CVE-1999-0001 (ip_input.c in BSD-derived TCP/IP implementations allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0002 (Buffer overflow in NFS mountd gives root access to remote attackers, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0003 (Execute commands as root via buffer overflow in Tooltalk database ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0004 (MIME buffer overflow in email clients, e.g. Solaris mailtool ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0005 (Arbitrary command execution via IMAP buffer overflow in authenticate ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0006 (Buffer overflow in POP servers based on BSD/Qualcomm's qpopper allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0007 (Information from SSL-encrypted sessions via PKCS #1. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0008 (Buffer overflow in NIS+, in Sun's rpc.nisd program. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0009 (Inverse query buffer overflow in BIND 4.9 and BIND 8 Releases. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0010 (Denial of Service vulnerability in BIND 8 Releases via maliciously ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0011 (Denial of Service vulnerabilities in BIND 4.9 and BIND 8 Releases ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0012 (Some web servers under Microsoft Windows allow remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0013 (Stolen credentials from SSH clients via ssh-agent program, allowing ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0014 (Unauthorized privileged access or denial of service via dtappgather ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0015 (Teardrop IP denial of service. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0016 (Land IP denial of service. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0017 (FTP servers can allow an attacker to connect to arbitrary ports on ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0018 (Buffer overflow in statd allows root privileges. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0019 (Delete or create a file via rpc.statd, due to invalid information. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0020 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0021 (Arbitrary command execution via buffer overflow in Count.cgi ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0022 (Local user gains root privileges via buffer overflow in rdist, via ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0023 (Local user gains root privileges via buffer overflow in rdist, via ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0024 (DNS cache poisoning via BIND, by predictable query IDs. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0025 (root privileges via buffer overflow in df command on SGI IRIX ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0026 (root privileges via buffer overflow in pset command on SGI IRIX ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0027 (root privileges via buffer overflow in eject command on SGI IRIX ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0028 (root privileges via buffer overflow in login/scheme command on SGI ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0029 (root privileges via buffer overflow in ordist command on SGI IRIX ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0030 (root privileges via buffer overflow in xlock command on SGI IRIX ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0031 (JavaScript in Internet Explorer 3.x and 4.x, and Netscape 2.x, 3.x and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0032 (Buffer overflow in lpr, as used in BSD-based systems including Linux, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0033 (Command execution in Sun systems via buffer overflow in the at ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0034 (Buffer overflow in suidperl (sperl), Perl 4.x and 5.x. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0035 (Race condition in signal handling routine in ftpd, allowing read/write ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0036 (IRIX login program with a nonzero LOCKOUT parameter allows creation or ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0037 (Arbitrary command execution via metamail package using message ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0038 (Buffer overflow in xlock program allows local users to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0039 (webdist CGI program (webdist.cgi) in SGI IRIX allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0040 (Buffer overflow in Xt library of X Windowing System allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0041 (Buffer overflow in NLS (Natural Language Service). ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0042 (Buffer overflow in University of Washington's implementation of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0043 (Command execution via shell metachars in INN daemon (innd) 1.5 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0044 (fsdump command in IRIX allows local users to obtain root access ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0045 (List of arbitrary files on Web host via nph-test-cgi script. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0046 (Buffer overflow of rlogin program using TERM environmental variable. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0047 (MIME conversion buffer overflow in sendmail versions 8.8.3 and 8.8.4. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0048 (Talkd, when given corrupt DNS information, can be used to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0049 (Csetup under IRIX allows arbitrary file creation or overwriting. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0050 (Buffer overflow in HP-UX newgrp program. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0051 (Arbitrary file creation and program execution using FLEXlm ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0052 (IP fragmentation denial of service in FreeBSD allows a remote attacker ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0053 (TCP RST denial of service in FreeBSD. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0054 (Sun's ftpd daemon can be subjected to a denial of service. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0055 (Buffer overflows in Sun libnsl allow root access. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0056 (Buffer overflow in Sun's ping program can give root access to local users. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0057 (Vacation program allows command execution by remote users through ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0058 (Buffer overflow in PHP cgi program, php.cgi allows shell access. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0059 (IRIX fam service allows an attacker to obtain a list of all files ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0060 (Attackers can cause a denial of service in Ascend MAX and Pipeline ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0061 (File creation and deletion, and remote execution, in the BSD ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0062 (The chpass command in OpenBSD allows a local user to gain root access ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0063 (Cisco IOS 12.0 and other versions can be crashed by malicious UDP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0064 (Buffer overflow in AIX lquerylv program gives root access to local users. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0065 (Multiple buffer overflows in how dtmail handles attachments allows a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0066 (AnyForm CGI remote execution. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0067 (phf CGI program allows remote command execution through shell ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0068 (CGI PHP mylog script allows an attacker to read any file on the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0069 (Solaris ufsrestore buffer overflow. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0070 (test-cgi program allows an attacker to list files on the server. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0071 (Apache httpd cookie buffer overflow for versions 1.1.1 and earlier. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0072 (Buffer overflow in AIX xdat gives root access to local users. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0073 (Telnet allows a remote client to specify environment variables including ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0074 (Listening TCP ports are sequentially allocated, allowing spoofing ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0075 (PASV core dump in wu-ftpd daemon when attacker uses a QUOTE PASV ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0076 (Buffer overflow in wu-ftp from PASV command causes a core dump. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0077 (Predictable TCP sequence numbers allow spoofing. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0078 (pcnfsd (aka rpc.pcnfsd) allows local users to change file permissions, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0079 (Remote attackers can cause a denial of service in FTP by issuing ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0080 (Certain configurations of wu-ftp FTP server 2.4 use a _PATH_EXECPATH ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0081 (wu-ftp allows files to be overwritten via the rnfr command. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0082 (CWD ~root command in ftpd allows root access. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0083 (getcwd() file descriptor leak in FTP. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0084 (Certain NFS servers allow users to use mknod to gain privileges by ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0085 (Buffer overflow in rwhod on AIX and other operating systems allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0086 (AIX routed allows remote users to modify sensitive files. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0087 (Denial of service in AIX telnet can freeze a system and prevent ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0088 (IRIX and AIX automountd services (autofsd) allow remote users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0089 (Buffer overflow in AIX libDtSvc library can allow local users ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0090 (Buffer overflow in AIX rcp command allows local users to obtain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0091 (Buffer overflow in AIX writesrv command allows local users to obtain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0092 (Various vulnerabilities in the AIX portmir command allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0093 (AIX nslookup command allows local users to obtain root access by not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0094 (AIX piodmgrsu command allows local users to gain additional ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0095 (The debug command in Sendmail is enabled, allowing attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0096 (Sendmail decode alias can be used to overwrite sensitive files. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0097 (The AIX FTP client can be forced to execute commands from a malicious ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0098 (Buffer overflow in SMTP HELO command in Sendmail allows a remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0099 (Buffer overflow in syslog utility allows local or remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0100 (Remote access in AIX innd 1.5.1, using control messages. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0101 (Buffer overflow in AIX and Solaris "gethostbyname" library call allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0102 (Buffer overflow in SLmail 3.x allows attackers to execute commands ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0103 (Echo and chargen, or other combinations of UDP services, can be used ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0104 (A later variation on the Teardrop IP denial of service attack, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0105 (finger allows recursive searches by using a long string of @ symbols. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0106 (Finger redirection allows finger bombs. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0107 (Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0108 (The printers program in IRIX has a buffer overflow that gives root ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0109 (Buffer overflow in ffbconfig in Solaris 2.5.1. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0110 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0111 (RIP v1 is susceptible to spoofing. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0112 (Buffer overflow in AIX dtterm program for the CDE. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0113 (Some implementations of rlogin allow root access if given a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0114 (Local users can execute commands as other users, and read other users' ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0115 (AIX bugfiler program allows local users to gain root access. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0116 (Denial of service when an attacker sends many SYN packets to create ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0117 (AIX passwd allows local users to gain root access. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0118 (AIX infod allows local users to gain root access through an X display. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0119 (Windows NT 4.0 beta allows users to read and delete shares. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0120 (Sun/Solaris utmp file allows local users to gain root access if it ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0121 (Buffer overflow in dtaction command gives root access. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0122 (Buffer overflow in AIX lchangelv gives root access. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0123 (Race condition in Linux mailx command allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0124 (Vulnerabilities in UMN gopher and gopher+ versions 1.12 and 2.0x allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0125 (Buffer overflow in SGI IRIX mailx program. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0126 (SGI IRIX buffer overflow in xterm and Xaw allows root access. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0127 (swinstall and swmodify commands in SD-UX package in HP-UX systems ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0128 (Oversized ICMP ping packets can result in a denial of service, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0129 (Sendmail allows local users to write to a file and gain group ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0130 (Local users can start Sendmail in daemon mode and gain root privileges. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0131 (Buffer overflow and denial of service in Sendmail 8.7.5 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0132 (Expreserve, as used in vi and ex, allows local users to overwrite ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0133 (fm_fls license server for Adobe Framemaker allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0134 (vold in Solaris 2.x allows local users to gain root access. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0135 (admintool in Solaris allows a local user to write to arbitrary files ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0136 (Kodak Color Management System (KCMS) on Solaris allows a local user to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0137 (The dip program on many Linux systems allows local users to gain root ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0138 (The suidperl and sperl program do not give up root privileges when ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0139 (Buffer overflow in Solaris x86 mkcookie allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0140 (Denial of service in RAS/PPTP on NT systems. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0141 (Java Bytecode Verifier allows malicious applets to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0142 (The Java Applet Security Manager implementation in Netscape Navigator ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0143 (Kerberos 4 key servers allow a user to masquerade as another by ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0144 (Denial of service in Qmail by specifying a large number of recipients ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0145 (Sendmail WIZ command enabled, allowing root access. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0146 (The campas CGI program provided with some NCSA web servers allows an ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0147 (The aglimpse CGI program of the Glimpse package allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0148 (The handler CGI program in IRIX allows arbitrary command execution. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0149 (The wrap CGI program in IRIX allows remote attackers to view ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0150 (The Perl fingerd program allows arbitrary command execution from ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0151 (The SATAN session key may be disclosed if the user points the web ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0152 (The DG/UX finger daemon allows remote command execution through shell ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0153 (Windows 95/NT out of band (OOB) data denial of service through NETBIOS ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0154 (IIS 2.0 and 3.0 allows remote attackers to read the source code for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0155 (The ghostscript command with the -dSAFER option allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0156 (wu-ftpd FTP daemon allows any user and password combination. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0157 (Cisco PIX firewall and CBAC IP fragmentation attack results in a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0158 (Cisco PIX firewall manager (PFM) on Windows NT allows attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0159 (Attackers can crash a Cisco IOS router or device, provided they can ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0160 (Some classic Cisco IOS devices have a vulnerability in the PPP CHAP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0161 (In Cisco IOS 10.3, with the tacacs-ds or tacacs keyword, an extended ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0162 (The "established" keyword in some Cisco IOS software allowed ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0163 (In older versions of Sendmail, an attacker could use a pipe character ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0164 (A race condition in the Solaris ps command allows an attacker to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0165 (NFS cache poisoning. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0166 (NFS allows users to use a "cd .." command to access other directories ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0167 (In SunOS, NFS file handles could be guessed, giving unauthorized ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0168 (The portmapper may act as a proxy and redirect service requests from ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0169 (NFS allows attackers to read and write any file on the system by ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0170 (Remote attackers can mount an NFS file system in Ultrix or OSF, even ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0171 (Denial of service in syslog by sending it a large number of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0172 (FormMail CGI program allows remote execution of commands. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0173 (FormMail CGI program can be used by web servers other than the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0174 (The view-source CGI program allows remote attackers to read arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0175 (The convert.bas program in the Novell web server allows a remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0176 (The Webgais program allows a remote user to execute arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0177 (The uploader program in the WebSite web server allows a remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0178 (Buffer overflow in the win-c-sample program (win-c-sample.exe) in the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0179 (Windows NT crashes or locks up when a Samba client executes a "cd .." ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0180 (in.rshd allows users to login with a NULL username and execute commands. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0181 (The wall daemon can be used for denial of service, social engineering ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0182 (Samba has a buffer overflow which allows a remote attacker to obtain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0183 (Linux implementations of TFTP would allow access to files outside the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0184 (When compiled with the -DALLOW_UPDATES option, bind allows dynamic ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0185 (In SunOS or Solaris, a remote user could connect from an FTP server's ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0186 (In Solaris, an SNMP subagent has a default community string that allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0187 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0188 (The passwd command in Solaris can be subjected to a denial of service. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0189 (Solaris rpcbind listens on a high numbered UDP port, which may not be ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0190 (Solaris rpcbind can be exploited to overwrite arbitrary files and gain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0191 (IIS newdsn.exe CGI script allows remote users to overwrite files. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0192 (Buffer overflow in telnet daemon tgetent routing allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0193 (Denial of service in Ascend and 3com routers, which can be rebooted by ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0194 (Denial of service in in.comsat allows attackers to generate messages. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0195 (Denial of service in RPC portmapper allows attackers to register or ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0196 (websendmail in Webgais 1.0 allows a remote user to access arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0197 (finger 0@host on some systems may print information on some user accounts. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0198 (finger .@host on some systems may print information on some user accounts. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0200 (Windows NT FTP server (WFTP) with the guest account enabled without a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0201 (A quote cwd command on FTP servers can reveal the full path of the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0202 (The GNU tar command, when used in FTP sessions, may allow an attacker ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0203 (In Sendmail, attackers can gain root privileges via SMTP by specifying ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0204 (Sendmail 8.6.9 allows remote attackers to execute root commands, using ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0205 (Denial of service in Sendmail 8.6.11 and 8.6.12. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0206 (MIME buffer overflow in Sendmail 8.8.0 and 8.8.1 gives root access. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0207 (Remote attacker can execute commands through Majordomo using the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0208 (rpc.ypupdated (NIS) allows remote users to execute arbitrary commands. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0209 (The SunView (SunTools) selection_svc facility allows remote users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0210 (Automount daemon automountd allows local or remote users to gain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0211 (Extra long export lists over 256 characters in some mount daemons ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0212 (Solaris rpc.mountd generates error messages that allow a remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0213 (libnsl in Solaris allowed an attacker to perform a denial of service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0214 (Denial of service by sending forged ICMP unreachable packets. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0215 (Routed allows attackers to append data to files. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0216 (Denial of service of inetd on Linux through SYN and RST packets. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0217 (Malicious option settings in UDP packets could force a reboot in SunOS ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0218 (Livingston portmaster machines could be rebooted via a series ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0219 (Buffer overflow in FTP Serv-U 2.5 allows remote authenticated users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0220 (Attackers can do a denial of service of IRC by crashing the server. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0221 (Denial of service of Ascend routers through port 150 (remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0222 (Denial of service in Cisco IOS web server allows attackers to reboot ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0223 (Solaris syslogd crashes when receiving a message from a host that ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0224 (Denial of service in Windows NT messenger service through a long ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0225 (Windows NT 4.0 allows remote attackers to cause a denial of service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0226 (Windows NT TCP/IP processes fragmented IP packets improperly, causing ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0227 (Access violation in LSASS.EXE (LSA/LSARPC) program in Windows NT ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0228 (Denial of service in RPCSS.EXE program (RPC Locator) in Windows NT. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0229 (Denial of service in Windows NT IIS server using ..\.. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0230 (Buffer overflow in Cisco 7xx routers through the telnet service. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0231 (Buffer overflow in IP-Switch IMail and Seattle Labs Slmail 2.6 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0232 (Buffer overflow in NCSA WebServer (version 1.5c) gives remote access. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0233 (IIS 1.0 allows users to execute arbitrary commands using .bat or .cmd ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0234 (Bash treats any character with a value of 255 as a command separator. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0235 (Buffer overflow in NCSA WebServer (1.4.1 and below) gives remote access. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0236 (ScriptAlias directory in NCSA and Apache httpd allowed attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0237 (Remote execution of arbitrary commands through Guestbook CGI program. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0238 (php.cgi allows attackers to read any file on the system. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0239 (Netscape FastTrack Web server lists files when a lowercase "get" ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0240 (Some filters or firewalls allow fragmented SYN packets with IP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0241 (Guessable magic cookies in X Windows allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0242 (Remote attackers can access mail files via POP3 in some Linux systems ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0243 (Linux cfingerd could be exploited to gain root access. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0244 (Livingston RADIUS code has a buffer overflow which can allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0245 (Some configurations of NIS+ in Linux allowed attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0246 (HP Remote Watch allows a remote user to gain root access. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0247 (Buffer overflow in nnrpd program in INN up to version 1.6 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0248 (A race condition in the authentication agent mechanism of sshd 1.2.17 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0249 (Windows NT RSHSVC program allows remote users to execute arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0250 (Denial of service in Qmail through long SMTP commands. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0251 (Denial of service in talk program allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0252 (Buffer overflow in listserv allows arbitrary command execution. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0253 (IIS 3.0 with the iis-fix hotfix installed allows remote intruders to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0254 (A hidden SNMP community string in HP OpenView allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0255 (Buffer overflow in ircd allows arbitrary command execution. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0256 (Buffer overflow in War FTP allows remote execution of commands. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0257 (Nestea variation of teardrop IP fragmentation denial of service. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0258 (Bonk variation of teardrop IP fragmentation denial of service. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0259 (cfingerd lists all users on a system via search.**@target. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0260 (The jj CGI program allows command execution via shell metacharacters. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0261 (Netmanager Chameleon SMTPd has several buffer overflows that cause a crash. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0262 (Hylafax faxsurvey CGI script on Linux allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0263 (Solaris SUNWadmap can be exploited to obtain root access. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0264 (htmlscript CGI program allows remote read access to files. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0265 (ICMP redirect messages may crash or lock up a host. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0266 (The info2www CGI script allows remote file access or remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0267 (Buffer overflow in NCSA HTTP daemon v1.3 allows remote command execution. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0268 (MetaInfo MetaWeb web server allows users to upload, execute, and read ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0269 (Netscape Enterprise servers may list files through the PageServices query. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0270 (Directory traversal vulnerability in pfdispaly.cgi program (sometimes ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0271 (Progressive Networks Real Video server (pnserver) can be crashed remotely. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0272 (Denial of service in Slmail v2.5 through the POP3 port. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0273 (Denial of service through Solaris 2.5.1 telnet by sending ^D characters. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0274 (Denial of service in Windows NT DNS servers through malicious packet ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0275 (Denial of service in Windows NT DNS servers by flooding port 53 with ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0276 (mSQL v2.0.1 and below allows remote execution through a buffer overflow. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0277 (The WorkMan program can be used to overwrite any file to get root access. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0278 (In IIS, remote attackers can obtain source code for ASP files by appending ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0279 (Excite for Web Servers (EWS) allows remote command execution via ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0280 (Remote command execution in Microsoft Internet Explorer using .lnk and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0281 (Denial of service in IIS using long URLs. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0282 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0283 (The Java Web Server would allow remote users to obtain the source ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0284 (Denial of service to NT mail servers including Ipswitch, Mdaemon, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0285 (Denial of service in telnet from the Windows NT Resource Kit, by ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0286 (In some NT web servers, appending a space at the end of a URL may ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0287 (Vulnerability in the Wguest CGI program. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0288 (The WINS server in Microsoft Windows NT 4.0 before SP4 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0289 (The Apache web server for Win32 may provide access to restricted ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0290 (The WinGate telnet proxy allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0291 (The WinGate proxy is installed without a password, which allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0292 (Denial of service through Winpopup using large user names. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0293 (AAA authentication on Cisco systems allows attackers to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0294 (All records in a WINS database can be deleted through SNMP for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0295 (Solaris sysdef command allows local users to read kernel memory, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0296 (Solaris volrmmount program allows attackers to read any file. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0297 (Buffer overflow in Vixie Cron library up to version 3.0 allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0298 (ypbind with -ypset and -ypsetme options activated in Linux Slackware ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0299 (Buffer overflow in FreeBSD lpd through long DNS hostnames. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0300 (nis_cachemgr for Solaris NIS+ allows attackers to add malicious ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0301 (Buffer overflow in SunOS/Solaris ps command. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0302 (SunOS/Solaris FTP clients can be forced to execute arbitrary commands ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0303 (Buffer overflow in BNU UUCP daemon (uucpd) through long hostnames. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0304 (mmap function in BSD allows local attackers in the kmem group to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0305 (The system configuration control (sysctl) facility in BSD based ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0306 (buffer overflow in HP xlock program. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0307 (Buffer overflow in HP-UX cstm program allows local users to gain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0308 (HP-UX gwind program allows users to modify arbitrary files. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0309 (HP-UX vgdisplay program gives root access to local users. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0310 (SSH 1.2.25 on HP-UX allows access to new user accounts. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0311 (fpkg2swpk in HP-UX allows local users to gain root access. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0312 (HP ypbind allows attackers with root privileges to modify NIS data. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0313 (disk_bandwidth on SGI IRIX 6.4 S2MP for Origin/Onyx2 allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0314 (ioconfig on SGI IRIX 6.4 S2MP for Origin/Onyx2 allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0315 (Buffer overflow in Solaris fdformat command gives root access to local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0316 (Buffer overflow in Linux splitvt command gives root access to local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0317 (Buffer overflow in Linux su command gives root access to local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0318 (Buffer overflow in xmcd 2.0p12 allows local users to gain access ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0319 (Buffer overflow in xmcd 2.1 allows local users to gain access ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0320 (SunOS rpc.cmsd allows attackers to obtain root access by overwriting ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0321 (Buffer overflow in Solaris kcms_configure command allows local users ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0322 (The open() function in FreeBSD allows local attackers to write ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0323 (FreeBSD mmap function allows users to modify append-only or immutable ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0324 (ppl program in HP-UX allows local users to create root files through ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0325 (vhe_u_mnt program in HP-UX allows local users to create root files through ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0326 (Vulnerability in HP-UX mediainit program. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0327 (SGI syserr program allows local users to corrupt files. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0328 (SGI permissions program allows local users to gain root privileges. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0329 (SGI mediad program allows local users to gain root access. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0330 (Linux bdash game has a buffer overflow that allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0331 (Buffer overflow in Internet Explorer 4.0(1). ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0332 (Buffer overflow in NetMeeting allows denial of service and remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0333 (HP OpenView Omniback allows remote execution of commands as root via ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0334 (In Solaris 2.2 and 2.3, when fsck fails on startup, it allows a local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0335 (DEPRECATED. This entry has been deprecated. It is a duplicate of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0336 (Buffer overflow in mstm in HP-UX allows local users to gain root ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0337 (AIX batch queue (bsh) allows local and remote users to gain additional ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0338 (AIX Licensed Program Product performance tools allow local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0339 (Buffer overflow in the libauth library in Solaris allows local users ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0340 (Buffer overflow in Linux Slackware crond program allows local users ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0341 (Buffer overflow in the Linux mail program "deliver" allows local users ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0342 (Linux PAM modules allow local users to gain root access using ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0343 (A malicious Palace server can force a client to execute arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0344 (NT users can gain debug-level access on a system process using the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0345 (Jolt ICMP attack causes a denial of service in Windows 95 and Windows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0346 (CGI PHP mlog script allows an attacker to read any file on the target ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0347 (Internet Explorer 4.01 allows remote attackers to read local files and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0348 (IIS ASP caching problem releases sensitive information when two ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0349 (A buffer overflow in the FTP list (ls) command in IIS allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0350 (Race condition in the db_loader program in ClearCase gives local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0351 (FTP PASV "Pizza Thief" denial of service and unauthorized data ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0352 (ControlIT 4.5 and earlier (aka Remotely Possible) has weak password ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0353 (rpc.pcnfsd in HP gives remote root access by changing the permissions ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0354 (Internet Explorer 4.x or 5.x with Word 97 allows arbitrary execution ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0355 (Local or remote users can force ControlIT 4.5 to reboot or force a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0356 (ControlIT v4.5 and earlier uses weak encryption to store ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0357 (Windows 98 and other operating systems allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0358 (Digital Unix 4.0 has a buffer overflow in the inc program of the mh ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0359 (ptylogin in Unix systems allows users to perform a denial of service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0360 (MS Site Server 2.0 with IIS 4 can allow users to upload content, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0361 (NetWare version of LaserFiche stores usernames and passwords ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0362 (WS_FTP server remote denial of service through cwd command. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0363 (SuSE 5.2 PLP lpc program has a buffer overflow that leads to root ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0364 (Microsoft Access 97 stores a database password as plaintext in a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0365 (The metamail package allows remote command execution using shell ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0366 (In some cases, Service Pack 4 for Windows NT 4.0 can allow access to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0367 (NetBSD netstat command allows local users to access kernel memory. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0368 (Buffer overflows in wuarchive ftpd (wu-ftpd) and ProFTPD lead to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0369 (The Sun sdtcm_convert calendar utility for OpenWindows has a buffer ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0370 (In Sun Solaris and SunOS, man and catman contain vulnerabilities ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0371 (Lynx allows a local user to overwrite sensitive files through /tmp ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0372 (The installer for BackOffice Server includes account names and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0373 (Buffer overflow in the "Super" utility in Debian GNU/Linux, and other ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0374 (Debian GNU/Linux cfengine package is susceptible to a symlink attack. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0375 (Buffer overflow in webd in Network Flight Recorder (NFR) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0376 (Local users in Windows NT can obtain administrator privileges by ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0377 (Process table attack in Unix systems allows a remote attacker to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0378 (InterScan VirusWall for Solaris doesn't scan files for viruses when ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0379 (Microsoft Taskpads allows remote web sites to execute commands on the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0380 (SLMail 3.1 and 3.2 allows local users to access any file in the NTFS ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0381 (super 3.11.6 and other versions have a buffer overflow in the syslog ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0382 (The screen saver in Windows NT does not verify that its security ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0383 (ACC Tigris allows public access without a login. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0384 (The Forms 2.0 ActiveX control (included with Visual Basic for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0385 (The LDAP bind function in Exchange 5.5 has a buffer overflow that ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0386 (Microsoft Personal Web Server and FrontPage Personal Web Server in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0387 (A legacy credential caching mechanism used in Windows 95 and Windows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0388 (DataLynx suGuard trusts the PATH environment variable to execute the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0389 (Buffer overflow in the bootp server in the Debian Linux netstd ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0390 (Buffer overflow in Dosemu Slang library in Linux. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0391 (The cryptographic challenge of SMB authentication in Windows 95 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0392 (Buffer overflow in Thomas Boutell's cgic library version up to 1.05. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0393 (Remote attackers can cause a denial of service in Sendmail 8.8.x and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0394 (DPEC Online Courseware allows an attacker to change another user's ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0395 (A race condition in the BackWeb Polite Agent Protocol allows an ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0396 (A race condition between the select() and accept() calls in NetBSD TCP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0397 (The demo version of the Quakenbush NT Password Appraiser sends ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0398 (In some instances of SSH 1.2.27 and 2.0.11 on Linux systems, SSH will ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0399 (The DCC server command in the Mirc 5.5 client doesn't filter ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0400 (Denial of service in Linux 2.2.0 running the ldd command on a core ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0401 (A race condition in Linux 2.2.1 allows local users to read arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0402 (wget 1.5.3 follows symlinks to change permissions of the target file ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0403 (A bug in Cyrix CPUs on Linux allows local users to perform a denial ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0404 (Buffer overflow in the Mail-Max SMTP server for Windows systems allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0405 (A buffer overflow in lsof allows local users to obtain root ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0406 (Digital Unix Networker program nsralist has a buffer overflow which ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0407 (By default, IIS 4.0 has a virtual directory /IISADMPWD which contains ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0408 (Files created from interactive shell sessions in Cobalt RaQ ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0409 (Buffer overflow in gnuplot in Linux version 3.5 allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0410 (The cancel command in Solaris 2.6 (i386) has a buffer overflow that ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0411 (Several startup scripts in SCO OpenServer Enterprise System v 5.0.4p, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0412 (In IIS and other web servers, an attacker can attack commands as ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0413 (A buffer overflow in the SGI X server allows local users to gain root ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0414 (In Linux before version 2.0.36, remote attackers can spoof a TCP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0415 (The HTTP server in Cisco 7xx series routers 3.2 through 4.2 is enabled ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0416 (Vulnerability in Cisco 7xx series routers allows a remote attacker to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0417 (64 bit Solaris 7 procfs allows local users to perform a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0418 (Denial of service in SMTP applications such as Sendmail, when a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0419 (When the Microsoft SMTP service attempts to send a message to a server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0420 (umapfs allows local users to gain root privileges by changing their ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0421 (During a reboot after an installation of Linux Slackware 3.6, a remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0422 (In some cases, NetBSD 1.3.3 mount allows local users to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0423 (Vulnerability in hpterm on HP-UX 10.20 allows local users to gain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0424 (talkback in Netscape 4.5 allows a local user to overwrite ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0425 (talkback in Netscape 4.5 allows a local user to kill an arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0426 (The default permissions of /dev/kmem in Linux versions before 2.0.36 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0427 (Eudora 4.1 allows remote attackers to perform a denial of service by ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0428 (OpenSSL and SSLeay allow remote attackers to reuse SSL sessions and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0429 (The Lotus Notes 4.5 client may send a copy of encrypted mail in the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0430 (Cisco Catalyst LAN switches running Catalyst 5000 supervisor software ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0431 (Linux 2.2.3 and earlier allow a remote attacker to perform an IP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0432 (ftp on HP-UX 11.00 allows local users to gain privileges. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0433 (XFree86 startx command is vulnerable to a symlink attack, allowing local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0434 (XFree86 xfs command is vulnerable to a symlink attack, allowing ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0435 (MC/ServiceGuard and MC/LockManager in HP-UX allows local users to gain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0436 (Domain Enterprise Server Management System (DESMS) in HP-UX allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0437 (Remote attackers can perform a denial of service in WebRamp systems by ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0438 (Remote attackers can perform a denial of service in WebRamp systems by ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0439 (Buffer overflow in procmail before version 3.12 allows remote or local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0440 (The byte code verifier component of the Java Virtual Machine (JVM) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0441 (Remote attackers can perform a denial of service in WinGate machines ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0442 (Solaris ff.core allows local users to modify files. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0443 (Patrol management software allows a remote attacker to conduct a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0444 (Remote attackers can perform a denial of service in Windows machines ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0445 (In Cisco routers under some versions of IOS 12.0 running NAT, some ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0446 (Local users can perform a denial of service in NetBSD 1.3.3 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0447 (Local users can gain privileges using the debug utility in the MPE/iX ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0448 (IIS 4.0 and Apache log HTTP request methods, regardless of how long ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0449 (The ExAir sample site in IIS 4 allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0450 (In IIS, an attacker could determine a real path using a request for a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0451 (Denial of service in Linux 2.0.36 allows local users to prevent ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0452 (A service or application has a backdoor password that was placed there ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0453 (An attacker can identify a CISCO device by sending a SYN packet to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0454 (A remote attacker can sometimes identify the operating system of a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0455 (The Expression Evaluator sample application in ColdFusion allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0457 (Linux ftpwatch program allows local users to gain root privileges. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0458 (L0phtcrack 2.5 used temporary files in the system TEMP directory which ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0459 (Local users can perform a denial of service in Alpha Linux, using MILO ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0460 (Buffer overflow in Linux autofs module through long directory names ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0461 (Versions of rpcbind including Linux, IRIX, and Wietse Venema's rpcbind ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0462 (suidperl in Linux Perl does not check the nosuid mount option on file ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0463 (Remote attackers can perform a denial of service using IRIX fcagent. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0464 (Local users can perform a denial of service in Tripwire 1.2 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0465 (Remote attackers can crash Lynx and Internet Explorer using an IMG tag ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0466 (The SVR4 /dev/wabi special device file in NetBSD 1.3.3 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0467 (The Webcom CGI Guestbook programs wguest.exe and rguest.exe allow a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0468 (Internet Explorer 5.0 allows a remote server to read arbitrary files ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0469 (Internet Explorer 5.0 allows window spoofing, allowing a remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0470 (A weak encryption algorithm is used for passwords in Novell ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0471 (The remote proxy server in Winroute allows a remote attacker to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0472 (The SNMP default community name "public" is not properly removed in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0473 (The rsync command before rsync 2.3.1 may inadvertently change the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0474 (The ICQ Webserver allows remote attackers to use .. to access ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0475 (A race condition in how procmail handles .procmailrc files allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0476 (A weak encryption algorithm is used for passwords in SCO TermVision, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0477 (The Expression Evaluator in the ColdFusion Application Server allows a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0478 (Denial of service in HP-UX sendmail 8.8.6 related to accepting ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0479 (Denial of service Netscape Enterprise Server with VirtualVault on ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0480 (Local attackers can conduct a denial of service in Midnight Commander ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0481 (Denial of service in "poll" in OpenBSD. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0482 (OpenBSD kernel crash through TSS handling, as caused by the crashme ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0483 (OpenBSD crash using nlink value in FFS and EXT2FS filesystems. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0484 (Buffer overflow in OpenBSD ping. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0485 (Remote attackers can cause a system crash through ipintr() in ipq in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0486 (Denial of service in AOL Instant Messenger when a remote attacker ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0487 (The DHTML Edit ActiveX control in Internet Explorer allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0488 (Internet Explorer 4.0 and 5.0 allows a remote attacker to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0489 (MSHTML.DLL in Internet Explorer 5.0 allows a remote attacker to paste ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0490 (MSHTML.DLL in Internet Explorer 5.0 allows a remote attacker to learn ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0491 (The prompt parsing in bash allows a local user to execute commands as ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0492 (The ffingerd 1.19 allows remote attackers to identify users on the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0493 (rpc.statd allows remote attackers to forward RPC calls to the local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0494 (Denial of service in WinGate proxy through a buffer overflow in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0495 (A remote attacker can gain access to a file system using .. (dot dot) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0496 (A Windows NT 4.0 user can gain administrative rights by forcing ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0497 (Anonymous FTP is enabled. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0498 (TFTP is not running in a restricted directory, allowing a remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0499 (NETBIOS share information may be published through SNMP registry keys ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0501 (A Unix account has a guessable password. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0502 (A Unix account has a default, null, blank, or missing password. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0503 (A Windows NT local user or administrator account has a guessable ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0504 (A Windows NT local user or administrator account has a default, null, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0505 (A Windows NT domain user or administrator account has a guessable ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0506 (A Windows NT domain user or administrator account has a default, null, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0507 (An account on a router, firewall, or other network device has a guessable ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0508 (An account on a router, firewall, or other network device has a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0509 (Perl, sh, csh, or other shell interpreters are installed in the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0510 (A router or firewall allows source routed packets from arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0511 (IP forwarding is enabled on a machine which is not a router or ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0512 (A mail server is explicitly configured to allow SMTP mail relay, which ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0513 (ICMP messages to broadcast addresses are allowed, allowing for a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0514 (UDP messages to broadcast addresses are allowed, allowing for a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0515 (An unrestricted remote trust relationship for Unix systems has been ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0516 (An SNMP community name is guessable. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0517 (An SNMP community name is the default (e.g. public), null, or ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0518 (A NETBIOS/SMB share password is guessable. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0519 (A NETBIOS/SMB share password is the default, null, or missing. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0520 (A system-critical NETBIOS/SMB share has inappropriate access control. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0521 (An NIS domain name is easily guessable. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0522 (The permissions for a system-critical NIS+ table (e.g. passwd) are ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0523 (ICMP echo (ping) is allowed from arbitrary hosts. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0524 (ICMP information such as (1) netmask and (2) timestamp is allowed from ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0525 (IP traceroute is allowed from arbitrary hosts. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0526 (An X server's access control is disabled (e.g. through an "xhost +" ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0527 (The permissions for system-critical data in an anonymous FTP account ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0528 (A router or firewall forwards external packets that claim to come from ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0529 (A router or firewall forwards packets that claim to come from IANA ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0530 (A system is operating in "promiscuous" mode which allows it to perform ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0531 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0532 (A DNS server allows zone transfers. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0533 (A DNS server allows inverse queries. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0534 (A Windows NT user has inappropriate rights or privileges, e.g. Act as ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0535 (A Windows NT account policy for passwords has inappropriate, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0537 (A configuration in a web browser such as Internet Explorer or Netscape ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0539 (A trust relationship exists between two Unix hosts. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0541 (A password for accessing a WWW URL is guessable. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0546 (The Windows NT guest account is enabled. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0547 (An SSH server allows authentication through the .rhosts file. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0548 (A superfluous NFS server is running, but it is not importing or exporting ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0549 (Windows NT automatically logs in an administrator upon rebooting. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0550 (A router's routing tables can be obtained from arbitrary hosts. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0551 (HP OpenMail can be misconfigured to allow users to run arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0554 (NFS exports system-critical data to the world, e.g. / or a password ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0555 (A Unix account with a name other than "root" has UID 0, i.e. root ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0556 (Two or more Unix accounts have the same UID. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0559 (A system-critical Unix file or directory has inappropriate ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0560 (A system-critical Windows NT file or directory has inappropriate ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0561 (IIS has the #exec function enabled for Server Side Include (SSI) files. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0562 (The registry in Windows NT can be accessed remotely by users who are ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0564 (An attacker can force a printer to print arbitrary documents (e.g. if ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0565 (A Sendmail alias allows input to be piped to a program. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0566 (An attacker can write to syslog files from any location, causing a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0568 (rpc.admind in Solaris is not running in a secure mode. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0569 (A URL for a WWW directory allows auto-indexing, which provides a list ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0570 (Windows NT is not using a password filter utility, e.g. PASSFILT.DLL. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0571 (A router's configuration service or management interface (such as a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0572 (.reg files are associated with the Windows NT registry editor ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0575 (A Windows NT system's user audit policy does not log an event success ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0576 (A Windows NT system's file audit policy does not log an event success ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0577 (A Windows NT system's file audit policy does not log an event success ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0578 (A Windows NT system's registry audit policy does not log an event ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0579 (A Windows NT system's registry audit policy does not log an event ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0580 (The HKEY_LOCAL_MACHINE key in a Windows NT system has inappropriate, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0581 (The HKEY_CLASSES_ROOT key in a Windows NT system has inappropriate, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0582 (A Windows NT account policy has inappropriate, security-critical ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0583 (There is a one-way or two-way trust relationship between Windows NT ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0584 (A Windows NT file system is not NTFS. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0585 (A Windows NT administrator account has the default name of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0586 (A network service is running on a nonstandard port. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0587 (A WWW server is not running in a restricted file system, e.g. through ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0588 (A filter in a router or firewall allows unusual fragmented packets. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0589 (A system-critical Windows NT registry key has inappropriate ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0590 (A system does not present an appropriate legal message or warning to a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0591 (An event log in Windows NT has inappropriate access permissions. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0592 (The Logon box of a Windows NT system displays the name of the last ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0593 (The default setting for the Winlogon key entry ShutdownWithoutLogon in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0594 (A Windows NT system does not restrict access to removable media drives ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0595 (A Windows NT system does not clear the system page file during ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0596 (A Windows NT log file has an inappropriate maximum size or retention ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0597 (A Windows NT account policy does not forcibly disconnect remote users ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0598 (A network intrusion detection system (IDS) does not properly handle ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0599 (A network intrusion detection system (IDS) does not properly handle ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0600 (A network intrusion detection system (IDS) does not verify the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0601 (A network intrusion detection system (IDS) does not properly handle ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0602 (A network intrusion detection system (IDS) does not properly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0603 (In Windows NT, an inappropriate user is a member of a group, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0604 (An incorrect configuration of the WebStore 1.0 shopping cart ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0605 (An incorrect configuration of the Order Form 1.0 shopping cart ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0606 (An incorrect configuration of the EZMall 2000 shopping cart ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0607 (quikstore.cgi in QuikStore shopping cart stores quikstore.cfg under ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0608 (An incorrect configuration of the PDG Shopping Cart CGI program ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0609 (An incorrect configuration of the SoftCart CGI program ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0610 (An incorrect configuration of the Webcart CGI program ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0611 (A system-critical Windows NT registry key has an inappropriate value. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0612 (A version of finger is running that exposes valid user information ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0613 (The rpc.sprayd service is running. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0614 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0615 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0616 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0617 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0618 (The rexec service is running. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0619 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0620 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0621 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0622 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0623 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0624 (The rstat/rstatd service is running. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0625 (The rpc.rquotad service is running. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0626 (A version of rusers is running that exposes valid user information ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0627 (The rexd service is running, which uses weak authentication that can ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0628 (The rwho/rwhod service is running, which exposes machine status ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0629 (The ident/identd service is running. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0630 (The NT Alerter and Messenger services are running. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0631 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0632 (The RPC portmapper service is running. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0633 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0634 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0635 (The echo service is running. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0636 (The discard service is running. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0637 (The systat service is running. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0638 (The daytime service is running. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0639 (The chargen service is running. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0640 (The Gopher service is running. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0641 (The UUCP service is running. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0642 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0643 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0644 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0645 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0646 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0647 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0648 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0649 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0650 (The netstat service is running, which provides sensitive information ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0651 (The rsh/rlogin service is running. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0652 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0653 (A component service related to NIS+ is running. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0654 (The OS/2 or POSIX subsystem in NT is enabled. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0655 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0656 (The ugidd RPC interface, by design, allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0657 (WinGate is being used. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0658 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0659 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0660 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0661 (A system is running a version of software that was replaced with a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0662 (A system-critical program or library does not have the appropriate ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0663 (A system-critical program, library, or file has a checksum or other ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0664 (An application-critical Windows NT registry key has inappropriate ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0665 (An application-critical Windows NT registry key has an inappropriate ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0667 (The ARP protocol allows any host to spoof ARP replies and poison the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0668 (The scriptlet.typelib ActiveX control is marked as "safe for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0669 (The Eyedog ActiveX control is marked as "safe for scripting" for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0670 (Buffer overflow in the Eyedog ActiveX control allows a remote attacker ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0671 (Buffer overflow in ToxSoft NextFTP client through CWD command. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0672 (Buffer overflow in Fujitsu Chocoa IRC client via IRC channel topics. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0673 (Buffer overflow in ALMail32 POP3 client via From: or To: headers. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0674 (The BSD profil system call allows a local user to modify the internal ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0675 (Check Point FireWall-1 can be subjected to a denial of service via UDP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0676 (sdtcm_convert in Solaris 2.6 allows a local user to overwrite ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0677 (The WebRamp web administration utility has a default password. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0678 (A default configuration of Apache on Debian GNU/Linux sets the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0679 (Buffer overflow in hybrid-6 IRC server commonly used on EFnet allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0680 (Windows NT Terminal Server performs extra work when a client opens a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0681 (Buffer overflow in Microsoft FrontPage Server Extensions (PWS) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0682 (Microsoft Exchange 5.5 allows a remote attacker to relay email ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0683 (Denial of service in Gauntlet Firewall via a malformed ICMP packet. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0684 (Denial of service in Sendmail 8.8.6 in HPUX. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0685 (Buffer overflow in Netscape Communicator via EMBED tags in the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0686 (Denial of service in Netscape Enterprise Server (NES) in HP Virtual ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0687 (The ToolTalk ttsession daemon uses weak RPC authentication, which ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0688 (Buffer overflows in HP Software Distributor (SD) for HPUX 10.x and 11.x. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0689 (The CDE dtspcd daemon allows local users to execute arbitrary commands ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0690 (HP CDE program includes the current directory in root's PATH variable. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0691 (Buffer overflow in the AddSuLog function of the CDE dtaction utility ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0692 (The default configuration of the Array Services daemon (arrayd) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0693 (Buffer overflow in TT_SESSION environment variable in ToolTalk shared ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0694 (Denial of service in AIX ptrace system call allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0695 (The Sybase PowerDynamo personal web server allows attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0696 (Buffer overflow in CDE Calendar Manager Service Daemon (rpc.cmsd). ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0697 (SCO Doctor allows local users to gain root privileges through a Tools ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0698 (Denial of service in IP protocol logger (ippl) on Red Hat and Debian ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0699 (The Bluestone Sapphire web server allows session hijacking via easily ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0700 (Buffer overflow in Microsoft Phone Dialer (dialer.exe), via a malformed ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0701 (After an unattended installation of Windows NT 4.0, an installation ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0702 (Internet Explorer 5.0 and 5.01 allows remote attackers to modify or ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0703 (OpenBSD, BSDI, and other Unix operating systems allow users to set ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0704 (Buffer overflow in Berkeley automounter daemon (amd) logging facility ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0705 (Buffer overflow in INN inews program. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0706 (Linux xmonisdn package allows local users to gain root privileges by ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0707 (The default FTP configuration in HP Visualize Conference allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0708 (Buffer overflow in cfingerd allows local users to gain root privileges ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0710 (The Squid package in Red Hat Linux 5.2 and 6.0, and other ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0711 (The oratclsh interpreter in Oracle 8.x Intelligent Agent for Unix ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0712 (A vulnerability in Caldera Open Administration System (COAS) allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0713 (The dtlogin program in Compaq Tru64 UNIX allows local users to gain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0714 (Vulnerability in Compaq Tru64 UNIX edauth command. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0715 (Buffer overflow in Remote Access Service (RAS) client allows an ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0716 (Buffer overflow in Windows NT 4.0 help file utility via a malformed ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0717 (A remote attacker can disable the virus warning mechanism in Microsoft ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0718 (IBM GINA, when used for OS/2 domain authentication of Windows NT ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0719 (The Guile plugin for the Gnumeric spreadsheet package allows attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0720 (The pt_chown command in Linux allows local users to modify TTY ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0721 (Denial of service in Windows NT Local Security Authority (LSA) through ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0722 (The default configuration of Cobalt RaQ2 servers allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0723 (The Windows NT Client Server Runtime Subsystem (CSRSS) can be ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0724 (Buffer overflow in OpenBSD procfs and fdescfs file systems via ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0725 (When IIS is run with a default language of Chinese, Korean, or ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0726 (An attacker can conduct a denial of service in Windows NT by executing ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0727 (A kernel leak in the OpenBSD kernel allows IPsec packets to be sent ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0728 (A Windows NT user can disable the keyboard or mouse by directly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0729 (Buffer overflow in Lotus Notes LDAP (NLDAP) allows an attacker to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0730 (The zsoelim program in the Debian man-db package allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0731 (The KDE klock program allows local users to unlock a session using ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0732 (The logging facilitity of the Debian smtp-refuser package allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0733 (Buffer overflow in VMWare 1.0.1 for Linux via a long HOME ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0734 (A default configuration of CiscoSecure Access Control Server (ACS) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0735 (KDE K-Mail allows local users to gain privileges via a symlink attack ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0736 (The showcode.asp sample file in IIS and Site Server allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0737 (The viewcode.asp sample file in IIS and Site Server allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0738 (The code.asp sample file in IIS and Site Server allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0739 (The codebrws.asp sample file in IIS and Site Server allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0740 (Remote attackers can cause a denial of service on Linux in.telnetd ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0741 (QMS CrownNet Unix Utilities for 2060 allows root to log on without a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0742 (The Debian mailman package uses weak authentication, which allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0743 (Trn allows local users to overwrite other users' files via symlinks. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0744 (Buffer overflow in Netscape Enterprise Server and FastTrask Server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0745 (Buffer overflow in Source Code Browser Program Database Name Server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0746 (A default configuration of in.identd in SuSE Linux waits 120 seconds ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0747 (Denial of service in BSDi Symmetric Multiprocessing (SMP) when an ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0748 (Buffer overflows in Red Hat net-tools package. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0749 (Buffer overflow in Microsoft Telnet client in Windows 95 and Windows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0750 (Hotmail allows Javascript to be executed via the HTML STYLE tag, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0751 (Buffer overflow in Accept command in Netscape Enterprise Server 3.6 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0752 (Denial of service in Netscape Enterprise Server via a buffer overflow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0753 (The w3-msql CGI script provided with Mini SQL allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0754 (The INN inndstart program allows local users to gain privileges by ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0755 (Windows NT RRAS and RAS clients cache a user's password even if the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0756 (ColdFusion Administrator with Advanced Security enabled allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0757 (The ColdFusion CFCRYPT program for encrypting CFML templates has weak ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0758 (Netscape Enterprise 3.5.1 and FastTrack 3.01 servers allow a remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0759 (Buffer overflow in FuseMAIL POP service via long USER and PASS ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0760 (Undocumented ColdFusion Markup Language (CFML) tags and functions in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0761 (Buffer overflow in FreeBSD fts library routines allows local user to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0762 (When Javascript is embedded within the TITLE tag, Netscape ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0763 (NetBSD on a multi-homed host allows ARP packets on one network to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0764 (NetBSD allows ARP packets to overwrite static ARP entries. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0765 (SGI IRIX midikeys program allows local users to modify arbitrary files ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0766 (The Microsoft Java Virtual Machine allows a malicious Java applet to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0767 (Buffer overflow in Solaris libc, ufsrestore, and rcp via LC_MESSAGES ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0768 (Buffer overflow in Vixie Cron on Red Hat systems via the MAILTO ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0769 (Vixie Cron on Linux systems allows local users to set parameters of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0770 (Firewall-1 sets a long timeout for connections that begin with ACK or ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0771 (The web components of Compaq Management Agents and the Compaq Survey ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0772 (Denial of service in Compaq Management Agents and the Compaq Survey ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0773 (Buffer overflow in Solaris lpset program allows local users to gain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0774 (Buffer overflows in Mars NetWare Emulation (NWE, mars_nwe) package via ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0775 (Cisco Gigabit Switch routers running IOS allow remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0776 (Alibaba HTTP server allows remote attackers to read files via a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0777 (IIS FTP servers may allow a remote attacker to read or delete files on ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0778 (Buffer overflow in Xi Graphics Accelerated-X server allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0779 (Denial of service in HP-UX SharedX recserv program. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0780 (KDE klock allows local users to kill arbitrary processes by specifying ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0781 (KDE allows local users to execute arbitrary commands by setting the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0782 (KDE kppp allows local users to create a directory in an arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0783 (FreeBSD allows local users to conduct a denial of service by creating ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0784 (Denial of service in Oracle TNSLSNR SQL*Net Listener via a malformed ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0785 (The INN inndstart program allows local users to gain root privileges ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0786 (The dynamic linker in Solaris allows a local user to create arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0787 (The SSH authentication agent follows symlinks via a UNIX domain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0788 (Arkiea nlservd allows remote attackers to conduct a denial of service. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0789 (Buffer overflow in AIX ftpd in the libc library. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0790 (A remote attacker can read information from a Netscape user's cache ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0791 (Hybrid Network cable modems do not include an authentication mechanism ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0792 (ROUTERmate has a default SNMP community name which allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0793 (Internet Explorer allows remote attackers to read files by redirecting ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0794 (Microsoft Excel does not warn a user when a macro is present in a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0795 (The NIS+ rpc.nisd server allows remote attackers to execute certain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0796 (FreeBSD T/TCP Extensions for Transactions can be subjected to spoofing ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0797 (NIS finger allows an attacker to conduct a denial of service via a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0798 (Buffer overflow in bootpd on OpenBSD, FreeBSD, and Linux systems via ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0799 (Buffer overflow in bootpd 2.4.3 and earlier via a long boot file ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0800 (The GetFile.cfm file in Allaire Forums allows remote attackers to read ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0801 (BMC Patrol allows remote attackers to gain access to an agent by ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0802 (Buffer overflow in Internet Explorer 5 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0803 (The fwluser script in AIX eNetwork Firewall allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0804 (Denial of service in Linux 2.2.x kernels via malformed ICMP packets ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0805 (Novell NetWare Transaction Tracking System (TTS) in Novell 4.11 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0806 (Buffer overflow in Solaris dtprintinfo program. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0807 (The Netscape Directory Server installation procedure leaves sensitive ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0808 (Multiple buffer overflows in ISC DHCP Distribution server (dhcpd) 1.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0809 (Netscape Communicator 4.x with Javascript enabled does not warn a user ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0810 (Denial of service in Samba NETBIOS name service daemon (nmbd). ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0811 (Buffer overflow in Samba smbd program via a malformed message ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0812 (Race condition in Samba smbmnt allows local users to mount file ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0813 (Cfingerd with ALLOW_EXECUTION enabled does not properly drop ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0814 (Red Hat pump DHCP client allows remote attackers to gain root access ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0815 (Memory leak in SNMP agent in Windows NT 4.0 before SP5 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0816 (The Motorola CableRouter allows any remote user to connect to and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0817 (Lynx WWW client allows a remote attacker to specify command-line ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0818 (Buffer overflow in Solaris kcms_configure via a long NETPATH ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0819 (NTMail does not disable the VRFY command, even if the administrator ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0820 (FreeBSD seyon allows users to gain privileges via a modified PATH ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0821 (FreeBSD seyon allows local users to gain privileges by providing a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0822 (Buffer overflow in Qpopper (qpop) 3.0 allows remote root access via ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0823 (Buffer overflow in FreeBSD xmindpath allows local users to gain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0824 (A Windows NT user can use SUBST to map a drive letter to a folder, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0825 (The default permissions for UnixWare /var/mail allow local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0826 (Buffer overflow in FreeBSD angband allows local users to gain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0827 (By default, Internet Explorer 5.0 and other versions enables the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0828 (UnixWare pkg commands such as pkginfo, pkgcat, and pkgparam ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0829 (HP Secure Web Console uses weak encryption. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0830 (Buffer overflow in SCO UnixWare Xsco command via a long argument. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0831 (Denial of service in Linux syslogd via a large number of connections. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0832 (Buffer overflow in NFS server on Linux allows attackers to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0833 (Buffer overflow in BIND 8.2 via NXT records. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0834 (Buffer overflow in RSAREF2 via the encryption and decryption functions ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0835 (Denial of service in BIND named via malformed SIG records. