specific issue)
CVE-2008-6995 (Integer underflow in net/base/escape.cc in chrome.dll in Google Chrome ...)
	- chromium-browser <not-affected> (Only 0.x is affected)
	- webkit <not-affected> (chrome-specific issue)
CVE-2008-6994 (Stack-based buffer overflow in the SaveAs feature (SaveFileAsWithFilte ...)
	- chromium-browser <not-affected> (Only 0.x is affected)
	- webkit <not-affected> (chrome-specific issue)
CVE-2008-6993 (Siemens Gigaset WLAN Camera 1.27 has an insecure default password, whi ...)
	NOT-FOR-US: Siemens Gigaset WLAN Camera
CVE-2008-6992 (GreenSQL Firewall (greensql-fw), possibly before 0.9.2 or 0.9.4, allow ...)
	NOT-FOR-US: GreenSQL Firewall
CVE-2008-6991 (SQL injection vulnerability in public/page.php in Websens CMSbright al ...)
	NOT-FOR-US: CMSbright
CVE-2008-6990 (SQL injection vulnerability in gallery.php in Easy Photo Gallery (aka  ...)
	NOT-FOR-US: Easy Photo Gallery
CVE-2008-6989 (SQL injection vulnerability in gallery.php in Easy Photo Gallery (aka  ...)
	NOT-FOR-US: Easy Photo Gallery
CVE-2008-6988 (Multiple cross-site scripting (XSS) vulnerabilities in Easy Photo Gall ...)
	NOT-FOR-US: Easy Photo Gallery
CVE-2008-6987 (Unrestricted file upload vulnerability in eZoneScripts Dating Website  ...)
	NOT-FOR-US: eZoneScripts Dating Website script
CVE-2008-6986 (SQL injection vulnerability in the actionMultipleAddProduct function i ...)
	NOT-FOR-US: Zen Cart
CVE-2008-6985 (Multiple SQL injection vulnerabilities in includes/classes/shopping_ca ...)
	NOT-FOR-US: Zen Cart
CVE-2008-6984 (Plesk 8.6.0, when short mail login names (SHORTNAMES) are enabled, all ...)
	NOT-FOR-US: Plesk
CVE-2008-6983 (modules/tool/hitcounter.php in devalcms 1.4a allows remote attackers t ...)
	NOT-FOR-US: devalcms
CVE-2008-6982 (Cross-site scripting (XSS) vulnerability in index.php in devalcms 1.4a ...)
	NOT-FOR-US: devalcms
CVE-2008-6981 (index.php in phpAdultSite CMS, possibly 2.3.2, allows remote attackers ...)
	NOT-FOR-US: phpAdultSite CMS
CVE-2008-6980 (SQL injection vulnerability in as_archives.php in phpAdultSite CMS, po ...)
	NOT-FOR-US: phpAdultSite CMS
CVE-2008-6979 (Cross-site scripting (XSS) vulnerability in as_archives.php in phpAdul ...)
	NOT-FOR-US: phpAdultSite CMS
CVE-2008-6978 (Unrestricted file upload vulnerability in Full Revolution aspWebAlbum  ...)
	NOT-FOR-US: aspWebAlbum
CVE-2008-6977 (Cross-site scripting (XSS) vulnerability in album.asp in Full Revoluti ...)
	NOT-FOR-US: aspWebAlbum
CVE-2008-6976 (MikroTik RouterOS 3.x through 3.13 and 2.x through 2.9.51 allows remot ...)
	NOT-FOR-US: MicroTik RouterOS
CVE-2008-6975 (Multiple cross-site request forgery (CSRF) vulnerabilities in apply.cg ...)
	NOT-FOR-US: DD-WRT
CVE-2008-6974 (Multiple cross-site request forgery (CSRF) vulnerabilities in apply.cg ...)
	NOT-FOR-US: DD-WRT
CVE-2008-6973 (Multiple unspecified vulnerabilities in IBM WebSphere Commerce 6.0 bef ...)
	NOT-FOR-US: IBM WebSphere
CVE-2008-6961 (mailnews in Mozilla Thunderbird before 2.0.0.18 and SeaMonkey before 1 ...)
	- icedove 2.0.0.19-1
	- iceape 1.1.14-1
	[etch] - iceape <end-of-life> (Etch Packages no longer covered by security support)
CVE-2008-6972 (Multiple cross-site scripting (XSS) vulnerabilities in Drupal Content  ...)
	NOT-FOR-US: Drupal Content Construction Kit (third-party module)
CVE-2008-6971 (The password reset functionality in Simple Machines Forum (SMF) 1.0.x  ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2008-6970 (SQL injection vulnerability in dosearch.inc.php in UBB.threads 7.3.1 a ...)
	NOT-FOR-US: UBB.threads
CVE-2008-6969 (Multiple cross-site scripting (XSS) vulnerabilities in checkout.php in ...)
	NOT-FOR-US: Avactis Shopping Cart
CVE-2008-6968 (Multiple SQL injection vulnerabilities in submit.php in Pligg CMS 9.9. ...)
	NOT-FOR-US: Pligg CMS
CVE-2008-6967 (Multiple unspecified vulnerabilities in WorldClient in Alt-N MDaemon b ...)
	NOT-FOR-US: Alt-N MDaemon
CVE-2008-6966 (AJ Square AJ Auction Pro Platinum Skin #1 sends a redirect but does no ...)
	NOT-FOR-US: AJ Square AJ Auction Pro Platinum Skin #1
CVE-2008-6965 (AJ Square AJ Auction OOPD, Pro Platinum Skin #1, Pro Platinum Skin #2, ...)
	NOT-FOR-US: AJ Square AJ Auction OOPD
CVE-2008-6964 (SQL injection vulnerability in the login page in X7 Chat 2.0.5 allows  ...)
	NOT-FOR-US: X7 Chat
CVE-2008-6963 (admin.php in TurnkeyForms Text Link Sales allows remote attackers to b ...)
	NOT-FOR-US: TurnkeyForms Text Link Sales
CVE-2008-6962 (Avira AntiVir Premium, Premium Security Suite, AntiVir Professional, a ...)
	NOT-FOR-US: Avira AntiVir Premium
CVE-2008-6960 (download.php in X10media x10 Automatic Mp3 Search Engine Script 1.5.5  ...)
	NOT-FOR-US: X10media
CVE-2008-6959 (Insecure method vulnerability in the Chilkat Socket ActiveX control (C ...)
	NOT-FOR-US: ActiveX
CVE-2008-6958 (wap/index.php in Crossday Discuz! Board 6.x and 7.x allows remote auth ...)
	NOT-FOR-US: Crossday Discuz! Board
CVE-2008-6957 (member.php in Crossday Discuz! Board allows remote attackers to reset  ...)
	NOT-FOR-US: Crossday Discuz! Board
CVE-2008-6956 (Static code injection vulnerability in admin/admin.php in mxCamArchive ...)
	NOT-FOR-US: mxCamArchive
CVE-2008-6955 (mxCamArchive 2.2 stores sensitive information under the web root with  ...)
	NOT-FOR-US: mxCamArchive
CVE-2008-6954 (The web interface (CobblerWeb) in Cobbler before 1.2.9 allows remote a ...)
	- cobbler <not-affected> (Fixed before initial upload)
CVE-2008-6953 (Buffer overflow in oovoo.exe in ooVoo 1.7.1.35, and possibly other ver ...)
	NOT-FOR-US: ooVoo
CVE-2008-6952 (SQL injection vulnerability in Rss.php in MauryCMS 0.53.2 and earlier  ...)
	NOT-FOR-US: MauryCMS
CVE-2008-6951 (MauryCMS 0.53.2 and earlier does not require administrative authentica ...)
	NOT-FOR-US: MauryCMS
CVE-2008-6950 (Multiple SQL injection vulnerabilities in login.asp in Bankoi WebHosti ...)
	NOT-FOR-US: Bankoi WebHosting Control Panel
CVE-2008-6949 (Multiple cross-site request forgery (CSRF) vulnerabilities in Collabti ...)
	NOT-FOR-US: Collabtive
CVE-2008-6948 (Unrestricted file upload vulnerability in Collabtive 0.4.8 allows remo ...)
	NOT-FOR-US: Collabtive
CVE-2008-6947 (Collabtive 0.4.8 allows remote attackers to bypass authentication and  ...)
	NOT-FOR-US: Collabtive
CVE-2008-6946 (Cross-site scripting (XSS) vulnerability in manageproject.php in Colla ...)
	NOT-FOR-US: Collabtive
CVE-2008-6945 (Multiple cross-site scripting (XSS) vulnerabilities in Interchange 5.7 ...)
	- interchange 5.6.1-1 (low; bug #505732)
CVE-2008-6944 (Unrestricted file upload vulnerability in ScriptsFeed Auto Classifieds ...)
	NOT-FOR-US: ScriptsFeed Auto Classifieds
CVE-2008-6943 (Unrestricted file upload vulnerability in ScriptsFeed Recipes Listing  ...)
	NOT-FOR-US: ScriptsFeed Recipes Listing Portal
CVE-2008-6942 (Unrestricted file upload vulnerability in ScriptsFeed Realtor Classifi ...)
	NOT-FOR-US: ScriptsFeed Realtor Classifieds System
CVE-2008-6941 (SQL injection vulnerability in the login functionality in TurnkeyForms ...)
	NOT-FOR-US: TurnkeyForms Web Hosting Directory
CVE-2008-6940 (TurnkeyForms Web Hosting Directory stores sensitive information under  ...)
	NOT-FOR-US: TurnkeyForms Web Hosting Directory
CVE-2008-6939 (TurnkeyForms Web Hosting Directory allows remote attackers to bypass a ...)
	NOT-FOR-US: TurnkeyForms Web Hosting Directory
CVE-2008-6938 (Pi3Web 2.0.3 before PL2, when installed on Windows as a desktop applic ...)
	NOT-FOR-US: Pi3Web
CVE-2008-6937 (Argument injection vulnerability in Exodus 0.10 allows remote attacker ...)
	NOT-FOR-US: Exodus
CVE-2008-6936 (Argument injection vulnerability in Exodus 0.10 allows remote attacker ...)
	NOT-FOR-US: Exodus
CVE-2008-6935 (Argument injection vulnerability in Exodus 0.10 allows remote attacker ...)
	NOT-FOR-US: Exodus
CVE-2008-6934 (Static code injection vulnerability in Sanus|artificium (aka Sanusart) ...)
	NOT-FOR-US: Sanus|artificium (aka Sanusart)
CVE-2008-6933 (Directory traversal vulnerability in index.php in MiniGal b13 (aka MG2 ...)
	NOT-FOR-US: MiniGal
CVE-2008-6932 (Unrestricted file upload vulnerability in submit_file.php in AlstraSof ...)
	NOT-FOR-US: AlstraSoft SendIt Pro
CVE-2008-6931 (Unrestricted file upload vulnerability in PHPStore Job Search (aka PHP ...)
	NOT-FOR-US: PHPStore Job Search (aka PHPCareers)
CVE-2008-6930 (Unrestricted file upload vulnerability in PHPStore Real Estate allows  ...)
	NOT-FOR-US: PHPStore Real Estate
CVE-2008-6929 (Unrestricted file upload vulnerability in PHPStore Auto Classifieds al ...)
	NOT-FOR-US: PHPStore Auto Classifieds
CVE-2008-6928 (Unrestricted file upload vulnerability in PHPStore Complete Classified ...)
	NOT-FOR-US: PHPStore Complete Classifieds
CVE-2008-6927 (Multiple cross-site scripting (XSS) vulnerabilities in autoinstall4ima ...)
	NOT-FOR-US: cPanel
CVE-2008-6926 (Directory traversal vulnerability in autoinstall4imagesgalleryupgrade. ...)
	NOT-FOR-US: cPanel
CVE-2008-6925 (Cross-site scripting (XSS) vulnerability in function.php in Zenphoto 1 ...)
	NOT-FOR-US: Zenphoto
CVE-2008-6924 (Multiple cross-site scripting (XSS) vulnerabilities in register.php in ...)
	NOT-FOR-US: eSyndiCat Directory
CVE-2008-6923 (SQL injection vulnerability in the content component (com_content) 1.0 ...)
	NOT-FOR-US: Joomla!
CVE-2008-6922 (Multiple stack-based buffer overflows in CMailCOM.dll in CMailServer 5 ...)
	NOT-FOR-US: CMailServer
CVE-2008-6921 (Unrestricted file upload vulnerability in index.php in phpAdBoard 1.8  ...)
	NOT-FOR-US: phpAdBoard
CVE-2008-6920 (Unrestricted file upload vulnerability in auth.php in phpEmployment 1. ...)
	NOT-FOR-US: phpEmployment
CVE-2008-6919 (profileedit.php TaskDriver 1.3 and earlier allows remote attackers to  ...)
	NOT-FOR-US: TaskDriver 1.3
CVE-2008-6918 (Unrestricted file upload vulnerability in admin/galeria.php in ThePort ...)
	NOT-FOR-US: ThePortal2
CVE-2008-7291 (gri before 2.12.18 generates temporary files in an insecure way. ...)
	- gri 2.12.18-1 (low)
	[etch] - gri <no-dsa> (Minor issue)
	[lenny] - gri <no-dsa> (Minor issue)
CVE-2008-6917 (SQL injection vulnerability in admin.php in Exocrew ExoPHPDesk 1.2 Fin ...)
	NOT-FOR-US: ExoPHPDesk
CVE-2008-6916 (Siemens SpeedStream 5200 with NetPort Software 1.1 allows remote attac ...)
	NOT-FOR-US: Siemens SpeedStream 5200
CVE-2008-6915 (Cross-site scripting (XSS) vulnerability in view_prop_details.php in Z ...)
	NOT-FOR-US: Zeeways ZEEPROPERTY
CVE-2008-6914 (Unrestricted file upload vulnerability in viewprofile.php in Zeeways Z ...)
	NOT-FOR-US: Zeeways ZEEPROPERTY
CVE-2008-6913 (Unrestricted file upload vulnerability in editresume_next.php in Zeewa ...)
	NOT-FOR-US: Zeeways ZEEPROPERTY
CVE-2008-6912 (Zeeways SHAADICLONE 2.0 allows remote attackers to bypass authenticati ...)
	NOT-FOR-US: Zeeways SHAADICLONE
CVE-2008-6911 (SQL injection vulnerability in the authenticateUser function in includ ...)
	NOT-FOR-US: BrewBlogger
CVE-2008-6910 (Services 5.x before 5.x-0.92 and 6.x before 6.x-0.13, a module for Dru ...)
	NOT-FOR-US: module for Drupal
CVE-2008-6909 (Services 5.x before 5.x-0.92 and 6.x before 6.x-0.13, a module for Dru ...)
	NOT-FOR-US: module for Drupal
CVE-2008-6908 (Services 5.x before 5.x-0.92 and 6.x before 6.x-0.13, a module for Dru ...)
	NOT-FOR-US: module for Drupal
CVE-2008-6907 (Multiple SQL injection vulnerabilities in checkuser.php in 2532designs ...)
	NOT-FOR-US: 2532designs 2532|Gigs
CVE-2008-6906 (Cross-site scripting (XSS) vulnerability in index.php in BabbleBoard 1 ...)
	NOT-FOR-US: BabbleBoard
CVE-2008-6905 (Cross-site request forgery (CSRF) vulnerability in index.php in Babble ...)
	NOT-FOR-US: BabbleBoard
CVE-2008-6904 (Multiple unspecified vulnerabilities in Sophos SAVScan 4.33.0 for Linu ...)
	NOT-FOR-US: Sophos SAVScan
CVE-2008-6903 (Sophos Anti-Virus for Windows before 7.6.3, Anti-Virus for Windows NT/ ...)
	NOT-FOR-US: Sophos SAVScan
CVE-2008-6902 (Unrestricted file upload vulnerability in upload_flyer.php in 2532desi ...)
	NOT-FOR-US: 2532designs
CVE-2008-6901 (Multiple directory traversal vulnerabilities in 2532designs 2532|Gigs  ...)
	NOT-FOR-US: 2532designs
CVE-2008-6900 (Unrestricted file upload vulnerability in "Add Pen/Author Name" featur ...)
	NOT-FOR-US: AvailScript Article Script
CVE-2008-6899 (Multiple buffer overflows in freeSSHd 1.2.1 allow remote authenticated ...)
	NOT-FOR-US: freeSSHd
CVE-2008-6898 (Buffer overflow in the XHTTP Module 4.1.0.0 in the ActiveX control for ...)
	NOT-FOR-US: ActiveX control
CVE-2008-6897 (Multiple buffer overflows in Getleft.exe in Andres Garcia Getleft 1.2  ...)
	NOT-FOR-US: Andres Garcia Getleft
CVE-2008-6896 (login.php in 3CX Phone System 6.0.806.0, when 100% disk capacity is re ...)
	NOT-FOR-US: 3CX Phone System
CVE-2008-6895 (3CX Phone System 6.0.806.0 allows remote attackers to cause a denial o ...)
	NOT-FOR-US: 3CX Phone System
CVE-2008-6894 (Multiple cross-site scripting (XSS) vulnerabilities in login.php in 3C ...)
	NOT-FOR-US: 3CX Phone System
CVE-2008-6893 (Cross-site scripting (XSS) vulnerability in Alt-N MDaemon WorldClient  ...)
	NOT-FOR-US: MDaemon WorldClient
CVE-2008-6892 (SQL injection vulnerability in lire/index.php in Peel 3.1 allows remot ...)
	NOT-FOR-US: Peel
CVE-2008-6891 (Multiple cross-site scripting (XSS) vulnerabilities in ASP Forum Scrip ...)
	NOT-FOR-US: ASP Forum Script
CVE-2008-6890 (SQL injection vulnerability in messages.asp in ASP Forum Script allows ...)
	NOT-FOR-US: ASP Forum Script
CVE-2008-6889 (SQL injection vulnerability in Merchantsadd.asp in ASPReferral 5.3 all ...)
	NOT-FOR-US: ASPReferral
CVE-2008-6888 (Cross-site scripting (XSS) vulnerability in signup.asp in Pre Classifi ...)
	NOT-FOR-US: Pre Classified Listings
CVE-2008-6887 (SQL injection vulnerability in detailad.asp in Pre Classified Listings ...)
	NOT-FOR-US: Pre Classified Listings
CVE-2008-6886 (RSA EnVision 3.5.0, 3.5.1, 3.5.2, and 3.7.0 does not properly restrict ...)
	NOT-FOR-US: RSA EnVision
CVE-2008-6885 (Cross-site scripting (XSS) vulnerability in pmlite.php in XOOPS 2.3.1  ...)
	NOT-FOR-US: XOOPS
CVE-2008-6884 (Multiple directory traversal vulnerabilities in XOOPS 2.3.1, when regi ...)
	NOT-FOR-US: XOOPS
CVE-2008-6883 (SQL injection vulnerability in the Live Chat (com_livechat) component  ...)
	NOT-FOR-US: Joomla!
CVE-2008-6882 (Live Chat (com_livechat) component 1.0 for Joomla! allows remote attac ...)
	NOT-FOR-US: Joomla!
CVE-2008-6881 (Multiple SQL injection vulnerabilities in the Live Chat (com_livechat) ...)
	NOT-FOR-US: Joomla!
CVE-2008-6880 (SQL injection vulnerability in joke.php in EasySiteNetwork Free Jokes  ...)
	NOT-FOR-US: EasySiteNetwork Free Jokes Website
CVE-2008-6879 (Cross-site scripting (XSS) vulnerability in Apache Roller 2.3, 3.0, 3. ...)
	NOT-FOR-US: Apache Roller
CVE-2008-6878 (** DISPUTED ** Directory traversal vulnerability in admin/includes/lan ...)
	NOT-FOR-US: Zen Cart
CVE-2008-6877
	NOT-FOR-US: Zen Cart
CVE-2008-6876 (Cross-site scripting (XSS) vulnerability in login.php in EsPartenaires ...)
	NOT-FOR-US: EsPartenaires
CVE-2008-6875 (SQL injection vulnerability in default.asp in ASP Product Catalog allo ...)
	NOT-FOR-US: ASP Product Catalog
CVE-2008-6874 (Multiple SQL injection vulnerabilities in ASP SiteWare autoDealer 1 an ...)
	NOT-FOR-US: ASP SiteWare autoDealer
CVE-2008-6873 (SQL injection vulnerability in Active Web Mail 4.0 allows remote attac ...)
	NOT-FOR-US: Active Web Mail 4.0
CVE-2008-6872 (ASPThai.NET ASPThai Forums 8.5 stores sensitive information under the  ...)
	NOT-FOR-US: ASPThai.NET ASPThai Forums
CVE-2008-6871 (Merlix Educate Server stores db.mdb under the web root with insufficie ...)
	NOT-FOR-US: Merlix Educate Server
CVE-2008-6870 (Merlix Educate Server allows remote attackers to bypass intended secur ...)
	NOT-FOR-US: Merlix Educate Server
CVE-2008-6869 (Oramon Oracle Database Monitoring Tool 2.0.1 stores sensitive informat ...)
	NOT-FOR-US: Oramon Oracle Database Monitoring Tool
CVE-2008-6868 (Cross-site scripting (XSS) vulnerability in default/login.php in Edite ...)
	NOT-FOR-US: EsBaseAdmin
CVE-2008-6867 (SQL injection vulnerability in content.php in Scripts For Sites (SFS)  ...)
	NOT-FOR-US: Scripts For Sites
CVE-2008-6866 (SQL injection vulnerability in modules.php in the Current_Issue module ...)
	NOT-FOR-US: PHP-Nuke
CVE-2008-6865 (SQL injection vulnerability in modules.php in the Sectionsnew module f ...)
	NOT-FOR-US: PHP-Nuke
CVE-2008-6864 (Xigla Software Absolute Live Support .NET 5.1 allows remote attackers  ...)
	NOT-FOR-US: Xigla Software Absolute Live Support .NET
CVE-2008-6863 (Xigla Software Absolute Form Processor .NET 4.0 allows remote attacker ...)
	NOT-FOR-US: Xigla Software
CVE-2008-6862 (Absolute Content Rotator 6.0 allows remote attackers to bypass authent ...)
	NOT-FOR-US: Absolute Content Rotator
CVE-2008-6861 (Xigla Software Absolute Newsletter 6.0 and 6.1 allows remote attackers ...)
	NOT-FOR-US: Xigla Software Absolute Newsletter
CVE-2008-6860 (Xigla Software Absolute Poll Manager XE 4.1 allows remote attackers to ...)
	NOT-FOR-US: Xigla Software Absolute Poll Manager
CVE-2008-6859 (Xigla Software Absolute Control Panel XE 1.5 allows remote attackers t ...)
	NOT-FOR-US: Xigla Software Absolute Control Panel
CVE-2008-6858 (Absolute Banner Manager .NET 4.0 allows remote attackers to bypass aut ...)
	NOT-FOR-US: Absolute Banner Manager .NET
CVE-2008-6857 (Absolute Podcast .NET 1.0 allows remote attackers to bypass authentica ...)
	NOT-FOR-US: Absolute Podcast .NET
CVE-2008-6856 (Xigla Software Absolute News Manager.NET 5.1 allows remote attackers t ...)
	NOT-FOR-US: Xigla Software Absolute News Manager.NET
CVE-2008-6855 (Xigla Software Absolute News Feed 1.0 and possibly 1.5 allows remote a ...)
	NOT-FOR-US: Xigla Software Absolute News Feed
CVE-2008-6854 (Xigla Software Absolute FAQ Manager.NET 6.0 allows remote attackers to ...)
	NOT-FOR-US: Xigla Software Absolute FAQ Manager.NET
CVE-2008-6853 (SQL injection vulnerability in modules/poll/index.php in AIST NetCat 3 ...)
	NOT-FOR-US: AIST NetCat
CVE-2008-6852 (SQL injection vulnerability in the Ice Gallery (com_ice) component 0.5 ...)
	NOT-FOR-US: Joomla! component
CVE-2008-6851 (SQL injection vulnerability in page.php in PHP Link Directory (phpLD)  ...)
	NOT-FOR-US: PHP Link Directory
CVE-2008-6850 (Cross-site scripting (XSS) vulnerability in messages.php in PHP-Fusion ...)
	NOT-FOR-US: PHP-Fusion
CVE-2008-6849 (Unrestricted file upload vulnerability in index.php in phpGreetCards 3 ...)
	NOT-FOR-US: phpGreetCards
CVE-2008-6848 (Cross-site scripting (XSS) vulnerability in index.php in phpGreetCards ...)
	NOT-FOR-US: phpGreetCards
CVE-2008-6847 (Cross-site scripting (XSS) vulnerability in Employee/emp_login.asp in  ...)
	NOT-FOR-US: Pre ASP Job Board
CVE-2008-6846 (Multiple stack-based buffer overflows in avast! Linux Home Edition 1.0 ...)
	NOT-FOR-US: avast! Linux Home Edition
CVE-2008-6845 (The unpack feature in ClamAV 0.93.3 and earlier allows remote attacker ...)
	- clamav 0.94.dfsg-1
	[etch] - clamav <no-dsa> (Support was discontinued)
CVE-2008-6844 (The registration view (/user/register) in eZ Publish 3.5.6 and earlier ...)
	NOT-FOR-US: eZ Publish
CVE-2008-6843 (Directory traversal vulnerability in index.php in Fantastico, as used  ...)
	NOT-FOR-US: Fantastico
CVE-2008-6842 (Directory traversal vulnerability in data/modules/blog/module_pages_si ...)
	NOT-FOR-US: Pluck
CVE-2008-6841 (PHP remote file inclusion vulnerability in the Green Mountain Informat ...)
	NOT-FOR-US: component for Joomla!
CVE-2008-6840 (Multiple PHP remote file inclusion vulnerabilities in V-webmail 1.6.4  ...)
	NOT-FOR-US: V-webmail
CVE-2008-6839 (Multiple cross-site scripting (XSS) vulnerabilities in TGS Content Man ...)
	NOT-FOR-US: TGS Content Management
CVE-2008-6838 (Cross-site scripting (XSS) vulnerability in search.php in Zoph 0.7.2.1 ...)
	- zoph 0.8.0.1-1 (low; bug #535188)
	[lenny] - zoph <no-dsa> (Minor issue, fringe package)
	NOTE: it seems a duplicate of CVE-2008-3258
CVE-2008-6837 (SQL injection vulnerability in Zoph 0.7.2.1 allows remote attackers to ...)
	- zoph 0.8.0.1-1 (bug #535188)
	[lenny] - zoph <no-dsa> (Minor issue, fringe package)
	NOTE: the details are unknown
CVE-2008-6836 (Cross-site request forgery (CSRF) vulnerability in OpenID 5.x before 5 ...)
	NOT-FOR-US: OpenID module for Drupal
CVE-2008-6835 (Cross-site scripting (XSS) vulnerability in OpenID 5.x before 5.x-1.2, ...)
	NOT-FOR-US: OpenID module for Drupal
CVE-2008-6834 (Multiple directory traversal vulnerabilities in fuzzylime (cms) 3.01 a ...)
	NOT-FOR-US: fuzzylime
CVE-2008-6833 (Directory traversal vulnerability in commsrss.php in fuzzylime (cms) b ...)
	NOT-FOR-US: fuzzylime
CVE-2008-6832 (Cross-site request forgery (CSRF) vulnerability in Atlassian JIRA Ente ...)
	NOT-FOR-US: Atlassian JIRA Enterprise Edition
CVE-2008-6831 (Multiple cross-site scripting (XSS) vulnerabilities in Atlassian JIRA  ...)
	NOT-FOR-US: Atlassian JIRA Enterprise Edition
CVE-2008-6830 (The disconnection feature in Citrix Web Interface 5.0 and 5.0.1 for Ja ...)
	NOT-FOR-US: Java Application Servers
CVE-2008-6829 (VicFTPS 5.0 allows remote attackers to cause a denial of service (cras ...)
	NOT-FOR-US: VicFTPS
CVE-2008-6828 (Symantec Altiris Deployment Solution 6.x before 6.9.355 SP1 stores the ...)
	NOT-FOR-US: Symantec Altiris Deployment Solution
CVE-2008-6827 (The ListView control in the Client GUI (AClient.exe) in Symantec Altir ...)
	NOT-FOR-US: Symantec Altiris Deployment Solution
CVE-2008-6826 (dhtml.pl in MHF Media Pro allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: MHF Media Pro
CVE-2008-6825 (Directory traversal vulnerability in user/index.php in Fonality trixbo ...)
	NOT-FOR-US: trixbox
CVE-2008-6824 (The management interface on the A-LINK WL54AP3 and WL54AP2 access poin ...)
	NOT-FOR-US: A-LINK WL54AP3 and WL54AP2 access points
CVE-2008-6823 (Multiple cross-site request forgery (CSRF) vulnerabilities in the mana ...)
	NOT-FOR-US: A-LINK WL54AP3 and WL54AP2 access points
CVE-2008-6822 (Unrestricted file upload vulnerability in uploadp.php in New Earth Pro ...)
	NOT-FOR-US: NEPT Image Uploader
CVE-2008-6821 (Buffer overflow in the DAS server in IBM DB2 8 before FP17, 9.1 before ...)
	NOT-FOR-US: IBM DB2
CVE-2008-6820 (The db2fmp process in IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 b ...)
	NOT-FOR-US: IBM DB2
CVE-2008-6819 (win32k.sys in Microsoft Windows Server 2003 and Vista allows local use ...)
	NOT-FOR-US: Microsoft Windows Server 2003 and Vista
CVE-2008-6818 (Mole Group Real Estate Script 1.1 and earlier stores passwords in clea ...)
	NOT-FOR-US: Mole Group Real Estate Script
CVE-2008-6817 (Mole Group Lastminute Script 4.0 and earlier stores passwords in clear ...)
	NOT-FOR-US: Mole Group Lastminute Script
CVE-2008-6816 (Eaton MGEOPS Network Shutdown Module before 3.10 Build 13 allows remot ...)
	NOT-FOR-US: Eaton
CVE-2008-6815 (mykdownload.php in MyKtools 2.4 does not require administrative authen ...)
	NOT-FOR-US: MyKtools
CVE-2008-6814 (Unrestricted file upload vulnerability in image_upload.php in the Simp ...)
	NOT-FOR-US: SimpleBoard for Mambo
CVE-2008-6813 (SQL injection vulnerability in index.php in phpWebNews 0.2 MySQL Editi ...)
	NOT-FOR-US: phpWebNews
CVE-2008-6812 (SQL injection vulnerability in bukutamu.php in phpWebNews 0.2 MySQL Ed ...)
	NOT-FOR-US: phpWebNews
CVE-2008-6811 (Unrestricted file upload vulnerability in image_processing.php in the  ...)
	NOT-FOR-US: e-Commerce Plugin for Wordpress
CVE-2008-6810 (Multiple SQL injection vulnerabilities in admin/checklogin.php in Vena ...)
	NOT-FOR-US: Venalsur Booking center Booking System
CVE-2008-6809 (SQL injection vulnerability in hotel_habitaciones.php in Venalsur Book ...)
	NOT-FOR-US: Venalsur Booking center Booking System
CVE-2008-6808 (SQL injection vulnerability in links.php in Scripts for Sites (SFS) EZ ...)
	NOT-FOR-US: SFS Link Directory
CVE-2008-6807 (PHP remote file inclusion vulnerability in ListRecords.php in osprey 1 ...)
	NOT-FOR-US: osprey
CVE-2008-6806 (Unrestricted file upload vulnerability in includes/imageupload.php in  ...)
	NOT-FOR-US: 7Shop
CVE-2008-6805 (Multiple SQL injection vulnerabilities in Mic_Blog 0.0.3, when magic_q ...)
	NOT-FOR-US: Mic_Blog
CVE-2008-6804 (** DISPUTED ** Tribiq CMS 5.0.9a beta allows remote attackers to bypas ...)
	NOT-FOR-US: Tribiq CMS Community
CVE-2008-6803 (SQL injection vulnerability in diziler.asp in Yigit Aybuga Dizi Portal ...)
	NOT-FOR-US: Yigit Aybuga Dizi Portali
CVE-2008-6802 (Multiple SQL injection vulnerabilities in index.php in phPhotoGallery  ...)
	NOT-FOR-US: phPhotoGallery
CVE-2008-6801 (Cross-site request forgery (CSRF) vulnerability in Vivvo CMS before 4. ...)
	NOT-FOR-US: Vivvo CMS
CVE-2008-6800
	REJECTED
CVE-2008-6799 (connection.php in FlashChat 5.0.8 allows remote attackers to bypass th ...)
	NOT-FOR-US: FlashChat
CVE-2008-6798 (Multiple SQL injection vulnerabilities in login.php in Pre Projects Pr ...)
	NOT-FOR-US: Pre Real Estate Listings
CVE-2008-6797 (The server in Mitel NuPoint Messenger R11 and R3 sends usernames and p ...)
	NOT-FOR-US: Mitel NuPoint Messenger
CVE-2008-6796 (SQL injection vulnerability in manager/login.php in Pre Projects Pre R ...)
	NOT-FOR-US: Pre Real Estate Listings
CVE-2008-6795 (SQL injection vulnerability in view_news.php in nicLOR Vibro-School-CM ...)
	NOT-FOR-US: nicLOR Vibro-School-CMS
CVE-2008-6794 (SQL injection vulnerability in directory.php in Scripts For Sites (SFS ...)
	NOT-FOR-US: Scripts For Sites (SFS)
CVE-2008-6793 (The get_file_type function in lib/file_content.php in DFLabs PTK 0.1,  ...)
	NOT-FOR-US: DFLabs
CVE-2008-6792 (system-tools-backends before 2.6.0-1ubuntu1.1 in Ubuntu 8.10, as used  ...)
	- system-tools-backends 2.6.0-6.1 (low; bug #527952)
	[lenny] - system-tools-backends 2.6.0-2lenny3
	[etch] - system-tools-backends <not-affected> (SHA was added to crypt(3) post-etch)
CVE-2008-6791 (PumpKIN TFTP Server 2.7.2.0 allows remote attackers to cause a denial  ...)
	NOT-FOR-US: PumpKIN TFTP Server
CVE-2008-6790 (The admin module in MindDezign Photo Gallery 2.2 allows remote attacke ...)
	NOT-FOR-US: MindDezign Photo Gallery
CVE-2008-6789 (SQL injection vulnerability in MindDezign Photo Gallery 2.2 allows rem ...)
	NOT-FOR-US: MindDezign Photo Gallery
CVE-2008-6788 (SQL injection vulnerability in MindDezign Photo Gallery 2.2, when magi ...)
	NOT-FOR-US: MindDezign Photo Gallery
CVE-2008-6787 (SQL injection vulnerability in administrator/index.php in Lizardware C ...)
	NOT-FOR-US: Lizardware CMS
CVE-2008-6786 (Multiple directory traversal vulnerabilities in geekigeeki.py in Geeki ...)
	NOT-FOR-US: GeekiGeeki
CVE-2008-6785 (Unrestricted file upload vulnerability in Mini File Host 1.5 allows re ...)
	NOT-FOR-US: Mini File Host
CVE-2008-6784 (SQL injection vulnerability in directory.php in Scripts For Sites (SFS ...)
	NOT-FOR-US: EZ Adult Directory
CVE-2008-6783 (SQL injection vulnerability in directory.php in Sites for Scripts (SFS ...)
	NOT-FOR-US: EZ Home Business Directory
CVE-2008-6782 (SQL injection vulnerability in directory.php in Sites for Scripts (SFS ...)
	NOT-FOR-US: EZ Hosting Directory
CVE-2008-6781 (SQL injection vulnerability in directory.php in Sites for Scripts (SFS ...)
	NOT-FOR-US: Gaming Directory
CVE-2008-6780 (SQL injection vulnerability in directory.php in Scripts for Sites (SFS ...)
	NOT-FOR-US: EZ Affiliate
CVE-2008-6779 (SQL injection vulnerability in the Sarkilar module for PHP-Nuke allows ...)
	NOT-FOR-US: PHP-Nuke
CVE-2008-6778 (SQL injection vulnerability in viewfaqs.php in Scripts for Sites (SFS) ...)
	NOT-FOR-US: EZ Auction
CVE-2008-6777 (Multiple SQL injection vulnerabilities in MyPHP Forum 3.0 and earlier  ...)
	NOT-FOR-US: MyPHP Forum
CVE-2008-6776 (SQL injection vulnerability in viewcomments.php in Scripts For Sites ( ...)
	NOT-FOR-US: EZ Hot or Not
CVE-2008-6775 (HTC Touch Pro and HTC Touch Cruise vCard allows remote attackers to ca ...)
	NOT-FOR-US: HTC Touch
CVE-2008-6774 (internettoolbar/edit.php in YourPlace 1.0.2 and earlier does not end e ...)
	NOT-FOR-US: YourPlace
CVE-2008-6773 (Static code injection vulnerability in user/internettoolbar/edit.php i ...)
	NOT-FOR-US: YourPlace
CVE-2008-6772 (login/register_form.php in YourPlace 1.0.2 and earlier does not check  ...)
	NOT-FOR-US: YourPlace
CVE-2008-6771 (YourPlace 1.0.2 and earlier allows remote attackers to obtain sensitiv ...)
	NOT-FOR-US: YourPlace
CVE-2008-6770 (YourPlace 1.0.2 and earlier stores sensitive information under the web ...)
	NOT-FOR-US: YourPlace
CVE-2008-6769 (Unrestricted file upload vulnerability in upload.php in YourPlace 1.0. ...)
	NOT-FOR-US: YourPlace
CVE-2008-6768 (Unrestricted file upload vulnerability in admin/editor/images.php in K ...)
	NOT-FOR-US: K&S Shopsoftware
CVE-2008-6767 (wp-admin/upgrade.php in WordPress, probably 2.6.x, allows remote attac ...)
	{DSA-1871-2 DSA-1871-1}
	- wordpress 2.8.3-1 (low; bug #531736)
	NOTE: low impact, probably no-dsa
CVE-2008-6766 (cart_save.php in ViArt Shop (aka Shopping Cart) 3.5 allows remote atta ...)
	NOT-FOR-US: ViArt Shop (aka Shopping Cart)
CVE-2008-6765 (ViArt Shop (aka Shopping Cart) 3.5 allows remote attackers to access t ...)
	NOT-FOR-US: ViArt Shop (aka Shopping Cart)
CVE-2008-6764 (Cross-site scripting (XSS) vulnerability in login.php in Silentum Logi ...)
	NOT-FOR-US: Silentum LoginSys
CVE-2008-6763 (login2.php in Silentum LoginSys 1.0.0 allows remote attackers to bypas ...)
	NOT-FOR-US: Silentum LoginSys
CVE-2008-6762 (Open redirect vulnerability in wp-admin/upgrade.php in WordPress, prob ...)
	{DSA-1871-2 DSA-1871-1}
	- wordpress 2.8.3-1 (low; bug #531736)
	NOTE: low impact, probably no-dsa
CVE-2008-6761 (Static code injection vulnerability in admin/install.php in Flexcustom ...)
	NOT-FOR-US: Flexcustomer
CVE-2008-6760 (ViArt Shop (aka Shopping Cart) 3.5 allows remote attackers to obtain s ...)
	NOT-FOR-US: ViArt Shop (aka Shopping Cart)
CVE-2008-6759 (ViArt Shop (aka Shopping Cart) 3.5 allows remote attackers to obtain s ...)
	NOT-FOR-US: ViArt Shop (aka Shopping Cart)
CVE-2008-6758 (Cross-site request forgery (CSRF) vulnerability in cart_save.php in Vi ...)
	NOT-FOR-US: ViArt Shop (aka Shopping Cart)
CVE-2008-6757 (Cross-site scripting (XSS) vulnerability in manuals_search.php in ViAr ...)
	NOT-FOR-US: ViArt Shop (aka Shopping Cart)
CVE-2008-6756 (ZoneMinder 1.23.3 on Gentoo Linux uses 0644 permissions for /etc/zm.co ...)
	- zoneminder 1.22.3-5
CVE-2008-6755 (ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to t ...)
	- zoneminder 1.24.1-1 (unimportant; bug #528252)
	NOTE: we are also affected but this is not a security issue by itself even if it's ugly
CVE-2008-6754 (The Personal Sticky Threads addon 1.0.3c for vBulletin allows remote a ...)
	NOT-FOR-US: vBullerin addon
CVE-2008-6753 (SQL injection vulnerability in SilverStripe before 2.2.2 allows remote ...)
	NOT-FOR-US: SilverStripe
CVE-2008-6752 (adminlogin/password.php in the Twitter Clone (TClone) plugin for ReVou ...)
	NOT-FOR-US: Twitter Clone (TClone) plugin for ReVou Micro Blogging
CVE-2008-6751 (Unrestricted file upload vulnerability in index.php in the Twitter Clo ...)
	NOT-FOR-US: Twitter Clone (TClone) plugin for ReVou Micro Blogging
CVE-2008-6750 (Unrestricted file upload vulnerability in add.php in FlexPHPDirectory  ...)
	NOT-FOR-US: FlexPHPDirectory
CVE-2008-6749 (Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexP ...)
	NOT-FOR-US: FlexPHPDirectory
CVE-2008-6748 (Eval injection vulnerability in Megacubo 5.0.7 allows remote attackers ...)
	NOT-FOR-US: Megacubo
CVE-2008-6747 (dotProject before 2.1.2 does not properly restrict access to administr ...)
	NOT-FOR-US: dotProject
CVE-2008-6746 (Cross-site scripting (XSS) vulnerability in the contact display view i ...)
	NOT-FOR-US: Turba Contact Manager
CVE-2008-6745 (index.php in BlogPHP 2.0 allows remote attackers to gain administrator ...)
	NOT-FOR-US: BlogPHP
CVE-2008-6744 (Cross-site request forgery (CSRF) vulnerability in Cybozu Office 6, Cy ...)
	NOT-FOR-US: Cybozu Office
CVE-2008-6743 (RSMScript 1.21 allows remote attackers to bypass authentication and ga ...)
	NOT-FOR-US: RSMScript
CVE-2008-6742 (Foxy P2P software allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Foxy P2P
CVE-2008-6741 (SQL injection vulnerability in Load.php in Simple Machines Forum (SMF) ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2008-6740 (PHP remote file inclusion vulnerability in html/admin/modules/plugin_a ...)
	NOT-FOR-US: HoMaP-CMS
CVE-2008-6739 (Todd Woolums ASP Download management script 1.03 does not require auth ...)
	NOT-FOR-US: Todd Woolums ASP Download management script
CVE-2008-6738 (MyShoutPro 1.2 allows remote attackers to bypass authentication and ga ...)
	NOT-FOR-US: MyShoutPro
CVE-2008-6737 (Crysis 1.21 and earlier allows remote attackers to obtain sensitive pl ...)
	NOT-FOR-US: Crysis
CVE-2008-6736 (Flat Calendar 1.1 does not properly restrict access to administrative  ...)
	NOT-FOR-US: Flat Calendar
CVE-2008-6735 (Directory traversal vulnerability in qc/index.php in ThaiQuickCart 3 a ...)
	NOT-FOR-US: ThaiQuickCart
CVE-2008-6734 (Directory traversal vulnerability in Public/index.php in Keller Web Ad ...)
	NOT-FOR-US: Keller Web Admin CMS
CVE-2008-6733 (Cross-site scripting (XSS) vulnerability in the error handling page in ...)
	NOT-FOR-US: DotNetNuke
CVE-2008-6732 (Cross-site scripting (XSS) vulnerability in the Language skin object i ...)
	NOT-FOR-US: DotNetNuke
CVE-2008-6731 (Unrestricted file upload vulnerability in submitlink.php in FlexPHPLin ...)
	NOT-FOR-US: FlexPHPLink Pro
CVE-2008-6730 (Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexP ...)
	NOT-FOR-US: FlexPHPLink Pro
CVE-2008-6729 (Multiple cross-site request forgery (CSRF) vulnerabilities in password ...)
	NOT-FOR-US: PHPmotion
CVE-2008-6728 (SQL injection vulnerability in the Sections module in PHP-Nuke, probab ...)
	NOT-FOR-US: PHP-Nuke
CVE-2008-6727 (Cross-site scripting (XSS) vulnerability in Ultimate PHP Board (UPB) 2 ...)
	NOT-FOR-US: Ultimate PHP Board
CVE-2008-6726 (Multiple directory traversal vulnerabilities in CMScout 2.06, when reg ...)
	NOT-FOR-US: CMScout
CVE-2008-6725 (Multiple SQL injection vulnerabilities in CMScout 2.06 allow remote au ...)
	NOT-FOR-US: CMScout
CVE-2008-6724 (Cross-site scripting (XSS) vulnerability in index.pl in Perl Nopaste 1 ...)
	NOT-FOR-US: Perl Nopaste
CVE-2008-6723 (TurnkeyForms Entertainment Portal 2.0 allows remote attackers to bypas ...)
	NOT-FOR-US: TurnkeyForms
CVE-2008-6722 (Novell Access Manager 3 SP4 does not properly expire X.509 certificate ...)
	NOT-FOR-US: Novell Access Manager
CVE-2008-6721 (SQL injection vulnerability in index.php in AJ Square AJ Article allow ...)
	NOT-FOR-US: AJ Square AJ Article
CVE-2008-6720 (SQL injection vulnerability in admin/adm_login.php in DeltaScripts PHP ...)
	NOT-FOR-US: DeltaScripts PHP Links
CVE-2008-6719 (U&amp;M Software Event Lister (aka JustListIt) 1.0 does not require ad ...)
	NOT-FOR-US: Software Event Lister
CVE-2008-6718 (U&amp;M Software JustBookIt 1.0 does not require administrative authen ...)
	NOT-FOR-US: JustBookIt
CVE-2008-6717 (U&amp;M Software Signup 1.0 and 1.1 does not require administrative au ...)
	NOT-FOR-US: Software Signup
CVE-2008-6716 (homeadmin/adminhome.php in Pre ADS Portal 2.0 and earlier does not req ...)
	NOT-FOR-US: Pre ADS Portal
CVE-2008-6715 (Multiple cross-site scripting (XSS) vulnerabilities in Pre ADS Portal  ...)
	NOT-FOR-US: Pre ADS Portal
CVE-2008-6714 (admin.php in xeCMS 1.0.0 RC2 and earlier allows remote attackers to by ...)
	NOT-FOR-US: xeCMS
CVE-2008-6713 (World in Conflict (WIC) 1.008 and earlier allows remote attackers to c ...)
	NOT-FOR-US: World in Conflict
CVE-2008-6712 (The HTTP/XML-RPC service in Crysis 1.21 (game version 1.1.1.6156) and  ...)
	NOT-FOR-US: Crysis
CVE-2008-6711 (Unspecified vulnerability in the Web administration interface in Avaya ...)
	NOT-FOR-US: Avaya Communication Manager
CVE-2008-6710 (Unspecified vulnerability in the Web administration interface in Avaya ...)
	NOT-FOR-US: Avaya Communication Manager
CVE-2008-6709 (Unspecified vulnerability in the Web management interface in Avaya SIP ...)
	NOT-FOR-US: Avaya SIP Enablement Services
CVE-2008-6708 (Unspecified vulnerability in the Web management interface in Avaya SIP ...)
	NOT-FOR-US: Avaya SIP Enablement Services
CVE-2008-6707 (The Web management interface in Avaya SIP Enablement Services (SES) 3. ...)
	NOT-FOR-US: Avaya SIP Enablement Services
CVE-2008-6706 (Multiple unspecified vulnerabilities in the Web management interface i ...)
	NOT-FOR-US: Avaya SIP Enablement Services
CVE-2008-6705 (The MultipacketReciever::RecievePacket function in S.T.A.L.K.E.R.: Sha ...)
	NOT-FOR-US: S.T.A.L.K.E.R.: Shadow of Chernobyl
CVE-2008-6704 (Integer overflow in the NET_Compressor::Decompress function in S.T.A.L ...)
	NOT-FOR-US: S.T.A.L.K.E.R.: Shadow of Chernobyl
CVE-2008-6703 (Stack-based buffer overflow in the IPureServer::_Recieve function in S ...)
	NOT-FOR-US: S.T.A.L.K.E.R.: Shadow of Chernobyl
CVE-2008-6702 (S.T.A.L.K.E.R.: Shadow of Chernobyl 1.0006 and earlier allows remote a ...)
	NOT-FOR-US: S.T.A.L.K.E.R.: Shadow of Chernobyl
CVE-2008-6701 (NetScout (formerly Network General) Visualizer V2100 and InfiniStream  ...)
	NOT-FOR-US: NetScout Visualizer
CVE-2008-6700 (Multiple cross-site scripting (XSS) vulnerabilities in Butterfly Organ ...)
	NOT-FOR-US: Butterfly Organizer
CVE-2008-6699 (Cross-site scripting (XSS) vulnerability in Resource Library (tjs_resl ...)
	NOT-FOR-US: Resource Library extension for TYPO3
CVE-2008-6698 (Cross-site scripting (XSS) vulnerability in TARGET-E WorldCup Bets (wo ...)
	NOT-FOR-US: WorldCup Bets extension for TYPO3
CVE-2008-6697 (SQL injection vulnerability in TARGET-E WorldCup Bets (worldcup) 2.0.0 ...)
	NOT-FOR-US: WorldCup Bets extension for TYPO3
CVE-2008-6696 (SQL injection vulnerability in Fussballtippspiel (toto) 0.1.1 and earl ...)
	NOT-FOR-US: Fussballtippspiel extension for TYPO3
CVE-2008-6695 (SQL injection vulnerability in TIMTAB social bookmark icons (timtab_so ...)
	NOT-FOR-US: TIMTAB social bookmark icons extension for TYPO3
CVE-2008-6694 (SQL injection vulnerability in Random Prayer (ste_prayer) 0.0.1 for TY ...)
	NOT-FOR-US: Random Prayer extension for TYPO3
CVE-2008-6693 (SQL injection vulnerability in Download system (sb_downloader) extensi ...)
	NOT-FOR-US: Download system extension for TYPO3
CVE-2008-6692 (SQL injection vulnerability in Diocese of Portsmouth Training Courses  ...)
	NOT-FOR-US: Training Courses extension for TYPO3
CVE-2008-6691 (SQL injection vulnerability in Diocese of Portsmouth Calendar Today (p ...)
	NOT-FOR-US: Calendar Today extension for TYPO3
CVE-2008-6690 (Unspecified vulnerability in nepa-design.de Spam Protection (nd_antisp ...)
	NOT-FOR-US: Spam Protection extension for TYPO3
CVE-2008-6689 (SQL injection vulnerability in JobControl (dmmjobcontrol) 1.15.0 and e ...)
	NOT-FOR-US: JobControl extension for TYPO3
CVE-2008-6688 (Cross-site scripting (XSS) vulnerability in JobControl (dmmjobcontrol) ...)
	NOT-FOR-US: JobControl extension for TYPO3
CVE-2008-6687 (Cross-site scripting (XSS) vulnerability in DCD GoogleMap (dcdgooglema ...)
	NOT-FOR-US: DCD GoogleMap extension for TYPO3
CVE-2008-6686 (SQL injection vulnerability in CoolURI (cooluri) 1.0.11 and earlier ex ...)
	NOT-FOR-US: CoolURI extension for TYPO3
CVE-2008-6685 (Unspecified vulnerability in Frontend Filemanager (air_filemanager) 0. ...)
	NOT-FOR-US: Frontend Filemanager extension for TYPO3
CVE-2008-6684 (Unrestricted file upload vulnerability in editimage.php in Apartment S ...)
	NOT-FOR-US: Apartment Search Script
CVE-2008-6683 (Cross-site scripting (XSS) vulnerability in listtest.php in Apartment  ...)
	NOT-FOR-US: Apartment Search Script
CVE-2008-6682 (Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2 ...)
	- libstruts1.2-java <not-affected> (Only affects Struts 2)
CVE-2008-6681 (Cross-site scripting (XSS) vulnerability in dijit.Editor in Dojo befor ...)
	NOT-FOR-US: Dojo
CVE-2008-6679 (Buffer overflow in the BaseFont writer module in Ghostscript 8.62, and ...)
	{DSA-2080-1}
	- ghostscript 8.64~dfsg-1 (medium; bug #524803)
	- gs-gpl <removed> (medium; bug #561717)
CVE-2008-6678 (SQL injection vulnerability in asp/includes/contact.asp in QuickerSite ...)
	NOT-FOR-US: QuickerSite
CVE-2008-6677 (Unrestricted file upload vulnerability in fckeditor251/editor/filemana ...)
	NOT-FOR-US: QuickerSite
CVE-2008-6676 (QuickerSite 1.8.5 allows remote attackers to obtain sensitive informat ...)
	NOT-FOR-US: QuickerSite
CVE-2008-6675 (Multiple cross-site scripting (XSS) vulnerabilities in QuickerSite 1.8 ...)
	NOT-FOR-US: QuickerSite
CVE-2008-6674 (mailPage.asp in QuickerSite 1.8.5 allows remote attackers to flood e-m ...)
	NOT-FOR-US: QuickerSite
CVE-2008-6673 (asp/bs_login.asp in QuickerSite 1.8.5 does not properly restrict acces ...)
	NOT-FOR-US: QuickerSite
CVE-2008-6672 (Vertex4 SunAge 1.08.1 and earlier allows remote attackers to cause a d ...)
	NOT-FOR-US: Vertex4 SunAge
CVE-2008-6671 (Vertex4 SunAge 1.08.1 and earlier allows remote attackers to cause a d ...)
	NOT-FOR-US: Vertex4 SunAge
CVE-2008-6670 (Integer overflow in Vertex4 SunAge 1.08.1 and earlier allows remote at ...)
	NOT-FOR-US: Vertex4 SunAge
CVE-2008-6669 (viewrq.php in nweb2fax 0.2.7 and earlier allows remote attackers to ex ...)
	NOT-FOR-US: nweb2fax
CVE-2008-6668 (Multiple directory traversal vulnerabilities in nweb2fax 0.2.7 and ear ...)
	NOT-FOR-US: nweb2fax
CVE-2008-6667 (A+ PHP Scripts News Management System (NMS) allows remote attackers to ...)
	NOT-FOR-US: A+ PHP Scripts News Management System (NMS)
CVE-2008-6666 (Multiple cross-site scripting (XSS) vulnerabilities in Kronos webTA al ...)
	NOT-FOR-US: Kronos webTA
CVE-2008-6665 (change.php in Ananta CMS 1.0b5, with magic_quotes_gpc disabled, allows ...)
	NOT-FOR-US: Ananta CMS
CVE-2008-6664 (action.php in SH-News 3.0 allows remote attackers to bypass authentica ...)
	NOT-FOR-US: SH-News
CVE-2008-6663 (SQL injection vulnerability in profile.php in PHPAuctions.info PHPAuct ...)
	NOT-FOR-US: PHPAuctions
CVE-2008-6662 (AVG Anti-Virus for Linux 7.5.51, and possibly earlier, allows remote a ...)
	NOT-FOR-US: AVG Anti-Virus
CVE-2008-6661 (Multiple integer overflows in the scanning engine in Bitdefender for L ...)
	NOT-FOR-US: Bitdefender
CVE-2008-6660 (Unrestricted file upload vulnerability in bigdump.php in Alexey Ozerov ...)
	NOT-FOR-US: Alexey Ozerov BigDump
CVE-2008-6659 (Directory traversal vulnerability in index.php in Simple Machines Foru ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2008-6658 (Directory traversal vulnerability in index.php in Simple Machines Foru ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2008-6657 (Cross-site request forgery (CSRF) vulnerability in index.php in Simple ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2008-6680 (libclamav/pe.c in ClamAV before 0.95 allows remote attackers to cause  ...)
	{DSA-1771-1}
	- clamav 0.95.1+dfsg-1 (medium; bug #523016)
CVE-2008-6656 (Multiple SQL injection vulnerabilities in Open Auto Classifieds 1.4.3b ...)
	NOT-FOR-US: Open Auto Classifieds
CVE-2008-6655 (Multiple cross-site scripting (XSS) vulnerabilities in GEDCOM_TO_MYSQL ...)
	NOT-FOR-US: GEDCOM_TO_MYSQL
CVE-2008-6654 (Cross-site scripting (XSS) vulnerability in search_results.php in Info ...)
	NOT-FOR-US: InfoBiz Server
CVE-2008-6653 (SQL injection vulnerability in webhosting.php in the Webhosting Compon ...)
	NOT-FOR-US: Joomla!
CVE-2008-6652 (SQL injection vulnerability in asd.php in OneCMS 2.5 allows remote att ...)
	NOT-FOR-US: OneCMS
CVE-2008-6651 (Static code injection vulnerability in edithistory.php in OxYProject O ...)
	NOT-FOR-US: OxYProject OxYBox
CVE-2008-6650 (del.php in miniBloggie 1.0 allows remote attackers to delete arbitrary ...)
	NOT-FOR-US: miniBloggie
CVE-2008-6649 (SQL injection vulnerability in manager/image_details_editor.php in Kto ...)
	NOT-FOR-US: Ktools PhotoStore
CVE-2008-6648 (SQL injection vulnerability in crumbs.php in Ktools PhotoStore 3.4.3 a ...)
	NOT-FOR-US: Ktools PhotoStore
CVE-2008-6647 (SQL injection vulnerability in gallery.php in Ktools PhotoStore 3.4.3  ...)
	NOT-FOR-US: Ktools PhotoStore
CVE-2008-6646 (Cross-site scripting (XSS) vulnerability in index.php in CoronaMatrix  ...)
	NOT-FOR-US: CoronaMatrix phpAddressBook
CVE-2008-6645 (Cross-site scripting (XSS) vulnerability in Opencosmo VisualSentinel 0 ...)
	NOT-FOR-US: Opencosmo VisualSentinel
CVE-2008-6644 (Cross-site scripting (XSS) vulnerability in Default.aspx in DotNetNuke ...)
	NOT-FOR-US: DotNetNuke
CVE-2008-6643 (LokiCMS 0.3.4 and possibly earlier versions does not properly restrict ...)
	NOT-FOR-US: LokiCMS
CVE-2008-6642 (SQL injection vulnerability in view.php in DotContent FluentCMS 4.x al ...)
	NOT-FOR-US: DotContent FluentCMS
CVE-2008-6641 (Multiple SQL injection vulnerabilities in Shader TV (Beta) allow remot ...)
	NOT-FOR-US: Shader TV
CVE-2008-6640 (Multiple SQL injection vulnerabilities in BatmanPorTaL allow remote at ...)
	NOT-FOR-US: BatmanPorTaL
CVE-2008-6639 (Cross-site request forgery (CSRF) vulnerability in admin.php in AjaXpl ...)
	- ajaxplorer <itp> (bug #668381)
CVE-2008-6638 (Insecure method vulnerability in the Versalsoft HTTP Image Uploader Ac ...)
	NOT-FOR-US: Versalsoft HTTP Image Uploader ActiveX
CVE-2008-6637 (Multiple cross-site scripting (XSS) vulnerabilities in forgotPW.php in ...)
	NOT-FOR-US: Library Video Company SAFARI Montage
CVE-2008-6636 (PHP remote file inclusion vulnerability in skins/default.php in Geody  ...)
	NOT-FOR-US: Geody Labs Dagger
CVE-2008-6635 (PHP remote file inclusion vulnerability in skins/default.php in Geody  ...)
	NOT-FOR-US: Geody Labs Dagger
CVE-2008-6634 (SQL injection vulnerability in RoomPHPlanning 1.5 allows remote attack ...)
	NOT-FOR-US: RoomPHPlanning
CVE-2008-6633 (SQL injection vulnerability in RoomPHPlanning 1.5 allows remote attack ...)
	NOT-FOR-US: RoomPHPlanning
CVE-2008-6632 (SQL injection vulnerability in func/login.php in MercuryBoard 1.1.5 an ...)
	NOT-FOR-US: MercuryBoard
CVE-2008-6631 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Bl ...)
	NOT-FOR-US: BlogPHP
CVE-2008-6630 (Directory traversal vulnerability in the wt_gallery extension 2.5.0 an ...)
	NOT-FOR-US: wt_gallery extension for TYPO3
CVE-2008-6629 (Cross-site scripting (XSS) vulnerability in detail.php in WEBBDOMAIN M ...)
	NOT-FOR-US: WEBBDOMAIN Multi Languages WebShop Online
CVE-2008-6628
	REJECTED
CVE-2008-6627 (SQL injection vulnerability in getin.php in WEBBDOMAIN WebShop 1.2, 1. ...)
	NOT-FOR-US: WEBBDOMAIN Multi Languages WebShop Online
CVE-2008-6626 (SQL injection vulnerability in getin.php in WEBBDOMAIN Quiz 1.02 and e ...)
	NOT-FOR-US: WEBBDOMAIN Multi Languages WebShop Online
CVE-2008-6625 (SQL injection vulnerability in getin.php in WEBBDOMAIN Polls (aka Poll ...)
	NOT-FOR-US: WEBBDOMAIN Multi Languages WebShop Online
CVE-2008-6624 (SQL injection vulnerability in getin.php in WEBBDOMAIN Petition 1.02,  ...)
	NOT-FOR-US: WEBBDOMAIN Multi Languages WebShop Online
CVE-2008-6623 (SQL injection vulnerability in getin.php in WEBBDOMAIN Post Card (aka  ...)
	NOT-FOR-US: WEBBDOMAIN Multi Languages WebShop Online
CVE-2008-6622 (SQL injection vulnerability in choosecard.php in WEBBDOMAIN Post Card  ...)
	NOT-FOR-US: WEBBDOMAIN Multi Languages WebShop Online
CVE-2008-6621 (Unspecified vulnerability in GraphicsMagick before 1.2.3 allows remote ...)
	{DSA-1903-1}
	- graphicsmagick 1.2.3-1
CVE-2008-6620 (Multiple cross-site scripting (XSS) vulnerabilities in javascript/edit ...)
	NOT-FOR-US: GraFX miniCWB
CVE-2008-6619 (Unrestricted file upload vulnerability in class/ApplyDB.php in ClassSy ...)
	NOT-FOR-US: ClassSystem
CVE-2008-6618 (Multiple SQL injection vulnerabilities in ClassSystem 2.3 allow remote ...)
	NOT-FOR-US: ClassSystem
CVE-2008-6617 (Unrestricted file upload vulnerability in adm/visual/upload.php in Sit ...)
	NOT-FOR-US: SiteXS CMS
CVE-2008-6616 (Cross-site scripting (XSS) vulnerability in index.php in Zen Software  ...)
	NOT-FOR-US: Zen Software Zen Cart
CVE-2008-6615 (SQL injection vulnerability in index.php in Zen Software Zen Cart 2008 ...)
	NOT-FOR-US: Zen Software Zen Cart
CVE-2008-6614 (Multiple SQL injection vulnerabilities in microcms-admin-login.php in  ...)
	NOT-FOR-US: Micro CMS
CVE-2008-6613 (uploader.php in minimal-ablog 0.4 does not properly restrict access, w ...)
	NOT-FOR-US: minimal-ablog
CVE-2008-6612 (Unrestricted file upload vulnerability in admin/uploader.php in Minima ...)
	NOT-FOR-US: minimal-ablog
CVE-2008-6611 (SQL injection vulnerability in index.php in Minimal ABlog 0.4 allows r ...)
	NOT-FOR-US: minimal-ablog
CVE-2008-6610 (Absolute path traversal vulnerability in phpcksec.php in Stefan Ott ph ...)
	NOT-FOR-US: phpcksec
CVE-2008-6609 (Cross-site scripting (XSS) vulnerability in phpcksec.php in Stefan Ott ...)
	NOT-FOR-US: phpcksec
CVE-2008-6608 (Multiple SQL injection vulnerabilities in DevelopItEasy Events Calenda ...)
	NOT-FOR-US: DevelopItEasy Events Calendar
CVE-2008-6607 (Cross-site scripting (XSS) vulnerability in view.php in MatPo Link 1.2 ...)
	NOT-FOR-US: MatPo Link
CVE-2008-6606 (SQL injection vulnerability in view.php in MatPo Link 1.2 Beta allows  ...)
	NOT-FOR-US: MatPo Link
CVE-2008-6605 (Cross-site request forgery (CSRF) vulnerability in the xslt script in  ...)
	NOT-FOR-US: 2wire
CVE-2008-6604 (Directory traversal vulnerability in index.php in PicoFlat CMS 0.5.9 a ...)
	NOT-FOR-US: PicoFlat CMS
CVE-2008-6603 (MoinMoin 1.6.2 and 1.7 does not properly enforce ACL checks when acl_h ...)
	- moin 1.7.1-1 (low)
	[etch] - moin <not-affected> (Vulnerable code not present)
CVE-2008-6602 (Unspecified vulnerability in Download Center Lite before 2.1 has unkno ...)
	NOT-FOR-US: Download Center Lite
CVE-2008-6601 (Unspecified vulnerability in Epona 1.5rc3 allows remote attackers to o ...)
	NOT-FOR-US: Epona
CVE-2008-6600 (Cross-site scripting (XSS) vulnerability in the search feature in XMLP ...)
	NOT-FOR-US: XMLPortal
CVE-2008-6599 (cookiecheck.php in CookieCheck 1.0 stores tmp/cc_sessions under the we ...)
	NOT-FOR-US: CookieCheck
CVE-2008-6598 (Multiple race conditions in WANPIPE before 3.3.6 have unknown impact a ...)
	NOT-FOR-US: WANPIPE
CVE-2008-6597 (Cross-site scripting (XSS) vulnerability in upload/install/index.php i ...)
	NOT-FOR-US: PHCDownload
CVE-2008-6596 (SQL injection vulnerability in admin/index.php in PHCDownload 1.1 allo ...)
	NOT-FOR-US: PHCDownload
CVE-2008-6595 (SQL injection vulnerability in the pmk_rssnewsexport extension for TYP ...)
	NOT-FOR-US: pmk_rssnewsexport extension for TYPO3
CVE-2008-6594 (SQL injection vulnerability in the cm_rdfexport extension for TYPO3 al ...)
	NOT-FOR-US: 3dparty typo3 extension
CVE-2008-6593 (SQL injection vulnerability in LightNEasy/lightneasy.php in LightNEasy ...)
	NOT-FOR-US: LightNEasy SQLite
CVE-2008-6592 (thumbsup.php in Thumbs-Up 1.12, as used in LightNEasy "no database" (a ...)
	NOT-FOR-US: LightNEasy SQLite
CVE-2008-6591 (LightNEasy "no database" (aka flat) version 1.2.2, and possibly SQLite ...)
	NOT-FOR-US: LightNEasy SQLite
CVE-2008-6590 (Multiple directory traversal vulnerabilities in LightNEasy "no databas ...)
	NOT-FOR-US: LightNEasy SQLite
CVE-2008-6589 (Multiple cross-site scripting (XSS) vulnerabilities in LightNEasy "no  ...)
	NOT-FOR-US: LightNEasy SQLite
CVE-2008-6588 (Aztech ADSL2/2+ 4-port router has a default "isp" account with a defau ...)
	NOT-FOR-US: Aztech port router
CVE-2008-6587 (Cross-site request forgery (CSRF) vulnerability in index.tmpl in Vuze  ...)
	NOT-FOR-US: Azureus HTML WebUI
CVE-2008-6586 (Cross-site request forgery (CSRF) vulnerability in gui/index.php in &# ...)
	NOT-FOR-US: ?Torrent (uTorrent) WebUI
CVE-2008-6585 (Cross-site request forgery (CSRF) vulnerability in html/admin.php in T ...)
	- torrentflux <not-affected> (Debian packaging uses a different directory layout, see bug #531614)
CVE-2008-6584 (html/index.php in TorrentFlux 2.3 allows remote authenticated users to ...)
	- torrentflux <not-affected> (Debian packaging uses a different directory layout, see bug #531614)
CVE-2008-6583 (Buffer overflow in BS.player 2.27 build 959 allows remote attackers to ...)
	NOT-FOR-US: BS.player
CVE-2008-6582 (SQL injection vulnerability in index.php in Miniweb 2.0 allows remote  ...)
	NOT-FOR-US: Miniweb
CVE-2008-6581 (login.php in PhpAddEdit 1.3 allows remote attackers to bypass authenti ...)
	NOT-FOR-US: PhpAddEdit
CVE-2008-6580 (The Red_Reservations script for ColdFusion stores sensitive informatio ...)
	NOT-FOR-US: ColdFusion
CVE-2008-6579 (Nortel Communication Server 1000 4.50.x allows remote attackers to obt ...)
	NOT-FOR-US: Nortel Communication Server
CVE-2008-6578 (Multiple unspecified vulnerabilities in Nortel Communication Server 10 ...)
	NOT-FOR-US: Nortel Communication Server
CVE-2008-6577 (Nortel MG1000S, Signaling Server, and Call Server on the Communication ...)
	NOT-FOR-US: Nortel appliances
CVE-2008-6576 (Unspecified vulnerability in the "session limitation technique" in the ...)
	NOT-FOR-US: Nortel Communication Server
CVE-2008-6575 (Unspecified vulnerability in the SIP server in SIP Enablement Services ...)
	NOT-FOR-US: Avaya Communication Manager
CVE-2008-6574 (Unspecified vulnerability in SIP Enablement Services (SES) in Avaya Co ...)
	NOT-FOR-US: Avaya Communication Manager
CVE-2008-6573 (Multiple SQL injection vulnerabilities in Avaya SIP Enablement Service ...)
	NOT-FOR-US: Avaya Communication Manager
CVE-2008-6572 (SQL injection vulnerability in search_results.php in ABK-Soft AbleDati ...)
	NOT-FOR-US: ABK-Soft AbleDating
CVE-2008-6571 (Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before 1 ...)
	NOT-FOR-US: LinPHA
CVE-2008-6570 (Cross-site scripting (XSS) vulnerability in the RSS reader in Cybozu G ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2008-6569 (Session fixation vulnerability in Cybozu Garoon 2.0.0 through 2.1.3 al ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2008-6568 (Unrestricted file upload vulnerability in Yehe 2.0 allows remote attac ...)
	NOT-FOR-US: Yehe
CVE-2008-6567 (Multiple cross-site scripting (XSS) vulnerabilities in Gallarific Free ...)
	NOT-FOR-US: Gallarific Free Edition
CVE-2008-6566 (Unspecified vulnerability in Octopussy before 0.9.5.8 has unknown impa ...)
	NOT-FOR-US: Octopussy
CVE-2008-6565 (Cross-site scripting (XSS) vulnerability in Invision Power Board 2.3.1 ...)
	NOT-FOR-US: Invision Power Board
CVE-2008-6564 (Nortel UNIStim protocol, as used in Communication Server 1000 and othe ...)
	NOT-FOR-US: Nortel Communication Server
CVE-2008-6563 (Buffer overflow in the XML parser in Trillian 3.1.9.0, and possibly ea ...)
	NOT-FOR-US: Trillian
CVE-2008-6562 (Cross-site scripting (XSS) vulnerability in jax_linklists.php in Jack  ...)
	NOT-FOR-US: Jack (tR) Jax LinkLists
CVE-2008-6561 (Citrix Presentation Server Client for Windows before 10.200 does not c ...)
	NOT-FOR-US: Citrix
CVE-2008-6560 (Buffer overflow in CMAN - The Cluster Manager before 2.03.09-1 on Fedo ...)
	- redhat-cluster 2.20081102-1
	NOTE: This seems like a non-issue, since the config file should be under control
	NOTE: of the admin?
	NOTE: Fixed in 2.03.09 upstream version.
CVE-2008-6559 (Merge mcd in ReliantHA 1.1.4 in SCO UnixWare 7.1.4 allows local users  ...)
	NOT-FOR-US: SCO UnixWare
CVE-2008-6558 (Untrusted search path vulnerability in (1) hvdisp and (2) rcvm in Reli ...)
	NOT-FOR-US: SCO UnixWare
CVE-2008-6557 (cgi-bin/webutil.pl in The Puppet Master WebUtil 2.7 allows remote atta ...)
	NOT-FOR-US: Puppet Master WebUtit, different than puppetmaster from puppet
CVE-2008-6556 (cgi-bin/webutil.pl in The Puppet Master WebUtil 2.3 allows remote atta ...)
	NOT-FOR-US: Puppet Master WebUtit, different than puppetmaster from puppet
CVE-2008-6555 (cgi-bin/webutil.pl in The Puppet Master WebUtil allows remote attacker ...)
	NOT-FOR-US: Puppet Master WebUtit, different than puppetmaster from puppet
CVE-2008-6554 (cgi-bin/script in Aztech ADSL2/2+ 4-port router 3.7.0 build 070426 all ...)
	NOT-FOR-US: Aztech router
CVE-2008-6553 (microcms-admin-home.php in Implied by Design Micro CMS (Micro-CMS) 3.5 ...)
	NOT-FOR-US: Micro CMS
CVE-2008-6552 (Red Hat Cluster Project 2.x allows local users to modify or overwrite  ...)
	- redhat-cluster 2.20081102-1
	NOTE: Fixed in 2.03.09 upstream version.
	NOTE: Similar to CVE-2008-4192 and CVE-2008-4579
CVE-2008-6551 (Multiple directory traversal vulnerabilities in e-Vision CMS 2.0.2 and ...)
	NOT-FOR-US: e-vision CMS
CVE-2008-6550 (Cross-site scripting (XSS) vulnerability in glossaire.php in Glossaire ...)
	NOT-FOR-US: Glossaire
CVE-2008-6549 (The password_checker function in config/multiconfig.py in MoinMoin 1.6 ...)
	- moin 1.6.2-1 (low)
CVE-2008-6548 (The rst parser (parser/text_rst.py) in MoinMoin 1.6.1 does not check t ...)
	- moin 1.6.2-1 (low)
CVE-2008-6547 (schema.py in FormEncode for Python (python-formencode) 1.0 does not ap ...)
	- python-formencode 1.0.1-1
	[etch] - python-formencode <not-affected> (Vulnerable code was introduced in 1.0)
CVE-2008-6546 (Unspecified vulnerability in phpns before 2.1.3 has unknown impact and ...)
	NOT-FOR-US: phpns
CVE-2008-6545 (PHP remote file inclusion vulnerability in news/include/createdb.php i ...)
	NOT-FOR-US: Web Server Creator Web Portal
CVE-2008-6544
	NOT-FOR-US: Simple Machines Forum
CVE-2008-6543 (Multiple PHP remote file inclusion vulnerabilities in ComScripts TEAM  ...)
	NOT-FOR-US: ComScripts TEAM Quick Classifieds
CVE-2008-6542 (Unspecified vulnerability in the Skin Manager in DotNetNuke before 4.8 ...)
	NOT-FOR-US: DotNetNuke
CVE-2008-6541 (Unrestricted file upload vulnerability in the file manager module in D ...)
	NOT-FOR-US: DotNetNuke
CVE-2008-6540 (DotNetNuke before 4.8.2, during installation or upgrade, does not warn ...)
	NOT-FOR-US: DotNetNuke
CVE-2008-6539 (Static code injection vulnerability in user/settings/ in DeStar 0.2.2- ...)
	- destar <removed> (bug #522123)
CVE-2008-6538 (DeStar 0.2.2-5 allows remote attackers to add arbitrary users via a di ...)
	- destar <not-affected> (bug #522123)
	NOTE: we include a default configuration user which can be changed with instructions in README.Debian
CVE-2008-6537 (LightNEasy/lightneasy.php in LightNEasy No database version 1.2 allows ...)
	NOT-FOR-US: LightNEasy No database
CVE-2008-6536 (Unspecified vulnerability in 7-zip before 4.5.7 has unknown impact and ...)
	- p7zip 4.57~dfsg.1-1
CVE-2008-6535 (admin/settings.php in PayPal eStores allows remote attackers to bypass ...)
	NOT-FOR-US: PayPal eStores
CVE-2008-6534 (Incomplete blacklist vulnerability in NULL FTP Server Free and Pro 1.1 ...)
	NOT-FOR-US: NULL FTP Server
CVE-2008-6533 (Drupal 5.x before 5.13 and 6.x before 6.7 does not delete all related  ...)
	- drupal5 5.14-1 (low)
	- drupal6 6.9-1 (low)
	[lenny] - drupal6 6.6-1.1
CVE-2008-6532 (Multiple cross-site request forgery (CSRF) vulnerabilities in the upda ...)
	- drupal5 5.14-1 (low)
	- drupal6 6.9-1 (low)
	[lenny] - drupal6 6.6-1.1
CVE-2008-6531 (The WebWork 1 web application framework in Atlassian JIRA before 3.13. ...)
	NOT-FOR-US: Atlassian JIRA
CVE-2008-6530 (Unrestricted file upload vulnerability in editimage.php in eZoneScript ...)
	NOT-FOR-US: eZoneScripts Living Local
CVE-2008-6529 (Cross-site scripting (XSS) vulnerability in listtest.php in eZoneScrip ...)
	NOT-FOR-US: eZoneScripts Living Local
CVE-2008-6528 (NTFS TmaxSoft JEUS 5 before Fix 26 allows remote attackers to read the ...)
	NOT-FOR-US: NTFS TmaxSoft JEUS 5
CVE-2008-6527 (SQL injection vulnerability in forum.asp in GO4I.NET ASP Forum 1.0 all ...)
	NOT-FOR-US: GO4I.NET ASP Forum
CVE-2008-6526 (SQL injection vulnerability in index.php in BosDev BosClassifieds allo ...)
	NOT-FOR-US: BosClassifieds
CVE-2008-6525 (SQL injection vulnerability in the Admin Panel in Nice PHP FAQ Script  ...)
	NOT-FOR-US: Nice PHP FAQ Script
CVE-2008-6524 (resetpass.php in openInvoice 0.90 beta and earlier allows remote authe ...)
	NOT-FOR-US: openInvoice
CVE-2008-6523 (auth.php in openInvoice 0.90 beta and earlier allows remote attackers  ...)
	NOT-FOR-US: openInvoice
CVE-2008-6522 (Multiple directory traversal vulnerabilities in the RenderFile functio ...)
	NOT-FOR-US: OpenTerracotta
CVE-2008-6521 (index.php in Terracotta (aka OpenTerracotta) 0.6.1 allows remote attac ...)
	NOT-FOR-US: OpenTerracotta
CVE-2008-6520 (Multiple format string vulnerabilities in the SSI filter in Xitami Web ...)
	NOT-FOR-US: Xitami Web Server
CVE-2008-6519 (Format string vulnerability in Xitami Web Server 2.2a through 2.5c2, a ...)
	NOT-FOR-US: Xitami Web Server
CVE-2008-6518 (Unrestricted file upload vulnerability in the profile feature in VidiS ...)
	NOT-FOR-US: VidiScript
CVE-2008-6517 (SQL injection vulnerability in NewsHOWLER 1.03 Beta allows remote atta ...)
	NOT-FOR-US: NewsHOWLER
CVE-2008-6516 (Multiple directory traversal vulnerabilities in phpKF-Portal 1.10 allo ...)
	NOT-FOR-US: phpKF-Portal
CVE-2008-6515 (Cross-site scripting (XSS) vulnerability in Fritz Berger yet another p ...)
	NOT-FOR-US: yappa-ng
CVE-2008-6514 (The Expo plugin in Compiz Fusion 0.7.8 allows local users with physica ...)
	- compiz-fusion-plugins-main 0.8.2-1 (low)
	[lenny] - compiz-fusion-plugins-main <no-dsa> (Minor issue)
CVE-2008-6513 (Unrestricted file upload vulnerability in saa.php in Andy's PHP Knowle ...)
	NOT-FOR-US: Andy's PHP Knowledgebase
CVE-2008-6512 (Cross-domain vulnerability in the WorkerPool API in Google Gears befor ...)
	NOT-FOR-US: Google Gears
CVE-2008-6511 (Open redirect vulnerability in login.jsp in Openfire 3.6.0a and earlie ...)
	NOT-FOR-US: Openfire
CVE-2008-6510 (Cross-site scripting (XSS) vulnerability in login.jsp in the Admin Con ...)
	NOT-FOR-US: Openfire
CVE-2008-6509 (SQL injection vulnerability in CallLogDAO in SIP Plugin in Openfire 3. ...)
	NOT-FOR-US: Openfire
CVE-2008-6508 (Directory traversal vulnerability in the AuthCheck filter in the Admin ...)
	NOT-FOR-US: Openfire
CVE-2008-6507 (Unspecified vulnerability in phpBB before 3.0.4 allows attackers to ob ...)
	- phpbb3 3.0.2-4
CVE-2008-6505 (Multiple directory traversal vulnerabilities in Apache Struts 2.0.x be ...)
	- libstruts1.2-java <not-affected> (Vulnerable code not present)
	NOTE: looks like this was introduced in 2.x, see upstream trunk r688095
CVE-2008-6504 (ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1 ...)
	NOT-FOR-US: OpenSymphony XWork
CVE-2008-6503 (Multiple cross-site scripting (XSS) vulnerabilities in PrestaShop 1.1. ...)
	NOT-FOR-US: PrestaShop
CVE-2008-6502 (Directory traversal vulnerability in Pro Chat Rooms 3.0.2 allows remot ...)
	NOT-FOR-US: Pro Chat Rooms
CVE-2008-6501 (Cross-site scripting (XSS) vulnerability in profiles/index.php in Pro  ...)
	NOT-FOR-US: Pro Chat Rooms
CVE-2008-6500 (Cross-site scripting (XSS) vulnerability in CodeToad ASP Shopping Cart ...)
	NOT-FOR-US: CodeToad ASP Shopping Cart Script
CVE-2008-6499 (security/xamppsecurity.php in XAMPP 1.6.8 performs an extract operatio ...)
	NOT-FOR-US: XAMPP
CVE-2008-6498 (Cross-site request forgery (CSRF) vulnerability in security/xamppsecur ...)
	NOT-FOR-US: XAMPP
CVE-2008-6497 (The Neostrada Livebox ADSL Router allows remote attackers to cause a d ...)
	NOT-FOR-US: Neostrada Livebox ADSL Router
CVE-2008-6496 (Insecure method vulnerability in the VSPDFEditorX.VSPDFEdit ActiveX co ...)
	NOT-FOR-US: VSPDFEditorX.ocx
CVE-2008-6495 (Cross-site scripting (XSS) vulnerability in index.php in Fritz Berger  ...)
	NOT-FOR-US: Fritz Berger yet another php photo album - next generation
CVE-2008-6494 (ASP User Engine.NET stores sensitive information under the web root wi ...)
	NOT-FOR-US: ASP User Engine.NET
CVE-2008-6493 (Easy Content Management Publishing stores sensitive information under  ...)
	NOT-FOR-US: Easy Content Management Publishing
CVE-2008-6492 (Unrestricted file upload vulnerability in process.php in Tizag Countdo ...)
	NOT-FOR-US: Tizag Countdown Creator
CVE-2008-6491 (PHP remote file inclusion vulnerability in connexion.php in PHPGKit 0. ...)
	NOT-FOR-US: PHPGKit
CVE-2008-6490 (function/update_xml.php in FLABER 1.1 and earlier allows remote attack ...)
	NOT-FOR-US: FLABER
CVE-2008-6489 (SQL injection vulnerability in MyAlbum component (com_myalbum) 1.0 for ...)
	NOT-FOR-US: MyAlbum component (com_myalbum) for Joomla!
CVE-2008-6488 (SQL injection vulnerability in index.php in SoftComplex PHP Image Gall ...)
	NOT-FOR-US: SoftComplex PHP Image Gallery
CVE-2008-6487 (Multiple SQL injection vulnerabilities in login.asp in Digiappz DigiAf ...)
	NOT-FOR-US: Digiappz DigiAffiliate
CVE-2008-6486 (PHP remote file inclusion vulnerability in slideshow_uploadvideo.conte ...)
	NOT-FOR-US: sharedlog CMS
CVE-2008-6485 (SQL injection vulnerability in index.php in SoftComplex PHP Image Gall ...)
	NOT-FOR-US: SoftComplex PHP Image Gallery
CVE-2008-6484 (SQL injection vulnerability in login.php in Mole Group Taxi Map Script ...)
	NOT-FOR-US: Mole Group Taxi Map Script
CVE-2008-6483 (PHP remote file inclusion vulnerability in admin.googlebase.php in the ...)
	NOT-FOR-US: Ecom Solutions VirtueMart Google Base (aka com_googlebase or Froogle) component for Joomla!
CVE-2008-6482 (PHP remote file inclusion vulnerability in admin.treeg.php in the Flas ...)
	NOT-FOR-US: Flash Tree Gallery (com_treeg) component for Joomla!
CVE-2008-6481 (SQL injection vulnerability in the Versioning component (com_versionin ...)
	NOT-FOR-US: Versioning component (com_versioning) in Joomla! and Mambo
CVE-2008-6480 (Cross-site request forgery (CSRF) vulnerability in engine/modules/imag ...)
	NOT-FOR-US: Datalife Engine
CVE-2008-6479 (Cross-site request forgery (CSRF) vulnerability in the "change passwor ...)
	NOT-FOR-US: swsoft
CVE-2008-6478 (Cross-site request forgery (CSRF) vulnerability in the file manager in ...)
	NOT-FOR-US: swsoft
CVE-2008-6477 (SQL injection vulnerability in Mumbo Jumbo Media OP4 allows remote att ...)
	NOT-FOR-US: Mumbo Jumbo Media
CVE-2008-6476 (Cross-site scripting (XSS) vulnerability in blog/search.aspx in BlogEn ...)
	NOT-FOR-US: BlogEngine.NET
CVE-2008-6475 (SQL injection vulnerability in the guestbook component (components/gue ...)
	NOT-FOR-US: Drake CMS
CVE-2008-6474 (The management interface in F5 BIG-IP 9.4.3 allows remote authenticate ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2008-6473 (_blogadata/include/init_pass2.php in Blogator-script 0.95 allows remot ...)
	NOT-FOR-US: Blogator-script
CVE-2008-6472 (The WLCCP dissector in Wireshark 0.99.7 through 1.0.4 allows remote at ...)
	[etch] - wireshark <not-affected> (vulnerable code not present)
	[lenny] - wireshark 1.0.2-3+lenny3
	- wireshark 1.0.5-1 (low; bug #506741)
CVE-2008-6471 (SQL injection vulnerability in detail.php in MountainGrafix easyLink 1 ...)
	NOT-FOR-US: MountainGrafix easyLink
CVE-2008-6470 (Multiple unspecified vulnerabilities in ClanSphere before 2008.2.1 all ...)
	NOT-FOR-US: ClanSphere
CVE-2008-6469 (SQL injection vulnerability in index.php in PlainCart 1.1.2 allows rem ...)
	NOT-FOR-US: PlainCart
CVE-2008-6468 (SQL injection vulnerability in index.php in Diesel Pay allows remote a ...)
	NOT-FOR-US: Diesel Pay
CVE-2008-6467 (SQL injection vulnerability in jobs/jobseekers/job-info.php in Diesel  ...)
	NOT-FOR-US: Diesel Pay
CVE-2008-6466 (SQL injection vulnerability in image_gallery.php in the Akira Powered  ...)
	NOT-FOR-US: e107
CVE-2008-6465 (Multiple cross-site scripting (XSS) vulnerabilities in login.php in we ...)
	NOT-FOR-US: Parallels H-Sphere
CVE-2008-6464 (SQL injection vulnerability in event.php in Mevin Productions Basic PH ...)
	NOT-FOR-US: Mevin Productions Basic PHP Events Lister
CVE-2008-6463 (SQL injection vulnerability in the Diocese of Portsmouth Church Search ...)
	NOT-FOR-US: Diocese of Portsmouth Church Search extension for TYPO3
CVE-2008-6462 (SQL injection vulnerability in the My quiz and poll (myquizpoll) exten ...)
	NOT-FOR-US: My quiz and poll
CVE-2008-6461 (SQL injection vulnerability in the Random Prayer 2 (ste_prayer2) exten ...)
	NOT-FOR-US: TYPO3 addon Random Prayer
CVE-2008-6460 (SQL injection vulnerability in the Simple Random Objects (mw_random_ob ...)
	NOT-FOR-US: TYPO3 addon Simple Random Objects
CVE-2008-6459 (SQL injection vulnerability in the auto BE User Registration (autobeus ...)
	NOT-FOR-US: TYPO3 addon auto BE User Registration
CVE-2008-6458 (SQL injection vulnerability in the FE address edit for tt_address &amp ...)
	NOT-FOR-US: TYPO3 addon
CVE-2008-6457 (SQL injection vulnerability in the Swigmore institute (cgswigmore) ext ...)
	NOT-FOR-US: TYPO3 addon
CVE-2008-6456 (SQL injection vulnerability in the HBook (h_book) extension 2.3.0 and  ...)
	NOT-FOR-US: TYPO3 addon
CVE-2008-6455 (Session fixation vulnerability in Edikon phpShop 0.8.1 allows remote a ...)
	NOT-FOR-US: Edikon phpShop
CVE-2008-6454 (SQL injection vulnerability in section.php in 6rbScript 3.3 allows rem ...)
	NOT-FOR-US: 6rbScript
CVE-2008-6453 (Directory traversal vulnerability in section.php in 6rbScript 3.3, whe ...)
	NOT-FOR-US: 6rbScript
CVE-2008-6452 (SQL injection vulnerability in show_vote.php in Oceandir 2.9 and earli ...)
	NOT-FOR-US: Oceandir
CVE-2008-6451 (SQL injection vulnerability in humor.php in jPORTAL 2 allows remote at ...)
	NOT-FOR-US: jPORTAL
CVE-2008-6450 (Cross-site scripting (XSS) vulnerability in Under Construction, Baby ( ...)
	NOT-FOR-US: Under Construction, Baby
CVE-2008-6449 (Cross-site request forgery (CSRF) vulnerability in multiple Century Sy ...)
	NOT-FOR-US: Century Systems routers
CVE-2008-6448 (Cross-site scripting (XSS) vulnerability in install.cgi in SKYARC Syst ...)
	NOT-FOR-US: SKYARC System MTCMS WYSIWYG Editor
CVE-2008-6447 (Buffer overflow in emmailstore.dll 6.5.0.3 in the QuikSoft EasyMail Ma ...)
	NOT-FOR-US: QuikSoft EasyMail
CVE-2008-6446 (Static code injection vulnerability in the Guestbook component in CMS  ...)
	NOT-FOR-US: CMS MAXSITE
CVE-2008-6445 (Unspecified vulnerability in YourPlace before 1.0.1 has unknown impact ...)
	NOT-FOR-US: YourPlace
CVE-2008-6444 (Stack-based buffer overflow in CSTransfer.dll in Baidu Hi IM might all ...)
	NOT-FOR-US: Baidu Hi IM
CVE-2008-6443 (SQL injection vulnerability in forum_duzen.php in phpKF allows remote  ...)
	NOT-FOR-US: phpKF
CVE-2008-6442 (Insecure method vulnerability in Sina Inc. DLoader Class ActiveX Contr ...)
	NOT-FOR-US: Sina Inc. DLoader Class ActiveX
CVE-2008-6441 (Format string vulnerability in the Epic Games Unreal engine client, as ...)
	NOT-FOR-US: Epic Games Unreal engine client
CVE-2008-6440 (Cerberus Helpdesk before 4.0 (Build 600) allows remote attackers to ob ...)
	NOT-FOR-US: Cerberus Helpdesk
CVE-2008-6439 (Cross-site scripting (XSS) vulnerability in search_results.php in ABK- ...)
	NOT-FOR-US: ABK-Soft AbleDating
CVE-2008-6438 (SQL injection vulnerability in macgurublog_menu/macgurublog.php in the ...)
	NOT-FOR-US: MacGuru BLOG Engine
CVE-2008-6437 (Multiple cross-site scripting (XSS) vulnerabilities in PHPFreeForum 1. ...)
	NOT-FOR-US: PHPFreeForum
CVE-2008-6436 (Cross-site scripting (XSS) vulnerability in the Web Server in Xerox Wo ...)
	NOT-FOR-US: Xerox WorkCentre
CVE-2008-6435 (Multiple cross-site scripting (XSS) vulnerabilities in phpSQLiteCMS 1  ...)
	NOT-FOR-US: phpSQLiteCMS
CVE-2008-6434 (SQL injection vulnerability in index.cfm in Blue River Interactive Gro ...)
	NOT-FOR-US: Blue River Interactive Group Sava CMS
CVE-2008-6433 (Cross-site scripting (XSS) vulnerability in index.cfm in Blue River In ...)
	NOT-FOR-US: Blue River Interactive Group Sava CMS
CVE-2008-6431 (Multiple cross-site scripting (XSS) vulnerabilities in BMForum 5.6 all ...)
	NOT-FOR-US: BMForum
CVE-2008-6430 (SQL injection vulnerability in the MyContent (com_mycontent) component ...)
	NOT-FOR-US: Joomla!
CVE-2008-6429 (SQL injection vulnerability in the PrayerCenter (com_prayercenter) com ...)
	NOT-FOR-US: Joomla!
CVE-2008-6428 (The CGI framework in Kaya 0.4.0 allows remote attackers to inject arbi ...)
	- kaya 0.4.2-1 (low)
	[etch] - kaya <no-dsa> (Minor issue)
	NOTE: the fix checks with a regex for malicious characters in the HTTP header, see CGI.k changes
CVE-2008-6427 (SQL injection vulnerability in index.php in Hivemaker Professional 1.0 ...)
	NOT-FOR-US: Hivemaker Professional
CVE-2008-6425 (SQL injection vulnerability in news.php in ComicShout 2.8 allows remot ...)
	NOT-FOR-US: ComicShout
CVE-2008-6424 (Directory traversal vulnerability in FFFTP 1.96b allows remote FTP ser ...)
	NOT-FOR-US: FFFTP
CVE-2008-6423 (Directory traversal vulnerability in passwiki.php in PassWiki 0.9.16 R ...)
	NOT-FOR-US: PassWiki
CVE-2008-6422 (Multiple SQL injection vulnerabilities in PsychoStats 2.3, 2.3.1, and  ...)
	NOT-FOR-US: PsychoStats
CVE-2008-6421 (PHP remote file inclusion vulnerability in social_game_play.php in Soc ...)
	NOT-FOR-US: Social Site Generator
CVE-2008-6420 (Social Site Generator (SSG) 2.0 allows remote attackers to read arbitr ...)
	NOT-FOR-US: Social Site Generator
CVE-2008-6419 (Multiple SQL injection vulnerabilities in Social Site Generator (SSG)  ...)
	NOT-FOR-US: Social Site Generator
CVE-2008-6418 (SQL injection vulnerability in scrape.php in TorrentTrader before 2008 ...)
	NOT-FOR-US: TorrentTrader
CVE-2008-6417 (Unspecified vulnerability in GreenSQL-Console before 0.3.5 allows atta ...)
	NOT-FOR-US: GreenSQL-Console
CVE-2008-6416 (Multiple cross-site scripting (XSS) vulnerabilities in GreenSQL-Consol ...)
	NOT-FOR-US: GreenSQL-Console
CVE-2008-6415 (Buffer overflow in YoungZSoft CCProxy 6.5 might allow remote attackers ...)
	NOT-FOR-US: CCProxy
CVE-2008-6414 (SQL injection vulnerability in detail.php in AJ Auction Pro Platinum S ...)
	NOT-FOR-US: AJ Auction Pro Platinum
CVE-2008-6413 (Cross-site scripting (XSS) vulnerability in the Answers module 5.x-1.x ...)
	NOT-FOR-US: Answers module for Drupal
CVE-2008-6412 (Unspecified vulnerability in Vignette Content Management 7.3.0.5, 7.3. ...)
	NOT-FOR-US: Vignette Content Management
CVE-2008-6411 (Explay CMS 2.1 and earlier allows remote attackers to bypass authentic ...)
	NOT-FOR-US: Explay CMS
CVE-2008-6410 (Directory traversal vulnerability in show.php in ol'bookmarks manager  ...)
	NOT-FOR-US: ol'bookmarks manager
CVE-2008-6409 (SQL injection vulnerability in index.php in ol'bookmarks manager 0.7.5 ...)
	NOT-FOR-US: ol'bookmarks manager
CVE-2008-6408 (PHP remote file inclusion vulnerability in frame.php in ol'bookmarks m ...)
	NOT-FOR-US: ol'bookmarks manager
CVE-2008-6407 (Directory traversal vulnerability in frame.php in ol'bookmarks manager ...)
	NOT-FOR-US: ol'bookmarks manager
CVE-2008-6406 (Cross-site scripting (XSS) vulnerability in admin.php in DataLife Engi ...)
	NOT-FOR-US: DataLife Engine
CVE-2008-6405 (SQL injection vulnerability in showcategory.php in Hotscripts Clone al ...)
	NOT-FOR-US: Hotscripts Clone
CVE-2008-6404 (Cross-site scripting (XSS) vulnerability in add_calendars.php in eXtro ...)
	NOT-FOR-US: eXtrovert Software Thyme
CVE-2008-6403 (PHP remote file inclusion vulnerability in themes/default/include/html ...)
	NOT-FOR-US: OpenRat
CVE-2008-6402 (PHP remote file inclusion vulnerability in hu/modules/reg-new/modstart ...)
	NOT-FOR-US: Sofi WebGui
CVE-2008-6401 (SQL injection vulnerability in sayfa.php in JETIK-WEB allows remote at ...)
	NOT-FOR-US: JETIK-WEB
CVE-2008-6400 (Cross-site scripting (XSS) vulnerability in refbase before 0.9.5 allow ...)
	NOT-FOR-US: refbase
CVE-2008-6399 (Unspecified vulnerability in DotNetNuke 4.5.2 through 4.9 allows remot ...)
	NOT-FOR-US: DotNetNuke
CVE-2008-6398 (sng_regress in SNG 1.0.2 allows local users to overwrite arbitrary fil ...)
	- sng 1.0.2-6 (bug #496407; unimportant)
CVE-2008-6397 (rlatex in AlcoveBook sgml2x 1.0.0 allows local users to overwrite arbi ...)
	- sgml2x 1.0.0-11.2 (bug #496368; low)
	[etch] - sgml2x <no-dsa> (Minor issue)
CVE-2008-6396 (Cross-site scripting (XSS) vulnerability in account.php in Celerondude ...)
	NOT-FOR-US: Celerondude Uploader
CVE-2008-6395 (The web management interface in 3Com Wireless 8760 Dual Radio 11a/b/g  ...)
	NOT-FOR-US: web management interface in 3Com Wireless
CVE-2008-6394 (SQL injection vulnerability in core/user.php in CS-Cart 1.3.5 and earl ...)
	NOT-FOR-US: CS-Cart
CVE-2008-6393 (PSI Jabber client before 0.12.1 allows remote attackers to cause a den ...)
	{DSA-1741-1}
	- psi 0.12.1-1 (low; bug #518468)
	[etch] - psi <not-affected> (Vulnerable code not present)
CVE-2008-6392 (SQL injection vulnerability in showads.php in Z1Exchange allows remote ...)
	NOT-FOR-US: Z1Exchange
CVE-2008-6391 (SQL injection vulnerability in main.asp in Jbook allows remote attacke ...)
	NOT-FOR-US: Jbook
CVE-2008-6390 (SQL injection vulnerability in login.asp in Ocean12 Membership Manager ...)
	NOT-FOR-US: Ocean12 Membership Manager Pro
CVE-2008-6389 (SQL injection vulnerability in asadmin/default.asp in Rae Media Contac ...)
	NOT-FOR-US: Rae Media Contact Management Software
CVE-2008-6388 (Rapid Classified 3.1 and 3.15 stores sensitive information under the w ...)
	NOT-FOR-US: Rapid Classified
CVE-2008-6387 (Quick Tree View .NET 3.1 stores sensitive information under the web ro ...)
	NOT-FOR-US: Quick Tree View .NET
CVE-2008-6386 (Cross-site scripting (XSS) vulnerability in showads.php in Z1Exchange  ...)
	NOT-FOR-US: Z1Exchange
CVE-2008-6385 (Cross-site scripting (XSS) vulnerability in index.php in W3matter RevS ...)
	NOT-FOR-US: W3matter RevSense
CVE-2008-6384 (Multiple cross-site request forgery (CSRF) vulnerabilities in Comment  ...)
	NOT-FOR-US: Comment Mail
CVE-2008-6383 (SQL injection vulnerability in SpeedTech Organization and Resource Man ...)
	NOT-FOR-US: SpeedTech Organization and Resource Manager
CVE-2008-6382 (ASP Portal 3.2.5 stores sensitive information under the web root with  ...)
	NOT-FOR-US: ASP Portal
CVE-2008-6381 (SQL injection vulnerability in modules/adresses/viewcat.php in bcoos 1 ...)
	NOT-FOR-US: bcoos
CVE-2008-6380 (SQL injection vulnerability in default.aspx in Active Web Helpdesk 2.0 ...)
	NOT-FOR-US: Active Web Helpdesk
CVE-2008-6379 (SQL injection vulnerability in pics_pre.asp in Gallery MX 2.0.0 allows ...)
	NOT-FOR-US: Gallery MX
CVE-2008-6378 (SQL injection vulnerability in calendar_Eventupdate.asp in Calendar Mx ...)
	NOT-FOR-US: Calendar Mx Professional
CVE-2008-6377 (PHP remote file inclusion vulnerability in include/global.php in Multi ...)
	NOT-FOR-US: Multi SEO phpBB
CVE-2008-6376 (SQL injection vulnerability in main.asp in Jbook allows remote attacke ...)
	NOT-FOR-US: Jbook
CVE-2008-6375 (JBook stores sensitive information under the web root with insufficien ...)
	NOT-FOR-US: JBook
CVE-2008-6374 (CodefixerSoftware MailingListPro Free Edition stores sensitive informa ...)
	NOT-FOR-US: MailingListPro Free Edition
CVE-2008-6373 (Unspecified vulnerability in Nagios before 3.0.6 has unspecified impac ...)
	- nagios3 3.0.6-3
	[etch] - nagios2 <no-dsa> (Related to CVE-2008-5028, which has minimal attack vector)
CVE-2008-6372 (SQL injection vulnerability in default.asp in Ocean12 FAQ Manager Pro  ...)
	NOT-FOR-US: Ocean12 FAQ Manager Pro
CVE-2008-6371 (SQL injection vulnerability in login.asp in Ocean12 Membership Manager ...)
	NOT-FOR-US: Ocean12 Membership Manager Pro
CVE-2008-6370 (Cross-site scripting (XSS) vulnerability in default.asp in Ocean12 Con ...)
	NOT-FOR-US: Ocean12 Contact Manager Pro
CVE-2008-6369 (SQL injection vulnerability in default.asp in Ocean12 Contact Manager  ...)
	NOT-FOR-US: Ocean12 Contact Manager Pro
CVE-2008-6368 (SQL injection vulnerability in index.php in Chipmunk Guestbook 1.4m al ...)
	NOT-FOR-US: Chipmunk Guestbook
CVE-2008-6367 (Unrestricted file upload vulnerability in Photos/create_album.php in S ...)
	NOT-FOR-US: Social Groupie
CVE-2008-6366 (SQL injection vulnerability in logon.jsp in Ad Server Solutions Affili ...)
	NOT-FOR-US: Ad Server Solutions Affiliate Software Java
CVE-2008-6365 (SQL injection vulnerability in logon.jsp in Ad Server Solutions Ad Man ...)
	NOT-FOR-US: Ad Server Solutions Ad Management Software Java
CVE-2008-6364 (SQL injection vulnerability in logon_process.jsp in Ad Server Solution ...)
	NOT-FOR-US: Ad Server Solutions Banner Exchange Solution Java
CVE-2008-6363 (Stack-based buffer overflow in DesignWorks Professional 4.3.1 and 5.0. ...)
	NOT-FOR-US: DesignWorks Professional
CVE-2008-6362 (SQL injection vulnerability in sitepage.php in Multiple Membership Scr ...)
	NOT-FOR-US: Multiple Membership Script
CVE-2008-6361 (Directory traversal vulnerability in index.php in InSun Feed CMS 1.7.3 ...)
	NOT-FOR-US: InSun Feed CMS
CVE-2008-6360 (Cross-site scripting (XSS) vulnerability in the userranks feature in m ...)
	NOT-FOR-US: ImpressCMS
CVE-2008-6359 (Cross-site scripting (XSS) vulnerability in index.php in Max's Guestbo ...)
	NOT-FOR-US: Max's Guestbook
CVE-2008-6358 (SQL injection vulnerability in group_index.php in Social Groupie allow ...)
	NOT-FOR-US: Social Groupie
CVE-2008-6357 (MyCal Personal Events Calendar stores sensitive information under the  ...)
	NOT-FOR-US: MyCal Personal Events Calendar
CVE-2008-6356 (evCal Events Calendar stores sensitive information under the web root  ...)
	NOT-FOR-US: evCal Events Calendar
CVE-2008-6355 (The Net Guys ASPired2Protect stores sensitive information under the we ...)
	NOT-FOR-US: ASPired2poll
CVE-2008-6354 (The Net Guys ASPired2poll stores sensitive information under the web r ...)
	NOT-FOR-US: ASPired2poll
CVE-2008-6353 (SQL injection vulnerability in index.asp in ASP-CMS 1.0 allows remote  ...)
	NOT-FOR-US: ASP-CMS
CVE-2008-6352 (SQL injection vulnerability in home.html in Xpoze Pro 4.10 allows remo ...)
	NOT-FOR-US: Xpoze Pro
CVE-2008-6351 (Cross-site scripting (XSS) vulnerability in listtest.php in TurnkeyFor ...)
	NOT-FOR-US: TurnkeyForms Local Classifieds
CVE-2008-6350 (SQL injection vulnerability in listtest.php in TurnkeyForms Local Clas ...)
	NOT-FOR-US: TurnkeyForms Local Classifieds
CVE-2008-6349 (SQL injection vulnerability in survey_results_text.php in TurnkeyForms ...)
	NOT-FOR-US: TurnkeyForms Business Survey Pro
CVE-2008-6348 (Multiple SQL injection vulnerabilities in DevelopItEasy Photo Gallery  ...)
	NOT-FOR-US: DevelopItEasy Photo Gallery
CVE-2008-6347 (PHP remote file inclusion vulnerability in lib/onguma.class.php in the ...)
	NOT-FOR-US: Onguma Time Sheet component for Joomla!
CVE-2008-6346 (Cross-site scripting (XSS) vulnerability in the DR Wiki (dr_wiki) exte ...)
	NOT-FOR-US: DR Wiki extension for TYPO3
CVE-2008-6345 (SQL injection vulnerability in Forum.php in SolarCMS 0.53.8 and 1.0 al ...)
	NOT-FOR-US: SolarCMS
CVE-2008-6344 (SQL injection vulnerability in the TU-Clausthal Staff (tuc_staff) 0.3. ...)
	NOT-FOR-US: TU-Clausthal Staff extension for TYPO3
CVE-2008-6343 (Cross-site scripting (XSS) vulnerability in the TU-Clausthal ODIN (tuc ...)
	NOT-FOR-US: TU-Clausthal ODIN extension for TYPO3
CVE-2008-6342 (Unspecified vulnerability in the TYPO3 Simple File Browser (simplefile ...)
	NOT-FOR-US: Simple File Browser extension for TYPO3
CVE-2008-6341 (Cross-site scripting (XSS) vulnerability in the SB Universal Plugin (S ...)
	NOT-FOR-US: SB Universal Plugin extension for TYPO3
CVE-2008-6340 (Cross-site scripting (XSS) vulnerability in the Vox populi (mv_vox_pop ...)
	NOT-FOR-US: Vox populi extension for TYPO3
CVE-2008-6338 (SQL injection vulnerability in the WEBERkommunal Facilities (wes_facil ...)
	NOT-FOR-US: WEBERkommunal Facilities extension for TYPO3
CVE-2008-6337 (SQL injection vulnerability in the Volunteer Management System (com_vo ...)
	NOT-FOR-US: Volunteer Management System module for Joomla!
CVE-2008-6336 (Directory traversal vulnerability in download.php in Text Lines Rearra ...)
	NOT-FOR-US: Text Lines Rearrange Script
CVE-2008-6335 (Directory traversal vulnerability in download.php in eMetrix Online Ke ...)
	NOT-FOR-US: eMetrix Online Keyword Research Tool
CVE-2008-6334 (Directory traversal vulnerability in download.php in eMetrix Extract W ...)
	NOT-FOR-US: eMetrix Extract Website
CVE-2008-6333 (SQL injection vulnerability in news.php in RSS Simple News (RSSSN), wh ...)
	NOT-FOR-US: RSS Simple News
CVE-2008-6332 (SQL injection vulnerability in login.php in Simple Customer 1.2 allows ...)
	NOT-FOR-US: Simple Customer
CVE-2008-6331 (Multiple cross-site request forgery (CSRF) vulnerabilities in Streber  ...)
	NOT-FOR-US: Streber
CVE-2008-6330 (SQL injection vulnerability in index.php in MyTopix 1.3.0 and earlier  ...)
	NOT-FOR-US: MyTopix
CVE-2008-6329 (SQL injection vulnerability in Employee/login.asp in Pre ASP Job Board ...)
	NOT-FOR-US: Pre ASP Job Board
CVE-2008-6328 (SQL injection vulnerability in view.php in Butterfly Organizer 2.0.0 a ...)
	NOT-FOR-US: Butterfly Organizer
CVE-2008-6327 (SQL injection vulnerability in index.php in ProQuiz 1.0 allows remote  ...)
	NOT-FOR-US: ProQuiz
CVE-2008-6326 (SQL injection vulnerability in login.php in Simple Customer as downloa ...)
	NOT-FOR-US: Simple Customer
CVE-2008-6325 (Multiple cross-site scripting (XSS) vulnerabilities in Softbiz Classif ...)
	NOT-FOR-US: Softbiz Classifieds Script
CVE-2008-6324 (SQL injection vulnerability in forummessages.cfm in CF_Forum allows re ...)
	NOT-FOR-US: CF_Forum
CVE-2008-6323 (SQL injection vulnerability in forummessages.cfm in CFMSource CF_Aucti ...)
	NOT-FOR-US: CFMSource CF_Auction
CVE-2008-6322 (SQL injection vulnerability in index.cfm in CFMSource CFMBlog allows r ...)
	NOT-FOR-US: CFMSource CFMBlog
CVE-2008-6321 (CF Shopkart 5.2.2 stores cfshopkart52.mdb under the web root with insu ...)
	NOT-FOR-US: CF Shopkart
CVE-2008-6320 (SQL injection vulnerability in index.cfm in CF Shopkart 5.2.2 allows r ...)
	NOT-FOR-US: CF Shopkart
CVE-2008-6319 (SQL injection vulnerability in calendarevent.cfm in CF_Calendar allows ...)
	NOT-FOR-US: CF_Calendar
CVE-2008-6318 (PHP remote file inclusion vulnerability in _conf/_php-core/common-tpl- ...)
	NOT-FOR-US: PHPmyGallery
CVE-2008-6317 (Directory traversal vulnerability in _conf/_php-core/common-tpl-vars.p ...)
	NOT-FOR-US: PHPmyGallery
CVE-2008-6316 (Directory traversal vulnerability in _conf/core/common-tpl-vars.php in ...)
	NOT-FOR-US: PHPmyGallery
CVE-2008-6315 (PHP remote file inclusion vulnerability in _conf/core/common-tpl-vars. ...)
	NOT-FOR-US: PHPmyGallery
CVE-2008-6314 (SQL injection vulnerability in tag_board.php in the Tag Board module 4 ...)
	NOT-FOR-US: Tag Board module
CVE-2008-6313 (Directory traversal vulnerability in addedit-render.php in phpAddEdit  ...)
	NOT-FOR-US: phpAddEdit
CVE-2008-6312 (SQL injection vulnerability in index.php in ProQuiz 1.0 allows remote  ...)
	NOT-FOR-US: ProQuiz
CVE-2008-6311 (SQL injection vulnerability in view.php in Butterfly Organizer 2.0.1 a ...)
	NOT-FOR-US: Butterfly Organizer
CVE-2008-6310 (SQL injection vulnerability in index.php in W3matter RevSense 1.0 allo ...)
	NOT-FOR-US: W3matter RevSense
CVE-2008-6309 (SQL injection vulnerability in index.php in W3matter AskPert allows re ...)
	NOT-FOR-US: W3matter AskPert
CVE-2008-6308 (Multiple directory traversal vulnerabilities in Private Messaging Syst ...)
	NOT-FOR-US: Private Messaging System
CVE-2008-6307 (E-topbiz Link Back Checker 1 allows remote attackers to bypass authent ...)
	NOT-FOR-US: E-topbiz Link Back Checker
CVE-2008-6306 (Cross-site scripting (XSS) vulnerability in signinform.php in Softbiz  ...)
	NOT-FOR-US: Softbiz Classifieds Script
CVE-2008-6305 (PHP remote file inclusion vulnerability in init.php in Free Directory  ...)
	NOT-FOR-US: Free Directory Script
CVE-2008-6304 (SQL injection vulnerability in xt:Commerce before 3.0.4 Sp2.1, when ma ...)
	NOT-FOR-US: xt:Commerce
CVE-2008-6303 (SQL injection vulnerability in tourview.php in ToursManager allows rem ...)
	NOT-FOR-US: ToursManager
CVE-2008-6302 (TurnkeyForms Local Classifieds allows remote attackers to bypass authe ...)
	NOT-FOR-US: TurnkeyForms Local Classifieds
CVE-2008-6301 (SQL injection vulnerability in shoutbox_view.php in the Small ShoutBox ...)
	NOT-FOR-US: Small ShoutBox module
CVE-2008-6300 (Galatolo WebManager 1.3a allows remote attackers to bypass authenticat ...)
	NOT-FOR-US: Galatolo WebManager
CVE-2008-6299 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5.7 a ...)
	NOT-FOR-US: Joomla!
CVE-2008-6298 (Unspecified vulnerability in sISAPILocation before 1.0.2.2 allows remo ...)
	NOT-FOR-US: sISAPILocation
CVE-2008-6297 (Cross-site scripting (XSS) vulnerability in order.php in DHCart allows ...)
	NOT-FOR-US: DHCart
CVE-2008-6296 (admin.php in Maran PHP Shop allows remote attackers to bypass authenti ...)
	NOT-FOR-US: Maran PHP Shop
CVE-2008-6295 (Multiple cross-site scripting (XSS) vulnerabilities in Camera Life 2.6 ...)
	NOT-FOR-US: Camera Life
CVE-2008-6294 (admin/Index.php in Acc Statistics 1.1 allows remote attackers to bypas ...)
	NOT-FOR-US: Acc Statistics
CVE-2008-6293 (admin/Index.php in Acc Real Estate 4.0 allows remote attackers to bypa ...)
	NOT-FOR-US: Acc Real Estate
CVE-2008-6292 (Acc Autos 4.0 allows remote attackers to bypass authentication and gai ...)
	NOT-FOR-US: Acc Autos
CVE-2008-6291 (Acc PHP eMail 1.1 allows remote attackers to bypass authentication and ...)
	NOT-FOR-US: Acc PHP eMail
CVE-2008-6290 (Directory traversal vulnerability in includefile.php in nicLOR Sito, w ...)
	NOT-FOR-US: nicLOR Sito
CVE-2008-6289 (SQL injection vulnerability in cityview.php in Tours Manager 1.0 allow ...)
	NOT-FOR-US: Tours Manager
CVE-2008-6288 (Directory traversal vulnerability in download.php in Interface Medien  ...)
	NOT-FOR-US: Interface Medien ibase
CVE-2008-6287 (Multiple PHP remote file inclusion vulnerabilities in Broadcast Machin ...)
	NOT-FOR-US: Broadcast Machine
CVE-2008-6286 (Multiple SQL injection vulnerabilities in SubscriberStart.asp in Activ ...)
	NOT-FOR-US: Active Newsletter
CVE-2008-6285 (SQL injection vulnerability in index.php in PHP TV Portal 2.0 and earl ...)
	NOT-FOR-US: PHP TV Portal
CVE-2008-6284 (SQL injection vulnerability in edit.php in Z1Exchange 1.0 allows remot ...)
	NOT-FOR-US: Z1Exchange
CVE-2008-6283 (Cross-site scripting (XSS) vulnerability in Subtext 2.0 allows remote  ...)
	NOT-FOR-US: Subtext
CVE-2008-6282 (SQL injection vulnerability in engine/users/users_edit_pub.inc in CMS  ...)
	NOT-FOR-US: CMS Ortus
CVE-2008-6281 (SQL injection vulnerability in index.php in Bluo CMS 1.2 allows remote ...)
	NOT-FOR-US: Bluo CMS
CVE-2008-6280 (Cross-site scripting (XSS) vulnerability in apply.cgi on the Linksys W ...)
	NOT-FOR-US: Linksys WRT160N
CVE-2008-6279 (RakhiSoftware Price Comparison Script (aka Shopping Cart) allows remot ...)
	NOT-FOR-US: RakhiSoftware Price Comparison Script
CVE-2008-6278 (Multiple cross-site scripting (XSS) vulnerabilities in product.php in  ...)
	NOT-FOR-US: RakhiSoftware Price Comparison Script
CVE-2008-6277 (SQL injection vulnerability in product.php in RakhiSoftware Price Comp ...)
	NOT-FOR-US: RakhiSoftware Price Comparison Script
CVE-2008-6276 (Multiple SQL injection vulnerabilities in the User Karma module 5.x be ...)
	NOT-FOR-US: User Karma module for Drupal
CVE-2008-6275 (Cross-site scripting (XSS) vulnerability in the User Karma module 5.x  ...)
	NOT-FOR-US: User Karma module for Drupal
CVE-2008-6274 (Multiple SQL injection vulnerabilities in index.php in FamilyProject 2 ...)
	NOT-FOR-US: FamilyProject
CVE-2008-6273 (Directory traversal vulnerability in configuration_script.php in MyKto ...)
	NOT-FOR-US: MyKtools
CVE-2008-6272 (SQL injection vulnerability in admin/index.php in Dragan Mitic Apoll 0 ...)
	NOT-FOR-US: Dragan Mitic Apoll
CVE-2008-6271 (Directory traversal vulnerability in index.php in TBmnetCMS 1.0, when  ...)
	NOT-FOR-US: TBmnetCMS
CVE-2008-6270 (SQL injection vulnerability in admin/index.php in Dragan Mitic Apoll 0 ...)
	NOT-FOR-US: Dragan Mitic Apoll
CVE-2008-6269 (Joovili 3.1.4 allows remote attackers to bypass authentication and gai ...)
	NOT-FOR-US: Joovili
CVE-2008-6268 (SQL injection vulnerability in detail.php in WEBBDOMAIN Multi Language ...)
	NOT-FOR-US: Multi Languages WebShop Online
CVE-2008-6267 (Cross-site scripting (XSS) vulnerability in detail.php in Multi Langua ...)
	NOT-FOR-US: Multi Languages WebShop Online
CVE-2008-6266 (SQL injection vulnerability in links.php in Appalachian State Universi ...)
	NOT-FOR-US: phpWebSite
CVE-2008-6265 (Directory traversal vulnerability in portfolio/css.php in Cyberfolio 7 ...)
	NOT-FOR-US: Cyberfolio
CVE-2008-6264 (SQL injection vulnerability in admin/admin.php in E-topbiz Slide Popup ...)
	NOT-FOR-US: E-topbiz Slide Popups
CVE-2008-6263 (SQL injection vulnerability in lib/user/t_user.php in SaturnCMS allows ...)
	NOT-FOR-US: SaturnCMS
CVE-2008-6262 (SQL injection vulnerability in lib/url/meta_url.php in SaturnCMS allow ...)
	NOT-FOR-US: SaturnCMS
CVE-2008-6261 (SQL injection vulnerability in view.php in E-topbiz AdManager 4 allows ...)
	NOT-FOR-US: E-topbiz AdManager
CVE-2008-6260 (SQL injection vulnerability in index.php in Ultrastats 0.2.144 and 0.3 ...)
	NOT-FOR-US: Ultrastats
CVE-2008-6259 (Cross-site scripting (XSS) vulnerability in search.asp in QuadComm Q-S ...)
	NOT-FOR-US: QuadComm Q-Shop
CVE-2008-6258 (SQL injection vulnerability in users.asp in QuadComm Q-Shop 3.0, and p ...)
	NOT-FOR-US: QuadComm Q-Shop
CVE-2008-6257 (SQL injection vulnerability in default.asp in Openasp 3.0 and earlier  ...)
	NOT-FOR-US: Openasp
CVE-2008-6256 (SQL injection vulnerability in admincp/admincalendar.php in vBulletin  ...)
	NOT-FOR-US: vBulletin
CVE-2008-6255 (Multiple SQL injection vulnerabilities in vBulletin 3.7.4 allow remote ...)
	NOT-FOR-US: vBulletin
CVE-2008-6254 (SQL injection vulnerability in scripts/documents.php in Jadu Galaxies  ...)
	NOT-FOR-US: Jadu Galaxies
CVE-2008-6253 (Directory traversal vulnerability in data/inc/lib/pcltar.lib.php in Pl ...)
	NOT-FOR-US: Pluck CMS
CVE-2008-6252 (Stack-based buffer overflow in the smc program in smcFanControl 2.1.2  ...)
	NOT-FOR-US: smcFanControl
CVE-2008-6251 (PHP remote file inclusion vulnerability in includes/init.php in phpFan ...)
	NOT-FOR-US: phpFan
CVE-2008-6250 (SQL injection vulnerability in Comdev Web Blogger 4.1.3 and earlier al ...)
	NOT-FOR-US: Comdev Web Blogger
CVE-2008-6249 (SQL injection vulnerability in plugins/users/index.php in Galatolo Web ...)
	NOT-FOR-US: Galatolo WebManager
CVE-2008-6248 (Cross-site scripting (XSS) vulnerability in all.php in Galatolo WebMan ...)
	NOT-FOR-US: Galatolo WebManager
CVE-2008-6247 (SQL injection vulnerability in topsite.php in Scripts For Sites (SFS)  ...)
	NOT-FOR-US: Scripts For Sites
CVE-2008-6246 (SQL injection vulnerability in category.php in Scripts For Sites (SFS) ...)
	NOT-FOR-US: Scripts For Sites
CVE-2008-6245 (SQL injection vulnerability in track.php in Scripts For Sites (SFS) EZ ...)
	NOT-FOR-US: Scripts For Sites
CVE-2008-6244 (SQL injection vulnerability in view_reviews.php in Scripts for Sites ( ...)
	NOT-FOR-US: Scripts For Sites
CVE-2008-6243 (SQL injection vulnerability in showcategory.php in Scripts For Sites ( ...)
	NOT-FOR-US: Scripts For Sites
CVE-2008-6242 (SQL injection vulnerability in SearchResults.php in Scripts For Sites  ...)
	NOT-FOR-US: Scripts For Sites
CVE-2008-6241 (Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexP ...)
	NOT-FOR-US: FlexPHPSite
CVE-2008-6240 (Cross-site scripting (XSS) vulnerability in data/views/index.html in O ...)
	NOT-FOR-US: OpenEdit Digital Asset Management
CVE-2008-6239 (Cross-site request forgery (CSRF) vulnerability in OpenEdit Digital As ...)
	NOT-FOR-US: OpenEdit Digital Asset Management
CVE-2008-6238 (Cross-site scripting (XSS) vulnerability in archive/savedqueries/saveq ...)
	NOT-FOR-US: OpenEdit Digital Asset Management
CVE-2008-6237 (SQL injection vulnerability in software-description.php in Scripts For ...)
	NOT-FOR-US: Scripts For Sites
CVE-2008-6236 (SQL injection vulnerability in login.php in Simple Document Management ...)
	NOT-FOR-US: Simple Document Management System
CVE-2008-6235 (The Netrw plugin (netrw.vim) in Vim 7.0 and 7.1 allows user-assisted a ...)
	- vim 2:7.2.148-1 (low)
	[lenny] - vim <not-affected> (proof-of-concept does not work)
	[etch] - vim <no-dsa> (Minor issue)
CVE-2008-6234 (SQL injection vulnerability in the com_musica module in Joomla! and Ma ...)
	NOT-FOR-US: Joomla!
CVE-2008-6233 (SQL injection vulnerability in index.php in Five Dollar Scripts Drinks ...)
	NOT-FOR-US: Five Dollar Scripts Drinks script
CVE-2008-6232 (Pre Shopping Mall allows remote attackers to bypass authentication and ...)
	NOT-FOR-US: Pre Shopping Mall
CVE-2008-6231 (Pre Classified Listing PHP allows remote attackers to bypass authentic ...)
	NOT-FOR-US: Pre Classified Listing PHP
CVE-2008-6230 (SQL injection vulnerability in Tour.php in Pre Projects Pre Podcast Po ...)
	NOT-FOR-US: Pre Projects Pre Podcast Portal
CVE-2008-6229 (Cross-site scripting (XSS) vulnerability in the administrative interfa ...)
	NOT-FOR-US: CCK module for Drupal
CVE-2008-6228 (Pre Multi-Vendor Shopping Malls allows remote attackers to bypass auth ...)
	NOT-FOR-US: Pre Multi-Vendor Shopping Malls
CVE-2008-6227 (SQL injection vulnerability in buyer_detail.php in Pre Multi-Vendor Sh ...)
	NOT-FOR-US: Pre Multi-Vendor Shopping Malls
CVE-2008-6226 (SQL injection vulnerability in moreinfo.php in Pre Projects PHP Auto L ...)
	NOT-FOR-US: Pre Projects PHP Auto Listings Script
CVE-2008-6225
	NOT-FOR-US: Mole Group Airline Ticket Sale Script
CVE-2008-6224 (Directory traversal vulnerability in visualizza.php in Way Of The Warr ...)
	NOT-FOR-US: Way Of The Warrior
CVE-2008-6223 (PHP remote file inclusion vulnerability in visualizza.php in Way Of Th ...)
	NOT-FOR-US: Way Of The Warrior
CVE-2008-6222 (Directory traversal vulnerability in the Pro Desk Support Center (com_ ...)
	NOT-FOR-US: Joomla!
CVE-2008-6221 (PHP remote file inclusion vulnerability in config.dadamail.php in the  ...)
	NOT-FOR-US: Joomla!
CVE-2008-6220 (SQL injection vulnerability in login.php in Simple Document Management ...)
	NOT-FOR-US: Simple Document Management System
CVE-2008-6219 (nsrexecd.exe in multiple EMC Networker products including EMC NetWorke ...)
	NOT-FOR-US: EMC Networker products
CVE-2008-6218 (Memory leak in the png_handle_tEXt function in pngrutil.c in libpng be ...)
	{DSA-1750-1}
	- libpng 1.2.33-1
CVE-2008-6217 (Cross-site scripting (XSS) vulnerability in index.php in Extrakt Frame ...)
	NOT-FOR-US: Extrakt Framework
CVE-2008-6216 (SQL injection vulnerability in cadena_ofertas_ext.php in Venalsur Book ...)
	NOT-FOR-US: Venalsur Booking center Booking System
CVE-2008-6215 (Cross-site scripting (XSS) vulnerability in cadena_ofertas_ext.php in  ...)
	NOT-FOR-US: Venalsur Booking center Booking System
CVE-2008-6214 (SQL injection vulnerability in poll_results.php in Harlandscripts Pro  ...)
	NOT-FOR-US: Harlandscripts Pro Traffic One
CVE-2008-6213 (SQL injection vulnerability in mypage.php in Harlandscripts Pro Traffi ...)
	NOT-FOR-US: Harlandscripts Pro Traffic One
CVE-2008-6212 (Cross-site scripting (XSS) vulnerability in admin.php in Php-Stats 0.1 ...)
	NOT-FOR-US: Php-Stats
CVE-2008-6211 (Multiple cross-site scripting (XSS) vulnerabilities in PhpForums.net m ...)
	NOT-FOR-US: PhpForums.net mcGallery
CVE-2008-6210 (SQL injection vulnerability in index.php in dream4 Koobi 4.4 and 5.4 a ...)
	NOT-FOR-US: dream4 Koobi
CVE-2008-6209 (SQL injection vulnerability in view_product.php in Vastal I-Tech Softw ...)
	NOT-FOR-US: Vastal I-Tech Software Zone
CVE-2008-6208 (Cross-site scripting (XSS) vulnerability in submitnews.php in e107 CMS ...)
	NOT-FOR-US: e107 CMS
CVE-2008-6207 (Unrestricted file upload vulnerability in form_upload.php in PHPG Uplo ...)
	NOT-FOR-US: PHPG Upload
CVE-2008-6206 (Multiple PHP remote file inclusion vulnerabilities in RobotStats 0.1 a ...)
	NOT-FOR-US: RobotStats
CVE-2008-6205 (Cross-site scripting (XSS) vulnerability in seeurl.php in Xavier Flaha ...)
	NOT-FOR-US: Xavier Flahaut URLStreet
CVE-2008-6204 (Multiple SQL injection vulnerabilities in SuperNET Shop 1.0 and earlie ...)
	NOT-FOR-US: SuperNET Shop
CVE-2008-6203 (SQL injection vulnerability in adminler.asp in CoBaLT 2.0 allows remot ...)
	NOT-FOR-US: CoBaLT
CVE-2008-6202 (SQL injection vulnerability in CoBaLT 1.0 allows remote attackers to e ...)
	NOT-FOR-US: CoBaLT
CVE-2008-6201 (Directory traversal vulnerability in help.php in the eskuel module in  ...)
	NOT-FOR-US: KwsPHP
CVE-2008-6200 (Multiple cross-site scripting (XSS) vulnerabilities in Swiki 1.5 allow ...)
	NOT-FOR-US: Swiki
CVE-2008-6199 (2532designs 2532|Gigs 1.2.2 and earlier allows remote attackers to tri ...)
	NOT-FOR-US: 2532designs 2532|Gigs
CVE-2008-6198 (SQL injection vulnerability in pages.php in Custom Pages 1.0 plugin fo ...)
	NOT-FOR-US: Custom Pages 1.0 plugin for MyBulletinBoard
CVE-2008-6197 (SQL injection vulnerability in index.php in the galerie module for Kws ...)
	NOT-FOR-US: KwsPHP
CVE-2008-6196 (Multiple PHP remote file inclusion vulnerabilities in Philippe CROCHAT ...)
	NOT-FOR-US: Philippe CROCHAT EasySite
CVE-2008-6195 (Directory traversal vulnerability in the PXE TFTP Service (PXEMTFTP.ex ...)
	NOT-FOR-US: LANDesk Management Suite
CVE-2008-6194 (Memory leak in the DNS server in Microsoft Windows allows remote attac ...)
	NOT-FOR-US: Microsoft Windows
CVE-2008-6193 (Sam Crew MyBlog stores passwords in cleartext in a MySQL database, whi ...)
	NOT-FOR-US: Sam Crew MyBlog
CVE-2008-6192 (Multiple cross-site scripting (XSS) vulnerabilities in unspecified Por ...)
	NOT-FOR-US: Sun Java System Portal Server
CVE-2008-6191 (Conductor.exe in Intrinsic Swimage Encore before 5.0.1.21 contains a h ...)
	NOT-FOR-US: Intrinsic Swimage Encore
CVE-2008-6190 (Cross-site scripting (XSS) vulnerability in index.php in EEBCMS 0.95 a ...)
	NOT-FOR-US: EEBCMS
CVE-2008-6189 (SQL injection vulnerability in GForge 4.5.19 allows remote attackers t ...)
	{DSA-1698-1}
	- gforge 4.7~rc2-5
CVE-2008-6188 (SQL injection vulnerability in people/editprofile.php in Gforge 4.6 rc ...)
	{DSA-1698-1}
	- gforge 4.7~rc2-5
CVE-2008-6187 (SQL injection vulnerability in frs/shownotes.php in Gforge 4.5.19 and  ...)
	{DSA-1698-1}
	- gforge 4.7~rc2-5
CVE-2008-6186 (Stack-based buffer overflow in RaidenFTPD 2.4 build 3620 allows remote ...)
	NOT-FOR-US: RaidenFTPD
CVE-2008-6185 (NoticeWare Email Server NG 5.1.2.2 allows remote attackers to cause a  ...)
	NOT-FOR-US: NoticeWare Email Server NG
CVE-2008-6184 (SQL injection vulnerability in the OwnBiblio (com_ownbiblio) component ...)
	NOT-FOR-US: Joomla!
CVE-2008-6183 (Multiple directory traversal vulnerabilities in index.php in My PHP In ...)
	NOT-FOR-US: My PHP Indexer
CVE-2008-6182 (SQL injection vulnerability in the Ignite Gallery (com_ignitegallery)  ...)
	NOT-FOR-US: Joomla!
CVE-2008-6181 (SQL injection vulnerability in the Mad4Joomla Mailforms (com_mad4jooml ...)
	NOT-FOR-US: Joomla!
CVE-2008-6180 (SQL injection vulnerability in system/nlb_user.class.php in NewLife Bl ...)
	NOT-FOR-US: NewLife Blogger
CVE-2008-6179 (SQL injection vulnerability in sug_cat.php in IndexScript 3.0 allows r ...)
	NOT-FOR-US: IndexScript
CVE-2008-6178 (Unrestricted file upload vulnerability in editor/filemanager/browser/d ...)
	NOTE: Alleged exploit does not work.
CVE-2008-6177 (Multiple directory traversal vulnerabilities in LightBlog 9.8, when ma ...)
	NOT-FOR-US: LightBlog
CVE-2008-6176
	REJECTED
CVE-2008-6175 (SilverSHielD 1.0.2.34 allows remote attackers to cause a denial of ser ...)
	NOT-FOR-US: SilverSHielD
CVE-2008-6174 (Cross-site scripting (XSS) vulnerability in admin/postlister/index.php ...)
	NOT-FOR-US: Jetbox CMS
CVE-2008-6173 (Cross-site scripting (XSS) vulnerability in fullscreen.php in ClipShar ...)
	NOT-FOR-US: ClipShare Pro
CVE-2008-6172 (Directory traversal vulnerability in captcha/captcha_image.php in the  ...)
	NOT-FOR-US: Joomla!
CVE-2008-6171 (includes/bootstrap.inc in Drupal 5.x before 5.12 and 6.x before 6.6, w ...)
	- drupal5 5.12-1 (low; bug #519114)
	- drupal6 6.6-1 (low; bug #519115)
CVE-2008-6170 (Cross-site scripting (XSS) vulnerability in Drupal 5.x before 5.12 and ...)
	- drupal6 6.9-1 (low)
	[lenny] - drupal6 6.6-1.1
CVE-2008-6169 (Cross-site request forgery (CSRF) vulnerability in the Localization cl ...)
	NOT-FOR-US: Localization modules for Drupal
CVE-2008-6168 (Cross-site scripting (XSS) vulnerability in search.php in miniPortail  ...)
	NOT-FOR-US: miniPortail
CVE-2008-6167 (Directory traversal vulnerability in search.php in miniPortail 2.2 and ...)
	NOT-FOR-US: miniPortail
CVE-2008-6166 (SQL injection vulnerability in the KBase (com_kbase) 1.2 component for ...)
	NOT-FOR-US: Joomla!
CVE-2008-6165 (SQL injection vulnerability in gestion.php in CSPartner 0.1, when magi ...)
	NOT-FOR-US: CSPartner
CVE-2008-6164 (Cross-site scripting (XSS) vulnerability in index.php in DreamCost Hos ...)
	NOT-FOR-US: DreamCost HostAdmin
CVE-2008-6163 (SQL injection vulnerability in www/delivery/ac.php in OpenX 2.6.1 allo ...)
	- openx <itp> (bug #513771)
CVE-2008-6162 (Bux.to Clone script allows remote attackers to bypass authentication a ...)
	NOT-FOR-US: Bux.to Clone script
CVE-2008-6161 (Cross-site scripting (XSS) vulnerability in WOW Raid Manager (WRM) bef ...)
	NOT-FOR-US: WOW Raid Manager
CVE-2008-6160 (Semantically-Interconnected Online Communities (SIOC) 5.x before 5.x-1 ...)
	NOT-FOR-US: Semantically-Interconnected Online Communities
CVE-2008-6159 (Content Management Made Easy (CMME) 1.19 allows remote attackers to ob ...)
	NOT-FOR-US: Content Management Made Easy
CVE-2008-6158 (Multiple unspecified vulnerabilities in the admin backend in w3b&gt;cm ...)
	NOT-FOR-US: w3blabor CMS
CVE-2008-6157 (SepCity Classified Ads stores the admin password in cleartext in data/ ...)
	NOT-FOR-US: SepCity Classified Ads
CVE-2008-6156 (SQL injection vulnerability in editCampaign.php in AdMan 1.1.20070907  ...)
	NOT-FOR-US: AdMan
CVE-2008-6155 (SQL injection vulnerability in index.php in Hispah Text Links Ads 1.1  ...)
	NOT-FOR-US: Hispah Text Links Ads
CVE-2008-6154 (SQL injection vulnerability in index.php in Hispah Text Links Ads 1.1  ...)
	NOT-FOR-US: Hispah Text Links Ads
CVE-2008-6153 (SQL injection vulnerability in Photo.asp in Jay Patel Pixel8 Web Photo ...)
	NOT-FOR-US: Jay Patel Pixel8 Web Photo
CVE-2008-6152 (SQL injection vulnerability in deptdisplay.asp in SepCity Faculty Port ...)
	NOT-FOR-US: SepCity Faculty Portal
CVE-2008-6151 (SQL injection vulnerability in shpdetails.asp in SepCity Shopping Mall ...)
	NOT-FOR-US: SepCity Faculty Portal
CVE-2008-6150 (SQL injection vulnerability in classdis.asp in SepCity Classified Ads  ...)
	NOT-FOR-US: SepCity Faculty Portal
CVE-2008-6149 (SQL injection vulnerability in the mDigg (com_mdigg) component 2.2.8 f ...)
	NOT-FOR-US: Joomla!
CVE-2008-6148 (SQL injection vulnerability in the Live Ticker (com_liveticker) module ...)
	NOT-FOR-US: Joomla!
CVE-2008-6147 (ForumApp 3.3 stores sensitive information under the web root with insu ...)
	NOT-FOR-US: ForumApp
CVE-2008-6146 (SQL injection vulnerability in pm.php in DeluxeBB 1.2 and earlier, whe ...)
	NOT-FOR-US: DeluxeBB
CVE-2008-6145 (Multiple SQL injection vulnerabilities in the WEC Discussion Forum (we ...)
	NOT-FOR-US: WEC Discussion Forum (wec_discussion) extension TYPO3
CVE-2008-6144 (Multiple cross-site scripting (XSS) vulnerabilities in the WEC Discuss ...)
	NOT-FOR-US: WEC Discussion Forum (wec_discussion) extension TYPO3
CVE-2008-6143 (OwenPoll 1.0 allows remote attackers to bypass authentication and obta ...)
	NOT-FOR-US: OwenPoll
CVE-2008-6142 (Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexP ...)
	NOT-FOR-US: FlexPHPic
CVE-2008-6141 (Unspecified vulnerability in Avaya IP Softphone 6.0 SP4 and 6.01.85 al ...)
	NOT-FOR-US: Avaya IP Softphone
CVE-2008-6140 (Unspecified vulnerability in the Session Initiation Protocol (SIP) imp ...)
	NOT-FOR-US: Avaya one-X Desktop Edition
CVE-2008-6139 (Directory traversal vulnerability in faqsupport/wce.download.php in We ...)
	NOT-FOR-US: WebBiscuits Modules Controller
CVE-2008-6138 (PHP remote file inclusion vulnerability in adminhead.php in WebBiscuit ...)
	NOT-FOR-US: WebBiscuits Modules Controller
CVE-2008-6137 (EveryBlog 5.x and 6.x, a module for Drupal, allows remote attackers to ...)
	NOT-FOR-US: EveryBlog
CVE-2008-6136 (Unspecified vulnerability in EveryBlog 5.x and 6.x, a module for Drupa ...)
	NOT-FOR-US: EveryBlog
CVE-2008-6135 (Cross-site scripting (XSS) vulnerability in EveryBlog 5.x and 6.x, a m ...)
	NOT-FOR-US: EveryBlog
CVE-2008-6134 (SQL injection vulnerability in EveryBlog 5.x and 6.x, a module for Dru ...)
	NOT-FOR-US: EveryBlog
CVE-2008-6133 (SQL injection vulnerability in arsaprint.php in Full PHP Emlak Script  ...)
	NOT-FOR-US: Full PHP Emlak Script
CVE-2008-6132 (Eval injection vulnerability in reserve.php in phpScheduleIt 1.2.10 an ...)
	NOT-FOR-US: phpScheduleIt
CVE-2008-6131 (Session fixation vulnerability in moziloWiki 1.0.1 and earlier allows  ...)
	NOT-FOR-US: moziloWiki
CVE-2008-6130 (Cross-site scripting (XSS) vulnerability in index.php in moziloWiki 1. ...)
	NOT-FOR-US: moziloWiki
CVE-2008-6129 (Directory traversal vulnerability in print.php in moziloWiki 1.0.1 and ...)
	NOT-FOR-US: moziloWiki
CVE-2008-6128 (Session fixation vulnerability in moziloCMS 1.10.2 and earlier allows  ...)
	NOT-FOR-US: moziloCMS
CVE-2008-6127 (Multiple cross-site scripting (XSS) vulnerabilities in moziloCMS 1.10. ...)
	NOT-FOR-US: moziloCMS
CVE-2008-6126 (Multiple directory traversal vulnerabilities in moziloCMS 1.10.2 and e ...)
	NOT-FOR-US: moziloCMS
CVE-2008-6125 (Unspecified vulnerability in the user editing interface in Moodle 1.5. ...)
	{DSA-1724-1}
	- moodle 1.8.2.dfsg-2
CVE-2008-6124 (SQL injection vulnerability in the hotpot_delete_selected_attempts fun ...)
	{DSA-1691-1}
	- moodle 1.8.2.dfsg-2
CVE-2008-6123 (The netsnmp_udp_fmtaddr function (snmplib/snmpUDPDomain.c) in net-snmp ...)
	- net-snmp 5.4.3~dfsg-1 (low; bug #516801)
	[etch] - net-snmp <no-dsa> (Minor issue)
	[lenny] - net-snmp <no-dsa> (Minor issue)
CVE-2008-6122 (The web management interface in Netgear WGR614v9 allows remote attacke ...)
	NOT-FOR-US: Netgear WGR614v9
CVE-2008-6121 (CRLF injection vulnerability in SocialEngine (SE) 2.7 and earlier allo ...)
	NOT-FOR-US: SocialEngine
CVE-2008-6120 (SQL injection vulnerability in profile_comments.php in SocialEngine (S ...)
	NOT-FOR-US: SocialEngine
CVE-2008-6119 (Static code injection vulnerability in gooplecms/admin/account/action/ ...)
	NOT-FOR-US: Goople CMS
CVE-2008-6118 (win/content/upload.php in Goople CMS 1.7 allows remote attackers to by ...)
	NOT-FOR-US: Goople CMS
CVE-2008-6117 (SQL injection vulnerability in homepage.php in PG Job Site Pro allows  ...)
	NOT-FOR-US: PG Job Site Pro
CVE-2008-6116 (SQL injection vulnerability in the EXtrovert Software Thyme (com_thyme ...)
	NOT-FOR-US: Joomla!
CVE-2008-6115 (SQL injection vulnerability in directory.php in Prozilla Hosting Index ...)
	NOT-FOR-US: Prozilla Hosting Index
CVE-2008-6114 (SQL injection vulnerability in product_details.php in the Mytipper Zog ...)
	NOT-FOR-US: Mytipper Zogo-shop
CVE-2008-6113 (Cross-site scripting (XSS) vulnerability in SemanticScuttle before 0.9 ...)
	NOT-FOR-US: SemanticScuttle
CVE-2008-6112 (Multiple directory traversal vulnerabilities in Ez Ringtone Manager al ...)
	NOT-FOR-US: Ez Ringtone Manager
CVE-2008-6111 (SQL injection vulnerability in blog.php in NetArt Media Vlog System 1. ...)
	NOT-FOR-US: NetArt Media Vlog System
CVE-2008-6110 (Unspecified vulnerability in SemanticScuttle before 0.90 has unknown i ...)
	NOT-FOR-US: SemanticScuttle
CVE-2008-6109 (Robin Rawson-Tetley Animal Shelter Manager (ASM) before 2.2.2 does not ...)
	NOT-FOR-US: Robin Rawson-Tetley Animal Shelter Manager
CVE-2008-6108 (Cross-site scripting (XSS) vulnerability in result.php in Galatolo Web ...)
	NOT-FOR-US: Galatolo WebManager
CVE-2008-6107 (The (1) sys32_mremap function in arch/sparc64/kernel/sys_sparc32.c, th ...)
	- linux-2.6 2.6.25-4 (low)
	- linux-2.6.24 <removed>
CVE-2008-6106 (Cross-site request forgery (CSRF) vulnerability in IBM Workplace for B ...)
	NOT-FOR-US: IBM Workplace for Business Controls
CVE-2008-6105 (Cross-site scripting (XSS) vulnerability in IBM Workplace for Business ...)
	NOT-FOR-US: IBM Workplace for Business Controls
CVE-2008-6104 (SQL injection vulnerability in A4Desk PHP Event Calendar allows remote ...)
	NOT-FOR-US: A4Desk PHP Event Calendar
CVE-2008-6103 (PHP remote file inclusion vulnerability in index.php in A4Desk Event C ...)
	NOT-FOR-US: A4Desk PHP Event Calendar
CVE-2008-6102 (SQL injection vulnerability in ratelink.php in Link Trader Script allo ...)
	NOT-FOR-US: Link Trader Script
CVE-2008-6101 (SQL injection vulnerability in click.php in Adult Banner Exchange Webs ...)
	NOT-FOR-US: Adult Banner Exchange Website
CVE-2008-6100 (Multiple SQL injection vulnerabilities in Discussion Forums 2k 3.3, wh ...)
	NOT-FOR-US: Discussion Forums
CVE-2008-6099 (PHP remote file inclusion vulnerability in index.php in RPortal 1.1 an ...)
	NOT-FOR-US: RPortal
CVE-2008-6098 (Bugzilla 3.2 before 3.2 RC2, 3.0 before 3.0.6, 2.22 before 2.22.6, 2.2 ...)
	- bugzilla <unfixed> (unimportant)
CVE-2008-6097 (Multiple cross-site scripting (XSS) vulnerabilities in WikyBlog before ...)
	NOT-FOR-US: WikyBlog
CVE-2008-6096 (Cross-site scripting (XSS) vulnerability in Juniper NetScreen ScreenOS ...)
	NOT-FOR-US: Juniper NetScreen ScreenOS
CVE-2008-6095 (Cross-site scripting (XSS) vulnerability in surveillanceView.htm in Op ...)
	- opennms <itp> (bug #450615)
CVE-2008-6094 (Cross-site scripting (XSS) vulnerability in user.do in Celoxis Technol ...)
	NOT-FOR-US: Celoxis Technologies Celoxis
CVE-2008-6093 (SQL injection vulnerability in index.php in Noname CMS 1.0, when magic ...)
	NOT-FOR-US: Noname CMS
CVE-2008-6092 (phpscripts Ranking Script allows remote attackers to bypass authentica ...)
	NOT-FOR-US: phpscripts Ranking Script
CVE-2008-6091 (SQL injection vulnerability in plugins.php in BMForum 5.6, when magic_ ...)
	NOT-FOR-US: BMForum
CVE-2008-6090 (Directory traversal vulnerability in members.php in ScriptsEz Mini Hos ...)
	NOT-FOR-US: ScriptsEz Mini Hosting Panel
CVE-2008-6089 (Directory traversal vulnerability in main.php in ScriptsEz Easy Image  ...)
	NOT-FOR-US: ScriptsEz
CVE-2008-6088 (SQL injection vulnerability in the Joomtracker (com_joomtracker) 1.01  ...)
	NOT-FOR-US: Joomla!
CVE-2008-6087 (Cross-site scripting (XSS) vulnerability in topic.php in Camera Life 2 ...)
	NOT-FOR-US: Camera Life
CVE-2008-6086 (SQL injection vulnerability in album.php in Camera Life 2.6.2b4 allows ...)
	NOT-FOR-US: Camera Life
CVE-2008-6085 (Integer overflow in multiple F-Secure anti-virus products, including I ...)
	NOT-FOR-US: F-Secure
CVE-2008-6084 (Unrestricted file upload vulnerability in pages/download.php in Iamma  ...)
	NOT-FOR-US: Iamma Simple Gallery
CVE-2008-6083 (Directory traversal vulnerability in header.php in TXTshop beta 1.0 al ...)
	NOT-FOR-US: TXTshop
CVE-2008-6082 (Titan FTP Server 6.26 build 630 allows remote attackers to cause a den ...)
	NOT-FOR-US: Titan FTP Server
CVE-2008-6081 (SQL injection vulnerability in contact.php in Simple Customer 1.2 allo ...)
	NOT-FOR-US: Simple Customer
CVE-2008-6080 (Directory traversal vulnerability in download.php in the ionFiles (com ...)
	NOT-FOR-US: Joomla!
CVE-2008-6079 (imlib2 before 1.4.2 allows context-dependent attackers to have an unsp ...)
	{DSA-2029-1}
	- imlib2 1.4.2-1 (bug #576469)
	NOTE: poked upstream for more details
CVE-2008-6078 (SQL injection vulnerability in open.php in the Private Messaging (com_ ...)
	NOT-FOR-US: Limbo CMS
CVE-2008-6077 (SQL injection vulnerability in loudblog/ajax.php in LoudBlog 0.8.0a an ...)
	NOT-FOR-US: LoudBlog
CVE-2008-6076 (SQL injection vulnerability in the Daily Message (com_dailymessage) 1. ...)
	NOT-FOR-US: Joomla!
CVE-2008-6075 (SQL injection vulnerability in aspkat.asp in Bahar Download Script 2.0 ...)
	NOT-FOR-US: Bahar Download Script
CVE-2008-6074 (Directory traversal vulnerability in frame.php in phpcrs 2.06 and earl ...)
	NOT-FOR-US: phpcrs
CVE-2008-6073 (StorageCrypt 2.0.1 does not properly encrypt disks, which allows local ...)
	NOT-FOR-US: StorageCrypt
CVE-2008-6072 (Multiple unspecified vulnerabilities in GraphicsMagick before 1.1.14,  ...)
	{DSA-1903-1}
	- graphicsmagick 1.2.3-1
CVE-2008-6071 (Heap-based buffer overflow in the DecodeImage function in coders/pict. ...)
	{DSA-1903-1}
	- graphicsmagick 1.2.3-1
CVE-2008-6070 (Multiple heap-based buffer underflows in the ReadPALMImage function in ...)
	{DSA-1903-1}
	- graphicsmagick 1.2.3-1
CVE-2008-6069 (SQL injection vulnerability in e107chat.php in the eChat plugin 4.2 fo ...)
	NOT-FOR-US: eChat plugin
CVE-2008-6068 (SQL injection vulnerability in the JoomlaDate (com_joomladate) compone ...)
	NOT-FOR-US: Joomla!