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0836 (UnixWare uidadmin allows local users to modify arbitrary files via ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0837 (Denial of service in BIND by improperly closing TCP sessions via ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0838 (Buffer overflow in Serv-U FTP 2.5 allows remote users to conduct a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0839 (Windows NT Task Scheduler installed with Internet Explorer 5 allows a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0840 (Buffer overflow in CDE dtmail and dtmailpr programs allows local users ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0841 (Buffer overflow in CDE mailtool allows local users to gain root ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0842 (Symantec Mail-Gear 1.0 web interface server allows remote users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0843 (Denial of service in Cisco routers running NAT via a PORT command from ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0844 (Denial of service in MDaemon WorldClient and WebConfig services via ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0845 (Buffer overflow in SCO su program allows local users to gain root ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0846 (Denial of service in MDaemon 2.7 via a large number of connection ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0847 (Buffer overflow in free internet chess server (FICS) program, xboard. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0848 (Denial of service in BIND named via consuming more than "fdmax" file ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0849 (Denial of service in BIND named via maxdname. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0850 (The default permissions for Endymion MailMan allow local users to read ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0851 (Denial of service in BIND named via naptr. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0852 (IBM WebSphere sets permissions that allow a local user to modify a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0853 (Buffer overflow in Netscape Enterprise Server and Netscape ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0854 (Ultimate Bulletin Board stores data files in the cgi-bin directory, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0855 (Buffer overflow in FreeBSD gdc program. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0856 (login in Slackware 7.0 allows remote attackers to identify valid users ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0857 (FreeBSD gdc program allows local users to modify files via a symlink ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0858 (Internet Explorer 5 allows a remote attacker to modify the IE client's ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0859 (Solaris arp allows local users to read files via the -f parameter, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0860 (Solaris chkperm allows local users to read files owned by bin via ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0861 (Race condition in the SSL ISAPI filter in IIS and other servers may ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0862 (Insecure directory permissions in RPM distribution for PostgreSQL ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0863 (Buffer overflow in FreeBSD seyon via HOME environmental variable, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0864 (UnixWare programs that dump core allow a local user to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0865 (Buffer overflow in CommuniGatePro via a long string to the HTTP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0866 (Buffer overflow in UnixWare xauto program allows local users to gain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0867 (Denial of service in IIS 4.0 via a flood of HTTP requests with ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0868 (ucbmail allows remote attackers to execute commands via shell ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0869 (Internet Explorer 3.x to 4.01 allows a remote attacker to insert ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0870 (Internet Explorer 4.01 allows remote attackers to read arbitrary files ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0871 (Internet Explorer 4.0 and 4.01 allow a remote attacker to read files ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0872 (Buffer overflow in Vixie cron allows local users to gain root access ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0873 (Buffer overflow in Skyfull mail server via MAIL FROM command. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0874 (Buffer overflow in IIS 4.0 allows remote attackers to cause a denial ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0875 (DHCP clients with ICMP Router Discovery Protocol (IRDP) enabled allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0876 (Buffer overflow in Internet Explorer 4.0 via EMBED tag. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0877 (Internet Explorer 5 allows remote attackers to read files via an ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0878 (Buffer overflow in WU-FTPD and related FTP servers allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0879 (Buffer overflow in WU-FTPD and related FTP servers allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0880 (Denial of service in WU-FTPD via the SITE NEWER command, which does ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0881 (Falcon web server allows remote attackers to read arbitrary files via ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0882 (Falcon web server allows remote attackers to determine the absolute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0883 (Zeus web server allows remote attackers to read arbitrary files by ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0884 (The Zeus web server administrative interface uses weak encryption for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0885 (Alibaba web server allows remote attackers to execute commands via a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0886 (The security descriptor for RASMAN allows users to point to an ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0887 (FTGate web interface server allows remote attackers to read files via ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0888 (dbsnmp in Oracle Intelligent Agent allows local users to gain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0889 (Cisco 675 routers running CBOS allow remote attackers to establish ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0890 (iHTML Merchant allows remote attackers to obtain sensitive information ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0891 (The "download behavior" in Internet Explorer 5 allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0892 (Buffer overflow in Netscape Communicator before 4.7 via a dynamic font ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0893 (userOsa in SCO OpenServer allows local users to corrupt files via a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0894 (Red Hat Linux screen program does not use Unix98 ptys, allowing ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0895 (Firewall-1 does not properly restrict access to LDAP attributes. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0896 (Buffer overflow in RealNetworks RealServer administration utility ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0897 (iChat ROOMS Webserver allows remote attackers to read arbitrary files ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0898 (Buffer overflows in Windows NT 4.0 print spooler allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0899 (The Windows NT 4.0 print spooler allows a local user to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0900 (Buffer overflow in rpc.yppasswdd allows a local user to gain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0901 (ypserv allows a local user to modify the GECOS and login shells ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0902 (ypserv allows local administrators to modify password tables. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0903 (genfilt in the AIX Packet Filtering Module does not properly filter ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0904 (Buffer overflow in BFTelnet allows remote attackers to cause a denial ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0905 (Denial of service in Axent Raptor firewall via malformed zero-length ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0906 (Buffer overflow in sccw allows local users to gain root access via the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0907 (sccw allows local users to read arbitrary files. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0908 (Denial of service in Solaris TCP streams driver via a malicious ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0909 (Multihomed Windows systems allow a remote attacker to bypass IP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0910 (Microsoft Site Server and Commercial Internet System (MCIS) do not set ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0911 (Buffer overflow in ProFTPD, wu-ftpd, and beroftpd allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0912 (FreeBSD VFS cache (vfs_cache) allows local users to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0913 (dfire.cgi script in Dragon-Fire IDS allows remote users to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0914 (Buffer overflow in the FTP client in the Debian GNU/Linux netstd ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0915 (URL Live! web server allows remote attackers to read arbitrary files ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0916 (WebTrends software stores account names and passwords in a file which ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0917 (The Preloader ActiveX control used by Internet Explorer allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0918 (Denial of service in various Windows systems via malformed, fragmented ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0919 (A memory leak in a Motorola CableRouter allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0920 (Buffer overflow in the pop-2d POP daemon in the IMAP package allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0921 (BMC Patrol allows any remote attacker to flood its UDP port, causing a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0922 (An example application in ColdFusion Server 4.0 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0923 (Sample runnable code snippets in ColdFusion Server 4.0 allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0924 (The Syntax Checker in ColdFusion Server 4.0 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0925 (UnityMail allows remote attackers to conduct a denial of service via a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0926 (Apache allows remote attackers to conduct a denial of service via a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0927 (NTMail allows remote attackers to read arbitrary files via a .. (dot ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0928 (Buffer overflow in SmartDesk WebSuite allows remote attackers to cause ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0929 (Novell NetWare with Novell-HTTP-Server or YAWN web servers allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0930 (wwwboard allows a remote attacker to delete message board articles via ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0931 (Buffer overflow in Mediahouse Statistics Server allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0932 (Mediahouse Statistics Server allows remote attackers to read the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0933 (TeamTrack web server allows remote attackers to read arbitrary files ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0934 (classifieds.cgi allows remote attackers to read arbitrary files via ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0935 (classifieds.cgi allows remote attackers to execute arbitrary commands ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0936 (BNBSurvey survey.cgi program allows remote attackers to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0937 (BNBForm allows remote attackers to read arbitrary files via the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0938 (MBone SDR Package allows remote attackers to execute commands via ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0939 (Denial of service in Debian IRC Epic/epic4 client via a long string. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0940 (Buffer overflow in mutt mail client allows remote attackers to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0941 (Mutt mail client allows a remote attacker to execute commands via ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0942 (UnixWare dos7utils allows a local user to gain root privileges by ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0943 (Buffer overflow in OpenLink 3.2 allows remote attackers to gain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0944 (IBM WebSphere ikeyman tool uses weak encryption to store ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0945 (Buffer overflow in Internet Mail Service (IMS) for Microsoft Exchange ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0946 (Buffer overflow in Yamaha MidiPlug via a Text variable in an EMBED ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0947 (AN-HTTPd provides example CGI scripts test.bat, input.bat, input2.bat, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0948 (Buffer overflow in uum program for Canna input system allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0949 (Buffer overflow in canuum program for Canna input system allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0950 (Buffer overflow in WFTPD FTP server allows remote attackers to gain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0951 (Buffer overflow in OmniHTTPd CGI program imagemap.exe allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0952 (Buffer overflow in Solaris lpstat via class argument allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0953 (WWWBoard stores encrypted passwords in a password file that is ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0954 (WWWBoard has a default username and default password. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0955 (Race condition in wu-ftpd and BSDI ftpd allows remote attackers gain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0956 (The NeXT NetInfo _writers property allows local users to gain root ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0957 (MajorCool mj_key_cache program allows local users to modify files via ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0958 (sudo 1.5.x allows local users to execute arbitrary commands via a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0959 (IRIX startmidi program allows local users to modify arbitrary files ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0960 (IRIX cdplayer allows local users to create directories in arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0961 (HPUX sysdiag allows local users to gain root privileges via a symlink ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0962 (Buffer overflow in HPUX passwd command allows local users to gain root ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0963 (FreeBSD mount_union command allows local users to gain root privileges ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0964 (Buffer overflow in FreeBSD setlocale in the libc module allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0965 (Race condition in xterm allows local users to modify arbitrary files ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0966 (Buffer overflow in Solaris getopt in libc allows local users to gain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0967 (Buffer overflow in the HTML library used by Internet Explorer, Outlook ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0968 (Buffer overflow in BNC IRC proxy allows remote attackers to gain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0969 (The Windows NT RPC service allows remote attackers to conduct a denial ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0970 (The OmniHTTPD visadmin.exe program allows a remote attacker to conduct ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0971 (Buffer overflow in Exim allows local users to gain root privileges via ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0972 (Buffer overflow in Xshipwars xsw program. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0973 (Buffer overflow in Solaris snoop program allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0974 (Buffer overflow in Solaris snoop allows remote attackers to gain root ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0975 (The Windows help system can allow a local user to execute commands as ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0976 (Sendmail allows local users to reinitialize the aliases database via ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0977 (Buffer overflow in Solaris sadmind allows remote attackers to gain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0978 (htdig allows remote attackers to execute commands via filenames with ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0979 (The SCO UnixWare privileged process system allows local users to gain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0980 (Windows NT Service Control Manager (SCM) allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0981 (Internet Explorer 5.01 and earlier allows a remote attacker to create ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0982 (The Sun Web-Based Enterprise Management (WBEM) installation script ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0983 (Whois Internic Lookup program whois.cgi allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0984 (Matt's Whois program whois.cgi allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0985 (CC Whois program whois.cgi allows remote attackers to execute commands ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0986 (The ping command in Linux 2.0.3x allows local users to cause a denial ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0987 (Windows NT does not properly download a system policy if the domain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0988 (UnixWare pkgtrans allows local users to read arbitrary files via a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0989 (Buffer overflow in Internet Explorer 5 directshow filter (MSDXM.OCX) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0990 (Error messages generated by gdm with the VerboseAuth setting allows an ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0991 (Buffer overflow in GoodTech Telnet Server NT allows remote users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0992 (HP VirtualVault with the PHSS_17692 patch allows unprivileged ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0993 (Modifications to ACLs (Access Control Lists) in Microsoft Exchange ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0994 (Windows NT with SYSKEY reuses the keystream that is used for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0995 (Windows NT Local Security Authority (LSA) allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0996 (Buffer overflow in Infoseek Ultraseek search engine allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0997 (wu-ftp with FTP conversion enabled allows an attacker to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0998 (Cisco Cache Engine allows an attacker to replace content in the cache. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0999 (Microsoft SQL 7.0 server allows a remote attacker to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1000 (The web administration interface for Cisco Cache Engine allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1001 (Cisco Cache Engine allows a remote attacker to gain access via a null ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1002 (Netscape Navigator uses weak encryption for storing a user's Netscape ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1003 (War FTP Daemon 1.70 allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1004 (Buffer overflow in the POP server POProxy for the Norton Anti-Virus ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1005 (Groupwise web server GWWEB.EXE allows remote attackers to read ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1006 (Groupwise web server GWWEB.EXE allows remote attackers to determine ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1007 (Buffer overflow in VDO Live Player allows remote attackers to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1008 (xsoldier program allows local users to gain root access via a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1009 (The Disney Go Express Search allows remote attackers to access and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1010 (An SSH 1.2.27 server allows a client to use the "none" cipher, even if ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1011 (The Remote Data Service (RDS) DataFactory component of Microsoft Data ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1012 (SMTP component of Lotus Domino 4.6.1 on AS/400, and possibly other ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1013 (named-xfer in AIX 4.1.5 and 4.2.1 allows members of the system group ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1014 (Buffer overflow in mail command in Solaris 2.7 and 2.7 allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1015 (Buffer overflow in Apple AppleShare Mail Server 5.0.3 on MacOS 8.1 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1016 (Microsoft HTML control as used in (1) Internet Explorer 5.0, (2) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1017 (Seattle Labs Emurl 2.0, and possibly earlier versions, stores e-mail ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1018 (IPChains in Linux kernels 2.2.10 and earlier does not reassemble IP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1019 (SpectroSERVER in Cabletron Spectrum Enterprise Manager 5.0 installs a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1020 (The installation of Novell Netware NDS 5.99 provides an ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1021 (NFS on SunOS 4.1 through 4.1.2 ignores the high order 16 bits in a 32 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1022 (serial_ports administrative program in IRIX 4.x and 5.x trusts the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1023 (useradd in Solaris 7.0 does not properly interpret certain date ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1024 (ip_print procedure in Tcpdump 3.4a allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1025 (CDE screen lock program (screenlock) on Solaris 2.6 does not properly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1026 (aspppd on Solaris 2.5 x86 allows local users to modify arbitrary files ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1027 (Solaris 2.6 HW3/98 installs admintool with world-writable permissions, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1028 (Symantec pcAnywhere 8.0 allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1029 (SSH server (sshd2) before 2.0.12 does not properly record login ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1030 (counter.exe 2.70 allows a remote attacker to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1031 (counter.exe 2.70 allows a remote attacker to cause a denial of service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1032 (Vulnerability in LAT/Telnet Gateway (lattelnet) on Ultrix 4.1 and 4.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1033 (Microsoft Outlook Express before 4.72.3612.1700 allows a malicious ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1034 (Vulnerability in login in AT&T System V Release 4 allows local users ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1035 (IIS 3.0 and 4.0 on x86 and Alpha allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1036 (COPS 1.04 allows local users to overwrite or create arbitrary files ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1037 (rex.satan in SATAN 1.1.1 allows local users to overwrite arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1038 (Tiger 2.2.3 allows local users to overwrite arbitrary files via a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1039 (Vulnerability in (1) diskalign and (2) diskperf in IRIX 6.4 patches ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1040 (Vulnerabilities in (1) ipxchk and (2) ipxlink in NetWare Client 1.0 on ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1041 (Buffer overflow in mscreen on SCO OpenServer 5.0 and SCO UNIX 3.2v4 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1042 (Cisco Resource Manager (CRM) 1.0 and 1.1 creates world-readable log ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1043 (Microsoft Exchange Server 5.5 and 5.0 does not properly handle (1) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1044 (Vulnerability in Advanced File System Utility (advfs) in Digital UNIX ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1045 (pnserver in RealServer 5.0 and earlier allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1046 (Buffer overflow in IMonitor in IMail 5.0 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1047 (When BSDI patches for Gauntlet 5.0 BSDI are installed in a particular ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1048 (Buffer overflow in bash 2.0.0, 1.4.17, and other versions allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1049 (ARCserve NT agents use weak encryption (XOR) for passwords, which ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1050 (Directory traversal vulnerability in Matt Wright FormHandler.cgi ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1051 (Default configuration in Matt Wright FormHandler.cgi script allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1052 (Microsoft FrontPage stores form results in a default location in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1053 (guestbook.pl cleanses user-inserted SSI commands by removing text ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1054 (The default configuration of FLEXlm license manager 6.0d, and possibly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1055 (Microsoft Excel 97 does not warn the user before executing worksheet ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1056 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1057 (VMS 4.0 through 5.3 allows local users to gain privileges via the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1058 (Buffer overflow in Vermillion FTP Daemon VFTPD 1.23 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1059 (Vulnerability in rexec daemon (rexecd) in AT&T TCP/IP 4.0 for various ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1060 (Buffer overflow in Tetrix TetriNet daemon 1.13.16 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1061 (HP Laserjet printers with JetDirect cards, when configured with ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1062 (HP Laserjet printers with JetDirect cards, when configured with ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1063 (CDomain whois_raw.cgi whois CGI script allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1064 (Multiple buffer overflows in WindowMaker 0.52 through 0.60.0 allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1065 (Palm Pilot HotSync Manager 3.0.4 in Windows 98 allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1066 (Quake 1 server responds to an initial UDP game connection request with ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1067 (SGI MachineInfo CGI program, installed by default on some web servers, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1068 (Oracle Webserver 2.1, when serving PL/SQL stored procedures, allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1069 (Directory traversal vulnerability in carbo.dll in iCat Carbo Server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1070 (Buffer overflow in ping CGI program in Xylogics Annex terminal service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1071 (Excite for Web Servers (EWS) 1.1 installs the Architext.conf ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1072 (Excite for Web Servers (EWS) 1.1 allows local users to gain privileges ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1073 (Excite for Web Servers (EWS) 1.1 records the first two characters of a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1074 (Webmin before 0.5 does not restrict the number of invalid passwords ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1075 (inetd in AIX 4.1.5 dynamically assigns a port N when starting ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1076 (Idle locking function in MacOS 9 allows local users to bypass the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1077 (Idle locking function in MacOS 9 allows local attackers to bypass the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1078 (WS_FTP Pro 6.0 uses weak encryption for passwords in its ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1079 (Vulnerability in ptrace in AIX 4.3 allows local users to gain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1080 (rmmount in SunOS 5.7 may mount file systems without the nosuid flag ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1081 (Vulnerability in files.pl script in Novell WebServer Examples Toolkit ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1082 (Directory traversal vulnerability in Jana proxy web server 1.40 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1083 (Directory traversal vulnerability in Jana proxy web server 1.45 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1084 (The "AEDebug" registry key is installed with insecure permissions, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1085 (SSH 1.2.25, 1.2.23, and other versions, when used in in CBC (Cipher ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1086 (Novell 5 and earlier, when running over IPX with a packet signature ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1087 (Internet Explorer 4 treats a 32-bit number ("dotless IP address") in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1088 (Vulnerability in chsh command in HP-UX 9.X through 10.20 allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1089 (Buffer overflow in chfn command in HP-UX 9.X through 10.20 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1090 (The default configuration of NCSA Telnet package for Macintosh and PC ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1091 (UNIX news readers tin and rtin create the /tmp/.tin_log file with ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1092 (tin 1.40 creates the .tin directory with insecure permissions, which ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1093 (Buffer overflow in the Window.External function in the JScript ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1094 (Buffer overflow in Internet Explorer 4.01 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1095 (sort creates temporary files and follows symbolic links, which allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1096 (Buffer overflow in kscreensaver in KDE klock allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1097 (Microsoft NetMeeting 2.1 allows one client to read the contents of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1098 (Vulnerability in BSD Telnet client with encryption and Kerberos 4 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1099 (Kerberos 4 allows remote attackers to obtain sensitive information via ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1100 (Cisco PIX Private Link 4.1.6 and earlier does not properly process ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1101 (Kabsoftware Lydia utility uses weak encryption to store user passwords ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1102 (lpr on SunOS 4.1.1, BSD 4.3, A/UX 2.0.1, and other BSD-based operating ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1103 (dxconsole in DEC OSF/1 3.2C and earlier allows local users to read ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1104 (Windows 95 uses weak encryption for the password list (.pwl) file used ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1105 (Windows 95, when Remote Administration and File Sharing for NetWare ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1106 (Buffer overflow in kppp in KDE allows local users to gain root access ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1107 (Buffer overflow in kppp in KDE allows local users to gain root access ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1108 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1109 (Sendmail before 8.10.0 allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1110 (Windows Media Player ActiveX object as used in Internet Explorer 5.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1111 (Vulnerability in StackGuard before 1.21 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1112 (Buffer overflow in IrfanView32 3.07 and earlier allows attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1113 (Buffer overflow in Eudora Internet Mail Server (EIMS) 2.01 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1114 (Buffer overflow in Korn Shell (ksh) suid_exec program on IRIX 6.x and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1115 (Vulnerability in the /etc/suid_exec program in HP Apollo Domain/OS ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1116 (Vulnerability in runpriv in Indigo Magic System Administration ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1117 (lquerypv in AIX 4.1 and 4.2 allows local users to read arbitrary files ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1118 (ndd in Solaris 2.6 allows local users to cause a denial of service by ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1119 (FTP installation script anon.ftp in AIX insecurely configures ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1120 (netprint in SGI IRIX 6.4 and earlier trusts the PATH environmental ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1121 (The default configuration for UUCP in AIX before 3.2 allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1122 (Vulnerability in restore in SunOS 4.0.3 and earlier allows local users ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1123 (The installation of Sun Source (sunsrc) tapes allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1124 (HTTP Client application in ColdFusion allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1125 (Oracle Webserver 2.1 and earlier runs setuid root, but the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1126 (Cisco Resource Manager (CRM) 1.1 and earlier creates certain files ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1127 (Windows NT 4.0 does not properly shut down invalid named pipe RPC ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1128 (Internet Explorer 3.01 on Windows 95 allows remote malicious web sites ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1129 (Cisco Catalyst 2900 Virtual LAN (VLAN) switches allow remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1130 (Default configuration of the search engine in Netscape Enterprise ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1131 (Buffer overflow in OSF Distributed Computing Environment (DCE) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1132 (Windows NT 4.0 allows remote attackers to cause a denial of service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1133 (HP-UX 9.x and 10.x running X windows may allow local attackers to gain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1134 (Vulnerability in Vue 3.0 in HP 9.x allows local users to gain root ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1135 (Vulnerability in VUE 3.0 in HP 9.x allows local users to gain root ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1136 (Vulnerability in Predictive on HP-UX 11.0 and earlier, and MPE/iX 5.5 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1137 (The permissions for the /dev/audio device on Solaris 2.2 and earlier, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1138 (SCO UNIX System V/386 Release 3.2, and other SCO products, installs ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1139 (Character-Terminal User Environment (CUE) in HP-UX 11.0 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1140 (Buffer overflow in CrackLib 2.5 may allow local users to gain root ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1141 (Ascom Timeplex router allows remote attackers to obtain sensitive ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1142 (SunOS 4.1.2 and earlier allows local users to gain privileges via ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1143 (Vulnerability in runtime linker program rld in SGI IRIX 6.x and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1144 (Certain files in MPower in HP-UX 10.x are installed with insecure ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1145 (Vulnerability in Glance programs in GlancePlus for HP-UX 10.20 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1146 (Vulnerability in Glance and gpm programs in GlancePlus for HP-UX 9.x ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1147 (Buffer overflow in Platinum Policy Compliance Manager (PCM) 7.0 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1148 (FTP service in IIS 4.0 and earlier allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1149 (Buffer overflow in CSM Proxy 4.1 allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1150 (Livingston Portmaster routers running ComOS use the same initial ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1151 (Compaq/Microcom 6000 Access Integrator does not cause a session ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1152 (Compaq/Microcom 6000 Access Integrator does not disconnect a client ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1153 (HAMcards Postcard CGI script 1.0 allows remote attackers to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1154 (LakeWeb Filemail CGI script allows remote attackers to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1155 (LakeWeb Mail List CGI script allows remote attackers to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1156 (BisonWare FTP Server 4.1 and earlier allows remote attackers to cause ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1157 (Tcpip.sys in Windows NT 4.0 before SP4 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1158 (Buffer overflow in (1) pluggable authentication module (PAM) on ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1159 (SSH 2.0.11 and earlier allows local users to request remote forwarding ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1160 (Vulnerability in ftpd/kftpd in HP-UX 10.x and 9.x allows local and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1161 (Vulnerability in ppl in HP-UX 10.x and earlier allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1162 (Vulnerability in passwd in SCO UNIX 4.0 and earlier allows attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1163 (Vulnerability in HP Series 800 S/X/V Class servers allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1164 (Microsoft Outlook client allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1165 (GNU fingerd 1.37 does not properly drop privileges before accessing ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1166 (Linux 2.0.37 does not properly encode the Custom segment limit, which ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1167 (Cross-site scripting vulnerability in Third Voice Web annotation ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1168 (install.iss installation script for Internet Security Scanner (ISS) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1169 (nobo 1.2 allows remote attackers to cause a denial of service (crash) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1170 (IPswitch IMail allows local users to gain additional privileges and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1171 (IPswitch WS_FTP allows local users to gain additional privileges and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1172 (By design, Maximizer Enterprise 4 calendar and address book program ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1173 (Corel Word Perfect 8 for Linux creates a temporary working directory ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1174 (ZIP drive for Iomega ZIP-100 disks allows attackers with physical ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1175 (Web Cache Control Protocol (WCCP) in Cisco Cache Engine for Cisco IOS ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1176 (Buffer overflow in cidentd ident daemon allows local users to gain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1177 (Directory traversal vulnerability in nph-publish before 1.2 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1178 (Sambar Server 4.1 beta allows remote attackers to obtain sensitive ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1179 (Vulnerability in man.sh CGI script, included in May 1998 issue of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1180 (O'Reilly WebSite 1.1e and Website Pro 2.0 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1181 (Vulnerability in On-Line Customer Registration software for IRIX 6.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1182 (Buffer overflow in run-time linkers (1) ld.so or (2) ld-linux.so for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1183 (System Manager sysmgr GUI in SGI IRIX 6.4 and 6.3 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1184 (Buffer overflow in Elm 2.4 and earlier allows local users to gain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1185 (Buffer overflow in SCO mscreen allows local users to gain root ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1186 (rxvt, when compiled with the PRINT_PIPE option in various Linux ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1187 (Pine before version 3.94 allows local users to gain privileges via a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1188 (mysqld in MySQL 3.21 creates log files with world-readable ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1189 (Buffer overflow in Netscape Navigator/Communicator 4.7 for Windows 95 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1190 (Buffer overflow in POP3 server of Admiral Systems EmailClub 1.05 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1191 (Buffer overflow in chkey in Solaris 2.5.1 and earlier allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1192 (Buffer overflow in eeprom in Solaris 2.5.1 and earlier allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1193 (The "me" user in NeXT NeXTstep 2.1 and earlier has wheel group ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1194 (chroot in Digital Ultrix 4.1 and 4.0 is insecurely installed, which ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1195 (NAI VirusScan NT 4.0.2 does not properly modify the scan.dat virus ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1196 (Hummingbird Exceed X version 5 allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1197 (TIOCCONS in SunOS 4.1.1 does not properly check the permissions of a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1198 (BuildDisk program on NeXT systems before 2.0 does not prompt users for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1199 (Apache WWW server 1.3.1 and earlier allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1200 (Vintra SMTP MailServer allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1201 (Windows 95 and Windows 98 systems, when configured with multiple ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1202 (StarTech (1) POP3 proxy server and (2) telnet server allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1203 (Multilink PPP for ISDN dialup users in Ascend before 4.6 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1204 (Check Point Firewall-1 does not properly handle certain restricted ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1205 (nettune in HP-UX 10.01 and 10.00 is installed setuid root, which ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1206 (SystemSoft SystemWizard package in HP Pavilion PC with Windows 98, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1207 (Buffer overflow in web-admin tool in NetXRay 2.6 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1208 (Buffer overflow in ping in AIX 4.2 and earlier allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1209 (Vulnerability in scoterm in SCO OpenServer 5.0 and SCO Open ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1210 (xterm in Digital UNIX 4.0B *with* patch kit 5 allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1211 (Vulnerability in in.telnetd in SunOS 4.1.1 and earlier allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1212 (Vulnerability in in.rlogind in SunOS 4.0.3 and 4.0.3c allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1213 (Vulnerability in telnet service in HP-UX 10.30 allows attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1214 (The asynchronous I/O facility in 4.4 BSD kernel does not check user ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1215 (LOGIN.EXE program in Novell Netware 4.0 and 4.01 temporarily writes ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1216 (Cisco routers 9.17 and earlier allow remote attackers to bypass ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1217 (The PATH in Windows NT includes the current working directory (.), ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1218 (Vulnerability in finger in Commodore Amiga UNIX 2.1p2a and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1219 (Vulnerability in sgihelp in the SGI help system and print manager in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1220 (Majordomo 1.94.3 and earlier allows remote attackers to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1221 (dxchpwd in Digital Unix (OSF/1) 3.x allows local users to modify ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1222 (Netbt.sys in Windows NT 4.0 allows remote malicious DNS servers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1223 (IIS 3.0 allows remote attackers to cause a denial of service via a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1224 (IMAP 4.1 BETA, and possibly other versions, does not properly handle ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1225 (rpc.mountd on Linux, Ultrix, and possibly other operating systems, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1226 (Netscape Communicator 4.7 and earlier allows remote attackers to cause ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1227 (Ethereal allows local users to overwrite arbitrary files via a symlink ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1228 (Various modems that do not implement a guard time, or are configured ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1229 (Quake 2 server 3.13 on Linux does not properly check file permissions ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1230 (Quake 2 server allows remote attackers to cause a denial of service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1231 (ssh 2.0.12, and possibly other versions, allows valid user names to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1232 (Untrusted search path vulnerability in day5datacopier in SGI IRIX 6.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1233 (IIS 4.0 does not properly restrict access for the initial session ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1234 (LSA (LSASS.EXE) in Windows NT 4.0 allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1235 (Internet Explorer 5.0 records the username and password for FTP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1236 (Internet Anywhere Mail Server 2.3.1 stores passwords in plaintext in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1237 (Multiple buffer overflows in smbvalid/smbval SMB authentication ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1238 (Vulnerability in CORE-DIAG fileset in HP message catalog in HP-UX 9.05 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1239 (HP-UX 9.x does not properly enable the Xauthority mechanism in certain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1240 (Buffer overflow in cddbd CD database server allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1241 (Internet Explorer, with a security setting below Medium, allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1242 (Vulnerability in subnetconfig in HP-UX 9.01 and 9.0 allows local users ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1243 (SGI Desktop Permissions Tool in IRIX 6.0.1 and earlier allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1244 (IPFilter 3.2.3 through 3.2.10 allows local users to modify arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1245 (vacm ucd-snmp SNMP server, version 3.52, does not properly disable ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1246 (Direct Mailer feature in Microsoft Site Server 3.0 saves user domain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1247 (Vulnerability in HP Camera component of HP DCE/9000 in HP-UX 9.x ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1248 (Vulnerability in Support Watch (aka SupportWatch) in HP-UX 8.0 through ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1249 (movemail in HP-UX 10.20 has insecure permissions, which allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1250 (Vulnerability in CGI program in the Lasso application by Blue World, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1251 (Vulnerability in direct audio user space code on HP-UX 10.20 and 10.10 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1252 (Vulnerability in a certain system call in SCO UnixWare 2.0.x and 2.1.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1253 (Vulnerability in a kernel error handling routine in SCO OpenServer ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1254 (Windows 95, 98, and NT 4.0 allow remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1255 (Hyperseek allows remote attackers to modify the hyperseek ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1256 (Oracle Database Assistant 1.0 in Oracle 8.0.3 Enterprise Edition ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1257 (Xyplex terminal server 6.0.1S1, and possibly other versions, allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1258 (rpc.pwdauthd in SunOS 4.1.1 and earlier does not properly prevent ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1259 (Microsoft Office 98, Macintosh Edition, does not properly initialize ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1260 (mSQL (Mini SQL) 2.0.6 allows remote attackers to obtain sensitive ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1261 (Buffer overflow in Rainbow Six Multiplayer allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1262 (Java in Netscape 4.5 does not properly restrict applets from ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1263 (Metamail before 2.7-7.2 allows remote attackers to overwrite arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1264 (WebRamp M3 router does not disable remote telnet or HTTP access to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1265 (SMTP server in SLmail 3.1 and earlier allows remote attackers to cause ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1266 (rsh daemon (rshd) generates different error messages when a valid ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1267 (KDE file manager (kfm) uses a TCP server for certain file operations, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1268 (Vulnerability in KDE konsole allows local users to hijack or observe ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1269 (Screen savers in KDE beta 3 allows local users to overwrite arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1270 (KMail in KDE 1.0 provides a PGP passphrase as a command line argument ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1271 (Macromedia Dreamweaver uses weak encryption to store FTP passwords, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1272 (Buffer overflows in CDROM Confidence Test program (cdrom) allow local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1273 (Squid Internet Object Cache 1.1.20 allows users to bypass access ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1274 (iPass RoamServer 3.1 creates temporary files with world-writable ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1275 (Lotus cc:Mail release 8 stores the postoffice password in plaintext in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1276 (fte-console in the fte package before 0.46b-4.1 does not drop root ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1277 (BackWeb client stores the username and password in cleartext for proxy ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1278 (nlog CGI scripts do not properly filter shell metacharacters from the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1279 (An interaction between the AS/400 shared folders feature and Microsoft ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1280 (Hummingbird Exceed 6.0.1.0 inadvertently includes a DLL that was meant ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1281 (Development version of Breeze Network Server allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1282 (RealSystem G2 server stores the administrator password in cleartext in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1283 (Opera 3.2.1 allows remote attackers to cause a denial of service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1284 (NukeNabber allows remote attackers to cause a denial of service by ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1285 (Linux 2.1.132 and earlier allows local users to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1286 (addnetpr in SGI IRIX 6.2 and earlier allows local users to modify ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1287 (Vulnerability in Analog 3.0 and earlier allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1288 (Samba 1.9.18 inadvertently includes a prototype application, wsmbconf, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1289 (ICQ 98 beta on Windows NT leaks the internal IP address of a client in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1290 (Buffer overflow in nftp FTP client version 1.40 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1291 (TCP/IP implementation in Microsoft Windows 95, Windows NT 4.0, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1292 (Buffer overflow in web administration feature of Kolban Webcam32 4.8.3 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1293 (mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1294 (Office Shortcut Bar (OSB) in Windows 3.51 enables backup and restore ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1295 (Transarc DCE Distributed File System (DFS) 1.1 for Solaris 2.4 and 2.5 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1296 (Buffer overflow in Kerberos IV compatibility libraries as used in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1297 (cmdtool in OpenWindows 3.0 and XView 3.0 in SunOS 4.1.4 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1298 (Sysinstall in FreeBSD 2.2.1 and earlier, when configuring anonymous ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1299 (rcp on various Linux systems including Red Hat 4.0 allows a "nobody" ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1300 (Vulnerability in accton in Cray UNICOS 6.1 and 6.0 allows local users ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1301 (A design flaw in the Z-Modem protocol allows the remote sender of a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1302 (Unspecified vulnerability in pt_chmod in SCO UNIX 4.2 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1303 (Vulnerability in prwarn in SCO UNIX 4.2 and earlier allows local users ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1304 (Vulnerability in login in SCO UNIX 4.2 and earlier allows local users ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1305 (Vulnerability in "at" program in SCO UNIX 4.2 and earlier allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1306 (Cisco IOS 9.1 and earlier does not properly handle extended IP access ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1307 (Vulnerability in urestore in Novell UnixWare 1.1 allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1308 (Certain programs in HP-UX 10.20 do not properly handle large user IDs ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1309 (Sendmail before 8.6.7 allows local users to gain root access via a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1310 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1311 (Vulnerability in dtlogin and dtsession in HP-UX 10.20 and 10.10 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1312 (Vulnerability in DEC OpenVMS VAX 5.5-2 through 5.0, and OpenVMS AXP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1313 (Manual page reader (man) in FreeBSD 2.2 and earlier allows local users ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1314 (Vulnerability in union file system in FreeBSD 2.2 and earlier, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1315 (Vulnerabilities in DECnet/OSI for OpenVMS before 5.8 on DEC Alpha AXP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1316 (Passfilt.dll in Windows NT SP2 allows users to create a password that ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1317 (Windows NT 4.0 SP4 and earlier allows local users to gain privileges ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1318 (/usr/5bin/su in SunOS 4.1.3 and earlier uses a search path that ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1319 (Vulnerability in object server program in SGI IRIX 5.2 through 6.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1320 (Vulnerability in Novell NetWare 3.x and earlier allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1321 (Buffer overflow in ssh 1.2.26 client with Kerberos V enabled could ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1322 (The installation of 1ArcServe Backup and Inoculan AV client modules ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1323 (Norton AntiVirus for Internet Email Gateways (NAVIEG) 1.0.1.7 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1324 (VAXstations running Open VMS 5.3 through 5.5-2 with VMS DECwindows or ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1325 (SAS System 5.18 on VAX/VMS is installed with insecure permissions for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1326 (wu-ftpd 2.4 FTP server does not properly drop privileges when an ABOR ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1327 (Buffer overflow in linuxconf 1.11r11-rh2 on Red Hat Linux 5.1 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1328 (linuxconf before 1.11.r11-rh3 on Red Hat Linux 5.1 allows local users ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1329 (Buffer overflow in SysVInit in Red Hat Linux 5.1 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1330 (The snprintf function in the db library 1.85.4 ignores the size ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1331 (netcfg 2.16-1 in Red Hat Linux 4.2 allows the Ethernet interface to be ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1332 (gzexe in the gzip package on Red Hat Linux 5.0 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1333 (automatic download option in ncftp 2.4.2 FTP client in Red Hat Linux ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1334 (Multiple buffer overflows in filter command in Elm 2.4 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1335 (snmpd server in cmu-snmp SNMP package before 3.3-1 in Red Hat Linux ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1336 (3Com HiPer Access Router Card (HiperARC) 4.0 through 4.2.29 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1337 (FTP client in Midnight Commander (mc) before 4.5.11 stores usernames ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1338 (Delegate proxy 5.9.3 and earlier creates files and directories in the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1339 (Vulnerability when Network Address Translation (NAT) is enabled in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1340 (Buffer overflow in faxalter in hylafax 4.0.2 allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1341 (Linux kernel before 2.3.18 or 2.2.13pre15, with SLIP and PPP options, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1342 (ICQ ActiveList Server allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1343 (HTTP server for Xerox DocuColor 4 LP allows remote attackers to cause ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1344 (Auto_FTP.pl script in Auto_FTP 0.2 stores usernames and passwords in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1345 (Auto_FTP.pl script in Auto_FTP 0.2 uses the /tmp/ftp_tmp as a shared ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1346 (PAM configuration file for rlogin in Red Hat Linux 6.1 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1347 (Xsession in Red Hat Linux 6.1 and earlier can allow local users with ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1348 (Linuxconf on Red Hat Linux 6.0 and earlier does not properly disable ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1349 (NFS daemon (nfsd.exe) for Omni-NFS/X 6.1 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1350 (ARCAD Systemhaus 0.078-5 installs critical programs and files with ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1351 (Directory traversal vulnerability in KVIrc IRC client 0.9.0 with the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1352 (mknod in Linux 2.2 follows symbolic links, which could allow local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1353 (Nosque MsgCore 2.14 stores passwords in cleartext: (1) the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1354 (E-mail client in Softarc FirstClass Internet Server 5.506 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1355 (BMC Patrol component, when installed with Compaq Insight Management ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1356 (Compaq Integration Maintenance Utility as used in Compaq Insight ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1357 (Netscape Communicator 4.04 through 4.7 (and possibly other versions) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1358 (When an administrator in Windows NT or Windows 2000 changes a user ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1359 (When the Ntconfig.pol file is used on a server whose name is longer ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1360 (Windows NT 4.0 allows local users to cause a denial of service via a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1361 (Windows NT 3.51 and 4.0 running WINS (Windows Internet Name Service) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1362 (Win32k.sys in Windows NT 4.0 before SP2 allows local users to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1363 (Windows NT 3.51 and 4.0 allow local users to cause a denial of service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1364 (Windows NT 4.0 allows local users to cause a denial of service (crash) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1365 (Windows NT searches a user's home directory (%systemroot% by default) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1366 (Pegasus e-mail client 3.0 and earlier uses weak encryption to store ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1367 (Internet Explorer 5.0 does not properly reset the username/password ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1368 (AV Option for MS Exchange Server option for InoculateIT 4.53, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1369 (Real Media RealServer (rmserver) 6.0.3.353 stores a password in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1370 (The setup wizard (ie5setup.exe) for Internet Explorer 5.0 disables (1) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1371 (Buffer overflow in /usr/bin/write in Solaris 2.6 and 7 allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1372 (Triactive Remote Manager with Basic authentication enabled stores the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1373 (FORE PowerHub before 5.0.1 allows remote attackers to cause a denial ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1374 (perlshop.cgi shopping cart program stores sensitive customer ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1375 (FileSystemObject (FSO) in the showfile.asp Active Server Page (ASP) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1376 (Buffer overflow in fpcount.exe in IIS 4.0 with FrontPage Server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1377 (Matt Wright's download.cgi 1.0 allows remote attackers to read ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1378 (dbmlparser.exe CGI guestbook program does not perform a chroot ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1379 (DNS allows remote attackers to use DNS name servers as traffic ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1380 (Symantec Norton Utilities 2.0 for Windows 95 marks the TUNEOCX.OCX ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1381 (Buffer overflow in dbadmin CGI program 1.0.1 on Linux allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1382 (NetWare NFS mode 1 and 2 implements the "Read Only" flag in Unix by ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1383 ((1) bash before 1.14.7, and (2) tcsh 6.05 allow local users to gain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1384 (Indigo Magic System Tour in the SGI system tour package (systour) for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1385 (Buffer overflow in ppp program in FreeBSD 2.1 and earlier allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1386 (Perl 5.004_04 and earlier follows symbolic links when running with the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1387 (Windows NT 4.0 SP2 allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1388 (passwd in SunOS 4.1.x allows local users to overwrite arbitrary files ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1389 (US Robotics/3Com Total Control Chassis with Frame Relay between 3.6.22 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1390 (suidexec in suidmanager 0.18 on Debian 2.0 allows local users to gain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1391 (Vulnerability in NeXT 1.0a and 1.0 with publicly accessible printers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1392 (Vulnerability in restore0.9 installation script in NeXT 1.0a and 1.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1393 (Control Panel "Password Security" option for Apple Powerbooks allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1394 (BSD 4.4 based operating systems, when running at security level 1, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1395 (Vulnerability in Monitor utility (SYS$SHARE:SPISHR.EXE) in VMS 5.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1396 (Vulnerability in integer multiplication emulation code on SPARC ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1397 (Index Server 2.0 on IIS 4.0 stores physical path information in the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1398 (Vulnerability in xfsdump in SGI IRIX may allow local users to obtain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1399 (spaceball program in SpaceWare 7.3 v1.0 in IRIX 6.2 allows local users ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1400 (The Economist screen saver 1999 with the "Password Protected" option ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1401 (Vulnerability in Desktop searchbook program in IRIX 5.0.x through 6.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1402 (The access permissions for a UNIX domain socket are ignored in Solaris ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1403 (IBM/Tivoli OPC Tracker Agent version 2 release 1 creates files, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1404 (IBM/Tivoli OPC Tracker Agent version 2 release 1 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1405 (snap command in AIX before 4.3.2 creates the /tmp/ibmsupt directory ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1406 (dumpreg in Red Hat Linux 5.1 opens /dev/mem with O_RDWR access, which ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1407 (ifdhcpc-done script for configuring DHCP on Red Hat Linux 5 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1408 (Vulnerability in AIX 4.1.4 and HP-UX 10.01 and 9.05 allows local users ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1409 (The at program in IRIX 6.2 and NetBSD 1.3.2 and earlier allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1410 (addnetpr in IRIX 5.3 and 6.2 allows local users to overwrite arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1411 (The installation of the fsp package 2.71-10 in Debian GNU/Linux 2.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1412 (A possible interaction between Apple MacOS X release 1.0 and Apache ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1413 (Solaris 2.4 before kernel jumbo patch -35 allows set-gid programs to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1414 (IBM Netfinity Remote Control allows local users to gain administrator ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1415 (Vulnerability in /usr/bin/mail in DEC ULTRIX before 4.2 allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1416 (AnswerBook2 (AB2) web server dwhttpd 3.1a4 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1417 (Format string vulnerability in AnswerBook2 (AB2) web server dwhttpd ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1418 (ICQ99 ICQ web server build 1701 with "Active Homepage" enabled ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1419 (Buffer overflow in nss_nisplus.so.1 library in NIS+ in Solaris 2.3 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1420 (NBase switches NH2012, NH2012R, NH2015, and NH2048 have a back door ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1421 (NBase switches NH208 and NH215 run a TFTP server which allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1422 (The default configuration of Slackware 3.4, and possibly other ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1423 (ping in Solaris 2.3 through 2.6 allows local users to cause a denial ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1424 (Solaris Solstice AdminSuite (AdminSuite) 2.1 uses unsafe permissions ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1425 (Solaris Solstice AdminSuite (AdminSuite) 2.1 incorrectly sets write ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1426 (Solaris Solstice AdminSuite (AdminSuite) 2.1 follows symbolic links ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1427 (Solaris Solstice AdminSuite (AdminSuite) 2.1 and 2.2 create lock files ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1428 (Solaris Solstice AdminSuite (AdminSuite) 2.1 and 2.2 allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1429 (DIT TransferPro installs devices with world-readable and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1430 (PIM software for Royal daVinci does not properly password-protext ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1431 (ZAK in Appstation mode allows users to bypass the "Run only allowed ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1432 (Power management (Powermanagement) on Solaris 2.4 through 2.6 does not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1433 (HP JetAdmin D.01.09 on Solaris allows local users to change the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1434 (login in Slackware Linux 3.2 through 3.5 does not properly check for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1435 (Buffer overflow in libsocks5 library of Socks 5 (socks5) 1.0r5 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1436 (Ray Chan WWW Authorization Gateway 0.1 CGI program allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1437 (ePerl 2.2.12 allows remote attackers to read arbitrary files and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1438 (Vulnerability in /bin/mail in SunOS 4.1.1 and earlier allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1439 (gcc 2.7.2 allows local users to overwrite arbitrary files via a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1440 (Win32 ICQ 98a 1.30, and possibly other versions, does not display the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1441 (Linux 2.0.34 does not properly prevent users from sending SIGIO ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1442 (Bug in AMD K6 processor on Linux 2.0.x and 2.1.x kernels allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1443 (Micah Software Full Armor Network Configurator and Zero Administration ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1444 (genkey utility in Alibaba 2.0 generates RSA key pairs with an exponent ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1445 (Vulnerability in imapd and ipop3d in Slackware 3.4 and 3.3 with ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1446 (Internet Explorer 3 records a history of all URL's that are visited by ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1447 (Internet Explorer 4.0 allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1448 (Eudora and Eudora Light before 3.05 allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1449 (SunOS 4.1.4 on a Sparc 20 machine allows local users to cause a denial ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1450 (Vulnerability in (1) rlogin daemon rshd and (2) scheme on SCO UNIX ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1451 (The Winmsdp.exe sample file in IIS 4.0 and Site Server 3.0 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1452 (GINA in Windows NT 4.0 allows attackers with physical access to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1453 (Internet Explorer 4 allows remote attackers (malicious web site ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1454 (Macromedia "The Matrix" screen saver on Windows 95 with the "Password ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1455 (RSH service utility RSHSVC in Windows NT 3.5 through 4.0 does not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1456 (thttpd HTTP server 2.03 and earlier allows remote attackers to read ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1457 (Buffer overflow in thttpd HTTP server before 2.04-31 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1458 (Buffer overflow in at program in Digital UNIX 4.0 allows local users ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1459 (BMC PATROL Agent before 3.2.07 allows local users to gain root ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1460 (BMC PATROL SNMP Agent before 3.2.07 allows local users to create ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1461 (inpview in InPerson on IRIX 5.3 through IRIX 6.5.10 trusts the PATH ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1462 (Vulnerability in bb-hist.sh CGI History module in Big Brother 1.09b ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1463 (Windows NT 4.0 before SP3 allows remote attackers to bypass firewall ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1464 (Vulnerability in Cisco IOS 11.1CC and 11.1CT with distributed fast ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1465 (Vulnerability in Cisco IOS 11.1 through 11.3 with distributed fast ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1466 (Vulnerability in Cisco routers versions 8.2 through 9.1 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1467 (Vulnerability in rcp on SunOS 4.0.x allows remote attackers from ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1468 (rdist in various UNIX systems uses popen to execute sendmail, which ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1469 (Buffer overflow in w3-auth CGI program in miniSQL package allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1470 (Eastman Work Management 3.21 stores passwords in cleartext in the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1471 (Buffer overflow in passwd in BSD based operating systems 4.3 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1472 (Internet Explorer 4.0 allows remote attackers to read arbitrary text ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1473 (When a Web site redirects the browser to another site, Internet ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1474 (PowerPoint 95 and 97 allows remote attackers to cause an application ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1475 (ProFTPd 1.2 compiled with the mod_sqlpw module records user passwords ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1476 (A bug in Intel Pentium processor (MMX and Overdrive) allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1477 (Buffer overflow in GNOME libraries 1.0.8 allows local user to gain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1478 (The Sun HotSpot Performance Engine VM allows a remote attacker to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1479 (The textcounter.pl by Matt Wright allows remote attackers to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1480 ((1) acledit and (2) aclput in AIX 4.3 allow local users to create or ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1481 (Squid 2.2.STABLE5 and below, when using external authentication, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1482 (SVGAlib zgv 3.0-7 and earlier allows local users to gain root access ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1483 (Buffer overflow in zgv in svgalib 1.2.10 and earlier allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1484 (Buffer overflow in MSN Setup BBS 4.71.0.10 ActiveX control ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1485 (nsd in IRIX 6.5 through 6.5.2 exports a virtual filesystem on a UDP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1486 (sadc in IBM AIX 4.1 through 4.3, when called from programs such as ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1487 (Vulnerability in digest in AIX 4.3 allows printq users to gain root ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1488 (sdrd daemon in IBM SP2 System Data Repository (SDR) allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1489 (Buffer overflow in TestChip function in XFree86 SuperProbe in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1490 (xosview 1.5.1 in Red Hat 5.1 allows local users to gain root access ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1491 (abuse.console in Red Hat 2.1 uses relative pathnames to find and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1492 (Vulnerability in (1) diskperf and (2) diskalign in IRIX 6.4 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1493 (Vulnerability in crp in Hewlett Packard Apollo Domain OS SR10 through ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1494 (colorview in Silicon Graphics IRIX 5.1, 5.2, and 6.0 allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1495 (xtvscreen in SuSE Linux 6.0 allows local users to overwrite arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1496 (Sudo 1.5 in Debian Linux 2.1 and Red Hat 6.0 allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1497 (Ipswitch IMail 5.0 and 6.0 uses weak encryption to store passwords in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1498 (Slackware Linux 3.4 pkgtool allows local attacker to read and write to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1499 (named in ISC BIND 4.9 and 8.1 allows local users to destroy files via ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1500 (Internet Anywhere POP3 Mail Server 2.3.1 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1501 ((1) ipxchk and (2) ipxlink in SGI OS2 IRIX 6.3 does not properly clear ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1502 (Buffer overflows in Quake 1.9 client allows remote malicious servers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1503 (Network Flight Recorder (NFR) 1.5 and 1.6 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1504 (Stalker Internet Mail Server 1.6 allows a remote attacker to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1505 (Buffer overflow in QuakeWorld 2.10 allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1506 (Vulnerability in SMI Sendmail 4.0 and earlier, on SunOS up to 4.0.3, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1507 (Sun SunOS 4.1 through 4.1.3 allows local attackers to gain root access ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1508 (Web server in Tektronix PhaserLink Printer 840.0 and earlier allows a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1509 (Directory traversal vulnerability in Etype Eserv 2.50 web server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1510 (Buffer overflows in Bisonware FTP server prior to 4.1 allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1511 (Buffer overflows in Xtramail 1.11 allow attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1512 (The AMaViS virus scanner 0.2.0-pre4 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1513 (Management information base (MIB) for a 3Com SuperStack II hub running ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1514 (Buffer overflow in Celtech ExpressFS FTP server 2.x allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1515 (A non-default configuration in TenFour TFS Gateway 4.0 allows an ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1516 (A buffer overflow in TenFour TFS Gateway SMTP mail server 3.2 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1517 (runtar in the Amanda backup system used in various UNIX operating ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1518 (Operating systems with shared memory implementations based on BSD 4.4 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1519 (Gene6 G6 FTP Server 2.0 allows a remote attacker to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1520 (A configuration problem in the Ad Server Sample directory (AdSamples) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1521 (Computalynx CMail 2.4 and CMail 2.3 SP2 SMTP servers are vulnerable to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1522 (Vulnerability in htmlparse.pike in Roxen Web Server 1.3.11 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1523 (Buffer overflow in Sambar Web Server 4.2.1 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1524 (FlowPoint DSL router firmware versions prior to 3.0.8 allows a remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1525 (Macromedia Shockwave before 6.0 allows a malicious webmaster to read a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1526 (Auto-update feature of Macromedia Shockwave 7 transmits a user's ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1527 (Internal HTTP server in Sun Netbeans Java IDE in Netbeans Developer ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1528 (ProSoft Netware Client 5.12 on Macintosh MacOS 9 does not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1529 (A buffer overflow exists in the HELO command in Trend Micro ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1530 (cgiwrap as used on Cobalt RaQ 2.0 and RaQ 3i does not properly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1531 (Buffer overflow in IBM HomePagePrint 1.0.7 for Windows98J allows a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1532 (Netscape Messaging Server 3.54, 3.55, and 3.6 allows a remote attacker ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1533 (Eicon Technology Diva LAN ISDN modem allows a remote attacker to cause ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1534 (Buffer overflow in (1) nlservd and (2) rnavc in Knox Software Arkeia ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1535 (Buffer overflow in AspUpload.dll in Persits Software AspUpload before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1536 (.sbstart startup script in AcuShop Salesbuilder is world writable, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1537 (IIS 3.x and 4.x does not distinguish between pages requiring ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1538 (When IIS 2 or 3 is upgraded to IIS 4, ism.dll is inadvertently left in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1539 (Buffer overflow in FTP server in QPC Software's QVT/Term Plus versions ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1540 (shell-lock in Cactus Software Shell Lock uses weak encryption (trivial ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1541 (shell-lock in Cactus Software Shell Lock allows local users to read or ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1542 (RPMMail before 1.4 allows remote attackers to execute commands via an ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1543 (MacOS uses weak encryption for passwords that are stored in the Users ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1544 (Buffer overflow in FTP server in Microsoft IIS 3.0 and 4.0 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1545 (Joe's Own Editor (joe) 2.8 sets the world-readable permission on its ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1546 (netstation.navio-com.rte 1.1.0.1 configuration script for Navio NC on ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1547 (Oracle Web Listener 2.1 allows remote attackers to bypass access ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1548 (Cabletron SmartSwitch Router (SSR) 8000 firmware 2.x can only handle ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1549 (Lynx 2.x does not properly distinguish between internal and external ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1550 (bigconf.conf in F5 BIG/ip 2.1.2 and earlier allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1551 (Buffer overflow in Ipswitch IMail Service 5.0 allows an attacker to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1552 (dpsexec (DPS Server) when running under XDM in IBM AIX 3.2.5 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1553 (Buffer overflow in XCmail 0.99.6 with autoquote enabled allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1554 (/usr/sbin/Mail on SGI IRIX 3.3 and 3.3.1 does not properly set the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1555 (Cheyenne InocuLAN Anti-Virus Server in Inoculan 4.0 before Service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1556 (Microsoft SQL Server 6.5 uses weak encryption for the password for the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1557 (Buffer overflow in the login functions in IMAP server (imapd) in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1558 (Vulnerability in loginout in Digital OpenVMS 7.1 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1559 (Xylan OmniSwitch before 3.2.6 allows remote attackers to bypass the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1560 (Vulnerability in a script in Texas A&M University (TAMU) Tiger allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1561 (Nullsoft SHOUTcast server stores the administrative password in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1562 (gFTP FTP client 1.13, and other versions before 2.0.0, records a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1563 (Nachuatec D435 and D445 printer allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1564 (FreeBSD 3.2 and possibly other versions allows a local user to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1565 (Man2html 2.1 and earlier allows local users to overwrite arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1566 (Buffer overflow in iParty server 1.2 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1567 (Seapine Software TestTrack server allows a remote attacker to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1568 (Off-by-one error in NcFTPd FTP server before 2.4.1 allows a remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1569 (Quake 1 and NetQuake servers allow remote attackers to cause a denial ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1570 (Buffer overflow in sar for OpenServer 5.0.5 allows local users to gain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1571 (Buffer overflow in sar for SCO OpenServer 5.0.0 through 5.0.5 may ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1572 (cpio on FreeBSD 2.1.0, Debian GNU/Linux 3.0, and possibly other ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1573 (Multiple unknown vulnerabilities in the "r-cmnds" (1) remshd, (2) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1574 (Buffer overflow in the lex routines of nslookup for AIX 4.3 may allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1575 (The Kodak/Wang (1) Image Edit (imgedit.ocx), (2) Image Annotation ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1576 (Buffer overflow in Adobe Acrobat ActiveX control (pdf.ocx, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1577 (Buffer overflow in HHOpen ActiveX control (hhopen.ocx) 1.0.0.1 for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1578 (Buffer overflow in Registration Wizard ActiveX control (regwizc.dll, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1579 (The Cenroll ActiveX control (xenroll.dll) for Terminal Server Editions ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1580 (SunOS sendmail 5.59 through 5.65 uses popen to process a forwarding ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1581 (Memory leak in Simple Network Management Protocol (SNMP) agent ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1582 (By design, the "established" command on the Cisco PIX firewall allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1583 (Buffer overflow in nslookup for AIX 4.3 allows local users to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1584 (Unknown vulnerability in (1) loadmodule, and (2) modload if modload is ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1585 (The (1) rcS and (2) mountall programs in Sun Solaris 2.x, possibly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1586 (loadmodule in SunOS 4.1.x, as used by xnews, does not properly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1587 (/usr/ucb/ps in Sun Microsystems Solaris 8 and 9, and certain earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1588 (Buffer overflow in nlps_server in Sun Solaris x86 2.4, 2.5, and 2.5.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1589 (Unspecified vulnerability in crontab in IBM AIX 3.2 allows local users ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1590 (Directory traversal vulnerability in Muhammad A. Muquit wwwcount ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1591 (Microsoft Internet Information Services (IIS) server 4.0 SP4, without ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1592 (Multiple unspecified vulnerabilities in sendmail 5, as installed on ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-1593 (Windows Internet Naming Service (WINS) allows remote attackers to ...) TODO: check CVE-2000-0001 (RealMedia server allows remote attackers to cause a denial of service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0002 (Buffer overflow in ZBServer Pro 1.50 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0003 (Buffer overflow in UnixWare rtpm program allows local users to gain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0004 (ZBServer Pro allows remote attackers to read source code for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0005 (HP-UX aserver program allows local users to gain privileges via a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0006 (strace allows local users to read arbitrary files via memory mapped ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0007 (Trend Micro PC-Cillin does not restrict access to its internal proxy ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0008 (FTPPro allows local users to read sensitive information, which is ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0009 (The bna_pass program in Optivity NETarchitect uses the PATH ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0010 (WebWho+ whois.cgi program allows remote attackers to execute commands ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0011 (Buffer overflow in AnalogX SimpleServer:WWW HTTP server allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0012 (Buffer overflow in w3-msql CGI program in miniSQL package allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0013 (IRIX soundplayer program allows local users to gain privileges by ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0014 (Denial of service in Savant web server via a null character in the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0015 (CascadeView TFTP server allows local users to gain privileges via a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0016 (Buffer overflow in Internet Anywhere POP3 Mail Server allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0017 (Buffer overflow in Linux linuxconf package allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0018 (wmmon in FreeBSD allows local users to gain privileges via the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0019 (IMail POP3 daemon uses weak encryption, which allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0020 (DNS PRO allows remote attackers to conduct a denial of service via a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0021 (Lotus Domino HTTP server allows remote attackers to determine the real ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0022 (Lotus Domino HTTP server does not properly disable anonymous access ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0023 (Buffer overflow in Lotus Domino HTTP server allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0024 (IIS does not properly canonicalize URLs, potentially allowing remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0025 (IIS 4.0 and Site Server 3.0 allow remote attackers to read source code ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0026 (Buffer overflow in UnixWare i2odialogd daemon allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0027 (IBM Network Station Manager NetStation allows local users to gain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0028 (Internet Explorer 5.0 and 5.01 allows remote attackers to bypass the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0029 (UnixWare pis and mkpis commands allow local users to gain privileges ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0030 (Solaris dmispd dmi_cmd allows local users to fill up restricted disk ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0031 (The initscripts package in Red Hat Linux allows local users to gain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0032 (Solaris dmi_cmd allows local users to crash the dmispd daemon by ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0033 (InterScan VirusWall SMTP scanner does not properly scan messages with ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0034 (Netscape 4.7 records user passwords in the preferences.js file during ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0035 (resend command in Majordomo allows local users to gain privileges via ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0036 (Outlook Express 5 for Macintosh downloads attachments to HTML mail ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0037 (Majordomo wrapper allows local users to gain privileges by specifying ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0038 (glFtpD includes a default glftpd user account with a default password ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0039 (AltaVista search engine allows remote attackers to read files above ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0040 (glFtpD allows local users to gain privileges via metacharacters in the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0041 (Macintosh systems generate large ICMP datagrams in response to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0042 (Buffer overflow in CSM mail server allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0043 (Buffer overflow in CamShot WebCam HTTP server allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0044 (Macros in War FTP 1.70 and 1.67b2 allow local or remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0045 (MySQL allows local users to modify passwords for arbitrary MySQL users ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0046 (Buffer overflow in ICQ 99b 1.1.1.1 client allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0047 (Buffer overflow in Yahoo Pager/Messenger client allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0048 (get_it program in Corel Linux Update allows local users to gain root ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0049 (Buffer overflow in Winamp client allows remote attackers to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0050 (The Allaire Spectra Webtop allows authenticated users to access other ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0051 (The Allaire Spectra Configuration Wizard allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0052 (Red Hat userhelper program in the usermode package allows local users ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0053 (Microsoft Commercial Internet System (MCIS) IMAP server allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0054 (search.cgi in the SolutionScripts Home Free package allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0055 (Buffer overflow in Solaris chkperm command allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0056 (IMail IMONITOR status.cgi CGI script allows remote attackers to cause ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0057 (Cold Fusion CFCACHE tag places temporary cache files within the web ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0058 (Network HotSync program in Handspring Visor does not have ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0059 (PHP3 with safe_mode enabled does not properly filter shell ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0060 (Buffer overflow in aVirt Rover POP3 server 1.1 allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0061 (Internet Explorer 5 does not modify the security zone for a document ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0062 (The DTML implementation in the Z Object Publishing Environment (Zope) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0063 (cgiproc CGI script in Nortel Contivity HTTP server allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0064 (cgiproc CGI script in Nortel Contivity HTTP server allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0065 (Buffer overflow in InetServ 3.0 allows remote attackers to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0066 (WebSite Pro allows remote attackers to determine the real pathname of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0067 (CyberCash Merchant Connection Kit (MCK) allows local users to modify ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0068 (daynad program in Intel InBusiness E-mail Station does not require ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0069 (The recover program in Solstice Backup allows local users to restore ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0070 (NtImpersonateClientOfPort local procedure call in Windows NT 4.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0071 (IIS 4.0 allows a remote attacker to obtain the real pathname of the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0072 (Visual Casel (Vcasel) does not properly prevent users from executing ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0073 (Buffer overflow in Microsoft Rich Text Format (RTF) reader allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0074 (PowerScripts PlusMail CGI program allows remote attackers to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0075 (Super Mail Transfer Package (SMTP), later called MsgCore, has a memory ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0076 (nviboot boot script in the Debian nvi package allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0077 (The October 1998 version of the HP-UX aserver program allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0078 (The June 1999 version of the HP-UX aserver program allows local users ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0079 (The W3C CERN httpd HTTP server allows remote attackers to determine ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0080 (AIX techlibss allows local users to overwrite files via a symlink ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0081 (Hotmail does not properly filter JavaScript code from a user's ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0082 (WebTV email client allows remote attackers to force the client to send ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0083 (HP asecure creates the Audio Security File audio.sec with insecure ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0084 (CuteFTP uses weak encryption to store password information in its ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0085 (Hotmail does not properly filter JavaScript code from a user's ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0086 (Netopia Timbuktu Pro sends user IDs and passwords in cleartext, which ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0087 (Netscape Mail Notification (nsnotify) utility in Netscape Communicator ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0088 (Buffer overflow in the conversion utilities for Japanese, Korean and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0089 (The rdisk utility in Microsoft Terminal Server Edition and Windows NT ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0090 (VMWare 1.1.2 allows local users to cause a denial of service via a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0091 (Buffer overflow in vchkpw/vpopmail POP authentication package allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0092 (The BSD make program allows local users to modify files via a symlink ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0093 (An installation of Red Hat uses DES password encryption with crypt() ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0094 (procfs in BSD systems allows local users to gain root privileges by ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0095 (The PMTU discovery procedure used by HP-UX 10.30 and 11.00 for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0096 (Buffer overflow in qpopper 3.0 beta versions allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0097 (The WebHits ISAPI filter in Microsoft Index Server allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0098 (Microsoft Index Server allows remote attackers to determine the real ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0099 (Buffer overflow in UnixWare ppptalk command allows local users to gain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0100 (The SMS Remote Control program is installed with insecure permissions, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0101 (The Make-a-Store OrderPage shopping cart application allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0102 (The SalesCart shopping cart application allows remote users to modify ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0103 (The SmartCart shopping cart application allows remote users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0104 (The Shoptron shopping cart application allows remote users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0105 (Outlook Express 5.01 and Internet Explorer 5.01 allow remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0106 (The EasyCart shopping cart application allows remote users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0107 (Linux apcd program allows local attackers to modify arbitrary files ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0108 (The Intellivend shopping cart application allows remote users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0109 (The mcsp Client Site Processor system (MultiCSP) in Standard and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0110 (The WebSiteTool shopping cart application allows remote users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0111 (The RightFax web client uses predictable session numbers, which allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0112 (The default installation of Debian GNU/Linux uses an insecure Master ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0113 (The SyGate Remote Management program does not properly restrict access ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0114 (Frontpage Server Extensions allows remote attackers to determine the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0115 (IIS allows local users to cause a denial of service via invalid ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0116 (Firewall-1 does not properly filter script tags, which allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0117 (The siteUserMod.cgi program in Cobalt RaQ2 servers allows any Site ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0118 (The Red Hat Linux su program does not log failed password guesses if ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0119 (The default configurations for McAfee Virus Scan and Norton Anti-Virus ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0120 (The Remote Access Service invoke.cfm template in Allaire Spectra 1.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0121 (The Recycle Bin utility in Windows NT and Windows 2000 allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0122 (Frontpage Server Extensions allows remote attackers to determine the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0123 (The shopping cart application provided with Filemaker allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0124 (surfCONTROL SuperScout does not properly asign a category to web sites ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0125 (wwwthreads does not properly cleanse numeric data or table names that ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0126 (Sample Internet Data Query (IDQ) scripts in IIS 3 and 4 allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0127 (The Webspeed configuration program does not properly disable access to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0128 (The Finger Server 0.82 allows remote attackers to execute commands via ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0129 (Buffer overflow in the SHGetPathFromIDList function of the Serv-U FTP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0130 (Buffer overflow in SCO scohelp program allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0131 (Buffer overflow in War FTPd 1.6x allows users to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0132 (Microsoft Java Virtual Machine allows remote attackers to read ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0133 (Buffer overflows in Tiny FTPd 0.52 beta3 FTP server allows users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0134 (The Check It Out shopping cart application allows remote users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0135 (The @Retail shopping cart application allows remote users to modify ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0136 (The Cart32 shopping cart application allows remote users to modify ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0137 (The CartIt shopping cart application allows remote users to modify ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0138 (A system has a distributed denial of service (DDOS) attack master, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0139 (Internet Anywhere POP3 Mail Server allows local users to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0140 (Internet Anywhere POP3 Mail Server allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0141 (Infopop Ultimate Bulletin Board (UBB) allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0142 (The authentication protocol in Timbuktu Pro 2.0b650 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0143 (The SSH protocol server sshd allows local users without shell access ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0144 (Axis 700 Network Scanner does not properly restrict access to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0145 (The libguile.so library file used by gnucash in Debian GNU/Linux is ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0146 (The Java Server in the Novell GroupWise Web Access Enhancement Pack ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0147 (snmpd in SCO OpenServer has an SNMP community string that is writable ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0148 (MySQL 3.22 allows remote attackers to bypass password authentication ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0149 (Zeus web server allows remote attackers to view the source code for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0150 (Check Point Firewall-1 allows remote attackers to bypass port access ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0151 (GNU make follows symlinks when it reads a Makefile from stdin, which ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0152 (Remote attackers can cause a denial of service in Novell BorderManager ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0153 (FrontPage Personal Web Server (PWS) allows remote attackers to read ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0154 (The ARCserve agent in UnixWare allows local attackers to modify ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0155 (Windows NT Autorun executes the autorun.inf file on non-removable ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0156 (Internet Explorer 4.x and 5.x allows remote web servers to access ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0157 (NetBSD ptrace call on VAX allows local users to gain privileges by ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0158 (Buffer overflow in MMDF server allows remote attackers to gain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0159 (HP Ignite-UX does not save /etc/passwd when it creates an image of a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0160 (The Microsoft Active Setup ActiveX component in Internet Explorer 4.x ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0161 (Sample web sites on Microsoft Site Server 3.0 Commerce Edition do not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0162 (The Microsoft virtual machine (VM) in Internet Explorer 4.x and 5.x ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0163 (asmon and ascpu in FreeBSD allow local users to gain root privileges ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0164 (The installation of Sun Internet Mail Server (SIMS) creates a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0165 (The Delegate application proxy has several buffer overflows which ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0166 (Buffer overflow in the InterAccess telnet server TelnetD allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0167 (IIS Inetinfo.exe allows local users to cause a denial of service by ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0168 (Microsoft Windows 9x operating systems allow an attacker to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0169 (Batch files in the Oracle web listener ows-bin directory allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0170 (Buffer overflow in the man program in Linux allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0171 (atsadc in the atsar package for Linux does not properly check the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0172 (The mtr program only uses a seteuid call when attempting to drop ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0173 (Vulnerability in the EELS system in SCO UnixWare 7.1.x allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0174 (StarOffice StarScheduler web server allows remote attackers to read ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0175 (Buffer overflow in StarOffice StarScheduler web server allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0176 (The default configuration of Serv-U 2.5d and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0177 (DNSTools CGI applications allow remote attackers to execute arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0178 (ServerIron switches by Foundry Networks have predictable TCP/IP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0179 (HP OpenView OmniBack 2.55 allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0180 (Sojourn search engine allows remote attackers to read arbitrary files ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0181 (Firewall-1 3.0 and 4.0 leaks packets with private IP address ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0182 (iPlanet Web Server 4.1 allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0183 (Buffer overflow in ircII 4.4 IRC client allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0184 (Linux printtool sets the permissions of printer configuration files to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0185 (RealMedia RealServer reveals the real IP address of a Real Server, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0186 (Buffer overflow in the dump utility in the Linux ext2fs backup package ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0187 (EZShopper 3.0 loadpage.cgi CGI script allows remote attackers to read ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0188 (EZShopper 3.0 search.cgi CGI script allows remote attackers to read ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0189 (ColdFusion Server 4.x allows remote attackers to determine the real ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0190 (AOL Instant Messenger (AIM) client allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0191 (Axis StorPoint CD allows remote attackers to access administrator URLs ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0192 (The default installation of Caldera OpenLinux 2.3 includes the CGI ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0193 (The default configuration of Dosemu in Corel Linux 1.0 allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0194 (buildxconf in Corel Linux allows local users to modify or create ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0195 (setxconf in Corel Linux allows local users to gain root access via the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0196 (Buffer overflow in mhshow in the Linux nmh package allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0197 (The Windows NT scheduler uses the drive mapping of the interactive ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0198 (Buffer overflow in POP3 and IMAP servers in the MERCUR mail server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0199 (When a new SQL Server is registered in Enterprise Manager for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0200 (Buffer overflow in Microsoft Clip Art Gallery allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0201 (The window.showHelp() method in Internet Explorer 5.x does not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0202 (Microsoft SQL Server 7.0 and Microsoft Data Engine (MSDE) 1.0 allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0203 (The Trend Micro OfficeScan client tmlisten.exe allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0204 (The Trend Micro OfficeScan client allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0205 (Trend Micro OfficeScan allows remote attackers to replay ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0206 (The installation of Oracle 8.1.5.x on Linux follows symlinks and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0207 (SGI InfoSearch CGI program infosrch.cgi allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0208 (The htdig (ht://Dig) CGI program htsearch allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0209 (Buffer overflow in Lynx 2.x allows remote attackers to crash Lynx and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0210 (The lit program in Sun Flex License Manager (FlexLM) follows symlinks, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0211 (The Windows Media server allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0212 (InterAccess TelnetID Server 4.0 allows remote attackers to conduct a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0213 (The Sambar server includes batch files ECHO.BAT and HELLO.BAT in the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0214 (FTP Explorer uses weak encryption for storing the username, password, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0215 (Vulnerability in SCO cu program in UnixWare 7.x allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0216 (Microsoft email clients in Outlook, Exchange, and Windows Messaging ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0217 (The default configuration of SSH allows X forwarding, which could ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0218 (Buffer overflow in Linux mount and umount allows local users to gain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0219 (Red Hat 6.0 allows local users to gain root access by booting single ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0220 (ZoneAlarm sends sensitive system and network information in cleartext ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0221 (The Nautica Marlin bridge allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0222 (The installation for Windows 2000 does not activate the Administrator ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0223 (Buffer overflow in the wmcdplay CD player program for the WindowMaker ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0224 (ARCserve agent in SCO UnixWare 7.x allows local attackers to gain root ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0225 (The Pocsag POC32 program does not properly prevent remote users from ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0226 (IIS 4.0 allows attackers to cause a denial of service by requesting a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0227 (The Linux 2.2.x kernel does not restrict the number of Unix domain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0228 (Microsoft Windows Media License Manager allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0229 (gpm-root in the gpm package does not properly drop privileges, which ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0230 (Buffer overflow in imwheel allows local users to gain root privileges ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0231 (Linux kreatecd trusts a user-supplied path that is used to find the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0232 (Microsoft TCP/IP Printing Services, aka Print Services for Unix, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0233 (SuSE Linux IMAP server allows remote attackers to bypass IMAP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0234 (The default configuration of Cobalt RaQ2 and RaQ3 as specified in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0235 (Buffer overflow in the huh program in the orville-write package allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0236 (Netscape Enterprise Server with Directory Indexing enabled allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0237 (Netscape Enterprise Server with Web Publishing enabled allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0238 (Buffer overflow in the web server for Norton AntiVirus for Internet ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0239 (Buffer overflow in the MERCUR WebView WebMail server allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0240 (vqSoft vqServer program allows remote attackers to read arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0241 (vqSoft vqServer stores sensitive information such as passwords in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0242 (WindMail allows remote attackers to read arbitrary files or execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0243 (AnalogX SimpleServer:WWW HTTP server 1.03 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0244 (The Citrix ICA (Independent Computing Architecture) protocol uses weak ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0245 (Vulnerability in SGI IRIX objectserver daemon allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0246 (IIS 4.0 and 5.0 does not properly perform ISAPI extension processing ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0247 (Unknown vulnerability in Generic-NQS (GNQS) allows local users to gain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0248 (The web GUI for the Linux Virtual Server (LVS) software in the Red Hat ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0249 (The AIX Fast Response Cache Accelerator (FRCA) allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0250 (The crypt function in QNX uses weak encryption, which allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0251 (HP-UX 11.04 VirtualVault (VVOS) sends data to unprivileged processes ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0252 (The dansie shopping cart application cart.pl allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0253 (The dansie shopping cart application cart.pl allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0254 (The dansie shopping cart application cart.pl allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0255 (The Nbase-Xyplex EdgeBlaster router allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0256 (Buffer overflows in htimage.exe and Imagemap.exe in FrontPage 97 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0257 (Buffer overflow in the NetWare remote web administration utility ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0258 (IIS 4.0 and 5.0 allows remote attackers to cause a denial of service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0259 (The default permissions for the Cryptography\Offload registry key used ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0260 (Buffer overflow in the dvwssr.dll DLL in Microsoft Visual Interdev 1.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0261 (The AVM KEN! web server allows remote attackers to read arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0262 (The AVM KEN! ISDN Proxy server allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0263 (The X font server xfs in Red Hat Linux 6.x allows an attacker to cause ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0264 (Panda Security 3.0 with registry editing disabled allows users to edit ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0265 (Panda Security 3.0 allows users to uninstall the Panda software via ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0266 (Internet Explorer 5.01 allows remote attackers to bypass the cross ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0267 (Cisco Catalyst 5.4.x allows a user to gain access to the "enable" mode ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0268 (Cisco IOS 11.x and 12.x allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0269 (Emacs 20 does not properly set permissions for a slave PTY device when ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0270 (The make-temp-name Lisp function in Emacs 20 creates temporary files ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0271 (read-passwd and other Lisp functions in Emacs 20 do not properly clear ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0272 (RealNetworks RealServer allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0273 (PCAnywhere allows remote attackers to cause a denial of service by ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0274 (The Linux trustees kernel patch allows attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0275 (CRYPTOCard CryptoAdmin for PalmOS uses weak encryption to store a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0276 (BeOS 4.5 and 5.0 allow local users to cause a denial of service via ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0277 (Microsoft Excel 97 and 2000 does not warn the user when executing ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0278 (The SalesLogix Eviewer allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0279 (BeOS allows remote attackers to cause a denial of service via ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0280 (Buffer overflow in the RealNetworks RealPlayer client versions 6 and 7 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0281 (Buffer overflow in the Napster client beta 5 allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0282 (TalentSoft webpsvr daemon in the Web+ shopping cart application allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0283 (The default installation of IRIX Performance Copilot allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0284 (Buffer overflow in University of Washington imapd version 4.7 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0285 (Buffer overflow in XFree86 3.3.x allows local users to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0286 (X fontserver xfs allows local users to cause a denial of service via ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0287 (The BizDB CGI script bizdb-search.cgi allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0288 (Infonautics getdoc.cgi allows remote attackers to bypass the payment ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0289 (IP masquerading in Linux 2.2.x allows remote attackers to route UDP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0290 (Buffer overflow in Webstar HTTP server allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0291 (Buffer overflow in Star Office 5.1 allows attackers to cause a denial ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0292 (The Adtran MX2800 M13 Multiplexer allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0293 (aaa_base in SuSE Linux 6.3, and cron.daily in earlier versions, allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0294 (Buffer overflow in healthd for FreeBSD allows local users to gain root ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0295 (Buffer overflow in LCDproc allows remote attackers to gain root ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0296 (fcheck allows local users to gain privileges by embedding shell ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0297 (Allaire Forums 2.0.5 allows remote attackers to bypass access ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0298 (The unattended installation of Windows 2000 with the OEMPreinstall ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0299 (Buffer overflow in WebObjects.exe in the WebObjects Developer 4.5 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0300 (The default encryption method of PcAnywhere 9.x uses weak encryption, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0301 (Ipswitch IMAIL server 6.02 and earlier allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0302 (Microsoft Index Server allows remote attackers to view the source code ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0303 (Quake3 Arena allows malicious server operators to read or modify ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0304 (Microsoft IIS 4.0 and 5.0 with the IISADMPWD virtual directory ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0305 (Windows 95, Windows 98, Windows 2000, Windows NT 4.0, and Terminal ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0306 (Buffer overflow in calserver in SCO OpenServer allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0307 (Vulnerability in xserver in SCO UnixWare 2.1.x and OpenServer 5.05 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0308 (Insecure file permissions for Netscape FastTrack Server 2.x, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0309 (The i386 trace-trap handling in OpenBSD 2.4 with DDB enabled allows a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0310 (IP fragment assembly in OpenBSD 2.4 allows a remote attacker to cause ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0311 (The Windows 2000 domain controller allows a malicious user to modify ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0312 (cron in OpenBSD 2.5 allows local users to gain root privileges via an ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0313 (Vulnerability in OpenBSD 2.6 allows a local user to change interface ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0314 (traceroute in NetBSD 1.3.3 and Linux systems allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0315 (traceroute in NetBSD 1.3.3 and Linux systems allows local unprivileged ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0316 (Buffer overflow in Solaris 7 lp allows local users to gain root ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0317 (Buffer overflow in Solaris 7 lpset allows local users to gain root ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0318 (Atrium Mercur Mail Server 3.2 allows local attackers to read other ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0319 (mail.local in Sendmail 8.10.x does not properly identify the .\n ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0320 (Qpopper 2.53 and 3.0 does not properly identify the \n string which ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0321 (Buffer overflow in IC Radius package allows a remote attacker to cause ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0322 (The passwd.php3 CGI script in the Red Hat Piranha Virtual Server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0323 (The Microsoft Jet database engine allows an attacker to modify text ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0324 (pcAnywhere 8.x and 9.0 allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0325 (The Microsoft Jet database engine allows an attacker to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0326 (Meeting Maker uses weak encryption (a polyalphabetic substitution ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0327 (Microsoft Virtual Machine (VM) allows remote attackers to escape the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0328 (Windows NT 4.0 generates predictable random TCP initial sequence ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0329 (A Microsoft ActiveX control allows a remote attacker to execute a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0330 (The networking software in Windows 95 and Windows 98 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0331 (Buffer overflow in Microsoft command processor (CMD.EXE) for Windows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0332 (UltraBoard.pl or UltraBoard.cgi CGI scripts in UltraBoard 1.6 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0333 (tcpdump, Ethereal, and other sniffer packages allow remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0334 (The Allaire Spectra container editor preview tool does not properly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0335 (The resolver in glibc 2.1.3 uses predictable IDs, which allows a local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0336 (Linux OpenLDAP server allows local users to modify arbitrary files via ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0337 (Buffer overflow in Xsun X server in Solaris 7 allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0338 (Concurrent Versions Software (CVS) uses predictable temporary file ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0339 (ZoneAlarm 2.1.10 and earlier does not filter UDP packets with a source ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0340 (Buffer overflow in Gnomelib in SuSE Linux 6.3 allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0341 (ATRIUM Cassandra NNTP Server 1.10 allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0342 (Eudora 4.x allows remote attackers to bypass the user warning for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0343 (Buffer overflow in Sniffit 0.3.x with the -L logging option enabled ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0344 (The knfsd NFS server in Linux kernel 2.2.x allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0345 (The on-line help system options in Cisco routers allows non-privileged ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0346 (AppleShare IP 6.1 and later allows a remote attacker to read ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0347 (Windows 95 and Windows 98 allow a remote attacker to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0348 (A vulnerability in the Sendmail configuration file sendmail.cf as ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0349 (Vulnerability in the passthru driver in SCO UnixWare 7.1.0 allows an ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0350 (A debugging feature in NetworkICE ICEcap 2.0.23 and earlier is ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0351 (Some packaging commands in SCO UnixWare 7.1.0 have insecure ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0352 (Pine before version 4.21 does not properly filter shell metacharacters ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0353 (Pine 4.x allows a remote attacker to execute arbitrary commands via an ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0354 (mirror 2.8.x in Linux systems allows remote attackers to create files ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0355 (pg and pb in SuSE pbpg 1.x package allows an attacker to read ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0356 (Pluggable Authentication Modules (PAM) in Red Hat Linux 6.1 does not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0357 (ORBit and esound in Red Hat Linux 6.1 do not use sufficiently random ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0358 (ORBit and gnome-session in Red Hat Linux 6.1 allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0359 (Buffer overflow in Trivial HTTP (THTTPd) allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0360 (Buffer overflow in INN 2.2.1 and earlier allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0361 (The PPP wvdial.lxdialog script in wvdial 1.4 and earlier creates a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0362 (Buffer overflows in Linux cdwtools 093 and earlier allows local users ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0363 (Linux cdwtools 093 and earlier allows local users to gain root ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0364 (screen and rxvt in Red Hat Linux 6.0 do not properly set the modes of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0365 (Red Hat Linux 6.0 installs the /dev/pts file system with insecure ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0366 (dump in Debian GNU/Linux 2.1 does not properly restore symlinks, which ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0367 (Vulnerability in eterm 0.8.8 in Debian GNU/Linux allows an attacker to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0368 (Classic Cisco IOS 9.1 and later allows attackers with access to the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0369 (The IDENT server in Caldera Linux 2.3 creates multiple threads for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0370 (The debug option in Caldera Linux smail allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0371 (The libmediatool library used for the KDE mediatool allows local users ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0372 (Vulnerability in Caldera rmt command in the dump package 0.4b4 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0373 (Vulnerabilities in the KDE kvt terminal program allow local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0374 (The default configuration of kdm in Caldera and Mandrake Linux, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0375 (The kernel in FreeBSD 3.2 follows symbolic links when it creates core ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0376 (Buffer overflow in the HTTP proxy server for the i-drive Filo software ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0377 (The Remote Registry server in Windows NT 4.0 allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0378 (The pam_console PAM module in Linux systems performs a chown on ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0379 (The Netopia R9100 router does not prevent authenticated users from ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0380 (The IOS HTTP service in Cisco routers and switches running IOS 11.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0381 (The Gossamer Threads DBMan db.cgi CGI script allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0382 (ColdFusion ClusterCATS appends stale query string arguments to a URL ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0383 (The file transfer component of AOL Instant Messenger (AIM) reveals the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0384 (NetStructure 7110 and 7180 have undocumented accounts (servnow, root, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0385 (FileMaker Pro 5 Web Companion allows remote attackers to bypass ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0386 (FileMaker Pro 5 Web Companion allows remote attackers to send ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0387 (The makelev program in the golddig game from the FreeBSD ports ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0388 (Buffer overflow in FreeBSD libmytinfo library allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0389 (Buffer overflow in krb_rd_req function in Kerberos 4 and 5 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0390 (Buffer overflow in krb425_conv_principal function in Kerberos 5 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0391 (Buffer overflow in krshd in Kerberos 5 allows remote attackers to gain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0392 (Buffer overflow in ksu in Kerberos 5 allows local users to gain root ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0393 (The KDE kscd program does not drop privileges when executing a program ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0394 (NetProwler 3.0 allows remote attackers to cause a denial of service by ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0395 (Buffer overflow in CProxy 3.3 allows remote users to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0396 (The add.exe program in the Carello shopping cart software allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0397 (The EMURL web-based email account software encodes predictable ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0398 (Buffer overflow in wconsole.dll in Rockliffe MailSite Management Agent ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0399 (Buffer overflow in MDaemon POP server allows remote attackers to cause ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0400 (The Microsoft Active Movie ActiveX Control in Internet Explorer 5 does ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0401 (Buffer overflows in redirect.exe and changepw.exe in PDGSoft shopping ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0402 (The Mixed Mode authentication capability in Microsoft SQL Server 7.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0403 (The CIFS Computer Browser service on Windows NT 4.0 allows a remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0404 (The CIFS Computer Browser service allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0405 (Buffer overflow in L0pht AntiSniff allows remote attackers to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0406 (Netscape Communicator before version 4.73 and Navigator 4.07 do not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0407 (Buffer overflow in Solaris netpr program allows local users to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0408 (IIS 4.05 and 5.0 allow remote attackers to cause a denial of service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0409 (Netscape 4.73 and earlier follows symlinks when it imports a new ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0410 (ColdFusion Server 4.5.1 allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0411 (Matt Wright's FormMail CGI script allows remote attackers to obtain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0412 (The gnapster and knapster clients for Napster do not properly restrict ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0413 (The shtml.exe program in the FrontPage extensions package of IIS 4.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0414 (Vulnerability in shutdown command for HP-UX 11.X and 10.X allows allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0415 (Buffer overflow in Outlook Express 4.x allows attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0416 (NTMail 5.x allows network users to bypass the NTMail proxy ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0417 (The HTTP administration interface to the Cayman 3220-H DSL router ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0418 (The Cayman 3220-H DSL router allows remote attackers to cause a denial ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0419 (The Office 2000 UA ActiveX Control is marked as "safe for scripting," ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0420 (The default configuration of SYSKEY in Windows 2000 stores the startup ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0421 (The process_bug.cgi script in Bugzilla allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0422 (Buffer overflow in Netwin DMailWeb CGI program allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0423 (Buffer overflow in Netwin DNEWSWEB CGI program allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0424 (The CGI counter 4.0.7 by George Burgyan allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0425 (Buffer overflow in the Web Archives component of L-Soft LISTSERV 1.8 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0426 (UltraBoard 1.6 and other versions allow remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0427 (The Aladdin Knowledge Systems eToken device allows attackers with ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0428 (Buffer overflow in the SMTP gateway for InterScan Virus Wall 3.32 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0429 (A backdoor password in Cart32 3.0 and earlier allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0430 (Cart32 allows remote attackers to access sensitive debugging ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0431 (Cobalt RaQ2 and RaQ3 does not properly set the access permissions and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0432 (The calender.pl and the calendar_admin.pl calendar scripts by Matt ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0433 (The SuSE aaa_base package installs some system accounts with home ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0434 (The administrative password for the Allmanage web site administration ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0435 (The allmanageup.pl file upload CGI script in the Allmanage Website ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0436 (MetaProducts Offline Explorer 1.2 and earlier allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0437 (Buffer overflow in the CyberPatrol daemon "cyberdaemon" used in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0438 (Buffer overflow in fdmount on Linux systems allows local users in the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0439 (Internet Explorer 4.0 and 5.0 allows a malicious web site to obtain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0440 (NetBSD 1.4.2 and earlier allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0441 (Vulnerability in AIX 3.2.x and 4.x allows local users to gain write ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0442 (Qpopper 2.53 and earlier allows local users to gain privileges via a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0443 (The web interface server in HP Web JetAdmin 5.6 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0444 (HP Web JetAdmin 6.0 allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0445 (The pgpk command in PGP 5.x on Unix systems uses an insufficiently ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0446 (Buffer overflow in MDBMS database server allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0447 (Buffer overflow in WebShield SMTP 4.5.44 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0448 (The WebShield SMTP Management Tool version 4.5.44 does not properly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0449 (Omnis Studio 2.4 uses weak encryption (trivial encoding) for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0450 (Vulnerability in bbd server in Big Brother System and Network Monitor ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0451 (The Intel express 8100 ISDN router allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0452 (Buffer overflow in the ESMTP service of Lotus Domino Server 5.0.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0453 (XFree86 3.3.x and 4.0 allows a user to cause a denial of service via a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0454 (Buffer overflow in Linux cdrecord allows local users to gain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0455 (Buffer overflow in xlockmore xlock program version 4.16 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0456 (NetBSD 1.4.2 and earlier allows local users to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0457 (ISM.DLL in IIS 4.0 and 5.0 allows remote attackers to read file ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0458 (The MSWordView application in IMP creates world-readable files in the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0459 (IMP does not remove files properly if the MSWordView application ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0460 (Buffer overflow in KDE kdesud on Linux allows local uses to gain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0461 (The undocumented semconfig system call in BSD freezes the state of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0462 (ftpd in NetBSD 1.4.2 does not properly parse entries in /etc/ftpchroot ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0463 (BeOS 5.0 allows remote attackers to cause a denial of service via ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0464 (Internet Explorer 4.x and 5.x allows remote attackers to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0465 (Internet Explorer 4.x and 5.x does properly verify the domain of a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0466 (AIX cdmount allows local users to gain root privileges via shell ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0467 (Buffer overflow in Linux splitvt 1.6.3 and earlier allows local users ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0468 (man in HP-UX 10.20 and 11 allows local attackers to overwrite files ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0469 (Selena Sol WebBanner 4.0 allows remote attackers to read arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0470 (Allegro RomPager HTTP server allows remote attackers to cause a denial ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0471 (Buffer overflow in ufsrestore in Solaris 8 and earlier allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0472 (Buffer overflow in innd 2.2.2 allows remote attackers to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0473 (Buffer overflow in AnalogX SimpleServer 1.05 allows a remote attacker ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0474 (Real Networks RealServer 7.x allows remote attackers to cause a denial ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0475 (Windows 2000 allows a local user process to access another user's ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0476 (xterm, Eterm, and rxvt allow an attacker to cause a denial of service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0477 (Buffer overflow in Norton Antivirus for Exchange (NavExchange) allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0478 (In some cases, Norton Antivirus for Exchange (NavExchange) enters a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0479 (Dragon FTP server allows remote attackers to cause a denial of service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0480 (Dragon telnet server allows remote attackers to cause a denial of service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0481 (Buffer overflow in KDE Kmail allows a remote attacker to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0482 (Check Point Firewall-1 allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0483 (The DocumentTemplate package in Zope 2.2 and earlier allows a remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0484 (Buffer overflow in Small HTTP Server allows remote attackers to cause ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0485 (Microsoft SQL Server allows local users to obtain database passwords ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0486 (Buffer overflow in Cisco TACACS+ tac_plus server allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0487 (The Protected Store in Windows 2000 does not properly select the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0488 (Buffer overflow in ITHouse mail server 1.04 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0489 (FreeBSD, NetBSD, and OpenBSD allow an attacker to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0490 (Buffer overflow in the NetWin DSMTP 2.7q in the NetWin dmail package ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0491 (Buffer overflow in the XDMCP parsing code of GNOME gdm, KDE kdm, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0492 (PassWD 1.2 uses weak encryption (trivial encoding) to store passwords, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0493 (Buffer overflow in Simple Network Time Sync (SMTS) daemon allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0494 (Veritas Volume Manager creates a world writable .server_pids file, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0495 (Microsoft Windows Media Encoder allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0497 (IBM WebSphere server 3.0.2 allows a remote attacker to view source ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0498 (Unify eWave ServletExec allows a remote attacker to view source code ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0499 (The default configuration of BEA WebLogic 3.1.8 through 4.5.1 allows a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0500 (The default configuration of BEA WebLogic 5.1.0 allows a remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0501 (Race condition in MDaemon 2.8.5.0 POP server allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0502 (Mcafee VirusScan 4.03 does not properly restrict access to the alert ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0503 (The IFRAME of the WebBrowser control in Internet Explorer 5.01 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0504 (libICE in XFree86 allows remote attackers to cause a denial of service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0505 (The Apache 1.3.x HTTP server for Windows platforms allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0506 (The "capabilities" feature in Linux before 2.2.16 allows local users ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0507 (Imate Webmail Server 2.5 allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0508 (rpc.lockd in Red Hat Linux 6.1 and 6.2 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0509 (Buffer overflows in the finger and whois demonstration scripts in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0510 (CUPS (Common Unix Printing System) 1.04 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0511 (CUPS (Common Unix Printing System) 1.04 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0512 (CUPS (Common Unix Printing System) 1.04 and earlier does not properly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0513 (CUPS (Common Unix Printing System) 1.04 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0514 (GSSFTP FTP daemon in Kerberos 5 1.1.x does not properly restrict ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0515 (The snmpd.conf configuration file for the SNMP daemon (snmpd) in HP-UX ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0516 (When configured to store configuration information in an LDAP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0517 (Netscape 4.73 and earlier does not properly warn users about a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0518 (Internet Explorer 4.x and 5.x does not properly verify all contents of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0519 (Internet Explorer 4.x and 5.x does not properly re-validate an SSL ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0520 (Buffer overflow in restore program 0.4b17 and earlier in dump package ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0521 (Savant web server allows remote attackers to read source code of CGI ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0522 (RSA ACE/Server allows remote attackers to cause a denial of service by ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0523 (Buffer overflow in the logging feature of EServ 2.9.2 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0524 (Microsoft Outlook and Outlook Express allow remote attackers to cause ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0525 (OpenSSH does not properly drop privileges when the UseLogin option is ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0526 (mailview.cgi CGI program in MailStudio 2000 2.0 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0527 (userreg.cgi CGI program in MailStudio 2000 2.0 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0528 (Net Tools PKI Server does not properly restrict access to remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0529 (Net Tools PKI Server allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0530 (The KApplication class in the KDE 1.1.2 configuration file management ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0531 (Linux gpm program allows local users to cause a denial of service by ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0532 (A FreeBSD patch for SSH on 2000-01-14 configures ssh to listen on port ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0533 (Vulnerability in cvconnect in SGI IRIX WorkShop allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0534 (The apsfilter software in the FreeBSD ports package does not properly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0535 (OpenSSL 0.9.4 and OpenSSH for FreeBSD do not properly check for the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0536 (xinetd 2.1.8.x does not properly restrict connections if hostnames are ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0537 (BRU backup software allows local users to append data to arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0538 (ColdFusion Administrator for ColdFusion 4.5.1 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0539 (Servlet examples in Allaire JRun 2.3.x allow remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0540 (JSP sample files in Allaire JRun 2.3.x allow remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0541 (The Panda Antivirus console on port 2001 allows local users to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0542 (Tigris remote access server before 11.5.4.22 does not properly record ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0543 (The command port for PGP Certificate Server 2.5.0 and 2.5.1 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0544 (Windows NT and Windows 2000 hosts allow a remote attacker to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0545 (Buffer overflow in mailx mail command (aka Mail) on Linux systems ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0546 (Buffer overflow in Kerberos 4 KDC program allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0547 (Buffer overflow in Kerberos 4 KDC program allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0548 (Buffer overflow in Kerberos 4 KDC program allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0549 (Kerberos 4 KDC program does not properly check for null termination of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0550 (Kerberos 4 KDC program improperly frees memory twice (aka ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0551 (The file transfer mechanism in Danware NetOp 6.0 does not provide ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0552 (ICQwebmail client for ICQ 2000A creates a world readable temporary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0553 (Race condition in IPFilter firewall 3.4.3 and earlier, when configured ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0554 (Ceilidh allows remote attackers to obtain the real path of the Ceilidh ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0555 (Ceilidh allows remote attackers to cause a denial of service via a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0556 (Buffer overflow in the web interface for Cmail 2.4.7 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0557 (Buffer overflow in the web interface for Cmail 2.4.7 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0558 (Buffer overflow in HP Openview Network Node Manager 6.1 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0559 (eTrust Intrusion Detection System (formerly SessionWall-3) uses weak ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0561 (Buffer overflow in WebBBS 1.15 allows remote attackers to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0562 (BlackIce Defender 2.1 and earlier, and BlackIce Pro 2.0.23 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0563 (The URLConnection function in MacOS Runtime Java (MRJ) 2.1 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0564 (The guestbook CGI program in ICQ Web Front service for ICQ 2000a, 99b, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0565 (SmartFTP Daemon 0.2 allows a local user to access arbitrary files by ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0566 (makewhatis in Linux man package allows local users to overwrite files ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0567 (Buffer overflow in Microsoft Outlook and Outlook Express allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0568 (Sybergen Secure Desktop 2.1 does not properly protect against false ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0569 (Sybergen Sygate allows remote attackers to cause a denial of service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0570 (FirstClass Internet Services server 5.770, and other versions before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0571 (LocalWEB HTTP server 1.2.0 allows remote attackers to cause a denial ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0572 (The Razor configuration management tool uses weak encryption for its ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0573 (The lreply function in wu-ftpd 2.6.0 and earlier does not properly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0574 (FTP servers such as OpenBSD ftpd, NetBSD ftpd, ProFTPd and Opieftpd do ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0575 (SSH 1.2.27 with Kerberos authentication support stores Kerberos ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0576 (Oracle Web Listener for AIX versions 4.0.7.0.0 and 4.0.8.1.0 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0577 (Netscape Professional Services FTP Server 1.3.6 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0578 (SGI MIPSPro compilers C, C++, F77 and F90 generate temporary files in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0579 (IRIX crontab creates temporary files with predictable file names and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0580 (Windows 2000 Server allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0581 (Windows 2000 Telnet Server allows remote attackers to cause a denial ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0582 (Check Point FireWall-1 4.0 and 4.1 allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0583 (vchkpw program in vpopmail before version 4.8 does not properly cleanse ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0584 (Buffer overflow in Canna input system allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0585 (ISC DHCP client program dhclient allows remote attackers to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0586 (Buffer overflow in Dalnet IRC server 4.6.5 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0587 (The privpath directive in glftpd 1.18 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0588 (SawMill 5.0.21 CGI program allows remote attackers to read the first ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0589 (SawMill 5.0.21 uses weak encryption to store passwords, which allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0590 (Poll It 2.0 CGI script allows remote attackers to read arbitrary files ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0591 (Novell BorderManager 3.0 and 3.5 allows remote attackers to bypass URL ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0592 (Buffer overflows in POP3 service in WinProxy 2.0 and 2.0.1 allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0593 (WinProxy 2.0 and 2.0.1 allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0594 (BitchX IRC client does not properly cleanse an untrusted format ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0595 (libedit searches for the .editrc file in the current directory instead ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0596 (Internet Explorer 5.x does not warn a user before opening a Microsoft ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0597 (Microsoft Office 2000 (Excel and PowerPoint) and PowerPoint 97 are ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0598 (Fortech Proxy+ allows remote attackers to bypass access restrictions ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0599 (Buffer overflow in iMesh 1.02 allows remote attackers to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0600 (Netscape Enterprise Server in NetWare 5.1 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0601 (LeafChat 1.7 IRC client allows a remote IRC server to cause a denial ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0602 (Secure Locate (slocate) in Red Hat Linux allows local users to gain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0603 (Microsoft SQL Server 7.0 allows a local user to bypass permissions for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0604 (gkermit in Red Hat Linux is improperly installed with setgid uucp, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0605 (Blackboard CourseInfo 4.0 stores the local and SQL administrator user ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0606 (Buffer overflow in kon program in Kanji on Console (KON) package on ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0607 (Buffer overflow in fld program in Kanji on Console (KON) package on ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0608 (NetWin dMailWeb and cwMail 2.6i and earlier allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0609 (NetWin dMailWeb and cwMail 2.6g and earlier allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0610 (NetWin dMailWeb and cwMail 2.6g and earlier allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0611 (The default configuration of NetWin dMailWeb and cwMail trusts all POP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0612 (Windows 95 and Windows 98 do not properly process spoofed ARP packets, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0613 (Cisco Secure PIX Firewall does not properly identify forged TCP Reset ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0614 (Tnef program in Linux systems allows remote attackers to overwrite ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0615 (LPRng 3.6.x improperly installs lpd as setuid root, which can allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0616 (Vulnerability in HP TurboIMAGE DBUTIL allows local users to gain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0617 (Buffer overflow in xconq and cconq game programs on Red Hat Linux ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0618 (Buffer overflow in xconq and cconq game programs on Red Hat Linux ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0619 (Top Layer AppSwitch 2500 allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0620 (libX11 X library allows remote attackers to cause a denial of service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0621 (Microsoft Outlook 98 and 2000, and Outlook Express 4.0x and 5.0x, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0622 (Buffer overflow in Webfind CGI program in O'Reilly WebSite ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0623 (Buffer overflow in O'Reilly WebSite Professional web server 2.4 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0624 (Buffer overflow in Winamp 2.64 and earlier allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0625 (NetZero 3.0 and earlier uses weak encryption for storing a user's ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0626 (Buffer overflow in Alibaba web server allows remote attackers to cause ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0627 (BlackBoard CourseInfo 4.0 does not properly authenticate users, which ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0628 (The source.asp example script in the Apache ASP module Apache::ASP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0629 (The default configuration of the Sun Java web server 2.0 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0630 (IIS 4.0 and 5.0 allows remote attackers to obtain fragments of source ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0631 (An administrative script from IIS 3.0, later included in IIS 4.0 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0632 (Buffer overflow in the web archive component of L-Soft Listserv 1.8d ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0633 (Vulnerability in Mandrake Linux usermode package allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0634 (The web administration interface for CommuniGate Pro 3.2.5 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0635 (The view_page.html sample page in the MiniVend shopping cart program ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0636 (HP JetDirect printers versions G.08.20 and H.08.20 and earlier allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0637 (Microsoft Excel 97 and 2000 allows an attacker to execute arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0638 (bb-hostsvc.sh in Big Brother 1.4h1 and earlier allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0639 (The default configuration of Big Brother 1.4h2 and earlier does not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0640 (Guild FTPd allows remote attackers to determine the existence of files ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0641 (Savant web server allows remote attackers to execute arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0642 (The default configuration of WebActive HTTP Server 1.00 stores the web ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0643 (Buffer overflow in WebActive HTTP Server 1.00 allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0644 (WFTPD and WFTPD Pro 2.41 allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0645 (WFTPD and WFTPD Pro 2.41 allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0646 (WFTPD and WFTPD Pro 2.41 allows remote attackers to obtain the real ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0647 (WFTPD and WFTPD Pro 2.41 allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0648 (WFTPD and WFTPD Pro 2.41 allows local users to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0649 (IIS 4.0 allows remote attackers to obtain the internal IP address of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0650 (The default installation of VirusScan 4.5 and NetShield 4.5 has ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0651 (The ClientTrust program in Novell BorderManager does not properly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0652 (IBM WebSphere allows remote attackers to read source code for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0653 (Microsoft Outlook Express allows remote attackers to monitor a user's ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0654 (Microsoft Enterprise Manager allows local users to obtain database ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0655 (Netscape Communicator 4.73 and earlier allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0656 (Buffer overflow in AnalogX proxy server 4.04 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0657 (Buffer overflow in AnalogX proxy server 4.04 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0658 (Buffer overflow in AnalogX proxy server 4.04 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0659 (Buffer overflow in AnalogX proxy server 4.04 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0660 (The WDaemon web server for WorldClient 2.1 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0661 (WircSrv IRC Server 5.07s allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0662 (Internet Explorer 5.x and Microsoft Outlook allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0663 (The registry entry for the Windows Shell executable (Explorer.exe) in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0664 (AnalogX SimpleServer:WWW 1.06 and earlier allows remote attackers to read ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0665 (GAMSoft TelSrv telnet server 1.5 and earlier allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0666 (rpc.statd in the nfs-utils package in various Linux distributions does ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0667 (Vulnerability in gpm in Caldera Linux allows local users to delete ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0668 (pam_console PAM module in Linux systems allows a user to access the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0669 (Novell NetWare 5.0 allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0670 (The cvsweb CGI script in CVSWeb 1.80 allows remote attackers with ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0671 (Roxen web server earlier than 2.0.69 allows allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0672 (The default configuration of Jakarta Tomcat does not restrict access ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0673 (The NetBIOS Name Server (NBNS) protocol does not perform ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0674 (ftp.pl CGI program for Virtual Visions FTP browser allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0675 (Buffer overflow in Infopulse Gatekeeper 3.5 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0676 (Netscape Communicator and Navigator 4.04 through 4.74 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0677 (Buffer overflow in IBM Net.Data db2www CGI program allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0678 (PGP 5.5.x through 6.5.3 does not properly check if an Additional ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0679 (The CVS 1.10.8 client trusts pathnames that are provided by the CVS ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0680 (The CVS 1.10.8 server does not properly restrict users from creating ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0681 (Buffer overflow in BEA WebLogic server proxy plugin allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0682 (BEA WebLogic 5.1.x allows remote attackers to read source code for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0683 (BEA WebLogic 5.1.x allows remote attackers to read source code for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0684 (BEA WebLogic 5.1.x does not properly restrict access to the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0685 (BEA WebLogic 5.1.x does not properly restrict access to the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0686 (Auction Weaver CGI script 1.03 and earlier allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0687 (Auction Weaver CGI script 1.03 and earlier allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0688 (Subscribe Me LITE does not properly authenticate attempts to change ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0689 (Account Manager LITE does not properly authenticate attempts to change ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0690 (Auction Weaver CGI script 1.02 and earlier allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0691 (The faxrunq and faxrunqd in the mgetty package allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0692 (ISS RealSecure 3.2.1 and 3.2.2 allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0693 (pgxconfig in the Raptor GFX configuration tool uses a relative path ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0694 (pgxconfig in the Raptor GFX configuration tool allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0695 (Buffer overflows in pgxconfig in the Raptor GFX configuration tool ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0696 (The administration interface for the dwhttpd web server in Solaris ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0697 (The administration interface for the dwhttpd web server in Solaris ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0698 (Minicom 1.82.1 and earlier on some Linux systems allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0699 (Format string vulnerability in ftpd in HP-UX 10.20 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0700 (Cisco Gigabit Switch Routers (GSR) with Fast Ethernet / Gigabit ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0701 (The wrapper program in mailman 2.0beta3 and 2.0beta4 does not properly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0702 (The net.init rc script in HP-UX 11.00 (S008net.init) allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0703 (suidperl (aka sperl) does not properly cleanse the escape sequence ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0704 (Buffer overflow in SGI Omron WorldView Wnn allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0705 (ntop running in web mode allows remote attackers to read arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0706 (Buffer overflows in ntop running in web mode allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0707 (PCCS MySQLDatabase Admin Tool Manager 1.2.4 and earlier installs the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0708 (Buffer overflow in Pragma Systems TelnetServer 2000 version 4.0 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0709 (The shtml.exe component of Microsoft FrontPage 2000 Server Extensions ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0710 (The shtml.exe component of Microsoft FrontPage 2000 Server Extensions ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0711 (Netscape Communicator does not properly prevent a ServerSocket object ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0712 (Linux Intrusion Detection System (LIDS) 0.9.7 allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0713 (Buffer overflow in Adobe Acrobat 4.05, Reader, Business Tools, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0714 (umb-scheme 3.2-11 for Red Hat Linux is installed with world-writeable ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0715 (DiskCheck script diskcheck.pl in Red Hat Linux 6.2 allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0716 (WorldClient email client in MDaemon 2.8 includes the session ID in the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0717 (GoodTech FTP server allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0718 (A race condition in MandrakeUpdate allows local users to modify RPM ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0719 (VariCAD 7.0 is installed with world-writeable files, which allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0720 (news.cgi in GWScripts News Publisher does not properly authenticate ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0721 (The FSserial, FlagShip_c, and FlagShip_p programs in the FlagShip ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0722 (Helix GNOME Updater helix-update 0.5 and earlier allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0723 (Helix GNOME Updater helix-update 0.5 and earlier does not properly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0724 (The go-gnome Helix GNOME pre-installer allows local users to overwrite ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0725 (Zope before 2.2.1 does not properly restrict access to the getRoles ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0726 (CGIMail.exe CGI program in Stalkerlab Mailers 1.1.2 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0727 (xpdf PDF viewer client earlier than 0.91 does not properly launch a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0728 (xpdf PDF viewer client earlier than 0.91 allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0729 (FreeBSD 5.x, 4.x, and 3.x allows local users to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0730 (Vulnerability in newgrp command in HP-UX 11.0 allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0731 (Directory traversal vulnerability in Worm HTTP server allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0732 (Worm HTTP server allows remote attackers to cause a denial of service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0733 (Telnetd telnet server in IRIX 5.2 through 6.1 does not properly cleans ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0734 (eEye IRIS 1.01 beta allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0735 (Buffer overflow in Becky! Internet Mail client 1.26.03 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0736 (Buffer overflow in Becky! Internet Mail client 1.26.04 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0737 (The Service Control Manager (SCM) in Windows 2000 creates predictable ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0738 (WebShield SMTP 4.5 allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0739 (Directory traversal vulnerability in strong.exe program in NAI Net ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0740 (Buffer overflow in strong.exe program in NAI Net Tools PKI server 1.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0741 (Format string vulnerability in strong.exe program in NAI Net Tools PKI ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0742 (The IPX protocol implementation in Microsoft Windows 95 and 98 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0743 (Buffer overflow in University of Minnesota (UMN) gopherd 2.x allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0744 (DEPRECATED. This entry has been deprecated. It is a duplicate of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0745 (admin.php3 in PHP-Nuke does not properly verify the PHP-Nuke ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0746 (Vulnerabilities in IIS 4.0 and 5.0 do not properly protect against ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0747 (The logrotate script for OpenLDAP before 1.2.11 in Conectiva ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0748 (OpenLDAP 1.2.11 and earlier improperly installs the ud binary with ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0749 (Buffer overflow in the Linux binary compatibility module in FreeBSD ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0750 (Buffer overflow in mopd (Maintenance Operations Protocol loader ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0751 (mopd (Maintenance Operations Protocol loader daemon) does not properly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0752 (Buffer overflows in brouted in FreeBSD and possibly other OSes allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0753 (The Microsoft Outlook mail client identifies the physical path of the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0754 (Vulnerability in HP OpenView Network Node Manager (NMM) version 6.