CVE-2008-7272 (FireGPG before 0.6 handle user&#8217;s passphrase and decrypted cleart ...)
	- iceweasel-firegpg <removed> (bug #514386)
CVE-2008-7273 (A symlink issue exists in Iceweasel-firegpg before 0.6 due to insecure ...)
	- iceweasel-firegpg <removed> (bug #514386)
CVE-2008-6067
	REJECTED
CVE-2008-6066 (Multiple PHP remote file inclusion vulnerabilities in Meet#Web 0.8 all ...)
	NOT-FOR-US: Meet#Web
CVE-2008-6065 (Oracle Database Server 10.1, 10.2, and 11g grants directory WRITE perm ...)
	NOT-FOR-US: Oracle Database Server
CVE-2008-6064 (Multiple SQL injection vulnerabilities in DomPHP 0.81 allow remote att ...)
	NOT-FOR-US: DomPHP
CVE-2008-6063 (Microsoft Word 2007, when the "Save as PDF" add-on is enabled, places  ...)
	NOT-FOR-US: Microsoft
CVE-2008-6062 (Cross-site scripting (XSS) vulnerability in ActionScript in arbitrary  ...)
	NOT-FOR-US: Adobe Dreamweaver
CVE-2008-6061 (Cross-site scripting (XSS) vulnerability in ActionScript in arbitrary  ...)
	NOT-FOR-US: Techsmith Camtasia Studio
CVE-2008-6060 (Cross-site scripting (XSS) vulnerability in ActionScript in arbitrary  ...)
	NOT-FOR-US: InfoSoft FusionCharts
CVE-2008-6059 (xml/XMLHttpRequest.cpp in WebCore in WebKit before r38566 does not pro ...)
	- webkit <not-affected> (bug #516555; low)
	NOTE: webkit in linux needs libsoup for cookie support
CVE-2008-6058 (Syslserve 1.058 and earlier, and probably 1.059, allows remote attacke ...)
	NOT-FOR-US: Syslserve
CVE-2008-6057 (Doug Luxem Liberum Help Desk 0.97.3 stores db/helpdesk2000.mdb under t ...)
	NOT-FOR-US: Doug Luxem Liberum Help Desk
CVE-2008-6056 (Multiple cross-site scripting (XSS) vulnerabilities in World Recipe 2. ...)
	NOT-FOR-US: World Recipe
CVE-2008-6055 (PreProjects Pre Classified Listings stores pclasp.mdb under the web ro ...)
	NOT-FOR-US: PreProjects Pre Classified Listings
CVE-2008-6054 (PreProjects Pre Courier and Cargo Business stores dbcourior.mdb under  ...)
	NOT-FOR-US: PreProjects Pre Classified Listings
CVE-2008-6053 (PreProjects Pre Resume Submitter stores onlineresume.mdb under the web ...)
	NOT-FOR-US: PreProjects Pre Classified Listings
CVE-2008-6052 (PreProjects Pre E-Learning Portal stores db_elearning.mdb under the we ...)
	NOT-FOR-US: PreProjects Pre Classified Listings
CVE-2008-6051 (MetaCart Free stores metacart.mdb under the web root with insufficient ...)
	NOT-FOR-US: MetaCart Free
CVE-2008-6050 (SQL injection vulnerability in the Tech Articles (com_tech_article) 1. ...)
	NOT-FOR-US: Tech Articles
CVE-2008-6049
	REJECTED
CVE-2008-6048 (Multiple cross-site request forgery (CSRF) vulnerabilities in TangoCMS ...)
	NOT-FOR-US: TangoCMS
CVE-2008-6047 (Cross-site scripting (XSS) vulnerability in ADbNewsSender before 1.5.2 ...)
	NOT-FOR-US: ADbNewsSender
CVE-2008-6046 (SQL injection vulnerability in ADbNewsSender before 1.5.2 allows remot ...)
	NOT-FOR-US: ADbNewsSender
CVE-2008-6045 (Session fixation vulnerability in shopping_cart.php in xt:Commerce 3.0 ...)
	NOT-FOR-US: xt:Commerce
CVE-2008-6044 (Cross-site scripting (XSS) vulnerability in advanced_search_result.php ...)
	NOT-FOR-US: xt:Commerce
CVE-2008-6043 (Multiple SQL injection vulnerabilities in PHP Pro Bid (PPB) 6.04 allow ...)
	NOT-FOR-US: PHP Pro Bid
CVE-2008-6042 (SQL injection vulnerability in the re_search module in NetArtMedia Rea ...)
	NOT-FOR-US: NetArtMedia Real Estate Portal
CVE-2008-6041 (Multiple cross-site scripting (XSS) vulnerabilities in Index.asp in Da ...)
	NOT-FOR-US: Dataspade
CVE-2008-6040 (SQL injection vulnerability in index.php in Arcadem Pro 2.700 through  ...)
	NOT-FOR-US: Arcadem Pro
CVE-2008-6039 (Session fixation vulnerability in BLUEPAGE CMS 2.5 and earlier allows  ...)
	NOT-FOR-US: BLUEPAGE CMS
CVE-2008-6038 (SQL injection vulnerability in index.php in MapCal 0.1 allows remote a ...)
	NOT-FOR-US: MapCal
CVE-2008-6037 (SQL injection vulnerability in view.php in AvailScript Article Script  ...)
	NOT-FOR-US: AvailScript Article Script
CVE-2008-6036 (PHP remote file inclusion vulnerability in main.inc.php in BaseBuilder ...)
	NOT-FOR-US: BaseBuilder
CVE-2008-6035 (Cross-site scripting (XSS) vulnerability in dispatch.php in Achievo 1. ...)
	NOT-FOR-US: Achievo
CVE-2008-6034 (Cross-site scripting (XSS) vulnerability in dispatch.php in Achievo 1. ...)
	NOT-FOR-US: Achievo
CVE-2008-6033 (SQL injection vulnerability in comments.php in WSN Links 2.20 allows r ...)
	NOT-FOR-US: WSN Links
CVE-2008-6032 (SQL injection vulnerability in comments.php in WSN Links Free 4.0.34P  ...)
	NOT-FOR-US: WSN Links
CVE-2008-6031 (SQL injection vulnerability in vote.php in WSN Links 2.22 and 2.23 all ...)
	NOT-FOR-US: WSN Links
CVE-2008-6030 (Multiple SQL injection vulnerabilities in NetArtMedia Jobs Portal 1.3  ...)
	NOT-FOR-US: NetArtMedia Jobs Portal
CVE-2008-6029 (SQL injection vulnerability in search.php in BuzzyWall 1.3.1 and earli ...)
	NOT-FOR-US: BuzzyWall
CVE-2008-6028 (SQL injection vulnerability in list.php in University of Queensland Li ...)
	NOT-FOR-US: Library Fez
CVE-2008-6027 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in BL ...)
	NOT-FOR-US: BLUEPAGE CMS
CVE-2008-6026 (SQL injection vulnerability in tienda.php in BlueCUBE CMS allows remot ...)
	NOT-FOR-US: BlueCUBE CMS
CVE-2008-6025 (Directory traversal vulnerability in scr/form.php in openElec 3.01 and ...)
	NOT-FOR-US: openElec
CVE-2008-6024 (Unspecified vulnerability in the NFSv4 client module in the kernel on  ...)
	NOT-FOR-US: Sun Solaris
CVE-2008-6023 (PHP remote file inclusion vulnerability in includes/todofleetcontrol.p ...)
	NOT-FOR-US: Xnova
CVE-2008-6022 (PHP remote file inclusion vulnerability in includes/todofleetcontrol.p ...)
	NOT-FOR-US: Xnova
CVE-2008-6021 (Multiple unspecified vulnerabilities in Attachmate Reflection for Secu ...)
	NOT-FOR-US: Attachmate Reflection
CVE-2008-6020 (SQL injection vulnerability in the Views module 6.x before 6.x-2.2 for ...)
	NOT-FOR-US: View module (drupal module)
CVE-2008-6019 (SQL injection vulnerability in index.php in EACOMM DO-CMS 3.0 allows r ...)
	NOT-FOR-US: EACOMM DO-CMS
CVE-2008-6018 (Directory traversal vulnerability in index.php in MyPHPSite, when magi ...)
	NOT-FOR-US: MyPHPSite
CVE-2008-6017 (SQL injection vulnerability in messages.php in I-Rater Basic allows re ...)
	NOT-FOR-US: I-Rater Basic
CVE-2008-6016 (SQL injection vulnerability in questions.php in EsFaq 2.0 allows remot ...)
	NOT-FOR-US: EsFaq
CVE-2008-6015 (Multiple SQL injection vulnerabilities in search.php in EsFaq 2.0 allo ...)
	NOT-FOR-US: EsFaq
CVE-2008-6014 (SQL injection vulnerability in scripts/links.php in Rianxosencabos CMS ...)
	NOT-FOR-US: Rianxosencabos CMS
CVE-2008-6013 (Multiple SQL injection vulnerabilities in Freeway before 1.4.3.210 all ...)
	NOT-FOR-US: Freeway
CVE-2008-6012 (Directory traversal vulnerability in index.php in Pritlog 0.4 and earl ...)
	NOT-FOR-US: Pritlog
CVE-2008-6011 (SQL injection vulnerability in index.php in SG Real Estate Portal 2.0  ...)
	NOT-FOR-US: SG Real Estate Portal
CVE-2008-6010 (Multiple directory traversal vulnerabilities in SG Real Estate Portal  ...)
	NOT-FOR-US: SG Real Estate Portal
CVE-2008-6009 (SG Real Estate Portal 2.0 allows remote attackers to bypass authentica ...)
	NOT-FOR-US: SG Real Estate Portal
CVE-2008-6008 (hyBook Guestbook Script stores sensitive information under the web roo ...)
	NOT-FOR-US: hyBook Guestbook Script
CVE-2008-6007 (SQL injection vulnerability in view_group.php in QuidaScript BookMarks ...)
	NOT-FOR-US: QuidaScript BookMarks Favourites Script
CVE-2008-6006 (Multiple PHP remote file inclusion vulnerabilities in Micronation Bank ...)
	NOT-FOR-US: Micronation Banking System
CVE-2008-6004 (Cross-site scripting (XSS) vulnerability in search.php in AJ Auction P ...)
	NOT-FOR-US: AJ Auction Pro Platinum
CVE-2008-6003 (SQL injection vulnerability in sellers_othersitem.php in AJ Auction Pr ...)
	NOT-FOR-US: AJ Auction Pro Platinum
CVE-2008-6002 (Absolute path traversal vulnerability in sendfile.php in web-cp 0.5.7, ...)
	NOT-FOR-US: web-cp
CVE-2008-6001 (index.php in ADN Forum 1.0b and earlier allows remote attackers to byp ...)
	NOT-FOR-US: ADN Forum
CVE-2008-6000 (The GDTdiIcpt.sys driver in G DATA AntiVirus 2008, InternetSecurity 20 ...)
	NOT-FOR-US: G DATA AntiVirus
CVE-2008-5999 (Cross-site scripting (XSS) vulnerability in the Ajax Checklist module  ...)
	NOT-FOR-US: Ajax Checklist module for Drupal
CVE-2008-5998 (Multiple SQL injection vulnerabilities in the ajax_checklist_save func ...)
	NOT-FOR-US: Ajax Checklist module for Drupal
CVE-2008-5997 (Absolute path traversal vulnerability in admin/fileKontrola/browser.as ...)
	NOT-FOR-US: Omnicom Content Platform
CVE-2008-5996 (Cross-site scripting (XSS) vulnerability in the Simplenews module 5.x  ...)
	NOT-FOR-US: Simplenews module for Drupal
CVE-2008-5995 (Cross-site scripting (XSS) vulnerability in the freeCap CAPTCHA (sr_fr ...)
	NOT-FOR-US: freeCap CAPTCHA extension for TYPO3
CVE-2008-5994 (Cross-site scripting (XSS) vulnerability in index.php in Check Point C ...)
	NOT-FOR-US: Check Point Connectra
CVE-2008-5993 (Directory traversal vulnerability in image.php in Barcode Generator 1D ...)
	NOT-FOR-US: Barcode Generator 1D
CVE-2008-5992 (Multiple SQL injection vulnerabilities in Jetik Emlak Sistem A (ESA) 2 ...)
	NOT-FOR-US: Jetik Emlak Sistem
CVE-2008-5991 (Directory traversal vulnerability in docs.php in MailWatch for MailSca ...)
	NOT-FOR-US: MailWatch for MailScanner
CVE-2008-5990 (Directory traversal vulnerability in connect/init.inc in emergecolab 1 ...)
	NOT-FOR-US: emergecolab
CVE-2008-5989 (Directory traversal vulnerability in defs.php in PHPcounter 1.3.2 and  ...)
	NOT-FOR-US: PHPcounterJadu CMS
CVE-2008-5988 (SQL injection vulnerability in scripts/recruit_details.php in Jadu CMS ...)
	NOT-FOR-US: Jadu CMS
CVE-2008-XXXX [minor cyrus sasl DoS]
	- cyrus-sasl2 2.1.22.dfsg1-18 (bug #465561)
	[etch] - cyrus-sasl2 <no-dsa> (Minor issue)
CVE-2008-5987 (Untrusted search path vulnerability in the Python interface in Eye of  ...)
	- eog 2.22.3-2 (bug #504352; low)
	[etch] - eog <not-affected> (Vulnerable code not present)
CVE-2008-5986 (Untrusted search path vulnerability in the (1) "VST plugin with Python ...)
	- csound 5.08.2~dfsg-1.1 (bug #504359; low)
	[lenny] - csound 1:5.08.0.dfsg2-8+lenny2 (bug #504359; low)
	[etch] - csound <not-affected> (Vulnerable code not present)
CVE-2008-5985 (Untrusted search path vulnerability in the Python interface in Epiphan ...)
	- epiphany-browser 2.22.3-7 (bug #504363; low)
	[etch] - epiphany-browser <no-dsa> (Minor issue, only vulnerable when called from certain dir)
CVE-2008-5984 (Untrusted search path vulnerability in the Python plugin in Dia 0.96.1 ...)
	- dia 0.96.1-7.1 (low; bug #504251)
	[etch] - dia <no-dsa> (Minor issue, only vulnerable when called from certain dir)
CVE-2008-5983 (Untrusted search path vulnerability in the PySys_SetArgv API function  ...)
	- python3.1 3.1.2+20100703-1 (low; bug #575780)
	- python2.6 2.6.5+20100529-1 (low; bug #572010)
	- python2.5 <unfixed> (low)
	[etch] - python2.5 <no-dsa> (Minor issue)
	[lenny] - python2.5 <no-dsa> (Minor issue)
	[squeeze] - python2.5 <no-dsa> (Minor issue, patch only introduces a new, more secure API)
	- python2.4 <unfixed> (low)
	[etch] - python2.4 <no-dsa> (Minor issue)
	[lenny] - python2.4 <no-dsa> (Minor issue)
	NOTE: I suppose the behaviour will be changed in a future Python release, but
	NOTE: a backport has a significant risk of breakage for little gain. If a
	NOTE: proper upstream patch should be available, this can be re-evaluated
	NOTE: http://bugs.python.org/issue5753
CVE-2008-5982 (Format string vulnerability in BMC PATROL Agent before 3.7.30 allows r ...)
	NOT-FOR-US: BMC PATROL Agent
CVE-2008-5968 (Directory traversal vulnerability in print.php in PHP iCalendar 2.24 a ...)
	- phpicalendar <removed> (bug #513517)
CVE-2008-5967 (admin/index.php in PHP iCalendar 2.3.4, 2.24, and earlier does not req ...)
	- phpicalendar <removed> (bug #513517)
CVE-2008-5981 (PacPoll 4.0 stores sensitive information under the web root with insuf ...)
	NOT-FOR-US: PacPoll
CVE-2008-5980 (Ocean12 Mailing List Manager Gold stores sensitive data under the web  ...)
	NOT-FOR-US: Ocean12 Mailing List Manager Gold
CVE-2008-5979 (Cross-site scripting (XSS) vulnerability in default.asp in Ocean12 Mai ...)
	NOT-FOR-US: Ocean12 Mailing List Manager Gold
CVE-2008-5978 (Multiple SQL injection vulnerabilities in Ocean12 Mailing List Manager ...)
	NOT-FOR-US: Ocean12 Mailing List Manager Gold
CVE-2008-5977 (SQL injection vulnerability in siteadmin/forgot.php in PHP JOBWEBSITE  ...)
	NOT-FOR-US: PHP JOBWEBSITE PRO
CVE-2008-5976 (Multiple cross-site scripting (XSS) vulnerabilities in siteadmin/forgo ...)
	NOT-FOR-US: PHP JOBWEBSITE PRO
CVE-2008-5975 (SQL injection vulnerability in links.asp in Active Price Comparison 4. ...)
	NOT-FOR-US: Active Price Comparison
CVE-2008-5974 (Multiple SQL injection vulnerabilities in login.aspx in Active Price C ...)
	NOT-FOR-US: Active Price Comparison
CVE-2008-5973 (SQL injection vulnerability in login.aspx in Active Web Mail 4.0 allow ...)
	NOT-FOR-US: Active Web Mail
CVE-2008-5972 (SQL injection vulnerability in default.asp in Active Business Director ...)
	NOT-FOR-US: Active Business Directory
CVE-2008-5971 (Cross-site scripting (XSS) vulnerability in profile_social.php in i-Ne ...)
	NOT-FOR-US: i-Net Solution Orkut Clone
CVE-2008-5970 (SQL injection vulnerability in profile_social.php in i-Net Solution Or ...)
	NOT-FOR-US: i-Net Solution Orkut Clone
CVE-2008-5969 (SQL injection vulnerability in popupproduct.php in Sunbyte e-Flower al ...)
	NOT-FOR-US: Sunbyte e-Flower
CVE-2008-5966 (globsy_edit.php in Globsy 1.0 and earlier allows remote attackers to c ...)
	NOT-FOR-US: Globsy
CVE-2008-5965 (Directory traversal vulnerability in index.php in LokiCMS 0.3.4 and ea ...)
	NOT-FOR-US: LokiCMS
CVE-2008-5964 (Session fixation vulnerability in Social ImpressCMS before 1.1.1 RC1 a ...)
	NOT-FOR-US: Social ImpressCMS
CVE-2008-5963 (Eval injection vulnerability in library/setup/rpc.php in Gravity Getti ...)
	NOT-FOR-US: Gravity Getting Things Done
CVE-2008-5962 (Directory traversal vulnerability in library/setup/rpc.php in Gravity  ...)
	NOT-FOR-US: Gravity Getting Things Done
CVE-2008-5961 (Cross-site scripting (XSS) vulnerability in index.php in Tribiq CMS Co ...)
	NOT-FOR-US: Tribiq CMS Community
CVE-2008-5960 (SQL injection vulnerability in index.php in Tribiq CMS Community 5.0.1 ...)
	NOT-FOR-US: Tribiq CMS Community
CVE-2008-5959 (Multiple SQL injection vulnerabilities in start.asp in Active Test 2.1 ...)
	NOT-FOR-US: Active Test
CVE-2008-5958 (Multiple SQL injection vulnerabilities in Active Test 2.1 allow remote ...)
	NOT-FOR-US: Active Test
CVE-2008-5957 (SQL injection vulnerability in the Mydyngallery (com_mydyngallery) com ...)
	NOT-FOR-US: Joomla!
CVE-2008-5956 (Wbstreet (aka PHPSTREET Webboard) 1.0 stores sensitive information und ...)
	NOT-FOR-US: Wbstreet
CVE-2008-5955 (SQL injection vulnerability in show.php in Wbstreet (aka PHPSTREET Web ...)
	NOT-FOR-US: Wbstreet
CVE-2008-5954 (SQL injection vulnerability in KTP Computer Customer Database (KTPCCD) ...)
	NOT-FOR-US: KTP Computer Customer Database (KTPCCD) CMS
CVE-2008-5953 (Directory traversal vulnerability in KTP Computer Customer Database (K ...)
	NOT-FOR-US: KTP Computer Customer Database (KTPCCD) CMS
CVE-2008-5952 (SQL injection vulnerability in KTP Computer Customer Database (KTPCCD) ...)
	NOT-FOR-US: KTP Computer Customer Database (KTPCCD) CMS
CVE-2008-5951 (ASP Template Creature stores sensitive information under the web root  ...)
	NOT-FOR-US: ASP Template Creature
CVE-2008-5950 (SQL injection vulnerability in media/media_level.asp in ASP Template C ...)
	NOT-FOR-US: ASP Template Creature
CVE-2008-5949 (Multiple PHP remote file inclusion vulnerabilities in ccTiddly 1.7.4 a ...)
	NOT-FOR-US: ccTiddly
CVE-2008-5948 (Directory traversal vulnerability in index.php in BNCwi 1.04 and earli ...)
	NOT-FOR-US: BNCwi
CVE-2008-5947 (PHP remote file inclusion vulnerability in include/class_yapbbcooker.p ...)
	NOT-FOR-US: YapBB
CVE-2008-5946 (SQL injection vulnerability in readmore.php in PHP-Fusion 4.01 allows  ...)
	NOT-FOR-US: PHP-Fusion
CVE-2008-5945 (Nukeviet 2.0 Beta allows remote attackers to bypass authentication and ...)
	NOT-FOR-US: Nukeviet
CVE-2008-5944 (Cross-site scripting (XSS) vulnerability in modules.php in NavBoard 16 ...)
	NOT-FOR-US: NavBoard
CVE-2008-5943 (Multiple directory traversal vulnerabilities in NavBoard 16 (2.6.0) al ...)
	NOT-FOR-US: NavBoard
CVE-2008-5942 (Multiple cross-site scripting (XSS) vulnerabilities in MODx before 0.9 ...)
	NOT-FOR-US: MODx CMS
CVE-2008-5941 (Cross-site request forgery (CSRF) vulnerability in MODx 0.9.6.1p2 and  ...)
	NOT-FOR-US: MODx CMS
CVE-2008-5940 (SQL injection vulnerability in index.php in MODx 0.9.6.2 and earlier,  ...)
	NOT-FOR-US: MODx CMS
CVE-2008-5939 (Cross-site scripting (XSS) vulnerability in index.php in MODx CMS 0.9. ...)
	NOT-FOR-US: MODx CMS
CVE-2008-5938 (PHP remote file inclusion vulnerability in assets/snippets/reflect/sni ...)
	NOT-FOR-US: MODx CMS
CVE-2008-5937 (AyeView 2.20 allows user-assisted attackers to cause a denial of servi ...)
	NOT-FOR-US: AyeView
CVE-2008-5936 (front-end/edit.php in mini-pub 0.3 and earlier allows remote attackers ...)
	NOT-FOR-US: mini-pub
CVE-2008-5935 (Facto stores sensitive information under the web root with insufficien ...)
	NOT-FOR-US: Facto
CVE-2008-5934 (SQL injection vulnerability in index.php in CMS ISWEB 3.0 allows remot ...)
	NOT-FOR-US: CMS ISWEB
CVE-2008-5933 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in CM ...)
	NOT-FOR-US: CMS ISWEB
CVE-2008-5932 (CodeAvalanche FreeForum stores sensitive information under the web roo ...)
	NOT-FOR-US: CodeAvalanche FreeForum
CVE-2008-5931 (The Net Guys ASPired2Blog stores sensitive information under the web r ...)
	NOT-FOR-US: ASPired2Blog
CVE-2008-5930 (SQL injection vulnerability in admin/blog_comments.asp in The Net Guys ...)
	NOT-FOR-US: ASPired2Blog
CVE-2008-5929 (VP-ASP Shopping Cart 6.50 stores sensitive information under the web r ...)
	NOT-FOR-US: VP-ASP Shopping Cart
CVE-2008-5928 (SQL injection vulnerability in redir.php in Free Links Directory Scrip ...)
	NOT-FOR-US: Free Links Directory Script
CVE-2008-5927 (Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexP ...)
	NOT-FOR-US: FlexPHPNews
CVE-2008-5926 (Multiple SQL injection vulnerabilities in login.asp in ASP-DEv Interna ...)
	NOT-FOR-US: ASP-DEv
CVE-2008-5925 (ASP-DEv XM Events Diary stores sensitive information under the web roo ...)
	NOT-FOR-US: ASP-DEv
CVE-2008-5924 (SQL injection vulnerability in diary_viewC.asp in ASP-DEv XM Events Di ...)
	NOT-FOR-US: ASP-DEv
CVE-2008-5923 (SQL injection vulnerability in default.asp in ASP-DEv XM Events Diary  ...)
	NOT-FOR-US: ASP-DEv
CVE-2008-5922 (Multiple PHP remote file inclusion vulnerabilities in themes/default/i ...)
	NOT-FOR-US: Cant Find A Gaming CMS
CVE-2008-5921 (SQL injection vulnerability in albums.php in Umer Inc Songs Portal all ...)
	NOT-FOR-US: Umer Inc Songs Portal
CVE-2008-5920 (The create_anchors function in utils.inc in WebSVN 1.x allows remote a ...)
	- websvn 1.61-21 (bug #503330)
CVE-2008-5917 (Cross-site scripting (XSS) vulnerability in the XSS filter (framework/ ...)
	{DSA-1765-1}
	- horde3 3.2.2+debian0-2 (bug #512592)
CVE-2008-5916 (gitweb/gitweb.perl in gitweb in Git 1.6.x before 1.6.0.6, 1.5.6.x befo ...)
	{DSA-1708-1}
	- git-core 1:1.5.6.5-2 (low)
CVE-2008-5915 (An unspecified function in the JavaScript implementation in Google Chr ...)
	NOT-FOR-US: Google
CVE-2008-5914 (An unspecified function in the JavaScript implementation in Apple Safa ...)
	NOT-FOR-US: Apple
CVE-2008-5913 (The Math.random function in the JavaScript implementation in Mozilla F ...)
	- xulrunner 1.9.1.10-1 (unimportant; bug #559792; bug #532516)
	- iceape 2.0.5-1 (unimportant)
	[lenny] - iceape <not-affected> (Just a stub package)
	NOTE: Limited to browser life time
CVE-2008-5912 (An unspecified function in the JavaScript implementation in Microsoft  ...)
	NOT-FOR-US: Microsoft
CVE-2008-5911 (Multiple buffer overflows in RealNetworks Helix Server and Helix Mobil ...)
	NOT-FOR-US: RealNetworks Helix
CVE-2008-5910 (Unspecified vulnerability in txzonemgr in Sun OpenSolaris has unknown  ...)
	NOT-FOR-US: txzonemgr in Sun OpenSolaris
CVE-2008-5909 (Unspecified vulnerability in conv_lpd in Sun OpenSolaris has unknown i ...)
	NOT-FOR-US: conv_lpd in Sun OpenSolaris
CVE-2008-5908 (Unspecified vulnerability in the root/boot archive tool in Sun OpenSol ...)
	NOT-FOR-US: root/boot archive tool in Sun OpenSolaris
CVE-2008-5907 (The png_check_keyword function in pngwutil.c in libpng before 1.0.42,  ...)
	{DSA-1750-1}
	- libpng 1.2.35-1 (bug #512665)
	NOTE: Only an issues when using libpng to create out-of-spec images
CVE-2008-5906 (Eval injection vulnerability in the web interface plugin in KTorrent b ...)
	- ktorrent2.2 2.2.8.dfsg.1-1 (bug #504178)
	- ktorrent 3.1.4+dfsg.1-1
	[etch] - ktorrent <not-affected> (Doesn't include the web interface)
CVE-2008-5905 (The web interface plugin in KTorrent before 3.1.4 allows remote attack ...)
	- ktorrent2.2 2.2.8.dfsg.1-1 (bug #504178)
	- ktorrent 3.1.4+dfsg.1-1
	[etch] - ktorrent <not-affected> (Doesn't include the web interface)
CVE-2008-5901 (iyzi Forum 1.0 beta 3 stores sensitive information under the web root  ...)
	NOT-FOR-US: iyzi Forum
CVE-2008-5900 (CodeAvalanche Articles stores sensitive information under the web root ...)
	NOT-FOR-US: CodeAvalanche Articles
CVE-2008-5899 (CodeAvalanche FreeForAll stores sensitive information under the web ro ...)
	NOT-FOR-US: CodeAvalanche FreeForAll
CVE-2008-5898 (CodeAvalanche Directory stores sensitive information under the web roo ...)
	NOT-FOR-US: CodeAvalanche Directory
CVE-2008-5897 (CodeAvalanche FreeWallpaper stores sensitive information under the web ...)
	NOT-FOR-US: CodeAvalanche FreeWallpaper
CVE-2008-5896 (CodeAvalanche RateMySite stores sensitive information under the web ro ...)
	NOT-FOR-US: CodeAvalanche RateMySite
CVE-2008-5895 (SQL injection vulnerability in connection.php in Mediatheka 4.2 and ea ...)
	NOT-FOR-US: Mediatheka
CVE-2008-5894 (Directory traversal vulnerability in index.php in Mediatheka 4.2 allow ...)
	NOT-FOR-US: Mediatheka
CVE-2008-5893 (Cross-site scripting (XSS) vulnerability in admin_dblayers.asp in Clic ...)
	NOT-FOR-US: ClickAndEmail
CVE-2008-5892 (Multiple SQL injection vulnerabilities in ClickAndEmail allow remote a ...)
	NOT-FOR-US: ClickAndEmail
CVE-2008-5891 (Cross-site scripting (XSS) vulnerability in the profile editing functi ...)
	NOT-FOR-US: Injader
CVE-2008-5890 (SQL injection vulnerability in feeds.php in Injader before 2.1.2 allow ...)
	NOT-FOR-US: Injader
CVE-2008-5889 (Cross-site scripting (XSS) vulnerability in user.asp in Click&amp;Rank ...)
	NOT-FOR-US: Click&Rank
CVE-2008-5888 (Multiple SQL injection vulnerabilities in Click&amp;Rank allow remote  ...)
	NOT-FOR-US: Click&Rank
CVE-2008-5887 (phplist before 2.10.8 allows remote attackers to include files via unk ...)
	- phplist <itp> (bug #612288)
CVE-2008-5886 (TAKempis Discussion Web 4.0 stores sensitive information under the web ...)
	NOT-FOR-US: TAKempis Discussion Web
CVE-2008-5885 (The Net Guys ASPired2Quote stores sensitive information under the web  ...)
	NOT-FOR-US: Net Guys ASPired2Quote
CVE-2008-5884 (AyeView 2.20 allows user-assisted attackers to cause a denial of servi ...)
	NOT-FOR-US: AyeView
CVE-2008-5883 (Absolute path traversal vulnerability in front-end/dir.php in mini-pub ...)
	NOT-FOR-US: mini-pub
CVE-2008-5904 (The rdp_rdp_process_color_pointer_pdu function in rdp/rdp_rdp.c in xrd ...)
	- xrdp 0.4.0~dfsg-9 (bug #511641)
CVE-2008-5903 (Array index error in the xrdp_bitmap_def_proc function in xrdp/funcs.c ...)
	- xrdp 0.4.0~dfsg-9 (bug #511641)
CVE-2008-5902 (Buffer overflow in the xrdp_bitmap_invalidate function in xrdp/xrdp_bi ...)
	- xrdp 0.4.0~dfsg-9 (bug #511641)
CVE-2008-6005 (Multiple buffer overflows in the CheckUniqueName function in W3C Amaya ...)
	- amaya <removed> (medium; bug #507587)
	NOTE: different vector than described in CVE-2008-5282, see 507587#15
CVE-2008-5882 (SQL injection vulnerability in login.asp in Citrix Application Gateway ...)
	NOT-FOR-US: Citrix
CVE-2008-5881 (Multiple directory traversal vulnerabilities in playSMS 0.9.3 allow re ...)
	NOT-FOR-US: playSMS
CVE-2008-5880 (admin/auth.php in Gobbl CMS 1.0 allows remote attackers to bypass auth ...)
	NOT-FOR-US: Gobbl CMS
CVE-2008-5879 (Cross-site scripting (XSS) vulnerability in index.php in Phpclanwebsit ...)
	NOT-FOR-US: Phpclanwebsite
CVE-2008-5878 (Multiple directory traversal vulnerabilities in Phpclanwebsite (aka PC ...)
	NOT-FOR-US: Phpclanwebsite
CVE-2008-5877 (Multiple SQL injection vulnerabilities in Phpclanwebsite (aka PCW) 1.2 ...)
	NOT-FOR-US: Phpclanwebsite
CVE-2008-5876 (Buffer overflow in Irrlicht before 1.5 allows remote attackers to caus ...)
	- irrlicht <not-affected> (package was first introduced in version 1.5)
CVE-2008-5875 (SQL injection vulnerability in the com_lowcosthotels component in the  ...)
	NOT-FOR-US: Hotel Booking Reservation System for Joomla
CVE-2008-5874 (Multiple SQL injection vulnerabilities in the Hotel Booking Reservatio ...)
	NOT-FOR-US: Hotel Booking Reservation System for Joomla
CVE-2008-5873 (Yerba SACphp 6.3 and earlier allows remote attackers to bypass authent ...)
	NOT-FOR-US: Yerba
CVE-2008-5872 (Multiple unspecified vulnerabilities in the UNIStim File Transfer Prot ...)
	NOT-FOR-US: Nortel Multimedia Communication Server
CVE-2008-5871 (Nortel Multimedia Communication Server (MSC) 5100 3.0.13 does not veri ...)
	NOT-FOR-US: Nortel Multimedia Communication Server
CVE-2008-5870 (FastStone Image Viewer 3.6 allows user-assisted attackers to cause a d ...)
	NOT-FOR-US: FastStone Image Viewer
CVE-2008-5869 (Cross-site scripting (XSS) vulnerability in the Proxim Wireless Tsunam ...)
	NOT-FOR-US: Proxim Wireless Tsunami
CVE-2008-5868 (Stack-based buffer overflow in IntelliTamper 2.07 and 2.08 allows user ...)
	NOT-FOR-US: IntelliTamper
CVE-2008-5867 (Directory traversal vulnerability in Yerba SACphp 6.3 allows remote at ...)
	NOT-FOR-US: Yerba
CVE-2008-5866 (The Proxim Wireless Tsunami MP.11 2411 with firmware 3.0.3 has public  ...)
	NOT-FOR-US: Proxim Wireless Tsunami
CVE-2008-5865 (SQL injection vulnerability in the com_hbssearch component 1.0 in the  ...)
	NOT-FOR-US: Hotel Booking Reservation System for Joomla
CVE-2008-5864 (SQL injection vulnerability in the Top Hotel (com_tophotelmodule) comp ...)
	NOT-FOR-US: Hotel Booking Reservation System for Joomla
CVE-2008-5863 (SQL injection vulnerability in locator.php in the Userlocator module 3 ...)
	NOT-FOR-US: Module for Woltlab Burning Board
CVE-2008-5862 (Directory traversal vulnerability in webcamXP 5.3.2.375 and 5.3.2.410  ...)
	NOT-FOR-US: webcamXP
CVE-2008-5861 (Directory traversal vulnerability in source.php in FreeLyrics 1.0 allo ...)
	NOT-FOR-US: FreeLyrics
CVE-2008-5860 (Directory traversal vulnerability in backend/template.php in Construct ...)
	NOT-FOR-US: Constructr CMS
CVE-2008-5859 (SQL injection vulnerability in index.php in Constructr CMS 3.02.5 and  ...)
	NOT-FOR-US: Constructr CMS
CVE-2008-5858 (Multiple cross-site scripting (XSS) vulnerabilities in KnowledgeTree b ...)
	NOT-FOR-US: KnowledgeTree
CVE-2008-5857 (The DropDocuments plugin in KnowledgeTree before 3.5.4a allows remote  ...)
	NOT-FOR-US: KnowledgeTree
CVE-2008-5856 (Directory traversal vulnerability in scripts/export.php in ClaSS befor ...)
	NOT-FOR-US: ClaSS
CVE-2008-5855 (myPHPscripts Login Session 2.0 stores sensitive information under the  ...)
	NOT-FOR-US: myPHPscripts Login Session
CVE-2008-5854 (Multiple cross-site scripting (XSS) vulnerabilities in login.php in my ...)
	NOT-FOR-US: myPHPscripts Login Session
CVE-2008-5853 (Chilek Content Management System (aka ChiCoMaS) 2.0.4 and earlier stor ...)
	NOT-FOR-US: ChoCoMaS
CVE-2008-5852 (Emefa Guestbook 3.0 stores sensitive information under the web root wi ...)
	NOT-FOR-US: Emefa Guestbook
CVE-2008-5851 (SQL injection vulnerability in index.php in My PHP Baseball Stats (MyP ...)
	NOT-FOR-US: My PHP Baseball Stats
CVE-2008-5850
	REJECTED
CVE-2008-5849 (Check Point VPN-1 R55, R65, and other versions, when Port Address Tran ...)
	NOT-FOR-US: Check Point
CVE-2008-5848 (The Advantech ADAM-6000 module has 00000000 as its default password, w ...)
	NOT-FOR-US: Advantech ADAM-6000 module
CVE-2008-5847 (Constructr CMS 3.02.5 and earlier stores passwords in cleartext in a M ...)
	NOT-FOR-US: Constructr CMS
CVE-2008-5846 (Six Apart Movable Type (MT) before 4.23 allows remote authenticated us ...)
	- movabletype-opensource 4.2.3-1 (low)
CVE-2008-5845 (Multiple cross-site scripting (XSS) vulnerabilities in Six Apart Movab ...)
	- movabletype-opensource 4.2.3-1 (low)
CVE-2008-5844 (PHP 5.2.7 contains an incorrect change to the FILTER_UNSAFE_RAW functi ...)
	- php5 <not-affected> (vulnerable code introduced in 5.2.7, we have 5.2.6 and 5.2.8 was released in the meantime)
	[etch] - php4 <not-affected> (vulnerable code introduced in php5 5.2.7)
CVE-2008-5843 (Multiple untrusted search path vulnerabilities in pdfjam allow local u ...)
	- pdfjam <not-affected> (the debian package sets pdflatex and thus dirname can't result in returning .)
	NOTE: it is also not possible to include a crafted sed or pdflatex executable in the pdflatex call
	NOTE: as our version uses random names, see #510584
CVE-2008-5842 (Multiple cross-site scripting (XSS) vulnerabilities in Fujitsu-Siemens ...)
	NOT-FOR-US: Fujitsu-Siemens WebTransactions
CVE-2008-XXXX [auctex insecure temp file]
	- auctex 11.83-7.3 (low; bug #506961)
	[etch] - auctex <no-dsa> (Minor issue)
CVE-2008-5841 (Multiple SQL injection vulnerabilities in iGaming 1.5 and earlier allo ...)
	NOT-FOR-US: iGaming
CVE-2008-5840 (PHP iCalendar 2.24 and earlier allows remote attackers to bypass authe ...)
	- phpicalendar <removed> (bug #513517)
CVE-2008-5839 (Buffer overflow in Foxmail 6.5 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Foxmail
CVE-2008-5838 (SQL injection vulnerability in search_results.php in E-Php Scripts E-S ...)
	NOT-FOR-US: E-Php Scripts E-Shop Shopping Cart
CVE-2008-5837
	RESERVED
CVE-2008-5836
	RESERVED
CVE-2008-5835
	RESERVED
CVE-2008-5834
	RESERVED
CVE-2008-5833
	RESERVED
CVE-2008-5832
	RESERVED
CVE-2008-5831
	RESERVED
CVE-2008-5830
	RESERVED
CVE-2008-5829
	RESERVED
CVE-2008-5828 (Microsoft Windows Live Messenger Client 8.5.1 and earlier, when MSN Pr ...)
	NOT-FOR-US: Microsoft
CVE-2008-5827 (The Nokia 6131 Near Field Communication (NFC) phone with 05.12 firmwar ...)
	NOT-FOR-US: Nokia Firmware
CVE-2008-5826 (The Nokia 6131 Near Field Communication (NFC) phone with 05.12 firmwar ...)
	NOT-FOR-US: Nokia Firmware
CVE-2008-5825 (The SmartPoster implementation on the Nokia 6131 Near Field Communicat ...)
	NOT-FOR-US: Nokia Firmware
CVE-2008-5823 (An ActiveX control in prtstb06.dll in Microsoft Money 2006, when used  ...)
	NOT-FOR-US: Microsoft Money
CVE-2008-5822 (Memory leak in Libxul, as used in Mozilla Firefox 3.0.5 and other prod ...)
	- xulrunner <unfixed> (unimportant)
	NOTE: Just a crash, no security impact
CVE-2008-5821 (Memory leak in WebKit.dll in WebKit, as used by Apple Safari 3.2 on Wi ...)
	NOT-FOR-US: Webkit on Windows
CVE-2008-5820 (SQL injection vulnerability in eDNews_view.php in eDreamers eDNews 2 a ...)
	NOT-FOR-US: eDreamers eDNews
CVE-2008-5819 (Directory traversal vulnerability in eDNews_archive.php in eDreamers e ...)
	NOT-FOR-US: eDreamers eDNews
CVE-2008-5818 (Directory traversal vulnerability in index.php in eDreamers eDContaine ...)
	NOT-FOR-US: eDreamers eDNews
CVE-2008-5817 (Multiple SQL injection vulnerabilities in index.php in Web Scribble So ...)
	NOT-FOR-US: Web Scribble Solutions webClassifieds
CVE-2008-5816 (SQL injection vulnerability in repository.php in ILIAS 3.7.4 and earli ...)
	NOT-FOR-US: ILIAS
CVE-2008-5815 (SQL injection vulnerability in Acomment.php in phpAlumni allows remote ...)
	NOT-FOR-US: phpAlumni
CVE-2008-5814 (Cross-site scripting (XSS) vulnerability in PHP, possibly 5.2.7 and ea ...)
	{DSA-1789-1}
	- php5 5.2.11.dfsg.1-1 (low; bug #523028)
	NOTE: I don't know in which version this was fixed specifically, but
	NOTE: I've checked that the patch is present in this version
	- php4 <removed> (low; bug #523028)
CVE-2008-5813 (SQL injection vulnerability in inc/rubriques.php in SPIP 1.8 before 1. ...)
	- spip 2.0.6-1
CVE-2008-5812 (Multiple unspecified vulnerabilities in SPIP 1.8 before 1.8.3b, 1.9 be ...)
	- spip 2.0.6-1
CVE-2008-5811 (SQL injection vulnerability in the PaxGallery (com_paxgallery) compone ...)
	NOT-FOR-US: joomla
CVE-2008-5810 (WBPublish (aka WBPublish.exe) in Fujitsu-Siemens WebTransactions 7.0,  ...)
	NOT-FOR-US: Fujitsu-Siemens WebTransactions
CVE-2008-5809 (futomi CGI Cafe Access Analyzer CGI Standard 4.0.1 and earlier and Acc ...)
	NOT-FOR-US: futomi CGI Cafe Access Analyzer CGI Standard
CVE-2008-5808 (Cross-site scripting (XSS) vulnerability in Six Apart Movable Type Ent ...)
	NOT-FOR-US: Six Apart Movable Type Enterprise
CVE-2008-5807 (Multiple cross-site scripting (XSS) vulnerabilities in TestLink before ...)
	NOT-FOR-US: TestLink
CVE-2008-5806 (SQL injection vulnerability in login.php in DeltaScripts PHP Classifie ...)
	NOT-FOR-US: DeltaScripts PHP Classifieds
CVE-2008-5805 (SQL injection vulnerability in detail.php in DeltaScripts PHP Classifi ...)
	NOT-FOR-US: DeltaScripts PHP Classifieds
CVE-2008-5804 (SQL injection vulnerability in admin/admin_catalog.php in e-topbiz Num ...)
	NOT-FOR-US: e-topbiz Number Links 1 Php Script
CVE-2008-5803 (SQL injection vulnerability in admin/login.php in E-topbiz Online Stor ...)
	NOT-FOR-US: E-topbiz
CVE-2008-5802 (SQL injection vulnerability in index.php in E-topbiz Online Store 1.0  ...)
	NOT-FOR-US: E-topbiz
CVE-2008-5801 (Unspecified vulnerability in the Dictionary (rtgdictionary) extension  ...)
	NOT-FOR-US: Dictionary (rtgdictionary) extension for TYPO3
CVE-2008-5800 (SQL injection vulnerability in the Wir ber uns [sic] (fsmi_people) ext ...)
	NOT-FOR-US: fsmi_people extension for TYPO3
CVE-2008-5799 (Cross-site scripting (XSS) vulnerability in the Wir ber uns (fsmi_peop ...)
	NOT-FOR-US: fsmi_people extension for TYPO3
CVE-2008-5798 (SQL injection vulnerability in the CMS Poll system (cms_poll) extensio ...)
	NOT-FOR-US: CMS Poll system for TYPO3
CVE-2008-5797 (SQL injection vulnerability in the advCalendar extension 0.3.1 and ear ...)
	NOT-FOR-US: advCalendar extension for TYPO3
CVE-2008-5796 (SQL injection vulnerability in the eluna Page Comments (eluna_pagecomm ...)
	NOT-FOR-US: Page Comments extension for TYPO3
CVE-2008-5795 (Cross-site scripting (XSS) vulnerability in the eluna Page Comments (e ...)
	NOT-FOR-US: Page Comments extension for TYPO3
CVE-2008-5794 (Directory traversal vulnerability in system/admin/images.php in LoveCM ...)
	NOT-FOR-US: LoveCMS
CVE-2008-5793 (Multiple PHP remote file inclusion vulnerabilities in the Clickheat -  ...)
	NOT-FOR-US: Clickheat - Heatmap stats (com_clickheat) component 1.0.1 for Joomla!
CVE-2008-5792 (PHP remote file inclusion vulnerability in show_joined.php in Indiscri ...)
	NOT-FOR-US: Indiscripts Enthusiast
CVE-2008-5791 (Multiple unspecified vulnerabilities in PrestaShop e-Commerce Solution ...)
	NOT-FOR-US: PrestaShop e-Commerce Solution
CVE-2008-5790 (Multiple PHP remote file inclusion vulnerabilities in the Recly!Compet ...)
	NOT-FOR-US: Recly!Competitions (com_competitions) component 1.0 for Joomla!
CVE-2008-5789 (Multiple PHP remote file inclusion vulnerabilities in the Recly Intera ...)
	NOT-FOR-US: Recly Interactive Feederator (com_feederator) component 1.0.5 for Joomla!
CVE-2008-5788 (SQL injection vulnerability in index.php in Domain Seller Pro 1.5 allo ...)
	NOT-FOR-US: Domain Seller
CVE-2008-5787 (Directory traversal vulnerability in mod.php in Arab Portal 2.1 on Win ...)
	NOT-FOR-US: Arab Portal
CVE-2008-5786 (Cross-site scripting (XSS) vulnerability in the Silva Find extension 1 ...)
	NOT-FOR-US: Silva Find
CVE-2008-5785 (SQL injection vulnerability in V3 Chat - Profiles/Dating Script 3.0.2  ...)
	NOT-FOR-US: V3 Chat - Profiles/Dating Script
CVE-2008-5784 (V3 Chat - Profiles/Dating Script 3.0.2 allows remote attackers to bypa ...)
	NOT-FOR-US: V3 Chat - Profiles/Dating Script
CVE-2008-5783 (admin/index.php in V3 Chat Live Support 3.0.4 allows remote attackers  ...)
	NOT-FOR-US: V3 Chat
CVE-2008-5782 (SQL injection vulnerability in bannerclick.php in ZeeMatri 3.0 allows  ...)
	NOT-FOR-US: ZeeMatri
CVE-2008-5781 (SQL injection vulnerability in right.php in Cant Find A Gaming CMS (CF ...)
	NOT-FOR-US: Cant Find A Gaming CMS (CFAGCMS)
CVE-2008-5780 (Forest Blog 1.3.2 stores sensitive information under the web root with ...)
	NOT-FOR-US: Forest Blog
CVE-2008-5779 (SQL injection vulnerability in lpro.php in Free Links Directory Script ...)
	NOT-FOR-US: Free Links Directory Script
CVE-2008-5778 (SQL injection vulnerability in report.php in Free Links Directory Scri ...)
	NOT-FOR-US: Free Links Directory Script
CVE-2008-5777 (SQL injection vulnerability in index.php in CadeNix allows remote atta ...)
	NOT-FOR-US: CadeNix
CVE-2008-5776 (Multiple directory traversal vulnerabilities in Aperto Blog 0.1.1 allo ...)
	NOT-FOR-US: Aperto Blog
CVE-2008-5775 (SQL injection vulnerability in categories.php in Aperto Blog 0.1.1 all ...)
	NOT-FOR-US: Aperto Blog
CVE-2008-5774 (Multiple SQL injection vulnerabilities in ASPSiteWare HomeBuilder 1.0  ...)
	NOT-FOR-US: ASPSiteWare HomeBuilder
CVE-2008-5773 (Nukedit 4.9.8 stores sensitive information under the web root with ins ...)
	NOT-FOR-US: Nukedit
CVE-2008-5772 (Multiple SQL injection vulnerabilities in ASPSiteWare RealtyListings 1 ...)
	NOT-FOR-US: ASPSiteWare RealtyListings
CVE-2008-5771 (Directory traversal vulnerability in test.php in PHP Weather 2.2.2 all ...)
	NOT-FOR-US: PHP Weather
CVE-2008-5770 (Cross-site scripting (XSS) vulnerability in config/make_config.php in  ...)
	NOT-FOR-US: PHP Weather
CVE-2008-5769 (Multiple cross-site scripting (XSS) vulnerabilities in Kerio MailServe ...)
	NOT-FOR-US: Kerio MailServer
CVE-2008-5768 (SQL injection vulnerability in print.php in the AM Events (aka Amevent ...)
	NOT-FOR-US: AM Events
CVE-2008-5767 (SQL injection vulnerability in authors.asp in gNews Publisher allows r ...)
	NOT-FOR-US: gNews Publisher
CVE-2008-5766 (SQL injection vulnerability in download.php in Farsi Script Faupload a ...)
	NOT-FOR-US: Farsi Script Faupload
CVE-2008-5765 (WorkSimple 1.2.1 stores sensitive information under the web root with  ...)
	NOT-FOR-US: WorkSimple
CVE-2008-5764 (PHP remote file inclusion vulnerability in calendar.php in WorkSimple  ...)
	NOT-FOR-US: WorkSimple
CVE-2008-5763 (PHP remote file inclusion vulnerability in slogin_lib.inc.php in Simpl ...)
	NOT-FOR-US: Simple Text-File Login Script (SiTeFiLo)
CVE-2008-5762 (Simple Text-File Login Script (SiTeFiLo) 1.0.6 stores sensitive inform ...)
	NOT-FOR-US: Simple Text-File Login Script (SiTeFiLo)
CVE-2008-5761 (Multiple cross-site scripting (XSS) vulnerabilities in FlatnuX CMS (ak ...)
	NOT-FOR-US: FlatnuX CMS
CVE-2008-5760 (Cross-site scripting (XSS) vulnerability in error413.php in Kerio Mail ...)
	NOT-FOR-US: Kerio MailServer
CVE-2008-5759 (Cross-site scripting (XSS) vulnerability in FlatnuX CMS (aka Flatnuke3 ...)
	NOT-FOR-US: FlatnuX CMS
CVE-2008-5758 (Cross-site request forgery (CSRF) vulnerability in PHParanoid before 0 ...)
	NOT-FOR-US: PHParanoid
CVE-2008-5757 (Cross-site scripting (XSS) vulnerability in textarea/index.php in Text ...)
	- textpattern 4.0.6-1
CVE-2008-5756 (Buffer overflow in BreakPoint Software Hex Workshop 5.1.4 allows user- ...)
	NOT-FOR-US: BreakPoint Software Hex Workshop
CVE-2008-5755 (Stack-based buffer overflow in IntelliTamper 2.07 and 2.08 allows remo ...)
	NOT-FOR-US: IntelliTamper
CVE-2008-5754 (Stack-based buffer overflow in BulletProof FTP Client allows user-assi ...)
	NOT-FOR-US: BulletProof FTP Client
CVE-2008-5753 (Stack-based buffer overflow in BulletProof FTP Client 2.63 and 2010 al ...)
	NOT-FOR-US: BulletProof FTP Client
CVE-2008-5752 (Directory traversal vulnerability in getConfig.php in the Page Flip Im ...)
	NOT-FOR-US: Page Flip Image Gallery plugin for WordPress
CVE-2008-5751 (SQL injection vulnerability in index.php in AlstraSoft Web Email Scrip ...)
	NOT-FOR-US: AlstraSoft Web Email Script Enterprise
CVE-2008-5750 (Argument injection vulnerability in Microsoft Internet Explorer 8 beta ...)
	NOT-FOR-US: Microsoft
CVE-2008-5749
	NOT-FOR-US: Unclear, historic Chrome issue
CVE-2008-5748 (Directory traversal vulnerability in plugins/spaw2/dialogs/dialog.php  ...)
	NOT-FOR-US: BloofoxCMS
CVE-2008-5747 (F-Prot 4.6.8 for GNU/Linux allows remote attackers to bypass anti-viru ...)
	NOT-FOR-US: F-Prot
CVE-2008-5746 (Sun SNMP Management Agent (SUNWmasf) 1.4u2 through 1.5.4 allows local  ...)
	NOT-FOR-US: Sun SNMP Management Agent
CVE-2008-5745 (Integer overflow in quartz.dll in the DirectShow framework in Microsof ...)
	NOT-FOR-US: Microsoft
CVE-2008-5824 (Heap-based buffer overflow in msadpcm.c in libaudiofile in audiofile 0 ...)
	{DSA-1972-1}
	- audiofile 0.2.6-7.1 (medium; bug #510205)
CVE-2008-5744 (Array index error in the dahdi/tor2.c driver in Zaptel (aka DAHDI) 1.4 ...)
	{DSA-1699-1}
	- zaptel 1:1.4.11~dfsg-3 (bug #510583)
CVE-2008-5743 (pdfjam creates the (1) pdf90, (2) pdfjoin, and (3) pdfnup files with a ...)
	- pdfjam 1.10-1 (low; bug #510584)
CVE-2008-5742 (Multiple open redirect vulnerabilities in AIST NetCat 3.12 and earlier ...)
	NOT-FOR-US: AIST NetCat
CVE-2008-5741
	RESERVED
CVE-2008-5740
	RESERVED
CVE-2008-5739 (SQL injection vulnerability in evb/check_url.php in Pligg CMS 9.9.5 Be ...)
	NOT-FOR-US: Pligg CMS
CVE-2008-5738 (Nodstrum MySQL Calendar 1.1 and 1.2 allows remote attackers to bypass  ...)
	NOT-FOR-US: Nodstrum MySQL Calendar
CVE-2008-5737 (SQL injection vulnerability in index.php in Nodstrum MySQL Calendar 1. ...)
	NOT-FOR-US: Nodstrum MySQL Calendar
CVE-2008-5736 (Multiple unspecified vulnerabilities in FreeBSD 6 before 6.4-STABLE, 6 ...)
	- kfreebsd-6 <removed>
	[lenny] - kfreebsd-6 <no-dsa> (KFreebsd not supported)
	- kfreebsd-7 7.1-1
	[lenny] - kfreebsd-7 <no-dsa> (KFreebsd not supported)
CVE-2008-5735 (Stack-based buffer overflow in skin.c in CoolPlayer 2.17 through 2.19  ...)
	NOT-FOR-US: CoolPlayer
CVE-2008-5734 (Cross-site scripting (XSS) vulnerability in WebMail Pro in IceWarp Sof ...)
	NOT-FOR-US: IceWarp Software Merak Mail Server
CVE-2008-5733 (SQL injection vulnerability in blog.php in the Team Impact TI Blog Sys ...)
	NOT-FOR-US: Team Impact TI Blog System mod for PHP-Fusion
CVE-2008-5732 (Unrestricted file upload vulnerability in lib/image_upload.php in Kafo ...)
	NOT-FOR-US: KafooeyBlog
CVE-2008-5731 (The PGPwded device driver (aka PGPwded.sys) in PGP Corporation PGP Des ...)
	NOT-FOR-US: PGP Desktop
CVE-2008-5730 (Multiple CRLF injection vulnerabilities in AIST NetCat 3.12 and earlie ...)
	NOT-FOR-US: AIST NetCat
CVE-2008-5729 (Multiple cross-site scripting (XSS) vulnerabilities in AIST NetCat 3.1 ...)
	NOT-FOR-US: AIST NetCat
CVE-2008-5728 (Multiple directory traversal vulnerabilities in AIST NetCat 3.12 and e ...)
	NOT-FOR-US: AIST NetCat
CVE-2008-5727 (SQL injection vulnerability in modules/auth/password_recovery.php in A ...)
	NOT-FOR-US: AIST NetCat
CVE-2008-5726 (SQL injection vulnerability in thread.php in stormBoards 1.0.1 allows  ...)
	NOT-FOR-US: stormBoards
CVE-2008-5725 (The NT kernel-mode driver (aka pstrip.sys) 5.0.1.1 and earlier in EnTe ...)
	NOT-FOR-US: EnTech Taiwan PowerStrip
CVE-2008-5724 (The Personal Firewall driver (aka epfw.sys) 3.0.672.0 and earlier in E ...)
	NOT-FOR-US: ESET Smart Security
CVE-2008-5723 (Directory traversal vulnerability in CGI RESCUE KanniBBS2000 (aka Kann ...)
	NOT-FOR-US: CGI RESCUE KanniBBS2000
CVE-2008-5722 (Buffer overflow in SAWStudio 3.9i allows user-assisted remote attacker ...)
	NOT-FOR-US: SAWStudio
CVE-2008-5721 (SapporoWorks BlackJumboDog (BJD) before 4.2.3 allows remote attackers  ...)
	NOT-FOR-US: BlackJumboDog
CVE-2008-5720 (Cross-site scripting (XSS) vulnerability in Mayaa before 1.1.23 allows ...)
	NOT-FOR-US: Mayaa
CVE-2008-5719 (Cross-site scripting (XSS) vulnerability in Hitachi Groupmax Web Workf ...)
	NOT-FOR-US: Hitachi
CVE-2008-5718 (The papd daemon in Netatalk before 2.0.4-beta2, when using certain var ...)
	{DSA-1705-1 DTSA-183-1}
	- netatalk 2.0.4~beta2-1 (medium; bug #510585)
CVE-2008-5717 (Cross-site scripting (XSS) vulnerability in Hitachi JP1/Integrated Man ...)
	NOT-FOR-US: Hitachi
CVE-2008-5716 (xend in Xen 3.3.0 does not properly restrict a guest VM's write access ...)
	- xen-3 <not-affected> (Vulnerable code never entered Debian)
	- xen-unstable <not-affected> (Vulnerable code never entered Debian)
	NOTE: this issue was introduced as a fix to CVE-2008-4405, which has not
	NOTE: yet been fixed in Debian
CVE-2008-5715 (Mozilla Firefox 3.0.5 on Windows Vista allows remote attackers to caus ...)
	- iceweasel <removed> (unimportant)
	NOTE: Browser crashes not treated as security issues
CVE-2008-5714 (Off-by-one error in monitor.c in Qemu 0.9.1 might make it easier for r ...)
	{DSA-1907-1 DTSA-203-1}
	- qemu 0.9.1-10 (low; bug #509882)
	[etch] - qemu <not-affected> (Vulnerable code not present)
	- kvm 82-1 (low; bug #509997)
	[lenny] - kvm <no-dsa> (Minor issue)
CVE-2008-5713 (The __qdisc_run function in net/sched/sch_generic.c in the Linux kerne ...)
	{DSA-1794-1}
	- linux-2.6 2.6.25-1
	- linux-2.6.24 <removed>
CVE-2008-5712 (The HTML parser in KDE Konqueror 3.5.9 allows remote attackers to caus ...)
	- kdebase <unfixed> (unimportant)
	NOTE: Browser crashes not treated as security issues
CVE-2008-5711 (Heap-based buffer overflow in the Facebook PhotoUploader ActiveX contr ...)
	NOT-FOR-US: Facebook PhotoUploader ActiveX
CVE-2008-5710 (Multiple unspecified vulnerabilities in the web management interface i ...)
	NOT-FOR-US: Avaya Communication Manager
CVE-2008-5709 (Multiple unspecified vulnerabilities in the web management interface i ...)
	NOT-FOR-US: Avaya Communication Manager
CVE-2008-5708 (redirect.php in SlimCMS 1.0.0 does not require authentication, which a ...)
	NOT-FOR-US: SlimCMS
CVE-2008-5707 (SQL injection vulnerability in urunler.asp in Iltaweb Alisveris Sistem ...)
	NOT-FOR-US: Iltaweb Alisveris Sistemi
CVE-2008-5704 (src/unit_test.c in gpsdrive (aka gpsdrive-scripts) 2.10~pre4 might all ...)
	- gpsdrive 2.10~pre4-6.dfsg-2 (low; bug #508597)
	[etch] - gpsdrive <no-dsa> (Minor issue)
	[lenny] - gpsdrive 2.10~pre4-6.dfsg-1+lenny1
CVE-2008-5703 (gpsdrive (aka gpsdrive-scripts) 2.10~pre4 allows local users to overwr ...)
	- gpsdrive 2.10~pre4-6.dfsg-2 (low; bug #508597)
	[etch] - gpsdrive <no-dsa> (Minor issue)
	[lenny] - gpsdrive 2.10~pre4-6.dfsg-1+lenny1
CVE-2008-5702 (Buffer underflow in the ibwdt_ioctl function in drivers/watchdog/ib700 ...)
	{DSA-1794-1 DSA-1787-1}
	- linux-2.6 2.6.26-13
	- linux-2.6.24 <removed>
CVE-2008-5701 (Array index error in arch/mips/kernel/scall64-o32.S in the Linux kerne ...)
	{DSA-1794-1 DSA-1787-1}
	- linux-2.6 2.6.26-13
	- linux-2.6.24 <removed>
CVE-2008-5700 (libata in the Linux kernel before 2.6.27.9 does not set minimum timeou ...)
	{DSA-1787-1}
	- linux-2.6 2.6.26-13
	[etch] - linux-2.6 <not-affected> (Vulnerable code not present, was introduced later)
	- linux-2.6.24 <removed>
CVE-2008-5699 (The name service cache daemon (nscd) in Sun Solaris 10 and OpenSolaris ...)
	NOT-FOR-US: Solaris
CVE-2008-5698 (HTMLTokenizer::scriptHandler in Konqueror in KDE 3.5.9 and 3.5.10 allo ...)
	- kdebase <unfixed> (unimportant)
	NOTE: browser crashes not treated as security issues
CVE-2008-5697 (The skype_tool.copy_num method in the Skype extension BETA 2.2.0.95 fo ...)
	NOT-FOR-US: Skype extension
CVE-2008-5696 (Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux server is ...)
	NOT-FOR-US: Novell NetWare
CVE-2008-5695 (wp-admin/options.php in WordPress MU before 1.3.2, and WordPress 2.3.2 ...)
	- wordpress 2.3.2 (low; bug #510786; bug #513959)
	[etch] - wordpress <no-dsa> (Minor issue)
	NOTE: only the admin has manage_options capabilities by default and only editors
	NOTE: have upload_files capabilities
	NOTE: Only versions prior to 2.3.2 are affected according to the Debian maintainer
CVE-2008-5694 (PHP remote file inclusion vulnerability in lib/jpgraph/jpgraph_errhand ...)
	NOT-FOR-US: Sandbox
CVE-2008-5693 (Ipswitch WS_FTP Server Manager 6.1.0.0 and earlier, and possibly other ...)
	NOT-FOR-US: Ipswitch WS_FTP Server Manager
CVE-2008-5692 (Ipswitch WS_FTP Server Manager before 6.1.1, and possibly other Ipswit ...)
	NOT-FOR-US: Ipswitch WS_FTP Server Manager
CVE-2008-5691 (Heap-based buffer overflow in the Phoenician Casino FlashAX ActiveX co ...)
	NOT-FOR-US: Phoenician Casino FlashAX ActiveX
CVE-2008-5690 (The Kerberos credential renewal feature in Sun Solaris 8, 9, and 10, a ...)
	NOT-FOR-US: Solaris
CVE-2008-5689 (tun in IP Tunnel in Solaris 10 and OpenSolaris snv_01 through snv_76 a ...)
	NOT-FOR-US: Solaris
CVE-2008-5688 (MediaWiki 1.8.1, and other versions before 1.13.3, when the wgShowExce ...)
	- mediawiki 1:1.13.3-1 (unimportant)
	- mediawiki1.7 <removed> (unimportant)
	NOTE: Installation path disclosure not treated as a security issue
CVE-2008-5687 (MediaWiki 1.11, and other versions before 1.13.3, does not properly pr ...)
	{DTSA-186-1}
	- mediawiki 1:1.13.3-1 (low)
	- mediawiki1.7 <removed>
	[etch] - mediawiki1.7 <not-affected> (The backup feature was introduced in 1.11)
	[etch] - mediawiki <not-affected> (metapackage)
CVE-2008-5686 (IBM Tivoli Provisioning Manager (TPM) before 5.1.1.1 IF0006, when its  ...)
	NOT-FOR-US: IBM Tivoli Provisioning Manager
CVE-2008-5685 (Sun ScApp firmware 5.18.x, 5.19.x, and 5.20.0 through 5.20.10 on Sun F ...)
	NOT-FOR-US: Sun ScApp firmware
CVE-2008-5684 (Unspecified vulnerability in the X Inter Client Exchange library (aka  ...)
	NOT-FOR-US: Solaris
CVE-2008-5683 (Unspecified vulnerability in Opera before 9.63 allows remote attackers ...)
	NOT-FOR-US: Opera
CVE-2008-5682 (Cross-site scripting (XSS) vulnerability in Opera before 9.63 allows r ...)
	NOT-FOR-US: Opera
CVE-2008-5681 (Opera before 9.63 does not block unspecified "scripted URLs" during th ...)
	NOT-FOR-US: Opera
CVE-2008-5680 (Multiple buffer overflows in Opera before 9.63 might allow (1) remote  ...)
	NOT-FOR-US: Opera
CVE-2008-5679 (The HTML parsing engine in Opera before 9.63 allows remote attackers t ...)
	NOT-FOR-US: Opera
CVE-2008-5678 (Fretwell-Downing Informatics (FDI) OLIB7 WebView 2.5.1.1 allows remote ...)
	NOT-FOR-US: OLIB7 WebView
CVE-2008-5677 (Unrestricted file upload vulnerability in Kwalbum 2.0.4, 2.0.2, and ea ...)
	NOT-FOR-US: Kwalbum
CVE-2008-5676 (Multiple unspecified vulnerabilities in the ModSecurity (aka mod_secur ...)
	- libapache-mod-security 2.5.6-1
CVE-2008-5675 (Unspecified vulnerability in IBM WebSphere Portal 6.0 before 6.0.1.5 h ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2008-5674 (Multiple array index errors in the HTTP server in Darkwet Network webc ...)
	NOT-FOR-US: Darkwet Network webcamXP
CVE-2008-5673 (PHParanoid before 0.4 does not properly restrict access to the members ...)
	NOT-FOR-US: PHParanoid
CVE-2008-5672 (Multiple cross-site request forgery (CSRF) vulnerabilities in PHParano ...)
	NOT-FOR-US: PHParanoid
CVE-2008-5671 (PHP remote file inclusion vulnerability in index.php in Joomla! 1.0.11 ...)
	NOT-FOR-US: Joomla!
CVE-2008-5670 (Textpattern (aka Txp CMS) 4.0.5 does not ask for the old password duri ...)
	- textpattern 4.0.6-1 (low)
CVE-2008-5669 (index.php in the comments preview section in Textpattern (aka Txp CMS) ...)
	- textpattern 4.0.6-1 (low)
CVE-2008-5668 (Multiple cross-site scripting (XSS) vulnerabilities in Textpattern (ak ...)
	- textpattern 4.0.6-1 (low)
CVE-2008-5667 (The scanning engine in VirusBlokAda VBA32 Personal Antivirus 3.12.8.x  ...)
	NOT-FOR-US: VBA32 Personal Antivirus
CVE-2008-5666 (WinFTP FTP Server 2.3.0, when passive (aka PASV) mode is used, allows  ...)
	NOT-FOR-US: WinFTP
CVE-2008-5665 (SQL injection vulnerability in index.php in the xhresim module in XOOP ...)
	NOT-FOR-US: XOOPS
CVE-2008-5664 (Stack-based buffer overflow in Realtek Media Player (aka Realtek Sound ...)
	NOT-FOR-US: Realtek Media Player
CVE-2008-5663 (Multiple unrestricted file upload vulnerabilities in Kusaba 1.0.4 and  ...)
	NOT-FOR-US: Kusaba
CVE-2008-5662 (Multiple buffer overflows in Sun Java Wireless Toolkit (WTK) for CLDC  ...)
	NOT-FOR-US: Sun Java Wireless Toolkit
CVE-2008-5661 (The IPv4 Forwarding feature in Sun Solaris 10 and OpenSolaris snv_47 t ...)
	NOT-FOR-US: Sun Solaris
CVE-2008-5659 (The gnu.java.security.util.PRNG class in GNU Classpath 0.97.2 and earl ...)
	- classpath 2:0.98-1 (bug #512532; low)
	[lenny] - classpath <no-dsa> (Minor issue)
	- libgnucrypto-java <removed> (low; bug #559789)
	[lenny] - libgnucrypto-java <no-dsa> (Minor issue)
CVE-2008-5657 (CRLF injection vulnerability in Quassel Core before 0.3.0.3 allows rem ...)
	- quassel 0.2~rc1-1.1 (bug #506550)
CVE-2008-5656 (Cross-site scripting (XSS) vulnerability in the frontend plugin for th ...)
	- typo3-src 4.2.3-1 (bug #505325)
	[etch] - typo3-src <not-affected> (TYPO3 versions below 4.2.x are not affected)
CVE-2008-5655 (Multiple SQL injection vulnerabilities in MyioSoft EasyBookMarker 4.0  ...)
	NOT-FOR-US: MyioSoft EasyBookMarker
CVE-2008-5654 (SQL injection vulnerability in the loginADP function in ajaxp.php in M ...)
	NOT-FOR-US: MyioSoft EasyBookMarker
CVE-2008-5653 (SQL injection vulnerability in the loginADP function in ajaxp.php in M ...)
	NOT-FOR-US: MyioSoft EasyBookMarker
CVE-2008-5652 (SQL injection vulnerability in the loginADP function in ajaxp.php in M ...)
	NOT-FOR-US: MyioSoft EasyBookMarker
CVE-2008-5651 (SQL injection vulnerability in plugins/bookmarker/bookmarker_backend.p ...)
	NOT-FOR-US: MyioSoft EasyBookMarker
CVE-2008-5650 (SQL injection vulnerability in the login directory in AlstraSoft Web H ...)
	NOT-FOR-US: AlstraSoft Web Host Directory
CVE-2008-5649 (SQL injection vulnerability in admin/admin.php in AlstraSoft Article M ...)
	NOT-FOR-US: AlstraSoft Web Host Directory
CVE-2008-5648 (SQL injection vulnerability in admin/login.php in DeltaScripts PHP Sho ...)
	NOT-FOR-US: DeltaScripts PHP Shop
CVE-2008-5647 (Unspecified vulnerability in the HTML sanitizer filter in Trac before  ...)
	- trac 0.11.1-2.1 (low; bug #509342; bug #505197)
	[etch] - trac <no-dsa> (Minor issue)
CVE-2008-5646 (Unspecified vulnerability in Trac before 0.11.2 allows attackers to ca ...)
	- trac 0.11.1-2.1 (low; bug #509342; bug #505197)
	[etch] - trac <no-dsa> (Minor issue)
CVE-2008-5645 (Directory traversal vulnerability in the media server in Orb Networks  ...)
	NOT-FOR-US: Orb Networks Orb
CVE-2008-5644 (Cross-site scripting (XSS) vulnerability in the file backend module in ...)
	- typo3-src 4.2.3-1 (bug #505324)
	[etch] - typo3-src <not-affected> (Only TYPO3 4.2.2 is affected)
CVE-2008-5643 (SQL injection vulnerability in the Books (com_books) component for Joo ...)
	NOT-FOR-US: Joomla!
CVE-2008-5642 (Directory traversal vulnerability in admin/login.php in CMS Made Simpl ...)
	NOT-FOR-US: CMS Made Simple
CVE-2008-5641 (SQL injection vulnerability in account.asp in Active Photo Gallery 6.2 ...)
	NOT-FOR-US: Active Photo Gallery
CVE-2008-5640 (SQL injection vulnerability in bidhistory.asp in Active Bids 3.5 allow ...)
	NOT-FOR-US: Active Bids
CVE-2008-5639 (Directory traversal vulnerability in index.php in TxtBlog 1.0 Alpha al ...)
	NOT-FOR-US: TxtBlog
CVE-2008-5638 (Multiple SQL injection vulnerabilities in Active Price Comparison 4 al ...)
	NOT-FOR-US: Active Price Comparison
CVE-2008-5637 (SQL injection vulnerability in blog.asp in ParsBlogger (Pb) allows rem ...)
	NOT-FOR-US: ParsBlogger
CVE-2008-5636 (SQL injection vulnerability in cate.php in Lito Lite CMS, when magic_q ...)
	NOT-FOR-US: Lito Lite CMS
CVE-2008-5635 (SQL injection vulnerability in account.asp in Active Membership 2.0 al ...)
	NOT-FOR-US: Active Membership
CVE-2008-5634 (SQL injection vulnerability in account.asp in Active Force Matrix 2.0  ...)
	NOT-FOR-US: Active Force Matrix
CVE-2008-5633 (SQL injection vulnerability in register.asp in ActiveVotes 2.2 allows  ...)
	NOT-FOR-US: ActiveVotes
CVE-2008-5632 (SQL injection vulnerability in Account.asp in Active Time Billing 3.2  ...)
	NOT-FOR-US: Active Time Billing
CVE-2008-5631 (SQL injection vulnerability in start.asp in Active eWebquiz 8.0 allows ...)
	NOT-FOR-US: Active eWebquiz
CVE-2008-5630 (SQL injection vulnerability in merchants/index.php in Post Affiliate P ...)
	NOT-FOR-US: Post Affiliate
CVE-2008-5629 (SQL injection vulnerability in index.php in Turnkey Arcade Script allo ...)
	NOT-FOR-US: Turnkey Arcade Script
CVE-2008-5628 (SQL injection vulnerability in index.php in CMS little 0.0.1 allows re ...)
	NOT-FOR-US: CMS little
CVE-2008-5627 (SQL injection vulnerability in account.asp in Active Trade 2 allows re ...)
	NOT-FOR-US: Active Trade
CVE-2008-5626 (XM Easy Personal FTP Server 5.6.0 allows remote authenticated users to ...)
	NOT-FOR-US: XM Easy Personal FTP Server
CVE-2008-5623
	RESERVED
CVE-2008-5620 (RoundCube Webmail (roundcubemail) before 0.2-beta allows remote attack ...)
	- roundcube 0.1.1-10 (low; bug #509596)
CVE-2008-5618 (imudp in rsyslog 4.x before 4.1.2, 3.21 before 3.21.9 beta, and 3.20 b ...)
	- rsyslog 3.18.6-1 (low; bug #510906)
CVE-2008-5615
	RESERVED
CVE-2008-5614
	RESERVED
CVE-2008-5613
	RESERVED
CVE-2008-5612
	RESERVED
CVE-2008-5611
	RESERVED
CVE-2008-5610
	RESERVED
CVE-2008-5609 (SQL injection vulnerability in the Commerce extension 0.9.6 and earlie ...)
	NOT-FOR-US: Commerce extension
CVE-2008-5608 (ASP AutoDealer stores sensitive information under the web root with in ...)
	NOT-FOR-US: AutoDealer
CVE-2008-5607 (SQL injection vulnerability in the JMovies (aka JM or com_jmovies) com ...)
	NOT-FOR-US: joomla
CVE-2008-5606 (Gazatem QMail Mailing List Manager 1.2 stores sensitive information un ...)
	NOT-FOR-US: Gazatem QMail Mailing List Manager
CVE-2008-5605 (Multiple SQL injection vulnerabilities in ASP Portal allow remote atta ...)
	NOT-FOR-US: ASP Portal
CVE-2008-5604 (Directory traversal vulnerability in index.php in My Simple Forum 3.0  ...)
	NOT-FOR-US: My Simple Forum
CVE-2008-5603 (ASPTicker 1.0 stores sensitive information under the web root with ins ...)
	NOT-FOR-US: ASPTicker
CVE-2008-5602 (Natterchat 1.12 stores sensitive information under the web root with i ...)
	NOT-FOR-US: Natterchat
CVE-2008-5601 (User Engine Lite ASP stores sensitive information under the web root w ...)
	NOT-FOR-US: User Engine Lite ASP
CVE-2008-5600 (Merlix Teamworx Server stores sensitive information under the web root ...)
	NOT-FOR-US: Merlix Teamworx Server
CVE-2008-5599 (SQL injection vulnerability in default.asp in Merlix Teamworx Server a ...)
	NOT-FOR-US: Merlix Teamworx Server
CVE-2008-5598 (Directory traversal vulnerability in index.php in PHPmyGallery 1.51 go ...)
	NOT-FOR-US: PHPmyGallery
CVE-2008-5597 (Cold BBS stores sensitive information under the web root with insuffic ...)
	NOT-FOR-US: Cold BBS
CVE-2008-5596 (Ikon AdManager 2.1 and earlier stores sensitive information under the  ...)
	NOT-FOR-US: Ikon AdManager
CVE-2008-5595 (SQL injection vulnerability in detail.asp in ASP AutoDealer allows rem ...)
	NOT-FOR-US: ASP AutoDealer
CVE-2008-5594 (Multiple directory traversal vulnerabilities in index.php in Mini Blog ...)
	NOT-FOR-US: Mini Blog
CVE-2008-5593 (Multiple directory traversal vulnerabilities in index.php in Mini CMS  ...)
	NOT-FOR-US: Mini CMS
CVE-2008-5592 (Nightfall Personal Diary 1.0 stores sensitive information under the we ...)
	NOT-FOR-US: Nightfall Personal Diary
CVE-2008-5591 (Cross-site scripting (XSS) vulnerability in login.asp in Nightfall Per ...)
	NOT-FOR-US: Nightfall Personal Diary
CVE-2008-5590 (SQL injection vulnerability in customer.forumtopic.php in Kalptaru Inf ...)
	NOT-FOR-US: Kalptaru Infotech Product Sale Framework
CVE-2008-5589 (SQL injection vulnerability in processlogin.asp in Katy Whitton RankEm ...)
	NOT-FOR-US: Katy Whitton RankEm
CVE-2008-5588 (SQL injection vulnerability in rankup.asp in Katy Whitton RankEm allow ...)
	NOT-FOR-US: Katy Whitton RankEm
CVE-2008-5587 (Directory traversal vulnerability in libraries/lib.inc.php in phpPgAdm ...)
	{DSA-1693-1}
	- phppgadmin 4.2.1-1.1 (low; bug #508026)
	NOTE: register_globals=on is required
	NOTE: http://www.milw0rm.com/exploits/7363
CVE-2008-5586 (SQL injection vulnerability in findoffice.php in Check Up New Generati ...)
	NOT-FOR-US: Check Up New Generation
CVE-2008-5585 (Multiple PHP remote file inclusion vulnerabilities in lcxBBportal 0.1  ...)
	NOT-FOR-US: lcxBBportal
CVE-2008-5622
	REJECTED
CVE-2008-5621 (Cross-site request forgery (CSRF) vulnerability in phpMyAdmin 2.11.x b ...)
	{DSA-1723-1}
	- phpmyadmin 4:2.11.8.1-5
	NOTE: https://www.phpmyadmin.net/security/PMASA-2008-10/
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/0d4adbfc1996c7d715b0ac9fa39a2ac14d8b28ad (2.11 branch)
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/01685c90aaba943511de0496e7ecb7fe49fa765b
CVE-2008-5584 (Multiple cross-site scripting (XSS) vulnerabilities in ProjectPier 0.8 ...)
	NOT-FOR-US: ProjectPier
CVE-2008-5583 (Cross-site request forgery (CSRF) vulnerability in index.php in Projec ...)
	NOT-FOR-US: ProjectPier
CVE-2008-5582 (SQL injection vulnerability in utilities/login.asp in Nukedit 4.9.x, a ...)
	NOT-FOR-US: Nukedit
CVE-2008-5581 (PHP remote file inclusion vulnerability in mini-pub.php/front-end/img. ...)
	NOT-FOR-US: mini-pub
CVE-2008-5580 (mini-pub.php/front-end/cat.php in mini-pub 0.3 allows remote attackers ...)
	NOT-FOR-US: mini-pub
CVE-2008-5579 (Absolute path traversal vulnerability in mini-pub.php/front-end/cat.ph ...)
	NOT-FOR-US: mini-pub
CVE-2008-5578 (Multiple SQL injection vulnerabilities in index.php in sCssBoard 1.0,  ...)
	NOT-FOR-US: sCssBoard
CVE-2008-5577 (PHP remote file inclusion vulnerability in index.php in sCssBoard 1.0, ...)
	NOT-FOR-US: sCssBoard
CVE-2008-5576 (admin/forums.php in sCssBoard 1.0, 1.1, 1.11, and 1.12 allows remote a ...)
	NOT-FOR-US: sCssBoard
CVE-2008-5575 (Session fixation vulnerability in Pro Clan Manager 0.4.2 and earlier a ...)
	NOT-FOR-US: Pro Clan Manager
CVE-2008-5574 (SQL injection vulnerability in member.php in Webmaster Marketplace all ...)
	NOT-FOR-US: Webmaster Marketplace
CVE-2008-5573 (SQL injection vulnerability in the login feature in Poll Pro 2.0 allow ...)
	NOT-FOR-US: Poll Pro
CVE-2008-5572 (Professional Download Assistant 0.1 stores sensitive information under ...)
	NOT-FOR-US: Professional Download Assistant
CVE-2008-5571 (SQL injection vulnerability in admin/login.asp in Professional Downloa ...)
	NOT-FOR-US: Professional Download Assistant
CVE-2008-5570 (Directory traversal vulnerability in index.php in PHP Multiple Newslet ...)
	NOT-FOR-US: Multiple Newsletters
CVE-2008-5569 (Multiple cross-site scripting (XSS) vulnerabilities in PHPepperShop 1. ...)
	NOT-FOR-US: PHPepperShop
CVE-2008-5568 (Cross-site request forgery (CSRF) vulnerability in admin/settings.php  ...)
	NOT-FOR-US: IPN Pro
CVE-2008-5567 (Cross-site request forgery (CSRF) vulnerability in admin/ad_settings.p ...)
	NOT-FOR-US: Bonza Cart
CVE-2008-5566 (Cross-site scripting (XSS) vulnerability in index.php in Triangle Solu ...)
	NOT-FOR-US: Multiple Newsletters
CVE-2008-5565 (Cross-site request forgery (CSRF) vulnerability in admin/settings.php  ...)
	NOT-FOR-US: DL PayCart
CVE-2008-5564 (Unspecified vulnerability in the media server in Orb Networks Orb befo ...)
	NOT-FOR-US: Orb Networks Orb
CVE-2008-5563 (Aruba Mobility Controller 2.4.8.x-FIPS, 2.5.x, 3.1.x, 3.2.x, 3.3.1.x,  ...)
	NOT-FOR-US: Aruba Mobility Controller
CVE-2008-5562 (ASPPortal stores sensitive information under the web root with insuffi ...)
	NOT-FOR-US: ASPPortal
CVE-2008-5561 (SQL injection vulnerability in Netref 4.0 allows remote attackers to e ...)
	NOT-FOR-US: Netref
CVE-2008-5560 (PostEcards stores sensitive information under the web root with insuff ...)
	NOT-FOR-US: PostEcards
CVE-2008-5559 (SQL injection vulnerability in sendcard.cfm in PostEcards allows remot ...)
	NOT-FOR-US: PostEcards
CVE-2008-5558 (Asterisk Open Source 1.2.26 through 1.2.30.3 and Business Edition B.2. ...)
	- asterisk 1:1.4.0~dfsg-1 (bug #509686)
	[etch] - asterisk <end-of-life> (Etch Packages no longer covered by security support)
CVE-2008-5557 (Heap-based buffer overflow in ext/mbstring/libmbfl/filters/mbfilter_ht ...)
	{DSA-1789-1 DTSA-188-1}
	- php5 5.2.6.dfsg.1-1 (bug #511493)
	[lenny] - php5 5.2.6.dfsg.1-1+lenny1
	NOTE: according to bug report, this was fixed in lenny prior to the release, but was not marked as such at the time
CVE-2008-6506 (Unspecified vulnerability in phpBB before 3.0.4 allows attackers to by ...)
	- phpbb3 3.0.2-4 (low; bug #508872)
CVE-2008-5556
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-5555 (Microsoft Internet Explorer 8.0 Beta 2 relies on the XDomainRequestAll ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-5554 (The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 does not prop ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-5553 (The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 disables itse ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-5552 (The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 allows remote ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-5551 (The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 allows remote ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-5550 (Open redirect vulnerability in console/faces/jsp/login/BeginLogin.jsp  ...)
	NOT-FOR-US: Sun Java Web Console
CVE-2008-5549 (Unspecified vulnerability in the Sun Java Web Console components in Su ...)
	NOT-FOR-US: Sun Java Web Console
CVE-2008-5548 (VirusBuster 4.5.11.0, when Internet Explorer 6 or 7 is used, allows re ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-5547 (HAURI ViRobot 2008.12.4.1499 and possibly 2008.9.12.1375, when Interne ...)
	NOT-FOR-US: HAURI ViRobot
CVE-2008-5546 (VirusBlokAda VBA32 3.12.8.5, when Internet Explorer 6 or 7 is used, al ...)
	NOT-FOR-US: VirusBlokAda VBA32
CVE-2008-5545 (Trend Micro VSAPI 8.700.0.1004 in Trend Micro AntiVirus, when Internet ...)
	NOT-FOR-US: Trend Micro VSAPI
CVE-2008-5544 (Hacksoft The Hacker 6.3.1.2.174 and possibly 6.3.0.9.081, when Interne ...)
	NOT-FOR-US: Hacksoft The Hacker
CVE-2008-5543 (Symantec AntiVirus (SAV) 10, when Internet Explorer 6 or 7 is used, al ...)
	NOT-FOR-US: Symantec AntiVirus
CVE-2008-5542 (Sunbelt VIPRE 3.1.1832.2 and possibly 3.1.1633.1, when Internet Explor ...)
	NOT-FOR-US: Sunbelt VIPRE
CVE-2008-5541 (Sophos Anti-Virus 4.33.0, when Internet Explorer 6 or 7 is used, allow ...)
	NOT-FOR-US: Sophos Anti-Virus
CVE-2008-5540 (Secure Computing Secure Web Gateway (aka Webwasher), when Internet Exp ...)
	NOT-FOR-US: Webwasher
CVE-2008-5539 (RISING Antivirus 21.06.31.00 and possibly 20.61.42.00, when Internet E ...)
	NOT-FOR-US: RISING Antivirus
CVE-2008-5538 (Prevx Prevx1 2, when Internet Explorer 6 or 7 is used, allows remote a ...)
	NOT-FOR-US: Prevx Prevx1 2
CVE-2008-5537 (PC Tools AntiVirus 4.4.2.0, when Internet Explorer 6 or 7 is used, all ...)
	NOT-FOR-US: PC Tools AntiVirus
CVE-2008-5536 (Panda Antivirus 9.0.0.4, when Internet Explorer 6 or 7 is used, allows ...)
	NOT-FOR-US: Panda Antivirus
CVE-2008-5535 (Norman Antivirus 5.80.02, when Internet Explorer 6 or 7 is used, allow ...)
	NOT-FOR-US: Norman Antivirus
CVE-2008-5534 (ESET NOD32 Antivirus 3662 and possibly 3440, when Internet Explorer 6  ...)
	NOT-FOR-US: ESET NOD32 Antivirus
CVE-2008-5533 (K7AntiVirus 7.10.541 and possibly 7.10.454, when Internet Explorer 6 o ...)
	NOT-FOR-US: K7AntiVirus
CVE-2008-5532 (Ikarus Virus Utilities T3.1.1.45.0 and possibly T3.1.1.34.0, when Inte ...)
	NOT-FOR-US: Ikarus Virus Utilities
CVE-2008-5531 (Fortinet Antivirus 3.113.0.0, when Internet Explorer 6 or 7 is used, a ...)
	NOT-FOR-US: Fortinet Antivirus
CVE-2008-5530 (Ewido Security Suite 4.0, when Internet Explorer 6 or 7 is used, allow ...)
	NOT-FOR-US: Ewido Security Suite
CVE-2008-5529 (CA eTrust Antivirus 31.6.6086, when Internet Explorer 6 or 7 is used,  ...)
	NOT-FOR-US: CA eTrust Antivirus
CVE-2008-5528 (Aladdin eSafe 7.0.17.0, when Internet Explorer 6 or 7 is used, allows  ...)
	NOT-FOR-US: Aladdin eSafe
CVE-2008-5527 (ESET Smart Security, when Internet Explorer 6 or 7 is used, allows rem ...)
	NOT-FOR-US: ESET Smart Security
CVE-2008-5526 (DrWeb Anti-virus 4.44.0.09170, when Internet Explorer 6 or 7 is used,  ...)
	NOT-FOR-US: DrWeb Anti-virus
CVE-2008-5525 (ClamAV 0.94.1 and possibly 0.93.1, when Internet Explorer 6 or 7 is us ...)
	- clamav <not-affected> (medium; bug #526041)
	NOTE: this issue refers to a clamav antivirus bypass that occurs when the user
	NOTE: is using IE6 or IE7 to open a malicious page with an MZ header
	NOTE: - all other browsers are not vulnerable
	NOTE: - see http://xforce.iss.net/xforce/xfdb/47435 and bug report for details
CVE-2008-5524 (CAT-QuickHeal 10.00 and possibly 9.50, when Internet Explorer 6 or 7 i ...)
	NOT-FOR-US: CAT-QuickHeal
CVE-2008-5523 (avast! antivirus 4.8.1281.0, when Internet Explorer 6 or 7 is used, al ...)
	NOT-FOR-US: avast! antivirus
CVE-2008-5522 (AVG Anti-Virus 8.0.0.161, when Internet Explorer 6 or 7 is used, allow ...)
	NOT-FOR-US: AVG Anti-Virus
CVE-2008-5521 (Avira AntiVir 7.9.0.36 and possibly 7.8.1.28, when Internet Explorer 6 ...)
	NOT-FOR-US: Avira AntiVir
CVE-2008-5520 (AhnLab V3 2008.12.4.1 and possibly 2008.9.13.0, when Internet Explorer ...)
	NOT-FOR-US: AhnLab V3
CVE-2008-5519 (The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat al ...)
	{DSA-1810-1}
	- libapache-mod-jk 1:1.2.26-2.1 (bug #523054)
CVE-2008-5518 (Multiple directory traversal vulnerabilities in the web administration ...)
	- geronimo <itp> (bug #481869)
CVE-2008-5517 (The web interface in git (gitweb) 1.5.x before 1.5.6 allows remote att ...)
	{DSA-1708-1}
	- git-core 1:1.5.6.5-2 (low; bug #512330)
CVE-2008-5516 (The web interface in git (gitweb) 1.5.x before 1.5.5 allows remote att ...)
	{DSA-1708-1}
	- git-core 1:1.5.6-1
CVE-2008-5515 (Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 throug ...)
	{DSA-2207-1}
	- tomcat5 <removed> (bug #532363)
	- tomcat5.5 <removed> (bug #532366)
	- tomcat6 6.0.20-1 (bug #532362)
	[lenny] - tomcat6 <not-affected> (Only ships the servlet package)
CVE-2008-5514 (Off-by-one error in the rfc822_output_char function in the RFC822BUFFE ...)
	{DTSA-174-2}
	- uw-imap 2007b~dfsg-1.1 (medium; bug #510918)
	[etch] - uw-imap <not-affected> (Vulnerable code not present)
	- alpine 2.02-3.1 (low)
	[lenny] - alpine <no-dsa> (Minor issue)
	[squeeze] - alpine 2.00+dfsg-6+squeeze1
CVE-2008-5513 (Unspecified vulnerability in the session-restore feature in Mozilla Fi ...)
	{DSA-1707-1}
	- iceweasel 3.0.5-1
CVE-2008-5512 (Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0 ...)
	{DSA-1707-1 DSA-1704-1 DSA-1697-1 DSA-1696-1}
	- iceweasel 3.0.5-1
	- icedove 2.0.0.19-1
	- iceape 1.1.14-1
	- xulrunner 1.9.0.5-1
CVE-2008-5511 (Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird  ...)
	{DSA-1707-1 DSA-1704-1 DSA-1697-1 DSA-1696-1}
	- iceweasel 3.0.5-1
	- icedove 2.0.0.19-1
	- iceape 1.1.14-1
	- xulrunner 1.9.0.5-1
CVE-2008-5510 (The CSS parser in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0. ...)
	{DSA-1707-1}
	- iceweasel 3.0.5-1
	- icedove 2.0.0.19-1
	- iceape 1.1.14-1
	[etch] - iceape <end-of-life> (Etch Packages no longer covered by security support)
	- xulrunner 1.9.0.5-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
	NOTE: patch will be checked for icedove/iceape/xulrunner by Alexander for next round
CVE-2008-5509
	REJECTED
CVE-2008-5508 (Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird  ...)
	{DSA-1707-1 DSA-1704-1 DSA-1697-1 DSA-1696-1}
	- iceweasel 3.0.5-1
	- icedove 2.0.0.19-1
	- iceape 1.1.14-1
	- xulrunner 1.9.0.5-1
CVE-2008-5507 (Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird  ...)
	{DSA-1707-1 DSA-1704-1 DSA-1697-1 DSA-1696-1}
	- iceweasel 3.0.5-1
	- icedove 2.0.0.19-1
	- iceape 1.1.14-1
	- xulrunner 1.9.0.5-1
CVE-2008-5506 (Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird  ...)
	{DSA-1707-1 DSA-1704-1 DSA-1697-1 DSA-1696-1}
	- iceweasel 3.0.5-1
	- icedove 2.0.0.19-1
	- iceape 1.1.14-1
	- xulrunner 1.9.0.5-1
CVE-2008-5505 (Mozilla Firefox 3.x before 3.0.5 allows remote attackers to bypass int ...)
	- iceweasel 3.0.5-1
	[etch] - iceweasel <end-of-life> (Etch Packages no longer covered by security support)
	NOTE: patch now available and will be checked for next patch round
CVE-2008-5504 (Mozilla Firefox 2.x before 2.0.0.19 allows remote attackers to run arb ...)
	{DSA-1707-1}
	- iceweasel 3.0.1-1
	- xulrunner 1.9.0.1-1
	[etch] - xulrunner <not-affected> (The vulnerable feature is only included in 1.8.1 branch)
	NOTE: Original fix for CVE-2008-3836 was incomplete
CVE-2008-5503 (The loadBindingDocument function in Mozilla Firefox 2.x before 2.0.0.1 ...)
	{DSA-1707-1 DSA-1704-1 DSA-1697-1 DSA-1696-1}
	- iceape 1.1.13-1
	- iceweasel 3.0.1-1
	- xulrunner 1.9.0.1-1
	- icedove 2.0.0.19-1 (low)
	NOTE: JavaScript for mails is disabled by default and if users enable it ...
CVE-2008-5502 (The layout engine in Mozilla Firefox 3.x before 3.0.5, Thunderbird 2.x ...)
	- iceweasel 3.0.5-1
	[etch] - iceweasel <not-affected> (Firefox 2.x not affected)
	- xulrunner 1.9.0.5-1
	[etch] - xulrunner <not-affected> (Xulrunner 1.8 not affected)
	- icedove <not-affected> (This issue was FF3 only, CVE-2008-5500 affects icedove)
CVE-2008-5501 (The layout engine in Mozilla Firefox 3.x before 3.0.5, Thunderbird 2.x ...)
	- iceweasel 3.0.5-1
	[etch] - iceweasel <not-affected> (Firefox 2.x not affected)
	- xulrunner 1.9.0.5-1
	[etch] - xulrunner <not-affected> (Xulrunner 1.8 not affected)
	- icedove <not-affected> (This issue was FF3 only, CVE-2008-5500 affects icedove)
CVE-2008-5500 (The layout engine in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2 ...)
	{DSA-1707-1 DSA-1704-1 DSA-1697-1 DSA-1696-1}
	- iceweasel 3.0.5-1
	- icedove 2.0.0.19-1
	- iceape 1.1.14-1
	- xulrunner 1.9.0.5-1
CVE-2008-5499 (Unspecified vulnerability in Adobe Flash Player for Linux 10.0.12.36,  ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2008-5498 (Array index error in the imageRotate function in PHP 5.2.8 and earlier ...)
	- php5 <not-affected> (php5 links to the shared lib)
	- libgd2 <not-affected> (code is specific to php's libgd)
	NOTE: http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.1360&r2=1.2027.2.547.2.1361
CVE-2008-5497 (BandSite CMS 1.1.4 allows remote attackers to bypass authentication an ...)
	NOT-FOR-US: BandSite CMS
CVE-2008-5496 (SQL injection vulnerability in showcategory.php in PozScripts Business ...)
	NOT-FOR-US: PozScripts Business Directory Script
CVE-2008-5495 (Unspecified vulnerability in the GungHo LoadPrgAx ActiveX control 1.0. ...)
	NOT-FOR-US: GungHo LoadPrgAx
CVE-2008-5494 (SQL injection vulnerability in the Contact Information Module (com_con ...)
	NOT-FOR-US: Contact Information Module (com_contactinfo) component for Joomla!
CVE-2008-5493 (SQL injection vulnerability in track.php in PHPStore Wholesales (aka W ...)
	NOT-FOR-US: PHPStore Wholesales
CVE-2008-5492 (Heap-based buffer overflow in the PDFVIEW.PdfviewCtrl.1 ActiveX contro ...)
	NOT-FOR-US: PDFVIEW.PdfviewCtrl.1
CVE-2008-5491 (SQL injection vulnerability in edit.php in SlimCMS 1.0.0 and earlier a ...)
	NOT-FOR-US: SlimCMS
CVE-2008-5490 (SQL injection vulnerability in index.php in PHPStore Yahoo Answers all ...)
	NOT-FOR-US: PHPStore Yahoo Answers
CVE-2008-5489 (SQL injection vulnerability in channel_detail.php in ClipShare Pro 4,  ...)
	NOT-FOR-US: ClipShare
CVE-2008-5488 (SQL injection vulnerability in admin.php in E-topbiz Domain Shop 2 all ...)
	NOT-FOR-US: E-topbiz Domain Shop
CVE-2008-5487 (Cross-site scripting (XSS) vulnerability in admin.php in TurnkeyForms  ...)
	NOT-FOR-US: TurnkeyForms Text Link Sales
CVE-2008-5486 (SQL injection vulnerability in admin.php in TurnkeyForms Text Link Sal ...)
	NOT-FOR-US: TurnkeyForms Text Link Sales
CVE-2008-5616 (Stack-based buffer overflow in the demux_open_vqf function in libmpdem ...)
	{DSA-1782-1 DTSA-181-1}
	- mplayer 1.0~rc2-19 (low; bug #508803)
CVE-2008-XXXX [axel URL parser buffer overflow]
	- axel 2.2 (unimportant)
	[etch] - axel <no-dsa> (Minor issue)
	NOTE: http://alioth.debian.org/forum/forum.php?forum_id=2846
	NOTE: this only work for non-interactive sessions which is a quite exotic usecase
CVE-2008-5619 (html2text.php in Chuggnutt HTML to Text Converter, as used in PHPMaile ...)
	- roundcube 0.1.1-9 (high; bug #508628; bug #536498)
	NOTE: According to the bug report, this is being exploited.
	- moodle 1.8.2.dfsg-2 (bug #508909)
	[etch] - moodle <not-affected> (Vulnerable code not present)
	NOTE: moodle recently copied roundcube's html2text due to their copy being non-free
	- mahara 1.1.3-1 (high; bug #524778)
	[lenny] - mahara <not-affected> (html2text.php wasn't yet included)
	- atmailopen <removed>
CVE-2008-5485
	REJECTED
CVE-2008-5484
	REJECTED
CVE-2008-5483
	REJECTED
CVE-2008-5482
	REJECTED
CVE-2008-5481
	REJECTED
CVE-2008-5480
	REJECTED
CVE-2008-5479
	REJECTED
CVE-2008-5478
	REJECTED
CVE-2008-5477
	REJECTED
CVE-2008-5476
	REJECTED
CVE-2008-5475
	REJECTED
CVE-2008-5474
	REJECTED
CVE-2008-5473
	REJECTED
CVE-2008-5472
	REJECTED
CVE-2008-5471
	REJECTED
CVE-2008-5470
	REJECTED
CVE-2008-5469
	REJECTED
CVE-2008-5468
	REJECTED
CVE-2008-5467
	REJECTED
CVE-2008-5466
	REJECTED
CVE-2008-5465
	REJECTED
CVE-2008-5464
	REJECTED
CVE-2008-5463 (Unspecified vulnerability in the PeopleSoft Enterprise Campus Solution ...)
	NOT-FOR-US: BEA WebLogic
CVE-2008-5462 (Unspecified vulnerability in the WebLogic Portal component in BEA Prod ...)
	NOT-FOR-US: BEA WebLogic
CVE-2008-5461 (Unspecified vulnerability in the WebLogic Server component in BEA Prod ...)
	NOT-FOR-US: BEA WebLogic
CVE-2008-5460 (Unspecified vulnerability in the WebLogic Server component in BEA Prod ...)
	NOT-FOR-US: BEA WebLogic
CVE-2008-5459 (Unspecified vulnerability in the WebLogic Server component in BEA Prod ...)
	NOT-FOR-US: BEA WebLogic
CVE-2008-5458 (Unspecified vulnerability in the Oracle Application Object Library com ...)
	NOT-FOR-US: Oracle
CVE-2008-5457 (Unspecified vulnerability in the Oracle BEA WebLogic Server Plugins fo ...)
	NOT-FOR-US: Oracle
CVE-2008-5456 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component  ...)
	NOT-FOR-US: Oracle
CVE-2008-5455 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS - ePerform ...)
	NOT-FOR-US: Oracle
CVE-2008-5454 (Unspecified vulnerability in the iProcurement component in Oracle E-Bu ...)
	NOT-FOR-US: Oracle
CVE-2008-5453
	REJECTED
CVE-2008-5452 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component  ...)
	NOT-FOR-US: Oracle
CVE-2008-5451 (Unspecified vulnerability in the JD Edwards Tools component in Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2008-5450 (Unspecified vulnerability in the Oracle Applications Platform Engineer ...)
	NOT-FOR-US: Oracle
CVE-2008-5449 (Unspecified vulnerability in the Oracle Secure Backup component in Ora ...)
	NOT-FOR-US: Oracle
CVE-2008-5448 (Unspecified vulnerability in the Oracle Secure Backup component in Ora ...)
	NOT-FOR-US: Oracle
CVE-2008-5447 (Unspecified vulnerability in the Oracle Enterprise Manager component i ...)
	NOT-FOR-US: Oracle
CVE-2008-5446 (Unspecified vulnerability in the Oracle Applications Framework compone ...)
	NOT-FOR-US: Oracle
CVE-2008-5445 (Unspecified vulnerability in the Oracle Secure Backup component in Ora ...)
	NOT-FOR-US: Oracle
CVE-2008-5444 (Unspecified vulnerability in the Oracle Secure Backup component in Ora ...)
	NOT-FOR-US: Oracle
CVE-2008-5443 (Unspecified vulnerability in the Oracle Secure Backup component in Ora ...)
	NOT-FOR-US: Oracle
CVE-2008-5442 (Unspecified vulnerability in the Oracle Secure Backup component in Ora ...)
	NOT-FOR-US: Oracle
CVE-2008-5441 (Unspecified vulnerability in the Oracle Secure Backup component in Ora ...)
	NOT-FOR-US: Oracle
CVE-2008-5440 (Unspecified vulnerability in the TimesTen Data Server component in Ora ...)
	NOT-FOR-US: Oracle
CVE-2008-5439 (Unspecified vulnerability in the SQL*Plus Windows GUI component in Ora ...)
	NOT-FOR-US: Oracle
CVE-2008-5438 (Unspecified vulnerability in the Oracle Portal component in Oracle App ...)
	NOT-FOR-US: Oracle
CVE-2008-5437 (Unspecified vulnerability in the Job Queue component in Oracle Databas ...)
	NOT-FOR-US: Oracle
CVE-2008-5436 (Unspecified vulnerability in the Oracle OLAP component in Oracle Datab ...)
	NOT-FOR-US: Oracle
CVE-2008-5435 (Cross-site scripting (XSS) vulnerability in moderate.php in PunBB befo ...)
	NOT-FOR-US: PunBB
CVE-2008-5434 (Multiple SQL injection vulnerabilities in PunBB 1.3 and 1.3.1 allow re ...)
	NOT-FOR-US: PunBB
CVE-2008-5433 (Cross-site scripting (XSS) vulnerability in login.php in PunBB 1.3 and ...)
	NOT-FOR-US: PunBB
CVE-2008-5432 (Cross-site scripting (XSS) vulnerability in Moodle before 1.6.8, 1.7 b ...)
	{DSA-1691-1}
	- moodle 1.8.2.dfsg-1 (bug #508593)
CVE-2008-5431 (Teamtek Universal FTP Server 1.0.44 allows remote attackers to cause a ...)
	NOT-FOR-US: Teamtek Universal FTP Server
CVE-2008-5430 (Mozilla Thunderbird 2.0.14 does not properly handle (1) multipart/mixe ...)
	- icedove <unfixed> (unimportant)
	NOTE: crashes icedove, but no security impact
CVE-2008-5429 (Incredimail build 5853710 does not properly handle (1) multipart/mixed ...)
	NOT-FOR-US: Incredimail
CVE-2008-5428 (Opera 9.51 on Windows XP does not properly handle (1) multipart/mixed  ...)
	NOT-FOR-US: Opera
CVE-2008-5427 (Norton Antivirus in Norton Internet Security 15.5.0.23 does not proper ...)
	NOT-FOR-US: Norton Internet Security
CVE-2008-5426 (Kaspersky Internet Security Suite 2009 does not properly handle (1) mu ...)
	NOT-FOR-US: Kaspersky Internet Security Suite
CVE-2008-5425 (ESet NOD32 2.70.0039.0000 does not properly handle (1) multipart/mixed ...)
	NOT-FOR-US: NOD32
CVE-2008-5424 (The MimeOleClearDirtyTree function in InetComm.dll in Microsoft Outloo ...)
	NOT-FOR-US: Microsoft Outlook Express
CVE-2008-5423 (Sun Sun Ray Server Software 3.x and 4.0 and Sun Ray Windows Connector  ...)
	NOT-FOR-US: Sun Ray Software
CVE-2008-5422 (Sun Sun Ray Server Software 3.1 through 4.0 does not properly restrict ...)
	NOT-FOR-US: Sun Sun Ray Server Software
CVE-2008-5421 (The SSL web administration service in NetWin SmsGate 1.1n and earlier  ...)
	NOT-FOR-US: NetWin SmsGate
CVE-2008-5420 (The SAN Manager Master Agent service (aka msragent.exe) in EMC Control ...)
	NOT-FOR-US: SAN Manager Master Agent
CVE-2008-5419 (Stack-based buffer overflow in SAN Manager Master Agent service (aka m ...)
	NOT-FOR-US: SAN Manager Master Agent
CVE-2008-5418 (Directory traversal vulnerability in login.php in the PunPortal module ...)
	NOT-FOR-US: PunBB
CVE-2008-5417 (HP DECnet-Plus 8.3 before ECO03 for OpenVMS on the Alpha platform uses ...)
	NOT-FOR-US: HP DECnet-Plus
CVE-2008-5416 (Heap-based buffer overflow in Microsoft SQL Server 2000 SP4, 8.00.2050 ...)
	NOT-FOR-US: Microsoft SQL Server
CVE-2008-5415 (The LDBserver service in the server in CA ARCserve Backup 11.1 through ...)
	NOT-FOR-US: CA ARCserve Backup
CVE-2008-5414 (Unspecified vulnerability in the Feature Pack for Web Services in the  ...)
	NOT-FOR-US: IBM WebSphere
CVE-2008-5413 (PerfServlet in the PMI/Performance Tools component in IBM WebSphere Ap ...)
	NOT-FOR-US: IBM WebSphere
CVE-2008-5412 (Unspecified vulnerability in IBM WebSphere Application Server (WAS) 7  ...)
	NOT-FOR-US: IBM WebSphere
CVE-2008-5411 (IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 sends SSL traf ...)
	NOT-FOR-US: IBM WebSphere
CVE-2008-5410 (The PK11_SESSION cache in the OpenSSL PKCS#11 engine in Sun Solaris 10 ...)
	NOT-FOR-US: Solaris
CVE-2008-5409 (Unspecified vulnerability in the pdf.xmd module in (1) BitDefender Fre ...)
	NOT-FOR-US: itDefender Free Edition and Antivirus Standard, BullGuard Internet Security and Software602 Groupware Server
CVE-2008-5408 (Buffer overflow in the data management protocol in Symantec Backup Exe ...)
	NOT-FOR-US: Symantec Backup Exec
CVE-2008-5407 (Multiple unspecified vulnerabilities in the Backup Exec remote-agent l ...)
	NOT-FOR-US: Symantec Backup Exec
CVE-2008-5406 (Stack-based buffer overflow in Apple QuickTime Player 7.5.5 and iTunes ...)
	NOT-FOR-US: Apple QuickTime Player and iTunes
CVE-2008-5405 (Stack-based buffer overflow in the RDP protocol password decoder in Ca ...)
	NOT-FOR-US: Cain & Abel
CVE-2008-5404 (Insecure method vulnerability in the FlexCell.Grid ActiveX control in  ...)
	NOT-FOR-US: FlexCell
CVE-2008-5403 (Heap-based buffer overflow in the XML parser in the AIM plugin in Tril ...)
	NOT-FOR-US: Trillian
CVE-2008-5402 (Double free vulnerability in the XML parser in Trillian before 3.1.12. ...)
	NOT-FOR-US: Trillian
CVE-2008-5401 (Stack-based buffer overflow in the image tooltip implementation in Tri ...)
	NOT-FOR-US: Trillian
CVE-2008-5400 (Multiple cross-site request forgery (CSRF) vulnerabilities in mvnForum ...)
	NOT-FOR-US: mvnForum
CVE-2008-5399 (Cross-site scripting (XSS) vulnerability in the listonlineusers (aka " ...)
	NOT-FOR-US: mvnForum
CVE-2008-5398 (Tor before 0.2.0.32 does not properly process the ClientDNSRejectInter ...)
	- tor 0.2.0.32-1
CVE-2008-5397 (Tor before 0.2.0.32 does not properly process the (1) User and (2) Gro ...)
	- tor 0.2.0.32-1 (bug #505178)
CVE-2008-5396 (Array index error in the (1) torisa.c and (2) dahdi/tor2.c drivers in  ...)
	{DSA-1699-1}
	- zaptel 1:1.4.11~dfsg-3
CVE-2008-5395 (The parisc_show_stack function in arch/parisc/kernel/traps.c in the Li ...)
	{DSA-1794-1 DSA-1787-1}
	- linux-2.6 2.6.26-13
	- linux-2.6.24 <removed>
CVE-2008-5393 (UPR-Kernel in Ubuntu Privacy Remix (UPR) before 8.04_r1 includes kerne ...)
	NOT-FOR-US: Ubuntu Privacy Remix
CVE-2008-5392
	REJECTED
CVE-2008-5391
	REJECTED
CVE-2008-5390
	REJECTED
CVE-2008-5389
	REJECTED
CVE-2008-5388
	REJECTED
CVE-2008-5387 (Buffer overflow in autoconf6 in IBM AIX 6.1.0 through 6.1.2, when Role ...)
	NOT-FOR-US: IBM AIX
CVE-2008-5386 (Buffer overflow in ndp in IBM AIX 6.1.0 through 6.1.2, when the netcd  ...)
	NOT-FOR-US: IBM AIX
CVE-2008-5385 (enq in bos.rte.printers in IBM AIX 6.1.0 through 6.1.2, when a print q ...)
	NOT-FOR-US: IBM AIX
CVE-2008-5384 (crontab in bos.rte.cron in IBM AIX 6.1.0 through 6.1.2 allows local us ...)
	NOT-FOR-US: IBM AIX
CVE-2008-5383 (Stack-based buffer overflow in National Instruments Electronics Workbe ...)
	NOT-FOR-US: National Instruments Electronics Workbench
CVE-2008-5382 (Cross-site request forgery (CSRF) vulnerability in I-O DATA DEVICE HDL ...)
	NOT-FOR-US: I-O firmware
CVE-2008-5381 (Buffer overflow in the URL processing in ffdshow (aka ffdshow-tryout)  ...)
	NOT-FOR-US: ffdshow
CVE-2008-5380 (gpsdrive (aka gpsdrive-scripts) 2.09 allows local users to overwrite a ...)
	- gpsdrive 2.10~pre4-6.dfsg-2 (low; bug #508595)
	[etch] - gpsdrive <no-dsa> (Minor issue)
	[lenny] - gpsdrive 2.10~pre4-6.dfsg-1+lenny1
CVE-2008-5379 (netdisco-mibs-installer 1.0 allows local users to overwrite arbitrary  ...)
	- netdisco-mibs-installer 1.4 (low; bug #508940)
	[lenny] - netdisco-mibs-installer <no-dsa> (Contrib not supported)
CVE-2008-5378 (arb-kill in arb 0.0.20071207.1 allows local users to overwrite arbitra ...)
	- arb 0.0.20071207.1-6 (low; bug #508942)
CVE-2008-5377 (pstopdf in CUPS 1.3.8 allows local users to overwrite arbitrary files  ...)
	- cups 1.3.8-1lenny1 (low)
	- cupsys <removed>
	[etch] - cupsys <no-dsa> (Example script)
CVE-2008-5376 (editcomment in crip 3.7 allows local users to overwrite arbitrary file ...)
	- crip 3.7-5 (low; bug #509275)
	[etch] - crip 3.7-3+etch1
CVE-2008-5375 (cmus-status-display in cmus 2.2.0 allows local users to overwrite arbi ...)
	- cmus 2.2.0-1.1 (unimportant; bug #509277)
	NOTE: Just an example script
CVE-2008-5374 (bash-doc 3.2 allows local users to overwrite arbitrary files via a sym ...)
	- bash 4.0-2 (unimportant; bug #509279)
	NOTE: scripts are examples
CVE-2008-5373 (mtx-changer.Adic-Scalar-24 in bacula-common 2.4.2 allows local users t ...)
	- bacula 2.4.0-1 (unimportant; bug #509301)
	NOTE: script is an example
CVE-2008-5372 (sdm-login in sdm-terminal 0.4.0b allows local users to overwrite arbit ...)
	- sdm 0.4.1-1 (unimportant; bug #509331)
	NOTE: Not really a bug since only "touch" is used on the temp file
CVE-2008-5371 (screenie in screenie 1.30.0 allows local users to overwrite arbitrary  ...)
	- screenie 1.30.0-5.1 (low; bug #509332)
CVE-2008-5370 (pvpgn-support-installer in pvpgn 1.8.1 allows local users to overwrite ...)
	- pvpgn 1.8.1-2 (low; bug #509336)
	[etch] - pvpgn <no-dsa> (Contrib not supported)
CVE-2008-5369 (noip2 in noip2 2.1.7 allows local users to overwrite arbitrary files v ...)
	- no-ip 2.1.9-1 (unimportant; bug #509348)
	NOTE: original issue doesn't seem to be present, however there is a tmprace in the init
	NOTE: script if it is used to debug with strace and a missing check for mkstemp failing
	NOTE: but these situations are really corner cases
CVE-2008-5368 (muttprint in muttprint 0.72d allows local users to overwrite arbitrary ...)
	- muttprint 0.72d-10 (low; bug #509487)
	[etch] - muttprint 0.72d-8etch1
CVE-2008-5367 (ip-up in ppp-udeb 2.4.4rel on Debian GNU/Linux allows local users to o ...)
	- ppp <unfixed> (unimportant)
	NOTE: insecure temp file handling in udeb is not an issue, since it is during the installation
CVE-2008-5366 (The postinst script in ppp 2.4.4rel on Debian GNU/Linux allows local u ...)
	- ppp <unfixed> (unimportant; bug #509488)
	NOTE: Package postinst isn't vulnerable, only .tmp files in /etc
CVE-2008-5365 (SQL injection vulnerability in VoteHistory.asp in ActiveWebSoftwares A ...)
	NOT-FOR-US: ActiveWebSoftwares
CVE-2008-5364 (Stack-based buffer overflow in the getPlus ActiveX control in gp.ocx 1 ...)
	NOT-FOR-US: getPlus
CVE-2008-5363 (The ActionScript 2 virtual machine in Adobe Flash Player 10.x before 1 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2008-5362 (The DefineConstantPool action in the ActionScript 2 virtual machine in ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2008-5361 (The ActionScript 2 virtual machine in Adobe Flash Player 10.x before 1 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2008-5617 (The ACL handling in rsyslog 3.12.1 to 3.20.0, 4.1.0, and 4.1.1 does no ...)
	- rsyslog 3.18.6-1 (bug #508027)
CVE-2008-5624 (PHP 5 before 5.2.7 does not properly initialize the page_uid and page_ ...)
	{DSA-1789-1 DTSA-188-1}
	- php5 5.2.6.dfsg.1-1 (medium; bug #508021)
	- php4 <removed> (medium; bug #559787)
CVE-2008-5660 (Format string vulnerability in the vinagre_utils_show_error function ( ...)
	- vinagre 0.5.1-2
CVE-2008-5360 (Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and ear ...)
	- sun-java5 1.5.0-17-0.1 (low; bug #508194)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	- sun-java6 6-12-1 (low; bug #508195)
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 6b11-9.1 (bug #510972)
CVE-2008-5359 (Buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE  ...)
	- sun-java5 1.5.0-17-0.1 (bug #508194)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	- sun-java6 6-12-1 (bug #508195)
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 6b11-9.1 (bug #510972)
CVE-2008-5358 (Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and ear ...)
	- sun-java5 1.5.0-17-0.1 (bug #508194)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	- sun-java6 6-12-1 (bug #508195)
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 6b11-9.1 (bug #510972)
CVE-2008-5357 (Integer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE ...)
	- sun-java5 1.5.0-17-0.1 (bug #508194)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	- sun-java6 6-12-1 (bug #508195)
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 <not-affected> (uses system's freetype library)
CVE-2008-5356 (Heap-based buffer overflow in Java Runtime Environment (JRE) for Sun J ...)
	- sun-java5 1.5.0-17-0.1 (bug #508194)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	- sun-java6 6-12-1 (bug #508195)
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 <not-affected> (uses system's freetype library)
CVE-2008-5355 (The "Java Update" feature for Java Runtime Environment (JRE) for Sun J ...)
	- sun-java5 <not-affected> (Java update not used in Debian)
	- sun-java6 <not-affected> (Java update not used in Debian)
	- openjdk-6 <not-affected> (Java update not used in Debian)
CVE-2008-5354 (Stack-based buffer overflow in Java Runtime Environment (JRE) for Sun  ...)
	- sun-java5 1.5.0-17-0.1 (bug #508194)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	- sun-java6 6-12-1 (bug #508195)
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 6b11-9.1 (bug #510972)
CVE-2008-5353 (The Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and ...)
	- sun-java5 1.5.0-17-0.1 (bug #508194)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	- sun-java6 6-12-1 (bug #508195)
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 6b11-9.1 (bug #510972)
CVE-2008-5352 (Integer overflow in the JAR unpacking utility (unpack200) in the unpac ...)
	- sun-java5 1.5.0-17-0.1 (bug #508194)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	- sun-java6 6-12-1 (bug #508195)
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 6b11-9.1 (bug #510972)
CVE-2008-5351 (Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and ear ...)
	- sun-java5 1.5.0-17-0.1 (bug #508194)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	- sun-java6 6-12-1 (bug #508195)
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 6b11-9.1 (bug #510972)
CVE-2008-5350 (Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JD ...)
	- sun-java5 1.5.0-17-0.1 (bug #508194)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	- sun-java6 6-12-1 (bug #508195)
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 6b11-9.1 (bug #510972)
CVE-2008-5349 (Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JD ...)
	- sun-java5 1.5.0-17-0.1 (bug #508194)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	- sun-java6 6-12-1 (bug #508195)
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 6b11-9.1 (bug #510972)
CVE-2008-5348 (Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JD ...)
	- sun-java5 1.5.0-17-0.1 (bug #508194)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	- sun-java6 6-12-1 (bug #508195)
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 6b11-9.1 (bug #510972)
CVE-2008-5347 (Multiple unspecified vulnerabilities in Java Runtime Environment (JRE) ...)
	- sun-java5 1.5.0-17-0.1 (bug #508194)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	- sun-java6 6-12-1 (bug #508195)
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 6b11-9.1 (bug #510972)
CVE-2008-5346 (Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JD ...)
	- sun-java5 1.5.0-17-0.1 (bug #508194)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
CVE-2008-5345 (Unspecified vulnerability in Java Runtime Environment (JRE) with Sun J ...)
	- sun-java5 1.5.0-17-0.1 (bug #508194)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	- sun-java6 6-12-1 (bug #508195)
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 <not-affected> (bug in plugin code)
	NOTE: For OpenJDK, see: http://mail.openjdk.java.net/pipermail/core-libs-dev/2009-June/001784.html
CVE-2008-5344 (Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in wit ...)
	- sun-java5 1.5.0-17-0.1 (bug #508194)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	- sun-java6 6-12-1 (bug #508195)
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 <not-affected> (browser plugin is different code base)
CVE-2008-5343 (Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 ...)
	- sun-java5 1.5.0-17-0.1 (bug #508194)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	- sun-java6 6-12-1 (bug #508195)
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 <not-affected> (browser plugin is different code base)
CVE-2008-5342 (Unspecified vulnerability in the BasicService for Java Web Start (JWS) ...)
	- sun-java5 1.5.0-17-0.1 (bug #508194)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	- sun-java6 6-12-1 (bug #508195)
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 <not-affected> (browser plugin is different code base)
CVE-2008-5341 (Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in wit ...)
	- sun-java5 1.5.0-17-0.1 (bug #508194)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	- sun-java6 6-12-1 (bug #508195)
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 <not-affected> (browser plugin is different code base)
CVE-2008-5340 (Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in wit ...)
	- sun-java5 1.5.0-17-0.1 (bug #508194)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	- sun-java6 6-12-1 (bug #508195)
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 <not-affected> (browser plugin is different code base)
CVE-2008-5339 (Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in wit ...)
	- sun-java5 1.5.0-17-0.1 (bug #508194)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	- sun-java6 6-12-1 (bug #508195)
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 <not-affected> (browser plugin is different code base)
CVE-2008-5338 (Cross-site scripting (XSS) vulnerability in info.php in Bandwebsite (a ...)
	NOT-FOR-US: Bandwebsite
CVE-2008-5337 (SQL injection vulnerability in lyrics.php in Bandwebsite (aka Bandsite ...)
	NOT-FOR-US: Bandwebsite
CVE-2008-5336 (SQL injection vulnerability in index.php in WebStudio CMS allows remot ...)
	NOT-FOR-US: WebStudio CMS
CVE-2008-5335 (SQL injection vulnerability in messages.php in PHP-Fusion 6.01.15 and  ...)
	NOT-FOR-US: PHP-Fusion
CVE-2008-5334 (PHP remote file inclusion vulnerability in includes/common.php in Nitr ...)
	NOT-FOR-US: NitroTech
CVE-2008-5333 (SQL injection vulnerability in members.php in NitroTech 0.0.3a allows  ...)
	NOT-FOR-US: NitroTech
CVE-2008-5332 (Multiple PHP remote file inclusion vulnerabilities in Pie 0.5.3 allow  ...)
	NOT-FOR-US: Pie Web M{a,e}sher
CVE-2008-5331 (Adobe Acrobat 9 uses more efficient encryption than previous versions, ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2008-5330 (Multiple cross-site scripting (XSS) vulnerabilities in the web interfa ...)
	NOT-FOR-US: ClearCase RWP IBM
CVE-2008-5329 (ClearQuest Web in IBM Rational ClearQuest MultiSite before 7.1 allows  ...)
	NOT-FOR-US: IBM
CVE-2008-5328 (The ClearQuest Maintenance Tool in IBM Rational ClearQuest before 7 st ...)
	NOT-FOR-US: IBM
CVE-2008-5327 (The ClearQuest Maintenance Tool in IBM Rational ClearQuest 7 before 7. ...)
	NOT-FOR-US: IBM
CVE-2008-5326 (The ClearQuest Maintenance Tool in IBM Rational ClearQuest 7.0.0 befor ...)
	NOT-FOR-US: IBM
CVE-2008-5325 (Multiple cross-site scripting (XSS) vulnerabilities in CQ Web in IBM R ...)
	NOT-FOR-US: IBM
CVE-2008-5324 (Multiple cross-site scripting (XSS) vulnerabilities in CQ Web in IBM R ...)
	NOT-FOR-US: IBM
CVE-2008-5658 (Directory traversal vulnerability in the ZipArchive::extractTo functio ...)
	{DSA-1789-1 DTSA-188-1}
	- php5 5.2.6.dfsg.1-3 (bug #507857)
	- php4 <removed>
CVE-2008-5323 (Cross-site scripting (XSS) vulnerability in index.php in Wysi Wiki Wyg ...)
	NOT-FOR-US: Wysi Wiki Wyg
CVE-2008-5322 (Wysi Wiki Wyg 1.0 allows remote attackers to obtain system information ...)
	NOT-FOR-US: Wysi Wiki Wyg
CVE-2008-5321 (SQL injection vulnerability in index.php in GesGaleri, a module for XO ...)
	NOT-FOR-US: XOOPS module
CVE-2008-5320 (SQL injection vulnerability in usersettings.php in e107 0.7.13 and ear ...)
	NOT-FOR-US: e107
CVE-2008-5319 (Unspecified vulnerability in Tikiwiki before 2.2 has unknown impact an ...)
	- tikiwiki <removed>
CVE-2008-5318 (Unspecified vulnerability in Tikiwiki before 2.2 has unknown impact an ...)
	- tikiwiki <removed>
CVE-2008-5317 (Integer signedness error in the cmsAllocGamma function in src/cmsgamma ...)
	{DSA-1684-1}
	- lcms 1.17-1
	- openjdk-6 6b16-1 (medium; bug #542210)
CVE-2008-5316 (Buffer overflow in the ReadEmbeddedTextTag function in src/cmsio1.c in ...)
	{DSA-1684-1}
	- lcms 1.16-1
CVE-2008-5315 (Directory traversal vulnerability in the web interface in Apple iPhone ...)
	NOT-FOR-US: Apple iPhone Configuration Web Utility
CVE-2008-XXXX [Insecure tmpdir creation]
	[lenny] - devscripts 2.10.35lenny1 (low)
	- devscripts 2.10.42 (low; bug #507482)
	[etch] - devscripts 2.9.26etch2
CVE-2008-XXXX [Insecure tempfile creation]
	- devscripts 2.10.42 (low; bug #508111)
	[etch] - devscripts <not-affected> (vulnerable code not present)
	[lenny] - devscripts 2.10.35lenny1 (low)
CVE-2008-5314 (Stack consumption vulnerability in libclamav/special.c in ClamAV befor ...)
	{DSA-1680-1}
	- clamav 0.94.dfsg.2-1 (medium; bug #507624)
CVE-2008-5311 (SQL injection vulnerability in image.php in NetArt Media Blog System 1 ...)
	NOT-FOR-US: NetArt Media Blog System
CVE-2008-5310 (SQL injection vulnerability in image.php in NetArt Media Car Portal 2. ...)
	NOT-FOR-US: NetArt Media Car Portal
CVE-2008-5309 (SQL injection vulnerability in NetArt Media Real Estate Portal 1.2 all ...)
	NOT-FOR-US: NetArt Media Real Estate Portal
CVE-2008-5308 (The Simple Forum 3.1d module for LoveCMS 1.6.2 Final does not properly ...)
	NOT-FOR-US: LoveCMS
CVE-2008-5307 (SQL injection vulnerability in admin/index.php in PG Roommate Finder S ...)
	NOT-FOR-US: PG Roommate Finder Solution
CVE-2008-5306 (SQL injection vulnerability in admin/index.php in PG Real Estate Solut ...)
	NOT-FOR-US: PG Real Estate Solution
CVE-2008-5305 (Eval injection vulnerability in TWiki before 4.2.4 allows remote attac ...)
	- twiki <removed> (medium; bug #508257)
CVE-2008-5304 (Cross-site scripting (XSS) vulnerability in TWiki before 4.2.4 allows  ...)
	- twiki <removed> (low; bug #508256)
CVE-2008-5303 (Race condition in the rmtree function in File::Path 1.08 (lib/File/Pat ...)
	{DSA-1678-1}
	- perl 5.10.0-18
CVE-2008-5302 (Race condition in the rmtree function in File::Path 1.08 and 2.07 (lib ...)
	{DSA-1678-1}
	- perl 5.10.0-18
CVE-2008-5301 (Directory traversal vulnerability in the ManageSieve implementation in ...)
	- dovecot 1:1.0.15-2.3 (bug #506031)
CVE-2008-5300 (Linux kernel 2.6.28 allows local users to cause a denial of service (" ...)
	{DSA-1687-1 DSA-1681-1}
	- linux-2.6 2.6.26-12
	- linux-2.6.24 2.6.24-6~etchnhalf.7
CVE-2008-5296 (Gallery 1.5.x before 1.5.10 and 1.6 before 1.6-RC3, when register_glob ...)
	- gallery 1.5.9-1.2 (low; bug #506824)
	[etch] - gallery <not-affected> (vulnerable code introduced in 1.5.8-svn-b34)
CVE-2008-5295 (SQL injection vulnerability in index.php in Jamit Job Board 3.4.10 all ...)
	NOT-FOR-US: Jamit Job Board
CVE-2008-5294 (SQL injection vulnerability in index.php in WebStudio eCatalogue allow ...)
	NOT-FOR-US: WebStudio eCatalogue
CVE-2008-5293 (SQL injection vulnerability in index.php in WebStudio eHotel allows re ...)
	NOT-FOR-US: WebStudio eHotel
CVE-2008-5292 (SQL injection vulnerability in view_snaps.php in VideoGirls BiZ allows ...)
	NOT-FOR-US: VideoGirls
CVE-2008-5291 (Directory traversal vulnerability in code/track.php in FuzzyLime 3.03  ...)
	NOT-FOR-US: FuzzyLime
CVE-2008-5290 (Cross-site scripting (XSS) vulnerability in full_txt.php in Werner Hil ...)
	NOT-FOR-US: Werner Hilversum Clean CMS
CVE-2008-5289 (SQL injection vulnerability in full_txt.php in Werner Hilversum Clean  ...)
	NOT-FOR-US: Werner Hilversum Clean CMS
CVE-2008-5288 (PHP remote file inclusion vulnerability in include/header.php in Werne ...)
	NOT-FOR-US: Werner Hilversum Clean CMS
CVE-2008-5287 (SQL injection vulnerability in catagorie.php in Werner Hilversum FAQ M ...)
	NOT-FOR-US: Werner Hilversum Clean CMS
CVE-2008-5284 (The web server in IEA Software RadiusNT and RadiusX 5.1.38 and other v ...)
	NOT-FOR-US: IEA Software RadiusNT and RadiusX
CVE-2008-5283 (Google Hack Honeypot (GHH) File Upload Manager 1.3 allows remote attac ...)
	NOT-FOR-US: File Upload Manager
CVE-2008-5282 (Multiple stack-based buffer overflows in W3C Amaya Web Browser 10.0.1  ...)
	NOTE: neither in Etch nor Lenny, removal has been proposed
	- amaya <removed> (bug #507587)
CVE-2008-5281 (Heap-based buffer overflow in Titan FTP Server 6.05 build 550 allows r ...)
	NOT-FOR-US: Titan FTP Server
CVE-2008-5280 (The Local ZIM Server in Zilab Chat and Instant Messaging (ZIM) Server  ...)
	NOT-FOR-US: Zilab Chat and Instant Messaging
CVE-2008-5279 (The Local ZIM Server (zcs.exe) in Zilab Chat and Instant Messaging (ZI ...)
	NOT-FOR-US: Zilab Chat and Instant Messaging
CVE-2008-5277 (PowerDNS before 2.9.21.2 allows remote attackers to cause a denial of  ...)
	- pdns 2.9.21.2-1 (low)
	[etch] - pdns <not-affected> (old version of HINFO parser)
CVE-2008-5275 (Multiple directory traversal vulnerabilities in the (a) "Unzip archive ...)
	NOT-FOR-US: net2ftp
CVE-2008-5274 (Todd Woolums ASP News Management 2.2 allows remote attackers to obtain ...)
	NOT-FOR-US: Todd Woolums ASP News Management
CVE-2008-5273 (SQL injection vulnerability in viewnews.asp in Todd Woolums ASP News M ...)
	NOT-FOR-US: Todd Woolums ASP News Management
CVE-2008-5272 (Multiple directory traversal vulnerabilities in Fred Stuurman SyndeoCM ...)
	NOT-FOR-US: SyndeoCMS
CVE-2008-5271 (Cross-site scripting (XSS) vulnerability in index.php in Fred Stuurman ...)
	NOT-FOR-US: SyndeoCMS
CVE-2008-5270 (SQL injection vulnerability in view.topics.php in Yuhhu Superstar 2008 ...)
	NOT-FOR-US: Yuhhu Superstar
CVE-2008-5269 (SQL injection vulnerability in index.php in pSys 0.7.0 alpha allows re ...)
	NOT-FOR-US: pSys
CVE-2008-5268 (SQL injection vulnerability in content/forums/reply.asp in ASPPortal a ...)
	NOT-FOR-US: ASPPortal
CVE-2008-5267 (SQL injection vulnerability in answer.php in Experts 1.0.0, when magic ...)
	NOT-FOR-US: Experts
CVE-2008-5266 (Cross-site scripting (XSS) vulnerability in configuration/httpListener ...)
	NOT-FOR-US: Sun Java System Application Server
CVE-2008-5265 (Directory traversal vulnerability in index.php in TNT Forum 0.9.4, whe ...)
	NOT-FOR-US: TNT Forum
CVE-2008-5264 (Cross-site scripting (XSS) vulnerability in searcher.exe in Tornado Kn ...)
	NOT-FOR-US: Tornado Knowledge Retrieval System
CVE-2008-5263 (Multiple stack-based buffer overflows in the mt_codec::getHdrHead func ...)
	NOT-FOR-US: ksquirrel
CVE-2008-5262 (Multiple stack-based buffer overflows in the iGetHdrHeader function in ...)
	{DSA-1717-1 DTSA-184-1}
	- devil 1.7.5-4 (low; bug #511844; bug #512122)
	NOTE: fix for 1.7.5-3 incomplete, see #512122
CVE-2008-5261
	RESERVED
CVE-2008-5260 (Heap-based buffer overflow in the CamImage.CamImage.1 ActiveX control  ...)
	NOT-FOR-US: ActiveX
CVE-2008-5259 (Integer signedness error in DivX Web Player 1.4.2.7, and possibly earl ...)
	NOT-FOR-US: DivX Web Player
CVE-2008-5258
	RESERVED
CVE-2008-5257 (webseald in WebSEAL 6.0.0.17 in IBM Tivoli Access Manager for e-busine ...)
	NOT-FOR-US: WebSEAL
CVE-2008-5255
	RESERVED
CVE-2008-5254
	RESERVED
CVE-2008-5253
	RESERVED
CVE-2008-5252 (Cross-site request forgery (CSRF) vulnerability in the Special:Import  ...)
	{DSA-1901-1 DTSA-186-1}
	- mediawiki 1:1.13.3-1 (bug #508870)
	- mediawiki1.7 <removed>
	[etch] - mediawiki <not-affected> (metapackage)
CVE-2008-5251
	RESERVED
CVE-2008-5250 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.6.11, 1 ...)
	{DSA-1901-1 DTSA-186-1}
	- mediawiki 1:1.13.3-1 (bug #508869)
	- mediawiki1.7 <removed>
	[etch] - mediawiki <not-affected> (metapackage)
CVE-2008-5249 (Cross-site scripting (XSS) vulnerability in MediaWiki 1.13.0 through 1 ...)
	{DSA-1901-1 DTSA-186-1}
	- mediawiki 1:1.13.3-1 (bug #508868)
	- mediawiki1.7 <removed>
	[etch] - mediawiki <not-affected> (metapackage)
CVE-2008-5276 (Integer overflow in the ReadRealIndex function in real.c in the Real d ...)
	- vlc 0.9.8a-1 (low)
	[etch] - vlc <not-affected> (vulnerable code not present)
	[lenny] - vlc <not-affected> (vulnerable code not present)
CVE-2008-7068 (The dba_replace function in PHP 5.2.6 and 4.x allows context-dependent ...)
	{DTSA-188-1}
	- php5 5.2.6.dfsg.1-3 (bug #507101)
	[lenny] - php5 5.2.6.dfsg.1-1+lenny2
	- php4 <removed>
	NOTE: if a user has write access to a file he simply can use fopen()
CVE-2008-5278 (Cross-site scripting (XSS) vulnerability in the self_link function in  ...)
	- wordpress 2.5.1-11 (low; bug #507193)
	[etch] - wordpress <not-affected> (Vulnerable code not present)
	NOTE: introduced in 2.5
CVE-2008-5286 (Integer overflow in the _cupsImageReadPNG function in CUPS 1.1.17 thro ...)
	{DSA-1677-1}
	- cups 1.3.8-1lenny4 (bug #507183; medium)
CVE-2008-XXXX [geda-gnetlist: sch2eaglepos.sh has insecure temp file handling ]
	- geda-gnetlist 1:1.4.0-3 (bug #506625; unimportant)
	NOTE: sch2eaglepos.sh only used as example script
CVE-2008-5248 (xine-lib before 1.1.15 allows remote attackers to cause a denial of se ...)
	- xine-lib 1.1.14-3
	- vlc <not-affected> (affected part of xine-lib code copy not present)
CVE-2008-5247 (The real_parse_audio_specific_data function in demux_real.c in xine-li ...)
	- xine-lib <unfixed> (unimportant; bug #508715)
	NOTE: a devide by 0 because of a crafted media file is hardly a security issue,
	NOTE: the integer overflows covered by the ocert advisory in the same code snippet
	NOTE: got an own identifier
CVE-2008-5246 (Multiple heap-based buffer overflows in xine-lib before 1.1.15 allow r ...)
	- xine-lib 1.1.14-3 (low; bug #507184; bug #498243)
	- vlc <not-affected> (affected part of xine-lib code copy not present)
CVE-2008-5245 (xine-lib before 1.1.15 performs V4L video frame preallocation before a ...)
	- xine-lib 1.1.14-3 (low)
	[etch] - xine-lib <not-affected> (The version from Etch doesn't yet perform pre-allocation)
CVE-2008-5244 (Unspecified vulnerability in xine-lib before 1.1.15 has unknown impact ...)
	- xine-lib 1.1.14-3 (unimportant)
	- faad2 2.6.1-1 (unimportant)
	- mplayer 1.0~rc2-20 (unimportant; bug #407010)
	NOTE: overlaps with CVE-2008-4610, same aac issue
	NOTE: just a crasher, no security implications known so far
CVE-2008-5243 (The real_parse_headers function in demux_real.c in xine-lib 1.1.12, an ...)
	- xine-lib 1.1.16-1 (bug #508716)
	[lenny] - xine-lib 1.1.14-4
	[squeeze] - xine-lib 1.1.14-4
	NOTE: these are just invalid reads that result in segfaults, denial of service doesnt
	NOTE: apply here as xine reading a file is no service -> application bug
CVE-2008-5242 (demux_qt.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions,  ...)
	- xine-lib 1.1.16-1 (medium; bug #507165; bug #498243)
	[lenny] - xine-lib 1.1.14-4
	[squeeze] - xine-lib 1.1.14-4
CVE-2008-5241 (Integer underflow in demux_qt.c in xine-lib 1.1.12, and other 1.1.15 a ...)
	- xine-lib 1.1.16-1 (low; bug #509008)
	[lenny] - xine-lib 1.1.14-4
	[squeeze] - xine-lib 1.1.14-4
CVE-2008-5240 (xine-lib 1.1.12, and other 1.1.15 and earlier versions, relies on an u ...)
	- xine-lib 1.1.16-2 (low; bug #509352)
	[lenny] - xine-lib 1.1.14-5
	[squeeze] - xine-lib 1.1.14-5
CVE-2008-5239 (xine-lib 1.1.12, and other 1.1.15 and earlier versions, does not prope ...)
	- xine-lib 1.1.16-2 (medium; bug #509353)
	[lenny] - xine-lib 1.1.14-5
	[squeeze] - xine-lib 1.1.14-5
CVE-2008-5238 (Integer overflow in the real_parse_mdpr function in demux_real.c in xi ...)
	- xine-lib 1.1.14-3 (low)
	NOTE: code execution shouldn't work here as if 0xff will be extended to 0xffffffff
	NOTE: memcpy fails for copying from the complete addressable address space long before any code is executed
	NOTE: the malloc check for type_specific_data is missing, minor issue filed as #508065
CVE-2008-5237 (Multiple integer overflows in xine-lib 1.1.12, and other 1.1.15 and ea ...)
	- xine-lib 1.1.16-1 (bug #509265; low)
	[lenny] - xine-lib 1.1.14-4
	[squeeze] - xine-lib 1.1.14-4
CVE-2008-5236 (Multiple heap-based buffer overflows in xine-lib 1.1.12, and other 1.1 ...)
	- xine-lib 1.1.16-1 (bug #509521)
	[lenny] - xine-lib 1.1.14-4
	[squeeze] - xine-lib 1.1.14-4
CVE-2008-5235 (Heap-based buffer overflow in the demux_real_send_chunk function in sr ...)
	- xine-lib 1.1.14-3
	- vlc <not-affected> (affected part of xine-lib code copy not present)
CVE-2008-5234 (Multiple heap-based buffer overflows in xine-lib 1.1.12, and other ver ...)
	- xine-lib 1.1.16-1 (medium; bug #508313; bug #498243)
	[lenny] - xine-lib 1.1.14-4
	[squeeze] - xine-lib 1.1.14-4
CVE-2008-5233 (xine-lib 1.1.12, and other versions before 1.1.15, does not check for  ...)
	- xine-lib 1.1.14-3 (low)
	- vlc <not-affected> (affected part of xine-lib code copy not present)
CVE-2008-5232 (Buffer overflow in the CallHTMLHelp method in the Microsoft Windows Me ...)
	NOT-FOR-US: Microsoft Windows Media Services
CVE-2008-5231 (Stack-based buffer overflow in the ExecuteRequest method in the Novell ...)
	NOT-FOR-US: Novell iPrint
CVE-2008-5230 (The Temporal Key Integrity Protocol (TKIP) implementation in unspecifi ...)
	NOT-FOR-US: WPA weakness
CVE-2008-5229 (Stack-based buffer overflow in Microsoft Device IO Control in iphlpapi ...)
	NOT-FOR-US: Microsoft Device IO Control
CVE-2008-5228 (Cross-site scripting (XSS) vulnerability in IBM Workplace Content Mana ...)
	NOT-FOR-US: IBM Workplace Content Management
CVE-2008-5227 (Unspecified vulnerability in PHPCow allows remote attackers to execute ...)
	NOT-FOR-US: PHPCow
CVE-2008-5226 (SQL injection vulnerability in the MambAds (com_mambads) component 1.0 ...)
	NOT-FOR-US: com_mambads component for Mambo
CVE-2008-5225 (Multiple cross-site scripting (XSS) vulnerabilities in Xerox DocuShare ...)
	NOT-FOR-US: Xerox DocuShare
CVE-2008-5224 (Cross-site scripting (XSS) vulnerability in Kent Web Mart 1.61 and ear ...)
	NOT-FOR-US: Kent Web Mart
CVE-2008-5223 (SQL injection vulnerability in index.php in Airvae Commerce 3.0 allows ...)
	NOT-FOR-US: Airvae Commerce
CVE-2008-5222 (SQL injection vulnerability in login.asp in Dvbbs 8.2.0 allows remote  ...)
	NOT-FOR-US: Dvbbs
CVE-2008-5221 (The account_save action in admin/userinfo.php in wPortfolio 0.3 and ea ...)
	NOT-FOR-US: wPortfolio
CVE-2008-5220 (Unrestricted file upload vulnerability in admin/upload_form.php in wPo ...)
	NOT-FOR-US: wPortfolio
CVE-2008-5219 (The password change feature (admin/cp.php) in VideoScript 4.0.1.50 and ...)
	NOT-FOR-US: VideoScript
CVE-2008-5218 (ScriptsEz FREEze Greetings 1.0 stores pwd.txt under the web root with  ...)
	NOT-FOR-US: ScriptsEz FREEze Greetings
CVE-2008-5217 (Directory traversal vulnerability in index.php in txtCMS 0.3, when reg ...)
	NOT-FOR-US: textCMS
CVE-2008-5216 (SQL injection vulnerability in category_list.php in AJ Square ZeusCart ...)
	NOT-FOR-US: AJ Square ZeusCart
CVE-2008-5215 (SQL injection vulnerability in service/profil.php in ClanLite 2.2006.0 ...)
	NOT-FOR-US: ClanLite
CVE-2008-5214 (Cross-site scripting (XSS) vulnerability in service/calendrier.php in  ...)
	NOT-FOR-US: ClanLite
CVE-2008-5213 (SQL injection vulnerability in featured_article.php in AJ Article 1.0  ...)
	NOT-FOR-US: AJ Article
CVE-2008-5212 (SQL injection vulnerability in classifide_ad.php in AJ Auction 6.2.1 a ...)
	NOT-FOR-US: AJ Auction
CVE-2008-5211 (Cross-site scripting (XSS) vulnerability in search.php in Sphider 1.3. ...)
	NOT-FOR-US: Sphider
CVE-2008-5210 (Multiple PHP remote file inclusion vulnerabilities in PhpBlock A8.5 al ...)
	NOT-FOR-US: PhpBlock
CVE-2008-5209 (Directory traversal vulnerability in modules/download/get_file.php in  ...)
	NOT-FOR-US: Admidio
CVE-2008-5208 (SQL injection vulnerability in sub_votepic.php in the Datsogallery (co ...)
	NOT-FOR-US: Datsogallery joomla module
CVE-2008-5207 (Multiple directory traversal vulnerabilities in Jonascms 1.2 allow rem ...)
	NOT-FOR-US: Jonascms
CVE-2008-5206 (PHP remote file inclusion vulnerability in modules/mod_mainmenu.php in ...)
	NOT-FOR-US: MosXML
CVE-2008-5205 (Cross-site scripting (XSS) vulnerability in edit.php in wellyblog allo ...)
	NOT-FOR-US: wellyblog
CVE-2008-5204 (Multiple directory traversal vulnerabilities in PowerAward 1.1.0 RC1,  ...)
	NOT-FOR-US: PowerAward
CVE-2008-5203 (Cross-site scripting (XSS) vulnerability in external_vote.php in Power ...)
	NOT-FOR-US: PowerAward
CVE-2008-5202 (Cross-site scripting (XSS) vulnerability in index.php in OTManager CMS ...)
	NOT-FOR-US: OTManager CMS
CVE-2008-5201 (Directory traversal vulnerability in index.php in OTManager CMS 24a al ...)
	NOT-FOR-US: OTManager CMS
CVE-2008-5200 (SQL injection vulnerability in the Xe webtv (com_xewebtv) component fo ...)
	NOT-FOR-US: Xe webtv
CVE-2008-5199 (PHP remote file inclusion vulnerability in include.php in PHPOutsourci ...)
	NOT-FOR-US: PHPOutsourcing IdeaBox
CVE-2008-5198 (SQL injection vulnerability in memberlist.php in Acmlmboard 1.A2 allow ...)
	NOT-FOR-US: Acmlmboard
CVE-2008-5197 (SQL injection vulnerability in classifieds.php in PHP-Fusion allows re ...)
	NOT-FOR-US: PHP-Fusion
CVE-2008-5196 (SQL injection vulnerability in kroax.php in the Kroax (the_kroax) 4.42 ...)
	NOT-FOR-US: Kroax
CVE-2008-5195 (Multiple SQL injection vulnerabilities in SebracCMS (sbcms) 0.4 allow  ...)
	NOT-FOR-US: SebracCMS
CVE-2008-5194 (SQL injection vulnerability in checkavail.php in SoftVisions Software  ...)
	NOT-FOR-US: SoftVisions Software Online Booking Manager
CVE-2008-5193 (Cross-site scripting (XSS) vulnerability in search.asp in W1L3D4 Philb ...)
	NOT-FOR-US: W1L3D4 Philboard
CVE-2008-5192 (SQL injection vulnerability in forum.asp in W1L3D4 Philboard 1.14 and  ...)
	NOT-FOR-US: W1L3D4 Philboard
CVE-2008-5191 (Multiple SQL injection vulnerabilities in SePortal 2.4 allow remote at ...)
	NOT-FOR-US: SePortal
CVE-2008-5190 (SQL injection vulnerability in index.php in eSHOP100 allows remote att ...)
	NOT-FOR-US: eSHOP100
CVE-2008-5285 (Wireshark 1.0.4 and earlier allows remote attackers to cause a denial  ...)
	[lenny] - wireshark 1.0.2-3+lenny3
	- wireshark 1.0.5-1 (low; bug #506741)
CVE-2008-5394 (/bin/login in shadow 4.0.18.1 in Debian GNU/Linux, and probably other  ...)
	{DSA-1709-1}
	- shadow 1:4.1.1-6 (bug #505271)
CVE-2008-5706 (The cTrigger::DoIt function in src/ctrigger.cpp in the trigger mechani ...)
	- verlihub <removed> (low; bug #506530)
CVE-2008-5705 (The cTrigger::DoIt function in src/ctrigger.cpp in the trigger mechani ...)
	- verlihub <removed> (low; bug #506530)
CVE-2008-5189 (CRLF injection vulnerability in Ruby on Rails before 2.0.5 allows remo ...)
	- rails 2.1.0-6 (low)
CVE-2008-5188 (The (1) ecryptfs-setup-private, (2) ecryptfs-setup-confidential, and ( ...)
	- ecryptfs-utils 66-1 (low)
	[lenny] - ecryptfs-utils <no-dsa> (Minor issue)
CVE-2008-5184 (The web interface (cgi-bin/admin.c) in CUPS before 1.3.8 uses the gues ...)
	- cups 1.3.8-1
	[etch] - cupsys <not-affected> (cupsys doesn't crash, code base changed, guest username not submitted)
CVE-2008-5182 (The inotify functionality in Linux kernel 2.6 before 2.6.28-rc5 might  ...)