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0755 (Vulnerability in the newgrp command in HP-UX 11.00 allows local users ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0756 (Microsoft Outlook 2000 does not properly process long or malformed ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0757 (The sysgen service in Aptis Totalbill does not perform authentication, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0758 (The web interface for Lyris List Manager 3 and 4 allows list ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0759 (Jakarta Tomcat 3.1 under Apache reveals physical path information when ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0760 (The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0761 (OS2/Warp 4.5 FTP server allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0762 (The default installation of eTrust Access Control (formerly SeOS) uses ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0763 (xlockmore and xlockf do not properly cleanse user-injected format ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0764 (Intel Express 500 series switches allow a remote attacker to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0765 (Buffer overflow in the HTML interpreter in Microsoft Office 2000 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0766 (Buffer overflow in vqSoft vqServer 1.4.49 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0767 (The ActiveX control for invoking a scriptlet in Internet Explorer 4.x ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0768 (A function in Internet Explorer 4.x and 5.x does not properly verify ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0769 (O'Reilly WebSite Pro 2.3.7 installs the uploader.exe program with ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0770 (IIS 4.0 and 5.0 does not properly restrict access to certain types of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0771 (Microsoft Windows 2000 allows local users to cause a denial of service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0772 (The installation of Tumbleweed Messaging Management System (MMS) 4.6 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0773 (Bajie HTTP web server 0.30a allows remote attackers to read arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0774 (The sample Java servlet "test" in Bajie HTTP web server 0.30a reveals ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0775 (Buffer overflow in RobTex Viking server earlier than 1.06-370 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0776 (Mediahouse Statistics Server 5.02x allows remote attackers to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0777 (The password protection feature of Microsoft Money can store the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0778 (IIS 5.0 allows remote attackers to obtain source code for .ASP files ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0779 (Checkpoint Firewall-1 with the RSH/REXEC setting enabled allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0780 (The web server in IPSWITCH IMail 6.04 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0781 (uagentsetup in ARCServeIT Client Agent 6.62 does not properly check ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0782 (netauth.cgi program in Netwin Netauth 4.2e and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0783 (Watchguard Firebox II allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0784 (sshd program in the Rapidstream 2.1 Beta VPN appliance has a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0785 (WircSrv IRC Server 5.07s allows IRC operators to read arbitrary files ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0786 (GNU userv 1.0.0 and earlier does not properly perform file descriptor ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0787 (IRC Xchat client versions 1.4.2 and earlier allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0788 (The Mail Merge tool in Microsoft Word does not prompt the user before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0789 (WinU 5.x and earlier uses weak encryption to store its configuration ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0790 (The web-based folder display capability in Microsoft Internet Explorer ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0791 (Trustix installs the httpsd program for Apache-SSL with ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0792 (Gnome Lokkit firewall package before 0.41 does not properly restrict ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0793 (Norton AntiVirus 5.00.01C with the Novell Netware client does not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0794 (Buffer overflow in IRIX libgl.so library allows local users to gain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0795 (Buffer overflow in lpstat in IRIX 6.2 and 6.3 allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0796 (Buffer overflow in dmplay in IRIX 6.2 and 6.3 allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0797 (Buffer overflow in gr_osview in IRIX 6.2 and 6.3 allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0798 (The truncate function in IRIX 6.x does not properly check for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0799 (inpview in InPerson in SGI IRIX 5.3 through IRIX 6.5.10 allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0800 (String parsing error in rpc.kstatd in the linuxnfs or knfsd packages ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0801 (Buffer overflow in bdf program in HP-UX 11.00 may allow local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0802 (The BAIR program does not properly restrict access to the Internet ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0803 (GNU Groff uses the current working directory to find a device ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0804 (Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0805 (Check Point VPN-1/FireWall-1 4.1 and earlier improperly retransmits ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0806 (The inter-module authentication mechanism (fwa1) in Check Point ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0807 (The OPSEC communications authentication mechanism (fwn1) in Check ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0808 (The seed generation mechanism in the inter-module S/Key authentication ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0809 (Buffer overflow in Getkey in the protocol checker in the inter-module ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0810 (Auction Weaver 1.0 through 1.04 does not properly validate the names ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0811 (Auction Weaver 1.0 through 1.04 allows remote attackers to read ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0812 (The administration module in Sun Java web server allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0813 (Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0816 (Linux tmpwatch --fuser option allows local users to execute arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0817 (Buffer overflow in the HTTP protocol parser for Microsoft Network ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0818 (The default installation for the Oracle listener program 7.3.4, 8.0.6, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0824 (The unsetenv function in glibc 2.1.1 does not properly unset an ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0825 (Ipswitch Imail 6.0 allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0826 (Buffer overflow in ddicgi.exe program in Mobius DocumentDirect for the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0827 (Buffer overflow in the web authorization form of Mobius DocumentDirect ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0828 (Buffer overflow in ddicgi.exe in Mobius DocumentDirect for the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0829 (The tmpwatch utility in Red Hat Linux forks a new process for each ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0830 (annclist.exe in webTV for Windows allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0831 (Buffer overflow in Fastream FTP++ 2.0 allows remote attackers to cause ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0832 (Htgrep CGI program allows remote attackers to read arbitrary files by ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0833 (Buffer overflow in WinSMTP 1.06f and 2.X allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0834 (The Windows 2000 telnet client attempts to perform NTLM authentication ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0835 (search.dll Sambar ISAPI Search utility in Sambar Server 4.4 Beta 3 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0836 (Buffer overflow in CamShot WebCam Trial2.6 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0837 (FTP Serv-U 2.5e allows remote attackers to cause a denial of service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0838 (Fastream FUR HTTP server 1.0b allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0839 (WinCOM LPD 1.00.90 allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0840 (Buffer overflow in XMail POP3 server before version 0.59 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0841 (Buffer overflow in XMail POP3 server before version 0.59 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0842 (The search97cgi/vtopic" in the UnixWare 7 scohelphttp webserver allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0843 (Buffer overflow in pam_smb and pam_ntdom pluggable authentication modules ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0844 (Some functions that implement the locale subsystem on Unix do not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0845 (kdebug daemon (kdebugd) in Digital Unix 4.0F allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0846 (Buffer overflow in Darxite 0.4 and earlier allows a remote attacker to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0847 (Buffer overflow in University of Washington c-client library (used by ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0848 (Buffer overflow in IBM WebSphere web application server (WAS) allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0849 (Race condition in Microsoft Windows Media server allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0850 (Netegrity SiteMinder before 4.11 allows remote attackers to bypass ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0851 (Buffer overflow in the Still Image Service in Windows 2000 allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0852 (Multiple buffer overflows in eject on FreeBSD and possibly other OSes ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0853 (YaBB Bulletin Board 9.1.2000 allows remote attackers to read arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0854 (When a Microsoft Office 2000 document is launched, the directory of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0855 (SunFTP build 9(1) allows remote attackers to cause a denial of service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0856 (Buffer overflow in SunFTP build 9(1) allows remote attackers to cause ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0857 (The logging capability in muh 2.05d IRC server does not properly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0858 (Vulnerability in Microsoft Windows NT 4.0 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0859 (The web configuration server for NTMail V5 and V6 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0860 (The file upload capability in PHP versions 3 and 4 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0861 (Mailman 1.1 allows list administrators to execute arbitrary commands ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0862 (Vulnerability in an administrative interface utility for Allaire ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0863 (Buffer overflow in listmanager earlier than 2.105.1 allows local users ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0864 (Race condition in the creation of a Unix domain socket in GNOME esound ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0865 (Buffer overflow in dvtermtype in Tridia Double Vision 3.07.00 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0866 (Interbase 6 SuperServer for Linux allows an attacker to cause a denial ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0867 (Kernel logging daemon (klogd) in Linux does not properly cleanse ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0868 (The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0869 (The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0870 (Buffer overflow in EFTP allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0871 (Buffer overflow in EFTP allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0872 (explorer.php in PhotoAlbum 0.9.9 allows remote attackers to read ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0873 (netstat in AIX 4.x.x does not properly restrict access to the -Zi ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0874 (Eudora mail client includes the absolute path of the sender's host ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0875 (WFTPD and WFTPD Pro 2.41 RC12 allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0876 (WFTPD and WFTPD Pro 2.41 RC12 allows remote attackers to obtain the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0877 (mailform.pl CGI script in MailForm 2.0 allows remote attackers to read ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0878 (The mailto CGI script allows remote attacker to execute arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0879 (LPPlus programs dccsched, dcclpdser, dccbkst, dccshut, dcclpdshut, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0880 (LPPlus creates the lpdprocess file with world-writeable permissions, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0881 (The dccscan setuid program in LPPlus does not properly check if the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0882 (Intel Express 500 series switches allow a remote attacker to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0883 (The default configuration of mod_perl for Apache as installed on ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0884 (IIS 4.0 and 5.0 allows remote attackers to read documents outside of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0885 (Buffer overflows in Microsoft Network Monitor (Netmon) allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0886 (IIS 5.0 allows remote attackers to execute arbitrary commands via a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0887 (named in BIND 8.2 through 8.2.2-P6 allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0888 (named in BIND 8.2 through 8.2.2-P6 allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0889 (Two Sun security certificates have been compromised, which could allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0890 (periodic in FreeBSD 4.1.1 and earlier, and possibly other operating ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0891 (A default ECL in Lotus Notes before 5.02 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0892 (Some telnet clients allow remote telnet servers to request environment ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0893 (The presence of the Distributed GL Daemon (dgld) service on port 5232 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0894 (HTTP server on the WatchGuard SOHO firewall does not properly restrict ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0895 (Buffer overflow in HTTP server on the WatchGuard SOHO firewall allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0896 (WatchGuard SOHO firewall allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0897 (Small HTTP Server 2.03 and earlier allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0898 (Small HTTP Server 2.01 does not properly process Server Side Includes ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0899 (Small HTTP Server 2.01 allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0900 (Directory traversal vulnerability in ssi CGI program in thttpd 2.19 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0901 (Format string vulnerability in screen 3.9.5 and earlier allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0902 (getalbum.php in PhotoAlbum before 0.9.9 allows remote attackers to read ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0903 (Directory traversal vulnerability in Voyager web server 2.01B in the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0904 (Voyager web server 2.01B in the demo disks for QNX 405 stores ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0905 (QNX Embedded Resource Manager in Voyager web server 2.01B in the demo ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0906 (Directory traversal vulnerability in Moreover.com cached_feed.cgi ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0907 (EServ 2.92 Build 2982 allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0908 (BrowseGate 2.80 allows remote attackers to cause a denial of service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0909 (Buffer overflow in the automatic mail checking component of Pine 4.21 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0910 (Horde library 1.02 allows attackers to execute arbitrary commands via ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0911 (IMP 2.2 and earlier allows attackers to read and delete arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0912 (MultiHTML CGI script allows remote attackers to read arbitrary files ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0913 (mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0914 (OpenBSD 2.6 and earlier allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0915 (fingerd in FreeBSD 4.1.1 allows remote attackers to read arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0916 (FreeBSD 4.1.1 and earlier, and possibly other BSD-based OSes, uses an ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0917 (Format string vulnerability in use_syslog() function in LPRng 3.6.24 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0918 (Format string vulnerability in kvt in KDE 1.1.2 may allow local users ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0919 (Directory traversal vulnerability in PHPix Photo Album 1.0.2 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0920 (Directory traversal vulnerability in BOA web server 0.94.8.2 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0921 (Directory traversal vulnerability in Hassan Consulting shop.cgi ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0922 (Directory traversal vulnerability in Bytes Interactive Web Shopper ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0923 (authenticate.cgi CGI program in Aplio PRO allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0924 (Directory traversal vulnerability in search.cgi CGI script in Armada ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0925 (The default installation of SmartWin CyberOffice Shopping Cart 2 (aka ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0926 (SmartWin CyberOffice Shopping Cart 2 (aka CyberShop) allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0927 (WQuinn QuotaAdvisor 4.1 does not properly record file sizes if they ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0928 (WQuinn QuotaAdvisor 4.1 allows users to list directories and files by ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0929 (Microsoft Windows Media Player 7 allows attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0930 (Pegasus Mail 3.12 allows remote attackers to read arbitrary files via ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0931 (Buffer overflow in Pegasus Mail 3.11 allows remote attackers to cause ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0932 (MAILsweeper for SMTP 3.x does not properly handle corrupt CDA ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0933 (The Input Method Editor (IME) in the Simplified Chinese version of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0934 (Glint in Red Hat Linux 5.2 allows local users to overwrite arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0935 (Samba Web Administration Tool (SWAT) in Samba 2.0.7 allows local users ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0936 (Samba Web Administration Tool (SWAT) in Samba 2.0.7 installs the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0937 (Samba Web Administration Tool (SWAT) in Samba 2.0.7 does not log login ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0938 (Samba Web Administration Tool (SWAT) in Samba 2.0.7 supplies a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0939 (Samba Web Administration Tool (SWAT) in Samba 2.0.7 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0940 (Directory traversal vulnerability in Metertek pagelog.cgi allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0941 (Kootenay Web KW Whois 1.0 CGI program allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0942 (The CiWebHitsFile component in Microsoft Indexing Services for Windows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0943 (Buffer overflow in bftp daemon (bftpd) 1.0.11 allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0944 (CGI Script Center News Update 1.1 does not properly validate the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0945 (The web configuration interface for Catalyst 3500 XL switches allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0946 (Compaq Easy Access Keyboard software 1.3 does not properly disable ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0947 (Format string vulnerability in cfd daemon in GNU CFEngine before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0948 (GnoRPM before 0.95 allows local users to modify arbitrary files via a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0949 (Heap overflow in savestr function in LBNL traceroute 1.4a5 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0950 (Format string vulnerability in x-gw in TIS Firewall Toolkit (FWTK) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0951 (A misconfiguration in IIS 5.0 with Index Server enabled and the Index ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0952 (global.cgi CGI program in Global 3.55 and earlier on NetBSD allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0953 (Shambala Server 4.5 allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0954 (Shambala Server 4.5 stores passwords in plaintext, which could allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0955 (Cisco Virtual Central Office 4000 (VCO/4K) uses weak encryption to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0956 (cyrus-sasl before 1.5.24 in Red Hat Linux 7.0 does not properly verify ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0957 (The pluggable authentication module for mysql (pam_mysql) before 0.4.7 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0958 (HotJava Browser 3.0 allows remote attackers to access the DOM of a web ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0959 (glibc2 does not properly clear the LD_DEBUG_OUTPUT and LD_DEBUG ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0960 (The POP3 server in Netscape Messaging Server 4.15p1 generates ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0961 (Buffer overflow in IMAP server in Netscape Messaging Server 4.15 Patch ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0962 (The IPSEC implementation in OpenBSD 2.7 does not properly handle empty ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0963 (Buffer overflow in ncurses library allows local users to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0964 (Buffer overflow in the web administration service for the HiNet LP5100 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0965 (The NSAPI plugins for TGA and the Java Servlet proxy in HP-UX VVOS ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0966 (Buffer overflows in lpspooler in the fileset PrinterMgmt.LP-SPOOL of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0967 (PHP 3 and 4 do not properly cleanse user-injected format strings, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0968 (Buffer overflow in Half Life dedicated server before build 3104 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0969 (Format string vulnerability in Half Life dedicated server build 3104 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0970 (IIS 4.0 and 5.0 .ASP pages send the same Session ID cookie for secure ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0971 (Avirt Mail 4.0 and 4.2 allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0972 (HP-UX 11.00 crontab allows local users to read arbitrary files via the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0973 (Buffer overflow in curl earlier than 6.0-1.1, and curl-ssl earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0974 (GnuPG (gpg) 1.0.3 does not properly check all signatures of a file ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0975 (Directory traversal vulnerability in apexec.pl in Anaconda Foundation ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0976 (Buffer overflow in xlib in XFree 3.3.x possibly allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0977 (mailfile.cgi CGI program in MailFile 1.10 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0978 (bbd server in Big Brother System and Network Monitor before 1.5c2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0979 (File and Print Sharing service in Windows 95, Windows 98, and Windows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0980 (NMPI (Name Management Protocol on IPX) listener in Microsoft NWLink ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0981 (MySQL Database Engine uses a weak authentication method which leaks ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0982 (Internet Explorer before 5.5 forwards cached user credentials for a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0983 (Microsoft NetMeeting with Remote Desktop Sharing enabled allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0984 (The HTTP server in Cisco IOS 12.0 through 12.1 allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0985 (Buffer overflow in All-Mail 1.1 allows remote attackers to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0986 (Buffer overflow in Oracle 8.1.5 applications such as names, namesctl, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0987 (Buffer overflow in oidldapd in Oracle 8.1.6 allow local users to gain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0988 (WinU 1.0 through 5.1 has a backdoor password that allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0989 (Buffer overflow in Intel InBusiness eMail Station 1.04.87 POP service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0990 (cmd5checkpw 0.21 and earlier allows remote attackers to cause a denial ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0991 (Buffer overflow in Hilgraeve, Inc. HyperTerminal client on Windows 98, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0992 (Directory traversal vulnerability in scp in sshd 1.2.xx allows a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0993 (Format string vulnerability in pw_error function in BSD libutil ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0994 (Format string vulnerability in OpenBSD fstat program (and possibly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0995 (Format string vulnerability in OpenBSD yp_passwd program (and possibly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0996 (Format string vulnerability in OpenBSD su program (and possibly other ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0997 (Format string vulnerabilities in eeprom program in OpenBSD, NetBSD, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0998 (Format string vulnerability in top program allows local attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0999 (Format string vulnerabilities in OpenBSD ssh program (and possibly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1000 (Format string vulnerability in AOL Instant Messenger (AIM) 4.1.2010 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1001 (add_2_basket.asp in Element InstantShop allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1002 (POP3 daemon in Stalker CommuniGate Pro 3.3.2 generates different error ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1003 (NETBIOS client in Windows 95 and Windows 98 allows a remote attacker ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1004 (Format string vulnerability in OpenBSD photurisd allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1005 (Directory traversal vulnerability in html_web_store.cgi and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1006 (Microsoft Exchange Server 5.5 does not properly handle a MIME header ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1007 (I-gear 3.5.7 and earlier does not properly process log entries in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1008 (PalmOS 3.5.2 and earlier uses weak encryption to store the user ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1009 (dump in Red Hat Linux 6.2 trusts the pathname specified by the RSH ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1010 (Format string vulnerability in talkd in OpenBSD and possibly other ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1011 (Buffer overflow in catopen() function in FreeBSD 5.0 and earlier, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1012 (The catopen function in FreeBSD 5.0 and earlier, and possibly other ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1013 (The setlocale function in FreeBSD 5.0 and earlier, and possibly other ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1014 (Format string vulnerability in the search97.cgi CGI script in SCO help ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1015 (The default configuration of Slashcode before version 2.0 Alpha has a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1016 (The default configuration of Apache (httpd.conf) on SuSE 6.4 includes ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1017 (Webteachers Webdata allows remote attackers with valid Webdata ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1018 (shred 1.0 file wiping utility does not properly open a file for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1019 (Search engine in Ultraseek 3.1 and 3.1.10 (aka Inktomi Search) allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1020 (Heap overflow in Worldclient in Mdaemon 3.1.1 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1021 (Heap overflow in WebConfig in Mdaemon 3.1.1 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1022 (The mailguard feature in Cisco Secure PIX Firewall 5.2(2) and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1023 (The Alabanza Control Panel does not require passwords to access ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1024 (eWave ServletExec 3.0C and earlier does not restrict access to the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1025 (eWave ServletExec JSP/Java servlet engine, versions 3.0C and earlier, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1026 (Multiple buffer overflows in LBNL tcpdump allow remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1027 (Cisco Secure PIX Firewall 5.2(2) allows remote attackers to determine ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1028 (Buffer overflow in cu program in HP-UX 11.0 may allow local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1029 (Buffer overflow in host command allows a remote attacker to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1030 (CS&T CorporateTime for the Web returns different error messages for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1031 (Buffer overflow in dtterm in HP-UX 11.0 and HP Tru64 UNIX 4.0f through ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1032 (The client authentication interface for Check Point Firewall-1 4.0 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1033 (Serv-U FTP Server allows remote attackers to bypass its anti-hammering ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1034 (Buffer overflow in the System Monitor ActiveX control in Windows 2000 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1035 (Buffer overflows in TYPSoft FTP Server 0.78 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1036 (Directory traversal vulnerability in Extent RBS ISP web server allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1037 (Check Point Firewall-1 session agent 3.0 through 4.1 generates ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1038 (The web administration interface for IBM AS/400 Firewall allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1039 (Various TCP/IP stacks and network applications allow remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1040 (Format string vulnerability in logging function of ypbind 3.3, while ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1041 (Buffer overflow in ypbind 3.3 possibly allows an attacker to gain root ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1042 (Buffer overflow in ypserv in Mandrake Linux 7.1 and earlier, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1043 (Format string vulnerability in ypserv in Mandrake Linux 7.1 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1044 (Format string vulnerability in ypbind-mt in SuSE SuSE-6.2, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1045 (nss_ldap earlier than 121, when run with nscd (name service caching ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1046 (Multiple buffer overflows in the ESMTP service of Lotus Domino 5.0.2c ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1047 (Buffer overflow in SMTP service of Lotus Domino 5.0.4 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1048 (Directory traversal vulnerability in the logfile service of Wingate ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1049 (Allaire JRun 3.0 http servlet server allows remote attackers to cause ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1050 (Allaire JRun 3.0 http servlet server allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1051 (Directory traversal vulnerability in Allaire JRun 2.3 server allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1052 (Allaire JRun 2.3 server allows remote attackers to obtain source code ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1053 (Allaire JRun 2.3.3 server allows remote attackers to compile and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1054 (Buffer overflow in CSAdmin module in CiscoSecure ACS Server 2.4(2) and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1055 (Buffer overflow in CiscoSecure ACS Server 2.4(2) and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1056 (CiscoSecure ACS Server 2.4(2) and earlier allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1057 (Vulnerabilities in database configuration scripts in HP OpenView ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1058 (Buffer overflow in OverView5 CGI program in HP OpenView Network Node ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1059 (The default configuration of the Xsession file in Mandrake Linux 7.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1060 (The default configuration of XFCE 3.5.1 bypasses the Xauthority access ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1061 (Microsoft Virtual Machine (VM) in Internet Explorer 4.x and 5.x allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1062 (Buffer overflow in the FTP service in HP JetDirect printer card ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1063 (Buffer overflow in the Telnet service in HP JetDirect printer card ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1064 (Buffer overflow in the LPD service in HP JetDirect printer card ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1065 (Vulnerability in IP implementation of HP JetDirect printer card ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1066 (The getnameinfo function in FreeBSD 4.1.1 and earlier, and possibly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1068 (pollit.cgi in Poll It 2.0 allows remote attackers to execute arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1069 (pollit.cgi in Poll It 2.01 and earlier allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1070 (pollit.cgi in Poll It 2.01 and earlier uses data files that are ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1071 (The GUI installation for iCal 2.1 Patch 2 disables access control for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1072 (iCal 2.1 Patch 2 installs many files with world-writeable permissions, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1073 (csstart program in iCal 2.1 Patch 2 searches for the cshttpd program ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1074 (csstart program in iCal 2.1 Patch 2 uses relative pathnames to install ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1075 (Directory traversal vulnerability in iPlanet Certificate Management ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1076 (Netscape (iPlanet) Certificate Management System 4.2 and Directory ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1077 (Buffer overflow in the SHTML logging functionality of iPlanet Web ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1078 (ICQ Web Front HTTPd allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1079 (Interactions between the CIFS Browser Protocol and NetBIOS as ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1080 (Quake 1 (quake1) and ProQuake 1.01 and earlier allow remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1081 (The xp_displayparamstmt function in SQL Server and Microsoft SQL ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1082 (The xp_enumresultset function in SQL Server and Microsoft SQL Server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1083 (The xp_showcolv function in SQL Server and Microsoft SQL Server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1084 (The xp_updatecolvbm function in SQL Server and Microsoft SQL Server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1085 (The xp_peekqueue function in Microsoft SQL Server 2000 and SQL Server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1086 (The xp_printstatements function in Microsoft SQL Server 2000 and SQL ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1087 (The xp_proxiedmetadata function in Microsoft SQL Server 2000 and SQL ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1088 (The xp_SetSQLSecurity function in Microsoft SQL Server 2000 and SQL ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1089 (Buffer overflow in Microsoft Phone Book Service allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1090 (Microsoft IIS for Far East editions 4.0 and 5.0 allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1092 (loadpage.cgi CGI program in EZshopper 3.0 and 2.0 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1093 (Buffer overflow in AOL Instant Messenger before 4.3.2229 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1094 (Buffer overflow in AOL Instant Messenger (AIM) before 4.3.2229 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1095 (modprobe in the modutils 2.3.x package on Linux systems allows a local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1096 (crontab by Paul Vixie uses predictable file names for a temporary file ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1097 (The web server for the SonicWALL SOHO firewall allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1098 (The web server for the SonicWALL SOHO firewall allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1099 (Java Runtime Environment in Java Development Kit (JDK) 1.2.2_05 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1100 (The default configuration for PostACI webmail system installs the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1101 (Directory traversal vulnerability in Winsock FTPd (WFTPD) 3.00 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1102 (PTlink IRCD 3.5.3 and PTlink Services 1.8.1 allow remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1103 (rcvtty in BSD 3.0 and 4.0 does not properly drop privileges before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1104 (Variant of the "IIS Cross-Site Scripting" vulnerability as originally ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1105 (The ixsso.query ActiveX Object is marked as safe for scripting, which ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1106 (Trend Micro InterScan VirusWall creates an "Intscan" share to the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1107 (in.identd ident server in SuSE Linux 6.x and 7.0 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1108 (cons.saver in Midnight Commander (mc) 4.5.42 and earlier does not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1109 (Midnight Commander (mc) 4.5.51 and earlier does not properly process ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1110 (document.d2w CGI program in the IBM Net.Data db2www package allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1111 (Telnet Service for Windows 2000 Professional does not properly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1112 (Microsoft Windows Media Player 7 executes scripts in custom skin ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1113 (Buffer overflow in Microsoft Windows Media Player allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1114 (Unify ServletExec AS v3.0C allows remote attackers to read source code ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1115 (Buffer overflow in remote web administration component (webprox.dll) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1116 (Buffer overflow in TransSoft Broker FTP Server before 4.3.0.1 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1117 (The Extended Control List (ECL) feature of the Java Virtual Machine ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1118 (24Link 1.06 web server allows remote attackers to bypass access ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1119 (Buffer overflow in setsenv command in IBM AIX 4.3.x and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1120 (Buffer overflow in digest command in IBM AIX 4.3.x and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1121 (Buffer overflow in enq command in IBM AIX 4.3.x and earlier may allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1122 (Buffer overflow in setclock command in IBM AIX 4.3.x and earlier may ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1123 (Buffer overflow in pioout command in IBM AIX 4.3.x and earlier may ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1124 (Buffer overflow in piobe command in IBM AIX 4.3.x allows local users ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1125 (restore 0.4b15 and earlier in Red Hat Linux 6.2 trusts the pathname ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1126 (Vulnerability in auto_parms and set_parms in HP-UX 11.00 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1127 (registrar in the HP resource monitor service allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1128 (The default configuration of McAfee VirusScan 4.5 does not quote the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1129 (McAfee WebShield SMTP 4.5 allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1130 (McAfee WebShield SMTP 4.5 allows remote attackers to bypass email ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1131 (Bill Kendrick web site guestbook (GBook) allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1132 (DCForum cgforum.cgi CGI script allows remote attackers to read ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1133 (Authentix Authentix100 allows remote attackers to bypass ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1134 (Multiple shell programs on various Unix systems, including (1) tcsh, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1135 (fshd (fsh daemon) in Debian GNU/Linux allows local users to overwrite ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1136 (elvis-tiny before 1.4-10 in Debian GNU/Linux, and possibly other Linux ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1137 (GNU ed before 0.2-18.1 allows local users to overwrite the files of ...) BUG: 66400 CVE-2000-1138 (Lotus Notes R5 client R5.0.5 and earlier does not properly warn users ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1139 (The installation of Microsoft Exchange 2000 before Rev. A creates a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1140 (Recourse ManTrap 1.6 does not properly hide processes from attackers, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1141 (Recourse ManTrap 1.6 modifies the kernel so that ".." does not appear ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1142 (Recourse ManTrap 1.6 generates an error when an attacker cd's to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1143 (Recourse ManTrap 1.6 hides the first 4 processes that run on a Solaris ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1144 (Recourse ManTrap 1.6 sets up a chroot environment to hide the fact ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1145 (Recourse ManTrap 1.6 allows attackers who have gained root access to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1146 (Recourse ManTrap 1.6 allows attackers to cause a denial of service via ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1147 (Buffer overflow in IIS ISAPI .ASP parsing mechanism allows attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1148 (The installation of VolanoChatPro chat server sets world-readable ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1149 (Buffer overflow in RegAPI.DLL used by Windows NT 4.0 Terminal Server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1150 (Felix IRC client in BeOS r5 pro and earlier allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1151 (Baxter IRC client in BeOS r5 pro and earlier allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1152 (Browser IRC client in BeOS r5 pro and earlier allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1153 (PostMaster 1.0 in BeOS r5 pro and earlier allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1154 (RHConsole in RobinHood 1.1 web server in BeOS r5 pro and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1155 (RHDaemon in RobinHood 1.1 web server in BeOS r5 pro and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1156 (StarOffice 5.2 follows symlinks and sets world-readable permissions ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1157 (Buffer overflow in NAI Sniffer Agent allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1158 (NAI Sniffer Agent uses base64 encoding for authentication, which ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1159 (NAI Sniffer Agent allows remote attackers to gain privileges on the agent ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1160 (NAI Sniffer Agent allows remote attackers to cause a denial of service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1161 (The installation of AdCycle banner management system leaves the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1162 (ghostscript before 5.10-16 allows local users to overwrite files of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1163 (ghostscript before 5.10-16 uses an empty LD_RUN_PATH environmental ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1164 (WinVNC installs the WinVNC3 registry key with permissions that give ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1165 (Balabit syslog-ng allows remote attackers to cause a denial of service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1166 (Twig webmail system does not properly set the "vhosts" variable if it ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1167 (ppp utility in FreeBSD 4.1.1 and earlier does not properly restrict ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1168 (IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1169 (OpenSSH SSH client before 2.3.0 does not properly disable X11 or agent ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1170 (Buffer overflow in Netsnap webcam HTTP server before 1.2.9 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1171 (Directory traversal vulnerability in cgiforum.pl script in CGIForum 1.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1172 (Buffer overflow in Gaim 0.10.3 and earlier using the OSCAR protocol ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1173 (Microsys CyberPatrol uses weak encryption (trivial encoding) for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1174 (Multiple buffer overflows in AFS ACL parser for Ethereal 0.8.13 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1175 (Buffer overflow in Koules 1.4 allows local users to execute arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1176 (Directory traversal vulnerability in YaBB search.pl CGI script allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1177 (bb-hist.sh, bb-histlog.sh, bb-hostsvc.sh, bb-rep.sh, bb-replog.sh, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1178 (Joe text editor follows symbolic links when creating a rescue copy ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1179 (Netopia ISDN Router 650-ST before 4.3.5 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1180 (Buffer overflow in cmctl program in Oracle 8.1.5 Connection Manager Control ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1181 (Real Networks RealServer 7 and earlier allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1182 (WatchGuard Firebox II allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1183 (Buffer overflow in socks5 server on Linux allows attackers to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1184 (telnetd in FreeBSD 4.2 and earlier, and possibly other operating ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1185 (The telnet proxy in RideWay PN proxy server allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1186 (Buffer overflow in phf CGI program allows remote attackers to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1187 (Buffer overflow in the HTML parser for Netscape 4.75 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1188 (Directory traversal vulnerability in Quikstore shopping cart program ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1189 (Buffer overflow in pam_localuser PAM module in Red Hat Linux 7.x and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1190 (imwheel-solo in imwheel package allows local users to modify arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1191 (htsearch program in htDig 3.2 beta, 3.1.6, 3.1.5, and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1192 (Buffer overflow in BTT Software SNMP Trap Watcher 1.16 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1193 (Performance Metrics Collector Daemon (PMCD) in Performance Copilot in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1194 (Argosoft FRP server 1.0 allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1195 (telnet daemon (telnetd) from the Linux netkit package before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1196 (PSCOErrPage.htm in Netscape PublishingXpert 2.5 before SP2 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1197 (POP2 or POP3 server (pop3d) in imap-uw IMAP package on FreeBSD and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1198 (qpopper POP server creates lock files with predictable names, which ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1199 (PostgreSQL stores usernames and passwords in plaintext in (1) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1200 (Windows NT allows remote attackers to list all users in a domain by ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1201 (Check Point FireWall-1 allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1202 (ikeyman in IBM IBMHSSSB 1.0 sets the CLASSPATH environmental variable ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1203 (Lotus Domino SMTP server 4.63 through 5.08 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1204 (Vulnerability in the mod_vhost_alias virtual hosting module for Apache ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1205 (Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1206 (Vulnerability in Apache httpd before 1.3.11, when configured for mass ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1207 (userhelper in the usermode package on Red Hat Linux executes ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1208 (Format string vulnerability in startprinting() function of printjob.c ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1209 (The "sa" account is installed with a default null password on (1) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1210 (Directory traversal vulnerability in source.jsp of Apache Tomcat ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1211 (Zope 2.2.0 through 2.2.4 does not properly perform security ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1212 (Zope 2.2.0 through 2.2.4 does not properly protect a data updating ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1213 (ping in iputils before 20001010, as distributed on Red Hat Linux 6.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1214 (Buffer overflows in the (1) outpack or (2) buf variables of ping in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1215 (The default configuration of Lotus Domino server 5.0.8 includes system ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1216 (Buffer overflow in portmir for AIX 4.3.0 allows local users to corrupt ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1217 (Microsoft Windows 2000 before Service Pack 2 (SP2), when running in a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1218 (The default configuration for the domain name resolver for Microsoft ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1219 (The -ftrapv compiler option in gcc and g++ 3.3.3 and earlier does not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1220 (The line printer daemon (lpd) in the lpr package in multiple Linux ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1221 (The line printer daemon (lpd) in the lpr package in multiple Linux ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1222 (AIX sysback before 4.2.1.13 uses a relative path to find and execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1223 (quikstore.cgi in Quikstore Shopping Cart allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1224 (Caucho Technology Resin 1.2 and possibly earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1225 (Xitami 2.5b installs the testcgi.exe program by default in the cgi-bin ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1226 (Snort 1.6, when running in straight ASCII packet logging mode or IDS ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1227 (Windows NT 4.0 and Windows 2000 hosts allow remote attackers to cause ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1228 (Phorum 3.0.7 allows remote attackers to change the administrator ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1229 (Directory traversal vulnerability in Phorum 3.0.7 allows remote Phorum ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1230 (Backdoor in auth.php3 in Phorum 3.0.7 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1231 (code.php3 in Phorum 3.0.7 allows remote attackers to read arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1232 (upgrade.php3 in Phorum 3.0.7 could allow remote attackers to modify ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1233 (SQL injection vulnerability in read.php3 and other scripts in Phorum ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1234 (violation.php3 in Phorum 3.0.7 allows remote attackers to send e-mails ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1235 (The default configurations of (1) the port listener and (2) modplsql ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1236 (SQL injection vulnerability in mod_sql in Oracle Internet Application ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1237 (The POP3 server in FTGate returns an -ERR code after receiving an ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1238 (BEA Systems WebLogic Express and WebLogic Server 5.1 SP1-SP6 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1239 (The HTTP interface of Tivoli Lightweight Client Framework (LCF) in IBM ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1240 (Unspecified vulnerability in siteman.php3 in AnyPortal(php) before 22 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1241 (Unspecified vulnerability in Haakon Nilsen simple, integrated ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1242 (The HTTP service in American Power Conversion (APC) PowerChute uses a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1243 (Privacy leak in Dansie Shopping Cart 3.04, and probably earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1244 (Computer Associates InoculateIT Agent for Exchange Server does not ...) NOT-FOR-US: old or nfu CVE-2000-1245 (Multiple unspecified vulnerabilities in NWFTPD.nlm before 5.01o in the ...) TODO: check CVE-2000-1246 (NWFTPD.nlm before 5.01o in the FTP server in Novell NetWare 5.1 SP3 ...) TODO: check CVE-2001-0001 (cookiedecode function in PHP-Nuke 4.4 allows users to bypass ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0002 (Internet Explorer 5.5 and earlier allows remote attackers to obtain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0003 (Web Extender Client (WEC) in Microsoft Office 2000, Windows 2000, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0004 (IIS 5.0 and 4.0 allows remote attackers to read the source code for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0005 (Buffer overflow in the parsing mechanism of the file loader in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0006 (The Winsock2ProtocolCatalogMutex mutex in Windows NT 4.0 has ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0007 (Buffer overflow in NetScreen Firewall WebUI allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0008 (Backdoor account in Interbase database server allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0009 (Directory traversal vulnerability in Lotus Domino 5.0.5 web server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0010 (Buffer overflow in transaction signature (TSIG) handling code in BIND ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0011 (Buffer overflow in nslookupComplain function in BIND 4 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0012 (BIND 4 and BIND 8 allow remote attackers to access sensitive ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0013 (Format string vulnerability in nslookupComplain function in BIND 4 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0014 (Remote Data Protocol (RDP) in Windows 2000 Terminal Service does not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0015 (Network Dynamic Data Exchange (DDE) in Windows 2000 allows local users ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0016 (NTLM Security Support Provider (NTLMSSP) service does not properly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0017 (Memory leak in PPTP server in Windows NT 4.0 allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0018 (Windows 2000 domain controller in Windows 2000 Server, Advanced ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0019 (Arrowpoint (aka Cisco Content Services, or CSS) allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0020 (Directory traversal vulnerability in Arrowpoint (aka Cisco Content ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0021 (MailMan Webmail 3.0.25 and earlier allows remote attackers to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0022 (simplestguest.cgi CGI program by Leif Wright allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0023 (everythingform.cgi CGI program by Leif Wright allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0024 (simplestmail.cgi CGI program by Leif Wright allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0025 (ad.cgi CGI program by Leif Wright allows remote attackers to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0026 (rp-pppoe PPPoE client allows remote attackers to cause a denial of service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0027 (mod_sqlpw module in ProFTPD does not reset a cached password when a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0028 (Buffer overflow in the HTML parsing code in oops WWW proxy server 1.5.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0029 (Buffer overflow in oops WWW proxy server 1.4.6 (and possibly other ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0030 (FoolProof 3.9 allows local users to bypass program execution ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0031 (BroadVision One-To-One Enterprise allows remote attackers to determine ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0032 (Format string vulnerability in ssldump possibly allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0033 (KTH Kerberos IV allows local users to change the configuration of a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0034 (KTH Kerberos IV allows local users to specify an alternate proxy using ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0035 (Buffer overflow in the kdc_reply_cipher function in KTH Kerberos IV ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0036 (KTH Kerberos IV allows local users to overwrite arbitrary files via a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0037 (Directory traversal vulnerability in HomeSeer before 1.4.29 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0038 (Offline Explorer 1.4 before Service Release 2 allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0039 (IPSwitch IMail 6.0.5 allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0040 (APC UPS daemon, apcupsd, saves its process ID in a world-writable ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0041 (Memory leak in Cisco Catalyst 4000, 5000, and 6000 series switches ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0042 (PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0043 (phpGroupWare before 0.9.7 allows remote attackers to execute arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0044 (Multiple buffer overflows in Lexmark MarkVision printer driver ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0045 (The default permissions for the RAS Administration key in Windows NT ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0046 (The default permissions for the SNMP Parameters registry key in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0047 (The default permissions for the MTS Package Administration registry ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0048 (The "Configure Your Server" tool in Microsoft 2000 domain controllers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0049 (WatchGuard SOHO FireWall 2.2.1 and earlier allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0050 (Buffer overflow in BitchX IRC client allows remote attackers to cause ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0051 (IBM DB2 Universal Database version 6.1 creates an account with a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0052 (IBM DB2 Universal Database version 6.1 allows users to cause a denial ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0053 (One-byte buffer overflow in replydirname function in BSD-based ftpd ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0054 (Directory traversal vulnerability in FTP Serv-U before 2.5i allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0055 (CBOS 2.4.1 and earlier in Cisco 600 routers allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0056 (The Cisco Web Management interface in routers running CBOS 2.4.1 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0057 (Cisco 600 routers running CBOS 2.4.1 and earlier allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0058 (The Web interface to Cisco 600 routers running CBOS 2.4.1 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0059 (patchadd in Solaris allows local users to overwrite arbitrary files ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0060 (Format string vulnerability in stunnel 3.8 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0061 (procfs in FreeBSD and possibly other operating systems does not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0062 (procfs in FreeBSD and possibly other operating systems allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0063 (procfs in FreeBSD and possibly other operating systems allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0064 (Webconfig, IMAP, and other services in MDaemon 3.5.0 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0065 (Buffer overflow in bftpd 1.0.13 allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0066 (Secure Locate (slocate) allows local users to corrupt memory via a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0067 (The installation of J-Pilot creates the .jpilot directory with the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0068 (Mac OS Runtime for Java (MRJ) 2.2.3 allows remote attackers to use ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0069 (dialog before 0.9a-20000118-3bis in Debian GNU/Linux allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0070 (Buffer overflow in 1st Up Mail Server 4.1 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0071 (gpg (aka GnuPG) 1.0.4 and other versions does not properly verify detached ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0072 (gpg (aka GnuPG) 1.0.4 and other versions imports both public and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0073 (Buffer overflow in the find_default_type function in libsecure in NSA ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0074 (Directory traversal vulnerability in print.cgi in Technote allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0075 (Directory traversal vulnerability in main.cgi in Technote allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0076 (register.cgi in Ikonboard 2.1.7b and earlier allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0077 (The clustmon service in Sun Cluster 2.x does not require ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0078 (in.mond in Sun Cluster 2.x allows local users to read arbitrary files ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0079 (Support Tools Manager (STM) A.22.00 for HP-UX allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0080 (Cisco Catalyst 6000, 5000, or 4000 switches allow remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0081 (swinit in nCipher does not properly disable the Operator Card Set ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0082 (Check Point VPN-1/FireWall-1 4.1 SP2 with Fastmode enabled allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0083 (Windows Media Unicast Service in Windows Media Services 4.0 and 4.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0084 (GTK+ library allows local users to specify arbitrary modules via the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0085 (Buffer overflow in Kermit communications software in HP-UX 11.0 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0086 (CGI Script Center Subscribe Me LITE 2.0 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0087 (itetris/xitetris 1.6.2 and earlier trusts the PATH environmental ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0088 (common.inc.php in phpWebLog 0.4.2 does not properly initialize the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0089 (Internet Explorer 5.0 through 5.5 allows remote attackers to read ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0090 (The Print Templates feature in Internet Explorer 5.5 executes ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0091 (The ActiveX control for invoking a scriptlet in Internet Explorer 5.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0092 (A function in Internet Explorer 5.0 through 5.5 does not properly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0093 (Vulnerability in telnetd in FreeBSD 1.5 allows local users to gain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0094 (Buffer overflow in kdc_reply_cipher of libkrb (Kerberos 4 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0095 (catman in Solaris 2.7 and 2.8 allows local users to overwrite ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0096 (FrontPage Server Extensions (FPSE) in IIS 4.0 and 5.0 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0097 (The Web interface for Infinite Interchange 3.6.1 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0098 (Buffer overflow in Bea WebLogic Server before 5.1.0 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0099 (bsguest.cgi guestbook script allows remote attackers to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0100 (bslist.cgi mailing list script allows remote attackers to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0101 (Vulnerability in fetchmail 5.5.0-2 and earlier in the AUTHENTICATE ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0102 ("Multiple Users" Control Panel in Mac OS 9 allows Normal users to gain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0103 (CoffeeCup Direct and Free FTP clients uses weak encryption to store ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0104 (MDaemon Pro 3.5.1 and earlier allows local users to bypass the "lock ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0105 (Vulnerability in top in HP-UX 11.04 and earlier allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0106 (Vulnerability in inetd server in HP-UX 11.04 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0107 (Veritas Backup agent on Linux allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0108 (PHP Apache module 4.0.4 and earlier allows remote attackers to bypass ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0109 (rctab in SuSE 7.0 and earlier allows local users to create or overwrite ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0110 (Buffer overflow in jaZip Zip/Jaz drive manager allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0111 (Format string vulnerability in splitvt before 1.6.5 allows local users ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0112 (Multiple buffer overflows in splitvt before 1.6.5 allow local users ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0113 (statsconfig.pl in OmniHTTPd 2.07 allows remote attackers to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0114 (statsconfig.pl in OmniHTTPd 2.07 allows remote attackers to overwrite ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0115 (Buffer overflow in arp command in Solaris 7 and earlier allows local users ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0116 (gpm 1.19.3 allows local users to overwrite arbitrary files via a symlink ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0117 (sdiff 2.7 in the diffutils package allows local users to overwrite ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0118 (rdist 6.1.5 allows local users to overwrite arbitrary files via a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0119 (getty_ps 2.0.7j allows local users to overwrite arbitrary files via a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0120 (useradd program in shadow-utils program may allow local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0121 (ImageCast Control Center 4.1.0 allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0122 (Kernel leak in AfpaCache module of the Fast Response Cache Accelerator ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0123 (Directory traversal vulnerability in eXtropia bbs_forum.cgi 1.0 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0124 (Buffer overflow in exrecover in Solaris 2.6 and earlier possibly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0125 (exmh 2.2 and earlier allows local users to overwrite arbitrary files ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0126 (Oracle XSQL servlet 1.0.3.0 and earlier allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0127 (Buffer overflow in Olivier Debon Flash plugin (not the Macromedia ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0128 (Zope before 2.2.4 does not properly compute local roles, which could ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0129 (Buffer overflow in Tinyproxy HTTP proxy 1.3.3 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0130 (Buffer overflow in HTML parser of the Lotus R5 Domino Server before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0131 (htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0132 (Interscan VirusWall 3.6.x and earlier follows symbolic links when ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0133 (The web administration interface for Interscan VirusWall 3.6.x and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0134 (Buffer overflow in cpqlogin.htm in web-enabled agents for various ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0135 (The default installation of Ultraboard 2000 2.11 creates the Skins, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0136 (Memory leak in ProFTPd 1.2.0rc2 allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0137 (Windows Media Player 7 allows remote attackers to execute malicious ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0138 (privatepw program in wu-ftpd before 2.6.1-6 allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0139 (inn 2.2.3 allows local users to overwrite arbitrary files via a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0140 (arpwatch 2.1a4 allows local users to overwrite arbitrary files via a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0141 (mgetty 1.1.22 allows local users to overwrite arbitrary files via a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0142 (squid 2.3 and earlier allows local users to overwrite arbitrary files ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0143 (vpop3d program in linuxconf 1.23r and earlier allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0144 (CORE SDI SSH1 CRC-32 compensation attack detector allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0145 (Buffer overflow in VCard handler in Outlook 2000 and 98, and Outlook ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0146 (IIS 5.0 and Microsoft Exchange 2000 allow remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0147 (Buffer overflow in Windows 2000 event viewer snap-in allows attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0148 (The WMP ActiveX Control in Windows Media Player 7 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0149 (Windows Scripting Host in Internet Explorer 5.5 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0150 (Internet Explorer 5.5 and earlier executes Telnet sessions using ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0151 (IIS 5.0 allows remote attackers to cause a denial of service via a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0152 (The password protection option for the Compressed Folders feature in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0153 (Buffer overflow in VB-TSQL debugger object (vbsdicli.exe) in Visual ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0154 (HTML e-mail feature in Internet Explorer 5.5 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0155 (Format string vulnerability in VShell SSH gateway 1.0.1 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0156 (VShell SSH gateway 1.0.1 and earlier has a default port forwarding ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0157 (Debugging utility in the backdoor mode of Palm OS 3.5.2 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0158 RESERVED CVE-2001-0159 RESERVED CVE-2001-0160 (Lucent/ORiNOCO WaveLAN cards generate predictable Initialization ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0161 (Cisco 340-series Aironet access point using firmware 11.01 does not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0162 (WinCE 3.0.9348 generates predictable TCP Initial Sequence Numbers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0163 (Cisco AP340 base station produces predictable TCP Initial Sequence ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0164 (Buffer overflow in Netscape Directory Server 4.12 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0165 (Buffer overflow in ximp40 shared library in Solaris 7 and Solaris 8 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0166 (Macromedia Shockwave Flash plugin version 8 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0167 (Buffer overflow in AT&T WinVNC (Virtual Network Computing) client ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0168 (Buffer overflow in AT&T WinVNC (Virtual Network Computing) server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0169 (When using the LD_PRELOAD environmental variable in SUID or SGID ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0170 (glibc 2.1.9x and earlier does not properly clear the RESOLV_HOST_CONF, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0171 (Buffer overflow in SlimServe HTTPd 1.0 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0172 (Buffer overflow in ReiserFS 3.5.28 in SuSE Linux allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0173 (Buffer overflow in qDecoder library 5.08 and earlier, as used in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0174 (Buffer overflow in Trend Micro Virus Buster 2001 8.00 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0175 (The caching module in Netscape Fasttrack Server 4.1 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0176 (The setuid doroot program in Voyant Sonata 3.x executes arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0177 (WebMaster ConferenceRoom 1.8.1 allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0178 (kdesu program in KDE2 (KDE before 2.2.0-6) does not properly verify ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0179 (Allaire JRun 3.0 allows remote attackers to list contents of the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0180 (Lars Ellingsen guestserver.cgi allows remote attackers to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0181 (Format string vulnerability in the error logging code of DHCP server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0182 (FireWall-1 4.1 with a limited-IP license allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0183 (ipfw and ip6fw in FreeBSD 4.2 and earlier allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0184 (eEye Iris 1.01 beta allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0185 (Netopia R9100 router version 4.6 allows authenticated users to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0186 (Directory traversal vulnerability in Free Java Web Server 1.0 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0187 (Format string vulnerability in wu-ftp 2.6.1 and earlier, when running ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0188 (GoodTech FTP server 3.0.1.2.1.0 and earlier allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0189 (Directory traversal vulnerability in LocalWEB2000 HTTP server allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0190 (Buffer overflow in /usr/bin/cu in Solaris 2.8 and earlier, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0191 (gnuserv before 3.12, as shipped with XEmacs, does not properly check ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0192 (Buffer overflows in CTRLServer in XMail allows attackers to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0193 (Format string vulnerability in man in some Linux distributions allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0194 (Buffer overflow in httpGets function in CUPS 1.1.5 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0195 (sash before 3.4-4 in Debian GNU/Linux does not properly clone ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0196 (inetd ident server in FreeBSD 4.x and earlier does not properly set ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0197 (Format string vulnerability in print_client in icecast 1.3.8beta2 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0198 (Buffer overflow in QuickTime Player plugin 4.1.2 (Japanese) allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0199 (Directory traversal vulnerability in SEDUM HTTP Server 2.0 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0200 (HSWeb 2.0 HTTP server allows remote attackers to obtain the physical ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0201 (The Postaci frontend for PostgreSQL does not properly filter ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0202 (Picserver web server allows remote attackers to read arbitrary files ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0203 (Watchguard Firebox II firewall allows users with read-only access to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0204 (Watchguard Firebox II allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0205 (Directory traversal vulnerability in AOLserver 3.2 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0206 (Directory traversal vulnerability in Soft Lite ServerWorx 3.00 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0207 (Buffer overflow in bing allows remote attackers to execute arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0208 (MicroFocus Cobol 4.1, with the AppTrack feature enabled, installs the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0209 (Buffer overflow in Shoutcast Distributed Network Audio Server (DNAS) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0210 (Directory traversal vulnerability in commerce.cgi CGI program allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0211 (Directory traversal vulnerability in WebSPIRS 3.1 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0212 (Directory traversal vulnerability in HIS Auktion 1.62 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0213 (Buffer overflow in pi program in PlanetIntra 2.5 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0214 (Way-board CGI program allows remote attackers to read arbitrary files ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0215 (ROADS search.pl program allows remote attackers to read arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0216 (PALS Library System pals-cgi program allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0217 (Directory traversal vulnerability in PALS Library System pals-cgi ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0218 (Format string vulnerability in mars_nwe 0.99.pl19 allows remote attackers to execute arbitrary commands. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0219 (Vulnerability in Support Tools Manager (xstm,cstm,stm) in HP-UX 11.11 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0220 (Buffer overflow in ja-elvis and ko-helvis ports of elvis allow local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0221 (Buffer overflow in ja-xklock 2.7.1 and earlier allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0222 (webmin 0.84 and earlier allows local users to overwrite and create ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0223 (Buffer overflow in wwwwais allows remote attackers to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0224 (Muscat Empower CGI program allows remote attackers to obtain the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0225 (fortran math component in Infobot 0.44.5.3 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0226 (Directory traversal vulnerability in BiblioWeb web server 2.0 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0227 (Buffer overflow in BiblioWeb web server 2.0 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0228 (Directory traversal vulnerability in GoAhead web server 2.1 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0229 (Chili!Soft ASP for Linux before 3.6 does not properly set group ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0230 (Buffer overflow in dc20ctrl before 0.4_1 in FreeBSD, and possibly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0231 (Directory traversal vulnerability in newsdesk.cgi in News Desk 1.2 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0232 (newsdesk.cgi in News Desk 1.2 allows remote attackers to read ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0233 (Buffer overflow in micq client 0.4.6 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0234 (NewsDaemon before 0.21b allows remote attackers to execute arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0235 (Vulnerability in crontab allows local users to read crontab files of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0236 (Buffer overflow in Solaris snmpXdmid SNMP to DMI mapper daemon allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0237 (Memory leak in Microsoft 2000 domain controller allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0238 (Microsoft Data Access Component Internet Publishing Provider ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0239 (Microsoft Internet Security and Acceleration (ISA) Server 2000 Web ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0240 (Microsoft Word before Word 2002 allows attackers to automatically ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0241 (Buffer overflow in Internet Printing ISAPI extension in Windows 2000 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0242 (Buffer overflows in Microsoft Windows Media Player 7 and earlier allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0243 (Windows Media Player 7 and earlier stores Internet shortcuts in a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0244 (Buffer overflow in Microsoft Index Server 2.0 allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0245 (Microsoft Index Server 2.0 in Windows NT 4.0, and Indexing Service in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0246 (Internet Explorer 5.5 and earlier does not properly verify the domain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0247 (Buffer overflows in BSD-based FTP servers allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0248 (Buffer overflow in FTP server in HPUX 11 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0249 (Heap overflow in FTP daemon in Solaris 8 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0250 (The Web Publishing feature in Netscape Enterprise Server 4.x and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0251 (The Web Publishing feature in Netscape Enterprise Server 3.x allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0252 (iPlanet (formerly Netscape) Enterprise Server 4.1 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0253 (Directory traversal vulnerability in hsx.cgi program in iWeb Hyperseek ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0254 (FaSTream FTP++ Server 2.0 allows remote attackers to obtain the real ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0255 (FaSTream FTP++ Server 2.0 allows remote attackers to list arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0256 (FaSTream FTP++ Server 2.0 allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0257 (Buffer overflow in Easycom/Safecom Print Server Web service, version ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0258 (The Easycom/Safecom Print Server (firmware 404.590) PrintGuide server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0259 (ssh-keygen in ssh 1.2.27 - 1.2.30 with Secure-RPC can allow local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0260 (Buffer overflow in Lotus Domino Mail Server 5.0.5 and earlier allows a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0261 (Microsoft Windows 2000 Encrypted File System does not properly destroy ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0262 (Buffer overflow in Netscape SmartDownload 1.3 allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0263 (Gene6 G6 FTP Server 2.0 (aka BPFTP Server 2.10) allows attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0264 (Gene6 G6 FTP Server 2.0 (aka BPFTP Server 2.10) allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0265 (ASCII Armor parser in Windows PGP 7.0.3 and earlier allows attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0266 (Vulnerability in Software Distributor SD-UX in HP-UX 11.0 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0267 (NM debug in HP MPE/iX 6.5 and earlier does not properly handle ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0268 (The i386_set_ldt system call in NetBSD 1.5 and earlier, and OpenBSD ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0269 (pam_ldap authentication module in Solaris 8 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0270 (Marconi ASX-1000 ASX switches allow remote attackers to cause a denial ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0271 (mailnews.cgi 1.3 and earlier allows remote attackers to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0272 (Directory traversal vulnerability in sendtemp.pl in W3.org Anaya Web ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0273 (pgp4pine Pine/PGP interface version 1.75-6 does not properly check to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0274 (kicq IRC client 1.0.0, and possibly later versions, allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0275 (Moby Netsuite Web Server 1.02 allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0276 (ext.dll in BadBlue 1.02.07 Personal Edition web server allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0277 (Buffer overflow in ext.dll in BadBlue 1.02.07 Personal Edition allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0278 (Vulnerability in linkeditor in HP MPE/iX 6.5 and earlier allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0279 (Buffer overflow in sudo earlier than 1.6.3p6 allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0280 (Buffer overflow in MERCUR SMTP server 3.30 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0281 (Format string vulnerability in DbgPrint function, used in debug ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0282 (SEDUM 2.1 HTTP server allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0283 (Directory traversal vulnerability in SunFTP build 9 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0284 (Buffer overflow in IPSEC authentication mechanism for OpenBSD 2.8 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0285 (Buffer overflow in A1 HTTP server 1.0a allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0286 (Directory traversal vulnerability in A1 HTTP server 1.0a allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0287 (VERITAS Cluster Server (VCS) 1.3.0 on Solaris allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0288 (Cisco switches and routers running IOS 12.1 and earlier produce ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0289 (Joe text editor 2.8 searches the current working directory (CWD) for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0290 (Vulnerability in Mailman 2.0.1 and earlier allows list administrators ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0291 (Buffer overflow in post-query sample CGI program allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0292 (PHP-Nuke 4.4.1a allows remote attackers to modify a user's email ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0293 (Directory traversal vulnerability in FtpXQ FTP server 2.0.93 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0294 (Directory traversal vulnerability in TYPSoft FTP Server 0.85 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0295 (Directory traversal vulnerability in War FTP 1.67.04 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0296 (Buffer overflow in WFTPD Pro 3.00 allows remote attackers to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0297 (Directory traversal vulnerability in Simple Server HTTPd 1.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0298 (Buffer overflow in WebReflex 1.55 HTTPd allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0299 (Buffer overflow in Voyager web administration server for Nokia IP440 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0300 (oidldapd 2.1.1.1 in Oracle 8.1.7 records log files in a directory ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0301 (Buffer overflow in Analog before 4.16 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0302 (Buffer overflow in tstisapi.dll in Pi3Web 1.0.1 web server allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0303 (tstisapi.dll in Pi3Web 1.0.1 web server allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0304 (Directory traversal vulnerability in Caucho Resin 1.2.2 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0305 (Directory traversal vulnerability in store.cgi in Thinking Arts ES.One ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0306 (Directory traversal vulnerability in ITAfrica WEBactive HTTP Server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0307 (Bajie HTTP JServer 0.78, and other versions before 0.80, allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0308 (UploadServlet in Bajie HTTP JServer 0.78, and possibly other versions ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0309 (inetd in Red Hat 6.2 does not properly close sockets for internal ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0310 (sort in FreeBSD 4.1.1 and earlier, and possibly other operating ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0311 (Vulnerability in OmniBackII A.03.50 in HP 11.x and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0312 (IBM WebSphere plugin for Netscape Enterprise server allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0313 (Borderware Firewall Server 6.1.2 allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0314 (Buffer overflow in www.tol module in America Online (AOL) 5.0 may ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0315 (The locking feature in mIRC 5.7 allows local users to bypass the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0316 (Linux kernel 2.4 and 2.2 allows local users to read kernel memory and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0317 (Race condition in ptrace in Linux kernel 2.4 and 2.2 allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0318 (Format string vulnerability in ProFTPD 1.2.0rc2 may allow attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0319 (orderdspc.d2w macro in IBM Net.Commerce 3.x allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0320 (bb_smilies.php and bbcode_ref.php in PHP-Nuke 4.4 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0321 (opendir.php script in PHP-Nuke allows remote attackers to read ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0322 (MSHTML.DLL HTML parser in Internet Explorer 4.0, and other versions, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0323 (The ICMP path MTU (PMTU) discovery feature in various UNIX systems ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0324 (Windows 98 and Windows 2000 Java clients allow remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0325 (Buffer overflow in QNX RTP 5.60 allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0326 (Oracle Java Virtual Machine (JVM ) for Oracle 8.1.7 and Oracle ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0327 (iPlanet Web Server Enterprise Edition 4.1 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0328 (TCP implementations that use random increments for initial sequence ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0329 (Bugzilla 2.10 allows remote attackers to execute arbitrary commands ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0330 (Bugzilla 2.10 allows remote attackers to access sensitive information, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0331 (Buffer overflow in Embedded Support Partner (ESP) daemon (rpc.espd) in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0332 (Internet Explorer 5.5 and earlier does not properly verify the domain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0333 (Directory traversal vulnerability in IIS 5.0 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0334 (FTP service in IIS 5.0 and earlier allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0335 (FTP service in IIS 5.0 and earlier allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0336 (The Microsoft MS00-060 patch for IIS 5.0 and earlier introduces an ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0337 (The Microsoft MS01-014 and MS01-016 patches for IIS 5.0 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0338 (Internet Explorer 5.5 and earlier does not properly validate digital ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0339 (Internet Explorer 5.5 and earlier allows remote attackers to display a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0340 (An interaction between the Outlook Web Access (OWA) service in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0341 (Buffer overflow in Microsoft Visual Studio RAD Support sub-component ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0342 RESERVED CVE-2001-0343 RESERVED CVE-2001-0344 (An SQL query method in Microsoft SQL Server 2000 Gold and 7.0 using ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0345 (Microsoft Windows 2000 telnet service allows attackers to prevent idle ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0346 (Handle leak in Microsoft Windows 2000 telnet service allows attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0347 (Information disclosure vulnerability in Microsoft Windows 2000 telnet ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0348 (Microsoft Windows 2000 telnet service allows attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0349 (Microsoft Windows 2000 telnet service creates named pipes with ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0350 (Microsoft Windows 2000 telnet service creates named pipes with ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0351 (Microsoft Windows 2000 telnet service allows a local user to make a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0352 (SNMP agents in 3Com AirConnect AP-4111 and Symbol 41X1 Access Point ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0353 (Buffer overflow in the line printer daemon (in.lpd) for Solaris 8 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0354 (TheNet CheckBO 1.56 allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0355 (Novell Groupwise 5.5 (sp1 and sp2) allows a remote user to access ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0357 (FormMail.pl in FormMail 1.6 and earlier allows a remote attacker to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0358 (Buffer overflows in Sierra Half-Life build 1573 and earlier allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0359 (Format string vulnerability in Sierra Half-Life build 1573 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0360 (Directory traversal vulnerability in help.cgi in Ikonboard 2.1.7b and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0361 (Implementations of SSH version 1.5, including (1) OpenSSH up to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0364 (SSH Communications Security sshd 2.4 for Windows allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0365 (Eudora before 5.1 allows a remote attacker to execute arbitrary code, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0366 (saposcol in SAP R/3 Web Application Server Demo before 1.5 trusts the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0367 (Mirabilis ICQ WebFront Plug-in ICQ2000b Build 3278 allows a remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0368 (Directory traversal vulnerability in BearShare 2.2.2 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0369 (Buffer overflow in lpsched on DGUX version R4.20MU06 and MU02 allows a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0370 (fcheck prior to 2.57.59 calls the file signature checking program ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0371 (Race condition in the UFS and EXT2FS file systems in FreeBSD 4.2 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0372 (Akopia Interchange 4.5.3 through 4.6.3 installs demo stores with a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0373 (The default configuration of the Dr. Watson program in Windows NT and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0374 (The HTTP server in Compaq web-enabled management software for (1) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0375 (Cisco PIX Firewall 515 and 520 with 5.1.4 OS running aaa ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0376 (SonicWALL Tele2 and SOHO firewalls with 6.0.0.0 firmware using IPSEC ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0377 (Infradig Inframail prior to 3.98a allows a remote attacker to create a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0378 (readline prior to 4.1, in OpenBSD 2.8 and earlier, creates history ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0379 (Vulnerability in the newgrp program included with HP9000 servers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0380 (Crosscom/Olicom XLT-F running XL 80 IM Version 5.5 Build Level 2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0381 (The OpenPGP PGP standard allows an attacker to determine the private ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0382 (Computer Associates CCC\Harvest 5.0 for Windows NT/2000 uses weak ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0383 (banners.php in PHP-Nuke 4.4 and earlier allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0384 (ppd in Reliant Sinix allows local users to corrupt arbitrary files via ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0385 (GoAhead webserver 2.1 allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0386 (AnalogX SimpleServer:WWW 1.08 allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0387 (Format string vulnerability in hfaxd in HylaFAX before 4.1.b2_2 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0388 (time server daemon timed allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0389 (IBM Websphere/NetCommerce3 3.1.2 allows remote attackers to determine ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0390 (IBM Websphere/NetCommerce3 3.1.2 allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0391 (Xitami 2.5d4 and earlier allows remote attackers to crash the server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0392 (Navision Financials Server 2.60 and earlier allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0393 (Navision Financials Server 2.0 allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0394 (Remote manager service in Website Pro 3.0.37 allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0395 (Lightwave ConsoleServer 3200 does not disconnect users after ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0396 (The pre-login mode in the System Administrator interface of Lightwave ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0397 (Buffer overflow in Silent Runner Collector (SRC) 1.6.1 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0398 (The BAT! mail client allows remote attackers to bypass user warnings ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0399 (Caucho Resin 1.3b1 and earlier allows remote attackers to read source ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0400 (nph-maillist.pl allows remote attackers to execute arbitrary commands ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0401 (Buffer overflow in tip in Solaris 8 and earlier allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0402 (IPFilter 3.4.16 and earlier does not include sufficient session ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0403 (/opt/JSparm/bin/perfmon program in Solaris allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0404 (Directory traversal vulnerability in JavaServer Web Dev Kit (JSWDK) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0405 (ip_conntrack_ftp in the IPTables firewall for Linux 2.4 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0406 (Samba before 2.2.0 allows local attackers to overwrite arbitrary files ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0407 (Directory traversal vulnerability in MySQL before 3.23.36 allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0408 (vim (aka gvim) processes VIM control codes that are embedded in a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0409 (vim (aka gvim) allows local users to modify files being edited by ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0410 (Buffer overflow in Trend Micro Virus Buster 2001 8.02 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0411 (Reliant Unix 5.44 and earlier allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0412 (Cisco Content Services (CSS) switch products 11800 and earlier, aka ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0413 (BinTec X4000 Access router, and possibly other versions, allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0414 (Buffer overflow in ntpd ntp daemon 4.0.99k and earlier (aka xntpd and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0415 (REDIPlus program, REDI.exe, stores passwords and user names in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0416 (sgml-tools (aka sgmltools) before 1.0.9-15 creates temporary files ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0417 (Kerberos 4 (aka krb4) allows local users to overwrite arbitrary files ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0418 (content.pl script in NCM Content Management System allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0419 (Buffer overflow in shared library ndwfn4.so for iPlanet Web Server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0420 (Directory traversal vulnerability in talkback.cgi program allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0421 (FTP server in Solaris 8 and earlier allows local and remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0422 (Buffer overflow in Xsun in Solaris 8 and earlier allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0423 (Buffer overflow in ipcs in Solaris 7 x86 allows local users to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0424 (BubbleMon 1.31 does not properly drop group privileges before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0425 (AdLibrary.pm in AdCycle 0.78b allows remote attackers to gain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0426 (Buffer overflow in dtsession on Solaris, and possibly other operating ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0427 (Cisco VPN 3000 series concentrators before 2.5.2(F) allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0428 (Cisco VPN 3000 series concentrators before 2.5.2(F) allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0429 (Cisco Catalyst 5000 series switches 6.1(2) and earlier will forward an ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0430 (Vulnerability in exuberant-ctags before 3.2.4-0.1 insecurely creates ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0431 (Vulnerability in iPlanet Web Server Enterprise Edition 4.x. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0432 (Buffer overflows in various CGI programs in the remote administration ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0433 (Buffer overflow in Savant 3.0 web server allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0434 (The LogDataListToFile ActiveX function used in (1) Knowledge Center ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0435 (The split key mechanism used by PGP 7.0 allows a key share holder to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0436 (dcboard.cgi in DCForum 2000 1.0 allows remote attackers to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0437 (upload_file.pl in DCForum 2000 1.0 allows remote attackers to upload ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0438 (Preview version of Timbuktu for Mac OS X allows local users to modify ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0439 (licq before 1.0.3 allows remote attackers to execute arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0440 (Buffer overflow in logging functions of licq before 1.0.3 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0441 (Buffer overflow in (1) wrapping and (2) unwrapping functions of slrn ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0442 (Buffer overflow in Mercury MTA POP3 server for NetWare 1.48 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0443 (Buffer overflow in QPC QVT/Net Popd 4.20 in QVT/Net 5.0 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0444 (Cisco CBOS 2.3.0.053 sends output of the "sh nat" (aka "show nat") ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0446 (IBM WCS (WebSphere Commerce Suite) 4.0.1 with Application Server 3.0.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0447 (Web configuration server in 602Pro LAN SUITE allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0448 (Web configuration server in 602Pro LAN SUITE allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0449 (Buffer overflow in WinZip 8.0 allows attackers to execute arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0450 (Directory traversal vulnerability in Transsoft FTP Broker before 5.5 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0451 (INDEXU 2.0 beta and earlier allows remote attackers to bypass ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0452 (BRS WebWeaver FTP server before 0.64 Beta allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0453 (Directory traversal vulnerability in BRS WebWeaver HTTP server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0454 (Directory traversal vulnerability in SlimServe HTTPd 1.1a allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0455 (Cisco Aironet 340 Series wireless bridge before 8.55 does not properly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0456 (postinst installation script for Proftpd in Debian 2.2 does not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0457 (man2html before 1.5-22 allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0458 (Multiple buffer overflows in ePerl before 2.2.14-0.7 allow local and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0459 (Buffer overflows in ascdc Afterstep while running setuid allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0460 (Websweeper 4.0 does not limit the length of certain HTTP headers, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0461 (template.cgi in Free On-Line Dictionary of Computing (FOLDOC) allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0462 (Directory traversal vulnerability in Perl web server 0.3 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0463 (Directory traversal vulnerability in cal_make.pl in PerlCal allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0464 (Buffer overflow in websync.exe in Cyberscheduler allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0465 (TurboTax saves passwords in a temporary file when a user imports ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0466 (Directory traversal vulnerability in ustorekeeper 1.61 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0467 (Directory traversal vulnerability in RobTex Viking Web server before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0468 (Buffer overflow in FTPFS allows local users to gain root privileges ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0469 (rwho daemon rwhod in FreeBSD 4.2 and earlier, and possibly other ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0470 (Buffer overflow in SNMP proxy agent snmpd in Solaris 8 may allow local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0471 (SSH daemon version 1 (aka SSHD-1 or SSH-1) 1.2.30 and earlier does not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0472 (Hursley Software Laboratories Consumer Transaction Framework (HSLCTF) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0473 (Format string vulnerability in Mutt before 1.2.5 allows a remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0474 (Utah-glx in Mesa before 3.3-14 on Mandrake Linux 7.2 allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0475 (index.php in Jelsoft vBulletin does not properly initialize a PHP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0476 (Multiple buffer overflows in s.cgi program in Aspseek search engine ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0477 (Vulnerability in WebCalendar 0.9.26 allows remote command execution. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0478 (Directory traversal vulnerability in phpMyAdmin 2.2.0 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0479 (Directory traversal vulnerability in phpPgAdmin 2.2.1 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0480 (Directory traversal vulnerability in Alex's FTP Server 0.7 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0481 (Vulnerability in rpmdrake in Mandrake Linux 8.0 related to insecure ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0482 (Configuration error in Argus PitBull LX allows root users to bypass ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0483 (Configuration error in Axent Raptor Firewall 6.5 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0484 (Tektronix PhaserLink 850 does not require authentication for access to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0485 (Unknown vulnerability in netprint in IRIX 6.2, and possibly other ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0486 (Remote attackers can cause a denial of service in Novell BorderManager ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0487 (AIX SNMP server snmpd allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0488 (pcltotiff in HP-UX 10.x has unnecessary set group id permissions, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0489 (Format string vulnerability in gftp prior to 2.0.8 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0490 (Buffer overflow in WINAMP 2.6x and 2.7x allows attackers to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0491 (Directory traversal vulnerability in RaidenFTPD Server 2.1 before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0492 (Netcruiser Web server version 0.1.2.8 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0493 (Small HTTP server 2.03 allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0494 (Buffer overflow in IPSwitch IMail SMTP server 6.06 and possibly prior ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0495 (Directory traversal in DataWizard WebXQ server 1.204 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0496 (kdesu in kdelibs package creates world readable temporary files ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0497 (dnskeygen in BIND 8.2.4 and earlier, and dnssec-keygen in BIND 9.1.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0498 (Transparent Network Substrate (TNS) over Net8 (SQLNet) in Oracle 8i ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0499 (Buffer overflow in Transparent Network Substrate (TNS) Listener in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0500 (Buffer overflow in ISAPI extension (idq.dll) in Index Server 2.0 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0501 (Microsoft Word 2002 and earlier allows attackers to automatically ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0502 (Running Windows 2000 LDAP Server over SSL, a function does not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0503 (Microsoft NetMeeting 3.01 with Remote Desktop Sharing enabled allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0504 (Vulnerability in authentication process for SMTP service in Microsoft ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0505 (Multiple memory leaks in Microsoft Services for Unix 2.0 allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0506 (Buffer overflow in ssinc.dll in IIS 5.0 and 4.0 allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0507 (IIS 5.0 uses relative paths to find system files that will run ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0508 (Vulnerability in IIS 5.0 allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0509 (Vulnerabilities in RPC servers in (1) Microsoft Exchange Server 2000 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0513 (Oracle listener process on Windows NT redirects connection requests to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0514 (SNMP service in Atmel 802.11b VNET-B Access Point 1.3 and earlier, as ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0515 (Oracle Listener in Oracle 7.3 and 8i allows remote attackers to cause ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0516 (Oracle listener between Oracle 9i and Oracle 8.0 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0517 (Oracle listener in Oracle 8i on Solaris allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0518 (Oracle listener before Oracle 9i allows attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0519 (Aladdin eSafe Gateway versions 2.x allows a remote attacker to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0520 (Aladdin eSafe Gateway versions 3.0 and earlier allows a remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0521 (Aladdin eSafe Gateway versions 3.0 and earlier allows a remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0522 (Format string vulnerability in Gnu Privacy Guard (aka GnuPG or gpg) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0523 (eEye SecureIIS versions 1.0.3 and earlier allows a remote attacker to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0524 (eEye SecureIIS versions 1.0.3 and earlier does not perform length ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0525 (Buffer overflow in dsh in dqs 3.2.7 in SuSE Linux 7.0 and earlier, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0526 (Buffer overflow in the Xview library as used by mailtool in Solaris 8 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0527 (DCScripts DCForum versions 2000 and earlier allow a remote attacker to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0528 (Oracle E-Business Suite Release 11i Applications Desktop Integrator ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0529 (OpenSSH version 2.9 and earlier, with X forwarding enabled, allows a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0530 (Spearhead NetGAP 200 and 300 before build 78 allow a remote attacker ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0531 RESERVED CVE-2001-0532 RESERVED CVE-2001-0533 (Buffer overflow in libi18n library in IBM AIX 5.1 and 4.3.x allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0534 (Multiple buffer overflows in RADIUS daemon radiusd in (1) Merit 3.6b ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0535 (Example applications (Exampleapps) in ColdFusion Server 4.x do not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0537 (HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to bypass ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0538 (Microsoft Outlook View ActiveX Control in Microsoft Outlook 2002 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0539 RESERVED CVE-2001-0540 (Memory leak in Terminal servers in Windows NT and Windows 2000 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0541 (Buffer overflow in Microsoft Windows Media Player 7.1 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0542 (Buffer overflows in Microsoft SQL Server 7.0 and 2000 allow attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0543 (Memory leak in NNTP service in Windows NT 4.0 and Windows 2000 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0544 (IIS 5.0 allows local users to cause a denial of service (hang) via by ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0545 (IIS 4.0 with URL redirection enabled allows remote attackers to cause ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0546 (Memory leak in H.323 Gatekeeper Service in Microsoft Internet Security ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0547 (Memory leak in the proxy service in Microsoft Internet Security and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0548 (Buffer overflow in dtmail in Solaris 2.6 and 7 allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0549 (Symantec LiveUpdate 1.5 stores proxy passwords in cleartext in a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0550 (wu-ftpd 2.6.1 allows remote attackers to execute arbitrary commands ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0551 (Buffer overflow in CDE Print Viewer (dtprintinfo) allows local users ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0552 (ovactiond in HP OpenView Network Node Manager (NNM) 6.1 and Tivoli ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0553 (SSH Secure Shell 3.0.0 on Unix systems does not properly perform ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0554 (Buffer overflow in BSD-based telnetd telnet daemon on various ...) BUG: 64632 CVE-2001-0555 (ScreamingMedia SITEWare versions 2.5 through 3.1 allows a remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0556 (The Nirvana Editor (NEdit) 5.1.1 and earlier allows a local attacker ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0557 (T. Hauck Jana Webserver 1.46 and earlier allows a remote attacker to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0558 (T. Hauck Jana Webserver 2.01 beta 1 and earlier allows a remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0559 (crontab in Vixie cron 3.0.1 and earlier does not properly drop ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0560 (Buffer overflow in Vixie cron 3.0.1-56 and earlier could allow a local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0561 (Directory traversal vulnerability in Drummond Miles A1Stats prior to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0562 (a1disp.cgi program in Drummond Miles A1Stats prior to 1.6 allows a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0563 (ElectroSystems Engineering Inc. ElectroComm 2.0 and earlier allows a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0564 (APC Web/SNMP Management Card prior to Firmware 310 only supports one ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0565 (Buffer overflow in mailx in Solaris 8 and earlier allows a local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0566 (Cisco Catalyst 2900XL switch allows a remote attacker to create a denial ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0567 (Digital Creations Zope 2.3.2 and earlier allows a local attacker ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0568 (Digital Creations Zope 2.3.1 b1 and earlier allows a local attacker ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0569 (Digital Creations Zope 2.3.1 b1 and earlier contains a problem in the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0570 (minicom 1.83.1 and earlier allows a local attacker to gain additional ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0571 (Directory traversal vulnerability in the web server for (1) Elron ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0572 (The SSH protocols 1 and 2 (aka SSH-2) as implemented in OpenSSH and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0573 (lsfs in AIX 4.x allows a local user to gain additional privileges by ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0574 (Directory traversal vulnerability in MP3Mystic prior to 1.04b3 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0575 (Buffer overflow in lpshut in SCO OpenServer 5.0.6 can allow a local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0576 (lpusers as included with SCO OpenServer 5.0 through 5.0.6 allows a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0577 (recon in SCO OpenServer 5.0 through 5.0.6 can allow a local attacker ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0578 (Buffer overflow in lpforms in SCO OpenServer 5.0-5.0.6 can allow a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0579 (lpadmin in SCO OpenServer 5.0.6 can allow a local attacker to gain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0580 (Hughes Technologies Virtual DNS (VDNS) Server 1.0 allows a remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0581 (Spytech Spynet Chat Server 6.5 allows a remote attacker to create a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0582 (Ben Spink CrushFTP FTP Server 2.1.6 and earlier allows a local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0583 (Alt-N Technologies MDaemon 3.5.4 allows a remote attacker to create a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0584 (IMAP server in Alt-N Technologies MDaemon 3.5.6 allows a local user to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0585 (Gordano NTMail 6.0.3c allows a remote attacker to create a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0586 (TrendMicro ScanMail for Exchange 3.5 Evaluation allows a local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0587 (deliver program in MMDF 2.43.3b in SCO OpenServer 5.0.6 can allow a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0588 (sendmail 8.9.3, as included with the MMDF 2.43.3b package in SCO ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0589 (NetScreen ScreenOS prior to 2.5r6 on the NetScreen-10 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0590 (Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0591 (Directory traversal vulnerability in Oracle JSP 1.0.x through 1.1.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0592 (Watchguard Firebox II prior to 4.6 allows a remote attacker to create ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0593 (Ananconda Partners Clipper 3.3 and earlier allows a remote attacker to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0594 (kcms_configure as included with Solaris 7 and 8 allows a local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0595 (Buffer overflow in the kcsSUNWIOsolf.so library in Solaris 7 and 8 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0596 (Netscape Communicator before 4.77 allows remote attackers to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0597 (Zetetic Secure Tool for Recalling Important Passwords (STRIP) 0.5 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0598 (Symantec Ghost 6.5 and earlier allows a remote attacker to create a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0599 (Sybase Adaptive Server Anywhere Database Engine 6.0.3.2747 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0600 (Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0601 (Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0602 (Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0603 (Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0604 (Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0605 (Headlight Software MyGetright prior to 1.0b allows a remote attacker ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0606 (Vulnerability in iPlanet Web Server 4.X in HP-UX 11.04 (VVOS) with ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0607 (asecure as included with HP-UX 10.01 through 11.00 can allow a local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0608 (HP architected interface facility (AIF) as includes with MPE/iX 5.5 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0609 (Format string vulnerability in Infodrom cfingerd 1.4.3 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0610 (kfm as included with KDE 1.x can allow a local attacker to gain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0611 (Becky! 2.00.05 and earlier can allow a remote attacker to gain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0612 (McAfee Remote Desktop 3.0 and earlier allows remote attackers to cause ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0613 (Omnicron Technologies OmniHTTPD Professional 2.08 and earlier allows a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0614 (Carello E-Commerce 1.2.1 and earlier allows a remote attacker to gain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0615 (Directory traversal vulnerability in Faust Informatics Freestyle Chat ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0616 (Faust Informatics Freestyle Chat server prior to 4.1 SR3 allows a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0617 (Allied Telesyn AT-AR220e cable/DSL router firmware 1.08a RC14 with the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0618 (Orinoco RG-1000 wireless Residential Gateway uses the last 5 digits of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0619 (The Lucent Closed Network protocol can allow remote attackers to join ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0620 (iPlanet Calendar Server 5.0p2 and earlier allows a local attacker to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0621 (The FTP server on Cisco Content Service 11000 series switches (CSS) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0622 (The web management service on Cisco Content Service series 11000 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0623 (sendfiled, as included with Simple Asynchronous File Transfer (SAFT), ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0624 (QNX 2.4 allows a local user to read arbitrary files by directly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0625 (ftpdownload in Computer Associates InoculateIT 6.0 allows a local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0626 (O'Reilly Website Professional 2.5.4 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0627 (vi as included with SCO OpenServer 5.0 - 5.0.6 allows a local attacker ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0628 (Microsoft Word 2000 does not check AutoRecovery (.asd) files for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0629 (HP Event Correlation Service (ecsd) as included with OpenView Network Node ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0630 (Directory traversal vulnerability in MIMAnet viewsrc.cgi 2.0 allows a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0631 (Centrinity First Class Internet Services 5.50 allows for the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0632 (Sun Chili!Soft 3.5.2 on Linux and 3.6 on AIX creates a default admin ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0633 (Directory traversal vulnerability in Sun Chili!Soft ASP on multiple ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0634 (Sun Chili!Soft ASP has weak permissions on various configuration ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0635 (Red Hat Linux 7.1 sets insecure permissions on swap files created ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0636 (Buffer overflows in Raytheon SilentRunner allow remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0641 (Buffer overflow in man program in various distributions of Linux ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0642 (Directory traversal vulnerability in IncrediMail version 1400185 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0643 (Internet Explorer 5.5 does not display the Class ID (CLSID) when it is ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0644 (Maxum Rumpus FTP Server 1.3.3 and 2.0.3 dev 3 stores passwords in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0645 (Symantec/AXENT NetProwler 3.5.x contains several default passwords, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0646 (Maxum Rumpus FTP Server 1.3.3 and 2.0.3 dev 3 allows a remote attacker ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0647 (Orange Web Server 2.1, based on GoAhead, allows a remote attacker to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0648 (Directory traversal vulnerability in PHProjekt 2.1 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0649 (Personal Web Sharing 1.5.5 allows a remote attacker to cause a denial ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0650 (Cisco devices IOS 12.0 and earlier allow a remote attacker to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0652 (Heap overflow in xlock in Solaris 2.6 through 8 allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0653 (Sendmail 8.10.0 through 8.11.5, and 8.12.0 beta, allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0654 RESERVED CVE-2001-0655 RESERVED CVE-2001-0656 RESERVED CVE-2001-0657 RESERVED CVE-2001-0658 (Cross-site scripting (CSS) vulnerability in Microsoft Internet ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0659 (Buffer overflow in IrDA driver providing infrared data exchange on ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0660 (Outlook Web Access (OWA) in Microsoft Exchange 5.5, SP4 and earlier, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0661 RESERVED CVE-2001-0662 (RPC endpoint mapper in Windows NT 4.0 allows remote attackers to cause ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0663 (Terminal Server in Windows NT and Windows 2000 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0664 (Internet Explorer 5.5 and 5.01 allows remote attackers to bypass ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0665 (Internet Explorer 6 and earlier allows remote attackers to cause ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0666 (Outlook Web Access (OWA) in Microsoft Exchange 2000 allows an ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0667 (Internet Explorer 6 and earlier, when used with the Telnet client in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0668 (Buffer overflow in line printer daemon (rlpdaemon) in HP-UX 10.01 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0669 (Various Intrusion Detection Systems (IDS) including (1) Cisco Secure ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0670 (Buffer overflow in BSD line printer daemon (in.lpd or lpd) in various ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0671 (Buffer overflows in (1) send_status, (2) kill_print, and (3) chk_fhost ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0672 RESERVED CVE-2001-0673 RESERVED CVE-2001-0674 (Directory traversal vulnerability in RobTex Viking Web server before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0675 (Rit Research Labs The Bat! 1.51 for Windows allows a remote attacker ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0676 (Directory traversal vulnerability in Rit Research Labs The Bat! 1.48f ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0677 (Eudora 5.0.2 allows a remote attacker to read arbitrary files via an ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0678 (A buffer overflow in reggo.dll file used by Trend Micro InterScan ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0679 (A buffer overflow in InterScan VirusWall 3.23 and 3.3 allows a remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0680 (Directory traversal vulnerability in ftpd in QPC QVT/Net 4.0 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0681 (Buffer overflow in ftpd in QPC QVT/Net 5.0 and QVT/Term 5.0 allows a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0682 (ZoneAlarm and ZoneAlarm Pro allows a local attacker to cause a denial ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0683 (Memory leak in Netscape Collabra Server 3.5.4 and earlier allows a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0684 (Netscape Collabra Server 3.5.4 and earlier allows a remote attacker to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0685 (Thibault Godouet FCron prior to 1.1.1 allows a local user to corrupt ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0686 (Buffer overflow in mail included with SunOS 5.8 for x86 allows a local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0687 (Broker FTP server 5.9.5 for Windows NT and 9x allows a remote attacker ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0688 (Broker FTP Server 5.9.5.0 allows a remote attacker to cause a denial ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0689 (Vulnerability in TrendMicro Virus Control System 1.8 allows a remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0690 (Format string vulnerability in exim (3.22-10 in Red Hat, 3.12 in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0691 (Buffer overflows in Washington University imapd 2000a through 2000c ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0692 (SMTP proxy in WatchGuard Firebox (2500 and 4500) 4.5 and 4.6 allows a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0693 (WebTrends HTTP Server 3.1c and 3.5 allows a remote attacker to view ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0694 (Directory traversal vulnerability in WFTPD 3.00 R5 allows a remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0695 (WFTPD 3.00 R5 allows a remote attacker to cause a denial of service by ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0696 (NetWin SurgeFTP 2.0a and 1.0b allows a remote attacker to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0697 (NetWin SurgeFTP prior to 1.1h allows a remote attacker to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0698 (Directory traversal vulnerability in NetWin SurgeFTP 2.0a and 1.0b ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0699 (Buffer overflow in cb_reset in the System Service Processor (SSP) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0700 (Buffer overflow in w3m 0.2.1 and earlier allows a remote attacker to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0701 (Buffer overflow in ptexec in the Sun Validation Test Suite 4.3 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0702 (Cerberus FTP 1.5 and earlier allows remote attackers to cause a denial ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0703 (tradecli.dll in Arcadia Internet Store 1.0 allows a remote attacker to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0704 (tradecli.dll in Arcadia Internet Store 1.0 allows a remote attacker to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0705 (Directory traversal vulnerability in tradecli.dll in Arcadia Internet ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0706 (Maximum Rumpus FTP Server 2.0.3 dev and before allows an attacker to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0707 (Denicomp RSHD 2.18 and earlier allows a remote attacker to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0708 (Denicomp REXECD 1.05 and earlier allows a remote attacker to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0709 (Microsoft IIS 4.0 and before, when installed on a FAT partition, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0710 (NetBSD 1.5 and earlier and FreeBSD 4.3 and earlier allows a remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0711 (Cisco IOS 11.x and 12.0 with ATM support allows attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0712 (The rendering engine in Internet Explorer determines the MIME type ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0713 (Sendmail before 8.12.1 does not properly drop privileges when the -C ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0714 (Sendmail before 8.12.1, without the RestrictQueueRun option enabled, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0715 (Sendmail before 8.12.1, without the RestrictQueueRun option enabled, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0716 (Citrix MetaFrame 1.8 Server with Service Pack 3, and XP Server Service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0717 (Format string vulnerability in ToolTalk database server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0718 (Vulnerability in (1) Microsoft Excel 2002 and earlier and (2) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0719 (Buffer overflow in Microsoft Windows Media Player 6.4 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0720 (Internet Explorer 5.1 for Macintosh on Mac OS X allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0721 (Universal Plug and Play (UPnP) in Windows 98, 98SE, ME, and XP allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0722 (Internet Explorer 5.5 and 6.0 allows remote attackers to read and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0723 (Internet Explorer 5.5 and 6.0 allows remote attackers to read and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0724 (Internet Explorer 5.5 allows remote attackers to bypass security ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0725 RESERVED CVE-2001-0726 (Outlook Web Access (OWA) in Microsoft Exchange 5.5 Server, when used ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0727 (Internet Explorer 6.0 allows remote attackers to execute arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0728 (Buffer overflow in Compaq Management Agents before 5.2, included in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0729 (Apache 1.3.20 on Windows servers allows remote attackers to bypass the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0730 (split-logfile in Apache 1.3.20 allows remote attackers to overwrite ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0731 (Apache 1.3.20 with Multiviews enabled allows remote attackers to view ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0733 (The #sinclude directive in Embedded Perl (ePerl) 2.2.14 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0734 (Hitachi Super-H architecture in NetBSD 1.5 and 1.4.1 allows a local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0735 (Buffer overflow in cfingerd 1.4.3 and earlier with the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0736 (Vulnerability in (1) pine before 4.33 and (2) the pico editor, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0737 (A long 'synch' delay in Logitech wireless mice and keyboard receivers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0738 (LogLine function in klogd in sysklogd 1.3 in various Linux ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0739 (Guardian Digital WebTool in EnGarde Secure Linux 1.0.1 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0740 (3COM OfficeConnect 812 and 840 ADSL Router 4.2, running OCR812 router ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0741 (Cisco Hot Standby Routing Protocol (HSRP) allows local attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0742 (Buffer overflow in Computalynx CMail POP3 mail server 2.4.9 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0743 (Paging function in O'Reilly WebBoard Pager 4.10 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0744 (Horde IMP 2.2.4 and earlier allows local users to overwrite files via ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0745 (Netscape 4.7x allows remote attackers to obtain sensitive information ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0746 (Buffer overflow in Web Publisher in iPlanet Web Server Enterprise ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0747 (Buffer overflow in iPlanet Web Server (iWS) Enterprise Edition 4.1, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0748 (Acme.Serve 1.7, as used in Cisco Secure ACS Unix and possibly other ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0749 (Beck IPC GmbH IPC@CHIP Embedded-Webserver allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0750 (Cisco IOS 12.1(2)T, 12.1(3)T allow remote attackers to cause a denial ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0751 (Cisco switches and routers running CBOS 2.3.8 and earlier use ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0752 (Cisco CBOS 2.3.8 and earlier allows remote attackers to cause a denial ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0753 (Cisco CBOS 2.3.8 and earlier stores the passwords for (1) exec and (2) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0754 (Cisco CBOS 2.3.8 and earlier allows remote attackers to cause a denial ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0755 (Buffer overflow in ftp daemon (ftpd) 6.2 in Debian GNU/Linux allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0756 (CatalogMgr.pl in VirtualCatalog (incorrectly claimed to be in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0757 (Cisco 6400 Access Concentrator Node Route Processor 2 (NRP2) 12.1DC ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0758 (Directory traversal vulnerability in Shambala 4.5 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0759 (Buffer overflow in bctool in Jetico BestCrypt 0.8.1 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0760 (Citrix Nfuse 1.51 allows remote attackers to obtain the absolute path ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0761 (Buffer overflow in HttpSave.dll in Trend Micro InterScan WebManager ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0762 (Buffer overflow in su-wrapper 1.1.1 allows local users to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0763 (Buffer overflow in Linux xinetd 2.1.8.9pre11-1 and earlier may allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0764 (Buffer overflow in ntping in scotty 2.1.0 allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0765 (BisonFTP V4R1 allows local users to access directories outside of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0766 (Apache on MacOS X Client 10.0.3 with the HFS+ file system allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0767 (Directory traversal vulnerability in GuildFTPd 0.9.7 allows attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0768 (GuildFTPd 0.9.7 stores user names and passwords in plaintext in the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0769 (Memory leak in GuildFTPd Server 0.97 allows remote attackers to cause ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0770 (Buffer overflow in GuildFTPd Server 0.97 allows remote attacker to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0771 (Spytech SpyAnywhere 1.50 allows remote attackers to gain administrator ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0772 (Buffer overflows and other vulnerabilities in multiple Common Desktop ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0773 (Cayman 3220-H DSL Router 1.0 allows remote attacker to cause a denial ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0774 (Tripwire 1.3.1, 2.2.1 and 2.3.0 allows local users to overwrite ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0775 (Buffer overflow in xloadimage 4.1 (aka xli 1.16 and 1.17) in Linux ...) BUG: 79762 CVE-2001-0776 (Buffer overflow in DynFX MailServer version 2.10 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0777 (Omnicron OmniHTTPd 2.0.8 allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0778 (OmniHTTPd 2.0.8 and earlier allow remote attackers to obtain source ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0779 (Buffer overflow in rpc.yppasswdd (yppasswd server) in Solaris 2.6, 7 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0780 (Directory traversal vulnerability in cosmicpro.cgi in Cosmicperl ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0781 (Buffer overflow in SpoonFTP 1.0.0.12 allows remote attacker to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0782 (KDE ktvision 0.1.1-271 and earlier allows local attackers to gain root ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0783 (Cisco TFTP server 1.1 allows remote attackers to read arbitrary files ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0784 (Directory traversal vulnerability in Icecast 1.3.10 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0785 (Directory traversal in Webpaging interface in Internet Software ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0786 (Internet Software Solutions Air Messenger LAN Server (AMLServer) 3.4.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0787 (LPRng in Red Hat Linux 7.0 and 7.1 does not properly drop memberships ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0788 (Internet Software Solutions Air Messenger LAN Server (AMLServer) 3.4.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0789 (Format string vulnerability in avpkeeper in Kaspersky KAV 3.5.135.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0790 (Specter IDS version 4.5 and 5.0 allows a remote attacker to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0791 (Trend Micro InterScan VirusWall for Windows NT allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0792 (Format string vulnerability in XChat 1.2.x allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0794 (Buffer overflow in A-FTP Anonymous FTP Server allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0795 (Perception LiteServe 1.25 allows remote attackers to obtain source ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0796 (SGI IRIX 6.5 through 6.5.12f and possibly earlier versions, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0797 (Buffer overflow in login in various System V based operating systems ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0798 RESERVED CVE-2001-0799 (Buffer overflows in lpsched in IRIX 6.5.13f and earlier allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0800 (lpsched in IRIX 6.5.13f and earlier allows remote attackers to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0801 (lpstat in IRIX 6.5.13f and earlier allows local users to gain root ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0802 RESERVED CVE-2001-0803 (Buffer overflow in the client connection routine of libDtSvc.so.1 in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0804 (Directory traversal vulnerability in story.pl in Interactive Story 1.3 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0805 (Directory traversal vulnerability in ttawebtop.cgi in Tarantella ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0806 (Apple MacOS X 10.0 and 10.1 allow a local user to read and write to a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0807 (Internet Explorer 5.0, and possibly other versions, may allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0808 (gnatsweb.pl in GNATS GnatsWeb 2.7 through 3.95 allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0809 (Vulnerability in CIFS/9000 Server (SAMBA) A.01.06 and earlier in HP-UX ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0810 RESERVED CVE-2001-0811 RESERVED CVE-2001-0812 RESERVED CVE-2001-0813 RESERVED CVE-2001-0814 RESERVED CVE-2001-0815 (Buffer overflow in PerlIS.dll in Activestate ActivePerl 5.6.1.629 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0816 (OpenSSH before 2.9.9, when running sftp using sftp-server and using ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0817 (Vulnerability in HP-UX line printer daemon (rlpdaemon) in HP-UX 10.01 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0818 (A buffer overflow the '\s' console command in MDBMS 0.99b9 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0819 (A buffer overflow in Linux fetchmail before 5.8.6 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0820 (Buffer overflows in GazTek ghttpd 1.4 allows a remote attacker to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0821 (The default configuration of DCShop 1.002 beta places sensitive files ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0822 (FPF kernel module 1.0 allows a remote attacker to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0823 (The pmpost program in Performance Co-Pilot (PCP) before 2.2.1-3 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0824 (Cross-site scripting vulnerability in IBM WebSphere 3.02 and 3.5 FP2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0825 (Buffer overflow in internal string handling routines of xinetd before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0826 (Buffer overflows in CesarFTPD 0.98b allows remote attackers to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0827 (Cerberus FTP server 1.0 - 1.5 allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0828 (A cross-site scripting vulnerability in Caucho Technology Resin before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0829 (A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0830 (6tunnel 0.08 and earlier does not properly close sockets that were ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0831 (Unknown vulnerability in Oracle Label Security in Oracle 8.1.7 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0832 (Vulnerability in Oracle 8.0.x through 9.0.1 on Unix allows local users ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0833 (Buffer overflow in otrcrep in Oracle 8.0.x through 9.0.1 allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0834 (htsearch CGI program in htdig (ht://Dig) 3.1.5 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0835 (Cross-site scripting vulnerability in Webalizer 2.01-06, and possibly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0836 (Buffer overflow in Oracle9iAS Web Cache 2.0.0.1 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0837 (DeltaThree Pc-To-Phone 3.0.3 places sensitive data in world-readable ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0838 (Format string vulnerability in Network Solutions Rwhoisd 1.5.x allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0839 (ibillpm.pl in iBill password management system generates weak ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0840 (Buffer overflow in Compaq Insight Manager XE 2.1b and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0841 (Directory traversal vulnerability in Search.cgi in Ikonboard ib219 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0842 (Directory traversal vulnerability in Search.cgi in Leoboard LB5000 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0843 (Squid proxy server 2.4 and earlier allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0844 (Vulnerability in (1) Book of guests and (2) Post it! allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0845 (Vulnerability in DECwindows Motif Server on OpenVMS VAX or Alpha 6.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0846 (Lotus Domino 5.x allows remote attackers to read files or execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0847 (Lotus Domino Web Server 5.x allows remote attackers to gain sensitive ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0848 (join.cfm in e-Zone Media Fuse Talk allows a local user to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0849 (viralator CGI script in Viralator 0.9pre1 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0850 (A configuration error in the libdb1 package in OpenLinux 3.1 uses ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0851 (Linux kernel 2.0, 2.2 and 2.4 with syncookies enabled allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0852 (TUX HTTP server 2.1.0-2 in Red Hat Linux allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0853 (Directory traversal vulnerability in Entrust GetAccess allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0854 (PHP-Nuke 5.2 allows remote attackers to copy and delete arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0855 (Buffer overflow in db_loader in ClearCase 4.2 and earlier allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0856 (Common Cryptographic Architecture (CCA) in IBM 4758 allows an attacker ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0857 (Cross-site scripting vulnerability in status.php3 in Imp Webmail 2.2.6 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0858 (Buffer overflow in pppattach and other linked PPP utilities in Caldera ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0859 (2.4.3-12 kernel in Red Hat Linux 7.1 Korean installation program sets ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0860 (Terminal Services Manager MMC in Windows 2000 and XP trusts the Client ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0861 (Cisco 12000 with IOS 12.0 and line cards based on Engine 2 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0862 (Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0863 (Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0864 (Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0865 (Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0866 (Cisco 12000 with IOS 12.0 and lines card based on Engine 2 does not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0867 (Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0868 (Red Hat Stronghold 2.3 to 3.0 allows remote attackers to retrieve ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0869 (Format string vulnerability in the default logging callback function ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0870 (HTTP server in Alchemy Eye and Alchemy Network Monitor 1.9x through ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0871 (Directory traversal vulnerability in HTTP server for Alchemy Eye and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0872 (OpenSSH 3.0.1 and earlier with UseLogin enabled does not properly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0873 (uuxqt in Taylor UUCP package does not properly remove dangerous long ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0874 (Internet Explorer 5.5 and 6.0 allow remote attackers to read certain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0875 (Internet Explorer 5.5 and 6.0 allows remote attackers to cause the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0876 (Buffer overflow in Universal Plug and Play (UPnP) on Windows 98, 98SE, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0877 (Universal Plug and Play (UPnP) on Windows 98, 98SE, ME, and XP allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0878 RESERVED CVE-2001-0879 (Format string vulnerability in the C runtime functions in SQL Server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0880 RESERVED CVE-2001-0881 RESERVED CVE-2001-0882 RESERVED CVE-2001-0883 RESERVED CVE-2001-0884 (Cross-site scripting vulnerability in Mailman email archiver before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0885 RESERVED CVE-2001-0886 (Buffer overflow in glob function of glibc allows attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0887 (xSANE 0.81 and earlier allows local users to modify files of other ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0888 (Atmel Firmware 1.3 Wireless Access Point (WAP) allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0889 (Exim 3.22 and earlier, in some configurations, does not properly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0890 (Certain backend drivers in the SANE library 1.0.3 and earlier, as used ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0891 (Format string vulnerability in NQS daemon (nqsdaemon) in NQE 3.3.0.16 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0892 (Acme Thttpd Secure Webserver before 2.22, with the chroot option ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0893 (Acme mini_httpd before 1.16 allows remote attackers to view sensitive ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0894 (Vulnerability in Postfix SMTP server before 20010228-pl07, when ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0895 (Multiple Cisco networking products allow remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0896 (Inetd in OpenServer 5.0.5 allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0897 (Cross-site scripting vulnerability in Infopop Ultimate Bulletin Board ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0898 (Opera 6.0 and earlier allows remote attackers to access sensitive ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0899 (Network Tools 0.2 for PHP-Nuke allows remote attackers to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0900 (Directory traversal vulnerability in modules.php in Gallery before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0901 (Hypermail allows remote attackers to execute arbitrary commands on a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0902 (Microsoft IIS 5.0 allows remote attackers to spoof web log entries via ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0903 (Linear key exchange process in High-bandwidth Digital Content ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0904 (Internet Explorer 5.5 and 6 with the Q312461 (MS01-055) patch modifies ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0905 (Race condition in signal handling of procmail 3.20 and earlier, when ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0906 (teTeX filter before 1.0.7 allows local users to gain privileges via a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0907 (Linux kernel 2.2.1 through 2.2.19, and 2.4.1 through 2.4.10, allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0908 (CITRIX Metaframe 1.8 logs the Client Address (IP address) that is ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0909 (Buffer overflow in helpctr.exe program in Microsoft Help Center for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0910 (Legato Networker before 6.1 allows remote attackers to bypass access ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0911 (PHP-Nuke 5.1 stores user and administrator passwords in a base-64 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0912 (Packaging error for expect 8.3.3 in Mandrake Linux 8.1 causes expect ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0913 (Format string vulnerability in Network Solutions Rwhoisd 1.5.7.2 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0914 (Linux kernel before 2.4.11pre3 in multiple Linux distributions allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0915 (Format string vulnerability in Berkeley parallel make (pmake) 2.1.33 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0916 (Buffer overflow in Berkeley parallel make (pmake) 2.1.33 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0917 (Jakarta Tomcat 4.0.1 allows remote attackers to reveal physical path ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0918 (Vulnerabilities in CGI scripts in susehelp in SuSE 7.2 and 7.3 allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0919 (Internet Explorer 5.50.4134.0100 on Windows ME with "Prompt to allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0920 (Format string vulnerability in auto nice daemon (AND) 1.0.4 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0921 (Netscape 4.79 and earlier for MacOS allows an attacker with access to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0922 (ndcgi.exe in Netdynamics 4.x through 5.x, and possibly earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0923 (RPM Package Manager 4.0.x through 4.0.2.x allows an attacker to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0924 (Directory traversal vulnerability in ifx CGI program in Informix Web ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0925 (The default installation of Apache before 1.3.19 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0926 (SSIFilter in Allaire JRun 3.1, 3.0 and 2.3.3 allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0927 (Format string vulnerability in the permitted function of GNOME ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0928 (Buffer overflow in the permitted function of GNOME gtop daemon ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0929 (Cisco IOS Firewall Feature set, aka Context Based Access Control ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0930 (Sendpage.pl allows remote attackers to execute arbitrary commands via ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0931 (Directory traversal vulnerability in Cooolsoft PowerFTP Server 2.03 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0932 (Buffer overflow in Cooolsoft PowerFTP Server 2.03 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0933 (Cooolsoft PowerFTP Server 2.03 allows remote attackers to list the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0934 (Cooolsoft PowerFTP Server 2.03 allows remote attackers to obtain the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0935 (Vulnerability in wu-ftpd 2.6.0, and possibly earlier versions, which ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0936 (Buffer overflow in Frox transparent FTP proxy 0.6.6 and earlier, with ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0937 (PGPMail.pl 1.31 allows remote attackers to execute arbitrary commands ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0938 (Directory traversal vulnerability in AspUpload 2.1, in certain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0939 (Lotus Domino 5.08 and earlier allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0940 (Buffer overflow in the GUI authentication code of Check Point ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0941 (Buffer overflow in dbsnmp in Oracle 8.0.6 through 9.0.1 allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0942 (dbsnmp in Oracle 8.1.6 and 8.1.7 uses the ORACLE_HOME environment ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0943 (dbsnmp in Oracle 8.0.5 and 8.1.5, under certain conditions, trusts the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0944 (DDE in mIRC allows local users to launch applications under another ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0945 (Buffer overflow in Outlook Express 5.0 through 5.02 for Macintosh ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0946 (apmscript in Apmd in Red Hat 7.2 "Enigma" allows local users to create ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0947 (Forms.exe CGI program in ValiCert Enterprise Validation Authority ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0948 (Cross-site scripting (CSS) vulnerability in ValiCert Enterprise ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0949 (Buffer overflows in forms.exe CGI program in ValiCert Enterprise ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0950 (ValiCert Enterprise Validation Authority (EVA) Administration Server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0951 (Windows 2000 allows remote attackers to cause a denial of service (CPU ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0952 (THQ Volition Red Faction Game allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0953 (Kebi WebMail allows remote attackers to access the administrator menu ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0954 (Lotus Domino 5.0.5 and 5.0.8, and possibly other versions, allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0955 (Buffer overflow in fbglyph.c in XFree86 before 4.2.0, related to glyph ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0956 (speechd 0.54 and earlier, with the Festival or rsynth speech synthesis ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0958 (Buffer overflows in eManager plugin for Trend Micro InterScan ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0959 (Computer Associates ARCserve for NT 6.61 SP2a and ARCserve 2000 7.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0960 (Computer Associates ARCserve for NT 6.61 SP2a and ARCserve 2000 7.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0961 (Buffer overflow in tab expansion capability of the most program allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0962 (IBM WebSphere Application Server 3.02 through 3.53 uses predictable ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0963 (Directory traversal vulnerability in SpoonFTP 1.1 allows local and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0964 (Buffer overflow in client for Half-Life 1.1.0.8 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0965 (glFTPD 1.23 allows remote attackers to cause a denial of service (CPU ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0966 (Directory traversal vulnerability in Nudester 1.10 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0967 (Knox Arkeia server 4.2, and possibly other versions, uses a constant ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0968 (Knox Arkeia server 4.2, and possibly other versions, installs its root ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0969 (ipfw in FreeBSD does not properly handle the use of "me" in its rules ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0970 (Cross-site scripting vulnerability in TDForum 1.2 CGI script ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0971 (Directory traversal vulnerability in ACI 4d webserver allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0972 (Surf-Net ASP Forum before 2.30 uses easily guessable cookies based on ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0973 (BSCW groupware system 3.3 through 4.0.2 beta allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0974 (Format string vulnerabilities in Oracle Internet Directory Server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0975 (Buffer overflow vulnerabilities in Oracle Internet Directory Server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0976 (Vulnerability in HP Process Resource Manager (PRM) C.01.08.2 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0977 (slapd in OpenLDAP 1.x before 1.2.12, and 2.x before 2.0.8, allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0978 (login in HP-UX 10.26 does not record failed login attempts in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0979 (Buffer overflow in swverify in HP-UX 11.0, and possibly other ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0980 (docview before 1.0-15 allows remote attackers to execute arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0981 (HP CIFS/9000 Server (SAMBA) A.01.07 and earlier with the "unix ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0982 (Directory traversal vulnerability in IBM Tivoli WebSEAL Policy ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0983 (UltraEdit uses weak encryption to record FTP passwords in the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0984 (Password Safe 1.7(1) leaves cleartext passwords in memory when a user ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0985 (shop.pl in Hassan Consulting Shopping Cart 1.23 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0986 (SQLQHit.asp sample file in Microsoft Index Server 2.0 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0987 (Cross-site scripting vulnerability in CGIWrap before 3.7 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0988 (Arkeia backup server 4.2.8-2 and earlier creates its database files ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0989 (Buffer overflows in Pileup before 1.2 allows local users to gain root ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0990 (Inter7 vpopmail 4.10.35 and earlier, when using the MySQL module, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0991 (Cross-site scripting vulnerability in Proxomitron Naoko-4 BetaFour and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0992 (shopplus.cgi in ShopPlus shopping cart allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0993 (sendmsg function in NetBSD 1.3 through 1.5 allows local users to cause ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0994 (Marconi ForeThought 7.1 allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0995 (PHProjekt before 2.4a allows remote attackers to perform actions as ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0996 (POP3Lite before 0.2.4 does not properly quote a . (dot) in an email ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0997 (Textor Webmasters Ltd listrec.pl CGI program allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0998 (IBM HACMP 4.4 allows remote attackers to cause a denial of service via ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0999 (Outlook Express 6.00 allows remote attackers to execute arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1000 (rlmadmin RADIUS management utility in Merit AAA Server 3.8M, 5.01, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1002 (The default configuration of the DVI print filter (dvips) in Red Hat ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1003 (Respondus 1.1.2 for WebCT uses weak encryption to remember usernames ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1004 (Cross-site scripting (CSS) vulnerability in gnut Gnutella client ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1005 (Starfish Truesync Desktop 2.0b as used on the REX 5000 PDA uses weak ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1006 (Starfish Truesync Desktop 2.0b as used on the REX 5000 PDA does not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1007 (Starfish Truesync Desktop 2.0b as used on the REX 5000 PDA uses a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1008 (Java Plugin 1.4 for JRE 1.3 executes signed applets even if the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1009 (Fetchmail (aka fetchmail-ssl) before 5.8.17 allows a remote malicious ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1010 (Directory traversal vulnerability in pagecount CGI script in Sambar ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1011 (index2.php in Mambo Site Server 3.0.0 through 3.0.5 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1012 (Vulnerability in screen before 3.9.10, related to a multi-attach error, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1013 (Apache on Red Hat Linux with with the UserDir directive enabled ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1014 (eshop.pl in WebDiscount(e)shop allows remote attackers to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1015 (Buffer overflow in Snes9x 1.37, when installed setuid root, allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1016 (PGP Corporate Desktop before 7.1, Personal Security before 7.0.3, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1017 (rmuser utility in FreeBSD 4.2 and 4.3 creates a copy of the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1018 (Lotus Domino web server 5.08 allows remote attackers to determine the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1019 (Directory traversal vulnerability in view_item CGI program in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1020 (edit_image.php in Vibechild Directory Manager before 0.91 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1021 (Buffer overflows in WS_FTP 2.02 allow remote attackers to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1022 (Format string vulnerability in pic utility in groff 1.16.1 and other ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1023 (Xcache 2.1 allows remote attackers to determine the absolute path of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1024 (login.gas.bat and other CGI scripts in Entrust getAccess allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1025 (PHP-Nuke 5.x allows remote attackers to perform arbitrary SQL ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1026 (Trend Micro InterScan AppletTrap 2.0 does not properly filter URLs ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1027 (Buffer overflow in WindowMaker (aka wmaker) 0.64 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1028 (Buffer overflow in ultimate_source function of man 1.5 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1029 (libutil in OpenSSH on FreeBSD 4.4 and earlier does not drop privileges ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1030 (Squid before 2.3STABLE5 in HTTP accelerator mode does not enable ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1031 (Directory traversal vulnerability in Meteor FTP 1.0 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1032 (admin.php in PHP-Nuke 5.2 and earlier, except 5.0RC1, does not check ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1033 (Compaq TruCluster 1.5 allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1034 (Format string vulnerability in Hylafax on FreeBSD allows local users ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1035 (Binary decoding feature of slrn 0.9 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1036 (GNU locate in findutils 4.1 on Slackware 7.1 and 8.0 allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1037 (Cisco SN 5420 Storage Router 1.1(3) and earlier allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1038 (Cisco SN 5420 Storage Router 1.1(3) and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1039 (The JetAdmin web interface for HP JetDirect does not set a password ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1040 (HP LaserJet, and possibly other JetDirect devices, resets the admin ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1041 (oracle program in Oracle 8.0.x, 8.1.x and 9.0.1 allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1042 (Transsoft Broker 5.9.5.0 allows remote attackers to read arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1043 (ArGoSoft FTP Server 1.2.2.2 allows remote attackers to read arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1044 (Basilix Webmail 0.9.7beta, and possibly other versions, stores *.class ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1045 (Directory traversal vulnerability in basilix.php3 in Basilix Webmail ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1046 (Buffer overflow in qpopper (aka qpop or popper) 4.0 through 4.0.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1047 (Race condition in OpenBSD VFS allows local users to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1048 (AWOL PHP script allows remote attackers to include arbitrary files ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1049 (Phorecast PHP script before 0.40 allows remote attackers to include ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1050 (CCCSoftware CCC PHP script allows remote attackers to include ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1051 (Dark Hart Portal (darkportal) PHP script allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1052 (Empris PHP script allows remote attackers to include arbitrary files ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1053 (AdLogin.pm in AdCycle 1.15 and earlier allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1054 (PHPAdsNew PHP script allows remote attackers to include arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1055 (The Microsoft Windows network stack allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1056 (IRC DCC helper in the ip_masq_irc IP masquerading module 2.2 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1057 (The License Manager (mathlm) for Mathematica 4.0 and 4.1 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1058 (The License Manager (mathlm) for Mathematica 4.0 and 4.1 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1059 (VMWare creates a temporary file vmware-log.USERNAME with insecure ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1060 (phpMyAdmin 2.2.0rc3 and earlier allows remote attackers to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1061 (Vulnerability in lsmcode in unknown versions of AIX, possibly related ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1062 (Buffer overflow in mana in OpenServer 5.0.6a and earlier allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1063 (Buffer overflow in uidadmin in Caldera Open Unix 8.0.0 and UnixWare 7 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1064 (Cisco 600 series routers running CBOS 2.0.1 through 2.4.2ap allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1065 (Web-based configuration utility in Cisco 600 series routers running ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1066 (ns6install installation script for Netscape 6.01 on Solaris, and other ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1067 (Buffer overflow in AOLserver 3.0 allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1068 (qpopper 4.01 with PAM based authentication on Red Hat systems ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1069 (libCoolType library as used in Adobe Acrobat (acroread) on Linux ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1070 (Sage Software MAS 200 allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1071 (Cisco IOS 12.2 and earlier running Cisco Discovery Protocol (CDP) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1072 (Apache with mod_rewrite enabled on most UNIX systems allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1073 (Webridge PX Application Suite allows remote attackers to obtain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1074 (Webmin 0.84 and earlier does not properly clear the HTTP_AUTHORIZATION ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1075 (poprelayd script before 2.0 in Cobalt RaQ3 servers allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1076 (Buffer overflow in whodo in Solaris SunOS 5.5.1 through 5.8 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1077 (Buffer overflow in tt_printf function of rxvt 2.6.2 allows local users ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1078 (Format string vulnerability in flog function of eXtremail 1.1.9 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1079 (create_keyfiles in PSSP 3.2 with DCE 3.1 authentication on AIX creates ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1080 (diagrpt in AIX 4.3.x and 5.1 uses the DIAGDATADIR environment variable ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1081 (Format string vulnerabilities in Livingston/Lucent RADIUS before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1082 (Directory traversal vulnerability in Livingston/Lucent RADIUS before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1083 (Icecast 1.3.7, and other versions before 1.3.11 with HTTP server file ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1084 (Cross-site scripting vulnerability in Allaire JRun 3.0 and 2.3.3 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1085 (Lmail 2.7 and earlier allows local users to overwrite arbitrary files ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1086 (XDM in XFree86 3.3 and 3.3.3 generates easily guessable cookies using ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1087 (The default configuration of the config.http.tunnel.allow_ports option ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1088 (Microsoft Outlook 8.5 and earlier, and Outlook Express 5 and earlier, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1089 (libnss-pgsql in nss-pgsql 0.9.0 and earlier allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1090 (nss_postgresql 0.6.1 and before allows a remote attacker to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1091 (The (1) dump and (2) dump_lfs commands in NetBSD 1.4.x through 1.5.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1092 (msgchk in Digital UNIX 4.0G and earlier allows a local user to read ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1093 (Buffer overflow in msgchk in Digital UNIX 4.0G and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1094 (NetOp School 1.5 allows local users to bypass access restrictions on ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1095 (Buffer overflow in uuq in AIX 4 could alllow local users to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1096 (Buffer overflows in muxatmd in AIX 4 allows an attacker to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1097 (Cisco routers and switches running IOS 12.0 through 12.2.1 allows a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1098 (Cisco PIX firewall manager (PFM) 4.3(2)g logs the enable password in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1099 (The default configuration of Norton AntiVirus for Microsoft Exchange ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1100 (sendmessage.cgi in W3Mail 1.0.2, and possibly other CGI programs, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1101 (The Log Viewer function in the Check Point FireWall-1 GUI for Solaris ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1102 (Check Point FireWall-1 3.0b through 4.1 for Solaris allows local users ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1103 (FTP Voyager ActiveX control before 8.0, when it is marked as safe for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1104 (SonicWALL SOHO uses easily predictable TCP sequence numbers, which ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1105 (RSA BSAFE SSL-J 3.0, 3.0.1 and 3.1, as used in Cisco iCND 2.0, caches ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1106 (The default configuration of Sambar Server 5 and earlier uses a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1107 (SnapStream PVS 1.2a stores its passwords in plaintext in the file ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1108 (Directory traversal vulnerability in SnapStream PVS 1.2a allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1109 (Directory traversal vulnerability in EFTP 2.0.7.337 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1110 (EFTP 2.0.7.337 allows remote attackers to obtain NETBIOS credentials ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1111 (EFTP 2.0.7.337 stores user passwords in plaintext in the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1112 (Buffer overflow in EFTP 2.0.7.337 allows remote attackers to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1113 (Buffer overflow in TrollFTPD 1.26 and earlier allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1114 (book.cgi in NetCode NC Book 0.2b allows remote attackers to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1115 (generate.cgi in SIX-webboard 2.01 and before allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1116 (Identix BioLogon 2.03 and earlier does not lock secondary displays on ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1117 (LinkSys EtherFast BEFSR41 Cable/DSL routers running firmware before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1118 (A module in Roxen 2.0 before 2.0.92, and 2.1 before 2.1.264, does not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1119 (cda in xmcd 3.0.2 and 2.6 in SuSE Linux allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1120 (Vulnerabilities in ColdFusion 2.0 through 4.5.1 SP 2 allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1121 (DEPRECATED. This entry has been deprecated. It is a duplicate of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1122 (Windows NT 4.0 SP 6a allows a local user with write access to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1123 (Vulnerability in Network Node Manager (NNM) 6.2 and earlier in HP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1124 (rpcbind in HP-UX 11.00, 11.04 and 11.11 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1125 (Symantec LiveUpdate before 1.6 does not use cryptography to ensure the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1126 (Symantec LiveUpdate 1.4 through 1.6, and possibly later versions, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1127 (Buffer overflow in Progress database 8.3D and 9.1C could allow a local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1128 (Buffer overflow in Progress database 8.3D and 9.1C allows local users ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1129 (Format string vulnerabilities in (1) _probuild, (2) _dbutil, (3) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1130 (Sdbsearch.cgi in SuSE Linux 6.0-7.2 could allow remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1131 (Directory traversal vulnerability in WhitSoft Development SlimFTPd 2.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1132 (Mailman 2.0.x before 2.0.6 allows remote attackers to gain access to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1133 (Vulnerability in a system call in BSDI 3.0 and 3.1 allows local users ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1134 (Xerox DocuPrint N40 Printers allow remote attackers to cause a denial ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1135 (ZyXEL Prestige 642R and 642R-I routers do not filter the routers' ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1136 (The libsecurity library in HP-UX 11.04 (VVOS) allows attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1137 (D-Link DI-704 Internet Gateway firmware earlier than V2.56b6 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1138 (Directory traversal vulnerability in r.pl (aka r.cgi) of Randy Parker ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1139 (Directory traversal vulnerability in ASCII NT WinWrapper Professional ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1140 (BadBlue Personal Edition v1.02 beta allows remote attackers to read ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1141 (The Pseudo-Random Number Generator (PRNG) in SSLeay and OpenSSL before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1142 (ArGoSoft FTP Server 1.2.2.2 uses weak encryption for user passwords, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1143 (IBM DB2 7.0 allows a remote attacker to cause a denial of service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1144 (Directory traversal vulnerability in McAfee ASaP VirusScan agent 1.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1145 (fts routines in FreeBSD 4.3 and earlier, NetBSD before 1.5.2, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1146 (AllCommerce with debugging enabled in EnGarde Secure Linux 1.0.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1147 (The PAM implementation in /bin/login of the util-linux package before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1148 (Multiple buffer overflows in programs used by scoadmin and sysadmsh in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1149 (Panda Antivirus Platinum before 6.23.00 allows a remore attacker to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1150 (Vulnerability in cgiWebupdate.exe in Trend Micro OfficeScan Corporate ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1151 (Trend Micro OfficeScan Corporate Edition (aka Virus Buster) 3.53 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1152 (Baltimore Technologies WEBsweeper 4.02, when used to manage URL ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1153 (lpsystem in OpenUnix 8.0.0 allows local users to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1154 (Cyrus 2.0.15, 2.0.16, and 1.6.24 on BSDi 4.2, with IMAP enabled, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1155 (TCP Wrappers (tcp_wrappers) in FreeBSD 4.1.1 through 4.3 with the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1156 (TYPSoft FTP 0.95 allows remote attackers to cause a denial of service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1157 (Baltimore Technologies WEBsweeper 4.0 and 4.02 does not properly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1158 (Check Point VPN-1/FireWall-1 4.1 base.def contains a default macro, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1159 (load_prefs.php and supporting include files in SquirrelMail 1.0.4 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1160 (udirectory.pl in Microburst Technologies uDirectory 2.0 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1161 (Cross-site scripting (CSS) vulnerability in Lotus Domino 5.0.6 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1162 (Directory traversal vulnerability in the %m macro in the smb.conf ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1163 (Buffer overflow in Munica Corporation NetSQL 1.0 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1164 (Buffer overflow in uucp utilities in UnixWare 7 allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1165 (Intego FileGuard 4.0 uses weak encryption to store user information ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1166 (linprocfs on FreeBSD 4.3 and earlier does not properly restrict access ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1167 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1168 (Directory traversal vulnerability in index.php in PhpMyExplorer before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1169 (keyinit in S/Key does not require authentication to initialize a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1170 (AmTote International homebet program stores the homebet.log file in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1171 (Check Point Firewall-1 3.0b through 4.0 SP1 follows symlinks and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1172 (OmniSecure HTTProtect 1.1.1 allows a superuser without omnish ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1173 (Vulnerability in MasqMail before 0.1.15 allows local users to gain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1174 (Buffer overflow in Elm 2.5.5 and earlier allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1175 (vipw in the util-linux package before 2.10 causes /etc/shadow to be ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1176 (Format string vulnerability in Check Point VPN-1/FireWall-1 4.1 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1177 (ml85p in Samsung ML-85G GDI printer driver before 0.2.0 allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1178 (Buffer overflow in xman allows local users to gain privileges via a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1179 (xman allows local users to gain privileges by modifying the MANPATH to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1180 (FreeBSD 4.3 does not properly clear shared signal handlers when ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1181 (Dynamically Loadable Kernel Module (dlkm) static kernel symbol table ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1182 (Vulnerability in login in HP-UX 11.00, 11.11, and 10.20 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1183 (PPTP implementation in Cisco IOS 12.1 and 12.2 allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1184 (wrshdsp.exe in Denicomp Winsock RSHD/NT 2.21.00 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1185 (Some AIO operations in FreeBSD 4.4 may be delayed until after a call ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1186 (Microsoft IIS 5.0 allows remote attackers to cause a denial of service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1187 (csvform.pl 0.1 allows remote attackers to execute arbitrary commands ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1188 (mailto.exe in Brian Dorricott MAILTO 1.0.9 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1189 (IBM Websphere Application Server 3.5.3 and earlier stores a password ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1190 (The default PAM files included with passwd in Mandrake Linux 8.1 do ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1191 (WebSeal in IBM Tivoli SecureWay Policy Director 3.8 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1192 (Citrix Independent Computing Architecture (ICA) Client for Windows 6.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1193 (Directory traversal vulnerability in EFTP 2.0.8.346 allows local users ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1194 (Zyxel Prestige 681 and 1600 SDSL Routers allow remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1195 (Novell Groupwise 5.5 and 6.0 Servlet Gateway is installed with a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1196 (Directory traversal vulnerability in edit_action.cgi of Webmin ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1197 (klprfax_filter in KDE2 KDEUtils allows local users to overwrite ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1198 (RLPDaemon in HP-UX 10.20 and 11.0 allows local users to overwrite ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1199 (Cross-site scripting vulnerability in agora.cgi for Agora 3.0a through ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1200 (Microsoft Windows XP allows local users to bypass a locked screen and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1201 (Buffer overflow in wmcube-gdk for WMCube/GDK 0.98 allows local users ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1202 (Cross-site scripting vulnerability in DeleGate 7.7.0 and 7.7.1 does ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1203 (Format string vulnerability in gpm-root in gpm 1.17.8 through 1.17.18 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1204 (Directory traversal vulnerability in phprocketaddin in Total PC ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1205 (Directory traversal vulnerability in lastlines.cgi for Last Lines 2.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1206 (Matrix CGI vault Last Lines 2.0 allows remote attackers to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1207 (Buffer overflows in DayDream BBS 2.9 through 2.13 allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1208 (Format string vulnerability in DayDream BBS allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1209 (Directory traversal vulnerability in zml.cgi allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1210 (Cisco ubr900 series routers that conform to the Data-over-Cable ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1211 (Ipswitch IMail 7.0.4 and earlier allows attackers with administrator ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1212 (Cross-site scripting vulnerability in catgy.cgi for Aktivate 1.03 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1213 (The default configuration of DataWizard FtpXQ 2.0 and 2.1 includes a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1214 (manual.php in Marcus S. Xenakis Unix Manual 1.0 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1215 (Format string vulnerability in PFinger 0.7.5 through 0.7.7 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1216 (Buffer overflow in PL/SQL Apache module in Oracle 9i Application ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1217 (Directory traversal vulnerability in PL/SQL Apache module in Oracle ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1218 (Microsoft Internet Explorer for Unix 5.0SP1 allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1219 (Microsoft Internet Explorer 6.0 and earlier allows malicious website ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1220 (D-Link DWL-1000AP Firmware 3.2.28 #483 Wireless LAN Access Point ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1221 (D-Link DWL-1000AP Firmware 3.2.28 #483 Wireless LAN Access Point uses ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1222 (Plesk Server Administrator (PSA) 1.0 allows remote attackers to obtain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1223 (The web administration server for ELSA Lancom 1100 Office does not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1224 (get_input in adrotate.pm for Les VanBrunt AdRotate Pro 2.0 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1225 (Hughes Technology Mini SQL 2.0.10 through 2.0.12 allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1226 (AdCycle 1.17 and earlier allow remote attackers to modify SQL queries, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1227 (Zope before 2.2.4 allows partially trusted users to bypass security ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1228 (Buffer overflows in gzip 1.3x, 1.2.4, and other versions might allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1229 (Buffer overflows in (1) Icecast before 1.3.9 and (2) libshout before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1230 (Buffer overflows in Icecast before 1.3.10 allow remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1231 (GroupWise 5.5 and 6 running in live remote or smart caching mode ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1232 (GroupWise WebAccess 5.5 with directory indexing enabled allows a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1233 (Netware Enterprise Web Server 5.1 running GroupWise WebAccess 5.5 with ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1234 (Bharat Mediratta Gallery PHP script before 1.2.1 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1235 (pSlash PHP script 0.7 and earlier allows remote attackers to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1236 (myphpPagetool PHP script 0.4.3-1 and earlier allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1237 (Phormation PHP script 0.9.1 and earlier allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1238 (Task Manager in Windows 2000 does not allow local users to end ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1239 (PowerNet IX allows remote attackers to cause a denial of service via a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1240 (The default configuration of sudo in Engarde Secure Linux 1.0.1 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1241 (Un-CGI 1.9 and earlier does not verify that a CGI script has the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1242 (Directory traversal vulnerability in Un-CGI 1.9 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1243 (Scripting.FileSystemObject in asp.dll for Microsoft IIS 4.0 and 5.