	{DSA-1687-1 DSA-1681-1}
	- linux-2.6 2.6.26-12
	- linux-2.6.24 2.6.24-6~etchnhalf.7
CVE-2008-5181 (Microsoft Communicator allows remote attackers to cause a denial of se ...)
	NOT-FOR-US: Microsoft Communicator
CVE-2008-5180 (Microsoft Communicator, and Communicator in Microsoft Office 2010 beta ...)
	NOT-FOR-US: Microsoft Communicator
CVE-2008-5179 (Unspecified vulnerability in Microsoft Office Communications Server (O ...)
	NOT-FOR-US: Microsoft Office Communications Server
CVE-2008-5178 (Heap-based buffer overflow in Opera 9.62 on Windows allows remote atta ...)
	NOT-FOR-US: Opera on Windows
CVE-2008-5177 (Stack-based buffer overflow in the DtbClsLogin function in Yosemite Ba ...)
	NOT-FOR-US: Yosemite Backup
CVE-2008-5176 (Multiple buffer overflows in Client Software WinCom LPD Total 3.0.2.62 ...)
	NOT-FOR-US: WinCom LPD
CVE-2008-5187 (The load function in the XPM loader for imlib2 1.4.2, and possibly oth ...)
	{DSA-1672-1}
	- imlib2 1.4.0-1.2 (bug #505714)
CVE-2008-5625 (PHP 5 before 5.2.7 does not enforce the error_log safe_mode restrictio ...)
	- php5 <removed> (unimportant)
	NOTE: http://securityreason.com/achievement_securityalert/57
CVE-2008-5312 (mailscanner 4.55.10 and other versions before 4.74.16-1 might allow lo ...)
	- mailscanner 4.74.16-1 (bug #506353)
	[etch] - mailscanner <no-dsa> (Minor issue)
	NOTE: there is no difference apart from the versions to CVE-2008-5313
CVE-2008-5313 (mailscanner 4.68.8 and other versions before 4.74.16-1 might allow loc ...)
	- mailscanner 4.74.16-1 (bug #506353)
	[etch] - mailscanner <no-dsa> (Minor issue)
	NOTE: there is no difference apart from the versions to CVE-2008-5312
CVE-2008-5175 (Directory traversal vulnerability in the FTP client in AceFTP Freeware ...)
	NOT-FOR-US: AceFTP
CVE-2008-5174 (SQL injection vulnerability in joke.php in Jokes Complete Website 2.1. ...)
	NOT-FOR-US: Jokes Complete Website
CVE-2008-5173 (Unspecified vulnerability in testMaker before 3.0p16 allows remote aut ...)
	NOT-FOR-US: testMaker
CVE-2008-5172 (Multiple cross-site scripting (XSS) vulnerabilities in Yazd Forum Soft ...)
	NOT-FOR-US: Yazd Forum Software
CVE-2008-5171 (Multiple directory traversal vulnerabilities in admin/minibb/index.php ...)
	NOT-FOR-US: phpBLASTER CMS
CVE-2008-5170 (SQL injection vulnerability in item.php in Cheats Complete Website 1.1 ...)
	NOT-FOR-US: Cheats Complete Website
CVE-2008-5169 (SQL injection vulnerability in drinks/drink.php in Drinks Complete Web ...)
	NOT-FOR-US: Drinks Complete Website
CVE-2008-5168 (SQL injection vulnerability in tip.php in Tips Complete Website 1.2.0  ...)
	NOT-FOR-US: Tips Complete Website
CVE-2008-5167 (PHP remote file inclusion vulnerability in layout/default/params.php i ...)
	NOT-FOR-US: Orca Interactive Forum Script
CVE-2008-5166 (SQL injection vulnerability in riddle.php in Riddles Website 1.2.1 all ...)
	NOT-FOR-US: Riddles Website
CVE-2008-5165 (Multiple SQL injection vulnerabilities in eTicket 1.5.7 allow remote a ...)
	NOT-FOR-US: eTicket
CVE-2008-5164 (Multiple cross-site scripting (XSS) vulnerabilities in The Rat CMS Pre ...)
	NOT-FOR-US: The Rat CMS
CVE-2008-5163 (Multiple SQL injection vulnerabilities in The Rat CMS Pre-Alpha 2 allo ...)
	NOT-FOR-US: The Rat CMS
CVE-2008-5162 (The arc4random function in the kernel in FreeBSD 6.3 through 7.1 does  ...)
	- kfreebsd-6 <removed>
	[lenny] - kfreebsd-6 <no-dsa> (KFreebsd not supported)
	- kfreebsd-7 7.1-1
	[lenny] - kfreebsd-7 7.0-7lenny1
CVE-2008-5161 (Error handling in the SSH protocol in (1) SSH Tectia Client and Server ...)
	- openssh 1:5.1p1-5 (low; bug #506115)
	[etch] - openssh <no-dsa> (Minor issue, see http://www.openssh.org/txt/cbc.adv)
CVE-2008-5185 (The highlighting functionality in geshi.php in GeSHi before 1.0.8 allo ...)
	{DTSA-179-1}
	- geshi 1.0.8.1-1 (medium)
CVE-2008-5160 (Unspecified vulnerability in MyServer 0.8.11 allows remote attackers t ...)
	- msp-webserver <removed> (bug #506268)
CVE-2008-5159 (Integer overflow in the remote administration protocol processing in C ...)
	NOT-FOR-US: WinCom LPD
CVE-2008-5158 (Client Software WinCom LPD Total 3.0.2.623 and earlier allows remote a ...)
	NOT-FOR-US: WinCom LPD
CVE-2008-5157 (tau 2.16.4 allows local users to overwrite arbitrary files via a symli ...)
	- tau 2.16.4-1.3 (bug #506348)
	[etch] - tau <no-dsa> (Minor issue)
CVE-2008-5156 (si_mkbootserver in systemimager-server 3.6.3 allows local users to ove ...)
	- systemimager <removed> (bug #506269)
	[etch] - systemimager <no-dsa> (Minor issue)
CVE-2008-5155 (mail2sms.sh in smsclient 2.0.8z allows local users to overwrite arbitr ...)
	- smsclient <unfixed> (unimportant; bug #498901)
CVE-2008-5154 (bluetooth.rc in p3nfs 5.19 allows local users to overwrite arbitrary f ...)
	- p3nfs 5.19-1.2 (low; bug #506270)
	[etch] - p3nfs <no-dsa> (Minor issue)
CVE-2008-5153 (spell-check-logic.cgi in Moodle 1.8.2 allows local users to overwrite  ...)
	{DSA-1724-1}
	- moodle 1.8.2.2dfsg-4
	[lenny] - moodle 1.8.2.dfsg-3+lenny1
	NOTE: manual editing of file is required to run the unsafe code
CVE-2008-5152 (inmail-show in mh-book 200605 allows local users to overwrite arbitrar ...)
	- mh-book <unfixed> (unimportant)
	NOTE: unsafe code is in example script
CVE-2008-5151 (test_parser.py in mayavi 1.5 allows local users to overwrite arbitrary ...)
	- mayavi <unfixed> (unimportant)
	NOTE: just a comment, not code
CVE-2008-5150 (sample.sh in maildirsync 1.1 allows local users to append data to arbi ...)
	- maildirsync <unfixed> (unimportant)
	NOTE: unsafe code is in example script
CVE-2008-5149 (fwd_check.sh in libncbi6 6.1.20080302 allows local users to overwrite  ...)
	- ncbi-tools6 6.1.20080302-4 (unimportant)
	NOTE: unsafe code is in example script
CVE-2008-5148 (sch2eaglepos.sh in geda-gnetlist 1.4.0 allows local users to overwrite ...)
	- geda-gnetlist <unfixed> (unimportant)
	NOTE: unsafe code is an example script
CVE-2008-5147 (test-pipe-to-pyodconverter.org.sh in docvert 2.4 allows local users to ...)
	- docvert 3.4-7 (unimportant)
	NOTE: unsafe code is in test script with multiple hardcoded files
CVE-2008-5146 (add-accession-numbers in ctn 3.0.6 allows local users to overwrite arb ...)
	- ctn <unfixed> (unimportant)
	NOTE: unsafe code is in example script
CVE-2008-5145 (ltpmenu in ltp 20060918 allows local users to overwrite arbitrary file ...)
	- ltp 20060918-3 (low; bug #506272)
	[etch] - ltp <no-dsa> (Minor issue)
	NOTE: this is not the same as CVE-2008-4969
CVE-2008-5144 (nvidia-cg-toolkit-installer in nvidia-cg-toolkit 2.0.0015 allows local ...)
	- nvidia-cg-toolkit <unfixed> (unimportant)
	NOTE: -installer can be run from postinst but unsafe code is only executed when a special option is used when manually running the installer
CVE-2008-5143 (mgt-helper in multi-gnome-terminal 1.6.2 allows local users to overwri ...)
	[etch] - multi-gnome-terminal <no-dsa> (Symlink issue not run as root)
	- multi-gnome-terminal <removed>
CVE-2008-5142 (sendbug in freebsd-sendpr 3.113+5.3 on Debian GNU/Linux allows local u ...)
	- freebsd-sendpr <unfixed> (unimportant)
	NOTE: code is only executed when the script to send bug reports fails
CVE-2008-5141 (flamethrower in flamethrower 0.1.8 allows local users to overwrite arb ...)
	{DSA-1676-1}
	- flamethrower 0.1.8-2 (low; bug #506350)
CVE-2008-5140 (trend-autoupdate.new in mailscanner 4.55.10 and other versions before  ...)
	- mailscanner 4.57.6-1 (unimportant)
	NOTE: script should only be used when the private Trend Micro antivirus is installed
CVE-2008-5139 (updatejail in jailer 0.4 allows local users to overwrite arbitrary fil ...)
	{DSA-1674-1}
	- jailer 0.4-10 (bug #410548; low)
CVE-2008-5138 (passwdehd in libpam-mount 0.43 allows local users to overwrite arbitra ...)
	- libpam-mount 1.2+gitaa4791f-1 (low)
	[lenny] - libpam-mount 0.44-1+lenny2
CVE-2008-5137 (tkman in tkman 2.2 allows local users to overwrite arbitrary files via ...)
	- tkman 2.2-4 (low; bug #506496)
	[etch] - tkman 2.2-2etch1
CVE-2008-5136 (tkusr in tkusr 0.82 allows local users to overwrite arbitrary files vi ...)
	[etch] - tkusr <no-dsa> (Minor issue)
	- tkusr <removed> (low)
CVE-2008-5135
	- os-prober <unfixed> (unimportant)
CVE-2008-5134 (Buffer overflow in the lbs_process_bss function in drivers/net/wireles ...)
	{DSA-1681-1}
	[etch] - linux-2.6 <not-affected> (Vulnerable code not present)
	- linux-2.6 2.6.26-11
	- linux-2.6.24 2.6.24-6~etchnhalf.7
CVE-2008-5133 (ipnat in IP Filter in Sun Solaris 10 and OpenSolaris before snv_96, wh ...)
	NOT-FOR-US: ipnat
CVE-2008-5183 (cupsd in CUPS 1.3.9 and earlier allows local users, and possibly remot ...)
	{DSA-2176-1}
	- cups 1.3.9-13 (low; bug #506180)
	[lenny] - cups <no-dsa> (Minor issue)
	[etch] - cupsys <not-affected> (RSS subscription code not yet present)
CVE-2008-5297 (Buffer overflow in No-IP DUC 2.1.7 and earlier allows remote HTTP serv ...)
	{DSA-1686-1}
	- no-ip 2.1.7-11 (bug #506179)
CVE-2008-5132 (SQL injection vulnerability in inc/ajax/ajax_rating.php in MemHT Porta ...)
	NOT-FOR-US: MemHT Portal
CVE-2008-5131 (Multiple SQL injection vulnerabilities in Develop It Easy News And Art ...)
	NOT-FOR-US: Develop It Easy News And Article System
CVE-2008-5130 (Ocean12 Calendar Manager Gold 2.04 stores sensitive information under  ...)
	NOT-FOR-US: Ocean12 software
CVE-2008-5129 (Ocean12 Poll Manager Pro 1.00 stores sensitive information under the w ...)
	NOT-FOR-US: Ocean12 software
CVE-2008-5128 (Ocean12 Membership Manager Pro stores sensitive information under the  ...)
	NOT-FOR-US: Ocean12 software
CVE-2008-5127 (Ocean12 Contact Manager Pro 1.02 stores sensitive information under th ...)
	NOT-FOR-US: Ocean12 software
CVE-2008-5126 (Cross-site scripting (XSS) vulnerability in search.php in BoutikOne CM ...)
	NOT-FOR-US: BoutikOne
CVE-2008-5125 (admin.php in CCleague Pro 1.2 allows remote attackers to bypass authen ...)
	NOT-FOR-US: CCleague Pro
CVE-2008-5124 (JSCAPE Secure FTP Applet 4.8.0 and earlier does not ask the user to ve ...)
	NOT-FOR-US: JSCAPE Secure FTP Applet
CVE-2008-5123 (SQL injection vulnerability in admin.php in CCleague Pro 1.2 allows re ...)
	NOT-FOR-US: CCleague Pro
CVE-2008-5122 (SQL injection vulnerability in WorkArea/ContentRatingGraph.aspx in Ekt ...)
	NOT-FOR-US: Ektron CMS400.NET
CVE-2008-5121 (dne2000.sys in Citrix Deterministic Network Enhancer (DNE) 2.21.7.233  ...)
	NOT-FOR-US: Citrix Deterministic Network Enhancer
CVE-2008-5120 (Stack-based buffer overflow in the Process Software MultiNet finger se ...)
	NOT-FOR-US: MultiNet finger service
CVE-2008-5119 (Cross-site scripting (XSS) vulnerability in search.php in Scripts4Prof ...)
	NOT-FOR-US: Scripts4Profit DXShopCart
CVE-2008-5118 (Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 all ...)
	NOT-FOR-US: Sun Java System Identity Manager
CVE-2008-5117 (Open redirect vulnerability in Sun Java System Identity Manager 6.0 th ...)
	NOT-FOR-US: Sun Java System Identity Manager
CVE-2008-5116 (Directory traversal vulnerability in idm/includes/helpServer.jsp in Su ...)
	NOT-FOR-US: Sun Java System Identity Manager
CVE-2008-5115 (Cross-site request forgery (CSRF) vulnerability in Sun Java System Ide ...)
	NOT-FOR-US: Sun Java System Identity Manager
CVE-2008-5114 (Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System ...)
	NOT-FOR-US: Sun Java System Identity Manager
CVE-2008-5112 (The LDAP server in Active Directory in Microsoft Windows 2000 SP4 and  ...)
	NOT-FOR-US: Microsoft
CVE-2008-5111 (Unspecified vulnerability in the socket function in Sun Solaris 10 and ...)
	NOT-FOR-US: Solaris
CVE-2008-5109 (The default configuration of Adobe Flash Media Server (FMS) 3.0 does n ...)
	NOT-FOR-US: Adobe Flash Media Server
CVE-2008-5108 (Unspecified vulnerability in Adobe AIR 1.1 and earlier allows context- ...)
	NOT-FOR-US: Adobe AIR
CVE-2008-5107 (The installation process for Citrix Presentation Server 4.5 and Deskto ...)
	NOT-FOR-US: Citrix PS
CVE-2008-5106 (Buffer overflow in KarjaSoft Sami FTP Server 2.0.x allows remote attac ...)
	NOT-FOR-US: KarjaSoft Sami FTP Server
CVE-2008-5105 (KarjaSoft Sami FTP Server 2.0.x allows remote attackers to cause a den ...)
	NOT-FOR-US: KarjaSoft Sami FTP Server
CVE-2008-5104 (Ubuntu 6.06 LTS, 7.10, 8.04 LTS, and 8.10, when installed as a virtual ...)
	NOT-FOR-US: VMBuilder
CVE-2008-5103 (The (1) python-vm-builder and (2) ubuntu-vm-builder implementations in ...)
	NOT-FOR-US: VMBuilder
CVE-2008-5102 (PythonScripts in Zope 2 2.11.2 and earlier, as used in Conga and other ...)
	- zope2.10 <unfixed> (unimportant)
	NOTE: this only affects installations in which users have unrestricted access to the management
	NOTE: interface. On Debian there one admin user is added for this at installation time and
	NOTE: non-trustworthy users shouldn't have access to the interface.
	- zope3 <not-affected> (Vulnerable code not present)
CVE-2008-5100 (The strong name (SN) implementation in Microsoft .NET Framework 2.0.50 ...)
	NOT-FOR-US: Microsoft .NET Framework
CVE-2008-5099 (Sun Logical Domain Manager (aka LDoms Manager or ldm) 1.0 through 1.0. ...)
	NOT-FOR-US: Sun Logical Domain Manager
CVE-2008-5098 (Cross-site scripting (XSS) vulnerability in Sun Java System Messaging  ...)
	NOT-FOR-US: Sun Java System Messaging Serve
CVE-2008-5110 (syslog-ng does not call chdir when it calls chroot, which might allow  ...)
	- syslog-ng 2.0.9-4.1 (unimportant; bug #505791)
	NOTE: no security flaw by itself, still it should be fixed
CVE-2008-5097 (SQL injection vulnerability in index.php in MyFWB 1.0 allows remote at ...)
	NOT-FOR-US: MyFWB
CVE-2008-5096 (Unspecified vulnerability in the TYPO3 File List (file_list) extension ...)
	NOT-FOR-US: TYPO3 third party extension "file_list"
CVE-2008-5095 (Cross-site scripting (XSS) vulnerability in the Novell User Applicatio ...)
	NOT-FOR-US: Novell User Application
CVE-2008-5094 (Heap-based buffer overflow in the NDS Service in Novell eDirectory bef ...)
	NOT-FOR-US: eDirectory
CVE-2008-5093 (Cross-site scripting (XSS) vulnerability in the HTTP Protocol Stack (H ...)
	NOT-FOR-US: eDirectory
CVE-2008-5092 (Heap-based buffer overflows in Novell eDirectory HTTP protocol stack ( ...)
	NOT-FOR-US: eDirectory
CVE-2008-5091 (Buffer overflow in the LDAP Service in Novell eDirectory 8.7.3 before  ...)
	NOT-FOR-US: eDirectory
CVE-2008-5090 (Electron Inc. Advanced Electron Forum before 1.0.7 allows remote attac ...)
	NOT-FOR-US: Advanced Electron Forum
CVE-2008-5089 (Multiple insecure method vulnerabilities in the DDActiveReportsViewer2 ...)
	NOT-FOR-US: Data Dynamics ActiveReports ActiveX control
CVE-2008-5088 (Multiple SQL injection vulnerabilities in PHPKB Knowledge Base Softwar ...)
	NOT-FOR-US: PHPKB
CVE-2008-5087 (SQL injection vulnerability in TYPO3 Another Backend Login (wrg_anothe ...)
	NOT-FOR-US: wrg_anotherbelogin extension for typo3
CVE-2008-5086 (Multiple methods in libvirt 0.3.2 through 0.5.1 do not check if a conn ...)
	- libvirt 0.4.6-10
CVE-2008-5085
	REJECTED
CVE-2008-5084
	REJECTED
CVE-2008-5083 (In JON 2.1.x before 2.1.2 SP1, users can obtain unauthorized security  ...)
	NOT-FOR-US: Red Hat JBoss Operations Network
CVE-2008-5082 (The verifyProof function in the Token Processing System (TPS) componen ...)
	NOT-FOR-US: Red Hat Certificate System
CVE-2008-5081 (The originates_from_local_legacy_unicast_socket function (avahi-core/s ...)
	{DSA-1690-1 DTSA-189-1}
	- avahi 0.6.23-3 (bug #508700; low)
CVE-2008-5080 (awstats.pl in AWStats 6.8 and earlier does not properly remove quote c ...)
	{DSA-1679-1}
	- awstats 6.7.dfsg-5.1 (bug #495432; low)
CVE-2008-5079 (net/atm/svc.c in the ATM subsystem in the Linux kernel 2.6.27.8 and ea ...)
	{DSA-1787-1 DSA-1687-1}
	- linux-2.6 2.6.26-12
	- linux-2.6.24 <removed>
	NOTE: http://marc.info/?l=linux-netdev&m=122841256115780&w=2
CVE-2008-5078 (Multiple buffer overflows in the (1) recognize_eps_file function (src/ ...)
	{DSA-1670-1}
	- enscript 1.6.4-13 (bug #506261)
CVE-2008-5077 (OpenSSL 0.9.8i and earlier does not properly check the return value fr ...)
	{DSA-1701-1}
	- openssl 0.9.8g-15
CVE-2008-5075 (Multiple SQL injection vulnerabilities in E-Uploader Pro 1.0 (aka Uplo ...)
	NOT-FOR-US: E-Uploader Pro
CVE-2008-5074 (SQL injection vulnerability in index.php in the Freshlinks 1.0 RC1 mod ...)
	NOT-FOR-US: Freshlinks module for PHP-Fusion
CVE-2008-5073 (Heap-based buffer overflow in an ActiveX control in Novell ZENworks De ...)
	NOT-FOR-US: Novell ZENworks ActiveX control
CVE-2008-5072 (vsfilter.dll in K-Lite Mega Codec Pack 3.5.7.0 allows remote attackers ...)
	NOT-FOR-US: K-Lite Mega Codec Pack
CVE-2008-5071 (Multiple eval injection vulnerabilities in itpm_estimate.php in Yoxel  ...)
	NOT-FOR-US: Yoxel
CVE-2008-5070 (SQL injection vulnerability in Pro Chat Rooms 3.0.3, when magic_quotes ...)
	NOT-FOR-US: Pro Chat Rooms
CVE-2008-5069 (SQL injection vulnerability in go.php in Panuwat PromoteWeb MySQL, whe ...)
	NOT-FOR-US: Panuwat PromoteWeb MySQL
CVE-2008-5068 (Multiple cross-site scripting (XSS) vulnerabilities in Kmita Gallery a ...)
	NOT-FOR-US: Kmita Gallery
CVE-2008-5067 (Cross-site scripting (XSS) vulnerability in search.php in Kmita Catalo ...)
	NOT-FOR-US: Kmita Catalogue
CVE-2008-5066 (PHP remote file inclusion vulnerability in upload/admin/frontpage_righ ...)
	NOT-FOR-US: Agares Media ThemeSiteScript
CVE-2008-5065 (TlGuestBook 1.2 allows remote attackers to bypass authentication and g ...)
	NOT-FOR-US: TlGuestBook
CVE-2008-5064 (SQL injection vulnerability in liga.php in H&amp;H WebSoccer 2.80 allo ...)
	NOT-FOR-US: H&H WebSoccer
CVE-2008-5063 (PHP remote file inclusion vulnerability in Admin/ADM_Pagina.php in OTM ...)
	NOT-FOR-US: OTManager
CVE-2008-5062 (Directory traversal vulnerability in php/cal_pdf.php in Mini Web Calen ...)
	NOT-FOR-US: Mini Web Calendar
CVE-2008-5061 (Cross-site scripting (XSS) vulnerability in php/cal_default.php in Min ...)
	NOT-FOR-US: Mini Web Calendar
CVE-2008-5060 (Multiple PHP remote file inclusion vulnerabilities in ModernBill 4.4 a ...)
	NOT-FOR-US: ModernBill
CVE-2008-5059 (Cross-site scripting (XSS) vulnerability in index.php in ModernBill 4. ...)
	NOT-FOR-US: ModernBill
CVE-2008-5058 (SQL injection vulnerability in siteadmin/loginsucess.php in Pre Simple ...)
	NOT-FOR-US: Pre Simple CMS
CVE-2008-5057 (SQL injection vulnerability in film.asp in Yigit Aybuga Dizi Portali a ...)
	NOT-FOR-US: Yigit Aybuga Dizi Portali
CVE-2008-5056 (Cross-site scripting (XSS) vulnerability in department_offline_context ...)
	NOT-FOR-US: ActiveCampaign TrioLive
CVE-2008-5055 (SQL injection vulnerability in department_offline_context.php in Activ ...)
	NOT-FOR-US: ActiveCampaign TrioLive
CVE-2008-5054 (Multiple SQL injection vulnerabilities in Develop It Easy Membership S ...)
	NOT-FOR-US: Develop It Easy Membership System
CVE-2008-5053 (PHP remote file inclusion vulnerability in admin.rssreader.php in the  ...)
	NOT-FOR-US: com_rssreader component for Joomla!
CVE-2008-5052 (The AppendAttributeValue function in the JavaScript engine in Mozilla  ...)
	{DSA-1697-1 DSA-1696-1 DSA-1671-1 DSA-1669-1}
	- iceweasel 3.0.4-1
	- xulrunner 1.9.0.4-1
	- icedove 2.0.0.19-1
	- iceape 1.1.13-1
CVE-2008-5051 (SQL injection vulnerability in the JooBlog (com_jb2) component 0.1.1 f ...)
	NOT-FOR-US: joomla
CVE-2008-5049 (Buffer overflow in AKEProtect.sys 3.3.3.0 in ISecSoft Anti-Keylogger E ...)
	NOT-FOR-US: ISecSoft Anti-Keylogger
CVE-2008-5048 (Buffer overflow in Atepmon.sys in ISecSoft Anti-Trojan Elite 4.2.1 and ...)
	NOT-FOR-US: ISecSoft Anti-Trojan
CVE-2008-5047 (SQL injection vulnerability in admin/index.php in Mole Group Rental Sc ...)
	NOT-FOR-US: Mole Group Rental Script
CVE-2008-5046 (SQL injection vulnerability in index.php in Mole Group Pizza Script al ...)
	NOT-FOR-US: Mole Group Pizza Script
CVE-2008-5045 (Heap-based buffer overflow in Network-Client FTP Now 2.6, and possibly ...)
	NOT-FOR-US: Network-Client FTP Now
CVE-2008-5044 (Race condition in Microsoft Windows Server 2003 and Vista allows local ...)
	NOT-FOR-US: Microsoft Windows
CVE-2008-5043 (Multiple cross-site scripting (XSS) vulnerabilities in the web-based i ...)
	NOT-FOR-US: IBM Metrica Service Assurance Framework
CVE-2008-5042 (Zeeways PhotoVideoTube 1.1 and earlier allows remote attackers to bypa ...)
	NOT-FOR-US: Zeeways PhotoVideoTube
CVE-2008-5041 (Sweex RO002 Router with firmware Ts03-072 has "rdc123" as its default  ...)
	NOT-FOR-US: Sweex RO002 Router
CVE-2008-5040 (Graphiks MyForum 1.3 allows remote attackers to bypass authentication  ...)
	NOT-FOR-US: Graphiks MyForum
CVE-2008-5039 (Cross-site scripting (XSS) vulnerability in the League module for PHP- ...)
	NOT-FOR-US: PHP-Nuke
CVE-2008-5038 (Use-after-free vulnerability in the NetWare Core Protocol (NCP) featur ...)
	NOT-FOR-US: Novell eDirectory
CVE-2008-5037 (SQL injection vulnerability in view.php in ElkaGroup Image Gallery 1.0 ...)
	NOT-FOR-US: ElkaGroup Image Gallery
CVE-2008-XXXX [typo3: passwords are not changeable bug in the backend]
	- typo3-src 4.2.3-1 (bug #505326)
	[etch] - typo3-src <not-affected> (TYPO3 versions below 4.2.x are not affected)
CVE-2008-5919 (Directory traversal vulnerability in rss.php in WebSVN 2.0 and earlier ...)
	- websvn 2.0-4 (bug #503330)
	[etch] - websvn <not-affected> (vulnerable code not present)
CVE-2008-5918 (Cross-site scripting (XSS) vulnerability in the getParameterisedSelfUr ...)
	- websvn 2.0-4 (bug #503330)
	[etch] - websvn <not-affected> (vulnerable code not present)
CVE-2008-5033 (The chip_command function in drivers/media/video/tvaudio.c in the Linu ...)
	- linux-2.6 2.6.26-11
	- linux-2.6.24 <not-affected> (Vulnerable code not present; different ioctls3B)
	[etch] - linux-2.6 <not-affected> (Vulnerable code not present; different ioctls)
CVE-2008-5031 (Multiple integer overflows in Python 2.2.3 through 2.5.1, and 2.6, all ...)
	- python2.5 2.5.2-11.1
	[etch] - python2.5 <no-dsa> (Minor issue)
	[etch] - python2.4 <no-dsa> (Minor issue)
	- python2.4 2.4.5-6 (low; bug #507317; bug #504620)
	NOTE: definitely fixed in 2.5.2-11.1 for lenny/unstable (svn-updates.dpatch)
	NOTE: maybe fixed earlier, doko is not able to tell the exact version atm
CVE-2008-5030 (Heap-based buffer overflow in the cddb_read_disc_data function in cddb ...)
	{DSA-1665-1}
	- libcdaudio 0.99.12p2-7 (bug #505478)
CVE-2008-5024 (Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunder ...)
	{DSA-1697-1 DSA-1696-1 DSA-1671-1 DSA-1669-1}
	- iceweasel 3.0.4-1
	- xulrunner 1.9.0.4-1
	- icedove 2.0.0.19-1
	- iceape 1.1.13-1
CVE-2008-5023 (Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1 ...)
	{DSA-1671-1 DSA-1669-1}
	- iceweasel 3.0.4-1
	- xulrunner 1.9.0.4-1
	- iceape 1.1.13-1
	[etch] - iceape <end-of-life> (Etch Packages no longer covered by security support)
CVE-2008-5022 (The nsXMLHttpRequest::NotifyEventListeners method in Firefox 3.x befor ...)
	{DSA-1697-1 DSA-1696-1 DSA-1671-1 DSA-1669-1}
	- xulrunner 1.9.0.4-1
	- iceweasel 3.0.4-1
	- icedove 2.0.0.19-1
	- iceape 1.1.13-1
CVE-2008-5021 (nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.1 ...)
	{DSA-1697-1 DSA-1696-1 DSA-1671-1 DSA-1669-1}
	- iceweasel 3.0.4-1
	- xulrunner 1.9.0.4-1
	- icedove 2.0.0.19-1
	- iceape 1.1.13-1
CVE-2008-5020
	REJECTED
CVE-2008-5019 (The session restore feature in Mozilla Firefox 3.x before 3.0.4 and 2. ...)
	{DSA-1671-1}
	- iceweasel 3.0.4-1
	- xulrunner 1.9.0.4-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
	NOTE: patch for xulrunner currently not suitable, Alexander will check this further
CVE-2008-5018 (The JavaScript engine in Mozilla Firefox 3.x before 3.0.4, Firefox 2.x ...)
	{DSA-1697-1 DSA-1696-1 DSA-1671-1 DSA-1669-1}
	- iceweasel 3.0.4-1
	- xulrunner 1.9.0.4-1
	- icedove 2.0.0.19-1
	- iceape 1.1.13-1
CVE-2008-5017 (Integer overflow in xpcom/io/nsEscape.cpp in the browser engine in Moz ...)
	{DSA-1697-1 DSA-1696-1 DSA-1671-1 DSA-1669-1}
	- iceweasel 3.0.4-1
	- xulrunner 1.9.0.4-1
	- icedove 2.0.0.19-1
	- iceape 1.1.13-1
CVE-2008-5016 (The layout engine in Mozilla Firefox 3.x before 3.0.4, Thunderbird 2.x ...)
	- iceweasel 3.0.4-1
	- xulrunner 1.9.0.4-1
	- icedove 2.0.0.19-1
	- iceape 1.1.13-1
	[etch] - iceweasel <not-affected> (Doesn't affect Firefox 2.x et al)
	[etch] - xulrunner <not-affected> (Doesn't affect Firefox 2.x et al)
	[etch] - iceape <not-affected> (Doesn't affect Firefox 2.x et al)
	[etch] - icedove <not-affected> (Doesn't affect Firefox 2.x et al)
CVE-2008-5015 (Mozilla Firefox 3.x before 3.0.4 assigns chrome privileges to a file:  ...)
	- iceweasel 3.0.4-1
	- xulrunner 1.9.0.4-1
	[etch] - iceweasel <not-affected> (Doesn't affect Firefox 2.x)
	[etch] - xulrunner <not-affected> (Doesn't affect Firefox 2.x)
CVE-2008-5014 (jslock.cpp in Mozilla Firefox 3.x before 3.0.2, Firefox 2.x before 2.0 ...)
	{DSA-1697-1 DSA-1696-1 DSA-1671-1 DSA-1669-1}
	- iceweasel 3.0.4-1
	- xulrunner 1.9.0.4-1
	- icedove 2.0.0.19-1
	- iceape 1.1.13-1
CVE-2008-5013 (Mozilla Firefox 2.x before 2.0.0.18 and SeaMonkey 1.x before 1.1.13 do ...)
	{DSA-1697-1 DSA-1671-1 DSA-1669-1}
	- iceape 1.1.13-1
	- iceweasel 3.0.1-1
	- xulrunner 1.9.0.1-1
CVE-2008-5012 (Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18,  ...)
	{DSA-1697-1 DSA-1696-1 DSA-1671-1 DSA-1669-1}
	- iceape 1.1.13-1
	- iceweasel 3.0.1-1
	- xulrunner 1.9.0.1-1
	- icedove 2.0.0.19-1
CVE-2008-5010 (in.dhcpd in the DHCP implementation in Sun Solaris 8 through 10, and O ...)
	NOT-FOR-US: in.dhcpd
CVE-2008-5101 (Buffer overflow in the BMP reader in OptiPNG 0.6 and 0.6.1 allows user ...)
	- optipng 0.6.1.1-1 (bug #505399)
	[etch] - optipng <not-affected> (Vulnerable code not present referring to upstream)
CVE-2008-5035 (The Resource Monitoring and Control (RMC) daemon in IBM Hardware Manag ...)
	NOT-FOR-US: IBM Hardware Management Console
CVE-2008-5026 (Microsoft SharePoint uses URLs with the same hostname and port number  ...)
	NOT-FOR-US: Microsoft
CVE-2008-5011 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Quick ...)
	NOT-FOR-US: IBM Lotus Quickr
CVE-2008-5009 (Race condition in the s_xout kernel module in Sun Solstice X.25 9.2, w ...)
	NOT-FOR-US: Sun Solstice X.25
CVE-2008-5025 (Stack-based buffer overflow in the hfs_cat_find_brec function in fs/hf ...)
	{DSA-1687-1 DSA-1681-1}
	- linux-2.6 2.6.26-11
	- linux-2.6.24 2.6.24-6~etchnhalf.7
CVE-2008-5029 (The __scm_destroy function in net/core/scm.c in the Linux kernel 2.6.2 ...)
	{DSA-1687-1 DSA-1681-1}
	- linux-2.6 2.6.26-11
	- linux-2.6.24 2.6.24-6~etchnhalf.7
CVE-2008-5008 (Buffer overflow in src/src_sinc.c in Secret Rabbit Code (aka SRC or li ...)
	- libsamplerate 0.1.4-1 (low)
	[etch] - libsamplerate <no-dsa> (Minor issue)
CVE-2008-5006 (smtp.c in the c-client library in University of Washington IMAP Toolki ...)
	{DSA-1685-1 DTSA-174-1 DTSA-174-2}
	- uw-imap 7:2007d~dfsg-1
CVE-2008-5005 (Multiple stack-based buffer overflows in (1) University of Washington  ...)
	{DSA-1685-1 DTSA-174-1 DTSA-174-2}
	[lenny] - uw-imap 2007b~dfsg-4+lenny1
	- uw-imap 7:2007d~dfsg-1
	- alpine <not-affected> (vulnerable code present but tmail/dmail wont be installed)
CVE-2008-5004 (SQL injection vulnerability in genscode.php in myWebland Bloggie Lite  ...)
	NOT-FOR-US: myWebland Bloggie Lite
CVE-2008-5003 (SQL injection vulnerability in ndetail.php in Shahrood allows remote a ...)
	NOT-FOR-US: Shahrood
CVE-2008-5002 (Insecure method vulnerability in the ChilkatCrypt2.ChilkatCrypt2.1 Act ...)
	NOT-FOR-US: ActiveX
CVE-2008-5001 (Multiple stack-based buffer overflows in multiple functions in vncview ...)
	NOT-FOR-US: UltraVNC
CVE-2008-5000 (SQL injection vulnerability in admin/includes/news.inc.php in PHPX 3.5 ...)
	NOT-FOR-US: PHPX
CVE-2008-4999 (Nortel Networks UNIStim IP Phone 0604DAS allows remote attackers to ca ...)
	NOT-FOR-US: Nortel Networks UNIStim IP Phone
CVE-2008-4997
	- pilot-qof <unfixed> (unimportant; bug #496429)
CVE-2008-4996
	- initramfs-tools <unfixed> (unimportant; bug #496386)
CVE-2008-4992 (The SPARC hypervisor in Sun System Firmware 6.6.3 through 6.6.5 and 7. ...)
	NOT-FOR-US: Sun System Firmware
CVE-2008-5050 (Off-by-one error in the get_unicode_name function (libclamav/vba_extra ...)
	{DSA-1680-1}
	- clamav 0.94.dfsg.1-1 (bug #505134)
CVE-2008-4991 (SQL injection vulnerability in LOCKON CO.,LTD. EC-CUBE 2.3.0 and earli ...)
	NOT-FOR-US: LOCKON CO.,LTD. EC-CUBE
CVE-2008-XXXX [yzis insecure temp file]
	- yzis 1.0~alpha1-2 (bug #504680)
CVE-2008-5113 (WordPress 2.6.3 relies on the REQUEST superglobal array in certain dan ...)
	{DSA-1871-2 DSA-1871-1}
	- wordpress 2.5.1-10 (bug #504771)
CVE-2008-4990 (Enomaly Elastic Computing Platform (ECP), formerly Enomalism, before 2 ...)
	NOT-FOR-US: Enomalism
CVE-2008-4989 (The _gnutls_x509_verify_certificate function in lib/x509/verify.c in l ...)
	{DSA-1719-1}
	- gnutls26 2.4.2-3 (bug #505360)
	- gnutls13 <removed>
CVE-2008-4963 (Unspecified vulnerability in the VLAN Trunking Protocol (VTP) implemen ...)
	NOT-FOR-US: Cisco IOS and CatOS
CVE-2008-4962
	RESERVED
CVE-2008-4961
	RESERVED
CVE-2008-4953
	- firehol <unfixed> (unimportant; bug #496424)
	NOTE: attack unfeasible because of $$-${RANDOM}-${RANDOM}
CVE-2008-4950 (** DISPUTED ** gccross in dpkg-cross 2.3.0 allows local users to overw ...)
	- dpkg-cross <unfixed> (unimportant; bug #496413)
	NOTE: executed under a chroot when a package failed to cross-build
CVE-2008-4938 (aegis 4.24 and aegis-web 4.24 allow local users to overwrite arbitrary ...)
	- aegis 4.24-3.1 (low; bug #496400)
	[etch] - aegis <no-dsa> (Minor issue)
CVE-2008-4934 (The hfsplus_block_allocate function in fs/hfsplus/bitmap.c in the Linu ...)
	{DSA-1687-1 DSA-1681-1}
	- linux-2.6 2.6.26-11
	- linux-2.6.24 2.6.24-6~etchnhalf.7
CVE-2008-4933 (Buffer overflow in the hfsplus_find_cat function in fs/hfsplus/catalog ...)
	{DSA-1687-1 DSA-1681-1}
	- linux-2.6 2.6.26-11
	- linux-2.6.24 2.6.24-6~etchnhalf.7
CVE-2008-4932 (webmail/modules/filesystem/edit.php in U-Mail Webmail server 4.91 allo ...)
	NOT-FOR-US: U-Mail Webmail server
CVE-2008-XXXX [universalindentgui insecure usage of temp files]
	- universalindentgui 0.8.1-1.2 (low; bug #504726)
CVE-2008-5032 (Stack-based buffer overflow in VideoLAN VLC media player 0.5.0 through ...)
	{DSA-1819-1 DTSA-176-1}
	- vlc 0.8.6.h-5 (medium; bug #504639)
CVE-2008-5036 (Stack-based buffer overflow in VideoLAN VLC media player 0.9.x before  ...)
	- vlc 1.0.3-1 (low)
	[etch] - vlc <not-affected> (Vulnerable code not present in 0.8.x)
	[lenny] - vlc <not-affected> (Vulnerable code not present in 0.8.x)
CVE-2008-4931 (Cross-site scripting (XSS) vulnerability in the account module in firm ...)
	NOT-FOR-US: firmCHANNEL Digital Signage
CVE-2008-4930 (MyBB (aka MyBulletinBoard) 1.4.2 does not properly handle an uploaded  ...)
	NOT-FOR-US: MyBB
CVE-2008-4929 (MyBB (aka MyBulletinBoard) 1.4.2 uses insufficient randomness to compo ...)
	NOT-FOR-US: MyBB
CVE-2008-4928 (Cross-site scripting (XSS) vulnerability in the redirect function in f ...)
	NOT-FOR-US: MyBB
CVE-2008-4927 (Microsoft Windows Media Player (WMP) 9.0 through 11 allows user-assist ...)
	NOT-FOR-US: Microsoft Windows Media Player
CVE-2008-4926 (Multiple insecure method vulnerabilities in MW6 Technologies PDF417 Ac ...)
	NOT-FOR-US: MW6 Technologies PDF417 ActiveX
CVE-2008-4925 (Multiple insecure method vulnerabilities in MW6 Technologies DataMatri ...)
	NOT-FOR-US: MW6 Technologies DataMatrix ActiveX
CVE-2008-4924 (Multiple insecure method vulnerabilities in MW6 Technologies 1D Barcod ...)
	NOT-FOR-US: MW6 Technologies 1D Barcode ActiveX
CVE-2008-4923 (Multiple insecure method vulnerabilities in MW6 Technologies Aztec Act ...)
	NOT-FOR-US: MW6 Technologies Aztec ActiveX
CVE-2008-4922 (Buffer overflow in the DjVu ActiveX Control 3.0 for Microsoft Office ( ...)
	NOT-FOR-US: DjVu ActiveX
CVE-2008-4921 (board/admin/reguser.php in Chipmunk CMS 1.3 allows remote attackers to ...)
	NOT-FOR-US: Chipmunk CMS
CVE-2008-4920
	REJECTED
CVE-2008-4919 (Insecure method vulnerability in VISAGESOFT eXPert PDF Viewer X Active ...)
	NOT-FOR-US: eXPert PDF Viewer X ActiveX
CVE-2008-4918 (Cross-site scripting (XSS) vulnerability in SonicWALL SonicOS Enhanced ...)
	NOT-FOR-US: SonicOS Enhanced
CVE-2008-5027 (The Nagios process in (1) Nagios before 3.0.5 and (2) op5 Monitor befo ...)
	- nagios3 <removed> (unimportant)
	NOTE: the nagios process shouldnt have rights to execute important commands and non-trusted
	NOTE: users shouldn't have access to nagios anyway
CVE-2008-5028 (Cross-site request forgery (CSRF) vulnerability in cmd.cgi in (1) Nagi ...)
	- nagios3 3.0.6-1 (low; bug #504894)
	[etch] - nagios2 <no-dsa> (CSRF can only cause DoS and needs admin's browser)
CVE-2008-4917 (Unspecified vulnerability in VMware Workstation 5.5.8 and earlier, and ...)
	NOT-FOR-US: VMware Workstation
CVE-2008-4916 (Unspecified vulnerability in a guest virtual device driver in VMware W ...)
	NOT-FOR-US: VMware
CVE-2008-4915 (The CPU hardware emulation in VMware Workstation 6.0.5 and earlier and ...)
	NOT-FOR-US: VMware Workstation
CVE-2008-4914 (Unspecified vulnerability in VMware ESXi 3.5 before ESXe350-200901401- ...)
	NOT-FOR-US: VMware
CVE-2008-4913 (Directory traversal vulnerability in admin.php in LokiCMS 0.3.3 and ea ...)
	NOT-FOR-US: LokiCMS
CVE-2008-4912 (SQL injection vulnerability in popup_img.php in the fotogalerie module ...)
	NOT-FOR-US: RS MAXSOFT
CVE-2008-4911 (PHP remote file inclusion vulnerability in read.php in Chattaitaliano  ...)
	NOT-FOR-US: Chattaitaliano Istant-Replay
CVE-2008-4910 (The BasicService in Sun Java Web Start allows remote attackers to exec ...)
	NOT-FOR-US: Sun Java Web Start
CVE-2008-4909 (Cross-site request forgery (CSRF) vulnerability in CompactCMS 1.1 and  ...)
	NOT-FOR-US: CompactCMS
CVE-2008-4908 (maps/Info/combine.pl in CrossFire crossfire-maps 1.11.0 allows local u ...)
	- crossfire-maps 1.11.0-2 (low; bug #496358; bug #504561)
	[etch] - crossfire-maps <no-dsa> (Minor issue)
CVE-2008-4906 (SQL injection vulnerability in lyrics_song.php in the Lyrics (lyrics_m ...)
	NOT-FOR-US: Lyrics (lyrics_menu) plugin for e107
CVE-2008-4905 (Typo 5.1.3 and earlier uses a hard-coded salt for calculating password ...)
	- typo <itp> (bug #379399)
CVE-2008-4904 (SQL injection vulnerability in the "Manage pages" feature (admin/pages ...)
	- typo <itp> (bug #379399)
CVE-2008-4903 (Cross-site scripting (XSS) vulnerability in the leave comment (feedbac ...)
	- typo <itp> (bug #379399)
CVE-2008-4902 (SQL injection vulnerability in contact_author.php in Article Publisher ...)
	NOT-FOR-US: Article Publisher
CVE-2008-4901 (SQL injection vulnerability in admin/admin.php in Article Publisher Pr ...)
	NOT-FOR-US: Article Publisher
CVE-2008-4900 (SQL injection vulnerability in tr.php in YourFreeWorld Classifieds Bla ...)
	NOT-FOR-US: YourFreeWorld Classifieds
CVE-2008-4899 (Cross-site request forgery (CSRF) vulnerability in Planetluc RateMe 1. ...)
	NOT-FOR-US: Planetluc RateMe
CVE-2008-4898 (Cross-site scripting (XSS) vulnerability in planetluc RateMe 1.3.3 all ...)
	NOT-FOR-US: Planetluc RateMe
CVE-2008-4897 (SQL injection vulnerability in fichiers/add_url.php in Logz podcast CM ...)
	NOT-FOR-US: Logz podcast CMS
CVE-2008-4896 (Cross-site scripting (XSS) vulnerability in fichiers/add_url.php in Lo ...)
	NOT-FOR-US: Logz CMS
CVE-2008-4895 (SQL injection vulnerability in tr.php in YourFreeWorld Downline Builde ...)
	NOT-FOR-US: YourFreeWorld Downline
CVE-2008-4894 (Directory traversal vulnerability in templates/mytribiqsite/tribal-GPL ...)
	NOT-FOR-US: Tribiq CMS
CVE-2008-4893 (Cross-site scripting (XSS) vulnerability in templates/mytribiqsite/tri ...)
	NOT-FOR-US: Tribiq CMS
CVE-2008-4892 (Cross-site scripting (XSS) vulnerability in gallery.inc.php in Planetl ...)
	NOT-FOR-US: Planetluc MyGallery
CVE-2008-4891 (Cross-site scripting (XSS) vulnerability in signme.inc.php in Planetlu ...)
	NOT-FOR-US: SignMe
CVE-2008-4890 (SQL injection vulnerability in products.php in 1st News 4 Professional ...)
	NOT-FOR-US: 1st News 4 Professional
CVE-2008-4889 (SQL injection vulnerability in index.php in deV!L'z Clanportal (DZCP)  ...)
	NOT-FOR-US: deV!L'z Clanportal
CVE-2008-4888 (Cross-site scripting (XSS) vulnerability in error.php in NetRisk 2.0 a ...)
	NOT-FOR-US: NetRisk 2.0
CVE-2008-4887 (SQL injection vulnerability in index.php in NetRisk 2.0 and earlier al ...)
	NOT-FOR-US: NetRisk 2.0
CVE-2008-4886 (SQL injection vulnerability in index.php in YourFreeWorld Shopping Car ...)
	NOT-FOR-US: YourFreeWorld Shopping
CVE-2008-4885 (SQL injection vulnerability in tr1.php in YourFreeWorld Scrolling Text ...)
	NOT-FOR-US: YourFreeWorld Scrolling Text
CVE-2008-4884 (SQL injection vulnerability in tr.php in YourFreeWorld Classifieds Hos ...)
	NOT-FOR-US: YourFreeWorld Classifieds
CVE-2008-4883 (SQL injection vulnerability in tr.php in YourFreeWorld Blog Blaster Sc ...)
	NOT-FOR-US: YourFreeWorld Blog Blaster
CVE-2008-4882 (SQL injection vulnerability in tr.php in YourFreeWorld Autoresponder H ...)
	NOT-FOR-US: YourFreeWorld Autoresponder
CVE-2008-4881 (SQL injection vulnerability in tr.php in YourFreeWorld Reminder Servic ...)
	NOT-FOR-US: YourFreeWorld Reminder
CVE-2008-4880 (SQL injection vulnerability in prodshow.php in Maran PHP Shop allows r ...)
	NOT-FOR-US: Maran PHP Shop
CVE-2008-4879 (SQL injection vulnerability in prod.php in Maran PHP Shop allows remot ...)
	NOT-FOR-US: Maran PHP Shop
CVE-2008-4907 (The message parsing feature in Dovecot 1.1.4 and 1.1.5, when using the ...)
	- dovecot 1:1.1.7-1 (low)
	[etch] - dovecot <not-affected> (Vulnerable code not present prior to 1.1.4)
	[lenny] - dovecot <not-affected> (Vulnerable code not present prior to 1.1.4)
CVE-2008-5186
	{DTSA-179-1}
	- geshi 1.0.8.1-1 (bug #504445)
	NOTE: its rather an application bug if the input to set_language_path is unfiltered user input
	NOTE: http://comments.gmane.org/gmane.comp.security.oss.general/1152
	- dokuwiki 0.0.20080505-3.1 (unimportant; bug #504682)
	NOTE: DokuWiki passes a static string to $path parameter
	- pgfouine 1.0-1.1 (unimportant; bug #504681)
	NOTE: pgfouine too does not override default language files path
CVE-2008-6432
	REJECTED
CVE-2008-4878 (Unrestricted file upload vulnerability in the "Add Image Macro" featur ...)
	NOT-FOR-US: WebCards
CVE-2008-4877 (SQL injection vulnerability in admin.php in WebCards 1.3, when magic_q ...)
	NOT-FOR-US: WebCards
CVE-2008-4876 (Cross-site scripting (XSS) vulnerability in the web server component i ...)
	NOT-FOR-US: Philips Electronics VOIP841 DECT Phone
CVE-2008-4875 (Directory traversal vulnerability in the web server in Philips Electro ...)
	NOT-FOR-US: Philips Electronics VOIP841 DECT Phone
CVE-2008-4874 (The web component in Philips Electronics VOIP841 DECT Phone with firmw ...)
	NOT-FOR-US: Philips Electronics VOIP841 DECT Phone
CVE-2008-4873 (board.cgi in Sepal SPBOARD 4.5 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Sepal SPBOARD
CVE-2008-4872 (Cross-site scripting (XSS) vulnerability in bidhistory.php in iTechBid ...)
	NOT-FOR-US: iTechBids Gold
CVE-2008-4871 (Cross-site scripting (XSS) vulnerability in My Little Forum 1.75 and 2 ...)
	NOT-FOR-US: My Little Forum
CVE-2008-4870 (dovecot 1.0.7 in Red Hat Enterprise Linux (RHEL) 5, and possibly Fedor ...)
	- dovecot <unfixed> (unimportant)
	NOTE: by default this file doesnt containt sensitive information and administrator
	NOTE: changing this should ensure on its own that the mode is secure
CVE-2008-4869 (FFmpeg 0.4.9, as used by MPlayer, allows context-dependent attackers t ...)
	- ffmpeg-debian 0.svn20080206-15 (unimportant; bug #504977)
	NOTE: A regular bug, but hardly a security issue
	- kino 1.0.0-1
	[etch] - kino <not-affected> (Does not ship ffmpeg)
	- gstreamer0.10-ffmpeg 0.10.3-2
CVE-2008-4868 (Unspecified vulnerability in the avcodec_close function in libavcodec/ ...)
	- ffmpeg <not-affected> (Vulnerable code not present)
	- ffmpeg-debian <not-affected> (Vulnerable code not present)
	[etch] - ffmpeg <not-affected> (Vulnerable code not present)
	- mplayer 1.0~rc2-14
	[etch] - mplayer <not-affected> (Vulnerable code not present)
	- kino 1.0.0-1
	[etch] - kino <not-affected> (Does not ship ffmpeg)
	- gstreamer0.10-ffmpeg 0.10.3-2
	[etch] - gstreamer0.10-ffmpeg <not-affected> (Vulnerable code not present)
CVE-2008-4867 (Buffer overflow in libavcodec/dca.c in FFmpeg 0.4.9 before r14917, as  ...)
	- ffmpeg 0.svn20080206-14
	- ffmpeg-debian 0.svn20080206-14 (bug #504977)
	[etch] - ffmpeg <not-affected> (Vulnerable code not present)
	- mplayer 1.0~rc2-14
	[etch] - mplayer <not-affected> (Vulnerable code not present)
	- kino 1.0.0-1
	[etch] - kino <not-affected> (Does not ship ffmpeg)
	- gstreamer0.10-ffmpeg 0.10.3-2
	[etch] - gstreamer0.10-ffmpeg <not-affected> (Vulnerable code not present)
CVE-2008-4866 (Multiple buffer overflows in libavformat/utils.c in FFmpeg 0.4.9 befor ...)
	{DSA-1782-1}
	- ffmpeg 0.svn20080206-14
	- ffmpeg-debian 0.svn20080206-14 (bug #504977)
	[etch] - ffmpeg <not-affected> (Vulnerable code not present)
	- mplayer 1.0~rc2-14
	- kino 1.0.0-1
	[etch] - kino <not-affected> (Does not ship ffmpeg)
	- gstreamer0.10-ffmpeg 0.10.3-2
	[etch] - gstreamer0.10-ffmpeg <not-affected> (Vulnerable code not present)
CVE-2008-4865 (Untrusted search path vulnerability in valgrind before 3.4.0 allows lo ...)
	- valgrind 1:3.3.1-3 (unimportant; bug #507312)
	NOTE: That's hardly an issue
CVE-2008-4864 (Multiple integer overflows in imageop.c in the imageop module in Pytho ...)
	- python2.5 2.5.2-12 (low; bug #504619)
	[etch] - python2.5 <no-dsa> (Minor issue)
	- python2.4 2.4.5-6 (low; bug #504620)
	[etch] - python2.4 <no-dsa> (Minor issue)
CVE-2008-4863 (Untrusted search path vulnerability in BPY_interface in Blender 2.46 a ...)
	- blender 2.46+dfsg-5 (bug #503632; low)
	[etch] - blender 2.42a-8
	NOTE: minor issue fixed in etch r6 point update
CVE-2008-4862
	REJECTED
CVE-2008-4861
	REJECTED
CVE-2008-4860
	REJECTED
CVE-2008-4859
	REJECTED
CVE-2008-4858
	REJECTED
CVE-2008-4857
	REJECTED
CVE-2008-4856
	REJECTED
CVE-2008-4855
	REJECTED
CVE-2008-4854
	REJECTED
CVE-2008-4853
	REJECTED
CVE-2008-4852
	REJECTED
CVE-2008-4851
	REJECTED
CVE-2008-4850
	REJECTED
CVE-2008-4849
	REJECTED
CVE-2008-4848
	REJECTED
CVE-2008-4847
	REJECTED
CVE-2008-4846
	REJECTED
CVE-2008-4845
	REJECTED
CVE-2008-4844 (Use-after-free vulnerability in the CRecordInstance::TransferToDestina ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-4843
	REJECTED
CVE-2008-4842
	REJECTED
CVE-2008-4841 (The WordPad Text Converter for Word 97 files in Microsoft Windows 2000 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2008-4840
	REJECTED
CVE-2008-4839
	REJECTED
CVE-2008-4838
	REJECTED
CVE-2008-4837 (Stack-based buffer overflow in Microsoft Office Word 2000 SP3, 2002 SP ...)
	NOT-FOR-US: Microsoft Office Word
CVE-2008-4836
	REJECTED
CVE-2008-4835 (SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP ...)
	NOT-FOR-US: Windows
CVE-2008-4834 (Buffer overflow in SMB in the Server service in Microsoft Windows 2000 ...)
	NOT-FOR-US: Windows
CVE-2008-4833
	REJECTED
CVE-2008-4832 (rc.sysinit in initscripts 8.12-8.21 and 8.56.15-0.1 on rPath allows lo ...)
	NOT-FOR-US: rPath
CVE-2008-4831 (Unspecified vulnerability in Adobe ColdFusion 8 and 8.0.1 and ColdFusi ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2008-4830 (Insecure method vulnerability in the KWEdit ActiveX control in SAP GUI ...)
	NOT-FOR-US: KWEdit ActiveX control
CVE-2008-4829 (Multiple buffer overflows in lib/http.c in Streamripper 1.63.5 allow r ...)
	{DSA-1683-1}
	- streamripper 1.63.5-2 (bug #506377)
CVE-2008-4828 (Multiple stack-based buffer overflows in dsmagent.exe in the Remote Ag ...)
	NOT-FOR-US: IBM Tivoli Storage Manager
CVE-2008-4827 (Multiple heap-based buffer overflows in the AddTab method in the (1) T ...)
	NOT-FOR-US: ComponentOne SizerOne
CVE-2008-4826
	REJECTED
CVE-2008-4825 (Multiple buffer overflows in UltraISO 9.3.1.2633, and possibly other v ...)
	NOT-FOR-US: UltraISO
CVE-2008-4824 (Multiple unspecified vulnerabilities in Adobe Flash Player 10.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2008-4823 (Cross-site scripting (XSS) vulnerability in Adobe Flash Player 9.0.124 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2008-4822 (Adobe Flash Player 9.0.124.0 and earlier does not properly interpret p ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2008-4821 (Adobe Flash Player 9.0.124.0 and earlier, when a Mozilla browser is us ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2008-4820 (Unspecified vulnerability in the Flash Player ActiveX control in Adobe ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2008-4819 (Unspecified vulnerability in Adobe Flash Player 9.0.124.0 and earlier  ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2008-4818 (Cross-site scripting (XSS) vulnerability in Adobe Flash Player 9.0.124 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2008-4817 (The Download Manager in Adobe Acrobat Professional and Reader 8.1.2 an ...)
	NOT-FOR-US: Adobe Acrobat
CVE-2008-4816 (Unspecified vulnerability in the Download Manager in Adobe Reader 8.1. ...)
	NOT-FOR-US: Adobe Reader on Windows
CVE-2008-4815 (Untrusted search path vulnerability in Adobe Reader and Acrobat 8.1.2  ...)
	NOT-FOR-US: Adobe Acrobat
CVE-2008-4814 (Unspecified vulnerability in a JavaScript method in Adobe Reader and A ...)
	NOT-FOR-US: Adobe Acrobat
CVE-2008-4813 (Adobe Reader and Acrobat 8.1.2 and earlier, and before 7.1.1, allow re ...)
	NOT-FOR-US: Adobe Acrobat
CVE-2008-4812 (Array index error in Adobe Reader and Acrobat, and the Explorer extens ...)
	NOT-FOR-US: Adobe Reader Explorer extension
CVE-2008-4811 (The _expand_quoted_text function in libs/Smarty_Compiler.class.php in  ...)
	{DSA-1691-1}
	- smarty 2.6.26-0.1 (bug #504328)
	[lenny] - smarty <no-dsa> (Minor issue, fix will change behaviour)
	[etch] - smarty <no-dsa> (Minor issue, fix will change behaviour)
	- moodle 1.8.2-2 (bug #504345)
	- gallery2 2.2.5-2
	NOTE: This attack vector is *not* fixed in r2797
CVE-2008-4810 (The _expand_quoted_text function in libs/Smarty_Compiler.class.php in  ...)
	{DSA-1919-1 DSA-1691-1}
	- smarty 2.6.26-0.1 (bug #504328)
	- moodle 1.8.2-2 (bug #504345)
	- gallery2 2.2.5-2
	NOTE: This attack vector is fixed in r2797
CVE-2008-4809 (Multiple unspecified vulnerabilities in the Profiles search pages in I ...)
	NOT-FOR-US: IBM Lotus Connections
CVE-2008-4808 (IBM Lotus Connections 2.x before 2.0.1 allows attackers to discover pa ...)
	NOT-FOR-US: IBM Lotus Connections
CVE-2008-4807 (IBM Lotus Connections 2.x before 2.0.1 stores the password for the adm ...)
	NOT-FOR-US: IBM Lotus Connections
CVE-2008-4806 (Multiple SQL injection vulnerabilities in IBM Lotus Connections 2.x be ...)
	NOT-FOR-US: IBM Lotus Connections
CVE-2008-4805 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Conne ...)
	NOT-FOR-US: IBM Lotus Connections
CVE-2008-4804 (SQL injection vulnerability in the Gallery module 1.3 for PHP-Nuke all ...)
	NOT-FOR-US: NFU Gallery module 1.3 for PHP-Nuke
CVE-2008-4803 (Cross-site scripting (XSS) vulnerability in index.php in Simple PHP Sc ...)
	NOT-FOR-US: Simple PHP Scripts gallery
CVE-2008-4802 (Cross-site scripting (XSS) vulnerability in complete.php in Simple PHP ...)
	NOT-FOR-US: Simple PHP Scripts blog
CVE-2008-5076 (htop 0.7 writes process names to a terminal without sanitizing non-pri ...)
	- htop 0.8.1-2 (unimportant; bug #504144)
	NOTE: That scenario is too constructed to call it a security issue, especially
	NOTE: given that the standard top will display the maliciously hidden processes
	NOTE: just fine.
CVE-2008-5256 (The AcquireDaemonLock function in ipcdUnix.cpp in Sun Innotek VirtualB ...)
	- virtualbox-ose 1.6.6-dfsg-3 (low; bug #504149)
CVE-2008-4801 (Heap-based buffer overflow in the Data Protection for SQL CAD service  ...)
	NOT-FOR-US: SQL CAD service
CVE-2008-4800 (The DebugDiag ActiveX control in CrashHangExt.dll, possibly 1.0, in Mi ...)
	NOT-FOR-US: ActiveX control
CVE-2008-4799 (pamperspective in Netpbm before 10.35.48 does not properly calculate a ...)
	- netpbm-free <not-affected> (Vulnerable code not present)
CVE-2008-4798 (The loadModule function in lib/WebGUI/Asset.pm in WebGUI before 7.5.30 ...)
	NOT-FOR-US: WebGUI
CVE-2008-4797 (Directory traversal vulnerability in Arihiro Kurata Kantan WEB Server  ...)
	NOT-FOR-US: Arihiro Kurata Kantan WEB Server
CVE-2008-4796 (The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3 a ...)
	{DSA-1871-2 DSA-1871-1 DSA-1691-1}
	- libphp-snoopy 1.2.4-1 (bug #504168; medium)
	- ampache 3.4.1-2 (bug #504169)
	- mahara 1.0.5-2 (bug #504170)
	[lenny] - mahara 1.0.4-3
	- pixelpost 1.7.1-5 (bug #504171)
	- mediamate 0.9.3.6-5 (bug #504172; unimportant)
	NOTE: mediamate does not use snoopy in https requests
	- opendb <removed> (unimportant; bug #504173)
	- wordpress 2.5.1-9 (bug #504234)
	- moodle 1.8.2-2 (bug #504235)
	- gforge-plugin-scmcvs <removed>
	[etch] - gforge-plugin-scmcvs <not-affected> (Snoopy function not used on URLs that come from user input)
	- magpierss <not-affected> (Fixed in all supported distributions)
CVE-2008-4795 (The links panel in Opera before 9.62 processes Javascript within the c ...)
	NOT-FOR-US: Opera
CVE-2008-4794 (Opera before 9.62 allows remote attackers to execute arbitrary command ...)
	NOT-FOR-US: Opera
CVE-2008-4793 (The node module API in Drupal 5.x before 5.11 allows remote attackers  ...)
	- drupal5 5.10-3 (low)
	- drupal6 <not-affected> (Vulnerable code not present)
CVE-2008-4792 (The core BlogAPI module in Drupal 5.x before 5.11 and 6.x before 6.5 d ...)
	- drupal5 5.10-3 (low)
	- drupal6 6.4-2 (low)
CVE-2008-4791 (The user module in Drupal 5.x before 5.11 and 6.x before 6.5 might all ...)
	- drupal5 5.10-3 (low)
	- drupal6 6.4-2 (low)
CVE-2008-4790 (The core upload module in Drupal 5.x before 5.11 allows remote authent ...)
	- drupal5 5.10-3 (low)
CVE-2008-4789 (The validation functionality in the core upload module in Drupal 6.x b ...)
	- drupal6 6.4-2 (low)
CVE-2008-4788 (Microsoft Internet Explorer 6 omits high-bit URL-encoded characters wh ...)
	NOT-FOR-US: Microsoft Internet Explorer 6
CVE-2008-4787 (Visual truncation vulnerability in Microsoft Internet Explorer 6 allow ...)
	NOT-FOR-US: Microsoft Internet Explorer 6
CVE-2008-4786 (SQL injection vulnerability in easyshop.php in the EasyShop plugin for ...)
	NOT-FOR-US: EasyShop plugin for e107
CVE-2008-4785 (SQL injection vulnerability in newuser.php in the alternate_profiles p ...)
	NOT-FOR-US: e107
CVE-2008-4784 (aflog 1.01 allows remote attackers to bypass authentication and gain a ...)
	NOT-FOR-US: aflog
CVE-2008-4783 (tlAds 1.0 allows remote attackers to bypass authentication and gain ad ...)
	NOT-FOR-US: tlAds
CVE-2008-4782 (SQL injection vulnerability in public/code/cp_polls_results.php in All ...)
	NOT-FOR-US: AIOCP
CVE-2008-4781 (Directory traversal vulnerability in update.php in MyKtools 2.4 allows ...)
	NOT-FOR-US: MyKtools
CVE-2008-4780 (Directory traversal vulnerability in admin/centre.php in MyForum 1.3,  ...)
	NOT-FOR-US: MyForum
CVE-2008-4779 (Stack-based buffer overflow in TUGzip 3.5.0.0 allows remote attackers  ...)
	NOT-FOR-US: TUGzip
CVE-2008-4778 (SQL injection vulnerability in the gallery module in Koobi CMS 4.3.0 a ...)
	NOT-FOR-US: Koobi CMS
CVE-2008-4777 (SQL injection vulnerability in the Showroom Joomlearn LMS (com_lms) co ...)
	NOT-FOR-US: Showroom Joomlearn LMS
CVE-2008-4774 (Cross-site scripting (XSS) vulnerability in main/main.php in QuestCMS  ...)
	NOT-FOR-US: QuestCMS
CVE-2008-4773 (Directory traversal vulnerability in main/main.php in QuestCMS allows  ...)
	NOT-FOR-US: QuestCMS
CVE-2008-4772 (SQL injection vulnerability in main/main.php in QuestCMS allows remote ...)
	NOT-FOR-US: QuestCMS
CVE-2008-4771 (Stack-based buffer overflow in VATDecoder.VatCtrl.1 ActiveX control in ...)
	NOT-FOR-US: ActiveX
CVE-2008-4770 (The CMsgReader::readRect function in the VNC Viewer component in RealV ...)
	{DSA-1716-1}
	- vnc4 4.1.1+X4.3.0-31 (medium; bug #513531)
CVE-2008-4776 (libgadu before 1.8.2 allows remote servers to cause a denial of servic ...)
	{DSA-1664-1}
	- libgadu 1:1.8.0+r592-3 (low; bug #503916)
	- kadu 0.6.0.2-3 (low; bug #504429)
	- ekg 1:1.8~rc0-1 (low)
	- centerim 4.22.9-1 (low; bug #559782)
	[lenny] - centerim <no-dsa> (Minor issue)
	NOTE: claimed to be fixed in point update but is not: [lenny] - centerim 4.22.5-1+lenny1
	- qutecom <not-affected> (does not use libgadu embed; bug #559784)
CVE-2008-4769 (Directory traversal vulnerability in the get_category_template functio ...)
	{DSA-1871-2 DSA-1871-1}
	- wordpress 2.5.1-1
CVE-2008-4768 (SQL injection vulnerability in TLM CMS 3.1 allows remote attackers to  ...)
	NOT-FOR-US: TLM CMS
CVE-2008-4767 (Unrestricted file upload vulnerability in the DownloadsPlus module in  ...)
	NOT-FOR-US: PHP-Nuke
CVE-2008-4766 (SQL injection vulnerability in member.php in Oxygen Bulletin Board 1.1 ...)
	NOT-FOR-US: Oxygen Bulletin Board
CVE-2008-4765 (SQL injection vulnerability in pollBooth.php in osCommerce Poll Booth  ...)
	NOT-FOR-US: osCommerce Poll Booth Add-On
CVE-2008-4764 (Directory traversal vulnerability in the eXtplorer module (com_extplor ...)
	NOT-FOR-US: eXtplorer module in Joomla!
CVE-2008-4763 (Multiple cross-site scripting (XSS) vulnerabilities in sample.php in W ...)
	NOT-FOR-US: WiKID wClient-PHP
CVE-2008-4762 (Stack-based buffer overflow in freeSSHd 1.2.1 allows remote authentica ...)
	NOT-FOR-US: freeSSHd
CVE-2008-4761 (Cross-site scripting (XSS) vulnerability in includes/htmlArea/plugins/ ...)
	NOT-FOR-US: Kayako eSupport
CVE-2008-4760 (SQL injection vulnerability in lecture.php in Graphiks MyForum 1.3, wh ...)
	NOT-FOR-US: Graphiks MyForum
CVE-2008-4759 (Directory traversal vulnerability in download.php in BuzzyWall 1.3.1 a ...)
	NOT-FOR-US: BuzzyWall
CVE-2008-4758 (Directory traversal vulnerability in download_file.php in PHP-Daily al ...)
	NOT-FOR-US: PHPdaily
CVE-2008-4757 (Multiple SQL injection vulnerabilities in PHP-Daily allow remote attac ...)
	NOT-FOR-US: PHPdaily
CVE-2008-4756 (Cross-site scripting (XSS) vulnerability in add_prest_date.php in PHP- ...)
	NOT-FOR-US: PHPdaily
CVE-2008-4755 (SQL injection vulnerability in gotourl.php in PozScripts Classified Au ...)
	NOT-FOR-US: PozScripts Classified Auctions Script
CVE-2008-4754 (SQL injection vulnerability in forum.php in Scripts for Sites (SFS) Ez ...)
	NOT-FOR-US: Scripts for Sites Ez Forum
CVE-2008-4753 (SQL injection vulnerability in EditUrl.php in AJ Square RSS Reader all ...)
	NOT-FOR-US: AJ Square RSS Reader
CVE-2008-4752 (TlNews 2.2 allows remote attackers to bypass authentication and gain a ...)
	NOT-FOR-US: TlNews
CVE-2008-4751 (Cross-site scripting (XSS) vulnerability in index.php in iPei Guestboo ...)
	NOT-FOR-US: iPei Guestbook
CVE-2008-4750 (Stack-based buffer overflow in the VImpX.VImpAX ActiveX control (VImpX ...)
	NOT-FOR-US: ActiveX
CVE-2008-4749 (Multiple insecure method vulnerabilities in the VImpX.VImpAX ActiveX c ...)
	NOT-FOR-US: ActiveX
CVE-2008-4747 (Unspecified vulnerability in the search feature in Sun Java System LDA ...)
	NOT-FOR-US: Sun Java System LDAP JDK
CVE-2008-4746 (Multiple SQL injection vulnerabilities in Uniwin eCart Professional 2. ...)
	NOT-FOR-US: Uniwin eCart Professional
CVE-2008-4745 (Cross-site scripting (XSS) vulnerability in emailFriend.asp in Uniwin  ...)
	NOT-FOR-US: Uniwin eCart Professional
CVE-2008-4744 (SQL injection vulnerability in product_detail.php in DXShopCart 4.30mc ...)
	NOT-FOR-US: DXShopCart
CVE-2008-4743 (SQL injection vulnerability in index.php in QuidaScript FAQ Management ...)
	NOT-FOR-US: QuidaScript FAQ Management Script
CVE-2008-4742 (Multiple cross-site scripting (XSS) vulnerabilities in interface/Login ...)
	NOT-FOR-US: TimeTrex
CVE-2008-4741 (Directory traversal vulnerability in index.php in FAR-PHP 1.00, when m ...)
	NOT-FOR-US: FAR-PHP
CVE-2008-4740 (Directory traversal vulnerability in templater.php in the ZZ_Templater ...)
	NOT-FOR-US: ZZ_Templater module in TinyCMS
CVE-2008-4748 (Format string vulnerability in the URI handler in KVirc 3.4.0, when se ...)
	- kvirc <not-affected> (Windows-specific vulnerability)
CVE-2008-XXXX [balazar3: insecure temp file handling]
	- balazar3 0.1-2 (bug #503750)
CVE-2008-4775 (Cross-site scripting (XSS) vulnerability in pmd_pdf.php in phpMyAdmin  ...)
	- phpmyadmin 4:2.11.8.1-4 (low)
	[etch] - phpmyadmin <not-affected> (Vulnerable code not present)
	NOTE: https://www.securityfocus.com/archive/1/497815
	NOTE: https://www.phpmyadmin.net/security/PMASA-2008-9/
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/625e9f2e93671f9e4a9086b8d6c8111f70ffcc3d (2.11 branch)
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/600a2ca21bc8b40742fd0a919a6b06a477548647
CVE-2008-4739 (Directory traversal vulnerability in index.php in PlugSpace 0.1, when  ...)
	NOT-FOR-US: PlugSpace
CVE-2008-4738 (SQL injection vulnerability in gallery.php in MyCard 1.0.2 allows remo ...)
	NOT-FOR-US: MyCard
CVE-2008-4737 (Cross-site scripting (XSS) vulnerability in wholite.cgi in WhoDomLite  ...)
	NOT-FOR-US: WhoDomLite
CVE-2008-4736 (SQL injection vulnerability in index.php in RPG.Board 0.8 Beta2 and ea ...)
	NOT-FOR-US: RPG.Board
CVE-2008-4735 (PHP remote file inclusion vulnerability in header.php in Concord Asset ...)
	NOT-FOR-US: Concord software
CVE-2008-4734 (Cross-site request forgery (CSRF) vulnerability in the wpcr_do_options ...)
	NOT-FOR-US: WP Comment Remix plugin
CVE-2008-4733 (Cross-site scripting (XSS) vulnerability in wpcommentremix.php in WP C ...)
	NOT-FOR-US: WP Comment Remix plugin
CVE-2008-4732 (SQL injection vulnerability in ajax_comments.php in the WP Comment Rem ...)
	NOT-FOR-US: WP Comment Remix plugin
CVE-2008-4731 (Multiple unspecified vulnerabilities in YaCy before 0.61 have unknown  ...)
	- yacy <itp> (bug #452422)
CVE-2008-4730 (Cross-site scripting (XSS) vulnerability in MyID.php in phpMyID 0.9 al ...)
	- phpmyid <itp> (bug #492325)
CVE-2008-4729 (Stack-based buffer overflow in Hummingbird.XWebHostCtrl.1 ActiveX cont ...)
	NOT-FOR-US: Hummingbird Xweb
CVE-2008-4728 (Multiple insecure method vulnerabilities in the DeployRun.DeploymentSe ...)
	NOT-FOR-US: Hummingbird Deployment Wizard
CVE-2008-4727 (Cross-site scripting (XSS) vulnerability in the contact update page (s ...)
	NOT-FOR-US: SunGard Banner Student
CVE-2008-4726 (Stack-based buffer overflow in the SFTP subsystem in GoodTech SSH 6.4  ...)
	NOT-FOR-US: GoodTech SSH
CVE-2008-4725 (Cross-site scripting (XSS) vulnerability in Opera.dll in Opera 9.52 al ...)
	NOT-FOR-US: Opera
CVE-2008-4724 (Multiple cross-site scripting (XSS) vulnerabilities in Google Chrome 0 ...)
	- webkit 1.1.7-1 (low; bug #520052)
	[lenny] - webkit <no-dsa> (Minor issue)
	- kdelibs <not-affected>
	- kde4libs <not-affected>
CVE-2008-4723 (Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox ...)
	- iceweasel <not-affected>
	NOTE: firefox not affected, see https://bugzilla.redhat.com/468397
CVE-2008-4722 (Unspecified vulnerability in Sun Integrated Lights-Out Manager (ILOM)  ...)
	NOT-FOR-US: Sun ILOM
CVE-2008-4721 (PHP Jabbers Post Comment 3.0 allows remote attackers to bypass authent ...)
	NOT-FOR-US: PHP Jabbers
CVE-2008-4720 (Multiple PHP remote file inclusion vulnerabilities in The Gemini Porta ...)
	NOT-FOR-US: The Gemini Portal
CVE-2008-4719 (PHP remote file inclusion vulnerability in cms/classes/openengine/file ...)
	NOT-FOR-US: openEngine
CVE-2008-4718 (Directory traversal vulnerability in help/mini.php in X7 Chat 2.0.1 A1 ...)
	NOT-FOR-US: X7 Chat
CVE-2008-4717 (SQL injection vulnerability in bannerclick.php in ZEELYRICS 2.0 allows ...)
	NOT-FOR-US: ZEELYRICS
CVE-2008-4716 (SQL injection vulnerability in show.php in BitmixSoft PHP-Lance 1.52 a ...)
	NOT-FOR-US: PHP-Lance
CVE-2008-4715 (SQL injection vulnerability in the Jpad (com_jpad) 1.0 component for J ...)
	NOT-FOR-US: com_jpad for Joomla!
CVE-2008-4714 (Atomic Photo Album 1.1.0 pre4 does not properly handle the apa_cookie_ ...)
	NOT-FOR-US: Atomic Photo Album
CVE-2008-4713 (SQL injection vulnerability in view.php in 212cafe Board 0.07 allows r ...)
	NOT-FOR-US: 212cafe Board
CVE-2008-4712 (Directory traversal vulnerability in pages/showblog.php in LnBlog 0.9. ...)
	NOT-FOR-US: LnBlog
CVE-2008-4711 (SQL injection vulnerability in Joovili 3.0 and earlier, when magic_quo ...)
	NOT-FOR-US: Joovili
CVE-2008-4710 (Cross-site scripting (XSS) vulnerability in the stock quotes page in S ...)
	NOT-FOR-US: Stock module for Drupal
CVE-2008-4709 (SQL injection vulnerability in news_read.php in Pilot Group (PG) eTrai ...)
	NOT-FOR-US: PG eTraining
CVE-2008-4708 (BbZL.PhP 0.92 allows remote attackers to bypass authentication and gai ...)
	NOT-FOR-US: BbZL.PhP
CVE-2008-4707 (Directory traversal vulnerability in index.php in BbZL.PhP 0.92 allows ...)
	NOT-FOR-US: BbZL.PhP
CVE-2008-4706 (SQL injection vulnerability in VBGooglemap Hotspot Edition 1.0.3, a vB ...)
	NOT-FOR-US: VBGooglemap Hotspot Edition
CVE-2008-4705 (SQL injection vulnerability in success_story.php in php Online Dating  ...)
	NOT-FOR-US: MyPHPDating
CVE-2008-4704 (PHP remote file inclusion vulnerability in SezHooTabsAndActions.php in ...)
	NOT-FOR-US: SezHoo
CVE-2008-4703 (SQL injection vulnerability in news.php in BosDev BosNews 4.0 allows r ...)
	NOT-FOR-US: BosDev BosNews
CVE-2008-4702 (Multiple directory traversal vulnerabilities in PhpWebGallery 1.3.4 al ...)
	NOT-FOR-US: PhpWebGallery
CVE-2008-4701 (SQL injection vulnerability in admin.php in Libera CMS 1.12, when magi ...)
	NOT-FOR-US: Libera CMS
CVE-2008-4700 (SQL injection vulnerability in admin.php in Libera CMS 1.12 and earlie ...)
	NOT-FOR-US: Libera CMS
CVE-2008-4699 (Insecure method vulnerability in the ActiveX control (PAWWeb11.ocx) in ...)
	NOT-FOR-US: Peachtree Accounting
CVE-2008-4698 (Opera before 9.61 does not properly block scripts during preview of a  ...)
	NOT-FOR-US: Opera
CVE-2008-4697 (The Fast Forward feature in Opera before 9.61, when a page is located  ...)
	NOT-FOR-US: Opera
CVE-2008-4696 (Cross-site scripting (XSS) vulnerability in Opera.dll in Opera before  ...)
	NOT-FOR-US: Opera
CVE-2008-4695 (Opera before 9.60 allows remote attackers to obtain sensitive informat ...)
	NOT-FOR-US: Opera
CVE-2008-4694 (Unspecified vulnerability in Opera before 9.60 allows remote attackers ...)
	NOT-FOR-US: Opera
CVE-2008-4693 (The SORT/LIST SERVICES component in IBM DB2 9.1 before FP6 and 9.5 bef ...)
	NOT-FOR-US: IBM DB2
CVE-2008-4692 (The Native Managed Provider for .NET component in IBM DB2 8 before FP1 ...)
	NOT-FOR-US: IBM DB2
CVE-2008-4691 (Unspecified vulnerability in the SQLNLS_UNPADDEDCHARLEN function in th ...)
	NOT-FOR-US: IBM DB2
CVE-2008-4690 (lynx 2.8.6dev.15 and earlier, when advanced mode is enabled and lynx i ...)
	- lynx <not-affected> (advanced mode is not switched on in Debian configurations and lynxcgi handlers are really unlikely)
CVE-2008-4689 (Mantis before 1.1.3 does not unset the session cookie during logout, w ...)
	- mantis 1.1.2+dfsg-9 (low; bug #503588)
CVE-2008-4688 (core/string_api.php in Mantis before 1.1.3 does not check the privileg ...)
	- mantis 1.1.2+dfsg-9 (low; bug #503588)
CVE-2008-4685 (Use-after-free vulnerability in the dissect_q931_cause_ie function in  ...)
	{DSA-1673-1}
	- wireshark 1.0.4-1 (low; bug #503589)
	[lenny] - wireshark 1.0.2-3+lenny2
CVE-2008-4684 (packet-frame in Wireshark 0.99.2 through 1.0.3 does not properly handl ...)
	{DSA-1673-1}
	- wireshark 1.0.4-1 (low; bug #503589)
	[lenny] - wireshark 1.0.2-3+lenny2
CVE-2008-4683 (The dissect_btacl function in packet-bthci_acl.c in the Bluetooth ACL  ...)
	{DSA-1673-1}
	- wireshark 1.0.4-1 (low; bug #503589)
	[lenny] - wireshark 1.0.2-3+lenny2
CVE-2008-4682 (wtap.c in Wireshark 0.99.7 through 1.0.3 allows remote attackers to ca ...)
	- wireshark 1.0.4-1 (low; bug #503589)
	[etch] - wireshark <not-affected> (Vulnerable code not present, introduced in 0.99.7)
	[lenny] - wireshark 1.0.2-3+lenny2
CVE-2008-4681 (Unspecified vulnerability in the Bluetooth RFCOMM dissector in Wiresha ...)
	- wireshark 1.0.4-1 (low; bug #503589)
	[etch] - wireshark <not-affected> (Vulnerable code not present, introduced in 0.99.7)
	[lenny] - wireshark 1.0.2-3+lenny2
CVE-2008-4680 (packet-usb.c in the USB dissector in Wireshark 0.99.7 through 1.0.3 al ...)
	- wireshark 1.0.4-1 (low; bug #503589)
	[etch] - wireshark <not-affected> (Vulnerable code not present, introduced in 0.99.7)
	[lenny] - wireshark 1.0.2-3+lenny2
CVE-2008-4679 (The Web Services Security component in IBM WebSphere Application Serve ...)
	NOT-FOR-US: IBM Websphere
CVE-2008-4678 (The HTTP_Request_Parser method in the HTTP Transport component in IBM  ...)
	NOT-FOR-US: IBM Websphere
CVE-2008-4677 (autoload/netrw.vim (aka the Netrw Plugin) 109, 131, and other versions ...)
	- vim <unfixed> (unimportant)
	NOTE: documented in netrw documentation
CVE-2008-XXXX [local file inclusion in drupal]
	- drupal6 6.6-1 (low; bug #503222)
	- drupal5 5.10-3 (low; bug #503217)
CVE-2008-XXXX [XSS in book module in drupal]
	- drupal6 6.6-1 (low; bug #503222)
	- drupal5 <not-affected> (vulnerable code not present)
CVE-2008-4676 (Unspecified vulnerability in Citrix XenApp (formerly Presentation Serv ...)
	NOT-FOR-US: Citrix XenApp
CVE-2008-4675 (SQL injection vulnerability in index.php in PHPcounter 1.3.2 and earli ...)
	NOT-FOR-US: PHPcounter
CVE-2008-4674 (SQL injection vulnerability in realestate-index.php in Conkurent Real  ...)
	NOT-FOR-US: Conkurent Real Estate Manager
CVE-2008-4673 (PHP remote file inclusion vulnerability in panel/common/theme/default/ ...)
	NOT-FOR-US: WebBiscuits Software Events Calendar
CVE-2008-4672 (Cross-site scripting (XSS) vulnerability in search_results.php in buym ...)
	NOT-FOR-US: buymyscripts Lyrics Script
CVE-2008-4671 (Cross-site scripting (XSS) vulnerability in wp-admin/wp-blogs.php in W ...)
	- wordpress <not-affected> (Vulnerable code only in mulitiuser wordpress)
CVE-2008-4670 (Cross-site scripting (XSS) vulnerability in search.php in Ed Pudol Cli ...)
	NOT-FOR-US: Ed Pudol Clickbank Portal
CVE-2008-4669 (Cross-site scripting (XSS) vulnerability in search.php in Dan Fletcher ...)
	NOT-FOR-US: Dan Fletcher Recipe Script
CVE-2008-4668 (Directory traversal vulnerability in the Image Browser (com_imagebrows ...)
	NOT-FOR-US: com_imagebrowser for Joomla!
CVE-2008-4667 (Directory traversal vulnerability in rss.php in ArabCMS 2.0 beta 1 all ...)
	NOT-FOR-US: ArabCMS
CVE-2008-4666 (SQL injection vulnerability in webboard.php in Ultimate Webboard 3.00  ...)
	NOT-FOR-US: Ultimate Webboard
CVE-2008-4665 (SQL injection vulnerability in PG Matchmaking allows remote attackers  ...)
	NOT-FOR-US: PG Matchmaking
CVE-2008-4664 (Heap-based buffer overflow in QvodInsert.QvodCtrl.1 ActiveX control (Q ...)
	NOT-FOR-US: QvodInsert
CVE-2008-4663 (Cross-site scripting (XSS) vulnerability in analysis.cgi 1.44, as used ...)
	NOT-FOR-US: K's CGI Access Log Kaiseki
CVE-2008-4662 (Directory traversal vulnerability in admin.php in LokiCMS 0.3.4, when  ...)
	NOT-FOR-US: LokiCMS
CVE-2008-4661 (Cross-site scripting (XSS) vulnerability in the Page Improvements (sm_ ...)
	NOT-FOR-US: sm_pageimprovements for TYPO3
CVE-2008-4660 (SQL injection vulnerability in the M1 Intern (m1_intern) 1.0.0 extensi ...)
	NOT-FOR-US: m1_intern for TYPO3
CVE-2008-4659 (SQL injection vulnerability in the Mannschaftsliste (kiddog_playerlist ...)
	NOT-FOR-US: kiddog_playerlist for TYPO3
CVE-2008-4658 (SQL injection vulnerability in the JobControl (dmmjobcontrol) 1.15.4 a ...)
	NOT-FOR-US: dmmjobcontrol for TYPO3
CVE-2008-4657 (SQL injection vulnerability in the Econda Plugin (econda) 0.0.2 and ea ...)
	NOT-FOR-US: econda for TYPO3
CVE-2008-4656 (SQL injection vulnerability in the Frontend Users View (feusersview) 0 ...)
	NOT-FOR-US: fersview for TYPO3
CVE-2008-4655 (SQL injection vulnerability in the Simple survey (simplesurvey) 1.7.0  ...)
	NOT-FOR-US: simplesurvey for TYPO3
CVE-2008-4653 (SQL injection vulnerability in makale.php in Makale 0.26 and possibly  ...)
	NOT-FOR-US: Makale module for XOOPS
CVE-2008-4652 (Buffer overflow in the ActiveX control (DartFtp.dll) in Dart Communica ...)
	NOT-FOR-US: Dart Communications PowerTCP FTP
CVE-2008-4651 (Multiple SQL injection vulnerabilities in Jetbox CMS 2.1 allow remote  ...)
	NOT-FOR-US: Jetbox CMS
CVE-2008-4650 (SQL injection vulnerability in viewevent.php in myEvent 1.6 allows rem ...)
	NOT-FOR-US: myEvent
CVE-2008-4649 (Session fixation vulnerability in Elxis CMS 2008.1 revision 2204 allow ...)
	NOT-FOR-US: Elxis
CVE-2008-4648 (Cross-site scripting (XSS) vulnerability in index.php in Elxis CMS 200 ...)
	NOT-FOR-US: Elxis
CVE-2008-4647 (SQL injection vulnerability in index.php in sweetCMS 1.5.2 allows remo ...)
	NOT-FOR-US: sweetCMS
CVE-2008-4646 (The Websense Reporter Module in Websense Enterprise 6.3.2 stores the S ...)
	NOT-FOR-US: Websense Enterprise
CVE-2008-4645 (plugins/event_tracer/event_list.php in PhpWebGallery 1.7.2 and earlier ...)
	NOT-FOR-US: PhpWebGallery
CVE-2008-4644 (hits.php in myWebland myStats allows remote attackers to bypass IP add ...)
	NOT-FOR-US: myWebland myStats
CVE-2008-4643 (SQL injection vulnerability in hits.php in myWebland myStats allows re ...)
	NOT-FOR-US: myWebland myStats
CVE-2008-4642 (SQL injection vulnerability in profile.php in AstroSPACES 1.1.1 allows ...)
	NOT-FOR-US: AstroSPACES
CVE-2008-4641 (The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and ea ...)
	- jhead 2.84-2 (low; bug #503645)
CVE-2008-4640 (The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and ea ...)
	- jhead 2.85-1 (unimportant; bug #504194)
	NOTE: no issue, jhead is just unlinking the output file if it already exists, this is not following symlinks
CVE-2008-4639 (jhead.c in Matthias Wandel jhead 2.84 and earlier allows local users t ...)
	- jhead 2.84-1 (low)
CVE-2008-4638 (qioadmin in the Quick I/O for Database feature in Symantec Veritas Fil ...)
	NOT-FOR-US: Symantec VxFS
CVE-2008-4637 (Cross-site scripting (XSS) vulnerability in cpCommerce before 1.2.4 al ...)
	NOT-FOR-US: cpCommerce
CVE-2008-4636 (yast2-backup 2.14.2 through 2.16.6 on SUSE Linux and Novell Linux allo ...)
	NOT-FOR-US: SUSE Linux and Novell Linux (yast2-backup)
CVE-2008-4635 (Unspecified vulnerability in Hisanaga Electric Co, Ltd. hisa_cart 1.29 ...)
	NOT-FOR-US: XOOPS module
CVE-2008-4634 (Cross-site scripting (XSS) vulnerability in Movable Type 4 through 4.2 ...)
	- movabletype-opensource 4.2.1-3 (low; bug #503114)
CVE-2008-4633 (SQL injection vulnerability in Node Vote 5.x before 5.x-1.1 and 6.x be ...)
	NOT-FOR-US: Node Vote
CVE-2008-4632 (Multiple directory traversal vulnerabilities in index.php in Kure 0.6. ...)
	NOT-FOR-US: Kure
CVE-2008-4631 (Stack-based buffer overflow in the Message::AddToString function in me ...)
	NOT-FOR-US: MUSCLE, NOTE this is not the multiple alignment program for protein sequences in Debian
CVE-2008-4630 (Multiple unspecified vulnerabilities in Midgard Components (MidCOM) Fr ...)
	NOT-FOR-US: Midgard Components Framework
CVE-2008-4629 (Cross-site scripting (XSS) vulnerability in Usagi Project MyNETS 1.2.0 ...)
	NOT-FOR-US: Usagi Project MyNETS
CVE-2008-4628 (SQL injection vulnerability in del.php in myWebland miniBloggie 1.0 al ...)
	NOT-FOR-US: myWebland miniBloggie
CVE-2008-4627 (SQL injection vulnerability in the rGallery plugin 1.09 for WoltLab Bu ...)
	NOT-FOR-US: WoltLab Burning Board
CVE-2008-4626 (Directory traversal vulnerability in index.php in Fritz Berger yet ano ...)
	NOT-FOR-US: yappa-ng
CVE-2008-4625 (SQL injection vulnerability in stnl_iframe.php in the ShiftThis Newsle ...)
	NOT-FOR-US: st_newsletter plugin for WordPress
CVE-2008-4624 (PHP remote file inclusion vulnerability in init.php in Fast Click SQL  ...)
	NOT-FOR-US: Fast Click SQL Lite
CVE-2008-4623 (SQL injection vulnerability in the DS-Syndicate (com_ds-syndicate) com ...)
	NOT-FOR-US: DS-Syndicate
CVE-2008-4622 (The isLoggedIn function in fastnews-code.php in phpFastNews 1.0.0 allo ...)
	NOT-FOR-US: phpFastNews
CVE-2008-4621 (SQL injection vulnerability in bannerclick.php in ZeeScripts Zeeproper ...)
	NOT-FOR-US: ZeeScripts Zeeproperty
CVE-2008-4620 (SQL injection vulnerability in Meeting Room Booking System (MRBS) befo ...)
	NOT-FOR-US: Meeting Room Booking System
CVE-2008-4619 (The RPC subsystem in Sun Solaris 9 allows remote attackers to cause a  ...)
	NOT-FOR-US: Sun Solaris
CVE-2008-4618 (The Stream Control Transmission Protocol (sctp) implementation in the  ...)
	{DSA-1681-1}
	- linux-2.6 2.6.26-10
	[etch] - linux-2.6 <not-affected>
	- linux-2.6.24 2.6.24-6~etchnhalf.7
	NOTE: ba0166708ef4da7eeb61dd92bbba4d5a749d6561
CVE-2008-4617 (SQL injection vulnerability in the actualite module 1.0 for Joomla! al ...)
	NOT-FOR-US: actualite module for Joomla!
CVE-2008-4616 (The SpamBam plugin for WordPress allows remote attackers to bypass res ...)
	NOT-FOR-US: SpamBam plugin for WordPress
CVE-2008-4615 (Unspecified vulnerability in i_utils.asp in PortalApp before 4.01a has ...)
	NOT-FOR-US: PortalApp
CVE-2008-4614 (PortalApp 4.0 does not require authentication for (1) forums.asp and ( ...)
	NOT-FOR-US: PortalApp
CVE-2008-4613 (SQL injection vulnerability in forums.asp in PortalApp 4.0 allows remo ...)
	NOT-FOR-US: PortalApp
CVE-2008-4612 (Cross-site scripting (XSS) vulnerability in PortalApp 4.0 allows remot ...)
	NOT-FOR-US: PortalApp
CVE-2008-4611 (SQL injection vulnerability in index.php in PHP Arsivimiz Php Ziyaretc ...)
	NOT-FOR-US: PHP Arsivimiz Php Ziyaretci Defteri
CVE-2008-4610 (MPlayer allows remote attackers to cause a denial of service (applicat ...)
	{DTSA-181-1}
	- mplayer 1.0~rc2-20 (bug #407010)
	NOTE: only the aac issue affected mplayer because it built against a copy of faad
	NOTE: the ogm issue is a problem in ffmpeg
	- ffmpeg-debian <unfixed> (unimportant; bug #509616)
	- ffmpeg 7:2.4.1-1 (unimportant)
	- xmovie <removed> (unimportant)
	NOTE: just a crasher, no security implications known so far
	NOTE: http://sam.zoy.org/blog/2007-01-16-exposing-file-parsing-vulnerabilities
CVE-2008-4609 (The TCP implementation in (1) Linux, (2) platforms based on BSD Unix,  ...)
	- linux <unfixed> (unimportant)
	- linux-2.6 <removed> (unimportant)
	- linux-2.6.24 <removed> (unimportant)
	NOTE: this is a design flaw in TCP itself; maximum impact is a denial-of-service
	NOTE: there is no upstream solution
	NOTE: see http://kbase.redhat.com/faq/docs/DOC-18730 for possible mitigation via iptables
	NOTE: also see usage of ipt_connlimit as a mitigation strategy
CVE-2008-4608
	REJECTED
CVE-2008-4607
	REJECTED
CVE-2008-4606 (Multiple SQL injection vulnerabilities in IP Reg 0.4 and earlier allow ...)
	NOT-FOR-US: IP Reg
CVE-2008-4605 (SQL injection vulnerability in CafeEngine allows remote attackers to e ...)
	NOT-FOR-US: CafeEngine
CVE-2008-4604 (SQL injection vulnerability in index.php in Easy CafeEngine 1.1 allows ...)
	NOT-FOR-US: CafeEngine
CVE-2008-4603 (SQL injection vulnerability in search.php in iGaming CMS 2.0 Alpha 1 a ...)
	NOT-FOR-US: iGaming CM
CVE-2008-4602 (Directory traversal vulnerability in index.php in Post Affiliate Pro 2 ...)
	NOT-FOR-US: Post Affiliate Pro
CVE-2008-4601 (Cross-site scripting (XSS) vulnerability in the login feature in Habar ...)
	NOT-FOR-US: Habari CMS
CVE-2008-4600 (configure.php in PokerMax Poker League Tournament Script 0.13 allows r ...)
	NOT-FOR-US: PokerMax Poker League Tournament Script
CVE-2008-4599 (SQL injection vulnerability in category.php in Mosaic Commerce allows  ...)
	NOT-FOR-US: Mosaic Commerce
CVE-2008-4598 (Unspecified vulnerability in Shindig-Integrator 5.x, a module for Drup ...)
	NOT-FOR-US: Shindig-Integrator module for Drupal
CVE-2008-4597 (Shindig-Integrator 5.x, a module for Drupal, does not properly restric ...)
	NOT-FOR-US: Shindig-Integrator module for Drupal
CVE-2008-4596 (Cross-site scripting (XSS) vulnerability in Shindig-Integrator 5.x, a  ...)
	NOT-FOR-US: Shindig-Integrator module for Drupal
CVE-2008-4595 (Multiple unspecified vulnerabilities in Slaytanic Scripts Content Plus ...)
	NOT-FOR-US: Slaytanic Scripts Content Plus
CVE-2008-4594 (Unspecified vulnerability in the SNMPv3 component in Linksys WAP4400N  ...)
	NOT-FOR-US: Linksys WAP4400N firmware
CVE-2008-4593 (Apple iPhone 2.1 with firmware 5F136, when Require Passcode is enabled ...)
	NOT-FOR-US: Apple iPhone 2.1 with firmware 5F136
CVE-2008-4654 (Stack-based buffer overflow in the parse_master function in the Ty dem ...)
	- vlc 1.0.3-1 (low; bug #502726)
	[etch] - vlc <not-affected> (introduced in 0.9.0)
	[lenny] - vlc <not-affected> (introduced in 0.9.0)
CVE-2008-4686 (Multiple integer overflows in ty.c in the TY demux plugin (aka the TiV ...)
	{DSA-1819-1 DTSA-175-1}
	- vlc 0.8.6.h-4.1 (medium; bug #503118)
CVE-2008-4687 (manage_proj_page.php in Mantis before 1.1.4 allows remote authenticate ...)
	- mantis 1.1.2+dfsg-7 (medium; bug #502728)
	NOTE: only registered users can perform this
CVE-2008-4592 (Directory traversal vulnerability in index.php in Sports Clubs Web Pan ...)
	NOT-FOR-US: Sports Clubs Web Panel
CVE-2008-4591 (Multiple cross-site scripting (XSS) vulnerabilities in admin/include/i ...)
	NOT-FOR-US: PhpWebGallery
CVE-2008-4590 (Multiple SQL injection vulnerabilities in Stash 1.0.3 allow remote att ...)
	NOT-FOR-US: Stash
CVE-2008-4589 (Heap-based buffer overflow in the tvtumin.sys kernel driver in Lenovo  ...)
	NOT-FOR-US: Lenovo Rescue and Recovery
CVE-2008-4588 (Stack-based buffer overflow in the FTP server in Etype Eserv 3.x, poss ...)
	NOT-FOR-US: Etype Eserv
CVE-2008-4587 (Insecure method vulnerability in the MSVNClientDownloadManager61Lib.Do ...)
	NOT-FOR-US: Macrovision FLEXnet Connect
CVE-2008-4586 (Insecure method vulnerability in the MVSNCLientWebAgent61.WebAgent.1 A ...)
	NOT-FOR-US: Macrovision FLEXnet Connect
CVE-2008-4585 (Belong Software Site Builder 0.1 beta allows remote attackers to bypas ...)
	NOT-FOR-US: Software Site Builder
CVE-2008-4584 (Insecure method vulnerability in Chilkat Mail 7.8 ActiveX control (Chi ...)
	NOT-FOR-US: Chilkat Mail
CVE-2008-4583 (Insecure method vulnerability in the Chilkat FTP 2.0 ActiveX component ...)
	NOT-FOR-US: Chilkat FTP
CVE-2008-4582 (Mozilla Firefox 3.0.1 through 3.0.3, Firefox 2.x before 2.0.0.18, and  ...)
	{DSA-1697-1 DSA-1696-1 DSA-1671-1 DSA-1669-1}
	- xulrunner 1.9.0.4-1
	- iceweasel 3.0.4-1
	- iceape 1.1.13-1
	- icedove 2.0.0.19-1
CVE-2008-4581 (The Editor in IBM ENOVIA SmarTeam 5 before release 18 SP5, and release ...)
	NOT-FOR-US: IBM ENOVIA SmarTeam
CVE-2008-4580 (fence_manual, as used in fence 2.02.00-r1 and possibly cman, allows lo ...)
	- redhat-cluster 2.20080801-1 (low; bug #496410)
	[etch] - redhat-cluster <no-dsa> (Minor issue)
	NOTE: already fixed in lenny
CVE-2008-4579 (The (1) fence_apc and (2) fence_apc_snmp programs, as used in (a) fenc ...)
	- redhat-cluster 2.20081102-1 (low; bug #496410)
	[lenny] - redhat-cluster 2.20080801-4+lenny1
	[etch] - redhat-cluster <no-dsa> (Minor issue)
CVE-2008-4578 (The ACL plugin in Dovecot before 1.1.4 allows attackers to bypass inte ...)
	- dovecot 1:1.1.9-1 (low; bug #502967)
	[etch] - dovecot <no-dsa> (Minor issue)
	[lenny] - dovecot <no-dsa> (Minor issue)
CVE-2008-4577 (The ACL plugin in Dovecot before 1.1.4 treats negative access rights a ...)
	- dovecot 1:1.0.15-2.2 (low; bug #502967)
	[etch] - dovecot <no-dsa> (Minor issue)
CVE-2008-4576 (sctp in Linux kernel before 2.6.25.18 allows remote attackers to cause ...)
	{DSA-1687-1 DSA-1681-1}
	- linux-2.6 2.6.26-9
	- linux-2.6.24 2.6.24-6~etchnhalf.7
CVE-2008-4575 (Buffer overflow in the DoCommand function in jhead before 2.84 might a ...)
	- jhead 2.84-1 (bug #502353; low)
CVE-2008-4571 (Cross-site scripting (XSS) vulnerability in the LiveSearch module in P ...)
	- plone3 3.0.4-1 (low)
CVE-2008-4569 (SQL injection vulnerability in xlacomments.asp in XIGLA Software Absol ...)
	NOT-FOR-US: XIGLA Software Absolute Poll Manager
CVE-2008-4574 (SQL injection vulnerability in default.asp in Ayco Okul Portali allows ...)
	NOT-FOR-US: Ayco Okul Portali
CVE-2008-4573 (SQL injection vulnerability in kategori.asp in MunzurSoft Wep Portal W ...)
	NOT-FOR-US: MunzurSoft Wep Portal W3
CVE-2008-4572 (GuildFTPd 0.999.14, and possibly other versions, allows remote attacke ...)
	NOT-FOR-US: GuildFTPd
CVE-2008-4570 (SQL injection vulnerability in index.php in Real Estate Classifieds al ...)
	NOT-FOR-US: Real Estate Classifieds
CVE-2008-4568
	RESERVED
CVE-2008-4567
	RESERVED
CVE-2008-4566
	RESERVED
CVE-2008-4565
	RESERVED
CVE-2008-4564 (Stack-based buffer overflow in wp6sr.dll in the Autonomy KeyView SDK 1 ...)
	NOT-FOR-US: Autonomy KeyView SDK
CVE-2008-4563 (Heap-based buffer overflow in adsmdll.dll 5.3.7.7296, as used by the d ...)
	NOT-FOR-US: IBM Tivoli Storage Manager
CVE-2008-4562 (Buffer overflow in the ovlaunch CGI program in HP OpenView Network Nod ...)
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2008-4561
	RESERVED
CVE-2008-4560 (HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows  ...)
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2008-4559 (HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows  ...)
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2008-4557 (plugins/wacko/highlight/html.php in Strawberry in CuteNews.ru 1.1.1 (a ...)
	NOT-FOR-US: CuteNews.ru
CVE-2008-4556 (Stack-based buffer overflow in the adm_build_path function in sadmind  ...)
	NOT-FOR-US: Sun Solstice AdminSuite
CVE-2008-4555 (Stack-based buffer overflow in the push_subg function in parser.y (lib ...)
	- graphviz 2.20.2-3 (low)
	[etch] - graphviz 2.8-3+etch1
	NOTE: minor issue fixed in etch r6 point update
CVE-2008-4554 (The do_splice_from function in fs/splice.c in the Linux kernel before  ...)
	{DSA-1687-1 DSA-1681-1}
	- linux-2.6 2.6.26-9
	- linux-2.6.24 2.6.24-6~etchnhalf.7
CVE-2008-4553 (qemu-make-debian-root in qemu 0.9.1-5 on Debian GNU/Linux allows local ...)
	{DSA-1657-1}
	- qemu 0.9.1-6 (low; bug #496394)
CVE-2008-4552 (The good_client function in nfs-utils 1.0.9, and possibly other versio ...)
	- nfs-utils 1:1.1.3-1
	[lenny] - nfs-utils 1:1.1.2-6lenny1
	[etch] - nfs-utils <no-dsa> (Minor issue)
CVE-2008-4551 (strongSwan 4.2.6 and earlier allows remote attackers to cause a denial ...)
	- strongswan 4.2.4-5 (bug #502676)
	[etch] - strongswan <not-affected> (Vulnerable code not present)
CVE-2008-4550
	RESERVED
CVE-2008-4549 (The ImageShack Toolbar ActiveX control (ImageShackToolbar.dll) in Imag ...)
	NOT-FOR-US: ImageShack Toolbar ActiveX control
CVE-2008-4548 (Stack-based buffer overflow in the PTZCamPanelCtrl ActiveX control (Ca ...)
	NOT-FOR-US: PTZCamPanelCtrl ActiveX control
CVE-2008-4547 (Heap-based buffer overflow in the PdvrAtl.PdvrOcx.1 ActiveX control (p ...)
	NOT-FOR-US: DVRHOST Web CMS
CVE-2008-4546 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Ad ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2008-4558 (Array index error in VLC media player 0.9.2 allows remote attackers to ...)
	- vlc 0.9.3-1 (medium; bug #502314)
	[etch] - vlc <not-affected> (introduced in 0.9.0)
	[lenny] - vlc <not-affected> (introduced in 0.9.0)
CVE-2008-4545 (Cisco Unity 4.x before 4.2(1)ES161, 5.x before 5.0(1)ES53, and 7.x bef ...)
	NOT-FOR-US: Cisco
CVE-2008-4544 (Unspecified vulnerability in an unspecified Microsoft API, as used by  ...)
	NOT-FOR-US: Microsoft
CVE-2008-4543 (Cisco Unity 4.x before 4.2(1)ES161, 5.x before 5.0(1)ES53, and 7.x bef ...)
	NOT-FOR-US: Cisco
CVE-2008-4542 (Cross-site scripting (XSS) vulnerability in Cisco Unity 4.x before 4.2 ...)
	NOT-FOR-US: Cisco
CVE-2008-4541 (Heap-based buffer overflow in the FTP subsystem in Sun Java System Web ...)
	NOT-FOR-US: Sun Java System Web Proxy Server
CVE-2008-4540 (Windows Mobile 6 on the HTC Hermes device makes WLAN passwords availab ...)
	NOT-FOR-US: Windows Mobile
CVE-2008-4539 (Heap-based buffer overflow in the Cirrus VGA implementation in (1) KVM ...)
	{DSA-1799-1}
	- qemu 0.9.1+svn20081101-1 (low; bug #526040)
	[etch] - qemu <not-affected> (Vulnerable code not present)
CVE-2008-4538
	RESERVED
CVE-2008-4537 (Cross-site scripting (XSS) vulnerability in EC-CUBE Ver1 1.4.6 and ear ...)
	NOT-FOR-US: EC-CUBE
CVE-2008-4536 (Cross-site scripting (XSS) vulnerability in EC-CUBE Ver1 1.4.6 and ear ...)
	NOT-FOR-US: EC-CUBE
CVE-2008-4535 (Cross-site scripting (XSS) vulnerability in EC-CUBE Ver2 2.1.2a and ea ...)
	NOT-FOR-US: EC-CUBE
CVE-2008-4534 (SQL injection vulnerability in EC-CUBE Ver2 2.1.2a and earlier, and Ve ...)
	NOT-FOR-US: EC-CUBE
CVE-2008-5299 (chm2pdf 0.9 allows user-assisted local users to delete arbitrary files ...)
	- chm2pdf 0.9.1-1.1 (low; bug #501959)
CVE-2008-5298 (chm2pdf 0.9 uses temporary files in directories with fixed names, whic ...)
	- chm2pdf 0.9.1-1.1 (low; bug #501959)
CVE-2008-4533 (Cross-site scripting (XSS) vulnerability in Kantan WEB Server 1.8 and  ...)
	NOT-FOR-US: Kantan WEB Server
CVE-2008-4532 (Cross-site scripting (XSS) vulnerability in index.php in MaxiScript We ...)
	NOT-FOR-US: MaxiScript Website Directory
CVE-2008-4531 (SQL injection vulnerability in Brilliant Gallery 5.x before 5.x-4.2, a ...)
	NOT-FOR-US: Brilliant Gallery (drupal module)
CVE-2008-4530 (Cross-site scripting (XSS) vulnerability in Brilliant Gallery 5.x befo ...)
	NOT-FOR-US: Brilliant Gallery (drupal module)
CVE-2008-4529 (Multiple PHP remote file inclusion vulnerabilities in asiCMS alpha 0.2 ...)
	NOT-FOR-US: asiCMS
CVE-2008-4528 (Directory traversal vulnerability in notes.php in Phlatline's Personal ...)
	NOT-FOR-US: Phlatline's Personal Information Manager
CVE-2008-4527 (SQL injection vulnerability in recept.php in the Recepies (Recept) mod ...)
	NOT-FOR-US: PHP-Fusion
CVE-2008-4526 (Multiple directory traversal vulnerabilities in CCMS 3.1 allow remote  ...)
	NOT-FOR-US: CCMS
CVE-2008-4525 (SQL injection vulnerability in index.php in AmpJuke 0.7.5 allows remot ...)
	NOT-FOR-US: AmpJuke
CVE-2008-4524 (SQL injection vulnerability in the "Check User" feature (includes/chec ...)
	NOT-FOR-US: AdaptCMS
CVE-2008-4523 (SQL injection vulnerability in login.php in IP Reg 0.4 and earlier all ...)
	NOT-FOR-US: IP Reg
CVE-2008-4522 (Multiple directory traversal vulnerabilities in JMweb MP3 Music Audio  ...)
	NOT-FOR-US: JMweb MP3 Music Audio Search and Download Script
CVE-2008-4521 (SQL injection vulnerability in thisraidprogress.php in the World of Wa ...)
	NOT-FOR-US: World of Warcraft tracker
CVE-2008-4520 (Cross-site scripting (XSS) vulnerability in bulk_update.pl in AutoNess ...)
	NOT-FOR-US: AutoNessus
CVE-2008-4519 (Multiple directory traversal vulnerabilities in Fastpublish CMS 1.9999 ...)
	NOT-FOR-US: Fastpublish CMS
CVE-2008-4518 (Multiple SQL injection vulnerabilities in Fastpublish CMS 1.9.9.9.9 d  ...)
	NOT-FOR-US: Fastpublish CMS
CVE-2008-4517 (SQL injection vulnerability in leggi.php in geccBBlite 2.0 allows remo ...)
	NOT-FOR-US: geccBBlite
CVE-2008-4516 (SQL injection vulnerability in galerie.php in Galerie 3.2 allows remot ...)
	NOT-FOR-US: Galerie
CVE-2008-4515 (Blue Coat K9 Web Protection 4.0.230 Beta relies on client-side JavaScr ...)
	NOT-FOR-US: Blue Coat K9 Web Protection
CVE-2008-4514 (The HTML parser in KDE Konqueror 3.5.9 allows remote attackers to caus ...)
	- kdebase <unfixed> (unimportant)
	NOTE: browser crash is a non-issue
CVE-2008-4513 (Cross-site scripting (XSS) vulnerability in BBcode API module in Phoru ...)
	NOT-FOR-US: Phorum
CVE-2008-4512 (ASP/MS Access Shoutbox, probably 1.1 beta, stores db/shoutdb.mdb under ...)
	NOT-FOR-US: ASP/MS Access Shoutbox
CVE-2008-4511 (Todd Woolums ASP News Management, possibly 2.21, stores db/news.mdb un ...)
	NOT-FOR-US: Todd Woolums ASP News Management
CVE-2008-4510 (Microsoft Windows Vista Home and Ultimate Edition SP1 and earlier allo ...)
	NOT-FOR-US: Microsoft
CVE-2008-4509 (Unrestricted file upload vulnerability in processFiles.php in FOSS Gal ...)
	NOT-FOR-US: FOSS Gallery
CVE-2008-4508 (Stack-based buffer overflow in the file parsing function in Tonec Inte ...)
	NOT-FOR-US: Tonec Internet Download Manager
CVE-2008-4507 (Unspecified vulnerability in IBM Lotus Quickr 8.1 before Fix pack 1 (8 ...)
	NOT-FOR-US: IBM Lotus Quickr
CVE-2008-4506 (Unspecified vulnerability in IBM Lotus Quickr 8.1 before Fix pack 1 (8 ...)
	NOT-FOR-US: IBM Lotus Quickr
CVE-2008-4505 (Unspecified vulnerability in IBM Lotus Quickr 8.1 before Fix pack 1 (8 ...)
	NOT-FOR-US: IBM Lotus Quickr
CVE-2008-4504 (Heap-based buffer overflow in Mplayer.exe in Herosoft Inc. Hero DVD Pl ...)
	NOT-FOR-US: Herosoft Inc. Hero DVD Player
CVE-2008-4503 (The Settings Manager in Adobe Flash Player 9.0.124.0 and earlier allow ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2008-4482 (The XML parser in Xerces-C++ before 3.0.0 allows context-dependent att ...)
	- xerces-c2 <unfixed> (unimportant; bug #502102)
	NOTE: Hardly a security issue, anyone who's concerned about this should use Xerces 3
CVE-2008-4480 (Heap-based buffer overflow in dhost.exe in Novell eDirectory 8.x befor ...)
	NOT-FOR-US: Novell eDirectory
CVE-2008-4479 (Heap-based buffer overflow in dhost.exe in Novell eDirectory 8.8 befor ...)
	NOT-FOR-US: Novell eDirectory
CVE-2008-4478 (Multiple integer overflows in dhost.exe in Novell eDirectory 8.8 befor ...)
	NOT-FOR-US: Novell eDirectory
CVE-2008-4473 (Multiple heap-based buffer overflows in Adobe Flash CS3 Professional o ...)
	NOT-FOR-US: Flash CS3 Professional
CVE-2008-4502 (Multiple PHP remote file inclusion vulnerabilities in DataFeedFile (DF ...)
	NOT-FOR-US: DataFeedFile PHP Framework API
CVE-2008-4501 (Directory traversal vulnerability in the FTP server in Serv-U 7.0.0.1  ...)
	NOT-FOR-US: Serv-U
CVE-2008-4500 (Serv-U 7.0.0.1 through 7.3, including 7.2.0.1, allows remote authentic ...)
	NOT-FOR-US: Serv-U
CVE-2008-4499 (Multiple directory traversal vulnerabilities in PHP Web Explorer 0.99b ...)
	NOT-FOR-US: PHP Web Explorer
CVE-2008-4498 (SQL injection vulnerability in searchresults.php in PHP Autos 2.9.1 al ...)
	NOT-FOR-US: PHP Autos
CVE-2008-4497 (SQL injection vulnerability in event_detail.php in Built2Go Real Estat ...)
	NOT-FOR-US: Built2Go Real Estate Listings
CVE-2008-4496 (SQL injection vulnerability in view_cat.php in PHP Realtor 1.5 allows  ...)
	NOT-FOR-US: PHP Realtor
CVE-2008-4495 (SQL injection vulnerability in view_cat.php in PHP Auto Dealer 2.7 all ...)
	NOT-FOR-US: PHP Auto Dealer
CVE-2008-4494 (SQL injection vulnerability in completed-advance.php in TorrentTrader  ...)
	NOT-FOR-US: TorrentTrader Classic
CVE-2008-4493 (Microsoft PicturePusher ActiveX control (PipPPush.DLL 7.00.0709), as u ...)
	NOT-FOR-US: PicturePusher ActiveX
CVE-2008-4492 (SQL injection vulnerability in referrals.php in YourOwnBux 4.0 allows  ...)
	NOT-FOR-US: YourOwnBux
CVE-2008-4491 (Apple Mail.app 3.5 on Mac OS X, when "Store draft messages on the serv ...)
	NOT-FOR-US: Mac OS
CVE-2008-4490 (Directory traversal vulnerability in config.inc.php in phpAbook 0.8.8b ...)
	NOT-FOR-US: phpAbook
CVE-2008-4489 (Directory traversal vulnerability in ap-save.php in Atarone CMS 1.2.0  ...)
	NOT-FOR-US: Atarone CMS
CVE-2008-4488 (Cross-site scripting (XSS) vulnerability in ap-pages.php in Atarone CM ...)
	NOT-FOR-US: Atarone CMS
CVE-2008-4487 (SQL injection vulnerability in ap-save.php in Atarone CMS 1.2.0 allows ...)
	NOT-FOR-US: Atarone CMS
CVE-2008-4486 (Directory traversal vulnerability in index.php in SAC.php (SACphp), as ...)
	NOT-FOR-US: SACphp
CVE-2008-4485 (Cross-site scripting (XSS) vulnerability in the ICAP patience page in  ...)
	NOT-FOR-US: Blue Coat Security Gateway OS
CVE-2008-4484 (main.php in Crux Gallery 1.32 and earlier allows remote attackers to g ...)
	NOT-FOR-US: Crux Gallery
CVE-2008-4483 (Directory traversal vulnerability in index.php in Crux Gallery 1.32 an ...)
	NOT-FOR-US: Crux Gallery
CVE-2008-4481 (Cross-site scripting (XSS) vulnerability in Redmine 0.7.2 and earlier  ...)
	NOT-FOR-US: Redmine
CVE-2008-4472 (The UpdateEngine class in the LiveUpdate ActiveX control (LiveUpdate16 ...)
	NOT-FOR-US: LiveUpdate ActiveX
CVE-2008-4471 (Directory traversal vulnerability in the CExpressViewerControl class i ...)
	NOT-FOR-US: DWF Viewer ActiveX
CVE-2008-4470 (Stack-based buffer overflow in Numark CUE 5.0 rev2 allows user-assiste ...)
	NOT-FOR-US: Numark
CVE-2008-4469 (SQL injection vulnerability in view_cresume.php in Vastal I-Tech Freel ...)
	NOT-FOR-US: Vastal I-Tech Freelance Zone
CVE-2008-4468 (SQL injection vulnerability in view_news.php in Vastal I-Tech Share Zo ...)
	NOT-FOR-US: Vastal I-Tech Freelance Zone
CVE-2008-4467 (SQL injection vulnerability in show_series_ink.php in Vastal I-Tech To ...)
	NOT-FOR-US: Vastal I-Tech Freelance Zone
CVE-2008-4466 (SQL injection vulnerability in view_products_cat.php in Vastal I-Tech  ...)
	NOT-FOR-US: Vastal I-Tech Freelance Zone
CVE-2008-4465 (SQL injection vulnerability in view_mags.php in Vastal I-Tech DVD Zone ...)
	NOT-FOR-US: Vastal I-Tech Freelance Zone
CVE-2008-4464 (SQL injection vulnerability in view_mags.php in Vastal I-Tech Mag Zone ...)
	NOT-FOR-US: Vastal I-Tech Freelance Zone
CVE-2008-4463 (SQL injection vulnerability in view_news.php in Vastal I-Tech Jobs Zon ...)
	NOT-FOR-US: Vastal I-Tech Freelance Zone
CVE-2008-4462 (SQL injection vulnerability in view_news.php in Vastal I-Tech Visa Zon ...)
	NOT-FOR-US: Vastal I-Tech Freelance Zone
CVE-2008-4461 (SQL injection vulnerability in advanced_search_results.php in Vastal I ...)
	NOT-FOR-US: Vastal I-Tech Freelance Zone
CVE-2008-4460 (SQL injection vulnerability in game.php in Vastal I-Tech MMORPG Zone a ...)
	NOT-FOR-US: Vastal I-Tech Freelance Zone
CVE-2008-4459 (SQL injection vulnerability in pick_users.php in the groups module in  ...)
	NOT-FOR-US: eXtrovert Thyme
CVE-2008-4458 (SQL injection vulnerability in listings.php in E-Php B2B Trading Marke ...)
	NOT-FOR-US: E-Php B2B Trading Marketplace Script
CVE-2008-4457 (SQL injection vulnerability in inc/inc_statistics.php in MemHT Portal  ...)
	NOT-FOR-US: MemHT Portal
CVE-2008-4456 (Cross-site scripting (XSS) vulnerability in the command-line client in ...)
	{DSA-1783-1}
	- mysql-dfsg-5.0 5.0.51-1 (low; bug #526254)
CVE-2008-4455 (Directory traversal vulnerability in index.php in EKINdesigns MySQL Qu ...)
	NOT-FOR-US: EKINdesigns MySQL Quick Admin
CVE-2008-4454 (Directory traversal vulnerability in EKINdesigns MySQL Quick Admin 1.5 ...)
	NOT-FOR-US: EKINdesigns MySQL Quick Admin
CVE-2008-4453 (The GdPicture (1) Light Imaging Toolkit 4.7.1 GdPicture4S.Imaging Acti ...)
	NOT-FOR-US: ActiveX control
CVE-2008-4452 (Buffer overflow in Cambridge Computer Corporation vxFtpSrv 2.0.3 allow ...)
	NOT-FOR-US: Cambridge Computer Corporation vxFtpSrv
CVE-2008-4451 (The SysInspector AntiStealth driver (esiasdrv.sys) 3.0.65535.0 in ESET ...)
	NOT-FOR-US: ESET System Analyzer Tool
CVE-2008-4450 (Cross-site scripting (XSS) vulnerability in adodb.php in XAMPP for Win ...)
	NOT-FOR-US: XAMPP
CVE-2008-4449 (Stack-based buffer overflow in mIRC 6.34 allows remote attackers to ex ...)
	NOT-FOR-US: mIRC
CVE-2008-4448 (Cross-site request forgery (CSRF) vulnerability in actions.php in Posi ...)
	NOT-FOR-US: Positive Software H-Sphere WebShell
CVE-2008-4447 (Cross-site scripting (XSS) vulnerability in actions.php in Positive So ...)
	NOT-FOR-US: Positive Software H-Sphere WebShell
CVE-2008-4446 (Cross-site scripting (XSS) vulnerability in Nucleus EUC-JP 3.31 SP1 an ...)
	NOT-FOR-US: Nucleus EUC-JP
CVE-2008-4445 (The sctp_auth_ep_set_hmacs function in net/sctp/auth.c in the Stream C ...)
	{DSA-1655-1}
	- linux-2.6 2.6.26-5
	- linux-2.6.24 2.6.24-6~etchnhalf.6
	[etch] - linux-2.6 <not-affected> (vulnerable code not present)
CVE-2008-4444 (Cisco Unified IP Phone (aka SIP phone) 7960G and 7940G with firmware P ...)
	NOT-FOR-US: Cisco Unified IP Phone
CVE-2008-4443
	RESERVED
CVE-2008-4442
	RESERVED
CVE-2008-4441 (The Marvell driver for the Linksys WAP4400N Wi-Fi access point with fi ...)
	NOT-FOR-US: Linksys
CVE-2008-4439 (PHP remote file inclusion vulnerability in admin/bin/patch.php in Mart ...)
	NOT-FOR-US: MartinWood Datafeed Studio
CVE-2008-4438 (Cross-site scripting (XSS) vulnerability in search.php in Datafeed Stu ...)
	NOT-FOR-US: Datafeed Studio
CVE-2008-4437 (Directory traversal vulnerability in importxml.pl in Bugzilla before 2 ...)
	{DTSA-170-1}
	- bugzilla 3.0.5.0-1 (low; bug #502019)
	[etch] - bugzilla <no-dsa> (Minor issue)
CVE-2008-4436 (SQL injection vulnerability in bblog_plugins/builtin.help.php in bBlog ...)
	NOT-FOR-US: bBlog
CVE-2008-4435 (Multiple cross-site scripting (XSS) vulnerabilities in the RMSOFT Down ...)
	NOT-FOR-US: RMSOFT Downloads Plus
CVE-2008-4434 (Stack-based buffer overflow in (1) uTorrent 1.7.7 build 8179 and earli ...)
	NOT-FOR-US: uTorrent/Bittorrent
CVE-2008-4433 (SQL injection vulnerability in search.php in the RMSOFT MiniShop modul ...)
	NOT-FOR-US: RMSOFT MiniShop (xoops)
CVE-2008-4432 (Cross-site scripting (XSS) vulnerability in search.php in the RMSOFT M ...)
	NOT-FOR-US: RMSOFT MiniShop (xoops)
CVE-2008-4431 (SQL injection vulnerability in index.php in IceBB 1.0-rc9.3 and earlie ...)
	NOT-FOR-US: IceBB
CVE-2008-4430
	REJECTED
CVE-2008-4429 (Unspecified vulnerability in SOURCENEXT Virus Security ZERO 9.5.0173 a ...)
	NOT-FOR-US: SOURCENEXT Virus Security ZERO
CVE-2008-4428 (Unrestricted file upload vulnerability in upload.php in Phlatline's Pe ...)
	NOT-FOR-US: Phlatline's Personal Information Manager
CVE-2008-4427 (changepassword.php in Phlatline's Personal Information Manager (pPIM)  ...)
	NOT-FOR-US: Phlatline's Personal Information Manager
CVE-2008-4426 (Cross-site scripting (XSS) vulnerability in events.php in Phlatline's  ...)
	NOT-FOR-US: Phlatline's Personal Information Manager
CVE-2008-4425 (Directory traversal vulnerability in upload.php in Phlatline's Persona ...)
	NOT-FOR-US: Phlatline's Personal Information Manager
CVE-2008-4424 (Cross-site scripting (XSS) vulnerability in index.php in Domain Group  ...)
	NOT-FOR-US: Domain Group Network GooCMS
CVE-2008-4423 (SQL injection vulnerability in index.php in Ovidentia 6.6.5 allows rem ...)
	NOT-FOR-US: Ovidentia
CVE-2008-4422
	REJECTED
CVE-2008-4421 (Directory traversal vulnerability in MetaGauge 1.0.0.17, and probably  ...)
	NOT-FOR-US: MetaGauge
CVE-2008-4420 (Multiple stack-based buffer overflows in DZIP32.DLL before 5.0.0.8 in  ...)
	NOT-FOR-US: DynaZip Max
CVE-2008-4419 (Directory traversal vulnerability in the HP JetDirect web administrati ...)
	NOT-FOR-US: HP-ChaiSOE
CVE-2008-4418 (Unspecified vulnerability in DCE in HP HP-UX B.11.11, B.11.23, and B.1 ...)
	NOT-FOR-US: HP-UX
CVE-2008-4417
	REJECTED
CVE-2008-4416 (Unspecified vulnerability in the kernel in HP HP-UX B.11.31 allows loc ...)
	NOT-FOR-US: HP-UX
CVE-2008-4415 (Unspecified vulnerability in HP Service Manager (HPSM) before 7.01.71  ...)
	NOT-FOR-US: HP Service Manager (HPSM)
CVE-2008-4414 (Unspecified vulnerability in the AdvFS showfile command in HP Tru64 UN ...)
	NOT-FOR-US: HP Tru64 UNIX
CVE-2008-4413 (Unspecified vulnerability in HP System Management Homepage (SMH) 2.2.6 ...)
	NOT-FOR-US: HP System Management Homepage
CVE-2008-4412 (Unspecified vulnerability in HP Systems Insight Manager (SIM) before 5 ...)
	NOT-FOR-US: HP Systems Insight Manager
CVE-2008-4411 (Cross-site scripting (XSS) vulnerability in HP System Management Homep ...)
	NOT-FOR-US: HP System Management Homepage
CVE-2008-4410 (The vmi_write_ldt_entry function in arch/x86/kernel/vmi_32.c in the Vi ...)
	- linux-2.6 2.6.26-8
	- linux-2.6.24 <not-affected> (Vulnerable code not present)
	[etch] - linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2008-4409 (libxml2 2.7.0 and 2.7.1 does not properly handle "predefined entities  ...)
	- libxml2 <not-affected>
	[lenny] - libxml2 <not-affected> (Vulnerable code not present)
	[etch] - libxml2 <not-affected> (Vulnerable code not present)
	NOTE: The bug affects only to 2.7.0 and 2.7.1
CVE-2008-4406 (A certain Debian patch to the run scripts for sabre (aka xsabre) 0.2.4 ...)
	- sabre 0.2.4b-25 (low; bug #433996)
	[etch] - sabre <no-dsa> (Game not qualified as multi-user system, thus minor issue)
CVE-2008-4405 (xend in Xen 3.0.3 does not properly limit the contents of the /local/d ...)
	- xen-3 3.4.0-1 (bug #503811)
	- xen-unstable <removed>
	NOTE: a proposed patch leads to new problems, see CVE-2008-5716
CVE-2008-4404 (The IPv6 Neighbor Discovery Protocol (NDP) implementation on IBM zSeri ...)
	NOT-FOR-US: IPv6 NDP on IBM zSeries
CVE-2008-4403 (The CGI modules in the server in Trend Micro OfficeScan 8.0 SP1 before ...)
	NOT-FOR-US: Trend Micro OfficeScan
CVE-2008-4402 (Multiple buffer overflows in CGI modules in the server in Trend Micro  ...)
	NOT-FOR-US: Trend Micro OfficeScan
CVE-2008-4408 (Cross-site scripting (XSS) vulnerability in MediaWiki 1.13.1, 1.12.0,  ...)
	{DTSA-171-1}
	- mediawiki 1:1.13.2-1 (low; bug #501115)
	[etch] - mediawiki <not-affected> (Vulnerable code not present)
CVE-2008-4475 (ibackup 2.27 allows local users to overwrite arbitrary files via a sym ...)
	- ibackup <removed> (low; bug #496432)
	[etch] - ibackup <no-dsa> (Minor issues)
CVE-2008-4401 (ActionScript in Adobe Flash Player 9.0.124.0 and earlier does not requ ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2008-4400 (Unspecified vulnerability in asdbapi.dll in CA ARCserve Backup (former ...)
	NOT-FOR-US: CA ARCserve Backup
CVE-2008-4399 (Unspecified vulnerability in the database engine service in asdbapi.dl ...)
	NOT-FOR-US: CA ARCserve Backup
CVE-2008-4398 (Unspecified vulnerability in the tape engine service in asdbapi.dll in ...)
	NOT-FOR-US: CA ARCserve Backup
CVE-2008-4397 (Directory traversal vulnerability in the RPC interface (asdbapi.dll) i ...)
	NOT-FOR-US: CA ARCserve Backup
CVE-2008-4396 (Stack-based buffer overflow in Safer Networking FileAlyzer 1.6.0.0 and ...)
	NOT-FOR-US: Safer Networking FileAlyzer
CVE-2008-4969 (ltp-network-test 20060918 allows local users to overwrite arbitrary fi ...)
	- ltp 20060918-3 (low; bug #496411)
	[etch] - ltp <no-dsa> (Documented to be only suitable for single user setups currently)
CVE-2008-4954 (mead.pl in fml 4.0.3 allows local users to overwrite arbitrary files v ...)
	- fml <removed> (low; bug #496370)
	[etch] - fml <no-dsa> (Minor issue)
CVE-2008-4957 (find_flags in Kitware GCC-XML (gccxml) 0.9.0 allows local users to ove ...)
	- gccxml 0.9.0+cvs20100501-1 (unimportant; bug #496391)
	NOTE: Only applies to a script used for an obscure SGI compiler
CVE-2008-4943 (bulmages-servers 0.11.1 allows local users to overwrite arbitrary file ...)
	- bulmages <removed> (unimportant; bug #496382)
	NOTE: Only present in example scripts
CVE-2008-5034
	- printfilters-ppd <unfixed> (unimportant; bug #496417)
	NOTE: Only exploitable when modifying master-filter by hand
CVE-2008-4955 (freevo.real in freevo 1.8.1 allows local users to overwrite arbitrary  ...)
	- freevo <unfixed> (unimportant; bug #496373)
	NOTE: Only exploitable when modifying script by hand
CVE-2008-4974 (rrdedit in netmrg 0.20 allows local users to overwrite arbitrary files ...)
	- netmrg 0.20-2 (low; bug #496384)
	[etch] - netmrg <no-dsa> (Minor issue)
CVE-2008-4960 (impose in impose+ 0.2 allows local users to overwrite arbitrary files  ...)
	- impose+ 0.2-11.1 (low; bug #496435)
	[etch] - impose+ <no-dsa> (Minor issue)
CVE-2008-4964 (filters/any-UTF8 in konwert 1.8 allows local users to delete arbitrary ...)
	- konwert 1.8-11.2 (low; bug #496379)
	[etch] - konwert <no-dsa> (Minor issue)
CVE-2008-4986 (wims 3.62 allows local users to overwrite arbitrary files via a symlin ...)
	- wims 3.62-13.1 (low; bug #496387)
	[etch] - wims <no-dsa> (Minor issue)
CVE-2008-4474 (freeradius-dialupadmin in freeradius 2.0.4 allows local users to overw ...)
	- freeradius 2.0.4+dfsg-6 (low; bug #496389)
	[etch] - freeradius <no-dsa> (Minor issue)
CVE-2008-4995 (redirect.pl in bk2site 1.1.9 allows local users to overwrite arbitrary ...)
	- bk2site <removed> (unimportant; bug #496430)
	NOTE: Only debug code, script needs to be edited to exploit this
CVE-2008-4983 (scilab-bin 4.1.2 allows local users to overwrite arbitrary files via a ...)
	- scilab 4.1.2-6 (low; bug #496414)
	[etch] - scilab <no-dsa> (Non-free not supported)
CVE-2008-4395 (Multiple buffer overflows in the ndiswrapper module 1.53 for the Linux ...)
	{DSA-1731-1}
	- ndiswrapper 1.53-2 (medium; bug #504696)
CVE-2008-4394 (Multiple untrusted search path vulnerabilities in Portage before 2.1.4 ...)
	NOT-FOR-US: Gentoo package manager Portage
CVE-2008-4393 (Cross-site scripting (XSS) vulnerability in VeriSign Kontiki Delivery  ...)
	NOT-FOR-US: VeriSign Kontiki
CVE-2008-4392 (dnscache in Daniel J. Bernstein djbdns 1.05 does not prevent simultane ...)
	- djbdns 1:1.05-10 (high; bug #516394)
CVE-2008-4391 (Stack-based buffer overflow in the SetSource method in the NetCamPlaye ...)
	NOT-FOR-US: Cisco Linksys WVC54GC
CVE-2008-4390 (The Cisco Linksys WVC54GC wireless video camera before firmware 1.25 s ...)
	NOT-FOR-US: Cisco Linksys WVC54GC
CVE-2008-4389 (Symantec AppStream 5.2.x and Symantec Workspace Streaming (SWS) 6.1.x  ...)
	NOT-FOR-US: Symantec AppStream
CVE-2008-4388 (The LaunchObj ActiveX control before 5.2.2.865 in launcher.dll in Syma ...)
	NOT-FOR-US: LaunchObj ActiveX
CVE-2008-4387 (Unspecified vulnerability in the Simba MDrmSap ActiveX control in mdrm ...)
	NOT-FOR-US: ActiveX
CVE-2008-4386
	RESERVED
CVE-2008-4385 (Husdawg, LLC Systems Requirements Lab 3, as used by Instant Expert Ana ...)
	NOT-FOR-US: LLC Systems Requirements Lab
CVE-2008-4384 (Multiple stack-based buffer overflows in MGI Software LPViewer ActiveX ...)
	NOT-FOR-US: LPViewer ActiveX
CVE-2008-4383 (Stack-based buffer overflow in the Agranet-Emweb embedded management w ...)
	NOT-FOR-US: Agranet-Emweb
CVE-2008-4382 (Konqueror in KDE 3.5.9 allows remote attackers to cause a denial of se ...)
	- kdebase <unfixed> (unimportant)
	NOTE: browser dos not treated as security issue. This is the same like CVE-2008-4381
	NOTE: which will work in every JS browser as the PoC just creates a large string passing
	NOTE: it to alert and thus eating memory, no security issue.
CVE-2008-4381 (Microsoft Internet Explorer 7 allows remote attackers to cause a denia ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-4380 (The web interface in Samsung DVR SHR2040 allows remote attackers to ca ...)
	NOT-FOR-US: Samsung DVR SHR2040
CVE-2008-4379 (Cross-site scripting (XSS) vulnerability in report.php in Mr. CGI Guy  ...)
	NOT-FOR-US: Mr. CGI Guy Hot Links SQL-PHP
CVE-2008-4378 (SQL injection vulnerability in report.php in Mr. CGI Guy Hot Links SQL ...)
	NOT-FOR-US: Mr. CGI Guy Hot Links SQL-PHP
CVE-2008-4377 (SQL injection vulnerability in index.asp in Creative Mind Creator CMS  ...)
	NOT-FOR-US: Creative Mind Creator CMS
CVE-2008-4376 (SQL injection vulnerability in index.php in Live TV Script allows remo ...)
	NOT-FOR-US: Live TV Script
CVE-2008-4375 (SQL injection vulnerability in viewprofile.php in Availscript Classmat ...)
	NOT-FOR-US: Availscript
CVE-2008-4374 (SQL injection vulnerability in index.php in CMS Buzz allows remote att ...)
	NOT-FOR-US: CMS Buzz
CVE-2008-4373 (SQL injection vulnerability in job_seeker/applynow.php in AvailScript  ...)
	NOT-FOR-US: Availscript
CVE-2008-4372 (Cross-site scripting (XSS) vulnerability in articles.php in AvailScrip ...)
	NOT-FOR-US: Availscript
CVE-2008-4371 (SQL injection vulnerability in articles.php in AvailScript Article Scr ...)
	NOT-FOR-US: Availscript
CVE-2008-4370 (Multiple cross-site scripting (XSS) vulnerabilities in Availscript Pho ...)
	NOT-FOR-US: Availscript
CVE-2008-4369 (SQL injection vulnerability in pics.php in Availscript Photo Album all ...)
	NOT-FOR-US: Availscript
CVE-2008-4368 (The default configuration of Java 1.5 on Apple Mac OS X 10.5.4 and 10. ...)
	NOT-FOR-US: Java on OSX
CVE-2008-4367
	RESERVED
CVE-2008-4965 (liguidsoap.py in liguidsoap 0.3.8.1+2 allows local users to overwrite  ...)
	{DTSA-177-1 DTSA-178-1}
	- liquidsoap 0.3.8.1+2-2 (low; bug #496360)
	[lenny] - liquidsoap 0.3.6-4+lenny1
CVE-2008-4966 (linux-patch-openswan 2.4.12 allows local users to overwrite arbitrary  ...)
	- openswan 1:2.6.21+dfsg-2 (unimportant; bug #496376)
	NOTE: Only unused packaging bits
CVE-2008-4941 (arb-common 0.0.20071207.1 allows local users to overwrite arbitrary fi ...)
	- arb 0.0.20071207.1-5 (low; bug #496396)
CVE-2008-4940 (xmlfile.py in aptoncd 0.1 allows local users to overwrite arbitrary fi ...)
	- aptoncd 0.1-1.2 (bug #496390; low)
CVE-2008-4947 (dhis-dummy-log-engine in dhis-server 5.3 allows local users to overwri ...)
	- dhis-server 5.3-1.2 (bug #496388; unimportant)
CVE-2008-4967 (linuxtrade 3.65 allows local users to overwrite arbitrary files via a  ...)
	- linuxtrade <removed> (unimportant; bug #496372)
	NOTE: unimportant since the program is dysfunctional with the current
	NOTE: trading website and thus not exploitable for practical purposes
CVE-2008-4980 (delqueueask in rccp 0.9 allows local users to overwrite arbitrary file ...)
	- rccp 0.9-2.1 (low; bug #496364)
	[etch] - rccp <no-dsa> (Minor issue)
CVE-2008-4948 (fest.pl in digitaldj 0.7.5 allows local users to overwrite arbitrary f ...)
	- digitaldj 0.7.5-6.1 (low; bug #496399)
	[etch] - digitaldj <no-dsa> (Minor issue)
CVE-2008-4945 (amlabel-cdrw in cdrw-taper 0.4 might allow local users to overwrite ar ...)
	- cdrw-taper 0.4-2.1 (low; bug #496380)
	[etch] - cdrw-taper <no-dsa> (Minor issue)
CVE-2008-4958 (gdrae in gdrae 0.1 allows local users to overwrite arbitrary files via ...)
	- gdrae 0.1-1.1 (low; bug #496378)
	[etch] - gdrae <no-dsa> (Minor issue)
CVE-2008-4407 (XRunSabre in sabre (aka xsabre) 0.2.4b relies on the ability to create ...)
	- sabre 0.2.4b-25 (low; bug #433996)
	[etch] - sabre <no-dsa> (Game not qualified as multi-user system, thus minor issue)
CVE-2008-4366 (Unrestricted file upload vulnerability in the image upload component i ...)
	NOT-FOR-US: Camera Life
CVE-2008-4365 (Cross-site scripting (XSS) vulnerability in search.php in Siteman 1.1. ...)
	NOT-FOR-US: Siteman
CVE-2008-4364 (SQL injection vulnerability in default.aspx in ParsaGostar ParsaWeb CM ...)
	NOT-FOR-US: ParsaGostar ParsaWeb CMS
CVE-2008-4363 (DLMFENC.sys 1.0.0.28 in DESlock+ 3.2.7 allows local users to cause a d ...)
	NOT-FOR-US: DESlock
CVE-2008-4362 (The Virtual Token driver (vdlptokn.sys) 1.0.2.43 in DESlock+ 3.2.7 all ...)
	NOT-FOR-US: DESlock
CVE-2008-4361 (Directory traversal vulnerability in PowerPortal 2.0.13 allows remote  ...)
	NOT-FOR-US: PowerPortal
CVE-2008-4360 (mod_userdir in lighttpd before 1.4.20, when a case-insensitive operati ...)
	{DSA-1645-1}
	- lighttpd 1.4.19-5 (low)
	NOTE: http://www.lighttpd.net/security/lighttpd_sa_2008_06.txt
CVE-2008-4359 (lighttpd before 1.4.20 compares URIs to patterns in the (1) url.redire ...)
	{DSA-1645-1}
	- lighttpd 1.4.19-5 (low)
	NOTE: http://www.lighttpd.net/security/lighttpd_sa_2008_05.txt
CVE-2008-4358 (Unspecified vulnerability in class/theme.class.php in SPAW Editor PHP  ...)
	NOT-FOR-US: SPAW Editor PHP
CVE-2008-4357 (SQL injection vulnerability in linkto.php in Powie pLink 2.07 allows r ...)
	NOT-FOR-US: Powie pLink
CVE-2008-4356 (Multiple SQL injection vulnerabilities in Kasseler CMS 1.1.0 and 1.2.0 ...)
	NOT-FOR-US: Kasseler CMS
CVE-2008-4355 (SQL injection vulnerability in showprofil.php in Powie PSCRIPT Forum ( ...)
	NOT-FOR-US: Powie PSCRIPT Forum
CVE-2008-4354 (SQL injection vulnerability in the products module in NetArt Media iBo ...)
	NOT-FOR-US: NetArt Media iBoutique
CVE-2008-4353 (SQL injection vulnerability in link.php in Linkarity allows remote att ...)
	NOT-FOR-US: Linkarity
CVE-2008-4352 (SQL injection vulnerability in inc/pages/viewprofile.php in phpSmartCo ...)
	NOT-FOR-US: phpSmartCom
CVE-2008-4351 (Directory traversal vulnerability in index.php in phpSmartCom 0.2 allo ...)
	NOT-FOR-US: phpSmartCom
CVE-2008-4350 (SQL injection vulnerability in main.php in vbLOGIX Tutorial Script 1.0 ...)
	NOT-FOR-US: vbLOGIX Tutorial Script
CVE-2008-4349 (Multiple cross-site scripting (XSS) vulnerabilities in news.php in s0n ...)
	NOT-FOR-US: s0nic Paranews
CVE-2008-4348 (SQL injection vulnerability in photo.php in PHPortfolio, possibly 1.3, ...)
	NOT-FOR-US: PHPortfolio
CVE-2008-4347 (SQL injection vulnerability in newskom.php in Powie pNews 2.03 allows  ...)
	NOT-FOR-US: Powie pNews
CVE-2008-4346 (Directory traversal vulnerability in TalkBack 2.3.6 and 2.3.6.4 allows ...)
	NOT-FOR-US: TalkBack
CVE-2008-4345 (SQL injection vulnerability in download.php in WebPortal CMS 0.7.4 and ...)
	NOT-FOR-US: WebPortal CMS
CVE-2008-4344 (SQL injection vulnerability in cat.php in 6rbScript allows remote atta ...)
	NOT-FOR-US: 6rbScript
CVE-2008-4343 (The Chilkat XML ChilkatUtil.CkData.1 ActiveX control (ChilkatUtil.dll) ...)
	NOT-FOR-US: Chilkat XML ChilkatUtil.CkData.1 ActiveX control
CVE-2008-4342 (NuMedia Soft NMS DVD Burning SDK Activex NMSDVDX.DVDEngineX.1 ActiveX  ...)
	NOT-FOR-US: ActiveX
CVE-2008-4341 (add.php in MyBlog 0.9.8 and earlier allows remote attackers to bypass  ...)
	NOT-FOR-US: MyBlog
CVE-2008-4340 (Google Chrome 0.2.149.29 and 0.2.149.30 allows remote attackers to cau ...)
	- chromium-browser <not-affected> (only 0.x is affected)
	- webkit <not-affected> (poc not effective)
CVE-2008-4339 (Unspecified vulnerability in the Java Administration GUI (jnbSA) in Sy ...)
	NOT-FOR-US: Symantec Veritas NetBackup Server
CVE-2008-4338 (SQL injection vulnerability in the brilliant_gallery_checklist_save fu ...)
	NOT-FOR-US: drupal brilliant gallery 3rd party module
CVE-2008-4337 (Cross-site scripting (XSS) vulnerability in Bitweaver 2.0.2 allows rem ...)
	NOT-FOR-US: Bitweaver
CVE-2008-4336 (Cross-site scripting (XSS) vulnerability in album.php in Atomic Photo  ...)
	NOT-FOR-US: Atomic Photo Album
CVE-2008-4335 (SQL injection vulnerability in album.php in Atomic Photo Album (APA) 1 ...)
	NOT-FOR-US: Atomic Photo Album
CVE-2008-4334 (PHP infoBoard V.7 Plus allows remote attackers to bypass authenticatio ...)
	NOT-FOR-US: PHP infoBoard
CVE-2008-4333 (Cross-site scripting (XSS) vulnerability in PHP infoBoard V.7 Plus all ...)
	NOT-FOR-US: PHP infoBoard
CVE-2008-4332 (SQL injection vulnerability in the showjavatopic function in func.php  ...)
	NOT-FOR-US: PHP infoBoard
CVE-2008-4331 (Directory traversal vulnerability in library/pagefunctions.inc.php in  ...)
	NOT-FOR-US: phpOCS
CVE-2008-4330 (Directory traversal vulnerability in index.php in LanSuite 3.3.2 allow ...)
	NOT-FOR-US: LanSuite
CVE-2008-4329 (PHP remote file inclusion vulnerability in cms/system/openengine.php i ...)
	NOT-FOR-US: openEngine
CVE-2008-4328 (SQL injection vulnerability in site_search.php in EasyRealtorPRO 2008  ...)
	NOT-FOR-US: EasyRealtorPRO
CVE-2008-4327 (gdiplus.dll in GDI+ in Microsoft Windows XP SP3 does not properly hand ...)
	NOT-FOR-US: Microsoft
CVE-2008-4326 (The PMA_escapeJsString function in libraries/js_escape.lib.php in phpM ...)
	{DSA-1675-1}
	- phpmyadmin 4:2.11.8.1-3
	NOTE: https://www.phpmyadmin.net/security/PMASA-2008-8/
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/44f9f2f8b7475c2d48c529d9bfd0ff473cd328b1 (2.11 branch)
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/0d219abdcd55c11f7f629a58a2279f0839bd2acc
CVE-2008-4325 (lib/viewvc.py in ViewVC 1.0.5 uses the content-type parameter in the H ...)
	- viewvc 1.0.9-1 (bug #500779; unimportant)
CVE-2008-4324 (The user interface event dispatcher in Mozilla Firefox 3.0.3 on Window ...)
	- iceweasel <removed> (unimportant)
	NOTE: reproducible but browser DoS not treated as security issue
CVE-2008-4323 (Windows Explorer in Microsoft Windows XP SP3 allows user-assisted atta ...)
	NOT-FOR-US: Windows Explorer
CVE-2008-4322 (Stack-based buffer overflow in RealFlex Technologies Ltd. RealWin Serv ...)
	NOT-FOR-US: Microsoft
CVE-2008-4321 (Buffer overflow in FlashGet (formerly JetCar) FTP 1.9 allows remote FT ...)
	NOT-FOR-US: FlashGet FTP
CVE-2008-4320 (Multiple cross-site scripting (XSS) vulnerabilities in OpenNMS before  ...)
	- opennms <itp> (bug #450615)
CVE-2008-4319 (fileadmin.php in Libra File Manager (aka Libra PHP File Manager) 1.18  ...)
	NOT-FOR-US: Libra File Manager
CVE-2008-4318 (Observer 0.3.2.1 and earlier allows remote attackers to execute arbitr ...)
	NOT-FOR-US: Observer
CVE-2008-4317
	REJECTED
CVE-2008-4316 (Multiple integer overflows in glib/gbase64.c in GLib before 2.20 allow ...)
	{DSA-1747-1}
	- glib2.0 2.20.0-1 (medium; bug #520046)
CVE-2008-4315 (tog-pegasus in OpenGroup Pegasus 2.7.0 on Red Hat Enterprise Linux (RH ...)
	NOT-FOR-US: OpenPegasus
CVE-2008-4314 (smbd in Samba 3.0.29 through 3.2.4 might allow remote attackers to rea ...)
	- samba 2:3.2.5-1
	[etch] - samba <not-affected> (Vulnerable code not present)
CVE-2008-4313 (A certain Red Hat patch for tog-pegasus in OpenGroup Pegasus 2.7.0 doe ...)
	NOT-FOR-US: OpenPegasus
CVE-2008-4312
	REJECTED
CVE-2008-4311 (The default configuration of system.conf in D-Bus (aka DBus) before 1. ...)
	- dbus 1.2.1-5 (low; bug #508032)
	[etch] - dbus <no-dsa> (Backport for Etch too risky for regressions for too little gain)
CVE-2008-4310 (httputils.rb in WEBrick in Ruby 1.8.1 and 1.8.5, as used in Red Hat En ...)
	- ruby <not-affected> (bug #508030)
	NOTE: Red Hat-specific
CVE-2008-4309 (Integer overflow in the netsnmp_create_subtree_cache function in agent ...)
	{DSA-1663-1}
	- net-snmp 5.4.1~dfsg-11 (bug #504150)
CVE-2008-4308 (The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 th ...)
	- tomcat5.5 5.5.23-1 (low)
CVE-2008-4307 (Race condition in the do_setlk function in fs/nfs/file.c in the Linux  ...)
	{DSA-1794-1 DSA-1787-1}
	- linux-2.6 2.6.26-1
	- linux-2.6.24 <removed>
CVE-2008-4306 (Buffer overflow in enscript before 1.6.4 has unknown impact and attack ...)
	{DSA-1670-1}
	- enscript 1.6.4-13 (bug #506261)
CVE-2008-4305 (Static code injection vulnerability in installation/setup.php in phpCo ...)
	NOT-FOR-US: phpCollab
CVE-2008-4304 (general/login.php in phpCollab 2.5 rc3 and earlier allows remote attac ...)
	NOT-FOR-US: phpCollab
CVE-2008-4303 (Multiple SQL injection vulnerabilities in phpCollab 2.5 rc3, 2.4, and  ...)
	NOT-FOR-US: phpCollab
CVE-2008-4302 (fs/splice.c in the splice subsystem in the Linux kernel before 2.6.22. ...)
	{DSA-1653-1}
	- linux-2.6 2.6.22-4 (low)
	- linux-2.6.24 <not-affected> (Vulnerable code not present)
CVE-2008-4301
	NOT-FOR-US: Microsoft
CVE-2008-4300 (A certain ActiveX control in adsiis.dll in Microsoft Internet Informat ...)
	NOT-FOR-US: Microsoft
CVE-2008-4299 (A certain ActiveX control in the Microsoft Internet Authentication Ser ...)
	NOT-FOR-US: Microsoft
CVE-2008-4297 (Mercurial before 1.0.2 does not enforce the allowpull permission setti ...)
	- mercurial 1.0.1-5.1 (low; bug #500781)
	NOTE: the package doesnt install this script by default but ships it with the examples
	[etch] - mercurial <no-dsa> (Only shipped in examples)
CVE-2008-4296 (The Cisco Linksys WRT350N with firmware 1.0.3.7 has "admin" as its def ...)
	NOT-FOR-US: Cisco Linksys WRT350N
CVE-2008-4295 (Microsoft Windows Mobile 6.0 on HTC Wiza 200 and HTC MDA 8125 devices  ...)
	NOT-FOR-US: Microsoft
CVE-2008-4294 (IBM Tivoli Netcool/Webtop 2.1 before 2.1.0.5 preserves cached user pri ...)
	NOT-FOR-US: IBM Tivoli Netcool/Webtop
CVE-2008-4293 (Unspecified vulnerability in Opera before 9.52 on Windows, when regist ...)
	NOT-FOR-US: Opera
CVE-2008-4292 (Opera before 9.52 does not check the CRL override upon encountering a  ...)
	NOT-FOR-US: Opera
CVE-2008-4291
	RESERVED
CVE-2008-4290
	RESERVED
CVE-2008-4289
	RESERVED
CVE-2008-4288
	RESERVED
CVE-2008-4287
	RESERVED
CVE-2008-4286
	RESERVED
CVE-2008-4285 (Unspecified vulnerability in the Performance Monitoring Infrastructure ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2008-4284 (Open redirect vulnerability in the ibm_security_logout servlet in IBM  ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2008-4283 (CRLF injection vulnerability in the WebContainer component in IBM WebS ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2008-4282
	RESERVED
CVE-2008-4281 (Directory traversal vulnerability in VMWare ESXi 3.5 before ESXe350-20 ...)
	NOT-FOR-US: VMware ESXi
CVE-2008-4280
	RESERVED
CVE-2008-4279 (The CPU hardware emulation for 64-bit guest operating systems in VMwar ...)
	NOT-FOR-US: VMware Workstation
CVE-2008-4278 (VMware VirtualCenter 2.5 before Update 3 build 119838 on Windows displ ...)
	NOT-FOR-US: VMware VirtualCenter
CVE-2008-4277
	REJECTED
CVE-2008-4276
	REJECTED
CVE-2008-4275
	REJECTED
CVE-2008-4274
	REJECTED
CVE-2008-4273
	REJECTED
CVE-2008-4272
	REJECTED
CVE-2008-4271
	REJECTED
CVE-2008-4270
	REJECTED
CVE-2008-4269 (The search-ms protocol handler in Windows Explorer in Microsoft Window ...)
	NOT-FOR-US: Microsoft Windows Explorer
CVE-2008-4268 (The Windows Search component in Microsoft Windows Vista Gold and SP1 a ...)
	NOT-FOR-US: Microsoft Office Excel
CVE-2008-4267
	REJECTED
CVE-2008-4266 (Array index vulnerability in Microsoft Office Excel 2000 SP3, 2002 SP3 ...)
	NOT-FOR-US: Microsoft Office Excel
CVE-2008-4265 (Microsoft Office Excel 2000 SP3 allows remote attackers to execute arb ...)
	NOT-FOR-US: Microsoft Office Excel
CVE-2008-4264 (Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and ...)
	NOT-FOR-US: Microsoft Office Excel
CVE-2008-4263
	REJECTED
CVE-2008-4262
	REJECTED
CVE-2008-4261 (Stack-based buffer overflow in Microsoft Internet Explorer 5.01 SP4, 6 ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-4260 (Microsoft Internet Explorer 7 sometimes attempts to access a deleted o ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-4259 (Microsoft Internet Explorer 7 sometimes attempts to access uninitializ ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-4258 (Microsoft Internet Explorer 5.01 SP4 and 6 SP1 does not properly valid ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-4257
	REJECTED
CVE-2008-4256 (The Charts ActiveX control in Microsoft Visual Basic 6.0, Visual Studi ...)
	NOT-FOR-US: Microsoft Visual Basic
CVE-2008-4255 (Heap-based buffer overflow in mscomct2.ocx (aka Windows Common ActiveX ...)
	NOT-FOR-US: Microsoft Visual Basic
CVE-2008-4254 (Multiple integer overflows in the Hierarchical FlexGrid ActiveX contro ...)
	NOT-FOR-US: Microsoft Visual Basic
CVE-2008-4253 (The FlexGrid ActiveX control in Microsoft Visual Basic 6.0, Visual Fox ...)
	NOT-FOR-US: Microsoft Visual Basic
CVE-2008-4252 (The DataGrid ActiveX control in Microsoft Visual Basic 6.0 and Visual  ...)
	NOT-FOR-US: Microsoft Visual Basic
CVE-2008-4251
	REJECTED
CVE-2008-4250 (The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Serv ...)
	NOT-FOR-US: Microsoft Windows
CVE-2008-4249
	REJECTED
CVE-2008-4248
	REJECTED
CVE-2008-4246 (Unspecified vulnerability in Denora IRC Stats Server before 1.4.1 allo ...)
	NOT-FOR-US: Denora IRC Stats Server
CVE-2008-4245 (The Admin Control Panel in Rianxosencabos CMS 0.9 does not require adm ...)
	NOT-FOR-US: Rianxosencabos CMS
CVE-2008-4244 (Rianxosencabos CMS 0.9 allows remote attackers to bypass authenticatio ...)
	NOT-FOR-US: Rianxosencabos CMS
CVE-2008-4243 (Directory traversal vulnerability in ImageServer (aka UTImageServer) i ...)
	NOT-FOR-US: Epic Games Unreal Tournament
CVE-2008-4242 (ProFTPD 1.3.1 interprets long commands from an FTP client as multiple  ...)
	{DSA-1689-1}
	- proftpd-dfsg 1.3.1-15 (low; bug #502674)
CVE-2008-4241 (SQL injection vulnerability in CJ Ultra Plus 1.0.4 and earlier allows  ...)
	NOT-FOR-US: CJ Ultra Plus
CVE-2008-4240
	RESERVED
CVE-2008-4239
	RESERVED
CVE-2008-4238
	RESERVED
CVE-2008-4237 (Managed Client in Apple Mac OS X before 10.5.6 sometimes misidentifies ...)
	NOT-FOR-US: Managed Client Mac OS X
CVE-2008-4236 (Apple Type Services (ATS) in Apple Mac OS X 10.5 before 10.5.6 allows  ...)
	NOT-FOR-US: Apple Type Services
CVE-2008-4235
	RESERVED
CVE-2008-4234 (Incomplete blacklist vulnerability in the Quarantine feature in CoreTy ...)
	NOT-FOR-US: CoreTypes Apple Mac OS X
CVE-2008-4233 (Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch ...)
	NOT-FOR-US: Apple
CVE-2008-4232 (Safari in Apple iPhone OS 2.0 through 2.1 and iPhone OS for iPod touch ...)
	NOT-FOR-US: Safari
CVE-2008-4231 (Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch ...)
	NOT-FOR-US: Apple
CVE-2008-4230 (The Passcode Lock feature in Apple iPhone OS 1.0 through 2.1 and iPhon ...)
	NOT-FOR-US: Apple
CVE-2008-4229 (Race condition in the Passcode Lock feature in Apple iPhone OS 2.0 thr ...)
	NOT-FOR-US: Apple
CVE-2008-4228 (The Passcode Lock feature in Apple iPhone OS 1.0 through 2.1 and iPhon ...)
	NOT-FOR-US: Apple
CVE-2008-4227 (Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 throu ...)
	NOT-FOR-US: Apple
CVE-2008-4226 (Integer overflow in the xmlSAX2Characters function in libxml2 2.7.2 al ...)
	{DSA-1666-1}
	- libxml2 2.6.32.dfsg-5
	- chromium-browser 5.0.375.29~r46008-1
CVE-2008-4225 (Integer overflow in the xmlBufferResize function in libxml2 2.7.2 allo ...)
	{DSA-1666-1}
	- libxml2 2.6.32.dfsg-5
	- chromium-browser 5.0.375.29~r46008-1
CVE-2008-4224 (UDF in Apple Mac OS X before 10.5.6 allows user-assisted attackers to  ...)
	NOT-FOR-US: UDF Mac OS X
CVE-2008-4223 (Podcast Producer in Apple Mac OS X 10.5 before 10.5.6 allows remote at ...)
	NOT-FOR-US: Podcast Producer Mac OS X
CVE-2008-4222 (natd in network_cmds in Apple Mac OS X before 10.5.6, when Internet Sh ...)
	NOT-FOR-US: natd Mac OS X
CVE-2008-4221 (The strptime API in Libsystem in Apple Mac OS X before 10.5.6 allows c ...)
	NOT-FOR-US: Libsystem Mac OS X
CVE-2008-4220 (Integer overflow in the inet_net_pton API in Libsystem in Apple Mac OS ...)
	NOT-FOR-US: Libsystem Mac OS X
CVE-2008-4219 (The kernel in Apple Mac OS X before 10.5.6 allows local users to cause ...)
	NOT-FOR-US: kernel Mac OS X
CVE-2008-4218 (Multiple integer overflows in the kernel in Apple Mac OS X before 10.5 ...)
	NOT-FOR-US: kernel Mac OS X
CVE-2008-4217 (Integer signedness error in BOM in Apple Mac OS X before 10.5.6 allows ...)
	NOT-FOR-US: BOM Apple Mac OS X
CVE-2008-4216 (The plug-in interface in WebKit in Apple Safari before 3.2 does not pr ...)
	NOT-FOR-US: Safari
CVE-2008-4215 (Weblog in Mac OS X Server 10.4.11 does not properly check an error con ...)
	NOT-FOR-US: Weblog Mac OS X
CVE-2008-4214 (Unspecified vulnerability in Script Editor in Mac OS X 10.4.11 and 10. ...)
	NOT-FOR-US: Script Editor in Mac OS X
CVE-2008-4213
	RESERVED
CVE-2008-4212 (Unspecified vulnerability in rlogind in the rlogin component in Mac OS ...)
	NOT-FOR-US: MacOS-only issue
CVE-2008-4211 (Integer signedness error in (1) QuickLook in Apple Mac OS X 10.5.5 and ...)
	NOT-FOR-US: QuickLook Mac OS X
CVE-2008-4210 (fs/open.c in the Linux kernel before 2.6.22 does not properly strip se ...)
	{DSA-1653-1}
	- linux-2.6 2.6.22-1
	- linux-2.6.24 <not-affected> (Vulnerable code not prsent)
	NOTE: easily exploitable but of limited use as the attacker already needs access to a
	NOTE: directory that is setgid to the group he wants to get privileges for
CVE-2008-4209
	RESERVED
CVE-2008-4208 (Unspecified vulnerability in OSADS Alliance Database before 2.1 has un ...)
	NOT-FOR-US: OSADS Alliance Database
CVE-2008-4207 (Attachmax Dolphin 2.1.0 and earlier does not properly protect info.php ...)
	NOT-FOR-US: Attachmax Dolphin
CVE-2008-4206 (PHP remote file inclusion vulnerability in config.php in Attachmax Dol ...)
	NOT-FOR-US: Attachmax Dolphin
CVE-2008-4205 (SQL injection vulnerability in search.php Attachmax Dolphin 2.1.0 and  ...)
	NOT-FOR-US: Attachmax Dolphin
CVE-2008-4204 (SQL injection vulnerability in city.asp in SoftAcid Hotel Reservation  ...)
	NOT-FOR-US: SoftAcid Hotel Reservation System
CVE-2008-4203 (SQL injection vulnerability in cn_users.php in CzarNews 1.20 and earli ...)
	NOT-FOR-US: CzarNews
CVE-2008-4202 (SQL injection vulnerability in index.php in Gonafish LinksCaffePRO 4.5 ...)
	NOT-FOR-US: Gonafish LinksCaffePRO
CVE-2008-4200 (Opera before 9.52 does not ensure that the address field of a news fee ...)
	NOT-FOR-US: Opera
CVE-2008-4199 (Opera before 9.52 does not prevent use of links from web pages to feed ...)
	NOT-FOR-US: Opera
CVE-2008-4198 (Opera before 9.52, when rendering an http page that has loaded an http ...)
	NOT-FOR-US: Opera
CVE-2008-4197 (Opera before 9.52 on Windows, Linux, FreeBSD, and Solaris, when proces ...)
	NOT-FOR-US: Opera
CVE-2008-4196 (Cross-site scripting (XSS) vulnerability in Opera before 9.52 allows r ...)
	NOT-FOR-US: Opera
CVE-2008-4195 (Opera before 9.52 does not properly restrict the ability of a framed w ...)
	NOT-FOR-US: Opera
CVE-2008-4194 (The p_exec_query function in src/dns_query.c in pdnsd before 1.2.7-par ...)
	- pdnsd 1.2.6-par-10 (bug #500910)
CVE-2008-4193 (Stack-based buffer overflow in SecurityGateway.dll in Alt-N Technologi ...)
	NOT-FOR-US: Alt-N Technologies SecurityGateway
CVE-2008-4192 (The pserver_shutdown function in fence_egenera in cman 2.20080629 and  ...)
	- redhat-cluster 2.20081102-1 (bug #496410; low)
	[lenny] - redhat-cluster 2.20080801-4+lenny1
CVE-2008-4191 (extract-table.pl in Emacspeak 26 and 28 allows local users to overwrit ...)
	- emacspeak 28.0-2 (bug #496431; low)
	[lenny] - emacspeak 26.0-3+lenny1
	[etch] - emacspeak <no-dsa> (Minor issue)
CVE-2008-4190 (The IPSEC livetest tool in Openswan 2.4.12 and earlier, and 2.6.x thro ...)
	{DSA-1760-1}
	- openswan 1:2.4.12+dfsg-1.3 (bug #496374; low)
	[etch] - openswan <no-dsa> (Vulnerable code only in example script)
CVE-2008-XXXX [jumpnbump: insecure temp file]
	- jumpnbump 1.50+dfsg1-1 (low; bug #500611)
	[etch] - jumpnbump 1.50-6+etch1
CVE-2008-4959 (geo-code in gpsdrive-scripts 2.10~pre4 allows local users to overwrite ...)
	- gpsdrive 2.10~pre4-6.dfsg-1 (low; bug #496436)
	[etch] - gpsdrive <no-dsa> (Minor issue)
CVE-2008-4949 (dist 3.5 allows local users to overwrite arbitrary files via a symlink ...)
	- dist 1:3.5-17-2 (low; bug #496412)
	[etch] - dist 3.70-31etch1
CVE-2008-4970 (runiozone in lustre 1.6.5 allows local users to overwrite arbitrary fi ...)
	- lustre 1.6.5.1-1 (low; bug #496371)
CVE-2008-4247 (ftpd in OpenBSD 4.3, FreeBSD 7.0, NetBSD 4.0, Solaris, and possibly ot ...)
	- linux-ftpd-ssl 0.17.27+0.3-3 (bug #500518)
	[etch] - linux-ftpd-ssl 0.17.18+0.3-6etch1
	- linux-ftpd 0.17-29 (bug #500278)
	[etch] - linux-ftpd <no-dsa> (Minor issue)
CVE-2008-XXXX [possible script injection via /etc/wordpress/wp-config.php]
	- wordpress 2.8.4-1 (bug #500295; unimportant)
	NOTE: bigger problems, if attacker has access to /etc/wordpress/*
CVE-2008-4298 (Memory leak in the http_request_parse function in request.c in lighttp ...)
	{DSA-1645-1}
	- lighttpd 1.4.19-5 (medium)
	NOTE: http://www.lighttpd.net/security/lighttpd_sa_2008_07.txt
CVE-2008-XXXX [unsafe usage of temp file]
	- chillispot 1.0-10 (low; bug #500181)
	NOTE: the changelog doesn't mention the fix but its included in -10
	[etch] - chillispot <no-dsa> (minor issue)
CVE-2008-XXXX [unsafe usage of temp file]
	- debtorrent 0.1.10 (unimportant; bug #500180)
	NOTE: Only exploitable when upgrading from an ancient version, package also not in Etch
CVE-2008-4189
	REJECTED
CVE-2008-4188 (Unspecified vulnerability in the TYPO3 Secure Directory (kw_secdir) ex ...)
	NOT-FOR-US: kw_secdir extension for TYPO3
CVE-2008-4187 (Directory traversal vulnerability in index.php in ProActive CMS allows ...)
	NOT-FOR-US: ProActive CMS
CVE-2008-4186 (SQL injection vulnerability in index.php in webCMS Portal Edition allo ...)
	NOT-FOR-US: webCMS Portal Edition
CVE-2008-4185 (SQL injection vulnerability in index.php in webCMS Portal Edition allo ...)
	NOT-FOR-US: webCMS Portal Edition
CVE-2008-4184 (Cross-site scripting (XSS) vulnerability in index.php in webCMS Portal ...)
	NOT-FOR-US: webCMS Portal Edition
CVE-2008-4183 (IntegraMOD 1.4.x stores sensitive information under the web root with  ...)
	NOT-FOR-US: IntegraMOD
CVE-2008-4182 (Cross-site scripting (XSS) vulnerability in imp/test.php in Horde Turb ...)
	{DSA-1770-1}
	- turba2 2.2.1-2 (bug #500114; low)
	[etch] - turba2 <no-dsa> (Minor issue)
	- imp4 4.2-3 (bug #500553; low)
CVE-2008-4181 (Directory traversal vulnerability in includes/xml.php in the Netenberg ...)
	NOT-FOR-US: Netenberg Fantastico De Luxe module for cPanel
CVE-2008-4180 (Unspecified vulnerability in db.php in NooMS 1.1 allows remote attacke ...)
	NOT-FOR-US: NooMS
CVE-2008-4179 (Multiple cross-site scripting (XSS) vulnerabilities in NooMS 1.1 allow ...)
	NOT-FOR-US: NooMS
CVE-2008-4178 (SQL injection vulnerability in tr.php in DownlineGoldmine Special Cate ...)
	NOT-FOR-US: DownlineGoldmine, etc.
CVE-2008-4177 (SQL injection vulnerability in search.php in Pre Real Estate Listings  ...)
	NOT-FOR-US: Pre Real Estate Listings
CVE-2008-4176 (SQL injection vulnerability in izle.asp in FoT Video scripti 1.1 beta  ...)
	NOT-FOR-US: FoT Video scripti
CVE-2008-4175 (Multiple SQL injection vulnerabilities in Link Bid Script 1.5 allow re ...)
	NOT-FOR-US: Link Bid Script
CVE-2008-4174 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Dy ...)
	NOT-FOR-US: Dynamic MP3 Lister
CVE-2008-4173 (SQL injection vulnerability in ProArcadeScript 1.3 allows remote attac ...)
	NOT-FOR-US: ProArcadeScript
CVE-2008-4172 (SQL injection vulnerability in page.php in Cars &amp; Vehicle (aka Car ...)
	NOT-FOR-US: Cars & Vehicle
CVE-2008-4171 (SQL injection vulnerability in xmlout.php in Invision Power Board (IP. ...)
	NOT-FOR-US: Invision Power Board
CVE-2008-4170 (create_account.php in osCommerce 2.2 RC 2a allows remote attackers to  ...)
	NOT-FOR-US: osCommerce
CVE-2008-4169 (SQL injection vulnerability in detaillist.php in iScripts EasyIndex, p ...)
	NOT-FOR-US: iScripts EasyIndex
CVE-2008-4168 (Cross-site scripting (XSS) vulnerability in verify_login.jsp in Pro2co ...)
	NOT-FOR-US: Pro2col Stingray FTS
CVE-2008-4167 (useradmin.php in Easy Photo Gallery (aka Ezphotogallery) 2.1 does not  ...)
	NOT-FOR-US: Easy Photo Gallery
CVE-2008-4166 (Integer overflow in the JavaScript engine in Avant Browser 11.7 Build  ...)
	NOT-FOR-US: Avant Browser
CVE-2008-4165 (admin/user/create_user.php in Kolab Groupware Server 1.0.0 places a us ...)
	NOT-FOR-US: Kolab Groupware Server 1.0.0
	NOTE: Debian has kolabd and kolab-webadmin, but neither has the file create_user.php.
	NOTE: But we have only 0.4 (in etch) and 2.1 (in lenny+sid), maybe 1.0 is different.
CVE-2008-4164 (cron.php in MemHT Portal 3.9.0 and earlier allows remote attackers to  ...)
	NOT-FOR-US: MemHT Portal
CVE-2008-4163 (Unspecified vulnerability in ISC BIND 9.3.5-P2-W1, 9.4.2-P2-W1, and 9. ...)
	- bind9 <not-affected> (windows specific issue)
CVE-2008-4162 (Open redirect vulnerability in admin/auth.php in NooMS 1.1 allows remo ...)
	NOT-FOR-US: NooMS
CVE-2008-4161 (SQL injection vulnerability in search_inv.php in Assetman 2.5b allows  ...)
	NOT-FOR-US: Assetman
CVE-2008-4160 (Unspecified vulnerability in the UFS module in Sun Solaris 8 through 1 ...)
	NOT-FOR-US: Sun Solaris
CVE-2008-4159 (SQL injection vulnerability in index.php in Jaw Portal and Zanfi CMS l ...)
	NOT-FOR-US: Jaw Portal and Zanfi CMS
CVE-2008-4158 (Multiple directory traversal vulnerabilities in index.php in Zanfi CMS ...)
	NOT-FOR-US: Zanfi CMS
CVE-2008-4157 (SQL injection vulnerability in groups.php in Vastal I-Tech phpVID 1.1  ...)
	NOT-FOR-US: Vastal I-Tech phpVID
CVE-2008-4156 (SQL injection vulnerability in print.php in CustomCms (CCMS) Gaming Po ...)
	NOT-FOR-US: CustomCms (CCMS) Gaming Portal
CVE-2008-4155 (Multiple directory traversal vulnerabilities in EasySite 2.3 allow rem ...)
	NOT-FOR-US: EasySite
CVE-2008-4154 (SQL injection vulnerability in living-e webEdition CMS allows remote a ...)
	NOT-FOR-US: living-e webEdition CMS
CVE-2008-4153 (The Talk module 5.x before 5.x-1.3 and 6.x before 6.x-1.5, a module fo ...)
	NOT-FOR-US: Talk module for Drupal
CVE-2008-4152 (Cross-site scripting (XSS) vulnerability in the Talk module 5.x before ...)
	NOT-FOR-US: Talk module for Drupal
CVE-2008-4151 (Directory traversal vulnerability in collect.php in CYASK 3.x allows r ...)
	NOT-FOR-US: CYASK
CVE-2008-4150 (SQL injection vulnerability in picture_category.php in Diesel Joke Sit ...)
	NOT-FOR-US: Diesel Joke Site
CVE-2008-4149 (Cross-site scripting (XSS) vulnerability in the Greg Holsclaw Link to  ...)
	NOT-FOR-US: Greg Holsclaw Link to Us module for Drupal
CVE-2008-4148 (SQL injection vulnerability in the Mailhandler module 5.x before 5.x-1 ...)
	NOT-FOR-US: Mailhandler module for Drupal
CVE-2008-4147 (Cross-site scripting (XSS) vulnerability in the Mailsave module 5.x be ...)
	NOT-FOR-US: Mailsave module for Drupal
CVE-2008-4146 (Addalink 1.0 beta 4 and earlier allows remote attackers to (1) approve ...)
	NOT-FOR-US: Addalink
CVE-2008-4145 (SQL injection vulnerability in user_read_links.php in Addalink 1.0 bet ...)
	NOT-FOR-US: Addalink
CVE-2008-4144 (SQL injection vulnerability in index.php in ACG-ScriptShop E-Gold Scri ...)
	NOT-FOR-US: ACG-ScriptShop E-Gold Script Shop
CVE-2008-4143 (SQL injection vulnerability in category_search.php in RazorCommerce Sh ...)
	NOT-FOR-US: RazorCommerce Shopping Cart
CVE-2008-4142 (SQL injection vulnerability in article.php in E-Php CMS allows remote  ...)
	NOT-FOR-US: E-Php CMS
CVE-2008-4141 (Multiple PHP remote file inclusion vulnerabilities in x10Media x10 Aut ...)
	NOT-FOR-US: x10Media x10 Automatic MP3 Script
CVE-2008-4140 (Cross-site scripting (XSS) vulnerability in admin.php in Quick.Cart 3. ...)
	NOT-FOR-US: Quick.Cart
CVE-2008-4139 (Cross-site scripting (XSS) vulnerability in admin.php in OpenSolution  ...)
	NOT-FOR-US: OpenSolution Quick.Cms.Lite
CVE-2008-4138 (PHP remote file inclusion vulnerability in skin_shop/standard/3_plugin ...)
	NOT-FOR-US: Technote
CVE-2008-4137 (PHP remote file inclusion vulnerability in footer.php in PHP-Crawler 0 ...)
	NOT-FOR-US: PHP-Crawler
CVE-2008-4136 (Michael Roth Software Personal FTP Server (PFT) 6.0f allows remote att ...)
	NOT-FOR-US: Michael Roth Software Personal FTP Server (PFT)
CVE-2008-4135 (Symbian OS S60 3rd edition on the Nokia E90 Communicator 07.40.1.2 Ra- ...)
	NOT-FOR-US: Symbian
CVE-2008-4134 (PHP remote file inclusion vulnerability in manager/static/view.php in  ...)
	NOT-FOR-US: phpRealty
CVE-2008-4133 (The web proxy service on the D-Link DIR-100 with firmware 1.12 and ear ...)
	NOT-FOR-US: D-Link
CVE-2008-4132 (Stack-based buffer overflow in the VSFlexGrid.VSFlexGridL ActiveX cont ...)
	NOT-FOR-US: SFlexGrid.VSFlexGridL ActiveX
CVE-2008-4131 (Multiple unspecified vulnerabilities in Sun Solaris 8 through 10 allow ...)
	NOT-FOR-US: Sun Solaris
CVE-2008-4130 (Cross-site scripting (XSS) vulnerability in Gallery 2.x before 2.2.6 a ...)
	- gallery2 2.2.6-1
CVE-2008-4129 (Gallery before 1.5.9, and 2.x before 2.2.6, does not properly handle Z ...)
	- gallery 1.5.9-1 (medium)
	- gallery2 2.2.6-1 (medium)
CVE-2008-4128 (Multiple cross-site request forgery (CSRF) vulnerabilities in the HTTP ...)
	NOT-FOR-US: Cisco
CVE-2008-4127 (Mshtml.dll in Microsoft Internet Explorer 7 Gold 7.0.5730 and 8 Beta 8 ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-4126 (PyDNS (aka python-dns) before 2.3.1-5 in Debian GNU/Linux does not use ...)
	{DSA-1619-1}
	- python-dns 2.3.1-5 (bug #490217)
CVE-2008-4125 (The search function in phpBB 2.x provides a search_id value that leaks ...)
	- phpbb2 2.0.23+repack-3 (low; bug #500086)
	[etch] - phpbb2 <no-dsa> (Minor issue)
	- phpbb3 <not-affected> (vulnerable code not present)
	NOTE: this is actually a bug in the seeding by PHP, not phpBB per se, but
	NOTE: fixing it nonetheless as a workaround.
CVE-2008-4124
	RESERVED
CVE-2008-4123
	RESERVED
CVE-2008-4122 (Joomla! 1.5.8 does not set the secure flag for the session cookie in a ...)
	NOT-FOR-US: Joomla!
CVE-2008-4121 (Multiple cross-site scripting (XSS) vulnerabilities in cpCommerce befo ...)
	NOT-FOR-US: cpCommerce
CVE-2008-4120 (Multiple cross-site scripting (XSS) vulnerabilities in FlatPress 0.804 ...)
	NOT-FOR-US: FlatPress
CVE-2008-4119 (Multiple cross-site scripting (XSS) vulnerabilities in CA Service Desk ...)
	NOT-FOR-US: CA Service Desk
CVE-2008-4118 (Cross-site scripting (XSS) vulnerability in High Norm Sound Master 2nd ...)
	NOT-FOR-US: High Norm Sound Master
CVE-2008-4117 (Unspecified vulnerability in a web page in the PRM module in Sun Manag ...)
	NOT-FOR-US: Sun Management Center (SunMC)
CVE-2008-4116 (Buffer overflow in Apple QuickTime 7.5.5 and iTunes 8.0 allows remote  ...)
	NOT-FOR-US: Apple
CVE-2008-4201 (Heap-based buffer overflow in the decodeMP4file function (frontend/mai ...)
	- faad2 2.6.1-3.1 (bug #499899)
	NOTE: http://bugs.gentoo.org/show_bug.cgi?id=238445
	NOTE: http://www.audiocoding.com/
	NOTE: http://www.audiocoding.com/patch/main_overflow.diff
CVE-2008-4115 (TalkBack 2.3.6 allows remote attackers to obtain configuration informa ...)
	NOT-FOR-US: TalkBack
CVE-2008-4114 (srv.sys in the Server service in Microsoft Windows 2000 SP4, XP SP2 an ...)
	NOT-FOR-US: Microsoft Windows
CVE-2008-4113 (The sctp_getsockopt_hmac_ident function in net/sctp/socket.c in the St ...)
	{DSA-1655-1}
	- linux-2.6 2.6.26-5
	[etch] - linux-2.6 <not-affected> (Vulnerable code not present)
	- linux-2.6.24 2.6.24-6~etchnhalf.6
CVE-2008-4112
	REJECTED
CVE-2008-4111 (Unspecified vulnerability in Servlet Engine/Web Container in IBM WebSp ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2008-4110 (Buffer overflow in the SQLVDIRLib.SQLVDirControl ActiveX control in To ...)
	NOT-FOR-US: Microsoft
CVE-2008-4107 (The (1) rand and (2) mt_rand functions in PHP 5.2.6 do not produce cry ...)
	- php5 <removed> (unimportant; bug #500087)
	NOTE: the rand() and mt_rand() functions were never said to be cryptographically strong
	NOTE: http://www.math.sci.hiroshima-u.ac.jp/~m-mat/MT/efaq.html
CVE-2008-4106 (WordPress before 2.6.2 does not properly handle MySQL warnings about i ...)
	{DSA-1871-2 DSA-1871-1}
	- wordpress 2.5.1-8 (bug #500115)
CVE-2008-4105 (JRequest in Joomla! 1.5 before 1.5.7 does not sanitize variables that  ...)
	NOT-FOR-US: Joomla!
CVE-2008-4104 (Multiple open redirect vulnerabilities in Joomla! 1.5 before 1.5.7 all ...)
	NOT-FOR-US: Joomla!
CVE-2008-4103 (The mailto (aka com_mailto) component in Joomla! 1.5 before 1.5.7 send ...)
	NOT-FOR-US: Joomla!
CVE-2008-4102 (Joomla! 1.5 before 1.5.7 initializes PHP's PRNG with a weak seed, whic ...)
	NOT-FOR-US: Joomla!
CVE-2008-4101 (Vim 3.0 through 7.x before 7.2.010 does not properly escape characters ...)
	{DSA-1733-1}
	- vim 2:7.2.010-1 (low; bug #500381)
	[lenny] - vim 1:7.1.314-3+lenny1
	[squeeze] - vim 1:7.1.314-3+lenny1
CVE-2008-4098 (MySQL before 5.0.67 allows local users to bypass certain privilege che ...)
	{DSA-1662-1}
	- mysql-dfsg-5.0 5.0.67-1
	[lenny] - mysql-dfsg-5.0 5.0.51a-18
	[squeeze] - mysql-dfsg-5.0 5.0.51a-18
CVE-2008-4097 (MySQL 5.0.51a allows local users to bypass certain privilege checks by ...)
	{DSA-1608-1}
	- mysql-dfsg-5.0 5.0.51a-10
CVE-2008-4095 (Multiple unspecified vulnerabilities in the Importer in Flip4Mac WMV b ...)
	NOT-FOR-US: Flip4Mac WMV
CVE-2008-4094 (Multiple SQL injection vulnerabilities in Ruby on Rails before 2.1.1 a ...)
	- rails 2.1.0-1 (medium; bug #500791)
	NOTE: in mysql this only allows information disclosure as multiline statements are
	NOTE: not allowed by default
CVE-2008-4093 (SQL injection vulnerability in memberstats.php in YourOwnBux 3.1 and 3 ...)
	NOT-FOR-US: YourOwnBux
CVE-2008-4092 (SQL injection vulnerability in printfeature.php in myPHPNuke (MPN) bef ...)
	NOT-FOR-US: myPHPNuke
CVE-2008-4091 (SQL injection vulnerability in index.php in Web Directory Script 1.5.3 ...)
	NOT-FOR-US: Web Directory Script
CVE-2008-4090 (SQL injection vulnerability in index.php in PHP Coupon Script 4.0 allo ...)
	NOT-FOR-US: PHP Coupon Script
CVE-2008-4089 (Cross-site scripting (XSS) vulnerability in print.php in myPHPNuke (MP ...)
	NOT-FOR-US: myPHPNuke
CVE-2008-4088 (SQL injection vulnerability in print.php in myPHPNuke (MPN) before 1.8 ...)
	NOT-FOR-US: myPHPNuke
CVE-2008-4087 (Stack-based buffer overflow in Acoustica Beatcraft 1.02 Build 19 allow ...)
	NOT-FOR-US: Acoustica Beatcraft
CVE-2008-4086 (SQL injection vulnerability in index.php in Reciprocal Links Manager 1 ...)
	NOT-FOR-US: Reciprocal Links Manager
CVE-2008-4085 (plaiter in Plait before 1.6 allows local users to overwrite arbitrary  ...)
	- plait 1.5.2-2 (low; bug #496381)
CVE-2008-4084 (SQL injection vulnerability in staticpages/easyclassifields/index.php  ...)
	NOT-FOR-US: MyioSoft EasyClassifields
CVE-2008-4083 (Cross-site scripting (XSS) vulnerability in the Bookmarks plugin in Br ...)
	NOT-FOR-US: Brim
CVE-2008-4082 (SQL injection vulnerability in the Tasks plugin in Brim 2.0.0, when ma ...)
	NOT-FOR-US: Brim
CVE-2008-4081 (admin/login.php in Stash 1.0.3 allows remote attackers to bypass authe ...)
	NOT-FOR-US: Stash
CVE-2008-4080 (SQL injection vulnerability in Stash 1.0.3, when magic_quotes_gpc is d ...)
	NOT-FOR-US: Stash
CVE-2008-4079 (Cross-site scripting (XSS) vulnerability in Movable Type (MT) 4.x thro ...)
	- movabletype-opensource 4.2~rc5-1 (low; bug #499252)
CVE-2008-4078 (SQL injection vulnerability in the AR/AP transaction report in (1) Led ...)
	- sql-ledger <unfixed> (unimportant)
	NOTE: Only supported behind an authenticated HTTP zone, see README.Debian
CVE-2008-4077 (The CGI scripts in (1) LedgerSMB (LSMB) before 1.2.15 and (2) SQL-Ledg ...)
	- sql-ledger <unfixed> (unimportant)
	NOTE: Only supported behind an authenticated HTTP zone
CVE-2008-4076 (Cross-site scripting (XSS) vulnerability in (1) Tor World Tor Board 1. ...)
	NOT-FOR-US: Tor World Software
CVE-2008-4075 (Directory traversal vulnerability in index.php in D-iscussion Board 3. ...)
	NOT-FOR-US: D-iscussion Board
CVE-2008-4074 (SQL injection vulnerability in index.php in Zanfi Autodealers CMS AutO ...)
	NOT-FOR-US: Zanfi Autodealers CMS
CVE-2008-4073 (SQL injection vulnerability in index.php in Zanfi Autodealers CMS AutO ...)
	NOT-FOR-US: Zanfi Autodealers CMS
CVE-2008-4072 (Multiple SQL injection vulnerabilities in index.php in phsBlog 0.2 all ...)
	NOT-FOR-US: phsBlog
CVE-2008-4071 (A certain ActiveX control in Adobe Acrobat 9, when used with Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2008-4070 (Heap-based buffer overflow in Mozilla Thunderbird before 2.0.0.17 and  ...)
	{DSA-1697-1 DSA-1696-1}
	- iceape 1.1.12-1
	- icedove 2.0.0.17-1
CVE-2008-4069 (The XBM decoder in Mozilla Firefox before 2.0.0.17 and SeaMonkey befor ...)
	{DSA-1697-1 DSA-1669-1 DSA-1649-1}
	- iceweasel 3.0.1-1
	- xulrunner 1.9.0.1-1
	- iceape 1.1.12-1
CVE-2008-4068 (Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 a ...)
	{DSA-1697-1 DSA-1696-1 DSA-1669-1 DSA-1649-1}
	- xulrunner 1.9.0.3-1
	- iceape 1.1.12-1
	- iceweasel 3.0.3-1
	- icedove 2.0.0.17-1
CVE-2008-4067 (Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 a ...)
	{DSA-1697-1 DSA-1696-1 DSA-1669-1 DSA-1649-1}
	- xulrunner 1.9.0.3-1
	- iceape 1.1.12-1
	- iceweasel 3.0.3-1
	- icedove 2.0.0.17-1
CVE-2008-4066 (Mozilla Firefox 2.0.0.14, and other versions before 2.0.0.17, allows r ...)
	{DSA-1669-1 DSA-1649-1}
	- iceweasel 3.0.1-1
	- xulrunner 1.9.0.1-1
	- iceape 1.1.12-1
	[etch] - iceape <end-of-life> (Etch Packages no longer covered by security support)
	- icedove 2.0.0.17-1
CVE-2008-4065 (Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird befo ...)
	{DSA-1697-1 DSA-1696-1 DSA-1669-1 DSA-1649-1}
	- xulrunner 1.9.0.3-1
	- iceape 1.1.12-1
	- iceweasel 3.0.3-1
	- icedove 2.0.0.17-1
CVE-2008-4064 (Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0 ...)
	{DSA-1669-1}
	- xulrunner 1.9.0.3-1
	- iceweasel 3.0.3-1
	[etch] - iceweasel <not-affected> (Vulnerable code not present)
CVE-2008-4063 (Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0 ...)
	{DSA-1669-1}
	- xulrunner 1.9.0.3-1
	- iceweasel 3.0.3-1
	[etch] - iceweasel <not-affected> (Vulnerable code not present)
CVE-2008-4062 (Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.1 ...)
	{DSA-1697-1 DSA-1696-1 DSA-1669-1 DSA-1649-1}
	- xulrunner 1.9.0.3-1
	- iceape 1.1.12-1
	- iceweasel 3.0.3-1
	- icedove 2.0.0.17-1
CVE-2008-4061 (Integer overflow in the MathML component in Mozilla Firefox before 2.0 ...)
	{DSA-1697-1 DSA-1696-1 DSA-1669-1 DSA-1649-1}
	- xulrunner 1.9.0.3-1
	- iceape 1.1.12-1
	- iceweasel 3.0.3-1
	- icedove 2.0.0.17-1
CVE-2008-4060 (Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird befo ...)
	{DSA-1697-1 DSA-1696-1 DSA-1669-1 DSA-1649-1}
	- xulrunner 1.9.0.3-1
	- iceape 1.1.12-1
	- iceweasel 3.0.3-1
	- icedove 2.0.0.17-1
CVE-2008-4059 (The XPConnect component in Mozilla Firefox before 2.0.0.17 allows remo ...)
	{DSA-1697-1 DSA-1696-1 DSA-1669-1 DSA-1649-1}
	- xulrunner 1.9.0.3-1
	- iceape 1.1.12-1
	- iceweasel 3.0.3-1
	- icedove 2.0.0.17-1
CVE-2008-4058 (The XPConnect component in Mozilla Firefox before 2.0.0.17 and 3.x bef ...)
	{DSA-1697-1 DSA-1696-1 DSA-1669-1 DSA-1649-1}
	- xulrunner 1.9.0.3-1
	- iceape 1.1.12-1
	- iceweasel 3.0.3-1
	- icedove 2.0.0.17-1
CVE-2008-4057 (Unspecified vulnerability in Objective Development Sharity 3 before 3. ...)
	NOT-FOR-US: Objective Development Sharity
CVE-2008-4056 (Cross-site scripting (XSS) vulnerability in admin/login.php in Matterd ...)
	NOT-FOR-US: Matterdaddy Market
CVE-2008-4055 (SQL injection vulnerability in tops_top.php in Million Pixel Ad Script ...)
	NOT-FOR-US: Million Pixel Ad Script
CVE-2008-4054 (SQL injection vulnerability in indir.php in Kolifa.net Download Script ...)
	NOT-FOR-US: Kolifa.net Download Script
CVE-2008-4053 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in th ...)
	NOT-FOR-US: Bluemoon PopnupBLOG
CVE-2008-4052 (Stack-based buffer overflow in SMGSHR.EXE in OpenVMS for Integrity Ser ...)
	NOT-FOR-US: OpenVMS for Integrity Servers
CVE-2008-4051 (Cross-site scripting (XSS) vulnerability in surveyresults.asp in Smart ...)
	NOT-FOR-US: Smart Survey
CVE-2008-4050 (A certain ActiveX control in fwRemoteCfg.dll 3.3.3.1 in Friendly Techn ...)
	NOT-FOR-US: Friendly Technologies FriendlyPPPoE Client
CVE-2008-4049 (A certain ActiveX control in fwRemoteCfg.dll 3.3.3.1 in Friendly Techn ...)
	NOT-FOR-US: Friendly Technologies FriendlyPPPoE Client
CVE-2008-4048 (Heap-based buffer overflow in a certain ActiveX control in fwRemoteCfg ...)
	NOT-FOR-US: Friendly Technologies FriendlyPPPoE Client
CVE-2008-4047 (Unspecified vulnerability in Novell Forum (formerly SiteScape Forum) 7 ...)
	NOT-FOR-US: Novell Forum
CVE-2008-4046 (SQL injection vulnerability in index.php in eliteCMS 1.0 allows remote ...)
	NOT-FOR-US: eliteCMS
CVE-2008-4045 (Multiple cross-site scripting (XSS) vulnerabilities in @Mail 5.42 allo ...)
	NOT-FOR-US: @Mail
CVE-2008-4044 (SQL injection vulnerability in article/readarticle.php in AJ Square aj ...)
	NOT-FOR-US: AJ Square aj-hyip
CVE-2008-4043 (Multiple SQL injection vulnerabilities in AJ Square AJ HYIP Acme allow ...)
	NOT-FOR-US: AJ Square aj-hyip
CVE-2008-4042
	REJECTED
CVE-2008-4041 (The IMAP server in Softalk Mail Server (formerly WorkgroupMail) 8.5.1. ...)
	NOT-FOR-US: Softalk Mail Server
CVE-2008-4040 (Directory traversal vulnerability in the Kyocera Command Center in Kyo ...)
	NOT-FOR-US: Kyocera FS-118MFP
CVE-2008-4039 (SQL injection vulnerability in index.php in Spice Classifieds allows r ...)
	NOT-FOR-US: Spice Classifieds
CVE-2008-4038 (Buffer underflow in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server ...)
	NOT-FOR-US: Microsoft Windows
CVE-2008-4037 (Microsoft Windows 2000 Gold through SP4, XP Gold through SP3, Server 2 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2008-4036 (Integer overflow in Memory Manager in Microsoft Windows XP SP2 and SP3 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2008-4035
	REJECTED
CVE-2008-4034
	REJECTED
CVE-2008-4033 (Cross-domain vulnerability in Microsoft XML Core Services 3.0 through  ...)
	NOT-FOR-US: Microsoft XML Core
CVE-2008-4032 (Microsoft Office SharePoint Server 2007 Gold and SP1 and Microsoft Sea ...)
	NOT-FOR-US: Microsoft Office Word
CVE-2008-4031 (Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and  ...)
	NOT-FOR-US: Microsoft Office Word
CVE-2008-4030 (Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and  ...)
	NOT-FOR-US: Microsoft Office Word
CVE-2008-4029 (Cross-domain vulnerability in Microsoft XML Core Services 3.0 and 4.0, ...)
	NOT-FOR-US: Microsoft XML Core
CVE-2008-4028 (Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and  ...)
	NOT-FOR-US: Microsoft Office Word
CVE-2008-4027 (Double free vulnerability in Microsoft Office Word 2000 SP3, 2002 SP3, ...)
	NOT-FOR-US: Microsoft Office Word
CVE-2008-4026 (Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and  ...)
	NOT-FOR-US: Microsoft Office Word
CVE-2008-4025 (Integer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3 ...)
	NOT-FOR-US: Microsoft Office Word
CVE-2008-4024 (Microsoft Office Word 2000 SP3 and 2002 SP3 and Office 2004 for Mac al ...)
	NOT-FOR-US: Microsoft Office Word
CVE-2008-4023 (Active Directory in Microsoft Windows 2000 SP4 does not properly alloc ...)
	NOT-FOR-US: Microsoft Windows
CVE-2008-4022
	REJECTED
CVE-2008-4021
	REJECTED
CVE-2008-4020 (Cross-site scripting (XSS) vulnerability in Microsoft Office XP SP3 al ...)
	NOT-FOR-US: Microsoft Office
CVE-2008-4019 (Integer overflow in the REPT function in Microsoft Excel 2000 SP3, 200 ...)
	NOT-FOR-US: Microsoft Office
CVE-2008-4109 (A certain Debian patch for OpenSSH before 4.3p2-9etch3 on etch; before ...)
	{DSA-1638-1 CVE-2006-5051}
	- openssh 1:4.6p1-1 (low)
	NOTE: The patch backported for CVE-2006-5051 was incorrect and did not
	NOTE: fully address the issue. The upstream fix in 4.4p1 was
	NOTE: right, and it the next unstable upload after that was 4.6p1.
CVE-2008-4100 (GNU adns 1.4 and earlier uses a fixed source port and sequential trans ...)
	- adns 1.4-2 (unimportant; bug #492698)
	NOTE: adns is not supported in untrusted contexts, fix documents this in README.Debian
CVE-2008-4099 (PyDNS (aka python-dns) before 2.3.1-4 in Debian GNU/Linux does not use ...)
	{DSA-1619-1}
	- python-dns 2.3.1-5 (low; bug #490217)
CVE-2008-4096 (libraries/database_interface.lib.php in phpMyAdmin before 2.11.9.1 all ...)
	{DSA-1641-1}
	- phpmyadmin 4:2.11.8.1-2 (medium)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2008-7/
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/f8d65ec564ada5c839be8f3f07f483cd82ce6a11 (2.11 branch)
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/64623fe9dbccff3f1ad9a54f844f91cefd07569c
CVE-2008-XXXX [unsafe use of tempfile in ssmclient]
	- smsclient <unfixed> (unimportant; bug #498901)
	NOTE: script is not in use and only a suggestion for users
CVE-2008-4108 (Tools/faqwiz/move-faqwiz.sh (aka the generic FAQ wizard moving tool) i ...)
	- python-defaults <unfixed> (unimportant; bug #498899)
	NOTE: script is an example, which can be used by users
CVE-2008-4018 (swcons in bos.rte.console in IBM AIX 5.2.0 through 6.1.1 allows local  ...)
	NOT-FOR-US: IBM AIX
CVE-2008-4017 (Unspecified vulnerability in the OC4J component in Oracle Application  ...)
	NOT-FOR-US: Oracle
CVE-2008-4016 (Unspecified vulnerability in the Collaborative Workspaces component in ...)
	NOT-FOR-US: Oracle
CVE-2008-4015 (Unspecified vulnerability in the Oracle Streams component in Oracle Da ...)
	NOT-FOR-US: Oracle
CVE-2008-4014 (Unspecified vulnerability in the Oracle BPEL Process Manager component ...)
	NOT-FOR-US: Oracle
CVE-2008-4013 (Unspecified vulnerability in the WebLogic Server component in BEA Prod ...)
	NOT-FOR-US: BEA WebLogic
CVE-2008-4012 (Unspecified vulnerability in the WebLogic Workshop component in BEA Pr ...)
	NOT-FOR-US: BEA WebLogic
CVE-2008-4011 (Unspecified vulnerability in the WebLogic Server component in BEA Prod ...)
	NOT-FOR-US: BEA WebLogic
CVE-2008-4010 (Unspecified vulnerability in the WebLogic Workshop component in BEA Pr ...)
	NOT-FOR-US: BEA WebLogic
CVE-2008-4009 (Unspecified vulnerability in the WebLogic Server component in BEA Prod ...)
	NOT-FOR-US: BEA WebLogic
CVE-2008-4008 (Unspecified vulnerability in the WebLogic Server Plugins for Apache co ...)
	NOT-FOR-US: BEA WebLogic
CVE-2008-4007 (Unspecified vulnerability in the PeopleSoft Enterprise Components comp ...)
	NOT-FOR-US: Oracle
CVE-2008-4006 (Unspecified vulnerability in the Oracle Secure Backup component in Ora ...)
	NOT-FOR-US: Oracle
CVE-2008-4005 (Unspecified vulnerability in the Oracle Application Express component  ...)
	NOT-FOR-US: Oracle
CVE-2008-4004 (Unspecified vulnerability in the JDE EnterpriseOne Business Service Se ...)
	NOT-FOR-US: Oracle
CVE-2008-4003 (Unspecified vulnerability in the PeopleTools component in Oracle Peopl ...)
	NOT-FOR-US: Oracle
CVE-2008-4002 (Unspecified vulnerability in the PeopleTools component in Oracle Peopl ...)
	NOT-FOR-US: Oracle
CVE-2008-4001 (Unspecified vulnerability in the PeopleSoft Enterprise Portal componen ...)
	NOT-FOR-US: Oracle
CVE-2008-4000 (Unspecified vulnerability in the PeopleTools component in Oracle Peopl ...)
	NOT-FOR-US: Oracle
CVE-2008-3999 (Unspecified vulnerability in the Oracle OLAP component in Oracle Datab ...)
	NOT-FOR-US: Oracle
CVE-2008-3998 (Unspecified vulnerability in the Oracle iStore component in Oracle E-B ...)
	NOT-FOR-US: Oracle
CVE-2008-3997 (Unspecified vulnerability in the Oracle OLAP component in Oracle Datab ...)
	NOT-FOR-US: Oracle
CVE-2008-3996 (Unspecified vulnerability in the Change Data Capture component in Orac ...)
	NOT-FOR-US: Oracle
CVE-2008-3995 (Unspecified vulnerability in the Change Data Capture component in Orac ...)
	NOT-FOR-US: Oracle
CVE-2008-3994 (Unspecified vulnerability in the Workspace Manager component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2008-3993 (Unspecified vulnerability in the Oracle Applications Framework compone ...)
	NOT-FOR-US: Oracle
CVE-2008-3992 (Unspecified vulnerability in the Oracle Data Mining component in Oracl ...)
	NOT-FOR-US: Oracle
CVE-2008-3991 (Unspecified vulnerability in the Oracle OLAP component in Oracle Datab ...)
	NOT-FOR-US: Oracle
CVE-2008-3990 (Unspecified vulnerability in the Oracle OLAP component in Oracle Datab ...)
	NOT-FOR-US: Oracle
CVE-2008-3989 (Unspecified vulnerability in the Oracle Data Mining component in Oracl ...)
	NOT-FOR-US: Oracle
CVE-2008-3988 (Unspecified vulnerability in the iSupplier Portal component in Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2008-3987 (Unspecified vulnerability in the Oracle Discoverer Desktop component i ...)
	NOT-FOR-US: Oracle
CVE-2008-3986 (Unspecified vulnerability in the Oracle Discoverer Administrator compo ...)
	NOT-FOR-US: Oracle
CVE-2008-3985 (Unspecified vulnerability in the Oracle Applications Technology Stack  ...)
	NOT-FOR-US: Oracle
CVE-2008-3984 (Unspecified vulnerability in the Workspace Manager component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2008-3983 (Unspecified vulnerability in the Workspace Manager component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2008-3982 (Unspecified vulnerability in the Workspace Manager component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2008-3981 (Unspecified vulnerability in the Oracle Secure Backup component in Ora ...)
	NOT-FOR-US: Oracle
CVE-2008-3980 (Unspecified vulnerability in the Upgrade component in Oracle Database  ...)
	NOT-FOR-US: Oracle
CVE-2008-3979 (Unspecified vulnerability in the Oracle Spatial component in Oracle Da ...)
	NOT-FOR-US: Oracle
CVE-2008-3978 (Unspecified vulnerability in the Oracle Spatial component in Oracle Da ...)
	NOT-FOR-US: Oracle
CVE-2008-3977 (Unspecified vulnerability in the Oracle Portal component in Oracle App ...)
	NOT-FOR-US: Oracle
CVE-2008-3976 (Unspecified vulnerability in the Oracle Spatial component in Oracle Da ...)
	NOT-FOR-US: Oracle
CVE-2008-3975 (Unspecified vulnerability in the Oracle Portal component in Oracle App ...)
	NOT-FOR-US: Oracle
CVE-2008-3974 (Unspecified vulnerability in the Oracle OLAP component in Oracle Datab ...)
	NOT-FOR-US: Oracle
CVE-2008-3973 (Unspecified vulnerability in the SQL*Plus Windows GUI component in Ora ...)
	NOT-FOR-US: Oracle
CVE-2008-3972 (pkcs15-tool in OpenSC before 0.11.6 does not apply security updates to ...)
	{DSA-1627-2}
	- opensc 0.11.4-5
CVE-2008-3971 (Heap-based buffer overflow in the open_man_file function in callbacks. ...)
	- gmanedit 0.4.1-1.1 (low; bug #497835)
	[etch] - gmanedit <no-dsa> (Minor issue)
CVE-2008-3970 (pam_mount 0.10 through 0.45, when luserconf is enabled, does not verif ...)
	{DTSA-169-1}
	- libpam-mount 0.48-1 (low; bug #499841)
CVE-2008-3969 (Multiple unspecified vulnerabilities in BitlBee before 1.2.3 allow rem ...)
	- bitlbee 1.2.3-1 (bug #498159)
	[etch] - bitlbee <not-affected> (1.0.x not affected)
CVE-2008-3968 (Cross-site scripting (XSS) vulnerability in userlist.php in PunBB befo ...)
	NOT-FOR-US: PunBB
CVE-2008-3967 (moderation.php in MyBB (aka MyBulletinBoard) before 1.4.1 does not pro ...)
	NOT-FOR-US: MyBB
CVE-2008-3966 (Multiple cross-site scripting (XSS) vulnerabilities in MyBB (aka MyBul ...)
	NOT-FOR-US: MyBB
CVE-2008-3965 (SQL injection vulnerability in misc.php in MyBB (aka MyBulletinBoard)  ...)
	NOT-FOR-US: MyBB
CVE-2008-3961 (Multiple unspecified vulnerabilities in Adobe Illustrator CS2 on Macin ...)
	NOT-FOR-US: Adobe Illustrator
CVE-2008-3960 (Unspecified vulnerability in the JDBC Applet Server Service (aka db2jd ...)
	NOT-FOR-US: IBM DB2 UDB
CVE-2008-3959 (IBM DB2 UDB 8.1 before FixPak 16, 8.2 before FixPak 9, and 9.1 before  ...)
	NOT-FOR-US: IBM DB2 UDB
CVE-2008-3958 (IBM DB2 UDB 8 before Fixpak 17 allows remote attackers to cause a deni ...)
	NOT-FOR-US: IBM DB2 UDB
CVE-2008-3957 (The Microsoft Windows Image Acquisition Logger ActiveX control allows  ...)
	NOT-FOR-US: Microsoft
CVE-2008-3956 (orgchart.exe in Microsoft Organization Chart 2.00 allows user-assisted ...)
	NOT-FOR-US: Microsoft
CVE-2008-3955 (SQL injection vulnerability in index.php in Masir Camp E-Shop Module 3 ...)
	NOT-FOR-US: Masir Camp E-Shop Module
CVE-2008-3954 (SQL injection vulnerability in index.php in AlstraSoft Forum Pay Per P ...)
	NOT-FOR-US: AlstraSoft Forum Pay Per Post Exchange
CVE-2008-3953 (SQL injection vulnerability in keyword_search_action.php in Vastal I-T ...)
	NOT-FOR-US: Vastal I-Tech Shaadi Zone
CVE-2008-3952 (SQL injection vulnerability in questions.php in EsFaq 2.0 allows remot ...)
	NOT-FOR-US: EsFaq
CVE-2008-3951 (SQL injection vulnerability in view_ann.php in Vastal I-Tech Agent Zon ...)
	NOT-FOR-US: The Real Estate Script
CVE-2008-3950 (Off-by-one error in the _web_drawInRect:withFont:ellipsis:alignment:me ...)
	- webkit <not-affected> (Vulnerable code not present)
	NOTE: bug #500306
CVE-2008-3949 (emacs/lisp/progmodes/python.el in Emacs 22.1 and 22.2 imports Python s ...)
	- emacs22 22.2+2-4 (low; bug #499568)
	- emacs21 <not-affected> (doesn't provide the python functionality)
	- xemacs21 <not-affected> (doesn't provide the python functionality)
	NOTE: This can happen with any Python script, just because Emacs autoloads one
	NOTE: doesn't make it much worse
CVE-2008-3948 (SQL injection vulnerability in admin/users/self-2.php in XRMS allows r ...)
	NOT-FOR-US: XRMS CRM
CVE-2008-3947 (DCL (aka the CLI) in OpenVMS Alpha 8.3 allows local users to gain priv ...)
	NOT-FOR-US: OpenVMS
CVE-2008-3946 (The finger client in HP TCP/IP Services for OpenVMS 5.x allows local u ...)
	NOT-FOR-US: OpenVMS
CVE-2008-3945 (SQL injection vulnerability in index.php in Words tag 1.2 allows remot ...)
	NOT-FOR-US: Words tag
CVE-2008-3944 (SQL injection vulnerability in index.php in ACG-PTP 1.0.6 allows remot ...)
	NOT-FOR-US: ACG-PTP
CVE-2008-3943 (SQL injection vulnerability in listtest.php in eZoneScripts Living Loc ...)
	NOT-FOR-US: eZoneScripts Living Local
CVE-2008-3942 (SQL injection vulnerability in landsee.php in Full PHP Emlak Script al ...)
	NOT-FOR-US: Full PHP Emlak Script
CVE-2008-3941 (Cross-site scripting (XSS) vulnerability in BizDirectory 2.04 and earl ...)
	NOT-FOR-US: BizDirectory
CVE-2008-3940 (Format string vulnerability in the finger client in HP TCP/IP Services ...)
	NOT-FOR-US: OpenVMS
CVE-2008-3939 (Directory traversal vulnerability in the web interface in AVTECH PageR ...)
	NOT-FOR-US: AVTECH PageR Enterprise
CVE-2008-3938 (Cross-site request forgery (CSRF) vulnerability in user_admin.php in O ...)
	NOT-FOR-US: Open Media Collectors Database
CVE-2008-3937 (Multiple cross-site scripting (XSS) vulnerabilities in Open Media Coll ...)
	NOT-FOR-US: Open Media Collectors Database
CVE-2008-3936 (The web interface in Dreambox DM500C allows remote attackers to cause  ...)
	NOT-FOR-US: Dreambox DM500C
CVE-2008-3935 (Cross-site scripting (XSS) vulnerability in DIC shop_v50 3.0 and earli ...)
	NOT-FOR-US: DIC shop_v50
CVE-2008-3931 (javareconf in R 2.7.2 allows local users to overwrite arbitrary files  ...)
	- r-base-core-ra 1.1.1-2 (low; bug #496363)
	- r-base 2.7.2-1 (low; bug #496418)
	[etch] - r-base <no-dsa> (Minor issue)
	[lenny] - r-base 2.7.1-1+lenny1
CVE-2008-3930 (migrate_aliases.sh in Citadel Server 7.37 allows local users to overwr ...)
	- citadel 7.37-3 (low; bug #496359)
CVE-2008-3929 (gather-messages.sh in Ampache 3.4.1 allows local users to overwrite ar ...)
	- ampache 3.4.1-2 (unimportant; bug #496369)
	NOTE: Tracking as unimportant, since the script is only used
	NOTE: when translating ampache to a new language
CVE-2008-3928 (test.sh in Honeyd 1.5c might allow local users to overwrite arbitrary  ...)
	- honeyd 1.5c-5 (unimportant; bug #496365)
	NOTE: Script not used by package, only a manual test script
CVE-2008-3927 (genmsgidx in Tiger 3.2.2 allows local users to overwrite or delete arb ...)
	- tiger 1:3.2.2-4 (unimportant; bug #496415)
	NOTE: Tracking as unimportant, since the script is only used
	NOTE: during build time
CVE-2008-3926 (Multiple directory traversal vulnerabilities in Content Management Mad ...)
	NOT-FOR-US: Content Management Made Easy
CVE-2008-3925 (Cross-site request forgery (CSRF) vulnerability in admin.php in Conten ...)
	NOT-FOR-US: Content Management Made Easy
CVE-2008-3924 (The "Make a backup" functionality in Content Management Made Easy (CMM ...)
	NOT-FOR-US: Content Management Made Easy
CVE-2008-3923 (Multiple cross-site scripting (XSS) vulnerabilities in statistics.php  ...)
	NOT-FOR-US: Content Management Made Easy
CVE-2008-3922 (awstatstotals.php in AWStats Totals 1.0 through 1.14 allows remote att ...)
	NOT-FOR-US: AWStats Totals
CVE-2008-3921 (Multiple cross-site scripting (XSS) vulnerabilities in AWStats Totals  ...)
	NOT-FOR-US: AWStats Totals
CVE-2008-3919 (Unspecified vulnerability in multiple JustSystems Ichitaro products al ...)
	NOT-FOR-US: JustSystems Ichitaro
CVE-2008-3918 (SQL injection vulnerability in index.php in Ovidentia 6.6.5 allows rem ...)
	NOT-FOR-US: Ovidentia
CVE-2008-3917 (Cross-site scripting (XSS) vulnerability in index.php in Ovidentia 6.6 ...)
	NOT-FOR-US: Ovidentia
CVE-2008-3916 (Heap-based buffer overflow in the strip_escapes function in signal.c i ...)
	- ed 0.7-2 (low)
	[etch] - ed <no-dsa> (Minor issue)
CVE-2008-3915 (Buffer overflow in nfsd in the Linux kernel before 2.6.26.4, when NFSv ...)
	{DSA-1636-1}
	- linux-2.6 2.6.26-5
	- linux-2.6.24 2.6.24-6~etchnhalf.5
	[etch] - linux-2.6 <not-affected> (Vulnerable code was introduced in 2.6.19)
	NOTE: 91b80969ba466ba4b915a4a1d03add8c297add3f
CVE-2008-3911 (The proc_do_xprt function in net/sunrpc/sysctl.c in the Linux kernel 2 ...)
	- linux-2.6 2.6.26-5
	[etch] - linux-2.6 <not-affected> (Vulnerable code not present)
	- linux-2.6.24 <not-affected> (Vulnerable code not present)
CVE-2008-3906 (CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows ...)
	- mono 1.9.1+dfsg-4 (low; bug #498894)
CVE-2008-3905 (resolv.rb in Ruby 1.8.5 and earlier, 1.8.6 before 1.8.6-p287, 1.8.7 be ...)
	{DSA-1652-1 DSA-1651-1}
	- ruby1.8 1.8.7.72-1 (bug #498978)
	- ruby1.9 1.9.0.2-6 (bug #498977)
CVE-2008-3903 (Asterisk Open Source 1.2.x before 1.2.32, 1.4.x before 1.4.24.1, and 1 ...)
	{DSA-1952-1}
	- asterisk 1:1.6.1.0~dfsg-1 (low; bug #522528)
	[etch] - asterisk <end-of-life> (Etch Packages no longer covered by security support)
	[lenny] - asterisk <no-dsa> (Minor issue)
	NOTE: http://downloads.asterisk.org/pub/security/AST-2009-003.html
CVE-2008-3902 (HP firmware 68DTT F.0D stores pre-boot authentication passwords in the ...)
	NOT-FOR-US: HP firmware 68DTT
CVE-2008-3962 (The from_format function in ssmtp.c in ssmtp 2.61 and 2.62, in certain ...)
	- ssmtp 2.62-1.1 (low; bug #498366)
	[etch] - ssmtp <no-dsa> (Minor issue, only affects rare corner cases)
CVE-2008-3963 (MySQL 5.0 before 5.0.66, 5.1 before 5.1.26, and 6.0 before 6.0.6 does  ...)
	{DSA-1783-1}
	- mysql-dfsg-5.0 5.0.51a-15 (low; bug #498362)
CVE-2008-3964 (Multiple off-by-one errors in libpng before 1.2.32beta01, and 1.4 befo ...)
	- libpng 1.2.27-2 (low; bug #501109)
	[etch] - libpng <not-affected> (Vulnerable code not present)
	NOTE: off-by-one error in pngpread.c is not present, must have
	NOTE: been introduced later, but pngtest.c is affected. However, there
	NOTE: is no known exploit.
CVE-2008-3912 (libclamav in ClamAV before 0.94 allows attackers to cause a denial of  ...)
	{DSA-1660-1}
	- clamav 0.94.dfsg-1
CVE-2008-3913 (Multiple memory leaks in freshclam/manager.c in ClamAV before 0.94 mig ...)
	{DSA-1660-1}
	- clamav 0.94.dfsg-1
CVE-2008-3914 (Multiple unspecified vulnerabilities in ClamAV before 0.94 have unknow ...)
	{DSA-1660-1}
	- clamav 0.94.dfsg-1
CVE-2008-3934 (Unspecified vulnerability in Wireshark (formerly Ethereal) 0.99.6 thro ...)
	{DTSA-167-1}
	- wireshark 1.0.3-1 (bug #497878)
	[etch] - wireshark <not-affected> (Only >= 0.99.6)
CVE-2008-3933 (Wireshark (formerly Ethereal) 0.10.14 through 1.0.2 allows attackers t ...)
	{DSA-1673-1 DTSA-167-1}
	- wireshark 1.0.3-1 (low; bug #497878)
CVE-2008-3932 (Wireshark (formerly Ethereal) 0.9.7 through 1.0.2 allows attackers to  ...)
	{DTSA-167-1}
	- wireshark 1.0.3-1 (low; bug #497878)
CVE-2008-3904 (src/main-win.c in GPicView 0.1.9 in Lightweight X11 Desktop Environmen ...)
	- gpicview 0.1.9-2 (low; bug #498022)
CVE-2008-3909 (The administration application in Django 0.91, 0.95, and 0.96 stores u ...)
	{DSA-1640-1}
	- python-django 1.0-1
	NOTE: http://www.djangoproject.com/weblog/2008/sep/02/security/
CVE-2008-3910 (dns2tcp before 0.4.1 does not properly handle negative values in a cer ...)
	- dns2tcp 0.4.dfsg-2 (medium; bug #497730)
CVE-2008-3901 (Software suspend 2 2-2.2.1, when used with the Linux kernel 2.6.16, st ...)
	- linux-patch-tuxonice <not-affected> (Fixed before initial upload)
CVE-2008-3900 (Intel firmware PE94510M.86A.0050.2007.0710.1559 stores pre-boot authen ...)
	NOT-FOR-US: Intel firmware
CVE-2008-3899 (TrueCrypt 5.0 stores pre-boot authentication passwords in the BIOS Key ...)
	NOT-FOR-US: TrueCrypt
CVE-2008-3898 (Secu Star DriveCrypt Plus Pack 3.9 stores pre-boot authentication pass ...)
	NOT-FOR-US: Secu Star DriveCrypt
CVE-2008-3897 (DiskCryptor 0.2.6 on Windows stores pre-boot authentication passwords  ...)
	NOT-FOR-US: DiskCryptor
CVE-2008-3896 (Grub Legacy 0.97 and earlier stores pre-boot authentication passwords  ...)
	- grub <unfixed> (unimportant)
	NOTE: you need to be root on linux to do this, root can easily edit menu.lst anyway
CVE-2008-3895 (LILO 22.6.1 and earlier stores pre-boot authentication passwords in th ...)
	- lilo <unfixed> (unimportant)
	NOTE: you need to be root on linux to do this, root can edit the configuration anyway
CVE-2008-3894 (IBM Lenovo firmware 7CETB5WW 2.05 stores pre-boot authentication passw ...)
	NOT-FOR-US: IBM Lenovo firmware
CVE-2008-3893 (Microsoft Bitlocker in Windows Vista before SP1 stores pre-boot authen ...)
	NOT-FOR-US: Bitlocker
CVE-2008-3892 (Buffer overflow in a certain ActiveX control in the COM API in VMware  ...)
	NOT-FOR-US: VMware COM API
CVE-2008-3891 (The SAML Single Sign-On (SSO) Service for Google Apps allows remote se ...)
	NOT-FOR-US: SAML Service for Google Apps
CVE-2008-3890 (The kernel in FreeBSD 6.3 through 7.0 on amd64 platforms can make an e ...)
	- kfreebsd-6 6.3-7
	- kfreebsd-7 7.0-5
CVE-2008-3888 (SQL injection vulnerability in members.asp in Mini-NUKE Freehost 2.3 a ...)
	NOT-FOR-US: Mini-NUKE Freehost
CVE-2008-3887 (Multiple SQL injection vulnerabilities in index.php in dotProject 2.1. ...)
	NOT-FOR-US: dotProject
CVE-2008-3886 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in do ...)
	NOT-FOR-US: dotProject
CVE-2008-3885 (Cross-site request forgery (CSRF) vulnerability in Blogn (BURO GUN) 1. ...)
	NOT-FOR-US: Blogn
CVE-2008-3884 (Cross-site scripting (XSS) vulnerability in Blogn (BURO GUN) 1.9.7 and ...)
	NOT-FOR-US: Blogn
CVE-2008-3883 (configvar in Caudium 1.4.12 allows local users to overwrite arbitrary  ...)
	- caudium 1.4.12-11.1 (low; bug #496404)
CVE-2008-3882 (Unspecified "Command Injection" vulnerability in ZoneMinder 1.23.3 and ...)
	- zoneminder 1.24.1-1 (bug #497640)
CVE-2008-3881 (Multiple cross-site scripting (XSS) vulnerabilities in ZoneMinder 1.23 ...)
	- zoneminder 1.24.1-1 (low; bug #497640)
CVE-2008-3880 (SQL injection vulnerability in zm_html_view_event.php in ZoneMinder 1. ...)
	- zoneminder 1.24.1-1 (bug #497640)
CVE-2008-3879 (The Ultra.OfficeControl ActiveX control in OfficeCtrl.ocx 2.0.2008.801 ...)
	NOT-FOR-US: ActiveX control in OfficeCtrl.ocx
CVE-2008-3878 (Stack-based buffer overflow in the Ultra.OfficeControl ActiveX control ...)
	NOT-FOR-US: ActiveX control in OfficeCtrl.ocx
CVE-2008-3877 (Stack-based buffer overflow in Acoustica Mixcraft 4.1 Build 96 and 4.2 ...)
	NOT-FOR-US: Acoustica Mixcraft
CVE-2008-3876 (Apple iPhone 2.0.2, in some configurations, allows physically proximat ...)
	NOT-FOR-US: Apple iPhone
CVE-2008-3875 (The kernel in Sun Solaris 8 through 10 and OpenSolaris before snv_90 a ...)
	NOT-FOR-US: Sun Solaris 8
CVE-2008-3874 (Cross-site scripting (XSS) vulnerability in account.php in Lussumo Van ...)
	NOT-FOR-US: Lussumo Vanilla
CVE-2008-3873 (The System.setClipboard method in ActionScript in Adobe Flash Player 9 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2008-3872 (Adobe Flash Player 8.0.39.0 and earlier, and 9.x up to 9.0.115.0, allo ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2008-3871 (Multiple format string vulnerabilities in UltraISO 9.3.1.2633, and pos ...)
	NOT-FOR-US: UltraISO
CVE-2008-3870 (Integer overflow in sadmind in Sun Solaris 8 and 9 allows remote attac ...)
	NOT-FOR-US: Sun Solaris
CVE-2008-3869 (Heap-based buffer overflow in sadmind in Sun Solaris 8 and 9 allows re ...)
	NOT-FOR-US: Sun Solaris
CVE-2008-3868 (Cross-site request forgery (CSRF) vulnerability in Interact 2.4.1 allo ...)
	NOT-FOR-US: Interact
CVE-2008-3867 (SQL injection vulnerability in spaces/emailuser.php in Interact 2.4.1  ...)
	NOT-FOR-US: Interact
CVE-2008-3866 (The Trend Micro Personal Firewall service (aka TmPfw.exe) in Trend Mic ...)
	NOT-FOR-US: Trend Micro Personal Firewall
CVE-2008-3865 (Multiple heap-based buffer overflows in the ApiThread function in the  ...)
	NOT-FOR-US: Trend Micro Network Security Component
CVE-2008-3864 (The ApiThread function in the firewall service (aka TmPfw.exe) in Tren ...)
	NOT-FOR-US: Trend Micro Network Security Component
CVE-2008-3863 (Stack-based buffer overflow in the read_special_escape function in src ...)
	{DSA-1670-1}
	- enscript 1.6.4-13 (bug #506261)
CVE-2008-3862 (Stack-based buffer overflow in CGI programs in the server in Trend Mic ...)
	NOT-FOR-US: Trend Micro OfficeScan
CVE-2008-3861 (Multiple SQL injection vulnerabilities in phpMyRealty (PMR) 1.0.9 and  ...)
	NOT-FOR-US: phpMyRealty
CVE-2008-3860 (Multiple cross-site scripting (XSS) vulnerabilities (1) in the WYSIWYG ...)
	NOT-FOR-US: IBM, Lotus Quickr 8.1
CVE-2008-3859 (Davlin Thickbox Gallery 2 allows remote attackers to obtain the admini ...)
	NOT-FOR-US: Davlin Thickbox Gallery
CVE-2008-3858 (The Downlevel DB2RA Support component in IBM DB2 9.1 before Fixpak 4a  ...)
	NOT-FOR-US: IBM DB2
CVE-2008-3857 (The Base Service Utilities component in IBM DB2 9.1 before Fixpak 5 re ...)
	NOT-FOR-US: IBM DB2
CVE-2008-3856 (The routine infrastructure component in IBM DB2 8 before FP17, 9.1 bef ...)
	NOT-FOR-US: IBM DB2
CVE-2008-3855 (Unspecified vulnerability in the DB2 Administration Server (DAS) in th ...)
	NOT-FOR-US: IBM DB2
CVE-2008-3854 (Multiple stack-based buffer overflows in IBM DB2 9.1 before Fixpak 5 a ...)
	NOT-FOR-US: IBM DB2
CVE-2008-3853 (Buffer overflow in the DAS server program in the Core DAS function com ...)
	NOT-FOR-US: IBM DB2
CVE-2008-3852 (Unspecified vulnerability in the CLR stored procedure deployment from  ...)
	NOT-FOR-US: IBM DB2
CVE-2008-3851 (Multiple directory traversal vulnerabilities in Pluck CMS 4.5.2 on Win ...)
	NOT-FOR-US: Pluck CMS
CVE-2008-3850 (Cross-site scripting (XSS) vulnerability in Accellion File Transfer FT ...)
	NOT-FOR-US: Accellion File Transfer
CVE-2008-3849 (Cross-site scripting (XSS) vulnerability in the calendar controller in ...)
	NOT-FOR-US: Civic Website Manager
CVE-2008-3848 (SQL injection vulnerability in single.php in Z-Breaknews 2.0 allows re ...)
	NOT-FOR-US: Z-Breaknews
CVE-2008-3847 (Multiple cross-site scripting (XSS) vulnerabilities in AN Guestbook (A ...)
	NOT-FOR-US: AN Guestbook
CVE-2008-3846 (Cross-site scripting (XSS) vulnerability in mysql-lists 1.2 and earlie ...)
	NOT-FOR-US: mysql-lists
CVE-2008-3845 (Multiple SQL injection vulnerabilities in Crafty Syntax Live Help (CSL ...)
	NOT-FOR-US: Crafty Syntax Live Help
CVE-2008-XXXX [nfdump vulnerable to symlink attacks]
	- nfdump 1.5.7-5 (bug #497452)
CVE-2008-3889 (Postfix 2.4 before 2.4.9, 2.5 before 2.5.5, and 2.6 before 2.6-2008090 ...)
	- postfix 2.5.5-1 (low)
	[etch] - postfix <not-affected> (Vulnerable code not present)
	NOTE: http://www.postfix.org/announcements/20080902.html
CVE-2008-3908 (Multiple buffer overflows in Princeton WordNet (wn) 3.0 allow context- ...)
	{DSA-1634-1 DTSA-163-1}
	- wordnet 1:3.0-12 (medium; bug #497441)
	[lenny] - wordnet 3.0-11+lenny1
	[etch] - wordnet 1:2.1-4+etch1
	NOTE: 1:3.0-12 had a regression and the patch was slightly updated
	NOTE: by 1:3.0-13 to fix this bug
CVE-2008-3907 (The open-in-browser command in newsbeuter before 1.1 allows remote att ...)
	{DTSA-164-1 DTSA-164-2}
	[lenny] - newsbeuter 0.9.1-1+lenny3
	- newsbeuter 1.2-1 (medium)
	NOTE: medium as versions < 1.0-1 didn't include a patch to wrap long article URLs so the
	NOTE: crafted part of the URL can be hidden. This of course only affects people not reading
	NOTE: articles in the built-in reader.
CVE-2008-3920 (Unspecified vulnerability in BitlBee before 1.2.2 allows remote attack ...)
	- bitlbee 1.2.2-1
	[etch] - bitlbee <not-affected> (1.0.x not affected)
CVE-2008-4978 (radiance 3R9+20080530 allows local users to overwrite arbitrary files  ...)
	- radiance 3R9+20080530-4 (low; bug #496423)
CVE-2008-3844 (Certain Red Hat Enterprise Linux (RHEL) 4 and 5 packages for OpenSSH,  ...)
	NOT-FOR-US: Red Hat services issue
CVE-2008-3843 (Request Validation (aka the ValidateRequest filters) in ASP.NET in Mic ...)
	NOT-FOR-US: Microsoft .NET Framework
CVE-2008-3842 (Request Validation (aka the ValidateRequest filters) in ASP.NET in Mic ...)
	NOT-FOR-US: Microsoft .NET Framework
CVE-2008-3841 (Cross-site scripting (XSS) vulnerability in admin/search_links.php in  ...)
	NOT-FOR-US: Freeway eCommerce
CVE-2008-3840 (Crafty Syntax Live Help (CSLH) 2.14.6 and earlier stores passwords in  ...)
	NOT-FOR-US: Crafty Syntax Live Help (CSLH)
CVE-2008-3839 (Unspecified vulnerability in the NFS module in the kernel in Sun Solar ...)
	NOT-FOR-US: Solaris
CVE-2008-3838 (Unspecified vulnerability in the NFS Remote Procedure Calls (RPC) zone ...)
	NOT-FOR-US: Solaris
CVE-2008-3837 (Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, and SeaMonkey be ...)
	{DSA-1697-1 DSA-1669-1 DSA-1649-1}
	- iceweasel 3.0.3-1 (low)
	- xulrunner 1.9.0.3-1 (low)
	- iceape 1.1.12-1 (low)
CVE-2008-3836 (feedWriter in Mozilla Firefox before 2.0.0.17 allows remote attackers  ...)
	{DSA-1697-1 DSA-1669-1 DSA-1649-1}
	- iceweasel 3.0.1-1
	- xulrunner 1.9.0.1-1
	- iceape 1.1.12-1
CVE-2008-3835 (The nsXMLDocument::OnChannelRedirect function in Mozilla Firefox befor ...)
	{DSA-1697-1 DSA-1696-1 DSA-1669-1 DSA-1649-1}
	- xulrunner 1.9.0.1-1
	- iceweasel 3.0.1-1
	- iceape 1.1.12-1
	- icedove 2.0.0.17-1
CVE-2008-3834 (The dbus_signature_validate function in the D-bus library (libdbus) be ...)
	{DSA-1658-1}
	- dbus 1.2.1-4 (bug #501443)
CVE-2008-3833 (The generic_file_splice_write function in fs/splice.c in the Linux ker ...)
	{DSA-1653-1}
	- linux-2.6 2.6.19-1
	- linux-2.6.24 <not-affected> (Fixed in upstream before 2.6.24)
CVE-2008-3832 (A certain Fedora patch for the utrace subsystem in the Linux kernel be ...)
	- linux-2.6 <not-affected> (Fedora-specific patch)
	- linux-2.6.24 <not-affected> (Fedora-specific patch)
CVE-2008-3831 (The i915 driver in (1) drivers/char/drm/i915_dma.c in the Linux kernel ...)
	{DSA-1655-1}
	[etch] - linux-2.6 <not-affected> (Vulnerable code not present)
	- linux-2.6 2.6.26-9
CVE-2008-3830 (Condor before 7.0.5 does not properly handle when the configuration sp ...)
	- condor <not-affected> (Fixed before initial upload to archive)
CVE-2008-3829 (Unspecified vulnerability in the condor_ schedd daemon in Condor befor ...)
	- condor <not-affected> (Fixed before initial upload to archive)
CVE-2008-3828 (Stack-based buffer overflow in the condor_ schedd daemon in Condor bef ...)
	- condor <not-affected> (Fixed before initial upload to archive)
CVE-2008-3827 (Multiple integer underflows in the Real demuxer (demux_real.c) in MPla ...)
	{DSA-1644-1 DTSA-168-1}
	- mplayer 1.0~rc2-18 (medium; bug #500683)
	NOTE: http://www.ocert.org/advisories/ocert-2008-013.html
CVE-2008-3826 (Unspecified vulnerability in Condor before 7.0.5 allows attackers to e ...)
	- condor <not-affected> (Fixed before initial upload to archive)
CVE-2008-3825 (pam_krb5 2.2.14 in Red Hat Enterprise Linux (RHEL) 5 and earlier, when ...)
	NOT-FOR-US: Different code base than Debian's libpam-krb5
CVE-2008-3824 (Cross-site scripting (XSS) vulnerability in (1) Text_Filter/Filter/xss ...)
	{DSA-1642-1 DTSA-165-1}
	- horde3 3.2.2+debian0-1 (low; bug #499579)
CVE-2008-3823 (Cross-site scripting (XSS) vulnerability in MIME/MIME/Contents.php in  ...)
	{DSA-1642-1 DTSA-165-1}
	- horde3 3.2.2+debian0-1 (low; bug #499579)
CVE-2008-3822
	REJECTED
CVE-2008-3821 (Multiple cross-site scripting (XSS) vulnerabilities in the HTTP server ...)
	NOT-FOR-US: Cisco IOS
CVE-2008-3820 (Cisco Security Manager 3.1 and 3.2 before 3.2.2, when Cisco IPS Event  ...)
	NOT-FOR-US: Cisco Security Manager
CVE-2008-3819 (dnsserver in Cisco Application Control Engine Global Site Selector (GS ...)
	NOT-FOR-US: Cisco Application Control Engine Global Site Selector (GSS)
CVE-2008-3818 (Cisco ONS 15310-CL, 15310-MA, 15327, 15454, 15454 SDH, and 15600 with  ...)
	NOT-FOR-US: Cisco ONS
CVE-2008-3817 (Memory leak in Cisco Adaptive Security Appliances (ASA) 5500 Series an ...)
	NOT-FOR-US: Cisco
CVE-2008-3816 (Unspecified vulnerability in Cisco Adaptive Security Appliances (ASA)  ...)
	NOT-FOR-US: Cisco
CVE-2008-3815 (Unspecified vulnerability in Cisco Adaptive Security Appliances (ASA)  ...)
	NOT-FOR-US: Cisco
CVE-2008-3814 (Unspecified vulnerability in Cisco Unity 4.x before 4.2(1)ES161, 5.x b ...)
	NOT-FOR-US: Cisco
CVE-2008-3813 (Unspecified vulnerability in Cisco IOS 12.2 and 12.4, when the L2TP mg ...)
	NOT-FOR-US: Cisco IOS
CVE-2008-3812 (Cisco IOS 12.4, when IOS firewall Application Inspection Control (AIC) ...)
	NOT-FOR-US: Cisco IOS
CVE-2008-3811 (Cisco IOS 12.2 and 12.4, when NAT Skinny Call Control Protocol (SCCP)  ...)
	NOT-FOR-US: Cisco IOS
CVE-2008-3810 (Cisco IOS 12.2 and 12.4, when NAT Skinny Call Control Protocol (SCCP)  ...)
	NOT-FOR-US: Cisco IOS
CVE-2008-3809 (Cisco IOS 12.0 through 12.4 on Gigabit Switch Router (GSR) devices (ak ...)
	NOT-FOR-US: Cisco IOS
CVE-2008-3808 (Unspecified vulnerability in Cisco IOS 12.0 through 12.4 allows remote ...)
	NOT-FOR-US: Cisco IOS
CVE-2008-3807 (Cisco IOS 12.2 and 12.3 on Cisco uBR10012 series devices, when linecar ...)
	NOT-FOR-US: Cisco IOS
CVE-2008-3806 (Cisco IOS 12.0 through 12.4 on Cisco 10000, uBR10012 and uBR7200 serie ...)
	NOT-FOR-US: Cisco IOS
CVE-2008-3805 (Cisco IOS 12.0 through 12.4 on Cisco 10000, uBR10012 and uBR7200 serie ...)
	NOT-FOR-US: Cisco IOS
CVE-2008-3804 (Unspecified vulnerability in the Multi Protocol Label Switching (MPLS) ...)
	NOT-FOR-US: Cisco IOS
CVE-2008-3803 (A "logic error" in Cisco IOS 12.0 through 12.4, when a Multiprotocol L ...)
	NOT-FOR-US: Cisco IOS
CVE-2008-3802 (Unspecified vulnerability in the Session Initiation Protocol (SIP) imp ...)
	NOT-FOR-US: Cisco IOS
CVE-2008-3801 (Unspecified vulnerability in the Session Initiation Protocol (SIP) imp ...)
	NOT-FOR-US: Cisco IOS
CVE-2008-3800 (Unspecified vulnerability in the Session Initiation Protocol (SIP) imp ...)
	NOT-FOR-US: Cisco IOS
CVE-2008-3799 (Memory leak in the Session Initiation Protocol (SIP) implementation in ...)
	NOT-FOR-US: Cisco IOS
CVE-2008-3798 (Cisco IOS 12.4 allows remote attackers to cause a denial of service (d ...)
	NOT-FOR-US: Cisco IOS
CVE-2008-3797
	RESERVED
CVE-2008-3796 (Swfdec 0.6 before 0.6.8 allows remote attackers to cause a denial of s ...)
	- swfdec0.6 0.6.8-1
CVE-2008-3795 (Buffer overflow in Ipswitch WS_FTP Home client allows remote FTP serve ...)
	NOT-FOR-US: WS_FTP Home
CVE-2008-3793
	REJECTED
CVE-2008-3792 (net/sctp/socket.c in the Stream Control Transmission Protocol (sctp) i ...)
	{DSA-1636-1}
	- linux-2.6.24 2.6.24-6~etchnhalf.5
	- linux-2.6 2.6.26-4
	[etch] - linux-2.6 <not-affected>
CVE-2008-3788 (Multiple SQL injection vulnerabilities in PICTURESPRO Photo Cart 3.9,  ...)
	NOT-FOR-US: PICTURESPRO Photo Cart 3.9
CVE-2008-3787 (SQL injection vulnerability in listing_view.php in Web Directory Scrip ...)
	NOT-FOR-US: Web Directory Script
CVE-2008-3786 (Cross-site scripting (XSS) vulnerability in index.php in PICTURESPRO P ...)
	NOT-FOR-US: PICTURESPRO Photo Cart 3.9
CVE-2008-3785 (Multiple SQL injection vulnerabilities in the com_content component in ...)
	NOT-FOR-US: MiaCMS
CVE-2008-3784 (SQL injection vulnerability in scrape.php in BtiTracker 1.4.7 and earl ...)
	NOT-FOR-US: BtiTracker
CVE-2008-3783 (Multiple SQL injection vulnerabilities in index.php in Matterdaddy Mar ...)
	NOT-FOR-US: Matterdaddy Market
CVE-2008-3782 (Multiple cross-site scripting (XSS) vulnerabilities in admin/index.php ...)
	NOT-FOR-US: ACG-PTP
CVE-2008-3781 (Cross-site scripting (XSS) vulnerability in GMOD GBrowse before 1.69 a ...)
	NOT-FOR-US: GMOD GBrowse
CVE-2008-3780 (SQL injection vulnerability in recommend.php in Five Star Review Scrip ...)
	NOT-FOR-US: Five Star Review Script
CVE-2008-3779 (Cross-site scripting (XSS) vulnerability in search/index.php in Five S ...)
	NOT-FOR-US: Five Star Review Script
CVE-2008-3778 (The remote management interface in SIP Enablement Services (SES) Serve ...)
	NOT-FOR-US: Avaya SIP Enablement Services
CVE-2008-3777 (The SIP Enablement Services (SES) Server in Avaya SIP Enablement Servi ...)
	NOT-FOR-US: Avaya SIP Enablement Services
CVE-2008-3776 (Directory traversal vulnerability in Fujitsu Web-Based Admin View 2.1. ...)
	NOT-FOR-US: Fujitsu Web-Based Admin View
CVE-2008-3775 (Folder Lock 5.9.5 and earlier uses weak encryption (ROT-25) for the pa ...)
	NOT-FOR-US: Folder Lock
CVE-2008-3774 (SQL injection vulnerability in index.php in Simasy CMS allows remote a ...)
	NOT-FOR-US: Simasy CMS
CVE-2008-3773 (Cross-site scripting (XSS) vulnerability in vBulletin 3.7.2 PL1 and 3. ...)
	NOT-FOR-US: vBulletin
CVE-2008-3772 (SQL injection vulnerability in categories_portal.php in Pars4u Videosh ...)
	NOT-FOR-US: Pars4u Videosharing
CVE-2008-3771 (Cross-site scripting (XSS) vulnerability in members.php in Pars4u Vide ...)
	NOT-FOR-US: Pars4u Videosharing
CVE-2008-3770 (Multiple directory traversal vulnerabilities in Freeway 1.4.1.171, whe ...)
	NOT-FOR-US: Freeway
CVE-2008-3769 (PHP remote file inclusion vulnerability in admin/create_order_new.php  ...)
	NOT-FOR-US: Freeway
CVE-2008-3768 (Multiple SQL injection vulnerabilities in class.ajax.php in Turnkey We ...)
	NOT-FOR-US: Turnkey Web Tools SunShop Shopping Cart
CVE-2008-3767 (SQL injection vulnerability in classified.php in phpBazar 2.0.2 allows ...)
	NOT-FOR-US: phpBazar
CVE-2008-3766 (Realtime Internet Band Rehearsal Low-Latency (Internet) Connection too ...)
	NOT-FOR-US: Realtime Internet Band Rehearsal Low-Latency (Internet) Connection tool (llcon)
CVE-2008-3765 (SQL injection vulnerability in code.php in Quick Poll Script allows re ...)
	NOT-FOR-US: Quick Poll Script
CVE-2008-3764 (Eval injection vulnerability in globalsoff.php in Turnkey PHP Live Hel ...)
	NOT-FOR-US: Turnkey PHP Live Helper
CVE-2008-3763 (Variable overwrite vulnerability in libsecure.php in Turnkey PHP Live  ...)
	NOT-FOR-US: Turnkey PHP Live Helper
CVE-2008-3762 (SQL injection vulnerability in onlinestatus_html.php in Turnkey PHP Li ...)
	NOT-FOR-US: Turnkey PHP Live Helper
CVE-2008-3761 (hcmon.sys in VMware Workstation 6.5.1 and earlier, VMware Player 2.5.1 ...)
	NOT-FOR-US: VMware Workstation
	NOTE: we only share a package to build VMware
CVE-2008-3760 (Cross-site request forgery (CSRF) vulnerability in the sign-out page i ...)
	NOT-FOR-US: Vanilla
CVE-2008-3759 (Cross-site request forgery (CSRF) vulnerability in ajax/UpdateCheck.ph ...)
	NOT-FOR-US: Vanilla
CVE-2008-3758 (Multiple cross-site scripting (XSS) vulnerabilities in Lussumo Vanilla ...)
	NOT-FOR-US: Vanilla
CVE-2008-3757 (SQL injection vulnerability in tr1.php in YourFreeWorld Forced Matrix  ...)
	NOT-FOR-US: YourFreeWorld
CVE-2008-3756 (SQL injection vulnerability in tr.php in YourFreeWorld Viral Marketing ...)
	NOT-FOR-US: YourFreeWorld
CVE-2008-3755 (SQL injection vulnerability in view.php in YourFreeWorld Classifieds S ...)
	NOT-FOR-US: YourFreeWorld
CVE-2008-3754 (SQL injection vulnerability in trl.php in YourFreeWorld Stylish Text A ...)
	NOT-FOR-US: YourFreeWorld
CVE-2008-3753 (SQL injection vulnerability in details.php in YourFreeWorld Programs R ...)
	NOT-FOR-US: YourFreeWorld
CVE-2008-3752 (SQL injection vulnerability in tr.php in YourFreeWorld Ad-Exchange Scr ...)
	NOT-FOR-US: YourFreeWorld
CVE-2008-3751 (SQL injection vulnerability in tr.php in YourFreeWorld Short Url &amp; ...)
	NOT-FOR-US: YourFreeWorld
CVE-2008-3750 (SQL injection vulnerability in tr.php in YourFreeWorld URL Rotator Scr ...)
	NOT-FOR-US: YourFreeWorld
CVE-2008-3749 (SQL injection vulnerability in tr.php in YourFreeWorld Banner Manageme ...)
	NOT-FOR-US: Banner Management Script
CVE-2008-3748 (SQL injection vulnerability in view_group.php in Active PHP Bookmarks  ...)
	NOT-FOR-US: Active PHP Bookmarks
CVE-2008-4952 (emacs-jabber in emacs-jabber 0.7.91 allows local users to overwrite ar ...)
	- emacs-jabber 0.7.91-2 (low; bug #496428)
	[etch] - emacs-jabber <no-dsa> (Minor issue)
CVE-2008-4987 (xastir 1.9.2 allows local users to overwrite arbitrary files via a sym ...)
	- xastir 1.9.2-1.1 (low; bug #496383)
	[etch] - xastir <no-dsa> (Minor issue)
CVE-2008-4477 (alert.d/test.alert in mon 0.99.2 allows local users to overwrite arbit ...)
	{DSA-1648-1}
	- mon 0.99.2-13 (medium; bug #496398)
CVE-2008-3790 (The REXML module in Ruby 1.8.6 through 1.8.6-p287, 1.8.7 through 1.8.7 ...)
	{DSA-1652-1 DSA-1651-1}
	- ruby1.8 1.8.7.72-1 (bug #496808)
	- ruby1.9 1.9.0.2-6 (bug #497610)
CVE-2008-4939 (apertium 3.0.7 allows local users to overwrite arbitrary files via a s ...)
	- apertium 3.0.7+1-1.1 (low; bug #496395)
	[etch] - apertium <no-dsa> (Minor issue)
CVE-2008-4946 (convirt 0.8.2 allows local users to overwrite arbitrary files via a sy ...)
	- convirt 0.9.6-1 (medium; bug #496419)
CVE-2008-4942 (audiolink in audiolink 0.05 allows local users to overwrite arbitrary  ...)
	- audiolink 0.05-1.1 (low; bug #496433)
	[etch] - audiolink <no-dsa> (Minor issue)
CVE-2008-4968 (The (1) rccs and (2) STUFF scripts in lmbench 3.0-a7 allow local users ...)
	- lmbench 3.0-a9-1 (low; bug #496427)
	[etch] - lmbench <no-dsa> (Non-free not supported)
CVE-2008-4975 (mkmailpost in newsgate 1.6 allows local users to overwrite arbitrary f ...)
	- newsgate <removed> (low; bug #496437)
	[etch] - newsgate <no-dsa> (Non-free not supported)
CVE-2008-4973 (i2myspell in myspell 3.1 allows local users to overwrite arbitrary fil ...)
	- myspell 1:3.0+pre3.1-21 (low; bug #496392)
	[etch] - myspell <no-dsa> (Minor issue)
CVE-2008-4976 (ogle 0.9.2 and ogle-mmx 0.9.2 allow local users to overwrite arbitrary ...)
	- ogle <removed> (unimportant; bug #496420; bug #496425)
	NOTE: This only affects debugging scripts not present in standard path
CVE-2008-3789 (Samba 3.2.0 uses weak permissions (0666) for the (1) group_mapping.tdb ...)
	{DTSA-161-1}
	- samba 2:3.2.3-1 (bug #496073; medium)
	[etch] - samba <not-affected> (Only affects Samba 3.2.x)
CVE-2008-XXXX [insecure temp file in nvi]
	- nvi 1.81.6-4 (low; bug #496462)
	[etch] - nvi <no-dsa> (Minor issue, only exploitable in postinst)
CVE-2008-4982 (rkhunter in rkhunter 1.3.2 allows local users to overwrite arbitrary f ...)
	- rkhunter 1.3.2-6 (low; bug #496375)
	[etch] - rkhunter <no-dsa> (Minor issue, only in debug mode)
CVE-2008-4984 (scratchbox2 1.99.0.24 allows local users to overwrite arbitrary files  ...)
	- scratchbox2 1.99.0.24-2 (low; bug #496409)
CVE-2008-4981 (perl.robot in realtimebattle 1.0.8 allows local users to overwrite arb ...)
	- realtimebattle 1.0.8-8 (low; bug #496385)
	[etch] - realtimebattle <no-dsa> (Minor issue)
CVE-2008-4972 (mailgo in mgt 2.31 allows local users to overwrite arbitrary files via ...)
	- mgt 2.31-6 (low; bug #496434)
	[etch] - mgt <no-dsa> (Minor issue)
CVE-2008-4998
	- twiki 1:4.1.2-4 (low; bug #494648)
CVE-2008-4971 (mafft-homologs in mafft 6.240 allows local users to overwrite arbitrar ...)
	- mafft 6.240-2 (low; bug #496366)
CVE-2008-4993 (qemu-dm.debug in Xen 3.2.1 allows local users to overwrite arbitrary f ...)
	- xen-3 3.4.0-1 (low; bug #496367)
	[etch] - xen-3 <no-dsa> (Minor issue)
CVE-2008-4936 (faxspool in mgetty 1.1.36 allows local users to overwrite arbitrary fi ...)
	- mgetty 1.1.36-1.3 (low; bug #496403)
	[etch] - mgetty <no-dsa> (Minor issue)
CVE-2008-4476 (sympa.pl in sympa 5.3.4 allows local users to overwrite arbitrary file ...)
	- sympa 5.3.4-5.1 (low; bug #496405; bug #494969)
	[etch] - sympa <no-dsa> (Minor issues)
CVE-2008-4935 (asciiview in aview 1.3.0 allows local users to overwrite arbitrary fil ...)
	- aview 1.3.0rc1-8.1 (low; bug #496422)
	[etch] - aview <no-dsa> (Minor issue)
CVE-2008-4956 (fwb_install in fwbuilder 2.1.19 allows local users to overwrite arbitr ...)
	- fwbuilder 2.1.19-5 (low; bug #496406)
	[etch] - fwbuilder <no-dsa> (Minor issue)
CVE-2008-4440 (The to-upgrade plugin in feta 1.4.16 allows local users to overwrite a ...)
	{DSA-1643-1}
	- feta 1.4.16+nmu1 (low; bug #496397)
CVE-2008-4977
	NOTE: Historic Postfix non issue, #496401
CVE-2008-4944 (writtercontrol in cdcontrol 1.90 allows local users to overwrite arbit ...)
	- cdcontrol <removed> (low; bug #496438)
	[etch] - cdcontrol <no-dsa> (Minor issue)
CVE-2008-4951 (dtc 0.29.6 allows local users to overwrite arbitrary files via a symli ...)
	- dtc 0.29.10-1 (low; bug #496362)
CVE-2008-4994 (The (1) ncsarmt and (2) ncsawrap scripts in xmcd 2.6 allows local user ...)
	- xmcd 2.6-21 (low; bug #496416)
	[etch] - xmcd <no-dsa> (Minor issue)
CVE-2008-4988 (pscal in xcal 4.1 allows local users to overwrite arbitrary files via  ...)
	- xcal 4.1-19 (low; bug #496393)
	[etch] - xcal <no-dsa> (Minor issue)
CVE-2008-3791 (src/main-win.c in GPicView 0.1.9 in Lightweight X11 Desktop Environmen ...)
	- gpicview 0.1.9-2 (low; bug #495968)
	NOTE: http://sourceforge.net/tracker/index.php?func=detail&aid=2019481&group_id=180858&atid=894869
CVE-2008-XXXX [Overwrite symlink without check]
	- gpicview 0.1.10-1 (unimportant; bug #497005)
	NOTE: http://sourceforge.net/tracker/index.php?func=detail&aid=2019485&group_id=180858&atid=894869
	NOTE: CVE id requested
	NOTE: non-issue, not exploitable by other users
CVE-2008-XXXX [Overwrite certain images without notice]
	- gpicview 0.1.10-1 (unimportant; bug #497005)
	NOTE: http://sourceforge.net/tracker/index.php?func=detail&aid=2019492&group_id=180858&atid=894869
	NOTE: non-issue, not exploitable by other users
	NOTE: CVE id requested
CVE-2008-4937 (senddoc in OpenOffice.org (OOo) 2.4.1 allows local users to overwrite  ...)
	- openoffice.org 1:2.4.1-8 (low; bug #496361)
	[etch] - openoffice.org <not-affected> (Vulnerable code not present)
	NOTE: also not present in 3.0.0, only in 2.4.1. Fix pending upload.
CVE-2008-4979 (getipacctg in rancid 2.3.2~a8 allows local users to overwrite arbitrar ...)
	- rancid 2.3.2~a8-2 (low; bug #496426)
	[etch] - rancid <no-dsa> (Minor issue)
CVE-2008-4985 (vdrleaktest in Video Disk Recorder (aka vdr-dbg or vdr) 1.6.0 allows l ...)
	- vdr 1.6.0-6 (low; bug #496421)
	[etch] - vdr <not-affected> (Vulnerable code not present)
CVE-2008-5007 (create_lazarus_export_tgz.sh in lazarus 0.9.24 allows local users to o ...)
	- lazarus 0.9.24-0-11 (unimportant; bug #496377)
	NOTE: vulnerable script only called when updating the source
	NOTE: thus neither actively used nor invoked automatically
CVE-2008-3794 (Integer signedness error in the mms_ReceiveCommand function in modules ...)
	{DSA-1819-1 DTSA-166-1}
	- vlc 0.8.6.h-4 (medium; bug #496265)
CVE-2008-3747 (The (1) get_edit_post_link and (2) get_edit_comment_link functions in  ...)
	- wordpress 2.5.1-6 (low; bug #497216)
	[etch] - wordpress <not-affected> (Does not have force-sll mechanism)
CVE-2008-3746 (neon 0.28.0 through 0.28.2 allows remote servers to cause a denial of  ...)
	- neon27 0.28.2-4
	- neon26 <not-affected> (Issue was introduced in 0.28)
CVE-2008-3739 (Cross-site scripting (XSS) vulnerability in (1) System Consultants La! ...)
	NOT-FOR-US: La!Cooda WIZ
CVE-2008-3738 (Session fixation vulnerability in SpaceTag LacoodaST 2.1.3 and earlier ...)
	NOT-FOR-US: SpaceTag LacoodaST
CVE-2008-3737 (Unspecified vulnerability in (1) System Consultants La!Cooda WIZ 1.4.0 ...)
	NOT-FOR-US: La!Cooda WIZ
CVE-2008-3736 (Multiple cross-site request forgery (CSRF) vulnerabilities in (1) Syst ...)
	NOT-FOR-US: La!Cooda WIZ
CVE-2008-3735 (Cross-site scripting (XSS) vulnerability in index.php in PHPizabi befo ...)
	NOT-FOR-US: PHPizabi
CVE-2008-3734 (Format string vulnerability in Ipswitch WS_FTP Home 2007.0.0.2 and WS_ ...)
	NOT-FOR-US: WS_FTP Home
CVE-2008-3733 (Stack-based buffer overflow in EO Video (eo-video) 1.36 allows remote  ...)
	NOT-FOR-US: EO Video
CVE-2008-3732 (Integer overflow in the Open function in modules/demux/tta.c in VLC Me ...)
	{DTSA-166-1}
	- vlc 0.8.6.h-2
	[etch] - vlc <not-affected> (TTA module not present)
CVE-2008-3731 (Unspecified vulnerability in Serv-U File Server 7.0.0.1, and other ver ...)
	NOT-FOR-US: Serv-U File
CVE-2008-3730 (Cross-site scripting (XSS) vulnerability in Nordicwind Document Manage ...)
	NOT-FOR-US: NOAH
CVE-2008-3729 (Web Based Administration in MicroWorld Technologies MailScan 5.6.a esp ...)
	NOT-FOR-US: MicroWorld Technologies MailScan
CVE-2008-3728 (Web Based Administration in MicroWorld Technologies MailScan 5.6.a esp ...)
	NOT-FOR-US: MicroWorld Technologies MailScan
CVE-2008-3727 (Directory traversal vulnerability in Web Based Administration in Micro ...)
	NOT-FOR-US: MicroWorld Technologies MailScan
CVE-2008-3726 (Cross-site scripting (XSS) vulnerability in Web Based Administration i ...)
	NOT-FOR-US: MicroWorld Technologies MailScan
CVE-2008-3725 (SQL injection vulnerability in trr.php in YourFreeWorld Ad Board Scrip ...)
	NOT-FOR-US: YourFreeWorld Ad Board Script
CVE-2008-3724 (SQL injection vulnerability in index.php in Papoo before 3.7.2 allows  ...)
	NOT-FOR-US: Papoo
CVE-2008-3723 (Directory traversal vulnerability in index.php in PHPizabi 0.848b C1 H ...)
	NOT-FOR-US: PHPizabi
CVE-2008-3722 (SQL injection vulnerability in forum/neu.asp in fipsCMS 2.1 allows rem ...)
	NOT-FOR-US: fipsCMS
CVE-2008-3721 (PHP remote file inclusion vulnerability in user_language.php in DeeEmm ...)
	NOT-FOR-US: DeeEmm CMS
CVE-2008-3720 (SQL injection vulnerability in index.php in DeeEmm CMS (DMCMS) 0.7.4 a ...)
	NOT-FOR-US: DeeEmm CMS
CVE-2008-3719 (SQL injection vulnerability in directory.php in SFS Affiliate Director ...)
	NOT-FOR-US: SFS Affiliate Directory
CVE-2008-3718 (Multiple SQL injection vulnerabilities in cyberBB 0.6 allow remote aut ...)
	NOT-FOR-US: cyberBB
CVE-2008-3717 (Harmoni before 1.6.0 does not require administrative privileges to lis ...)
	NOT-FOR-US: Harmoni
CVE-2008-3716 (Cross-site request forgery (CSRF) vulnerability in Harmoni before 1.6. ...)
	NOT-FOR-US: Harmoni
CVE-2008-3715 (Cross-site scripting (XSS) vulnerability in inc-core-admin-editor-prev ...)
	NOT-FOR-US: FlexCMS
CVE-2008-3714 (Cross-site scripting (XSS) vulnerability in awstats.pl in AWStats 6.8  ...)
	{DSA-1679-1}
	- awstats 6.7.dfsg-5.1 (bug #495432; low)
	NOTE: upstream bug 2001151
CVE-2008-3713 (SQL injection vulnerability in product.php in PHPBasket allows remote  ...)
	NOT-FOR-US: PHPBasket
CVE-2008-3712 (Multiple cross-site scripting (XSS) vulnerabilities in Mambo 4.6.2 and ...)
	NOT-FOR-US: Mambo
CVE-2008-3711 (SQL injection vulnerability in index.php in PHPArcadeScript (PHP Arcad ...)
	NOT-FOR-US: PHPArcadeScript
CVE-2008-3710 (Multiple directory traversal vulnerabilities in CyBoards PHP Lite 1.21 ...)
	NOT-FOR-US: CyBoards PHP Lite
CVE-2008-3709 (Multiple cross-site scripting (XSS) vulnerabilities in CyBoards PHP Li ...)
	NOT-FOR-US: CyBoards PHP Lite
CVE-2008-3708 (Multiple directory traversal vulnerabilities in dotCMS 1.6.0.9 allow r ...)
	NOT-FOR-US: dotCMS
CVE-2008-3707 (Multiple PHP remote file inclusion vulnerabilities in CyBoards PHP Lit ...)
	NOT-FOR-US: CyBoards PHP Lite
CVE-2008-3706 (SQL injection vulnerability in bannerclick.php in ZEEJOBSITE 2.0 allow ...)
	NOT-FOR-US: ZEEJOBSITE
CVE-2008-3705 (Stack-based buffer overflow in the CLogger::WriteFormated function in  ...)
	NOT-FOR-US: EchoVNC Linux
CVE-2008-3704 (Heap-based buffer overflow in the MaskedEdit ActiveX control in Msmask ...)
	NOT-FOR-US: Msmask32.ocx
CVE-2008-3703 (The management console in the Volume Manager Scheduler Service (aka Vx ...)
	NOT-FOR-US: Symantec Veritas Storage Foundation
CVE-2008-3702 (Multiple stack-based buffer overflows in the Animation GIF ActiveX con ...)
	NOT-FOR-US: SpeedBit Download Accelerator Plus
CVE-2008-3701 (SQL injection vulnerability in staff/index.php in Kayako SupportSuite  ...)
	NOT-FOR-US: Kayako SupportSuite
CVE-2008-3700 (Multiple cross-site scripting (XSS) vulnerabilities in Kayako SupportS ...)
	NOT-FOR-US: Kayako SupportSuite
CVE-2008-3698 (Unspecified vulnerability in the OpenProcess function in VMware Workst ...)
	- vmware-package <not-affected> (Only vulnerable on windows hosted systems)
CVE-2008-3697 (An unspecified ISAPI extension in VMware Server before 1.0.7 build 108 ...)
	NOT-FOR-US: VMware Server on Windows
CVE-2008-3696 (Unspecified vulnerability in a certain ActiveX control in VMware Works ...)
	- vmware-package <not-affected> (Only vulnerable on windows hosted systems)
CVE-2008-3695 (Unspecified vulnerability in a certain ActiveX control in VMware Works ...)
	- vmware-package <not-affected> (Only vulnerable on windows hosted systems)
CVE-2008-3694 (Unspecified vulnerability in a certain ActiveX control in VMware Works ...)
	- vmware-package <not-affected> (Only vulnerable on windows hosted systems)
CVE-2008-3693 (Unspecified vulnerability in a certain ActiveX control in VMware Works ...)
	- vmware-package <not-affected> (Only vulnerable on windows hosted systems)
CVE-2008-3692 (Unspecified vulnerability in a certain ActiveX control in VMware Works ...)
	- vmware-package <not-affected> (Only vulnerable on windows hosted systems)
CVE-2008-3691 (Unspecified vulnerability in a certain ActiveX control in VMware Works ...)
	- vmware-package <not-affected> (Only vulnerable on windows hosted systems)
CVE-2008-3690
	RESERVED
CVE-2008-3689
	RESERVED
CVE-2008-3688 (sockethandler.cpp in HTTP Antivirus Proxy (HAVP) 0.88 allows remote at ...)
	{DTSA-159-1}
	- havp 0.88-1.1 (bug #496034)
CVE-2008-3687 (Heap-based buffer overflow in the flask_security_label function in Xen ...)
	- xen-3 <not-affected> (Not compiled with XSM:FLASK)
CVE-2008-3686 (The rt6_fill_node function in net/ipv6/route.c in Linux kernel 2.6.26- ...)
	- linux-2.6.24 <not-affected> (Vulnerable code was introduced in 2.6.26)
	- linux-2.6 2.6.26-5
	[etch] - linux-2.6 <not-affected> (Vulnerable code was introduced in 2.6.26)
CVE-2008-3685 (Directory traversal vulnerability in aws_tmxn.exe in the Admin Agent s ...)
	NOT-FOR-US: EMC Documentum ApplicationXtender Workflow
CVE-2008-3684 (Heap-based buffer overflow in aws_tmxn.exe in the Admin Agent service  ...)
	NOT-FOR-US: EMC Documentum ApplicationXtender Workflow
CVE-2008-3683 (Unspecified vulnerability in the FTP subsystem in Sun Java System Web  ...)
	NOT-FOR-US: Sun Java System Web Proxy Server
CVE-2008-3682 (SQL injection vulnerability in dpage.php in YPN PHP Realty allows remo ...)
	NOT-FOR-US: YPN PHP Realty
CVE-2008-3681 (components/com_user/models/reset.php in Joomla! 1.5 through 1.5.5 does ...)
	NOT-FOR-US: Joomla!
CVE-2008-3680 (The decryption function in Flagship Industries Ventrilo 3.0.2 and earl ...)
	NOT-FOR-US: Flagship Industries Ventrilo
CVE-2008-3679 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ID ...)
	NOT-FOR-US: IDevSpot PhpLinkExchange
CVE-2008-3678 (Cross-site scripting (XSS) vulnerability in admin/search_links.php in  ...)
	NOT-FOR-US: Freeway
CVE-2008-3677 (Directory traversal vulnerability in includes/events_application_top.p ...)
	NOT-FOR-US: Freeway
CVE-2008-3676 (Unspecified vulnerability in the IMAP server in hMailServer 4.4.1 allo ...)
	NOT-FOR-US: hMailServer
CVE-2008-3675 (Directory traversal vulnerability in classes/imgsize.php in Gelato 0.9 ...)
	NOT-FOR-US: Gelato
CVE-2008-3674 (SQL injection vulnerability in ugroups.php in PozScripts TubeGuru Vide ...)
	NOT-FOR-US: PozScripts TubeGuru Video Sharing Script
CVE-2008-3673 (SQL injection vulnerability in browsecats.php in PozScripts Classified ...)
	NOT-FOR-US: PozScripts Classified Ads
CVE-2008-3672 (SQL injection vulnerability in showcategory.php in PozScripts Classifi ...)
	NOT-FOR-US: PozScripts Classified Ads
CVE-2008-3671 (Acronis True Image Echo Server 9.x build 8072 on Linux does not proper ...)
	NOT-FOR-US: Echo Server
CVE-2008-3670 (SQL injection vulnerability in authordetail.php in Article Friendly Pr ...)
	NOT-FOR-US: Article Friendly Pro
CVE-2008-3669 (SQL injection vulnerability in comments.php in ZeeScripts Reviews Opin ...)
	NOT-FOR-US: ZeeScripts Reviews Opinions Rating Posting Engine Web-Site PHP
CVE-2008-3668 (Multiple cross-site scripting (XSS) vulnerabilities in the Yogurt Soci ...)
	NOT-FOR-US: XOOPS
CVE-2008-3667 (Stack-based buffer overflow in Maxthon Browser 2.0 and earlier allows  ...)
	NOT-FOR-US: Maxthon Browser
CVE-2008-3699 (The MagnatuneBrowser::listDownloadComplete function in magnatunebrowse ...)
	- amarok 1.4.10-1 (unimportant; bug #494765)
	[etch] - amarok <not-affected>
	NOTE: The code in question doesn't dereference the symlink, tested with Etch
	NOTE: and Lenny. Given that it only takes a minute to test this, it's surprising
	NOTE: that at least one vendor issued an advisory and upstream pushed a new release...
CVE-2008-3740 (Cross-site scripting (XSS) vulnerability in the output filter in Drupa ...)
	{DTSA-156-1}
	- drupal5 5.10-1 (low; bug #495122)
	- drupal-4.7 <removed>
CVE-2008-3741 (The private filesystem in Drupal 5.x before 5.10 and 6.x before 6.4 tr ...)
	{DTSA-156-1}
	- drupal5 5.10-1 (low; bug #495122)
	- drupal-4.7 <removed>
CVE-2008-3742 (Unrestricted file upload vulnerability in the BlogAPI module in Drupal ...)
	{DTSA-156-1}
	- drupal5 5.10-1 (medium; bug #495122)
	- drupal-4.7 <removed>
CVE-2008-3743 (Multiple cross-site request forgery (CSRF) vulnerabilities in forms in ...)
	{DTSA-156-1}
	- drupal5 <not-affected> (Vulnerable code not present)
	- drupal-4.7 <removed>
CVE-2008-3744 (Multiple cross-site request forgery (CSRF) vulnerabilities in Drupal 5 ...)
	{DTSA-156-1}
	- drupal5 5.10-1 (low; bug #495122)
	- drupal-4.7 <removed>
CVE-2008-3745 (The Upload module in Drupal 6.x before 6.4 allows remote authenticated ...)
	{DTSA-156-1}
	- drupal5 <not-affected> (Vulnerable code only present in 6.x)
	- drupal-4.7 <removed>
CVE-2008-3666 (Unspecified vulnerability in Sun Solaris 10 and OpenSolaris before snv ...)
	NOT-FOR-US: Sun Solaris 10
CVE-2008-3665
	RESERVED
CVE-2008-3664 (Multiple cross-site scripting (XSS) vulnerabilities in XRMS allow remo ...)
	NOT-FOR-US: XRMS CRM
CVE-2008-3663 (Squirrelmail 1.4.15 does not set the secure flag for the session cooki ...)
	- squirrelmail 2:1.4.15-3 (low; bug #499942)
	[etch] - squirrelmail <no-dsa> (less important and fix changes behaviour)
	NOTE: only relevant for installations that are also offered over http
	NOTE: which isn't normally a good idea anyway. Fixing in stable will
	NOTE: change behaviour so not really suited for DSA.
CVE-2008-3662 (Gallery before 1.5.9, and 2.x before 2.2.6, does not set the secure fl ...)
	- gallery 1.5.9-1
	- gallery2 2.2.6-1
CVE-2008-3661 (Drupal, probably 5.10 and 6.4, does not set the secure flag for the se ...)
	- drupal5 5.10-2 (low; bug #501063)
	- drupal6 6.4-2 (low; bug #501058)
	NOTE: drupal upstreams advise the users to set session.cookie_secure in the php configuration
	NOTE: to fix this has been documented in README.Debian
CVE-2008-3660 (PHP 4.4.x before 4.4.9, and 5.x through 5.2.6, when used as a FastCGI  ...)
	{DSA-1647-1}
	- php5 5.2.6-4 (medium)
	- php4 <removed>
	NOTE: *not* duplicate after all, needs review
	NOTE: http://cvs.php.net/viewvc.cgi/php-src/sapi/cgi/cgi_main.c?r1=1.267.2.15.2.57&r2=1.267.2.15.2.58&view=patch
CVE-2008-3659 (Buffer overflow in the memnstr function in PHP 4.4.x before 4.4.9 and  ...)
	{DSA-1647-1}
	- php4 <removed>
	- php5 5.2.6-4 (medium)
	NOTE: php5 -d memory_limit=256M -r '$res = explode(str_repeat("A",145999999),1);'
	NOTE: (From upstream's ext/standard/tests/strings/explode_bug.phpt)
	NOTE: could not reproduce locally
	NOTE: fix in pkg-php svn for both etch and sid
CVE-2008-3658 (Buffer overflow in the imageloadfont function in ext/gd/gd.c in PHP 4. ...)
	{DSA-1647-1}
	- php4 <removed>
	- php5 5.2.6-4 (medium)
	NOTE: fix in pkg-php svn for both etch and sid
CVE-2008-3657 (The dl module in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8 ...)
	{DSA-1652-1 DSA-1651-1}
	- ruby1.8 1.8.7.72-1 (bug #494401)
	- ruby1.9 1.9.0.2-6 (bug #494402)
	NOTE: http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/
CVE-2008-3656 (Algorithmic complexity vulnerability in the WEBrick::HTTPUtils.split_h ...)
	{DSA-1652-1 DSA-1651-1}
	- ruby1.8 1.8.7.72-1 (bug #494401)
	- ruby1.9 1.9.0.2-6 (bug #494402)
	NOTE: http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/
CVE-2008-3655 (Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7- ...)
	{DSA-1652-1 DSA-1651-1}
	- ruby1.8 1.8.7.72-1 (bug #494401)
	- ruby1.9 1.9.0.2-6 (bug #494402)
	NOTE: http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/
CVE-2008-3654 (Unspecified vulnerability in TikiWiki CMS/Groupware before 2.0 allows  ...)
	- tikiwiki <removed>
CVE-2008-3653 (Multiple unspecified vulnerabilities in TikiWiki CMS/Groupware before  ...)
	- tikiwiki <removed>
CVE-2008-3652 (src/racoon/handler.c in racoon in ipsec-tools does not remove an "orph ...)
	- ipsec-tools 0.7.1-1.2 (low; bug #501026)
	[etch] - ipsec-tools <no-dsa> (Minor issue)
	NOTE: attacker needs to be authenticated, see https://bugzilla.redhat.com/show_bug.cgi?id=456660
CVE-2008-3651 (Memory leak in racoon/proposal.c in the racoon daemon in ipsec-tools b ...)
	- ipsec-tools 1:0.7.1-1 (low; bug #495214)
	[etch] - ipsec-tools <no-dsa> (Minor issue)
CVE-2008-3650 (Multiple unspecified vulnerabilities in Horde Groupware Webmail before ...)
	- horde3 3.2.1+debian0-1 (low; bug #495332)
	- turba2 2.2.1-1
	[etch] - turba2 <not-affected> (Vulnerable code not present)
	[etch] - horde3 <not-affected> (dup of CVE-2008-3330)
	NOTE: this is actually two issues:
	NOTE: - one a dup of CVE-2008-3330 in horde3
	NOTE: - another an issue in turba2
CVE-2008-3649 (SQL injection vulnerability in categorydetail.php in Article Friendly  ...)
	NOT-FOR-US: Article Friendly Standard
CVE-2008-3648 (nslookup.exe in Microsoft Windows XP SP2 allows user-assisted remote a ...)
	NOT-FOR-US: Microsoft Windows
CVE-2008-3647 (Buffer overflow in PSNormalizer in Mac OS X 10.4.11 and 10.5.5 allows  ...)
	NOT-FOR-US: Mac OS
CVE-2008-3646 (The Postfix configuration file in Mac OS X 10.5.5 causes Postfix to be ...)
	NOT-FOR-US: MacOS-only problem
CVE-2008-3645 (Heap-based buffer overflow in the local IPC component in the EAPOLCont ...)
	NOT-FOR-US: Mac OS
CVE-2008-3644 (Apple Safari before 3.2 does not properly prevent caching of form data ...)
	NOT-FOR-US: Apple Safari
CVE-2008-3643 (Unspecified vulnerability in Finder in Mac OS X 10.5.5 allows user-ass ...)
	NOT-FOR-US: Mac OS
CVE-2008-3642 (Buffer overflow in ColorSync in Mac OS X 10.4.11 and 10.5.5 allows rem ...)
	NOT-FOR-US: Mac OS
CVE-2008-3641 (The Hewlett-Packard Graphics Language (HPGL) filter in CUPS before 1.3 ...)
	{DSA-1656-1}
	- cupsys <removed>
	- cups 1.3.8-1lenny2 (medium)
CVE-2008-3640 (Integer overflow in the WriteProlog function in texttops in CUPS befor ...)
	{DSA-1656-1}
	- cupsys <removed>
	- cups 1.3.8-1lenny2 (medium)
CVE-2008-3639 (Heap-based buffer overflow in the read_rle16 function in imagetops in  ...)
	{DSA-1656-1}
	- cupsys <removed>
	- cups 1.3.8-1lenny2 (medium)
CVE-2008-3638 (Java on Apple Mac OS X 10.5.4 and 10.5.5 does not prevent applets from ...)
	NOT-FOR-US: Mac OSX
CVE-2008-3637 (The Hash-based Message Authentication Code (HMAC) provider in Java on  ...)
	NOT-FOR-US: Mac OSX
CVE-2008-3636 (Integer overflow in the IopfCompleteRequest API in the kernel in Micro ...)
	NOT-FOR-US: Apple iTunes
CVE-2008-3635 (Stack-based buffer overflow in QuickTimeInternetExtras.qtx in an unspe ...)
	NOT-FOR-US: Apple Quick Times
CVE-2008-3634 (Apple iTunes before 8.0 on Mac OS X 10.4.11, when iTunes Music Sharing ...)
	NOT-FOR-US: Apple iTunes
CVE-2008-3633
	RESERVED
CVE-2008-3632 (Use-after-free vulnerability in WebKit in Apple iPod touch 1.1 through ...)
	- webkit 1.0.1-4 (bug #499771)
	- qt4-x11 4:4.6.2-4 (bug #561760)
	[lenny] - qt4-x11 <no-dsa> (Minor impact, no apps in Lenny which use qtwebkit )
	NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against, Lenny is affected
	NOTE: http://trac.webkit.org/changeset/34815
CVE-2008-3631 (Application Sandbox in Apple iPod touch 2.0 through 2.0.2, and iPhone  ...)
	NOT-FOR-US: Apple iPod
CVE-2008-3630 (mDNSResponder in Apple Bonjour for Windows before 1.0.5, when an appli ...)
	NOT-FOR-US: Apple Bonjour
CVE-2008-3629 (Apple QuickTime before 7.5.5 allows remote attackers to cause a denial ...)
	NOT-FOR-US: Apple QuickTime
CVE-2008-3628 (Apple QuickTime before 7.5.5 on Windows allows remote attackers to exe ...)
	NOT-FOR-US: Apple QuickTime
CVE-2008-3627 (Apple QuickTime before 7.5.5 does not properly handle (1) MDAT atoms i ...)
	NOT-FOR-US: Apple QuickTime
CVE-2008-3626 (The CallComponentFunctionWithStorage function in Apple QuickTime befor ...)
	NOT-FOR-US: Apple QuickTime
CVE-2008-3625 (Stack-based buffer overflow in Apple QuickTime before 7.5.5 allows rem ...)
	NOT-FOR-US: Apple QuickTime
CVE-2008-3624 (Heap-based buffer overflow in Apple QuickTime before 7.5.5 allows remo ...)
	NOT-FOR-US: Apple QuickTime
CVE-2008-3623 (Heap-based buffer overflow in CoreGraphics in Apple Safari before 3.2  ...)
	NOT-FOR-US: Apple Safari on Windows
CVE-2008-3622 (Cross-site scripting (XSS) vulnerability in Wiki Server in Apple Mac O ...)
	NOT-FOR-US: Mac OS X
CVE-2008-3621 (VideoConference in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allo ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-3620
	RESERVED
CVE-2008-3619 (Time Machine in Apple Mac OS X 10.5 through 10.5.4 uses weak permissio ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-3618 (The File Sharing pane in the Sharing preference pane in Apple Mac OS X ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-3617 (Remote Management and Screen Sharing in Apple Mac OS X 10.5 through 10 ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-3616 (Multiple integer overflows in the SearchKit API in Apple Mac OS X 10.4 ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-3615 (ir50_32.qtx in an unspecified third-party Indeo v5 codec for QuickTime ...)
	NOT-FOR-US: Apple QuickTime
CVE-2008-3614 (Integer overflow in Apple QuickTime before 7.5.5 on Windows allows rem ...)
	NOT-FOR-US: Apple QuickTime
CVE-2008-3613 (Finder in Apple Mac OS X 10.5.2 through 10.5.4 allows remote attackers ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-3612 (The Networking subsystem in Apple iPod touch 2.0 through 2.0.2, and iP ...)
	NOT-FOR-US: Apple iPod
CVE-2008-3611 (Login Window in Apple Mac OS X 10.4.11 does not clear the current pass ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-3610 (Race condition in Login Window in Apple Mac OS X 10.5 through 10.5.4,  ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-3609 (The kernel in Apple Mac OS X 10.5 through 10.5.4 does not properly flu ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-3608 (ImageIO in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows conte ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-3607 (The IMAP server in NoticeWare Email Server NG 4.6.3 and earlier allows ...)
	NOT-FOR-US: NoticeWare Email Server NG
CVE-2008-3606 (Heap-based buffer overflow in the IMAP service in Qbik WinGate 6.2.2.1 ...)
	NOT-FOR-US: Qbik WinGate
CVE-2008-3605 (Unspecified vulnerability in McAfee Encrypted USB Manager 3.1.0.0, whe ...)
	NOT-FOR-US: McAfee Encrypted USB Manager
CVE-2008-3604 (SQL injection vulnerability in bannerclick.php in ZeeBuddy 2.1 allows  ...)
	NOT-FOR-US: ZeeBuddy
CVE-2008-3603 (SQL injection vulnerability in index.php in Vacation Rental Script 3.0 ...)
	NOT-FOR-US: Vacation Rental Script
CVE-2008-3602 (admin/wr_admin.php in PHP-Ring Webring System (aka uPHP_ring_website)  ...)
	NOT-FOR-US: PHP-Ring Webring System
CVE-2008-3601 (SQL injection vulnerability in index.php in Quicksilver Forums 1.4.1 a ...)
	NOT-FOR-US: Quicksilver Forums
CVE-2008-3600 (Directory traversal vulnerability in contrib/phpBB2/modules.php in Gal ...)
	- gallery <removed> (unimportant)
	- gallery2 <not-affected> (Vulnerable code not present)
	NOTE: We haven't supported installations with register_globals enabled since a long time
CVE-2008-3599 (SQL injection vulnerability in image.php in OpenImpro 1.1 allows remot ...)
	NOT-FOR-US: OpenImpro
CVE-2008-3598 (Multiple SQL injection vulnerabilities in psipuss 1.0 allow remote att ...)
	NOT-FOR-US: psipuss
CVE-2008-3597 (Skulltag before 0.97d2-RC6 allows remote attackers to cause a denial o ...)
	NOT-FOR-US: Skulltag
CVE-2008-3596 (Cross-site scripting (XSS) vulnerability in Harmoni before 1.4.7 allow ...)
	NOT-FOR-US: Harmoni
CVE-2008-3595 (PHP remote file inclusion vulnerability in examples/txtSQLAdmin/startu ...)
	NOT-FOR-US: txtSQL
CVE-2008-3594 (SQL injection vulnerability in viewdetails.php in MagicScripts E-Store ...)
	NOT-FOR-US: MagicScripts E-Store
CVE-2008-3593 (Directory traversal vulnerability in index.php in SyzygyCMS 0.3 allows ...)
	NOT-FOR-US: SyzygyCMS
CVE-2008-3592 (Unrestricted file upload vulnerability in the File Manager in the admi ...)
	NOT-FOR-US: Twentyone Degrees Symphony 1.7.01
CVE-2008-3591 (SQL injection vulnerability in lib/class.admin.php in Twentyone Degree ...)
	NOT-FOR-US: Twentyone Degrees Symphony 1.7.01
CVE-2008-3590 (Multiple SQL injection vulnerabilities in admin/login.asp in E. Z. Pol ...)
	NOT-FOR-US: E. Z. Poll 2
CVE-2008-3589 (Directory traversal vulnerability in download.php in moziloCMS 1.10.1, ...)
	NOT-FOR-US: mozilo CMS 1.10.1
CVE-2008-3588 (Multiple SQL injection vulnerabilities in phsBlog 0.1.1 allow remote a ...)
	NOT-FOR-US: phsBlog 0.1.1
CVE-2008-3587 (Cross-site scripting (XSS) vulnerability in result.php in Chris Buntin ...)
	NOT-FOR-US: Homes 4 Sale
CVE-2008-3586 (SQL injection vulnerability in the EZ Store (com_ezstore) component fo ...)
	NOT-FOR-US: EZ Store (com_ezstore) component for Joomla!
CVE-2008-3585 (Multiple SQL injection vulnerabilities in PozScripts GreenCart PHP Sho ...)
	NOT-FOR-US: PozScripts GreenCart PHP Shopping Cart
CVE-2008-3584 (NetBSD 3.0, 3.1, and 4.0, when a pppoe instance exists, does not prope ...)
	NOT-FOR-US: NetBSD
CVE-2008-3583 (Buffer overflow in the HTML parser in IntelliTamper 2.07 allows remote ...)
	NOT-FOR-US: IntelliTamper 2.07
CVE-2008-3582 (SQL injection vulnerability in login.php in Keld PHP-MySQL News Script ...)
	NOT-FOR-US: Keld PHP-MySQL News Script 0.7.1
CVE-2008-3581 (Cross-site scripting (XSS) vulnerability in index.php in Qsoft K-Links ...)
	NOT-FOR-US: Qsoft K-Links
CVE-2008-3580 (Multiple SQL injection vulnerabilities in Qsoft K-Links allow remote a ...)
	NOT-FOR-US: Qsoft K-Links
CVE-2008-3579 (Calacode @Mail 5.41 on Linux does not require administrative authentic ...)
	NOT-FOR-US: Calacode Atmail
CVE-2008-3578 (HydraIRC 0.3.164 and earlier allows remote attackers to cause a denial ...)
	NOT-FOR-US: HydraIRC
CVE-2008-3577 (Buffer overflow in src/openttd.cpp in OpenTTD before 0.6.2 allows loca ...)
	- openttd 0.6.2-1 (unimportant)
	NOTE: no vulnerability at all, not exploitable remote or local, openttd
CVE-2008-3576 (Buffer overflow in the TruncateString function in src/gfx.cpp in OpenT ...)
	- openttd 0.6.2-1
CVE-2008-3575 (PHP remote file inclusion vulnerability in modules/calendar/minicalend ...)
	NOT-FOR-US: ezContents CMS
CVE-2008-3574 (Multiple cross-site scripting (XSS) vulnerabilities in Pluck 4.5.2, wh ...)
	NOT-FOR-US: Pluck CMS
CVE-2008-3573 (The CAPTCHA implementation in (1) Pligg 9.9.5 and possibly (2) Francis ...)
	NOT-FOR-US: Pligg
CVE-2008-3572 (Cross-site scripting (XSS) vulnerability in index.php in Pligg 9.9.5 a ...)
	NOT-FOR-US: Pligg
CVE-2008-3571 (The Xerox Phaser 8400 allows remote attackers to cause a denial of ser ...)
	NOT-FOR-US: Xerox Phaser 8400
CVE-2008-3570 (PHP remote file inclusion vulnerability in index.php in Africa Be Gone ...)
	NOT-FOR-US: Africa Be Gone
CVE-2008-3569 (Multiple cross-site scripting (XSS) vulnerabilities in XAMPP 1.6.7, wh ...)
	NOT-FOR-US: XAMPP
CVE-2008-3568 (Absolute path traversal vulnerability in fckeditor/editor/filemanager/ ...)
	- fckeditor <not-affected> (Vulnerable code not present)
	NOTE: unak specific change, see fckeditor/unak_changes.txt in source
CVE-2008-3567 (Cross-zone scripting vulnerability in the NowPlaying functionality in  ...)
	NOT-FOR-US: NullSoft Winamp
CVE-2008-3566 (Cross-site scripting (XSS) vulnerability in ZoneO-soft freeForum 1.7 a ...)
	NOT-FOR-US: ZoneO-soft freeForum
CVE-2008-3565 (Multiple cross-site scripting (XSS) vulnerabilities in Meeting Room Bo ...)
	NOT-FOR-US: Meeting Room Booking System (MRBS)
CVE-2008-3564 (Multiple directory traversal vulnerabilities in index.php in Dayfox Bl ...)
	NOT-FOR-US: Dayfox Blog
CVE-2008-3563 (Multiple SQL injection vulnerabilities in Plogger 3.0 and earlier allo ...)
	NOT-FOR-US: Plogger
CVE-2008-3562 (Directory traversal vulnerability in index.php in the Contact module i ...)
	NOT-FOR-US: Chupix CMS
CVE-2008-3561 (SQL injection vulnerability in s03.php in Powergap Shopsystem, when ma ...)
	NOT-FOR-US: Powergap Shopsystem
CVE-2008-3560 (Cross-site scripting (XSS) vulnerability in kshop_search.php in the Ks ...)
	NOT-FOR-US: Kshop module for Xoops
CVE-2008-3559 (Multiple cross-site scripting (XSS) vulnerabilities in KAPhotoservice  ...)
	NOT-FOR-US: KAPhotoservice
CVE-2008-3558 (Stack-based buffer overflow in the WebexUCFObject ActiveX control in a ...)
	NOT-FOR-US: Webex Meeting Manager (Windows)
CVE-2008-3557 (Free Hosting Manager 1.2 and 2.0 allows remote attackers to bypass aut ...)
	NOT-FOR-US: Free Hosting Manager
CVE-2008-3556 (Multiple SQL injection vulnerabilities in index.php in Battle.net Clan ...)
	NOT-FOR-US: Battle.net Clan Script
CVE-2008-3555 (Directory traversal vulnerability in index.php in (1) WSN Forum 4.1.43 ...)
	NOT-FOR-US: Wsn Knowledge Base
CVE-2008-3554 (SQL injection vulnerability in index.php in Discuz! 6.0.1 allows remot ...)
	NOT-FOR-US: Discuz!
CVE-2008-3553 (Multiple unspecified vulnerabilities in Nokia Series 40 3rd edition de ...)
	NOT-FOR-US: Nokia Series 40 3rd edition devices
CVE-2008-3552 (Multiple unspecified vulnerabilities in Nokia Series 40 3rd edition FP ...)
	NOT-FOR-US: Nokia Series 40 3rd edition devices
CVE-2008-3551 (Multiple unspecified vulnerabilities in Sun Java Platform Micro Editio ...)
	NOT-FOR-US: Sun Java Platform Micro Edition
CVE-2008-3550 (The CQWeb login page in IBM Rational ClearQuest 7.0.1 allows remote at ...)
	NOT-FOR-US: IBM Rational ClearQuest
CVE-2008-3549 (Unspecified vulnerability in the pthread_mutex_reltimedlock_np API in  ...)
	NOT-FOR-US: Sun Solaris 10 and OpenSolaris
CVE-2008-3548 (Unspecified vulnerability in the Sun Netra T5220 Server with firmware  ...)
	NOT-FOR-US: Sun Netra T5220 Server
CVE-2008-3545 (Unspecified vulnerability in ovtopmd in HP OpenView Network Node Manag ...)
	NOT-FOR-US: HP OpenView
CVE-2008-3544 (Multiple stack-based buffer overflows in ovalarmsrv in HP OpenView Net ...)
	NOT-FOR-US: HP OpenView
CVE-2008-3543 (Unspecified vulnerability in NFS / ONCplus B.11.31_04 and earlier on H ...)
	NOT-FOR-US: HP-UX
CVE-2008-3542 (Unspecified vulnerability in HP Insight Diagnostics before 7.9.1.2402  ...)
	NOT-FOR-US: HP Insight Diagnostics
CVE-2008-3541
	REJECTED
CVE-2008-3540
	RESERVED
CVE-2008-3539 (Unspecified vulnerability in HP OpenView Select Identity (HPSI) Connec ...)
	NOT-FOR-US: HP OpenView Select Identity (HPSI)
CVE-2008-3538 (Unspecified vulnerability in HP Enterprise Discovery 2.0 through 2.52  ...)
	NOT-FOR-US: HP Enterprise Discovery
CVE-2008-3537 (Unspecified vulnerability in ovalarmsrv in HP OpenView Network Node Ma ...)
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2008-3536 (Unspecified vulnerability in ovalarmsrv in HP OpenView Network Node Ma ...)
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2008-3535 (Off-by-one error in the iov_iter_advance function in mm/filemap.c in t ...)
	{DSA-1636-1}
	- linux-2.6 2.6.26-2
	[etch] - linux-2.6 <not-affected> (Vulnerable code not present)
	- linux-2.6.24 2.6.24-6~etchnhalf.5
	NOTE: 94ad374a0751f40d25e22e036c37f7263569d24c
	NOTE: Fixed in 2.6.25.14 and 2.6.26.1
CVE-2008-3534 (The shmem_delete_inode function in mm/shmem.c in the tmpfs implementat ...)
	{DSA-1636-1}
	- linux-2.6.24 2.6.24-6~etchnhalf.5
	- linux-2.6 2.6.26-2
	[etch] - linux-2.6 <not-affected> (Vulnerable code not present)
	NOTE: 14fcc23fdc78e9d32372553ccf21758a9bd56fa1
	NOTE: Fixed in 2.6.25.14 and 2.6.26.1
CVE-2008-3533 (Format string vulnerability in the window_error function in yelp-windo ...)
	{DTSA-154-1}
	- yelp 2.22.1-4 (low)
	[etch] - yelp <not-affected> (Vulnerable code not present)
CVE-2008-3531 (Stack-based buffer overflow in sys/kern/vfs_mount.c in the kernel in F ...)
	- kfreebsd-7 7.0-5
CVE-2008-3530 (sys/netinet6/icmp6.c in the kernel in FreeBSD 6.3 through 7.1, NetBSD  ...)
	- kfreebsd-6 6.3-7
	- kfreebsd-7 7.0-5
CVE-2008-3529 (Heap-based buffer overflow in the xmlParseAttValueComplex function in  ...)
	{DSA-1654-1}
	- libxml2 2.6.32.dfsg-4 (bug #498768)
CVE-2008-3528 (The error-reporting functionality in (1) fs/ext2/dir.c, (2) fs/ext3/di ...)
	{DSA-1687-1 DSA-1681-1}
	- linux-2.6 2.6.26-11
	- linux-2.6.24 2.6.24-6~etchnhalf.7
	NOTE: cdbf6dba28e8e6268c8420857696309470009fd9 (ext3)
	NOTE: bd39597cbd42a784105a04010100e27267481c67 (ext2)
	NOTE: 9d9f177572d9e4eba0f2e18523b44f90dd51fe74 (ext4)
	NOTE: Comment from tytso:
	NOTE: Note: some people thinks this represents a security bug, since it
	NOTE: might make the system go away while it is printing a large number of
	NOTE: console messages, especially if a serial console is involved. Hence,
	NOTE: it has been assigned CVE-2008-3528, but it requires that the attacker
	NOTE: either has physical access to your machine to insert a USB disk with a
	NOTE: corrupted filesystem image (at which point why not just hit the power
	NOTE: button), or is otherwise able to convince the system administrator to
	NOTE: mount an arbitrary filesystem image (at which point why not just
	NOTE: include a setuid shell or world-writable hard disk device file or some
	NOTE: such). Me, I think they're just being silly.
CVE-2008-3527 (arch/i386/kernel/sysenter.c in the Virtual Dynamic Shared Objects (vDS ...)
	{DSA-1687-1}
	- linux-2.6 2.6.21-1
CVE-2008-3526 (Integer overflow in the sctp_setsockopt_auth_key function in net/sctp/ ...)
	{DSA-1636-1}
	- linux-2.6 2.6.26-4
	- linux-2.6.24 2.6.24-6~etchnhalf.5
	[etch] - linux-2.6 <not-affected>
CVE-2008-3525 (The sbni_ioctl function in drivers/net/wan/sbni.c in the wan subsystem ...)
	{DSA-1655-1 DSA-1653-1}
	- linux-2.6 2.6.26-7
	- linux-2.6.24 2.6.24-6~etchnhalf.6
CVE-2008-3524 (rc.sysinit in initscripts before 8.76.3-1 on Fedora 9 and other Linux  ...)
	NOT-FOR-US: rc.sysinit on Fedora
CVE-2008-3523
	REJECTED
CVE-2008-3522 (Buffer overflow in the jas_stream_printf function in libjasper/base/ja ...)
	{DSA-2080-1}
	- jasper 1.900.1-5.1 (medium; bug #501021)
	- ghostscript 8.64~dfsg-2 (medium; bug #559778)
	- gs-gpl <removed> (medium; bug #561717)
	- netpbm-free <not-affected> (dynamically links to ghostscript if available)
CVE-2008-3521 (Race condition in the jas_stream_tmpfile function in libjasper/base/ja ...)
	- jasper 1.900.1-5.1 (unimportant; bug #501021)
	NOTE: file is opened with O_EXCL even if tmpnam is used in this case
CVE-2008-3520 (Multiple integer overflows in JasPer 1.900.1 might allow context-depen ...)
	- jasper 1.900.1-5.1 (medium; bug #501021)
	- ghostscript 8.64~dfsg-2 (low; bug #559778)
	[lenny] - ghostscript <not-affected> (Too intrusive to backport)
	- gs-gpl <removed> (low; bug #561717)
	- netpbm-free <not-affected> (dynamically links to ghostscript if available)
CVE-2008-3519 (The default configuration of the JBossAs component in Red Hat JBoss En ...)
	- jbossas4 <not-affected> (configuration not yet included in Debian package)
CVE-2008-3518
	REJECTED
CVE-2008-3517
	REJECTED
CVE-2008-3516 (Multiple cross-site scripting (XSS) vulnerabilities in files generated ...)
	NOT-FOR-US: Adobe Presenter
CVE-2008-3515 (Multiple cross-site scripting (XSS) vulnerabilities in files generated ...)
	NOT-FOR-US: Adobe Presenter
CVE-2008-3514 (VMware VirtualCenter 2.5 before Update 2 and 2.0.2 before Update 5 rel ...)
	NOT-FOR-US: VMware VirtualCenter
CVE-2008-3513 (SQL injection vulnerability in the Book Catalog module 1.0 for PHP-Nuk ...)
	NOT-FOR-US: PHP-Nuke
CVE-2008-3512 (SQL injection vulnerability in the Kleinanzeigen module for PHP-Nuke a ...)
	NOT-FOR-US: PHP-Nuke
CVE-2008-3511 (Multiple cross-site scripting (XSS) vulnerabilities in Softbiz Image G ...)
	NOT-FOR-US: Softbiz Image Gallery
CVE-2008-3510 (Cross-site scripting (XSS) vulnerability in livehelp_js.php in Crafty  ...)
	NOT-FOR-US: Crafty Syntax Live Help (CSLH)
CVE-2008-3509 (LoveCMS 1.6.2 does not require administrative authentication for (1) a ...)
	NOT-FOR-US: LoveCMS
CVE-2008-3508 (LiteNews 0.1 (aka 01), and possibly 1.2 and earlier, allows remote att ...)
	NOT-FOR-US: LiteNews
CVE-2008-3507 (SQL injection vulnerability in index.php in LiteNews 0.1 (aka 01), and ...)
	NOT-FOR-US: LiteNews
CVE-2008-3506 (SQL injection vulnerability in PolyPager 1.0 rc2 and earlier allows re ...)
	NOT-FOR-US: PolyPager
CVE-2008-3505 (Cross-site scripting (XSS) vulnerability in PolyPager 1.0 rc2 and earl ...)
	NOT-FOR-US: PolyPager
CVE-2008-3504 (Unspecified vulnerability in mask PHP File Manager (mPFM) before 2.3 h ...)
	NOT-FOR-US: mask PHP File Manager (mPFM)
CVE-2008-3503 (RSSFromParent in Plain Black WebGUI before 7.5.13 does not restrict vi ...)
	NOT-FOR-US: Plain Black WebGUI
CVE-2008-3502 (Unspecified vulnerability in Best Practical Solutions RT 3.0.0 through ...)
	NOT-FOR-US: Best Practical Solutions RT
CVE-2008-3501 (Cross-site scripting (XSS) vulnerability in the WebAccess simple inter ...)
	NOT-FOR-US: Novell Groupwise
CVE-2008-3500 (Cross-site scripting (XSS) vulnerability in the Suggested Terms module ...)
	NOT-FOR-US: suggested terms, additional drupal module
CVE-2008-3499 (Unspecified vulnerability in "a page in the workarea folder" in Ektron ...)
	NOT-FOR-US: Ektron CMS400.NET
CVE-2008-3498 (SQL injection vulnerability in the nBill (com_netinvoice) component 1. ...)