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1244 (Multiple TCP implementations could allow remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1245 (Opera 5.0 for Linux does not properly handle malformed HTTP headers, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1246 (PHP 4.0.5 through 4.1.0 in safe mode does not properly cleanse the 5th ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1247 (PHP 4.0.4pl1 and 4.0.5 in safe mode allows remote attackers to read ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1248 (vWebServer 1.2.0 allows remote attackers to view arbitrary ASP scripts ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1249 (vWebServer 1.2.0 allows remote attackers to cause a denial of service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1250 (vWebServer 1.2.0 allows remote attackers to cause a denial of service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1251 (SmallHTTP 1.204 through 3.00 beta 8 allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1252 (Network Associates PGP Keyserver 7.0 allows remote attackers to bypass ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1253 (Alexis 2.0 and 2.1 in COM2001 InternetPBX stores voicemail passwords ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1254 (Web Access component for COM2001 Alexis 2.0 and 2.1 in InternetPBX ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1255 (WinMySQLadmin 1.1 stores the MySQL password in plain text in the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1256 (kmmodreg in HP-UX 11.11, 11.04 and 11.00 allows local users to create ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1257 (Cross-site scripting vulnerability in Horde Internet Messaging Program ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1258 (Horde Internet Messaging Program (IMP) before 2.2.6 allows local users ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1259 (Avaya Argent Office allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1260 (Avaya Argent Office uses weak encryption (trivial encoding) for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1261 (Avaya Argent Office 2.1 may allow remote attackers to change hold ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1262 (Avaya Argent Office 2.1 compares a user-provided SNMP community string ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1263 (telnet95.exe in Pragma InterAccess 4.0 build 5 allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1264 (Vulnerability in mkacct in HP-UX 11.04 running Virtualvault Operating ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1265 (Directory traversal vulnerability in IBM alphaWorks Java TFTP server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1266 (Directory traversal vulnerability in Doug Neal's HTTPD Daemon ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1267 (Directory traversal vulnerability in GNU tar 1.13.19 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1268 (Directory traversal vulnerability in Info-ZIP UnZip 5.42 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1269 (Info-ZIP UnZip 5.42 and earlier allows attackers to overwrite ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1270 (Directory traversal vulnerability in the console version of PKZip ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1271 (Directory traversal vulnerability in rar 2.02 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1272 (wmtv 0.6.5 and earlier does not properly drop privileges, which allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1273 (The "mxcsr P4" vulnerability in the Linux kernel before 2.2.17-14, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1274 (Buffer overflow in MySQL before 3.23.31 allows attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1275 (MySQL before 3.23.31 allows users with a MySQL account to use the SHOW ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1276 (ispell before 3.1.20 allows local users to overwrite files of other ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1277 (makewhatis in the man package before 1.5i2 allows an attacker in group ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1278 (Zope before 2.2.4 allows partially trusted users to bypass security ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1279 (Buffer overflow in print-rx.c of tcpdump 3.x (probably 3.6x) allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1280 (POP3 Server for Ipswitch IMail 7.04 and earlier generates different ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1281 (Web Messaging Server for Ipswitch IMail 7.04 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1282 (Ipswitch IMail 7.04 and earlier records the physical path of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1283 (The webmail interface for Ipswitch IMail 7.04 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1284 (Ipswitch IMail 7.04 and earlier uses predictable session IDs for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1285 (Directory traversal vulnerability in readmail.cgi for Ipswitch IMail ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1286 (Ipswitch IMail 7.04 and earlier stores a user's session ID in a URL, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1287 (Buffer overflow in Web Calendar in Ipswitch IMail 7.04 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1288 (Windows 2000 and Windows NT allows local users to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1289 (Quake 3 arena 1.29f and 1.29g allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1290 (admin.cgi in Active Classifieds Free Edition 1.0, and possibly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1291 (The telnet server for 3Com hardware such as PS40 SuperStack II does ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1292 (Sambar Telnet Proxy/Server allows remote attackers to cause a denial ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1293 (Buffer overflow in web server of 3com HomeConnect Cable Modem External ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1294 (Buffer overflow in A-V Tronics Inetserv 3.2.1 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1295 (Directory traversal vulnerability in Cerberus FTP Server 1.5 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1296 (More.groupware PHP script allows remote attackers to include arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1297 (PHP remote file inclusion vulnerability in Actionpoll PHP script ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1298 (Webodex PHP script 1.0 and earlier allows remote attackers to include ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1299 (Zorbat Zorbstats PHP script before 0.9 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1300 (Directory traversal vulnerability in Dynu FTP server 1.05 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1301 (rcs2log, as used in Emacs 20.4, xemacs 21.1.10 and other versions ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1302 (The change password option in the Windows Security interface for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1303 (The default configuration of SecuRemote for Check Point Firewall-1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1304 (Buffer overflow in SHOUTcast Server 1.8.2 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1305 (ICQ 2001a Alpha and earlier allows remote attackers to automatically ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1306 (iPlanet Directory Server 4.1.4 and earlier (LDAP) allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1307 (Buffer overflows in iPlanet Directory Server 4.1.4 and earlier (LDAP) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1308 (Format string vulnerabilities in iPlanet Directory Server 4.1.4 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1309 (Buffer overflows in IBM SecureWay 3.2.1 allow remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1310 (IBM SecureWay 3.2.1 allow remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1311 (Buffer overflows in Lotus Domino R5 before R5.0.7a allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1312 (Format string vulnerabilities in Lotus Domino R5 before R5.0.7a allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1313 (Lotus Domino R5 before R5.0.7a allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1314 (Buffer overflows in Critical Path (1) InJoin Directory Server or (2) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1315 (Critical Path (1) InJoin Directory Server or (2) LiveContent Directory ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1316 (Buffer overflows in Teamware Office Enterprise Directory allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1317 (Teamware Office Enterprise Directory allows remote attackers to cause ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1318 (Vulnerabilities in Qualcomm Eudora WorldMail Server may allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1319 (Microsoft Exchange 5.5 2000 allows remote attackers to cause a denial ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1320 (Network Associates PGP Keyserver 7.0 allows remote attackers to cause ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1321 (Oracle Internet Directory Server 2.1.1.x and 3.0.1 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1322 (xinetd 2.1.8 and earlier runs with a default umask of 0, which could ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1323 (Buffer overflow in MIT Kerberos 5 (krb5) 1.2.2 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1324 (cvmlogin and statfile in Paul Jarc idtools before 2001.06.27 do not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1325 (Internet Explorer 5.0 and 5.5, and Outlook Express 5.0 and 5.5, allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1326 (Eudora 5.1 allows remote attackers to execute arbitrary code when the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1327 (pmake before 2.1.35 in Turbolinux 6.05 and earlier is installed with ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1328 (Buffer overflow in ypbind daemon in Solaris 5.4 through 8 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1329 (Buffer overflow in rsh on AIX 4.2.0.0 may allow local users to gain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1330 (Buffer overflow in rsh on AIX 4.2.0.0 may allow local users to gain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1331 (mandb in the man-db package before 2.3.16-3 allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1332 (Buffer overflows in Linux CUPS before 1.1.6 may allow remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1333 (Linux CUPS before 1.1.6 does not securely handle temporary files, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1334 (Block_render_url.class in PHPSlash 0.6.1 allows remote attackers with ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1335 (Directory traversal vulnerability in CesarFTP 0.98b and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1336 (CesarFTP 0.98b and earlier stores usernames and passwords in plaintext ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1337 (Beck IPC GmbH IPC@CHIP Embedded-Webserver allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1338 (Beck IPC GmbH IPC@CHIP TelnetD server generates different responses ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1339 (Beck IPC GmbH IPC@CHIP telnet service does not delay or disconnect ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1340 (Beck GmbH IPC@Chip TelnetD service supports only one connection and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1341 (The Beck GmbH IPC@Chip embedded web server installs the chipcfg.cgi ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1342 (Apache before 1.3.20 on Windows and OS/2 systems allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1343 (ws_mail.cgi in WebStore 400/400CS 4.14 allows remote authenticated ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1344 (WSSecurity.pl in WebStore allows remote attackers to bypass ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1345 (bctool in Jetico BestCrypt 0.7 and earlier trusts the user-supplied ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1346 (Computer Associates ARCserveIT 6.61 and 6.63 (also called ARCservIT) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1347 (Windows 2000 allows local users to cause a denial of service and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1348 (TWIG 2.6.2 and earlier allows remote attackers to perform unauthorized ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1349 (Sendmail before 8.11.4, and 8.12.0 before 8.12.0.Beta10, allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1350 (Cross-site scripting vulnerability in namazu.cgi for Namazu 2.0.7 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1351 (Cross-site scripting vulnerability in Namazu 2.0.8 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1352 (Cross-site scripting vulnerability in Namazu 2.0.9 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1353 (ghostscript before 6.51 allows local users to read and write arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1354 (NetWin Authentication module (NWAuth) 2.0 and 3.0b, as implemented in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1355 (Buffer overflows in NetWin Authentication Module (NWAuth) 3.0b and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1356 (NetWin SurgeFTP 2.0f and earlier encrypts passwords using weak ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1357 (Multiple vulnerabilities in phpMyChat before 0.14.5 exist in (1) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1358 (Vulnerabilities in phpMyChat before 0.14.4 allow local and possibly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1359 (Volution clients 1.0.7 and earlier attempt to contact the computer ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1360 (Vulnerability in Scanner Access Now Easy (SANE) before 1.0.5, related ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1361 (Vulnerability in The Web Information Gateway (TWIG) 2.7.1, possibly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1362 (Vulnerability in the server for nPULSE before 0.53p4. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1363 (Vulnerability in phpWebSite before 0.7.9 related to running multiple ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1364 (Vulnerability in autodns.pl for AutoDNS before 0.0.4 related to domain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1365 (Vulnerability in IntraGnat before 1.4. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1366 (netscript before 1.6.3 parses dynamic variables, which could allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1367 (The checkAccess function in PHPSlice 0.1.4, and all other versions ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1368 (Vulnerability in iPlanet Web Server 4 included in Virtualvault ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1369 (Leon J Breedt pam-pgsql before 0.5.2 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1370 (prepend.php3 in PHPLib before 7.2d, when register_globals is enabled ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1371 (The default configuration of Oracle Application Server 9iAS 1.0.2.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1372 (Oracle 9i Application Server 1.0.2 allows remote attackers to obtain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1373 (MailSafe in Zone Labs ZoneAlarm 2.6 and earlier and ZoneAlarm Pro 2.6 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1374 (expect before 5.32 searches for its libraries in /var/tmp before other ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1375 (tcl/tk package (tcltk) 8.3.1 searches for its libraries in the current ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1376 (Buffer overflow in digest calculation function of multiple RADIUS ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1377 (Multiple RADIUS implementations do not properly validate the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1378 (fetchmailconf in fetchmail before 5.7.4 allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1379 (The PostgreSQL authentication modules (1) mod_auth_pgsql 0.9.5, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1380 (OpenSSH before 2.9.9, while using keypairs and multiple keys of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1382 (The "echo simulation" traffic analysis countermeasure in OpenSSH ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1383 (initscript in setserial 2.17-4 and earlier uses predictable temporary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1384 (ptrace in Linux 2.2.x through 2.2.19, and 2.4.x through 2.4.9, allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1385 (The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1386 (WFTPD 3.00 allows remote attackers to read arbitrary files by ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1387 (iptables-save in iptables before 1.2.4 records the "--reject-with ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1388 (iptables before 1.2.4 does not accurately convert rate limits that are ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1389 (Multiple vulnerabilities in xinetd 2.3.0 and earlier, and additional ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1390 (Unknown vulnerability in binfmt_misc in the Linux kernel before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1391 (Off-by-one vulnerability in CPIA driver of Linux kernel before 2.2.19 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1392 (The Linux kernel before 2.2.19 does not have unregister calls for (1) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1393 (Unknown vulnerability in classifier code for Linux kernel before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1394 (Signedness error in (1) getsockopt and (2) setsockopt for Linux kernel ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1395 (Unknown vulnerability in sockfilter for Linux kernel before 2.2.19 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1396 (Unknown vulnerabilities in strnlen_user for Linux kernel before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1397 (The System V (SYS5) shared memory implementation for Linux kernel ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1398 (Masquerading code for Linux kernel before 2.2.19 does not fully check ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1399 (Certain operations in Linux kernel before 2.2.19 on the x86 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1400 (Unknown vulnerabilities in the UDP port allocation for Linux kernel ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1401 (Bugzilla before 2.14 does not properly restrict access to confidential ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1402 (Bugzilla before 2.14 does not properly escape untrusted parameters, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1403 (Bugzilla before 2.14 includes the username and password in URLs, which ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1404 (Bugzilla before 2.14 stores user passwords in plaintext and sends ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1405 (Bugzilla before 2.14 does not restrict access to sanitycheck.cgi, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1406 (process_bug.cgi in Bugzilla before 2.14 does not set the "groupset" ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1407 (Bugzilla before 2.14 allows Bugzilla users to bypass group security ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1408 (Directory traversal vulnerability in readmsg.php in WebMail 2.0.1 in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1409 (dexconf in XFree86 Xserver 4.1.0-2 creates the /dev/dri directory with ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1410 (Internet Explorer 6 and earlier allows remote attackers to create ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1411 (Format string vulnerability in gm4 (aka m4) on Mac OS X may allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1412 (nidump on MacOS X before 10.3 allows local users to read the encrypted ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1413 (Stack-based buffer overflow in the comprexx function for ncompress ...) BUG: 66251 CVE-2001-1414 (The Basic Security Module (BSM) for Solaris 2.5.1, 2.6, 7, and 8 does ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1415 (vi.recover in OpenBSD before 3.1 allows local users to remove ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1416 (Multiple cross-site scripting (XSS) vulnerabilities in the log ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1417 (AOL Instant Messenger (AIM) 4.7 allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1418 (AOL Instant Messenger (AIM) 4.7 allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1419 (AOL Instant Messenger (AIM) 4.7.2480 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1420 (AOL Instant Messenger (AIM) 4.7 allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1421 (AOL Instant Messenger (AIM) 4.7 and earlier allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1422 (WinVNC 3.3.3 and earlier generates the same challenge string for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1423 (Advanced Poll before 1.61, when using a flat file database, allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1424 (Alcatel Speed Touch ADSL modem running firmware KHDSAA.108, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1425 (The challenge-response authentication of the EXPERT user for Alcatel ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1426 (Alcatel Speed Touch running firmware KHDSAA.108 and KHDSAA.132 through ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1427 (Unknown vulnerability in ColdFusion Server 2.0 through 4.5.1 SP2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1428 (The (1) FTP and (2) Telnet services in Beck GmbH IPC@Chip are shipped ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1429 (Buffer overflow in mcedit in Midnight Commander 4.5.1 allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1430 (Cayman 3220-H DSL Router 1.0 ship without a password set, which allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1431 (Nokia Firewall Appliances running IPSO 3.3 and VPN-1/FireWall-1 4.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1432 (Directory traversal vulnerability in Cherokee Web Server allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1433 (Cherokee web server before 0.2.7 does not properly drop root ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1434 (Cisco IOS 12.0(5)XU through 12.1(2) allows remote attackers to read ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1435 (inetd in Compaq Tru64 UNIX 5.1 allows attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1436 (Dallas Semiconductor iButton DS1991 returns predictable values when ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1437 (easyScripts easyNews 1.5 allows remote attackers to obtain the full ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1438 (Handspring Visor 1.0 and 1.0.1 with the VisorPhone Springboard module ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1439 (Buffer overflow in the text editor functionality in HP-UX 10.01 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1440 (Unknown vulnerability in login for AIX 5.1L, when using loadable ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1441 (Cross-site scripting (XSS) vulnerability in VisualAge for Java 3.5 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1442 (Buffer overflow in innfeed for ISC InterNetNews (INN) before 2.3.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1443 (KTH Kerberos IV and Kerberos V (Heimdal) for Telnet clients do not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1444 (The Kerberos Telnet protocol, as implemented by KTH Kerberos IV and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1445 (Unknown vulnerability in the SMTP server in Lotus Domino 5.0 through ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1446 (Find-By-Content in Mac OS X 10.0 through 10.0.4 creates world-readable ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1447 (NetInfo Manager for Mac OS X 10.0 through 10.1 allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1448 (Magic eDeveloper Enterprise Edition 8.30-5 and earlier allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1449 (The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1450 (Microsoft Internet Explorer 5.0 through 6.0 allows attackers to cause ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1451 (Memory leak in the SNMP LAN Manager (LANMAN) MIB extension for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1452 (By default, DNS servers on Windows NT 4.0 and Windows 2000 Server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1453 (Buffer overflow in libmysqlclient.so in MySQL 3.23.33 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1454 (Buffer overflow in MySQL before 3.23.33 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1455 (Netegrity SiteMinder 3.6 through 4.5.1 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1456 (Buffer overflow in the (1) smap/smapd and (2) CSMAP daemons for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1457 (Buffer overflow in CrazyWWWBoard 2000p4 and 2000LEp5 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1458 (Directory traversal vulnerability in Novell GroupWise 5.5 and 6.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1459 (OpenSSH 2.9 and earlier does not initiate a Pluggable Authentication ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1460 (SQL injection vulnerability in article.php in PostNuke 0.62 through ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1461 (Directory traversal vulnerability in WebID in RSA Security SecurID 5.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1462 (WebID in RSA Security SecurID 5.0 as used by ACE/Agent for Windows, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1463 (The remote administration client for RhinoSoft Serv-U 3.0 sends the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1464 (Crystal Reports, when displaying data for a password protected ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1465 (SurfControl SuperScout only filters packets containing both an HTTP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1466 (Buffer overflow in VanDyke SecureCRT before 3.4.2, when using the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1467 (mkpasswd in expect 5.2.8, as used by Red Hat Linux 6.2 through 7.0, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1468 (PHP remote file inclusion vulnerability in checklogin.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1469 (The RC4 stream cipher as used by SSH1 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1470 (The IDEA cipher as implemented by SSH1 does not protect the final ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1471 (prefs.php in phpBB 1.4.0 and earlier allows remote authenticated users ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1472 (SQL injection vulnerability in prefs.php in phpBB 1.4.0 and 1.4.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1473 (The SSH-1 protocol allows remote servers to conduct man-in-the-middle ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1474 (SSH before 2.0 disables host key checking when connecting to the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1475 (SSH before 2.0, when using RC4 and password authentication, allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1476 (SSH before 2.0, with RC4 encryption and the "disallow NULL passwords" ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1477 (The Domain gateway in BEA Tuxedo 7.1 does not perform authorization ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1478 (Buffer overflow in xlock in UnixWare 7.1.0 and 7.1.1 and Open Unix ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1479 (smcboot in Sun SMC (Sun Management Center) 2.0 in Solaris 8 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1480 (Java Runtime Environment (JRE) and SDK 1.2 through 1.3.0_04 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1481 (Xitami 2.4 through 2.5 b4 stores the Administrator password in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1482 (SQL injection vulnerability in bb_memberlist.php for phpBB 1.4.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1483 (One-Time Passwords In Everything (a.k.a OPIE) 2.32 and 2.4 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1484 (Alcatel ADSL modems allow remote attackers to access the Trivial File ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1487 (popauth utility in Qualcomm Qpopper 4.0 and earlier allows local users ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1488 (Open Projects Network Internet Relay Chat (IRC) daemon u2.10.05.18 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1489 (Microsoft Internet Explorer 6 allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1490 (Mozilla 0.9.6 allows remote attackers to cause a denial of service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1491 (Opera 5.11 allows remote attackers to cause a denial of service (CPU ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1492 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1494 (script command in the util-linux package before 2.11n allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1495 (network_query.php in Network Query Tool 1.0 allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1496 (Off-by-one buffer overflow in Basic Authentication in Acme Labs thttpd ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1497 (Microsoft Internet Explorer 4.0 through 6.0 could allow local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1498 (Buffer overflow in mod_bf 0.2 allows local users execute arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1499 (Check Point VPN-1 4.1SP4 using SecuRemote returns different error ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1500 (ProFTPD 1.2.2rc2, and possibly other versions, does not properly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1501 (The glob functionality in ProFTPD 1.2.1, and possibly other versions ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1502 (webcart.cgi in Mountain Network Systems WebCart 8.4 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1503 (The finger daemon (in.fingerd) in Sun Solaris 2.5 through 8 and SunOS ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1504 (Lotus Notes R5 Client 4.6 allows remote attackers to execute arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1505 (tinc 1.0pre3 and 1.0pre4 allows remote attackers to inject data into ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1506 (Unknown vulnerability in the file system protection subsystem in HP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1507 (OpenSSH before 3.0.1 with Kerberos V enabled does not properly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1508 (Buffer overflow in lpstat in SCO OpenServer 5.0 through 5.0.6a allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1509 (geteuid in Itanium Architecture (IA) running on HP-UX 11.20 does not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1510 (Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1511 (JRun 3.0 and 3.1 running on JRun Web Server (JWS) and IIS allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1512 (Unknown vulnerability in Allaire JRun 3.1 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1513 (Macromedia JRun 3.0 and 3.1 allows remote attackers to obtain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1514 (ColdFusion 4.5 and 5, when running on Windows with the advanced ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1515 (Macintosh clients, when using NT file system volumes on Windows 2000 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1516 (Cross-site scripting (XSS) vulnerability in phpReview 0.9.0 rc2 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1517 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1518 (RunAs (runas.exe) in Windows 2000 only creates one session instance at ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1519 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1520 (Xircom REX 6000 allows local users to obtain the 10 digit PIN by ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1521 (Cross-site scripting (XSS) vulnerability in user.php in PostNuke 0.64 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1522 (Cross-site scripting (XSS) vulnerability in im.php in IMessenger for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1523 (Cross-site scripting (XSS) vulnerability in the DMOZGateway module for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1524 (Cross-site scripting (XSS) vulnerability in PHP-Nuke 5.3.1 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1525 (Directory traversal vulnerability in the comments action in easyNews ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1526 (Cross-site scripting (XSS) vulnerability in the comments action in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1527 (easyNews 1.5 and earlier stores administration passwords in cleartext ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1528 (AmTote International homebet program returns different error messages ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1529 (Buffer overflow in rpc.yppasswdd (yppasswd server) in AIX allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1530 (run.cgi in Webmin 0.80 and 0.88 creates temporary files with ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1531 (Buffer overflow in Claris Emailer 2.0v2 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1532 (WebX stores authentication information in the HTTP_REFERER variable, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1533 (** DISPUTED * ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1534 (mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1535 (Slashcode 2.0 creates new accounts with an 8-character random ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1536 (Autogalaxy stores usernames and passwords in cleartext in cookies, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1537 (The default "basic" security setting' in config.php for TWIG webmail ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1538 (SpeedXess HA-120 DSL router has a default administrative password of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1539 (Stack consumption vulnerability in Internet Explorer The JavaScript ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1540 (IPRoute 0.973, 0.974 and 1.18 allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1541 (Buffer overflow in Unix-to-Unix Copy Protocol (UUCP) in BSDI BSD/OS ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1542 (NAI WebShield SMTP 4.5 and possibly 4.5 MR1a does not filter ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1543 (Axis network camera 2120, 2110, 2100, 200+ and 200 contains a default ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1544 (Directory traversal vulnerability in Macromedia JRun Web Server (JWS) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1545 (Macromedia JRun 3.0 and 3.1 appends the jsessionid to URL requests ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1546 (Pathways Homecare 6.5 uses weak encryption for user names and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1547 (Outlook Express 6.0, with "Do not allow attachments to be saved or ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1548 (ZoneAlarm 2.1 through 2.6 and ZoneAlarm Pro 2.4 and 2.6 allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1549 (Tiny Personal Firewall 1.0 and 2.0 allows local users to bypass ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1550 (CentraOne 5.2 and Centra ASP with basic authentication enabled creates ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1551 (Linux kernel 2.2.19 enables CAP_SYS_RESOURCE for setuid processes, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1552 (ssdpsrv.exe in Windows ME allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1553 (Buffer overflow in setiathome for SETI@home 3.03, if installed setuid, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1554 (IBM AIX 430 does not properly unlock IPPMTU_LOCK, which allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1555 (pt_chmod in Solaris 8 does not call fdetach to reset terminal ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1556 (The log files in Apache web server contain information directly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1557 (Buffer overflow in ftpd in IBM AIX 4.3 and 5.1 allows attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1558 (Unknown vulnerability in IP defragmenter (frag2) in Snort before 1.8.3 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1559 (The uipc system calls (uipc_syscalls.c) in OpenBSD 2.9 and 3.0 provide ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1560 (Win32k.sys (aka Graphics Device Interface (GDI)) in Windows 2000 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1561 (Buffer overflow in Xvt 2.1 in Debian Linux 2.2 allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1562 (Format string vulnerability in nvi before 1.79 allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1563 (Unknown vulnerability in Tomcat 3.2.1 running on HP Secure OS for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1564 (setrlimit in HP-UX 10.01, 10.10, 10.24, 10.20, 11.00, 11.04 and 11.11 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1565 (Point to Point Protocol daemon (pppd) in MacOS x 10.0 and 10.1 through ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1566 (Format string vulnerability in libvanessa_logger 0.0.1 in Perdition ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1567 (Lotus Domino server 5.0.9a and earlier allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1568 (CMG WAP gateway does not verify the fully qualified domain name URL ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1569 (Openwave WAP gateway does not verify the fully qualified domain name ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1570 (Windows XP with fast user switching and account lockout enabled allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1571 (The Remote Desktop client in Windows XP sends the most recent user ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1572 (The MAC module in Netfilter in Linux kernel 2.4.1 through 2.4.11, when ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1573 (Buffer overflow in smtpscan.dll for Trend Micro InterScan VirusWall ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1574 (Buffer overflow in (1) HttpSaveCVP.dll and (2) HttpSaveCSP.dll in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1575 (Apple Personal Web Sharing (PWS) 1.1, 1.5, and 1.5.5, when Web Sharing ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1576 (Buffer overflow in cron in Caldera UnixWare 7 allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1577 (Unknown vulnerability in CDE in Caldera OpenUnix 7.1.0, 7.1.1, and 8.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1578 (Unknown vulnerability in SCO OpenServer 5.0.6 and earlier allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1579 (The timed program (in.timed) in UnixWare 7 and OpenUnix 8.0.0 does not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1580 (Directory traversal vulnerability in ScriptEase viewcode.jse for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1581 (The File Blocker feature in Clearswift MAILsweeper for SMTP 4.2 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1582 (Buffer overflow in the LDAP naming services library (libsldap) in Sun ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1583 (lpd daemon (in.lpd) in Solaris 8 and earlier allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1584 (CardBoard 2.4 greeting card CGI by Michael Barretto allows remote ...) NOT-FOR-US: old or nfu CVE-2001-1585 (SSH protocol 2 (aka SSH-2) public key authentication in the ...) NOT-FOR-US: old or nfu CVE-2001-1586 (Directory traversal vulnerability in SimpleServer:WWW 1.13 and earlier ...) TODO: check CVE-2001-1587 (NWFTPD.nlm before 5.01w in the FTP server in Novell NetWare allows ...) TODO: check CVE-2002-0001 (Vulnerability in RFC822 address parser in mutt before 1.2.5.1 and mutt ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0002 (Format string vulnerability in stunnel before 3.22 when used in client ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0003 (Buffer overflow in the preprocessor in groff 1.16 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0004 (Heap corruption vulnerability in the "at" program allows local users ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0005 (Buffer overflow in AOL Instant Messenger (AIM) 4.7.2480, 4.8.2616, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0006 (XChat 1.8.7 and earlier, including default configurations of 1.4.2 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0007 (CGI.pl in Bugzilla before 2.14.1, when using LDAP, allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0008 (Bugzilla before 2.14.1 allows remote attackers to (1) spoof a user ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0009 (show_bug.cgi in Bugzilla before 2.14.1 allows a user with "Bugs ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0010 (Bugzilla before 2.14.1 allows remote attackers to inject arbitrary SQL ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0011 (Information leak in doeditvotes.cgi in Bugzilla before 2.14.1 may ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0012 (Vulnerabilities in a large number of SNMP implementations allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0013 (Vulnerabilities in the SNMPv1 request handling of a large number of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0014 (URL-handling code in Pine 4.43 and earlier allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0015 RESERVED CVE-2002-0016 RESERVED CVE-2002-0017 (Buffer overflow in SNMP daemon (snmpd) on SGI IRIX 6.5 through 6.5.15m ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0018 (In Microsoft Windows NT and Windows 2000, a trusting domain that ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0019 RESERVED CVE-2002-0020 (Buffer overflow in telnet server in Windows 2000 and Interix 2.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0021 (Network Product Identification (PID) Checker in Microsoft Office v. X ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0022 (Buffer overflow in the implementation of an HTML directive in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0023 (Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to read ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0024 (File Download box in Internet Explorer 5.01, 5.5 and 6.0 allows an ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0025 (Internet Explorer 5.01, 5.5 and 6.0 does not properly handle the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0026 (Internet Explorer 5.5 and 6.0 allows remote attackers to bypass ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0027 (Internet Explorer 5.5 and 6.0 allows remote attackers to read certain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0028 (Buffer overflow in ICQ before 2001B Beta v5.18 Build #3659 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0029 (Buffer overflows in the DNS stub resolver library in ISC BIND 4.9.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0030 (The digital signature mechanism for the Adobe Acrobat PDF viewer only ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0031 (Buffer overflows in Yahoo! Messenger 5,0,0,1064 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0032 (Yahoo! Messenger 5,0,0,1064 and earlier allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0033 (Heap-based buffer overflow in cfsd_calloc function of Solaris cachefsd ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0034 (The Microsoft CONVERT.EXE program, when used on Windows 2000 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0035 RESERVED CVE-2002-0036 (Integer signedness error in MIT Kerberos V5 ASN.1 decoder before krb5 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0037 (Lotus Domino Servers 5.x, 4.6x, and 4.5x allows attackers to bypass ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0038 (Vulnerability in the cache-limiting function of the unified name ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0039 (rpcbind in SGI IRIX 6.5 through 6.5.15f, and possibly earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0040 (Vulnerability in SGI IRIX 6.5.11 through 6.5.15f allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0041 (Unknown vulnerability in Mail for SGI IRIX 6.5 through 6.5.15f, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0042 (Vulnerability in the XFS file system for SGI IRIX before 6.5.12 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0043 (sudo 1.6.0 through 1.6.3p7 does not properly clear the environment ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0044 (GNU Enscript 1.6.1 and earlier allows local users to overwrite ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0045 (slapd in OpenLDAP 2.0 through 2.0.19 allows local users, and anonymous ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0046 (Linux kernel, and possibly other operating systems, allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0047 (CIPE VPN package before 1.3.0-3 allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0048 (Multiple signedness errors (mixed signed and unsigned numbers) in the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0049 (Microsoft Exchange Server 2000 System Attendant gives "Everyone" group ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0050 (Buffer overflow in AuthFilter ISAPI filter on Microsoft Commerce ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0051 (Windows 2000 allows local users to prevent the application of new ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0052 (Internet Explorer 6.0 and earlier does not properly handle VBScript in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0053 (Buffer overflow in SNMP agent service in Windows 95/98/98SE, Windows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0054 (SMTP service in (1) Microsoft Windows 2000 and (2) Internet Mail ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0055 (SMTP service in Microsoft Windows 2000, Windows XP Professional, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0056 (Buffer overflow in SQL Server 7.0 and 2000 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0057 (XMLHTTP control in Microsoft XML Core Services 2.6 and later does not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0058 (Vulnerability in Java Runtime Environment (JRE) allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0059 (The decompression algorithm in zlib 1.1.3 and earlier, as used in many ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0060 (IRC connection tracking helper module in the netfilter subsystem for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0061 (Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0062 (Buffer overflow in ncurses 5.0, and the ncurses4 compatibility package ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0063 (Buffer overflow in ippRead function of CUPS before 1.1.14 may allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0064 (Funk Software Proxy Host 3.x is installed with insecure permissions ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0065 (Funk Software Proxy Host 3.x uses weak encryption for the Proxy Host ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0066 (Funk Software Proxy Host 3.x before 3.09A creates a Named Pipe that ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0067 (Squid 2.4 STABLE3 and earlier does not properly disable HTCP, even ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0068 (Squid 2.4 STABLE3 and earlier allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0069 (Memory leak in SNMP in Squid 2.4 STABLE3 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0070 (Buffer overflow in Windows Shell (used as the Windows Desktop) allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0071 (Buffer overflow in the ism.dll ISAPI extension that implements HTR ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0072 (The w3svc.dll ISAPI filter in Front Page Server Extensions and ASP.NET ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0073 (The FTP service in Internet Information Server (IIS) 4.0, 5.0 and 5.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0074 (Cross-site scripting vulnerability in Help File search facility for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0075 (Cross-site scripting vulnerability for Internet Information Server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0076 (Java Runtime Environment (JRE) Bytecode Verifier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0077 (Microsoft Internet Explorer 5.01, 5.5 and 6.0 treats objects invoked ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0078 (The zone determination function in Microsoft Internet Explorer 5.5 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0079 (Buffer overflow in the chunked encoding transfer mechanism in Internet ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0080 (rsync, when running in daemon mode, does not properly call setgroups ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0081 (Buffer overflows in (1) php_mime_split in PHP 4.1.0, 4.1.1, and 4.0.6 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0082 (The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0083 (Off-by-one error in the channel code of OpenSSH 2.0 through 3.0.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0084 (Buffer overflow in the fscache_setup function of cachefsd in Solaris ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0085 (cachefsd in Solaris 2.6, 7, and 8 allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0086 (Buffer overflow in bindsock in Lotus Domino 5.0.4 and 5.0.7 on Linux ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0087 (bindsock in Lotus Domino 5.07 on Solaris allows local users to create ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0088 (Buffer overflow in admintool in Solaris 2.6, 7, and 8 allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0089 (Buffer overflow in admintool in Solaris 2.5 through 8 allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0090 (Buffer overflow in Low BandWidth X proxy (lbxproxy) in Solaris 8 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0091 (Multiple CGI scripts in CIDER SHADOW 1.5 and 1.6 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0092 (CVS before 1.10.8 does not properly initialize a global variable, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0093 (Buffer overflow in ipcs for HP Tru64 UNIX 4.0f through 5.1a may allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0094 (config_converters.py in BSCW (Basic Support for Cooperative Work) 3.x ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0095 (The default configuration of BSCW (Basic Support for Cooperative Work) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0096 (The installation of Geeklog 1.3 creates an extra group_assignments ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0097 (Geeklog 1.3 allows remote attackers to hijack user accounts, including ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0098 (Buffer overflow in index.cgi administration interface for Boozt! ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0099 (Buffer overflow in Michael Lamont Savant Web Server 3.0 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0100 (AOL AOLserver 3.4.2 Win32 allows remote attackers to bypass ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0101 (Microsoft Internet Explorer 6.0 and earlier allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0102 (Oracle9iAS Web Cache 2.0.0.x allows remote attackers to cause a denial ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0103 (An installer program for Oracle9iAS Web Cache 2.0.0.x creates ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0104 (AFTPD 5.4.4 allows remote attackers to gain sensitive information via ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0105 (CDE dtlogin in Caldera UnixWare 7.1.0, and possibly other operating ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0106 (BEA Systems Weblogic Server 6.1 allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0107 (Web administration interface in CacheFlow CacheOS 4.0.13 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0108 (Allaire Forums 2.0.4 and 2.0.5 and Forums! 3.0 and 3.1 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0109 (Linksys EtherFast BEFN2PS4, BEFSR41, and BEFSR81 Routers, and possibly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0110 (Nevrona Designs MiraMail 1.04 and earlier stores authentication ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0111 (Directory traversal vulnerability in Funsoft Dino's Webserver 1.2 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0112 (Etype Eserv 2.97 allows remote attackers to view password protected ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0113 (Legato NetWorker 6.1 stores log files in the /nsr/logs/ directory with ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0114 (Legato NetWorker 6.1 stores passwords in plaintext in the daemon.log ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0115 (Snort 1.8.3 does not properly define the minimum ICMP header size, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0116 (Palm OS 3.5h and possibly other versions, as used in Handspring Visor ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0117 (Cross-site scripting vulnerability in Yet Another Bulletin Board ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0118 (Cross-site scripting vulnerability in Infopop Ultimate Bulletin Board ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0119 (Alcatel Speed Touch Home ADSL Modem allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0120 (Apple Palm Desktop 4.0b76 and 4.0b77 creates world-readable backup ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0121 (PHP 4.0 through 4.1.1 stores session IDs in temporary files whose name ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0122 (Siemens 3568i WAP mobile phones allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0123 (MDG Computer Services Web Server 4D WS4D/eCommerce 3.0 and earlier, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0124 (MDG Computer Services Web Server 4D/eCommerce 3.5.3 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0125 (Buffer overflow in ClanLib library 0.5 may allow local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0126 (Buffer overflow in BlackMoon FTP Server 1.0 through 1.5 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0127 (Netgear RP114 Cable/DSL Web Safe Router Firmware 3.26, when configured ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0128 (cgitest.exe in Sambar Server 5.1 before Beta 4 allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0129 (efax 0.9 and earlier, when installed setuid root, allows local users ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0130 (Buffer overflow in efax 0.9 and earlier, when installed setuid root, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0131 (ActivePython ActiveX control for Python in the AXScript package, when ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0132 (Buffer overflow in Chinput 3.0 allows local users to execute arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0133 (Buffer overflows in Avirt Gateway Suite 4.2 allow remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0134 (Telnet proxy in Avirt Gateway Suite 4.2 does not require ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0135 (Netopia Timbuktu Pro 6.0.1 and earlier allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0136 (Microsoft Internet Explorer 5.5 on Windows 98 allows remote web pages ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0137 (CDRDAO 1.1.4 and 1.1.5 allows local users to overwrite arbitrary files ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0138 (CDRDAO 1.1.4 and 1.1.5 allows local users to read arbitrary files via ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0139 (Pi-Soft SpoonFTP 1.1 and earlier allows remote attackers to redirect ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0140 (Domain Name Relay Daemon (dnrd) 2.10 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0141 (Maelstrom GPL 3.0.1 allows local users to overwrite arbitrary files of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0142 (CGI handler in John Roy Pi3Web for Windows 2.0 beta 1 and 2 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0143 (Buffer overflow in Eterm of Enlightenment Imlib2 1.0.4 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0144 (Directory traversal vulnerability in chuid 1.2 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0145 (chuid 1.2 and earlier does not properly verify the ownership of files ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0146 (fetchmail email client before 5.9.10 does not properly limit the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0147 (Buffer overflow in the ASP data transfer mechanism in Internet ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0148 (Cross-site scripting vulnerability in Internet Information Server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0149 (Buffer overflow in ASP Server-Side Include Function in IIS 4.0, 5.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0150 (Buffer overflow in Internet Information Server (IIS) 4.0, 5.0, and 5.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0151 (Buffer overflow in Multiple UNC Provider (MUP) in Microsoft Windows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0152 (Buffer overflow in various Microsoft applications for Macintosh allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0153 (Internet Explorer 5.1 for Macintosh allows remote attackers to bypass ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0154 (Buffer overflows in extended stored procedures for Microsoft SQL ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0155 (Buffer overflow in Microsoft MSN Chat ActiveX Control, as used in MSN ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0157 (Nautilus 1.0.4 and earlier allows local users to overwrite arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0158 (Buffer overflow in Xsun on Solaris 2.6 through 8 allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0159 (Format string vulnerability in the administration function in Cisco ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0160 (The administration function in Cisco Secure Access Control Server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0161 RESERVED CVE-2002-0162 (LogWatch before 2.5 allows local users to execute arbitrary code via a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0163 (Heap-based buffer overflow in Squid before 2.4 STABLE4, and Squid 2.5 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0164 (Vulnerability in the MIT-SHM extension of the X server on Linux ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0165 (LogWatch 2.5 allows local users to gain root privileges via a symlink ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0166 (Cross-site scripting vulnerability in analog before 5.22 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0167 (Imlib before 1.9.13 sometimes uses the NetPBM package to load trusted ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0168 (Vulnerability in Imlib before 1.9.13 allows attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0169 (The default stylesheet for DocBook on Red Hat Linux 6.2 through 7.2 is ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0170 (Zope 2.2.0 through 2.5.1 does not properly verify the access for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0171 (IRISconsole 2.0 may allow users to log into the icadmin account with ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0172 (/dev/ipfilter on SGI IRIX 6.5 is installed by /dev/MAKEDEV with ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0173 (Buffer overflow in cpr for the eoe.sw.cpr SGI Checkpoint-Restart ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0174 (nsd on SGI IRIX before 6.5.11 allows local users to overwrite ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0175 (libsafe 2.0-11 and earlier allows attackers to bypass protection ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0176 (The printf wrappers in libsafe 2.0-11 and earlier do not properly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0177 (Buffer overflows in icecast 1.3.11 and earlier allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0178 (uudecode, as available in the sharutils package before 4.2.1, does not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0179 (Buffer overflow in xpilot-server for XPilot 4.5.0 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0180 (Buffer overflow in Webalizer 2.01-06, when configured to use reverse ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0181 (Cross-site scripting vulnerability in status.php3 for IMP 2.2.8 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0182 RESERVED CVE-2002-0184 (Heap-based buffer overflow in sudo before 1.6.6 may allow local users ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0185 (mod_python version 2.7.6 and earlier allows a module indirectly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0186 (Buffer overflow in the SQLXML ISAPI extension of Microsoft SQL Server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0187 (Cross-site scripting vulnerability in the SQLXML component of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0188 (Microsoft Internet Explorer 5.01 and 6.0 allow remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0189 (Cross-site scripting vulnerability in Internet Explorer 6.0 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0190 (Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0191 (Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0192 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0193 (Microsoft Internet Explorer 5.01 and 6.0 allow remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0194 RESERVED CVE-2002-0195 RESERVED CVE-2002-0196 (GetRelativePath in ACD Incorporated CwpAPI 1.1 only verifies if the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0197 (psyBNC 2.3 beta and earlier allows remote attackers to spoof ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0198 (Buffer overflow in plDaniels ripMime 1.2.6 and earlier, as used in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0199 (Buffer overflow in admin.cgi for Nullsoft Shoutcast Server 1.8.3 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0200 (Cyberstop Web Server for Windows 0.1 allows remote attackers to cause ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0201 (Cyberstop Web Server for Windows 0.1 allows remote attackers to cause ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0202 (PaintBBS 1.2 installs certain files and directories with insecure ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0203 (ttawebtop.cgi in Tarantella Enterprise 3.20 on SPARC Solaris and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0204 (Buffer overflow in GNU Chess (gnuchess) 5.02 and earlier, if modified ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0205 (Cross-site scripting (CSS) vulnerability in error.asp for Plumtree ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0206 (index.php in Francisco Burzi PHP-Nuke 5.3.1 and earlier, and possibly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0207 (Buffer overflow in Real Networks RealPlayer 8.0 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0208 (PGP Security PGPfire 7.1 for Windows alters the system's TCP/IP stack ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0209 (Nortel Alteon ACEdirector WebOS 9.0, with the Server Load Balancing ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0210 (setlicense for TOLIS Group Backup and Restore Utility (BRU) 17.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0211 (Race condition in the installation script for Tarantella Enterprise 3 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0212 (The login for Hosting Controller 1.1 through 1.4.1 returns different ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0213 (xkas in Xinet K-AShare 0.011.01 for IRIX allows local users to read ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0214 (Compaq Intel PRO/Wireless 2011B LAN USB Device Driver 1.5.16.0 through ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0215 (Agora.cgi 3.2r through 4.0 while in debug mode allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0216 (userinfo.php in XOOPS 1.0 RC1 allows remote attackers to obtain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0217 (Cross-site scripting (CSS) vulnerabilities in the Private Message ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0218 (Format string vulnerability in (1) sastcpd in SAS/Base 8.0 and 8.1 or ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0219 (Buffer overflow in (1) sastcpd in SAS/Base 8.0 and 8.1 or (2) objspawn ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0220 (phpsmssend.php in PhpSmsSend 1.0 allows remote attackers to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0221 (Etype Eserv 2.97 allows remote attackers to cause a denial of service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0222 (Etype Eserv 2.97 allows remote attackers to redirect traffic to other ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0223 (Infopop UBB.Threads 5.4 and Wired Community Software WWWThreads 5.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0224 (The MSDTC (Microsoft Distributed Transaction Service Coordinator) for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0225 (tac_plus Tacacs+ daemon F4.0.4.alpha, originally maintained by Cisco, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0226 (retrieve_password.pl in DCForum 6.x and 2000 generates predictable new ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0227 (KICQ 2.0.0b1 allows remote attackers to cause a denial of service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0228 (Microsoft MSN Messenger allows remote attackers to use Javascript that ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0229 (Safe Mode feature (safe_mode) in PHP 3.0 through 4.1.0 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0230 (Cross-site scripting vulnerability in fom.cgi of Faq-O-Matic 2.712 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0231 (Buffer overflow in mIRC 5.91 and earlier allows a remote server to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0232 (Directory traversal vulnerability in Multi Router Traffic Grapher ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0233 (Directory traversal vulnerability in eshare Expressions 4 Web server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0234 (NetScreen ScreenOS before 2.6.1 does not support a maximum number of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0235 (Castelle FaxPress, possibly 6.3 and other versions, when configured to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0236 (Lucent VitalSuite 8.0 through 8.2, including VitalNet, VitalEvent, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0237 (Buffer overflow in ISS BlackICE Defender 2.9 and earlier, BlackICE ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0238 (Cross-site scripting vulnerability in web administration interface for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0239 (Buffer overflow in hanterm 3.3.1 and earlier allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0240 (PHP, when installed with Apache and configured to search for index.php ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0241 (NDSAuth.DLL in Cisco Secure Authentication Control Server (ACS) 3.0.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0242 (Cross-site scripting vulnerability in Internet Explorer 6 earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0243 (Cross-site scripting vulnerability in Opera 6.0 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0244 (Directory traversal vulnerability in chroot function in AtheOS 0.3.7 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0245 (Lotus Domino server 5.0.8 with NoBanner enabled allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0246 (Format string vulnerability in the message catalog library functions ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0247 (Buffer overflows in wmtv 0.6.5 and earlier may allow local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0248 (wmtv 0.6.5 and earlier allows local users to modify arbitrary files ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0249 (PHP for Windows, when installed on Apache 2.0.28 beta as a standalone ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0250 (Web configuration utility in HP AdvanceStack hubs J3200A through ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0251 (Buffer overflow in licq 1.0.4 and earlier allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0252 (Buffer overflow in Apple QuickTime Player 5.01 and 5.02 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0253 (PHP, when not configured with the "display_errors = Off" setting in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0254 (ICQ 2001b Build 3659 allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0255 (The default configuration of Arescom NetDSL 800 does not require ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0256 (The telnet port in Arescom NetDSL 1000 router allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0257 (Cross-site scripting vulnerability in auction.pl of MakeBid Auction ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0258 (Merak Mail IceWarp Web Mail uses a static identifier as a user session ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0259 (InstantServers MiniPortal 1.1.5 and earlier stores sensitive login and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0260 (Buffer overflow in InstantServers MiniPortal 1.1.5 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0261 (Directory traversal vulnerability in InstantServers MiniPortal 1.1.5 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0262 (Directory traversal vulnerability in netget for Sybex E-Trainer web ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0263 (Buffer overflow in EasyBoard 2000 1.27 (aka EZboard) allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0264 (PowerFTP Personal FTP Server 2.03 through 2.10 stores sensitive ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0265 (Sawmill for Solaris 6.2.14 and earlier creates the AdminPassword file ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0266 (Thunderstone Texis CGI script allows remote attackers to obtain the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0267 (preferences.php in Simple Internet Publishing System (SIPS) before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0268 (Identix BioLogon 3 allows users with physical access to the system to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0269 (Internet Explorer 5.x and 6 interprets an object as an HTML document ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0270 (Opera, when configured with the "Determine action by MIME type" option ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0271 (Runtime library in GNU Ada compiler (GNAT) 3.12p through 3.14p allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0272 (Buffer overflows in mpg321 before 0.2.9 allows local and possibly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0273 (Buffer overflow in CWMail.exe in NetWin before 2.8a allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0274 (Exim 3.34 and earlier may allow local users to gain privileges via a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0275 (Falcon web server 2.0.0.1020 and earlier allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0276 (Buffer overflow in various decoders in Ettercap 0.6.3.1 and earlier, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0277 (Add2it Mailman Free 1.73 and earlier allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0278 (Directory traversal vulnerability in Add2it Mailman Free 1.73 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0279 (The kernel in HP-UX 11.11 does not properly provide arguments for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0280 (Buffer overflow in CodeBlue 4 and earlier, and possibly other ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0281 (Cross-site scripting vulnerability in DCP-Portal 4.2 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0282 (DCP-Portal 3.7 through 4.5 allows remote attackers to obtain the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0283 (Windows XP with port 445 open allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0284 (Winamp 2.78 and 2.77, when opening a wma file that requires a license, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0285 (Outlook Express 5.5 and 6.0 on Windows treats a carriage return ("CR") ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0286 (The GetPassword function in function.php of SiteNews 0.10 and 0.11 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0287 (pforum 1.14 and earlier does not explicitly enable PHP magic quotes, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0288 (Directory traversal vulnerability in Phusion web server 1.0 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0289 (Buffer overflow in Phusion web server 1.0 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0290 (Buffer overflow in Netwin WebNews CGI program 1.1, Webnews.exe, allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0291 (Dino's Webserver 1.2 allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0292 (Cross-site scripting vulnerability in Slash before 2.2.5, as used in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0293 (FTP service in Alcatel OmniPCX 4400 allows the "halt" user to gain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0294 (Alcatel 4400 installs the /chetc/shutdown command with setgid ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0295 (Alcatel OmniPCX 4400 installs files with world-writable permissions, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0296 (The installation of Tarantella Enterprise 3 allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0297 (Buffer overflow in ScriptEase MiniWeb Server 0.95 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0298 (ScriptEase MiniWeb Server 0.95 allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0299 (CNet CatchUp before 1.3.1 allows attackers to execute arbitrary code ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0300 (gnujsp 1.0.0 and 1.0.1 allows remote attackers to list directories, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0301 (Citrix NFuse 1.6 allows remote attackers to bypass authentication and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0302 (The Notify daemon for Symantec Enterprise Firewall (SEF) 6.5.x drops ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0303 (GroupWise 6, when using LDAP authentication and when Post Office has a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0304 (Lil HTTP Server 2.1 allows remote attackers to read password-protected ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0305 (Zero One Tech (ZOT) P100s print server does not properly disable the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0306 (ans.pl in Avenger's News System (ANS) 2.11 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0307 (Directory traversal vulnerability in ans.pl in Avenger's News System ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0308 (admin.asp in AdMentor 2.11 allows remote attackers to bypass ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0309 (SMTP proxy in Symantec Enterprise Firewall (SEF) 6.5.x includes the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0310 (Netwin WebNews 1.1k CGI program includes several default usernames and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0311 (Vulnerability in webtop in UnixWare 7.1.1 and Open UNIX 8.0.0 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0312 (Directory traversal vulnerability in Essentia Web Server 2.1 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0313 (Buffer overflow in Essentia Web Server 2.1 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0314 (fasttrack p2p, as used in (1) KaZaA before 1.5, (2) grokster, and (3) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0315 (fasttrack p2p, as used in (1) KaZaA, (2) grokster, and (3) morpheus ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0316 (Cross-site scripting vulnerability in eXtreme message board (XMB) 1.6x ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0317 (Gator ActiveX component (IEGator.dll) 3.0.6.1 allows remote web sites ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0318 (FreeRADIUS RADIUS server allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0319 (Cross-site scripting vulnerability in edituser.php for pforum 1.14 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0320 (Buffer overflow in Yahoo! Messenger 5.0 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0321 (Yahoo! Messenger 5.0 allows remote attackers to spoof other users by ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0322 (Yahoo! Messenger 4.0 sends user passwords in cleartext, which could ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0323 (comment2.jse in ScriptEase:WebServer allows remote attackers to read ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0324 (Greymatter 1.21c and earlier with the Bookmarklet feature enabled ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0325 (Directory traversal vulnerability in BadBlue before 1.6.1 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0326 (Cross-site scripting vulnerability in BadBlue before 1.6.1 beta allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0327 (Buffer overflow in Century Software TERM allows local users to gain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0328 (Cross-site scripting vulnerability in Ikonboard 3.0.1 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0329 (Cross-site scripting vulnerability in Snitz Forums 2000 3.3.03 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0330 (Cross-site scripting vulnerability in codeparse.php of Open Bulletin ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0331 (Directory traversal vulnerability in the HTTP server for BPM Studio ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0332 (Buffer overflows in xtell (xtelld) 1.91.1 and earlier, and 2.x before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0333 (Directory traversal vulnerability in xtell (xtelld) 1.91.1 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0334 (xtell (xtelld) 1.91.1 and earlier, and 2.x before 2.7, allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0335 (Buffer overflow in Galacticomm Worldgroup web server 3.20 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0336 (Buffer overflow in Galacticomm Worldgroup FTP server 3.20 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0337 (RealPlayer 8 allows remote attackers to cause a denial of service (CPU ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0338 (The Bat! 1.53d and 1.54beta, and possibly other versions, allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0339 (Cisco IOS 11.1CC through 12.2 with Cisco Express Forwarding (CEF) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0340 (Windows Media Player (WMP) 8.00.00.4477, and possibly other versions, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0341 (GWWEB.EXE in GroupWise Web Access 5.5, and possibly other versions, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0342 (Kmail 1.2 on KDE 2.1.1 allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0343 (Hotline Client 1.8.5 stores sensitive user information, including ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0344 (Symantec LiveUpdate 1.5 and earlier in Norton Antivirus stores ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0345 (Symantec Ghost 7.0 stores usernames and passwords in plaintext in the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0346 (Cross-site scripting vulnerability in Cobalt RAQ 4 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0347 (Directory traversal vulnerability in Cobalt RAQ 4 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0348 (service.cgi in Cobalt RAQ 4 allows remote attackers to cause a denial ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0349 (Tiny Personal Firewall (TPF) 2.0.15, under certain configurations, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0350 (HP Procurve Switch 4000M running firmware C.08.22 and C.09.09 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0351 (Buffer overflows in CFS daemon (cfsd) before 1.3.3-8.1, and 1.4x ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0352 (Phorum 3.3.2 allows remote attackers to determine the email addresses ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0353 (The ASN.1 parser in Ethereal 0.9.2 and earlier allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0354 (The XMLHttpRequest object (XMLHTTP) in Netscape 6.1 and Mozilla 0.9.7 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0355 (netstat in SGI IRIX before 6.5.12 allows local users to determine the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0356 (Vulnerability in XFS filesystem reorganizer (fsr_xfs) in SGI IRIX ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0357 (Unknown vulnerability in rpc.passwd in the nfs.sw.nis subsystem of SGI ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0358 (MediaMail and MediaMail Pro in SGI IRIX 6.5.16 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0359 (xfsmd for IRIX 6.5 through 6.5.16 uses weak authentication, which ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0360 (Buffer overflow in Sun AnswerBook2 1.4 through 1.4.3 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0361 RESERVED CVE-2002-0362 (Buffer overflow in AOL Instant Messenger (AIM) 4.2 and later allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0363 (ghostscript before 6.53 allows attackers to execute arbitrary commands ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0364 (Buffer overflow in the chunked encoding transfer mechanism in IIS 4.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0365 RESERVED CVE-2002-0366 (Buffer overflow in Remote Access Service (RAS) phonebook for Windows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0367 (smss.exe debugging subsystem in Windows NT and Windows 2000 does not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0368 (The Store Service in Microsoft Exchange 2000 allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0369 (Buffer overflow in ASP.NET Worker Process allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0370 (Buffer overflow in the ZIP capability for multiple products allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0371 (Buffer overflow in gopher client for Microsoft Internet Explorer 5.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0372 (Microsoft Windows Media Player versions 6.4 and 7.1 and Media Player ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0373 (The Windows Media Device Manager (WMDM) Service in Microsoft Windows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0374 (Format string vulnerability in the logging function for the pam_ldap ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0375 (Cross-site scripting vulnerability in sgdynamo.exe for Sgdynamo allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0376 (Buffer overflow in Apple QuickTime 5.0 ActiveX component allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0377 (Gaim 0.57 stores sensitive information in world-readable and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0378 (The default configuration of LPRng print spooler in Red Hat Linux 7.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0379 (Buffer overflow in University of Washington imap server (uw-imapd) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0380 (Buffer overflow in tcpdump 3.6.2 and earlier allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0381 (The TCP implementation in various BSD operating systems (tcp_input.c) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0382 (XChat IRC client allows remote attackers to execute arbitrary commands ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0383 RESERVED CVE-2002-0384 (Buffer overflow in Jabber plug-in for Gaim client before 0.58 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0385 (Vignette Story Server 4.1 and 6.0 allows remote attackers to obtain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0386 (The administration module for Oracle Web Cache in Oracle9iAS (9i ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0387 (Buffer overflow in gxnsapi6.dll NSAPI plugin of the Connector Module ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0388 (Cross-site scripting vulnerabilities in Mailman before 2.0.11 allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0389 (Pipermail in Mailman stores private mail messages with predictable ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0390 RESERVED CVE-2002-0391 (Integer overflow in xdr_array function in RPC servers for operating ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0392 (Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0393 (Buffer overflow in Red-M 1050 (Bluetooth Access Point) management web ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0394 (Red-M 1050 (Bluetooth Access Point) uses case insensitive passwords, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0395 (The TFTP server for Red-M 1050 (Bluetooth Access Point) can not be ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0396 (The web management server for Red-M 1050 (Bluetooth Access Point) does ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0397 (Red-M 1050 (Bluetooth Access Point) publicizes its name, IP address, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0398 (Red-M 1050 (Bluetooth Access Point) PPP server allows bonded users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0399 (Directory traversal vulnerability in GNU tar 1.13.19 through 1.13.25, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0400 (ISC BIND 9 before 9.2.1 allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0401 (SMB dissector in Ethereal 0.9.3 and earlier allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0402 (Buffer overflow in X11 dissector in Ethereal 0.9.3 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0403 (DNS dissector in Ethereal before 0.9.3 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0404 (Vulnerability in GIOP dissector in Ethereal before 0.9.3 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0405 (Buffer overflow in Transsoft Broker FTP Server 5.0 evaluation allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0406 (Menasoft SPHERE server 0.99x and 0.5x allows remote attackers to cause ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0407 (htcgibin.exe in Lotus Domino server 5.0.9a and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0408 (htcgibin.exe in Lotus Domino server 5.0.9a and earlier, when ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0409 (orderdetails.aspx, as made available to Microsoft .NET developers as ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0410 (send_message.php in AeroMail before 1.45 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0411 (Cross-site scripting vulnerability in message.php for AeroMail before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0412 (Format string vulnerability in TraceEvent function for ntop before 2.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0413 (Cross-site scripting vulnerability in ReBB allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0414 (KAME-derived implementations of IPsec on NetBSD 1.5.2, FreeBSD 4.5, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0415 (Directory traversal vulnerability in the web server used in RealPlayer ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0416 (Buffer overflow in SH39 MailServer 1.21 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0417 (Directory traversal vulnerability in Endymion MailMan before 3.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0418 (Directory traversal vulnerability in the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0419 (Information leaks in IIS 4 through 5.1 allow remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0420 (Vulnerability in PureTLS before 0.9b2 related to injection attacks, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0421 (IIS 4.0 allows local users to bypass the "User cannot change password" ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0422 (IIS 5 and 5.1 supporting WebDAV methods allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0423 (Buffer overflow in efingerd 1.5 and earlier, and possibly up to 1.61, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0424 (efingerd 1.61 and earlier, when configured without the -u option, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0425 (mIRC DCC server protocol allows remote attackers to gain sensitive ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0426 (VPN Server module in Linksys EtherFast BEFVP41 Cable/DSL VPN Router ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0427 (Buffer overflows in fpexec in mod_frontpage before 1.6.1 may allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0428 (Check Point FireWall-1 SecuRemote/SecuClient 4.0 and 4.1 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0429 (The iBCS routines in arch/i386/kernel/traps.c for Linux kernels 2.4.18 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0430 (MultiFileUploadHandler.php in the Sun Cobalt RaQ XTR administration ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0431 (XTux allows remote attackers to cause a denial of service (CPU ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0432 (Buffer overflow in (1) lprintf and (2) cprintf in sysdep.c of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0433 (Pi3Web 2.0.0 allows remote attackers to view restricted files via an ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0434 (Marcus S. Xenakis directory.php script allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0435 (Race condition in the recursive (1) directory deletion and (2) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0436 (sscd_suncourier.pl CGI script in the Sun Sunsolve CD pack allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0437 (Smsd in SMS Server Tools (SMStools) before 1.4.8 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0438 (ZyXEL ZyWALL 10 before 3.50 allows remote attackers to cause a denial ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0439 (Cross-site scripting vulnerability in CaupoShop 1.30a and earlier, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0440 (Trend Micro InterScan VirusWall HTTP proxy 3.6 with the "Skip scanning ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0441 (Directory traversal vulnerability in imlist.php for Php Imglist allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0442 (Buffer overflow in dlvr_audit for Caldera OpenServer 5.0.5 and 5.0.6 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0443 (Microsoft Windows 2000 allows local users to bypass the policy that ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0444 (Microsoft Windows 2000 running the Terminal Server 90-day trial ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0445 (article.php in PHP FirstPost 0.1 allows allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0446 (categorie.php3 in Black Tie Project (BTP) 0.4b through 0.5b allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0447 (Directory traversal vulnerability in Xerver Free Web Server 2.10 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0448 (Xerver Free Web Server 2.10 and earlier allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0449 (Buffer overflow in webpsvc.exe for Talentsoft Web+ 5.0 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0450 (Buffer overflow in Talentsoft Web+ 5.0 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0451 (filemanager_forms.php in PHProjekt 3.1 and 3.1a allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0452 (Foundry Networks ServerIron switches do not decode URIs when applying ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0453 (The account lockout capability in Oblix NetPoint 5.2 and earlier only ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0454 (Qpopper (aka in.qpopper or popper) 4.0.3 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0455 (IncrediMail stores attachments in a directory with a fixed name, which ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0456 (Eudora 5.1 and earlier versions stores attachments in a directory with ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0457 (Cross-site scripting vulnerability in signgbook.php for BG GuestBook ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0458 (Cross-site scripting vulnerability in News-TNK 1.2.1 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0459 (Cross-site scripting vulnerability in Board-TNK 1.3.1 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0460 (Bitvise WinSSHD before 2002-03-16 allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0461 (Internet Explorer 5.01 through 6 allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0462 (bigsam_guestbook.php for Big Sam (Built-In Guestbook Stand-Alone ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0463 (home.php in ARSC (Really Simple Chat) 1.0.1 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0464 (Directory traversal vulnerability in Hosting Controller 1.4.1 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0465 (Directory traversal vulnerability in filemanager.asp for Hosting ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0466 (Hosting Controller 1.4.1 and earlier allows remote attackers to browse ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0467 (Buffer overflows in Ecartis (formerly Listar) 1.0.0 before snapshot ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0468 (Buffer overflows in Ecartis (formerly Listar) 1.0.0 in snapshot ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0469 (Ecartis (formerly Listar) 1.0.0 in snapshot 20020125 and earlier does ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0470 (PHPNetToolpack 0.1 relies on its environment's PATH to find and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0471 (PHPNetToolpack 0.1 allows remote attackers to execute arbitrary code ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0472 (MSN Messenger Service 3.6, and possibly other versions, uses weak ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0473 (db.php in phBB 2.0 (aka phBB2) RC-3 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0474 (Cross-site scripting vulnerability in ZeroForum allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0475 (Cross-site scripting vulnerability in phpBB 1.4.4 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0476 (Standalone Macromedia Flash Player 5.0 allows remote attackers to save ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0477 (Standalone Macromedia Flash Player 5.0 before 5,0,30,2 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0478 (The default configuration of Foundry Networks EdgeIron 4802F allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0479 (Gravity Storm Service Pack Manager 2000 creates a hidden share ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0480 (ISS RealSecure for Nokia devices before IPSO build 6.0.2001.141d is ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0481 (An interaction between Windows Media Player (WMP) and Outlook 2002 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0482 (Directory traversal vulnerability in PCI Netsupport Manager before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0483 (index.php for PHP-Nuke 5.4 and earlier allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0484 (move_uploaded_file in PHP does not does not check for the base ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0485 (Norton Anti-Virus (NAV) allows remote attackers to bypass content ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0486 (Intellisol Xpede 4.1 uses weak encryption to store authentication ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0487 (Intellisol Xpede 4.1 stores passwords in plaintext in a Javascript ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0488 (Linux Directory Penguin traceroute.pl CGI script 1.0 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0489 (Linux Directory Penguin NsLookup CGI script (nslookup.pl) 1.0 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0490 (Instant Web Mail before 0.60 does not properly filter CR/LF sequences, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0491 (admin.php in AlGuest 1.0 guestbook checks for the existence of the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0492 (dcshop.cgi in DCShop 1.002 Beta allows remote attackers to delete ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0493 (Apache Tomcat may be started without proper security settings if ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0494 (Cross-site scripting vulnerability in WebSight Directory System 0.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0495 (csSearch.cgi in csSearch 2.3 and earlier allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0496 (The HTTP server for SouthWest Talker server 1.0.0 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0497 (Buffer overflow in mtr 0.46 and earlier, when installed setuid root, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0498 (Etnus TotalView 5.0.0-4 installs certain files with UID 5039 and GID ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0499 (The d_path function in Linux kernel 2.2.20 and earlier, and 2.4.18 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0500 (Internet Explorer 5.0 through 6.0 allows remote attackers to determine ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0501 (Format string vulnerability in log_print() function of Posadis DNS ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0502 (Citrix NFuse 1.6 may allow remote attackers to list applications ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0503 (Directory traversal vulnerability in boilerplate.asp for Citrix NFuse ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0504 (Cross-site scripting vulnerability in Citrix NFuse 1.6 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0505 (Memory leak in the Call Telephony Integration (CTI) Framework ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0506 (Buffer overflow in newt.c of newt windowing library (libnewt) 0.50.33 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0507 (An interaction between Microsoft Outlook Web Access (OWA) with RSA ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0508 (wwwisis 3.45 and earlier allows remote attackers to execute arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0509 (Transparent Network Substrate (TNS) Listener in Oracle 9i 9.0.1.