	NOT-FOR-US: nBill, joomla component
CVE-2008-3497 (SQL injection vulnerability in pages.php in MyPHP CMS 0.3.1 allows rem ...)
	NOT-FOR-US: MyPHP CMS
CVE-2008-3496 (Buffer overflow in format descriptor parsing in the uvc_parse_format f ...)
	- linux-2.6 2.6.26-2
	[etch] - linux-2.6 <not-affected> (code not present)
	- linux-2.6.24 <not-affected> (code not present)
CVE-2008-3495 (SQL injection vulnerability in kategori.asp in Pcshey Portal allows re ...)
	NOT-FOR-US: Pcshey Portal
CVE-2008-3494 (8e6 R3000 Internet Filter 2.0.12.10 allows remote attackers to bypass  ...)
	NOT-FOR-US: 8e6 R3000 Internet Filter
CVE-2008-3493 (vncviewer.exe in RealVNC Windows Client 4.1.2.0 allows remote VNC serv ...)
	NOT-FOR-US: RealVNC Windows Client
CVE-2008-3492 (America's Army (aka AA or Army Game Project) 2.8.3.1 and earlier allow ...)
	NOT-FOR-US: America's Army (aka AA or Army Game Project)
CVE-2008-3491 (SQL injection vulnerability in go.php in Scripts24 iPost 1.0.1 and iTG ...)
	NOT-FOR-US: Scripts24 iPost
CVE-2008-3490 (SQL injection vulnerability in members/mail.php in E-topbiz Online Dat ...)
	NOT-FOR-US: E-topbiz Online Dating 3
CVE-2008-3489 (SQL injection vulnerability in checkCookie function in includes/functi ...)
	NOT-FOR-US: PHPX
CVE-2008-3488 (Unspecified vulnerability in Novell iManager before 2.7 SP1 (2.7.1) al ...)
	NOT-FOR-US: Novell iManager
CVE-2008-3487 (SQL injection vulnerability in profile.php in PHPAuction GPL Enhanced  ...)
	NOT-FOR-US: PHPAuction GPL Enhanced
CVE-2008-3486 (Directory traversal vulnerability in the user_get_profile function in  ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2008-3485 (Untrusted search path vulnerability in Citrix MetaFrame Presentation S ...)
	NOT-FOR-US: Citrix MetaFrame Presentation Server
CVE-2008-3532 (The NSS plugin in libpurple in Pidgin 2.4.3 does not verify SSL certif ...)
	- pidgin 2.4.3-2 (bug #492434)
	- gaim <removed>
	[lenny] - gaim <not-affected> (gaim is now a transitional package depending on pidgin with its own source package)
	NOTE: http://developer.pidgin.im/ticket/6500
CVE-2008-3546 (Stack-based buffer overflow in the (1) diff_addremove and (2) diff_cha ...)
	{DSA-1637-1 DTSA-153-1 DTSA-153-2}
	- git-core 1:1.5.6.5 (medium; bug #494097)
CVE-2008-3484 (SQL injection vulnerability in eStoreAff 0.1 allows remote attackers t ...)
	NOT-FOR-US: eStoreAff
CVE-2008-3483 (Cross-site scripting (XSS) vulnerability in ScrewTurn Wiki 2.0.29 and  ...)
	NOT-FOR-US: ScrewTurn Wiki
CVE-2008-3482 (Cross-site scripting (XSS) vulnerability in the error page feature in  ...)
	NOT-FOR-US: Panasonic Network Camera
CVE-2008-3481 (themes/sample/theme.php in Coppermine Photo Gallery (CPG) 1.4.18 and e ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2008-3480 (Stack-based buffer overflow in the Anzio Web Print Object (WePO) Activ ...)
	NOT-FOR-US: Anzio Web Print Object
CVE-2008-3479 (Heap-based buffer overflow in the Microsoft Message Queuing (MSMQ) ser ...)
	NOT-FOR-US: Microsoft Windows
CVE-2008-3478
	REJECTED
CVE-2008-3477 (Microsoft Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3 does not prop ...)
	NOT-FOR-US: Microsoft Excel
CVE-2008-3476 (Microsoft Internet Explorer 5.01 SP4 and 6 does not properly handle er ...)
	NOT-FOR-US: Microsoft
CVE-2008-3475 (Microsoft Internet Explorer 6 does not properly handle errors related  ...)
	NOT-FOR-US: Microsoft
CVE-2008-3474 (Microsoft Internet Explorer 6 and 7 does not properly determine the do ...)
	NOT-FOR-US: Microsoft
CVE-2008-3473 (Microsoft Internet Explorer 6 and 7 does not properly determine the do ...)
	NOT-FOR-US: Microsoft
CVE-2008-3472 (Microsoft Internet Explorer 6 and 7 does not properly determine the do ...)
	NOT-FOR-US: Microsoft
CVE-2008-3471 (Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 200 ...)
	NOT-FOR-US: Microsoft
CVE-2008-3470
	REJECTED
CVE-2008-3469
	REJECTED
CVE-2008-3468
	REJECTED
CVE-2008-3467
	REJECTED
CVE-2008-3466 (Microsoft Host Integration Server (HIS) 2000, 2004, and 2006 does not  ...)
	NOT-FOR-US: Microsoft
CVE-2008-3465 (Heap-based buffer overflow in an API in GDI in Microsoft Windows 2000  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2008-3464 (afd.sys in the Ancillary Function Driver (AFD) component in Microsoft  ...)
	NOT-FOR-US: Microsoft
CVE-2008-3463
	REJECTED
CVE-2008-3462
	REJECTED
CVE-2008-3461
	REJECTED
CVE-2008-3460 (WPGIMP32.FLT in Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Offic ...)
	NOT-FOR-US: Microsoft Office 2000
CVE-2008-3459 (Unspecified vulnerability in OpenVPN 2.1-beta14 through 2.1-rc8, when  ...)
	- openvpn 2.1~rc9-1 (low; bug #493488)
	NOTE: pull/push needs to be allowed, successful authentication, compromised or malicious server
	[etch] - openvpn <not-affected> (Upstream states that the 2.0.x versions are unaffected)
CVE-2008-3458 (Vtiger CRM before 5.0.4 stores sensitive information under the web roo ...)
	NOT-FOR-US: Vtiger CRM
CVE-2008-3457 (Cross-site scripting (XSS) vulnerability in setup.php in phpMyAdmin be ...)
	{DSA-1641-1}
	- phpmyadmin 4:2.11.8~rc1-1
	NOTE: if an attacker can write arbitrary content to config/config.php you have way more problems than this XSS
	NOTE: https://www.phpmyadmin.net/security/PMASA-2008-6/
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/6a5e53c31bcbcadcb5d16cffaa3b9af181b26296 (2.11 branch)
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/0bfb27fb0538f43e9c49b6a183b767c2bed1524d
CVE-2008-3455 (PHP remote file inclusion vulnerability in include/admin.php in JnSHos ...)
	NOT-FOR-US: JnSHosts PHP Hosting Directory
CVE-2008-3454 (JnSHosts PHP Hosting Directory 2.0 allows remote attackers to bypass a ...)
	NOT-FOR-US: JnSHosts PHP Hosting Directory
CVE-2008-3453 (Multiple unspecified vulnerabilities in ImpressCMS 1.0 have unknown im ...)
	NOT-FOR-US: ImpressCMS
CVE-2008-3452 (SQL injection vulnerability in the Calendar module in eNdonesia 8.4 al ...)
	NOT-FOR-US: eNdonesia
CVE-2008-3451 (PhpWebGallery 1.7.0 and 1.7.1 allows remote authenticated users with a ...)
	NOT-FOR-US: PhpWebGallery
CVE-2008-3450 (Unspecified vulnerability in the namefs kernel module in Sun Solaris 8 ...)
	NOT-FOR-US: Solaris
CVE-2008-3449 (MailEnable Professional 3.5.2 and Enterprise 3.52 allow remote attacke ...)
	NOT-FOR-US: MailEnable
CVE-2008-3448 (Cross-site scripting (XSS) vulnerability in index.php in common soluti ...)
	NOT-FOR-US: csphonebook
CVE-2008-3447 (The scanning engine in F-Prot Antivirus 6.2.1 4252 allows remote attac ...)
	NOT-FOR-US: F-Prot Antivirus
CVE-2008-3446 (Directory traversal vulnerability in inc/wysiwyg.php in LetterIt 2 all ...)
	NOT-FOR-US: LetterIt
CVE-2008-3445 (SQL injection vulnerability in index.php in phpMyRealty (PMR) 2.0.0 al ...)
	NOT-FOR-US: phpMyRealty
CVE-2008-3444 (The content layout component in Mozilla Firefox 3.0 and 3.0.1 allows r ...)
	- iceweasel <removed> (unimportant)
	NOTE: browser dos not treated as security issues
CVE-2008-3443 (The regular expression engine (regex.c) in Ruby 1.8.5 and earlier, 1.8 ...)
	{DSA-1695-1}
	- ruby1.8 1.8.7.72-1 (low; bug #494401)
	- ruby1.9 1.9.0.2-9 (low)
	NOTE: Upstream commits 18212 (for 1.8) and 18213 (for 1.9).
	NOTE: this specific problem does not exist in ruby1.9 but a very similar problem
	NOTE: that has been fixed in this version (308_regexp_segv.dpatch)
CVE-2008-3442 (WinZip before 11.0 does not properly verify the authenticity of update ...)
	NOT-FOR-US: WinZip
CVE-2008-3441 (Nullsoft Winamp before 5.24 does not properly verify the authenticity  ...)
	NOT-FOR-US: Nullsoft Winamp
CVE-2008-3440 (Sun Java 1.6.0_03 and earlier versions, and possibly later versions, d ...)
	- sun-java5 <not-affected> (only java updater for windows affected)
	- sun-java6 <not-affected> (only java updater for windows affected)
CVE-2008-3439 (SpeedBit Video Acceleration before 2.2.1.8 does not properly verify th ...)
	NOT-FOR-US: SpeedBit Video Acceleration
CVE-2008-3438 (Apple Mac OS X does not properly verify the authenticity of updates, w ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-3437 (OpenOffice.org (OOo) before 2.1.0 does not properly verify the authent ...)
	- openoffice.org <not-affected> (update feature disabled)
CVE-2008-3436 (The GUP generic update process in Notepad++ before 4.8.1 does not prop ...)
	NOT-FOR-US: Notepad++
CVE-2008-3435 (LinkedIn Browser Toolbar 3.0.3.1100 and earlier does not properly veri ...)
	NOT-FOR-US: LinkedIn
CVE-2008-3434 (Apple iTunes before 10.5.1 does not properly verify the authenticity o ...)
	NOT-FOR-US: Apple iTunes
CVE-2008-3433 (SpeedBit Download Accelerator Plus (DAP) before 8.6.3.9 does not prope ...)
	NOT-FOR-US: SpeedBit Download Accelerator Plus
CVE-2008-3432 (Heap-based buffer overflow in the mch_expand_wildcards function in os_ ...)
	- vim <not-affected> (Vulnerable code only present in 6.2 and 6.3, none of them in the archive anymore)
CVE-2008-3430 (Buffer overflow in the CoVideoWindow.ocx ActiveX control 5.0.907.1 in  ...)
	NOT-FOR-US: Eyeball MessengerSDK
CVE-2008-3428 (Session fixation vulnerability in phpFreeChat 1.1 allows remote authen ...)
	NOT-FOR-US: phpFreeChat
CVE-2008-3427
	REJECTED
CVE-2008-3426 (Unspecified vulnerability in the Solaris Platform Information and Cont ...)
	NOT-FOR-US: Solaris
CVE-2008-3425 (Unspecified vulnerability in the Sun Java System Web Server 7.0 plugin ...)
	NOT-FOR-US: Sun Java System Web Server
CVE-2008-3424 (Condor before 7.0.4 does not properly handle wildcards in the ALLOW_WR ...)
	- condor <not-affected> (Fixed before initial upload to archive)
CVE-2008-3423 (IBM WebSphere Portal 5.1 through 6.1.0.0 allows remote attackers to by ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2008-3422 (Multiple cross-site scripting (XSS) vulnerabilities in the ASP.net cla ...)
	- mono 1.9.1+dfsg-4 (low; bug #494406)
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=413534
	NOTE: http://n2.nabble.com/-PATCH--HTML-encode-attributes-that-might-need-encoding-td584193.html
CVE-2008-3431 (The VBoxDrvNtDeviceControl function in VBoxDrv.sys in Sun xVM VirtualB ...)
	- virtualbox-ose <not-affected> (affects only windows host systems)
	NOTE: CORE-2008-0716
CVE-2008-3456 (phpMyAdmin before 2.11.8 does not sufficiently prevent its pages from  ...)
	{DSA-1641-1}
	- phpmyadmin 4:2.11.8~rc1-1 (low)
	NOTE: exploitation circumstances are rare or require other vulnerabilities to be present already. may fix combined with another issue but doesn't warrant DSA on its own
CVE-2008-3547 (Buffer overflow in the server in OpenTTD 0.6.1 and earlier allows remo ...)
	- openttd 0.6.2-1 (medium; bug #493714)
CVE-2008-3421 (Multiple cross-site request forgery (CSRF) vulnerabilities in Blackboa ...)
	NOT-FOR-US: Blackboard Academic Suite
CVE-2008-3420 (Multiple SQL injection vulnerabilities in Mobius for Mimsy XG 1 1.4.4. ...)
	NOT-FOR-US: Mobius Web Publishing Software
CVE-2008-3419 (SQL injection vulnerability in ugroups.php in Youtuber Clone allows re ...)
	NOT-FOR-US: Youtuber Clone
CVE-2008-3418 (SQL injection vulnerability in browse.php in TriO 2.1 and earlier allo ...)
	NOT-FOR-US: TriO
CVE-2008-3417 (SQL injection vulnerability in home/index.asp in fipsCMS light 2.1 and ...)
	NOT-FOR-US: fipsCMS
CVE-2008-3416 (SQL injection vulnerability in modules/members.php in IceBB before 1.0 ...)
	NOT-FOR-US: IceBB
CVE-2008-3415 (Directory traversal vulnerability in common.php in CMScout 2.05, when  ...)
	NOT-FOR-US: CMScout
CVE-2008-3414 (SQL injection vulnerability in line2.php in SiteAdmin allows remote at ...)
	NOT-FOR-US: SiteAdmin
CVE-2008-3413 (SQL injection vulnerability in category.php in Greatclone GC Auction P ...)
	NOT-FOR-US: Greatclone GC Auction Platinum
CVE-2008-3412 (SQL injection vulnerability in Comsenz EPShop (aka ECShop) before 3.0  ...)
	NOT-FOR-US: Comsenz EPShop
CVE-2008-3411 (The Axesstel AXW-D800 modem with D2_ETH_109_01_VEBR Jun-14-2006 softwa ...)
	NOT-FOR-US: The Axesstel AXW-D800 modem
CVE-2008-3410 (Unreal Tournament 3 1.3beta4 and earlier allows remote attackers to ca ...)
	NOT-FOR-US: Unreal Tournament
CVE-2008-3409 (Buffer overflow in Unreal Tournament 3 1.3beta4 and earlier allows rem ...)
	NOT-FOR-US: Unreal Tournament
CVE-2008-3408 (Stack-based buffer overflow in CoolPlayer 2.18, and possibly other ver ...)
	NOT-FOR-US: CoolPlayer
CVE-2008-3407 (phpLinkat 0.1 allows remote attackers to bypass authentication and acc ...)
	NOT-FOR-US: phpLinkat
CVE-2008-3406 (SQL injection vulnerability in showcat.php in phpLinkat 0.1 allows rem ...)
	NOT-FOR-US: phpLinkat
CVE-2008-3405 (Directory traversal vulnerability in index.php in Ricardo Amaral nzFot ...)
	NOT-FOR-US: Ricardo Amaral nzFotolog
CVE-2008-3404 (Cross-site scripting (XSS) vulnerability in guestbook.js.php in MJGues ...)
	NOT-FOR-US: MJGuest
CVE-2008-3403 (SQL injection vulnerability in mojoClassified.cgi in MojoPersonals all ...)
	NOT-FOR-US: MojoPersonals
CVE-2008-3402 (Multiple PHP remote file inclusion vulnerabilities in HIOX Browser Sta ...)
	NOT-FOR-US: HIOX Browser Statistics
CVE-2008-3401 (PHP remote file inclusion vulnerability in hioxRandomAd.php in HIOX Ra ...)
	NOT-FOR-US: HIOX Random Ad
CVE-2008-3400 (XRMS CRM 1.99.2 allows remote attackers to obtain configuration inform ...)
	NOT-FOR-US: XRMS CRM
CVE-2008-3399 (PHP remote file inclusion vulnerability in activities/workflow-activit ...)
	NOT-FOR-US: XRMS CRM
CVE-2008-3398 (Multiple cross-site scripting (XSS) vulnerabilities in XRMS CRM 1.99.2 ...)
	NOT-FOR-US: XRMS CRM
CVE-2008-3397 (Cross-site scripting (XSS) vulnerability in Runesoft Cerberus CMS befo ...)
	NOT-FOR-US: Runesoft Cerberus CMS
CVE-2008-3396 (Unreal Tournament 2004 (UT2004) 3369 and earlier allows remote attacke ...)
	NOT-FOR-US: Unreal Tournament
CVE-2008-3395 (Calacode @Mail 5.41 on Linux uses weak world-readable permissions for  ...)
	NOT-FOR-US: Calacode
CVE-2008-3394 (Multiple cross-site scripting (XSS) vulnerabilities in search.cfm in B ...)
	NOT-FOR-US: BookMine
CVE-2008-3393 (SQL injection vulnerability in events.cfm in BookMine allows remote at ...)
	NOT-FOR-US: BookMine
CVE-2008-3392 (Cross-site request forgery (CSRF) vulnerability in Web Wiz Forum 9.5 a ...)
	NOT-FOR-US: Web Wiz Forum
CVE-2008-3391 (Multiple cross-site scripting (XSS) vulnerabilities in Web Wiz Forum 9 ...)
	NOT-FOR-US: Web Wiz Forum
CVE-2008-3390 (Directory traversal vulnerability in libraries/general.init.php in Min ...)
	NOT-FOR-US: Minishowcase Image Gallery
CVE-2008-3389 (Stack-based buffer overflow in the libbecompat library in Ingres 2.6,  ...)
	NOT-FOR-US: Ingres
CVE-2008-3388 (Multiple SQL injection vulnerabilities in Def-Blog 1.0.3 allow remote  ...)
	NOT-FOR-US: Def-Blog
CVE-2008-3387 (SQL injection vulnerability in show.php in PHPFootball 1.6 allows remo ...)
	NOT-FOR-US: PHPFootball
CVE-2008-3386 (SQL injection vulnerability in album.php in AlstraSoft Video Share Ent ...)
	NOT-FOR-US: AlstraSoft Video Share Enterprise
CVE-2008-3385 (Directory traversal vulnerability in include/head_chat.inc.php in php  ...)
	NOT-FOR-US: Help Agent
CVE-2008-3384 (Multiple directory traversal vulnerabilities in help/help.php in Inter ...)
	NOT-FOR-US: Interact Learning Community Environment Interact
CVE-2008-3383 (SQL injection vulnerability in mojoAuto.cgi in MojoAuto allows remote  ...)
	NOT-FOR-US: MojoAuto
CVE-2008-3382 (SQL injection vulnerability in mojoClassified.cgi in MojoClassifieds 2 ...)
	NOT-FOR-US: MojoClassifieds
CVE-2008-3381 (Multiple cross-site scripting (XSS) vulnerabilities in macro/AdvancedS ...)
	- moin 1.7.1-1 (low)
	[etch] - moin <not-affected> (Vulnerable macro not present)
CVE-2008-3380 (Cross-site scripting (XSS) vulnerability in ajaxp_backend.php in MyioS ...)
	NOT-FOR-US: MyioSoft EasyBookMarker
CVE-2008-3379 (Cross-site scripting (XSS) vulnerability in Snark VisualPic 0.3.1 allo ...)
	NOT-FOR-US: Snark VisualPic
CVE-2008-3378 (SQL injection vulnerability in comment.php in Fizzmedia 1.51.2 allows  ...)
	NOT-FOR-US: Fizzmedia
CVE-2008-3377 (SQL injection vulnerability in picture.php in phpTest 0.6.3 allows rem ...)
	NOT-FOR-US: phpTest
CVE-2008-3376 (Multiple unspecified vulnerabilities in JamRoom before 3.4.0 have unkn ...)
	NOT-FOR-US: JamRoom
CVE-2008-3375 (The jrCookie function in includes/jamroom-misc.inc.php in JamRoom befo ...)
	NOT-FOR-US: JamRoom
CVE-2008-3374 (SQL injection vulnerability in ajax.php in Gregarius 0.5.4 and earlier ...)
	NOT-FOR-US: Gregarius
CVE-2008-3373 (The files parsing engine in Grisoft AVG Anti-Virus before 8.0.156 allo ...)
	NOT-FOR-US: Grisoft AVG Anti-Virus
CVE-2008-3372 (SQL injection vulnerability in search_form.php in Getacoder Clone allo ...)
	NOT-FOR-US: Getacoder Clone
CVE-2008-3371 (Directory traversal vulnerability in install/help.php in TalkBack 2.3. ...)
	NOT-FOR-US: TalkBack
CVE-2008-3370 (SQL injection vulnerability in the CUA Login Module in EMC Centera Uni ...)
	NOT-FOR-US: CUA Login Module in EMC Centera Universal Access
CVE-2008-3369 (SQL injection vulnerability in products_rss.php in ViArt Shop 3.5 and  ...)
	NOT-FOR-US: ViArt Shop
CVE-2008-3368 (PHP remote file inclusion vulnerability in tools/packages/import.php i ...)
	NOT-FOR-US: ATutor
CVE-2008-3367 (Cross-site scripting (XSS) vulnerability in RTE_popup_link.asp in Web  ...)
	NOT-FOR-US: Web Wiz Rich Text Editor
CVE-2008-3366 (SQL injection vulnerability in story.php in Pligg CMS Beta 9.9.0 allow ...)
	NOT-FOR-US: Pligg CMS
CVE-2008-3365 (Directory traversal vulnerability in index.php in Pixelpost 1.7.1 on W ...)
	- pixelpost <not-affected> (Exploit relies on register_globals to be on)
CVE-2008-3364 (Buffer overflow in the ObjRemoveCtrl Class ActiveX control in OfficeSc ...)
	NOT-FOR-US: Trend Micro OfficeScan Corp Edition Web-Deployment
CVE-2008-3363 (Directory traversal vulnerability in user_portal.php in the Dokeos E-L ...)
	NOT-FOR-US: Dokeos E-Learning System
CVE-2008-3362 (Unrestricted file upload vulnerability in upload.php in the Giulio Gan ...)
	NOT-FOR-US: Giulio Ganci Wp Downloads Manager module
CVE-2008-3361 (Stack-based buffer overflow in IntelliTamper 2.07 allows remote web si ...)
	NOT-FOR-US: IntelliTamper
CVE-2008-3360 (Stack-based buffer overflow in the HTML parser in IntelliTamper 2.0.7  ...)
	NOT-FOR-US: IntelliTamper
CVE-2008-3359 (SQL injection vulnerability in register.php in Steve Bourgeois and Chr ...)
	- owl-dms 0.95-1.1 (bug #493372)
CVE-2008-3358 (Cross-site scripting (XSS) vulnerability in Web Dynpro (WD) in the SAP ...)
	NOT-FOR-US: SAP NetWeaver portal
CVE-2008-3357 (Untrusted search path vulnerability in ingvalidpw in Ingres 2.6, Ingre ...)
	NOT-FOR-US: Ingres
CVE-2008-3356 (verifydb in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and Ingres  ...)
	NOT-FOR-US: Ingres
CVE-2008-3355 (SQL injection vulnerability in sitemap.xml.php in Camera Life 2.6.2 al ...)
	NOT-FOR-US: Camera Life
CVE-2008-3354 (Multiple PHP remote file inclusion vulnerabilities in the Newbb Plus ( ...)
	NOT-FOR-US: Newbb Plus
CVE-2008-3353 (Multiple cross-site scripting (XSS) vulnerabilities in Pure Software L ...)
	NOT-FOR-US: Pure Software Lore
CVE-2008-3352 (SQL injection vulnerability in index.php in Live Music Plus 1.1.0 allo ...)
	NOT-FOR-US: Live Music Plus
CVE-2008-3351 (SQL injection vulnerability in atomPhotoBlog.php in Atom PhotoBlog 1.0 ...)
	NOT-FOR-US: Atom PhotoBlog
CVE-2008-3350 (dnsmasq 2.43 allows remote attackers to cause a denial of service (dae ...)
	- dnsmasq 2.44-1 (low)
	[etch] - dnsmasq <not-affected> (Issue was introduced in 2.43)
CVE-2008-3349 (Multiple unspecified vulnerabilities in NetApp Data ONTAP, as used on  ...)
	NOT-FOR-US: NetApp Data ONTAP
CVE-2008-3348 (Cross-site scripting (XSS) vulnerability in staticpages/easycalendar/i ...)
	NOT-FOR-US: MyioSoft EasyDynamicPages
CVE-2008-3347 (SQL injection vulnerability in staticpages/easycalendar/index.php in M ...)
	NOT-FOR-US: MyioSoft EasyDynamicPages
CVE-2008-3346 (SQL injection vulnerability in product_detail.php in ShopCart DX allow ...)
	NOT-FOR-US: ShopCart DX
CVE-2008-3345 (SQL injection vulnerability in staticpages/easyecards/index.php in Myi ...)
	NOT-FOR-US: MyioSoft EasyE-Cards
CVE-2008-3344 (Multiple cross-site scripting (XSS) vulnerabilities in staticpages/eas ...)
	NOT-FOR-US: MyioSoft EasyE-Cards
CVE-2008-3343 (SQL injection vulnerability in staticpages/easypublish/index.php in My ...)
	NOT-FOR-US: MyioSoft EasyPublish
CVE-2008-3342 (Cross-site scripting (XSS) vulnerability in staticpages/easypublish/in ...)
	NOT-FOR-US: MyioSoft EasyPublish
CVE-2008-3341 (Multiple SQL injection vulnerabilities in search_result.cfm in Jobbex  ...)
	NOT-FOR-US: Jobbex JobSite
CVE-2008-3340 (Cross-site scripting (XSS) vulnerability in search_result.cfm in Jobbe ...)
	NOT-FOR-US: Jobbex JobSite
CVE-2008-3339 (search_result.cfm in Jobbex JobSite allows remote attackers to obtain  ...)
	NOT-FOR-US: Jobbex JobSite
CVE-2008-3429 (Buffer overflow in URI processing in HTTrack and WinHTTrack before 3.4 ...)
	{DSA-1626-1}
	- httrack 3.42.3-1 (low)
CVE-2008-3338 (Multiple buffer overflows in TIBCO Hawk (1) AMI C library (libtibhawka ...)
	NOT-FOR-US: TIBCO Hawk
CVE-2008-3337 (PowerDNS Authoritative Server before 2.9.21.1 drops malformed queries, ...)
	{DSA-1628-1}
	- pdns 2.9.21.1-1 (low)
CVE-2008-3336 (Multiple cross-site scripting (XSS) vulnerabilities in PunBB before 1. ...)
	NOT-FOR-US: PunBB
CVE-2008-3335 (Unspecified vulnerability in PunBB before 1.2.19 allows remote attacke ...)
	NOT-FOR-US: PunBB
CVE-2008-3334 (Cross-site scripting (XSS) vulnerability in MyBB 1.2.x before 1.2.14 a ...)
	NOT-FOR-US: MyBB
CVE-2008-3333 (Directory traversal vulnerability in core/lang_api.php in Mantis befor ...)
	- mantis 1.1.2+dfsg-2
	NOTE: I've marked the above version as fixed, however I am not sure if it wasn't fixed
	NOTE: earlier. However, lenny is fixed and it is not in etch and sarge is not supported anymore.
CVE-2008-3332 (Eval injection vulnerability in adm_config_set.php in Mantis before 1. ...)
	- mantis 1.1.2+dfsg-2
CVE-2008-3331 (Cross-site scripting (XSS) vulnerability in return_dynamic_filters.php ...)
	- mantis 1.1.2+dfsg-2
CVE-2008-3329 (Unspecified vulnerability in Links before 2.1, when "only proxies" is  ...)
	- links2 2.1pre37-1.1 (low; bug #492744)
	[etch] - links2 <no-dsa> (Minor information leak)
CVE-2008-3328 (Cross-site scripting (XSS) vulnerability in the wiki engine in Trac be ...)
	- trac 0.11-1
	[etch] - trac 0.10.3-1etch4
CVE-2008-3324 (The PartyGaming PartyPoker client program 121/120 does not properly ve ...)
	NOT-FOR-US: PartyGaming PartyPoker
CVE-2008-3323 (setup.exe before 2.573.2.3 in Cygwin does not properly verify the auth ...)
	NOT-FOR-US: Cygwin
CVE-2008-3322 (admin/index.php in Maian Recipe 1.2 and earlier allows remote attacker ...)
	NOT-FOR-US: Maian *
CVE-2008-3321 (admin/index.php in Maian Uploader 4.0 and earlier allows remote attack ...)
	NOT-FOR-US: Maian *
CVE-2008-3320 (admin/index.php in Maian Guestbook 3.2 and earlier allows remote attac ...)
	NOT-FOR-US: Maian *
CVE-2008-3319 (admin/index.php in Maian Links 3.1 and earlier allows remote attackers ...)
	NOT-FOR-US: Maian *
CVE-2008-3318 (admin/index.php in Maian Weblog 4.0 and earlier allows remote attacker ...)
	NOT-FOR-US: Maian *
CVE-2008-3317 (admin/index.php in Maian Search 1.1 and earlier allows remote attacker ...)
	NOT-FOR-US: Maian *
CVE-2008-3316 (Cross-site scripting (XSS) vulnerability in the search feature in the  ...)
	NOT-FOR-US: Geeklog
CVE-2008-3315 (Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.8.1 ...)
	NOT-FOR-US: Claroline
CVE-2008-3314 (ZDaemon 1.08.07 and earlier allows remote attackers to cause a denial  ...)
	NOT-FOR-US: ZDaemon
CVE-2008-3313 (Multiple PHP remote file inclusion vulnerabilities in CreaCMS 1.0 allo ...)
	NOT-FOR-US: CreaCMS
CVE-2008-3312 (Directory traversal vulnerability in lemon_includes/FCKeditor/editor/f ...)
	- fckeditor <not-affected> (Vulnerable code not present)
	NOTE: lemon cms patched sources, vulnerable code not present in plain fckeditor in no version.
	NOTE: if in doubt contact the fsckeditor people.
CVE-2008-3311 (PHP remote file inclusion vulnerability in config.php in Adam Scheinbe ...)
	NOT-FOR-US: Adam Scheinberg Flip
CVE-2008-3310 (SQL injection vulnerability in default.asp in Pre Survey Poll allows r ...)
	NOT-FOR-US: Pre Survey Poll
CVE-2008-3309 (SQL injection vulnerability in info_book.asp in DigiLeave 1.2 and earl ...)
	NOT-FOR-US: DigiLeave
CVE-2008-3308 (PHP remote file inclusion vulnerability in cuenta/cuerpo.php in C. Des ...)
	NOT-FOR-US: C. Desseno YouTube Blog
CVE-2008-3307 (SQL injection vulnerability in todos.php in C. Desseno YouTube Blog (y ...)
	NOT-FOR-US: C. Desseno YouTube Blog
CVE-2008-3306 (SQL injection vulnerability in info.php in C. Desseno YouTube Blog (yt ...)
	NOT-FOR-US: C. Desseno YouTube Blog
CVE-2008-3305 (Cross-site scripting (XSS) vulnerability in mensaje.php in C. Desseno  ...)
	NOT-FOR-US: C. Desseno YouTube Blog
CVE-2008-3304 (BilboBlog 0.2.1 allows remote attackers to obtain sensitive informatio ...)
	NOT-FOR-US: BilboBlog
CVE-2008-3303 (admin/login.php in BilboBlog 0.2.1, when register_globals is enabled,  ...)
	NOT-FOR-US: BilboBlog
CVE-2008-3302 (SQL injection vulnerability in admin/delete.php in BilboBlog 0.2.1, wh ...)
	NOT-FOR-US: BilboBlog
CVE-2008-3301 (Multiple cross-site scripting (XSS) vulnerabilities in BilboBlog 0.2.1 ...)
	NOT-FOR-US: BilboBlog
CVE-2008-3300 (AlphAdmin CMS 1.0.5/03 allows remote attackers to bypass authenticatio ...)
	NOT-FOR-US: AlphAdmin CMS
CVE-2008-3299 (eSyndiCat 1.6 allows remote attackers to bypass authentication and gai ...)
	NOT-FOR-US: eSyndiCat
CVE-2008-3298 (SocialEngine (SE) before 2.83 grants certain write privileges for temp ...)
	NOT-FOR-US: SocialEngine
CVE-2008-3297 (Multiple SQL injection vulnerabilities in SocialEngine (SE) before 2.8 ...)
	NOT-FOR-US: SocialEngine
CVE-2008-3296 (Directory traversal vulnerability in modules/system/admin.php in XOOPS ...)
	NOT-FOR-US: XOOPS
CVE-2008-3295 (Cross-site scripting (XSS) vulnerability in modules/system/admin.php i ...)
	NOT-FOR-US: XOOPS
CVE-2008-3294 (src/configure.in in Vim 5.0 through 7.1, when used for a build with Py ...)
	- vim <not-affected> (Build issue)
	NOTE: It looks like the vulnerability only occurs during build, so it shouldn't be an issue for Debian
CVE-2008-3293 (Directory traversal vulnerability in download.php in EZWebAlbum allows ...)
	NOT-FOR-US: EZWebAlbum
CVE-2008-3292 (constants.inc in EZWebAlbum 1.0 allows remote attackers to bypass auth ...)
	NOT-FOR-US: EZWebAlbum
CVE-2008-3291 (SQL injection vulnerability in index.php in AproxEngine (aka Aprox CMS ...)
	NOT-FOR-US: AproxEngine
CVE-2008-3290 (retroclient.exe in EMC Dantz Retrospect Backup Client 7.5.116 allows r ...)
	NOT-FOR-US: EMC Dantz Retrospect Backup Client
CVE-2008-3289 (EMC Dantz Retrospect Backup Client 7.5.116 sends the password hash in  ...)
	NOT-FOR-US: EMC Dantz Retrospect Backup Client
CVE-2008-3288 (The Server Authentication Module in EMC Dantz Retrospect Backup Server ...)
	NOT-FOR-US: EMC Dantz Retrospect Backup Server
CVE-2008-3287 (retroclient.exe in EMC Dantz Retrospect Backup Client 7.5.116 allows r ...)
	NOT-FOR-US: EMC Dantz Retrospect Backup Client
CVE-2008-3286 (SWAT 4 1.1 and earlier allows remote attackers to cause a denial of se ...)
	NOT-FOR-US: SWAT 4
CVE-2008-3285 (The Filesys::SmbClientParser module 2.7 and earlier for Perl allows re ...)
	NOT-FOR-US: Filesys::SmbClientParser
CVE-2008-3284
	REJECTED
CVE-2008-3283 (Multiple memory leaks in Red Hat Directory Server 7.1 before SP7, Red  ...)
	NOT-FOR-US: Red Hat Directory Server
CVE-2008-3282 (Integer overflow in the rtl_allocateMemory function in sal/rtl/source/ ...)
	- openoffice.org <not-affected> (openoffice in Debian does not use the custom allocations but g/malloc)
	NOTE: see ooo-build/distro-configs/CommonLinux.conf.in, openoffice builds on Debian using
	NOTE: --with-alloc=system which causes the build scripts to use the system allocators instead of the
	NOTE: custom ones
CVE-2008-3281 (libxml2 2.6.32 and earlier does not properly detect recursion during e ...)
	{DSA-1631-1 DTSA-158-1}
	- libxml2 2.6.32.dfsg-3 (medium)
	- chromium-browser 5.0.375.29~r46008-1
CVE-2008-3280 (It was found that various OpenID Providers (OPs) had TLS Server Certif ...)
	NOT-FOR-US: Historic OpenID issues
CVE-2008-3279 (Untrusted search path vulnerability in libbrlttybba.so in brltty 3.7.2 ...)
	- brltty <not-affected> (RedHat-specific)
CVE-2008-3278 (frysk packages through 2008-08-05 as shipped in Red Hat Enterprise Lin ...)
	- frysk <removed>
CVE-2008-3277 (Untrusted search path vulnerability in a certain Red Hat build script  ...)
	- ibutils <not-affected> (RedHat-specific)
CVE-2008-3276 (Integer overflow in the dccp_setsockopt_change function in net/dccp/pr ...)
	{DSA-1653-1 DSA-1636-1}
	- linux-2.6 2.6.26-4
	- linux-2.6.24 2.6.24-6~etchnhalf.5
CVE-2008-3275 (The (1) real_lookup and (2) __lookup_hash functions in fs/namei.c in t ...)
	{DSA-1636-1 DSA-1630-1}
	- linux-2.6.24 2.6.24-6~etchnhalf.5
	- linux-2.6 2.6.26-2
	NOTE: d70b67c8bc72ee23b55381bd6a884f4796692f77
CVE-2008-3274 (The default configuration of Red Hat Enterprise IPA 1.0.0 and FreeIPA  ...)
	NOT-FOR-US: FreeIPA
CVE-2008-3273 (JBoss Enterprise Application Platform (aka JBossEAP or EAP) before 4.2 ...)
	- jbossas4 <not-affected> (Only provides a few class libs)
CVE-2008-3272 (The snd_seq_oss_synth_make_info function in sound/core/seq/oss/seq_oss ...)
	{DSA-1636-1 DSA-1630-1}
	- linux-2.6.24 2.6.24-6~etchnhalf.5
	- linux-2.6 2.6.26-2
	NOTE: 82e68f7ffec3800425f2391c8c86277606860442
CVE-2008-3271 (Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers t ...)
	- tomcat5 <removed> (unimportant)
	- tomcat5.5 5.5.1
	- tomcat6 <not-affected>
	NOTE: It is unlikely that this is exploitable in real world scenarios.
CVE-2008-3270 (yum-rhn-plugin in Red Hat Enterprise Linux (RHEL) 5 does not verify th ...)
	NOT-FOR-US: Red Hat
CVE-2008-3269 (WRPCServer.exe in WinSoftMagic WinRemotePC (WRPC) Lite 2008 and Full 2 ...)
	NOT-FOR-US: WinRemotePC
CVE-2008-3268 (Unspecified vulnerability in phpScheduleIt 1.2.0 through 1.2.9, when u ...)
	NOT-FOR-US: phpScheduleIt
CVE-2008-3267 (SQL injection vulnerability in mojoJobs.cgi in MojoJobs allows remote  ...)
	NOT-FOR-US: MojoJobs
CVE-2008-3266 (SQL injection vulnerability in picture_pic_bv.asp in SoftAcid Hotel Re ...)
	NOT-FOR-US: SoftAcid Hotel Reservation System
CVE-2008-3265 (SQL injection vulnerability in the DT Register (com_dtregister) 2.2.3  ...)
	NOT-FOR-US: DT Register
CVE-2008-3264 (The FWDOWNL firmware-download implementation in Asterisk Open Source 1 ...)
	- asterisk 1:1.4.21.2~dfsg-1
	[etch] - asterisk <end-of-life> (Etch Packages no longer covered by security support)
	NOTE: http://downloads.digium.com/pub/security/AST-2008-011.html
CVE-2008-3263 (The IAX2 protocol implementation in Asterisk Open Source 1.0.x, 1.2.x  ...)
	- asterisk 1:1.4.21.2~dfsg-1
	[etch] - asterisk <end-of-life> (Etch Packages no longer covered by security support)
	NOTE: http://downloads.digium.com/pub/security/AST-2008-010.html
CVE-2008-3262 (Cross-site request forgery (CSRF) vulnerability in Claroline before 1. ...)
	NOT-FOR-US: Claroline
CVE-2008-3261 (Open redirect vulnerability in claroline/redirector.php in Claroline b ...)
	NOT-FOR-US: Claroline
CVE-2008-3260 (Multiple cross-site scripting (XSS) vulnerabilities in Claroline befor ...)
	NOT-FOR-US: Claroline
CVE-2008-3259 (OpenSSH before 5.1 sets the SO_REUSEADDR socket option when the X11Use ...)
	- openssh <not-affected> (linux check that the effective userid matches or that bind addresses dont overlap on rebind)
CVE-2008-3258 (Multiple SQL injection vulnerabilities in Zoph before 0.7.0.5 allow re ...)
	- zoph 0.7.1-1
	NOTE: http://sourceforge.net/project/shownotes.php?group_id=69353&release_id=614672
CVE-2008-3257 (Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2008-3256 (SQL injection vulnerability in folder.php in Siteframe CMS 3.2.3 and e ...)
	NOT-FOR-US: Siteframe CMS
CVE-2008-3255 (Cross-site scripting (XSS) vulnerability in LunarNight Laboratory WebP ...)
	NOT-FOR-US: LunarNight Laboratory WebProxy
CVE-2008-3254 (SQL injection vulnerability in index.php in preCMS 1 allows remote att ...)
	NOT-FOR-US: preCMS
CVE-2008-3253 (Cross-site scripting (XSS) vulnerability in the XenAPI HTTP interfaces ...)
	NOT-FOR-US: Citrix XenServer Express
CVE-2008-3252 (Stack-based buffer overflow in the read_article function in getarticle ...)
	{DSA-1622-1}
	- newsx 1.6-3 (bug #492742)
CVE-2008-3251 (Multiple SQL injection vulnerabilities in tplSoccerSite 1.0 allow remo ...)
	NOT-FOR-US: tplSoccerSite
CVE-2008-3250 (SQL injection vulnerability in index.php in Arctic Issue Tracker 2.0.0 ...)
	NOT-FOR-US: Arctic Issue Tracker
CVE-2008-3249 (The client in Lenovo System Update before 3.14 does not properly valid ...)
	NOT-FOR-US: Lenovo System Update
CVE-2008-3248 (qiomkfile in the Quick I/O for Database feature in Symantec Veritas Fi ...)
	NOT-FOR-US: Symantec Veritas File System on HP-UX
CVE-2008-3247 (The LDT implementation in the Linux kernel 2.6.25.x before 2.6.25.11 o ...)
	- linux-2.6 2.6.25-7
	[etch] - linux-2.6 <not-affected> (2.6.25-only issue)
	- linux-2.6.24 <not-affected> (2.6.25-only issue)
CVE-2008-3246 (Unspecified vulnerability in the PDF distiller component in the BlackB ...)
	NOT-FOR-US: BlackBerry Attachment Service
CVE-2008-3245 (SQL injection vulnerability in phpHoo3.php in phpHoo3 4.3.9, 4.3.10, 4 ...)
	NOT-FOR-US: phpHoo3
CVE-2008-3244 (The scanning engine before 4.4.4 in F-Prot Antivirus before 6.0.9.0 al ...)
	NOT-FOR-US: F-Prot Antivirus
CVE-2008-3243 (Multiple unspecified vulnerabilities in the scanning engine before 4.4 ...)
	NOT-FOR-US: F-Prot Antivirus
CVE-2008-3242 (Heap-based buffer overflow in the PPMedia Class ActiveX control in PPM ...)
	NOT-FOR-US: PPMate
CVE-2008-3241 (SQL injection vulnerability in players-detail.php in UltraStats 0.2.13 ...)
	NOT-FOR-US: UltraStats
CVE-2008-3240 (SQL injection vulnerability in index.php in AlstraSoft Affiliate Netwo ...)
	NOT-FOR-US: AlstraSoft Affiliate Network Pro
CVE-2008-3239 (Unrestricted file upload vulnerability in the writeLogEntry function i ...)
	NOT-FOR-US: PHPizabi
CVE-2008-3238 (Multiple SQL injection vulnerabilities in ITechBids 7.0 Gold allow rem ...)
	NOT-FOR-US: ITechBids
CVE-2008-3237 (Cross-site scripting (XSS) vulnerability in forward_to_friend.php in I ...)
	NOT-FOR-US: ITechBids
CVE-2008-3236 (Unspecified vulnerability in Wsadmin in the System Management/Reposito ...)
	NOT-FOR-US: Wsadmin
CVE-2008-3235 (Unspecified vulnerability in the PropFilePasswordEncoder utility in th ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2008-3234 (sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH snapsh ...)
	- openssh <unfixed> (unimportant)
	NOTE: this is by design
CVE-2008-3233 (Cross-site scripting (XSS) vulnerability in WordPress before 2.6, SVN  ...)
	- wordpress <not-affected> (Code was only present in svn versions)
CVE-2008-3232 (Unrestricted file upload vulnerability in ecrire/images.php in Dotclea ...)
	NOT-FOR-US: dotclear
CVE-2008-3231 (xine-lib before 1.1.15 allows remote attackers to cause a denial of se ...)
	- xine-lib 1.1.14-2 (bug #492870; unimportant)
	NOTE: Only a NULL pointer deference, hardly security relevant
CVE-2008-3230 (The ffmpeg lavf demuxer allows user-assisted attackers to cause a deni ...)
	- ffmpeg-debian 0.svn20080206-16 (unimportant; bug #498764; bug #498766)
	- ffmpeg 0.svn20080206-16 (unimportant)
	- xmovie <removed> (unimportant)
	NOTE: Only a NULL pointer deference, hardly security relevant
CVE-2008-3228 (Joomla! before 1.5.4 does not configure .htaccess to apply certain sec ...)
	NOT-FOR-US: Joomla!
CVE-2008-3227 (Unspecified vulnerability in Joomla! before 1.5.4 has unknown impact a ...)
	NOT-FOR-US: Joomla!
CVE-2008-3226 (The file caching implementation in Joomla! before 1.5.4 allows attacke ...)
	NOT-FOR-US: Joomla!
CVE-2008-3225 (Joomla! before 1.5.4 allows attackers to access administration functio ...)
	NOT-FOR-US: Joomla!
CVE-2008-3217 (PowerDNS Recursor before 3.1.6 does not always use the strongest rando ...)
	{DSA-1544-2}
	- pdns-recursor 3.1.7-1 (low; bug #493576)
CVE-2008-3215 (libclamav/petite.c in ClamAV before 0.93.3 allows remote attackers to  ...)
	{DSA-1616-2}
	- clamav 0.93.1.dfsg-1.1 (medium)
CVE-2008-3214 (dnsmasq 2.25 allows remote attackers to cause a denial of service (dae ...)
	- dnsmasq 2.26-1 (medium)
CVE-2008-3213 (SQL injection vulnerability in secciones/tablon/tablon.php in WebCMS P ...)
	NOT-FOR-US: WebCMS
CVE-2008-3212 (Multiple SQL injection vulnerabilities in Scripteen Free Image Hosting ...)
	NOT-FOR-US: Scripteen Free Image Hosting
CVE-2008-3211 (Scripteen Free Image Hosting Script 1.2 and 1.2.1 allows remote attack ...)
	NOT-FOR-US: Scripteen Free Image Hosting
CVE-2008-3210 (rutil/dns/DnsStub.cxx in ReSIProcate 1.3.2, as used by repro, allows r ...)
	NOT-FOR-US: ReSIProcate
CVE-2008-3209 (Heap-based buffer overflow in the OpenGifFile function in BiGif.dll in ...)
	NOT-FOR-US: Black Ice Document Imaging SDK
CVE-2008-3208 (Simple DNS Plus 4.1, 5.0, and possibly other versions before 5.1.101 a ...)
	NOT-FOR-US: Simple DNS Plus
CVE-2008-3207 (PHP remote file inclusion vulnerability in cms/modules/form.lib.php in ...)
	NOT-FOR-US: Pragyan CMS
CVE-2008-3206 (SQL injection vulnerability in browse.groups.php in Yuhhu Pubs Black C ...)
	NOT-FOR-US: Yuhhu Pubs Black Cat
CVE-2008-3205 (Directory traversal vulnerability in index.php in Easy-Script Wysi Wik ...)
	NOT-FOR-US: Easy-Script Wysi Wiki Wyg
CVE-2008-3204 (SQL injection vulnerability in tops_top.php in E-topbiz Million Pixels ...)
	NOT-FOR-US: E-topbiz Million Pixels
CVE-2008-3203 (js/pages/pages_data.php in AuraCMS 2.2 through 2.2.2 does not perform  ...)
	NOT-FOR-US: AuraCMS
CVE-2008-3202 (Cross-site scripting (XSS) vulnerability in index.php in Xomol CMS 1.2 ...)
	NOT-FOR-US: Xomol
CVE-2008-3201 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Pa ...)
	NOT-FOR-US: Pagefusion
CVE-2008-3200 (SQL injection vulnerability in vlc_forum.php in Avlc Forum as of 20080 ...)
	NOT-FOR-US: Avlc Forum
CVE-2008-3199 (Multiple unspecified vulnerabilities in ReSIProcate before 1.3.4 allow ...)
	NOT-FOR-US: ReSIProcate
CVE-2008-3198 (Mozilla Firefox 3.x before 3.0.1 allows remote attackers to inject arb ...)
	{DSA-1614-1}
	- iceweasel 3.0.1-1 (low)
	NOTE: http://www.mozilla.org/security/announce/2008/mfsa2008-35.html
CVE-2008-3195 (Directory traversal vulnerability in bin/configure in TWiki before 4.2 ...)
	{DSA-1639-1}
	- twiki 1:4.1.2-5 (low; bug #499534)
	NOTE: access to configure script is restricted to localhost on Debian
CVE-2008-3194 (Multiple directory traversal vulnerabilities in data/inc/themes/predef ...)
	NOT-FOR-US: pluck CMS
CVE-2008-3193 (SQL injection vulnerability in jSite 1.0 OE allows remote attackers to ...)
	NOT-FOR-US: jSite
CVE-2008-3192 (Directory traversal vulnerability in index.php in jSite 1.0 OE allows  ...)
	NOT-FOR-US: jSite
CVE-2008-3191 (Multiple SQL injection vulnerabilities in usercp.php in mForum 0.1a, w ...)
	NOT-FOR-US: mForum
CVE-2008-3190 (Directory traversal vulnerability in list.php in 1Scripts CodeDB 1.1.1 ...)
	NOT-FOR-US: CodeDB
CVE-2008-3189 (SQL injection vulnerability in dreamnews-rss.php in DreamNews Manager  ...)
	NOT-FOR-US: DreamNews Manager
CVE-2008-3188 (libxcrypt in SUSE openSUSE 11.0 uses the DES algorithm when the config ...)
	- libxcrypt <not-affected> (Suse issue)
CVE-2008-3187 (zypp-refresh-patches in zypper in SUSE openSUSE 10.2, 10.3, and 11.0 d ...)
	NOT-FOR-US: SUSE Zypper
CVE-2008-3330 (Cross-site scripting (XSS) vulnerability in services/obrowser/index.ph ...)
	{DSA-1765-1}
	- horde3 3.2.1+debian0-1 (low; bug #492578)
	- turba2 2.2.1-1 (low)
	[etch] - turba2 <not-affected> (only version 2.2 contains vulnerable code, etch has 2.1)
CVE-2008-3325 (Cross-site request forgery (CSRF) vulnerability in Moodle 1.6.x before ...)
	{DSA-1691-1}
	- moodle 1.8.1-1 (low)
	NOTE: http://moodle.org/mod/forum/discuss.php?d=101405
CVE-2008-3326 (Cross-site scripting (XSS) vulnerability in blog/edit.php in Moodle 1. ...)
	{DSA-1691-1}
	- moodle 1.8.2-2 (low; bug #492492)
	NOTE: http://moodle.org/mod/forum/discuss.php?d=101401
CVE-2008-3327 (Moodle 1.6.5, when display_errors is enabled, allows remote attackers  ...)
	- moodle <removed> (unimportant)
	NOTE: http://moodle.org/mod/forum/discuss.php?d=101403
	NOTE: Does not allow any attack vectors, apart from gaining non-sensible information
CVE-2008-XXXX [mantis multiple issues]
	- mantis 1.1.2+dfsg-1 (low)
	NOTE: http://www.mantisbt.org/bugs/changelog_page.php
	NOTE: CVE id requested by redhat
	NOTE: 0008975 (CSRF) covered by CVE-2008-2276
	NOTE: 0008976 remote code execution only possible with valid administrator account
CVE-2008-3196 (skeleton.c in yacc does not properly handle reduction of a rule with a ...)
	- byacc 20070509-1.1 (low; bug #491182)
	[etch] - byacc <no-dsa> (Minor issue)
CVE-2008-XXXX [libetpan NULL deref]
	- libetpan 0.54-3 (low)
	[etch] - libetpan <no-dsa> (Minor issue)
	NOTE: http://lwn.net/Alerts/287640/
	NOTE: http://libetpan.cvs.sourceforge.net/libetpan/libetpan/src/low-level/imf/mailimf.c?view=diff&r1=1.46&r2=1.47
CVE-2008-XXXX [XSS in press-this of wordpress]
	- wordpress <not-affected> (Vulnerable code not present)
	NOTE: this code was never present in a released wordpress version
	NOTE: https://www.openwall.com/lists/oss-security/2008/07/15/5
CVE-2008-3224 (Unspecified vulnerability in phpBB before 3.0.1 has unknown impact and ...)
	- phpbb3 3.0.2-1 (low)
	- phpbb2 <not-affected> (Vulnerable code not present)
CVE-2008-3197 (Cross-site request forgery (CSRF) vulnerability in phpMyAdmin before 2 ...)
	{DSA-1641-1}
	- phpmyadmin 4:2.11.7.1-1 (low)
	NOTE: this only allows via csrf to create an empty database.
	NOTE: this would take a lot of work to get it only to the 'annoying' level, let alone a DoS
	NOTE: https://www.phpmyadmin.net/security/PMASA-2008-5/
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/13fbcf4107476dc2d53a8dde707667172f807641
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/084fd3ed16290339ee98a14d067932f638974044 (useless?)
CVE-2008-3186 (Multiple cross-site scripting (XSS) vulnerabilities in Chipmunk Blog ( ...)
	NOT-FOR-US: Chipmunk Blog
CVE-2008-3185 (SQL injection vulnerability in index.php in Relative Real Estate Syste ...)
	NOT-FOR-US: Relative Real Estate Systems
CVE-2008-3184 (Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.6.1 ...)
	NOT-FOR-US: vBulletin
CVE-2008-3183 (PHP remote file inclusion vulnerability in ktmlpro/includes/ktedit/too ...)
	NOT-FOR-US: gapicms
CVE-2008-3182 (Stack-based buffer overflow in DAP.exe in Download Accelerator Plus (D ...)
	NOT-FOR-US: Download Accelerator Plus
CVE-2008-3181 (Unrestricted file upload vulnerability in upload.php in ContentNow CMS ...)
	NOT-FOR-US: ContentNow CMS
CVE-2008-3180 (Multiple cross-site scripting (XSS) vulnerabilities in upload/file/lan ...)
	NOT-FOR-US: ContentNow CMS
CVE-2008-3179 (Directory traversal vulnerability in website.php in Web 2 Business (W2 ...)
	NOT-FOR-US: phpDatingClub
CVE-2008-3178 (Unrestricted file upload vulnerability in upload_pictures.php in WebXe ...)
	NOT-FOR-US: WebXell Editor
CVE-2008-3177 (Sophos virus detection engine 2.75 on Linux and Unix, as used in Sopho ...)
	NOT-FOR-US: Sophos virus detection engine
CVE-2008-3176
	RESERVED
CVE-2008-3175 (Integer underflow in rxRPC.dll in the LGServer service in the server i ...)
	NOT-FOR-US: CA ARCserve Backup
CVE-2008-3174 (Unspecified vulnerability in the kmxfw.sys driver in CA Host-Based Int ...)
	NOT-FOR-US: r8 (Host-Based Intrusion Prevention System (HIPS))
CVE-2008-3173 (Microsoft Internet Explorer allows web sites to set cookies for domain ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-3172 (Opera allows web sites to set cookies for country-specific top-level d ...)
	NOT-FOR-US: Opera
CVE-2008-3171 (Apple Safari sends Referer headers containing https URLs to different  ...)
	NOT-FOR-US: Apple Safari
CVE-2008-3170 (Apple Safari allows web sites to set cookies for country-specific top- ...)
	NOT-FOR-US: Apple Safari
CVE-2008-3169 (Multiple heap-based buffer overflows in Empire Server before 4.3.15 al ...)
	NOT-FOR-US: Empire Server
CVE-2008-3168 (The files utility in Empire Server before 4.3.15 discloses the world c ...)
	NOT-FOR-US: Empire Server
CVE-2008-3167 (Multiple PHP remote file inclusion vulnerabilities in BoonEx Dolphin 6 ...)
	NOT-FOR-US: BoonEx Dolphin
CVE-2008-3166 (PHP remote file inclusion vulnerability in modules/global/inc/content. ...)
	NOT-FOR-US: BoonEx Ray
CVE-2008-3165 (Directory traversal vulnerability in rss.php in fuzzylime (cms) 3.01a  ...)
	NOT-FOR-US: fuzzylime
CVE-2008-3164 (Directory traversal vulnerability in blog.php in fuzzylime (cms) 3.01, ...)
	NOT-FOR-US: fuzzylime
CVE-2008-3163 (Directory traversal vulnerability in dodosmail.php in DodosMail 2.5 al ...)
	NOT-FOR-US: DodosMail
CVE-2008-3162 (Stack-based buffer overflow in the str_read_packet function in libavfo ...)
	{DSA-1781-1}
	- ffmpeg-debian 0.svn20080206-10 (bug #489965; low)
	- ffmpeg 0.svn20080206-10
	- xmovie <removed>
CVE-2008-3161 (Multiple cross-site scripting (XSS) vulnerabilities in jsp/common/syst ...)
	NOT-FOR-US: IBM Maximo
CVE-2008-3160 (Multiple unspecified vulnerabilities in IBM Data ONTAP 7.1 before 7.1. ...)
	NOT-FOR-US: IBM Data ONTAP
CVE-2008-3159 (Integer overflow in ds.dlm, as used by dhost.exe, in Novell eDirectory ...)
	NOT-FOR-US: eDirectory
CVE-2008-3158 (Unspecified vulnerability in NWFS.SYS in Novell Client for Windows 4.9 ...)
	NOT-FOR-US: Novell Client for Windows
CVE-2008-3157 (Nortel SIP Multimedia PC Client 4.x MCS5100 and MCS5200 does not limit ...)
	NOT-FOR-US: Nortel SIP Multimedia PC Client
CVE-2008-3156 (The ActiveScan ActiveX Control (as2guiie.dll) in Panda ActiveScan befo ...)
	NOT-FOR-US: Panda ActiveScan
CVE-2008-3155 (Stack-based buffer overflow in the ActiveX control (as2guiie.dll) in P ...)
	NOT-FOR-US: Panda ActiveScan
CVE-2008-3154 (SQL injection vulnerability in index.php in WebBlizzard CMS allows rem ...)
	NOT-FOR-US: WebBlizzard CMS
CVE-2008-3153 (SQL injection vulnerability in Triton CMS Pro allows remote attackers  ...)
	NOT-FOR-US: Triton CMS Pro
CVE-2008-3152 (SQL injection vulnerability in directory.php in SmartPPC and SmartPPC  ...)
	NOT-FOR-US: SmartPPC
CVE-2008-3151 (SQL injection vulnerability in the 4ndvddb 0.91 module for PHP-Nuke al ...)
	NOT-FOR-US: PHP-NUke
CVE-2008-3150 (Directory traversal vulnerability in index.php in Neutrino Atomic Edit ...)
	NOT-FOR-US: Neutrino Atomic Edition
CVE-2008-3149 (The SNMP daemon in the F5 FirePass 1200 6.0.2 hotfix 3 allows remote a ...)
	NOT-FOR-US: F5 FirePass
CVE-2008-3148 (Stack-based buffer overflow in (1) OllyDBG 1.10 and (2) ImpREC 1.7f al ...)
	NOT-FOR-US: OllyDBG/ImpREC
CVE-2008-3147 (WeFi 3.2.1.4.1, when diagnostic mode is enabled, stores (1) WEP, (2) W ...)
	NOT-FOR-US: WeFi
CVE-2008-3146 (Multiple buffer overflows in packet_ncp2222.inc in Wireshark (formerly ...)
	{DTSA-167-1}
	- wireshark 1.0.3-1 (medium; bug #497878)
CVE-2008-3144 (Multiple integer overflows in the PyOS_vsnprintf function in Python/my ...)
	{DSA-1667-1 DTSA-157-1}
	- python2.4 2.4.5-5
	- python2.5 2.5.2-7
	[etch] - python2.5 <no-dsa> (Minor issue, not the default Python runtime)
CVE-2008-3143 (Multiple integer overflows in Python before 2.5.2 might allow context- ...)
	{DSA-1667-1}
	- python2.4 2.4.5-1
	[etch] - python2.5 <no-dsa> (Minor issue, not the default Python runtime)
	- python2.5 2.5.2-1
CVE-2008-3142 (Multiple buffer overflows in Python 2.5.2 and earlier on 32bit platfor ...)
	{DSA-1667-1 DTSA-157-1}
	- python2.5 2.5.2-10
	[etch] - python2.5 <no-dsa> (Minor issue, not the default Python runtime)
	- python2.4 2.4.5-5
CVE-2008-3136 (SQL injection vulnerability in catalogue.php in AShop Deluxe 4.x allow ...)
	NOT-FOR-US: AShop Delux
CVE-2008-3135 (Soldner Secret Wars 33724 and earlier allows remote attackers to cause ...)
	NOT-FOR-US: Soldner Secret Wars
CVE-2008-3134 (Multiple unspecified vulnerabilities in GraphicsMagick before 1.2.4 al ...)
	{DSA-1903-1}
	- graphicsmagick 1.2.4-1 (bug #491439)
	- imagemagick <unfixed> (unimportant; bug #559775)
	NOTE: several DoS fixed in 1.2.4 according to upstream
	NOTE: http://sourceforge.net/project/shownotes.php?release_id=610253
CVE-2008-3133 (SQL injection vulnerability in admin/index.php in BareNuked CMS 1.1.0, ...)
	NOT-FOR-US: BareNuked CMS
CVE-2008-3132 (SQL injection vulnerability in the beamospetition (com_beamospetition) ...)
	NOT-FOR-US: Joomla component
CVE-2008-3131 (SQL injection vulnerability in chatbox.php in pSys 0.7.0 Alpha, when m ...)
	NOT-FOR-US: PSys
CVE-2008-3130 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Op ...)
	NOT-FOR-US: OpenCart
CVE-2008-3129 (Multiple SQL injection vulnerabilities in index.php in Catviz 0.4 beta ...)
	NOT-FOR-US: Catviz
CVE-2008-3128 (Directory traversal vulnerability in search.php in Pivot 1.40.5 allows ...)
	NOT-FOR-US: Pivot
CVE-2008-3127 (PHP remote file inclusion vulnerability in hioxBannerRotate.php in HIO ...)
	NOT-FOR-US: HIOX Banner Rotator
CVE-2008-3126 (Multiple stack-based buffer overflows in the ServerView web interface  ...)
	NOT-FOR-US: Fujitsu Siemens Computers ServerView
CVE-2008-3125 (SQL injection vulnerability in index.php in Mole Group Lastminute Scri ...)
	NOT-FOR-US: Mole Group Lastminute Script
CVE-2008-3124 (SQL injection vulnerability in index.php in Mole Group Hotel Script 1. ...)
	NOT-FOR-US: Mole Group
CVE-2008-3123 (SQL injection vulnerability in index.php in Mole Group Real Estate Scr ...)
	NOT-FOR-US: Mole Group
CVE-2008-3122 (Multiple SQL injection vulnerabilities in Xerox CentreWare Web (CWW) b ...)
	NOT-FOR-US: Xerox CentreWare Web
CVE-2008-3121 (Multiple cross-site scripting (XSS) vulnerabilities in Xerox CentreWar ...)
	NOT-FOR-US: Xerox CentreWare Web
CVE-2008-3120
	REJECTED
CVE-2008-3119 (SQL injection vulnerability in index.php in DreamPics Builder allows r ...)
	NOT-FOR-US: DreamPics Builder
CVE-2008-3118 (SQL injection vulnerability in play.php in PHPmotion 2.0 and earlier a ...)
	NOT-FOR-US: PHPmotion
CVE-2008-3117 (Unrestricted file upload vulnerability in update_profile.php in PHPmot ...)
	NOT-FOR-US: PHPmotion
CVE-2008-3116 (Format string vulnerability in dx8render.dll in Snail Game (aka Suzhou ...)
	NOT-FOR-US: Snail Game
CVE-2008-3229 (Stack-based buffer overflow in op before Changeset 563, when xauth sup ...)
	- op <not-affected> (not configured with xauth support)
CVE-2008-3218 (Multiple cross-site scripting (XSS) vulnerabilities in Drupal 6.x befo ...)
	- drupal5 <not-affected> (Vulnerable code not present, feature introduced in 6.0)
	- drupal-4.7 <not-affected> (Vulnerable code not present, feature introduced in 6.0)
CVE-2008-3219 (The Drupal filter_xss_admin function in 5.x before 5.8 and 6.x before  ...)
	- drupal5 5.8-1 (low; bug #490559)
	- drupal-4.7 <removed>
CVE-2008-3220 (Cross-site request forgery (CSRF) vulnerability in Drupal 5.x before 5 ...)
	- drupal5 5.8-1 (low; bug #490559)
	- drupal-4.7 <not-affected> (Vulnerable code not present)
	NOTE: drupal-4.7 uses the locale_admin_string_delete callback which returns a confirmation dialog
CVE-2008-3221 (Cross-site request forgery (CSRF) vulnerability in Drupal 6.x before 6 ...)
	- drupal5 <not-affected> (Vulnerable code not present, openids introduced in 6.0)
	- drupal-4.7 <not-affected> (Vulnerable code not present, openids introduced in 6.0)
CVE-2008-3222 (Session fixation vulnerability in Drupal 5.x before 5.9 and 6.x before ...)
	- drupal5 5.9-1 (low; bug #490559)
	- drupal-4.7 <removed>
CVE-2008-3223 (SQL injection vulnerability in the Schema API in Drupal 6.x before 6.3 ...)
	- drupal5 <not-affected> (Vulnerable code not present, introduced in 6.0)
	- drupal-4.7 <not-affected> (Vulnerable code not present, introduced in 6.0)
CVE-2008-3145 (The fragment_add_work function in epan/reassemble.c in Wireshark 0.8.1 ...)
	{DSA-1673-1}
	- wireshark 1.0.2-1 (low)
	NOTE: http://www.wireshark.org/security/wnpa-sec-2008-04.html
CVE-2008-3115 (Secure Static Versioning in Sun Java JDK and JRE 6 Update 6 and earlie ...)
	- sun-java5 1.5.0-16-1 (bug #490260)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	- sun-java6 6-07-1 (bug #490260)
CVE-2008-3114 (Unspecified vulnerability in Sun Java Web Start in JDK and JRE 6 befor ...)
	- sun-java5 1.5.0-16-1 (bug #490260)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	- sun-java6 6-07-1 (bug #490260)
CVE-2008-3113 (Unspecified vulnerability in Sun Java Web Start in JDK and JRE 5.0 bef ...)
	- sun-java5 1.5.0-16-1 (bug #490260)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	- sun-java6 <not-affected> (Only for sun-java5)
CVE-2008-3112 (Directory traversal vulnerability in Sun Java Web Start in JDK and JRE ...)
	- sun-java5 1.5.0-16-1 (bug #490260)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	- sun-java6 6-07-1 (bug #490260)
	- openjdk-6 <undetermined> (bug #566770)
	[wheezy] - openjdk-6 <end-of-life>
CVE-2008-3111 (Multiple buffer overflows in Sun Java Web Start in JDK and JRE 6 befor ...)
	- sun-java5 1.5.0-16-1 (bug #490260)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	- sun-java6 6-04-1 (bug #490260)
CVE-2008-3110 (Unspecified vulnerability in scripting language support in Sun Java Ru ...)
	- sun-java5 <not-affected> (Only for sun-java6)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	- sun-java6 6-07-1 (bug #490260)
CVE-2008-3109 (Unspecified vulnerability in scripting language support in Sun Java Ru ...)
	- sun-java5 <not-affected> (Only for sun-java6)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	- sun-java6 6-07-1 (bug #490260)
CVE-2008-3108 (Buffer overflow in Sun Java Runtime Environment (JRE) in JDK and JRE 5 ...)
	- sun-java5 1.5.0-10-1 (bug #490260)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	- sun-java6 <not-affected> (Only for sun-java5)
CVE-2008-3107 (Unspecified vulnerability in the Virtual Machine in Sun Java Runtime E ...)
	- sun-java5 1.5.0-16-1 (bug #490260)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	- sun-java6 6-07-1 (bug #490260)
CVE-2008-3106 (Unspecified vulnerability in Sun Java Runtime Environment (JRE) in JDK ...)
	- sun-java5 1.5.0-16-1 (bug #490260)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	- sun-java6 6-07-1 (bug #490260)
CVE-2008-3105 (Unspecified vulnerability in the JAX-WS client and service in Sun Java ...)
	- sun-java5 <not-affected> (Only for sun-java6)
	- sun-java6 6-07-1 (bug #490260)
CVE-2008-3104 (Multiple unspecified vulnerabilities in Sun Java Runtime Environment ( ...)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	- sun-java5 1.5.0-16-1 (bug #490260)
	- sun-java6 6-07-1 (bug #490260)
CVE-2008-3103 (Unspecified vulnerability in the Java Management Extensions (JMX) mana ...)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	- sun-java5 1.5.0-16-1 (bug #490260)
	- sun-java6 6-07-1 (bug #490260)
CVE-2008-3102 (Mantis 1.1.x through 1.1.2 and 1.2.x through 1.2.0a2 does not set the  ...)
	- mantis 1.1.2+dfsg-6 (low; bug #501179)
CVE-2008-3101 (Multiple cross-site scripting (XSS) vulnerabilities in vtiger CRM 5.0. ...)
	NOT-FOR-US: vtiger CRM
CVE-2008-3100 (Cross-site scripting (XSS) vulnerability in lib/owl.lib.php in Steve B ...)
	- owl-dms 0.95-1.1 (low; bug #493579)
CVE-2008-3099
	RESERVED
CVE-2008-3098 (Cross-site scripting (XSS) vulnerability in admin/usercheck.php in fuz ...)
	NOT-FOR-US: fuzzylime
CVE-2008-3097 (Cross-site scripting (XSS) vulnerability in the Tinytax module (aka Ti ...)
	NOT-FOR-US: additional drupal module Tinytax
CVE-2008-3096 (The Outline Designer module 5.x before 5.x-1.4 for Drupal changes each ...)
	NOT-FOR-US: additional drupal module Outline Designer
CVE-2008-3095 (Cross-site scripting (XSS) vulnerability in the Organic Groups (OG) mo ...)
	NOT-FOR-US: additional drupal module Organic Groups
CVE-2008-3094 (The Organic Groups (OG) module 5.x before 5.x-7.3 and 6.x before 6.x-1 ...)
	NOT-FOR-US: additional drupal module Organic Groups
CVE-2008-3093 (Unrestricted file upload vulnerability in ImperialBB 2.3.5 and earlier ...)
	NOT-FOR-US: ImperialBB
CVE-2008-3092 (SQL injection vulnerability in the Taxonomy Autotagger module 5.x befo ...)
	NOT-FOR-US: additional drupal module Taxonomy Autotagger
CVE-2008-3091 (Cross-site scripting (XSS) vulnerability in the Taxonomy Autotagger mo ...)
	NOT-FOR-US: additional drupal module Taxonomy Autotagger
CVE-2008-3090 (Multiple SQL injection vulnerabilities in index.php in BlognPlus (BURO ...)
	NOT-FOR-US: BlognPlus
CVE-2008-3089 (SQL injection vulnerability in user.html in Xpoze Pro 3.06 (aka Xpoze  ...)
	NOT-FOR-US: ImperialBB
CVE-2008-3088 (Cross-site scripting (XSS) vulnerability in the Files module in Kassel ...)
	NOT-FOR-US: Kasseler CMS
CVE-2008-3087 (Directory traversal vulnerability in Kasseler CMS 1.3.0 allows remote  ...)
	NOT-FOR-US: Kasseler CMS
CVE-2008-3086
	REJECTED
CVE-2008-3085
	REJECTED
CVE-2008-3084
	REJECTED
CVE-2008-3216 (The save function in br/prefmanager.d in projectl 1.001 creates a proj ...)
	- projectl 1.001.dfsg1-2 (low; bug #489988)
	[etch] - projectl <no-dsa> (Minor issue)
CVE-2008-3083 (SQL injection vulnerability in Brightcode Weblinks (com_brightweblinks ...)
	NOT-FOR-US: com_brightweblinks omponent for Joomla!
CVE-2008-3082 (Cross-site scripting (XSS) vulnerability in UPM/English/login/login.as ...)
	NOT-FOR-US: Commtouch Enterprise Anti-Spam Gateway
CVE-2008-3081 (Multiple unspecified "input validation" vulnerabilities in the Web man ...)
	NOT-FOR-US: Avaya Message Storage Server
CVE-2008-3080 (Cross-site request forgery (CSRF) vulnerability in admin.php in myWebl ...)
	NOT-FOR-US: myBloggie
CVE-2008-3079 (Unspecified vulnerability in Opera before 9.51 on Windows allows attac ...)
	NOT-FOR-US: Opera
CVE-2008-3078 (Opera before 9.51 does not properly manage memory within functions sup ...)
	NOT-FOR-US: Opera
CVE-2008-3077 (arch/x86/kernel/ptrace.c in the Linux kernel before 2.6.25.10 on the x ...)
	- linux-2.6 2.6.25-7
	- linux-2.6.24 <not-affected> (Vulnerable code added later)
	[etch] - linux-2.6 <not-affected> (Vulnerable code added later)
	NOTE: 1e9a615bfce7996ea4d815d45d364b47ac6a74e8
CVE-2008-3076 (The Netrw plugin 125 in netrw.vim in Vim 7.2a.10 allows user-assisted  ...)
	{DSA-1733-1}
	- vim 2:7.2.010-1 (bug #506919)
	[lenny] - vim 1:7.1.314-3+lenny1 (bug #506919)
	[squeeze] - vim 1:7.1.314-3+lenny1 (bug #506919)
CVE-2008-3075 (The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, al ...)
	{DSA-1733-1}
	- vim 2:7.2.010-1 (bug #506919)
	[lenny] - vim 1:7.1.314-3+lenny1 (bug #506919)
	[squeeze] - vim 1:7.1.314-3+lenny1 (bug #506919)
CVE-2008-3074 (The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, al ...)
	{DSA-1733-1}
	- vim 2:7.2.010-1 (bug #506919)
	[lenny] - vim 1:7.1.314-3+lenny1 (bug #506919)
	[squeeze] - vim 1:7.1.314-3+lenny1 (bug #506919)
CVE-2008-3073 (Unspecified vulnerability in Simple Machines Forum (SMF) 1.1.x before  ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2008-3072 (Simple Machines Forum (SMF) 1.1.x before 1.1.5 and 1.0.x before 1.0.13 ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2008-3071 (Directory traversal vulnerability in inc/class_language.php in MyBB be ...)
	NOT-FOR-US: MyBB
CVE-2008-3070 (Unspecified vulnerability in inc/datahandler/user.php in MyBB before 1 ...)
	NOT-FOR-US: MyBB
CVE-2008-3069 (Multiple cross-site scripting (XSS) vulnerabilities in MyBB before 1.2 ...)
	NOT-FOR-US: MyBB
CVE-2008-3068 (Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook,  ...)
	NOT-FOR-US: Microsoft Crypto API
CVE-2008-3067 (sudo in SUSE openSUSE 10.3 does not clear the stdin buffer when passwo ...)
	- sudo 1.6.9p12-1
	[etch] - sudo <not-affected> (Issue was introduced in 1.6.9)
CVE-2008-3066 (Stack-based buffer overflow in a certain ActiveX control in rjbdll.dll ...)
	NOT-FOR-US: RealNetworks RealPlayer Enterprise
CVE-2008-3065
	RESERVED
CVE-2008-3064 (Unspecified vulnerability in RealNetworks RealPlayer Enterprise, RealP ...)
	NOT-FOR-US: RealNetworks RealPlayer Enterprise
CVE-2008-3063 (SQL injection vulnerability in login.php in V-webmail 1.5.0 might allo ...)
	NOT-FOR-US: V-webmail
CVE-2008-3062
	RESERVED
CVE-2008-3061 (Open redirect vulnerability in redirect.php in V-webmail 1.5.0 allows  ...)
	NOT-FOR-US: V-webmail
CVE-2008-3060 (V-webmail 1.5.0 allows remote attackers to obtain sensitive informatio ...)
	NOT-FOR-US: V-webmail
CVE-2008-3059 (member/settings_account.php in Octeth Oempro 3.5.5.1, and possibly oth ...)
	NOT-FOR-US: Octeth Oempro
CVE-2008-3058 (Multiple SQL injection vulnerabilities in Octeth Oempro 3.5.5.1, and p ...)
	NOT-FOR-US: Octeth Oempro
CVE-2008-3057 (Octeth Oempro 3.5.5.1, and possibly other versions before 4, does not  ...)
	NOT-FOR-US: Octeth Oempro
CVE-2008-3056 (SQL injection vulnerability in the Codeon Petition (cd_petition) exten ...)
	NOT-FOR-US: cd_petition extension for TYPO3
CVE-2008-3055 (SQL injection vulnerability in the Support view (ext_tbl) extension 0. ...)
	NOT-FOR-US: ext_tbl extension for TYPO3
CVE-2008-3054 (SQL injection vulnerability in the Branchenbuch (aka Yellow Pages o (m ...)
	NOT-FOR-US: mh_branchenbuch extension for TYPO3
CVE-2008-3053 (SQL injection vulnerability in the SQL Frontend (mh_omsqlio) extension ...)
	NOT-FOR-US: mh_omsqlio extension for TYPO3
CVE-2008-3052 (Unspecified vulnerability in the SQL Frontend (mh_omsqlio) extension 1 ...)
	NOT-FOR-US: mh_omsqlio extension for TYPO3
CVE-2008-3051 (SQL injection vulnerability in the Pinboard extension 0.0.6 and earlie ...)
	NOT-FOR-US: Pinboard extension for TYPO3
CVE-2008-3050 (Unspecified vulnerability in the PDF Generator 2 (pdf_generator2) exte ...)
	NOT-FOR-US: pdfcreator extension for TYPO3
CVE-2008-3049 (The PDF Generator 2 (pdf_generator2) extension 0.5.0 and earlier for T ...)
	NOT-FOR-US: pdfcreator extension for TYPO3
CVE-2008-3048 (Unspecified vulnerability in the PDF Generator 2 (pdf_generator2) exte ...)
	NOT-FOR-US: pdfcreator extension for TYPO3
CVE-2008-3047 (Incomplete blacklist vulnerability in the KB Unpack (kb_unpack) extens ...)
	NOT-FOR-US: kb_unpack extension for TYPO3
CVE-2008-3046 (Incomplete blacklist vulnerability in the Packman (kb_packman) extensi ...)
	NOT-FOR-US: kb_packman extension for TYPO3
CVE-2008-3045 (Unspecified vulnerability in the Industry Database (aka Branchendatenb ...)
	NOT-FOR-US: pro_industrydb extension for TYPO3
CVE-2008-3044 (SQL injection vulnerability in the News Calendar (newscalendar) extens ...)
	NOT-FOR-US: newscalendar extension for TYPO3
CVE-2008-3043 (Unspecified vulnerability in the WEC Discussion Forum (wec_discussion) ...)
	NOT-FOR-US: wec_discussion extension for TYPO3
CVE-2008-3042 (Unspecified vulnerability in the DAM Frontend (dam_frontend) extension ...)
	NOT-FOR-US: dam_frontend extension for TYPO3
CVE-2008-3041 (Unspecified vulnerability in the DAM Frontend (dam_frontend) extension ...)
	NOT-FOR-US: dam_frontend extension for TYPO3
CVE-2008-3040 (Unspecified vulnerability in the DAM Frontend (dam_frontend) extension ...)
	NOT-FOR-US: dam_frontend extension for TYPO3
CVE-2008-3039 (SQL injection vulnerability in the DAM Frontend (dam_frontend) extensi ...)
	NOT-FOR-US: dam_frontend extension for TYPO3
CVE-2008-3038 (SQL injection vulnerability in the Address Directory (sp_directory) ex ...)
	NOT-FOR-US: sp_directory extension for TYPO3
CVE-2008-3037 (Cross-site scripting (XSS) vulnerability in the Address Directory (sp_ ...)
	NOT-FOR-US: sp_directory extension for TYPO3
CVE-2008-3036 (Directory traversal vulnerability in index.php in CMS little 0.0.1 all ...)
	NOT-FOR-US: CMS little
CVE-2008-3035 (SQL injection vulnerability in newThread.php in XchangeBoard 1.70 Fina ...)
	NOT-FOR-US: XchangeBoard
CVE-2008-3034 (Multiple SQL injection vulnerabilities in RSS-aggregator 1.0 allow rem ...)
	NOT-FOR-US: RSS-aggregator
CVE-2008-3033 (RSS-aggregator 1.0 does not require administrative authentication for  ...)
	NOT-FOR-US: RSS-aggregator
CVE-2008-3032 (Cross-site scripting (XSS) vulnerability in the phpMyAdmin (phpmyadmin ...)
	NOT-FOR-US: phpmyadmin extension for TYPO3
CVE-2008-3031 (Directory traversal vulnerability in index.php in Simple PHP Agenda 2. ...)
	NOT-FOR-US: Simple PHP Agenda
CVE-2008-3030 (SQL injection vulnerability in default.asp in EfesTECH Shop 2.0 allows ...)
	NOT-FOR-US: EfesTECH Shop
CVE-2008-3029 (Cross-site scripting (XSS) vulnerability in the WEC Discussion Forum ( ...)
	NOT-FOR-US: WEC Discussion Forum
CVE-2008-3028 (Multiple cross-site scripting (XSS) vulnerabilities in the Send-A-Card ...)
	NOT-FOR-US: sr_sendcard extension for TYPO3
CVE-2008-3027 (SQL injection vulnerability in get_article.php in VanGogh Web CMS 0.9  ...)
	NOT-FOR-US: VanGogh Web CMS
CVE-2008-3026 (SQL injection vulnerability in index.php in OneClick CMS (aka Sisplet  ...)
	NOT-FOR-US: OneClick CMS
CVE-2008-3025 (SQL injection vulnerability in ad.php in plx Ad Trader 3.2 allows remo ...)
	NOT-FOR-US: plx Ad Trader
CVE-2008-3024 (Stack-based buffer overflow in phgrafx in QNX Momentics (aka RTOS) 6.3 ...)
	NOT-FOR-US: phgrafx in QNX Momentics
CVE-2008-3023 (Cross-site scripting (XSS) vulnerability in FreeStyle Wiki 3.6.2 and e ...)
	NOT-FOR-US: FreeStyle Wiki
CVE-2008-3022 (Multiple PHP remote file inclusion vulnerabilities in sablonlar/gunays ...)
	NOT-FOR-US: PHPortal
CVE-2008-3021 (Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack ...)
	NOT-FOR-US: Microsoft Office 2000
CVE-2008-3020 (Microsoft Office 2000 SP3 and XP SP3; Office Converter Pack; and Works ...)
	NOT-FOR-US: Microsoft Office 2000
CVE-2008-3019 (Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack ...)
	NOT-FOR-US: Microsoft Office 2000
CVE-2008-3018 (Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack ...)
	NOT-FOR-US: Microsoft Office 2000
CVE-2008-3017
	REJECTED
CVE-2008-3016
	REJECTED
CVE-2008-3015 (Integer overflow in gdiplus.dll in GDI+ in Microsoft Office XP SP3, Of ...)
	NOT-FOR-US: Microsoft Office XP
CVE-2008-3014 (Buffer overflow in gdiplus.dll in GDI+ in Microsoft Internet Explorer  ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-3013 (gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP S ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-3012 (gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP S ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-3011
	REJECTED
CVE-2008-3010 (Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 t ...)
	NOT-FOR-US: Microsoft Windows Media Player
CVE-2008-3009 (Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 t ...)
	NOT-FOR-US: Microsoft Windows Media Player
CVE-2008-3008 (Stack-based buffer overflow in the WMEncProfileManager ActiveX control ...)
	NOT-FOR-US: Microsoft Windows Media Encoder
CVE-2008-3007 (Argument injection vulnerability in a URI handler in Microsoft Office  ...)
	NOT-FOR-US: Microsoft Office XP
CVE-2008-3006 (Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007  ...)
	NOT-FOR-US: Microsoft Office Excel
CVE-2008-3005 (Array index vulnerability in Microsoft Office Excel 2000 SP3 and 2002  ...)
	NOT-FOR-US: Microsoft Office Excel
CVE-2008-3004 (Microsoft Office Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3; Offic ...)
	NOT-FOR-US: Microsoft Office Excel
CVE-2008-3003 (Microsoft Office Excel 2007 Gold and SP1 does not properly delete the  ...)
	NOT-FOR-US: Microsoft Office Excel
CVE-2008-3002
	REJECTED
CVE-2008-3001 (The Aggregation module 5.x before 5.x-4.4 for Drupal allows remote att ...)
	NOT-FOR-US: additional drupal module Aggregation module
CVE-2008-3000 (The Aggregation module 5.x before 5.x-4.4 for Drupal, when node access ...)
	NOT-FOR-US: additional drupal module Aggregation module
CVE-2008-2999 (Multiple SQL injection vulnerabilities in the Aggregation module 5.x b ...)
	NOT-FOR-US: additional drupal module Aggregation module
CVE-2008-2998 (Multiple cross-site scripting (XSS) vulnerabilities in the Aggregation ...)
	NOT-FOR-US: additional drupal module Aggregation module
CVE-2008-2997 (Cross-site scripting (XSS) vulnerability in index.php in Gravity Board ...)
	NOT-FOR-US: Gravity Board
CVE-2008-2996 (Multiple SQL injection vulnerabilities in index.php in Gravity Board X ...)
	NOT-FOR-US: Gravity Board
CVE-2008-2995 (Multiple SQL injection vulnerabilities in PHPEasyData 1.5.4 allow remo ...)
	NOT-FOR-US: PHPEasyData
CVE-2008-2994 (Multiple cross-site scripting (XSS) vulnerabilities in PHPEasyData 1.5 ...)
	NOT-FOR-US: PHPEasyData
CVE-2008-2993 (Multiple directory traversal vulnerabilities in index.php in FOG Forum ...)
	NOT-FOR-US: FOG Forum
CVE-2008-2992 (Stack-based buffer overflow in Adobe Acrobat and Reader 8.1.2 and earl ...)
	NOT-FOR-US: Adobe Acrobat
CVE-2008-2991 (Cross-site scripting (XSS) vulnerability in Adobe RoboHelp Server 6 an ...)
	NOT-FOR-US: Adobe RoboHelp Server 7
CVE-2008-2990 (PHP remote file inclusion vulnerability in facileforms.frame.php in th ...)
	NOT-FOR-US: FacileForms
CVE-2008-2989 (SQL injection vulnerability in index.php in HoMaP-CMS 0.1 allows remot ...)
	NOT-FOR-US: HoMaP-CMS
CVE-2008-2988 (Unrestricted file upload vulnerability in admin/upload.php in Benja CM ...)
	NOT-FOR-US: Benja CMS
CVE-2008-2987 (Multiple cross-site scripting (XSS) vulnerabilities in Benja CMS 0.1 a ...)
	NOT-FOR-US: Benja CMS
CVE-2008-2986 (Multiple PHP remote file inclusion vulnerabilities in phpDMCA 1.0.0 al ...)
	NOT-FOR-US: phpDMCA
CVE-2008-2985 (Directory traversal vulnerability in load_language.php in CMReams CMS  ...)
	NOT-FOR-US: CMReams CMS
CVE-2008-2984 (Cross-site scripting (XSS) vulnerability in backend/umleitung.php in C ...)
	NOT-FOR-US: CMReams CMS
CVE-2008-2983 (SQL injection vulnerability in index.php in Demo4 CMS 01 Beta allows r ...)
	NOT-FOR-US: Demo4 CMS
CVE-2008-2982 (Multiple directory traversal vulnerabilities in HomePH Design 2.10 RC2 ...)
	NOT-FOR-US: HomePH
CVE-2008-2981 (PHP remote file inclusion vulnerability in admin/templates/template_th ...)
	NOT-FOR-US: HomePH
CVE-2008-2980 (Multiple cross-site scripting (XSS) vulnerabilities in HomePH Design 2 ...)
	NOT-FOR-US: HomePH
CVE-2008-2979 (Multiple cross-site scripting (XSS) vulnerabilities in phpi/login.php  ...)
	NOT-FOR-US: Ourvideo CMS
CVE-2008-2978 (Directory traversal vulnerability in phpi/rss.php in Ourvideo CMS 9.5, ...)
	NOT-FOR-US: Ourvideo CMS
CVE-2008-2977 (Multiple PHP remote file inclusion vulnerabilities in Ourvideo CMS 9.5 ...)
	NOT-FOR-US: Ourvideo CMS
CVE-2008-2976 (Multiple directory traversal vulnerabilities in TinX/cms 1.1, when reg ...)
	NOT-FOR-US: TinX/cms
CVE-2008-2975 (Cross-site scripting (XSS) vulnerability in admin/objects/obj_image.ph ...)
	NOT-FOR-US: TinX/cms
CVE-2008-2974 (Directory traversal vulnerability in chatconfig.php in MM Chat 1.5, wh ...)
	NOT-FOR-US: MM Chat
CVE-2008-2973 (Multiple cross-site scripting (XSS) vulnerabilities in chathead.php in ...)
	NOT-FOR-US: MM Chat
CVE-2008-2972 (SQL injection vulnerability in index.php in KbLance allows remote atta ...)
	NOT-FOR-US: KbLance
CVE-2008-2971 (SQL injection vulnerability in links-extern.php in CiBlog 3.1 allows r ...)
	NOT-FOR-US: CiBlog
CVE-2008-2970 (Multiple session fixation vulnerabilities in Academic Web Tools (AWT Y ...)
	NOT-FOR-US: Academic Web Tools
CVE-2008-2969 (Directory traversal vulnerability in download.php in Academic Web Tool ...)
	NOT-FOR-US: Academic Web Tools
CVE-2008-2968 (SQL injection vulnerability in rating.php in Academic Web Tools (AWT Y ...)
	NOT-FOR-US: Academic Web Tools
CVE-2008-2967 (Multiple cross-site scripting (XSS) vulnerabilities in Academic Web To ...)
	NOT-FOR-US: Academic Web Tools
CVE-2008-2966 (Directory traversal vulnerability in viewprofile.php in JaxUltraBB 2.0 ...)
	NOT-FOR-US: JaxUltraBB
CVE-2008-2965 (Cross-site scripting (XSS) vulnerability in viewforum.php in JaxUltraB ...)
	NOT-FOR-US: JaxUltraBB
CVE-2008-2964 (SQL injection vulnerability in guide.php in ResearchGuide 0.5 allows r ...)
	NOT-FOR-US: ResearchGuide
CVE-2008-2963 (Multiple SQL injection vulnerabilities in MyBlog allow remote attacker ...)
	NOT-FOR-US: MyBlog
CVE-2008-2962 (Multiple cross-site scripting (XSS) vulnerabilities in MyBlog allow re ...)
	NOT-FOR-US: MyBlog
CVE-2008-2961 (Multiple directory traversal vulnerabilities in view/index.php in CMS  ...)
	NOT-FOR-US: CMS Mini
CVE-2008-2959 (Buffer overflow in a certain ActiveX control (vb6skit.dll) in Microsof ...)
	NOT-FOR-US: ActiveX control
CVE-2008-2951 (Open redirect vulnerability in the search script in Trac before 0.10.5 ...)
	- trac 0.11-1
	[etch] - trac 0.10.3-1etch4
CVE-2008-2949 (Cross-domain vulnerability in Microsoft Internet Explorer 6 and 7 allo ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-2948 (Cross-domain vulnerability in Microsoft Internet Explorer 7 and 8 allo ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-2947 (Cross-domain vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-2946 (The SNMP-DMI mapper subagent daemon (aka snmpXdmid) in Solstice Enterp ...)
	NOT-FOR-US: Solstice Enterprise Agents in Sun Solaris
CVE-2008-2945 (Sun Java System Access Manager 6.3 through 7.1 and Sun Java System Ide ...)
	NOT-FOR-US: Sun Java System Access Manager
CVE-2008-2944 (Double free vulnerability in the utrace support in the Linux kernel, p ...)
	- linux-2.6 <not-affected>
	[etch] - linux-2.6 <not-affected>
	- linux-2.6.24 <not-affected>
CVE-2008-2943 (Double free vulnerability in IBM Tivoli Directory Server (TDS) 6.1.0.0 ...)
	NOT-FOR-US: IBM Tivoli Directory Server
CVE-2008-2941 (The hpssd message parser in hpssd.py in HP Linux Imaging and Printing  ...)
	- hplip 2.8.6-1 (low; bug #499842)
	[etch] - hplip <no-dsa> (Minor issue)
	NOTE: Does not affect current version in lenny, marking as fixed in current upstream release
CVE-2008-2940 (The alert-mailing implementation in HP Linux Imaging and Printing (HPL ...)
	- hplip 2.8.6-1 (low; bug #499842)
	[etch] - hplip <no-dsa> (Minor issue)
	NOTE: Does not affect current version in lenny, marking as fixed in current upstream release
CVE-2008-2939 (Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_pro ...)
	- apache2 2.2.9-7 (low)
	[etch] - apache2 2.2.3-4+etch6
	- apache <not-affected> (vulnerable code not present)
CVE-2008-2938 (Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.3 ...)
	NOTE: This is an issue in the respective JVMs, Tomcat only includes a workaround
	NOTE: Check status of free JVMs
	- tomcat5.5 5.5.26-5 (unimportant; bug #496309)
CVE-2008-2937 (Postfix 2.5 before 2.5.4 and 2.6 before 2.6-20080814 delivers to a mai ...)
	- postfix 2.5.4-1 (low)
	[etch] - postfix <no-dsa> (minor issue)
CVE-2008-2936 (Postfix before 2.3.15, 2.4 before 2.4.8, 2.5 before 2.5.4, and 2.6 bef ...)
	{DSA-1629-2 DSA-1629-1 DTSA-155-1}
	- postfix 2.5.4-1
CVE-2008-2935 (Multiple heap-based buffer overflows in the rc4 (1) encryption (aka ex ...)
	{DSA-1624-1 DTSA-152-1}
	- libxslt 1.1.24-2 (bug #493162)
	NOTE: http://www.ocert.org/advisories/ocert-2008-009.html
CVE-2008-2934 (Mozilla Firefox 3 before 3.0.1 on Mac OS X allows remote attackers to  ...)
	- iceweasel <not-affected> (MacOS-specific)
CVE-2008-2933 (Mozilla Firefox before 2.0.0.16, and 3.x before 3.0.1, interprets '|'  ...)
	{DSA-1697-1 DSA-1615-1 DSA-1614-1}
	- iceweasel 3.0.1-1 (low)
	- xulrunner 1.9.0.1-1
	- iceape 1.1.12-1
CVE-2008-2932 (Heap-based buffer overflow in Red Hat adminutil 1.1.6 allows remote at ...)
	NOT-FOR-US: Red Hat adminutil
CVE-2008-2931 (The do_change_type function in fs/namespace.c in the Linux kernel befo ...)
	{DSA-1630-1}
	- linux-2.6 2.6.22
	NOTE: ee6f958291e2a768fd727e7a67badfff0b67711a
CVE-2008-2930 (Red Hat Directory Server 7.1 before SP7, Red Hat Directory Server 8, a ...)
	NOT-FOR-US: Red Hat Directory Server / Fedora Directory Server
CVE-2008-2929 (Multiple cross-site scripting (XSS) vulnerabilities in the adminutil l ...)
	NOT-FOR-US: Red Hat Directory Server / Fedora Directory Server
CVE-2008-2928 (Multiple buffer overflows in the adminutil library in CGI applications ...)
	NOT-FOR-US: Red Hat Directory Server / Fedora Directory Server
CVE-2008-2926 (The kmxfw.sys driver in CA Host-Based Intrusion Prevention System (HIP ...)
	NOT-FOR-US: r8 (Host-Based Intrusion Prevention System)
CVE-2008-2925 (SQL injection vulnerability in Webmatic before 2.8 allows remote attac ...)
	NOT-FOR-US: Webmatic
CVE-2008-2924 (Cross-site scripting (XSS) vulnerability in Webmatic before 2.8 allows ...)
	NOT-FOR-US: Webmatic
CVE-2008-2923 (Cross-site scripting (XSS) vulnerability in read/search/results in Lyr ...)
	NOT-FOR-US: Lyris ListManager
CVE-2008-2922 (Stack-based buffer overflow in artegic Dana IRC client 1.3 and earlier ...)
	NOT-FOR-US: Dana IRC client
CVE-2008-2921 (SQL injection vulnerability in index.php in EZTechhelp EZCMS 1.2 and e ...)
	NOT-FOR-US: EZTechhelp
CVE-2008-2920 (admin/filemanager/ (aka the File Manager) in EZTechhelp EZCMS 1.2 and  ...)
	NOT-FOR-US: EZTechhelp
CVE-2008-2919 (SQL injection vulnerability in listing.php in Gryphon gllcTS2 4.2.4 al ...)
	NOT-FOR-US: Gryphon
CVE-2008-2918 (SQL injection vulnerability in details.php in Application Dynamics Car ...)
	NOT-FOR-US: Application Dynamics Cartweaver
CVE-2008-2917 (SQL injection vulnerability in productsofcat.asp in E-SMART CART allow ...)
	NOT-FOR-US: E-SMART CART
CVE-2008-2916 (Multiple SQL injection vulnerabilities in Pre ADS Portal 2.0 and earli ...)
	NOT-FOR-US: Pre ADS Portal
CVE-2008-2915 (Multiple SQL injection vulnerabilities in jobseekers/JobSearch.php (ak ...)
	NOT-FOR-US: Pre Job Board
CVE-2008-2914 (SQL injection vulnerability in jobseekers/JobSearch3.php (aka the sear ...)
	NOT-FOR-US: Pre Job Board
CVE-2008-2913 (Directory traversal vulnerability in func.php in Devalcms 1.4a, when m ...)
	NOT-FOR-US: Devalcms
CVE-2008-2912 (Multiple PHP remote file inclusion vulnerabilities in Contenido CMS 4. ...)
	NOT-FOR-US: Contenido CMS
CVE-2008-2911 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Co ...)
	NOT-FOR-US: Contenido CMS
CVE-2008-2910 (Buffer overflow in the DXTTextOutEffect ActiveX control (aka the Text- ...)
	NOT-FOR-US: ActiveX control
CVE-2008-2909 (SQL injection vulnerability in results.php in Clever Copy 3.0 allows r ...)
	NOT-FOR-US: Clever Copy
CVE-2008-2908 (Multiple stack-based buffer overflows in a certain ActiveX control in  ...)
	NOT-FOR-US: ActiveX control
CVE-2008-2907 (SQL injection vulnerability in admin/index.php in WebChamado 1.1, when ...)
	NOT-FOR-US: WebChamado
CVE-2008-2906 (SQL injection vulnerability in lista_anexos.php in WebChamado 1.1 allo ...)
	NOT-FOR-US: WebChamado
CVE-2008-2905 (PHP remote file inclusion vulnerability in includes/Cache/Lite/Output. ...)
	NOT-FOR-US: Mambo
	NOTE: Mambo is only in experimental
	NOTE: filed removal bug for Mambo from experimental #490291
CVE-2008-2904 (SQL injection vulnerability in shop.php in Conkurent PHPMyCart allows  ...)
	NOT-FOR-US: Conkurent PHPMyCart
CVE-2008-2903 (SQL injection vulnerability in news.php in Advanced Webhost Billing Sy ...)
	NOT-FOR-US: Advanced Webhost Billing System
CVE-2008-2902 (SQL injection vulnerability in profile.php in AlstraSoft AskMe Pro 2.1 ...)
	NOT-FOR-US: AlstraSoft AskMe Pro
CVE-2008-2901 (Multiple SQL injection vulnerabilities in Haudenschilt Family Connecti ...)
	NOT-FOR-US: Haudenschilt Family Connections CMS
CVE-2008-2900 (SQL injection vulnerability in item.php in PHPAuction 3.2 allows remot ...)
	NOT-FOR-US: PHPAuction
CVE-2008-2899 (Unspecified vulnerability in includes/classes/page.php in j00lean-CMS  ...)
	NOT-FOR-US: j00lean-CMS
CVE-2008-2898 (Directory traversal vulnerability in includes/header.php in Hedgehog-C ...)
	NOT-FOR-US: Hedgehog-CMS
CVE-2008-2897 (SQL injection vulnerability in index.php in PageSquid CMS 0.3 Beta all ...)
	NOT-FOR-US: PageSquid
CVE-2008-2896 (Directory traversal vulnerability in index.php in FireAnt 1.3 allows r ...)
	NOT-FOR-US: FireAnt
CVE-2008-2895 (Directory traversal vulnerability in index.php in AproxEngine 5.1.0.4  ...)
	NOT-FOR-US: AproxEngine
CVE-2008-2894 (Directory traversal vulnerability in the FTP client in NCH Software Cl ...)
	NOT-FOR-US: NCH Software Classic FTP Windows
CVE-2008-2893 (SQL injection vulnerability in news.php in AJ Square aj-hyip (aka AJ H ...)
	NOT-FOR-US: AJ Square aj-hyip
CVE-2008-2892 (SQL injection vulnerability in the EXP Shop (com_expshop) component 1. ...)
	NOT-FOR-US: Joomla!
CVE-2008-2891 (SQL injection vulnerability in index.php in eMuSOFT emuCMS 0.3 allows  ...)
	NOT-FOR-US: emuCMS
CVE-2008-2890 (Multiple SQL injection vulnerabilities in Online Fantasy Football Leag ...)
	NOT-FOR-US: Online Fantasy Football League
CVE-2008-2889 (Directory traversal vulnerability in the FTP client in AceBIT WISE-FTP ...)
	NOT-FOR-US: AceBIT WISE-FTP
CVE-2008-2888 (Multiple PHP remote file inclusion vulnerabilities in MiGCMS 2.0.5, wh ...)
	NOT-FOR-US: MiGCMS
CVE-2008-2887 (Directory traversal vulnerability in index.php in chaozz@work FubarFor ...)
	NOT-FOR-US: FubarForum
CVE-2008-2886 (PHP remote file inclusion vulnerability in include/plugins/jrBrowser/p ...)
	NOT-FOR-US: Jamroom
CVE-2008-2885 (PHP remote file inclusion vulnerability in src/browser/resource/catego ...)
	NOT-FOR-US: Open Digital Assets Repository System
CVE-2008-2884 (PHP remote file inclusion vulnerability in display.php in RSS-aggregat ...)
	NOT-FOR-US: RSS-aggregator
CVE-2008-2883 (PHP remote file inclusion vulnerability in include/plugins/jrBrowser/p ...)
	NOT-FOR-US: Jamroom
CVE-2008-2882 (upgrade.asp in sHibby sHop 2.2 and earlier does not require administra ...)
	NOT-FOR-US: sHibby sHop
CVE-2008-2881 (Relative Real Estate Systems 3.0 and earlier stores passwords in clear ...)
	NOT-FOR-US: Relative Real Estate Systems
CVE-2008-2880 (Heap-based buffer overflow in the IBM AFP Viewer Plug-in 2.0.7.1 and 3 ...)
	NOT-FOR-US: IBM AFP Viewer Plug-in
CVE-2008-2879 (Benja CMS 0.1 does not require authentication for access to admin/, wh ...)
	NOT-FOR-US: Benja CMS
CVE-2008-2878 (Open redirect vulnerability in rss_getfile.php in Academic Web Tools ( ...)
	NOT-FOR-US: Academic Web Tools
CVE-2008-2877 (PHP remote file inclusion vulnerability in admin/include/lib.module.ph ...)
	NOT-FOR-US: cmsWorks
CVE-2008-2876 (Directory traversal vulnerability in index.php in mUnky 0.0.1 allows r ...)
	NOT-FOR-US: mUnky
CVE-2008-2875 (SQL injection vulnerability in index.php in Webdevindo-CMS 1.0.0 allow ...)
	NOT-FOR-US: Webdevindo-CMS
CVE-2008-2874 (SQL injection vulnerability in index.php in Softbiz Jokes &amp; Funny  ...)
	NOT-FOR-US: Softbiz Jokes & Funny Pics
CVE-2008-2873 (sHibby sHop 2.2 and earlier stores sensitive information under the web ...)
	NOT-FOR-US: sHibby sHop
CVE-2008-2872 (SQL injection vulnerability in default.asp in sHibby sHop 2.2 and earl ...)
	NOT-FOR-US: sHibby sHop
CVE-2008-2871 (Multiple cross-site scripting (XSS) vulnerabilities in template2.php i ...)
	NOT-FOR-US: PEGames
CVE-2008-2870 (Multiple SQL injection vulnerabilities in ShareCMS 0.1 Beta allow remo ...)
	NOT-FOR-US: ShareCMS
CVE-2008-2869 (SQL injection vulnerability in out.php in E-topbiz Link ADS 1 allows r ...)
	NOT-FOR-US: E-topbiz Link ADS
CVE-2008-2868 (SQL injection vulnerability in detail.asp in DUware DUcalendar 1.0 and ...)
	NOT-FOR-US: ware DUcalendar
CVE-2008-2867 (SQL injection vulnerability in adclick.php in E-topbiz Viral DX 1 2.07 ...)
	NOT-FOR-US: E-topbiz Viral
CVE-2008-2866 (SQL injection vulnerability in csc_article_details.php in Caupo.net Ca ...)
	NOT-FOR-US: CaupoShop Classic
CVE-2008-2865 (SQL injection vulnerability in index.php in Kalptaru Infotech PHP Site ...)
	NOT-FOR-US: Kalptaru Infotech PHP Site
CVE-2008-2864 (eLineStudio Site Composer (ESC) 2.6 and earlier allows remote attacker ...)
	NOT-FOR-US: eLineStudio Site Composer
CVE-2008-2863 (Multiple absolute path traversal vulnerabilities in eLineStudio Site C ...)
	NOT-FOR-US: eLineStudio Site Composer
CVE-2008-2862 (Multiple SQL injection vulnerabilities in eLineStudio Site Composer (E ...)
	NOT-FOR-US: eLineStudio Site Composer
CVE-2008-2861 (Multiple cross-site scripting (XSS) vulnerabilities in eLineStudio Sit ...)
	NOT-FOR-US: eLineStudio Site Composer
CVE-2008-2860 (SQL injection vulnerability in category.php in AJSquare AJ Auction Pro ...)
	NOT-FOR-US: AJSquare AJ Auction Pro Web
CVE-2008-2859 (Unspecified vulnerability in the IMAP service in NetWin SurgeMail befo ...)
	NOT-FOR-US: NetWin SurgeMail
CVE-2008-2858 (SQL injection vulnerability in index.php in WebChamado 1.1 allows remo ...)
	NOT-FOR-US: WebChamado
CVE-2008-2857 (AlstraSoft AskMe Pro 2.1 and earlier stores passwords in cleartext in  ...)
	NOT-FOR-US: AlstraSoft AskMe Pro
CVE-2008-2856 (SQL injection vulnerability in clanek.php in OwnRS Beta 3 allows remot ...)
	NOT-FOR-US: OwnRS
CVE-2008-2855 (Cross-site scripting (XSS) vulnerability in clanek.php in OwnRS Beta 3 ...)
	NOT-FOR-US: OwnRS
CVE-2008-2854 (Multiple PHP remote file inclusion vulnerabilities in Orlando CMS 0.6  ...)
	NOT-FOR-US: Orlando CMS
CVE-2008-2853 (SQL injection vulnerability in index.php in Easy Webstore 1.2 allows r ...)
	NOT-FOR-US: Easy Webstore
CVE-2008-2852 (Cross-site scripting (XSS) vulnerability in CGIWrap before 4.1, when a ...)
	- cgiwrap <removed> (low; bug #497761)
	[etch] - cgiwrap <no-dsa> (Minor issue)
	NOTE: only applies to certain character sets and only works with
	NOTE: browsers. There isn't a good solution available, the patch uses
	NOTE: a compile-time charset specification. All in all not a real
	NOTE: priority to fix in etch.
CVE-2008-2851 (Multiple buffer overflows in OFF System before 0.19.14 allow remote at ...)
	NOT-FOR-US: OFF System
CVE-2008-2850 (SQL injection vulnerability in the TrailScout module 5.x before 5.x-1. ...)
	NOT-FOR-US: additional drupal module TrailScout
CVE-2008-2849 (Cross-site scripting (XSS) vulnerability in the TrailScout module 5.x  ...)
	NOT-FOR-US: additional drupal module TrailScout
CVE-2008-2848 (Cross-site scripting (XSS) vulnerability in the search functionality i ...)
	NOT-FOR-US: MindTouch DekiWiki
CVE-2008-2847 (SQL injection vulnerability in the Trade module in Maxtrade AIO 1.3.23 ...)
	NOT-FOR-US: Maxtrade
CVE-2008-2846 (SQL injection vulnerability in index.php in BoatScripts Classifieds al ...)
	NOT-FOR-US: BoatScripts Classifieds
CVE-2008-2845 (SQL injection vulnerability in index.php in MyBizz-Classifieds allows  ...)
	NOT-FOR-US: MyBizz-Classifieds
CVE-2008-2844 (SQL injection vulnerability in index.php in Carscripts Classifieds all ...)
	NOT-FOR-US: Carscripts Classifieds
CVE-2008-2843 (Multiple SQL injection vulnerabilities in doITLive CMS 2.50 and earlie ...)
	NOT-FOR-US: doITLive CMS
CVE-2008-2842 (Cross-site scripting (XSS) vulnerability in edit/showmedia.asp in doIT ...)
	NOT-FOR-US: doITLive CMS
CVE-2008-2950 (The Page destructor in Page.cc in libpoppler in Poppler 0.8.4 and earl ...)
	{DTSA-146-1}
	- poppler 0.8.4-1.1 (medium; bug #489756)
	[etch] - poppler <not-affected> (Vulnerable code not present)
	- xpdf <not-affected> (Page.cc is not allocating the widget and therefore not vulnerable in the destructor, attrs initialized)
CVE-2008-2927 (Multiple integer overflows in the msn_slplink_process_msg functions in ...)
	{DSA-1805-1 DSA-1610-1}
	- pidgin 2.4.3-1
	- gaim <removed>
	[lenny] - gaim <not-affected> (gaim is now a transitional package depending on pidgin with its own source package)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=453764
CVE-2008-3137 (The GSM SMS dissector in Wireshark (formerly Ethereal) 0.99.2 through  ...)
	{DSA-1673-1}
	- wireshark 1.0.1-1 (low; bug #488834)
	NOTE: http://www.wireshark.org/security/wnpa-sec-2008-03.html
CVE-2008-3138 (The (1) PANA and (2) KISMET dissectors in Wireshark (formerly Ethereal ...)
	{DSA-1673-1}
	- wireshark 1.0.1-1 (low; bug #488834)
	NOTE: http://www.wireshark.org/security/wnpa-sec-2008-03.html
CVE-2008-3139 (The RTMPT dissector in Wireshark (formerly Ethereal) 0.99.8 through 1. ...)
	- wireshark 1.0.1-1 (low; bug #488834)
	[etch] - wireshark <not-affected> (Only affects 0.99.8 to 1.0.0)
	NOTE: http://www.wireshark.org/security/wnpa-sec-2008-03.html
CVE-2008-3140 (The syslog dissector in Wireshark (formerly Ethereal) 1.0.0 allows rem ...)
	- wireshark 1.0.1-1 (low; bug #488834)
	[etch] - wireshark <not-affected> (Only affects 1.0.0)
	NOTE: http://www.wireshark.org/security/wnpa-sec-2008-03.html
CVE-2008-3141 (Unspecified vulnerability in the RMI dissector in Wireshark (formerly  ...)
	{DSA-1673-1}
	- wireshark 1.0.1-1 (low; bug #488834)
	NOTE: http://www.wireshark.org/security/wnpa-sec-2008-03.html
CVE-2008-2952 (liblber/io.c in OpenLDAP 2.2.4 to 2.4.10 allows remote attackers to ca ...)
	{DSA-1650-1 DTSA-151-1}
	- openldap2.3 <removed> (low; bug #488710)
	- openldap 2.4.10-3 (low; bug #488710)
CVE-2008-2955 (Pidgin 2.4.1 allows remote attackers to cause a denial of service (cra ...)
	- pidgin 2.4.3-1 (low; bug #488632)
	- gaim <removed>
	[lenny] - gaim <not-affected> (gaim is now a transitional package depending on pidgin with its own source package)
CVE-2008-2956
	- pidgin <unfixed> (unimportant; bug #488632)
	NOTE: Non-issue per analysis of Pidgin upstream developers, should be rejected
CVE-2008-2957 (The UPnP functionality in Pidgin 2.0.0, and possibly other versions, a ...)
	- pidgin 2.4.3-4 (low; bug #488632)
	- gaim <removed>
	[lenny] - gaim <not-affected> (gaim is now a transitional package depending on pidgin with its own source package)
	NOTE: probably only a bandwidth issue
CVE-2008-2942 (Directory traversal vulnerability in patch.py in Mercurial 1.0.1 allow ...)
	- mercurial 1.0.1-2 (low; bug #488628)
	[etch] - mercurial <not-affected> (Vulnerable functionality not present)
CVE-2008-2953 (Linux DC++ (linuxdcpp) before 0.707 allows remote attackers to cause a ...)
	- linuxdcpp 1.0.1-2 (low; bug #488630)
	[etch] - linuxdcpp <no-dsa> (Minor issue)
CVE-2008-2954 (client/NmdcHub.cpp in Linux DC++ (linuxdcpp) before 0.707 allows remot ...)
	- linuxdcpp 1.0.1-2 (low; bug #488630)
	[etch] - linuxdcpp <no-dsa> (Minor issue)
CVE-2008-2958 (Race condition in (1) checkinstall 1.6.1 and (2) installwatch allows l ...)
	- checkinstall 1.6.1-7 (low; bug #488140)
CVE-2008-XXXX [werkzeug hashes its secret instead of using hmac]
	- python-werkzeug 0.3.1-1
	NOTE: http://web.archive.org/web/20081229140824/http://lucumr.pocoo.org:80/cogitations/2008/06/24/werkzeug-031-released/
CVE-2008-2841 (Argument injection vulnerability in XChat 2.8.7b and earlier on Window ...)
	- xchat <not-affected> (Windows specific problem)
CVE-2008-2840 (Multiple directory traversal vulnerabilities in Exero CMS 1.0.0 and 1. ...)
	NOT-FOR-US: Exero CMS
CVE-2008-2839 (Cross-site scripting (XSS) vulnerability in the search module in Train ...)
	NOT-FOR-US: Traindepot
CVE-2008-2838 (Directory traversal vulnerability in index.php in Traindepot 0.1 allow ...)
	NOT-FOR-US: Traindepot
CVE-2008-2837 (SQL injection vulnerability in index.php in CMS-BRD allows remote atta ...)
	NOT-FOR-US: CMS-BRD
CVE-2008-2836 (PHP remote file inclusion vulnerability in send_reminders.php in WebCa ...)
	- webcalendar 1.0.5-1 (low)
	- gforge <not-affected> (code in lenny internally sets its own path)
CVE-2008-2835 (SQL injection vulnerability in cgi-bin/igsuite in IGSuite 3.2.4 allows ...)
	NOT-FOR-US: IGSuite
CVE-2008-2834 (SQL injection vulnerability in projects.php in Scientific Image DataBa ...)
	NOT-FOR-US: Scientific Image DataBase
CVE-2008-2833 (admin/upload.php in le.cms 1.4 and earlier allows remote attackers to  ...)
	NOT-FOR-US: le.cms
CVE-2008-2832 (Unrestricted file upload vulnerability in calendar_admin.asp in Full R ...)
	NOT-FOR-US: aspWebCalendar 2008
CVE-2008-2831 (Multiple cross-site scripting (XSS) vulnerabilities in the delegated s ...)
	NOT-FOR-US: MailMarshal
CVE-2008-2830 (Open Scripting Architecture in Apple Mac OS X 10.4.11 and 10.5.4, and  ...)
	NOT-FOR-US: Apple Mac OS
CVE-2008-2829 (php_imap.c in PHP 5.2.5, 5.2.6, 4.x, and other versions, uses obsolete ...)
	{DTSA-144-1}
	- php5 5.2.6-2 (low)
	[etch] - php5 <no-dsa> (Fix not feasible for etch, low priority issue)
	NOTE: the fix sent to t-s and unstable does not seem possible in etch due to
	NOTE: missing api features from the version of libc-client in etch.
CVE-2008-2826 (Integer overflow in the sctp_getsockopt_local_addrs_old function in ne ...)
	{DSA-1630-1}
	- linux-2.6 2.6.25-6 (low)
	- linux-2.6.24 2.6.24-6~etchnhalf.4 (low)
	NOTE: 735ce972fbc8a65fb17788debd7bbe7b4383cc62, present in 2.6.25.9
CVE-2008-2825 (Cross-site scripting (XSS) vulnerability in the embedded Web Server in ...)
	NOT-FOR-US: Xerox WorkCentre
CVE-2008-2824 (Unspecified vulnerability in the Extensible Interface Platform in Web  ...)
	NOT-FOR-US: Xerox WorkCentre
CVE-2008-2823 (SQL injection vulnerability in newsarchive.php in PHPeasyblog (formerl ...)
	NOT-FOR-US: PHPeasyblog
CVE-2008-2822 (Multiple directory traversal vulnerabilities in the FTP client in 3D-F ...)
	NOT-FOR-US: 3D-FTP Client
CVE-2008-2821 (Directory traversal vulnerability in the FTP client in Glub Tech Secur ...)
	NOT-FOR-US: Glub Tech Secure FTP
CVE-2008-2820 (Directory traversal vulnerability in lang/lang-system.php in Open Azim ...)
	NOT-FOR-US: Open Azimyt CMS
CVE-2008-2819 (SQL injection vulnerability in BlognPlus (BURO GUN +) 2.5.4 and earlie ...)
	NOT-FOR-US: BlognPlus
CVE-2008-2818 (Directory traversal vulnerability in Easy-Clanpage 3.0 b1 allows remot ...)
	NOT-FOR-US: Easy-Clanpage
CVE-2008-2817 (SQL injection vulnerability in albums.php in NiTrO Web Gallery 1.4.3 a ...)
	NOT-FOR-US: NiTrO Web Gallery
CVE-2008-2816 (SQL injection vulnerability in post.php in Oxygen (aka O2PHP Bulletin  ...)
	NOT-FOR-US: Oxygen
CVE-2008-2815 (SQL injection vulnerability in shopping/index.php in MyMarket 1.72 all ...)
	NOT-FOR-US: MyMarket
CVE-2008-2814 (Cross-site scripting (XSS) vulnerability in WallCity-Server Shoutcast  ...)
	NOT-FOR-US: WallCity-Server
CVE-2008-2813 (Directory traversal vulnerability in index.php in WallCity-Server Shou ...)
	NOT-FOR-US: WallCity-Server
CVE-2008-2812 (The Linux kernel before 2.6.25.10 does not properly perform tty operat ...)
	{DSA-1630-1}
	- linux-2.6 2.6.25-7
	- linux-2.6.24 2.6.24-6~etchnhalf.4
CVE-2008-2811 (The block reflow implementation in Mozilla Firefox before 2.0.0.15, Th ...)
	{DSA-1697-1 DSA-1621-1 DSA-1615-1 DSA-1607-1}
	- iceweasel 3.0
	NOTE: Firefox 3 not affected
	- iceape 1.1.10-1
	- xulrunner 1.9.0.1-1
	- icedove 2.0.0.16-1
CVE-2008-2810 (Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not pro ...)
	- iceweasel <not-affected> (Windows-specific)
	- iceape <not-affected> (Windows-specific)
CVE-2008-2809 (Mozilla 1.9 M8 and earlier, Mozilla Firefox 2 before 2.0.0.15, SeaMonk ...)
	{DSA-1697-1 DSA-1621-1 DSA-1615-1 DSA-1607-1}
	- iceweasel 3.0
	NOTE: Firefox 3 not affected
	- iceape 1.1.10-1
	- xulrunner 1.9.0.1-1
	- icedove 2.0.0.16-1
CVE-2008-2808 (Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not pro ...)
	{DSA-1697-1 DSA-1615-1 DSA-1607-1}
	- iceweasel 3.0
	- iceape 1.1.10-1
	- xulrunner 1.9.0.1-1
CVE-2008-2807 (Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not pro ...)
	{DSA-1697-1 DSA-1621-1 DSA-1615-1 DSA-1607-1}
	- iceweasel 3.0
	- iceape 1.1.10-1
	- xulrunner 1.9.0.1-1
	- icedove 2.0.0.16-1
CVE-2008-2806 (Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 on Mac OS  ...)
	- iceweasel <not-affected> (MacOS-specific)
	- iceape <not-affected> (MacOS-specific)
CVE-2008-2805 (Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 allow remo ...)
	{DSA-1697-1 DSA-1615-1 DSA-1607-1}
	- iceweasel 3.0
	NOTE: Firefox 3 not affected
	- iceape 1.1.10
	- xulrunner 1.9.0.1-1
CVE-2008-2804
	REJECTED
CVE-2008-2803 (The mozIJSSubScriptLoader.LoadScript function in Mozilla Firefox befor ...)
	{DSA-1697-1 DSA-1621-1 DSA-1615-1 DSA-1607-1}
	- iceweasel 3.0~b2-1
	- iceape 1.1.10-1
	- xulrunner 1.9.0.1-1
	- icedove 2.0.0.16-1
CVE-2008-2802 (Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and ...)
	{DSA-1697-1 DSA-1621-1 DSA-1615-1 DSA-1607-1}
	- iceweasel 3.0~b2-1
	- iceape 1.1.10-1
	- icedove 2.0.0.16-1
	- xulrunner 1.9.0.1-1
CVE-2008-2801 (Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not pro ...)
	{DSA-1697-1 DSA-1615-1 DSA-1607-1}
	- iceweasel 3.0~b2-1
	- iceape 1.1.10-1
	- xulrunner 1.9.0.1-1
CVE-2008-2800 (Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 allow remo ...)
	{DSA-1697-1 DSA-1615-1 DSA-1607-1}
	- iceweasel 3.0~b2-1
	- iceape 1.1.10-1
	- xulrunner 1.9.0.1-1
CVE-2008-2799 (Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.1 ...)
	{DSA-1697-1 DSA-1621-1 DSA-1615-1 DSA-1607-1}
	- iceweasel 3.0~b2-1
	- iceape 1.1.10-1
	- xulrunner 1.9.0.1-1
	- icedove 2.0.0.16-1
CVE-2008-2798 (Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.1 ...)
	{DSA-1697-1 DSA-1621-1 DSA-1615-1 DSA-1607-1}
	- iceweasel 3.0~b2-1
	- iceape 1.1.10-1
	- xulrunner 1.9.0.1-1
	- icedove 2.0.0.16-1
CVE-2008-2797 (Cross-site scripting (XSS) vulnerability in MainLayout.do in ManageEng ...)
	NOT-FOR-US: ManageEngine OpUtils
CVE-2008-2796 (SQL injection vulnerability in index.php in FreeCMS 0.2 allows remote  ...)
	NOT-FOR-US: FreeCMS
CVE-2008-2795 (Directory traversal vulnerability in the FTP and SFTP clients in IDM C ...)
	NOT-FOR-US: IDM Computer Solutions Inc UltraEdit
CVE-2008-2794 (Unspecified vulnerability in the GUI in Symantec Altiris Notification  ...)
	NOT-FOR-US: Symantec Altiris Notification
CVE-2008-2793 (SQL injection vulnerability in group_posts.php in ClipShare before 3.0 ...)
	NOT-FOR-US: ClipShare
CVE-2008-2792 (SQL injection vulnerability in index.php in eroCMS 1.4 and earlier all ...)
	NOT-FOR-US: eroCMS
CVE-2008-2791 (SQL injection vulnerability in product.detail.php in Kalptaru Infotech ...)
	NOT-FOR-US: Kalptaru Infotech
CVE-2008-2790 (SQL injection vulnerability in detail.php in MountainGrafix easyTrade  ...)
	NOT-FOR-US: MountainGrafix easyTrade
CVE-2008-2789 (SQL injection vulnerability in pages/index.php in BASIC-CMS allows rem ...)
	NOT-FOR-US: BASIC-CMS
CVE-2008-2788 (Cross-site scripting (XSS) vulnerability in index.php in OpenDocMan 1. ...)
	NOT-FOR-US: OpenDocMan
CVE-2008-2787 (Cross-site scripting (XSS) vulnerability in out.php in OpenDocMan 1.2. ...)
	NOT-FOR-US: OpenDocMan
CVE-2008-2960 (Cross-site scripting (XSS) vulnerability in phpMyAdmin before 2.11.7,  ...)
	- phpmyadmin 4:2.11.7~rc2-1 (unimportant)
	NOTE: We haven't supported installations with register_globals enabled since a long time
	NOTE: https://www.phpmyadmin.net/security/PMASA-2008-4/
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/aa2076eedc7e3664b09681d6fe9dd019eca98647
CVE-2008-2827 (The rmtree function in lib/File/Path.pm in Perl 5.10 does not properly ...)
	{DTSA-142-1}
	- perl 5.10.0-11 (bug #487319; medium)
	[etch] - perl <not-affected> (doesn't change link target permissions)
	NOTE: affects other packages like debsums, see bugreport
CVE-2008-2828 (Stack-based buffer overflow in tmsnc allows remote attackers to cause  ...)
	- tmsnc 0.3.2-1.1 (low; bug #487222)
CVE-2008-2786 (Buffer overflow in Firefox 3.0 and 2.0.x has unknown impact and attack ...)
	NOT-FOR-US: Just hashes posted to full-disclosure, no specific information
	NOTE: Unless more specific information pops up, this can be considered covered by
	NOTE: CVE-2008-2785
CVE-2008-2785 (Mozilla Firefox before 2.0.0.16 and 3.x before 3.0.1, Thunderbird befo ...)
	{DSA-1697-1 DSA-1621-1 DSA-1615-1 DSA-1614-1}
	- iceweasel 3.0 (medium; bug #488358)
	- icedove 2.0.0.16-1
	- iceape 1.1.11-1 (bug #491163)
	- xulrunner 1.9.0.1-1 (bug #491161)
	NOTE: Since 3.0 iceweasel links against xulrunner, marking it as fixed, since also need to track etch
	NOTE: http://www.mozilla.org/security/announce/2008/mfsa2008-34.html
CVE-2008-2784 (The smtp_filter function in spamdyke before 3.1.8 does not filter RCPT ...)
	NOT-FOR-US: spamdyke
CVE-2008-2783 (Multiple cross-site scripting (XSS) vulnerabilities in Horde Groupware ...)
	- kronolith2 <not-affected> (unimportant; Nonreproducable 'issue')
	- horde3 <not-affected> (unimportant; Nonreproducable 'issue')
	NOTE: not reproducible, redhat also seems to have problems reproducing this https://bugzilla.redhat.com/show_bug.cgi?id=452209
CVE-2008-2782 (Multiple directory traversal vulnerabilities in OtomiGenX 2.2 allow re ...)
	NOT-FOR-US: OtomiGenX
CVE-2008-2781 (SQL injection vulnerability in index.php in DZOIC Handshakes 3.5 allow ...)
	NOT-FOR-US: DZOIC Handshakes
CVE-2008-2780 (The Anubis (aka Anubis+Ripe160) plugin before 1.3 for encrypt stores t ...)
	NOT-FOR-US: Anubis
CVE-2008-2779 (Directory traversal vulnerability in GlobalSCAPE CuteFTP Home 8.2.0 Bu ...)
	NOT-FOR-US: GlobalSCAPE CuteFTP Home
CVE-2008-2778 (SQL injection vulnerability in inc/class_search.php in the Search Syst ...)
	NOT-FOR-US: RevokeBB
CVE-2008-2777 (Cross-site scripting (XSS) vulnerability in Ortro before 1.3.1 allows  ...)
	NOT-FOR-US: Ortro
CVE-2008-2776 (Cross-site scripting (XSS) vulnerability in search.asp in DT Centrepie ...)
	NOT-FOR-US: DT Centrepiece
CVE-2008-2775 (SQL injection vulnerability in search.asp in DT Centrepiece 4.0 allows ...)
	NOT-FOR-US: DT Centrepiece
CVE-2008-2774 (SQL injection vulnerability in item.php in CartKeeper CKGold Shopping  ...)
	NOT-FOR-US: CartKeeper CKGold Shopping Cart
CVE-2008-2773 (Cross-site scripting (XSS) vulnerability in the Taxonomy Image module  ...)
	NOT-FOR-US: Taxonomy Image module for Drupal
CVE-2008-2772 (The Magic Tabs module 5.x before 5.x-1.1 for Drupal allows remote atta ...)
	NOT-FOR-US: Magic Tabs module for Drupal
CVE-2008-2771 (The Node Hierarchy module 5.x before 5.x-1.1 and 6.x before 6.x-1.0 fo ...)
	NOT-FOR-US: Node Hierarchy module for Drupal
CVE-2008-2770 (SQL injection vulnerability in index.php in MycroCMS 0.5, when magic_q ...)
	NOT-FOR-US: MycroCMS
CVE-2008-2769 (PHP remote file inclusion vulnerability in authentication/smf/smf.func ...)
	NOT-FOR-US: phpRaider
CVE-2008-2768 (Cross-site scripting (XSS) vulnerability in admin/search.asp in Xigla  ...)
	NOT-FOR-US: Xigla Poll Manager XE
CVE-2008-2767 (SQL injection vulnerability in search.asp in Xigla Poll Manager XE all ...)
	NOT-FOR-US: Xigla Poll Manager XE
CVE-2008-2766 (Cross-site scripting (XSS) vulnerability in Xigla Absolute Image Galle ...)
	NOT-FOR-US: Xigla Absolute Image Gallery XE
CVE-2008-2765 (SQL injection vulnerability in gallery.asp in Xigla Absolute Image Gal ...)
	NOT-FOR-US: Xigla Absolute Image Gallery XE
CVE-2008-2764 (Cross-site scripting (XSS) vulnerability in admin/search.asp in Xigla  ...)
	NOT-FOR-US: Xigla Absolute Live Support XE
CVE-2008-2763 (SQL injection vulnerability in search.asp in Xigla Absolute Live Suppo ...)
	NOT-FOR-US: Xigla Absolute Live Support XE
CVE-2008-2762 (SQL injection vulnerability in search.asp in Xigla Absolute Form Proce ...)
	NOT-FOR-US: Xigla Absolute Form Processor XE
CVE-2008-2761 (Multiple cross-site scripting (XSS) vulnerabilities in Xigla Absolute  ...)
	NOT-FOR-US: Xigla Absolute Banner Manager XE
CVE-2008-2760 (SQL injection vulnerability in searchbanners.asp in Xigla Absolute Ban ...)
	NOT-FOR-US: Xigla Absolute Banner Manager XE
CVE-2008-2759 (Multiple cross-site scripting (XSS) vulnerabilities in Xigla Absolute  ...)
	NOT-FOR-US: Xigla Absolute Form Processor XE
CVE-2008-2758 (Multiple cross-site scripting (XSS) vulnerabilities in Xigla Absolute  ...)
	NOT-FOR-US: Xigla Absolute News Manager XE
CVE-2008-2757 (SQL injection vulnerability in search.asp in Xigla Absolute News Manag ...)
	NOT-FOR-US: Xigla Absolute News Manager XE
CVE-2008-2756 (Cross-site scripting (XSS) vulnerability in admin/users.asp in Xigla A ...)
	NOT-FOR-US: Xigla Absolute Control Panel XE
CVE-2008-2755 (SQL injection vulnerability in index.php in JAMM CMS allows remote att ...)
	NOT-FOR-US: JAMM CMS
CVE-2008-2754 (SQL injection vulnerability in toplists.php in eFiction 3.0 and 3.4.3, ...)
	NOT-FOR-US: eFiction
CVE-2008-2753 (Multiple SQL injection vulnerabilities in Pooya Site Builder (PSB) 6.0 ...)
	NOT-FOR-US: Pooya Site Builder
CVE-2008-2752 (Microsoft Word 2000 9.0.2812 and 2003 11.8106.8172 does not properly h ...)
	NOT-FOR-US: Microsoft Word
CVE-2008-2751 (Multiple cross-site scripting (XSS) vulnerabilities in the Glassfish w ...)
	NOT-FOR-US: Sun Java System Application Server
CVE-2008-2750 (The pppol2tp_recvmsg function in drivers/net/pppol2tp.c in the Linux k ...)
	- linux-2.6 2.6.26
	[etch] - linux-2.6 <not-affected> (Vulnerable code was introduced in 2.6.23)
	- linux-2.6.24 2.6.24-6~etchnhalf.4
	NOTE: 6b6707a50c7598a83820077393f8823ab791abf8
CVE-2008-2749 (Unspecified vulnerability in cshttpd in Sun Java System Calendar Serve ...)
	NOT-FOR-US: Sun Java System Application Server
CVE-2008-2748 (Skulltag 0.97d2-RC2 and earlier allows remote attackers to cause a den ...)
	NOT-FOR-US: Skulltag
CVE-2008-2747 (No-IP Dynamic Update Client (DUC) 2.2.1 on Windows uses weak permissio ...)
	NOT-FOR-US: Windows
CVE-2008-2746 (SQL injection vulnerability in login.php in Gryphon gllcTS2 4.2.4 allo ...)
	NOT-FOR-US: Gryphon gllcTS2
CVE-2008-2745 (Stack-based buffer overflow in BiAnno ActiveX Control (BiAnno.ocx) in  ...)
	NOT-FOR-US: BiAnno ActiveX Control
CVE-2008-2744 (Cross-site scripting (XSS) vulnerability in vBulletin 3.6.10 and 3.7.1 ...)
	NOT-FOR-US: vBulletin
CVE-2008-2743 (Cross-site scripting (XSS) vulnerability in the embedded web server in ...)
	NOT-FOR-US: web server Xerox
CVE-2008-2742 (Unrestricted file upload in the mcpuk file editor (atk/attributes/fck/ ...)
	NOT-FOR-US: Achievo
CVE-2008-2741
	RESERVED
CVE-2008-2740
	RESERVED
CVE-2008-2739 (The SERVICE.DNS signature engine in the Intrusion Prevention System (I ...)
	NOT-FOR-US: Cisco IOS
CVE-2008-2738
	RESERVED
CVE-2008-2737
	REJECTED
CVE-2008-2736 (Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) 5 ...)
	NOT-FOR-US: Cisco Adaptive Security Appliance (ASA)
CVE-2008-2735 (The HTTP server in Cisco Adaptive Security Appliance (ASA) 5500 device ...)
	NOT-FOR-US: Cisco Adaptive Security Appliance (ASA)
CVE-2008-2734 (Memory leak in the crypto functionality in Cisco Adaptive Security App ...)
	NOT-FOR-US: Cisco Adaptive Security Appliance (ASA)
CVE-2008-2733 (Cisco PIX and Adaptive Security Appliance (ASA) 5500 devices 7.2 befor ...)
	NOT-FOR-US: Cisco Adaptive Security Appliance (ASA)
CVE-2008-2732 (Multiple unspecified vulnerabilities in the SIP inspection functionali ...)
	NOT-FOR-US: Cisco Adaptive Security Appliance (ASA)
CVE-2008-2731
	RESERVED
CVE-2008-2730 (The Real-Time Information Server (RIS) Data Collector service in Cisco ...)
	NOT-FOR-US: cisco
CVE-2008-2729 (arch/x86_64/lib/copy_user.S in the Linux kernel before 2.6.19 on some  ...)
	{DSA-1630-1}
	- linux-2.6 2.6.19-1
	NOTE: 3022d734a54cbd2b65eea9a024564821101b4a9a
CVE-2008-2728
	REJECTED
CVE-2008-2727
	REJECTED
CVE-2008-2726 (Integer overflow in the (1) rb_ary_splice function in Ruby 1.8.4 and e ...)
	{DSA-1618-1 DSA-1612-1}
	- ruby1.9 1.9.0.2-1
	- ruby1.8 1.8.7.22-1
CVE-2008-2725 (Integer overflow in the (1) rb_ary_splice function in Ruby 1.8.4 and e ...)
	{DSA-1618-1 DSA-1612-1}
	- ruby1.9 1.9.0.2-1
	- ruby1.8 1.8.7.22-1
CVE-2008-2718 (Cross-site scripting (XSS) vulnerability in fe_adminlib.inc in TYPO3 4 ...)
	{DSA-1596-1}
	- typo3-src 4.1.7-1 (bug #485814)
CVE-2008-2716 (Unspecified vulnerability in Opera before 9.5 allows remote attackers  ...)
	NOT-FOR-US: Opera
CVE-2008-2715 (Unspecified vulnerability in Opera before 9.5 allows remote attackers  ...)
	NOT-FOR-US: Opera
CVE-2008-2714 (Opera before 9.26 allows remote attackers to misrepresent web page add ...)
	NOT-FOR-US: Opera
CVE-2008-2710 (Integer signedness error in the ip_set_srcfilter function in the IP Mu ...)
	NOT-FOR-US: Solaris
CVE-2008-2709 (Buffer overflow in the BrSmRcvAndCheck function in the RCHMGR module o ...)
	NOT-FOR-US: Solaris
CVE-2008-2708 (Unspecified vulnerability in the Sun (1) UltraSPARC T2 and (2) UltraSP ...)
	NOT-FOR-US: Solaris
CVE-2008-2707 (Unspecified vulnerability in the e1000g driver in Sun Solaris 10 and O ...)
	NOT-FOR-US: Solaris
CVE-2008-2706 (Unspecified vulnerability in the event port implementation in Sun Sola ...)
	NOT-FOR-US: Sun Solaris
CVE-2008-2705 (Unspecified vulnerability in Sun Java System Access Manager (AM) 7.1,  ...)
	NOT-FOR-US: Sun Java System Access Manager
CVE-2008-2704 (Novell GroupWise Messenger (GWIM) before 2.0.3 Hot Patch 1 allows remo ...)
	NOT-FOR-US: Novell GroupWise
CVE-2008-2703 (Multiple stack-based buffer overflows in Novell GroupWise Messenger (G ...)
	NOT-FOR-US: Novell GroupWise
CVE-2008-2702 (Directory traversal vulnerability in the FTP client in ALTools ESTsoft ...)
	NOT-FOR-US: ALTools ESTsoft ALFTP
CVE-2008-2701 (SQL injection vulnerability in the GameQ (com_gameq) component 4.0 and ...)
	NOT-FOR-US: joomla extension
CVE-2008-2700 (SQL injection vulnerability in view.php in Galatolo WebManager 1.0 and ...)
	NOT-FOR-US: Galatolo WebManager
CVE-2008-2699 (Multiple directory traversal vulnerabilities in Galatolo WebManager (G ...)
	NOT-FOR-US: Galatolo WebManager
CVE-2008-2698 (Multiple cross-site scripting (XSS) vulnerabilities in photo_add-c.php ...)
	NOT-FOR-US: WEBalbum
CVE-2008-2697 (SQL injection vulnerability in the Rapid Recipe (com_rapidrecipe) comp ...)
	NOT-FOR-US: joomla extension
CVE-2008-2695 (Directory traversal vulnerability in entry.php in phpInv 0.8.0 allows  ...)
	NOT-FOR-US: phpInv
CVE-2008-2694 (Cross-site scripting (XSS) vulnerability in search.php in phpInv 0.8.0 ...)
	NOT-FOR-US: phpInv
CVE-2008-2693 (Stack-based buffer overflow in the BITIFF.BITiffCtrl.1 ActiveX control ...)
	NOT-FOR-US: ActiveX control
CVE-2008-2692 (SQL injection vulnerability in the yvComment (com_yvcomment) component ...)
	NOT-FOR-US: Joomla!
CVE-2008-2691 (SQL injection vulnerability in read.asp in JiRo's FAQ Manager eXperien ...)
	NOT-FOR-US: JiRo's FAQ Manager eXperience
CVE-2008-2690 (Multiple PHP remote file inclusion vulnerabilities in BrowserCRM 5.002 ...)
	NOT-FOR-US: BrowserCRM
CVE-2008-2689 (PHP remote file inclusion vulnerability in pub/clients.php in BrowserC ...)
	NOT-FOR-US: BrowserCRM
CVE-2008-2688 (SQL injection vulnerability in pilot.asp in ASPilot Pilot Cart 7.3 all ...)
	NOT-FOR-US: ASPilot Pilot Cart
CVE-2008-2687 (Directory traversal vulnerability in inc/config.php in ProManager 0.73 ...)
	NOT-FOR-US: ProManager
CVE-2008-2686 (webinc/bxe/scripts/loadsave.php in Flux CMS 1.5.0 and earlier allows r ...)
	NOT-FOR-US: Flux CMS
CVE-2008-XXXX [insecure tempfile in wdiff]
	- wdiff 0.5-18 (low; bug #425254)
	[etch] - wdiff <no-dsa> (Minor issue)
CVE-2008-2719 (Off-by-one error in the ppscan function (preproc.c) in Netwide Assembl ...)
	- nasm 2.03.01-1 (low; bug #486715)
	[etch] - nasm <not-affected> (vulnerable code not present)
CVE-2008-2712 (Vim 7.1.314, 6.4, and other versions allows user-assisted remote attac ...)
	{DSA-1733-1 DTSA-143-1}
	- vim 1:7.1.314-3 (low; bug #486502)
CVE-2008-2696 (Exiv2 0.16 allows user-assisted remote attackers to cause a denial of  ...)
	- exiv2 0.17-1 (low; bug #486328)
	[etch] - exiv2 <no-dsa> (Minor issue)
	NOTE: http://dev.robotbattle.com/cgi-bin/viewvc.cgi/exiv2/trunk/src/nikonmn.cpp?r1=1473&r2=1499
CVE-2008-2713 (libclamav/petite.c in ClamAV before 0.93.1 allows remote attackers to  ...)
	{DSA-1616-2 DTSA-138-1}
	- clamav 0.93.1.dfsg-1.1 (low; bug #490925)
CVE-2008-2711 (fetchmail 6.3.8 and earlier, when running in -v -v (aka verbose) mode, ...)
	- fetchmail 6.3.9~rc2-1 (unimportant)
	[etch] - fetchmail 6.3.6-1etch3
	NOTE: https://www.openwall.com/lists/oss-security/2008/06/13/1
	NOTE: -vv is only used for debugging purposes so this does not
	NOTE: prevent a victim from getting mails. -vv is not used in non-interactive
	NOTE: use.
CVE-2008-2720 (Cross-site scripting (XSS) vulnerability in Menalto Gallery before 2.2 ...)
	- gallery2 2.2.5-1 (low; bug #485947)
	- gallery <not-affected> (Vulnerable code not present, different codebase)
CVE-2008-2721 (Unspecified vulnerability in the album-select module in Menalto Galler ...)
	- gallery2 2.2.5-1 (low; bug #485947)
	- gallery <not-affected> (Vulnerable code not present, different codebase)
CVE-2008-2722 (Menalto Gallery before 2.2.5 allows remote attackers to bypass permiss ...)
	- gallery2 2.2.5-1 (low; bug #485947)
	- gallery <not-affected> (Vulnerable code not present, different codebase)
CVE-2008-2723 (embed.php in Menalto Gallery before 2.2.5 allows remote attackers to o ...)
	- gallery2 2.2.5-1 (low; bug #485947)
	- gallery <not-affected> (Vulnerable code not present, different codebase)
CVE-2008-2724 (Menalto Gallery before 2.2.5 does not enforce permissions for non-albu ...)
	- gallery2 2.2.5-1 (low; bug #485947)
	- gallery <not-affected> (Vulnerable code not present, different codebase)
CVE-2008-2717 (TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1,  ...)
	{DSA-1596-1}
	- typo3-src 4.1.7-1 (bug #485814)
CVE-2008-2685 (SQL injection vulnerability in article.asp in Battle Blog 1.25 Build 4 ...)
	NOT-FOR-US: Battle Blog
CVE-2008-2684 (The BIDIB.BIDIBCtrl.1 ActiveX control in BIDIB.ocx 10.9.3.0 in Black I ...)
	NOT-FOR-US: Black Ice Barcode
CVE-2008-2683 (The BIDIB.BIDIBCtrl.1 ActiveX control in BIDIB.ocx 10.9.3.0 in Black I ...)
	NOT-FOR-US: Black Ice Barcode
CVE-2008-2682 (_RealmAdmin/login.asp in Realm CMS 2.3 and earlier allows remote attac ...)
	NOT-FOR-US: Realm CMS
CVE-2008-2681 (Realm CMS 2.3 and earlier allows remote attackers to obtain sensitive  ...)
	NOT-FOR-US: Realm CMS
CVE-2008-2680 (Multiple cross-site scripting (XSS) vulnerabilities in _db/compact.asp ...)
	NOT-FOR-US: Realm CMS
CVE-2008-2679 (SQL injection vulnerability in the KeyWordsList function in _includes/ ...)
	NOT-FOR-US: Realm CMS
CVE-2008-2678 (Multiple SQL injection vulnerabilities in Telephone Directory 2008, wh ...)
	NOT-FOR-US: Telephone Directory 2008
CVE-2008-2677 (Cross-site scripting (XSS) vulnerability in edit1.php in Telephone Dir ...)
	NOT-FOR-US: Telephone Directory 2008
CVE-2008-2676 (SQL injection vulnerability in the iJoomla News Portal (com_news_porta ...)
	NOT-FOR-US: com_news_portal component for Joomla!
CVE-2008-2675 (Cross-site scripting (XSS) vulnerability in index.php in PHP Image Gal ...)
	NOT-FOR-US: PHP Image Gallery
CVE-2008-2674 (Unspecified vulnerability in the Interstage Management Console, as use ...)
	NOT-FOR-US: Interstage Management Console
CVE-2008-2673 (SQL injection vulnerability in index.php in Powie pNews 2.08 and 2.10, ...)
	NOT-FOR-US: pNews
CVE-2008-2672 (Multiple directory traversal vulnerabilities in ErfurtWiki R1.02b and  ...)
	- ewiki <removed> (unimportant)
	NOTE: register_globals is not supported
CVE-2008-2671 (SQL injection vulnerability in comments.php in DCFM Blog 0.9.4 allows  ...)
	NOT-FOR-US: DCFM Blog
CVE-2008-2670 (Multiple SQL injection vulnerabilities in index.php in Insanely Simple ...)
	NOT-FOR-US: Insanely Simple Blog
CVE-2008-2669 (Multiple SQL injection vulnerabilities in yBlog 0.2.2.2 allow remote a ...)
	NOT-FOR-US: yBlog
CVE-2008-2668 (Multiple cross-site scripting (XSS) vulnerabilities in yBlog 0.2.2.2 a ...)
	NOT-FOR-US: yBlog
CVE-2008-2666 (Multiple directory traversal vulnerabilities in PHP 5.2.6 and earlier  ...)
	- php5 <removed> (unimportant)
	NOTE: safe mode not supported
CVE-2008-2665 (Directory traversal vulnerability in the posix_access function in PHP  ...)
	- php5 5.2.6.dfsg.1-3 (unimportant)
	NOTE: safe mode not supported
CVE-2008-2664 (The rb_str_format function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8 ...)
	{DSA-1618-1 DSA-1612-1}
	- ruby1.9 1.9.0.2-1
	- ruby1.8 1.8.7.22-1
CVE-2008-2663 (Multiple integer overflows in the rb_ary_store function in Ruby 1.8.4  ...)
	{DSA-1618-1 DSA-1612-1}
	- ruby1.9 1.9.0.2-1
	- ruby1.8 1.8.7.22-1
CVE-2008-2662 (Multiple integer overflows in the rb_str_buf_append function in Ruby 1 ...)
	{DSA-1618-1 DSA-1612-1}
	- ruby1.9 1.9.0.2-1
	- ruby1.8 1.8.7.22-1
CVE-2008-2661
	RESERVED
CVE-2008-2660
	REJECTED
CVE-2008-2659
	RESERVED
CVE-2008-2658
	RESERVED
CVE-2008-2657
	RESERVED
CVE-2008-2656
	RESERVED
CVE-2008-2655
	RESERVED
CVE-2008-2653
	RESERVED
CVE-2008-2652 (Multiple SQL injection vulnerabilities in catalog.php in SMEWeb 1.4b a ...)
	NOT-FOR-US: SMEWeb
CVE-2008-2651 (SQL injection vulnerability in the Joomla! Bulletin Board (aka Joo!BB  ...)
	NOT-FOR-US: com_joobb component for Joomla!
CVE-2008-2650 (Directory traversal vulnerability in cmsimple/cms.php in CMSimple 3.1, ...)
	NOT-FOR-US: CMSimple
CVE-2008-2649 (Multiple PHP remote file inclusion vulnerabilities in DesktopOnNet 3 B ...)
	NOT-FOR-US: DesktopOnNet
CVE-2008-2648 (Unrestricted file upload vulnerability in upload/uploader.html in meBi ...)
	NOT-FOR-US: meBiblio
CVE-2008-2647 (SQL injection vulnerability in admin/journal_change_mask.inc.php in me ...)
	NOT-FOR-US: meBiblio
CVE-2008-2646 (Multiple cross-site scripting (XSS) vulnerabilities in meBiblio 0.4.7  ...)
	NOT-FOR-US: meBiblio
CVE-2008-2645 (Multiple PHP remote file inclusion vulnerabilities in Brim (formerly B ...)
	NOT-FOR-US: Brim
CVE-2008-2644 (Multiple cross-site scripting (XSS) vulnerabilities in SMEWeb 1.4b and ...)
	NOT-FOR-US: SMEWeb
CVE-2008-2643 (SQL injection vulnerability in the Bible Study (com_biblestudy) compon ...)
	NOT-FOR-US: com_biblestudy component for Joomla!
CVE-2008-2642 (SQL injection vulnerability in login.php in OtomiGenX 2.2 allows remot ...)
	NOT-FOR-US: OtomiGenX
CVE-2008-2641 (Unspecified vulnerability in Adobe Reader and Acrobat 7.0.9 and earlie ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2008-2640 (Multiple cross-site scripting (XSS) vulnerabilities in the Flex 3 Hist ...)
	NOT-FOR-US: Adobe Flex
CVE-2008-2639 (Stack-based buffer overflow in the ODBC server service in Citect Citec ...)
	NOT-FOR-US: Citect CitectSCADA
CVE-2008-2638 (Static code injection vulnerability in guestbook.php in 1Book 1.0.1 an ...)
	NOT-FOR-US: 1Book
CVE-2008-2637 (Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass SSL ...)
	NOT-FOR-US: F5 FirePass SSL VPN
CVE-2008-2636 (The HTTP service on the Cisco Linksys WRH54G with firmware 1.01.03 all ...)
	NOT-FOR-US: Cisco firmware
CVE-2008-2635 (Multiple directory traversal vulnerabilities in BitKinex 2.9.3 allow r ...)
	NOT-FOR-US: BitKinex
CVE-2008-2634 (SQL injection vulnerability in index.asp in I-Pos Internet Pay Online  ...)
	NOT-FOR-US: I-Pos Internet Pay Online Store
CVE-2008-2633 (Multiple SQL injection vulnerabilities in the EXP JoomRadio (com_joomr ...)
	NOT-FOR-US: com_joomradio component for Joomla!
CVE-2008-2632 (SQL injection vulnerability in the acctexp (com_acctexp) component 0.1 ...)
	NOT-FOR-US: com_acctexp component for Joomla!
CVE-2008-2631 (The WordClient interface in Alt-N Technologies MDaemon 9.6.5 allows re ...)
	NOT-FOR-US: MDaemon
CVE-2008-2630 (SQL injection vulnerability in the JooBlog (com_jb2) component 0.1.1 f ...)
	NOT-FOR-US: com_jb2 component for Joomla!
CVE-2008-2629 (SQL injection vulnerability in the LifeType (formerly pLog) module for ...)
	NOT-FOR-US: LifeType module for Drupal
CVE-2008-2628 (SQL injection vulnerability in the eQuotes (com_equotes) component 0.9 ...)
	NOT-FOR-US: com_equotes component for Joomla!
CVE-2008-2627 (SQL injection vulnerability in the IDoBlog (com_idoblog) component b24 ...)
	NOT-FOR-US: com_idoblog for Joomla!
CVE-2008-2626 (SQL injection vulnerability in comment.asp in Battle Blog 1.25 and ear ...)
	NOT-FOR-US: Battle Blog
CVE-2008-2625 (Unspecified vulnerability in the Core RDBMS component in Oracle Databa ...)
	NOT-FOR-US: Oracle
CVE-2008-2624 (Unspecified vulnerability in the Oracle OLAP component in Oracle Datab ...)
	NOT-FOR-US: Oracle
CVE-2008-2623 (Unspecified vulnerability in the Oracle JDeveloper component in Oracle ...)
	NOT-FOR-US: Oracle Application Server
CVE-2008-2622 (Unspecified vulnerability in the PeopleSoft PeopleTools component in O ...)
	NOT-FOR-US: Oracle PeopleSoft Enterprise
CVE-2008-2621 (Unspecified vulnerability in the PeopleSoft PeopleTools component in O ...)
	NOT-FOR-US: Oracle PeopleSoft Enterprise
CVE-2008-2620 (Unspecified vulnerability in the PeopleSoft PeopleTools component in O ...)
	NOT-FOR-US: Oracle PeopleSoft Enterprise
CVE-2008-2619 (Unspecified vulnerability in the Oracle Reports Developer component in ...)
	NOT-FOR-US: Oracle
CVE-2008-2618 (Unspecified vulnerability in the PeopleSoft PeopleTools component in O ...)
	NOT-FOR-US: Oracle PeopleSoft Enterprise
CVE-2008-2617 (Unspecified vulnerability in the PeopleSoft PeopleTools component in O ...)
	NOT-FOR-US: Oracle PeopleSoft Enterprise
CVE-2008-2616 (Unspecified vulnerability in the PeopleSoft PeopleTools component in O ...)
	NOT-FOR-US: Oracle PeopleSoft Enterprise
CVE-2008-2615 (Unspecified vulnerability in the PeopleSoft PeopleTools component in O ...)
	NOT-FOR-US: Oracle PeopleSoft Enterprise
CVE-2008-2614 (Unspecified vulnerability in the Oracle HTTP Server component in Oracl ...)
	NOT-FOR-US: Oracle PeopleSoft Enterprise
CVE-2008-2613 (Unspecified vulnerability in the Database Scheduler component in Oracl ...)
	NOT-FOR-US: Oracle database
CVE-2008-2612 (Unspecified vulnerability in the Hyperion BI Plus component in Oracle  ...)
	NOT-FOR-US: Oracle database
CVE-2008-2611 (Unspecified vulnerability in the Core RDBMS component in Oracle Databa ...)
	NOT-FOR-US: Oracle database
CVE-2008-2610 (Unspecified vulnerability in the Oracle Applications Technology Stack  ...)
	NOT-FOR-US: Oracle database
CVE-2008-2609 (Unspecified vulnerability in the Oracle Portal component in Oracle App ...)
	NOT-FOR-US: Oracle database
CVE-2008-2608 (Unspecified vulnerability in the Data Pump component in Oracle Databas ...)
	NOT-FOR-US: Oracle database
CVE-2008-2607 (Unspecified vulnerability in the Advanced Queuing component in Oracle  ...)
	NOT-FOR-US: Oracle database
CVE-2008-2606 (Unspecified vulnerability in the Oracle Application Object Library com ...)
	NOT-FOR-US: Oracle database
CVE-2008-2605 (Unspecified vulnerability in the Authentication component in Oracle Da ...)
	NOT-FOR-US: Oracle database
CVE-2008-2604 (Unspecified vulnerability in the Authentication component in Oracle Da ...)
	NOT-FOR-US: Oracle database
CVE-2008-2603 (Unspecified vulnerability in the Resource Manager component in Oracle  ...)
	NOT-FOR-US: Oracle database
CVE-2008-2602 (Unspecified vulnerability in the Data Pump component in Oracle Databas ...)
	NOT-FOR-US: Oracle database
CVE-2008-2601 (Unspecified vulnerability in the Oracle iStore component in Oracle E-B ...)
	NOT-FOR-US: Oracle database
CVE-2008-2600 (Unspecified vulnerability in the Oracle Spatial component in Oracle Da ...)
	NOT-FOR-US: Oracle database
CVE-2008-2599 (Unspecified vulnerability in the TimesTen Client/Server component in O ...)
	NOT-FOR-US: Oracle database
CVE-2008-2598 (Unspecified vulnerability in the TimesTen Client/Server component in O ...)
	NOT-FOR-US: Oracle database
CVE-2008-2597 (Unspecified vulnerability in the TimesTen Client/Server component in O ...)
	NOT-FOR-US: Oracle database
CVE-2008-2596 (Unspecified vulnerability in the Mobile Application Server component i ...)
	NOT-FOR-US: Oracle database
CVE-2008-2595 (Unspecified vulnerability in the Oracle Internet Directory component i ...)
	NOT-FOR-US: Oracle database
CVE-2008-2594 (Unspecified vulnerability in the Oracle Portal component in Oracle App ...)
	NOT-FOR-US: Oracle database
CVE-2008-2593 (Unspecified vulnerability in the Oracle Portal component in Oracle App ...)
	NOT-FOR-US: Oracle database
CVE-2008-2592 (Unspecified vulnerability in the Advanced Replication component in Ora ...)
	NOT-FOR-US: Oracle database
CVE-2008-2591 (Unspecified vulnerability in the Oracle Database Vault component in Or ...)
	NOT-FOR-US: Oracle database
CVE-2008-2590 (Unspecified vulnerability in the Instance Management component in Orac ...)
	NOT-FOR-US: Oracle database
CVE-2008-2589 (Unspecified vulnerability in the Oracle Portal component in Oracle App ...)
	NOT-FOR-US: Oracle database
CVE-2008-2588 (Unspecified vulnerability in the Oracle JDeveloper component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2008-2587 (Unspecified vulnerability in the Advanced Replication component in Ora ...)
	NOT-FOR-US: Oracle database
CVE-2008-2586 (Unspecified vulnerability in the Oracle Application Object Library com ...)
	NOT-FOR-US: Oracle database
CVE-2008-2585 (Unspecified vulnerability in the Oracle Report Manager component in Or ...)
	NOT-FOR-US: Oracle database
CVE-2008-2584
	REJECTED
CVE-2008-2583 (Unspecified vulnerability in the sample Discussion Forum Portlet for t ...)
	NOT-FOR-US: Oracle database
CVE-2008-2582 (Unspecified vulnerability in the WebLogic Server component in Oracle B ...)
	NOT-FOR-US: BEA Product Suite
CVE-2008-2581 (Unspecified vulnerability in the WebLogic Server component in Oracle B ...)
	NOT-FOR-US: BEA Product Suite
CVE-2008-2580 (Unspecified vulnerability in the WebLogic Server component in Oracle B ...)
	NOT-FOR-US: BEA Product Suite
CVE-2008-2579 (Unspecified vulnerability in the WebLogic Server Plugins for Apache, S ...)
	NOT-FOR-US: BEA Product Suite
CVE-2008-2578 (Unspecified vulnerability in the WebLogic Server component in Oracle B ...)
	NOT-FOR-US: BEA Product Suite
CVE-2008-2577 (Unspecified vulnerability in the WebLogic Server component in Oracle B ...)
	NOT-FOR-US: BEA Product Suite
CVE-2008-2576 (Unspecified vulnerability in the WebLogic Server component in Oracle B ...)
	NOT-FOR-US: BEA Product Suite
CVE-2008-2574 (Unrestricted file upload vulnerability in admin/Editor/imgupload.php i ...)
	NOT-FOR-US: FlashBlog
CVE-2008-2573 (Stack-based buffer overflow in SFTP in freeSSHd 1.2.1 allows remote au ...)
	NOT-FOR-US: freeSSHd
CVE-2008-2572 (SQL injection vulnerability in php/leer_comentarios.php in FlashBlog a ...)
	NOT-FOR-US: FlashBlog
CVE-2008-2571 (Cross-site request forgery (CSRF) vulnerability in LimeSurvey (formerl ...)
	- limesurvey <itp> (bug #472802)
CVE-2008-2570 (Multiple unspecified vulnerabilities in LimeSurvey (formerly PHPSurvey ...)
	- limesurvey <itp> (bug #472802)
CVE-2008-2569 (SQL injection vulnerability in the EasyBook (com_easybook) component 1 ...)
	NOT-FOR-US: com_easybook component for Joomla!
CVE-2008-2568 (SQL injection vulnerability in the Simple Shop Galore (com_simpleshop) ...)
	NOT-FOR-US: com_simpleshop component for Joomla!
CVE-2008-2567 (Cross-site scripting (XSS) vulnerability in Fenriru Sleipnir 2.7.1 Rel ...)
	NOT-FOR-US: Fenriru Sleipnir
CVE-2008-2566 (Multiple cross-site scripting (XSS) vulnerabilities in PHP Address Boo ...)
	NOT-FOR-US: PHP Address Book
CVE-2008-2565 (Multiple SQL injection vulnerabilities in PHP Address Book 3.1.5 and e ...)
	NOT-FOR-US: PHP Address Book
CVE-2008-2564 (SQL injection vulnerability in the JotLoader (com_jotloader) component ...)
	NOT-FOR-US: com_jotloader component for Joomla!
CVE-2008-2563 (Multiple cross-site scripting (XSS) vulnerabilities in (1) dsp_main.ph ...)
	NOT-FOR-US: SamTodo
CVE-2008-2562 (SQL injection vulnerability in edCss.php in PowerPhlogger 2.2.5 and ea ...)
	NOT-FOR-US: PowerPhlogger
CVE-2008-2561 (Multiple cross-site scripting (XSS) vulnerabilities in 427BB 2.3.1 all ...)
	NOT-FOR-US: 427BB
CVE-2008-2560 (SQL injection vulnerability in showpost.php in 427BB 2.3.1 allows remo ...)
	NOT-FOR-US: 427BB
CVE-2008-2654 (Off-by-one error in the read_client function in webhttpd.c in Motion 3 ...)
	- motion 3.2.9-3 (low; bug #484572)
	[etch] - motion <no-dsa> (minor issue)
CVE-2008-2667 (SQL injection vulnerability in the Courier Authentication Library (aka ...)
	{DSA-1688-1}
	- courier-authlib 0.60.1-2.1 (bug #485424)
CVE-2008-XXXX [missing sanity checks allow DoS via mis-formated timestamp]
	- evolution 2.22.2-1.1 (low; bug #484639)
	[etch] - evolution <no-dsa> (Minor issue)
CVE-2008-2559 (Integer overflow in Borland Interbase 2007 SP2 (8.1.0.256) allows remo ...)
	NOT-FOR-US: Borland Interbase
CVE-2008-2558 (CRE Loaded 6.2.13.1 and earlier does not set the "Secure" attribute fo ...)
	NOT-FOR-US: CRE Loaded
CVE-2008-2557 (Cross-site scripting (XSS) vulnerability in CRE Loaded 6.2.13.1 and ea ...)
	NOT-FOR-US: CRE Loaded
CVE-2008-2556 (SQL injection vulnerability in read.php in PHP Visit Counter 0.4 and e ...)
	NOT-FOR-US: PHP Visit Counter
CVE-2008-2555 (SQL injection vulnerability in index.php in EasyWay CMS allows remote  ...)
	NOT-FOR-US: EasyWay CMS
CVE-2008-2554 (Multiple SQL injection vulnerabilities in BP Blog 6.0 allow remote att ...)
	NOT-FOR-US: BP Blog
CVE-2008-2553 (Cross-site scripting (XSS) vulnerability in Slashdot Like Automated St ...)
	{DSA-1633-1}
	- slash 2.2.6-8etch1 (low; bug #484499)
	NOTE: See CVE-2008-2231
	NOTE: maintainer wants to remove package from unstable and move to experimental
CVE-2008-2552 (Unspecified vulnerability in the Service Tag Registry on Sun Solaris 1 ...)
	NOT-FOR-US: Sun Solaris
CVE-2008-2551 (The DownloaderActiveX Control (DownloaderActiveX.ocx) in Icona SpA C6  ...)
	NOT-FOR-US: DownloaderActiveX Control
CVE-2008-2550 (Unspecified vulnerability in the Web Services Security component in IB ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2008-2549 (Adobe Acrobat Reader 8.1.2 and earlier, and before 7.1.1, allows remot ...)
	NOT-FOR-US: Acrobat Reader
CVE-2008-2548 (Stack-based buffer overflow in the JPEG thumbprint component in the EX ...)
	NOT-FOR-US: JPEG thumbprint component in the EXIF parser on Motorola cell phones
CVE-2008-2547 (Stack-based buffer overflow in msiexec.exe 3.1.4000.1823 and 4.5.6001. ...)
	NOT-FOR-US: Microsoft Windows Installer
CVE-2008-2546
	REJECTED
CVE-2008-2545 (Skype 3.6.0.248, and other versions before 3.8.0.139, uses a case-sens ...)
	NOT-FOR-US: Skype
CVE-2008-2544 (Mounting /proc filesystem via chroot command silently mounts it in rea ...)
	- linux <unfixed> (unimportant)
	NOTE: non-issue, cf. https://bugzilla.redhat.com/show_bug.cgi?id=449089#c22
CVE-2008-2543 (The ooh323 channel driver in Asterisk Addons 1.2.x before 1.2.9 and As ...)
	- asterisk-addons 1.4.7-1 (bug #484796)
CVE-2008-2542 (Stack-based buffer overflow in the getline function in Ppm/ppm.C in NA ...)
	NOT-FOR-US: NASA Ames Research Center BigView
CVE-2008-2541 (Multiple stack-based buffer overflows in the HTTP Gateway Service (ici ...)
	NOT-FOR-US: CA eTrust
CVE-2008-2540 (Apple Safari on Mac OS X, and before 3.1.2 on Windows, does not prompt ...)
	NOT-FOR-US: Apple Safari
CVE-2008-2539 (The Sun Cluster Global File System in Sun Cluster 3.1 on Sun Solaris 8 ...)
	NOT-FOR-US: Sun Solaris 8
CVE-2008-2538 (Unspecified vulnerability in crontab on Sun Solaris 8 through 10, and  ...)
	NOT-FOR-US: Sun Solaris 8
CVE-2008-2537 (SQL injection vulnerability in cat.php in HispaH Model Search allows r ...)
	NOT-FOR-US: HispaH Model Search
CVE-2008-2536 (SQL injection vulnerability in out.php in YABSoft Advanced Image Hosti ...)
	NOT-FOR-US: YABSoft Advanced Image
CVE-2008-2535 (Multiple SQL injection vulnerabilities in Phoenix View CMS Pre Alpha2  ...)
	NOT-FOR-US: Phoenix View CMS Pre Alpha2
CVE-2008-2534 (Directory traversal vulnerability in admin/admin_frame.php in Phoenix  ...)
	NOT-FOR-US: Phoenix View CMS Pre Alpha2
CVE-2008-2533 (Multiple cross-site scripting (XSS) vulnerabilities in Phoenix View CM ...)
	NOT-FOR-US: Phoenix View CMS Pre Alpha2
CVE-2008-2532 (SQL injection vulnerability in forum/topic_detail.php in AJ Square aj- ...)
	NOT-FOR-US: AJ Square aj-hyip
CVE-2008-2531 (Cross-site scripting (XSS) vulnerability in the search script in Build ...)
	NOT-FOR-US: Build A Niche Store
CVE-2008-2530 (Multiple SQL injection vulnerabilities in Concepts &amp; Solutions Qui ...)
	NOT-FOR-US: Concepts & Solutions QuickUpCMS
CVE-2008-2529 (SQL injection vulnerability in read.php in Advanced Links Management ( ...)
	NOT-FOR-US: Advanced Links Management
CVE-2008-2528 (Unspecified vulnerability in Citrix Access Gateway Standard Edition 4. ...)
	NOT-FOR-US: Citrix Access Gateway Standard Edition
CVE-2008-2527 (Cross-site scripting (XSS) vulnerability in view.php in ActualScripts  ...)
	NOT-FOR-US: ActualScripts ActualAnalyzer Server
CVE-2008-2526 (Cross-site scripting (XSS) vulnerability in the WT Gallery (aka wt_gal ...)
	NOT-FOR-US: WT Gallery
CVE-2008-2525 (Cross-site scripting (XSS) vulnerability in the Event Database (aka rl ...)
	NOT-FOR-US: typo3 extension Event Database
CVE-2008-2524 (BlogPHP 2.0 allows remote attackers to bypass authentication, and post ...)
	NOT-FOR-US: BlogPHP
CVE-2008-2523 (SQL injection vulnerability in the Autopatcher server plugin in RakNet ...)
	NOT-FOR-US: RakNet
CVE-2008-2522 (SQL injection vulnerability in members.php in Battle.net Clan Script f ...)
	NOT-FOR-US: Battle.net Clan Script
CVE-2008-2521 (SQL injection vulnerability in members.php in YABSoft Mega File Hostin ...)
	NOT-FOR-US: YABSoft Mega File
CVE-2008-2520 (Multiple PHP remote file inclusion vulnerabilities in BigACE 2.4, when ...)
	NOT-FOR-US: BigACE
CVE-2008-2519 (Directory traversal vulnerability in Core FTP client 2.1 Build 1565 al ...)
	NOT-FOR-US: Core FTP client
CVE-2008-2518 (Cross-site scripting (XSS) vulnerability in the advanced search mechan ...)
	NOT-FOR-US: Sun Java System Web Server
CVE-2008-2517 (The sarab.sh script in SaraB before 0.2.4 places the dar program's enc ...)
	NOT-FOR-US: SaraB
CVE-2008-2515 (Unspecified vulnerability in iostat in IBM AIX 5.2, 5.3, and 6.1 allow ...)
	NOT-FOR-US: IBM AIX
CVE-2008-2514 (Buffer overflow in errpt in IBM AIX 5.2, 5.3, and 6.1 allows local use ...)
	NOT-FOR-US: IBM AIX
CVE-2008-2513 (Buffer overflow in the kernel in IBM AIX 5.2, 5.3, and 6.1 allows loca ...)
	NOT-FOR-US: IBM AIX
CVE-2008-2512 (Directory traversal vulnerability in Symantec Backup Exec System Recov ...)
	NOT-FOR-US: Symantec Backup Exec System Recovery Manager
CVE-2008-2511 (Directory traversal vulnerability in the UmxEventCli.CachedAuditDataLi ...)
	NOT-FOR-US: CA Internet Security Suite
CVE-2008-2510 (SQL injection vulnerability in wp-uploadfile.php in the Upload File pl ...)
	NOT-FOR-US: Upload File plugin for WordPress
CVE-2008-2509 (SQL injection vulnerability in pwd.asp in Excuse Online allows remote  ...)
	NOT-FOR-US: Excuse Online
CVE-2008-2508 (Cross-site scripting (XSS) vulnerability in news.php in Tr Script News ...)
	NOT-FOR-US: Tr Script News
CVE-2008-2507 (Cross-site scripting (XSS) vulnerability in Calcium40.pl in Brown Bear ...)
	NOT-FOR-US: Brown Bear Software Calcium
CVE-2008-2506 (Multiple SQL injection vulnerabilities in Simpel Side Weblosning 1 thr ...)
	NOT-FOR-US: Simpel Side Weblosning
CVE-2008-2505 (Cross-site scripting (XSS) vulnerability in result.php in Simpel Side  ...)
	NOT-FOR-US: Simpel Side Weblosning
CVE-2008-2504 (Multiple SQL injection vulnerabilities in Simpel Side Netbutik 1 throu ...)
	NOT-FOR-US: Simpel Side Netbutik
CVE-2008-2503 (Buffer overflow in Uploadlist in eMule X-Ray before 1.4 has unknown im ...)
	NOT-FOR-US: eMule X-Ray
CVE-2008-2502 (Unspecified vulnerability in the web server in eMule X-Ray before 1.4  ...)
	NOT-FOR-US: eMule X-Ray
CVE-2008-2501 (Multiple SQL injection vulnerabilities in PHPhotoalbum 0.5 allow remot ...)
	NOT-FOR-US: PHPhotoalbum
CVE-2008-2500 (Cross-site scripting (XSS) vulnerability in the MOStlyContent Editor ( ...)
	NOT-FOR-US: MOStlyContent Editor
CVE-2008-2499 (Stack-based buffer overflow in the Community Services Multiplexer (aka ...)
	NOT-FOR-US: Community Services Multiplexer
CVE-2008-2498 (Multiple SQL injection vulnerabilities in index.php in Mambo before 4. ...)
	NOT-FOR-US: Mambo
CVE-2008-2497 (CRLF injection vulnerability in Mambo before 4.6.4 allows remote attac ...)
	NOT-FOR-US: Mambo
CVE-2008-2496 (Multiple cross-site scripting (XSS) vulnerabilities in Quate CMS 0.3.4 ...)
	NOT-FOR-US: Quate CMS
CVE-2008-2495 (Directory traversal vulnerability in index.php in Zina 1.0 RC3 allows  ...)
	NOT-FOR-US: Zina
CVE-2008-2494 (Cross-site scripting (XSS) vulnerability in index.php in Zina 1.0 RC3  ...)
	NOT-FOR-US: Zina
CVE-2008-2493 (Cross-site scripting (XSS) vulnerability in post3/Book.asp in Campus B ...)
	NOT-FOR-US: Campus Bulletin Board
CVE-2008-2492 (Multiple SQL injection vulnerabilities in Campus Bulletin Board 3.4 al ...)
	NOT-FOR-US: Campus Bulletin Board
CVE-2008-2491 (SQL injection vulnerability in adv_cat.php in AbleSpace 1.0 allows rem ...)
	NOT-FOR-US: AbleSpace
CVE-2008-2490 (Cross-site scripting (XSS) vulnerability in the KJ Image Lightbox 2 (a ...)
	NOT-FOR-US: KJ Image Lightbox 2
CVE-2008-2489 (SQL injection vulnerability in the Library for Frontend Plugins (aka s ...)
	NOT-FOR-US: Library for Frontend Plugins sg_zfelib
CVE-2008-2488 (admin/userform.php in RoomPHPlanning 1.5 does not require administrati ...)
	NOT-FOR-US: RoomPHPlanning
CVE-2008-2487 (SQL injection vulnerability in index.php in MAXSITE 1.10 and earlier a ...)
	NOT-FOR-US: MAXSITE
CVE-2008-2486 (Unspecified vulnerability in eMule Plus before 1.2d has unknown impact ...)
	- amule <not-affected> (Different code)
CVE-2008-2485 (Cross-site scripting (XSS) vulnerability in the URL redirection script ...)
	NOT-FOR-US: PCPIN chat
CVE-2008-2484 (SQL injection vulnerability in index.php in Xomol CMS 1.20071213, when ...)
	NOT-FOR-US: Xomol CMS
CVE-2008-2483 (Directory traversal vulnerability in index.php in Xomol CMS 1.20071213 ...)
	NOT-FOR-US: Xomol CMS
CVE-2008-2482 (Directory traversal vulnerability in install_mod.php in insanevisions  ...)
	NOT-FOR-US: OneCMS
CVE-2008-2481 (PHP remote file inclusion vulnerability in authentication/phpbb3/phpbb ...)
	NOT-FOR-US: phpRaider
CVE-2008-2480 (PHP remote file inclusion vulnerability in plus.php in plusPHP Short U ...)
	NOT-FOR-US: plusPHP
CVE-2008-2479 (Multiple SQL injection vulnerabilities in phpFix 2.0 allow remote atta ...)
	NOT-FOR-US: phpFix
CVE-2008-2478
	NOT-FOR-US: cPanel
CVE-2008-2477 (SQL injection vulnerability in index.php in MxBB (aka MX-System) Porta ...)
	NOT-FOR-US: MxBB (MX-System)
CVE-2008-2476 (The IPv6 Neighbor Discovery Protocol (NDP) implementation in (1) FreeB ...)
	- kfreebsd-7 7.0-6
	NOTE: IPv6 NDP flaw not affecting Linux
CVE-2008-2475 (eBay Enhanced Picture Uploader ActiveX control (EPUWALcontrol.dll) bef ...)
	NOT-FOR-US: eBay Enhanced Picture Uploader ActiveX control
CVE-2008-2474 (Buffer overflow in x87 before 3.5.5 in ABB Process Communication Unit  ...)
	NOT-FOR-US: ABB Process Communication Unit
CVE-2008-2473
	RESERVED
CVE-2008-2472
	RESERVED
CVE-2008-2471
	RESERVED
CVE-2008-2470 (The InstallShield Update Service Agent ActiveX control in isusweb.dll  ...)
	NOT-FOR-US: InstallShield
CVE-2008-2469 (Heap-based buffer overflow in the SPF_dns_resolv_lookup function in Sp ...)
	{DSA-1659-1 DTSA-172-1}
	- libspf2 1.2.9-1 (high)
CVE-2008-2468 (Multiple buffer overflows in the QIP Server Service (aka qipsrvr.exe)  ...)
	NOT-FOR-US: LANDesk Management Suite
CVE-2008-2467
	RESERVED
CVE-2008-2466
	RESERVED
CVE-2008-2465
	RESERVED
CVE-2008-2464 (The mld_input function in sys/netinet6/mld6.c in the kernel in NetBSD  ...)
	NOT-FOR-US: NetBSD
CVE-2008-2463 (The Microsoft Office Snapshot Viewer ActiveX control in snapview.ocx 1 ...)
	NOT-FOR-US: Microsoft Office Snapshot Viewer ActiveX
CVE-2008-2462 (Cross-site scripting (XSS) vulnerability in the viewfile documentation ...)
	NOT-FOR-US: Caucho Resin
CVE-2008-2461 (SQL injection vulnerability in index.php in Netious CMS 0.4 allows rem ...)
	NOT-FOR-US: Netious
CVE-2008-2460 (SQL injection vulnerability in faq.php in vBulletin 3.7.0 Gold allows  ...)
	NOT-FOR-US: vBulletin
CVE-2008-2459 (Directory traversal vulnerability in page.php in EntertainmentScript 1 ...)
	NOT-FOR-US: EntertainmentScript
CVE-2008-2458 (Cross-site scripting (XSS) vulnerability in index.php in Starsgames Co ...)
	NOT-FOR-US: Starsgames
CVE-2008-2457 (SQL injection vulnerability in jokes_category.php in PHP-Jokesite 2.0  ...)
	NOT-FOR-US: PHP-Jokesite
CVE-2008-2456 (SQL injection vulnerability in index.php in ComicShout 2.5 and earlier ...)
	NOT-FOR-US: ComicShout
CVE-2008-2455 (SQL injection vulnerability in comment.php in the MacGuru BLOG Engine  ...)
	NOT-FOR-US: MacGuru BLOG Engine
CVE-2008-2454 (SQL injection vulnerability in the xsstream-dm (com_xsstream-dm) compo ...)
	NOT-FOR-US: xsstream-dm
CVE-2008-2453 (Multiple SQL injection vulnerabilities in PHP Classifieds Script allow ...)
	NOT-FOR-US: PHP Classifieds Script
CVE-2008-2452 (Cross-site scripting (XSS) vulnerability in the Questionaire (aka pbsu ...)
	NOT-FOR-US: Questionaire pbsurvey
CVE-2008-2451 (Multiple SQL injection vulnerabilities in the Statistics (aka ke_stats ...)
	NOT-FOR-US: Statistics ke_stats
CVE-2008-2450 (Multiple cross-site scripting (XSS) vulnerabilities in the Statistics  ...)
	NOT-FOR-US: Statistics ke_stats
CVE-2008-2449 (Multiple cross-site scripting (XSS) vulnerabilities in Isaac McGowan p ...)
	NOT-FOR-US: phpInstantGallery
CVE-2008-2448 (Multiple SQL injection vulnerabilities in Meto Forum 1.1 allow remote  ...)
	NOT-FOR-US: Meto Forum
CVE-2008-2447 (SQL injection vulnerability in products.php in the Mytipper ZoGo-shop  ...)
	NOT-FOR-US: Mytipper ZoGo-shop
CVE-2008-2446 (Multiple SQL injection vulnerabilities in Web Group Communication Cent ...)
	NOT-FOR-US: Web Group Communication Center
CVE-2008-2445 (Cross-site scripting (XSS) vulnerability in profile.php in Web Group C ...)
	NOT-FOR-US: Web Group Communication Center
CVE-2008-2444 (SQL injection vulnerability in userreg.php in CaLogic Calendars 1.2.2  ...)
	NOT-FOR-US: CaLogic Calendars
CVE-2008-2443 (SQL injection vulnerability in dpage.php in The Real Estate Script all ...)
	NOT-FOR-US: Real Estate Script
CVE-2008-2442
	RESERVED
CVE-2008-2441 (Cisco Secure ACS 3.x before 3.3(4) Build 12 patch 7, 4.0.x, 4.1.x befo ...)
	NOT-FOR-US: Cisco Secure ACS
CVE-2008-2440
	RESERVED
CVE-2008-2439 (Directory traversal vulnerability in the UpdateAgent function in TmLis ...)
	NOT-FOR-US: Trend Micro OfficeScan
CVE-2008-2438 (Integer overflow in ovalarmsrv.exe in HP OpenView Network Node Manager ...)
	NOT-FOR-US: HP OpenView
CVE-2008-2437 (Stack-based buffer overflow in cgiRecvFile.exe in Trend Micro OfficeSc ...)
	NOT-FOR-US: Trend Micro OfficeScan
CVE-2008-2436 (Multiple heap-based buffer overflows in the IppCreateServerRef functio ...)
	NOT-FOR-US: Novell iPrint Client
CVE-2008-2435 (Use-after-free vulnerability in the Trend Micro HouseCall ActiveX cont ...)
	NOT-FOR-US: ActiveX
CVE-2008-2434 (The Trend Micro HouseCall ActiveX control 6.51.0.1028 and 6.6.0.1278 i ...)
	NOT-FOR-US: ActiveX
CVE-2008-2433 (The web management console in Trend Micro OfficeScan 7.0 through 8.0,  ...)
	NOT-FOR-US: Trend Micro OfficeScan
CVE-2008-2432 (Insecure method vulnerability in the GetFileList method in an unspecif ...)
	NOT-FOR-US: Novell iPrint
CVE-2008-2431 (Multiple buffer overflows in Novell iPrint Client before 5.06 allow re ...)
	NOT-FOR-US: Novell iPrint
CVE-2008-2430 (Integer overflow in the Open function in modules/demux/wav.c in VLC Me ...)
	{DSA-1819-1 DTSA-148-1}
	- vlc 0.8.6.h-1 (medium; bug #489004)
CVE-2008-2429 (Multiple SQL injection vulnerabilities in Calendarix Basic 0.8.2007111 ...)
	NOT-FOR-US: Calendarix
CVE-2008-2428 (Multiple SQL injection vulnerabilities in TorrentTrader 1.08 Classic a ...)
	NOT-FOR-US: TorrentTrader
CVE-2008-2427 (Stack-based buffer overflow in NConvert 4.92, GFL SDK 2.82, and XnView ...)
	NOT-FOR-US: NConvert, GFL SDK, XnView
CVE-2008-2426 (Multiple stack-based buffer overflows in Imlib 2 (aka imlib2) 1.4.0 al ...)
	{DSA-1594-1}
	- imlib2 1.4.0-1.1 (medium; bug #483816)
	- imlib <not-affected> (Partly not present / partly fixed)
CVE-2008-2425 (SQL injection vulnerability in index.php in FicHive 1.0 allows remote  ...)
	NOT-FOR-US: FicHive
CVE-2008-2422 (SQL injection vulnerability in index.php in Web Slider 0.6 allows remo ...)
	NOT-FOR-US: Web Slider
CVE-2008-2421 (Cross-site scripting (XSS) vulnerability in the Web GUI in SAP Web App ...)
	NOT-FOR-US: Web GUI in SAP Web Application Server (WAS)
CVE-2008-2419 (Mozilla Firefox 2.0.0.14 allows remote attackers to cause a denial of  ...)
	NOTE: Mozilla bug 435130, not reproducible by upstream, Debian bug #484484
CVE-2008-2418 (Race condition in the STREAMS Administrative Driver (sad) in Sun Solar ...)
	NOT-FOR-US: STREAMS Administrative Driver SUN
CVE-2008-2417 (SQL injection vulnerability in showQAnswer.asp in How2ASP.net Webboard ...)
	NOT-FOR-US: Webboard
CVE-2008-2416 (SQL injection vulnerability in index.php in FicHive 1.0 allows remote  ...)
	NOT-FOR-US: FicHive
CVE-2008-2415 (Directory traversal vulnerability in template/purpletech/base_include. ...)
	NOT-FOR-US: DigitalHive
CVE-2008-2414 (Cross-site scripting (XSS) vulnerability in send_email.php in AN Guest ...)
	NOT-FOR-US: AN Guestbook
CVE-2008-2413 (Cross-site scripting (XSS) vulnerability in glossaire.php in ACGV News ...)
	NOT-FOR-US: ACGV News
CVE-2008-2412 (SQL injection vulnerability in glossaire.php in ACGV News 0.9.1 allows ...)
	NOT-FOR-US: ACGV News
CVE-2008-2411 (SQL injection vulnerability in index.php in SazCart 1.5.1 and earlier, ...)
	NOT-FOR-US: SazCart
CVE-2008-2410 (Cross-site scripting (XSS) vulnerability in the servlet engine and Web ...)
	NOT-FOR-US: Web Server service in IBM Lotus Domino
CVE-2008-2409 (Stack-based buffer overflow in Cerulean Studios Trillian before 3.1.10 ...)
	NOT-FOR-US: Cerulean Studios Trillian
CVE-2008-2408 (Heap-based buffer overflow in the XML parsing functionality in talk.dl ...)
	NOT-FOR-US: Cerulean Studios Trillian
CVE-2008-2407 (Stack-based buffer overflow in AIM.DLL in Cerulean Studios Trillian be ...)
	NOT-FOR-US: Cerulean Studios Trillian
CVE-2008-2406 (The administration application server in Sun Java Active Server Pages  ...)
	NOT-FOR-US: Sun Java System Active Server Pages
CVE-2008-2405 (Sun Java Active Server Pages (ASP) Server before 4.0.3 allows remote a ...)
	NOT-FOR-US: Sun Java System Active Server Pages
CVE-2008-2404 (Stack-based buffer overflow in the request handling implementation in  ...)
	NOT-FOR-US: Sun Java System Active Server Pages
CVE-2008-2403 (Multiple directory traversal vulnerabilities in unspecified ASP applic ...)
	NOT-FOR-US: Sun Java System Active Server Pages
CVE-2008-2402 (The Admin Server in Sun Java Active Server Pages (ASP) Server before 4 ...)
	NOT-FOR-US: Sun Java System Active Server Pages
CVE-2008-2401 (The Admin Server in Sun Java Active Server Pages (ASP) Server before 4 ...)
	NOT-FOR-US: Sun Java System Active Server Pages
CVE-2008-2400 (Unspecified vulnerability in stunnel before 4.23, when running as a se ...)
	- stunnel4 <not-affected> (Windows specific issue)
CVE-2008-2399 (Directory traversal vulnerability in the FireFTP add-on before 0.98.20 ...)
	NOT-FOR-US: FireFTP
CVE-2008-2575 (cbrPager before 0.9.17 allows user-assisted remote attackers to execut ...)
	- cbrpager 0.9.17-1 (low; bug #482853)
	[etch] - cbrpager 0.9.14-3+etch1
	NOTE: Minor issue fixed in 4.0r4 point release
CVE-2008-XXXX [resizing the monitor with xrandr can crash xscreensaver]
	- xscreensaver 5.05-3 (unimportant; bug #482385)
CVE-2008-2516 (pam_sm_authenticate in pam_pgsql.c in libpam-pgsql 0.6.3 does not prop ...)
	- pam-pgsql 0.6.3-2 (medium; bug #481970)
	[etch] - pam-pgsql <not-affected> (Vulnerable code not present)
	NOTE: pam_pgsql is not configured as "sufficient" in Debian default configuration
CVE-2008-2424 (Unspecified vulnerability in the 404 error page for the "Standard demo ...)
	- interchange 5.5.1 (low; bug #482636)
CVE-2008-2423 (Unspecified vulnerability in Interchange before 5.6.0 and before 5.5.2 ...)
	- interchange 5.5.1 (low; bug #482636)
CVE-2008-2420 (The OCSP functionality in stunnel before 4.24 does not properly search ...)
	- stunnel4 3:4.22-1.1 (low; bug #482644)
CVE-2008-2398 (Cross-site scripting (XSS) vulnerability in index.php in AppServ Open  ...)
	NOT-FOR-US: AppServ Open Project
CVE-2008-2397 (Cross-site scripting (XSS) vulnerability in search-results.dot in dotC ...)
	NOT-FOR-US: dotCMS
CVE-2008-2396 (PHP remote file inclusion vulnerability in index.php in Wajox Software ...)
	NOT-FOR-US: microSSys
CVE-2008-2395 (SQL injection vulnerability in thread.php in AlkalinePHP 0.80.00 beta  ...)
	NOT-FOR-US: AlkalinePHP
CVE-2008-2394 (Multiple SQL injection vulnerabilities in TAGWORX.CMS 3.00.02 allow re ...)
	NOT-FOR-US: TAGWORX.CMS
CVE-2008-2393 (SQL injection vulnerability in play.php in EntertainmentScript 1.4.0 a ...)
	NOT-FOR-US: EntertainmentScript
CVE-2008-2392 (Unrestricted file upload vulnerability in WordPress 2.5.1 and earlier  ...)
	- wordpress 2.5.1-4 (low; bug #485807)
	[etch] - wordpress <not-affected> (Vulnerable code not present)
	NOTE: Unrestricted file upload vulnerability was introduced in 2.3.0
CVE-2008-2391 (SubSonic allows remote attackers to bypass pagesize limits and cause a ...)
	NOT-FOR-US: SubSonic
CVE-2008-2390 (Hpufunction.dll 4.0.0.1 in HP Software Update exposes the unsafe (1) E ...)
	NOT-FOR-US: HP Software Update
CVE-2008-2389 (opensuse-updater in openSUSE 10.2 allows local users to access arbitra ...)
	NOT-FOR-US: opensuse-updater
CVE-2008-2388 (Multiple off-by-one errors in opensuse-updater in openSUSE 10.2 have u ...)
	NOT-FOR-US: opensuse-updater
CVE-2008-2387
	RESERVED
CVE-2008-2386
	RESERVED
CVE-2008-2385
	RESERVED
CVE-2008-2384 (SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql  ...)
	- mod-auth-mysql 4.3.9-11 (medium)
CVE-2008-2383 (CRLF injection vulnerability in xterm allows user-assisted attackers t ...)
	{DSA-1694-1 DTSA-182-1}
	- xterm 238-2 (medium; bug #510030)
CVE-2008-2382 (The protocol_client_msg function in vnc.c in the VNC server in (1) Qem ...)
	- qemu 0.9.1-9
	[etch] - qemu <not-affected> (Tested by maintainer)
	- kvm 72+dfsg-4
	- xen-unstable <not-affected> (Vulnerable code not present)
	- xen-3 <not-affected> (Vulnerable code not present)
CVE-2008-2381 (SQL injection vulnerability in the create function in common/include/G ...)
	{DSA-1698-1}
	- gforge 4.7~rc2-7
CVE-2008-2380 (SQL injection vulnerability in authpgsqllib.c in Courier-Authlib befor ...)
	{DSA-1688-1 DTSA-180-1}
	- courier-authlib 0.61.0-1+lenny1
CVE-2008-2379 (Cross-site scripting (XSS) vulnerability in SquirrelMail before 1.4.17 ...)
	{DSA-1682-1}
	- squirrelmail 2:1.4.15-4
CVE-2008-2378 (Untrusted search path vulnerability in hfkernel in hf 0.7.3 and 0.8 al ...)
	{DSA-1668-1}
	- hf 0.8-8.1 (medium; bug #504182)
CVE-2008-2377 (Use-after-free vulnerability in the _gnutls_handshake_hash_buffers_cle ...)
	- gnutls26 2.4.1-1 (medium)
	- gnutls13 <not-affected> (Problem was introduced in 2.3.5)
CVE-2008-2376 (Integer overflow in the rb_ary_fill function in array.c in Ruby before ...)
	{DSA-1618-1 DSA-1612-1}
	- ruby1.9 1.9.0.2-2
	- ruby1.8 1.8.7.22-2
	NOTE: https://www.openwall.com/lists/oss-security/2008/07/02/3
CVE-2008-2375 (Memory leak in a certain Red Hat deployment of vsftpd before 2.0.5 on  ...)
	- vsftpd <not-affected> (debian versions all include the fix)
CVE-2008-2374 (src/sdp.c in bluez-libs 3.30 in BlueZ, and other bluez-libs before 3.3 ...)
	- bluez-libs 3.34 (low)
	[etch] - bluez-libs <no-dsa> (Minor issue)
	- bluez-utils 3.34 (low)
	[etch] - bluez-utils <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-2374
CVE-2008-2373
	REJECTED
CVE-2008-2372 (The Linux kernel 2.6.24 and 2.6.25 before 2.6.25.9 allows local users  ...)
	- linux-2.6 2.6.26-1
	[etch] - linux-2.6 <not-affected> (Introduced between 2.6.23 and 2.6.24)
	- linux-2.6.24 2.6.24-6~etchnhalf.4
	NOTE: IMO this is a lack of optimisation, not a security issue? - jmm
	NOTE: 89f5b7da2a6bad2e84670422ab8192382a5aeb9f
CVE-2008-2371 (Heap-based buffer overflow in pcre_compile.c in the Perl-Compatible Re ...)
	{DSA-1602-1 DTSA-145-1}
	- pcre3 7.6-2.1 (medium; bug #488919)
CVE-2008-2370 (Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 th ...)
	- tomcat5.5 5.5.26-4 (bug #494504)
CVE-2008-2369 (manzier.pxt in Red Hat Network Satellite Server before 5.1.1 has a har ...)
	NOT-FOR-US: Red Hat Network Satellite Server
CVE-2008-2368 (Red Hat Certificate System 7.2 stores passwords in cleartext in the Us ...)
	NOT-FOR-US: Red Hat Certificate System
CVE-2008-2367 (Red Hat Certificate System 7.2 uses world-readable permissions for pas ...)
	NOT-FOR-US: Red Hat Certificate System
CVE-2008-2366 (Untrusted search path vulnerability in a certain Red Hat build script  ...)
	- openoffice.org <not-affected> (RedHat-specific packaging flaw)
CVE-2008-2365 (Race condition in the ptrace and utrace support in the Linux kernel 2. ...)
	- linux-2.6 2.6.17
	NOTE: 5ecfbae093f0c37311e89b29bfc0c9d586eace87 f5b40e363ad6041a96e3da32281d8faa191597b9
	NOTE: f358166a9405e4f1d8e50d8f415c26d95505b6de
CVE-2008-2364 (The ap_proxy_http_process_response function in mod_proxy_http.c in the ...)
	- apache2 2.2.9-1 (low)
	[etch] - apache2 2.2.3-4+etch6
	- apache <not-affected> (vulnerable code not present)
CVE-2008-2363 (The PartsBatch class in Pan 0.132 and earlier does not properly manage ...)
	- pan 0.132-3.1 (bug #483562)
	[etch] - pan <not-affected> (Vulnerable code not added until 0.130)
	NOTE: see http://svn.gnome.org/viewvc/pan2/trunk/pan/data/parts.cc?view=log&pathrev=286
CVE-2008-2362 (Multiple integer overflows in the Render extension in the X server 1.4 ...)
	{DSA-1595-1 DTSA-141-1}
	- xorg-server 2:1.4.1~git20080517-2
CVE-2008-2361 (Integer overflow in the ProcRenderCreateCursor function in the Render  ...)
	{DSA-1595-1 DTSA-141-1}
	- xorg-server 2:1.4.1~git20080517-2
CVE-2008-2360 (Integer overflow in the AllocateGlyph function in the Render extension ...)
	{DSA-1595-1 DTSA-141-1}
	- xorg-server 2:1.4.1~git20080517-2
CVE-2008-2359 (The default configuration of consolehelper in system-config-network be ...)
	NOT-FOR-US: system-config-network Fedora
CVE-2008-2358 (Integer overflow in the dccp_feat_change function in net/dccp/feat.c i ...)
	{DSA-1592-1}
	- linux-2.6 2.6.20-1
	NOTE: DCCP feature sanitising was introduced in 2.6.20
	NOTE: this version casts sizeof to int. This is a module, not a compiled in feature in Debian
CVE-2008-2357 (Stack-based buffer overflow in the split_redraw function in split.c in ...)
	{DSA-1587-1}
	- mtr 0.73-1
CVE-2008-2356 (SQL injection vulnerability in index.php in Archangel Weblog 0.90.02 a ...)
	NOT-FOR-US: Archangel Weblog
CVE-2008-2355 (Directory traversal vulnerability in index.php in WR-Meeting 1.0, when ...)
	NOT-FOR-US: WR-Meeting
CVE-2008-2354 (Unspecified vulnerability in the data export function in testMaker bef ...)
	NOT-FOR-US: testMaker
CVE-2008-2353 (Directory traversal vulnerability in admin.php in GNU/Gallery 1.1.1.0  ...)
	NOT-FOR-US: GNU/Gallery
CVE-2008-2352 (Directory traversal vulnerability in index.php in Smeego 1.0, when mag ...)
	NOT-FOR-US: Smeego
CVE-2008-2351 (Multiple SQL injection vulnerabilities in index.php in CMS WebManager- ...)
	NOT-FOR-US: WebManager-Pro
CVE-2008-2350 (Directory traversal vulnerability in highlight.php in bcoos 1.0.9 thro ...)
	NOT-FOR-US: bcoos
CVE-2008-2349 (Zomplog 3.8.2 and earlier allows remote attackers to gain administrati ...)
	NOT-FOR-US: Zomplog
CVE-2008-2348 (MeltingIce File System 1.0 allows remote attackers to bypass applicati ...)
	NOT-FOR-US: MeltingIce File System
CVE-2008-2347 (MyPicGallery 1.0 allows remote attackers to bypass application authent ...)
	NOT-FOR-US: MyPicGallery
CVE-2008-2346 (AlkalinePHP 0.77.35 and earlier allows remote attackers to bypass auth ...)
	NOT-FOR-US: AlkalinePHP
CVE-2008-2345 (Unspecified vulnerability in the air_filemanager 0.6.0 and earlier ext ...)
	NOT-FOR-US: air_filemanager extension for typo3
CVE-2008-2344 (Cross-site scripting (XSS) vulnerability in the air_filemanager 0.6.0  ...)
	NOT-FOR-US: air_filemanager extension for typo3
CVE-2008-2343 (News Manager 2.0 allows remote attackers to bypass restrictions and ob ...)
	NOT-FOR-US: News Manager
CVE-2008-2342 (Directory traversal vulnerability in attachments.php in News Manager 2 ...)
	NOT-FOR-US: News Manager
CVE-2008-2341 (PHP remote file inclusion vulnerability in ch_readalso.php in News Man ...)
	NOT-FOR-US: News Manager
CVE-2008-2340 (Multiple SQL injection vulnerabilities in News Manager 2.0 allow remot ...)
	NOT-FOR-US: News Manager
CVE-2008-2339 (SQL injection vulnerability in index.php in Turnkey Web Tools SunShop  ...)
	NOT-FOR-US: Turnkey Web Tools SunShop Shopping Cart
CVE-2008-2338 (Interspire ActiveKB 1.5 and earlier allows remote attackers to gain pr ...)
	NOT-FOR-US: Interspire ActiveKB
CVE-2008-2337 (Multiple SQL injection vulnerabilities in IMGallery 2.5, when magic_qu ...)
	NOT-FOR-US: IMGallery
CVE-2008-2336 (SQL injection vulnerability in category.php in 68 Classifieds 4.0.1 al ...)
	NOT-FOR-US: 68 Classifieds
CVE-2008-2335 (Cross-site scripting (XSS) vulnerability in search_results.php in Vast ...)
	NOT-FOR-US: Vastal I-Tech phpVID
CVE-2008-2334 (Multiple SQL injection vulnerabilities in W1L3D4 Philboard 0.5 allow r ...)
	NOT-FOR-US: W1L3D4 Philboard
CVE-2008-2333 (Cross-site scripting (XSS) vulnerability in ldap_test.cgi in Barracuda ...)
	NOT-FOR-US: Barracuda
CVE-2008-2332 (ImageIO in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows conte ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-2331 (Finder in Apple Mac OS X 10.5 through 10.5.4 does not properly update  ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-2330 (slapconfig in Directory Services in Apple Mac OS X 10.5 through 10.5.4 ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-2329 (Directory Services in Apple Mac OS X 10.5 through 10.5.4, when Active  ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-2328
	RESERVED
CVE-2008-2327 (Multiple buffer underflows in the (1) LZWDecode, (2) LZWDecodeCompat,  ...)
	{DSA-1632-1 DTSA-160-1}
	- tiff 3.8.2-11 (medium)
	- tiff3 <not-affected> (fixed prior to initial upload)
CVE-2008-2326 (mDNSResponder in the Bonjour Namespace Provider in Apple Bonjour for W ...)
	NOT-FOR-US: Apple Bonjour for Windows
CVE-2008-2325 (QuickLook in Apple Mac OS X 10.4.11 and 10.5.4 allows remote attackers ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-2324 (The Repair Permissions tool in Disk Utility in Apple Mac OS X 10.4.11  ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-2323 (Unspecified vulnerability in Data Detectors Engine in Apple Mac OS X 1 ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-2322 (Integer overflow in CoreGraphics in Apple Mac OS X 10.4.11, 10.5.2, an ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-2321 (Unspecified vulnerability in CoreGraphics in Apple Mac OS X 10.4.11 an ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-2320 (Stack-based buffer overflow in CarbonCore in Apple Mac OS X 10.4.11 an ...)
	NOT-FOR-US: Apple Mac OS X
	NOTE: the original apple advisory (HT3613) is completely different from the current CVE
	NOTE: description. it claims that this is a webkit issue, which is completely wrong
CVE-2008-2319
	RESERVED
CVE-2008-2318 (The WOHyperlink implementation in WebObjects in Apple Xcode tools befo ...)
	NOT-FOR-US: Apple Xcode
CVE-2008-2317 (WebCore in Apple Safari does not properly perform garbage collection o ...)
	NOT-FOR-US: Safari
CVE-2008-2316 (Integer overflow in _hashopenssl.c in the hashlib module in Python 2.5 ...)
	{DSA-1977-1 DTSA-157-1}
	- python2.5 2.5.2-11 (low; bug #493797)
	- python2.4 <not-affected> (hashlib module introduced in python2.5)
CVE-2008-2315 (Multiple integer overflows in Python 2.5.2 and earlier allow context-d ...)
	{DSA-1667-1 DTSA-157-1}
	- python2.5 2.5.2-10
	[etch] - python2.5 <no-dsa> (Minor issue, not the default Python runtime)
	- python2.4 2.4.5-5
CVE-2008-2314 (Dock in Apple Mac OS X 10.5 before 10.5.4, when Expos&#233; hot corner ...)
	NOT-FOR-US: Mac OS X
CVE-2008-2313 (Apple Mac OS X before 10.5 uses weak permissions for the User Template ...)
	NOT-FOR-US: Mac OS X
CVE-2008-2312 (Network Preferences in Apple Mac OS X 10.4.11 stores PPP passwords in  ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-2311 (Launch Services in Apple Mac OS X before 10.5, when Open Safe Files is ...)
	NOT-FOR-US: Mac OS X
CVE-2008-2310 (Format string vulnerability in c++filt in Apple Mac OS X 10.5 before 1 ...)
	- binutils 2.18.1~cvs20080103-1 (low)
	[etch] - binutils <no-dsa> (Minor issue)
CVE-2008-2309 (Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X befo ...)
	NOT-FOR-US: CoreTypes in Apple Mac OS X
CVE-2008-2308 (Unspecified vulnerability in Alias Manager in Apple Mac OS X 10.5.1 an ...)
	NOT-FOR-US: Alias Manager in Apple Mac OS X
CVE-2008-2307 (Unspecified vulnerability in WebKit in Apple Safari before 3.1.2, as d ...)
	- webkit 1.0.1-1
	- qt4-x11 4:4.6.2-4
	[lenny] - qt4-x11 <no-dsa> (Minor impact, no apps in Lenny which use qtwebkit )
	NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against
	NOTE: http://trac.webkit.org/changeset/34204
CVE-2008-2306 (Apple Safari before 3.1.2 on Windows does not properly interpret the U ...)
	NOT-FOR-US: Windows issue
CVE-2008-2305 (Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac O ...)
	NOT-FOR-US: Apple Type Services (ATS)
CVE-2008-2304 (Buffer overflow in Apple Core Image Fun House 2.0 and earlier in CoreI ...)
	NOT-FOR-US: Apple Core Image Fun House
CVE-2008-2303 (Integer signedness error in Safari on Apple iPhone before 2.0 and iPod ...)
	NOT-FOR-US: Safari
CVE-2008-2301 (SQL injection vulnerability in Kostenloses Linkmanagementscript allows ...)
	NOT-FOR-US: Kostenloses Linkmanagementscript
CVE-2008-2300 (Unspecified vulnerability in Citrix Presentation Server 4.5 and earlie ...)
	NOT-FOR-US: Citrix Software
CVE-2008-2299 (Unspecified vulnerability in SecureICA and ICA Basic encryption of Cit ...)
	NOT-FOR-US: Citrix Software
CVE-2008-2298 (Admin.php in Web Slider 0.6 allows remote attackers to bypass authenti ...)
	NOT-FOR-US: Web Slider
CVE-2008-2297 (The admin.php file in Rantx allows remote attackers to bypass authenti ...)
	NOT-FOR-US: Rantx
CVE-2008-2296 (PHP remote file inclusion vulnerability in include/bbs.lib.inc.php in  ...)
	NOT-FOR-US: Rgboard
CVE-2008-2295 (Cross-site scripting (XSS) vulnerability in rg_search.php in Rgboard 3 ...)
	NOT-FOR-US: Rgboard
CVE-2008-2294 (Pet Grooming Management System 2.0 allows remote attackers to gain pri ...)
	NOT-FOR-US: Pet Grooming Management System
CVE-2008-2293 (admin.php in Multi-Page Comment System (MPCS) 1.0 and 1.1 allows remot ...)
	NOT-FOR-US: Multi-Page Comment System
CVE-2008-2292 (Buffer overflow in the __snprint_value function in snmp_get in Net-SNM ...)
	{DSA-1663-1 DTSA-134-1}
	- net-snmp 5.4.1~dfsg-8 (medium; bug #482333)
CVE-2008-2291 (axengine.exe in Symantec Altiris Deployment Solution 6.8.x and 6.9.x b ...)
	NOT-FOR-US: Symantec Altiris Deployment Solution
CVE-2008-2290 (Unspecified vulnerability in the Agent user interface in Symantec Alti ...)
	NOT-FOR-US: Symantec Altiris Deployment Solution
CVE-2008-2289 (Unspecified vulnerability in a tooltip element in Symantec Altiris Dep ...)
	NOT-FOR-US: Symantec Altiris Deployment Solution
CVE-2008-2288 (Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 ha ...)
	NOT-FOR-US: Symantec Altiris Deployment Solution
CVE-2008-2287 (Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 do ...)
	NOT-FOR-US: Symantec Altiris Deployment Solution
CVE-2008-2286 (SQL injection vulnerability in axengine.exe in Symantec Altiris Deploy ...)
	NOT-FOR-US: Symantec Altiris Deployment Solution
CVE-2008-2285 (The ssh-vulnkey tool on Ubuntu Linux 7.04, 7.10, and 8.04 LTS does not ...)
	{DSA-1576-1}
	- openssh 1:4.7p1-10
CVE-2008-2284 (PHP remote file inclusion vulnerability in fusebox5.php in Fusebox 5.5 ...)
	NOT-FOR-US: Fusebox
CVE-2008-2283 (IDAutomation allows remote attackers to overwrite arbitrary files via  ...)
	NOT-FOR-US: IDAutomation
CVE-2008-2282 (admin.php in Internet Photoshow and Internet Photoshow Special Edition ...)
	NOT-FOR-US: Internet Photoshow
CVE-2008-2281 (Cross-zone scripting vulnerability in the Print Table of Links feature ...)
	NOT-FOR-US: Internet Explorer
CVE-2008-2280 (Cross-site scripting (XSS) vulnerability in admin/index.php in Script  ...)
	NOT-FOR-US: PHP PicEngine
CVE-2008-2279 (Freelance Auction Script 1.0 stores user passwords in plaintext in the ...)
	NOT-FOR-US: Freelance Auction Script
CVE-2008-2278 (SQL injection vulnerability in browseproject.php in Freelance Auction  ...)
	NOT-FOR-US: Freelance Auction Script
CVE-2008-2277 (SQL injection vulnerability in detail.php in Feedback and Rating Scrip ...)
	NOT-FOR-US: Feedback and Rating Script
CVE-2008-2275 (Unspecified vulnerability in sr_feuser_register 1.4.0, 1.6.0, 2.2.1 to ...)
	NOT-FOR-US: sr_feuser_register extension for TYPO3
CVE-2008-2274 (Cross-site scripting (XSS) vulnerability in the sr_feuser_register 1.4 ...)
	NOT-FOR-US: sr_feuser_register extension for TYPO3
CVE-2008-2273 (Unspecified vulnerability in the TACACS authentication component in Ar ...)
	NOT-FOR-US: TACACS authentication component in Aruba Mobility Controller
CVE-2008-2272 (Multiple cross-site scripting (XSS) vulnerabilities in the web interfa ...)
	NOT-FOR-US: Aruba Mobility Controller
CVE-2008-2271 (The Site Documentation Drupal module 5.x before 5.x-1.8 and 6.x before ...)
	NOT-FOR-US: Site Documentation Drupal module
CVE-2008-2270 (Multiple PHP remote file inclusion vulnerabilities in PHPWAY Kostenlos ...)
	NOT-FOR-US: PHPWAY Linkmanagementscript
CVE-2008-2269 (AustinSmoke GasTracker (AS-GasTracker) 1.0.0 allows remote attackers t ...)
	NOT-FOR-US: GasTracker
CVE-2008-2268 (Open redirect vulnerability in interface/redirect.htm.php in Mjguest 6 ...)
	NOT-FOR-US: Mjguest
CVE-2008-2267 (Incomplete blacklist vulnerability in javaUpload.php in Postlet in the ...)
	NOT-FOR-US: Postlet
CVE-2008-2265 (SQL injection vulnerability in news.php in EMO Realty Manager allows r ...)
	NOT-FOR-US: EMO Realty Manager
CVE-2008-2264 (Cross-site scripting (XSS) vulnerability in index.php in CyrixMED 1.4  ...)
	NOT-FOR-US: CyrixMED
CVE-2008-2263 (SQL injection vulnerability in linking.page.php in Automated Link Exch ...)
	NOT-FOR-US: Automated Link Exchange Portal
CVE-2008-2262
	REJECTED
CVE-2008-2261
	REJECTED
CVE-2008-2260
	REJECTED
CVE-2008-2259 (Microsoft Internet Explorer 6 and 7 does not perform proper "argument  ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-2258 (Microsoft Internet Explorer 5.01, 6, and 7 accesses uninitialized memo ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-2257 (Microsoft Internet Explorer 5.01, 6, and 7 accesses uninitialized memo ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-2256 (Microsoft Internet Explorer 5.01, 6, and 7 does not properly handle ob ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-2255 (Microsoft Internet Explorer 5.01, 6, and 7 accesses uninitialized memo ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-2254 (Microsoft Internet Explorer 6 and 7 accesses uninitialized memory, whi ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-2253 (Unspecified vulnerability in Microsoft Windows Media Player 11 allows  ...)
	NOT-FOR-US: Microsoft Windows Media Player
CVE-2008-2252 (The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003  ...)
	NOT-FOR-US: Microsoft
CVE-2008-2251 (Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, ...)
	NOT-FOR-US: Microsoft
CVE-2008-2250 (The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003  ...)
	NOT-FOR-US: Microsoft
CVE-2008-2249 (Integer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, ...)
	NOT-FOR-US: Microsoft Windows
CVE-2008-2248 (Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) f ...)
	NOT-FOR-US: Exchange Server
CVE-2008-2247 (Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) f ...)
	NOT-FOR-US: Exchange Server
CVE-2008-2246 (Microsoft Windows Vista through SP1 and Server 2008 do not properly im ...)
	NOT-FOR-US: Microsoft Windows Vista
CVE-2008-2245 (Heap-based buffer overflow in the InternalOpenColorProfile function in ...)
	NOT-FOR-US: Microsoft Windows Image Color Management System (MSCMS)
CVE-2008-2244 (Microsoft Office Word 2002 SP3 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Microsoft Office Word
CVE-2008-2243
	REJECTED
CVE-2008-2242 (Multiple buffer overflows in xdr functions in the server in CA BrightS ...)
	NOT-FOR-US: CA BrightStor ARCServe Backup
CVE-2008-2241 (Directory traversal vulnerability in caloggerd in CA BrightStor ARCSer ...)
	NOT-FOR-US: CA BrightStor ARCServe Backup
CVE-2008-2240 (Stack-based buffer overflow in the Web Server service in IBM Lotus Dom ...)
	NOT-FOR-US: IBM Lotus Domino
CVE-2008-2239
	RESERVED
CVE-2008-2238 (Multiple integer overflows in OpenOffice.org (OOo) 2.x before 2.4.2 al ...)
	{DSA-1661-1}
	- openoffice.org 1:2.4.1-12
CVE-2008-2237 (Heap-based buffer overflow in OpenOffice.org (OOo) 2.x before 2.4.2 al ...)
	{DSA-1661-1}
	- openoffice.org 1:2.4.1-12
CVE-2008-2236 (Cross-site scripting (XSS) vulnerability in blosxom.cgi in Blosxom bef ...)
	- blosxom 2.1.2-1 (low; bug #500873)
	[etch] - blosxom 2.0-14+etch1 (low; bug #500873)
CVE-2008-2235 (OpenSC before 0.11.5 uses weak permissions (ADMIN file control informa ...)
	{DSA-1627-2}
	- opensc 0.11.4-4
	NOTE: https://web.archive.org/web/20081222095654/http://www.opensc-project.org/security.html
CVE-2008-2234 (Multiple buffer overflows in Openwsman 1.2.0 and 2.0.0 allow remote at ...)
	- openwsman <itp> (bug #754501)
CVE-2008-2233 (The client in Openwsman 1.2.0 and 2.0.0, in unknown configurations, al ...)
	- openwsman <itp> (bug #754501)
CVE-2008-2232 (The expand_template function in afuse.c in afuse 0.2 allows local user ...)
	{DSA-1611-1 DTSA-149-1}
	- afuse 0.2-3 (bug #490921; medium)
CVE-2008-2231 (SQL injection vulnerability in Slashdot Like Automated Storytelling Ho ...)
	{DSA-1633-1}
	- slash <removed> (medium; bug #484499)
	NOTE: See CVE-2008-2553
	NOTE: maintainer wants to remove package from unstable and move to experimental
CVE-2008-2230 (Untrusted search path vulnerability in (1) reportbug 3.8 and 3.31, and ...)
	- reportbug 3.41 (low; bug #484311)
	- reportbug-ng 0.2008.03.28 (low; bug #484474)
	[etch] - reportbug <no-dsa> (Unlikely attack scenario)
CVE-2008-2229
	RESERVED
CVE-2008-2228 (PHP remote file inclusion vulnerability in portfolio/commentaires/dern ...)
	NOT-FOR-US: Cyberfolio
CVE-2008-2227 (Multiple directory traversal vulnerabilities in PHP-Fusion Forum Rank  ...)
	NOT-FOR-US: PHP-Fusion
CVE-2008-2226 (Unspecified vulnerability in the export feature in OpenKM before 2.0 a ...)
	NOT-FOR-US: OpenKM
CVE-2008-2225 (SQL injection vulnerability in index.php in gameCMS Lite 1.0 allows re ...)
	NOT-FOR-US: gameCMS
CVE-2008-2224 (Multiple PHP remote file inclusion vulnerabilities in SazCart 1.5.1, w ...)
	NOT-FOR-US: SazCart
CVE-2008-2223 (SQL injection vulnerability in group_posts.php in vShare YouTube Clone ...)
	NOT-FOR-US: vShare YouTube Clone
CVE-2008-2222 (SQL injection vulnerability in login.php in EQdkp 1.3.2f allows remote ...)
	NOT-FOR-US: EQdkp
CVE-2008-2221 (Unspecified vulnerability in the Java plugin in IBM WebSphere Applicat ...)
	NOT-FOR-US: IBM WebSphere
CVE-2008-2220 (Multiple PHP remote file inclusion vulnerabilities in Interact Learnin ...)
	NOT-FOR-US: Interact Learning Community Environment
CVE-2008-2219 (Cross-site scripting (XSS) vulnerability in install.php in C-News.fr C ...)
	NOT-FOR-US: C-News.fr
CVE-2008-2218 (Buffer overflow in the Multimedia PC Client in Nortel Multimedia Commu ...)
	NOT-FOR-US: Nortel Multimedia
CVE-2008-2217 (Directory traversal vulnerability in cm/graphie.php in Content Managem ...)
	NOT-FOR-US: CMS Phprojekt
CVE-2008-2216 (Unrestricted file upload vulnerability in src/yopy_upload.php in Proje ...)
	NOT-FOR-US: PBCS
CVE-2008-2215 (Multiple directory traversal vulnerabilities in Project-Based Calendar ...)
	NOT-FOR-US: PBCS
CVE-2008-2214 (Stack-based buffer overflow in the Network Manager in Castle Rock Comp ...)
	NOT-FOR-US: Castle Rock Computing SNMPc
CVE-2008-2213 (Multiple cross-site scripting (XSS) vulnerabilities in admin/inc/foote ...)
	NOT-FOR-US: Maian Links
CVE-2008-2212 (Multiple cross-site scripting (XSS) vulnerabilities in Maian Cart 1.1  ...)
	NOT-FOR-US: Maian Cart
CVE-2008-2211 (Multiple cross-site scripting (XSS) vulnerabilities in admin/inc/foote ...)
	NOT-FOR-US: Maian Guestbook
CVE-2008-2210 (Multiple cross-site scripting (XSS) vulnerabilities in Maian Support 1 ...)
	NOT-FOR-US: Maian Support
CVE-2008-2209 (Multiple cross-site scripting (XSS) vulnerabilities in admin/inc/heade ...)
	NOT-FOR-US: Maian Greeting
CVE-2008-2208 (SQL injection vulnerability in index.php in Maian Greeting 2.1 allows  ...)
	NOT-FOR-US: Maian Greeting
CVE-2008-2207 (Cross-site scripting (XSS) vulnerability in admin/index.php in Maian G ...)
	NOT-FOR-US: Maian Gallery
CVE-2008-2206 (Multiple cross-site scripting (XSS) vulnerabilities in Maian Music 1.1 ...)
	NOT-FOR-US: Maian Music
CVE-2008-2205 (SQL injection vulnerability in index.php in Maian Music 1.1 allows rem ...)
	NOT-FOR-US: Maian Music
CVE-2008-2204 (Multiple cross-site scripting (XSS) vulnerabilities in admin/inc/heade ...)
	NOT-FOR-US: Maian Search
CVE-2008-2203 (SQL injection vulnerability in search.php in Maian Search 1.1 allows r ...)
	NOT-FOR-US: Maian Search
CVE-2008-2202 (Multiple cross-site scripting (XSS) vulnerabilities in Maian Uploader  ...)
	NOT-FOR-US: Maian Uploader
CVE-2008-2201 (Multiple cross-site scripting (XSS) vulnerabilities in admin/inc/heade ...)
	NOT-FOR-US: Maian Recipe
CVE-2008-2200 (Multiple cross-site scripting (XSS) vulnerabilities in Maian Weblog 4. ...)
	NOT-FOR-US: Maian Weblog
CVE-2008-2199 (PHP remote file inclusion vulnerability in kmitaadmin/kmitam/htmlcode. ...)
	NOT-FOR-US: Kmita Mail
CVE-2008-2198 (PHP remote file inclusion vulnerability in kmitaadmin/kmitat/htmlcode. ...)
	NOT-FOR-US: Kmita Tellfriend
CVE-2008-2197 (SQL injection vulnerability in the blogwriter module 2.0 for Miniweb a ...)
	NOT-FOR-US: Miniweb
CVE-2008-2196 (Cross-site scripting (XSS) vulnerability in admin.php in LifeType 1.2. ...)
	NOT-FOR-US: LifeType
CVE-2008-2195 (Static code injection vulnerability in admincp.php in DeluxeBB 1.2 and ...)
	NOT-FOR-US: DeluxeBB
CVE-2008-2194 (SQL injection vulnerability in forums.php in DeluxeBB 1.2 and earlier  ...)
	NOT-FOR-US: DeluxeBB
CVE-2008-2193 (PHP remote file inclusion vulnerability in example.php in Thomas Gossm ...)
	NOT-FOR-US: ScorpNews
CVE-2008-2192 (Static code injection vulnerability in box/minichat/boxpop.php in IT!C ...)
	NOT-FOR-US: itcms
CVE-2008-2191 (SQL injection vulnerability in the pnEncyclopedia module 0.2.0 and ear ...)
	NOT-FOR-US: pnEncyclopedia
CVE-2008-2190 (SQL injection vulnerability in index.php in Online Rent (aka Online Re ...)
	NOT-FOR-US: Online Rental Property Script
CVE-2008-2189 (SQL injection vulnerability in viewfaqs.php in AnServ Auction XL allow ...)
	NOT-FOR-US: Online AnServ Auction XL
CVE-2008-2188 (Multiple cross-site scripting (XSS) vulnerabilities in EJ3 BlackBook 1 ...)
	NOT-FOR-US: EJ3 BlackBook
CVE-2008-2187 (Cross-site scripting (XSS) vulnerability in mjguest.php in Mjguest 6.7 ...)
	NOT-FOR-US: Mjguest
CVE-2008-2186 (Cross-site scripting (XSS) vulnerability in index.php in Chilek Conten ...)
	NOT-FOR-US: Chilek CMS
CVE-2008-2185 (Directory traversal vulnerability in index.php in SMartBlog (aka SMBlo ...)
	NOT-FOR-US: SMartBlog (SMBlog)
CVE-2008-2184 (Multiple SQL injection vulnerabilities in SMartBlog (aka SMBlog) 1.3 a ...)
	NOT-FOR-US: SMartBlog (SMBlog)
CVE-2008-2183 (SQL injection vulnerability in index.php in SMartBlog (aka SMBlog) 1.3 ...)
	NOT-FOR-US: SMartBlog (SMBlog)
CVE-2008-2182 (Cross-site scripting (XSS) vulnerability in the powermail extension be ...)
	NOT-FOR-US: powermail extension for TYPO3
CVE-2008-2181 (Multiple cross-site scripting (XSS) vulnerabilities in search.php in c ...)
	NOT-FOR-US: cpLinks
CVE-2008-2180 (Multiple SQL injection vulnerabilities in cpLinks 1.03, when magic_quo ...)
	NOT-FOR-US: cpLinks
CVE-2008-2179 (Cross-site scripting (XSS) vulnerability in SystemList.jsp in SysAid 5 ...)
	NOT-FOR-US: SysAid
CVE-2008-2178 (Cross-site scripting (XSS) vulnerability in admin.php in LifeType 1.2. ...)
	NOT-FOR-US: LifeType
CVE-2008-2177 (Multiple SQL injection vulnerabilities in phpDirectorySource 1.1.06, w ...)
	NOT-FOR-US: phpDirectorySource
CVE-2008-2176 (Cross-site scripting (XSS) vulnerability in admin/category.php in Zomp ...)
	NOT-FOR-US: Zomplog
CVE-2008-2175 (SQL injection vulnerability in comments.php in Gamma Scripts BlogMe PH ...)
	NOT-FOR-US: Gamma Scripts BlogMe PHP
CVE-2008-2174 (Multiple unspecified vulnerabilities in Robin Rawson-Tetley Animal She ...)
	NOT-FOR-US: Animal Shelter Manager
CVE-2008-2173 (Unspecified vulnerability in Yamaha routers allows remote attackers to ...)
	NOT-FOR-US: Yamaha routers
CVE-2008-2172 (Unspecified vulnerability in Hitachi GR routers allows remote attacker ...)
	NOT-FOR-US: Hitachi GR routers
CVE-2008-2171 (Unspecified vulnerability in AlaxalA AX routers allows remote attacker ...)
	NOT-FOR-US: AlaxalA AX routers
CVE-2008-2170 (Unspecified vulnerability in Century routers allows remote attackers t ...)
	NOT-FOR-US: Century routers
CVE-2008-2169 (Unspecified vulnerability in Avici routers allows remote attackers to  ...)
	NOT-FOR-US: Avici routers
CVE-2008-2168 (Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier a ...)
	- apache2 2.2.8-1 (low)
	[etch] - apache2 2.2.3-4+etch4 (low)
	NOTE: This is really a browser issue. Recent apache versions add a workaround.
CVE-2008-2167 (Cross-site scripting (XSS) vulnerability in ZyXEL ZyWALL 100 allows re ...)
	NOT-FOR-US: ZyXEL ZyWALL
CVE-2008-2166 (Cross-site scripting (XSS) vulnerability in the search module in Sun J ...)
	NOT-FOR-US: Sun Java System
CVE-2008-2165 (Cross-site scripting (XSS) vulnerability in AccessCodeStart.asp in Cis ...)
	NOT-FOR-US: Cisco Building Broadband Service Manager (BBSM) Captive Portal
CVE-2008-2164
	RESERVED
CVE-2008-2163 (Cross-site scripting (XSS) vulnerability in IBM Lotus Quickr 8.1 befor ...)
	NOT-FOR-US: IBM Lotus Quickr
CVE-2008-2276 (Cross-site request forgery (CSRF) vulnerability in manage_user_create. ...)
	- mantis 1.0.8-4.1 (bug #481504)
CVE-2008-2266 (uulib/uunconc.c in UUDeview 0.5.20, as used in nzbget before 0.3.0 and ...)
	- uudeview 0.5.20-3.1 (low; bug #480972)
	[etch] - uudeview <no-dsa> (Minor issue)
	- libconvert-uulib-perl <not-affected> (Code patched by libconver-uulib upstream to use mkstemp)
	- pan <not-affected> (Code patched to use g_mkstemp)
	NOTE: See CVE-2004-2265, where the problem occured as well
CVE-2008-2302 (Cross-site scripting (XSS) vulnerability in the login form in the admi ...)
	- python-django 0.96.2-1 (bug #481164; low)
	[etch] - python-django 0.95.1-1etch1
	NOTE: Minor issue fixed in 4.0r4 point release
CVE-2008-2162 (Cross-site scripting (XSS) vulnerability in SonicWall Email Security 6 ...)
	NOT-FOR-US: SonicWall Email Security
CVE-2008-2161 (Buffer overflow in TFTP Server SP 1.4 and 1.5 on Windows, and possibly ...)
	NOT-FOR-US: TFTP Server SP 1.4 and 1.5 on Windows
CVE-2008-2160 (Multiple unspecified vulnerabilities in the JPEG (GDI+) and GIF image  ...)
	NOT-FOR-US: Microsoft Windows CE 5.0
CVE-2008-2159 (Microsoft Internet Explorer 7 can save encrypted pages in the cache ev ...)
	NOT-FOR-US: Microsoft Internet Explorer 7
CVE-2008-2158 (Multiple stack-based buffer overflows in the Command Line Interface pr ...)
	NOT-FOR-US: AlphaStor
CVE-2008-2157 (robotd in the Library Manager in EMC AlphaStor 3.1 SP1 for Windows all ...)
	NOT-FOR-US: AlphaStor
CVE-2008-2156
	RESERVED
CVE-2008-2155
	RESERVED
CVE-2008-2154 (IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP2 provides an  ...)
	NOT-FOR-US: IBM DB2
CVE-2008-2153
	RESERVED
CVE-2008-2152 (Integer overflow in the rtl_allocateMemory function in sal/rtl/source/ ...)
	- openoffice.org <not-affected> (openoffice in Debian does not use the custom allocations but g/malloc)
	NOTE: see ooo-build/distro-configs/CommonLinux.conf.in, openoffice builds on Debian using
	NOTE: --with-alloc=system which causes the build scripts to use the system allocators instead of the
	NOTE: custom ones
CVE-2008-2151
	RESERVED
CVE-2008-2150
	RESERVED
CVE-2008-2149 (Stack-based buffer overflow in the searchwn function in Wordnet 2.0, 2 ...)
	{DSA-1634-1}
	- wordnet 1:3.0-10 (bug #481186)
	NOTE: wordnet can be used as a backend to web applications
CVE-2008-2148 (The utimensat system call (sys_utimensat) in Linux kernel 2.6.22 and o ...)
	- linux-2.6 2.6.25-3 (bug #481195)
	[etch] - linux-2.6 <not-affected> (vulnerable code not present)
	- linux-2.6.24 2.6.24-6~etchnhalf.3
	NOTE: utimensat() was introduced in 2.6.22 and sched_slice() in 2.6.24
CVE-2008-2145 (Stack-based buffer overflow in Novell Client 4.91 SP4 and earlier allo ...)
	NOT-FOR-US: Novell Client 4.91 SP4
CVE-2008-2144 (Multiple unspecified vulnerabilities in Solaris print service for Sun  ...)
	NOT-FOR-US: Solaris print service
CVE-2008-2143 (Unspecified versions of Microsoft Outlook Web Access (OWA) use the Cac ...)
	NOT-FOR-US: Microsoft Outlook Web Access (OWA)
CVE-2008-2141
	RESERVED
CVE-2008-2140 (Cross-site request forgery (CSRF) vulnerability in the rootpw plugin i ...)
	NOT-FOR-US: rpath Appliance Platform Agent
CVE-2008-2139 (The rootpw plugin in rPath Appliance Platform Agent 2 and 3 does not r ...)
	NOT-FOR-US: rpath Appliance Platform Agent
CVE-2008-2138 (Oracle Application Server (OracleAS) Portal 10g allows remote attacker ...)
	NOT-FOR-US: Oracle Application Server (OracleAS) Portal 10g
CVE-2008-2137 (The (1) sparc_mmap_check function in arch/sparc/kernel/sys_sparc.c and ...)
	{DSA-1588-1}
	- linux-2.6 2.6.25-3
	- linux-2.6.24 2.6.24-6~etchnhalf.3
	NOTE: Upstream commit: 5816339310b2d9623cf413d33e538b45e815da5d, part of 2.6.25.3
CVE-2008-2136 (Memory leak in the ipip6_rcv function in net/ipv6/sit.c in the Linux k ...)
	{DSA-1588-1}
	- linux-2.6 2.6.25-3
	- linux-2.6.24 2.6.24-6~etchnhalf.3
	NOTE: Upstream commit: 36ca34cc3b8335eb1fe8bd9a1d0a2592980c3f02, part of 2.6.25.3
CVE-2008-2135 (Multiple SQL injection vulnerabilities in VisualShapers ezContents 2.0 ...)
	NOT-FOR-US: VisualShapers ezContents
CVE-2008-2134 (The Journal module in Tru-Zone Nuke ET 3.x allows remote attackers to  ...)
	NOT-FOR-US: Tru-Zone Nuke ET
CVE-2008-2133 (Cross-site scripting (XSS) vulnerability in the Journal module in Tru- ...)
	NOT-FOR-US: Tru-Zone Nuke ET
CVE-2008-2132 (SQL injection vulnerability in step1.asp in Systementor PostcardMentor ...)
	NOT-FOR-US: Systementor PostcardMentor
CVE-2008-2131 (Cross-site scripting (XSS) vulnerability in mvnForum 1.1 GA allows rem ...)
	NOT-FOR-US: mvnForum
CVE-2008-2130 (SQL injection vulnerability in poll_vote.php in iGaming CMS 1.5 allows ...)
	NOT-FOR-US: iGaming
CVE-2008-2129 (SQL injection vulnerability in index.php in Galleristic 1.0, when magi ...)
	NOT-FOR-US: Galleristic
CVE-2008-2128 (PHP remote file inclusion vulnerability in templates/header.php in CMS ...)
	NOT-FOR-US: Faethon
CVE-2008-2127 (Cross-site scripting (XSS) vulnerability in search.php in CMS Faethon  ...)
	NOT-FOR-US: Faethon
CVE-2008-2126 (Multiple cross-site scripting (XSS) vulnerabilities in Tux CMS 0.1 all ...)
	NOT-FOR-US: Tux CMS
CVE-2008-2125 (SQL injection vulnerability in viewalbums.php in Musicbox 2.3.6 and 2. ...)
	NOT-FOR-US: Musicbox
CVE-2008-2124 (SQL injection vulnerability in modules/print.asp in fipsASP fipsCMS al ...)
	NOT-FOR-US: fipsASP
CVE-2008-2123 (Cross-site scripting (XSS) vulnerability in WGate in SAP Internet Tran ...)
	NOT-FOR-US: WGate
CVE-2008-2122 (IBM Rational Build Forge 7.0.2 allows remote attackers to cause a deni ...)
	NOT-FOR-US: IBM Rational Build Forge
CVE-2008-2121 (The TCP implementation in Sun Solaris 8, 9, and 10 allows remote attac ...)
	NOT-FOR-US: Sun Solaris
CVE-2008-2120 (Unspecified vulnerability in Sun Java System Application Server 7 2004 ...)
	NOT-FOR-US: Sun Java System Application Server
CVE-2008-2119 (Asterisk Open Source 1.0.x and 1.2.x before 1.2.29 and Business Editio ...)
	- asterisk 1.4
	NOTE: http://downloads.digium.com/pub/security/AST-2008-008.html
CVE-2008-2118 (SQL injection vulnerability in info.php in Project Alumni 1.0.9 allows ...)
	NOT-FOR-US: Project Alumni
CVE-2008-2117 (Cross-site scripting (XSS) vulnerability in pages/news.page.inc in Pro ...)
	NOT-FOR-US: Project Alumni
CVE-2008-2116 (Multiple directory traversal vulnerabilities in editor.php in ScriptsE ...)
	NOT-FOR-US: ScriptsEZ.net Power Editor
CVE-2008-2115 (Multiple cross-site scripting (XSS) vulnerabilities in editor.php in S ...)
	NOT-FOR-US: ScriptsEZ.net Power Editor
CVE-2008-2114 (SQL injection vulnerability in emall/search.php in Pre Shopping Mall 1 ...)
	NOT-FOR-US: Pre Shopping Mall
CVE-2008-2113 (SQL injection vulnerability in annuaire.php in PHPEasyData 1.5.4 allow ...)
	NOT-FOR-US: PHPEasyData
CVE-2008-2142 (Emacs 21 and XEmacs automatically load and execute .flc (fast lock) fi ...)
	- emacs22 22.2+2-3 (low; bug #480885)
	- xemacs21-packages 2009.02.17-1 (low; bug #480886)
	[etch] - xemacs21-packages <no-dsa> (Minor issue)
	[lenny] - xemacs21-packages <no-dsa> (Minor issue)
	[etch] - xemacs21 <no-dsa> (Minor issue)
	[lenny] - xemacs21 <no-dsa> (Minor issue)
	- emacs21 21.4a+1-5.5 (low; bug #480877)
	[etch] - emacs21 <no-dsa> (Minor issue)
CVE-2008-2147 (Untrusted search path vulnerability in VideoLAN VLC before 0.9.0 allow ...)
	{DSA-1819-1 DTSA-132-1}
	- vlc 0.8.6.e-2.2 (low; bug #480724)
	NOTE: https://trac.videolan.org/vlc/ticket/1578
	NOTE: https://git.videolan.org/?p=vlc.git;a=commit;h=c7cef4fdd8dd72ce0a45be3cda8ba98df5e83181
CVE-2008-6339
	REJECTED
CVE-2008-2112 (Unspecified vulnerability in Sun Ray Kiosk Mode 4.0 allows local and r ...)
	NOT-FOR-US: Sun Ray Kiosk Mode
CVE-2008-2111 (The ActiveX Control (yNotifier.dll) in Yahoo! Assistant 3.6 and earlie ...)
	NOT-FOR-US: Yahoo Assistant
CVE-2008-2110 (Unrestricted file upload vulnerability in qtofm.php in QTOFileManager  ...)
	NOT-FOR-US: QTOFileManager
CVE-2008-2109 (field.c in the libid3tag 0.15.0b library allows context-dependent atta ...)
	- libid3tag 0.15.1b-8 (low; bug #480187)
	[etch] - libid3tag <no-dsa> (Minor issue)
	NOTE: totally different approach to fix the bug, see Kurts comments in the bug report
CVE-2008-2108 (The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5,  ...)
	{DSA-1789-1}
	- php5 5.2.2-1 (low)
	NOTE: http://web.archive.org/web/20120118120046/http://www.sektioneins.de/advisories/SE-2008-02.txt
CVE-2008-2107 (The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5,  ...)
	{DSA-1789-1}
	- php5 5.2.2-1 (low)
	NOTE: closely related to CVE-2008-2108
CVE-2008-2106 (Call of Duty 4 (CoD4) 1.5 and earlier allows remote authenticated user ...)
	NOT-FOR-US: Call of Duty
CVE-2008-2105 (email_in.pl in Bugzilla 2.23.4, 3.0.x before 3.0.4, and 3.1.x before 3 ...)
	- bugzilla 3.0.4-1 (low)
	[etch] - bugzilla <not-affected> (vulnerable code introduced in 2.23.4)
CVE-2008-2104 (The WebService in Bugzilla 3.1.3 allows remote authenticated users wit ...)
	- bugzilla <not-affected> (regression introduced in 3.1.3 referring to upstream)
CVE-2008-2103 (Cross-site scripting (XSS) vulnerability in Bugzilla 2.17.2 and later  ...)
	- bugzilla 3.0.4-1 (low; bug #480190)
	[etch] - bugzilla <no-dsa> (Minor issue)
CVE-2008-2102
	RESERVED
CVE-2008-2101 (The VMware Consolidated Backup (VCB) command-line utilities in VMware  ...)
	NOT-FOR-US: VMware ESX
CVE-2008-2100 (Multiple buffer overflows in VIX API 1.1.x before 1.1.4 build 93057 on ...)
	- vmware-package <removed> (low; bug #485919)
	[etch] - vmware-package <no-dsa> (Contrib not supported)
	NOTE: vmware-package just builds vmware from downloaded tarballs, the package itself
	NOTE: does not download them, however it needs to update its hashes for upstream tarballs
CVE-2008-2099 (Unspecified vulnerability in VMCI in VMware Workstation 6 before 6.0.4 ...)
	- vmware-package <not-affected> (Windows issue according to CVE)
	[etch] - vmware-package <no-dsa> (Contrib not supported)
CVE-2008-2098 (Heap-based buffer overflow in the VMware Host Guest File System (HGFS) ...)
	- vmware-package <removed> (low; bug #484491)
	[etch] - vmware-package <no-dsa> (Contrib not supported)
	NOTE: vmware-package just builds vmware from downloaded tarballs, the package itself
	NOTE: does not download them, however it needs to update its hashes for upstream tarballs
CVE-2008-2097 (Buffer overflow in the openwsman management service in VMware ESXi 3.5 ...)
	NOT-FOR-US: VMware ESX/i
CVE-2008-2096 (SQL injection vulnerability in BackLinkSpider allows remote attackers  ...)
	NOT-FOR-US: BackLinkSpider
CVE-2008-2095 (SQL injection vulnerability in index.php in the FlippingBook (com_flip ...)
	NOT-FOR-US: FlippingBook
CVE-2008-2094 (SQL injection vulnerability in article.php in the Article module for X ...)
	NOT-FOR-US: XOOPS
CVE-2008-2093 (SQL injection vulnerability in the Profiler (com_comprofiler) componen ...)
	NOT-FOR-US: JOOMLA extra component
CVE-2008-2092 (Linksys SPA-2102 Phone Adapter 3.3.6 allows remote attackers to cause  ...)
	NOT-FOR-US: Linksys SPA-2102 Phone Adapter
CVE-2008-2091 (Directory traversal vulnerability in ipn.php in KubeLabs Kubelance 1.6 ...)
	NOT-FOR-US: Kubelance
CVE-2008-2090 (Unspecified vulnerability in the SCTP protocol implementation in Sun S ...)
	NOT-FOR-US: Sun Solaris
CVE-2008-2089 (Unspecified vulnerability in the SCTP protocol implementation in Sun S ...)
	NOT-FOR-US: Sun Solaris
CVE-2008-2088 (SQL injection vulnerability in admin/news.php in PHP Forge 3.0 beta 2  ...)
	NOT-FOR-US: PHP Forge
CVE-2008-2087 (SQL injection vulnerability in search_result.php in Softbiz Web Host D ...)
	NOT-FOR-US: Softbiz Web Host Directory Script
CVE-2008-2086 (Sun Java Web Start and Java Plug-in for JDK and JRE 6 Update 10 and ea ...)
	- openjdk-6 <not-affected> (browser plugin is different code base)
	- sun-java5 <removed>
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 <no-dsa> (Non-free not supported)
	- sun-java6 6-10-1
	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
CVE-2008-2084 (SQL injection vulnerability in topics.php in the MyArticles 0.6 beta-1 ...)
	NOT-FOR-US: MyArticles
CVE-2008-2083 (SQL injection vulnerability in directory.php in Prozilla Hosting Index ...)
	NOT-FOR-US: Prozilla Hosting
CVE-2008-2082 (Cross-site scripting (XSS) vulnerability in index.php in Siteman 2.0.x ...)
	NOT-FOR-US: Siteman
CVE-2008-2081 (Directory traversal vulnerability in index.php in Siteman 2.0.x2 allow ...)
	NOT-FOR-US: Siteman
CVE-2008-2080 (Stack-based buffer overflow in the Read32s_64 function in src/lib/cdfr ...)
	NOT-FOR-US: NASA Goddard Space Flight Center Common Data Format (CDF) library
CVE-2008-2079 (MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24, a ...)
	{DSA-1608-1 DTSA-150-1}
	- mysql-dfsg-5.0 5.0.51a-10 (low; bug #480292)
CVE-2008-2078 (Robocode before 1.6.0 allows user-assisted remote attackers to "access ...)
	- robocode 1.6.0~beta2-1 (low)
CVE-2008-2077 (Unspecified vulnerability in Plain Black WebGUI 7.4.34 has unknown imp ...)
	NOT-FOR-US: Plain Black WebGUI
CVE-2008-2076 (Directory traversal vulnerability in admin.php in ActualScripts Actual ...)
	NOT-FOR-US: ActualScripts
CVE-2008-2075 (Cross-site scripting (XSS) vulnerability in pic.php in AstroCam 2.5.0  ...)
	NOT-FOR-US: AstroCam
CVE-2008-2074 (Multiple PHP remote file inclusion vulnerabilities Harris Yusuf Arifin ...)
	NOT-FOR-US: Harris Yusuf Arifin Harris Wap Chat 1.0
CVE-2008-2073 (Directory traversal vulnerability in include/global.inc.php in Virtual ...)
	NOT-FOR-US: vlbook
CVE-2008-2072 (Cross-site scripting (XSS) vulnerability in index.php in Virtual Desig ...)
	NOT-FOR-US: vlbook
CVE-2008-2071 (Multiple cross-site request forgery (CSRF) vulnerabilities in the WHM  ...)
	NOT-FOR-US: cPanel
CVE-2008-2070 (The WHM interface 11.15.0 for cPanel 11.18 before 11.18.4 and 11.22 be ...)
	NOT-FOR-US: cPanel
CVE-2008-2069 (Buffer overflow in Novell GroupWise 7 allows remote attackers to cause ...)
	NOT-FOR-US: Novell GroupWise
CVE-2008-2068 (Cross-site scripting (XSS) vulnerability in WordPress 2.5 allows remot ...)
	- wordpress 2.5.1-1
	[etch] - wordpress <not-affected> (Vulnerable code not present)
CVE-2008-2067 (SQL injection vulnerability in bb_admin.php in miniBB 2.2a allows remo ...)
	NOT-FOR-US: miniBB
CVE-2008-2066 (Cross-site scripting (XSS) vulnerability in bb_admin.php in miniBB 2.2 ...)
	NOT-FOR-US: miniBB
CVE-2008-2065 (SQL injection vulnerability in jokes.php in YourFreeWorld Jokes Site S ...)
	NOT-FOR-US: YourFreeWorld
CVE-2008-2064 (Multiple unspecified vulnerabilities in PhpGedView before 4.1.5 have u ...)
	{DSA-1580-1}
	- phpgedview 4.1.e+4.1.5-1
CVE-2008-2063 (SQL injection vulnerability in browse.videos.php in Joovili 3.1 allows ...)
	NOT-FOR-US: Joovili
CVE-2008-2062 (The Real-Time Information Server (RIS) Data Collector service in Cisco ...)
	NOT-FOR-US: Cisco Real-Time Information Server (RIS) Data Collector service
CVE-2008-2061 (The Computer Telephony Integration (CTI) Manager service in Cisco Unif ...)
	NOT-FOR-US: Cisco Computer Telephony Integration (CTI) Manager service
CVE-2008-2060 (Unspecified vulnerability in Cisco Intrusion Prevention System (IPS) 5 ...)
	NOT-FOR-US: Cisco
CVE-2008-2059 (Cisco Adaptive Security Appliance (ASA) and Cisco PIX security applian ...)
	NOT-FOR-US: Cisco
CVE-2008-2058 (Cisco Adaptive Security Appliance (ASA) and Cisco PIX security applian ...)
	NOT-FOR-US: Cisco
CVE-2008-2057 (The Instant Messenger (IM) inspection engine in Cisco Adaptive Securit ...)
	NOT-FOR-US: Cisco
CVE-2008-2056 (Cisco Adaptive Security Appliance (ASA) and Cisco PIX security applian ...)
	NOT-FOR-US: Cisco
CVE-2008-2055 (Cisco Adaptive Security Appliance (ASA) and Cisco PIX security applian ...)
	NOT-FOR-US: Cisco
CVE-2008-2054 (Unspecified vulnerability in Cisco CiscoWorks Common Services 3.0.3 th ...)
	NOT-FOR-US: Cisco CiscoWorks Common Services
CVE-2008-2053 (Unspecified vulnerability in Cisco Unified Customer Voice Portal (CVP) ...)
	NOT-FOR-US: Cisco Unified Customer Voice Portal
CVE-2008-2052 (Open redirect vulnerability in redirect.php in Bitrix Site Manager 6.5 ...)
	NOT-FOR-US: Bitrix Site Manager
CVE-2008-2049 (The POP3 server (EPSTPOP3S.EXE) 4.22 in E-Post Mail Server 4.10 allows ...)
	NOT-FOR-US: E-Post Mail Server
CVE-2008-2048 (Cross-site scripting (XSS) vulnerability in hpz/admin/Default.asp in A ...)
	NOT-FOR-US: Angelo-Emlak
CVE-2008-2047 (Multiple SQL injection vulnerabilities in Angelo-Emlak 1.0 allow remot ...)
	NOT-FOR-US: Angelo-Emlak
CVE-2008-2046 (Cross-site scripting (XSS) vulnerability in index.php in Softpedia Sit ...)
	NOT-FOR-US: Softpedia
CVE-2008-2045 (Absolute path traversal vulnerability in SugarCRM Sugar Community Edit ...)
	- sugarcrm-ce-5.0 <itp> (bug #457876)
CVE-2008-2044 (includes/library.php in netOffice Dwins 1.3 p2 compares the demoSessio ...)
	NOT-FOR-US: netOffice Dwins
CVE-2008-2043 (Multiple cross-site request forgery (CSRF) vulnerabilities in cPanel,  ...)
	NOT-FOR-US: cPanel
CVE-2008-2085 (Multiple stack-based buffer overflows in the (1) get_remote_ip_media a ...)
	- sip-tester 2.0.1-1.2 (low; bug #479039)
	[etch] - sip-tester <no-dsa> (Minor issue)
CVE-2008-2051 (The escapeshellcmd API function in PHP before 5.2.6 has unknown impact ...)
	{DSA-1578-1 DSA-1572-1 DTSA-135-1}
	- php5 5.2.6-1
	NOTE: http://www.php.net/ChangeLog-5.php
	NOTE: http://web.archive.org/web/20120524033327/http://www.sektioneins.de/advisories/SE-2008-03.txt
CVE-2008-2050 (Stack-based buffer overflow in the FastCGI SAPI (fastcgi.c) in PHP bef ...)
	{DSA-1572-1 DTSA-135-1}
	- php5 5.2.6-1
	NOTE: php4 not affected, the vulnerable code isn't present
	NOTE: http://www.php.net/ChangeLog-5.php
CVE-2008-2042 (The Javascript API in Adobe Acrobat Professional 7.0.9 and possibly 8. ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2008-2039
	REJECTED
CVE-2008-2038 (Multiple SQL injection vulnerabilities in admin/adminindex.php in Turn ...)
	NOT-FOR-US: Tunkey WebTools
CVE-2008-2037 (Multiple cross-site scripting (XSS) vulnerabilities in EditeurScripts  ...)
	NOT-FOR-US: EidteurScripts
CVE-2008-2036 (SQL injection vulnerability in index.php in dream4 Koobi Pro 6.25 allo ...)
	NOT-FOR-US: Koobi Pro
CVE-2008-2035 (Cross-site scripting (XSS) vulnerability in the Bluemoon, Inc. (1) Bac ...)
	NOT-FOR-US: Bluemoon
CVE-2008-2034 (SQL injection vulnerability in wp-download_monitor/download.php in the ...)
	NOT-FOR-US: wordpress Download Monitor 2.0.6 plugin
CVE-2008-2033
	REJECTED
CVE-2008-2032 (The FTP service in Acritum Femitter Server 1.03 allows remote attacker ...)
	NOT-FOR-US: Acritum Femitter Server
CVE-2008-2031 (VicFTPS 5.0 allows remote attackers to cause a denial of service (cras ...)
	NOT-FOR-US: VicFTPS
CVE-2008-2030 (Cross-site scripting (XSS) vulnerability in installControl.php3 in F5  ...)
	NOT-FOR-US: FirePass
CVE-2008-2029 (Multiple SQL injection vulnerabilities in (1) setup_mysql.php and (2)  ...)
	NOT-FOR-US: miniBB
CVE-2008-2028 (miniBB 2.2, and possibly earlier, when register_globals is enabled, al ...)
	NOT-FOR-US: miniBB
CVE-2008-2027 (Open redirect vulnerability in WebID/IISWebAgentIF.dll in RSA Authenti ...)
	NOT-FOR-US: RSA Authentication Agent
CVE-2008-2026 (Cross-site scripting (XSS) vulnerability in WebID/IISWebAgentIF.dll in ...)
	NOT-FOR-US: RSA Authentication Agent
CVE-2008-2025 (Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9 ...)
	- libstruts1.2-java 1.2.9-3.1 (low; bug #528352)
	[lenny] - libstruts1.2-java <no-dsa> (Minor issue)
CVE-2008-2024 (Cross-site scripting (XSS) vulnerability in index.php in miniBB 2.2, a ...)
	NOT-FOR-US: miniBB
CVE-2008-2023 (Multiple SQL injection vulnerabilities in PD9 Software MegaBBS 2.2 all ...)
	NOT-FOR-US: MegaBBS
CVE-2008-2022 (Mulatiple cross-site scripting (XSS) vulnerabilities in PD9 Software M ...)
	NOT-FOR-US: MegaBBS
CVE-2008-2021 (Heap-based buffer overflow in Lhaplus before 1.57 allows remote attack ...)
	NOT-FOR-US: Lhaplus
CVE-2008-2020 (The CAPTCHA implementation as used in (1) Francisco Burzi PHP-Nuke 7.0 ...)
	NOT-FOR-US: PHP-Nuke
CVE-2008-2019 (Simple Machines Forum (SMF), probably 1.1.4, relies on "randomly gener ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2008-2018 (The AssignUser function in template.class.php in PHPizabi 0.848b C1 HF ...)
	NOT-FOR-US: PHPizabi
CVE-2008-2017 (Directory traversal vulnerability in Chilek Content Management System  ...)
	NOT-FOR-US: Chilek Content Management System
CVE-2008-2016 (PHP remote file inclusion vulnerability in Chilek Content Management S ...)
	NOT-FOR-US: Chilek Content Management System
CVE-2008-2015 (Multiple absolute path traversal vulnerabilities in certain ActiveX co ...)
	NOT-FOR-US: WatchFire
CVE-2008-2014 (Mozilla Firefox 3.0 beta 5 allows remote attackers to cause a denial o ...)
	- iceweasel <removed> (unimportant)
	NOTE: Browser crashes / hangs not treated as security issues
CVE-2008-2013 (SQL injection vulnerability in index.php in the pnFlashGames 1.5 throu ...)
	NOT-FOR-US: pnFlashGames
CVE-2008-2012 (SQL injection vulnerability in index.php in the PostSchedule 1.0 modul ...)
	NOT-FOR-US: PostSchedule
CVE-2008-2011 (Cross-site scripting (XSS) vulnerability in the National Rail Enquirie ...)
	NOT-FOR-US: National Rail Enquiries Live Departure Boards gadget
CVE-2008-2010 (Unspecified vulnerability in Apple QuickTime Player on Windows XP SP2  ...)
	NOT-FOR-US: Windows
CVE-2008-2009 (Xiph.org libvorbis before 1.0 does not properly check for underpopulat ...)
	- libvorbisidec 1.0.2+svn18153-0.1 (bug #669196)
	[squeeze] - libvorbisidec <no-dsa> (Minor issue, no dev-deps)
	- libvorbis 1.2.0.dfsg-4 (bug #482039)
	[etch] - libvorbis <not-affected> (actual vulnerability fixed pre-1.0)
	[lenny] - libvorbis <not-affected> (actual vulnerability fixed pre-1.0)
	NOTE: additional hardening features have already been added to the unstable
	NOTE: packages that would be useful to have in stable, so proposing as spu/ospu
CVE-2008-2008 (Buffer overflow in the Display Names message feature in Cerulean Studi ...)
	NOT-FOR-US: Cerulean Studios Trillian Basic
CVE-2008-2007
	REJECTED
CVE-2008-2006 (Apple iCal 3.0.1 on Mac OS X allows remote CalDAV servers, and user-as ...)
	NOT-FOR-US: Apple iCal
CVE-2008-2005 (The SuiteLink Service (aka slssvc.exe) in WonderWare SuiteLink before  ...)
	NOT-FOR-US: SuiteLink
CVE-2008-2004 (The drive_init function in QEMU 0.9.1 determines the format of a raw d ...)
	{DTSA-133-1}
	- qemu 0.9.1-5
	- kvm 66+dfsg-1.1 (bug #481204)
	- xen-3 3.4.0-1 (bug #490409)
	- xen-unstable <removed> (bug #490411)
	- xen-3.0 <removed>
CVE-2008-2003 (BadBlue 2.72 Personal Edition stores multiple programs in the web docu ...)
	NOT-FOR-US: BadBlue
CVE-2008-2002 (Multiple cross-site request forgery (CSRF) vulnerabilities on Motorola ...)
	NOT-FOR-US: Motorola software
CVE-2008-2001 (Apple Safari 3.1.1 allows remote attackers to cause a denial of servic ...)
	NOT-FOR-US: Apple Safari
CVE-2008-2000 (Unspecified vulnerability in Apple Safari 3.1.1 allows remote attacker ...)
	NOT-FOR-US: Apple Safari
CVE-2008-1999 (Apple Safari 3.1.1 allows remote attackers to spoof the address bar by ...)
	NOT-FOR-US: Apple Safari
CVE-2008-1998 (The NNSTAT (aka SYSPROC.NNSTAT) procedure in IBM DB2 8 before FP16, 9. ...)
	NOT-FOR-US: Windows specific
CVE-2008-1997 (Unspecified vulnerability in the ADMIN_SP_C2 procedure in IBM DB2 8 be ...)
	NOT-FOR-US: IBM DB2
CVE-2008-1996 (licq before 1.3.6 allows remote attackers to cause a denial of service ...)
	- licq 1.3.5-6 (low; bug #479036)
	[etch] - licq <no-dsa> (Minor issue)
CVE-2008-1995 (Sun Java System Directory Proxy Server 6.0, 6.1, and 6.2 classifies a  ...)
	NOT-FOR-US: Sun Java System Directory Proxy Server
CVE-2008-1994 (Multiple stack-based buffer overflows in (a) acon.c, (b) menu.c, and ( ...)
	- acon 1.0.5-6.1 (low; bug #475733)
CVE-2008-1993 (Acidcat CMS 3.4.1 does not restrict access to the FCKEditor component, ...)
	NOT-FOR-US: Acidcat
CVE-2008-1992 (Acidcat CMS 3.4.1 does not properly restrict access to (1) default_mai ...)
	NOT-FOR-US: Acidcat
CVE-2008-1991 (Cross-site scripting (XSS) vulnerability in admin_colors_swatch.asp in ...)
	NOT-FOR-US: Acidcat
CVE-2008-1990 (Multiple SQL injection vulnerabilities in Acidcat CMS 3.4.1 allow remo ...)
	NOT-FOR-US: Acidcat
CVE-2008-1989 (PHP remote file inclusion vulnerability in 123flashchat.php in the 123 ...)
	NOT-FOR-US: Flash Chat
CVE-2008-1988 (Unrestricted file upload vulnerability in the file_upload function in  ...)
	NOT-FOR-US: EncapsGallery
CVE-2008-1987 (Cross-site scripting (XSS) vulnerability in search.php in EncapsGaller ...)
	NOT-FOR-US: EncapsGallery
CVE-2008-1986 (Cross-site scripting (XSS) vulnerability in liste_article.php in Blog  ...)
	NOT-FOR-US: PixelMotion
CVE-2008-1985 (Cross-site scripting (XSS) vulnerability in base.php in DigitalHive 2. ...)
	NOT-FOR-US: DigitalHive
CVE-2008-1984 (The eTrust Common Services (Transport) Daemon (eCSqdmn) in CA Secure C ...)
	NOT-FOR-US: eTrust
CVE-2008-1983 (Cross-site scripting (XSS) vulnerability in Advanced Electron Forum (A ...)
	NOT-FOR-US: Advanced Electron Forum (AEF)
CVE-2008-1982 (SQL injection vulnerability in ss_load.php in the Spreadsheet (wpSS) 0 ...)
	NOT-FOR-US: Wordpress Spreadsheet plugin
CVE-2008-1981 (Cross-site request forgery (CSRF) vulnerability in E-Publish 5.x befor ...)
	NOT-FOR-US: e-publish
CVE-2008-1980 (Cross-site scripting (XSS) vulnerability in E-Publish 5.x before 5.x-1 ...)
	NOT-FOR-US: e-publish
CVE-2008-1979 (The Discovery Service (casdscvc) in CA ARCserve Backup 12.0.5454.0 and ...)
	NOT-FOR-US: CA ARCserve Backup
CVE-2008-1978 (Cross-site scripting (XSS) vulnerability in the Ubercart 5.x before 5. ...)
	NOT-FOR-US: Ubercart
CVE-2008-1977 (Cross-site request forgery (CSRF) vulnerability in the Internationaliz ...)
	NOT-FOR-US: Drupal internationalization and localizer module
CVE-2008-1976 (Multiple cross-site scripting (XSS) vulnerabilities in the Drupal modu ...)
	NOT-FOR-US: Drupal internationalization and localizer module
CVE-2008-1975 (SQL injection vulnerability in index.php in E-RESERV 2.1 allows remote ...)
	NOT-FOR-US: E-RESERV
CVE-2008-1973 (Heap-based buffer overflow in SubEdit Player build 4056 and 4066 allow ...)
	NOT-FOR-US: SubEdit Player
CVE-2008-1972 (Multiple cross-site scripting (XSS) vulnerabilities in the user accoun ...)
	NOT-FOR-US: Exponent CMS
CVE-2008-1971 (phShoutBox Final 1.5 and earlier only checks passwords when specified  ...)
	NOT-FOR-US: phShoutBox
CVE-2008-1970 (muCommander before 0.8.2 stores credentials.xml with insecure permissi ...)
	NOT-FOR-US: muCommander
CVE-2008-1969 (Multiple cross-site scripting (XSS) vulnerabilities in Cezanne 6.5.1 a ...)
	NOT-FOR-US: Cezanne
CVE-2008-1968 (Multiple SQL injection vulnerabilities in Cezanne 7 allow remote authe ...)
	NOT-FOR-US: Cezanne
CVE-2008-1967 (Cross-site scripting (XSS) vulnerability in CFLogon/CFLogon.asp in Cez ...)
	NOT-FOR-US: Cezanne
CVE-2008-1966 (Multiple buffer overflows in the JAR file administration routines in t ...)
	NOT-FOR-US: Windows specific
CVE-2008-1965 (Argument injection vulnerability in the cai: URI handler in rcplaunche ...)
	NOT-FOR-US: Lotus Expeditor
CVE-2008-1964
	- xine-lib <not-affected> (nsf support disabled by maintainer)
	NOTE: xine-lib (1.1.12) uses strndup to allocate the needed memory and limits it to 32 bytes
	NOTE: while copyright is 100 bytes long (+ padding for chunks)
CVE-2008-1963 (PHP remote file inclusion vulnerability in includes/functions.php in Q ...)
	NOT-FOR-US: Quate Grape Web Statistics
CVE-2008-1962 (Multiple directory traversal vulnerabilities in Aterr 0.9.1 allow remo ...)
	NOT-FOR-US: Aterr
CVE-2008-1961 (SQL injection vulnerability in index.php in Voice Of Web AllMyGuests 0 ...)
	NOT-FOR-US: Voice Of Web AllMyGuests
CVE-2008-1960 (Cross-site scripting (XSS) vulnerability in cgi-bin/contray/search.cgi ...)
	NOT-FOR-US: ContRay
CVE-2008-1959 (Stack-based buffer overflow in the get_remote_video_port_media functio ...)
	- sip-tester 2.0.1-1.2 (low; bug #479039)
	[etch] - sip-tester <no-dsa> (Minor issue)
CVE-2008-1958 (Unrestricted file upload vulnerability in the ajout_cat mode in admin/ ...)
	NOT-FOR-US: Tr Script News
CVE-2008-1957 (SQL injection vulnerability in news.php in Tr Script News 2.1 allows r ...)
	NOT-FOR-US: Tr Script News
CVE-2008-2146 (wp-includes/vars.php in Wordpress before 2.2.3 does not properly extra ...)
	{DSA-1564-1}
	- wordpress 2.2.3-1
	NOTE: http://trac.wordpress.org/ticket/4748
	NOTE: fixed in DSA-1564-1
CVE-2008-2040 (Stack-based buffer overflow in the HTTP::getAuthUserPass function (cor ...)
	{DSA-1583-1 DSA-1582-1}
	- peercast 0.1218+svn20080104-1.1 (medium; bug #478573)
	- gnome-peercast <removed>
	NOTE: etch version tested with PoC, affected
CVE-2008-1974 (Cross-site scripting (XSS) vulnerability in addevent.php in Horde Kron ...)
	{DSA-1560-1}
	- kronolith2 2.1.8-1
CVE-2008-1956 (Cross-site scripting (XSS) vulnerability in index.php in Wikepage Opus ...)
	NOT-FOR-US: Wikepage Opus
CVE-2008-1955 (Cross-site scripting (XSS) vulnerability in rep.php in Martin BOUCHER  ...)
	NOT-FOR-US: Martin BOUCHER MyBoard
CVE-2008-1954 (SQL injection vulnerability in one_day.php in Web Calendar Pro 4.1 and ...)
	NOT-FOR-US: Web Calendar Pro
CVE-2008-1953 (Cross-site scripting (XSS) vulnerability in the Sitedesigner before 1. ...)
	NOT-FOR-US: Sitedesigner
CVE-2008-1952 (The backend for XenSource Xen Para Virtualized Frame Buffer (PVFB) in  ...)
	- xen-3 3.2.1-2 (medium; bug #487095)
	- xen-unstable <not-affected> (Vulnerable code not present, introduced in changeset 17630)
	NOTE: vulnerable code no longer present as of xen 3.4 (xenfb.c has been removed)
CVE-2008-1951 (Untrusted search path vulnerability in a certain Red Hat build script  ...)
	NOT-FOR-US: Red Hat issue
CVE-2008-1950 (Integer signedness error in the _gnutls_ciphertext2compressed function ...)
	{DSA-1581-1}
	- gnutls13 2.0.4-4 (low)
	- gnutls26 2.2.5-1 (low)
CVE-2008-1949 (The _gnutls_recv_client_kx_message function in lib/gnutls_kx.c in libg ...)
	{DSA-1581-1}
	- gnutls13 2.0.4-4 (low)
	- gnutls26 2.2.5-1 (low)
CVE-2008-1948 (The _gnutls_server_name_recv_params function in lib/ext_server_name.c  ...)
	{DSA-1581-1}
	- gnutls13 2.0.4-4 (medium)
	- gnutls26 2.2.5-1 (medium)
CVE-2008-1947 (Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 throug ...)
	{DSA-1593-1}
	- tomcat5.5 5.5.26-3 (low; bug #484643)
	- tomcat5 <removed>
CVE-2008-1946 (The default configuration of su in /etc/pam.d/su in GNU coreutils 5.2. ...)
	- coreutils 5.93-1
CVE-2008-1945 (QEMU 0.9.0 does not properly handle changes to removable media, which  ...)
	{DSA-1799-1}
	- qemu 0.9.1-5 (low; bug #526013)
CVE-2008-1944 (Buffer overflow in the backend framebuffer of XenSource Xen Para-Virtu ...)
	- xen-3 3.2.1-2 (medium; bug #487095)
	- xen-unstable 3.3-unstable+hg17602-1 (medium; bug #487097)
CVE-2008-1943 (Buffer overflow in the backend of XenSource Xen Para Virtualized Frame ...)
	- xen-3 3.2.1-2 (medium; bug #487095)
	- xen-unstable 3.3-unstable+hg17602-1 (medium; bug #487097)
CVE-2008-1942 (Foxit Reader 2.2 allows remote attackers to cause a denial of service  ...)
	NOT-FOR-US: Foxit Reader
CVE-2008-1941 (Cross-site scripting (XSS) vulnerability in the profile update feature ...)
	NOT-FOR-US: Akiva WebBoard
CVE-2008-1940 (The RBAC functionality in grsecurity before 2.1.11-2.6.24.5 and 2.1.11 ...)
	- linux-patch-grsecurity2 2.1.11+2.6.24.5+200804211829-1 (bug #478133)
CVE-2008-1939 (Multiple SQL injection vulnerabilities in W1L3D4 Philboard 1.0 allow r ...)
	NOT-FOR-US: W1L3D4 Philboard
CVE-2008-1938 (Sony Mylo COM-2 Japanese model firmware before 1.002 does not properly ...)
	NOT-FOR-US: Sony firmware
CVE-2008-1937 (The user form processing (userform.py) in MoinMoin before 1.6.3, when  ...)
	- moin 1.6.3-1
	[etch] - moin <not-affected> (1.5.x is not affected)
	NOTE: acl_hierarchic was introduced in 1.6.0
	NOTE: userform processing issue was introduced in 1.6.1
CVE-2008-1936 (SQL injection vulnerability in index.php in Classifieds Caffe allows r ...)
	NOT-FOR-US: Classifieds Caffe
CVE-2008-1935 (SQL injection vulnerability in the Filiale 1.0.4 component for Joomla! ...)
	NOT-FOR-US: Filiale
CVE-2008-1934 (SQL injection vulnerability in commentaires.php in Crazy Goomba 1.2.1  ...)
	NOT-FOR-US: Crazy Goomba
CVE-2008-1933 (Absolute path traversal vulnerability in a certain ActiveX control in  ...)
	NOT-FOR-US: Zune
CVE-2008-1932 (Integer overflow in Realtek HD Audio Codec Drivers RTKVHDA.sys and RTK ...)
	NOT-FOR-US: Realtek HD Audio Codec
CVE-2008-1931 (Realtek HD Audio Codec Drivers RTKVHDA.sys and RTKVHDA64.sys before 6. ...)
	NOT-FOR-US: Realtek HD Audio Codec
CVE-2008-1929
	RESERVED
CVE-2008-1928 (Buffer overflow in Imager 0.42 through 0.63 allows attackers to cause  ...)
	- libimager-perl 0.64-1
CVE-2008-1926 (Argument injection vulnerability in login (login-utils/login.c) in uti ...)
	{DTSA-126-1}
	- util-linux 2.13.1.1-1 (low; bug #478135)
	[etch] - util-linux <not-affected> (Audit support not available in Etch's version)
CVE-2008-1923 (The IAX2 channel driver (chan_iax2) in Asterisk 1.2 before revision 72 ...)
	- asterisk 1:1.4.19.1~dfsg-1 (medium)
	[etch] - asterisk <end-of-life> (Etch Packages no longer covered by security support)
CVE-2008-1922 (Multiple stack-based buffer overflows in Sarg might allow attackers to ...)
	- sarg 2.2.4-1
CVE-2008-1921 (SQL injection vulnerability in store_pages/category_list.php in 5th Av ...)
	NOT-FOR-US: 5th Avenue Shopping Cart
CVE-2008-1920 (Heap-based buffer overflow in the boxelyRenderer module in the Persona ...)
	NOT-FOR-US: ICQ
CVE-2008-1919 (SQL injection vulnerability in listtest.php in YourFreeWorld Apartment ...)
	NOT-FOR-US: YourFreeWorld Apartment Search Script
CVE-2008-1918 (SQL injection vulnerability in submit.php in PHP-Fusion 6.01.14 and 6. ...)
	NOT-FOR-US: PHP-Fusion
CVE-2008-1917 (Multiple cross-site scripting (XSS) vulnerabilities in AMFPHP 1.2 allo ...)
	NOT-FOR-US: AMFPHP
CVE-2008-1916 (Multiple cross-site scripting (XSS) vulnerabilities in the Ubercart 5. ...)
	NOT-FOR-US: Ubercart (drupal module)
CVE-2008-1915 (SQL injection vulnerability in view.asp in DevWorx BlogWorx 1.0 allows ...)
	NOT-FOR-US: BlogWorx
CVE-2008-1930 (The cookie authentication method in WordPress 2.5 relies on a hash of  ...)
	- wordpress 2.5.1-1 (medium; bug #477910)
	NOTE: only exploitable in blogs that allow user registering
	[etch] - wordpress <not-affected> (Vulnerable code was introduced in 2.5)
CVE-2008-1927 (Double free vulnerability in Perl 5.8.8 allows context-dependent attac ...)
	{DSA-1556-2}
	- perl 5.10.0-1 (bug #454792)
CVE-2008-1925 (Buffer overflow in InspIRCd before 1.1.18, when using the namesx and u ...)
	- inspircd 1.1.18+dfsg-1 (low)
CVE-2008-1924 (Unspecified vulnerability in phpMyAdmin before 2.11.5.2, when running  ...)
	{DSA-1557-1}
	- phpmyadmin 4:2.11.5.2-1
	NOTE: https://www.phpmyadmin.net/security/PMASA-2008-3/
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/79fe2890d28076d9406f7032198109ecd22866a6
CVE-2008-1914 (Stack-based buffer overflow in the AntServer module (AntServer.exe) in ...)
	NOT-FOR-US: BigAnt Messenger
CVE-2008-1913 (SQL injection vulnerability in index.php in Lasernet CMS 1.5 and 1.11, ...)
	NOT-FOR-US: Lasernet CMS
CVE-2008-1912 (Stack-based buffer overflow in DivX Player 6.7 build 6.7.0.22 and earl ...)
	NOT-FOR-US: DivX Player
CVE-2008-1911 (SQL injection vulnerability in includes/system.php in 1024 CMS 1.4.2 b ...)
	NOT-FOR-US: 1024 CMS
CVE-2008-1910 (Stack-based buffer overflow in the database service (ibserver.exe) in  ...)
	NOT-FOR-US: Borland InterBase
CVE-2008-1909 (SQL injection vulnerability in comment.php in PHP Knowledge Base (PHPK ...)
	NOT-FOR-US: PHPKB
CVE-2008-1908 (Multiple directory traversal vulnerabilities in cpCommerce 1.1.0 allow ...)
	NOT-FOR-US: cpCommerce
CVE-2008-1907 (Multiple SQL injection vulnerabilities in functions/display_page.func. ...)
	NOT-FOR-US: cpCommerce
CVE-2008-1906 (Cross-site scripting (XSS) vulnerability in calendar.php in cpCommerce ...)
	NOT-FOR-US: cpCommerce
CVE-2008-1905 (NMMediaServer.exe in Nero MediaHome 3.3.3.0 and earlier, as used in Ne ...)
	NOT-FOR-US: Nero MediaHome
CVE-2008-1904 (Cicoandcico CcMail 1.0.1 and earlier does not verify that the this_coo ...)
	NOT-FOR-US: CcMail
CVE-2008-1903 (PHP remote file inclusion vulnerability in news_show.php in Newanz New ...)
	NOT-FOR-US: Newanz NewsOffice
CVE-2008-1902 (The GUI for aptlinex before 0.91 does not sufficiently warn the user o ...)
	- aptlinex 0.91-1 (low; bug #476572)
	NOTE: the user gets a confirmation dialog
CVE-2008-1901 (aptlinex before 0.91 allows local users to overwrite arbitrary files v ...)
	- aptlinex 0.91-1 (medium; bug #476588)
	NOTE: code execution via /tmp/gambas-apt-exec is also possible, maintainer confirmed this
CVE-2008-1900 (option_Update.asp in Carbon Communities 2.4 and earlier allows remote  ...)
	NOT-FOR-US: Carbon Communities
CVE-2008-1899
	RESERVED
CVE-2008-1898 (A certain ActiveX control in WkImgSrv.dll 7.03.0616.0, as distributed  ...)
	NOT-FOR-US: Microsoft Works
CVE-2008-1897 (The IAX2 channel driver (chan_iax2) in Asterisk Open Source 1.0.x, 1.2 ...)
	{DSA-1563-1}
	- asterisk 1:1.4.19.1~dfsg-1 (medium)
CVE-2008-1896 (Multiple cross-site scripting (XSS) vulnerabilities in Carbon Communit ...)
	NOT-FOR-US: Carbon Communities
CVE-2008-1895 (Multiple SQL injection vulnerabilities in Carbon Communities 2.4 and e ...)
	NOT-FOR-US: Carbon Communities
CVE-2008-1894 (Cross-site scripting (XSS) vulnerability in desktoplaunch/InfoView/log ...)
	NOT-FOR-US: BusinessObjects InfoView
CVE-2008-1893 (PHP remote file inclusion vulnerability in index.php in W2B Online Ban ...)
	NOT-FOR-US: W2B Online Banking
CVE-2008-1892 (Cross-site scripting (XSS) vulnerability in bs_auth.php in Blogator-sc ...)
	NOT-FOR-US: Blogator-script
CVE-2008-1891 (Directory traversal vulnerability in WEBrick in Ruby 1.8.4 and earlier ...)
	- ruby1.8 1.8.7.22-1 (unimportant)
	- ruby1.9 1.9.0.2-1 (unimportant)
	NOTE: corner-case only exploitable if web application is run on windows fs
CVE-2008-1890 (SQL injection vulnerability in the Jom Comment 2.0 build 345 component ...)
	NOT-FOR-US: Jom Comment for Joomla!
CVE-2008-1889 (SQL injection vulnerability in viewcat.php in XplodPHP AutoTutorials 2 ...)
	NOT-FOR-US: XplodPHP AutoTutorials
CVE-2008-1888 (Cross-site scripting (XSS) vulnerability in Microsoft Windows SharePoi ...)
	NOT-FOR-US: Windows
CVE-2008-1886 (The NeffyLauncher 1.0.5 ActiveX control (NeffyLauncher.dll) in CDNetwo ...)
	NOT-FOR-US: CDNetworks Nefficient Download
CVE-2008-1885 (Directory traversal vulnerability in the NeffyLauncher 1.0.5 ActiveX c ...)
	NOT-FOR-US: NeffyLauncher
CVE-2008-1884 (Directory traversal vulnerability in index.php in Wikepage Opus 13 200 ...)
	NOT-FOR-US: Wikepage
CVE-2008-1883 (The server in Blackboard Academic Suite 7.x stores MD5 password hashes ...)
	NOT-FOR-US: Blackboard Academic Suite
CVE-2008-1882
	RESERVED
CVE-2008-1881 (Stack-based buffer overflow in the ParseSSA function (modules/demux/su ...)
	{DSA-1819-1 DTSA-125-1}
	- vlc 0.8.6.e-2.1 (medium; bug #477805)
CVE-2008-1880 (The default configuration of Firebird before 2.0.3.12981.0-r6 on Gento ...)
	- firebird2 <removed>
	[etch] - firebird2 <no-dsa> (Firebird 1.5 no longer supported, see last DSA)
	- firebird2.0 2.0.3.12981.ds1-14 (bug #481389)
	NOTE: on debian after the installation firebird2.0-super is disabled, to enable it
	NOTE: you need to call dpkg-reconfigure
CVE-2008-1879
	REJECTED
CVE-2008-2041 (Multiple unspecified vulnerabilities in eGroupWare before 1.4.004 have ...)
	- egroupware 1.4.004-2.dfsg-1 (bug #476977)
CVE-2008-1876 (PHP remote file inclusion vulnerability in index.php in VisualPic 0.3. ...)
	NOT-FOR-US: VisualPic
CVE-2008-1875 (SQL injection vulnerability in index.php in Terong PHP Photo Gallery ( ...)
	NOT-FOR-US: Terong PHP Photo Gallery
CVE-2008-1874 (SQL injection vulnerability in account/user/mail.html in Xpoze Pro 3.0 ...)
	NOT-FOR-US: Xpoze Pro
CVE-2008-1873 (Cross-site scripting (XSS) vulnerability in the private message featur ...)
	NOT-FOR-US: Nuke ET
CVE-2008-1872 (SQL injection vulnerability in home.news.php in Comdev News Publisher  ...)
	NOT-FOR-US: Comdev News Publisher
CVE-2008-1871 (SQL injection vulnerability in links.php in Scriptsagent.com Links Dir ...)
	NOT-FOR-US: Scriptsagent.com
CVE-2008-1870 (SQL injection vulnerability in getdata.php in PIGMy-SQL 1.4.1 and earl ...)
	NOT-FOR-US: PIGMy-SQL
CVE-2008-1869 (SQL injection vulnerability in Site Sift Listings allows remote attack ...)
	NOT-FOR-US: Site Sift Listings
CVE-2008-1868 (admin/sauvBase.php in Blog Pixel Motion (aka Blog PixelMotion) does no ...)
	NOT-FOR-US: Blog Pixel Motion
CVE-2008-1867 (SQL injection vulnerability in Blog Pixel Motion (aka Blog PixelMotion ...)
	NOT-FOR-US: Blog Pixel Motion
CVE-2008-1866 (admin/modif_config.php in Blog Pixel Motion (aka PixelMotion) does not ...)
	NOT-FOR-US: Blog Pixel Motion
CVE-2008-1865 (Stack-based buffer overflow in the msx_readnode function in libmosix.c ...)
	NOT-FOR-US: openmosix-tools
CVE-2008-1864 (SQL injection vulnerability in project.php in Prozilla Freelancers all ...)
	NOT-FOR-US: Prozilla Freelancers
CVE-2008-1863 (SQL injection vulnerability in view_reviews.php in Prozilla Cheat Scri ...)
	NOT-FOR-US: Prozilla Cheat Script
CVE-2008-1862 (ExBB Italia 0.22 and earlier only checks GET requests that use the QUE ...)
	NOT-FOR-US: ExBB Italia
CVE-2008-1861 (Directory traversal vulnerability in modules/threadstop/threadstop.php ...)
	NOT-FOR-US: ExBB Italia
CVE-2008-1860 (Static code injection vulnerability in admin.php in LokiCMS 0.3.3 and  ...)
	NOT-FOR-US: LokiCMS
CVE-2008-1859 (SQL injection vulnerability in events.php in iScripts SocialWare allow ...)
	NOT-FOR-US: iScripts SocialWare
CVE-2008-1858 (SQL injection vulnerability in index.php in 724Networks 724CMS 4.01 an ...)
	NOT-FOR-US: 724Networks 724CMS
CVE-2008-1857 (Multiple directory traversal vulnerabilities in viewsource.php in Make ...)
	NOT-FOR-US: Mole
CVE-2008-1856 (plugins/maps/db_handler.php in LinPHA 1.3.3 and earlier does not requi ...)
	NOT-FOR-US: LinPHA
CVE-2008-1855 (FrameworkService.exe in McAfee Common Management Agent (CMA) 3.6.0.574 ...)
	NOT-FOR-US: McAfee
CVE-2008-1854 (Unspecified vulnerability in SmarterMail Web Server (SMWebSvr.exe) in  ...)
	NOT-FOR-US: SmarterMail Web Server
CVE-2008-1853 (The ovtopmd service in HP OpenView Network Node Manager (OV NNM) 7.51, ...)
	NOT-FOR-US: HP OpenView
CVE-2008-1852 (ovalarmsrv in HP OpenView Network Node Manager (OV NNM) 7.51, 7.53, an ...)
	NOT-FOR-US: HP OpenView
CVE-2008-1851 (ovalarmsrv in HP OpenView Network Node Manager (OV NNM) 7.51, 7.53, an ...)
	NOT-FOR-US: HP OpenView
CVE-2008-1850 (Multiple cross-site scripting (XSS) vulnerabilities in login.php in Om ...)
	NOT-FOR-US: Omnistar Interactive OSI Affiliate
CVE-2008-1849 (Directory traversal vulnerability in index.php in the joomlaXplorer (c ...)
	NOT-FOR-US: com_joomlaxplorer Mambo/Joomla! component
CVE-2008-1848 (Cross-site scripting (XSS) vulnerability in the joomlaXplorer (com_joo ...)
	NOT-FOR-US: com_joomlaxplorer Mambo/Joomla!
CVE-2008-1847 (SQL injection vulnerability in view.php in CoronaMatrix phpAddressBook ...)
	NOT-FOR-US: phpAddressBook
CVE-2008-1846 (The default configuration of SAP NetWeaver before 7.0 SP15 does not en ...)
	NOT-FOR-US: SAP
CVE-2008-1845 (The Korn shell (aka mksh) before R33d on MirOS (aka MirBSD) does not f ...)
	- mksh 33.4-1 (low)
	[etch] - mksh 28.0-3
CVE-2008-1844 (SQL injection vulnerability in cat.php in W2B phpHotResources allows r ...)
	NOT-FOR-US: W2B phpHotResources
CVE-2008-1843 (SQL injection vulnerability in browse.php in W2B DatingClub (aka Datin ...)
	NOT-FOR-US: W2B DatingClub
CVE-2008-1842 (Integer signedness error in ovspmd.exe in HP OpenView Network Node Man ...)
	NOT-FOR-US: HP OpenView
CVE-2008-1841 (SQL injection vulnerability in the session handling functionality in b ...)
	NOT-FOR-US: Coppermine
CVE-2008-1840 (SQL injection vulnerability in upload.php in Coppermine Photo Gallery  ...)
	NOT-FOR-US: Coppermine
CVE-2008-1839 (Multgiple cross-site scripting (XSS) vulnerabilities in module/main.ph ...)
	NOT-FOR-US: WORK system e-commerce
CVE-2008-1838 (SQL injection vulnerability in BosClassifieds Classified Ads System 3. ...)
	NOT-FOR-US: BosClassifieds Classified Ads System
CVE-2008-1836 (The rfc2231 function in message.c in libclamav in ClamAV before 0.93 a ...)
	- clamav <not-affected> (Vulnerable code introduced later, checked back with upstream)
CVE-2008-1834 (swfdec_load_object.c in Swfdec before 0.6.4 does not properly restrict ...)
	- swfdec0.6 0.6.4-1 (low)
	- swfdec0.5 <removed> (low; bug #477037)
CVE-2008-1833 (Heap-based buffer overflow in pe.c in libclamav in ClamAV 0.92.1 allow ...)
	{DSA-1549-1}
	- clamav 0.92.1~dfsg2-1.1 (medium; bug #476694)
CVE-2008-1878 (Stack-based buffer overflow in the demux_nsf_send_chunk function in sr ...)
	{DSA-1586-1 DTSA-128-1}
	- xine-lib 1.1.12-2 (medium; bug #476990)
	NOTE: not patched but disabled in testing/unstable
CVE-2008-1831 (Multiple unspecified vulnerabilities in the Siebel SimBuilder componen ...)
	NOT-FOR-US: Oracle Siebel Enterprise
CVE-2008-1830 (Unspecified vulnerability in the PeopleSoft HCM ePerformance component ...)
	NOT-FOR-US: Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne
CVE-2008-1829 (Unspecified vulnerability in the PeopleSoft HCM Recruiting component i ...)
	NOT-FOR-US: Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne
CVE-2008-1828 (Unspecified vulnerability in the PeopleSoft PeopleTools component in O ...)
	NOT-FOR-US: Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne
CVE-2008-1827 (Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.1 ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2008-1826 (Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.1 ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2008-1825 (Unspecified vulnerability in the Oracle Portal component in Oracle App ...)
	NOT-FOR-US: Oracle
CVE-2008-1824 (Unspecified vulnerability in the Oracle Dynamic Monitoring Service com ...)
	NOT-FOR-US: Oracle
CVE-2008-1823 (Unspecified vulnerability in the Oracle Jinitiator component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2008-1822 (Unspecified vulnerability in the Oracle Application Express component  ...)
	NOT-FOR-US: Oracle
CVE-2008-1821 (Unspecified vulnerability in the Advanced Queuing component in Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2008-1820 (Unspecified vulnerability in the Data Pump component in Oracle Databas ...)
	NOT-FOR-US: Oracle
CVE-2008-1819 (Unspecified vulnerability in the Oracle Net Services component in Orac ...)
	NOT-FOR-US: Oracle
CVE-2008-1818 (Unspecified vulnerability in the Authentication component in Oracle Da ...)
	NOT-FOR-US: Oracle
CVE-2008-1817 (Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5 FIPS+, ...)
	NOT-FOR-US: Oracle
CVE-2008-1816 (Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 and 1 ...)
	NOT-FOR-US: Oracle
CVE-2008-1815 (Unspecified vulnerability in the Change Data Capture component in Orac ...)
	NOT-FOR-US: Oracle
CVE-2008-1814 (Unspecified vulnerability in the Oracle Secure Enterprise Search or Ul ...)
	NOT-FOR-US: Oracle
CVE-2008-1813 (Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5 FIPS+, ...)
	NOT-FOR-US: Oracle
CVE-2008-1812 (Unspecified vulnerability in the Oracle Enterprise Manager component i ...)
	NOT-FOR-US: Oracle
CVE-2008-1811 (Unspecified vulnerability in Oracle Application Express 3.0.1 has unsp ...)
	NOT-FOR-US: Oracle
CVE-2008-1810 (Untrusted search path vulnerability in dbmsrv in SAP MaxDB 7.6.03.15 o ...)
	NOT-FOR-US: SAP MaxDB
CVE-2008-1809 (Heap-based buffer overflow in Novell eDirectory 8.7.3 before 8.7.3.10b ...)
	NOT-FOR-US: Novell eDirectory
CVE-2008-1808 (Multiple off-by-one errors in FreeType2 before 2.3.6 allow context-dep ...)
	{DSA-1635-1 DTSA-139-1}
	- freetype 2.3.6-1 (low; bug #485841)
CVE-2008-1807 (FreeType2 before 2.3.6 allow context-dependent attackers to execute ar ...)
	{DSA-1635-1 DTSA-139-1}
	- freetype 2.3.6-1 (medium; bug #485841)
CVE-2008-1806 (Integer overflow in FreeType2 before 2.3.6 allows context-dependent at ...)
	{DSA-1635-1 DTSA-139-1}
	- freetype 2.3.6-1 (medium; bug #485841)
CVE-2008-1805 (Incomplete blacklist vulnerability in Skype 3.6.0.248, and other versi ...)
	NOT-FOR-US: Skype
CVE-2008-1804 (preprocessors/spp_frag3.c in Sourcefire Snort before 2.8.1 does not pr ...)
	{DTSA-173-1}
	- snort 2.7.0-20 (low; bug #483160)
	[lenny] - snort 2.7.0-20.2 (low; bug #483160)
	[etch] - snort <not-affected> (Only 2.6 and 2.8 are affected)
CVE-2008-1803 (Integer signedness error in the xrealloc function (rdesktop.c) in RDes ...)
	{DSA-1573-1}
	- rdesktop 1.5.0-4+cvs20071006 (bug #480135)
CVE-2008-1802 (Buffer overflow in the process_redirect_pdu (rdp.c) function in rdeskt ...)
	{DSA-1573-1}
	- rdesktop 1.5.0-4+cvs20071006 (bug #480134)
CVE-2008-1801 (Integer underflow in the iso_recv_msg function (iso.c) in rdesktop 1.5 ...)
	{DSA-1573-1}
	- rdesktop 1.5.0-4+cvs20071006 (bug #480133)
CVE-2008-1800 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Di ...)
	NOT-FOR-US: DivXDB
CVE-2008-1799 (Directory traversal vulnerability in thumbnails.php in sabros.us 1.75  ...)
	NOT-FOR-US: sabros.us
CVE-2008-1798 (Directory traversal vulnerability in forum/kietu/libs/calendrier.php i ...)
	NOT-FOR-US: Dragoon
CVE-2008-1797 (Unspecified vulnerability in Secure Computing Webwasher 5.30 before bu ...)
	NOT-FOR-US: Secure Computing Webwasher
CVE-2008-1796 (Comix 3.6.4 creates temporary directories with predictable names, whic ...)
	- comix 3.6.4-1.1 (unimportant)
	NOTE: only exploitable with insecure umask settings
CVE-2008-1795 (Multiple cross-site scripting (XSS) vulnerabilities in Blackboard Acad ...)
	NOT-FOR-US: Blackboard Academic Suite
CVE-2008-1794 (Multiple cross-site scripting (XSS) vulnerabilities in the Webform Dru ...)
	NOT-FOR-US: Webform Drupal module
CVE-2008-1793 (Multiple cross-site scripting (XSS) vulnerabilities in view.cgi in Sma ...)
	NOT-FOR-US: Smart
CVE-2008-1792 (Cross-site scripting (XSS) vulnerability in the insertion filter in th ...)
	NOT-FOR-US: Flickr Drupal module
CVE-2008-1791 (SQL injection vulnerability in ladder.php in My Gaming Ladder 7.5 and  ...)
	NOT-FOR-US: My Gaming Ladder
CVE-2008-1790 (Unrestricted file upload vulnerability in iScripts SocialWare allows r ...)
	NOT-FOR-US: iScripts
CVE-2008-1789 (SQL injection vulnerability in forum.php in Prozilla Forum allows remo ...)
	NOT-FOR-US: Prozilla Forum
CVE-2008-1788 (SQL injection vulnerability in directory.php in Prozilla Entertainers  ...)
	NOT-FOR-US: Prozilla Entertainers
CVE-2008-1787 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Po ...)
	NOT-FOR-US: Poplar Gedcom Viewer
CVE-2008-1786 (The DSM gui_cm_ctrls ActiveX control (gui_cm_ctrls.ocx), as used in mu ...)
	NOT-FOR-US: CA products
CVE-2008-1785 (delete.php in Prozilla Top 100 1.2 allows remote authenticated users t ...)
	NOT-FOR-US: Prozilla Top 100
CVE-2008-1784 (Prozilla Topsites 1.0 allows remote attackers to perform administrativ ...)
	NOT-FOR-US: Prozilla Topsites
CVE-2008-1783 (Prozilla Reviews 1.0 allows remote attackers to delete arbitrary users ...)
	NOT-FOR-US: Prozilla Reviews
CVE-2008-1782 (phpdemo/viewsource.php in Advanced Software Engineering ChartDirector  ...)
	NOT-FOR-US: Advanced Software Engineering ChartDirector
CVE-2008-1837 (libclamunrar in ClamAV before 0.93 allows remote attackers to cause a  ...)
	- clamav <not-affected> (Debian doesn't include libunrar since it's non-free)
CVE-2008-1835 (ClamAV before 0.93 allows remote attackers to bypass the scanning engi ...)
	- clamav <not-affected> (Debian doesn't include libunrar since it's non-free)
CVE-2008-1832 (lib/prefs.tcl in Cecilia 2.0.5 allows local users to overwrite arbitra ...)
	- cecilia 2.0.5-2.1 (low; bug #476321)
	[etch] - cecilia <no-dsa> (Minor issue)
CVE-2008-1781
	REJECTED
CVE-2008-1780 (Unspecified vulnerability in the labeled networking functionality in S ...)
	NOT-FOR-US: Solaris
CVE-2008-1779 (Sun Solaris 8, 9, and 10 allows "remote privileged" users to cause a d ...)
	NOT-FOR-US: Solaris
CVE-2008-1778 (Unspecified vulnerability in the floating point context switch impleme ...)
	NOT-FOR-US: Solaris
CVE-2008-1777 (The eDirectory Host Environment service (dhost.exe) in Novell eDirecto ...)
	NOT-FOR-US: Novell eDirectory
CVE-2008-1776 (PHP remote file inclusion vulnerability in modules/basicfog/basicfogfa ...)
	NOT-FOR-US: PhpBlock
CVE-2008-1775 (Cross-site scripting (XSS) vulnerability in mindex.do in ManageEngine  ...)
	NOT-FOR-US: ManageEngine Firewall Analyzer
CVE-2008-1774 (SQL injection vulnerability in editlink.php in Pligg 9.9.0 allows remo ...)
	NOT-FOR-US: Pligg
CVE-2008-1773 (PHP remote file inclusion vulnerability in includes/header.inc.php in  ...)
	NOT-FOR-US: Dragoon
CVE-2008-1772 (iScripts SocialWare stores passwords in cleartext in a database, which ...)
	NOT-FOR-US: iScripts SocialWare
CVE-2008-1771 (Integer overflow in the ws_getpostvars function in Firefly Media Serve ...)
	{DSA-1597-1}
	- mt-daapd 0.9~r1696-1.3 (medium; bug #476241)
CVE-2008-1770 (CRLF injection vulnerability in Akamai Download Manager ActiveX contro ...)
	NOT-FOR-US: Akamai Download Manager
CVE-2008-1769 (VLC before 0.8.6f allow remote attackers to cause a denial of service  ...)
	{DSA-1819-1 DTSA-125-1}
	- vlc 0.8.6.e-2.1 (low; bug #478140)
CVE-2008-1768 (Multiple integer overflows in VLC before 0.8.6f allow remote attackers ...)
	{DSA-1819-1 DTSA-125-1}
	- vlc 0.8.6.e-2.1 (medium; bug #478140)
CVE-2008-1767 (Buffer overflow in pattern.c in libxslt before 1.1.24 allows context-d ...)
	{DSA-1589-1}
	- libxslt 1.1.24-1 (bug #482664)
CVE-2008-1766 (Multiple unspecified vulnerabilities in phpBB before 3.0.1 have unknow ...)
	- phpbb3 3.0.1-1 (low)
	- phpbb2 <not-affected> (Vulnerable code not present)
CVE-2008-1765 (Buffer overflow in Adobe Photoshop Album Starter Edition 3.2, and poss ...)
	NOT-FOR-US: Adobe
CVE-2008-1764 (Unspecified vulnerability in Opera before 9.27 has unknown impact and  ...)
	NOT-FOR-US: Opera
CVE-2008-1763 (SQL injection vulnerability in _blogadata/include/sond_result.php in B ...)
	NOT-FOR-US: Blogator-script
CVE-2008-1762 (Opera before 9.27 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Opera
CVE-2008-1761 (Opera before 9.27 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Opera
CVE-2008-1760 (Multiple PHP remote file inclusion vulnerabilities in Blogator-script  ...)
	NOT-FOR-US: Blogator-script
CVE-2008-1759 (SQL injection vulnerability in the jeuxflash module for KwsPHP allows  ...)
	NOT-FOR-US: KwsPHP
CVE-2008-1758 (SQL injection vulnerability in the ConcoursPhoto module for KwsPHP all ...)
	NOT-FOR-US: KwsPHP
CVE-2008-1757 (Cross-site scripting (XSS) vulnerability in index.php in the ConcoursP ...)
	NOT-FOR-US: KwsPHP
CVE-2008-1756 (Unspecified vulnerability in the Qmaster daemon in Sun N1 Grid Engine  ...)
	NOT-FOR-US: Sun
CVE-2008-1755 (Directory traversal vulnerability in the showSource function in showSo ...)
	NOT-FOR-US: World of Phaos
CVE-2008-1754 (Symantec Altiris Deployment Solution before 6.9.164 stores the Deploym ...)
	NOT-FOR-US: Symantec
CVE-2008-1753 (Cross-site scripting (XSS) vulnerability in system/workplace/admin/wor ...)
	NOT-FOR-US: Alkacon OpenCMS
CVE-2008-1752 (ezRADIUS 0.1 stores sensitive information under the web root with insu ...)
	NOT-FOR-US: ezRADIUS
CVE-2008-1751 (Multiple directory traversal vulnerabilities in index.php in Ksemail a ...)
	NOT-FOR-US: Ksemail
CVE-2008-1750 (SQL injection vulnerability in Integry Systems LiveCart 1.1.1 and earl ...)
	NOT-FOR-US: LiveCart
CVE-2008-1749 (Memory leak in Cisco Content Switching Module (CSM) 4.2(3) up to 4.2(8 ...)
	NOT-FOR-US: Cisco firmware
CVE-2008-1748 (Cisco Unified Communications Manager 4.1 before 4.1(3)SR7, 4.2 before  ...)
	NOT-FOR-US: Cisco firmware
CVE-2008-1747 (Unspecified vulnerability in Cisco Unified Communications Manager 4.1  ...)
	NOT-FOR-US: Cisco firmware
CVE-2008-1746 (The SNMP Trap Agent service in Cisco Unified Communications Manager (C ...)
	NOT-FOR-US: Cisco firmware
CVE-2008-1745 (Cisco Unified Communications Manager (CUCM) 5.x before 5.1(2) and 6.x  ...)
	NOT-FOR-US: Cisco firmware
CVE-2008-1744 (The Certificate Authority Proxy Function (CAPF) service in Cisco Unifi ...)
	NOT-FOR-US: Cisco firmware
CVE-2008-1743 (Memory leak in the Certificate Trust List (CTL) Provider service in Ci ...)
	NOT-FOR-US: Cisco firmware
CVE-2008-1742 (Memory leak in the Certificate Trust List (CTL) Provider service in Ci ...)
	NOT-FOR-US: Cisco firmware
CVE-2008-1741 (The SIP Proxy (SIPD) service in Cisco Unified Presence before 6.0(3) a ...)
	NOT-FOR-US: Cisco firmware
CVE-2008-1740 (The Presence Engine (PE) service in Cisco Unified Presence before 6.0( ...)
	NOT-FOR-US: Cisco firmware
CVE-2008-1739 (Apple QuickTime before 7.4.5 allows remote attackers to cause a denial ...)
	NOT-FOR-US: Apple QuickTime
CVE-2008-1738 (Rising Antivirus 2008 before 20.38.20 allows local users to cause a de ...)
	NOT-FOR-US: Rising Antivirus
CVE-2008-1737 (Sophos Anti-Virus 7.0.5, and other 7.x versions, when Runtime Behaviou ...)
	NOT-FOR-US: Sophos Anti-Virus
CVE-2008-1736 (Comodo Firewall Pro before 3.0 does not properly validate certain para ...)
	NOT-FOR-US: Comodo Firewall
CVE-2008-1735 (BitDefender Antivirus 2008 20080118 and earlier allows local users to  ...)
	NOT-FOR-US: BitDefender Antivirus
CVE-2008-1734 (Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux mi ...)
	NOT-FOR-US: PHP Toolkit (Gentoo specific)
CVE-2008-1733 (SQL injection vulnerability in puarcade.class.php 2.2 and earlier in t ...)
	NOT-FOR-US: Joomla component Pragmatic Utopia PU Arcade
CVE-2008-1732 (SQL injection vulnerability in showpredictionsformatch.php in Predicti ...)
	NOT-FOR-US: Prediction Football
CVE-2008-1731 (The Simple Access module for Drupal 5.x through 5.x-1.2-2 does not pro ...)
	NOT-FOR-US: Drupal module Simple Access
CVE-2008-1730 (Directory traversal vulnerability in download.html in ARWScripts Galle ...)
	NOT-FOR-US: ARWScripts Gallery Script Lite
CVE-2008-1729 (The menu system in Drupal 6 before 6.2 has incorrect menu settings, wh ...)
	NOT-FOR-US: Drupal 6 (not packaged yet)
CVE-2008-1728 (ConnectionManagerImpl.java in Ignite Realtime Openfire 3.4.5 allows re ...)
	NOT-FOR-US: Ignite Realtime Openfire
CVE-2008-1727 (KnowledgeQuest 2.5 and 2.6 does not require authentication for access  ...)