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0510 (The UDP implementation in Linux 2.4.x kernels keeps the IP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0511 (The default configuration of Name Service Cache Daemon (nscd) in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0512 (startkde in KDE for Caldera OpenLinux 2.3 through 3.1.1 sets the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0513 (The PHP administration script in popper_mod 1.2.1 and earlier relies ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0514 (PF in OpenBSD 3.0 with the return-rst rule sets the TTL to 128 in the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0515 (IPFilter 3.4.25 and earlier sets a different TTL when a port is being ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0516 (SquirrelMail 1.2.5 and earlier allows authenticated SquirrelMail users ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0517 (Buffer overflow in X11 library (libX11) on Caldera Open UNIX 8.0.0, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0518 (The SYN cache (syncache) and SYN cookie (syncookie) mechanism in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0520 (Cross-site scripting vulnerability in functions-inc.asp for ASP-Nuke ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0521 (Cross-site scripting vulnerabilities in ASP-Nuke RC2 and earlier allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0522 (ASP-Nuke RC2 and earlier allows remote attackers to bypass ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0523 (ASP-Nuke RC2 and earlier allows remote attackers to list all logged-in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0524 (ASP-Nuke RC2 and earlier allows remote attackers to determine the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0525 (Format string vulnerabilities in (1) inews or (2) rnews for INN 2.2.3 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0526 (Vulnerability in (1) inews or (2) rnews for INN 2.2.3 and earlier, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0527 (Watchguard SOHO firewall before 5.0.35 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0528 (Watchguard SOHO firewall 5.0.35 unpredictably disables certain IP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0529 (HP Photosmart printer driver for Mac OS X installs the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0530 (Cross-site scripting vulnerability in Novell Web Search 2.0.1 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0531 (Directory traversal vulnerability in emumail.cgi in EMU Webmail 4.5.x ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0532 (EMU Webmail allows local users to execute arbitrary programs via a .. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0533 (phpBB 1.4.4 and earlier with BBcode allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0534 (PostBoard 2.0.1 and earlier with BBcode allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0535 (Cross-site scripting vulnerabilities in PostBoard 2.0.1 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0536 (PHPGroupware 0.9.12 and earlier, when running with the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0537 (The admin.html file in StepWeb Search Engine (SWS) 2.5 stores ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0538 (FTP proxy in Symantec Raptor Firewall 6.5.3 and Enterprise 7.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0539 (Demarc PureSecure 1.05 allows remote attackers to gain administrative ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0540 (Nortel CVX 1800 is installed with a default "public" community string, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0541 (Buffer overflow in Tivoli Storage Manager TSM (1) Server or Storage ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0542 (mail in OpenBSD 2.9 and 3.0 processes a tilde (~) escape character in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0543 (Directory traversal vulnerability in Aprelium Abyss Web Server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0544 (Aprelium Abyss Web Server (abyssws) before 1.0.3 stores the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0545 (Cisco Aironet before 11.21 with Telnet enabled allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0546 (Cross-site scripting vulnerability in the mini-browser for Winamp 2.78 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0547 (Buffer overflow in the mini-browser for Winamp 2.79 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0548 (Anthill allows remote attackers to bypass authentication and file bug ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0549 (Cross-site scripting vulnerabilities in Anthill allow remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0550 (Dynamic Guestbook 3.0 allows remote attackers to execute arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0551 (Cross-site scripting vulnerability in Dynamic Guestbook 3.0 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0552 (Multiple buffer overflows in Melange Chat server 2.02 allow remote or ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0553 (Cross-site scripting vulnerability in SunShop 2.5 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0554 (webdriver in IBM Informix Web DataBlade 4.12 allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0555 (IBM Informix Web DataBlade 4.12 unescapes user input even if an ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0556 (Directory traversal vulnerability in Quik-Serv HTTP server 1.1B allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0557 (Vulnerability in OpenBSD 3.0, when using YP with netgroups in the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0558 (Directory traversal vulnerability in TYPSoft FTP server 0.97.1 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0559 (Buffer overflows in PL/SQL module 3.0.9.8.2 in Oracle 9i Application ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0560 (PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0561 (The default configuration of the PL/SQL Gateway web administration ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0562 (The default configuration of Oracle 9i Application Server 1.0.2.x ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0563 (The default configuration of Oracle 9i Application Server 1.0.2.x ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0564 (PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0565 (Oracle 9iAS 1.0.2.x compiles JSP files in the _pages directory with ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0566 (PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0567 (Oracle 8i and 9i with PL/SQL package for External Procedures (EXTPROC) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0568 (Oracle 9i Application Server stores XSQL and SOAP configuration files ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0569 (Oracle 9i Application Server allows remote attackers to bypass access ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0570 (The encrypted loop device in Linux kernel 2.4.10 and earlier does not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0571 (Oracle Oracle9i database server 9.0.1.x allows local users to access ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0572 (FreeBSD 4.5 and earlier, and possibly other BSD-based operating ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0573 (Format string vulnerability in RPC wall daemon (rpc.rwalld) for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0574 (Memory leak in FreeBSD 4.5 and earlier allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0575 (Buffer overflow in OpenSSH before 2.9.9, and 3.x before 3.2.1, with ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0576 (ColdFusion 5.0 and earlier on Windows systems allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0577 (Vulnerability in passwd for HP-UX 11.00 and 11.11 allows local users ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0578 (Buffer overflow in 4D WebServer 6.7.3 allows remote attackers to cause ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0579 (WorkforceROI Xpede 4.1 allows remote attackers to gain privileges as ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0580 (WorkforceROI Xpede 4.1 allows remote attackers to obtain the database ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0581 (WorkforceROI Xpede 4.1 allows remote attackers to execute arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0582 (WorkforceROI Xpede 4.1 stores temporary expense claim reports in a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0583 (WorkforceROI Xpede 4.1 uses a small random namespace (5 alphanumeric ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0584 (WorkforceROI Xpede 4.1 allows remote attackers to read user timesheets ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0585 (Unknown vulnerability in ndd for HP-UX 11.11 with certain TRANSPORT patches ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0586 (Format string vulnerability in Ns_PdLog function for the external ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0587 (Buffer overflow in Ns_PdLog function for the external database driver ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0588 (PVote before 1.9 does not authenticate users for restricted ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0589 (PVote before 1.9 allows remote attackers to change the administrative ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0590 (Cross-site scripting (CSS) vulnerability in IcrediBB 1.1 Beta allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0591 (Directory traversal vulnerability in AOL Instant Messenger (AIM) 4.8 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0592 (AOL Instant Messenger (AIM) allows remote attackers to steal files ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0593 (Buffer overflow in Netscape 6 and Mozilla 1.0 RC1 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0594 (Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0595 (Buffer overflow in WTRS_UI.EXE (WTX_REMOTE.DLL) for WebTrends ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0596 (WebTrends Reporting Center 4.0d allows remote attackers to determine ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0597 (LANMAN service on Microsoft Windows 2000 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0598 (Format string vulnerability in Foundstone FScan 1.12 with banner ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0599 (Blahz-DNS 0.2 and earlier allows remote attackers to bypass ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0600 (Heap overflow in the KTH Kerberos 4 FTP client 4-1.1.1 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0601 (ISS RealSecure Network Sensor 5.x through 6.5 allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0602 (Snapgear Lite+ firewall 1.5.4 and 1.5.3 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0603 (Snapgear Lite+ firewall 1.5.3 allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0604 (Snapgear Lite+ firewall 1.5.3 and 1.5.4 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0605 (Buffer overflow in Flash OCX for Macromedia Flash 6 revision 23 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0606 (Buffer overflow in 3Cdaemon 2.0 FTP server allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0607 (members.asp in Snitz Forums 2000 version 3.3.03 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0608 (Buffer overflow in Matu FTP client 1.74 allows remote FTP servers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0609 (Vulnerability in HP MPE/iX 6.0 through 7.0 allows attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0610 (Vulnerability in FTPSRVR in HP MPE/iX 6.0 through 7.0 does not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0611 (Directory traversal vulnerability in FileSeek.cgi allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0612 (FileSeek.cgi allows remote attackers to execute arbitrary commands via ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0613 (dnstools.php for DNSTools 2.0 beta 4 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0614 (PHP-Survey 20000615 and earlier stores the global.inc file under the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0615 (The Windows Media Active Playlist in Microsoft Windows Media Player ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0616 (The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0617 (The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0618 (The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0619 (The Mail Merge Tool in Microsoft Word 2002 for Windows, when Microsoft ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0620 (Buffer overflow in the Profile Service of Microsoft Commerce Server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0621 (Buffer overflow in the Office Web Components (OWC) package installer ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0622 (The Office Web Components (OWC) package installer for Microsoft ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0623 (Buffer overflow in AuthFilter ISAPI filter on Microsoft Commerce ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0624 (Buffer overflow in the password encryption function of Microsoft SQL ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0626 (Polycom ViewStation before 7.2.4 has a default null password for the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0627 (The Web server for Polycom ViewStation before 7.2.4 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0628 (The Telnet service for Polycom ViewStation before 7.2.4 does not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0629 (The Telnet service for Polycom ViewStation before 7.2.4 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0630 (The Telnet service for Polycom ViewStation before 7.2.4 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0631 (Unknown vulnerability in nveventd in NetVisualyzer on SGI IRIX 6.5 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0632 (Vulnerability in SGI BDS (Bulk Data Service) BDSPro 2.4 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0633 RESERVED CVE-2002-0634 RESERVED CVE-2002-0635 RESERVED CVE-2002-0636 RESERVED CVE-2002-0637 (InterScan VirusWall 3.52 build 1462 allows remote attackers to bypass ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0638 (setpwnam.c in the util-linux package, as included in Red Hat Linux 7.3 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0639 (Integer overflow in sshd in OpenSSH 2.9.9 through 3.3 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0640 (Buffer overflow in sshd in OpenSSH 2.3.1 through 3.3 may allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0641 (Buffer overflow in bulk insert procedure of Microsoft SQL Server 2000, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0642 (The registry key containing the SQL Server service account information ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0643 (The installation of Microsoft Data Engine 1.0 (MSDE 1.0), and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0644 (Buffer overflow in several Database Consistency Checkers (DBCCs) for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0645 (SQL injection vulnerability in stored procedures for Microsoft SQL ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0646 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0647 (Buffer overflow in a legacy ActiveX control used to display specially ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0648 (The legacy <script> data-island capability for XML in Microsoft ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0649 (Multiple buffer overflows in the Resolution Service for Microsoft SQL ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0650 (The keep-alive mechanism for Microsoft SQL Server 2000 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0651 (Buffer overflow in the DNS resolver code used in libc, glibc, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0652 (xfsmd for IRIX 6.5 through 6.5.16 allows remote attackers to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0653 (Off-by-one buffer overflow in the ssl_compat_directive function, as ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0654 (Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0655 (OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, does not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0656 (Buffer overflows in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0657 (Buffer overflow in OpenSSL 0.9.7 before 0.9.7-beta3, with Kerberos ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0658 (OSSP mm library (libmm) before 1.2.0 allows the local Apache user to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0659 (The ASN1 library in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0660 (Buffer overflow in libpng 1.0.12-3.woody.2 and libpng3 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0661 (Directory traversal vulnerability in Apache 2.0 through 2.0.39 on ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0662 (scrollkeeper-get-cl in ScrollKeeper 0.3 to 0.3.11 allows local users ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0663 (Buffer overflow in HTTP Proxy for Symantec Norton Personal Internet ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0664 (The default Access Control Lists (ACLs) of the administration database ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0665 (Macromedia JRun Administration Server allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0666 (IPSEC implementations including (1) FreeS/WAN and (2) KAME do not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0667 (Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0668 (The web interface for Pingtel xpressa SIP-based voice-over-IP phone ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0669 (The web interface for Pingtel xpressa SIP-based voice-over-IP phone ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0670 (The web interface for Pingtel xpressa SIP-based voice-over-IP phone ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0671 (Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0672 (Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0673 (The enrollment process for Pingtel xpressa SIP-based voice-over-IP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0674 (Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0675 (Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0676 (SoftwareUpdate for MacOS 10.1.x does not use authentication when ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0677 (CDE ToolTalk database server (ttdbserver) allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0678 (CDE ToolTalk database server (ttdbserver) allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0679 (Buffer overflow in Common Desktop Environment (CDE) ToolTalk RPC ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0680 (Directory traversal vulnerability in GoAhead Web Server 2.1 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0681 (Cross-site scripting vulnerability in GoAhead Web Server 2.1 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0682 (Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0683 (Directory traversal vulnerability in Carello 1.3 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0684 (Buffer overflow in DNS resolver functions that perform lookup of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0685 (Heap-based buffer overflow in the message decoding functionality for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0686 (Buffer overflow in the search component for iPlanet Web Server (iWS) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0687 (The "through the web code" capability for Zope 2.0 through 2.5.1 b1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0688 (ZCatalog plug-in index support capability for Zope 2.4.0 through 2.5.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0689 RESERVED CVE-2002-0690 (Format string vulnerability in McAfee Security ePolicy Orchestrator ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0691 (Microsoft Internet Explorer 5.01 and 5.5 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0692 (Buffer overflow in SmartHTML Interpreter (shtml.dll) in Microsoft ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0693 (Buffer overflow in the HTML Help ActiveX Control (hhctrl.ocx) in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0694 (The HTML Help facility in Microsoft Windows 98, 98 Second Edition, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0695 (Buffer overflow in the Transact-SQL (T-SQL) OpenRowSet component of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0696 (Microsoft Visual FoxPro 6.0 does not register its associated files ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0697 (Microsoft Metadirectory Services (MMS) 2.2 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0698 (Buffer overflow in Internet Mail Connector (IMC) for Microsoft ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0699 (Unknown vulnerability in the Certificate Enrollment ActiveX Control in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0700 (Buffer overflow in a system function that performs user authentication ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0701 (ktrace in BSD-based operating systems allows the owner of a process ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0702 (Format string vulnerabilities in the logging routines for dynamic DNS ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0703 (An interaction between the Perl MD5 module (perl-Digest-MD5) and Perl ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0704 (The Network Address Translation (NAT) capability for Netfilter ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0705 (The Web Reports Server for SurfControl SuperScout WebFilter stores the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0706 (UserManager.js in the Web Reports Server for SurfControl SuperScout ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0707 (The Web Reports Server for SurfControl SuperScout WebFilter allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0708 (Directory traversal vulnerability in the Web Reports Server for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0709 (SQL injection vulnerabilities in the Web Reports Server for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0710 (Directory traversal vulnerability in sendform.cgi 1.44 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0711 (Unknown vulnerability in Cluster Interconnect for HP TruCluster Server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0712 (Entrust Authority Security Manager (EASM) 6.0 does not properly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0713 (Buffer overflows in Squid before 2.4.STABLE6 allow remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0714 (FTP proxy in Squid before 2.4.STABLE6 does not compare the IP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0715 (Vulnerability in Squid before 2.4.STABLE6 related to proxy ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0716 (Format string vulnerability in crontab for SCO OpenServer 5.0.5 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0717 (PHP 4.2.0 and 4.2.1 allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0718 (Web authoring command in Microsoft Content Management Server (MCMS) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0719 (SQL injection vulnerability in the function that services for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0720 (A handler routine for the Network Connection Manager (NCM) in Windows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0721 (Microsoft SQL Server 7.0 and 2000 installs with weak permissions for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0722 (Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0723 (Microsoft Internet Explorer 5.5 and 6.0 does not properly verify the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0724 (Buffer overflow in SMB (Server Message Block) protocol in Microsoft ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0725 (NTFS file system in Windows NT 4.0 and Windows 2000 SP2 allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0726 (Buffer overflow in Microsoft Terminal Services Advanced Client (TSAC) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0727 (The Host function in Microsoft Office Web Components (OWC) 2000 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0728 (Buffer overflow in the progressive reader for libpng 1.2.x before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0729 (Microsoft SQL Server 2000 allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0730 (Cross-site scripting vulnerability in guestbook.pl for Philip ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0731 (Cross-site scripting vulnerability in demonstration scripts for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0732 (Cross-site scripting vulnerability in MyGuestbook 1.0 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0733 (Cross-site scripting vulnerability in thttpd 2.20 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0734 (b2edit.showposts.php in B2 2.0.6pre2 and earlier does not properly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0735 (Format string vulnerability in the logging() function in C-Note Squid ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0736 (Microsoft BackOffice 4.0 and 4.5, when configured to be accessible by ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0737 (Sambar web server before 5.2 beta 1 allows remote attackers to obtain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0738 (MHonArc 2.5.2 and earlier does not properly filter Javascript from ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0739 (Cross-site scripting in PostCalendar 3.02 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0740 (Buffer overflow in slrnpull for the SLRN package, when installed ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0741 (psyBNC 2.3 allows remote attackers to cause a denial of service (CPU ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0742 (Buffer overflow in pioout on AIX 4.3.3. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0743 (mail and mailx in AIX 4.3.3 core dump when called with a very long ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0744 (namerslv in AIX 4.3.3 core dumps when called with a very long ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0745 (Buffer overflow in uucp in AIX 4.3.3. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0746 (Vulnerability in template.dhcpo in AIX 4.3.3 related to an insecure ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0747 (Buffer overflow in lsmcode in AIX 4.3.3. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0748 (LabVIEW Web Server 5.1.1 through 6.1 allows remote attackers to cause ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0749 (CGIscript.net csMailto.cgi allows remote attackers to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0750 (CGIscript.net csMailto.cgi program allows remote attackers to read ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0751 (CGIscript.net csMailto.cgi program allows remote attackers to use ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0752 (CGIscript.net csMailto.cgi program exports feedback to a file that is ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0753 (Buffer overflow in Talentsoft Web+ 5.0 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0754 (Kerberos 5 su (k5su) in FreeBSD 4.4 and earlier relies on the getlogin ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0755 (Kerberos 5 su (k5su) in FreeBSD 4.5 and earlier does not verify that a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0756 (Cross-site scripting vulnerability in the authentication page for (1) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0757 ((1) Webmin 0.96 and (2) Usermin 0.90 with password timeouts enabled ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0758 (ifup-dhcp script in the sysconfig package for SuSE 8.0 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0759 (bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0760 (Race condition in bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0761 (bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0762 (shadow package in SuSE 8.0 allows local users to destroy the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0763 (Vulnerability in administration server for HP VirtualVault 4.5 on ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0764 (Phorum 3.3.2a allows remote attackers to execute arbitrary commands ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0765 (sshd in OpenSSH 3.2.2, when using YP with netgroups and under certain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0766 (OpenBSD 2.9 through 3.1 allows local users to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0767 (simpleinit on Linux systems does not close a read/write FIFO file ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0768 (Buffer overflow in lukemftp FTP client in SuSE 6.4 through 8.0, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0769 (The web-based configuration interface for the Cisco ATA 186 Analog ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0770 (Quake 2 (Q2) server 3.20 and 3.21 allows remote attackers to obtain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0771 (Cross-site scripting vulnerability in viewcvs.cgi for ViewCVS 0.9.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0772 (Directory traversal vulnerability in dsnmanager.asp for Hosting ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0773 (imp_rootdir.asp for Hosting Controller allows remote attackers to copy ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0774 (Hosting Controller creates a default user AdvWebadmin with a default ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0775 (browse.asp in Hosting Controller allows remote attackers to view ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0776 (getuserdesc.asp in Hosting Controller 2002 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0777 (Buffer overflow in the LDAP component of Ipswitch IMail 7.1 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0778 (The default configuration of the proxy for Cisco Cache Engine and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0779 (FTP proxy server for Novell BorderManager 3.6 SP 1a allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0780 (IP/IPX gateway for Novell BorderManager 3.6 SP 1a allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0781 (RTSP proxy for Novell BorderManager 3.6 SP 1a allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0782 (Novell BorderManager 3.5 with PAT (Port-Address Translate) enabled ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0783 (Opera 6.01, 6.0, and 5.12 allows remote attackers to execute arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0784 (Directory traversal vulnerability in Lysias Lidik web server 0.7b ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0785 (AOL Instant Messenger (AIM) allows remote attackers to cause a denial ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0786 (iCon administrative web server for Critical Path inJoin Directory ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0787 (Cross-site scripting vulnerabilities in iCon administrative web server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0788 (An interaction between PGP 7.0.3 with the "wipe deleted files" option, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0789 (Buffer overflow in search.cgi in mnoGoSearch 3.1.19 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0790 (clchkspuser and clpasswdremote in AIX expose an encrypted password in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0791 (Novell Netware FTP server NWFTPD before 5.02r allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0792 (The web management interface for Cisco Content Service Switch (CSS) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0793 (Hard link and possibly symbolic link following vulnerabilities in QNX ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0794 (The accept_filter mechanism in FreeBSD 4 through 4.5 does not properly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0795 (The rc system startup script for FreeBSD 4 through 4.5 allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0796 (Format string vulnerability in the logging component of snmpdx for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0797 (Buffer overflow in the MIB parsing component of mibiisa for Solaris ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0798 (Vulnerability in swinstall for HP-UX 11.00 and 11.11 allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0799 (Buffer overflow in YoungZSoft CMailServer 3.30 allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0800 (BadBlue 1.7.0 allows remote attackers to list the contents of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0801 (Buffer overflow in the ISAPI DLL filter for Macromedia JRun 3.1 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0802 (The multibyte support in PostgreSQL 6.5.x with SQL_ASCII encoding ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0803 (Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0804 (Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, when configured ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0805 (Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, (1) creates new ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0806 (Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0807 (Cross-site scripting vulnerabilities in Bugzilla 2.14 before 2.14.2, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0808 (Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, when performing ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0809 (Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, does not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0810 (Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, directs error ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0811 (Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, may allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0812 (Information leak in Compaq WL310, and the Orinoco Residential Gateway ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0813 (Heap-based buffer overflow in the TFTP server capability in Cisco IOS ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0814 (Buffer overflow in VMware Authorization Service for VMware GSX Server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0815 (The Javascript "Same Origin Policy" (SOP), as implemented in (1) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0816 (Buffer overflow in su in Tru64 Unix 5.x allows local users to gain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0817 (Format string vulnerability in super for Linux allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0818 (wwwoffled in World Wide Web Offline Explorer (WWWOFFLE) allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0819 (Format string vulnerability in artsd, when called by artswrapper, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0820 (FreeBSD kernel 4.6 and earlier closes the file descriptors 0, 1, and 2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0821 (Buffer overflows in Ethereal 0.9.4 and earlier allow remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0822 (Ethereal 0.9.4 and earlier allows remote attackers to cause a denial ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0823 (Buffer overflow in Winhlp32.exe allows remote attackers to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0824 (BSD pppd allows local users to change the permissions of arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0825 (Buffer overflow in the DNS SRV code for nss_ldap before nss_ldap-198 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0826 (Buffer overflow in WS_FTP FTP Server 3.1.1 allows remote authenticated ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0827 (Vulnerability in pppd on UnixWare 7.1.1 and Open UNIX 8.0.0 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0828 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0829 (Integer overflow in the Berkeley Fast File System (FFS) in FreeBSD ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0830 (Network File System (NFS) in FreeBSD 4.6.1 RELEASE-p7 and earlier, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0831 (The kqueue mechanism in FreeBSD 4.3 through 4.6 STABLE allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0832 (Internet Explorer 5, 5.6, and 6 allows remote attackers to bypass ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0833 (Buffer overflow in Eudora 5.1.1 and 5.0-J for Windows, and possibly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0834 (Buffer overflow in the ISIS dissector for Ethereal 0.9.5 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0835 (Preboot eXecution Environment (PXE) server allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0836 (dvips converter for Postscript files in the tetex package calls the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0837 (wordtrans 1.1pre8 and earlier in the wordtrans-web package allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0838 (Buffer overflow in (1) gv 3.5.8 and earlier, (2) gvv 1.0.2 and ...) BUG: 59385 CVE-2002-0839 (The shared memory scoreboard in the HTTP daemon for Apache 1.3.x ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0840 (Cross-site scripting (XSS) vulnerability in the default error page of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0841 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0842 (Format string vulnerability in certain third party modifications to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0843 (Buffer overflows in the ApacheBench benchmark support program (ab.c) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0844 (Off-by-one overflow in the CVS PreservePermissions of rcs.c for CVSD ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0845 (Buffer overflow in Sun ONE / iPlanet Web Server 4.1 and 6.0 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0846 (The decoder for Macromedia Shockwave Flash allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0847 (tinyproxy HTTP proxy 1.5.0, 1.4.3, and earlier allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0848 (Cisco VPN 5000 series concentrator hardware 6.0.21.0002 and earlier, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0849 (Linux-iSCSI iSCSI implementation installs the iscsi.conf file with ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0850 (Buffer overflow in PGP Corporate Desktop 7.1.1 allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0851 (Format string vulnerability in ISDN Point to Point Protocol (PPP) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0852 (Buffer overflows in Cisco Virtual Private Network (VPN) Client 3.5.4 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0853 (Cisco Virtual Private Network (VPN) Client 3.5.4 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0854 (Buffer overflows in ISDN Point to Point Protocol (PPP) daemon (ipppd) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0855 (Cross-site scripting vulnerability in Mailman before 2.0.12 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0856 (SQL*NET listener for Oracle Net Oracle9i 9.0.x and 9.2 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0857 (Format string vulnerabilities in Oracle Listener Control utility ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0858 (catsnmp in Oracle 9i and 8i is installed with a dbsnmp user with a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0859 (Buffer overflow in the OpenDataSource function of the Jet engine on ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0860 (The LoadText method in the spreadsheet component in Microsoft Office ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0861 (Microsoft Office Web Components (OWC) 2000 and 2002 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0862 (The (1) CertGetCertificateChain, (2) CertVerifyCertificateChainPolicy, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0863 (Remote Data Protocol (RDP) version 5.0 in Microsoft Windows 2000 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0864 (The Remote Data Protocol (RDP) version 5.1 in Microsoft Windows XP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0865 (A certain class that supports XML (Extensible Markup Language) in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0866 (Java Database Connectivity (JDBC) classes in Microsoft Virtual Machine ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0867 (Microsoft Virtual Machine (VM) up to and including build 5.0.3805 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0868 RESERVED CVE-2002-0869 (Unknown vulnerability in the hosting process (dllhost.exe) for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0870 (The original patch for the Cisco Content Service Switch 11000 Series ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0871 (xinetd 2.3.4 leaks file descriptors for the signal pipe to services ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0872 (l2tpd 0.67 does not initialize the random number generator, which ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0873 (Vulnerability in l2tpd 0.67 allows remote attackers to overwrite the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0874 (Vulnerability in Interchange 4.8.6, 4.8.3, and other versions, when ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0875 (Vulnerability in FAM 2.6.8, 2.6.6, and other versions allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0876 (Web server for Shambala 4.5 allows remote attackers to cause a denial ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0877 (Directory traversal vulnerability in the FTP server for Shambala 4.5 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0878 (SQL injection vulnerability in the login form for LogiSense software ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0879 (showtemp.cfm for Gafware CFXImage 1.6.6 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0880 (Cisco IP Phone (VoIP) models 7910, 7940, and 7960 allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0881 (Cisco IP Phone (VoIP) models 7910, 7940, and 7960 use a default ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0882 (The web server for Cisco IP Phone (VoIP) models 7910, 7940, and 7960 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0883 (Vulnerability in Compaq ProLiant BL e-Class Integrated Administrator ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0884 (Multiple format string vulnerabilities in in.rarpd (ARP server) on ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0885 (Multiple buffer overflows in in.rarpd (ARP server) on Solaris, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0886 (Cisco DSL CPE devices running CBOS 2.4.4 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0887 (scoadmin for Caldera/SCO OpenServer 5.0.5 and 5.0.6 allows local users ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0888 (3Com OfficeConnect Remote 812 ADSL Router, firmware 1.1.9 and 1.1.7, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0889 (Buffer overflow in Qpopper (popper) 4.0.4 and earlier allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0891 (The web interface (WebUI) of NetScreen ScreenOS before 2.6.1r8, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0892 (The default configuration of NewAtlanta ServletExec ISAPI 4.1 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0893 (Directory traversal vulnerability in NewAtlanta ServletExec ISAPI 4.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0894 (NewAtlanta ServletExec ISAPI 4.1 allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0895 (Buffer overflow in MatuFtpServer 1.1.3.0 (1.1.3) allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0896 (The throttle capability in Swatch may fail to report certain events if ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0897 (LocalWEB2000 2.1.0 web server allows remote attackers to bypass access ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0898 (Opera 6.0.1 and 6.0.2 allows a remote web site to upload arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0899 (Falcon web server 2.0.0.1021 and earlier allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0900 (Buffer overflow in pks PGP public key web server before 0.9.5 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0901 (Multiple buffer overflows in Advanced Maryland Automatic Network Disk ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0902 (Cross-site scripting vulnerability in phpBB 2.0.0 (phpBB2) allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0903 (register.php for WoltLab Burning Board (wbboard) 1.1.1 uses a small ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0904 (SayText function in Kismet 2.2.1 and earlier allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0905 (Buffer overflow in sqlexec for Informix SE-7.25 allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0906 (Buffer overflow in Sendmail before 8.12.5, when configured to use a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0907 (Buffer overflow in SHOUTcast 1.8.9 and other versions before 1.8.12 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0908 (Directory traversal vulnerability in the web server for Cisco IDS ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0909 (Multiple buffer overflows in mnews 1.22 and earlier allow (1) a remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0910 (Buffer overflows in netstd 3.07-17 package allows remote DNS servers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0911 (Caldera Volution Manager 1.1 stores the Directory Administrator ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0912 (in.uucpd UUCP server in Debian GNU/Linux 2.2, and possibly other ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0913 (Format string vulnerability in log_doit function of Slurp NNTP client ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0914 (Double Precision Courier e-mail MTA allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0915 (autorun in Xandros based Linux distributions allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0916 (Format string vulnerability in the allowuser code for the Stellar-X ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0917 (CGIScript.net csPassword.cgi stores .htpasswd files under the web ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0918 (CGIScript.net csPassword.cgi leaks sensitive information such as the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0919 (CGIScript.net csPassword.cgi allows remote authenticated users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0920 (CGIScript.net csPassword.cgi stores usernames and unencrypted ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0921 (CGIScript.net csNews.cgi allows remote attackers to obtain potentially ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0922 (CGIScript.net csNews.cgi allows remote attackers to obtain database ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0923 (CGIScript.net csNews.cgi allows remote authenticated users to read ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0924 (CGIScript.net csNews.cgi allows remote authenticated users to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0925 (Format string vulnerability in mmsyslog function allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0926 (Directory traversal vulnerability in Wolfram Research webMathematica ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0928 (Buffer overflow in the Pirch 98 IRC client allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0929 (Buffer overflows in the DHCP server for NetWare 6.0 SP1 allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0930 (Format string vulnerability in the FTP server for Novell Netware 6.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0931 (Cross-site scripting vulnerabilities in MyHelpDesk 20020509, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0932 (SQL injection vulnerability in index.php for MyHelpDesk 20020509, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0933 (Datalex PLC BookIt! Consumer before 2.2 stores usernames and passwords ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0934 (Directory traversal vulnerability in Jon Hedley AlienForm2 (typically ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0935 (Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0936 (The Java Server Pages (JSP) engine in Tomcat allows web page owners to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0937 (The Java Server Pages (JSP) engine in JRun allows web page owners to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0938 (Cross-site scripting vulnerability in CiscoSecure ACS 3.0 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0939 (The Install Wizard for nCipher MSCAPI CSP 5.50 does not use Operator ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0940 (domesticinstall.exe for nCipher MSCAPI CSP 5.50 and 5.54 does not use ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0941 (The ConsoleCallBack class for nCipher running under JRE 1.4.0 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0942 (Buffer overflows in Lugiment Log Explorer before 3.02 allow attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0943 (MetaCart2.sql stores the user database under the web document root ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0944 (Cross-site scripting vulnerability in DeepMetrix LiveStats 5.03 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0945 (Buffer overflow in SeaNox Devwex allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0946 (Directory traversal vulnerability in SeaNox Devwex before 1.2002.0601 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0947 (Buffer overflow in rwcgi60 CGI program for Oracle Reports Server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0948 (Scripts For Educators MakeBook 2.2 CGI program allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0949 (Telindus 1100 series ADSL router allows remote attackers to gain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0950 (Cross-site scripting vulnerability in TransWARE Active! mail 1.422 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0951 (SQL injection vulnerability in Ruslan <Body>Builder allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0952 (Cisco ONS15454 optical transport platform running ONS 3.1.0 to 3.2.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0953 (globals.php in PHP Address before 0.2f, with the PHP allow_url_fopen ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0954 (The encryption algorithms for enable and passwd commands on Cisco PIX ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0955 (Cross-site scripting vulnerability in YaBB.cgi for Yet Another ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0956 (BlackICE Agent 3.1.eal does not always reactivate after a system ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0957 (The default configuration of BlackICE Agent 3.1.eal and 3.1.ebh has a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0958 (Cross-site scripting vulnerability in browse.php for PHP(Reactor) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0959 (Cross-site scripting vulnerability in Splatt Forum 3.0 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0960 (Multiple cross-site scripting vulnerabilities in Voxel Dot Net CBMS ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0961 (Vulnerabilities in Voxel Dot Net CBMS 0.7 and earlier allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0962 (Cross-site scripting vulnerabilities in GeekLog 1.3.5 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0963 (SQL injection vulnerability in comment.php for GeekLog 1.3.5 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0964 (Half-Life Server 1.1.1.0 and earlier allows remote attackers to cause ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0965 (Buffer overflow in TNS Listener for Oracle 9i Database Server on ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0966 (Buffer overflow in 4D web server 6.7.3 allow remote attackers to cause ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0967 (Buffer overflow in eDonkey 2000 35.16.60 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0968 (Buffer overflow in AnalogX SimpleServer:WWW 1.16 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0969 (Buffer overflow in MySQL daemon (mysqld) before 3.23.50, and 4.0 beta ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0970 (The SSL capability for Konqueror in KDE 3.0.2 and earlier does not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0971 (Vulnerability in VNC, TightVNC, and TridiaVNC allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0972 (Buffer overflows in PostgreSQL 7.2 allow attackers to cause a denial ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0973 (Integer signedness error in several system calls for FreeBSD 4.6.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0974 (Help and Support Center for Windows XP allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0975 (Buffer overflow in Microsoft DirectX Files Viewer ActiveX control ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0976 (Internet Explorer 4.0 and later allows remote attackers to read ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0977 (Buffer overflow in Microsoft File Transfer Manager (FTM) ActiveX ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0978 (Microsoft File Transfer Manager (FTM) ActiveX control before 4.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0979 (The Java logging feature for the Java Virtual Machine in Internet ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0980 (The Web Folder component for Internet Explorer 5.5 and 6.0 writes an ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0981 (Buffer overflow in ndcfg command for UnixWare 7.1.1 and Open UNIX ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0982 (Microsoft SQL Server 2000 SP2, when configured as a distributor, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0983 (IRC client irssi in irssi-text before 0.8.4 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0984 (The IRC script included in Light 2.7.x before 2.7.30p5, and 2.8.x ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0985 (Argument injection vulnerability in the mail function for PHP 4.x to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0986 (The mail function in PHP 4.x to 4.2.2 does not filter ASCII control ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0987 (X server (Xsco) in OpenUNIX 8.0.0 and UnixWare 7.1.1 does not drop ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0988 (Buffer overflow in X server (Xsco) in OpenUNIX 8.0.0 and UnixWare ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0989 (The URL handler in the manual browser option for Gaim before 0.59.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0990 (The web proxy component in Symantec Enterprise Firewall (SEF) 6.5.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0991 (Buffer overflows in the cifslogin command for HP CIFS/9000 Client ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0992 (Unknown vulnerability in IPV6 functionality for DCE daemons (1) dced ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0993 (Unknown vulnerability in HP Instant Support Enterprise Edition (ISEE) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0994 (SunPCi II VNC uses a weak authentication scheme, which allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0995 (login.php for PHPAuction allows remote attackers to gain privileges ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0996 (Multiple buffer overflows in Novell NetMail (NIMS) 3.0.3 before 3.0.3C ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0997 (Buffer overflows in IMAP Agent (imapd) for Novell NetMail (NIMS) 3.0.3 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0998 (Directory traversal vulnerability in cafenews.php for CARE 2002 before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0999 (Multiple SQL injection vulnerabilities in CARE 2002 before beta 1.0.02 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1000 (Buffer overflow in AnalogX SimpleServer:Shout 1.0 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1001 (Buffer overflows in AnalogX Proxy before 4.12 allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1002 (Buffer overflow in Novell iManager (eMFrame 1.2.1) allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1003 (Buffer overflow in MyWebServer 1.02 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1004 (Directory traversal vulnerability in webmail feature of ArGoSoft Mail ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1005 (ArGoSoft Mail Server 1.8.1.7 and earlier allows a webmail user to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1006 (Cross-site scripting (XSS) vulnerability in BBC Education Text to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1007 (Cross-site scripting vulnerabilities in Blackboard 5 allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1008 (Cross-site scripting vulnerability in PowerBASIC urlcount.cgi, as ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1009 (Cross-site scripting vulnerability in PowerBASIC pbcgi.cgi, as ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1010 (Lotus Domino R4 allows remote attackers to bypass access restrictions ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1011 (Buffer overflow in web server for Tivoli Management Framework (TMF) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1012 (Buffer overflow in web server for Tivoli Management Framework (TMF) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1013 (Buffer overflow in traffic_manager for Inktomi Traffic Server 4.0.18 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1014 (Buffer overflow in RealJukebox 2 1.0.2.340 and 1.0.2.379, and RealOne ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1015 (RealJukebox 2 1.0.2.340 and 1.0.2.379, and RealOne Player Gold ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1016 (Adobe eBook Reader allows a user to bypass restrictions for copy, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1017 (Adobe eBook Reader 2.1 and 2.2 allows a user to copy eBooks to other ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1018 (The library feature for Adobe Content Server 3.0 does not verify if a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1019 (The library feature for Adobe Content Server 3.0 allows a remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1020 (The library feature for Adobe Content Server 3.0 allows a remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1021 (BadBlue server allows remote attackers to read restricted files, such ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1022 (BadBlue server stores passwords in plaintext in the ext.ini file, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1023 (BadBlue server allows remote attackers to cause a denial of service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1024 (Cisco IOS 12.0 through 12.2, when supporting SSH, allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1025 (JRun 3.0 through 4.0 allows remote attackers to read JSP source code ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1026 (Macromedia Sitespring 1.2.0 (277.1) using Sybase runtime engine ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1027 (Cross-site scripting vulnerability in the default HTTP 500 error ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1028 (Multiple buffer overflows in the CGI programs for Oddsock Song ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1029 (Res Manager in Worldspan for Windows Gateway 4.1 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1030 (Race condition in Performance Pack in BEA WebLogic Server and Express ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1031 (KeyFocus (KF) web server 1.0.2 allows remote attackers to list ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1032 (Buffer overflow in KeyFocus (KF) web server 1.0.5 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1033 (Directory traversal vulnerability in none.php for SunPS iRunbook 2.5.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1034 (none.php for SunPS iRunbook 2.5.2 allows remote attackers to read ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1035 (Omnicron OmniHTTPd 2.09 allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1036 (Cross-site scripting vulnerability in search.pl for Fluid Dynamics ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1037 (Cross-site scripting vulnerability in Double Choco Latte (DCL) before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1038 (Double Choco Latte (DCL) before 20020706 does not properly verify if a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1039 (Directory traversal vulnerability in Double Choco Latte (DCL) before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1040 (Unknown vulnerability in the WebSecure (DFSWeb) configuration ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1041 (Unknown vulnerability in DCE (1) SMIT panels and (2) configuration ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1042 (Directory traversal vulnerability in search engine for iPlanet web ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1043 (Ultrafunk Popcorn 1.20 allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1044 (Buffer overflow in Ultrafunk Popcorn 1.20 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1045 (Ultrafunk Popcorn 1.20 allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1046 (Dynamic VPN Configuration Protocol service (DVCP) in Watchguard ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1047 (The FTP service in Watchguard Soho Firewall 5.0.35a allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1048 (HP JetDirect printers allow remote attackers to obtain the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1049 (Format string vulnerability in HylaFAX faxgetty before 4.1.3 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1050 (Buffer overflow in HylaFAX faxgetty before 4.1.3 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1051 (Format string vulnerability in TrACESroute 6.0 GOLD (aka NANOG ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1052 (Jigsaw 2.2.1 on Windows systems allows remote attackers to use MS-DOS ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1053 (Cross-site scripting (XSS) vulnerability in W3C Jigsaw Proxy Server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1054 (Directory traversal vulnerability in Pablo FTP server 1.0 build 9 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1055 (Buffer overflow in administrative web server for Brother NC-3100h ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1056 (Microsoft Outlook 2000 and 2002, when configured to use Microsoft Word ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1057 (Buffer overflow in SmartMax MailMax POP3 daemon (popmax) 4.8 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1058 (Directory traversal vulnerability in splashAdmin.php for Cobalt Qube ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1059 (Buffer overflow in Van Dyke SecureCRT SSH client before 3.4.6, and 4.x ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1060 (Cross-site scripting (XSS) vulnerability in Blue Coat Systems ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1061 (Multiple buffer overflows in Thomas Hauck Jana Server 2.x through ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1062 (Signedness error in Thomas Hauck Jana Server 2.x through 2.2.1, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1063 (Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and earlier, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1064 (Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and earlier, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1065 (Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and earlier, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1066 (Thomas Hauck Jana Server 1.4.6 and earlier allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1067 (Administrative web interface for IC9 Pocket Print Server Firmware ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1068 (The web server for D-Link DP-300 print server allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1069 (The remote administration capability for the D-Link DI-804 router 4.68 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1070 (Cross-site scripting vulnerability in PHPWiki Postnuke wiki module ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1071 (ZyXEL Prestige 642R allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1072 (ZyXEL Prestige 642R 2.50(FA.1) and Prestige 310 V3.25(M.01), allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1073 (Buffer overflow in the control service for MERCUR Mailserver 4.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1075 (Buffer overflow in Pegasus mail client 4.01 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1076 (Buffer overflow in the Web Messaging daemon for Ipswitch IMail before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1077 (IPSwitch IMail Web Calendaring service (iwebcal) allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1078 (Abyss Web Server 1.0.3 allows remote attackers to list directory ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1079 (Directory traversal vulnerability in Abyss Web Server 1.0.3 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1080 (The Administration console for Abyss Web Server 1.0.3 before Patch 2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1081 (The Administration console for Abyss Web Server 1.0.3 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1082 (The Image Upload capability for ezContents 1.40 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1083 (Directory traversal vulnerabilities in ezContents 1.41 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1084 (The VerifyLogin function in ezContents 1.41 and earlier does not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1085 (Multiple cross-site scripting vulnerabilities in ezContents 1.41 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1086 (Multiple SQL injection vulnerabilities in ezContents 1.41 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1087 (The scripts (1) createdir.php, (2) removedir.php and (3) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1088 (Buffer overflow in Novell GroupWise 6.0.1 Support Pack 1 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1089 (rwcgi60 CGI program in Oracle Reports Server, by design, provides ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1090 (Buffer overflow in read_smtp_response of protocol.c in libesmtp before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1091 (Netscape 6.2.3 and earlier, and Mozilla 1.0.1, allow remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1092 (Cisco VPN 3000 Concentrator 3.6(Rel) and earlier, and 2.x.x, when ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1093 (HTML interface for Cisco VPN 3000 Concentrator 2.x.x and 3.x.x before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1094 (Information leaks in Cisco VPN 3000 Concentrator 2.x.x and 3.x.x ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1095 (Cisco VPN 3000 Concentrator before 2.5.2(F), with encryption enabled, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1096 (Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.1, allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1097 (Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.2, allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1098 (Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.3, adds an ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1099 (Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.3, allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1100 (Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.3, allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1101 (Cisco VPN 3000 Concentrator 2.2.x, 3.6(Rel), and 3.x before 3.5.5, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1102 (The LAN-to-LAN IPSEC capability for Cisco VPN 3000 Concentrator 2.2.x, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1103 (Cisco VPN 3000 Concentrator 2.2.x, 3.6(Rel), and 3.x before 3.5.5, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1104 (Cisco Virtual Private Network (VPN) Client software 2.x.x and 3.x ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1105 (Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1106 (Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1107 (Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1108 (Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1109 (securetar, as used in AMaViS shell script 0.2.1 and earlier, allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1110 (Multiple SQL injection vulnerabilities in Mantis 0.17.2 and earlier, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1111 (print_all_bug_page.php in Mantis 0.17.3 and earlier does not verify ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1112 (Mantis before 0.17.4 allows remote attackers to list project bugs ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1113 (summary_graph_functions.php in Mantis 0.17.3 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1114 (config_inc2.php in Mantis before 0.17.4 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1115 (Mantis 0.17.4a and earlier allows remote attackers to view private ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1116 (The "View Bugs" page (view_all_bug_page.php) in Mantis 0.17.4a and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1117 (Veritas Backup Exec 8.5 and earlier requires that the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1118 (TNS Listener in Oracle Net Services for Oracle 9i 9.2.x and 9.0.x, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1119 (os._execvpe from os.py in Python 2.2.1 and earlier creates temporary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1120 (Buffer overflow in Savant Web Server 3.1 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1121 (SMTP content filter engines, including (1) GFI MailSecurity for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1122 (Buffer overflow in the parsing mechanism for ISS Internet Scanner ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1123 (Buffer overflow in the authentication function for Microsoft SQL ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1124 (Multiple buffer overflows in purity 1-16 allow local users to gain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1125 (FreeBSD port programs that use libkvm for FreeBSD 4.6.2-RELEASE and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1126 (Mozilla 1.1 and earlier, and Mozilla-based browsers such as Netscape ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1127 (Buffer overflow in uucp in Compaq Tru64/OSF1 3.x allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1128 (Buffer overflow in inc mail utility for Compaq Tru64/OSF1 3.x allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1129 (Buffer overflow in dxterm allows local users to execute arbitrary code ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1130 RESERVED CVE-2002-1131 (Cross-site scripting vulnerabilities in SquirrelMail 1.2.7 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1132 (SquirrelMail 1.2.7 and earlier allows remote attackers to determine ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1133 (Encoded directory traversal vulnerability in Dino's web server 2.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1134 (Unknown vulnerability in Compaq WEBES Service Tools 2.0 through WEBES ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1135 (modsecurity.php 1.10 and earlier, in phpWebSite 0.8.2 and earlier, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1136 RESERVED CVE-2002-1137 (Buffer overflow in the Database Console Command (DBCC) that handles ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1138 (Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1139 (The Compressed Folders feature in Microsoft Windows 98 with Plus! ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1140 (The Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1141 (An input validation error in the Sun Microsystems RPC library Services ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1142 (Heap-based buffer overflow in the Remote Data Services (RDS) component ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1143 (Microsoft Word and Excel allow remote attackers to steal sensitive ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1144 RESERVED CVE-2002-1145 (The xp_runwebtask stored procedure in the Web Tasks component of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1146 (The BIND 4 and BIND 8.2.x stub resolver libraries, and other libraries ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1147 (The HTTP administration interface for HP Procurve 4000M Switch ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1148 (The default servlet (org.apache.catalina.servlets.DefaultServlet) in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1149 (The installation procedure for Invision Board suggests that users ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1150 (The Remote Desktop Sharing (RDS) Screen Saver Protection capability ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1151 (The cross-site scripting protection for Konqueror in KDE 2.2.2 and 3.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1152 (Konqueror in KDE 3.0 through 3.0.2 does not properly detect the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1153 (IBM Websphere 4.0.3 allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1154 (anlgform.pl in Analog before 5.23 does not restrict access to the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1155 (Buffer overflow in KON kon2 0.3.9b and earlier allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1156 (Apache 2.0.42 allows remote attackers to view the source code of a CGI ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1157 (Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1158 (Buffer overflow in the irw_through function for Canna 3.5b2 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1159 (Canna 3.6 and earlier does not properly validate requests, which ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1160 (The default configuration of the pam_xauth module forwards ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1161 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1165 (Sendmail Consortium's Restricted Shell (SMRSH) in Sendmail 8.12.6, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1166 (Buffer overflow in John Franks WN Server 1.18.2 through 2.0.0 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1167 (Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1168 (Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1169 (IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1170 (The handle_var_requests function in snmp_agent.c for the SNMP daemon ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1171 RESERVED CVE-2002-1172 RESERVED CVE-2002-1173 RESERVED CVE-2002-1174 (Buffer overflows in Fetchmail 6.0.0 and earlier allow remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1175 (The getmxrecord function in Fetchmail 6.0.0 and earlier does not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1176 (Buffer overflow in Winamp 2.81 allows remote attackers to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1177 (Multiple buffer overflows in Winamp 3.0, when displaying an MP3 in the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1178 (Directory traversal vulnerability in the CGIServlet for Jetty HTTP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1179 (Buffer overflow in the S/MIME Parsing capability in Microsoft Outlook ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1180 (A typographical error in the script source access permissions for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1181 (Multiple cross-site scripting (XSS) vulnerabilities in the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1182 (IIS 5.0 and 5.1 allows remote attackers to cause a denial of service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1183 (Microsoft Windows 98 and Windows NT 4.0 do not properly verify the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1184 (The system root folder of Microsoft Windows 2000 has default ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1185 (Internet Explorer 5.01 through 6.0 does not properly check certain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1186 (Internet Explorer 5.01 through 6.0 does not properly perform security ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1187 (Cross-site scripting vulnerability (XSS) in Internet Explorer 5.01 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1188 (Internet Explorer 5.01 through 6.0 allows remote attackers to identify ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1189 (The default configuration of Cisco Unity 2.x and 3.x does not block ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1190 (Cisco Unity 2.x and 3.x uses well-known default user accounts, which ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1191 (The Sabserv client component in Sabre Desktop Reservation Software 4.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1192 (Multiple buffer overflows in rogue on NetBSD 1.6 and earlier, FreeBSD ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1193 (tkmail before 4.0beta9-8.1 allows local users to create or overwrite ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1194 (Buffer overflow in talkd on NetBSD 1.6 and earlier, and possibly other ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1195 (Cross-site scripting vulnerability (XSS) in the PHP interface for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1196 (editproducts.cgi in Bugzilla 2.14.x before 2.14.4, and 2.16.x before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1197 (bugzilla_email_append.pl in Bugzilla 2.14.x before 2.14.4, and 2.16.x ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1198 (Bugzilla 2.16.x before 2.16.1 does not properly filter apostrophes ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1199 (The getdbm procedure in ypxfrd allows local users to read arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1200 (Balabit Syslog-NG 1.4.x before 1.4.15, and 1.5.x before 1.5.20, when ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1201 (IBM AIX 4.3.3 and AIX 5 allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1202 (Unknown vulnerability in routed for HP Tru64 UNIX V4.0F through V5.1A ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1203 (IBM SecureWay Firewall before 4.2.2 performs extra processing before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1204 (Netscape Communicator 4.x allows attackers to use a link to steal a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1205 RESERVED CVE-2002-1206 RESERVED CVE-2002-1207 RESERVED CVE-2002-1208 RESERVED CVE-2002-1209 (Directory traversal vulnerability in SolarWinds TFTP Server 5.0.55, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1210 (Qualcomm Eudora 5.1.1, 5.2, and possibly other versions stores email ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1211 (Prometheus 6.0 and earlier allows remote attackers to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1212 (Buffer overflow in RadioBird Software WebServer 4 Everyone 1.23 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1213 (Directory traversal vulnerability in RadioBird Software WebServer 4 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1214 (Buffer overflow in Microsoft PPTP Service on Windows XP and Windows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1215 (Multiple format string vulnerabilities in heartbeat 0.4.9 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1216 (GNU tar 1.13.19 and other versions before 1.13.25 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1217 (Cross-Frame scripting vulnerability in the WebBrowser control as used ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1218 RESERVED CVE-2002-1219 (Buffer overflow in named in BIND 4 versions 4.9.10 and earlier, and 8 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1220 (BIND 8.3.x through 8.3.3 allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1221 (BIND 8.x through 8.3.3 allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1222 (Buffer overflow in the embedded HTTP server for Cisco Catalyst ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1223 (Buffer overflow in DSC 3.0 parser from GSview, as used in KGhostView ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1224 (Directory traversal vulnerability in kpf for KDE 3.0.1 through KDE ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1225 (Multiple buffer overflows in Heimdal before 0.5, possibly in both the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1226 (Unknown vulnerabilities in Heimdal before 0.5 with unknown impact, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1227 (PAM 0.76 treats a disabled password as if it were an empty (null) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1228 (Unknown vulnerability in NFS on Solaris 2.5.1 through Solaris 9 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1229 (Avaya Cajun switches P880, P882, P580, and P550R 5.2.14 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1230 (NetDDE Agent on Windows NT 4.0, 4.0 Terminal Server Edition, Windows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1231 (SCO UnixWare 7.1.1 and Open UNIX 8.0.0 allows local users to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1232 (Memory leak in ypdb_open in yp_db.c for ypserv before 2.5 in the NIS ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1233 (A regression error in the Debian distributions of the apache-ssl ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1234 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1235 (The kadm_ser_in function in (1) the Kerberos v4compatibility ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1236 (The remote management web server for Linksys BEFSR41 EtherFast ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1237 RESERVED CVE-2002-1238 (Peter Sandvik's Simple Web Server 0.5.1 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1239 (QNX Neutrino RTOS 6.2.0 uses the PATH environment variable to find and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1240 RESERVED CVE-2002-1241 RESERVED CVE-2002-1242 (SQL injection vulnerability in PHP-Nuke before 6.0 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1243 RESERVED CVE-2002-1244 (Format string vulnerability in Pablo FTP Server 1.5, 1.3, and possibly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1245 (Maped in LuxMan 0.41 uses the user-provided search path to find and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1246 RESERVED CVE-2002-1247 (Buffer overflow in LISa allows local users to gain access to a raw ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1248 (Northern Solutions Xeneo Web Server 2.1.0.0, 2.0.759.6, and other ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1249 RESERVED CVE-2002-1250 (Buffer overflow in Abuse 2.00 and earlier allows local users to gain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1251 (Buffer overflow in log2mail before 0.2.5.1 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1252 (The Application Messaging Gateway for PeopleTools 8.1x before 8.19, as ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1253 (Abuse 2.00 and earlier allows local users to gain privileges via ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1254 (Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1255 (Microsoft Outlook 2002 allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1256 (The SMB signing capability in the Server Message Block (SMB) protocol ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1257 (Microsoft Virtual Machine (VM) up to and including build 5.0.3805 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1258 (Two vulnerabilities in Microsoft Virtual Machine (VM) up to and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1259 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1260 (The Java Database Connectivity (JDBC) APIs in Microsoft Virtual ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1261 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1262 (Internet Explorer 5.5 and 6.0 does not perform complete security ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1263 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1264 (Buffer overflow in Oracle iSQL*Plus web application of the Oracle 9 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1265 (The Sun RPC functionality in multiple libc implementations does not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1266 (Mac OS X 10.2.2 allows local users to gain privileges by mounting a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1267 (Mac OS X 10.2.2 allows remote attackers to cause a denial of service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1268 (Mac OS X 10.2.2 allows local users to gain privileges via a mounted ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1269 (Unknown vulnerability in NetInfo Manager application in Mac OS X ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1270 (Mac OS X 10.2.2 allows local users to read files that only allow write ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1271 (The Mail::Mailer Perl module in the perl-MailTools package 1.47 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1272 (Alcatel OmniSwitch 7700/7800 switches running AOS 5.1.1 contains a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1273 RESERVED CVE-2002-1274 RESERVED CVE-2002-1275 (Unknown vulnerability in html2ps HTML/PostScript converter 1.0, when ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1276 (An incomplete fix for a cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1277 (Buffer overflow in Window Maker (wmaker) 0.80.0 and earlier may allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1278 (The mailconf module in Linuxconf 1.24, and other versions before 1.28, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1279 (Multiple buffer overflows in conf.c for Masqmail 0.1.x before 0.1.17, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1280 (Memory leak in RealSecure Event Collector 6.5 allows attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1281 (Unknown vulnerability in the rlogin KIO subsystem (rlogin.protocol) of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1282 (Unknown vulnerability in the telnet KIO subsystem (telnet.protocol) of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1283 (Buffer overflow in Novell iManager (eMFrame) before 1.5 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1284 (The wizard in KGPG 0.6 through 0.8.2 does not properly provide the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1285 (runlpr in the LPRng package allows the local lp user to gain root ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1286 (The Microsoft Java implementation, as used in Internet Explorer, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1287 (Stack-based buffer overflow in the Microsoft Java implementation, as ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1288 (The Microsoft Java implementation, as used in Internet Explorer, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1289 (The Microsoft Java implementation, as used in Internet Explorer, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1290 (The Microsoft Java implementation, as used in Internet Explorer, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1291 (The Microsoft Java implementation, as used in Internet Explorer, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1292 (The Microsoft Java virtual machine (VM) build 5.0.3805 and earlier, as ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1293 (The Microsoft Java implementation, as used in Internet Explorer, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1294 (The Microsoft Java implementation, as used in Internet Explorer, can ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1295 (The Microsoft Java implementation, as used in Internet Explorer, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1296 (Directory traversal vulnerability in priocntl system call in Solaris ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1297 RESERVED CVE-2002-1298 RESERVED CVE-2002-1299 RESERVED CVE-2002-1300 RESERVED CVE-2002-1301 RESERVED CVE-2002-1302 RESERVED CVE-2002-1303 RESERVED CVE-2002-1304 RESERVED CVE-2002-1305 RESERVED CVE-2002-1306 (Multiple buffer overflows in LISa on KDE 2.x for 2.1 and later, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1307 (Cross-site scripting vulnerability (XSS) in MHonArc 2.5.12 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1308 (Heap-based buffer overflow in Netscape and Mozilla allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1309 (Heap-based buffer overflow in the error-handling mechanism for the IIS ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1310 (Heap-based buffer overflow in the error-handling mechanism for the IIS ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1311 (Courier sqwebmail before 0.40.0 does not quickly drop privileges after ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1312 (Buffer overflow in the Web management interface in Linksys BEFW11S4 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1313 (nullmailer 1.00RC5 and earlier allows local users to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1314 RESERVED CVE-2002-1315 (Cross-site scripting (XSS) vulnerability in the Admin Server for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1316 (importInfo in the Admin Server for iPlanet WebServer 4.x, up to SP11, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1317 (Buffer overflow in Dispatch() routine for XFS font server (fs.auto) on ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1318 (Buffer overflow in samba 2.2.2 through 2.2.6 allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1319 (The Linux kernel 2.4.20 and earlier, and 2.5.x, when running on x86 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1320 (Pine 4.44 and earlier allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1321 (Multiple buffer overflows in RealOne and RealPlayer allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1322 (Rational ClearCase 4.1, 2002.05, and possibly other versions allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1323 (Safe.pm 2.0.7 and earlier, when used in Perl 5.8.0 and earlier, may ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1324 RESERVED CVE-2002-1325 (Microsoft Virtual Machine (VM) build 5.0.3805 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1326 RESERVED CVE-2002-1327 (Buffer overflow in the Windows Shell function in Microsoft Windows XP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1328 RESERVED CVE-2002-1329 RESERVED CVE-2002-1330 RESERVED CVE-2002-1331 RESERVED CVE-2002-1332 RESERVED CVE-2002-1333 RESERVED CVE-2002-1334 (Cross-site scripting (XSS) vulnerability in BizDesign ImageFolio 3.01 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1335 (Cross-site scripting (XSS) vulnerability in w3m 0.3.2 does not escape ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1336 (TightVNC before 1.2.6 generates the same challenge string for multiple ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1337 (Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1338 (The Load method in the Chart component of Office Web Components (OWC) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1339 (The "XMLURL" property in the Spreadsheet component of Office Web ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1340 (The "ConnectionFile" property in the DataSourceControl component in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1341 (Cross-site scripting (XSS) vulnerability in read_body.php for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1342 (Unknown vulnerability in smb2www 980804-16 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1343 RESERVED CVE-2002-1344 (Directory traversal vulnerability in wget before 1.8.2-4 allows a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1345 (Directory traversal vulnerabilities in multiple FTP clients on UNIX ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1346 RESERVED CVE-2002-1347 (Multiple buffer overflows in Cyrus SASL library 2.1.9 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1348 (w3m before 0.3.2.2 does not properly escape HTML tags in the ALT ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1349 (Buffer overflow in pop3trap.exe for PC-cillin 2000, 2002, and 2003 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1350 (The BGP decoding routines in tcpdump 3.6.x before 3.7 do not properly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1351 (Buffer overflow in Melange Chat System 1.10 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1352 (Per Magne Knutsen's CartMan shopping cart (cartman.php) 1.04 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1353 (LocalWEB2000 HTTP server 2.1.0 stores passwords in plain text under ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1354 (Directory traversal vulnerability in TYPSoft FTP Server 0.99.8 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1355 (Multiple integer signedness errors in the BGP dissector in Ethereal ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1356 (Ethereal 0.9.7 and earlier allows remote attackers to cause a denial ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1357 (Multiple SSH2 servers and clients do not properly handle packets or ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1358 (Multiple SSH2 servers and clients do not properly handle lists with ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1359 (Multiple SSH2 servers and clients do not properly handle large packets ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1360 (Multiple SSH2 servers and clients do not properly handle strings with ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1361 (overflow.cgi CGI script in Sun Cobalt RaQ 4 with the SHP (Security ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1362 (mICQ 0.4.9 and earlier allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1363 (Portable Network Graphics (PNG) library libpng 1.2.5 and earlier does ...) BUG: 56307 CVE-2002-1364 (Buffer overflow in the get_origin function in traceroute-nanog allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1365 (Heap-based buffer overflow in Fetchmail 6.1.3 and earlier does not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1366 (Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1367 (Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1368 (Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1369 (jobs.c in Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1370 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1371 (filters/image-gif.c in Common Unix Printing System (CUPS) 1.1.14 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1372 (Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 does not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1373 (Signed integer vulnerability in the COM_TABLE_DUMP package for MySQL ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1374 (The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1375 (The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1376 (libmysqlclient client library in MySQL 3.x to 3.23.54, and 4.x to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1377 (vim 6.0 and 6.1, and possibly other versions, allows attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1378 (Multiple buffer overflows in OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1379 (OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier allows remote or local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1380 (Linux kernel 2.2.x allows local users to cause a denial of service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1381 (Format string vulnerability in daemon.c for Exim 4.x through 4.10, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1382 (Macromedia Flash Player before 6.0.65.0 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1383 (Multiple integer overflows in Common Unix Printing System (CUPS) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1384 (Integer overflow in pdftops, as used in Xpdf 2.01 and earlier, xpdf-i, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1385 (openwebmail_init in Open WebMail 1.81 and earlier allows local users ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1386 (Buffer overflow in traceroute-nanog (aka traceroute-ng) may allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1387 (The spray mode in traceroute-nanog (aka traceroute-ng) may allow local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1388 (Cross-site scripting (XSS) vulnerability in MHonArc before 2.5.14 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1389 (Buffer overflow in typespeed 0.4.2 and earlier allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1390 (The daemon for GeneWeb before 4.09 does not properly handle requested ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1391 (Buffer overflow in cnd-program for mgetty before 1.1.29 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1392 (faxspool in mgetty before 1.1.29 uses a world-writable spool directory ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1393 (Multiple vulnerabilities in KDE 2 and KDE 3.x through 3.0.5 do not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1394 (Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1395 (Internet Message (IM) 141-18 and earlier uses predictable file and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1396 (Heap-based buffer overflow in the wordwrap function in PHP after 4.1.