	NOT-FOR-US: KnowledgeQuest
CVE-2008-1726 (Multiple SQL injection vulnerabilities in KnowledgeQuest 2.6, when mag ...)
	NOT-FOR-US: KnowledgeQuest
CVE-2008-1725 (The IBizEBank.FIProfile.1 ActiveX control in fiprofile20.ocx in IBiz E ...)
	NOT-FOR-US: ActiveX
CVE-2008-1724 (Stack-based buffer overflow in the IActiveXTransfer.FileTransfer metho ...)
	NOT-FOR-US: ActiveX
CVE-2008-1723
	RESERVED
CVE-2008-1722 (Multiple integer overflows in (1) filter/image-png.c and (2) filter/im ...)
	{DSA-1625-1}
	- cups 1.3.7-2 (medium; bug #476305)
	- cupsys 1.3.7-2 (medium; bug #476305)
CVE-2008-1721 (Integer signedness error in the zlib extension module in Python 2.5.2  ...)
	{DSA-1620-1 DSA-1551-1}
	- python2.4 2.4.5-2
	- python2.5 2.5.2-3
CVE-2008-1719 (Multiple cross-site request forgery (CSRF) vulnerabilities in Nuke ET  ...)
	NOT-FOR-US: Nuke ET
CVE-2008-1718 (Buffer overflow in mimesr.dll in Autonomy (formerly Verity) KeyView, a ...)
	NOT-FOR-US: IBM Lotus Notes
CVE-2008-1717 (WoltLab Community Framework (WCF) 1.0.6 in WoltLab Burning Board 3.0.5 ...)
	NOT-FOR-US: WoltLab Community Framework
CVE-2008-1716 (Cross-site scripting (XSS) vulnerability in WoltLab Community Framewor ...)
	NOT-FOR-US: WoltLab Community Framework
CVE-2008-1715 (SQL injection vulnerability in content/user.php in AuraCMS 2.2.1 and e ...)
	NOT-FOR-US: AuraCMS
CVE-2008-1714 (SQL injection vulnerability in show.php in FaScript FaPhoto 1.0, when  ...)
	NOT-FOR-US: FaScript FaPhoto
CVE-2008-1713 (MailServer.exe in NoticeWare Email Server 4.6.1.0 allows remote attack ...)
	NOT-FOR-US: NoticeWare Email Server
CVE-2008-1712 (PHP remote file inclusion vulnerability in includes/functions_weblog.p ...)
	NOT-FOR-US: mx_blogs
CVE-2008-1711 (Terong PHP Photo Gallery (aka Advanced Web Photo Gallery) 1.0 stores p ...)
	NOT-FOR-US: Terong PHP Photo Gallery
CVE-2008-1710 (Untrusted search path vulnerability in chnfsmnt in IBM AIX 6.1 allows  ...)
	NOT-FOR-US: IBM AIX
CVE-2008-1709 (Buffer overflow in Microsoft Visual InterDev 6.0 (SP6) allows user-ass ...)
	NOT-FOR-US: Microsoft Visual InterDev
CVE-2008-1708 (IBM solidDB 06.00.1018 and earlier does not validate a certain field t ...)
	NOT-FOR-US: IBM solidDB
CVE-2008-1707 (IBM solidDB 06.00.1018 and earlier allows remote attackers to cause a  ...)
	NOT-FOR-US: IBM solidDB
CVE-2008-1706 (Uncontrolled array index in IBM solidDB 06.00.1018 and earlier allows  ...)
	NOT-FOR-US: IBM solidDB
CVE-2008-1705 (Format string vulnerability in the logging function in IBM solidDB 06. ...)
	NOT-FOR-US: IBM solidDB
CVE-2008-1887 (Python 2.5.2 and earlier allows context-dependent attackers to execute ...)
	{DSA-1620-1 DSA-1551-1}
	- python2.4 2.4.5-2
	- python2.5 2.5.2-3
CVE-2008-1877 (tss 0.8.1 allows local users to read arbitrary files via the -a parame ...)
	- tss <removed> (medium; bug #475747; bug #475736)
CVE-2008-1720 (Buffer overflow in rsync 2.6.9 to 3.0.1, with extended attribute (xatt ...)
	{DSA-1545-1}
	- rsync 3.0.2-1
	NOTE: Etch is affected (it enables the acl upstream patch)
	NOTE: http://samba.anu.edu.au/rsync/security.html#s3_0_2
CVE-2008-1704 (Multiple buffer overflows in TIBCO Software Enterprise Message Service ...)
	NOT-FOR-US: TIBCO
CVE-2008-1703 (Multiple buffer overflows in TIBCO Software Rendezvous before 8.1.0, a ...)
	NOT-FOR-US: TIBCO
CVE-2008-1702 (Absolute path traversal vulnerability in dload.php in the my_gallery 2 ...)
	NOT-FOR-US: my_gallery plugin for e107
CVE-2008-1701 (Novell NetWare 6.5 allows attackers to cause a denial of service (ABEN ...)
	NOT-FOR-US: Novell NetWare
CVE-2008-1700 (The Web TransferCtrl Class 8,2,1,4 (iManFile.cab), as used in WorkSite ...)
	NOT-FOR-US: WorkSite Web
CVE-2008-1699 (SQL injection vulnerability in permalink.php in Desi Quintans Writer's ...)
	NOT-FOR-US: Desi Quintans Writer's Block CMS
CVE-2008-1698 (Cross-site scripting (XSS) vulnerability in gallery.php in Simple Gall ...)
	NOT-FOR-US: Simple Gallery
CVE-2008-1697 (Stack-based buffer overflow in ovwparser.dll in HP OpenView Network No ...)
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2008-1696 (Directory traversal vulnerability in makepost.php in DaZPHPNews 0.1-1, ...)
	NOT-FOR-US: DaZPHPNews
CVE-2008-1695
	RESERVED
CVE-2008-1694 (vcdiff in Emacs 20.7 to 22.1.50, when used with SCCS, allows local use ...)
	- emacs21 21.4a+1-5.6 (low; bug #476612)
	[etch] - emacs21 <no-dsa> (Minor issue)
	- emacs22 22.2+2-2 (low; bug #476611)
	- xemacs21 21.4.21-4 (low; bug #476613)
	[etch] - xemacs21 <no-dsa> (Minor issue)
CVE-2008-1693 (The CairoFont::create function in CairoFontEngine.cc in Poppler, possi ...)
	{DSA-1606-1 DSA-1548-1}
	- xpdf 3.02
	- poppler 0.6.4-1 (bug #476842)
	- kdegraphics <not-affected> (Vulnerable code not present)
	- texlive-bin <not-affected> (code already has the needed fix)
	NOTE: see GfxFont.cc GfxFont::readEmbFontFile, line 362 checks if the font file is
	NOTE: a stream or not. Anyone knows a fixed version?
	- texlive-base <not-affected> (Vulnerable code not present)
	- swftools <not-affected> (Vulnerable file/code not present)
CVE-2008-1692 (Eterm 0.9.4 opens a terminal window on :0 if -display is not specified ...)
	- eterm 0.9.4.0debian1-2.1 (unimportant; bug #473127)
CVE-2008-1691 (Unspecified vulnerability in SLMail.exe in SLMail Pro 6.3.1.0 and earl ...)
	NOT-FOR-US: SLMail Pro
CVE-2008-1690 (WebContainer.exe 1.0.0.336 and earlier in SLMail Pro 6.3.1.0 and earli ...)
	NOT-FOR-US: SLMail Pro
CVE-2008-1689 (Stack consumption vulnerability in WebContainer.exe 1.0.0.336 and earl ...)
	NOT-FOR-US: SLMail Pro
CVE-2008-1688 (Unspecified vulnerability in GNU m4 before 1.4.11 might allow context- ...)
	- m4 <unfixed> (unimportant)
	NOTE: The file name is passed through a cmdline argument and m4 doesn't run with
	NOTE: elevated privileges.
CVE-2008-1687 (The (1) maketemp and (2) mkstemp builtin functions in GNU m4 before 1. ...)
	- m4 <unfixed> (unimportant)
	NOTE: This is more a generic bug and not a security issue: the random output would
	NOTE: need to match the name of an existing macro
CVE-2008-1686 (Array index vulnerability in Speex 1.1.12 and earlier, as used in libf ...)
	{DSA-1586-1 DSA-1585-1 DSA-1584-1 DTSA-127-1 DTSA-128-1 DTSA-129-1}
	- speex 1.2~beta2-1 (medium)
	- libfishsound 0.7.0-2.2 (medium; bug #475152)
	- xine-lib 1.1.12-1 (medium)
CVE-2008-1685
	- gcc-4.3 4.3.1-1 (bug #482698; unimportant)
	NOTE: dup of CVE-2006-1902 which is fixed in Debian?
CVE-2008-1684 (inetd on Sun Solaris 10, when debug logging is enabled, allows local u ...)
	NOT-FOR-US: Sun Solaris
CVE-2008-1683
	REJECTED
CVE-2008-1682 (PHP remote file inclusion vulnerability in quiz/common/db_config.inc.p ...)
	NOT-FOR-US: com_onlineflashquiz component for Joomla!
CVE-2008-1681 (Unspecified vulnerability in IBM DB2 Content Manager before 8.3 FP8 ha ...)
	NOT-FOR-US: IBM DB2IBM DB2
CVE-2008-1680 (PHP-Nuke Platinum 7.6.b.5 allows remote attackers to obtain configurat ...)
	NOT-FOR-US: PHP-Nuke Platinum
CVE-2008-1679 (Multiple integer overflows in imageop.c in Python before 2.5.3 allow c ...)
	{DSA-1620-1 DSA-1551-1}
	- python2.4 2.4.5-2
	- python2.5 2.5.2-3
CVE-2008-1678 (Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c ...)
	{DTSA-131-1}
	- apache2 2.2.8-4
	[etch] - apache2 <not-affected> (only a problem with openssl 0.9.8f or later)
	NOTE: https://issues.apache.org/bugzilla/show_bug.cgi?id=44975
CVE-2008-1677 (Buffer overflow in the regular expression handler in Red Hat Directory ...)
	NOT-FOR-US: Red Hat Directory Server
CVE-2008-1676 (Red Hat PKI Common Framework (rhpki-common) in Red Hat Certificate Sys ...)
	NOT-FOR-US: Red Hat Issue
CVE-2008-1675 (The bdx_ioctl_priv function in the tehuti driver (tehuti.c) in Linux k ...)
	- linux-2.6 2.6.25-2 (low)
	[etch] - linux-2.6 <not-affected> (Tehuti driver not in 2.6.18)
	- linux-2.6.24 2.6.24-6~etchnhalf.2
	NOTE: Fixed in 2.6.24.6 and 2.6.25.1
CVE-2008-1674
	REJECTED
CVE-2008-1673 (The asn1 implementation in (a) the Linux kernel 2.4 before 2.4.36.6 an ...)
	{DSA-1592-1}
	- linux-2.6 2.6.25-5 (bug #485944)
	- linux-2.6.24 2.6.24-6~etchnhalf.3
CVE-2008-1672 (OpenSSL 0.9.8f and 0.9.8g allows remote attackers to cause a denial of ...)
	{DTSA-136-1}
	- openssl 0.9.8g-10.1 (bug #483379)
	[etch] - openssl <not-affected> (Vulnerable code (TLS extensions) not present)
CVE-2008-1671 (start_kdeinit in KDE 3.5.5 through 3.5.9, when installed setuid root,  ...)
	{DSA-1867-1}
	- kdelibs 4:3.5.9.dfsg.1-4 (low; bug #478024)
	[etch] - kdelibs <no-dsa> (Minor issue)
CVE-2008-1670 (Heap-based buffer overflow in the progressive PNG Image loader (decode ...)
	- kdelibs <not-affected> (Vulnerable code introduce in kde 4.0)
	- kde4libs 4:4.0.72-1 (bug #478283)
CVE-2008-1669 (Linux kernel before 2.6.25.2 does not apply a certain protection mecha ...)
	{DSA-1575-1}
	- linux-2.6 2.6.25-2 (low)
	- linux-2.6.24 2.6.24-6~etchnhalf.2
	NOTE: 0b2bac2f1ea0d33a3621b27ca68b9ae760fca2e9, fixed in 2.6.24.7 and 2.6.25.2
CVE-2008-1668 (ftpd.c in (1) wu-ftpd 2.4.2 and (2) ftpd in HP HP-UX B.11.11 assigns u ...)
	NOT-FOR-US: wu-ftpd in HP-UX
CVE-2008-1667 (The Probe Builder Service (aka PBOVISServer.exe) in European Performan ...)
	NOT-FOR-US: Probe Builder 2.2
CVE-2008-1666 (Unspecified vulnerability in HP Oracle for OpenView (OfO) 8.1.7, 9.1.0 ...)
	NOT-FOR-US: HP Oracle for OpenView
CVE-2008-1665 (Multiple unspecified vulnerabilities in HP Select Identity (HPSI) Acti ...)
	NOT-FOR-US: HP Select Identity
CVE-2008-1664 (Unspecified vulnerability in libc on HP HP-UX B.11.23 and B.11.31 allo ...)
	NOT-FOR-US: HP HP-UX
CVE-2008-1663 (Cross-site scripting (XSS) vulnerability in HP System Management Homep ...)
	NOT-FOR-US: HP System Management Homepage
CVE-2008-1662 (Unspecified vulnerability in the HP System Administration Manager (SAM ...)
	NOT-FOR-US: HP System Administration Manager
CVE-2008-1661 (Stack-based buffer overflow in DoubleTake.exe in HP StorageWorks Stora ...)
	NOT-FOR-US: HP StorageWorks
CVE-2008-1660 (Unspecified vulnerability in useradd on HP-UX B.11.11, B.11.23, and B. ...)
	NOT-FOR-US: HP-UX
CVE-2008-1659 (Unspecified vulnerability in HP LDAP-UX vB.04.10 through vB.04.15 allo ...)
	NOT-FOR-US: HP LDAP-UX
CVE-2008-1658 (Format string vulnerability in the grant helper (polkit-grant-helper.c ...)
	- policykit-1 0.8-1 (medium; bug #476615; bug #476616)
CVE-2008-1657 (OpenSSH 4.4 up to versions before 4.9 allows remote authenticated user ...)
	- openssh 1:4.7p1-8 (low; bug #475156)
	[etch] - openssh <not-affected> (Vulnerable functionality was introduced in 4.4)
CVE-2008-1656 (Adobe ColdFusion 8 and 8.0.1 does not properly implement the public ac ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2008-1655 (Unspecified vulnerability in Adobe Flash Player 9.0.115.0 and earlier, ...)
	- flashplugin-nonfree 1:1.4
	[etch] - flashplugin-nonfree <no-dsa> (Contrib not supported)
	NOTE: Fix came from Adobe via new Adobe Flash Player, debian package didn't change
CVE-2008-1654 (Interaction error between Adobe Flash and multiple Universal Plug and  ...)
	- flashplugin-nonfree 1:1.4
	[etch] - flashplugin-nonfree <no-dsa> (Contrib not supported)
CVE-2008-1653 (Directory traversal vulnerability in index.php in Sava's Link Manager  ...)
	NOT-FOR-US: Sava's Link Manager
CVE-2008-1652 (Directory traversal vulnerability in the _serve_request_multiple funct ...)
	- perlbal <not-affected> (Fixed before initial upload to archive)
CVE-2008-1651 (Directory traversal vulnerability in admin/login.php in EasyNews 4.0 a ...)
	NOT-FOR-US: EasyNews
CVE-2008-1650 (SQL injection vulnerability in dynamicpages/index.php in EasyNews 4.0  ...)
	NOT-FOR-US: EasyNews
CVE-2008-1649 (Cross-site scripting (XSS) vulnerability in staticpages/easypublish/in ...)
	NOT-FOR-US: EasyNews
CVE-2008-1648 (Sympa before 5.4 allows remote attackers to cause a denial of service  ...)
	{DSA-1600-1}
	- sympa 5.3.4-4 (medium; bug #475163)
CVE-2008-1647 (The ChilkatHttp.ChilkatHttp.1 and ChilkatHttp.ChilkatHttpRequest.1 Act ...)
	NOT-FOR-US: ChilkatHttp
CVE-2008-1646 (SQL injection vulnerability in wp-download.php in the WP-Download 1.2  ...)
	NOT-FOR-US: WP-Download plugin for WordPress
CVE-2008-1645 (Directory traversal vulnerability in body.php in phpSpamManager (phpSM ...)
	NOT-FOR-US: phpSpamManager
CVE-2008-1644 (SQL injection vulnerability in viewlinks.php in Sava's Link Manager 2. ...)
	NOT-FOR-US: Sava's Link Manager
CVE-2008-1643 (Directory traversal vulnerability in the PXE TFTP Service (PXEMTFTP.ex ...)
	NOT-FOR-US: LANDesk Management Suite
CVE-2008-1642 (Directory traversal vulnerability in index.php in Sava's GuestBook 2.0 ...)
	NOT-FOR-US: Sava's GuestBook
CVE-2008-1641 (SQL injection vulnerability in default.asp in EfesTECH Video 5.0 allow ...)
	NOT-FOR-US: EfesTECH Video
CVE-2008-1640 (SQL injection vulnerability in jgs_treffen.php in the JGS-XA JGS-Treff ...)
	NOT-FOR-US: JGS-Treffen
CVE-2008-1639 (SQL injection vulnerability in index.php in Neat weblog 0.2 allows rem ...)
	NOT-FOR-US: Neat weblog
CVE-2008-1638 (Nik Sharpener Pro, possibly 2.0, uses world-writable permissions for p ...)
	NOT-FOR-US: Nik Sharpener Pro
CVE-2008-1637 (PowerDNS Recursor before 3.1.5 uses insufficient randomness to calcula ...)
	{DSA-1544-2 DSA-1544-1}
	- pdns-recursor 3.1.7-1
	NOTE: Fix in 3.1.5 was incomplete, see CVE-2008-3217
CVE-2008-1636 (Cross-site scripting (XSS) vulnerability in index.php in JV2 Quick Gal ...)
	NOT-FOR-US: JV2 Quick Gallery
CVE-2008-1635 (Directory traversal vulnerability in view_private.php in Keep It Simpl ...)
	NOT-FOR-US: Keep It Simple Guest Book
CVE-2008-1634 (Cross-site scripting (XSS) vulnerability in index.php in JV2 Folder Ga ...)
	NOT-FOR-US: JV2 Folder Gallery
CVE-2008-1633 (Unspecified vulnerability in Mondo Rescue before 2.2.5 has unknown imp ...)
	- mondo 1:2.2.7-1 (bug #475221)
CVE-2008-1632 (Multiple SQL injection vulnerabilities in CuteFlow 2.10.0 allow remote ...)
	- cuteflow <itp> (bug #465372)
CVE-2008-1631 (SQL injection vulnerability in login.php in CuteFlow 1.5.0 and 2.10.0  ...)
	- cuteflow <itp> (bug #465372)
CVE-2008-1630 (Multiple cross-site scripting (XSS) vulnerabilities in CuteFlow 1.5.0  ...)
	- cuteflow <itp> (bug #465372)
CVE-2008-1629 (Cross-site scripting (XSS) vulnerability in PHPkrm before 1.5.0 allows ...)
	NOT-FOR-US: PHPkrm
CVE-2008-1628 (Stack-based buffer overflow in the audit_log_user_command function in  ...)
	{DTSA-123-1}
	- audit 1.5.3-2.1 (medium; bug #475227)
	NOTE: auditd runs as root
CVE-2008-1627 (CDS Invenio 0.92.1 and earlier allows remote authenticated users to de ...)
	NOT-FOR-US: CDS Invenio
CVE-2008-1626 (SQL injection vulnerability in eggBlog before 4.0.1 allows remote atta ...)
	NOT-FOR-US: eggBlog
CVE-2008-1625 (aavmker4.sys in avast! Home and Professional 4.7 for Windows does not  ...)
	NOT-FOR-US: avast! Home and Professional
CVE-2008-1624 (Directory traversal vulnerability in v2demo/page.php in Jshop Server 1 ...)
	NOT-FOR-US: Jshop Server
CVE-2008-1623 (SQL injection vulnerability in admin_view_image.php in Smoothflash all ...)
	NOT-FOR-US: Smoothflash
CVE-2008-1622 (Multiple PHP remote file inclusion vulnerabilities in GeeCarts allow r ...)
	NOT-FOR-US: GeeCarts
CVE-2008-1621 (Multiple cross-site scripting (XSS) vulnerabilities in GeeCarts allow  ...)
	NOT-FOR-US: GeeCarts
CVE-2008-1620 (Directory traversal vulnerability in 2X TFTP service (TFTPd.exe) 3.2.0 ...)
	NOT-FOR-US: ThinClientServer
CVE-2008-1619 (The ssm_i emulation in Xen 5.1 on IA64 architectures allows attackers  ...)
	- xen-3 <not-affected> (Debian Xen does not support ia64)
	- xen-unstable <not-affected> (Debian Xen does not support ia64)
	- xen-3.0 <not-affected> (Debian Xen does not support ia64)
CVE-2008-1618 (The PPTP VPN service in Watchguard Firebox before 10, when performing  ...)
	NOT-FOR-US: Watchguard Firebox
CVE-2008-1617 (Double free vulnerability in Web TransferCtrl Class 8,2,1,4 (iManFile. ...)
	NOT-FOR-US: WorkSite Web
CVE-2008-1616
	RESERVED
CVE-2008-1615 (Linux kernel 2.6.18, and possibly other versions, when running on AMD6 ...)
	{DSA-1588-1}
	- linux-2.6 2.6.25-1 (medium; bug #480390)
	- linux-2.6.24 2.6.24-6~etchnhalf.3
CVE-2008-1614 (suPHP before 0.6.3 allows local users to gain privileges via (1) a rac ...)
	{DSA-1550-1 DTSA-124-1}
	- suphp 0.6.2-2.1 (low; bug #475431)
CVE-2008-1613 (SQL injection vulnerability in ioRD.asp in RedDot CMS 7.5 Build 7.5.0. ...)
	NOT-FOR-US: RedDot CMS
CVE-2008-1612 (The arrayShrink function (lib/Array.c) in Squid 2.6.STABLE17 allows at ...)
	{DSA-1646-2}
	- squid 2.6.18-1 (medium)
CVE-2008-1611 (Stack-based buffer overflow in TFTP Server SP 1.4 for Windows allows r ...)
	NOT-FOR-US: TFTP Server for Windows
CVE-2008-1610 (Stack-based buffer overflow in TallSoft Quick TFTP Server Pro 2.1 allo ...)
	NOT-FOR-US: TFTP Server Pro
CVE-2008-1609 (Multiple PHP remote file inclusion vulnerabilities in just another fla ...)
	NOT-FOR-US: JAF CMS
CVE-2008-1608 (SQL injection vulnerability in postview.php in Clever Copy 3.0 allows  ...)
	NOT-FOR-US: Clever Copy
CVE-2008-1607 (SQL injection vulnerability in haberoku.php in Serbay Arslanhan Bomba  ...)
	NOT-FOR-US: Serbay Arslanhan Bomba Haber
CVE-2008-1606 (Multiple directory traversal vulnerabilities in Elastic Path (EP) 4.1  ...)
	NOT-FOR-US: Elastic Path
CVE-2008-1605 (The (1) ltmmCaptureCtrl Class, (2) ltmmConvertCtrl Class, and (3) ltmm ...)
	NOT-FOR-US: LEADTOOLS
CVE-2008-1604 (Cross-site scripting (XSS) vulnerability in PerlMailer before 3.02 all ...)
	NOT-FOR-US: PerlMailer
CVE-2008-1603 (Cross-site scripting (XSS) vulnerability in GNB DesignForm before 3.9  ...)
	NOT-FOR-US: GNB DesignForm
CVE-2008-1602 (Stack-based buffer overflow in Orbit downloader 2.6.3 and 2.6.4 allows ...)
	NOT-FOR-US: Orbit downloader
CVE-2008-1601 (Stack-based buffer overflow in the reboot program on IBM AIX 5.2 and 5 ...)
	NOT-FOR-US: IBM AIX
CVE-2008-1600 (The lsmcode program on IBM AIX 5.2, 5.3, and 6.1 does not properly han ...)
	NOT-FOR-US: IBM AIX
CVE-2008-1599 (The nddstat programs on IBM AIX 5.2, 5.3, and 6.1 do not properly hand ...)
	NOT-FOR-US: IBM AIX
CVE-2008-1598 (The kernel in IBM AIX 6.1 allows local users with ProbeVue privileges  ...)
	NOT-FOR-US: IBM AIX
CVE-2008-1597 (The WPAR system call implementation in the kernel in IBM AIX 6.1 allow ...)
	NOT-FOR-US: IBM AIX
CVE-2008-1596 (Trusted Execution in IBM AIX 6.1 uses an incorrect pathname argument i ...)
	NOT-FOR-US: IBM AIX
CVE-2008-1595 (The proc filesystem in the kernel in IBM AIX 5.2 and 5.3 does not prop ...)
	NOT-FOR-US: IBM AIX
CVE-2008-1594 (The kernel in IBM AIX 5.2 and 5.3 does not properly handle resizing JF ...)
	NOT-FOR-US: IBM AIX
CVE-2008-1593 (The checkpoint and restart feature in the kernel in IBM AIX 5.2, 5.3,  ...)
	NOT-FOR-US: IBM AIX
CVE-2008-1592 (MQSeries 5.1 in IBM WebSphere MQ 5.1 through 5.3.1 on the HP NonStop a ...)
	NOT-FOR-US: IBM WebSphere
CVE-2008-1591 (The pnVarPrepForStore function in PostNuke 0.764 and earlier skips inp ...)
	NOT-FOR-US: PostNuke
CVE-2008-1590 (JavaScriptCore in WebKit on Apple iPhone before 2.0 and iPod touch bef ...)
	NOT-FOR-US: iPhone
CVE-2008-1589 (Safari on Apple iPhone before 2.0 and iPod touch before 2.0 misinterpr ...)
	NOT-FOR-US: iPhone
CVE-2008-1588 (Safari on Apple iPhone before 2.0 and iPod touch before 2.0 allows rem ...)
	- webkit <not-affected> (mac-specific issue)
	NOTE: http://trac.webkit.org/changeset/23963
	NOTE: as of 1.1.21, all mac-specific code is no longer even present
CVE-2008-1587
	RESERVED
CVE-2008-1586 (ImageIO in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touc ...)
	NOT-FOR-US: Apple ImageIO
CVE-2008-1585 (Apple QuickTime before 7.5 uses the url.dll!FileProtocolHandler handle ...)
	NOT-FOR-US: Apple QuickTime
CVE-2008-1584 (Stack-based buffer overflow in Indeo.qtx in Apple QuickTime before 7.5 ...)
	NOT-FOR-US: Apple QuickTime
CVE-2008-1583 (Heap-based buffer overflow in Apple QuickTime before 7.5 allows remote ...)
	NOT-FOR-US: Apple QuickTime
CVE-2008-1582 (Unspecified vulnerability in Apple QuickTime before 7.5 allows remote  ...)
	NOT-FOR-US: Apple QuickTime
CVE-2008-1581 (Heap-based buffer overflow in Apple QuickTime before 7.5 on Windows al ...)
	NOT-FOR-US: Apple QuickTime
CVE-2008-1580 (CFNetwork in Safari in Apple Mac OS X before 10.5.3 automatically send ...)
	NOT-FOR-US: CFNetwork Safari Apple Mac OS
CVE-2008-1579 (Wiki Server in Apple Mac OS X 10.5 before 10.5.3 allows remote attacke ...)
	NOT-FOR-US: Wiki Server Apple Mac OS
CVE-2008-1578 (The sso_util program in Single Sign-On in Apple Mac OS X before 10.5.3 ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-1577 (Unspecified vulnerability in the Pixlet codec in Apple Pixlet Video in ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-1576 (Mail in Apple Mac OS X before 10.5, when an IPv6 SMTP server is used,  ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-1575 (Unspecified vulnerability in the Apple Type Services (ATS) server in A ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-1574 (Integer overflow in ImageIO in Apple Mac OS X before 10.5.3 allows rem ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-1573 (The BMP and GIF image decoding engine in ImageIO in Apple Mac OS X bef ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-1572 (Image Capture in Apple Mac OS X before 10.5 does not properly use temp ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-1571 (Directory traversal vulnerability in the embedded web server in Image  ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-1566 (Cross-site scripting (XSS) vulnerability in Search.do in ManageEngine  ...)
	NOT-FOR-US: ManageEngine Applications Manager
CVE-2008-1565 (Directory traversal vulnerability in forum/irc/irc.php in the PJIRC 0. ...)
	NOT-FOR-US: PJIRC module for phpBB
CVE-2008-1564 (Directory traversal vulnerability in Dan Costin File Transfer before 1 ...)
	NOT-FOR-US: Dan Costin File Transfer
CVE-2008-1563 (The "decode as" feature in packet-bssap.c in the SCCP dissector in Wir ...)
	- wireshark 1.0.0-1 (low)
	[etch] - wireshark <not-affected> (Only 0.99.6 to 0.99.8 are affected)
CVE-2008-1562 (The LDAP dissector in Wireshark (formerly Ethereal) 0.99.2 through 0.9 ...)
	- wireshark <not-affected> (Only Windows builds are affected according to #1613)
CVE-2008-1561 (Multiple unspecified vulnerabilities in Wireshark (formerly Ethereal)  ...)
	- wireshark 1.0.0-1 (low)
	[etch] - wireshark <not-affected> (Only 0.99.5 to 0.99.8 are affected)
CVE-2008-1560 (Multiple cross-site scripting (XSS) vulnerabilities in Digiappz DigiDo ...)
	NOT-FOR-US: Digiappz DigiDomain
CVE-2008-1559 (SQL injection vulnerability in the Bernard Gilly AlphaContent (com_alp ...)
	NOT-FOR-US: com_alphacontent component for Joomla!
CVE-2008-1558 (Uncontrolled array index in the sdpplin_parse function in stream/realr ...)
	{DSA-1552-1 DTSA-121-1}
	- mplayer 1.0~rc2-10 (medium; bug #473056)
CVE-2008-1557 (BolinOS 4.6.1 allows remote attackers to obtain sensitive information  ...)
	NOT-FOR-US: BolinOS
CVE-2008-1556 (Multiple cross-site scripting (XSS) vulnerabilities in BolinOS 4.6.1 a ...)
	NOT-FOR-US: BolinOS
CVE-2008-1555 (Directory traversal vulnerability in system/_b/contentFiles/gbincluder ...)
	NOT-FOR-US: BolinOS
CVE-2008-1554 (SQL injection vulnerability in account/index.php in TopperMod 2.0, whe ...)
	NOT-FOR-US: TopperMod
CVE-2008-1553 (Directory traversal vulnerability in mod.php in TopperMod 1.0 allows r ...)
	NOT-FOR-US: TopperMod
CVE-2008-1552 (The silc_pkcs1_decode function in the silccrypt library (silcpkcs1.c)  ...)
	- silc-toolkit 1.1.7-1 (low)
	- silc-client <not-affected> (links against libsilc)
	NOTE: this can't result code execution but only in a crash as data_len - i always results
	NOTE: in -1 and malloc will never succeed and thus not reaching any free
CVE-2008-1551 (SQL injection vulnerability in viewcat.php in the Photo 3.02 module fo ...)
	NOT-FOR-US: RunCMS
CVE-2008-1550 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Cu ...)
	NOT-FOR-US: CubeCart
CVE-2008-1549 (Multiple SQL injection vulnerabilities in Aeries Browser Interface (AB ...)
	NOT-FOR-US: Eagle Software Aries Student Information System
CVE-2008-1548 (Multiple cross-site scripting (XSS) vulnerabilities in Aeries Browser  ...)
	NOT-FOR-US: Eagle Software Aries Student Information System
CVE-2008-1547 (Open redirect vulnerability in exchweb/bin/redir.asp in Microsoft Outl ...)
	NOT-FOR-US: Outlook
CVE-2008-1546 (servlet/MIMEReceiveServlet in the web controller for Mitsubishi Electr ...)
	NOT-FOR-US: Mitsubishi Electric GB-50 and GB-50A air-conditioning control systems
CVE-2008-1545 (The setRequestHeader method of the XMLHttpRequest object in Microsoft  ...)
	NOT-FOR-US: Microsoft IE7
CVE-2008-1544 (The setRequestHeader method of the XMLHttpRequest object in Microsoft  ...)
	NOT-FOR-US: Microsoft IE7
CVE-2008-1543 (The Advanced User Interface Pages in the ProST Web Management componen ...)
	NOT-FOR-US: Airspan WiMAX ProST
CVE-2008-1542 (Airspan Base Station Distribution Unit (BSDU) has "topsecret" as its p ...)
	NOT-FOR-US: BSDU
CVE-2008-1541 (Directory traversal vulnerability in cgi-bin/his-webshop.pl in HIS Web ...)
	NOT-FOR-US: HIS Webshop
CVE-2008-1540 (SQL injection vulnerability in the Datsogallery (com_datsogallery) 1.3 ...)
	NOT-FOR-US: com_datsogallery module for Joomla!
CVE-2008-1539 (SQL injection vulnerability in includes/dynamic_titles.php in PHP-Nuke ...)
	NOT-FOR-US: PHP-Nuke Platinum
CVE-2008-1538 (Cross-site scripting (XSS) vulnerability in searchAction.do in ManageE ...)
	NOT-FOR-US: ManageEngine EventLog Analyzer
CVE-2008-1537 (Directory traversal vulnerability in pb_inc/admincenter/index.php in P ...)
	NOT-FOR-US: PowerScripts PowerBook
CVE-2008-1536 (Cross-site scripting (XSS) vulnerability in index.php in Pictures Pro  ...)
	NOT-FOR-US: Photo Cart
CVE-2008-1535 (SQL injection vulnerability in the Matti Kiviharju rekry (aka com_rekr ...)
	NOT-FOR-US: com_rekry component for Joomla!
CVE-2008-1534 (Multiple directory traversal vulnerabilities in PowerPHPBoard 1.00b al ...)
	NOT-FOR-US: PowerPHPBoard
CVE-2008-1533 (Unspecified vulnerability in the XML-RPC Blogger API plugin in Joomla! ...)
	NOT-FOR-US: Joomla!
CVE-2008-1532 (Perlbal before 1.70, when buffered upload is enabled, allows remote at ...)
	- perlbal <not-affected> (Fixed before initial upload to archive)
CVE-2008-1531 (The connection_state_machine function (connections.c) in lighttpd 1.4. ...)
	{DSA-1540-1}
	- lighttpd 1.4.19-2 (low; bug #475438)
CVE-2008-1570 (Race condition in the create_lockpath function in policyd-weight 0.1.1 ...)
	{DSA-1531-2}
	- policyd-weight 0.1.14.17-1 (low)
	NOTE: http://www.mail-archive.com/policyd-weight-list%40ek-muc.de/msg00798.html
CVE-2008-1569 (policyd-weight 0.1.14 beta-16 and earlier allows local users to modify ...)
	{DSA-1531-2}
	- policyd-weight 0.1.14.17-1 (low)
CVE-2008-1568 (comix 3.6.4 allows attackers to execute arbitrary commands via a filen ...)
	- comix 3.6.4-1.1 (low; bug #462840)
	[etch] - comix <no-dsa> (Minor issue)
	NOTE: comix can't be used in a non-interactive setup thus the impact level
CVE-2008-1567 (phpMyAdmin before 2.11.5.1 stores the MySQL (1) username and (2) passw ...)
	{DSA-1557-1}
	- phpmyadmin 2.11.5.1
	NOTE: https://www.phpmyadmin.net/security/PMASA-2008-2/
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/533bb88e32aafc17e754e5ea5e26e9b02b306993
	NOTE: It is a workaround for the limited security that PHP has for
	NOTE: session files on a shared host. This limitation is documented with
	NOTE: PHP, warned against and not a specific vulnerability in phpMyAdmin.
	NOTE: I hence consider it a security enhancement/feature, not a vulnerability.
CVE-2008-1530 (GnuPG (gpg) 1.4.8 and 2.0.8 allows remote attackers to cause a denial  ...)
	- gnupg <not-affected> (Only 1.4.8 is affected)
	NOTE: The next upload was 1.4.9-1, so no vulnerable version was ever in the
	NOTE: archive
	[etch] - gnupg <not-affected> (Only 1.4.8 is affected)
	[sarge] - gnupg <not-affected> (Only 1.4.8 is affected)
	- gnupg2 2.0.9-1 (bug #472928)
	[etch] - gnupg2 <not-affected> (Only 2.0.8 is affected)
	[sarge] - gnupg2 <not-affected> (Only 2.0.8 is affected)
CVE-2008-1529 (ZyXEL Prestige routers have a minimum password length for the admin ac ...)
	NOT-FOR-US: ZyXEL Prestige router firmware
CVE-2008-1528 (ZyXEL Prestige routers, including P-660, P-661, and P-662 models with  ...)
	NOT-FOR-US: ZyXEL Prestige router firmware
CVE-2008-1527 (ZyXEL Prestige routers, including P-660, P-661, and P-662 models with  ...)
	NOT-FOR-US: ZyXEL Prestige router firmware
CVE-2008-1526 (ZyXEL Prestige routers, including P-660, P-661, and P-662 models with  ...)
	NOT-FOR-US: ZyXEL Prestige router firmware
CVE-2008-1525 (The default SNMP configuration on ZyXEL Prestige routers, including P- ...)
	NOT-FOR-US: ZyXEL Prestige router firmware
CVE-2008-1524 (The SNMP service on ZyXEL Prestige routers, including P-660 and P-661  ...)
	NOT-FOR-US: ZyXEL Prestige router firmware
CVE-2008-1523 (ZyXEL Prestige routers, including P-660, P-661, and P-662 models with  ...)
	NOT-FOR-US: ZyXEL Prestige router firmware
CVE-2008-1522 (ZyXEL Prestige routers, including P-660 and P-661 models with firmware ...)
	NOT-FOR-US: ZyXEL Prestige router firmware
CVE-2008-1521 (ZyXEL Prestige routers, including P-660 and P-661 models with firmware ...)
	NOT-FOR-US: ZyXEL Prestige router firmware
CVE-2008-1520
	RESERVED
CVE-2008-1519
	RESERVED
CVE-2008-1518 (Stack-based buffer overflow in kl1.sys in Kaspersky Anti-Virus 6.0 and ...)
	NOT-FOR-US: Kaspersky Anti-Virus
CVE-2008-1517 (Array index error in the xnu (Mach) kernel in Apple Mac OS X 10.5 befo ...)
	NOT-FOR-US: Apple Mac OS X xnu Kernel
CVE-2008-1516
	RESERVED
CVE-2008-1515 (The SOAP interface in OTRS 2.1.x before 2.1.8 and 2.2.x before 2.2.6 a ...)
	- otrs2 2.2.5-2
	[etch] - otrs2 <not-affected> (Vulnerable code not present)
	[etch] - otrs <not-affected> (Vulnerable code not present)
	[sarge] - otrs <not-affected> (Vulnerable code not present)
	NOTE: http://packages.qa.debian.org/o/otrs2/news/20080320T211729Z.html
CVE-2008-1514 (arch/s390/kernel/ptrace.c in Linux kernel 2.6.9, and other versions be ...)
	{DSA-1655-1 DSA-1653-1}
	- linux-2.6 2.6.26-8
	NOTE: s390 specific issue, counterpart for x86 not reproducible with 2.6.24 here
CVE-2008-1513 (SQL injection vulnerability in index.php in Danneo CMS 0.5.1 and earli ...)
	NOT-FOR-US: Danneo CMS
CVE-2008-1512 (Directory traversal vulnerability in admin/admin_xs.php in eXtreme Sty ...)
	NOT-FOR-US: XS module for phpBB
CVE-2008-1511 (Multiple PHP remote file inclusion vulnerabilities in ooComments 1.0 a ...)
	NOT-FOR-US: ooComments
CVE-2008-1510 (Cross-site scripting (XSS) vulnerability in system/workplace/admin/acc ...)
	NOT-FOR-US: Alkacon OpenCMS
CVE-2008-1509 (SQL injection vulnerability in index.php in XLPortal 2.2.4 and earlier ...)
	NOT-FOR-US: XLPortal
CVE-2008-1508 (SQL injection vulnerability in EfesTech E-Kont&#246;r and earlier allo ...)
	NOT-FOR-US: EfesTech E-Kontoer
CVE-2008-1507 (PEEL, possibly 3.x and earlier, has (1) a default info@peel.fr account ...)
	NOT-FOR-US: Peel
CVE-2008-1506 (PEEL, possibly 3.x and earlier, allows remote attackers to obtain conf ...)
	NOT-FOR-US: Peel
CVE-2008-1505 (PHP remote file inclusion vulnerability in the SSTREAMTV custompages ( ...)
	NOT-FOR-US: com_custompages component for Joomla!
CVE-2008-1504 (Cross-site scripting (XSS) vulnerability in setup.php3 in phpHeaven ph ...)
	NOT-FOR-US: phpMyChat
CVE-2008-1503 (Cross-site scripting (XSS) vulnerability in the web management interfa ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2008-1501 (The send_user_mode function in s_user.c in (1) Undernet ircu 2.10.12.1 ...)
	- ircd-ircu <not-affected> (Vulnerable code not present)
	NOTE: vulnerable code introduced later than 2.0.12.10, see: http://hg.quakenet.org/snircd/rev/1ee48bee2f20
	NOTE: no other possible NULL ptr dereferences of p found and PoC not reproducible
CVE-2008-1500 (Cross-site scripting (XSS) vulnerability in index.php in TinyPortal 0. ...)
	NOT-FOR-US: TinyPortal
CVE-2008-1499 (Cross-site scripting (XSS) vulnerability in frontend/x/manpage.html in ...)
	NOT-FOR-US: cPanel
CVE-2008-1498 (Stack-based buffer overflow in the IMAP service in NetWin Surgemail 3. ...)
	NOT-FOR-US: Surgemail
CVE-2008-1497 (Stack-based buffer overflow in the IMAP service in NetWin SurgeMail 38 ...)
	NOT-FOR-US: Surgemail
CVE-2008-1496 (Multiple SQL injection vulnerabilities in PEEL, possibly 3.x and earli ...)
	NOT-FOR-US: PEEL
CVE-2008-1495 (Unrestricted file upload vulnerability in administrer/produits.php in  ...)
	NOT-FOR-US: PEEL
CVE-2008-1494 (SQL injection vulnerability in inc/module/online.php in Easy-Clanpage  ...)
	NOT-FOR-US: Easy-Clanpage
CVE-2008-1493 (Directory traversal vulnerability in login.php in Cuteflow Bin 1.5.0 a ...)
	- cuteflow <itp> (bug #465372)
CVE-2008-1492 (Multiple directory traversal vulnerabilities in CoronaMatrix phpAddres ...)
	NOT-FOR-US: CoronaMatrix
CVE-2008-1491 (Stack-based buffer overflow in the DPC Proxy server (DpcProxy.exe) in  ...)
	NOT-FOR-US: ASUS Remote Console
CVE-2008-1490 (Buffer overflow in a certain Aurigma ActiveX control in ImageUploader4 ...)
	NOT-FOR-US: ImageUploader4
CVE-2008-1489 (Integer overflow in the MP4_ReadBox_rdrf function in libmp4.c for VLC  ...)
	{DSA-1543-1 DTSA-119-1}
	- vlc 0.8.6.e-1.1 (medium; bug #472635)
CVE-2008-1488 (Stack-based buffer overflow in apc.c in Alternative PHP Cache (APC) 3. ...)
	- php-apc <not-affected> (Fixed before initial upload)
CVE-2008-1487 (Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before 1 ...)
	NOT-FOR-US: LinPHA
CVE-2008-1486 (SQL injection vulnerability in Phorum before 5.2.6, when mysql_use_ft  ...)
	NOT-FOR-US: Phorum
CVE-2008-1485 (Cross-site scripting (XSS) vulnerability in PunBB 1.2.16 and earlier a ...)
	NOT-FOR-US: PunBB
CVE-2008-1484 (The password reset feature in PunBB 1.2.16 and earlier uses predictabl ...)
	NOT-FOR-US: PunBB
CVE-2008-1483 (OpenSSH 4.3p2, and probably other versions, allows local users to hija ...)
	{DSA-1576-1}
	- openssh 1:4.7p1-5 (bug #463011)
CVE-2008-1482 (Multiple integer overflows in xine-lib 1.1.11 and earlier allow remote ...)
	{DSA-1586-1 DTSA-120-1}
	- xine-lib 1.1.11.1-1 (medium; bug #472639)
CVE-2008-1481 (Cross-site scripting (XSS) vulnerability in index.php in webSPELL 4.1. ...)
	NOT-FOR-US: webSPELL
CVE-2008-1480 (rpc.metad in Sun Solaris 10 allows remote attackers to cause a denial  ...)
	NOT-FOR-US: Sun Solaris
CVE-2008-1479 (Cross-site scripting (XSS) vulnerability in index.php in cyberfrogs.ne ...)
	NOT-FOR-US: cfnetgs
CVE-2008-1478 (Home FTP Server 1.4.5.89 allows remote attackers to cause a denial of  ...)
	NOT-FOR-US: Home FTP Server
CVE-2008-1477 (Multiple cross-site scripting (XSS) vulnerabilities in busca.php in eF ...)
	NOT-FOR-US: eForum
CVE-2008-1475 (The xml-rpc server in Roundup 1.4.4 does not check property permission ...)
	- roundup 1.4.4-1.1 (medium; bug #484728)
	[etch] - roundup <not-affected> (xml-rpc code introduced in 1.4.0)
CVE-2008-1474 (Multiple unspecified vulnerabilities in Roundup before 1.4.4 have unkn ...)
	{DSA-1554-1}
	- roundup 1.3.3-3.1 (low; bug #472643)
CVE-2008-1473 (The Altiris Client Service (AClient.exe) in Symantec Altiris Deploymen ...)
	NOT-FOR-US: Symantec Altiris
CVE-2008-1472 (Stack-based buffer overflow in the ListCtrl ActiveX Control (ListCtrl. ...)
	NOT-FOR-US: ARCserve Backup
CVE-2008-1471 (The cpoint.sys driver in Panda Internet Security 2008 and Antivirus+ F ...)
	NOT-FOR-US: Panda Internet Security/Antivirus+ Firewall
CVE-2008-1470 (Incomplete blacklist vulnerability in IISWebAgentIF.dll in the WebID R ...)
	NOT-FOR-US: WebID RSA Authentication Agent
CVE-2008-1469 (Gallarific Free Edition 1.1 does not require authentication for (1) ph ...)
	NOT-FOR-US: Gallarific
CVE-2008-1468 (Cross-site scripting (XSS) vulnerability in namazu.cgi in Namazu befor ...)
	- namazu2 2.0.18-0.1 (low; bug #472644)
CVE-2008-1467
	- centerim 4.22.3-1 (unimportant; bug #472649)
	NOTE: the victim needs to list the URLs in the message with F2 and press enter on it
	NOTE: the victim can see the complete URL including the commands however so the impact is really low
CVE-2008-1466 (Multiple PHP remote file inclusion vulnerabilities in W-Agora 4.0 allo ...)
	NOT-FOR-US: W-Agora
CVE-2008-1465 (SQL injection vulnerability in the Detodas Restaurante (com_restaurant ...)
	NOT-FOR-US: com_restaurante component for Mambo and Joomla!
CVE-2008-1464 (Multiple SQL injection vulnerabilities in Gallarific Free Edition 1.1  ...)
	NOT-FOR-US: Gallarific
CVE-2008-1463 (Cross-site scripting (XSS) vulnerability in the management GUI in Impe ...)
	NOT-FOR-US: Imperva SecureSphere MX Management Server
CVE-2008-1462 (SQL injection vulnerability in the sections (Section) module in RunCMS ...)
	NOT-FOR-US: RunCMS
CVE-2008-1461 (Buffer overflow in XnView 1.92.1 allows user-assisted remote attackers ...)
	NOT-FOR-US: XnView
CVE-2008-1460 (SQL injection vulnerability in the Joovideo (com_joovideo) 1.0 and 1.2 ...)
	NOT-FOR-US: com_joovideo component for Mambo and Joomla!
CVE-2008-1459 (SQL injection vulnerability in the Alberghi (com_alberghi) 2.1.3 and e ...)
	NOT-FOR-US: com_alberghi component for Mambo and Joomla!
CVE-2008-1458 (Cross-site scripting (XSS) vulnerability in index.php in CS-Cart 1.3.2 ...)
	NOT-FOR-US: CS-Cart
CVE-2008-1457 (The Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server ...)
	NOT-FOR-US: Microsoft Windows 2000
CVE-2008-1456 (Array index vulnerability in the Event System in Microsoft Windows 200 ...)
	NOT-FOR-US: Microsoft Windows 2000
CVE-2008-1455 (A "memory calculation error" in Microsoft Office PowerPoint 2000 SP3,  ...)
	NOT-FOR-US: Microsoft Office PowerPoint
CVE-2008-1454 (Unspecified vulnerability in Microsoft DNS in Windows 2000 SP4, Server ...)
	NOT-FOR-US: Windows issue
CVE-2008-1453 (The Bluetooth stack in Microsoft Windows XP SP2 and SP3, and Vista Gol ...)
	NOT-FOR-US: Windows Xp
CVE-2008-1452
	REJECTED
CVE-2008-1451 (The WINS service on Microsoft Windows 2000 SP4, and Server 2003 SP1 an ...)
	NOT-FOR-US: Microsoft Windows
CVE-2008-1450
	REJECTED
CVE-2008-1449
	REJECTED
CVE-2008-1448 (The MHTML protocol handler in a component of Microsoft Outlook Express ...)
	NOT-FOR-US: Microsoft Outlook Express
CVE-2008-1447 (The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1,  ...)
	{DSA-1605-1 DSA-1604-1 DSA-1623-1 DSA-1619-1 DSA-1617-1 DSA-1603-1 DTSA-147-1}
	- bind9 1:9.5.0.dfsg-5 (high)
	NOTE: glibc stub resolver relies on source port randomisation in kernel
	- dnsmasq 2.43-1 (medium; bug #490123)
	- refpolicy 2:0.0.20080702-1
	- pdnsd 1.2.6-par-11 (bug #502275)
	- python-dns 2.3.1-5 (low; bug #490217)
	- dnspython <unfixed> (unimportant; bug #492465)
	NOTE: Just a stub resolver Linux kernel provides source port randomisation
	- adns 1.4-2 (unimportant; bug #492698)
	NOTE: adns is not suitable to use with untrusted responses, documented in README.Debian
	- udns 0.2-1 (bug #493599)
	- libnet-dns-perl 0.63-2 (low; bug #492700)
	NOTE: Source port randomization from Lenny kernel should provide sufficient protection
	NOTE: since this is just a Perl nodule for DNS queries and not a high-profile server app like
	NOTE: Bind, it's unlikely that a home-grown fix will provide an implementation of higher
	NOTE: cryptographical quality. Marking the version from Lenny as fixed, since Lenny includes
	NOTE: a kernel which provides source port randomization
	- ruby1.9 1.9.0.2-6 (low)
	NOTE: Unbound, djbdns, pdnsd and PowerDNS are affected by the underlying protocol issue, but
	NOTE: already use source port randomization.
	NOTE: Marking non-caching stub resolvers as low since these really should be fixed,
	NOTE: but are much less vulnerable than a caching server.
CVE-2008-1446 (Integer overflow in the Internet Printing Protocol (IPP) ISAPI extensi ...)
	NOT-FOR-US: Microsoft
CVE-2008-1445 (Active Directory on Microsoft Windows 2000 Server SP4, XP Professional ...)
	NOT-FOR-US: Microsoft Windows
CVE-2008-1444 (Stack-based buffer overflow in Microsoft DirectX 7.0 and 8.1 on Window ...)
	NOT-FOR-US: Microsoft Windows
CVE-2008-1443
	REJECTED
CVE-2008-1442 (Heap-based buffer overflow in the substringData method in Microsoft In ...)
	NOT-FOR-US: Microsoft Windows
CVE-2008-1441 (Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2008-1440 (Microsoft Windows XP SP2 and SP3, and Server 2003 SP1 and SP2, does no ...)
	NOT-FOR-US: Microsoft Windows
CVE-2008-1439
	REJECTED
CVE-2008-1438 (Unspecified vulnerability in Microsoft Malware Protection Engine (mpen ...)
	NOT-FOR-US: Microsoft Malware Protection Engine
CVE-2008-1437 (Unspecified vulnerability in Microsoft Malware Protection Engine (mpen ...)
	NOT-FOR-US: Microsoft Malware Protection Engine
CVE-2008-1436 (Microsoft Windows XP Professional SP2, Vista, and Server 2003 and 2008 ...)
	NOT-FOR-US: Windows
CVE-2008-1435 (Windows Explorer in Microsoft Windows Vista up to SP1, and Server 2008 ...)
	NOT-FOR-US: Windows issue
CVE-2008-1434 (Use-after-free vulnerability in Microsoft Word in Office 2000 and XP S ...)
	NOT-FOR-US: Microsoft Word
CVE-2008-1433
	REJECTED
CVE-2008-1432 (Cross-site scripting (XSS) vulnerability in SolutionSearch.do in Manag ...)
	NOT-FOR-US: ManageEngine SupportCenter Plus
CVE-2008-1431 (RaidSonic NAS-4220-B with 2.6.0-n(2007-10-11) firmware stores a partit ...)
	NOT-FOR-US: RaidSonic NAS-4220-B firmware
CVE-2008-1430 (SQL injection vulnerability in links.asp in ASPapp allows remote attac ...)
	NOT-FOR-US: ASPapp
CVE-2008-1429 (Secure Internet Live Conferencing (SILC) Server before 1.1.1 allows re ...)
	- silc-server 1.1.1-1 (medium)
CVE-2008-1428 (Multiple cross-site scripting (XSS) vulnerabilities in the Ubercart 5. ...)
	NOT-FOR-US: Ubercart
CVE-2008-1427 (SQL injection vulnerability in the Joobi Acajoom (com_acajoom) 1.1.5 a ...)
	NOT-FOR-US: com_acajoom component for Joomla!
CVE-2008-1426 (SQL injection vulnerability in album.asp in KAPhotoservice allows remo ...)
	NOT-FOR-US: KAPhotoservice
CVE-2008-1425 (SQL injection vulnerability in index.php in the gallery module in Easy ...)
	NOT-FOR-US: Easy-Clanpage
CVE-2008-1424
	RESERVED
CVE-2008-1423 (Integer overflow in a certain quantvals and quantlist calculation in X ...)
	{DSA-1591-1}
	- libvorbisidec 1.0.2+svn18153-0.1 (bug #669196)
	[squeeze] - libvorbisidec <no-dsa> (Minor issue, no dev-deps)
	- libvorbis 1.2.0.dfsg-3.1 (bug #482518)
CVE-2008-1422
	REJECTED
CVE-2008-1421
	REJECTED
CVE-2008-1420 (Integer overflow in residue partition value (aka partvals) evaluation  ...)
	{DSA-1591-1}
	- libvorbisidec <not-affected> (Vulnerable code not present)
	- libvorbis 1.2.0.dfsg-3.1 (bug #482518)
CVE-2008-1419 (Xiph.org libvorbis 1.2.0 and earlier does not properly handle a zero v ...)
	{DSA-1591-1}
	- libvorbisidec 1.0.2+svn18153-0.1 (bug #669196)
	[squeeze] - libvorbisidec <no-dsa> (Minor issue, no dev-deps)
	- libvorbis 1.2.0.dfsg-3.1 (bug #482518)
CVE-2008-1418
	RESERVED
CVE-2008-1416 (Multiple PHP remote file inclusion vulnerabilities in PHPauction GPL 2 ...)
	NOT-FOR-US: PHPauction GPL
CVE-2008-1415 (Directory traversal vulnerability in index.php in Multiple Time Sheets ...)
	NOT-FOR-US: Multiple Time Sheets
CVE-2008-1414 (Cross-site scripting (XSS) vulnerability in Multiple Time Sheets (MTS) ...)
	NOT-FOR-US: Multiple Time Sheets
CVE-2008-1413 (Cross-site scripting (XSS) vulnerability in search.php in SNewsCMS Rus ...)
	NOT-FOR-US: SNewsCMS Rus
CVE-2008-1412 (Unspecified vulnerability in multiple F-Secure anti-virus products, in ...)
	NOT-FOR-US: F-Secure anti-virus
CVE-2008-1411 (The PXE Server (pxesrv.exe) in Acronis Snap Deploy 2.0.0.1076 and earl ...)
	NOT-FOR-US: Acronis Snap Deploy
CVE-2008-1410 (Directory traversal vulnerability in the PXE Server (pxesrv.exe) in Ac ...)
	NOT-FOR-US: Acronis Snap Deploy
CVE-2008-1409 (Multiple directory traversal vulnerabilities in the Default theme in E ...)
	NOT-FOR-US: Exero CMS
CVE-2008-1408 (SQL injection vulnerability in includes/functions/banners-external.php ...)
	NOT-FOR-US: phpBP
CVE-2008-1407 (SQL injection vulnerability in index.php in the WebChat 1.60 module fo ...)
	NOT-FOR-US: WebChat module for eXV2
CVE-2008-1406 (SQL injection vulnerability in annonces-p-f.php in the MyAnnonces 1.8  ...)
	NOT-FOR-US: MyAnnonces
CVE-2008-1405 (PHP remote file inclusion vulnerability in code/display.php in fuzzyli ...)
	NOT-FOR-US: fuzzylime
CVE-2008-1404 (SQL injection vulnerability in index.php in the Viso (Industry Book) 2 ...)
	NOT-FOR-US: Viso module for eXV2
CVE-2008-1403 (Stack-based buffer overflow in the TFTP server in BootManage TFTPD 1.9 ...)
	NOT-FOR-US: BootManage TFTPD
CVE-2008-1402 (MG-SOFT Net Inspector 6.5.0.828 and earlier for Windows allows remote  ...)
	NOT-FOR-US: MG-SOFT Net Inspector
CVE-2008-1401 (Format string vulnerability in the Net Inspector HTTP server (mghttpd) ...)
	NOT-FOR-US: MG-SOFT Net Inspector
CVE-2008-1400 (Directory traversal vulnerability in the Net Inspector HTTP Server (mg ...)
	NOT-FOR-US: MG-SOFT Net Inspector
CVE-2008-1399 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Cl ...)
	NOT-FOR-US: Clansphere
CVE-2008-1398 (SQL injection vulnerability in online.php in AuraCMS 2.0 through 2.2.1 ...)
	NOT-FOR-US: AuraCMS
CVE-2008-1397 (Check Point VPN-1 Power/UTM, with NGX R60 through R65 and NG AI R55 so ...)
	NOT-FOR-US: Check Point VPN
CVE-2008-1396 (Plone CMS 3.x uses invariant data (a client username and a server secr ...)
	- plone3 <removed> (low; bug #473571)
	[lenny] - plone3 <no-dsa> (Only an issue if not following best practices, see bug #473571)
CVE-2008-1395 (Plone CMS does not record users' authentication states, and implements ...)
	- plone3 <removed> (low; bug #473571)
	[lenny] - plone3 <no-dsa> (Only an issue if not following best practices, see bug #473571)
CVE-2008-1394 (Plone CMS before 3 places a base64 encoded form of the username and pa ...)
	- zope-cmfplone <removed>
	[etch] - zope-cmfplone <no-dsa> (low)
	NOTE: doesn't apply to v3
	NOTE: more a security enhancement
CVE-2008-1393 (Plone CMS 3.0.5, and probably other 3.x versions, places a base64 enco ...)
	- plone3 <removed> (low; bug #473571; bug #486333)
	[lenny] - plone3 <no-dsa> (Only an issue if not following best practices, see bug #473571)
CVE-2008-1392 (The default configuration of VMware Workstation 6.0.2, VMware Player 2 ...)
	- vmware-package <removed> (low; bug #486177)
	[etch] - vmware-package <no-dsa> (Contrib not supported)
	NOTE: vmware-package just builds vmware from downloaded tarballs, the package itself
	NOTE: does not download them, however it needs to update its hashes for upstream tarballs
CVE-2008-1476 (Cross-site scripting (XSS) vulnerability in Serendipity (S9Y) before 1 ...)
	{DSA-1528-1}
	- serendipity 1.3-1
	NOTE: http://blog.s9y.org/archives/192-Serendipity-1.3-released-addresses-security.html
CVE-2008-1502 (The _bad_protocol_once function in phpgwapi/inc/class.kses.inc.php in  ...)
	{DSA-1871-2 DSA-1871-1 DSA-1691-1}
	- egroupware 1.4.002.dfsg-2.1 (bug #471839)
	- wordpress 2.5.0-1 (bug #504243)
	- moodle 1.8.2-1.3 (bug #489533)
CVE-2008-1391 (Multiple integer overflows in libc in NetBSD 4.x, FreeBSD 6.x and 7.x, ...)
	{DSA-2058-1}
	- kfreebsd-6 <not-affected> (see bug #483152)
	- kfreebsd-7 <not-affected> (see bug #483152)
	- glibc 2.11-1 (low)
	- eglibc 2.11-1 (low)
	[lenny] - glibc <no-dsa> (minor issue)
	NOTE: not sure if it is a security bug, an attacker should not be able to change the format string
	NOTE: http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=199eb0de8d
	NOTE: http://sourceware.org/bugzilla/show_bug.cgi?id=10600
	NOTE: PoC php -r 'money_format("%.1073741821i",1);' I can reproduce on 32bit, not 64bit
CVE-2008-1390 (The AsteriskGUI HTTP server in Asterisk Open Source 1.4.x before 1.4.1 ...)
	- asterisk 1:1.4.19.1~dfsg-1 (low)
	[etch] - asterisk <not-affected> (Only 1.4.x affected)
	[sarge] - asterisk <not-affected> (Only 1.4.x affected)
CVE-2008-1389 (libclamav/chmunpack.c in the chm-parser in ClamAV before 0.94 allows r ...)
	- clamav 0.94.dfsg-1
	[etch] - clamav <not-affected> (parsing does not continue on error)
	NOTE: see <20081203184852.GB30968@l03.local>
CVE-2008-1388
	RESERVED
CVE-2008-1387 (ClamAV before 0.93 allows remote attackers to cause a denial of servic ...)
	- clamav 0.92.1~dfsg2-1
	[etch] - clamav <not-affected> (Vulnerable code not present)
CVE-2008-1386 (Multiple cross-site scripting (XSS) vulnerabilities in the installer i ...)
	- serendipity <not-affected> (Vulnerable code not present)
	NOTE: we do not ship the serendipity installer
CVE-2008-1385 (Cross-site scripting (XSS) vulnerability in the Top Referrers (aka ref ...)
	- serendipity 1.3.1-1 (low)
	NOTE: etch affected, but only in specific plugin.
CVE-2008-1384 (Integer overflow in PHP 5.2.5 and earlier allows context-dependent att ...)
	{DSA-1572-1 DTSA-135-1}
	- php5 5.2.6-1
	NOTE: http://securityreason.com/achievement_securityalert/52
	NOTE: Only exploitable through malicious script
	NOTE: http://cvs.php.net/viewvc.cgi/php-src/ext/standard/formatted_print.c?r1=1.104&r2=1.105&diff_format=u
CVE-2008-1383 (The docert function in ssl-cert.eclass, when used by src_compile or sr ...)
	NOT-FOR-US: Gentoo Linux Ebuilds
CVE-2008-1382 (libpng 1.0.6 through 1.0.32, 1.2.0 through 1.2.26, and 1.4.0beta01 thr ...)
	- libpng 1.2.26-1 (low; bug #476669)
	NOTE: 1.2.26-1 contains a patch to fix that
	[etch] - libpng 1.2.15~beta5-1+etch2
CVE-2008-1381 (ZoneMinder before 1.23.3 allows remote authenticated users, and possib ...)
	{DTSA-130-1}
	- zoneminder 1.23.3-1 (medium; bug #479034)
	NOTE: http://www.awe.com/mark/blog/200804272230.html
CVE-2008-1380 (The JavaScript engine in Mozilla Firefox before 2.0.0.14, Thunderbird  ...)
	{DSA-1696-1 DSA-1562-1 DSA-1558-1 DSA-1555-1}
	- iceweasel 2.0.0.14-1
	- icedove 2.0.0.14-1
	- iceape 1.1.9-2
	- xulrunner 1.8.1.14-1
CVE-2008-1379 (Integer overflow in the fbShmPutImage function in the MIT-SHM extensio ...)
	{DSA-1595-1 DTSA-141-1}
	- xorg-server 2:1.4.1~git20080517-2
CVE-2008-1378
	REJECTED
CVE-2008-1377 (The (1) SProcRecordCreateContext and (2) SProcRecordRegisterClients fu ...)
	{DSA-1595-1 DTSA-141-1}
	- xorg-server 2:1.4.1~git20080517-2
CVE-2008-1376 (A certain Red Hat build script for nfs-utils before 1.0.9-35z.el5_2 on ...)
	NOT-FOR-US: Red Hat build script
CVE-2008-1375 (Race condition in the directory notification subsystem (dnotify) in Li ...)
	{DSA-1565-1}
	- linux-2.6 2.6.25-2 (low)
	- linux-2.6.24 2.6.24-6~etchnhalf.2
CVE-2008-1374 (Integer overflow in pdftops filter in CUPS in Red Hat Enterprise Linux ...)
	- cupsys <not-affected> (Redhat-specific incomplete patch, upstream patch is complete)
	- cups <not-affected> (Redhat-specific incomplete patch, upstream patch is complete)
CVE-2008-1373 (Buffer overflow in the gif_read_lzw function in CUPS 1.3.6 allows remo ...)
	{DSA-1625-1 DTSA-122-1}
	- cupsys 1.3.7-1 (medium)
	- cups 1.3.7-1 (medium)
CVE-2008-1372 (bzlib.c in bzip2 before 1.0.5 allows user-assisted remote attackers to ...)
	- bzip2 1.0.5-0.1 (low; bug #471670)
	[etch] - bzip2 <no-dsa> (Pure crasher, no code injection, mostly a regular bug)
CVE-2008-1371 (Absolute path traversal vulnerability in install/index.php in Drake CM ...)
	NOT-FOR-US: Drake CMS
CVE-2008-1370 (PHP remote file inclusion vulnerability in index.php in wildmary Yap B ...)
	NOT-FOR-US: wildmary Yap Blog
CVE-2008-1369 (A certain incorrect Sun Solaris 10 image on SPARC Enterprise T5120 and ...)
	NOT-FOR-US: Sun Solaris
CVE-2008-1368 (CRLF injection vulnerability in Microsoft Internet Explorer 5 and 6 al ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-1367 (gcc 4.3.x does not generate a cld instruction while compiling function ...)
	- linux-2.6 2.6.24-5 (bug #469058)
	[etch] - linux-2.6 <not-affected> (Only exposed with GCC 4.3)
	- kfreebsd-6 6.3-4 (bug #469564)
	- kfreebsd-7 7.0-2 (bug #469565)
	- gcc-4.3 4.3.0-2 (bug #469567)
	- glibc 2.7-8 (bug #465583)
	[etch] - glibc <not-affected> (Problem only exposed with GCC 4.3)
CVE-2008-1366 (Trend Micro OfficeScan Corporate Edition 8.0 Patch 2 build 1189 and ea ...)
	NOT-FOR-US: Trend Micro OfficeScan Corporate Edition
CVE-2008-1365 (Stack-based buffer overflow in Trend Micro OfficeScan Corporate Editio ...)
	NOT-FOR-US: Trend Micro OfficeScan Corporate Edition
CVE-2008-1364 (Unspecified vulnerability in the DHCP service in VMware Workstation 5. ...)
	- vmware-package <removed> (low; bug #486177)
	[etch] - vmware-package <no-dsa> (Contrib not supported)
	NOTE: vmware-package just builds vmware from downloaded tarballs, the package itself
	NOTE: does not download them, however it needs to update its hashes for upstream tarballs
CVE-2008-1363 (VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware P ...)
	- vmware-package <not-affected> (Only vulnerable on windows hosted systems)
CVE-2008-1362 (VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware P ...)
	- vmware-package <not-affected> (Only vulnerable on windows hosted systems)
CVE-2008-1361 (VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware P ...)
	- vmware-package <not-affected> (Only vulnerable on windows hosted systems)
CVE-2008-1359 (Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB  ...)
	NOT-FOR-US: Invision Power Board
CVE-2008-1358 (Stack-based buffer overflow in the IMAP server in Alt-N Technologies M ...)
	NOT-FOR-US: MDaemon
CVE-2008-1357 (Format string vulnerability in the logDetail function of applib.dll in ...)
	NOT-FOR-US: McAfee Common Management Agent
CVE-2008-1356 (Unspecified vulnerability in xscreensaver in Sun Solaris 10 Java Deskt ...)
	NOT-FOR-US: Sun Solaris
CVE-2008-1355 (Cross-site scripting (XSS) vulnerability in index.php in Jeebles Techn ...)
	NOT-FOR-US: Jeebles Directory
CVE-2008-1354 (SQL injection vulnerability in MyIssuesView.asp in Advanced Data Solut ...)
	NOT-FOR-US: VSO-XP
CVE-2008-1353 (zabbix_agentd in ZABBIX 1.4.4 allows remote attackers to cause a denia ...)
	- zabbix 1:1.4.5-1 (low; bug #471678)
	[etch] - zabbix <no-dsa> (Minor issue)
CVE-2008-1352 (Directory traversal vulnerability in search.php in EdiorCMS (ecms) 3.0 ...)
	NOT-FOR-US: EdiorCMS
CVE-2008-1351 (SQL injection vulnerability in the Tutorials 2.1b module for XOOPS all ...)
	NOT-FOR-US: Tutorials module for XOOPS
CVE-2008-1350 (SQL injection vulnerability in kb.php in Fully Modded phpBB (phpbbfm)  ...)
	NOT-FOR-US: Fully Modded phpBB
CVE-2008-1349 (SQL injection vulnerability in viewcat.php in the bamaGalerie (Bama Ga ...)
	NOT-FOR-US: bamaGalerie
CVE-2008-1348 (Cross-site scripting (XSS) vulnerability in index.php in the eWebsite  ...)
	NOT-FOR-US: eWeather module for PHP-Nuke
CVE-2008-1347 (Multiple cross-site scripting (XSS) vulnerabilities in staticpages/eas ...)
	NOT-FOR-US: MyioSoft EasyGallery
CVE-2008-1346 (SQL injection vulnerability in staticpages/easygallery/index.php in My ...)
	NOT-FOR-US: MyioSoft EasyGallery
CVE-2008-1345 (Cross-site scripting (XSS) vulnerability in plugins/calendar/calendar_ ...)
	NOT-FOR-US: MyioSoft EasyCalendar
CVE-2008-1344 (Multiple SQL injection vulnerabilities in MyioSoft EasyCalendar 4.0tr  ...)
	NOT-FOR-US: MyioSoft EasyCalendar
CVE-2008-1343 (Directory traversal vulnerability in (1) pkgadd and (2) pkgrm in SCO U ...)
	NOT-FOR-US: SCO Unixware
CVE-2008-1342 (Multiple cross-site scripting (XSS) vulnerabilities in the search feat ...)
	NOT-FOR-US: Polymita BPM-Suite and CollagePortal
CVE-2008-1341 (SQL injection vulnerability in SearchResults.aspx in LaGarde StoreFron ...)
	NOT-FOR-US: LaGarde StoreFront
CVE-2008-1340 (Virtual Machine Communication Interface (VMCI) in VMware Workstation 6 ...)
	- vmware-package <removed> (low; bug #486177)
	[etch] - vmware-package <no-dsa> (Contrib not supported)
	NOTE: vmware-package just builds vmware from downloaded tarballs, the package itself
	NOTE: does not download them, however it needs to update its hashes for upstream tarballs
CVE-2008-1339
	RESERVED
CVE-2008-1338 (The Perforce service (p4s.exe) in Perforce Server 2007.3/143793 and ea ...)
	NOT-FOR-US: Perforce Server
CVE-2008-1337 (The instant message service in Timbuktu Pro 8.6.5 RC 229 and earlier f ...)
	NOT-FOR-US: Timbuktu Pro for Windows
CVE-2008-1336 (SQL injection vulnerability in Koobi CMS 4.2.3 through 4.3.0 allows re ...)
	NOT-FOR-US: Koobi CMS
CVE-2008-1335 (The ipsec4_get_ulp function in the kernel in NetBSD 2.0 through 3.1 an ...)
	NOT-FOR-US: NetBSD
CVE-2008-1334 (cgi/b on the BT Home Hub router allows remote attackers to bypass auth ...)
	NOT-FOR-US: BT Home Hub router
CVE-2008-1333 (Format string vulnerability in Asterisk Open Source 1.6.x before 1.6.0 ...)
	{DSA-1525-1}
	- asterisk 1:1.4.18.1~dfsg-1 (medium)
	NOTE: Etch's release is unimportant, since not exploitable, but was fixed anyway
	[sarge] - asterisk <not-affected> (Only 1.6.x affected)
CVE-2008-1332 (Unspecified vulnerability in Asterisk Open Source 1.2.x before 1.2.27, ...)
	{DSA-1525-1}
	- asterisk 1:1.4.18.1~dfsg-1 (medium)
CVE-2008-1331 (cgi-data/FastJSData.cgi in OmniPCX Office with Internet Access service ...)
	NOT-FOR-US: OmniPCX Office
CVE-2008-1330 (Unspecified vulnerability in the Windows client API in Novell GroupWis ...)
	NOT-FOR-US: Novell Groupwise
CVE-2008-1329 (Unspecified vulnerability in the NetBackup service in CA ARCserve Back ...)
	NOT-FOR-US: CA ARCserve
CVE-2008-1328 (Buffer overflow in the LGServer service in CA ARCserve Backup for Lapt ...)
	NOT-FOR-US: CA ARCserve
CVE-2008-1327 (Gallarific does not require authentication for (1) users.php and (2) i ...)
	NOT-FOR-US: Gallarific
CVE-2008-1326 (Cross-site scripting (XSS) vulnerability in search.php in Gallarific a ...)
	NOT-FOR-US: Gallarific
CVE-2008-1325 (Multiple directory traversal vulnerabilities in index.php in Uberghey  ...)
	NOT-FOR-US: Uberghey CMS
CVE-2008-1324 (Multiple directory traversal vulnerabilities in index.php in Travelsiz ...)
	NOT-FOR-US: Travelsized CMS
CVE-2008-1323 (Cross-site request forgery (CSRF) vulnerability in index.php in WoltLa ...)
	NOT-FOR-US: WoltLab Burning Board
CVE-2008-1322 (The File Check Utility (fcheck.exe) in ASG-Sentry Network Manager 7.0. ...)
	NOT-FOR-US: ASG-Sentry Network Manager
CVE-2008-1321 (The FxIAList service in ASG-Sentry Network Manager 7.0.0 and earlier d ...)
	NOT-FOR-US: ASG-Sentry Network Manager
CVE-2008-1320 (Multiple buffer overflows in ASG-Sentry Network Manager 7.0.0 and earl ...)
	NOT-FOR-US: ASG-Sentry Network Manager
CVE-2008-1319 (Untrusted search path and argument injection vulnerability in the Vers ...)
	NOT-FOR-US: Versant Object Database
CVE-2008-1317 (Unspecified vulnerability in the Inter-Process Communication (IPC) mes ...)
	NOT-FOR-US: Sun Solaris
CVE-2008-1316 (SQL injection vulnerability in qtf_ind_search_ov.php in QT-cute QuickT ...)
	NOT-FOR-US: QuickTalk Forum
CVE-2008-1315 (SQL injection vulnerability in the ZClassifieds module for PHP-Nuke al ...)
	NOT-FOR-US: ZClassifieds module for PHP-Nuke
CVE-2008-1314 (SQL injection vulnerability in the Johannes Hass gaestebuch 2.2 module ...)
	NOT-FOR-US: Johannes Hass gaestebuch
CVE-2008-1313 (Multiple SQL injection vulnerabilities in index.php in Bloo 1.00 and e ...)
	NOT-FOR-US: Bloo
CVE-2008-1312 (Unspecified vulnerability in the TFTP server in PacketTrap Networks pt ...)
	NOT-FOR-US: PacketTrap Networks Tool Suite
CVE-2008-1311 (The TFTP server in PacketTrap pt360 Tool Suite PRO 2.0.3901.0 and earl ...)
	NOT-FOR-US: PacketTrap Networks Tool Suite
CVE-2008-1310 (Directory traversal vulnerability in the TFTP server in PacketTrap Net ...)
	NOT-FOR-US: PacketTrap Networks Tool Suite
CVE-2008-1309 (The RealAudioObjects.RealAudio ActiveX control in rmoc3260.dll in Real ...)
	NOT-FOR-US: RealPlayer
CVE-2008-1308 (SQL injection vulnerability in the Sudirman Angriawan NukeC30 3.0 modu ...)
	NOT-FOR-US: NukeC30 module for PHP-Nuke
CVE-2008-1307 (Heap-based buffer overflow in the KUpdateObj2 Class ActiveX control in ...)
	NOT-FOR-US: KingSoft Antivirus
CVE-2008-1306 (Multiple cross-site scripting (XSS) vulnerabilities in Savvy Content M ...)
	NOT-FOR-US: Savvy Content Manager
CVE-2008-1305 (SQL injection vulnerability in filebase.php in the Filebase mod for ph ...)
	NOT-FOR-US: Filebase mod for phpBb
CVE-2008-1304 (Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.3.2 ...)
	- wordpress <not-affected> (Vulnerable code not present)
	NOTE: referring to upstream this only affected wordpress.com and not the regular wordpress code
CVE-2008-1303 (The Perforce service (p4s.exe) in Perforce Server 2007.3/143793 and ea ...)
	NOT-FOR-US: Perforce Server
CVE-2008-1302 (The Perforce service (p4s.exe) in Perforce Server 2007.3/143793 and ea ...)
	NOT-FOR-US: Perforce Server
CVE-2008-1301 (Absolute path traversal vulnerability in system/workplace/admin/workpl ...)
	NOT-FOR-US: Alkacon OpenCms
CVE-2008-1300 (Cross-site scripting (XSS) vulnerability in the Logfile Viewer Setting ...)
	NOT-FOR-US: Alkacon OpenCms
CVE-2008-1299 (Cross-site scripting (XSS) vulnerability in SolutionSearch.do in Manag ...)
	NOT-FOR-US: ManageEngine ServiceDesk Plus
CVE-2008-1298 (SQL injection vulnerability in Hadith module for PHP-Nuke allows remot ...)
	NOT-FOR-US: Hadith module for PHP-Nuke
CVE-2008-1297 (SQL injection vulnerability in index.php in the eWriting (com_ewriting ...)
	NOT-FOR-US: com_ewriting module for Mambo and Joomla!
CVE-2008-1296 (Multiple cross-site scripting (XSS) vulnerabilities in EncapsGallery 1 ...)
	NOT-FOR-US: EncapsGallery
CVE-2008-1295 (SQL injection vulnerability in archives.php in Gregory Kokanosky (aka  ...)
	NOT-FOR-US: phpMyNewsletter
CVE-2008-1292 (ViewVC before 1.0.5 provides revision metadata without properly checki ...)
	- viewvc 1.0.5-0.1 (bug #471380)
CVE-2008-1291 (ViewVC before 1.0.5 stores sensitive information under the web root wi ...)
	- viewvc 1.0.5-0.1 (bug #471380)
CVE-2008-1290 (ViewVC before 1.0.5 includes "all-forbidden" files within search resul ...)
	- viewvc 1.0.5-0.1 (bug #471380)
CVE-2008-1289 (Multiple buffer overflows in Asterisk Open Source 1.4.x before 1.4.18. ...)
	- asterisk 1:1.4.18.1~dfsg-1 (medium)
	[etch] - asterisk <not-affected> (Only 1.4.x and above affected)
	[sarge] - asterisk <not-affected> (Only 1.4.x and above affected)
CVE-2008-1360 (Cross-site scripting (XSS) vulnerability in Nagios before 2.11 allows  ...)
	{DSA-1883-2 DSA-1883-1}
	- nagios2 2.11-1 (low)
CVE-2008-1417 (The prerm script in axyl 2.1.7 allows local users to overwrite arbitra ...)
	- axyl 2.2.0 (low; bug #471227)
	[sarge] - axyl <not-affected> (Vulnerable code not present)
	[etch] - axyl <not-affected> (Vulnerable code not present)
CVE-2008-1294 (Linux kernel 2.6.17, and other versions before 2.6.22, does not check  ...)
	{DSA-1565-1}
	- linux-2.6 2.6.22-1 (low)
CVE-2008-1318 (Unspecified vulnerability in MediaWiki 1.11 before 1.11.2 allows remot ...)
	- mediawiki 1:1.11.2-1
	[etch] - mediawiki <not-affected> (Versions prior to 1.11 do not include callback feature)
	NOTE: http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-March/000070.html
CVE-2008-1288 (IBM Rational ClearQuest 7.0.1.1 and 7.0.0.2 might allow local or remot ...)
	NOT-FOR-US: IBM Rational ClearQuest
CVE-2008-1287 (IBM Rational ClearQuest 7.0.1.1 and 7.0.0.2 generates different error  ...)
	NOT-FOR-US: IBM Rational ClearQuest
CVE-2008-1286 (Unspecified vulnerability in Sun Java Web Console 3.0.2, 3.0.3, and 3. ...)
	NOT-FOR-US: Sun Javav Web Console
CVE-2008-1285 (Cross-site scripting (XSS) vulnerability in Sun Java Server Faces (JSF ...)
	NOT-FOR-US: Sun Java Server Faces
CVE-2008-1284 (Directory traversal vulnerability in Horde 3.1.6, Groupware before 1.0 ...)
	{DSA-1519-1}
	- horde3 3.1.7-1 (medium; bug #470640)
CVE-2008-1283 (Cross-site scripting (XSS) vulnerability in Neptune Web Server 3.0 all ...)
	NOT-FOR-US: Neptune Web Server
CVE-2008-1282 (Buffer overflow in the BFup ActiveX control (BFup.dll) in B21Soft BFup ...)
	NOT-FOR-US: B21Soft BFup
CVE-2008-1281 (Directory traversal vulnerability in TFTPsrvs.exe 2.5.3.1 and earlier, ...)
	NOT-FOR-US: Argon Technology Client Management Services
CVE-2008-1280 (Acronis True Image Windows Agent 1.0.0.54 and earlier, included in Acr ...)
	NOT-FOR-US: Acronis True Image
CVE-2008-1279 (Acronis True Image Group Server 1.5.19.191 and earlier, included in Ac ...)
	NOT-FOR-US: Acronis True Image
CVE-2008-1278 (The RemotelyAnywhere.exe service in the Remotely Anywhere Server and W ...)
	NOT-FOR-US: Remotely Anywhere
CVE-2008-1277 (The IMAP service (MEIMAPS.exe) in MailEnable Professional Edition and  ...)
	NOT-FOR-US: MailEnable
CVE-2008-1276 (Multiple buffer overflows in the IMAP service (MEIMAPS.EXE) in MailEna ...)
	NOT-FOR-US: MailEnable
CVE-2008-1275 (Multiple unspecified vulnerabilities in the SMTP service in MailEnable ...)
	NOT-FOR-US: MailEnable
CVE-2008-1274 (Untrusted search path vulnerability in man in IBM AIX 6.1.0 allows loc ...)
	NOT-FOR-US: IBM AIX
CVE-2008-1273 (Multiple cross-site scripting (XSS) vulnerabilities in imageVue 1.7 al ...)
	NOT-FOR-US: imageVue
CVE-2008-1272 (Multiple SQL injection vulnerabilities in BM Classifieds 20080309 and  ...)
	NOT-FOR-US: BM Classifieds
CVE-2008-1271
	REJECTED
CVE-2008-1270 (mod_userdir in lighttpd 1.4.18 and earlier, when userdir.path is not s ...)
	{DSA-1521-1}
	- lighttpd 1.4.19-1
	NOTE: user configuration error, default documented in moduserdir documentation
CVE-2008-1269 (cp06_wifi_m_nocifr.cgi in the admin panel on the Alice Gate 2 Plus Wi- ...)
	NOT-FOR-US: Alice Gate 2 Plus router firmware
CVE-2008-1268 (The FTP server on the Linksys WRT54G 7 router with 7.00.1 firmware doe ...)
	NOT-FOR-US: Linksys WRT54G
CVE-2008-1267 (The Siemens SpeedStream 6520 router allows remote attackers to cause a ...)
	NOT-FOR-US: Siemens SpeedStream
CVE-2008-1266 (Multiple buffer overflows in the web interface on the D-Link DI-524 ro ...)
	NOT-FOR-US: D-Link router
CVE-2008-1265 (The Linksys WRT54G router allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Linksys WRT54G
CVE-2008-1264 (The Linksys WRT54G router has "admin" as its default FTP password, whi ...)
	NOT-FOR-US: Linksys WRT54G
CVE-2008-1263 (The Linksys WRT54G router stores passwords and keys in cleartext in th ...)
	NOT-FOR-US: Linksys WRT54G
CVE-2008-1262 (The administration panel on the Airspan WiMax ProST 4.1 antenna with 6 ...)
	NOT-FOR-US: Airspan WiMax ProST antenna
CVE-2008-1261 (The Zyxel P-2602HW-D1A router with 3.40(AJZ.1) firmware provides diffe ...)
	NOT-FOR-US: Zyxel router
CVE-2008-1260 (Multiple cross-site request forgery (CSRF) vulnerabilities on the Zyxe ...)
	NOT-FOR-US: Zyxel router
CVE-2008-1259 (The Zyxel P-2602HW-D1A router with 3.40(AJZ.1) firmware maintains auth ...)
	NOT-FOR-US: Zyxel router
CVE-2008-1258 (Cross-site scripting (XSS) vulnerability in prim.htm on the D-Link DI- ...)
	NOT-FOR-US: D-Link router
CVE-2008-1257 (Cross-site scripting (XSS) vulnerability in Forms/DiagGeneral_2 on the ...)
	NOT-FOR-US: Zyxel router
CVE-2008-1256 (The ZyXEL P-660HW series router has "admin" as its default password, w ...)
	NOT-FOR-US: Zyxel router
CVE-2008-1255 (The ZyXEL P-660HW series router maintains authentication state by IP a ...)
	NOT-FOR-US: Zyxel router
CVE-2008-1254 (Multiple cross-site request forgery (CSRF) vulnerabilities on the ZyXE ...)
	NOT-FOR-US: Zyxel router
CVE-2008-1253 (Cross-site scripting (XSS) vulnerability in cgi-bin/webcm on the D-Lin ...)
	NOT-FOR-US: D-Link router
CVE-2008-1252 (b_banner.stm (aka the login page) on the Deutsche Telekom Speedport W5 ...)
	NOT-FOR-US: Telekom Speedport W500 DSL router
CVE-2008-1251 (Cross-site scripting (XSS) vulnerability in the web interface on the c ...)
	NOT-FOR-US: Snom 320 SIP Phone
CVE-2008-1250 (Multiple cross-site request forgery (CSRF) vulnerabilities in the web  ...)
	NOT-FOR-US: Snom 320 SIP Phone
CVE-2008-1249 (snomControl.swf in the central phone server for the Snom 320 SIP Phone ...)
	NOT-FOR-US: Snom 320 SIP Phone
CVE-2008-1248 (The web interface on the central phone server for the Snom 320 SIP Pho ...)
	NOT-FOR-US: Snom 320 SIP Phone
CVE-2008-1247 (The web interface on the Linksys WRT54g router with firmware 1.00.9 do ...)
	NOT-FOR-US: Linksys WRT54g router
CVE-2008-1246
	NOT-FOR-US: Cisco PIX/ASA Finesse Operation System
CVE-2008-1245 (cgi-bin/setup_virtualserver.exe on the Belkin F5D7230-4 router with fi ...)
	NOT-FOR-US: Belkin router
CVE-2008-1244 (cgi-bin/setup_dns.exe on the Belkin F5D7230-4 router with firmware 9.0 ...)
	NOT-FOR-US: Belkin router
CVE-2008-1243 (Cross-site scripting (XSS) vulnerability on the Linksys WRT300N router ...)
	NOT-FOR-US: Linksys WRT300N router
CVE-2008-1242 (The control panel on the Belkin F5D7230-4 router with firmware 9.01.10 ...)
	NOT-FOR-US: Belkin router
CVE-2008-1241 (GUI overlay vulnerability in Mozilla Firefox before 2.0.0.13 and SeaMo ...)
	{DSA-1534-2 DSA-1535-1 DSA-1534-1 DSA-1532-1}
	- iceweasel 2.0.0.13-1
	- xulrunner 1.8.1.13-1
	- iceape 1.1.9-1
CVE-2008-1240 (LiveConnect in Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1. ...)
	{DSA-1534-2 DSA-1535-1 DSA-1534-1 DSA-1532-1}
	- iceweasel 2.0.0.13-1
	- xulrunner 1.8.1.13-1
	- iceape 1.1.9-1
CVE-2008-1239
	REJECTED
CVE-2008-1238 (Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9, when gener ...)
	{DSA-1534-2 DSA-1535-1 DSA-1534-1 DSA-1532-1}
	- iceweasel 2.0.0.13-1
	- xulrunner 1.8.1.13-1
	- iceape 1.1.9-1
CVE-2008-1237 (Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.1 ...)
	{DSA-1574-1 DSA-1534-2 DSA-1535-1 DSA-1534-1 DSA-1532-1}
	- iceweasel 2.0.0.13-1
	- xulrunner 1.8.1.13-1
	- iceape 1.1.9-1
	- icedove 2.0.0.14-1
CVE-2008-1236 (Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.1 ...)
	{DSA-1574-1 DSA-1534-2 DSA-1535-1 DSA-1534-1 DSA-1532-1}
	- iceweasel 2.0.0.13-1
	- xulrunner 1.8.1.13-1
	- iceape 1.1.9-1
	- icedove 2.0.0.14-1
CVE-2008-1235 (Unspecified vulnerability in Mozilla Firefox before 2.0.0.13, Thunderb ...)
	{DSA-1574-1 DSA-1534-2 DSA-1535-1 DSA-1534-1 DSA-1532-1}
	- iceweasel 2.0.0.13-1
	- xulrunner 1.8.1.13-1
	- iceape 1.1.9-1
	- icedove 2.0.0.14-1
CVE-2008-1234 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 2.0 ...)
	{DSA-1574-1 DSA-1534-2 DSA-1535-1 DSA-1534-1 DSA-1532-1}
	- iceweasel 2.0.0.13-1
	- xulrunner 1.8.1.13-1
	- iceape 1.1.9-1
	- icedove 2.0.0.14-1
CVE-2008-1233 (Unspecified vulnerability in Mozilla Firefox before 2.0.0.13, Thunderb ...)
	{DSA-1574-1 DSA-1534-2 DSA-1535-1 DSA-1534-1 DSA-1532-1}
	- iceweasel 2.0.0.13-1
	- xulrunner 1.8.1.13-1
	- iceape 1.1.9-1
	- icedove 2.0.0.14-1
CVE-2008-1232 (Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 throug ...)
	- tomcat5.5 5.5.26-4 (low; bug #494504)
CVE-2008-1231 (Directory traversal vulnerability in Edit.jsp in JSPWiki 2.4.104 and 2 ...)
	- jspwiki 2.8.0-1 (bug #470477)
CVE-2008-1230 (Unrestricted file upload vulnerability in JSPWiki 2.4.104 and 2.5.139  ...)
	- jspwiki 2.8.0-1 (bug #470477)
CVE-2008-1229 (Cross-site scripting (XSS) vulnerability in Edit.jsp in JSPWiki 2.4.10 ...)
	- jspwiki 2.8.0-1 (bug #470477)
CVE-2008-1228 (Cross-site scripting (XSS) vulnerability in admin.php in MG2 (formerly ...)
	NOT-FOR-US: MG2
CVE-2008-1227 (Stack-based buffer overflow in the silc_fingerprint function in lib/si ...)
	- silc-toolkit 1.1.6-1
CVE-2008-1226 (Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collabor ...)
	NOT-FOR-US: Zimbra Collaboration Suite
CVE-2008-1225 (Multiple cross-site scripting (XSS) vulnerabilities in WebCT Campus Ed ...)
	NOT-FOR-US: WebCT Campus Edition
CVE-2008-1224 (Cross-site scripting (XSS) vulnerability in account.php in BosClassifi ...)
	NOT-FOR-US: BosClassifieds Classified Ads System
CVE-2008-1223 (Unspecified vulnerability in Dokeos 1.8.4 before SP3 allows attackers  ...)
	NOT-FOR-US: Dokeos
CVE-2008-1222 (Cross-site scripting (XSS) vulnerability in Dokeos 1.8.4 before SP3 al ...)
	NOT-FOR-US: Dokeos
CVE-2008-1221 (Absolute path traversal vulnerability in the FTP server in MicroWorld  ...)
	NOT-FOR-US: MicroWorld eScan
CVE-2008-1220 (SQL injection vulnerability in the 4nChat 0.91 module for PHP-Nuke all ...)
	NOT-FOR-US: 4nChat for PHP-Nuke
CVE-2008-1219 (SQL injection vulnerability in the Kutub-i Sitte (KutubiSitte) 1.1 mod ...)
	NOT-FOR-US: Kutub-i Sitte for PHP-Nuke
CVE-2008-1217 (Unspecified vulnerability in nlnotes.dll in the client in IBM Lotus No ...)
	NOT-FOR-US: IBM Lotus Notes
CVE-2008-1216 (IBM Lotus Quickr 8.0 server, and possibly QuickPlace 7.x, does not pro ...)
	NOT-FOR-US: IBM Lotus Notes
CVE-2008-1215 (Stack-based buffer overflow in the command_Expand_Interpret function i ...)
	NOT-FOR-US: BSD net/userppp
CVE-2008-1214 (MRcgi/MRProcessIncomingForms.pl in Numara FootPrints 8.1 on Linux allo ...)
	NOT-FOR-US: Numara FootPrints
CVE-2008-1213 (Cross-site scripting (XSS) vulnerability in Numara FootPrints for Linu ...)
	NOT-FOR-US: Numara FootPrints
CVE-2008-1212 (Cross-site scripting (XSS) vulnerability in set_permissions.php in Pod ...)
	NOT-FOR-US: Podcast Generator
CVE-2008-1211 (Cross-site scripting (XSS) vulnerability in BosDates 3.x and 4.x allow ...)
	NOT-FOR-US: BosDates
CVE-2008-1210 (Stack-based buffer overflow in the ctags parsing code in Programmer's  ...)
	NOT-FOR-US: Programmer's Notepad
CVE-2008-1209 (Cross-site scripting (XSS) vulnerability in redirect.do in Xitex WebCo ...)
	NOT-FOR-US: Xitex WebContent M1
CVE-2008-1208 (Cross-site scripting (XSS) vulnerability in the login page in Check Po ...)
	NOT-FOR-US: CheckPoint VPN-1
CVE-2008-1207 (Multiple unspecified vulnerabilities in Fujitsu Interstage Smart Repos ...)
	NOT-FOR-US: Fujitsu Interstage
CVE-2008-1206 (Format string vulnerability in the log_message function in lks.c in Li ...)
	NOT-FOR-US: Linux Kiss Server
CVE-2008-1205 (Unspecified vulnerability in the ipsecah kernel module in Sun Solaris  ...)
	NOT-FOR-US: Sun Solaris
CVE-2008-1204 (Multiple cross-site scripting (XSS) vulnerabilities in the Administrat ...)
	NOT-FOR-US: Sun Java System
CVE-2008-1203 (The administrator interface for Adobe ColdFusion 8 and ColdFusion MX7  ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2008-1202 (Cross-site scripting (XSS) vulnerability in the web management interfa ...)
	NOT-FOR-US: Adobe LiveCycle Workflow
CVE-2008-1201 (Multiple unspecified vulnerabilities in FLA file parsing in Adobe Flas ...)
	NOT-FOR-US: Adobe Flash CS3 Professional
CVE-2008-1200 (Unspecified vulnerability in Microsoft Access allows remote user-assis ...)
	NOT-FOR-US: Microsoft Access
CVE-2008-1198 (The default IPSec ifup script in Red Hat Enterprise Linux 3 through 5  ...)
	NOT-FOR-US: Red Hat specific
CVE-2008-1197 (The Marvell driver for the Netgear WN802T Wi-Fi access point with firm ...)
	NOT-FOR-US: Marvell driver for the Netgear WN802T Wi-Fi access point
CVE-2008-1196 (Stack-based buffer overflow in Java Web Start (javaws.exe) in Sun JDK  ...)
	- sun-java6 6-05-1 (medium)
	- sun-java5 1.5.0-15-1 (medium)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
CVE-2008-1195 (Unspecified vulnerability in Sun JDK and Java Runtime Environment (JRE ...)
	- sun-java6 6-05-1 (low)
	- sun-java5 1.5.0-15-1 (low)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
CVE-2008-1194 (Multiple unspecified vulnerabilities in the color management library i ...)
	- sun-java6 6-05-1 (unimportant)
	- sun-java5 1.5.0-15-1 (unimportant)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
CVE-2008-1193 (Unspecified vulnerability in Java Runtime Environment Image Parsing Li ...)
	- sun-java6 6-05-1 (low)
	- sun-java5 1.5.0-15-1 (low)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
CVE-2008-1192 (Unspecified vulnerability in the Java Plug-in for Sun JDK and JRE 6 Up ...)
	- sun-java6 6-05-1 (medium)
	- sun-java5 1.5.0-15-1 (medium)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
CVE-2008-1191 (Unspecified vulnerability in Java Web Start in Sun JDK and JRE 6 Updat ...)
	- sun-java6 6-05-1 (medium)
	- sun-java5 1.5.0-15-1 (medium)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
CVE-2008-1190 (Unspecified vulnerability in Java Web Start in Sun JDK and JRE 6 Updat ...)
	- sun-java6 6-05-1 (medium)
	- sun-java5 <not-affected> (No more information by sun)
CVE-2008-1189 (Buffer overflow in Java Web Start in Sun JDK and JRE 6 Update 4 and ea ...)
	- sun-java6 6-05-1 (medium)
	- sun-java5 1.5.0-15-1 (medium)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
CVE-2008-1188 (Multiple buffer overflows in the useEncodingDecl function in Java Web  ...)
	- sun-java6 6-05-1 (medium)
	- sun-java5 1.5.0-15-1 (medium)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
CVE-2008-1187 (Unspecified vulnerability in Sun Java Runtime Environment (JRE) and JD ...)
	- sun-java6 6-05-1 (low)
	- sun-java5 1.5.0-15-1 (low)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
CVE-2008-1186 (Unspecified vulnerability in the Virtual Machine for Sun Java Runtime  ...)
	- sun-java6 6-05-1
	- sun-java5 1.5.0-15-1
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
CVE-2008-1185 (Unspecified vulnerability in the Virtual Machine for Sun Java Runtime  ...)
	- sun-java6 6-05-1
	- sun-java5 1.5.0-15-1
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
CVE-2008-1184 (The DNSSEC validation library (libval) library in dnssec-tools before  ...)
	- dnssec-tools <not-affected> (first version in Debian was 1.4.1)
CVE-2008-1183 (Multiple cross-site scripting (XSS) vulnerabilities in Crafty Syntax L ...)
	NOT-FOR-US: Crafty Syntax Live Help
CVE-2008-1182 (Cross-site scripting (XSS) vulnerability in BSD Perimeter pfSense befo ...)
	NOT-FOR-US: BSD Perimeter pfSense
CVE-2008-1181 (Juniper Networks Secure Access 2000 5.5 R1 (build 11711) allows remote ...)
	NOT-FOR-US: Juniper
CVE-2008-1180 (Cross-site scripting (XSS) vulnerability in dana-na/auth/rdremediate.c ...)
	NOT-FOR-US: Juniper
CVE-2008-1179 (Multiple cross-site scripting (XSS) vulnerabilities in include/common/ ...)
	- centreon-web <itp> (bug #913903)
CVE-2008-1178 (Directory traversal vulnerability in include/doc/index.php in Centreon ...)
	- centreon-web <itp> (bug #913903)
CVE-2008-1177 (SQL injection vulnerability in shop/detail.php in Affiliate Market (af ...)
	NOT-FOR-US: Affiliate Market
CVE-2008-1176 (Cross-site scripting (XSS) vulnerability in function/sideblock.php in  ...)
	NOT-FOR-US: Affiliate Market
CVE-2008-1175 (Cross-site scripting (XSS) vulnerability in AuthentiX 6.3b1 Trial allo ...)
	NOT-FOR-US: AuthentiX
CVE-2008-1174 (Cross-site scripting (XSS) vulnerability in editUser.asp in AuthentiX  ...)
	NOT-FOR-US: AuthentiX
CVE-2008-1173 (Cross-site scripting (XSS) vulnerability in account-inbox.php in Torre ...)
	NOT-FOR-US: TorrentTrader
CVE-2008-1172 (Cross-site request forgery (CSRF) vulnerabilities in account-inbox.php ...)
	NOT-FOR-US: TorrentTrader
CVE-2008-1171
	NOT-FOR-US: 123 Flash Chat Module for phpBB
CVE-2008-1170 (Multiple PHP remote file inclusion vulnerabilities in KCWiki 1.0 allow ...)
	NOT-FOR-US: KCWiki
CVE-2008-1169 (Directory traversal vulnerability in the embedded HTTP server in SCI P ...)
	NOT-FOR-US: SCI Photo Chat Server
CVE-2008-1168 (Cross-site scripting (XSS) vulnerability in Squid Analysis Report Gene ...)
	- sarg 2.2.5-1
CVE-2008-1167 (Stack-based buffer overflow in the useragent function in useragent.c i ...)
	- sarg 2.2.4-1
CVE-2008-1166 (Flyspray 0.9.9.4 generates different error messages depending on wheth ...)
	- flyspray <removed>
CVE-2008-1165 (Multiple cross-site scripting (XSS) vulnerabilities in Flyspray 0.9.9  ...)
	- flyspray <removed>
CVE-2008-1164 (SQL injection vulnerability in index.php in phpComasy 0.8 allows remot ...)
	NOT-FOR-US: phpComasy CMS
CVE-2008-1163 (SQL injection vulnerability in index.php in phpArcadeScript 1.0 throug ...)
	NOT-FOR-US: phpArcadeScript
CVE-2008-1162 (SQL injection vulnerability in album.php in PHP WEB SCRIPT Dynamic Pho ...)
	NOT-FOR-US: phpwebscript
CVE-2008-1161 (Buffer overflow in the Matroska demuxer (demuxers/demux_matroska.c) in ...)
	{DSA-1536-1}
	- xine-lib 1.1.10.1-1 (medium)
CVE-2008-1160 (ZyXEL ZyWALL 1050 has a hard-coded password for the Quagga and Zebra p ...)
	NOT-FOR-US: ZyXEL ZyWALL 1050
CVE-2008-1159 (Multiple unspecified vulnerabilities in the SSH server in Cisco IOS 12 ...)
	NOT-FOR-US: Cisco ssh server
CVE-2008-1158 (The Presence Engine (PE) service in Cisco Unified Presence before 6.0( ...)
	NOT-FOR-US: Presence Engine (PE) Cisco Unified Presence
CVE-2008-1157 (Cisco CiscoWorks Internetwork Performance Monitor (IPM) 2.6 creates a  ...)
	NOT-FOR-US: Cisco IPM
CVE-2008-1156 (Unspecified vulnerability in the Multicast Virtual Private Network (MV ...)
	NOT-FOR-US: Cisco IOS
CVE-2008-1155 (Cisco Network Admission Control (NAC) Appliance 3.5.x, 3.6.x before 3. ...)
	NOT-FOR-US: Cisco
CVE-2008-1154 (The Disaster Recovery Framework (DRF) master server in Cisco Unified C ...)
	NOT-FOR-US: Cisco IOS
CVE-2008-1153 (Cisco IOS 12.1, 12.2, 12.3, and 12.4, with IPv4 UDP services and the I ...)
	NOT-FOR-US: Cisco IOS
CVE-2008-1152 (The data-link switching (DLSw) component in Cisco IOS 12.0 through 12. ...)
	NOT-FOR-US: Cisco IOS
CVE-2008-1151 (Memory leak in the virtual private dial-up network (VPDN) component in ...)
	NOT-FOR-US: Cisco IOS
CVE-2008-1150 (The virtual private dial-up network (VPDN) component in Cisco IOS befo ...)
	NOT-FOR-US: Cisco IOS
CVE-2008-1149 (phpMyAdmin before 2.11.5 accesses $_REQUEST to obtain some parameters  ...)
	{DSA-1557-1}
	- phpmyadmin 4:2.11.5-1 (low)
	[etch] - phpmyadmin <no-dsa> (Minor issue)
	[sarge] - phpmyadmin <not-affected> (Vulnerable code not present)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2008-1/
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/c57b39bed91f06d574a95d8a5a091e5e59492d69
	NOTE: SQL injection if you can set local cookies, which means
	NOTE: you must be able to create pages in the same cookie domain, which seems
	NOTE: rare and unwise. low priority.
CVE-2008-1148 (A certain pseudo-random number generator (PRNG) algorithm that uses AD ...)
	NOT-FOR-US: OpenBSD / NetBSD
CVE-2008-1147 (A certain pseudo-random number generator (PRNG) algorithm that uses XO ...)
	- kfreebsd-5 <removed>
	[etch] - kfreebsd-5 <no-dsa> (KFreebsd not supported)
	- kfreebsd-6 <removed>
	[lenny] - kfreebsd-6 <no-dsa> (KFreebsd not supported)
	- kfreebsd-7 <removed> (bug #559107)
	[lenny] - kfreebsd-7 <no-dsa> (KFreebsd not supported)
CVE-2008-1146 (A certain pseudo-random number generator (PRNG) algorithm that uses XO ...)
	NOT-FOR-US: OpenBSD
CVE-2008-1144 (The Marvell driver for the Netgear WN802T Wi-Fi access point with firm ...)
	NOT-FOR-US: Marvell driver for the Netgear WN802T Wi-Fi access point
CVE-2008-1143
	RESERVED
CVE-2008-1141 (Memory leak in DLMFENC.sys 1.0.0.26 in DESlock+ 3.2.6 and earlier allo ...)
	NOT-FOR-US: DESlock+
CVE-2008-1140 (DLMFDISK.sys 1.2.0.27 in DESlock+ 3.2.6 and earlier allows local users ...)
	NOT-FOR-US: DESlock+
CVE-2008-1139 (DESlock+ 3.2.6 and earlier, when DLMFENC.sys 1.0.0.26 and DLMFDISK.sys ...)
	NOT-FOR-US: DESlock+
CVE-2008-1138 (DLMFENC.sys 1.0.0.26 in DESlock+ 3.2.6 and earlier allows local users  ...)
	NOT-FOR-US: DESlock+
CVE-2008-1137 (SQL injection vulnerability in the Garys Cookbook (com_garyscookbook)  ...)
	NOT-FOR-US: com_garyscookbook component for Mambo and Joomla!
CVE-2008-1136 (The Utils::runScripts function in src/utils.cpp in vdccm 0.92 through  ...)
	- vdccm <removed>
CVE-2008-1135 (OMEGA (aka Omegasoft) INterneSErvicesLosungen (INSEL) 7 generates diff ...)
	NOT-FOR-US: OMEGA
CVE-2008-1134 (OMEGA (aka Omegasoft) INterneSErvicesLosungen (INSEL) 7 supports authe ...)
	NOT-FOR-US: OMEGA
CVE-2008-1133 (The Drupal.checkPlain function in Drupal 6.0 only escapes the first in ...)
	- drupal5 <not-affected> (Vulnerable code introduced in 6.x)
CVE-2008-1218 (Argument injection vulnerability in Dovecot 1.0.x before 1.0.13, and 1 ...)
	{DSA-1516-1}
	- dovecot 1:1.0.13-1
	[etch] - dovecot <not-affected> (Vulnerable code not present)
	[sarge] - dovecot <not-affected> (Vulnerable code not present)
	NOTE: exploitable through code introduced in 1.0.11
	NOTE: http://www.dovecot.org/list/dovecot-news/2008-March/000064.html
CVE-2008-1293 (ldm in Linux Terminal Server Project (LTSP) 0.99 and 2 passes the -ac  ...)
	{DSA-1561-1 DTSA-118-1}
	- ldm 2:0.1~bzr20080308-1 (bug #469462)
	- ltsp 5.0.40~bzr20071229-1
	NOTE: In revision 5.0.40~bzr20071229-1 ldm has been split into a separate source package
CVE-2008-1145 (Directory traversal vulnerability in WEBrick in Ruby 1.8 before 1.8.5- ...)
	- ruby1.8 1.8.6.114-1 (unimportant; bug #469475)
	- ruby1.9 1.9.0.1-1 (unimportant; bug #469482)
	[sarge] - ruby1.8 <no-dsa> (case insensitive FS, corner case)
	[etch] - ruby1.8 <no-dsa> (case insensitive FS, corner case)
	[etch] - ruby1.9 <no-dsa> (case insensitive FS, corner case)
	NOTE: http://www.ruby-lang.org/en/news/2008/03/03/webrick-file-access-vulnerability/
CVE-2008-1199 (Dovecot before 1.0.11, when configured to use mail_extra_groups to all ...)
	{DSA-1516-1}
	- dovecot 1:1.0.12-1 (medium; bug #469457)
CVE-2008-1132 (Untrusted search path vulnerability in src/mainwindow.c in Net Activit ...)
	NOT-FOR-US: Net Activity Viewer
CVE-2008-1131 (Cross-site scripting (XSS) vulnerability in Drupal 6.0 allows remote a ...)
	- drupal <not-affected> (Vulnerable code not present, affects only 6.x branch)
	- drupal5 <not-affected> (Vulnerable code not present, affects only 6.x branch)
CVE-2008-1130 (Unspecified vulnerability in IBM WebSphere MQ 6.0.x before 6.0.2.2 and ...)
	NOT-FOR-US: WebSphere
CVE-2008-1129 (Cross-site scripting (XSS) vulnerability in admin/users/self.php in XR ...)
	NOT-FOR-US: XRMS
CVE-2008-1128 (PHP remote file inclusion vulnerability in tourney/index.php in phpMyT ...)
	NOT-FOR-US: phpMyTourney
CVE-2008-1127 (Format string vulnerability in the cryactio function in Crysis 1.1.1.5 ...)
	NOT-FOR-US: Crysis
CVE-2008-1126 (PHP remote file inclusion vulnerability in main.php in Barryvan Compo  ...)
	NOT-FOR-US: Barryvan Compo Manager
CVE-2008-1125 (Multiple directory traversal vulnerabilities in Podcast Generator 1.0  ...)
	NOT-FOR-US: Podcast Generator
CVE-2008-1124 (Multiple PHP remote file inclusion vulnerabilities in Podcast Generato ...)
	NOT-FOR-US: Podcast Generator
CVE-2008-1123 (Multiple PHP remote file inclusion vulnerabilities in SiteBuilder Elit ...)
	NOT-FOR-US: SiteBuilder
CVE-2008-1122 (SQL injection vulnerability in the downloads module in Koobi Pro 5.7 a ...)
	NOT-FOR-US: Koobi
CVE-2008-1121 (SQL injection vulnerability in index.php in eazyPortal 1.0 and earlier ...)
	NOT-FOR-US: eazyPortal
CVE-2008-1120 (Format string vulnerability in the embedded Internet Explorer componen ...)
	NOT-FOR-US: ICQ
CVE-2008-1119 (Directory traversal vulnerability in include/doc/get_image.php in Cent ...)
	- centreon-web <itp> (bug #913903)
CVE-2008-1118 (Timbuktu Pro 8.6.5 for Windows, and possibly 8.7 for Mac OS X, does no ...)
	NOT-FOR-US: Timbuktu Pro
CVE-2008-1117 (Directory traversal vulnerability in the Notes (aka Flash Notes or ins ...)
	NOT-FOR-US: Timbuktu Pro
CVE-2008-1116 (Insecure method vulnerability in the Web Scan Object ActiveX control ( ...)
	NOT-FOR-US: Rising Antivirus
CVE-2008-1115 (Unspecified vulnerability in Sun Solaris 8 directory functions allows  ...)
	NOT-FOR-US: Sun Solaris
CVE-2008-1114 (Vocera Communications wireless handsets, when using Protected Extensib ...)
	NOT-FOR-US: Vocera
CVE-2008-1113 (Cisco Unified Wireless IP Phone 7921, when using Protected Extensible  ...)
	NOT-FOR-US: Cisco
CVE-2008-1112
	REJECTED
CVE-2008-1110 (Buffer overflow in demuxers/demux_asf.c (aka the ASF demuxer) in the x ...)
	- xine-lib 1.1.10-1
	[etch] - xine-lib <not-affected> (Not affected per assessment of maintainer)
	[sarge] - xine-lib <not-affected> (Not affected per assessment of maintainer)
CVE-2008-1109 (Heap-based buffer overflow in Evolution 2.22.1 allows user-assisted re ...)
	- evolution 2.22.2-1.1 (low; bug #484639)
	[etch] - evolution <no-dsa> (Minor issue)
	NOTE: Requires that the user accepts the iCalendar request and replies
	NOTE: to it from the "Calendars" window.
CVE-2008-1108 (Buffer overflow in Evolution 2.22.1, when the ITip Formatter plugin is ...)
	- evolution 2.22.2-1.1 (low; bug #484639)
	[etch] - evolution <no-dsa> (Minor issue)
	NOTE: Requires that the ITip Formatter plugin is disabled, which is enabled by default.
CVE-2008-1107 (Multiple stack-based buffer overflows in the Danske Bank e-Sec Control ...)
	NOT-FOR-US: Danske Bank e-Sec Control Module
CVE-2008-1106 (The management interface in Akamai Client (formerly Red Swoosh) 3322 a ...)
	NOT-FOR-US: Akamai Client
CVE-2008-1105 (Heap-based buffer overflow in the receive_smb_raw function in util/soc ...)
	{DSA-1590-1}
	- samba 1:3.0.30-1 (medium; bug #483410)
CVE-2008-1104 (Stack-based buffer overflow in Foxit Reader before 2.3 build 2912 allo ...)
	NOT-FOR-US: Foxit Reader
CVE-2008-1103 (Multiple unspecified vulnerabilities in Blender have unknown impact an ...)
	- blender 2.40-1 (low)
CVE-2008-1102 (Stack-based buffer overflow in the imb_loadhdr function in Blender 2.4 ...)
	{DSA-1567-1}
	- blender 2.45-5 (medium; bug #477808)
CVE-2008-1101 (Buffer overflow in kvdocve.dll in the KeyView document viewing engine  ...)
	NOT-FOR-US: KeyView
CVE-2008-1100 (Buffer overflow in the cli_scanpe function in libclamav (libclamav/pe. ...)
	{DSA-1549-1}
	- clamav 0.92.1~dfsg2-1
CVE-2008-1099 (_macro_Getval in wikimacro.py in MoinMoin 1.5.8 and earlier does not p ...)
	{DSA-1514-1}
	- moin 1.5.8-5.1
CVE-2008-1098 (Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.5.8  ...)
	{DSA-1514-1}
	- moin 1.5.8-5.1
CVE-2008-1097 (Heap-based buffer overflow in the ReadPCXImage function in the PCX cod ...)
	{DSA-1858-1}
	- graphicsmagick 1.1.7-13
	- imagemagick 7:6.2.4.5.dfsg1-1
CVE-2008-1096 (The load_tile function in the XCF coder in coders/xcf.c in (1) ImageMa ...)
	{DSA-1903-1 DSA-1858-1}
	- imagemagick 7:6.3.7.9.dfsg1-2.1 (medium; bug #414370)
	[lenny] - imagemagick 7:6.3.7.9.dfsg1-2.1+lenny1
	- graphicsmagick 1.1.11-3.2 (medium; bug #414370)
CVE-2008-1095 (Unspecified vulnerability in the Internet Protocol (IP) implementation ...)
	NOT-FOR-US: Sun Solaris
CVE-2008-1094 (SQL injection vulnerability in index.cgi in the Account View page in B ...)
	NOT-FOR-US: Barracuda Spam Firewall
CVE-2008-1093 (Acresso InstallShield Update Agent does not properly verify the authen ...)
	NOT-FOR-US: FLEXnet Connect
CVE-2008-1092 (Buffer overflow in msjet40.dll before 4.0.9505.0 in Microsoft Jet Data ...)
	NOT-FOR-US: Microsoft Jet Database Engine
CVE-2008-1091 (Unspecified vulnerability in Microsoft Word in Office 2000 and XP SP3, ...)
	NOT-FOR-US: Microsoft Word
CVE-2008-1090 (Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and SP ...)
	NOT-FOR-US: Microsoft
CVE-2008-1089 (Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and SP ...)
	NOT-FOR-US: Microsoft
CVE-2008-1088 (Microsoft Project 2000 Service Release 1, 2002 SP1, and 2003 SP2 allow ...)
	NOT-FOR-US: Microsoft
CVE-2008-1087 (Stack-based buffer overflow in GDI in Microsoft Windows 2000 SP4, XP S ...)
	NOT-FOR-US: Microsoft
CVE-2008-1086 (The HxTocCtrl ActiveX control (hxvz.dll), as used in Microsoft Interne ...)
	NOT-FOR-US: Microsoft
CVE-2008-1085 (Use-after-free vulnerability in Microsoft Internet Explorer 5.01 SP4,  ...)
	NOT-FOR-US: Microsoft
CVE-2008-1084 (Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, ...)
	NOT-FOR-US: Microsoft
CVE-2008-1083 (Heap-based buffer overflow in the CreateDIBPatternBrushPt function in  ...)
	NOT-FOR-US: Microsoft
CVE-2008-1082 (Opera before 9.26 allows remote attackers to "bypass sanitization filt ...)
	NOT-FOR-US: Opera
CVE-2008-1081 (Opera before 9.26 allows user-assisted remote attackers to execute arb ...)
	NOT-FOR-US: Opera
CVE-2008-1080 (Opera before 9.26 allows user-assisted remote attackers to read arbitr ...)
	NOT-FOR-US: Opera
CVE-2008-1079 (The outboxWriteUnsent function in FTPThread.class in SendFile.jar for  ...)
	NOT-FOR-US: Beehive Software SendFile.NET
CVE-2008-1078 (expn in the am-utils and net-fs packages for Gentoo, rPath Linux, and  ...)
	- am-utils <not-affected> (Affected code not present in the binary package)
	NOTE: sendmail includes a copy of the script, which has been fixed since
	NOTE: several years
CVE-2008-1077 (SQL injection vulnerability in index.php in the Simpleboard (com_simpl ...)
	NOT-FOR-US: com_simpleboard component for Mambo and Joomla!
CVE-2008-1076 (Cross-site scripting (XSS) vulnerability in search.php in Interspire S ...)
	NOT-FOR-US: Interspire Shopping Cart
CVE-2008-1075 (Cross-site scripting (XSS) vulnerability in index.php in Maian Cart 1. ...)
	NOT-FOR-US: Maian Cart
CVE-2008-1074 (PHP remote file inclusion vulnerability in lib/head_auth.php in GROUP- ...)
	NOT-FOR-US: GROUP-E
CVE-2008-1073 (Cross-site scripting (XSS) vulnerability in the report interface in In ...)
	NOT-FOR-US: Internet Security Systems
CVE-2008-1072 (The TFTP dissector in Wireshark (formerly Ethereal) 0.6.0 through 0.99 ...)
	- wireshark 0.99.8-1 (low; bug #469488)
	[etch] - wireshark <not-affected> (Only affected in conjunction with later libcairo)
	[sarge] - ethereal <not-affected> (Only affected in conjunction with later libcairo)
CVE-2008-1071 (The SNMP dissector in Wireshark (formerly Ethereal) 0.99.6 through 0.9 ...)
	- wireshark 0.99.8-1 (low; bug #469488)
	[etch] - wireshark <not-affected> (Only affects 0.99.6 onwards)
	[sarge] - ethereal <not-affected> (Only affects 0.99.6 onwards)
CVE-2008-1070 (The SCTP dissector in Wireshark (formerly Ethereal) 0.99.5 through 0.9 ...)
	- wireshark 0.99.8-1 (low; bug #469488)
	[etch] - wireshark <not-affected> (Only affects 0.99.5 onwards)
	[sarge] - ethereal <not-affected> (Only affects 0.99.5 onwards)
CVE-2008-1069 (Multiple PHP remote file inclusion vulnerabilities in Quantum Game Lib ...)
	NOT-FOR-US: Quantum Game Library
CVE-2008-1068 (Multiple PHP remote file inclusion vulnerabilities in Portail Web Php  ...)
	NOT-FOR-US: Portail Web Php
CVE-2008-1067 (Multiple PHP remote file inclusion vulnerabilities in phpQLAdmin 2.2.7 ...)
	- phpqladmin <removed>
CVE-2008-1066 (The modifier.regex_replace.php plugin in Smarty before 2.6.19, as used ...)
	{DSA-1520-1}
	- smarty 2.6.18-1.1 (low; bug #469492)
	- moodle <not-affected> (low; bug #471158)
	- gallery2 2.2.5-2 (low; bug #471160)
	- mahara 0.9.2-2 (low; bug #471201)
	NOTE: Moodle ships Smarty but uses it in only one file, which doesn't use regex_replace
CVE-2008-1065 (Multiple SQL injection vulnerabilities in index.php in the XM-Memberst ...)
	NOT-FOR-US: xmmemberstats module for XOOPS
CVE-2008-1064 (Cross-site scripting (XSS) vulnerability in images.php in the Red Mexi ...)
	NOT-FOR-US: rmgs module for XOOPs
CVE-2008-1063 (Cross-site scripting (XSS) vulnerability index.php in the XM-Membersta ...)
	NOT-FOR-US: xmmemberstats module for XOOPS
CVE-2008-1062 (InterVideo IMC Server (aka IMCSvr.exe) and InterVideo Home Theater (ak ...)
	NOT-FOR-US: InterVideo IMC Server/InterVideo Home Theater
CVE-2008-1061 (Multiple cross-site scripting (XSS) vulnerabilities in the Sniplets 1. ...)
	NOT-FOR-US: Sniplets plugin for WordPress
CVE-2008-1060 (Eval injection vulnerability in modules/execute.php in the Sniplets 1. ...)
	NOT-FOR-US: Sniplets plugin for WordPress
CVE-2008-1059 (PHP remote file inclusion vulnerability in modules/syntax_highlight.ph ...)
	NOT-FOR-US: Sniplets plugin for WordPress
CVE-2008-1058 (The tcp_respond function in netinet/tcp_subr.c in OpenBSD 4.1 and 4.2  ...)
	NOT-FOR-US: OpenBSD
CVE-2008-1057 (The ip6_check_rh0hdr function in netinet6/ip6_input.c in OpenBSD 4.2 a ...)
	NOT-FOR-US: OpenBSD
CVE-2008-1056 (Multiple stack-based buffer overflows in Symark PowerBroker 2.8 throug ...)
	NOT-FOR-US: Symark PowerBroker
CVE-2008-1111 (mod_cgi in lighttpd 1.4.18 sends the source code of CGI scripts instea ...)
	{DSA-1513-1}
	- lighttpd 1.4.18-4 (low; bug #469307)
CVE-2008-1142 (rxvt 2.6.4 opens a terminal window on :0 if the DISPLAY environment va ...)
	- rxvt 1:2.6.4-13 (unimportant; bug #469296)
CVE-2008-1055 (Format string vulnerability in webmail.exe in NetWin SurgeMail 38k4 an ...)
	NOT-FOR-US: SurgeMail
CVE-2008-1054 (Stack-based buffer overflow in the _lib_spawn_user_getpid function in  ...)
	NOT-FOR-US: SurgeMail
CVE-2008-1053 (Multiple SQL injection vulnerabilities in the Kose_Yazilari module for ...)
	NOT-FOR-US: Kose_Yazilari module for PHP-Nuke
CVE-2008-1052 (The administration web interface in NetWin SurgeFTP 2.3a2 and earlier  ...)
	NOT-FOR-US: SurgeFTP
CVE-2008-1051 (PHP remote file inclusion vulnerability in include/body_comm.inc.php i ...)
	NOT-FOR-US: phpProfiles
CVE-2008-1050 (SQL injection vulnerability in index.php in Softbiz Jokes &amp; Funny  ...)
	NOT-FOR-US: Softbiz Jokes & Funny Pics Script
CVE-2008-1049 (Unspecified vulnerability in Parallels SiteStudio before 1.7.2, and 1. ...)
	NOT-FOR-US: Parallels SiteStudio
CVE-2008-1048 (Cross-site scripting (XSS) vulnerability in manager/xmedia.php in Plum ...)
	NOT-FOR-US: Plume CMS
CVE-2008-1047 (Cross-site scripting (XSS) vulnerability in tiki-edit_article.php in T ...)
	- tikiwiki <removed>
CVE-2008-1046 (PHP remote file inclusion vulnerability in footer.php in Quinsonnas Ma ...)
	NOT-FOR-US: Quinsonnas Mail Checker
CVE-2008-1045 (Cross-site scripting (XSS) vulnerability in the file tree navigation f ...)
	NOT-FOR-US: OpenCMS
CVE-2008-1044 (Stack-based buffer overflow in the Quantum Streaming Player (Quantum S ...)
	NOT-FOR-US: Quantum Streaming Player
CVE-2008-1043 (PHP remote file inclusion vulnerability in templates/default/header.in ...)
	NOT-FOR-US: Linux Web Shop
CVE-2008-1042 (Directory traversal vulnerability in include/body.inc.php in Linux Web ...)
	NOT-FOR-US: Linux Web Shop
CVE-2008-1041 (Cross-site scripting (XSS) vulnerability in mwhois.php in Matt Wilson  ...)
	NOT-FOR-US: MWhois
CVE-2008-1040 (Buffer overflow in the Single Sign-On function in Fujitsu Interstage A ...)
	NOT-FOR-US: Fujitsu Interstage Application Server
CVE-2008-1039 (SQL injection vulnerability in question.asp in PORAR WEBBOARD allows r ...)
	NOT-FOR-US: PORAR WEBBOARD
CVE-2008-1038 (PHP remote file inclusion vulnerability in mod/mod.extmanager.php in D ...)
	NOT-FOR-US: DBHcms
CVE-2008-1037 (Cross-site scripting (XSS) vulnerability in the file listing function  ...)
	NOT-FOR-US: Packeteer PacketShaper
CVE-2008-1036 (The International Components for Unicode (ICU) library in Apple Mac OS ...)
	{DSA-1762-1}
	- icu 4.0.1-1
CVE-2008-1035 (Use-after-free vulnerability in Apple iCal 3.0.1 on Mac OS X allows re ...)
	NOT-FOR-US: Apple iCal
CVE-2008-1034 (Integer underflow in Help Viewer in Apple Mac OS X before 10.5 allows  ...)
	NOT-FOR-US: Apple Mac OS
CVE-2008-1033 (The scheduler in CUPS in Apple Mac OS X 10.5 before 10.5.3, when debug ...)
	- cups 1.3.7-1
CVE-2008-1032 (Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X befo ...)
	NOT-FOR-US: Apple Mac OS
CVE-2008-1031 (CoreGraphics in Apple Mac OS X before 10.5.3 allows remote attackers t ...)
	NOT-FOR-US: Apple Mac OS
CVE-2008-1030 (Integer overflow in the CFDataReplaceBytes function in the CFData API  ...)
	NOT-FOR-US: Apple Mac OS
CVE-2008-1029
	RESERVED
CVE-2008-1028 (Unspecified vulnerability in AppKit in Apple Mac OS X before 10.5 allo ...)
	NOT-FOR-US: Apple Mac OS
CVE-2008-1027 (Apple Filing Protocol (AFP) Server in Apple Mac OS X before 10.5.3 doe ...)
	NOT-FOR-US: Apple Mac OS
CVE-2008-1026 (Integer overflow in the PCRE regular expression compiler (JavaScriptCo ...)
	- webkit 0~svn31841-1
	- qt4-x11 <not-affected> (vulnerable code not present referring to upstream)
	NOTE: for qt, referring to upstream this only applies to optimized code in safari 3.1
	NOTE: branch and qt 4.4 is based on safari 3.0
CVE-2008-1025 (Cross-site scripting (XSS) vulnerability in Apple WebKit, as used in S ...)
	- qt4-x11 <not-affected> (QUrl handles URLs and is not vulnerable to this CVE, see bug #479644)
	- webkit 0~svn31841-1 (medium)
CVE-2008-1024 (Apple Safari before 3.1.1, when running on Windows XP or Vista, allows ...)
	NOT-FOR-US: Apple Safari
CVE-2008-1023 (Heap-based buffer overflow in Clip opcode parsing in Apple QuickTime b ...)
	NOT-FOR-US: Apple QuickTime
CVE-2008-1022 (Stack-based buffer overflow in Apple QuickTime before 7.4.5 allows rem ...)
	NOT-FOR-US: Apple QuickTime
CVE-2008-1021 (Heap-based buffer overflow in Animation codec content handling in Appl ...)
	NOT-FOR-US: Apple QuickTime
CVE-2008-1020 (Heap-based buffer overflow in quickTime.qts in Apple QuickTime before  ...)
	NOT-FOR-US: Apple QuickTime
CVE-2008-1019 (Heap-based buffer overflow in quickTime.qts in Apple QuickTime before  ...)
	NOT-FOR-US: Apple QuickTime
CVE-2008-1018 (Heap-based buffer overflow in Apple QuickTime before 7.4.5 allows remo ...)
	NOT-FOR-US: Apple QuickTime
CVE-2008-1017 (Heap-based buffer overflow in clipping region (aka crgn) atom handling ...)
	NOT-FOR-US: Apple QuickTime
CVE-2008-1016 (Apple QuickTime before 7.4.5 does not properly handle movie media trac ...)
	NOT-FOR-US: Apple QuickTime
CVE-2008-1015 (Buffer overflow in the data reference atom handling in Apple QuickTime ...)
	NOT-FOR-US: Apple QuickTime
CVE-2008-1014 (Apple QuickTime before 7.4.5 does not properly handle external URLs in ...)
	NOT-FOR-US: Apple QuickTime
CVE-2008-1013 (Apple QuickTime before 7.4.5 enables deserialization of QTJava objects ...)
	NOT-FOR-US: Apple QuickTime
CVE-2008-1012 (Unspecified vulnerability in Apple AirPort Extreme Base Station Firmwa ...)
	NOT-FOR-US: Apple AirPort
CVE-2008-1011 (Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple S ...)
	NOTE: As far as I can see this has been addressed in revision 30871.
	NOTE: Please doublecheck.
CVE-2008-1010 (Buffer overflow in WebKit, as used in Apple Safari before 3.1, allows  ...)
	NOTE: As far as I can see this has been addressed in revision 31388.
	NOTE: Please doublecheck.
CVE-2008-1009 (Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple  ...)
	NOT-FOR-US: WebCore (Apple Safari)
CVE-2008-1008 (Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple  ...)
	NOT-FOR-US: WebCore (Apple Safari)
CVE-2008-1007 (WebCore, as used in Apple Safari before 3.1, does not enforce the fram ...)
	NOT-FOR-US: WebCore (Apple Safari)
CVE-2008-1006 (Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple  ...)
	NOT-FOR-US: WebCore (Apple Safari)
CVE-2008-1005 (WebCore, as used in Apple Safari before 3.1, does not properly mask th ...)
	NOT-FOR-US: WebCore (Apple Safari)
CVE-2008-1004 (Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple  ...)
	NOT-FOR-US: WebCore (Apple Safari)
CVE-2008-1003 (Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple  ...)
	NOT-FOR-US: WebCore (Apple Safari)
CVE-2008-1002 (Cross-site scripting (XSS) vulnerability in Apple Safari before 3.1 al ...)
	NOT-FOR-US: Apple Safari
CVE-2008-1001 (Cross-site scripting (XSS) vulnerability in Apple Safari before 3.1, w ...)
	NOT-FOR-US: Apple Safari
CVE-2008-1000 (Directory traversal vulnerability in ContentServer.py in the Wiki Serv ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0999 (Apple Mac OS X 10.5.2 allows user-assisted attackers to cause a denial ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0998 (Unspecified vulnerability in NetCfgTool in the System Configuration co ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0997 (Stack-based buffer overflow in AppKit in Apple Mac OS X 10.4.11 allows ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0996 (The Printing component in Apple Mac OS X 10.5.2 might save authenticat ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0995 (The Printing component in Apple Mac OS X 10.5.2 uses 40-bit RC4 when p ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0994 (Preview in Apple Mac OS X 10.5.2 uses 40-bit RC4 when saving a PDF fil ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0993 (Podcast Capture in Podcast Producer for Apple Mac OS X 10.5.2 invokes  ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0992 (Array index error in pax in Apple Mac OS X 10.5.2 allows context-depen ...)
	- pax <not-affected> (issue specific to Apple's version of pax)
CVE-2008-0991
	RESERVED
CVE-2008-0990 (notifyd in Apple Mac OS X 10.4.11 does not verify that Mach port death ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0989 (Format string vulnerability in mDNSResponderHelper in Apple Mac OS X 1 ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0988 (Off-by-one error in the Libsystem strnstr API in libc on Apple Mac OS  ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0987 (Stack-based buffer overflow in Image Raw in Apple Mac OS X 10.5.2, and ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0986 (Integer overflow in the BMP::readFromStream method in the libsgl.so li ...)
	NOT-FOR-US: Google Android
CVE-2008-0985 (Heap-based buffer overflow in the GIF library in the WebKit framework  ...)
	NOT-FOR-US: Google Android
CVE-2008-0984 (The MP4 demuxer (mp4.c) for VLC media player 0.8.6d and earlier, as us ...)
	{DSA-1543-1 DTSA-116-1}
	- vlc 0.8.6.e-1 (medium; bug #467652)
CVE-2008-6426
	REJECTED
CVE-2008-0982 (Spyce - Python Server Pages (PSP) 2.1.3 allows remote attackers to obt ...)
	NOT-FOR-US: Spyce
CVE-2008-0981 (Open redirect vulnerability in spyce/examples/redirect.spy in Spyce -  ...)
	NOT-FOR-US: Spyce
CVE-2008-0980 (Multiple cross-site scripting (XSS) vulnerabilities in Spyce - Python  ...)
	NOT-FOR-US: Spyce
CVE-2008-0979 (Stack consumption vulnerability in Double-Take 5.0.0.2865 and earlier, ...)
	NOT-FOR-US: Double-Take
CVE-2008-0978 (Double-Take 5.0.0.2865 and earlier, distributed under the HP StorageWo ...)
	NOT-FOR-US: Double-Take
CVE-2008-0977 (Double-Take 5.0.0.2865 and earlier, distributed under the HP StorageWo ...)
	NOT-FOR-US: Double-Take
CVE-2008-0976 (Double-Take 5.0.0.2865 and earlier, distributed under the HP StorageWo ...)
	NOT-FOR-US: Double-Take
CVE-2008-0975 (Double-Take 5.0.0.2865 and earlier, distributed under the HP StorageWo ...)
	NOT-FOR-US: Double-Take
CVE-2008-0974 (Double-Take 5.0.0.2865 and earlier, distributed under the HP StorageWo ...)
	NOT-FOR-US: Double-Take
CVE-2008-0973 (Buffer overflow in Double-Take (aka HP StorageWorks Storage Mirroring) ...)
	NOT-FOR-US: Double-Take
CVE-2008-0972
	RESERVED
CVE-2008-0971 (Multiple cross-site scripting (XSS) vulnerabilities in index.cgi in Ba ...)
	NOT-FOR-US: Barracuda Networks products
CVE-2008-0970
	RESERVED
CVE-2008-0969
	RESERVED
CVE-2008-0968
	RESERVED
CVE-2008-0967 (Untrusted search path vulnerability in vmware-authd in VMware Workstat ...)
	- vmware-package <removed> (low; bug #486110)
	[etch] - vmware-package <no-dsa> (Contrib not supported)
	NOTE: vmware-package just builds vmware from downloaded tarballs, the package itself
	NOTE: does not download them, however it needs to update its hashes for upstream tarballs
CVE-2008-0966
	RESERVED
CVE-2008-0965 (Multiple format string vulnerabilities in snoop on Sun Solaris 8 throu ...)
	NOT-FOR-US: Sun Solaris and OpenSolaris
CVE-2008-0964 (Multiple stack-based buffer overflows in snoop on Sun Solaris 8 throug ...)
	NOT-FOR-US: Sun Solaris and OpenSolaris
CVE-2008-0963 (Format string vulnerability in EMC DiskXtender MediaStor 6.20.060 allo ...)
	NOT-FOR-US: EMC DiskXtender
CVE-2008-0962 (Stack-based buffer overflow in the File System Manager for EMC DiskXte ...)
	NOT-FOR-US: EMC DiskXtender
CVE-2008-0961 (EMV DiskXtender 6.20.060 has a hard-coded login and password, which al ...)
	NOT-FOR-US: EMC DiskXtender
CVE-2008-0960 (SNMPv3 HMAC verification in (1) Net-SNMP 5.2.x before 5.2.4.1, 5.3.x b ...)
	{DSA-1663-1 DTSA-137-1}
	- net-snmp 5.4.1~dfsg-8.1 (medium; bug #485945)
CVE-2008-0959 (Multiple stack-based buffer overflows in the Online Media Technologies ...)
	NOT-FOR-US: Online Media Technologies NCTSoft NCTAudioInformation2
CVE-2008-0958 (Multiple stack-based buffer overflows in the Online Media Technologies ...)
	NOT-FOR-US: Online Media Technologies NCTSoft NCTAudioInformation2
CVE-2008-0957 (Multiple stack-based buffer overflows in the PhotoStockPlus Uploader T ...)
	NOT-FOR-US: PhotoStockPlus Uploader Tool ActiveX control
CVE-2008-0956 (Multiple stack-based buffer overflows in the BackWeb Lite Install Runn ...)
	NOT-FOR-US: BackWeb Lite Install
CVE-2008-0955 (Stack-based buffer overflow in the Creative Software AutoUpdate Engine ...)
	NOT-FOR-US: CTSUEng.ocx
CVE-2008-0954
	RESERVED
CVE-2008-0953 (The StartApp function in the HPISDataManagerLib.Datamgr ActiveX contro ...)
	NOT-FOR-US: ActiveX control
CVE-2008-0952 (The AppendStringToFile function in the HPISDataManagerLib.Datamgr Acti ...)
	NOT-FOR-US: ActiveX control
CVE-2008-0951 (Microsoft Windows Vista does not properly enforce the NoDriveTypeAutoR ...)
	NOT-FOR-US: Windows Vista
CVE-2008-0950
	RESERVED
CVE-2008-0949 (Unspecified vulnerability in IBM Informix Dynamic Server (IDS) 7.x thr ...)
	NOT-FOR-US: IBM Informix Dynamic Server
CVE-2008-0948 (Buffer overflow in the RPC library (lib/rpc/rpc_dtablesize.c) used by  ...)
	- krb5 1.3-1 (unimportant)
	NOTE: glibc properly defines FD_SETSIZE
CVE-2008-0947 (Buffer overflow in the RPC library used by libgssrpc and kadmind in MI ...)
	{DSA-1524-1}
	- krb5 1.6.dfsg.3~beta1-4 (medium)
CVE-2008-0946 (Directory traversal vulnerability in the IM Server (aka IMserve or IMs ...)
	NOT-FOR-US: Ipswitch Instant Messaging
CVE-2008-0945 (Format string vulnerability in the logging function in the IM Server ( ...)
	NOT-FOR-US: Ipswitch Instant Messaging
CVE-2008-0944 (Ipswitch Instant Messaging (IM) 2.0.8.1 and earlier allows remote atta ...)
	NOT-FOR-US: Ipswitch Instant Messaging
CVE-2008-0943 (Multiple SQL injection vulnerabilities in Eagle Software Aeries Browse ...)
	NOT-FOR-US: Eagle Software Aeries
CVE-2008-0942 (SQL injection vulnerability in GradebookStuScores.asp in Eagle Softwar ...)
	NOT-FOR-US: Eagle Software Aeries Browser Interface
CVE-2008-0941 (Cross-site scripting (XSS) vulnerability in Eagle Software Aeries Brow ...)
	NOT-FOR-US: Eagle Software Aeries Browser Interface
CVE-2008-0940 (Cross-site scripting (XSS) vulnerability in Plain Black WebGUI before  ...)
	NOT-FOR-US: Plain Black WebGUI
CVE-2008-0939 (Multiple SQL injection vulnerabilities in wppa.php in the WP Photo Alb ...)
	NOT-FOR-US: WP Photo Album plugin for WordPress
CVE-2008-0938 (Unspecified vulnerability in the dynamic tracing framework (DTrace) in ...)
	NOT-FOR-US: Sun Solaris
CVE-2008-0937 (SQL injection vulnerability in index.php in the Tiny Event (tinyevent) ...)
	NOT-FOR-US: XOOPS module
CVE-2008-0936 (SQL injection vulnerability in index.php in the Prayer List (prayerlis ...)
	NOT-FOR-US: XOOPS module
CVE-2008-0935 (Stack-based buffer overflow in the Novell iPrint Control ActiveX contr ...)
	NOT-FOR-US: Novell iPrint Client
CVE-2008-0934 (SQL injection vulnerability in modules.php in the NukeC 2.1 module for ...)
	NOT-FOR-US: NukeC phpnuke module
CVE-2008-0933 (Multiple race conditions in the CPU Performance Counters (cpc) subsyst ...)
	NOT-FOR-US: Sun Solaris
CVE-2008-0931 (w_export.c in XWine 1.0.1 on Debian GNU/Linux sets insecure permission ...)
	{DSA-1526-1}
	- xwine <removed> (low; bug #468050)
CVE-2008-0930 (w_editeur.c in XWine 1.0.1 for Debian GNU/Linux allows local users to  ...)
	{DSA-1526-1}
	- xwine <removed> (low; bug #468050)
CVE-2008-0929
	REJECTED
CVE-2008-0928 (Qemu 0.9.1 and earlier does not perform range checks for block device  ...)
	{DSA-1799-1 DTSA-133-1}
	- qemu 0.9.1+svn20081207-1 (low; bug #469649)
	- xen-unstable 3.2.0-4 (bug #469654)
	- xen-3 3.2.0-4 (bug #469662)
	- xen-3.0 <removed>
	- kvm 63+dfsg-1 (bug #469666)
CVE-2008-0927 (dhost.exe in Novell eDirectory 8.7.3 before sp10 and 8.8.2 allows remo ...)
	NOT-FOR-US: Novell eDirectory
CVE-2008-0926 (The SOAP interface to the eMBox module in Novell eDirectory 8.7.3.9 an ...)
	NOT-FOR-US: Novell eDirectory
CVE-2008-0925 (Cross-site scripting (XSS) vulnerability in the iMonitor interface in  ...)
	NOT-FOR-US: Novell eDirectory
CVE-2008-0924 (Stack-based buffer overflow in the DoLBURPRequest function in libnldap ...)
	NOT-FOR-US: Novell eDirectory
CVE-2008-0923 (Directory traversal vulnerability in the Shared Folders feature for VM ...)
	- vmware-package <not-affected> (Only vulnerable on windows hosted systems)
CVE-2008-0922 (SQL injection vulnerability in the Manuales 0.1 module for PHP-Nuke al ...)
	NOT-FOR-US: Manuales module for PHP-Nuke
CVE-2008-0921 (SQL injection vulnerability in news.php in beContent 0.3.1 allows remo ...)
	NOT-FOR-US: beContent
CVE-2008-0920 (SQL injection vulnerability in port/modifyportform.php in Open Source  ...)
	NOT-FOR-US: OSSIM
CVE-2008-0919 (Cross-site scripting (XSS) vulnerability in session/login.php in Open  ...)
	NOT-FOR-US: OSSIM
CVE-2008-0918 (SQL injection vulnerability in includes/count_dl_or_link.inc.php in th ...)
	NOT-FOR-US: astatsPRO component for Joomla!
CVE-2008-0917 (Cross-site scripting (XSS) vulnerability in Tor World Tor Search 1.1 a ...)
	NOT-FOR-US: TorWorld software
CVE-2008-0916 (SQL injection vulnerability in the Highwood Design hwdVideoShare (com_ ...)
	NOT-FOR-US: com_hwdvideoshare component for Joomla!
CVE-2008-0915 (The Mediation server in IPdiva SSL VPN Server 2.2 before 2.2.8.84 and  ...)
	NOT-FOR-US: IPdiva SSL VPN Server
CVE-2008-0914 (Multiple cross-site scripting (XSS) vulnerabilities in the Mediation s ...)
	NOT-FOR-US: IPdiva SSL VPN Server
CVE-2008-0913 (Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB  ...)
	NOT-FOR-US: Invision Power Board
CVE-2008-0912 (Multiple heap-based buffer overflows in mlsrv10.exe in Sybase MobiLink ...)
	NOT-FOR-US: Sybase MobiLink
CVE-2008-0911 (SQL injection vulnerability in productdetails.php in iScripts MultiCar ...)
	NOT-FOR-US: iScripts MultiCart
CVE-2008-0910 (Multiple F-Secure anti-virus products, including Internet Security 200 ...)
	NOT-FOR-US: Internet Security, Anti-Virus, F-Secure Protection Service
CVE-2008-0909 (Cross-site scripting (XSS) vulnerability in browse.asp in Schoolwires  ...)
	NOT-FOR-US: Schoolwires Academic Portal
CVE-2008-0908 (SQL injection vulnerability in browse.asp in Schoolwires Academic Port ...)
	NOT-FOR-US: Schoolwires Academic Portal
CVE-2008-0907 (SQL injection vulnerability in the Inhalt module for PHP-Nuke allows r ...)
	NOT-FOR-US: Inhalt module for PHP-Nuke
CVE-2008-0906 (SQL injection vulnerability in the Docum module in PHP-Nuke allows rem ...)
	NOT-FOR-US: Docum module for PHP-Nuke
CVE-2008-0905 (Directory traversal vulnerability in globsy_edit.php in Globsy 1.0 all ...)
	NOT-FOR-US: Globsy
CVE-2008-0904 (Unspecified vulnerability in the download servlet in BEA Plumtree Coll ...)
	NOT-FOR-US: BEA Plumtree Collaboration and AquaLogic Interaction
CVE-2008-0903 (Unspecified vulnerability in the BEA WebLogic Server and Express proxy ...)
	NOT-FOR-US: BEA WebLogic Server and Express proxy plugin
CVE-2008-0902 (Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Se ...)
	NOT-FOR-US: BEA WebLogic Server and Express
CVE-2008-0901 (BEA WebLogic Server and Express 7.0 through 10.0 allows remote attacke ...)
	NOT-FOR-US: BEA WebLogic Server and Express
CVE-2008-0900 (Session fixation vulnerability in BEA WebLogic Server and Express 8.1  ...)
	NOT-FOR-US: BEA WebLogic Server and Express
CVE-2008-0899 (Cross-site scripting (XSS) vulnerability in the Administration Console ...)
	NOT-FOR-US: BEA WebLogic Server and Express
CVE-2008-0898 (The distributed queue feature in JMS in BEA WebLogic Server 9.0 throug ...)
	NOT-FOR-US: BEA WebLogic Server
CVE-2008-0897 (Unspecified vulnerability in BEA WebLogic Server 9.0 through 10.0 allo ...)
	NOT-FOR-US: BEA WebLogic Server
CVE-2008-0896 (BEA WebLogic Portal 10.0 and 9.2 through MP1, when an administrator de ...)
	NOT-FOR-US: BEA WebLogic Portal
CVE-2008-0895 (BEA WebLogic Server and WebLogic Express 6.1 through 10.0 allows remot ...)
	NOT-FOR-US: BEA WebLogic Server and Express
CVE-2008-0894 (Apple Safari might allow remote attackers to obtain potentially sensit ...)
	NOT-FOR-US: Apple Safari
CVE-2008-0893 (Red Hat Administration Server, as used by Red Hat Directory Server 8.0 ...)
	NOT-FOR-US: Red Hat Administration Server
CVE-2008-0892 (The replication monitor CGI script (repl-monitor-cgi.pl) in Red Hat Ad ...)
	NOT-FOR-US: Red Hat Administration Server
CVE-2008-0891 (Double free vulnerability in OpenSSL 0.9.8f and 0.9.8g, when the TLS s ...)
	{DTSA-136-1}
	- openssl 0.9.8g-10.1 (bug #483379)
	[etch] - openssl <not-affected> (Vulnerable code (TLS extensions) not present)
CVE-2008-0890 (Red Hat Directory Server 7.1 before SP4 uses insecure permissions for  ...)
	NOT-FOR-US: Red Hat Directory Server
CVE-2008-0889 (Red Hat Directory Server 8.0, when running on Red Hat Enterprise Linux ...)
	NOT-FOR-US: Red Hat Directory Server
CVE-2008-0888 (The NEEDBITS macro in the inflate_dynamic function in inflate.c for un ...)
	{DSA-1522-1}
	- unzip 5.52-11
CVE-2008-0887 (gnome-screensaver before 2.22.1, when a remote authentication server i ...)
	- gnome-screensaver 2.22.2-1 (low; bug #475154)
	[etch] - gnome-screensaver <no-dsa> (Minor issue, requires attacker with high level of control, see #433964)
CVE-2008-0886
	REJECTED
CVE-2008-0885
	REJECTED
CVE-2008-0884 (The Replace function in the capp-lspp-config script in the (1) lspp-ea ...)
	NOT-FOR-US: Red Hat Enterprise Linux
	NOTE: Seems Redhat specific
CVE-2008-0882 (Double free vulnerability in the process_browse_data function in CUPS  ...)
	{DSA-1530-1 DTSA-117-1}
	- cupsys 1.3.6-1 (medium; bug #467653)
	- cups 1.3.6-1 (medium; bug #467653)
	[sarge] - cupsys <no-dsa> (Remote DoS is minor issue)
CVE-2008-0881 (SQL injection vulnerability in modules.php in the Okul 1.0 module for  ...)
	NOT-FOR-US: Okul module for PHP-Nuke
CVE-2008-0880 (SQL injection vulnerability in modules.php in the EasyContent module f ...)
	NOT-FOR-US: EasyContent module for PHP-Nuke
CVE-2008-0879 (SQL injection vulnerability in modules.php in the Web_Links module for ...)
	NOT-FOR-US: Web_Links module for PHP-Nuke
CVE-2008-0878 (SQL injection vulnerability in index.php in the MyAnnonces 1.7 and ear ...)
	NOT-FOR-US: MyAnnonces module for RunCMS
CVE-2008-0877 (Multiple cross-site scripting (XSS) vulnerabilities in Jinzora Media J ...)
	NOT-FOR-US: Jinzora Media Jukebox
CVE-2008-0876 (Unspecified vulnerability in the SEWB3 messaging service in Hitachi SE ...)
	NOT-FOR-US: Hitachi SEWB3
CVE-2008-0875 (Unspecified vulnerability in Hitachi EUR Print Manager, and related Cl ...)
	NOT-FOR-US: Hitachi EUR Print Manager
CVE-2008-0874 (SQL injection vulnerability in index.php in the eEmpregos module for X ...)
	NOT-FOR-US: eEmpregos module for XOOPS
CVE-2008-0873 (SQL injection vulnerability in index.php in the jlmZone Classifieds mo ...)
	NOT-FOR-US: jlmZone Classifieds module for XOOPS
CVE-2008-0872 (Cross-site scripting (XSS) vulnerability in SmarterTools SmarterMail E ...)
	NOT-FOR-US: SmarterTools SmarterMail Enterprise
CVE-2008-0871 (Multiple stack-based buffer overflows in Now SMS/MMS Gateway 2007.06.2 ...)
	NOT-FOR-US: Now SMS/MMS Gateway
CVE-2008-0870 (BEA WebLogic Portal 10.0 and 9.2 through Maintenance Pack 2, under cer ...)
	NOT-FOR-US: BEA WebLogic
CVE-2008-0869 (Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1  ...)
	NOT-FOR-US: BEA WebLogic
CVE-2008-0868 (Cross-site scripting (XSS) vulnerability in Groupspace in BEA WebLogic ...)
	NOT-FOR-US: BEA WebLogic
CVE-2008-0867 (Cross-site scripting (XSS) vulnerability in portal/server.pt in BEA Aq ...)
	NOT-FOR-US: BEA WebLogic
CVE-2008-0866 (Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Wo ...)
	NOT-FOR-US: BEA WebLogic
CVE-2008-0865 (Unspecified vulnerability in BEA WebLogic Portal 8.1 through SP6 allow ...)
	NOT-FOR-US: BEA WebLogic
CVE-2008-0864 (Admin Tools in BEA WebLogic Portal 8.1 SP3 through SP6 can inadvertent ...)
	NOT-FOR-US: BEA WebLogic
CVE-2008-0863 (BEA WebLogic Server and WebLogic Express 9.0 and 9.1 exposes the web s ...)
	NOT-FOR-US: BEA WebLogic
CVE-2008-0862 (IBM Lotus Notes 6.0, 6.5, 7.0, and 8.0 signs an unsigned applet when a ...)
	NOT-FOR-US: IBM Lotus Notes
CVE-2008-0861 (Cross-site scripting (XSS) vulnerability in leg/Main.nsf in IBM Lotus  ...)
	NOT-FOR-US: IBM Lotus Quickplace
CVE-2008-0860 (Unspecified vulnerability in the AVG plugin in Kerio MailServer before ...)
	NOT-FOR-US: Kerio MailServer
CVE-2008-0859 (Unspecified vulnerability in Kerio MailServer before 6.5.0 allows remo ...)
	NOT-FOR-US: Kerio MailServer
CVE-2008-0858 (Buffer overflow in the Visnetic anti-virus plugin in Kerio MailServer  ...)
	NOT-FOR-US: Kerio MailServer
CVE-2008-0857 (SQL injection vulnerability in index.php in WoltLab Burning Board 3.0. ...)
	NOT-FOR-US: WoltLab Burning Board
CVE-2008-0856 (Multiple SQL injection vulnerabilities in e-Vision CMS 2.02 allow remo ...)
	NOT-FOR-US: e-Vision CMS
CVE-2008-0855 (SQL injection vulnerability in the Facile Forms (com_facileforms) comp ...)
	NOT-FOR-US: com_facileforms component for Joomla! and Mambo
CVE-2008-0854 (SQL injection vulnerability in the com_salesrep component for Joomla!  ...)
	NOT-FOR-US: com_salesrep component for Joomla! and Mambo
CVE-2008-0853 (SQL injection vulnerability in the com_detail component for Joomla! an ...)
	NOT-FOR-US: com_detail component for Joomla! and Mambo
CVE-2008-0852 (freeSSHd 1.2 and earlier allows remote attackers to cause a denial of  ...)
	NOT-FOR-US: freeSSHd
CVE-2008-0851 (Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.4 al ...)
	- dokeos <itp> (bug #433352)
CVE-2008-0850 (Multiple SQL injection vulnerabilities in Dokeos 1.8.4 allow remote at ...)
	- dokeos <itp> (bug #433352)
CVE-2008-0849 (SQL injection vulnerability in index.php in the Downloads (com_downloa ...)
	NOT-FOR-US: com_downloads component for Mambo and Joomla!
CVE-2008-0848 (Cross-site scripting (XSS) vulnerability in lostsheep.php in Crafty Sy ...)
	NOT-FOR-US: Crafty Syntax Live Help
CVE-2008-0847 (SQL injection vulnerability in print.php in the myTopics module for XO ...)
	NOT-FOR-US: myTopics module for XOOPS
CVE-2008-0846 (SQL injection vulnerability in index.php in the com_profile component  ...)
	NOT-FOR-US: com_profile component for Mambo and Joomla!
CVE-2008-0845 (SQL injection vulnerability in wp-people-popup.php in Dean Logan WP-Pe ...)
	NOT-FOR-US: WP-People plugin for WordPress
CVE-2008-0844 (SQL injection vulnerability in index.php in the PccookBook (com_pccook ...)
	NOT-FOR-US: com_pccookbook component for Joomla!
CVE-2008-0843 (StatCounteX 3.0 and 3.1 allows remote attackers to obtain sensitive in ...)
	NOT-FOR-US: StatCounteX
CVE-2008-0842 (SQL injection vulnerability in index.php in the Classifier (com_clasif ...)
	NOT-FOR-US: com_clasifier component for Joomla!
CVE-2008-0841 (SQL injection vulnerability in index.php in the Giorgio Nordo Ricette  ...)
	NOT-FOR-US: com_ricette component for Joomla!
CVE-2008-0840 (Directory traversal vulnerability in view_member.php in Public Warehou ...)
	NOT-FOR-US: LightBlog
CVE-2008-0839 (SQL injection vulnerability in refer.php in the astatsPRO (com_astatsp ...)
	NOT-FOR-US: com_astatspro component for Joomla!
CVE-2008-0838 (Multiple cross-site scripting (XSS) vulnerabilities in the web adminis ...)
	NOT-FOR-US: Sophos, Email Security Appliance
CVE-2008-0837 (Cross-site scripting (XSS) vulnerability in the log feature in the Joh ...)
	NOT-FOR-US: John Godley Search Unleashed plugin for WordPress
CVE-2008-0836 (Unspecified vulnerability in the vuidmice STREAMS modules in Sun Solar ...)
	NOT-FOR-US: Sun Solaris
CVE-2008-0835 (SQL injection vulnerability in indexen.php in Simple CMS 1.0.3 and ear ...)
	NOT-FOR-US: Simple CMS
CVE-2008-0834 (Cross-site scripting (XSS) vulnerability in Lotus Quickr for i5/OS bef ...)
	NOT-FOR-US: Lotus Quickr
CVE-2008-0833 (SQL injection vulnerability in index.php in the com_galeria component  ...)
	NOT-FOR-US: com_galeria component for Joomla!
CVE-2008-0832 (SQL injection vulnerability in index.php in the Kemas Antonius com_qur ...)
	NOT-FOR-US: com_quran component for Mambo and Joomla!
CVE-2008-0831 (Multiple SQL injection vulnerabilities in the Rapid Recipe (com_rapidr ...)
	NOT-FOR-US: com_rapidrecipe component for Joomla!
CVE-2008-0830 (The Digital Photo Access Protocol (DPAP) server for iPhoto 4.0.3 allow ...)
	NOT-FOR-US: DPAP server for iPhoto
CVE-2008-0829 (SQL injection vulnerability in jooget.php in the Joomlapixel Jooget! ( ...)
	NOT-FOR-US: com_jooget component for Joomla! and Mambo
CVE-2008-0828 (Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.5.5 an ...)
	NOT-FOR-US: ATutor
CVE-2008-0827 (SQL injection vulnerability in the Books module of PHP-Nuke allows rem ...)
	NOT-FOR-US: Books module of PHP-Nuke
CVE-2008-0826 (Cross-site scripting (XSS) vulnerability in Claroline before 1.8.9 all ...)
	NOT-FOR-US: Claroline
CVE-2008-0825 (SQL injection vulnerability in Claroline before 1.8.9 allows remote at ...)
	NOT-FOR-US: Claroline
CVE-2008-0824 (Unspecified vulnerability in the php2phps function in Claroline before ...)
	NOT-FOR-US: Claroline
CVE-2008-0823 (Unspecified vulnerability in the Header Image Module before 5.x-1.1 fo ...)
	NOT-FOR-US: Header Image Module for Drupal
CVE-2008-0822 (Directory traversal vulnerability in index.php in Scribe 0.2 allows re ...)
	NOT-FOR-US: Scribe
CVE-2008-0821 (SQL injection vulnerability in admin/traffic/knowledge_searchm.php in  ...)
	NOT-FOR-US: PHP Live!
CVE-2008-0820
	NOT-FOR-US: Etomite CMS
CVE-2008-0819 (Directory traversal vulnerability in index.php in PlutoStatus Locator  ...)
	NOT-FOR-US: PlutoStatus Locator
CVE-2008-0818 (Multiple directory traversal vulnerabilities in freePHPgallery 0.6 all ...)
	NOT-FOR-US: freePHPgallery
CVE-2008-0817 (SQL injection vulnerability in the com_filebase component for Joomla!  ...)
	NOT-FOR-US: com_filebase component for Joomla! and Mambo
CVE-2008-0816 (SQL injection vulnerability in the com_sg component for Joomla! and Ma ...)
	NOT-FOR-US: com_sg component for Joomla! and Mambo
CVE-2008-0815 (SQL injection vulnerability in the com_mezun component for Joomla! all ...)
	NOT-FOR-US: com_mezun component for Joomla!
CVE-2008-0814 (Directory traversal vulnerability in download.php in Tracking Requirem ...)
	NOT-FOR-US: TRUC
CVE-2008-0813 (Directory traversal vulnerability in Download.php in XPWeb 3.0.1, 3.3. ...)
	NOT-FOR-US: XPWeb
CVE-2008-0812 (Directory traversal vulnerability in DMS/index.php in BanPro DMS 1.0 a ...)
	NOT-FOR-US: BanPro DMS
CVE-2008-0811 (Multiple SQL injection vulnerabilities in AuraCMS 1.62 allow remote at ...)
	NOT-FOR-US: AuraCMS
CVE-2008-0810 (SQL injection vulnerability in the com_scheduling module for Joomla! a ...)
	NOT-FOR-US: com_scheduling module for Joomla! and Mambo
CVE-2008-0805 (Unrestricted file upload vulnerability in image.php in PHPizabi 0.848b ...)
	NOT-FOR-US: PHPizabi
CVE-2008-0804 (PHP remote file inclusion vulnerability in usrgetform.html in Thecus N ...)
	NOT-FOR-US: Thecus N5200Pro NAS Server
CVE-2008-0983 (lighttpd 1.4.18, and possibly other versions before 1.5.0, does not pr ...)
	{DSA-1609-1}
	- lighttpd 1.4.18-2 (medium; bug #466663)
CVE-2008-0883 (acroread in Adobe Acrobat Reader 8.1.2 allows local users to overwrite ...)
	NOT-FOR-US: Adobe Acrobat Reader
	NOTE: https://www.openwall.com/lists/oss-security/2008/02/21/5
CVE-2008-0803 (Multiple PHP remote file inclusion vulnerabilities in LookStrike Lan M ...)
	NOT-FOR-US: LookStrike Lan Manager
CVE-2008-0802 (SQL injection vulnerability in index.php in the MediaSlide (com_medias ...)
	NOT-FOR-US: Joomla component
CVE-2008-0801 (SQL injection vulnerability in index.php in the PAXXGallery (com_paxxg ...)
	NOT-FOR-US: Joomla component
CVE-2008-0800 (SQL injection vulnerability in index.php in the McQuiz (com_mcquiz) 0. ...)
	NOT-FOR-US: Joomla component
CVE-2008-0799 (SQL injection vulnerability in index.php in the Quiz (com_quiz) 0.81 a ...)
	NOT-FOR-US: Joomla component
CVE-2008-0798 (Multiple directory traversal vulnerabilities in artmedic webdesign web ...)
	NOT-FOR-US: artmedic webdesign
CVE-2008-0797 (Directory traversal vulnerability in lib/download.php in iTheora 1.0 r ...)
	NOT-FOR-US: iTheora
CVE-2008-0796 (SQL injection vulnerability in threads.php in Nuboard 0.5 allows remot ...)
	NOT-FOR-US: Nuboard
CVE-2008-0795 (SQL injection vulnerability in index.php in the MGFi XfaQ (com_xfaq) 1 ...)
	NOT-FOR-US: Joomla component
CVE-2008-0794 (Directory traversal vulnerability in user/header.php in Affiliate Mark ...)
	NOT-FOR-US: Affiliate Market
CVE-2008-0793 (Multiple cross-site scripting (XSS) vulnerabilities in search.asp in T ...)
	NOT-FOR-US: Tendenci CMS
CVE-2008-0792 (Multiple F-Secure anti-virus products, including Internet Security 200 ...)
	NOT-FOR-US: F-Secure
CVE-2008-0791 (ipdsserver.exe in Intermate WinIPDS 3.3 G52-33-021 allows remote attac ...)
	NOT-FOR-US: Intermate WinIPDS
CVE-2008-0790 (Directory traversal vulnerability in ipdsserver.exe in Intermate WinIP ...)
	NOT-FOR-US: Intermate WinIPDS
CVE-2008-0789 (SQL injection vulnerability in countdown.php in LI-Scripts LI-Countdow ...)
	NOT-FOR-US: LI Countdown
CVE-2008-0788 (Multiple cross-site request forgery (CSRF) vulnerabilities in MyBB 1.2 ...)
	NOT-FOR-US: MyBB
CVE-2008-0787 (SQL injection vulnerability in inc/datahandlers/pm.php in MyBB before  ...)
	NOT-FOR-US: MyBB
CVE-2008-0786 (CRLF injection vulnerability in Cacti 0.8.7 before 0.8.7b and 0.8.6 be ...)
	- cacti 0.8.7b-1
	[etch] - cacti <not-affected> (Not exploitable with Etch PHP version)
	NOTE: this is prevented by PHP since 4.4.2/5.1.2.
CVE-2008-0785 (Multiple SQL injection vulnerabilities in Cacti 0.8.7 before 0.8.7b an ...)
	{DSA-1569-1}
	- cacti 0.8.7b-1 (low; bug #530919)
CVE-2008-0784 (graph.php in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k allows  ...)
	- cacti 0.8.7b-1 (unimportant)
	NOTE: paths on Debian already known
CVE-2008-0783 (Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.7 bef ...)
	{DSA-1569-1}
	- cacti 0.8.7b-1 (low; bug #530919)
	[etch] - cacti 0.8.6i-3.3
CVE-2008-0782 (Directory traversal vulnerability in MoinMoin 1.5.8 and earlier allows ...)
	{DSA-1514-1}
	- moin 1.5.8-5.1
CVE-2008-0781 (Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFi ...)
	{DSA-1514-1}
	- moin 1.5.8-5.1
CVE-2008-0780 (Cross-site scripting (XSS) vulnerability in MoinMoin 1.5.x through 1.5 ...)
	{DSA-1514-1}
	- moin 1.5.8-5.1
CVE-2008-0932 (diatheke.pl in The SWORD Project Diatheke 1.5.9 and earlier allows rem ...)
	{DSA-1508-1}
	- sword 1.5.9-8 (high; bug #466449)
	NOTE: source package named sword, binary package named diatheke
CVE-2008-0806 (wyrd 1.4.3b allows local users to overwrite arbitrary files via a syml ...)
	- wyrd 1.4.3b-4 (low; bug #466382)
	[etch] - wyrd <no-dsa> (Minor issue)
CVE-2008-0807 (lib/Driver/sql.php in Turba 2 (turba2) Contact Manager H3 2.1.x before ...)
	{DSA-1507-1}
	- turba2 2.1.7-1 (bug #464058)
CVE-2008-0779 (The fortimon.sys device driver in Fortinet FortiClient Host Security 3 ...)
	NOT-FOR-US: Fortinet FortiClient 3.0
CVE-2008-0778 (Multiple stack-based buffer overflows in an ActiveX control in QTPlugi ...)
	NOT-FOR-US: QuickTime
CVE-2008-0777 (The sendfile system call in FreeBSD 5.5 through 7.0 does not check the ...)
	- kfreebsd-5 <removed>
	[etch] - kfreebsd-5 <no-dsa> (FreeBSD not supported)
	- kfreebsd-6 6.3-3 (bug #483152)
	- kfreebsd-7 7.0-1 (bug #483152)
CVE-2008-0776 (SQL injection vulnerability in detail.php in iTechBids Gold 6.0 allows ...)
	NOT-FOR-US: iTechBids
CVE-2008-0775 (Cross-site scripting (XSS) vulnerability in sboxDB.php in Simple Machi ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2008-0774 (Cross-site scripting (XSS) vulnerability in search.cgi in Loris Hotel  ...)
	NOT-FOR-US: Loris Hotel Reservations
CVE-2008-0773 (SQL injection vulnerability in Phil Taylor Comments (com_comments, aka ...)
	NOT-FOR-US: Mambo plugin
CVE-2008-0772 (SQL injection vulnerability in index.php in the com_doc component for  ...)
	NOT-FOR-US: Mambo plugin
CVE-2008-0771 (Multiple SQL injection vulnerabilities in default.asp in Site2Nite all ...)
	NOT-FOR-US: Site2Nite
CVE-2008-0770 (SQL injection vulnerability in arcade.php in ibProArcade 3.3.0 and ear ...)
	NOT-FOR-US: ibProArcade
CVE-2008-0769 (Cross-site scripting (XSS) vulnerability in Livelink ECM 9.0.0 through ...)
	NOT-FOR-US: Livelink
CVE-2008-0768 (Multiple stack-based and heap-based buffer overflows in the Windows RP ...)
	NOT-FOR-US: IBM Informix
CVE-2008-0767 (ExtremeZ-IP.exe in ExtremeZ-IP File and Print Server 5.1.2x15 and earl ...)
	NOT-FOR-US: ExtremeZ-IP
CVE-2008-0766 (Stack-based buffer overflow in RpmSrvc.exe in Brooks Remote Print Mana ...)
	NOT-FOR-US: Brooks Remote Print Manager
CVE-2008-0765 (Multiple cross-site scripting (XSS) vulnerabilities in artmedic webdes ...)
	NOT-FOR-US: artmedic
CVE-2008-0764 (Format string vulnerability in the logging function in Larson Network  ...)
	NOT-FOR-US: Larson Network Print Server
CVE-2008-0763 (Stack-based buffer overflow in NPSpcSVR.exe in Larson Network Print Se ...)
	NOT-FOR-US: Larson Network Print Server
CVE-2008-0762 (SQL injection vulnerability in index.php in the com_iomezun component  ...)
	NOT-FOR-US: com_iomezun component for Joomla!
CVE-2008-0761 (SQL injection vulnerability in index.php in the Prince Clan Chess Club ...)
	NOT-FOR-US: Prince Clan Chess Club component for Joomla!
CVE-2008-0760 (Directory traversal vulnerability in SafeNet Sentinel Protection Serve ...)
	NOT-FOR-US: SafeNet Sentinel Protection Server
CVE-2008-0759 (ExtremeZ-IP.exe in ExtremeZ-IP File and Print Server 5.1.2x15 and earl ...)
	NOT-FOR-US: ExtremeZ-IP
CVE-2008-0758 (Multiple directory traversal vulnerabilities in the Zidget/HTTP embedd ...)
	NOT-FOR-US: ExtremeZ-IP
CVE-2008-0757 (Cross-site scripting (XSS) vulnerability in index.php in MercuryBoard  ...)
	NOT-FOR-US: MercuryBoard
CVE-2008-0756 (The LPD server in cyan soft Opium OPI Server 4.10.1028 and earlier; cy ...)
	NOT-FOR-US: cyan soft Opium OPI software
CVE-2008-0755 (Format string vulnerability in the ReportSysLogEvent function in the L ...)
	NOT-FOR-US: cyan soft Opium OPI software
CVE-2008-0754 (Multiple SQL injection vulnerabilities in index.php in the Rapid Recip ...)
	NOT-FOR-US: Rapid Recipe component for Joomla!
CVE-2008-0753 (SQL injection vulnerability in calendar.php in Virtual War (VWar) 1.5  ...)
	NOT-FOR-US: Virtual War
CVE-2008-0752 (SQL injection vulnerability in index.php in the Neogallery (com_neogal ...)
	NOT-FOR-US: Neogallery component for Joomla!
CVE-2008-0751 (Cross-site scripting (XSS) vulnerability in the Freetag before 2.96 pl ...)
	NOT-FOR-US: Spartacus plugin (freetag) for serendipity
CVE-2008-0750 (SQL injection vulnerability in philboard_forum.asp in Husrev BlackBoar ...)
	NOT-FOR-US: Husrev BlackBoard
CVE-2008-0749 (Cross-site scripting (XSS) vulnerability in index.php in Calimero.CMS  ...)
	NOT-FOR-US: Calimero.CMS
CVE-2008-0748 (Buffer overflow in the Sony AxRUploadServer.AxRUploadControl.1 ActiveX ...)
	NOT-FOR-US: Sony ImageStation
CVE-2008-0747 (Stack-based buffer overflow in COWON America jetAudio 7.0.5 and earlie ...)
	NOT-FOR-US: COWON America jetAudio
CVE-2008-0746 (SQL injection vulnerability in index.php in the Gallery (com_gallery)  ...)
	NOT-FOR-US: Gallery component for Mambo and Joomla!
CVE-2008-0745 (Directory traversal vulnerability in aides/index.php in DomPHP 0.82 al ...)
	NOT-FOR-US: DomPHP
CVE-2008-0744 (SQL injection vulnerability in user_login.asp in PreProjects.com Pre H ...)
	NOT-FOR-US: Pre Hotels & Resorts Management System
CVE-2008-0743 (PHP remote file inclusion vulnerability in members_help.php in Joovili ...)
	NOT-FOR-US: Joovili
CVE-2008-0742 (Multiple directory traversal vulnerabilities in PowerScripts PowerNews ...)
	NOT-FOR-US: PowerNews
CVE-2008-0741 (Unspecified vulnerability in the PropFilePasswordEncoder utility in IB ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2008-0740 (IBM WebSphere Application Server (WAS) before 6.0.2 Fix Pack 25 (6.0.2 ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2008-0739 (SQL injection vulnerability in admin/SA_shipFedExMeter.asp in CandyPre ...)
	NOT-FOR-US: CandyPress
CVE-2008-0738 (Multiple SQL injection vulnerabilities in CandyPress (CP) 4.1.1.26, an ...)
	NOT-FOR-US: CandyPress
CVE-2008-0737 (SQL injection vulnerability in admin/utilities_ConfigHelp.asp in Candy ...)
	NOT-FOR-US: CandyPress
CVE-2008-0736 (admin/SA_shipFedExMeter.asp in CandyPress (CP) 4.1.1.26, and possibly  ...)
	NOT-FOR-US: CandyPress
CVE-2008-0735 (SQL injection vulnerability in mod/gallery/ajax/gallery_data.php in Au ...)
	NOT-FOR-US: AuraCMS
CVE-2008-0734 (SQL injection vulnerability in class_auth.php in Limbo CMS 1.0.4.2, an ...)
	NOT-FOR-US: Limbo CMS
CVE-2008-0733 (SQL injection vulnerability in index.php in CS Team Counter Strike Por ...)
	NOT-FOR-US: CS Team Counter Strike Portals
CVE-2008-0732 (The init script for Apache Geronimo on SUSE Linux follows symlinks whe ...)
	NOT-FOR-US: Apache Geronimo
CVE-2008-0731 (The Linux kernel before 2.6.18.8-0.8 in SUSE openSUSE 10.2 does not pr ...)
	NOT-FOR-US: SuSE kernel/apparmor
CVE-2008-0730 (The (1) Simplified Chinese, (2) Traditional Chinese, (3) Korean, and ( ...)
	NOT-FOR-US: Sun Solaris
CVE-2008-0729 (Mobile Safari on Apple iPhone 1.1.2 and 1.1.3 allows remote attackers  ...)
	NOT-FOR-US: Apple iPhone
CVE-2008-0728 (The unmew11 function in libclamav/mew.c in libclamav in ClamAV before  ...)
	- clamav 0.92.1~dfsg-1
	[etch] - clamav <not-affected> (Vulnerable code not present)
CVE-2008-0727 (Multiple buffer overflows in oninit.exe in IBM Informix Dynamic Server ...)
	NOT-FOR-US: IBM Informix Dynamic Server
CVE-2008-0726 (Integer overflow in Adobe Reader and Acrobat 8.1.1 and earlier allows  ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2008-0725 (Multiple heap-based buffer overflows in the (1) FTP service and (2) ad ...)
	NOT-FOR-US: Titan FTP Server
CVE-2008-0724 (The Everything Development Engine in The Everything Development System ...)
	NOT-FOR-US: The Everything Development System
CVE-2008-0723 (Cross-site scripting (XSS) vulnerability in mynews.inc.php in MyNews 1 ...)
	NOT-FOR-US: MyNews
CVE-2008-0722 (Cross-site scripting (XSS) vulnerability in index.php in Pagetool 1.0. ...)
	NOT-FOR-US: Pagetool
CVE-2008-0721 (SQL injection vulnerability in index.php in the Sermon (com_sermon) 0. ...)
	NOT-FOR-US: Sermon component for Mambo
CVE-2008-0720 (Cross-site scripting (XSS) vulnerability in Webmin 1.370 and 1.390 and ...)
	- webmin <removed>
CVE-2008-0719 (SQL injection vulnerability in customer_testimonials.php in the Custom ...)
	NOT-FOR-US: osCommerce Online Merchant
CVE-2008-0718 (Unspecified vulnerability in the USB Mouse STREAMS module (usbms) in S ...)
	NOT-FOR-US: Sun Solaris
CVE-2008-0717 (Cross-site scripting (XSS) vulnerability in Caching Proxy (CP) 5.1 thr ...)
	NOT-FOR-US: IBM WebSphere Edge Server
CVE-2008-0716 (The agent in Symantec Altiris Notification Server before 6.0 SP3 R7 al ...)
	NOT-FOR-US: Symantec Altiris Notification Server
CVE-2008-0715 (Buffer overflow in ACDSee Photo Manager 8.1, 9.0, and 10.0 allows user ...)
	NOT-FOR-US: ACDSee
CVE-2008-0714 (SQL injection vulnerability in users.php in Mihalism Multi Host allows ...)
	NOT-FOR-US: Mihalism Multi Host
CVE-2008-0713 (Unspecified vulnerability in the FTP server for HP-UX B.11.11, B.11.23 ...)
	NOT-FOR-US: HP-UX B
CVE-2008-0712 (Unspecified vulnerability in the HP HPeDiag (aka eSupportDiagnostics)  ...)
	NOT-FOR-US: HP HPeDiag
CVE-2008-0711 (Unspecified vulnerability in the embedded management console in HP iLO ...)
	NOT-FOR-US: HP iLO-2 management processors
CVE-2008-0710
	REJECTED
CVE-2008-0709 (Multiple unspecified vulnerabilities in HP Select Identity 4.00, 4.01, ...)
	NOT-FOR-US: HP Select Identity
CVE-2008-0708 (HP USB 2.0 Floppy Drive Key product options (1) 442084-B21 and (2) 442 ...)
	NOT-FOR-US: HP USB 2.0 Floppy Drive Key
CVE-2008-0707 (HP StorageWorks Library and Tape Tools (LTT) before 4.5 SR1 on HP-UX B ...)
	NOT-FOR-US: HP-UX
CVE-2008-0706 (Unspecified vulnerability in the BIOS F.26 and earlier for the HP Comp ...)
	NOT-FOR-US: BIOS F.26
CVE-2008-0705
	REJECTED
CVE-2008-0704 (Unspecified vulnerability in the SSH server in HP OpenVMS TCP/IP Servi ...)
	NOT-FOR-US: HP OpenVMS
CVE-2008-0703 (Multiple directory traversal vulnerabilities in sflog! 0.96 allow remo ...)
	NOT-FOR-US: sflog!
CVE-2008-0702 (Multiple heap-based buffer overflows in Titan FTP Server 6.03 and 6.0. ...)
	NOT-FOR-US: Titan FTP Server
CVE-2008-0701 (ActivationHandler in Magnolia CE 3.5.x before 3.5.4 does not check per ...)
	NOT-FOR-US: Magnolia CE
CVE-2008-0700 (Cross-site scripting (XSS) vulnerability in search.php in Crux Softwar ...)
	NOT-FOR-US: CruxCMS
CVE-2008-0699 (Unspecified vulnerability in the ADMIN_SP_C procedure (SYSPROC.ADMIN_S ...)
	NOT-FOR-US: IBM DB2
CVE-2008-0698 (Buffer overflow in the DAS server in IBM DB2 UDB before 8.2 Fixpak 16  ...)
	NOT-FOR-US: IBM DB2
CVE-2008-0697 (Unspecified vulnerability in DB2PD in IBM DB2 UDB before 8.2 Fixpak 16 ...)
	NOT-FOR-US: IBM DB2
CVE-2008-0696 (IBM DB2 UDB before 8.2 Fixpak 16 does not properly check authorization ...)
	NOT-FOR-US: IBM DB2
CVE-2008-0695 (SQL injection vulnerability in index.php in BookmarkX script 2007 allo ...)
	NOT-FOR-US: BookmarkX
CVE-2008-0694 (Cross-site scripting (XSS) vulnerability in the HTTP Server in IBM OS/ ...)
	NOT-FOR-US: IBM OS/400 V5R3M0 and V5R4M0
CVE-2008-0693 (Stack-based buffer overflow in PQCore.exe in Print Manager Plus 2008 C ...)
	NOT-FOR-US: Print Manager Plus
CVE-2008-0692 (SQL injection vulnerability in bidhistory.php in iTechBids 3 Gold and  ...)
	NOT-FOR-US: iTechBids
CVE-2008-0691 (Multiple cross-site scripting (XSS) vulnerabilities in admin_panel.php ...)
	NOT-FOR-US: WP-Footnotes plugin for WordPress
CVE-2008-0690 (SQL injection vulnerability in index.php in the mosDirectory (com_dire ...)
	NOT-FOR-US: mosDirectory component for Joomla!
CVE-2008-0689 (SQL injection vulnerability in index.php in the Marketplace (com_marke ...)
	NOT-FOR-US: Marketplace component for Joomla!
CVE-2008-0688 (Cross-site scripting (XSS) vulnerability in catalog.php in Smartscript ...)
	NOT-FOR-US: Smartscript Domain Trader
CVE-2008-0687 (Cross-site scripting (XSS) vulnerability in siteadmin/editor_files/inc ...)
	NOT-FOR-US: Youtube Clone Script
CVE-2008-0686 (SQL injection vulnerability in index.php in the NeoReferences (com_neo ...)
	NOT-FOR-US: NeoReferences component for Joomla!
CVE-2008-0685 (SQL injection vulnerability in ViewCat.php in iTechClassifieds 3.0 all ...)
	NOT-FOR-US: iTechClassifieds
CVE-2008-0684 (Cross-site scripting (XSS) vulnerability in ViewCat.php in iTechClassi ...)
	NOT-FOR-US: iTechClassifieds
CVE-2008-0683 (SQL injection vulnerability in shiftthis-preview.php in the ShiftThis  ...)
	NOT-FOR-US: st_newsletter plugin for WordPress
CVE-2008-0682 (SQL injection vulnerability in wordspew-rss.php in the Wordspew plugin ...)
	NOT-FOR-US: Wordspew plugin for Wordpress
CVE-2008-0681 (SQL injection vulnerability in index.php in PHPShop 0.8.1 allows remot ...)
	NOT-FOR-US: PHPShop
CVE-2008-0680 (SNMPd in MikroTik RouterOS 3.2 and earlier allows remote attackers to  ...)
	NOT-FOR-US: MicroTik RouterOS
CVE-2008-0679 (Cross-site scripting (XSS) vulnerability in index.php in BlogPHP 2.0 a ...)
	NOT-FOR-US: BlogPHP
CVE-2008-0678 (SQL injection vulnerability in index.php in BlogPHP 2.0 allows remote  ...)
	NOT-FOR-US: BlogPHP
CVE-2008-0677 (SQL injection vulnerability in blog.php in A-Blog 2 allows remote atta ...)
	NOT-FOR-US: A-Blog
CVE-2008-0676 (Cross-site scripting (XSS) vulnerability in search.php in A-Blog 2 all ...)
	NOT-FOR-US: A-Blog
CVE-2008-0675 (SQL injection vulnerability in cms/index.pl in The Everything Developm ...)
	NOT-FOR-US: Everything Development System
CVE-2008-0674 (Buffer overflow in PCRE before 7.6 allows remote attackers to execute  ...)
	{DSA-1499-1 DTSA-115-1}
	- pcre3 7.6-1 (medium)
	- php5 <not-affected> (Uses sytem copy)
CVE-2008-0673 (TinTin++ 1.97.9 and WinTin++ 1.97.9 open files on the basis of an inbo ...)
	- tintin++ 1.97.9-2 (low; bug #465643)
	[etch] - tintin++ <no-dsa> (Minor issue)
CVE-2008-0672 (The process_chat_input function in TinTin++ 1.97.9 and WinTin++ 1.97.9 ...)
	- tintin++ 1.97.9-2 (low; bug #465643)
	[etch] - tintin++ <no-dsa> (Minor issue)
CVE-2008-0671 (Stack-based buffer overflow in the add_line_buffer function in TinTin+ ...)
	- tintin++ 1.97.9-2 (medium; bug #465643)
	[etch] - tintin++ <no-dsa> (Minor issue)
CVE-2008-0670 (SQL injection vulnerability in index.php in the Noticias (com_noticias ...)
	NOT-FOR-US: Noticias component for Joomla!
CVE-2008-0669 (Cross-site scripting (XSS) vulnerability in search.cgi in Sift Unity a ...)
	NOT-FOR-US: Sift Unity
CVE-2008-0668 (The excel_read_HLINK function in plugins/excel/ms-excel-read.c in Gnom ...)
	{DSA-1546-1}
	- gnumeric 1.8.1-1 (medium)
CVE-2008-0667 (The DOC.print function in the Adobe JavaScript API, as used by Adobe A ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2008-0663 (Novell Challenge Response Client (LCM) 2.7.5 and earlier, as used with ...)
	NOT-FOR-US: Novell Challenge Response Client
CVE-2008-0662 (The Auto Local Logon feature in Check Point VPN-1 SecuRemote/SecureCli ...)
	NOT-FOR-US: SecuRemote/SecureClient NGX R60 and R56
CVE-2008-0661 (Buffer overflow in dBpowerAMP Audio Player Release 2 allows remote att ...)
	NOT-FOR-US: dBpowerAMP Audio Player
CVE-2008-0660 (Multiple stack-based buffer overflows in Aurigma Image Uploader Active ...)
	NOT-FOR-US: Aurigma Image Uploader
CVE-2008-0659 (Stack-based buffer overflow in Aurigma Image Uploader ActiveX control  ...)
	NOT-FOR-US: Aurigma Image Uploader
CVE-2008-0658 (slapd/back-bdb/modrdn.c in the BDB backend for slapd in OpenLDAP 2.3.3 ...)
	{DSA-1541-1}
	- openldap2.3 2.4.7-6.1 (low; bug #465875)
	- openldap2.2 <removed>
	- openldap2 <not-affected> (slapd not built from this version)
	NOTE: only authenticated users can exploit this
CVE-2008-0657 (Multiple unspecified vulnerabilities in the Java Runtime Environment i ...)
	- sun-java6 6-02-1
	- sun-java5 1.5.0-14-1
	[etch] - sun-java5 1.5.0-14-1etch1
CVE-2008-0656 (Unrestricted file upload vulnerability in dmclTrace.jsp in EMC Documen ...)
	NOT-FOR-US: Documentum Administrator and Webtop
CVE-2008-0655 (Multiple unspecified vulnerabilities in Adobe Reader and Acrobat befor ...)
	NOT-FOR-US: Adobe Reader
CVE-2008-0654 (Multiple directory traversal vulnerabilities in Azucar CMS 1.3 allow r ...)
	NOT-FOR-US: Azucar CMS
CVE-2008-0653 (SQL injection vulnerability in index.php in the Ynews (com_ynews) 1.0. ...)
	NOT-FOR-US: Ynews component for Joomla!
CVE-2008-0652 (SQL injection vulnerability in index.php in the Downloads (com_downloa ...)
	NOT-FOR-US: Downloads for Mambo and Joomla!
CVE-2008-0651 (SQL injection vulnerability in login.php in Pedro Santana Codice CMS a ...)
	NOT-FOR-US: Pedro Santana Codice CMS
CVE-2008-0650 (SQL injection vulnerability in login.php in Simple OS CMS 0.1c beta al ...)
	NOT-FOR-US: Simple OS CMS
CVE-2008-0649 (SQL injection vulnerability in detail.php in Astanda Directory Project ...)
	NOT-FOR-US: Astanda Directory Project
CVE-2008-0648 (Multiple PHP remote file inclusion vulnerabilities in OpenSiteAdmin 0. ...)
	NOT-FOR-US: OpenSiteAdmin
CVE-2008-0647 (Multiple stack-based buffer overflows in the HanGamePluginCn18.HanGame ...)
	NOT-FOR-US: Ourgame GLWorld
CVE-2008-0646 (The bdecode_recursive function in include/libtorrent/bencode.hpp in Ra ...)
	- deluge-torrent 0.5.8.3-1 (bug #463357)
CVE-2008-0645 (Multiple PHP remote file inclusion vulnerabilities in Portail Web Php  ...)
	NOT-FOR-US: Portail Web Php
CVE-2008-0644 (Adobe ColdFusion MX 7 and ColdFusion 8 allows remote attackers to bypa ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2008-0643 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 7 and  ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2008-0642 (Cross-site scripting (XSS) vulnerability in files created by Adobe Rob ...)
	NOT-FOR-US: Adobe
CVE-2008-0808 (Cross-site scripting (XSS) vulnerability in the meta plugin in Ikiwiki ...)
	{DSA-1523-1}
	- ikiwiki 2.31.1 (low; bug #465110)
CVE-2008-0809 (Cross-site scripting (XSS) vulnerability in the htmlscrubber in Ikiwik ...)
	{DSA-1523-1}
	- ikiwiki 2.31.1 (low; bug #465110)
CVE-2008-0641
	RESERVED
CVE-2008-0640 (Symantec Ghost Solution Suite 1.1 before 1.1 patch 2, 2.0.0, and 2.0.1 ...)
	NOT-FOR-US: Symantec Ghost Solution Suite
CVE-2008-0639 (Stack-based buffer overflow in the EnumPrinters function in the Spoole ...)
	NOT-FOR-US: Novell Client
CVE-2008-0638 (Heap-based buffer overflow in the Veritas Enterprise Administrator (VE ...)
	NOT-FOR-US: Veritas Enterprise Administrator service
CVE-2008-0637
	RESERVED
CVE-2008-0636 (Level Platforms, Inc. (LPI) Managed Workplace Service Center 4.x, 5.x  ...)
	NOT-FOR-US: Managed Workplace Service Center
CVE-2008-0635 (Unspecified vulnerability in the delivery engine in Openads 2.4.0 thro ...)
	NOT-FOR-US: Openads
CVE-2008-0634 (Buffer overflow in the NamoInstaller.NamoInstall.1 ActiveX control in  ...)
	NOT-FOR-US: NamoInstaller
CVE-2008-0633 (Buffer overflow in Anon Proxy Server 0.102 and earlier, when user auth ...)
	NOT-FOR-US: Anon Proxy Server
	NOTE: this is not anon-proxy
CVE-2008-0632 (Unrestricted file upload vulnerability in cp_upload_image.php in Light ...)
	NOT-FOR-US: LightBlog
CVE-2008-0631 (Multiple ActiveX controls in MailBee.dll in MailBee Objects 5.5 allow  ...)
	NOT-FOR-US: MailBee Objects
CVE-2008-0630 (Buffer overflow in url.c in MPlayer 1.0rc2 and SVN before r25823 allow ...)
	{DSA-1496-1 DTSA-114-1}
	- mplayer 1.0~rc2-8 (medium; bug #464532)
CVE-2008-0629 (Buffer overflow in stream_cddb.c in MPlayer 1.0rc2 and SVN before r258 ...)
	{DSA-1496-1 DTSA-114-1}
	- mplayer 1.0~rc2-8 (medium; bug #464533)
CVE-2008-0628 (The XML parsing code in Sun Java Runtime Environment JDK and JRE 6 Upd ...)
	- sun-java6 6-04-1
	- sun-java5 <not-affected> (referring to sun this vulnerability is not present in java5)
CVE-2008-0627
	REJECTED
CVE-2008-0626
	REJECTED
CVE-2008-0625 (Buffer overflow in the MediaGrid ActiveX control (mediagrid.dll) in Ya ...)
	NOT-FOR-US: Yahoo! Music Jukebox
CVE-2008-0624 (Buffer overflow in the YMP Datagrid ActiveX control (datagrid.dll) in  ...)
	NOT-FOR-US: Yahoo! JukeBox
CVE-2008-0623 (Stack-based buffer overflow in the YMP Datagrid ActiveX control (datag ...)
	NOT-FOR-US: Yahoo! JukeBox
CVE-2008-0622 (Cross-site scripting (XSS) vulnerability in RaidenHTTPD 2.0.19 and ear ...)
	NOT-FOR-US: RaidenHTTPD
CVE-2008-0621 (Buffer overflow in SAPLPD 6.28 and earlier included in SAP GUI 7.10 an ...)
	NOT-FOR-US: SAP GUI
CVE-2008-0620 (SAPLPD 6.28 and earlier included in SAP GUI 7.10 and SAPSprint before  ...)
	NOT-FOR-US: SAPSprint
CVE-2008-0619 (Buffer overflow in NeroMediaPlayer.exe in Nero Media Player 1.4.0.35 a ...)
	NOT-FOR-US: Nero Media Player
CVE-2008-0618 (Multiple cross-site scripting (XSS) vulnerabilities in the DMSGuestboo ...)
	NOT-FOR-US: DMSGuestbook for wordpress
CVE-2008-0617 (Multiple cross-site scripting (XSS) vulnerabilities in the DMSGuestboo ...)
	NOT-FOR-US: DMSGuestbook for wordpress
CVE-2008-0616 (SQL injection vulnerability in the administration panel in the DMSGues ...)
	NOT-FOR-US: DMSGuestbook for wordpress
CVE-2008-0615 (Directory traversal vulnerability in wp-admin/admin.php in the DMSGues ...)
	NOT-FOR-US: DMSGuestbook for wordpress
CVE-2008-0614 (SQL injection vulnerability in index.php in Photokorn Gallery 1.543 al ...)
	NOT-FOR-US: Photokorn Gallery
CVE-2008-0613 (Open redirect vulnerability in htdocs/user.php in XOOPS 2.0.18 allows  ...)
	NOT-FOR-US: XOOPS
CVE-2008-0612 (Directory traversal vulnerability in htdocs/install/index.php in XOOPS ...)
	NOT-FOR-US: XOOPS
CVE-2008-0611 (SQL injection vulnerability in rmgs/images.php in the RMSOFT Gallery S ...)
	NOT-FOR-US: RMSOFT Gallery module for XOOPS
CVE-2008-0610 (Stack-based buffer overflow in the ClientConnection::NegotiateProtocol ...)
	NOT-FOR-US: UltraVNC
CVE-2008-0609 (Directory traversal vulnerability in index.php in DivideConcept VHD We ...)
	NOT-FOR-US: Web Pack 2.0
CVE-2008-0608 (The Logging Server (ftplogsrv.exe) 7.9.14.0 and earlier in IPSwitch WS ...)
	NOT-FOR-US: IPSwitch WS_FTP
CVE-2008-0607 (SQL injection vulnerability in index.php in the Sigsiu Online Business ...)
	NOT-FOR-US: Sigsiu Online Business Index 2 component for Joomla! and Mambo
CVE-2008-0606 (SQL injection vulnerability in index.php in the Shambo2 (com_shambo2)  ...)
	NOT-FOR-US: Shambo2 component for Mambo and Joomla!
CVE-2008-0605 (Multiple cross-site scripting (XSS) vulnerabilities in AstroSoft HelpD ...)
	NOT-FOR-US: AstroSoft HelpDesk
CVE-2008-0604 (The LDAP authentication feature in XLight FTP Server before 2.83, when ...)
	NOT-FOR-US: XLight FTP Server
CVE-2008-0603 (SQL injection vulnerability in index.php in the amazOOP Awesom! (com_a ...)
	NOT-FOR-US: amazOOP Awesom! component for Mambo and Joomla!
CVE-2008-0602 (Directory traversal vulnerability in index.php in All Club CMS (ACCMS) ...)
	NOT-FOR-US: All Club CMS (ACCMS)
CVE-2008-0601 (SQL injection vulnerability in index.php in All Club CMS (ACCMS) 0.0.1 ...)
	NOT-FOR-US: All Club CMS (ACCMS)
CVE-2008-0600 (The vmsplice_to_pipe function in Linux kernel 2.6.17 through 2.6.24.1  ...)
	{DSA-1494-1 DTSA-113-1}
	- linux-2.6 2.6.24-4 (high)
	- linux-2.6.24 <not-affected> (Fixed before initial upload, in 2.6.24-4 of linux-2.6)
CVE-2008-0599 (The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5. ...)
	{DTSA-135-1}
	- php5 5.2.6-1
	[etch] - php5 <not-affected> (Vulnerable code not yet present, introduced in 5.2.3)
	[etch] - php4 <not-affected> (Vulnerable code not yet present, introduced in 5.2.3)
CVE-2008-0598 (Unspecified vulnerability in the 32-bit and 64-bit emulation in the Li ...)
	{DSA-1630-1}
	- linux-2.6 2.6.26-4 (bug #490910)
	- linux-2.6.24 2.6.24-6~etchnhalf.4
CVE-2008-0597 (Use-after-free vulnerability in CUPS before 1.1.22, and possibly other ...)
	- cupsys 1.2.1-1
	- cups <not-affected> (Vulnerable code not present)
	NOTE: (mimeDeleteType included since 1.2.x
	NOTE: according to maintainer, applies to 1.1.x series only. exact fixed
	NOTE: version in 1.1 unknown but irrelevant. cups package never had 1.1
	NOTE: versions in Debian.
CVE-2008-0596 (Memory leak in CUPS before 1.1.22, and possibly other versions, allows ...)
	- cupsys 1.2.1-1
	- cups <not-affected> (Vulnerable code not present)
	NOTE: see CVE-2008-0597
CVE-2008-0595 (dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes ...)
	{DSA-1599-1}
	- dbus 1.1.20-1
CVE-2008-0594 (Mozilla Firefox before 2.0.0.12 does not always display a web forgery  ...)
	{DSA-1506-1 DSA-1489-1 DSA-1485-2 DSA-1484-1}
	- iceweasel 2.0.0.12-1
	- xulrunner 1.8.1.12-1
	- iceape 1.1.9-1
	- icedove 2.0.0.12-1
CVE-2008-0593 (Gecko-based browsers, including Mozilla Firefox before 2.0.0.12 and Se ...)
	{DSA-1506-1 DSA-1489-1 DSA-1485-2 DSA-1484-1}
	- iceweasel 2.0.0.12-1
	- xulrunner 1.8.1.12-1
	- iceape 1.1.8-1
	- icedove 2.0.0.12-1
CVE-2008-0592 (Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows user ...)
	{DSA-1506-1 DSA-1489-1 DSA-1485-2 DSA-1484-1}
	- iceweasel 2.0.0.12-1
	- xulrunner 1.8.1.12-1
	- iceape 1.1.8-1
	- icedove 2.0.0.12-1
CVE-2008-0591 (Mozilla Firefox before 2.0.0.12 and Thunderbird before 2.0.0.12 does n ...)
	{DSA-1506-1 DSA-1489-1 DSA-1485-2 DSA-1484-1}
	- iceweasel 2.0.0.12-1
	- xulrunner 1.8.1.12-1
	- iceape 1.1.9-1
	- icedove 2.0.0.12-1
CVE-2008-0590 (Buffer overflow in Ipswitch WS_FTP Server with SSH 6.1.0.0 allows remo ...)
	NOT-FOR-US: WS_FTP Server with SSH
CVE-2008-0589 (The ps program in bos.rte.control in IBM AIX 5.2, 5.3, and 6.1 allows  ...)
	NOT-FOR-US: IBM AIX
CVE-2008-0588 (Buffer overflow in the utape program in devices.scsi.tape.diag in IBM  ...)
	NOT-FOR-US: IBM AIX
CVE-2008-0587 (Buffer overflow in the uspchrp program in devices.chrp.base.diag in IB ...)
	NOT-FOR-US: IBM AIX
CVE-2008-0586 (Multiple buffer overflows in IBM AIX 5.2 and 5.3 allow local users to  ...)
	NOT-FOR-US: IBM AIX
CVE-2008-0585 (sysmgt.websm.webaccess in IBM AIX 5.2 and 5.3 has world writable permi ...)
	NOT-FOR-US: IBM AIX
CVE-2008-0584 (Multiple buffer overflows in bos.rte.control in IBM AIX 5.2 and 5.3 al ...)
	NOT-FOR-US: IBM AIX
CVE-2008-0583 (Cross-zone scripting vulnerability in the Internet Explorer web contro ...)
	NOT-FOR-US: Skype
CVE-2008-0582 (Cross-zone scripting vulnerability in the Internet Explorer web contro ...)
	NOT-FOR-US: Skype
CVE-2008-0581 (Geert Moernaut LSrunasE allows local users to gain privileges by obtai ...)
	NOT-FOR-US: LSrunasE
CVE-2008-0580 (Geert Moernaut LSrunasE and Supercrypt use an encryption key composed  ...)
	NOT-FOR-US: LSrunasE and Supercrypt
CVE-2008-0579 (SQL injection vulnerability in index.php in the buslicense (com_buslic ...)
	NOT-FOR-US: buslicense component for Joomla!
CVE-2008-0578 (Cross-site scripting (XSS) vulnerability in the web management login p ...)
	NOT-FOR-US: Tripwire Enterprise/Server Management Web Interface
CVE-2008-0577 (The Project Issue Tracking module 5.x-2.x-dev before 20080130 in the 5 ...)
	NOT-FOR-US: Project Issue Tracking module for Drupal
CVE-2008-0576 (Cross-site scripting (XSS) vulnerability in the Project Issue Tracking ...)
	NOT-FOR-US: Project Issue Tracking module for Drupal
CVE-2008-0575 (Cross-site request forgery (CSRF) vulnerability in admin/admincenter.p ...)
	NOT-FOR-US: webSPELL
CVE-2008-0574 (Cross-site scripting (XSS) vulnerability in index.php in webSPELL 4.01 ...)
	NOT-FOR-US: webSPELL
CVE-2008-0573 (IPSecDrv.sys 10.4.0.12 in SafeNET HighAssurance Remote and SoftRemote  ...)
	NOT-FOR-US: SafeNET HighAssurance Remote and SoftRemote
CVE-2008-0572 (Multiple PHP remote file inclusion vulnerabilities in Mindmeld 1.2.0.1 ...)
	NOT-FOR-US: Mindmeld
CVE-2008-0571 (The point moderation form in the Userpoints 4.7.x before 4.7.x-2.3, 5. ...)
	NOT-FOR-US: Userpoints module for Drupal
CVE-2008-0570 (The OpenID 5.x-1.0 and earlier module for Drupal does not properly ver ...)
	NOT-FOR-US: OpenID module for Drupal
CVE-2008-0569 (The Comment Upload 4.7.x before 4.7.x-0.1 and 5.x before 5.x-0.1 modul ...)
	NOT-FOR-US: Comment upload module for Drupal
CVE-2008-0568 (Unspecified vulnerability in the IP-authentication feature in the Secu ...)
	NOT-FOR-US: Secure Site module for Drupal
CVE-2008-0567 (Multiple PHP remote file inclusion vulnerabilities in ChronoEngine Chr ...)
	NOT-FOR-US: ChronoEngine ChronoForms component for Joomla!
CVE-2008-0566 (PHP remote file inclusion vulnerability in includes/smarty.php in Delt ...)
	NOT-FOR-US: DeltaScripts PHP Links
CVE-2008-0565 (SQL injection vulnerability in vote.php in DeltaScripts PHP Links 1.3  ...)
	NOT-FOR-US: DeltaScripts PHP Links
CVE-2008-0563 (Cross-site request forgery (CSRF) vulnerability in service/impl/UserLo ...)
	- liferay-portal <itp> (bug #569819)
CVE-2008-0562 (SQL injection vulnerability in index.php in the Restaurant (com_restau ...)
	NOT-FOR-US: Restaurant component for Mambo and Joomla!
CVE-2008-0561 (SQL injection vulnerability in index.php in the Arthur Konze AkoGaller ...)
	NOT-FOR-US: AkoGallery component for Mambo and Joomla!
CVE-2008-0560
	NOT-FOR-US: cforms wordpress plugin
CVE-2008-0559 (Multiple directory traversal vulnerabilities in Nilson's Blogger 0.11  ...)
	NOT-FOR-US: cforms wordpress plugin
CVE-2008-0558 (Cross-site scripting (XSS) vulnerability in Uniwin eCart Professional  ...)
	NOT-FOR-US: Uniwin eCart Professiona
CVE-2008-0557 (SQL injection vulnerability in index.php in the CatalogShop (com_catal ...)
	NOT-FOR-US: CatalogShop componenent for Mambo and Joomla!
CVE-2008-0556 (Cross-site request forgery (CSRF) vulnerability in OpenCA PKI 0.9.2.5, ...)
	NOT-FOR-US: OpenCA PKI Project
CVE-2008-0555 (The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 do ...)
	- apache <removed>
	[etch] - apache <no-dsa> (only exploitable in very specific setups)
	NOTE: Only affects the apache-ssl package, not apache or apache-perl.
	NOTE: Only relevant if the attacker can get a CA that is trusted by the server
	NOTE: to sign client certs with arbitrary CN, but cannot influence the contents
	NOTE: of the other DN fields.
	NOTE: OTOH, the configuration used in Debian's apache-ssl 1.55 (per-dir
	NOTE: ssl-renegotiation switched off), has obviously not been tested by upstream
	NOTE: with 1.59 (it doesn't even compile).
	NOTE: Also, upstream's fix breaks API/ABI compatibility in some corner cases.
	NOTE: While these cases are not really supported by Debian, all in all the low
	NOTE: severity of the issue is not in proportion to the risk of breaking something
	NOTE: with the fix.
CVE-2008-0552 (Cross-site scripting (XSS) vulnerability in index.php in eTicket 1.5.6 ...)
	NOT-FOR-US: eTicket
CVE-2008-0551 (The NamoInstaller.NamoInstall.1 ActiveX control in NamoInstaller.dll 3 ...)
	NOT-FOR-US: Namo Web Editor
CVE-2008-0550 (Off-by-one error in Steamcast 0.9.75 and earlier allows remote attacke ...)
	NOT-FOR-US: Steamcast
CVE-2008-0549 (Integer overflow in the OggHeaderParse function in Steamcast 0.9.75 an ...)
	NOT-FOR-US: Steamcast
CVE-2008-0548 (Steamcast 0.9.75 and earlier allows remote attackers to cause a denial ...)
	NOT-FOR-US: Steamcast
CVE-2008-0547 (Cross-site scripting (XSS) vulnerability in admin/utilities_ConfigHelp ...)
	NOT-FOR-US: CandyPress
CVE-2008-0546 (Multiple SQL injection vulnerabilities in CandyPress (CP) 4.1.1.26, an ...)
	NOT-FOR-US: CandyPress
CVE-2008-0545 (Multiple directory traversal vulnerabilities in Bubbling Library 1.32  ...)
	NOT-FOR-US: Bubbling Library
CVE-2008-0543 (Multiple SQL injection vulnerabilities in Pre Dynamic Institution allo ...)
	NOT-FOR-US: Pre Dynamic Institution
CVE-2008-0542 (Directory traversal vulnerability in thumbnail.php in Gerd Tentler Sim ...)
	NOT-FOR-US: Simple Forum
CVE-2008-0541 (Multiple cross-site scripting (XSS) vulnerabilities in forum.php in Ge ...)
	NOT-FOR-US: Simple Forum
CVE-2008-0540 (Multiple cross-site scripting (XSS) vulnerabilities in trixbox 2.4.2.0 ...)
	NOT-FOR-US: trixbox
CVE-2008-0539 (Cross-site scripting (XSS) vulnerability in dms/policy/rep_request.php ...)
	NOT-FOR-US: F5 BIG-IP Application Security Manager
CVE-2008-0538 (Multiple SQL injection vulnerabilities in phpIP Management 4.3.2 allow ...)
	NOT-FOR-US: phpIP Management
CVE-2008-0537 (Unspecified vulnerability in the Supervisor Engine 32 (Sup32), Supervi ...)
	NOT-FOR-US: Cisco
CVE-2008-0536 (Unspecified vulnerability in the SSH server in (1) Cisco Service Contr ...)
	NOT-FOR-US: Cisco
CVE-2008-0535 (Unspecified vulnerability in the SSH server in (1) Cisco Service Contr ...)
	NOT-FOR-US: Cisco
CVE-2008-0534 (The SSH server in (1) Cisco Service Control Engine (SCE) before 3.1.6, ...)
	NOT-FOR-US: Cisco
CVE-2008-0533 (Multiple cross-site scripting (XSS) vulnerabilities in securecgi-bin/C ...)
	NOT-FOR-US: Cisco ACS
CVE-2008-0532 (Multiple buffer overflows in securecgi-bin/CSuserCGI.exe in User-Chang ...)
	NOT-FOR-US: Cisco ACS
CVE-2008-0531 (Heap-based buffer overflow in Cisco Unified IP Phone 7940, 7940G, 7960 ...)
	NOT-FOR-US: Cisco
CVE-2008-0530 (Buffer overflow in Cisco Unified IP Phone 7940, 7940G, 7960, and 7960G ...)
	NOT-FOR-US: Cisco
CVE-2008-0529 (Buffer overflow in the telnet server in Cisco Unified IP Phone 7906G,  ...)
	NOT-FOR-US: Cisco
CVE-2008-0528 (Buffer overflow in Cisco Unified IP Phone 7940, 7940G, 7960, and 7960G ...)
	NOT-FOR-US: Cisco
CVE-2008-0527 (The HTTP server in Cisco Unified IP Phone 7935 and 7936 running SCCP f ...)
	NOT-FOR-US: Cisco
CVE-2008-0526 (Cisco Unified IP Phone 7940, 7940G, 7960, and 7960G running SCCP firmw ...)
	NOT-FOR-US: Cisco
CVE-2008-0525 (PatchLink Update client for Unix, as used by Novell ZENworks Patch Man ...)
	NOT-FOR-US: PatchLink Update client for Unix
CVE-2008-0524 (Cross-site request forgery (CSRF) vulnerability in the management inte ...)
	NOT-FOR-US: Yamaha router firmware
CVE-2008-0523 (Multiple cross-site scripting (XSS) vulnerabilities in SoftCart.exe in ...)
	NOT-FOR-US: SoftCart
CVE-2008-0522 (Cross-site scripting (XSS) vulnerability in multiple Hal Networks shop ...)
	NOT-FOR-US: Hal Networks shopping-cart products
CVE-2008-0521 (Multiple directory traversal vulnerabilities in Bubbling Library 1.32  ...)
	NOT-FOR-US: Bubbling Library
CVE-2008-0520 (Multiple SQL injection vulnerabilities in main.php in the WassUp plugi ...)
	NOT-FOR-US: WassUp plugin for WordPress
CVE-2008-0519 (SQL injection vulnerability in index.php in the Atapin Jokes (com_joke ...)
	NOT-FOR-US: Atapin Jokes component for Mambo and Joomla!
CVE-2008-0518 (SQL injection vulnerability in index.php in the Recipes (com_recipes)  ...)
	NOT-FOR-US: Recipes component for Mambo and Joomla!
CVE-2008-0517 (SQL injection vulnerability in index.php in the Darko Selesi EstateAge ...)
	NOT-FOR-US: EstateAgent component for Mambo and Joomla!
CVE-2008-0516 (PHP remote file inclusion vulnerability in spaw/dialogs/confirm.php in ...)
	NOT-FOR-US: SQLiteManager
CVE-2008-0515 (SQL injection vulnerability in index.php in the musepoes (com_musepoes ...)
	NOT-FOR-US: musepoes component for Mambo and Joomla!
CVE-2008-0514 (SQL injection vulnerability in index.php in the Glossary (com_glossary ...)
	NOT-FOR-US: Glossary component for Mambo and Joomla!
CVE-2008-0513 (Directory traversal vulnerability in parser/include/class.cache_phpcms ...)
	NOT-FOR-US: phpCMS
CVE-2008-0512 (SQL injection vulnerability in index.php in the fq (com_fq) component  ...)
	NOT-FOR-US: fq component for Mambo and Joomla!
CVE-2008-0511 (SQL injection vulnerability in index.php in the MaMML (com_mamml) comp ...)
	NOT-FOR-US: MaMML component for Mambo and Joomla!
CVE-2008-0510 (SQL injection vulnerability in index.php in the Newsletter (com_newsle ...)
	NOT-FOR-US: Newsletter component for Mambo and Joomla!
CVE-2008-0509 (Multiple buffer overflows in IBM AIX 4.3 allow remote attackers to cau ...)
	NOT-FOR-US: IBM AIX
CVE-2008-0508 (Cross-site request forgery (CSRF) vulnerability in deans_permalinks_mi ...)
	NOT-FOR-US: Dean's Permalinks Migration plugin for WordPress
CVE-2008-0507 (SQL injection vulnerability in adclick.php in the AdServe 0.2 plugin f ...)
	NOT-FOR-US: AdServe plugin for WordPress
CVE-2008-0506 (include/imageObjectIM.class.php in Coppermine Photo Gallery (CPG) befo ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2008-0505 (Multiple cross-site scripting (XSS) vulnerabilities in docs/showdoc.ph ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2008-0504 (Multiple SQL injection vulnerabilities in Coppermine Photo Gallery (CP ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2008-0503 (Eval injection vulnerability in admin/op/disp.php in Netwerk Smart Pub ...)
	NOT-FOR-US: Netwerk Smart Publisher
CVE-2008-0502 (PHP remote file inclusion vulnerability in templates/Official/part_use ...)
	NOT-FOR-US: Connectix Boards
CVE-2008-0664 (The XML-RPC implementation (xmlrpc.php) in WordPress before 2.3.3, whe ...)
	{DSA-1601-1}
	- wordpress 2.3.3-1 (medium; bug #464170)
	[etch] - wordpress <not-affected> (vulnerable code not present)
	NOTE: The blog has to provide user accounts
	NOTE: A crafted XML-RPC request referring to a valid user can exploit this
	NOTE: This is specific to wordpress' implementation of xmlrpc.php, which is
	NOTE: not included in any other packages.
	- libwordpress-xmlrpc-perl <removed>
CVE-2008-0553 (Stack-based buffer overflow in the ReadImage function in tkImgGIF.c in ...)
	{DSA-1598-1 DSA-1491-1 DSA-1490-1 DTSA-140-1}
	- tk8.5 8.5.0-3
	- tk8.4 8.4.17-2
	- tk8.3 8.3.5-12
	- libtk-img 1:1.3-release-7 (bug #485785)
CVE-2008-0554 (Buffer overflow in the readImageData function in giftopnm.c in netpbm  ...)
	{DSA-1579-1}
	- netpbm-free 10.0-11.1 (medium; bug #464056)
CVE-2008-0564 (Multiple cross-site scripting (XSS) vulnerabilities in Mailman before  ...)
	- mailman 1:2.1.10~b3-1 (low)
	[etch] - mailman <no-dsa> (Minor issue)
	[sarge] - mailman <no-dsa> (Minor issue)
	NOTE: Someone authenticated as list admin can insert malicious script
	NOTE: into list templates. This already consists of a high degree of
	NOTE: control over the mailinglist, so not a very important issue.
	NOTE: This enhances the fix for CVE-2006-3636.
	NOTE: http://mail.python.org/pipermail/mailman-announce/2008-February/000095.html
CVE-2008-0665 (wml_backend/p1_ipp/ipp.src in Website META Language (WML) 2.0.11 allow ...)
	{DSA-1492-1}
	- wml 2.0.11-3.1 (low; bug #463907)
	[sarge] - wml <not-affected> (Vulnerable code is patched to use mkdtemp)
CVE-2008-0666 (Website META Language (WML) 2.0.11 allows local users to overwrite arb ...)
	{DSA-1492-1}
	- wml 2.0.11-3.1 (low; bug #463907)
	[sarge] - wml <not-affected> (Vulnerable code is patched to use mkdtemp)
CVE-2008-0501 (Directory traversal vulnerability in phpMyClub 0.0.1 allows remote att ...)
	NOT-FOR-US: phpMyClub
CVE-2008-0500 (Multiple unspecified vulnerabilities in Mambo LaiThai 4.5.5 have unkno ...)
	NOT-FOR-US: MamboXChange LaiThai
CVE-2008-0499 (SQL injection vulnerability in Mambo LaiThai 4.5.5 allows remote attac ...)
	NOT-FOR-US: MamboXChange LaiThai
CVE-2008-0498 (SQL injection vulnerability in main_bigware_53.tpl.php in Bigware Shop ...)
	NOT-FOR-US: Bigware Shop
CVE-2008-0497 (Cross-site scripting (XSS) vulnerability in action.php in Nucleus CMS  ...)
	NOT-FOR-US: Nucleus CMS
CVE-2008-0496 (Cross-site scripting (XSS) vulnerability in index.php in AmpJuke 0.7.0 ...)
	NOT-FOR-US: AmpJuke
CVE-2008-0495 (Unspecified vulnerability in the Pegasus CIM Server in IBM Hardware Ma ...)
	NOT-FOR-US: Pegasus CIM Server
CVE-2008-0494 (Cross-site scripting (XSS) vulnerability in vpnum/userslist.php in End ...)
	NOT-FOR-US: Endian Firewall
CVE-2008-0493 (fpx.dll 3.9.8.0 in the FlashPix plugin for IrfanView 4.10 allows remot ...)
	NOT-FOR-US: FlashPix plugin for IrfanView
CVE-2008-0492 (Stack-based buffer overflow in the Persits.XUpload.2 ActiveX control i ...)
	NOT-FOR-US: Persits XUpload
CVE-2008-0491 (SQL injection vulnerability in fim_rss.php in the fGallery 2.4.1 plugi ...)
	NOT-FOR-US: fGallery for WordPress
CVE-2008-0490 (SQL injection vulnerability in functions/editevent.php in the WP-Cal 0 ...)
	NOT-FOR-US: WP-Cal plugin for WordPress
CVE-2008-0489 (Directory traversal vulnerability in install.php in Clansphere 2007.4. ...)
	NOT-FOR-US: Clansphere
CVE-2008-0488 (Directory traversal vulnerability in tseekdir.cgi in VB Marketing allo ...)
	NOT-FOR-US: VB Marketing
CVE-2008-0487 (Multiple SQL injection vulnerabilities in login.asp in ASPired2Protect ...)
	NOT-FOR-US: ASPired2Protect
CVE-2008-0486 (Array index vulnerability in libmpdemux/demux_audio.c in MPlayer 1.0rc ...)
	{DSA-1536-1 DSA-1496-1 DTSA-114-1}
	- mplayer 1.0~rc2-8 (bug #464060)
	- xine-lib 1.1.10.1-1 (bug #464696)
	[sarge] - xine-lib <not-affected> (Vulnerable code not present)
CVE-2008-0485 (Array index error in libmpdemux/demux_mov.c in MPlayer 1.0 rc2 and ear ...)
	{DSA-1496-1 DTSA-114-1}
	- mplayer 1.0~rc2-8 (bug #464060)
CVE-2008-0484
	RESERVED
CVE-2008-0483
	RESERVED
CVE-2008-0482
	RESERVED
CVE-2008-0481 (Directory traversal vulnerability in RTE_file_browser.asp in Web Wiz R ...)
	NOT-FOR-US: Web Wiz Rich Text Editor
CVE-2008-0480 (Multiple directory traversal vulnerabilities in Web Wiz Forums 9.07 an ...)
	NOT-FOR-US: Web Wiz Forums
CVE-2008-0479 (Directory traversal vulnerability in RTE_file_browser.asp in Web Wiz N ...)
	NOT-FOR-US: Web Wiz NewsPad
CVE-2008-0478 (Directory traversal vulnerability in index.php in SetCMS 3.6.5 allows  ...)
	NOT-FOR-US: SetCMS
CVE-2008-0477 (Stack-based buffer overflow in the QMPUpgrade.Upgrade.1 ActiveX contro ...)
	NOT-FOR-US: Move Networks Upgrade Manager
CVE-2008-0476 (ManageEngine Applications Manager 8.1 build 8100 does not check authen ...)
	NOT-FOR-US: ManageEngine Applications Manager
CVE-2008-0475 (ManageEngine Applications Manager 8.1 build 8100 allows remote attacke ...)
	NOT-FOR-US: ManageEngine Applications Manager
CVE-2008-0474 (Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Ap ...)
	NOT-FOR-US: ManageEngine Applications Manager
CVE-2008-0473 (RTE_popup_save_file.asp in Web Wiz Rich Text Editor 4.0 allows remote  ...)
	NOT-FOR-US: Web Wiz Rich Text Editor
CVE-2008-0472 (Cross-site request forgery (CSRF) vulnerability in modcp.php in Woltla ...)
	NOT-FOR-US: Woltlab Burning Board
CVE-2008-0471 (Cross-site request forgery (CSRF) vulnerability in privmsg.php in phpB ...)
	{DSA-1488-1}
	- phpbb2 2.0.22-3 (low; bug #463589)
CVE-2008-0470 (A certain ActiveX control in Comodo AntiVirus 2.0 allows remote attack ...)
	NOT-FOR-US: Comodo AntiVirus
CVE-2008-0469 (SQL injection vulnerability in index.php in Tiger Php News System (TPN ...)
	NOT-FOR-US: Tiger Php News System
CVE-2008-0468 (SQL injection vulnerability in category.php in Flinx 1.3 and earlier a ...)
	NOT-FOR-US: Flinx
CVE-2008-0467 (Stack-based buffer overflow in Firebird before 2.0.4, and 2.1.x before ...)
	{DSA-1529-1}
	- firebird2 <removed>
	[etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529)
	- firebird2.0 2.0.3.12981.ds1-5 (medium; bug #463596)
CVE-2008-0466 (Web Wiz RTE_file_browser.asp in, as used in Web Wiz Rich Text Editor 4 ...)
	NOT-FOR-US: Web Wiz Rich Text Editor
CVE-2008-0465 (Directory traversal vulnerability in optimizer.php in Seagull 0.6.3 al ...)
	NOT-FOR-US: Seagull
CVE-2008-0464 (Directory traversal vulnerability in archiv.cgi in absofort aconon Mai ...)
	NOT-FOR-US: aconon Mail Enterprise SQL
CVE-2008-0463 (Cross-site scripting (XSS) vulnerability in the Workflow 4.7.x before  ...)
	NOT-FOR-US: Workflow module for Drupal
CVE-2008-0462 (Cross-site scripting (XSS) vulnerability in the Archive 5.x before 5.x ...)
	NOT-FOR-US: Archive module for Drupal
CVE-2008-0461 (SQL injection vulnerability in index.php in the Search module in PHP-N ...)
	NOT-FOR-US: PHP-Nuke
CVE-2008-0460 (Cross-site scripting (XSS) vulnerability in api.php in (1) MediaWiki 1 ...)
	- mediawiki 1:1.11.1-1 (low)
	[etch] - mediawiki <not-affected> (Doesn't include API functionality)
CVE-2008-0459 (Directory traversal vulnerability in update/index.php in Liquid-Silver ...)
	NOT-FOR-US: Liquit-Silver CMS
CVE-2008-0458 (Directory traversal vulnerability in function/sources.php in SLAED CMS ...)
	NOT-FOR-US: SLAED CMS
CVE-2008-0457 (Unrestricted file upload vulnerability in the FileUpload class running ...)
	NOT-FOR-US: Symantec LiveState Apache Tomcat server
CVE-2008-0456 (CRLF injection vulnerability in the mod_negotiation module in the Apac ...)
	- apache <unfixed> (unimportant)
	- apache2 <unfixed> (unimportant)
	NOTE: This is only relevant if an attacker can upload files with arbitrary names
	NOTE: but not with arbitrary contents.
CVE-2008-0455 (Cross-site scripting (XSS) vulnerability in the mod_negotiation module ...)
	- apache <removed> (unimportant)
	- apache2 2.2.22-8 (unimportant)
	NOTE: This is only relevant if an attacker can upload files with arbitrary names
	NOTE: but not with arbitrary contents.
	NOTE: https://httpd.apache.org/security/vulnerabilities_22.html#CVE-2012-2687
CVE-2008-0454 (Cross-zone scripting vulnerability in the Internet Explorer web contro ...)
	NOT-FOR-US: Skype
CVE-2008-0453 (SQL injection vulnerability in list.php in Easysitenetwork Recipe allo ...)
	NOT-FOR-US: Easysitenetwork Recipe
CVE-2008-0452 (Directory traversal vulnerability in articles.php in Siteman 1.1.9 all ...)
	NOT-FOR-US: Siteman
CVE-2008-0451 (Multiple SQL injection vulnerabilities in PacerCMS 0.6 allow remote au ...)
	NOT-FOR-US: PacerCMS
CVE-2008-0450 (Multiple PHP remote file inclusion vulnerabilities in BLOG:CMS 4.2.1.c ...)
	NOT-FOR-US: BLOG:CMS
CVE-2008-0449 (SQL injection vulnerability in paypalresult.asp in VP-ASP Shopping Car ...)
	NOT-FOR-US: VP-ASP Shopping Cart
CVE-2008-0448 (PHP remote file inclusion vulnerability in utils/class_HTTPRetriever.p ...)
	NOT-FOR-US: phpSearch
CVE-2008-0447 (SQL injection vulnerability in index.php in Foojan WMS PHP Weblog 1.0  ...)
	NOT-FOR-US: Foojan WMS PHP Weblog
CVE-2008-0446 (SQL injection vulnerability in voircom.php in LulieBlog 1.02 allows re ...)
	NOT-FOR-US: Foojan WMS PHP Weblog
CVE-2008-0445 (The replace_inline_img function in elogd in Electronic Logbook (ELOG)  ...)
	- elog 2.9.2+2014.05.11git44800a7-1 (low; bug #463600)
CVE-2008-0444 (Cross-site scripting (XSS) vulnerability in Electronic Logbook (ELOG)  ...)
	- elog 2.9.2+2014.05.11git44800a7-1 (low; bug #463600)
CVE-2008-0443 (Heap-based buffer overflow in the FileUploader.FUploadCtl.1 ActiveX co ...)
	NOT-FOR-US: Lycos FileUploader Module
CVE-2008-0442 (PHP remote file inclusion vulnerability in inc/linkbar.php in Small Ax ...)
	NOT-FOR-US: Small Axe Weblog
CVE-2008-0441 (IBM Tivoli Business Service Manager (TBSM) 4.1.1 stores passwords in c ...)
	NOT-FOR-US: IBM Tivoli Business Service Manager
CVE-2008-0440 (AlstraSoft Forum Pay Per Post Exchange 2.0 stores passwords in clearte ...)
	NOT-FOR-US: AlstraSoft Forum Pay Per Post Exchange
CVE-2008-0439 (Cross-site scripting (XSS) vulnerability in templates/default/admincp/ ...)
	NOT-FOR-US: DeluxeBB
CVE-2008-0438 (Cross-site scripting (XSS) vulnerability in the font rendering functio ...)
	NOT-FOR-US: Novemberborn sIFR
CVE-2008-0437 (Multiple buffer overflows in the WebHPVCInstall.HPVirtualRooms14 Activ ...)
	NOT-FOR-US: HP Virtual Rooms
CVE-2008-0436 (Cross-site scripting (XSS) vulnerability in profile-upload/upload.asp  ...)
	NOT-FOR-US: PD9 Software MegaBBS
CVE-2008-0435 (Directory traversal vulnerability in index.php in OZJournals 2.1.1 all ...)
	NOT-FOR-US: OZJournals
CVE-2008-0434 (Format string vulnerability in the AXIMilter module in AXIGEN Mail Ser ...)
	NOT-FOR-US: AXIGEN Mail Server
CVE-2008-0433 (PHP remote file inclusion vulnerability in theme/phpAutoVideo/LightTwo ...)
	NOT-FOR-US: Agares Media phpAutoVideo
CVE-2008-0432 (Cross-site scripting (XSS) vulnerability in index.php in phpAutoVideo  ...)
	NOT-FOR-US: Agares Media phpAutoVideo
CVE-2008-0431 (Directory traversal vulnerability in administrator/download.php in IDM ...)
	NOT-FOR-US: IDMOS
CVE-2008-0430 (SQL injection vulnerability in form.php in 360 Web Manager 3.0 allows  ...)
	NOT-FOR-US: 360 Web Manager
CVE-2008-0429 (SQL injection vulnerability in index.php in AlstraSoft Forum Pay Per P ...)
	NOT-FOR-US: AlstraSoft Forum Pay Per Post Exchange
CVE-2008-0428 (Multiple SQL injection vulnerabilities in the login function in system ...)
	NOT-FOR-US: bloofoxCMS
CVE-2008-0427 (Directory traversal vulnerability in file.php in bloofoxCMS 0.3 allows ...)
	NOT-FOR-US: bloofoxCMS
CVE-2008-0426 (Multiple cross-site scripting (XSS) vulnerabilities in submit.php in P ...)
	NOT-FOR-US: PacerCMS
CVE-2008-0425 (Absolute path traversal vulnerability in explorerdir.php in Frimousse  ...)
	NOT-FOR-US: Frimousse
CVE-2008-0424 (SQL injection vulnerability in blog.php in Mooseguy Blog System (MGBS) ...)
	NOT-FOR-US: Mooseguy Blog System
CVE-2008-0423 (Multiple PHP remote file inclusion vulnerabilities in Lama Software al ...)
	NOT-FOR-US: Lama Software
CVE-2008-0422 (SQL injection vulnerability in mail.php in boastMachine (aka bMachine) ...)
	NOT-FOR-US: bMachine
CVE-2008-0421 (SQL injection vulnerability in Invision Gallery 2.0.7 and earlier allo ...)
	NOT-FOR-US: Invision Gallery
CVE-2008-0420 (modules/libpr0n/decoders/bmp/nsBMPDecoder.cpp in Mozilla Firefox befor ...)
	{DSA-1534-1 DSA-1484-1}
	- iceape 1.1.8-1
	- iceweasel 2.0.0.12-1
	- xulrunner 1.8.1.12-1
	NOTE: The initial advisory claimed Thunderbird/Icedove were vulnerable, but clarified
	NOTE: later, see http://www.mozilla.org/security/announce/2008/mfsa2008-07.html
CVE-2008-0419 (Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows remo ...)
	{DSA-1506-1 DSA-1489-1 DSA-1485-2 DSA-1484-1}
	- iceweasel 2.0.0.12-1
	- xulrunner 1.8.1.12-1
	- iceape 1.1.8-1
	- icedove 2.0.0.12-1
CVE-2008-0418 (Directory traversal vulnerability in Mozilla Firefox before 2.0.0.12,  ...)
	{DSA-1506-1 DSA-1489-1 DSA-1485-2 DSA-1484-1}
	- iceweasel 2.0.0.12-1
	- xulrunner 1.8.1.12-1
	- iceape 1.1.8-1
	- icedove 2.0.0.12-1
CVE-2008-0417 (CRLF injection vulnerability in Mozilla Firefox before 2.0.0.12 allows ...)
	{DSA-1506-1 DSA-1489-1 DSA-1485-2 DSA-1484-1}
	- iceweasel 2.0.0.12-1
	- xulrunner 1.8.1.12-1
	- iceape 1.1.8-1
	- icedove 2.0.0.12-1
CVE-2008-0416 (Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox ...)
	{DSA-1506-1 DSA-1489-1 DSA-1485-2 DSA-1484-1}
	- iceweasel 2.0.0.12-1
	- icedove 2.0.0.12-1
	- xulrunner 1.8.1.13-1
	- iceape 1.1.9-1
CVE-2008-0415 (Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaM ...)
	{DSA-1506-1 DSA-1489-1 DSA-1485-2 DSA-1484-1}
	- iceweasel 2.0.0.12-1
	- iceape 1.1.8-1
	- icedove 2.0.0.12-1
	- xulrunner 1.8.1.12-1
CVE-2008-0414 (Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows user ...)
	{DSA-1506-1 DSA-1489-1 DSA-1485-2 DSA-1484-1}
	- iceweasel 2.0.0.12-1
	- xulrunner 1.8.1.12-1
	- iceape 1.1.8-1
	- icedove 2.0.0.12-1
CVE-2008-0413 (The JavaScript engine in Mozilla Firefox before 2.0.0.12, Thunderbird  ...)
	{DSA-1506-1 DSA-1489-1 DSA-1485-2 DSA-1484-1}
	- iceweasel 2.0.0.12-1
	- xulrunner 1.8.1.12-1
	- iceape 1.1.8-1
	- icedove 2.0.0.12-1
CVE-2008-0412 (The browser engine in Mozilla Firefox before 2.0.0.12, Thunderbird bef ...)
	{DSA-1506-1 DSA-1489-1 DSA-1485-2 DSA-1484-1}
	- iceweasel 2.0.0.12-1
	- xulrunner 1.8.1.12-1
	- iceape 1.1.8-1
	- icedove 2.0.0.12-1
CVE-2008-0411 (Stack-based buffer overflow in the zseticcspace function in zicc.c in  ...)
	{DSA-1510-1}
	- ghostscript 8.61.dfsg.1-1.1 (medium; bug #468190)
	- gs-gpl <removed> (medium)
CVE-2008-XXXX [exempi buffer overflow in GIF ReadHeader() function]
	- exempi 1.99.7-1 (bug #454297)
CVE-2008-0544 (Heap-based buffer overflow in the IMG_LoadLBM_RW function in IMG_lbm.c ...)
	{DSA-1493-2 DSA-1493-1}
	- sdl-image1.2 1.2.6-3 (medium)
CVE-2008-0410 (HTTP File Server (HFS) before 2.2c allows remote attackers to obtain c ...)
	NOT-FOR-US: HTTP File Server
CVE-2008-0409 (Cross-site scripting (XSS) vulnerability in HTTP File Server (HFS) bef ...)
	NOT-FOR-US: HTTP File Server
CVE-2008-0408 (HTTP File Server (HFS) before 2.2c allows remote attackers to append a ...)
	NOT-FOR-US: HTTP File Server
CVE-2008-0407 (HTTP File Server (HFS) before 2.2c tags HTTP request log entries with  ...)
	NOT-FOR-US: HTTP File Server
CVE-2008-0406 (HTTP File Server (HFS) before 2.2c, when account names are used as log ...)
	NOT-FOR-US: HTTP File Server
CVE-2008-0405 (Multiple directory traversal vulnerabilities in HTTP File Server (HFS) ...)
	NOT-FOR-US: HTTP File Server
CVE-2008-0404 (Cross-site scripting (XSS) vulnerability in Mantis before 1.1.1 allows ...)
	- mantis <not-affected> (Vulnerable code not present)
	NOTE: code was introduced in the 1.1.x series, which are not shipped by us yet
CVE-2008-0403 (The web server in Belkin Wireless G Plus MIMO Router F5D9230-4 does no ...)
	NOT-FOR-US: Belkin Wireless firmware
CVE-2008-0402 (Unspecified vulnerability in IBM WebSphere Business Modeler Basic and  ...)
	NOT-FOR-US: IBM WebSphere Business Modeler
CVE-2008-0401 (Buffer overflow in the logging functionality of the HTTP server in IBM ...)
	NOT-FOR-US: IBM Tivoli Provisioning Manager for OS Deployment before
CVE-2008-0400 (Cross-site scripting (XSS) vulnerability in header.tpl.php in the mode ...)
	NOT-FOR-US: Singapore
CVE-2008-0399 (Multiple buffer overflows in Toshiba Surveillance (Surveillix) RecordS ...)
	NOT-FOR-US: Toshiba Surveillance
CVE-2008-0398 (Cross-site scripting (XSS) vulnerability in aflog 1.01, and possibly e ...)
	NOT-FOR-US: aflog
CVE-2008-0397 (Multiple SQL injection vulnerabilities in aflog 1.01, and possibly ear ...)
	NOT-FOR-US: aflog
CVE-2008-0396 (Directory traversal vulnerability in BitDefender Update Server (http.e ...)
	NOT-FOR-US: BitDefender Update Server
CVE-2008-0395 (Kayako SupportSuite 3.11.01 allows remote attackers to obtain server c ...)
	NOT-FOR-US: Kayako SupportSuite
CVE-2008-0394 (Buffer overflow in Citadel SMTP server 7.10 and earlier allows remote  ...)
	NOT-FOR-US: Citadel SMTP server
CVE-2008-0393 (Directory traversal vulnerability in info.php in GradMan 0.1.3 and ear ...)
	NOT-FOR-US: GradMan
CVE-2008-0392 (Multiple buffer overflows in Microsoft Visual Basic Enterprise Edition ...)
	NOT-FOR-US: Microsoft Visual Basic
CVE-2008-0391 (inc/elementz.php in aliTalk 1.9.1.1 does not properly verify authentic ...)
	NOT-FOR-US: aliTalk
CVE-2008-0390 (stat.php in AuraCMS 1.62, and Mod Block Statistik for AuraCMS, allows  ...)
	NOT-FOR-US: AuraCMS
CVE-2008-0389 (Unspecified vulnerability in the serveServletsByClassnameEnabled featu ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2008-0388 (SQL injection vulnerability in the WP-Forum 1.7.4 plugin for WordPress ...)
	NOT-FOR-US: WP-Forum plugin for WordPress
CVE-2008-0387 (Integer overflow in Firebird SQL 1.0.3 and earlier, 1.5.x before 1.5.6 ...)
	{DSA-1529-1}
	- firebird2.0 2.0.3.12981.ds1-4 (bug #460048)
	[lenny] - firebird2.0 2.0.3.12981.ds1-1+lenny1
	- firebird2 <removed>
	[etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529)
CVE-2008-0386 (Xdg-utils 1.0.2 and earlier allows user-assisted remote attackers to e ...)
	- xdg-utils <not-affected> (Ships a patch that modifies the vulnerable code and uses sed secure)
	NOTE: xdg-open-generic replaces the vulnerable code and runs view-mailcap or sensible-browser
CVE-2008-0385 (SQL injection vulnerability in server/widgetallocator.php in Urulu 2.1 ...)
	NOT-FOR-US: Urulu
CVE-2008-0384 (OpenBSD 4.2 allows local users to cause a denial of service (kernel pa ...)
	NOT-FOR-US: OpenBSD
CVE-2008-0383 (Multiple SQL injection vulnerabilities in MyBB 1.2.10 and earlier allo ...)
	NOT-FOR-US: MyBB
CVE-2008-0382 (Multiple eval injection vulnerabilities in MyBB 1.2.10 and earlier all ...)
	NOT-FOR-US: MyBB
CVE-2008-0381 (Unspecified vulnerability in Mahara before 0.9.1 has unknown impact an ...)
	- mahara 0.9.1-1 (low)
CVE-2008-0380 (Buffer overflow in the Digital Data Communications RtspVaPgCtrl Active ...)
	NOT-FOR-US: Digital Data Communications
CVE-2008-0379 (Race condition in the Enterprise Tree ActiveX control (EnterpriseContr ...)
	NOT-FOR-US: Crystal Reports
CVE-2008-0378 (Stack-based buffer overflow in SocksCap 2.40-051231 and earlier, when  ...)
	NOT-FOR-US: SocksCap
CVE-2008-0377 (MicroNews allows remote attackers to bypass authentication and gain ad ...)
	NOT-FOR-US: MicroNews
CVE-2008-0376 (PHP remote file inclusion vulnerability in inc/linkbar.php in Small Ax ...)
	NOT-FOR-US: Small Axe Weblog
CVE-2008-0375 (Unspecified vulnerability in OKI C5510MFP Printer CU H2.15, PU 01.03.0 ...)
	NOT-FOR-US: OKI C5510MFP Printer firmware
CVE-2008-0374 (OKI C5510MFP Printer CU H2.15, PU 01.03.01, System F/W 1.01, and Web P ...)
	NOT-FOR-US: OKI C5510MFP Printer firmware
CVE-2008-0373 (Unrestricted file upload vulnerability in PHP F1 Max's File Uploader a ...)
	NOT-FOR-US: PHP F1 Max's File Uploader
CVE-2008-0372 (8e6 R3000 Internet Filter 2.0.05.33, and other versions before 2.0.11, ...)
	NOT-FOR-US: 8e6 R3000 Internet Filter
CVE-2008-0371 (Multiple SQL injection vulnerabilities in aliTalk 1.9.1.1, when magic_ ...)
	NOT-FOR-US: aliTalk
CVE-2008-0370 (Cross-site scripting (XSS) vulnerability in dohtaccess.html in cPanel  ...)
	NOT-FOR-US: cPanel
CVE-2008-0369 (Multiple unspecified programs in IBM Informix Dynamic Server (IDS) 10. ...)
	NOT-FOR-US: IBM Informix Dynamic Server
CVE-2008-0368 (onedcu in IBM Informix Dynamic Server (IDS) 10.x before 10.00.xC8 allo ...)
	NOT-FOR-US: IBM Informix Dynamic Server
CVE-2008-0367 (Mozilla Firefox 2.0.0.11, 3.0b2, and possibly earlier versions, when p ...)
	- iceweasel 3.0 (low)
	[etch] - iceweasel <end-of-life> (Etch Packages no longer covered by security support)
	NOTE: Mozilla #244273
CVE-2008-0366 (CORE FORCE before 0.95.172 does not properly validate arguments to SSD ...)
	NOT-FOR-US: CORE FORCE
CVE-2008-0365 (Multiple buffer overflows in CORE FORCE before 0.95.172 allow local us ...)
	NOT-FOR-US: CORE FORCE
CVE-2008-0364 (Buffer overflow in (1) BitTorrent 6.0 and earlier; and (2) uTorrent 1. ...)
	NOT-FOR-US: BitTorrent/uTorrent
CVE-2008-0363 (Multiple SQL injection vulnerabilities in Clever Copy 3.0 and earlier  ...)
	NOT-FOR-US: Clever Copy
CVE-2008-0362 (Cross-site scripting (XSS) vulnerability in gallery.php in Clever Copy ...)
	NOT-FOR-US: Clever Copy
CVE-2008-0361 (Directory traversal vulnerability in agregar_info.php in GradMan 0.1.3 ...)
	NOT-FOR-US: GradMan
CVE-2008-0360 (Multiple SQL injection vulnerabilities in BLOG:CMS 4.2.1b allow remote ...)
	NOT-FOR-US: BLOG:CMS
CVE-2008-0359 (Multiple cross-site scripting (XSS) vulnerabilities in BLOG:CMS 4.2.1b ...)
	NOT-FOR-US: BLOG:CMS
CVE-2008-0358 (SQL injection vulnerability in index.php in Pixelpost 1.7 allows remot ...)
	NOT-FOR-US: Pixelpost
CVE-2008-0357 (Directory traversal vulnerability in pages/upload.php in Galaxyscripts ...)
	NOT-FOR-US: Galaxyscripts
CVE-2008-0356 (Buffer overflow in the Independent Management Architecture (IMA) servi ...)
	NOT-FOR-US: Citrix Presentation Server
CVE-2008-0355 (SQL injection vulnerability in index.php in the forum module in PHPEch ...)
	NOT-FOR-US: PHPEcho CMS
CVE-2008-0354 (Cross-site scripting (XSS) vulnerability in the chat client in IBM Lot ...)
	NOT-FOR-US: IBM Lotus Sametime
CVE-2008-0353 (SQL injection vulnerability in visualizza_tabelle.php in php-residence ...)
	NOT-FOR-US: php-residence
CVE-2008-XXXX [apt-cacher arbitrary command execution]
	- apt-cacher 1.6.1
	[etch] - apt-cacher <not-affected> (vulnerable code introduced in 1.6.0)
	[sarge] - apt-cacher <not-affected> (vulnerable code introduced in 1.6.0)
CVE-2008-0352 (The Linux kernel 2.6.20 through 2.6.21.1 allows remote attackers to ca ...)
	- linux-2.6 2.6.22-1
	[etch] - linux-2.6 <not-affected> (Vulnerable code was introduced after 2.6.19 release)
CVE-2008-0351 (admin/config.php in Evilsentinel 1.0.9 and earlier allows remote attac ...)
	NOT-FOR-US: EvilSentinel
CVE-2008-0350 (admin/index.php in Evilsentinel 1.0.9 and earlier sends a redirect to  ...)
	NOT-FOR-US: EvilSentinel
CVE-2008-0349 (Unspecified vulnerability in the PeopleTools component in Oracle Peopl ...)
	NOT-FOR-US: Oracle
CVE-2008-0348 (Multiple unspecified vulnerabilities in the PeopleTools component in O ...)
	NOT-FOR-US: Oracle
CVE-2008-0347 (Unspecified vulnerability in the Oracle Ultra Search component in Orac ...)
	NOT-FOR-US: Oracle
CVE-2008-0346 (Unspecified vulnerability in the Oracle Jinitiator component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2008-0345 (Unspecified vulnerability in the Core RDBMS component in Oracle Databa ...)
	NOT-FOR-US: Oracle
CVE-2008-0344 (Unspecified vulnerability in the Oracle Spatial component in Oracle Da ...)
	NOT-FOR-US: Oracle
CVE-2008-0343 (Unspecified vulnerability in the Oracle Spatial component in Oracle Da ...)
	NOT-FOR-US: Oracle
CVE-2008-0342 (Unspecified vulnerability in the Upgrade/Downgrade component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2008-0341 (Unspecified vulnerability in the Advanced Queuing component in Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2008-0340 (Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5 FIPS+, ...)
	NOT-FOR-US: Oracle
CVE-2008-0339 (Unspecified vulnerability in the XML DB component in Oracle Database 9 ...)
	NOT-FOR-US: Oracle
CVE-2008-0338 (Directory traversal vulnerability in the mwGetLocalFileName function i ...)
	NOT-FOR-US: miniweb
CVE-2008-0337 (Heap-based buffer overflow in the _mwProcessReadSocket function in htt ...)
	NOT-FOR-US: miniweb
CVE-2008-0336 (Multiple cross-site request forgery (CSRF) vulnerabilities in BugTrack ...)
	NOT-FOR-US: BugTracker.NET
CVE-2008-0335 (Cross-site scripting (XSS) vulnerability in BugTracker.NET before 2.7. ...)
	NOT-FOR-US: BugTracker.NET
CVE-2008-0334 (Cross-site scripting (XSS) vulnerability in pm/language/spanish/prefer ...)
	NOT-FOR-US: pMachine
CVE-2008-0333 (Directory traversal vulnerability in download_view_attachment.aspx in  ...)
	NOT-FOR-US: AfterLogic MailBee WebMail Pro 4.1 for ASP.NET
CVE-2008-0332 (Directory traversal vulnerability in arias/help/effect.php in aria 0.9 ...)
	NOT-FOR-US: Aria ERP (not the aria we ship)
CVE-2008-0331 (Unspecified vulnerability in Funkwerk System Software before 7.4.1 PAT ...)
	NOT-FOR-US: Funkwerk
CVE-2008-0330 (Open System Consultants (OSC) Radiator before 4.0 allows remote attack ...)
	NOT-FOR-US: Radiator
CVE-2008-0329 (LulieBlog 1.0.1 and 1.0.2 does not restrict access to (1) article_supp ...)
	NOT-FOR-US: LulieBlog
CVE-2008-0328 (SQL injection vulnerability in page.php in FaScript FaName 1.0 allows  ...)
	NOT-FOR-US: FaScript
CVE-2008-0327 (SQL injection vulnerability in show.php in FaScript FaMp3 1.0 allows r ...)
	NOT-FOR-US: FaScript
CVE-2008-0326 (SQL injection vulnerability in class/show.php in FaScript FaPersianHac ...)
	NOT-FOR-US: FaScript
CVE-2008-0325 (SQL injection vulnerability in show.php in FaScript FaPersian Petition ...)
	NOT-FOR-US: FaScript
CVE-2008-0324 (Cisco Systems VPN Client IPSec Driver (CVPNDRVA.sys) 5.0.02.0090 allow ...)
	NOT-FOR-US: Cisco
CVE-2008-0323
	RESERVED
CVE-2008-0322 (The I2O Utility Filter driver (i2omgmt.sys) 5.1.2600.2180 for Microsof ...)
	NOT-FOR-US: Microsoft Windows XP driver
CVE-2008-0321
	RESERVED
CVE-2008-0320 (Heap-based buffer overflow in the OLE importer in OpenOffice.org befor ...)
	{DSA-1547-1}
	- openoffice.org 2.4.0~ooh680m5-1
CVE-2008-0319
	RESERVED
CVE-2008-0318 (Integer overflow in the cli_scanpe function in libclamav in ClamAV bef ...)
	{DSA-1497-1}
	- clamav 0.92.1~dfsg-1 (medium)
CVE-2008-0317
	RESERVED
CVE-2008-0316
	RESERVED
CVE-2008-0315
	RESERVED
CVE-2008-0314 (Heap-based buffer overflow in spin.c in libclamav in ClamAV 0.92.1 all ...)
	{DSA-1549-1}
	- clamav 0.92.1~dfsg2-1 (medium)
CVE-2008-0313 (The ActiveDataInfo.LaunchProcess method in the SymAData.ActiveDataInfo ...)
	NOT-FOR-US: Symantec Norton products
CVE-2008-0312 (Stack-based buffer overflow in the AutoFix Support Tool ActiveX contro ...)
	NOT-FOR-US: Symantec Norton products
CVE-2008-0311 (Stack-based buffer overflow in the PGMWebHandler::parse_request functi ...)
	NOT-FOR-US: Borland CaliberRM
CVE-2008-0310 (Directory traversal vulnerability in pkgadd in SCO UnixWare 7.1.4 befo ...)
	NOT-FOR-US: SCO UnixWare
CVE-2008-0309 (Stack-based buffer overflow in Symantec Decomposer, as used in certain ...)
	NOT-FOR-US: Symantec Decomposer
CVE-2008-0308 (Symantec Decomposer, as used in certain Symantec antivirus products in ...)
	NOT-FOR-US: Symantec Decomposer
CVE-2008-0307 (Integer signedness error in vserver in SAP MaxDB 7.6.0.37, and possibl ...)
	- maxdb-7.5.00 <removed>
CVE-2008-0306 (sdbstarter in SAP MaxDB 7.6.0.37, and possibly other versions, allows  ...)
	- maxdb-7.5.00 <removed>
CVE-2008-0305
	RESERVED
CVE-2008-0304 (Heap-based buffer overflow in Mozilla Thunderbird before 2.0.0.12 and  ...)
	{DSA-1697-1 DSA-1621-1}
	- icedove 2.0.0.12-1 (medium)
	- iceape 1.1.8-1 (medium)
CVE-2008-0303 (The FTP print feature in multiple Canon printers, including imageRUNNE ...)
	NOT-FOR-US: Canon printer firmware
CVE-2008-0301 (Multiple SQL injection vulnerabilities in Mapbender 2.4.4 allow remote ...)
	NOT-FOR-US: Mapbender
CVE-2008-0300 (mapFiler.php in Mapbender 2.4 to 2.4.4 allows remote attackers to exec ...)
	NOT-FOR-US: Mapbender
CVE-2008-0298 (KHTML WebKit as used in Apple Safari 2.x allows remote attackers to ca ...)
	- webkit <not-affected> (Not reproducible, browser crashes not treated as security issues)
	- qt4-x11 <not-affected> (Not reproducible, browser crashes not treated as security issues)
	- kdelibs <not-affected> (Not reproducible, browser crashes not treated as security issues)
	- kde4libs <not-affected> (Not reproducible, browser crashes not treated as security issues)
	NOTE: Not reproducible, might be fixed before all the forks went off
CVE-2008-0297 (PhotoKorn allows remote attackers to obtain database credentials via a ...)
	NOT-FOR-US: PhotoKorn
CVE-2008-0296 (Heap-based buffer overflow in the libaccess_realrtsp plugin in VideoLA ...)
	{DSA-1543-1 DTSA-111-1}
	- vlc 0.8.6.c-6 (bug #461544; medium)
CVE-2008-0295 (Heap-based buffer overflow in modules/access/rtsp/real_sdpplin.c in th ...)
	{DSA-1543-1 DTSA-111-1}
	- vlc 0.8.6.c-6 (bug #461544; medium)
	NOTE: this does not affect xine-lib itself, its just vlc that ships a really old version of it
CVE-2008-0294 (Unspecified vulnerability in the seat-locking implementation in FreeSe ...)
	NOT-FOR-US: FreeSeat
CVE-2008-0293 (Unspecified vulnerability in cron.php in FreeSeat before 1.1.5d, when  ...)
	NOT-FOR-US: FreeSeat
CVE-2008-0292 (Cross-site scripting (XSS) vulnerability in photo_album.pl in Dansie P ...)
	NOT-FOR-US: Dansie Photo Album
CVE-2008-0291 (SQL injection vulnerability in showproduct.asp in RichStrong CMS allow ...)
	NOT-FOR-US: RichStrong CMS
CVE-2008-0161
	RESERVED
CVE-2008-0290 (Multiple SQL injection vulnerabilities in Digital Hive 2.0 RC2 and ear ...)
	NOT-FOR-US: Digital Hive
CVE-2008-0289 (PHP remote file inclusion vulnerability in view_func.php in Member Are ...)
	NOT-FOR-US: Member Area System
CVE-2008-0288 (Multiple SQL injection vulnerabilities in ImageAlbum 2.0.0b2 allow rem ...)
	NOT-FOR-US: ImageAlbum
CVE-2008-0287 (PHP remote file inclusion vulnerability in VisionBurst vcart 3.3.2 all ...)
	NOT-FOR-US: VisionBurst vcart
CVE-2008-0286 (SQL injection vulnerability in admin/login.php in Article Dashboard al ...)
	NOT-FOR-US: Article Dashboard
CVE-2008-0285 (ngIRCd 0.10.x before 0.10.4 and 0.11.0 before 0.11.0-pre2 allows remot ...)
	- ngircd 0.10.3-2 (bug #461067; low)
	[etch] - ngircd <no-dsa> (Minor issue)
CVE-2008-0284 (Cross-site scripting (XSS) vulnerability in Simple Machines Forum (SMF ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2008-0283 (PHP remote file inclusion vulnerability in /aides/index.php in DomPHP  ...)
	NOT-FOR-US: DomPHP
CVE-2008-0282 (SQL injection vulnerability in welcome/inscription.php in DomPHP 0.81  ...)
	NOT-FOR-US: DomPHP
CVE-2008-0281 (SQL injection vulnerability in liste.php in ID-Commerce 2.0 and earlie ...)
	NOT-FOR-US: ID-Commerce
CVE-2008-0280 (SQL injection vulnerability in index.php in MTCMS 2.0 and possibly ear ...)
	NOT-FOR-US: MTCMS
CVE-2008-0279 (SQL injection vulnerability in liretopic.php in Xforum 1.4 and possibl ...)
	NOT-FOR-US: Xforum
CVE-2008-0278 (SQL injection vulnerability in index.php in X7 Chat 2.0.5 and possibly ...)
	NOT-FOR-US: X7 Chat
CVE-2008-0277 (Unspecified vulnerability in the Fileshare module for Drupal allows re ...)
	NOT-FOR-US: Fileshare module for Drupal
CVE-2008-0276 (Cross-site scripting (XSS) vulnerability in the Devel module before 5. ...)
	NOT-FOR-US: Devel module for Drupal
CVE-2008-0275 (The Atom 4.7 before 4.7.x-1.0 and 5.x before 5.x-1.0 module for Drupal ...)
	NOT-FOR-US: Atom module for Drupal
CVE-2008-0274 (Cross-site scripting (XSS) vulnerability in Drupal 4.7.x and 5.x, when ...)
	- drupal5 5.6-1 (unimportant)
	NOTE: needs register_globals on
CVE-2008-0273 (Interpretation conflict in Drupal 4.7.x before 4.7.11 and 5.x before 5 ...)
	- drupal5 5.6-1 (low)
CVE-2008-0272 (Cross-site request forgery (CSRF) vulnerability in the aggregator modu ...)
	- drupal5 5.6-1 (low)
CVE-2008-0271 (The editor deletion form in BUEditor 4.7.x before 4.7.x-1.0 and 5.x be ...)
	NOT-FOR-US: BUEditor
CVE-2008-0270 (SQL injection vulnerability in index.php in TaskFreak! 0.6.1 and earli ...)
	NOT-FOR-US: TaskFreak!
CVE-2008-0269 (Unspecified vulnerability in the dotoprocs function in Sun Solaris 10  ...)
	NOT-FOR-US: Sun Solaris
CVE-2008-0268 (Cross-site scripting (XSS) vulnerability in view.php in eTicket 1.5.5. ...)
	NOT-FOR-US: eTicket
CVE-2008-0267 (Multiple SQL injection vulnerabilities in eTicket 1.5.5.2 allow remote ...)
	NOT-FOR-US: eTicket
CVE-2008-0266 (Cross-site request forgery (CSRF) vulnerability in admin.php in eTicke ...)
	NOT-FOR-US: eTicket
CVE-2008-0265 (Multiple cross-site scripting (XSS) vulnerabilities in the Search func ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2008-0264 (Unspecified vulnerability in the Meta Tags (aka Nodewords) 5.x-1.6 mod ...)
	NOT-FOR-US: Meta Tags module for Drupal
CVE-2008-0263 (The SIP module in Ingate Firewall before 4.6.1 and SIParator before 4. ...)
	NOT-FOR-US: Ingate Firewall
CVE-2008-0262 (SQL injection vulnerability in includes/articleblock.php in Agares Php ...)
	NOT-FOR-US: Agares PhpAutoVideo
CVE-2008-0261 (Unspecified vulnerability in the search component and module in Mambo  ...)
	NOT-FOR-US: Mambo
	NOTE: Mambo is in experimental
CVE-2008-0260 (minimal Gallery 0.8 allows remote attackers to obtain configuration in ...)
	NOT-FOR-US: minimal Gallery
CVE-2008-0259 (Multiple directory traversal vulnerabilities in _mg/php/mg_thumbs.php  ...)
	NOT-FOR-US: minimal Gallery
CVE-2008-0258 (Cross-site scripting (XSS) vulnerability in index.php in PHP Running M ...)
	NOT-FOR-US: PHP Running Management
CVE-2008-0257 (Cross-site scripting (XSS) vulnerability in search.pl in Dansie Search ...)
	NOT-FOR-US: Dansie Search
CVE-2008-0256 (Multiple SQL injection vulnerabilities in Matteo Binda ASP Photo Galle ...)
	NOT-FOR-US: Matteo Binda ASP Photo Gallery
CVE-2008-0255 (SQL injection vulnerability in archive.php in iGaming 1.5, and 1.3.1 a ...)
	NOT-FOR-US: iGaming
CVE-2008-0254 (SQL injection vulnerability in activate.php in TutorialCMS (aka Photos ...)
	NOT-FOR-US: TutorialCMS
CVE-2008-0253 (SQL injection vulnerability in full_text.php in Binn SBuilder allows r ...)
	NOT-FOR-US: Binn SBuilder
CVE-2008-0252 (Directory traversal vulnerability in the _get_file_path function in (1 ...)
	{DSA-1481-1}
	- python-cherrypy 2.2.1-3.1 (low; bug #461069)
	- cherrypy3 3.0.2-2
CVE-2008-0251 (Unrestricted file upload vulnerability in PhotoPost vBGallery before 2 ...)
	NOT-FOR-US: PhotoPost vBGallery
CVE-2008-0250 (Buffer overflow in Microsoft Visual InterDev 6.0 (SP6) allows user-ass ...)
	NOT-FOR-US: Microsoft Visual InterDev
CVE-2008-0249 (PHP Webquest 2.6 allows remote attackers to retrieve database credenti ...)
	NOT-FOR-US: PHP Webquest
CVE-2008-0248 (Buffer overflow in an ActiveX control in ccpm_0237.dll for StreamAudio ...)
	NOT-FOR-US: StreamAudio ChainCast ProxyManager
CVE-2008-0247 (Heap-based buffer overflow in the Express Backup Server service (dsmsv ...)
	NOT-FOR-US: IBM Tivoli Storage Manager
CVE-2008-0246 (admin.php in UploadScript 1.0 does not check for the original password ...)
	NOT-FOR-US: UploadScript
CVE-2008-0245 (admin.php in UploadImage 1.0 does not check for the original password  ...)
	NOT-FOR-US: UploadImage
CVE-2008-0244 (SAP MaxDB 7.6.03 build 007 and earlier allows remote attackers to exec ...)
	- maxdb-7.5.00 <removed> (medium; bug #461444)
	NOTE: see #461456 for removal explanation
CVE-2008-0243 (Unspecified vulnerability in Lotus Domino 7.0.2 before Fix Pack 3 allo ...)
	NOT-FOR-US: Lotus Domino
CVE-2008-0242 (Unspecified vulnerability in libdevinfo in Sun Solaris 10 allows local ...)
	NOT-FOR-US: Sun Solari
CVE-2008-0241 (Open redirect vulnerability in /idm/user/login.jsp in Sun Java System  ...)
	NOT-FOR-US: Sun Java System Identity Manager
CVE-2008-0240 (/idm/help/index.jsp in Sun Java System Identity Manager 6.0 SP1 throug ...)
	NOT-FOR-US: Sun Java System Identity Manager
CVE-2008-0239 (Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System ...)
	NOT-FOR-US: Sun Java System Identity Manager
CVE-2008-0238 (Multiple heap-based buffer overflows in the rmff_dump_cont function in ...)
	NOTE: Dupe of CVE-2008-0225
CVE-2008-0299 (common.py in Paramiko 1.7.1 and earlier, when using threads or forked  ...)
	- paramiko 1.6.4-1.1 (low; bug #460706)
	[etch] - paramiko <no-dsa> (Minor issue)
	NOTE: http://web.archive.org/web/20100715101310/http://www.lag.net/pipermail/paramiko/2008-January/000599.html
CVE-2008-0237 (The Microsoft Rich Textbox ActiveX Control (RICHTX32.OCX) 6.1.97.82 al ...)
	NOT-FOR-US: Microsoft Rich Textbox ActiveX Control
CVE-2008-0236 (An ActiveX control for Microsoft Visual FoxPro (vfp6r.dll 6.0.8862.0)  ...)
	NOT-FOR-US: Microsoft Visual FoxPro
CVE-2008-0235 (The Microsoft VFP_OLE_Server ActiveX control allows remote attackers t ...)
	NOT-FOR-US: Microsoft VFP_OLE_Server ActiveX control
CVE-2008-0234 (Buffer overflow in Apple Quicktime Player 7.3.1.70 and other versions  ...)
	NOT-FOR-US: Apple Quicktime Player
CVE-2008-0233 (Unrestricted file upload vulnerability in Zero CMS 1.0 Alpha and earli ...)
	NOT-FOR-US: Zero CMS
CVE-2008-0232 (Multiple SQL injection vulnerabilities in Zero CMS 1.0 Alpha allow rem ...)
	NOT-FOR-US: Zero CMS
CVE-2008-0231 (Multiple directory traversal vulnerabilities in index.php in Tuned Stu ...)
	NOT-FOR-US: Tune Studio
CVE-2008-0230 (PHP remote file inclusion vulnerability in php121db.php in osDate 2.0. ...)
	NOT-FOR-US: osDate
CVE-2008-0229 (The telnet service in LevelOne WBR-3460 4-Port ADSL 2/2+ Wireless Mode ...)
	NOT-FOR-US: LevelOne router firmware
CVE-2008-0228 (Cross-site request forgery (CSRF) vulnerability in apply.cgi in the Li ...)
	NOT-FOR-US: Linksys WRT54GL firmware
CVE-2008-0227 (yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, ...)
	{DSA-1478-1}
	- mysql-dfsg-4.1 <removed>
	- mysql-dfsg-5.0 5.0.51-3 (low; bug #460873)
	- cyassl <not-affected> (Fixed before initial upload to archive)
CVE-2008-0226 (Multiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL ...)
	{DSA-1478-1}
	- mysql-dfsg-4.1 <removed>
	- mysql-dfsg-5.0 5.0.51-3 (medium; bug #460873)
	- cyassl <not-affected> (Fixed before initial upload to archive)
CVE-2008-0225 (Heap-based buffer overflow in the rmff_dump_cont function in input/lib ...)
	{DSA-1472-1 DTSA-109-1}
	- xine-lib 1.1.10-1 (medium; bug #460551)
CVE-2008-0224 (SQL injection vulnerability in index.php in the Newbb_plus 0.92 and ea ...)
	NOT-FOR-US: RunCMS
CVE-2008-0223 (Buffer overflow in JustSystems JSFC.DLL, as used in multiple JustSyste ...)
	NOT-FOR-US: JustSystem
CVE-2008-0222 (Unrestricted file upload vulnerability in ajaxfilemanager.php in the W ...)
	NOT-FOR-US: Wp-FileManager plugin for WordPress
CVE-2008-0221 (Directory traversal vulnerability in the WebLaunch.WeblaunchCtl.1 (aka ...)
	NOT-FOR-US: Gateway Weblaunch
CVE-2008-0220 (Multiple stack-based buffer overflows in the WebLaunch.WeblaunchCtl.1  ...)
	NOT-FOR-US: Gateway Weblaunch
CVE-2008-0219 (SQL injection vulnerability in soporte_horizontal_w.php in PHP Webques ...)
	NOT-FOR-US: Webquest
CVE-2008-0218 (Cross-site scripting (XSS) vulnerability in admin/index.html in Merak  ...)
	NOT-FOR-US: Merak IceWarp Mail Server
CVE-2008-0217 (The script program in FreeBSD 5.0 through 7.0-PRERELEASE invokes openp ...)
	- kfreebsd-5 <removed>
	[etch] - kfreebsd-5 <no-dsa> (FreeBSD not supported)
	- kfreebsd-6 <not-affected> (see bug #483152)
	- kfreebsd-7 <not-affected> (see bug #483152)
CVE-2008-0216 (The ptsname function in FreeBSD 6.0 through 7.0-PRERELEASE does not pr ...)
	- kfreebsd-5 <not-affected> (see bug #483152)
	- kfreebsd-6 <not-affected> (see bug #483152)
	- kfreebsd-7 <not-affected> (see bug #483152)
CVE-2008-0215 (Multiple unspecified vulnerabilities in HP Storage Essentials Storage  ...)
	NOT-FOR-US: HP SRM
CVE-2008-0214 (Multiple unspecified vulnerabilities in HP Select Identity 4.00, 4.01, ...)
	NOT-FOR-US: HP Select Identity
CVE-2008-0213 (Unspecified vulnerability in a certain ActiveX control for HP Virtual  ...)
	NOT-FOR-US: HP Virtual Rooms
CVE-2008-0212 (ovtopmd in HP OpenView Network Node Manager (OV NNM) 6.41, 7.01, and 7 ...)
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2008-0211 (Unspecified vulnerability in the BIOS F.04 through F.11 for the HP Com ...)
	NOT-FOR-US: BIOS F.04
CVE-2008-0210 (Uebimiau Webmail 2.7.10 and 2.7.2 does not protect authentication stat ...)
	NOT-FOR-US: Uebimiau Webmail
CVE-2008-0209 (Open redirect vulnerability in Forums/login.asp in Snitz Forums 2000 3 ...)
	NOT-FOR-US: Snitz Forums 2000
CVE-2008-0208 (Cross-site scripting (XSS) vulnerability in login.asp in Snitz Forums  ...)
	NOT-FOR-US: Snitz Forums 2000
CVE-2008-0207 (Multiple cross-site scripting (XSS) vulnerabilities in PRO-Search 0.17 ...)
	NOT-FOR-US: PRO-Search
CVE-2008-0206 (Multiple cross-site scripting (XSS) vulnerabilities in captcha\captcha ...)
	NOT-FOR-US: Captcha!
CVE-2008-0205 (Multiple cross-site request forgery (CSRF) vulnerabilities in math-com ...)
	NOT-FOR-US: Math Comment Spam Protection plugin for WordPress
CVE-2008-0204 (Multiple cross-site scripting (XSS) vulnerabilities in math-comment-sp ...)
	NOT-FOR-US: Math Comment Spam Protection plugin for WordPress
CVE-2008-0203 (Multiple cross-site scripting (XSS) vulnerabilities in cryptographp/ad ...)
	NOT-FOR-US: Cryptographp plugin for WordPress
CVE-2008-0202 (CRLF injection vulnerability in index.php in ExpressionEngine 1.2.1 an ...)
	NOT-FOR-US: ExpressionEngine
CVE-2008-0201 (Cross-site scripting (XSS) vulnerability in index.php in ExpressionEng ...)
	NOT-FOR-US: ExpressionEngine
CVE-2008-0200 (Multiple cross-site scripting (XSS) vulnerabilities in account/index.h ...)
	NOT-FOR-US: RotaBanner
CVE-2008-0199 (PRO-Search 0.17 and earlier allows remote attackers to cause a denial  ...)
	NOT-FOR-US: PRO-Search
CVE-2008-0198 (Multiple cross-site request forgery (CSRF) vulnerabilities in wp-conta ...)
	NOT-FOR-US: WP-ContactForm plugin for WordPress
CVE-2008-0197 (Multiple cross-site scripting (XSS) vulnerabilities in wp-contact-form ...)
	NOT-FOR-US: WP-ContactForm plugin for WordPress
CVE-2008-0196 (Multiple directory traversal vulnerabilities in WordPress 2.0.11 and e ...)
	- wordpress 2.3.3-1
	[etch] - wordpress <no-dsa> (Auth is needed and attacker should have permissions to edit files)
CVE-2008-0195 (WordPress 2.0.11 and earlier allows remote attackers to obtain sensiti ...)
	- wordpress 2.1.0-1 (unimportant)
	NOTE: full path and DB structure already known on Debian
	NOTE: poked hendry
CVE-2008-0194 (Directory traversal vulnerability in wp-db-backup.php in WordPress 2.0 ...)
	{DSA-1502-1}
	- wordpress 2.1.0-1
	NOTE: Vulnerable code removed since 2.1 release
CVE-2008-0193 (Cross-site scripting (XSS) vulnerability in wp-db-backup.php in WordPr ...)
	{DSA-1502-1}
	- wordpress 2.1.0-1
	NOTE: Vulnerable code removed since 2.1 release
CVE-2008-0192 (Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.0.9 ...)
	- wordpress 2.0.10-1
	NOTE: poked hendry
CVE-2008-0191 (WordPress 2.2.x and 2.3.x allows remote attackers to obtain sensitive  ...)
	- wordpress <unfixed> (unimportant)
	NOTE: full path and DB structure already known on Debian
	NOTE: poked hendry
CVE-2008-0190 (Multiple cross-site scripting (XSS) vulnerabilities in templates/examp ...)
	NOT-FOR-US: AwesomeTemplateEngine
CVE-2008-0189
	REJECTED
CVE-2008-0188
	REJECTED
CVE-2008-0187 (SQL injection vulnerability in songinfo.php in SAM Broadcaster samPHPw ...)
	NOT-FOR-US: SAM Broadcaster samPHPweb
CVE-2008-0186 (Cross-site scripting (XSS) vulnerability in index.php in NetRisk 1.9.7 ...)
	NOT-FOR-US: NetRisk
CVE-2008-0185 (SQL injection vulnerability in index.php in NetRisk 1.9.7 and possibly ...)
	NOT-FOR-US: NetRisk
CVE-2008-0184 (Absolute path traversal vulnerability in index.php in Sys-Hotel on Lin ...)
	NOT-FOR-US: Sys-Hotel
CVE-2008-0183
	RESERVED
CVE-2008-0182 (Cross-site request forgery (CSRF) vulnerability in the Admin portlet i ...)
	- liferay-portal <itp> (bug #569819)
CVE-2008-0181 (Cross-site scripting (XSS) vulnerability in the Admin portlet in Lifer ...)
	- liferay-portal <itp> (bug #569819)
CVE-2008-0180 (Cross-site scripting (XSS) vulnerability in themes/_unstyled/templates ...)
	- liferay-portal <itp> (bug #569819)
CVE-2008-0179 (Cross-site scripting (XSS) vulnerability in service/impl/UserLocalServ ...)
	- liferay-portal <itp> (bug #569819)
CVE-2008-0178 (Cross-site scripting (XSS) vulnerability in the Enterprise Admin Sessi ...)
	- liferay-portal <itp> (bug #569819)
CVE-2008-0177 (The ipcomp6_input function in sys/netinet6/ipcomp_input.c in the KAME  ...)
	- kfreebsd-7 <not-affected> (see bug #483152)
	- kfreebsd-6 <not-affected> (see bug #483152)
	- kfreebsd-5 <removed>
	[etch] - kfreebsd-5 <no-dsa> (FreeBSD not supported)
	NOTE: Linux kernel code is not affected, the proper check is there
	NOTE: (somewhat difficult to spot, it happens in the caller).
CVE-2008-0176 (Heap-based buffer overflow in w32rtr.exe in GE Fanuc CIMPLICITY HMI SC ...)
	NOT-FOR-US: GE Fanuc CIMPLICITY
CVE-2008-0175 (Unrestricted file upload vulnerability in GE Fanuc Proficy Real-Time I ...)
	NOT-FOR-US: GE Fanuc Proficy Real-Time Information Portal
CVE-2008-0174 (GE Fanuc Proficy Real-Time Information Portal 2.6 and earlier uses HTT ...)
	NOT-FOR-US: GE Fanuc Proficy Real-Time Information Portal
CVE-2008-0172 (The get_repeat_type function in basic_regex_creator.hpp in the Boost r ...)
	- boost 1.34.1-5 (low; bug #461236)
	[etch] - boost <no-dsa> (Minor issue)
CVE-2008-0171 (regex/v4/perl_matcher_non_recursive.hpp in the Boost regex library (ak ...)
	- boost 1.34.1-5 (low; bug #461236)
	[etch] - boost <no-dsa> (Minor issue)
CVE-2008-0170
	RESERVED
CVE-2008-0169 (Plugin/passwordauth.pm (aka the passwordauth plugin) in ikiwiki 1.34 t ...)
	- ikiwiki 2.48 (medium; bug #483770)
	[etch] - ikiwiki <not-affected> (Vulnerable code introduced in 1.34)
CVE-2008-0168
	RESERVED
CVE-2008-0167 (The write_array_file function in utils/include.pl in GForge 4.5.14 upd ...)
	{DSA-1577-1}
	- gforge 4.6.99+svn6496-1 (low)
	NOTE: https://rt.debian.org/Ticket/Display.html?id=672
CVE-2008-0166 (OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operat ...)
	{DSA-1576-1 DSA-1571-1}
	- openssl 0.9.8g-9 (high)
	[sarge] - openssl <not-affected> (Vulnerable code not present)
	- openssh 4.7p1-9 (high)
	NOTE: http://www.debian.org/security/key-rollover/
CVE-2008-0165 (Cross-site request forgery (CSRF) vulnerability in Ikiwiki before 2.42 ...)
	{DSA-1553-1}
	- ikiwiki 2.42
CVE-2008-0164 (Multiple cross-site request forgery (CSRF) vulnerabilities in Plone CM ...)
	- plone3 3.1.1-1 (bug #473571)
CVE-2008-0163 (Linux kernel 2.6, when using vservers, allows local users to access re ...)
	{DSA-1494-1}
	- linux-2.6 2.6.25-1 (high)
CVE-2008-0162 (misc.c in splitvt 1.6.6 and earlier does not drop group privileges bef ...)
	{DSA-1500-1}
	- splitvt 1.6.6-4
CVE-2008-0302 (Untrusted search path vulnerability in apt-listchanges.py in apt-listc ...)
	{DSA-1465-2}
	- apt-listchanges 2.82 (medium)
	[sarge] - apt-listchanges <not-affected> (Vulnerable code not present)
	NOTE: see http://web.archive.org/web/20080206193307/http://git.madism.org:80/?p=apt-listchanges.git;a=commitdiff;h=1bcfbf3dc55413bb83a1782dc9a54515a963fb32
CVE-2008-0160
	RESERVED
CVE-2008-0173 (SQL injection vulnerability in Gforge 4.6.99 and earlier allows remote ...)
	{DSA-1459-1}
	- gforge 4.6.99+svn6330-1 (medium)
	NOTE: this is exploitable by unauthenticated users
	NOTE: Requires register_globals to be On, unsupported in lenny+sid.
	NOTE: In lenny+sid these scripts just don't work, so no security issue.
	NOTE: In etch+sarge we support gforge with rg On, unfortunately.
CVE-2008-0159 (SQL injection vulnerability in index.php in eggBlog 3.1.0 and earlier  ...)
	NOT-FOR-US: eggBlog
CVE-2008-0158 (Directory traversal vulnerability in index.php in Shop-Script 2.0 and  ...)
	NOT-FOR-US: Shop-Script
CVE-2008-0157 (SQL injection vulnerability in FlexBB 0.6.3 and earlier allows remote  ...)
	NOT-FOR-US: FlexBB
CVE-2008-0156 (Absolute path traversal vulnerability in index.php in Million Dollar S ...)
	NOT-FOR-US: Million Dollar Script
CVE-2008-0155 (Cross-site scripting (XSS) vulnerability in index.php in EvilBoard 0.1 ...)
	NOT-FOR-US: EvilBoard
CVE-2008-0154 (SQL injection vulnerability in index.php in EvilBoard 0.1a (Alpha) all ...)
	NOT-FOR-US: EvilBoard
CVE-2008-0153 (telnetd.exe in Pragma TelnetServer 7.0.4.589 allows remote attackers t ...)
	NOT-FOR-US: Pragma TelnetServer
CVE-2008-0152 (SLnet.exe in SeattleLab SLNet RF Telnet Server 4.1.1.3758 and earlier  ...)
	NOT-FOR-US: SeattleLab SLNet RF Telnet Server
CVE-2008-0151 (Heap-based buffer overflow in Foxit WAC Server 2.1.0.910, 2.0 Build 35 ...)
	NOT-FOR-US: Foxit WAC Server
CVE-2008-0150 (Unspecified vulnerability in the LDAP authentication feature in Aruba  ...)
	NOT-FOR-US: Aruba Mobility Controller
CVE-2008-0149 (TUTOS 1.3 allows remote attackers to read system information via a dir ...)
	- tutos <removed>
	- tutos2 <not-affected> (vulnerable code not present)
CVE-2008-0148 (TUTOS 1.3 does not restrict access to php/admin/cmd.php, which allows  ...)
	- tutos <removed>
	- tutos2 <not-affected> (vulnerable code not present)
CVE-2008-0147 (SQL injection vulnerability in index.php in SmallNuke 2.0.4 and earlie ...)
	NOT-FOR-US: SmallNuke
CVE-2008-0146 (Cross-site scripting (XSS) vulnerability in the error page in W3-mSQL  ...)
	NOT-FOR-US: W3-mSQL
CVE-2008-0145 (Unspecified vulnerability in glob in PHP before 4.4.8, when open_based ...)
	- php4 <removed> (unimportant)
	NOTE: open_basedir bypasses not supported
CVE-2008-0144 (PHP remote file inclusion vulnerability in index.php in NetRisk 1.9.7  ...)
	NOT-FOR-US: NetRisk
CVE-2008-0143 (PHP remote file inclusion vulnerability in common/db.php in samPHPweb, ...)
	NOT-FOR-US: samPHPweb
CVE-2008-0142 (Multiple SQL injection vulnerabilities in WebPortal CMS 0.6-beta allow ...)
	NOT-FOR-US: WebPortal CMS
CVE-2008-0141 (actions.php in WebPortal CMS 0.6-beta generates predictable passwords  ...)
	NOT-FOR-US: WebPortal CMS
CVE-2008-0140 (Directory traversal vulnerability in error.php in Uebimiau Webmail 2.7 ...)
	NOT-FOR-US: Uebimiau Webmail
CVE-2008-0139 (Eval injection vulnerability in loudblog/inc/parse_old.php in Loudblog ...)
	NOT-FOR-US: Loudblog
CVE-2008-0138 (PHP remote file inclusion vulnerability in xoopsgallery/init_basic.php ...)
	NOT-FOR-US: XOOPS
CVE-2008-0137 (PHP remote file inclusion vulnerability in config.inc.php in SNETWORKS ...)
	NOT-FOR-US: SNETWORKS
CVE-2008-0136 (Snitz Forums 2000 3.4.05 allows remote attackers to obtain sensitive i ...)
	NOT-FOR-US: Snitz Forums 2000
CVE-2008-0135 (Snitz Forums 2000 3.4.06 and earlier stores sensitive information unde ...)
	NOT-FOR-US: Snitz Forums 2000
CVE-2008-0134 (Cross-site scripting (XSS) vulnerability in Forums/setup.asp in Snitz  ...)
	NOT-FOR-US: Snitz Forums 2000
CVE-2008-0133 (Multiple SQL injection vulnerabilities in Tribisur 2.1 and earlier all ...)
	NOT-FOR-US: Tribisur
CVE-2008-0132 (Pragma FortressSSH 5.0 Build 4 Revision 293 and earlier handles long i ...)
	NOT-FOR-US: Pragma FortressSSH
CVE-2008-0131 (Cross-site scripting (XSS) vulnerability in login_form.asp in Instant  ...)
	NOT-FOR-US: Instant Softwares Dating Site
CVE-2008-0130 (SQL injection vulnerability in login_form.asp in Instant Softwares Dat ...)
	NOT-FOR-US: Instant Softwares Dating Site
CVE-2008-0129 (SQL injection vulnerability in starnet/addons/slideshow_full.php in Si ...)
	NOT-FOR-US: Site@School
CVE-2008-0128 (The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn ...)
	{DSA-1468-1}
	- tomcat5 <removed> (unimportant)
	NOTE: SSO cookies not working in 5.0, have only been fixed in 5.5.13, see #34724
	- tomcat5.5 5.5.23-1 (low)
	NOTE: SSO cookies sent over secure connections do not require
	NOTE: secure connections, possibly defeating HTTPS encryption.
	NOTE: See: http://issues.apache.org/bugzilla/show_bug.cgi?id=41217
CVE-2008-0127 (The administration interface in McAfee E-Business Server 8.5.2 and ear ...)
	NOT-FOR-US: McAfee E-Business Server
CVE-2008-0126
	RESERVED
CVE-2008-0125 (Cross-site scripting (XSS) vulnerability in phpstats.php in Michael Wa ...)
	NOT-FOR-US: Michael Wagner phpstats
CVE-2008-0124 (Cross-site scripting (XSS) vulnerability in Serendipity (S9Y) before 1 ...)
	{DSA-1528-1}
	- serendipity 1.3~b1-1 (low; bug #469667)
CVE-2008-0123 (Cross-site scripting (XSS) vulnerability in install.php for Moodle 1.8 ...)
	- moodle 1.9.8-1 (unimportant)
	NOTE: the issue itself has a quite small attack vector
	NOTE: and considering that the apache configuration that comes
	NOTE: with moodle limits connections to localhost this is no issue
CVE-2008-0122 (Off-by-one error in the inet_network function in libbind in ISC BIND 9 ...)
	- bind <removed>
	[sarge] - bind <no-dsa> (applications will use inet_network in libc)
	[etch] - bind <no-dsa> (applications will use inet_network in libc)
	- bind9 <not-affected> (does not build libbind)
	- glibc 2.2-1
	NOTE: The fix for the BIND-based resolver in GNU libc was made in 2000.
	NOTE: libbind9 is distinct code, not related to the old libbind.
CVE-2008-0121 (A "memory calculation error" in Microsoft PowerPoint Viewer 2003 allow ...)
	NOT-FOR-US: Microsoft PowerPoint Viewer
CVE-2008-0120 (Integer overflow in Microsoft PowerPoint Viewer 2003 allows remote att ...)
	NOT-FOR-US: Microsoft PowerPoint Viewer
CVE-2008-0119 (Unspecified vulnerability in Microsoft Publisher in Office 2000 and XP ...)
	NOT-FOR-US: Microsoft Publisher
CVE-2008-0118 (Unspecified vulnerability in Microsoft Office 2000 SP3, XP SP3, 2003 S ...)
	NOT-FOR-US: Microsoft Office
CVE-2008-0117 (Unspecified vulnerability in Microsoft Excel 2000 SP3 and 2002 SP2, an ...)
	NOT-FOR-US: Microsoft Excel
CVE-2008-0116 (Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, Compatibility  ...)
	NOT-FOR-US: Microsoft Excel
CVE-2008-0115 (Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, Vi ...)
	NOT-FOR-US: Microsoft Excel
CVE-2008-0114 (Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2 ...)
	NOT-FOR-US: Microsoft Excel
CVE-2008-0113 (Unspecified vulnerability in Microsoft Office Excel Viewer 2003 up to  ...)
	NOT-FOR-US: Microsoft Excel
CVE-2008-0112 (Unspecified vulnerability in Microsoft Excel 2000 SP3, and Office for  ...)
	NOT-FOR-US: Microsoft Excel
CVE-2008-0111 (Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, Vi ...)
	NOT-FOR-US: Microsoft Excel
CVE-2008-0110 (Unspecified vulnerability in Microsoft Outlook in Office 2000 SP3, XP  ...)
	NOT-FOR-US: Microsoft Outlook
CVE-2008-0109 (Word in Microsoft Office 2000 SP3, XP SP3, Office 2003 SP2, and Office ...)
	NOT-FOR-US: Microsoft Office
CVE-2008-0108 (Stack-based buffer overflow in wkcvqd01.dll in Microsoft Works 6 File  ...)
	NOT-FOR-US: Microsoft Office
CVE-2008-0107 (Integer underflow in SQL Server 7.0 SP4, 2000 SP4, 2005 SP1 and SP2, 2 ...)
	NOT-FOR-US: Microsoft SQL Server
CVE-2008-0106 (Buffer overflow in Microsoft SQL Server 2005 SP1 and SP2, and 2005 Exp ...)
	NOT-FOR-US: Microsoft SQL Server
CVE-2008-0105 (Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3,  ...)
	NOT-FOR-US: Microsoft Office
CVE-2008-0104 (Unspecified vulnerability in Microsoft Office Publisher 2000, 2002, an ...)
	NOT-FOR-US: Microsoft Office
CVE-2008-0103 (Unspecified vulnerability in Microsoft Office 2000 SP3, Office XP SP3, ...)
	NOT-FOR-US: Microsoft Office
CVE-2008-0102 (Unspecified vulnerability in Microsoft Office Publisher 2000, 2002, an ...)
	NOT-FOR-US: Microsoft Office
CVE-2008-0101 (Format string vulnerability in the swDebugf function in DuneApp.cpp in ...)
	- whitedune 0.28.13-1 (medium)
CVE-2008-0100 (Stack-based buffer overflow in the Scene::errorf function in Scene.cpp ...)
	- whitedune 0.28.13-1 (medium)
CVE-2008-0099 (Multiple SQL injection vulnerabilities in MyPHP Forum 3.0 and earlier  ...)
	NOT-FOR-US: MyPHP Forum
CVE-2008-0098 (Buffer overflow in RealPlayer 11 build 6.0.14.748 allows remote attack ...)
	NOT-FOR-US: RealPlayer
CVE-2008-0097 (Format string vulnerability in the log function in Georgia SoftWorks S ...)
	NOT-FOR-US: Georgia SoftWorks SSH2 Server
CVE-2008-0096 (Multiple buffer overflows in Georgia SoftWorks SSH2 Server (GSW_SSHD)  ...)
	NOT-FOR-US: Georgia SoftWorks SSH2 Server
CVE-2008-0095 (The SIP channel driver in Asterisk Open Source 1.4.x before 1.4.17, Bu ...)
	- asterisk 1:1.4.17~dfsg-1 (medium; bug #458952)
	[etch] - asterisk <not-affected> (Only Asterisk 1.4.x affected)
	[sarge] - asterisk <not-affected> (Only Asterisk 1.4.x affected)
CVE-2008-0094 (Multiple directory traversal vulnerabilities in MODx Content Managemen ...)
	NOT-FOR-US: MODx Content Management System
CVE-2008-0093 (Multiple cross-site scripting (XSS) vulnerabilities in newticket.php i ...)
	NOT-FOR-US: eTicket
CVE-2008-0092 (Cross-site scripting (XSS) vulnerability in index.php in the search mo ...)
	NOT-FOR-US: Appalachian State University phpWebSite
CVE-2008-0091 (Directory traversal vulnerability in download2.php in AGENCY4NET WEBFT ...)
	NOT-FOR-US: AGENCY4NET WEBFTP
CVE-2008-0090 (A certain ActiveX control in npUpload.dll in DivX Player 6.6.0 allows  ...)
	NOT-FOR-US: DivX Player
CVE-2008-0089 (SQL injection vulnerability in uprofile.php in ClipShare allows remote ...)
	NOT-FOR-US: ClipShare
CVE-2008-0088 (Unspecified vulnerability in Active Directory on Microsoft Windows 200 ...)
	NOT-FOR-US: Windows
CVE-2008-0087 (The DNS client in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2008-0086 (Buffer overflow in the convert function in Microsoft SQL Server 2000 S ...)
	NOT-FOR-US: Microsoft SQL Server
CVE-2008-0085 (SQL Server 7.0 SP4, 2000 SP4, 2005 SP1 and SP2, 2000 Desktop Engine (M ...)
	NOT-FOR-US: Microsoft SQL Server
CVE-2008-0084 (Unspecified vulnerability in the TCP/IP support in Microsoft Windows V ...)
	NOT-FOR-US: Windows
CVE-2008-0083 (The (1) VBScript (VBScript.dll) and (2) JScript (JScript.dll) scriptin ...)
	NOT-FOR-US: Microsoft Windows
CVE-2008-0082 (An ActiveX control (Messenger.UIAutomation.1) in Windows Messenger 4.7 ...)
	NOT-FOR-US: Windows Messenger
CVE-2008-0081 (Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2 ...)
	NOT-FOR-US: Microsoft
CVE-2008-0080 (Heap-based buffer overflow in the WebDAV Mini-Redirector in Microsoft  ...)
	NOT-FOR-US: Windows
CVE-2008-0079
	REJECTED
CVE-2008-0078 (Unspecified vulnerability in an ActiveX control (dxtmsft.dll) in Micro ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-0077 (Use-after-free vulnerability in Microsoft Internet Explorer 6 SP1, 6 S ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-0076 (Unspecified vulnerability in Microsoft Internet Explorer 5.01, 6 SP1 a ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-0075 (Unspecified vulnerability in Microsoft Internet Information Services ( ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-0074 (Unspecified vulnerability in Microsoft Internet Information Services ( ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-0073 (Array index error in the sdpplin_parse function in input/libreal/sdppl ...)
	{DSA-1543-1 DSA-1536-1 DTSA-119-1 DTSA-128-1}
	- xine-lib 1.1.11-1 (medium)
	- vlc 0.8.6.e-2 (medium; bug #473057)
	NOTE: http://bugs.xine-project.org/show_bug.cgi?id=58
CVE-2008-0072 (Format string vulnerability in the emf_multipart_encrypted function in ...)
	{DSA-1512-1}
	- evolution 2.12.3-1.1
	NOTE: SA29057
CVE-2008-0071 (The Web UI interface in (1) BitTorrent before 6.0.3 build 8642 and (2) ...)
	NOT-FOR-US: uTorrent 1.7.7 (build 8179) / BitTorrent 6.0.1 (build 7859)
CVE-2008-0070 (Integer overflow in Orb Networks Orb 2.00.1014 and Winamp Remote BETA  ...)
	NOT-FOR-US: Orb Networks Orb and Winamp Remote BETA
CVE-2008-0069 (Stack-based buffer overflow in XnView 1.92 and 1.92.1 allows user-assi ...)
	NOT-FOR-US: XnView
CVE-2008-0068 (Directory traversal vulnerability in OpenView5.exe in HP OpenView Netw ...)
	NOT-FOR-US: HP OpenView
CVE-2008-0067 (Multiple stack-based buffer overflows in HP OpenView Network Node Mana ...)
	NOT-FOR-US: HP OpenView Network Node Manager (OV NNM)
CVE-2008-0066 (Multiple buffer overflows in htmsr.dll in the HTML speed reader in Aut ...)
	NOT-FOR-US: KeyView
CVE-2008-0065 (Multiple stack-based buffer overflows in in_mp3.dll in Winamp 5.21, 5. ...)
	NOT-FOR-US: Winamp
CVE-2008-0064 (Stack-based buffer overflow in Pierre-emmanuel Gougelet (1) XnView 1.9 ...)
	NOT-FOR-US: XnView, nconvert GFL SDK for Windows
CVE-2008-0063 (The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not pro ...)
	{DSA-1524-1}
	- krb5 1.6.dfsg.3~beta1-4 (medium)
CVE-2008-0062 (KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for som ...)
	{DSA-1524-1}
	- krb5 1.6.dfsg.3~beta1-4 (high)
CVE-2008-0060 (Help Viewer in Apple Mac OS X 10.4.11 and 10.5.2 allows remote attacke ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0059 (Race condition in NSXML in Foundation for Apple Mac OS X 10.4.11 allow ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0058 (Race condition in the NSURLConnection cache management functionality i ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0057 (Multiple integer overflows in a "legacy serialization format" parser i ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0056 (Stack-based buffer overflow in Foundation in Apple Mac OS X 10.4.11 al ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0055 (Foundation in Apple Mac OS X 10.4.11 creates world-writable directorie ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0054 (Foundation in Apple Mac OS X 10.4.11 might allow context-dependent att ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0053 (Multiple buffer overflows in the HP-GL/2-to-PostScript filter in CUPS  ...)
	{DSA-1625-1}
	- cupsys 1.3.6-1
	- cups 1.3.6-1
	NOTE: https://bugzilla.redhat.com/attachment.cgi?id=298651
CVE-2008-0052 (CoreServices in Apple Mac OS X 10.4.11 treats .ief as a safe file type ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0051 (Integer overflow in CoreFoundation in Apple Mac OS X 10.4.11 might all ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0050 (CFNetwork in Apple Mac OS X 10.4.11 allows remote HTTPS proxy servers  ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0049 (AppKit in Apple Mac OS X 10.4.11 inadvertently makes an NSApplication  ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0048 (Stack-based buffer overflow in AppKit in Apple Mac OS X 10.4.11 allows ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0047 (Heap-based buffer overflow in the cgiCompileSearch function in CUPS 1. ...)
	{DSA-1530-1}
	- cupsys 1.3.6-3 (medium; bug #472105)
	- cups 1.3.6-3 (medium; bug #472105)
	[sarge] - cupsys <not-affected> (Vulnerable code not present)
CVE-2008-0046 (The Application Firewall in Apple Mac OS X 10.5.2 has an incorrect Ger ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0045 (Unspecified vulnerability in AFP Server in Apple Mac OS X 10.4.11 allo ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0044 (Multiple buffer overflows in AFP Client in Apple Mac OS X 10.4.11 and  ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0043 (Format string vulnerability in Apple iPhoto before 7.1.2 allows remote ...)
	NOT-FOR-US: Apple iPhoto
CVE-2008-0042 (Argument injection vulnerability in Terminal.app in Terminal in Apple  ...)
	NOT-FOR-US: Apple Mac OSX
CVE-2008-0041 (Parental Controls in Apple Mac OS X 10.5 through 10.5.1 contacts www.a ...)
	NOT-FOR-US: Apple Mac OSX
CVE-2008-0040 (Unspecified vulnerability in NFS in Apple Mac OS X 10.5 through 10.5.1 ...)
	NOT-FOR-US: Apple Mac OSX
CVE-2008-0039 (Unspecified vulnerability in Mail in Apple Mac OS X 10.4.11 allows rem ...)
	NOT-FOR-US: Apple Mac OSX
CVE-2008-0038 (Launch Services in Apple Mac OS X 10.5 through 10.5.1 allows an uninst ...)
	NOT-FOR-US: Apple Mac OSX
CVE-2008-0037 (X11 in Apple Mac OS X 10.5 through 10.5.1 does not properly handle whe ...)
	NOT-FOR-US: Apple Mac OSX
CVE-2008-0036 (Buffer overflow in Apple QuickTime before 7.4 allows remote attackers  ...)
	NOT-FOR-US: Apple QuickTime
CVE-2008-0035 (Unspecified vulnerability in Foundation, as used in Apple iPhone 1.0 t ...)
	NOT-FOR-US: Apple cocoa Foundation
	NOTE: AFAICS this is not the same as libfoundation in Debian
CVE-2008-0034 (Unspecified vulnerability in Passcode Lock in Apple iPhone 1.0 through ...)
	NOT-FOR-US: Apple iPhone
CVE-2008-0033 (Unspecified vulnerability in Apple QuickTime before 7.4 allows remote  ...)
	NOT-FOR-US: Apple QuickTime
CVE-2008-0032 (Apple QuickTime before 7.4 allows remote attackers to execute arbitrar ...)
	NOT-FOR-US: Apple QuickTime
CVE-2008-0031 (Unspecified vulnerability in Apple QuickTime before 7.4 allows remote  ...)
	NOT-FOR-US: Apple QuickTime
CVE-2008-0030
	REJECTED
CVE-2008-0029 (Cisco Application Velocity System (AVS) before 5.1.0 is installed with ...)
	NOT-FOR-US: Cisco
CVE-2008-0028 (Unspecified vulnerability in Cisco PIX 500 Series Security Appliance a ...)
	NOT-FOR-US: Cisco
CVE-2008-0027 (Heap-based buffer overflow in the Certificate Trust List (CTL) Provide ...)
	NOT-FOR-US: Cisco
CVE-2008-0026 (SQL injection vulnerability in Cisco Unified CallManager/Communication ...)
	NOT-FOR-US: Cisco
CVE-2008-0025
	RESERVED
CVE-2008-0024
	RESERVED
CVE-2008-0023
	RESERVED
CVE-2008-0022
	RESERVED
CVE-2008-0021
	RESERVED
CVE-2008-0020 (Unspecified vulnerability in the Load method in the IPersistStreamInit ...)
	NOT-FOR-US: Microsoft
CVE-2008-0019
	RESERVED
CVE-2008-0018
	RESERVED
CVE-2008-0017 (The http-index-format MIME type parser (nsDirIndexParser) in Firefox 3 ...)
	{DSA-1697-1 DSA-1671-1 DSA-1669-1}
	- iceweasel 3.0.4-1
	- xulrunner 1.9.0.4-1
	- iceape 1.1.13-1
CVE-2008-0016 (Stack-based buffer overflow in the URL parsing implementation in Mozil ...)
	{DSA-1697-1 DSA-1696-1 DSA-1669-1 DSA-1649-1}
	- xulrunner 1.9.0.1-1
	- iceweasel 3.0.1-1
	- iceape 1.1.12-1
	- icedove 2.0.0.17-1
CVE-2008-0015 (Stack-based buffer overflow in the CComVariant::ReadFromStream functio ...)
	NOT-FOR-US: Microsoft
CVE-2008-0014 (Heap-based buffer overflow in an unspecified procedure in Trend Micro  ...)
	NOT-FOR-US: Trend Micro
CVE-2008-0013 (Heap-based buffer overflow in an unspecified procedure in Trend Micro  ...)
	NOT-FOR-US: Trend Micro
CVE-2008-0012 (Heap-based buffer overflow in an unspecified procedure in Trend Micro  ...)
	NOT-FOR-US: Trend Micro
CVE-2008-0011 (Microsoft DirectX 8.1 through 9.0c, and DirectX on Microsoft XP SP2 an ...)
	NOT-FOR-US: Microsoft DirectX
CVE-2008-0010 (The copy_from_user_mmap_sem function in fs/splice.c in the Linux kerne ...)
	- linux-2.6 2.6.24-4
	- linux-2.6.24 <not-affected> (Fixed before initial upload, in 2.6.24-4 of linux-2.6)
	[etch] - linux-2.6 <not-affected> (vulnerable code not present)
CVE-2008-0009 (The vmsplice_to_user function in fs/splice.c in the Linux kernel 2.6.2 ...)
	- linux-2.6 2.6.24-4
	- linux-2.6.24 <not-affected> (Fixed before initial upload, in 2.6.24-4 of linux-2.6)
	[etch] - linux-2.6 <not-affected> (vulnerable code not present)
CVE-2008-0008 (The pa_drop_root function in PulseAudio 0.9.8, and a certain 0.9.9 bui ...)
	{DSA-1476-1}
	- pulseaudio 0.9.9-1
CVE-2008-0007 (Linux kernel before 2.6.22.17, when using certain drivers that registe ...)
	{DSA-1565-1 DSA-1503-2 DSA-1504-1 DSA-1503-1}
	- linux-2.6.24 <not-affected> (Fixed before initial upload, in 2.6.24-4 of linux-2.6)
	- linux-2.6 2.6.24-4
CVE-2008-0006 (Buffer overflow in (1) X.Org Xserver before 1.4.1, and (2) the libfont ...)
	{DSA-1466-2 DTSA-110-1}
	- xorg-server 2:1.4.1~git20080105-2
	- libxfont 1:1.3.1-2
	[etch] - libxfont 1:1.2.2-2.etch1
CVE-2008-0005 (mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-de ...)
	- apache2 2.2.8-1 (low)
	- apache <removed> (low)
	[etch] - apache <no-dsa> (browser issue; low impact)
	[sarge] - apache <no-dsa> (browser issue; low impact)
	[sarge] - apache2 <no-dsa> (browser issue; low impact)
	[etch] - apache2 2.2.3-4+etch4 (low)
CVE-2008-0004
	REJECTED
CVE-2008-0003 (Stack-based buffer overflow in the PAMBasicAuthenticator::PAMCallback  ...)
	NOT-FOR-US: OpenPegasus CIM management server
CVE-2008-0002 (Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context ...)
	- tomcat5.5 <not-affected> (Only Tomcat 6 is affected, according to upstream)
CVE-2008-0001 (VFS in the Linux kernel before 2.6.22.16, and 2.6.23.x before 2.6.23.1 ...)
	{DSA-1479-1}
	- linux-2.6 2.6.24-1
	- linux-2.6.24 <not-affected> (Fixed before initial upload, upstream in 2.6.24)
CVE-2008-0061 (MaraDNS 1.0 before 1.0.41, 1.2 before 1.2.12.08, and 1.3 before 1.3.07 ...)
	{DSA-1445-1}
	- maradns 1.2.12.08-1
	NOTE: http://marc.info/?l=maradns-list&m=118842373527534&w=2