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1397 (Vulnerability in the cash_words() function for PostgreSQL 7.2 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1398 (Buffer overflow in the date parser for PostgreSQL before 7.2.2 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1399 (Unknown vulnerability in cash_out and possibly other functions in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1400 (Heap-based buffer overflow in the repeat() function for PostgreSQL ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1401 (Buffer overflows in (1) circle_poly, (2) path_encode and (3) path_add ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1402 (Buffer overflows in the (1) TZ and (2) SET TIME ZONE enivronment ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1403 (dhcpcd DHCP client daemon 1.3.22 and earlier allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1404 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1405 (CRLF injection vulnerability in Lynx 2.8.4 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1406 (Unknown vulnerability in passwd for VVOS HP-UX 11.04, with unknown ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1407 (TinySSL 1.02 and earlier does not verify the Basic Constraints for an ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1408 (Unknown vulnerability or vulnerabilities in HP OpenView EMANATE 14.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1409 (ptrace on HP-UX 11.00 through 11.11 allows local users to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1410 (Easy Guestbook CGI programs do not authenticate the administrator, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1411 (Directory traversal vulnerability in update.dpgs in Duma Photo Gallery ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1412 (Gallery photo album package before 1.3.1 allows local and possibly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1413 (RCONAG6 for Novell Netware SP2, while running RconJ in secure mode, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1414 (Buffer overflow in qmailadmin allows local users to gain privileges ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1415 (Format string vulnerability in SMTP service for WebEasyMail 3.4.2.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1416 (The POP3 service for WebEasyMail 3.4.2.2 and earlier generates ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1417 (Directory traversal vulnerability in Novell NetBasic Scripting Server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1418 (Buffer overflow in the interpreter for Novell NetBasic Scripting ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1419 (The upgrade of IRIX on Origin 3000 to 6.5.13 through 6.5.16 changes ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1420 (Integer signedness error in select() on OpenBSD 3.1 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1421 (SQL injection vulnerabilities in FUDforum before 2.2.0 allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1422 (admbrowse.php in FUDforum before 2.2.0 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1423 (tmp_view.php in FUDforum before 2.2.0 allows remote attackers to read ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1424 (Buffer overflow in munpack in mpack 1.5 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1425 (Directory traversal vulnerability in munpack in mpack 1.5 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1426 (HP ProCurve Switch 4000M C.07.23 allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1427 (The print_html_to_file function in edit.cgi for Easy Homepage Creator ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1428 (index.php in dotProject 0.2.1.5 allows remote attackers to bypass ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1429 (Cross-site scripting vulnerability in board.php of endity.com ShoutBOX ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1430 (Unknown vulnerability in Sympoll 1.2 allows remote attackers to read ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1431 (Belkin F5D5230-4 4-Port Cable/DSL Gateway Router 1.20.000 modifies the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1432 (MidiCart stores the midicart.mdb database file under the Web document ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1433 (Kerio MailServer 5.0 allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1434 (Multiple cross-site scripting (XSS) vulnerabilities in the Web mail ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1435 (class.atkdateattribute.js.php in Achievo 0.7.0 through 0.9.1, except ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1436 (The web handler for Perl 5.003 on Novell NetWare 5.1 and NetWare 6 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1437 (Directory traversal vulnerability in the web handler for Perl 5.003 on ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1438 (The web handler for Perl 5.003 on Novell NetWare 5.1 and NetWare 6 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1439 (Unknown vulnerability related to stack corruption in the TGA daemon ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1440 (The Gateway GS-400 server has a default root password of "0001n" that ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1441 (Multiple buffer overflows in Tomahawk SteelArrow before 4.5 allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1442 (The Google toolbar 1.1.58 and earlier allows remote web sites to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1443 (The Google toolbar 1.1.58 and earlier allows remote web sites to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1444 (The Google toolbar 1.1.60, when running on Internet Explorer 5.5 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1445 (Cross-site scripting (XSS) vulnerability in CERN Proxy Server allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1446 (The error checking routine used for the C_Verify call on a symmetric ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1447 (Buffer overflow in the vpnclient program for UNIX VPN Client before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1448 (An undocumented SNMP read/write community string ('NoGaH$@!') in Avaya ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1449 (eUpload 1.0 stores the password.txt password file in plaintext under ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1450 (IBM UniVerse with UV/ODBC allows attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1451 (Blazix before 1.2.2 allows remote attackers to read source code of JSP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1452 (Buffer overflow in the search capability for MyWebServer 1.0.2 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1453 (Cross-site scripting (XSS) vulnerability in MyWebServer 1.0.2 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1454 (MyWebServer 1.0.2 allows remote attackers to determine the absolute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1455 (Multiple cross-site scripting (XSS) vulnerabilities in OmniHTTPd allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1456 (Buffer overflow in mIRC 6.0.2 and earlier allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1457 (SQL injection vulnerability in search.php for L-Forum 2.40 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1458 (Cross-site scripting vulnerability in L-Forum 2.40 and earlier, when ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1459 (Cross-site scripting vulnerability in L-Forum 2.40 and earlier, when ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1460 (L-Forum 2.40 and earlier does not properly verify whether a file was ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1461 (Web Shop Manager 1.1 allows remote attackers to execute arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1462 (details2.php in OrganicPHP PHP-affiliate 1.0, and possibly later ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1463 (Symantec Raptor Firewall 6.5 and 6.5.3, Enterprise Firewall 6.5.2 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1464 (Cross-site scripting (XSS) vulnerability in CafeLog b2 Weblog Tool ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1465 (SQL injection vulnerability in CafeLog b2 Weblog Tool allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1466 (CafeLog b2 Weblog Tool 2.06pre4, with allow_fopen_url enabled, allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1467 (Macromedia Flash Plugin before 6,0,47,0 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1468 (Buffer overflow in errpt in AIX 4.3.3 allows local users to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1469 (scponly does not properly verify the path when finding the (1) scp or ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1470 (SHOUTcast 1.8.9 and earlier allows local users to obtain the cleartext ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1471 (The camel component for Ximian Evolution 1.0.x and earlier does not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1472 (Untrusted search path vulnerability in libX11.so in xfree86, when used ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1473 (Multiple buffer overflows in lp subsystem for HP-UX 10.20 through ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1474 (Unknown vulnerability or vulnerabilities in TCP/IP component for HP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1475 (Unknown vulnerability in the ARP component for HP Tru64 UNIX 4.0f, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1476 (Buffer overflow in setlocale in libc on NetBSD 1.4.x through 1.6, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1477 (graphs.php in Cacti before 0.6.8 allows remote authenticated Cacti ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1478 (Cacti before 0.6.8 allows attackers to execute arbitrary commands via ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1479 (Cacti before 0.6.8 stores a MySQL username and password in plaintext ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1480 (Cross-site scripting (XSS) vulnerability in phpGB before 1.20 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1481 (savesettings.php in phpGB 1.20 and earlier does not require ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1482 (SQL injection vulnerability in login.php for phpGB 1.20 and earlier, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1483 (db4web_c and db4web_c.exe programs in DB4Web 3.4 and 3.6 allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1484 (DB4Web server, when configured to use verbose debug messages, allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1485 (The AIM component of Trillian 0.73 and 0.74 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1486 (Multiple buffer overflows in the IRC component of Trillian 0.73 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1487 (The IRC component of Trillian 0.73 and 0.74 allows remote malicious ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1488 (The IRC component of Trillian 0.73 and 0.74 allows remote malicious ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1489 (Buffer overflow in PlanetDNS PlanetWeb 1.14 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1490 (NetBSD 1.4 through 1.6 beta allows local users to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1491 (The Cisco VPN 5000 Client for MacOS before 5.2.2 records the most ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1492 (Buffer overflows in the Cisco VPN 5000 Client before 5.2.7 for Linux, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1493 (Cross-site scripting (XSS) vulnerability in Lycos HTMLGear guestbook ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1494 (Cross-site scripting (XSS) vulnerabilities in Aestiva HTML/OS allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1495 (Cross-site scripting (XSS) vulnerability in JAWmail 1.0-rc1 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1496 (Heap-based buffer overflow in Null HTTP Server 0.5.0 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1497 (Cross-site scripting (XSS) vulnerability in Null HTTP Server 0.5.0 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1498 (Directory traversal vulnerability in SWServer 2.2 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1499 (Multiple SQL injection vulnerabilities in FactoSystem CMS allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1500 (Buffer overflow in (1) mrinfo, (2) mtrace, and (3) pppd in NetBSD ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1501 (The MPS functionality in Enterasys SSR8000 (Smart Switch Router) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1502 (Symbolic link vulnerability in xbreaky before 0.5.5 allows local users ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1503 (Buffer overflow in Automatic File Distributor (AFD) 1.2.14 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1504 (Directory traversal vulnerability in WebServer 4 Everyone 1.22 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1505 (SQL injection vulnerability in board.php for WoltLab Burning Board ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1506 (Buffer overflow in Linuxconf before 1.28r4 allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1507 (Unreal Tournament 2003 (ut2003) clients and servers allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1508 (slapd in OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier allows local users ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1509 (A patch for shadow-utils 20000902 causes the useradd command to create ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1510 (xdm, with the authComplain variable set to false, allows arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1511 (The vncserver wrapper for vnc before 3.3.3r2-21 uses the rand() ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1512 (xbru in BRU Workstation 17.0 allows local users to overwrite arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1513 (The UCX POP server in HP TCP/IP services for OpenVMS 4.2 through 5.3 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1514 (gds_lock_mgr in Borland InterBase allows local users to overwrite ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1515 (Directory traversal vulnerability in avatar.php in CoolForum 0.5 beta ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1516 (rpcbind in SGI IRIX, when using the -w command line switch, allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1517 (fsr_efs in IRIX 6.5 allows local users to conduct unauthorized file ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1518 (mv in IRIX 6.5 creates a directory with world-writable permissions ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1519 (Format string vulnerability in the CLI interface for WatchGuard ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1520 (The CLI interface for WatchGuard Firebox Vclass 3.2 and earlier, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1521 (Web Server 4D (WS4D) 3.6 stores passwords in plaintext in the Ws4d.4DD ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1522 (Buffer overflow in PowerFTP FTP server 2.24, and possibly other ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1523 (Directory traversal vulnerability in Daniel Arenz Mini Server 2.1.6 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1524 (Buffer overflow in XML parser in wsabi.dll of Winamp 3 (1.0.0.488) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1525 (Directory traversal vulnerability in ASTAware SearchDisk engine for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1526 (Cross-site scripting (XSS) vulnerability in emumail.cgi for EMU ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1527 (emumail.cgi in EMU Webmail 5.0 allows remote attackers to determine ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1528 (MsmMask.exe in MondoSearch 4.4 allows remote attackers to obtain the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1529 (Cross-site scripting (XSS) vulnerability in msgError.asp for the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1530 (The administrative web interface (STEMWADM) for SurfControl SuperScout ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1531 (The administrative web interface (STEMWADM) for SurfControl SuperScout ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1532 (The administrative web interface (STEMWADM) for SurfControl SuperScout ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1533 (Cross-site scripting (XSS) vulnerability in Jetty JSP servlet engine ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1534 (Macromedia Flash Player allows remote attackers to read arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1535 (Secure Webserver 1.1 in Raptor 6.5 and Symantec Enterprise Firewall ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1536 (Molly IRC bot 0.5 allows remote attackers to execute arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1537 (admin_ug_auth.php in phpBB 2.0.0 allows local users to gain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1538 (Acuma Acusend 4, and possibly earlier versions, allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1539 (Buffer overflow in MDaemon POP server 6.0.7 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1540 (The client for Symantec Norton AntiVirus Corporate Edition 7.5.x ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1541 (BadBlue 1.7 allows remote attackers to bypass password protections for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1542 (SolarWinds TFTP server 5.0.55 and earlier allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1543 (Buffer overflow in trek on NetBSD 1.5 through 1.5.3 allows local users ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1544 (Directory traversal vulnerability in CooolSoft Personal FTP Server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1545 (CooolSoft Personal FTP Server 2.24 allows remote attackers to obtain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1546 (BRS WebWeaver Web Server 1.01 allows remote attackers to bypass ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1547 (Netscreen running ScreenOS 4.0.0r6 and earlier allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1548 (Unknown vulnerability in autofs on AIX 4.3.0, when using executable ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1549 (Buffer overflow in Light HTTPd (lhttpd) 0.1 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1550 (dump_smutil.sh in IBM AIX allows local users to overwrite arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1551 (Buffer overflow in nslookup in IBM AIX may allow attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1552 (Novell eDirectory (eDir) 8.6.2 and Netware 5.1 eDir 85.x allows users ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1553 (Cisco ONS15454 and ONS15327 running ONS before 3.4 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1554 (Cisco ONS15454 and ONS15327 running ONS before 3.4 stores usernames ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1555 (Cisco ONS15454 and ONS15327 running ONS before 3.4 uses a "public" ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1556 (Cisco ONS15454 and ONS15327 running ONS before 3.4 allows attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1557 (Cisco ONS15454 and ONS15327 running ONS before 3.4 allows attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1558 (Cisco ONS15454 and ONS15327 running ONS before 3.4 have an account for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1559 (Directory traversal vulnerability in ion-p.exe (aka ion-p) allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1560 (index.php in gBook 1.4 allows remote attackers to bypass ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1561 (The RPC component in Windows 2000, Windows NT 4.0, and Windows XP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1562 (Directory traversal vulnerability in thttpd, when using virtual ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1563 (stunnel 4.0.3 and earlier allows attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1564 (Internet Explorer 5.5 and 6.0 allows remote attackers to steal ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1565 (Buffer overflow in url_filename function for wget 1.8.1 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1566 (netris 0.5, and possibly other versions before 0.52, when running with ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1567 (Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1568 (OpenSSL 0.9.6e uses assertions when detecting buffer overflow attacks ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1569 (gv 3.5.8, and possibly earlier versions, allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1570 (Heap-based buffer overflow in snmpnetstat for ucd-snmp 4.2.3 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1571 (The linux 2.4 kernel before 2.4.19 assumes that the fninit instruction ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1572 (Signed integer overflow in the bttv_read function in the bttv driver ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1573 (Unspecified vulnerability in the pcilynx ieee1394 firewire driver ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1574 (Buffer overflow in the ixj telephony card driver in Linux before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1575 (cgiemail allows remote attackers to use cgiemail as a spam proxy via ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1576 (lserver in SAP DB 7.3 and earlier uses the current working directory ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1577 (SAP R/3 2.0B to 4.6D installs several clients with default users and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1578 (The default installation of SAP R/3, when using Oracle and SQL*net V2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1579 (SAP GUI (Sapgui) 4.6D allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1580 (Integer overflow in imapparse.c for Cyrus IMAP server 1.4 and 2.1.10 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1581 (Directory traversal vulnerability in nph-mr.cgi in Mailreader.com ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1582 (compose.cgi in Mailreader.com 2.3.30 and 2.3.31, when using Sendmail ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1583 (Buffer overflow in sqllib/security/db2ckpw for IBM DB2 Universal ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1584 (Unknown vulnerability in the AUTH_DES authentication for RPC in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1585 (Unknown vulnerability in Solaris 8 for Intel and Solaris 8 and 9 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1586 (Solaris 2.5.1 through 9 allows local users to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1587 (The libthread library (libthread.so.1) for Solaris 2.5.1 through 8 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1588 (Mailtool for OpenWindows 3.6, 3.6.1, and 3.6.2 allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1589 (Unknown vulnerability in Solaris 8, when the 0x02 bit (aka TEST, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1590 (The Web-Based Enterprise Management (WBEM) packages (1) SUNWwbdoc, (2) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1591 (AOL Instant Messenger (AIM) 4.7.2480 adds free.aol.com to the Trusted ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1592 (The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1593 (mod_dav in Apache before 2.0.42 does not properly handle versioning ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1594 (Buffer overflow in (1) grpck and (2) pwck, if installed setuid on a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1595 (Cisco SN 5420 Storage Router 1.1(5) and earlier allows attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1596 (Cisco SN 5420 Storage Router 1.1(5) and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1597 (Cisco SN 5420 Storage Router 1.1(5) and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1598 (Buffer overflows in Computer Associates MLink (CA-MLink) 6.5 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1599 (DansGuardian before 2.4.5-1 allows remote attackers to bypass content ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1600 (Directory traversal vulnerability in Mike Spice's My Classifieds ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1601 (The Connectables feature in Adobe PhotoDeluxe 3.1 prepends the Adobe ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1602 (Buffer overflow in the Braille module for GNU screen 3.9.11, when ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1603 (GoAhead Web Server 2.1.7 and earlier allows remote attackers to obtain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1604 (Multiple buffer overflows in HP Tru64 UNIX allow local and possibly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1605 (Buffer overflow in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1606 (Multiple buffer overflows in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1607 (Buffer overflow in ypmatch in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1608 (Buffer overflow in traceroute in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1609 (Buffer overflow in binmail in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1610 (Unknown vulnerability in ping in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1611 (Buffer overflow in quot in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1612 (Buffer overflow in mailcv in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1613 (Buffer overflow in ps in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1614 (Buffer overflow in HP Tru64 UNIX allows local users to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1615 (Multiple buffer overflows in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1616 (Multiple buffer overflows in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1617 (Multiple buffer overflows in HP Tru64 UNIX 5.x allow local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1618 (JFS (JFS3.1 and OnlineJFS) in HP-UX 10.20, 11.00, and 11.04 does not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1619 (Buffer overflow in the FC client for IBM AIX 4.3.x allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1620 (Unknown vulnerability in IBM AIX Parallel Systems Support Programs ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1621 (Buffer overflow in the file_comp function in rcp for IBM AIX 4.3.x and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1622 (Buffer overflow in certain RPC routines in IBM AIX 4.3 may allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1623 (The design of the Internet Key Exchange (IKE) protocol, when using ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1624 (Buffer overflow in Lotus Domino web server before R5.0.10, when ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1625 (Macromedia Flash Player 6 does not terminate connections when the user ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1626 (Directory traversal vulnerability in Mike Spice My Calendar before 1.5 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1627 (Directory traversal vulnerability in quiz.cgi for Mike Spice Quiz Me! ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1628 (Directory traversal vulnerability in vote.cgi for Mike Spice Mike's ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1629 (Multi-Tech ProxyServer products MTPSR1-100, MTPSR1-120, MTPSR1-202ST, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1630 (The sendmail.jsp sample page in Oracle 9i Application Server (9iAS) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1631 (SQL injection vulnerability in the query.xsql sample page in Oracle 9i ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1632 (Oracle 9i Application Server (9iAS) installs multiple sample pages ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1633 (Multiple buffer overflows in QNX 4.25 may allow local users to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1634 (Novell NetWare 5.1 installs sample applications that allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1635 (The Apache configuration file (httpd.conf) in Oracle 9i Application ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1636 (Cross-site scripting (XSS) vulnerability in the htp PL/SQL package for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1637 (Multiple components in Oracle 9i Application Server (9iAS) are ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1638 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1639 (Oracle Configurator before 11.5.7.17.32 and 11.5.6.16.53 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1640 (Multiple cross-site scripting (XSS) vulnerabilities in Oracle ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1641 (Multiple buffer overflows in Oracle Web Cache for Oracle 9i ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1642 (PostgreSQL 7.2.1 and 7.2.2 allows local users to delete transaction ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1643 (Multiple buffer overflows in RealNetworks Helix Universal Server 9.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1644 (SSH Secure Shell for Servers and SSH Secure Shell for Workstations ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1645 (Buffer overflow in the URL catcher feature for SSH Secure Shell for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1646 (SSH Secure Shell for Servers 3.0.0 to 3.1.1 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1647 (The quick login feature in Slash Slashcode does not redirect the user ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1648 (Cross-site request forgery (CSRF) vulnerability in compose.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1649 (Cross-site scripting (XSS) vulnerability in read_body.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1650 (The spell checker plugin (check_me.mod.php) for SquirrelMail before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1651 (Cross-site scripting (XSS) vulnerability in Verity Search97 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1652 (Buffer overflow in cgicso.c for cgiemail 1.6 allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1653 (Farm9 Cryptcat, when started in server mode with the -e option, does ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1654 (iPlanet Web Server Enterprise Edition and Netscape Enterprise Server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1655 (The Web Publishing feature in Netscape Enterprise Server 3.x and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1656 (X-News (x_news) 1.1 and earlier allows attackers to authenticate as ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1657 (PostgreSQL uses the username for a salt when generating passwords, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1658 (Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1659 (user_profile.asp in PortalApp 2.2 allows local users to gain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1660 (calendar.php in vBulletin before 2.2.0 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1661 (The leafnode server in leafnode 1.9.20 to 1.9.29 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1662 (Multiple cross-site scripting (XSS) vulnerabilities in Mambo Site ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1663 (The Post_Method function in method.c for Monkey HTTP Daemon before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1664 (Yahoo! Messenger before February 2002 allows remote attackers to add ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1665 (Buffer overflow in Yahoo! Messenger before February 2002 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1666 (Unknown vulnerability in Oracle E-Business Suite 11i.1 through 11i.6 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1667 (The virtual memory management system in FreeBSD 4.5-RELEASE and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1668 (HP-UX 11.11 and earlier allows local users to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1669 (pkg_add in FreeBSD 4.2 through 4.4 creates a temporary directory with ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1670 (Microsoft Windows XP Professional upgrade edition overwrites ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1671 (Microsoft Internet Explorer 5.0, 5.01, and 5.5 allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1672 (Webmin 0.92, when installed from an RPM, creates /var/webmin with ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1673 (The web interface for Webmin 0.92 does not properly quote or filter ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1674 (procfs on FreeBSD before 4.5 allows local users to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1675 (Format string vulnerability in the Cio_PrintF function of cio_main.c ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1676 (BindView NetInventory 1.0, when used with NetRC 1.0, allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1677 (14all.cgi 1.1p15 in mrtgconfig allows remote attackers to determine ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1678 (Cross-site scripting (XSS) vulnerability in memberlist.php in Jelsoft ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1679 (Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin 2.2.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1680 (Cross-site scripting (XSS) vulnerability in CGI Online Worldweb ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1681 (Cross-site scripting (XSS) vulnerability in Slashcode CVS releases ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1682 (NewsReactor 1.0 uses a weak encryption scheme, which could allow local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1683 (Cross-site scripting (XSS) vulnerability in BadBlue Personal Edition ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1684 (Directory traversal vulnerability in (1) Deerfield D2Gfx 1.0.2 or (2) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1685 (Cross-site scripting vulnerability (XSS) in BadBlue Enterprise Edition ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1686 (Buffer overflow in lscfg of unknown versions of AIX has unknown ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1687 (Buffer overflow in the diagnostics library in AIX allows local users ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1688 (The browser history feature in Microsoft Internet Explorer 5.5 through ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1689 (Unknown vulnerability in the login program on AIX before 4.0 could ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1690 (Unknown vulnerability in AIX before 4.0 with unknown attack vectors ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1691 (Alcatel OmniPCX 4400 installs known user accounts and passwords in the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1692 (Buffer overflow in backup utility of Microsoft Windows 95 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1694 (Microsoft Internet Information Server (IIS) 4.0 opens log files with ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1695 (Norton Internet Security 2001 opens log files with FILE_SHARE_READ and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1696 (Microsoft Outlook plug-in PGP version 7.0, 7.0.3, and 7.0.4 silently ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1697 (Electronic Code Book (ECB) mode in VTun 2.0 through 2.5 uses a weak ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1698 (Buffer overflow in Microsoft MSN Messenger Service 1.0 through 4.6 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1699 (SQL injection vulnerability in ASP Client Check (ASPCC) 1.3 and 1.5 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1700 (Cross-site scripting vulnerability (XSS) in the missing template ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1702 (Cross-site scripting vulnerability (XSS) in DeltaScripts PHP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1703 (Cross-site scripting vulnerability (XSS) in auction.cgi for Mewsoft ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1704 (Zeroboard 4.1, when the "allow_url_fopen" and "register_globals" ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1705 (Microsoft Internet Explorer 5.5 through 6.0 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1706 (Cisco IOS software 11.3 through 12.2 running on Cisco uBR7200 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1707 (install.php in phpBB 2.0 through 2.0.1, when "allow_url_fopen" and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1708 (Cross-site scripting vulnerability (XSS) in BasiliX Webmail 1.10 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1709 (SQL injection vulnerability in BasiliX Webmail 1.10 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1710 (The attachment capability in Compose Mail in BasiliX Webmail 1.1.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1711 (BasiliX 1.1.0 saves attachments in a world readable /tmp/BasiliX ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1712 (Microsoft Windows 2000 allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1713 (The Standard security setting for Mandrake-Security package (msec) in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1714 (Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1715 (SSH 1 through 3, and possibly other versions, allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1716 (The Host() function in the Microsoft spreadsheet component on ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1717 (Microsoft Internet Information Server (IIS) 5.1 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1718 (Microsoft Internet Information Server (IIS) 5.1 may allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1719 (Unknown vulnerability in Bavo 0.3 allows remote attackers to modify ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1720 (SQL injection vulnerability in Spooky Login 2.0 through 2.5 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1721 (Off-by-one error in alterMIME 0.1.10 and 0.1.11 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1722 (Logitech iTouch keyboards allows attackers with physical access to the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1723 (Powerboards 2.2b allows remote attackers to view the full path to the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1724 (Cross-site scripting vulnerability (XSS) in phpimageview.php for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1725 (phpimageview.php in PHPImageView 1.0 allows remote attackers to obtain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1726 (secure_inc.php in PhotoDB 1.4 allows remote attackers to bypass ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1727 (Cross-site scripting vulnerability (XSS) in (1) as_web.exe and (2) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1728 (askSam Web Publisher 1.0 and 4.0 allows remote attackers to determine ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1729 (Cross-site scripting vulnerability (XSS) in ASPjar Guestbook 1.00 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1730 (ASPjar Guestbook 1.00 allows remote attackers to delete arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1731 (The System Request menu in IBM AS/400 allows local users to list valid ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1732 (Multiple cross-site scripting (XSS) vulnerabilities in Actinic Catalog ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1733 (Cross-site scripting (XSS) vulnerability in the web-based message ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1734 (NewsPro 1.01 allows remote attackers to gain unauthorized ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1735 (Buffer overflow in dlogin 1.0a could allow local users to gain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1736 (Unknown vulnerability in CGINews before 1.06 allow remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1737 (Astaro Security Linux 2.016 creates world-writable files and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1738 (Alt-N Technologies MDaemon 5.0.5.0 and earlier creates a default ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1739 (Alt-N Technologies Mdaemon 5.0 through 5.0.6 uses a weak encryption ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1740 (Buffer overflow in WorldClient.cgi in WorldClient in Alt-N ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1741 (Directory traversal vulnerability in WorldClient.cgi in WorldClient ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1742 (SOAP::Lite 0.50 through 0.52 allows remote attackers to load arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1743 (AOL ICQ 2002a Build 3722 allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1744 (Directory traversal vulnerability in CodeBrws.asp in Microsoft IIS 5.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1745 (Off-by-one error in the CodeBrws.asp sample script in Microsoft IIS ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1746 (Vtun 2.5b1 allows remote attackers to inject data into user sessions ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1747 (Vtun 2.5b1 does not authenticate forwarded packets, which allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1748 (Unknown vulnerability in Slash 2.1.x and 2.2 through 2.2.2, as used in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1749 (Windows 2000 Terminal Services, when using the disconnect feature of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1750 (csGuestbook.cgi in CGISCRIPT.NET csGuestbook 1.0 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1751 (csLiveSupport.cgi in CGIScript.net csLiveSupport allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1752 (csChatRBox.cgi in CGIScript.net csChat-R-Box allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1753 (csNewsPro.cgi in CGIScript.net csNews Professional (csNewsPro) allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1754 (Buffer overflow in Novell NetWare Client 4.80 through 4.83 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1755 (tinc 1.0pre3 and 1.0pre4 VPN does not authenticate forwarded packets, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1756 (ACDSee 4.0 allows remote attackers to cause a denial of service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1757 (PHProjekt 2.0 through 3.1 relies on the $PHP_SELF variable for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1758 (PHProjekt 2.0 through 3.1 allows remote attackers to view or modify ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1759 (The upload function in PHPProjekt 2.0 through 3.1 does not properly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1760 (Multiple SQL injection vulnerabilities in PHProjekt 2.0 through 3.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1761 (Directory traversal vulnerability in PHProjekt 2.0 through 3.1 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1762 (Microsoft Baseline Security Analyzer (MBSA) 1.0 stores security scans ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1763 (The dtscreen Sun Solaris 8 CDE screensaver crashes when the "Shift" ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1764 (acroread in Adobe Acrobat Reader 4.05 on Linux allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1765 (Evolution 1.0.3 and 1.0.4 allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1766 (Buffer overflow in Composer in Netscape 4.77 allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1767 (Buffer overflow in tnslsnr of Oracle 8i Database Server 8.1.5 for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1768 (Cisco IOS 11.1 through 12.2, when HSRP support is not enabled, allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1769 (Microsoft Site Server 3.0 prior to SP4 installs a default user, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1770 (Qualcomm Eudora 5.1 allows remote attackers to execute arbitrary code ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1771 (Matt Wright FormMail 1.9 and earlier allows remote attackers to send ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1772 (Novell Netware 5.0 through 5.1 may allow local users to gain "Domain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1773 (Buffer overflow in ICQ 2.6x for MacOS X 10.0 through 10.1.2 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1774 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1775 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1776 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1777 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1778 (Symantec Norton Personal Firewall 2002 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1779 (The "block fragmented IP Packets" option in Symantec Norton Personal ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1780 (BPM Studio Pro 4.2 by ALCATech GmbH includes a webserver that allows a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1781 (Multiple buffer overflows in DeleGate 7.7.0 through 7.8.1 allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1782 (The default configuration of University of Washington IMAP daemon ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1783 (CRLF injection vulnerability in PHP 4.2.1 through 4.2.3, when ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1784 (Unknown vulnerability in inetd in HP Tru64 Unix 4.0f through 5.1a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1785 (Cross-site scripting (XSS) vulnerability in Zeus Administration Server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1786 (SGI IRIX 6.5 through 6.5.14 applies a umask of 022 to root core dumps, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1787 (Buffer overflow in uux in eoe.sw.uucp package of SGI IRIX 6.5 through ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1788 (Format string vulnerability in the nn_exitmsg function in nn 6.6.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1789 (Format string vulnerability in newsx NNTP client before 1.4.8 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1790 (The SMTP service in Microsoft Internet Information Services (IIS) 4.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1791 (SGI IRIX 6.5 through 6.5.17 creates temporary desktop files with ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1792 (Buffer overflow in Fake Identd 0.9 through 1.4 allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1793 (HTTP Server mod_ssl module running on HP-UX 11.04 with Virtualvault OS ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1794 (Unknown vulnerability in pam_authz in the LDAP-UX Integration product ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1795 (Cross-site scripting (XSS) vulnerability in connect.asp in Microsoft ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1796 (ChaiVM EZloader for HP color LaserJet 4500 and 4550 and HP LaserJet ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1797 (ChaiVM for HP color LaserJet 4500 and 4550 or HP LaserJet 4100 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1798 (MidiCart PHP, PHP Plus, and PHP Maxi allows remote attackers to (1) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1799 (Cross-site scripting (XSS) vulnerability in phpRank 1.8 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1800 (phpRank 1.8 stores the administrative password in plaintext on the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1801 (ImageFolio 2.23 through 2.27 allows remote attackers to obtain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1802 (Cross-site scripting (XSS) vulnerability in Xoops 1.0 RC3 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1803 (Cross-site scripting (XSS) vulnerability in PHP-Nuke 6.0 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1804 (Cross-site scripting (XSS) vulnerability in NPDS 4.8 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1805 (Cross-site scripting (XSS) vulnerability in DaCode 1.2.0 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1806 (Cross-site scripting (XSS) vulnerability in Drupal 4.0.0 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1807 (Cross-site scripting (XSS) vulnerability in phpWebSite 0.8.3 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1808 (Cross-site scripting (XSS) vulnerability in Meunity Community System ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1809 (The default configuration of the Windows binary release of MySQL ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1810 (D-Link DWL-900AP+ Access Point 2.1 and 2.2 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1811 (Belkin F5D6130 Wireless Network Access Point running firmware AP14G8 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1812 (Buffer overflow in gdam123 0.933 and 0.942 allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1813 (Directory traversal vulnerability in AOL Instant Messenger (AIM) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1814 (Buffer overflow in efstools in Bonobo, when installed setuid, allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1815 (Directory traversal vulnerability in source.php and source.cgi in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1816 (Off-by-one buffer overflow in the sock_gets function in sockhelp.c for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1817 (Unknown vulnerability in Veritas Cluster Server (VCS) 1.2 for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1818 (ezhttpbench.php in eZ httpbench 1.1 allows remote attackers to read ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1819 (Directory traversal vulnerability in TinyHTTPD 0.1 .0 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1820 (register.php in Ultimate PHP Board (UPB) 1.0 and 1.0b uses an ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1821 (Ultimate PHP Board (UPB) 1.0 and 1.0b allows remote authenticated ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1822 (IBM HTTP Server 1.0 on AS/400 allows remote attackers to obtain the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1823 (Buffer overflow in the HttpGetRequest function in Zeroo HTTP server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1824 (Microsoft Internet Explorer 6.0, when handling an expired CA-CERT in a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1825 (Format string vulnerability in PerlRTE_example1.pl in WASD 7.1, 7.2.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1826 (grsecurity 1.9.4 for Linux kernel 2.4.18 allows local users to bypass ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1827 (Sendmail 8.9.0 through 8.12.3 allows local users to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1828 (Savant Webserver 3.1 allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1829 (Cross-site scripting (XSS) vulnerability in codeparse.php in Open ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1830 (Open Bulletin Board (OpenBB) 1.0.0 RC3 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1831 (Microsoft MSN Messenger Service 1.0 through 4.6 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1832 (Unknown vulnerability in the "ipopts decode" functionality in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1833 (The default configurations for DocuTech 6110 and DocuTech 6115 have a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1834 (The default configuration of Xerox DocuTech 6110 and DocuTech 6115 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1835 (The default configuration of Xerox DocuTech 6110 and DocuTech 6115 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1836 (The default configuration of Xerox DocuTech 6110 and DocuTech 6115 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1837 (The getAlbumToDisplay function in idsShared.pm for Image Display ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1838 (Charities.cron 1.0.2 through 1.6.0 allows local users to write to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1839 (Trend Micro InterScan VirusWall for Windows NT 3.52 does not record ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1840 (irssi IRC client 0.8.4, when downloaded after 14-March-2002, could ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1841 (The document management module in NOLA 1.1.1 and 1.1.2 does not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1842 (Perlbot 1.0 beta allows remote attackers to execute arbitrary commands ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1843 (Perlbot 1.9.2 allows remote attackers to execute arbitrary commands ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1844 (Microsoft Windows Media Player (WMP) 6.3, when installed on Solaris, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1845 (Cross-site scripting (XSS) vulnerability in index.php in Yet Another ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1846 (Yet Another Bulletin Board (YaBB) 1.40 and 1.41 does not require a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1847 (Buffer overflow in mplay32.exe of Microsoft Windows Media Player (WMP) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1848 (TightVNC before 1.2.4 running on Windows stores unencrypted passwords ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1849 (ParaChat Server 4.0 does not log users off if the browser's back ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1850 (mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1851 (Buffer overflow in WS_FTP Pro 7.5 allows remote attackers to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1852 (Cross-site scripting (XSS) vulnerability in Monkey 0.5.0 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1853 (Cross-site scripting (XSS) vulnerability in MyNewsGroups 0.4 and 0.4.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1854 (Rlaj whois CGI script (whois.cgi) 1.0 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1855 (Macromedia JRun 3.0 through 4.0, when running on Windows, allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1856 (HP Application Server 8.0, when running on Windows, allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1857 (jo! jo Webserver 1.0, when running on Windows, allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1858 (Oracle Oracle9i Application Server 1.0.2.2 and 9.0.2 through ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1859 (Orion Application Server 1.5.3, when running on Windows, allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1860 (Pramati Server 3.0, when running on Windows, allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1861 (Sybase Enterprise Application Server 4.0, when running on Windows, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1862 (SmartMail Server 2.0 allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1863 (Iomega Network Attached Storage (NAS) A300U, and possibly other ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1864 (Directory traversal vulnerability in Simple Web Server (SWS) 0.0.4 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1865 (Buffer overflow in the Embedded HTTP server, as used in (1) D-Link ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1866 (Simple Web Server (SWS) 0.0.4 through 0.1.0 does not close file ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1867 (The default configuration of BizDesign ImageFolio 2.23 through 2.26 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1868 (Dispair 0.1 and 0.2 allows remote attackers to execute arbitrary shell ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1869 (Heysoft EventSave 5.1 and 5.2 and Heysoft EventSave+ 5.1 and 5.2 does ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1870 (Simple Web Server (SWS) 0.0.4 through 0.1.0 does not properly handle ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1871 (pkgadd in Sun Solaris 2.5.1 through 8 installs files setuid/setgid ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1872 (Microsoft SQL Server 6.0 through 2000, with SQL Authentication ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1873 (Microsoft Exchange 2000, when used with Microsoft Remote Procedure ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1874 (astrocam.cgi in AstroCam 0.9-1-1 through 1.4.0 allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1875 (Entercept Agent 2.5 agent for Windows, released before May 21, 2002, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1876 (Microsoft Exchange 2000 allows remote authenticated attackers to cause ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1877 (NETGEAR FM114P allows remote attackers to bypass access restrictions ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1878 (PHP remote file inclusion vulnerability in w-Agora 4.1.3 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1879 (SQL injection vulnerability in LokwaBB 1.2.2 allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1880 (LokwaBB 1.2.2 allows remote attackers to read arbitrary messages by ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1881 (Macromedia Flash Player 4.0 r12 through 6.0.47.0 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1882 (Unknown vulnerability in AolSecurityPrivate.class in Oracle E-Business ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1883 (Trolltech Qt Assistant 1.0 in Trolltech Qt 3.0.3, when loaded from the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1884 (index.php in Py-Membres 3.1 allows remote attackers to log in as an ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1885 (PHP remote file inclusion vulnerability in showhits.php3 for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1886 (TightAuction 3.0 stores config.inc under the web document root with ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1887 (PHP remote file inclusion vulnerability in customize.php for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1888 (CommonName Toolbar 3.5.2.0 sends unqualified domain name requests to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1889 (Off-by-one buffer overflow in the context_action function in context.c ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1890 (rhmask 1.0-9 in Red Hat Linux 7.1 allows local users to overwrite ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1891 (Buffer overflow in IRCIT 0.3.1 IRC client allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1892 (NETGEAR FVS318 running firmware 1.1 stores the username and password ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1893 (Cross-site scripting (XSS) vulnerability in ArGoSoft Mail Server Pro ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1894 (Cross-site scripting (XSS) vulnerability in viewtopic.php in phpBB ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1895 (The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1896 (Buffer overflow in Alsaplayer 0.99.71, when installed setuid root, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1897 (MyWebServer LLC MyWebServer 1.0.2 allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1898 (Terminal 1.3 in Apple Mac OS X 10.2 allows remote attackers to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1899 (Cross-site scripting (XSS) vulnerability in IceWarp Web Mail 3.3.3 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1900 (Cross-site scripting (XSS) vulnerability in Pinboard 1.0 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1901 (Cross-site scripting (XSS) vulnerability in Bodo Bauer BBGallery 1.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1902 (CGIForum 1.0 through 1.05 allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1903 (Pine 4.2.1 through 4.4.4 puts Unix usernames and/or uid into Sender: ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1904 (Buffer overflow in the Log function in util.c in GazTek ghttpd 1.4 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1905 (Buffer overflow in the web server of Polycom ViaVideo 2.2 and 3.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1906 (The web server for Polycom ViaVideo 2.2 and 3.0 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1907 (TelCondex SimpleWebServer 2.06.20817 allows remote attackers to cause ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1908 (Microsoft IIS 5.0 and 5.1 allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1909 (Click2Learn Ingenium Learning Management System 5.1 and 6.1 stores the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1910 (Click2Learn Ingenium Learning Management System 5.1 and 6.1 uses weak ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1911 (ZoneAlarm Pro 3.0 and 3.1, when configured to block all traffic, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1912 (SkyStream EMR5000 1.16 through 1.18 does not drop packets or disable ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1913 (phptonuke.php in myPHPNuke 1.8.8 allows remote attackers to read ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1914 (dump 0.4 b10 through b29 allows local users to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1915 (tip on multiple BSD-based operating systems allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1916 (Pirch and RusPirch, when auto-log is enabled, allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1917 (CRLF injection vulnerability in the "User Profile: Send Email" feature ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1918 (Buffer overflow in Microsoft Active Data Objects (ADO) in Microsoft ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1919 (SQL injection vulnerability in shopadmin.asp in VP-ASP 4.0 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1920 (Buffer overflow in FtpXQ 2.5 allows remote attackers to cause a denial ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1921 (The default configuration of MySQL 3.20.32 through 3.23.52, when ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1922 (Cross-site scripting (XSS) vulnerability in global.php in Jelsoft ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1923 (The default configuration in MySQL 3.20.32 through 3.23.52, when ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1924 (PowerChute plus 5.0.2 creates a "Pwrchute" directory during ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1925 (Tiny Personal Firewall 3.0 through 3.0.6 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1926 (Directory traversal vulnerability in source.php in Aquonics File ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1927 (Aquonics File Manager 1.5 allows users with edit privileges to modify ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1928 (602Pro LAN SUITE 2002 allows remote attackers to view the directory ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1929 (Cross-site scripting (XSS) vulnerability in pafiledb.php in PHP Arena ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1930 (Buffer overflow in AN HTTPd 1.38 through 1.4.1c allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1931 (Cross-site scripting (XSS) vulnerability in PHP Arena paFileDB 1.1.3 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1932 (Microsoft Windows XP and Windows 2000, when configured to send ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1933 (The terminal services screensaver for Microsoft Windows 2000 does not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1934 (Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 2.0.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1935 (Pingtel Xpressa 1.2.5 through 2.0.1 uses predictable (1) Call-ID, (2) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1936 (UTStarcom BAS 1000 3.1.10 creates several default or back door ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1937 (Symantec Firewall/VPN Appliance 100 through 200R hardcodes the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1938 (Virgil CGI Scanner 0.9 allows remote attackers to execute arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1939 (FlashFXP 1.4 prints FTP passwords in plaintext when there are ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1940 (LCC-Win32 3.2 compiler, when running on Windows 95, 98, or ME, writes ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1941 (Buffer overflow in RadioBird WebServer 4 Everyone 1.28 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1942 (Imatix Xitami 2.5 b5 does not properly terminate certain Keep-Alive ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1943 (SafeTP 1.46, when network address translation (NAT) is being used, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1944 (Motorola Surfboard 4200 cable modem allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1945 (Buffer overflow in SmartMail Server 1.0 Beta 10 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1946 (Videsh Sanchar Nigam Limited (VSNL) Integrated Dialer Software ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1947 (Webmin 0.21 through 1.0 uses the same built-in SSL key for all ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1948 (Multiple buffer overflows in Gringotts 0.5.9 allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1949 (The Network Attached Storage (NAS) Administration Web Page for Iomega ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1950 (Cross-site scripting (XSS) vulnerability in phpRank 1.8 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1951 (Buffer overflow in GoAhead WebServer 2.1 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1952 (phpRank 1.8 does not properly check the return codes for MySQL ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1953 (Heap-based buffer overflow in the goim handler of AOL Instant ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1954 (Cross-site scripting (XSS) vulnerability in the phpinfo function in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1955 (Iomega NAS A300U uses cleartext LANMAN authentication when mounting ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1956 (ROX Filer 1.1.9 and 1.2 is installed with world writable permissions, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1957 (Buffer overflow in the netlog function in pen.c for Pen 0.9.1 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1958 (Cross-site scripting (XSS) vulnerability in kmMail 1.0, 1.0a, and 1.0b ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1959 (Nagios 1.0b1 through 1.0b3 allows remote attackers to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1960 (Cross-site scripting (XSS) vulnerability in Cybozu Share360 1.1 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1961 (Finjan Software SurfinGate 6.0 and 6.0 1 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1962 (Finjan Software SurfinGate 6.0 and 6.0 1 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1963 (Linux kernel 2.4.1 through 2.4.19 sets root's NR_RESERVED_FILES limit ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1964 (Unknown vulnerability in WesMo phpEventCalendar 1.1 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1965 (Cross-site scripting (XSS) vulnerability in Errors.gsl in Imatix ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1966 (Directory traversal vulnerability in magiccard.cgi in My Postcards ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1967 (Buffer overflow in XiRCON 1.0 Beta 4 allows remote attackers to cause ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1968 (Com21 DOXport 1100 series cable modem running firmware 2.1.1.106, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1969 (Magic Notebook 1.0b and 1.1b allows remote attackers to cause a denial ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1970 (SnortCenter 0.9.5, when configured to push Snort rules, stores the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1971 (The ping utility in networking_utils.php in Sourcecraft ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1972 (Unknown vulnerability in Parallel port powerSwitch (aka ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1973 (Buffer overflow in CHttpServer::OnParseError in the ISAPI extension ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1974 (The FTP service in Zaurus PDAs SL-5000D and SL-5500 does not require ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1975 (Sharp Zaurus PDA SL-5000D and SL-5500 uses a salt of "A0" to encrypt ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1976 (ifconfig, when used on the Linux kernel 2.2 and later, does not report ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1977 (Network Associates PGP 7.0.4 and 7.1 does not time out according to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1978 (IPFilter 3.1.1 through 3.4.28 allows remote attackers to bypass ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1979 (WatchGuard SOHO products running firmware 5.1.6 and earlier, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1980 (Buffer overflow in Volume Manager daemon (vold) of Sun Solaris 2.5.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1981 (Microsoft SQL Server 2000 through SQL Server 2000 SP2 allows the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1982 (Directory traversal vulnerability in the list_directory function in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1983 (The timer implementation in QNX RTOS 6.1.0 allows local users to cause ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1984 (Microsoft Internet Explorer 5.0.1 through 6.0 on Windows 2000 or ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1985 (iSMTP 5.0.1 allows remote attackers to cause a denial of service via a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1986 (Perception LiteServe 2.0 through 2.0.1 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1987 (Directory traversal vulnerability in view_source.jsp in Resin 2.1.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1988 (Resin 2.1.1 allows remote attackers to cause a denial of service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1989 (Resin 2.1.1 allows remote attackers to cause a denial of service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1990 (Resin 2.0.5 through 2.1.2 allows remote attackers to reveal physical ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1991 (PHP file inclusion vulnerability in osCommerce 2.1 execute arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1992 (Buffer overflow in jrun.dll in ColdFusion MX, when used with IIS 4 or ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1993 (webbbs_post.pl in WebBBS 4 and 5.0 allows remote attackers to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1994 (advserver.exe in Advanced Web Server (AdvServer) Professional 1.030000 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1995 (Cross-site scripting (XSS) vulnerability in phptonuke.php for PHP-Nuke ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1996 (Cross-site scripting (XSS) vulnerability in PostNuke 0.71 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1997 (ZoneAlarm Pro 3.0 MailSafe allows remote attackers to bypass filtering ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1998 (Buffer overflow in rpc.cmsd in SCO UnixWare 7.1.1 and Open UNIX 8.0.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1999 (HP Praesidium Webproxy 1.0 running on HP-UX 11.04 VVOS could allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2000 (ACMS 4.3 and 4.4 in OpenVMS Alpha 7.2 and 7.3 does not properly use ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2001 (jmcce 1.3.8 in Mandrake 8.1 creates log files in /tmp with predictable ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2002 (Buffer overflow in libc in Compaq Tru64 4.0F, 5.0, 5.1 and 5.1A allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2003 (ypbind in Compaq Tru64 4.0F, 4.0G, 5.0A, 5.1 and 5.1A allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2004 (portmapper in Compaq Tru64 4.0G and 5.0A allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2005 (Unknown vulnerability in Java web start 1.0.1_01, 1.0.1, 1.0 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2006 (The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2007 (The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2008 (Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2009 (Apache Tomcat 4.0.1 allows remote attackers to obtain the web root ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2010 (Cross-site scripting (XSS) vulnerability in htsearch.cgi in htdig ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2011 (Cross-site scripting (XSS) vulnerability in the fom CGI program ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2012 (Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2013 (Mozilla 0.9.6 and earlier and Netscape 6.2 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2014 (Lotus Domino 5.0.8 web server returns different error messages when a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2015 (PHP file inclusion vulnerability in user.php in PostNuke 0.703 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2016 (User-mode Linux (UML) 2.4.17-8 does not restrict access to kernel ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2017 (sastcpd in SAS/Base 8.0 allows local users to execute arbitrary code ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2018 (sastcpd in SAS/Base 8.0 might allow local users to gain privileges by ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2019 (PHP remote file inclusion vulnerability in include_once.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2020 (Netgear RP114 Cable/DSL Web Safe Router Firmware 3.26 uses a default ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2021 (Cross-site scripting (XSS) vulnerability in WoltLab Burning Board ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2022 (Format string vulnerability in Kaffe OpenVM 1.0.6 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2023 (The get_parameter_from_freqency_source function in beep2 1.0, 1.1 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2024 (Horde IMP 2.2.7 allows remote attackers to obtain the full web root ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2025 (Lotus Domino server 5.0.9a and earlier allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2026 (Buffer overflow in BrowseFTP 1.62 client allows remote FTP servers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2027 (Database of Our Owlish Wisdom (DOOW) 0.1 through 0.2.1 does not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2028 (The screensaver on Windows NT 4.0, 2000, XP, and 2002 does not verify ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2029 (PHP, when installed on Windows with Apache and ScriptAlias for /php/ ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2030 (Stack-based buffer overflow in SQLData Enterprise Server 3.0 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2031 (Internet Explorer 5.0, 5.0.1 and 5.5 with JavaScript execution enabled ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2032 (sql_layer.php in PHP-Nuke 5.4 and earlier does not restrict access to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2033 (faqmanager.cgi in FAQManager 2.2.5 and earlier allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2034 (The Email Sanitizer before 1.133 for Procmail allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2035 (SQL injection vulnerability in RealityScape MyLogin 2000 1.0.0 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2036 (Sun Ray Server Software (SRSS) 1.3, when Non-Smartcard Mobility (NSCM) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2037 (The Cisco Media Gateway Controller (MGC) in (1) SC2200 7.4 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2038 (Next Generation POSIX Threading (NGPT) 1.9.0 uses a filesystem-based ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2039 (/bin/su in QNX realtime operating system (RTOS) 4.25 and 6.1.0 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2040 (The (1) phrafx and (2) phgrafx-startup programs in QNX realtime ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2041 (Multiple buffer overflows in realtime operating system (RTOS) 6.1.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2042 (ptrace in the QNX realtime operating system (RTOS) 4.25 and 6.1.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2043 (SQL injection vulnerability in the LDAP and MySQL authentication patch ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2044 (Cross-site scripting (XSS) vulnerability in x_stat_admin.php in x-stat ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2045 (x_stat_admin.php in x-stat 2.3 and earlier allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2046 (x_news.php in X-News (x_news) 1.1 and earlier allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2047 (The file preview functionality in Sketch 0.6.12 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2048 (Buffer overflow in PFinger 0.7.8 client allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2049 (configure for Dsniff 2.3, fragroute 1.2, and fragrouter 1.6, when ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2050 (Directory traversal vulnerability in processor_web plugin for ModLogAn ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2051 (The processor_web plugin for ModLogAn 0.5.0 through 0.7.11, when used ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2052 (Cisco 2611 router running IOS 12.1(6.5), possibly an interim release, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2053 (The design of the Hot Standby Routing Protocol (HSRP), as implemented ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2054 (TeeKai Forum 1.2 allows remote attackers to authenticate as the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2055 (Cross-site scripting (XSS) vulnerability in userlog.php in TeeKai ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2056 (Cross-site scripting (XSS) vulnerability in TeeKai Forum 1.2 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2057 (TeeKai Forum 1.2 uses weak encryption of web usage statistics in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2058 (TeeKai Tracking Online 1.0 uses weak encryption of web usage ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2059 (BIOS D845BG, D845HV, D845PT and D845WN on Intel motherboards does not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2060 (Buffer overflow in Links 2.0 pre4 allows remote attackers to crash ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2061 (Heap-based buffer overflow in Netscape 6.2.3 and Mozilla 1.0 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2062 (Cross-site scripting (XSS) vulnerability in ftp.htt in Internet ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2063 (AtGuard 3.2 allows remote attackers to bypass firwall filters and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2064 (isadmin.php in PhpWebGallery 1.0 allows remote attackers to gain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2065 (WebCalendar 0.9.34 and earlier with 'browsing in includes directory' ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2066 (BestCrypt BCWipe 1.0.7 and 2.0 through 2.35.1 does not clear Windows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2067 (East-Tec Eraser 2002 does not clear Windows alternate data streams ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2068 (Eraser 5.3 does not clear Windows alternate data streams that are ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2069 (PGP 6.x and 7.x does not clear Windows alternate data streams that are ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2070 (SecureClean 3 build 2.0 does not clear Windows alternate data streams ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2071 (Compaq Tru64 4.0 d allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2072 (java.security.AccessController in Sun Java Virtual Machine (JVM) in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2073 (Cross-site scripting (XSS) vulnerability in the default ASP pages on ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2074 (SQL injection vulnerability in Mailidx before 20020105 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2075 (ICQ 2001a and 2002b allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2076 (Directory traversal vulnerability in Lil' HTTP server 2.1 and 2.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2077 (The DCOM client in Windows 2000 before SP3 does not properly clear ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2078 (Heap-based buffer overflow in Floositek (1) FTGate Pro 1.05 and (2) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2079 (mosix-protocol-stack in Multicomputer Operating System for UnIX ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2080 (Floositek FTGate PRO 1.05 allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2081 (cphost.dll in Microsoft Site Server 3.0 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2082 (FTGate and FTGate Pro 1.05 lock user mailboxes before authentication ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2083 (The Novell Netware client running on Windows 95 allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2084 (Directory traversal vulnerability in index.php of Portix 0.4.02 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2085 (Directory traversal vulnerability in page.cgi of WWWeBBB Forum 3.82 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2086 (Multiple cross-site scripting (XSS) vulnerabilities in magicHTML of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2087 (Buffer overflow in Borland InterBase 6.0 allows local users to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2088 (The MOSIX Project clump/os 5.4 creates a default VNC account without a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2089 (Buffer overflow in rcp in Solaris 9.0 allows local users to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2090 (Caucho Technology Resin server 2.1.1 to 2.1.2 allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2091 (Format string vulnerability in Deception Finger Daemon, decfingerd, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2092 (Race condition in exec in OpenBSD 4.0 and earlier, NetBSD 1.5.2 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2093 (The Video Control Panel on SGI O2/IRIX 6.5, when the Default Input is ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2094 (Joe Testa hellbent 01 allows remote attackers to determine the full ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2095 (Joe Testa hellbent 01 webserver allows attackers to read files that ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2096 (Buffer overflow in Novell Remote Manager module, httpstk.nlm, in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2097 (The compression code in MaraDNS before 0.9.01 allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2098 (Buffer overflow in axspawn.c in Axspawn-pam before 0.2.1a allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2099 (Buffer overflow in the GNU DataDisplay Debugger (DDD) 3.3.1 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2100 (Microsoft Outlook 2002 allows remote attackers to embed bypass the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2101 (Microsoft Outlook 2002 allows remote attackers to execute arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2102 (InfBlocks.java in JCraft JZlib before 0.0.7 allow remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2103 (Apache before 1.3.24, when writing to the log file, records a spoofed ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2104 (graph.php in Ganglia PHP RRD Web Client 1.0.2 allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2105 (Microsoft Windows XP allows local users to prevent the system from ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2106 (PHP remote file inclusion vulnerability in WikkiTikkiTavi before 0.21 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2107 (Cross-site scripting (XSS) vulnerability in the lookup script in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2108 (Unknown vulnerability in the "VAIO Manual" software in certain Sony ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2109 (Matt Wright FormMail 1.9 and earlier allows remote attackers to bypass ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2110 (The RCA Digital Cable Modems DCM225 and DCM225E allow remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2111 (Fwmon before 1.0.10 allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2112 (RCA Digital Cable Modem DCM225 and DCM225E, and other modems that must ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2113 (search.cgi in AGH HTMLsearch 1.0 allows remote attackers to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2114 (Artekopia Netjuke before 1.0 b7 allows remote attackers to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2115 (Cross-site scripting (XSS) vulnerability in Hyper NIKKI System (HNS) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2116 (Netgear RM-356 and RT-338 series SOHO routers allow remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2117 (Microsoft Windows XP allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2118 (Buffer overflow in Blue World Lasso Web Data Engine 3.6.5 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2119 (Novell eDirectory 8.6.2 and 8.7 use case insensitive passwords, which ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2120 (Multiple buffer overflows in QNX RTOS 4.25 may allow attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2121 (SurfControl SuperScout Email filter for SMTP 3.5.1 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2122 (Pointsec before 1.2 for PalmOS stores a user's PIN number in memory in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2123 (PHP remote file inclusion vulnerability in publish_xp_docs.php for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2124 (The recvn and sendn functions in nylon 0.2 do not check when the recv ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2125 (Internet Explorer 6.0 does not warn users when an expired certificate ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2126 (restrictEnabled in Integrity Protection Driver (IPD) 1.2 delays driver ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2127 (Integrity Protection Driver (IPD) 1.2 and earlier blocks access to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2128 (editform.php in w-Agora 4.1.5 allows local users to execute arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2129 (Cross-site scripting vulnerability (XSS) in editform.php for w-Agora ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2130 (publish_xp_docs.php in Gallery 1.3.2 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2131 (Directory traversal vulnerability in Perl-HTTPd before 1.0.2 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2132 (Windows File Protection (WFP) in Windows 2000 and XP does not remove ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2133 (Telindus 1100 ASDL router running firmware 6.0.x uses weak encryption ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2134 (haut.php in PEEL 1.0b allows remote attackers to execute arbitrary PHP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2135 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2136 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2137 (GlobalSunTech Wireless Access Points (1) WISECOM GL2422AP-0T, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2138 (RFC-NETBIOS in HP Advanced Server/9000 B.04.05 through B.04.09, when ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2139 (Cisco PIX Firewall 6.0.3 and earlier, and 6.1.x to 6.1.3, do not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2140 (Buffer overflow in Cisco PIX Firewall 5.2.x to 5.2.8, 6.0.x to 6.0.3, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2141 (BEA WebLogic Server and Express 7.0 and 7.0.0.1, when running Servlets ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2142 (An undocumented extension for the Servlet mappings in the Servlet 2.3 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2143 (The admin.html file in MySimple News 1.0 stores its administrative ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2144 (Directory traversal vulnerability in BearShare 4.0.5 and 4.0.6 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2145 (Savant Web Server 3.1 and earlier allows remote attackers to bypass ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2146 (cgitest.exe in Savant Web Server 3.1 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2147 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2148 (Lucent Ascend MAX Router 5.0 and earlier, Lucent Ascend Pipeline ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2149 (Buffer overflow in Lucent Access Point 300, 600, and 1500 Service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2150 (Firewalls from multiple vendors empty state tables more slowly than ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2151 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2152 (The Czech edition of Software602's Web Server before 2002.0.02.0916 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2153 (Format string vulnerability in the administrative pages of the PL/SQL ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2154 (Directory traversal vulnerability in Monkey HTTP Daemon 0.1.4 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2155 (Format string vulnerability in the error handling of IRC invite ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2156 (Buffer overflow in Trillian 0.73 allows remote IRC servers to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2157 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2158 (zenTrack 2.0.3 and earlier allows remote attackers to obtain the full ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2159 (Linksys EtherFast Cable/DSL BEFSR11, BEFSR41 and BEFSRU31 with the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2160 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2161 (Kerio Personal Firewall (KPF) 2.1.4 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2162 (Cerulean Studios Trillian 0.73 and earlier use weak encrypttion (XOR) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2163 (KvPoll 1.1 allows remote authenticated users to vote more than once by ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2164 (Buffer overflow in Microsoft Outlook Express 5.0, 5.5, and 6.0 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2165 (The IMHO Webmail module 0.97.3 and earlier for Roxen leaks the REFERER ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2166 (Cross-site scripting (XSS) vulnerability in FuseTalk 2.0 and 3.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2167 (Directory traversal vulnerability in function_foot_1.inc.php for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2168 (SQL injection vulnerability in Thorsten Korner 123tkShop before 0.3.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2169 (Cross-site scripting vulnerability AOL Instant Messenger (AIM) 4.5 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2170 (Working Resources Inc. BadBlue Enterprise Edition 1.7 through 1.74 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2171 (Cross-site scripting (XSS) vulnerability in acWEB 1.8 and 1.14 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2172 (Informed (1) Designer and (2) Filler 3.05 does not zero out newly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2173 (Buffer overflow in the IRC module of Trillian 0.725 and 0.73 allowing ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2174 (The Telnet proxy of 602Pro LAN SUITE 2002 does not restrict the number ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2175 (phpSquidPass before 0.2 uses an incomplete regular expression to find ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2176 (SQL injection vulnerability in Gender MOD 1.1.3 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2177 (BEA WebLogic Server and Express 6.1 through 7.0.0.1 buffers HTTP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2178 (Cross-site scripting (XSS) vulnerability in article.php module for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2179 (The dynamic initialization feature of the ClearPath MCP environment ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2180 (The setitimer(2) system call in OpenBSD 2.0 through 3.1 does not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2181 (SonicWall Content Filtering allows local users to access prohibited ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2182 (Buffer overflow in Seunghyun Seo's MSN666 MSN Sniffer 1.0 and 1.0.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2183 (phpShare.php in phpShare before 0.6 beta 3 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2184 (Digi-Net Technologies DigiChat 3.5 allows chat users to obtain the IP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2185 (The Internet Group Management Protocol (IGMP) allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2186 (Macromedia JRun 3.0, 3.1, and 4.0 allow remote attackers to view the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2187 (Unknown "file disclosure" vulnerability in Macromedia JRun 3.0, 3.1, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2188 (OpenBSD before 3.2 allows local users to cause a denial of service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2189 (Cross-site scripting (XSS) vulnerability in ActiveXperts Software ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2190 (ArtsCore Studios CuteCast Forum 1.2 stores passwords in plaintext ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2191 (Lotus Domino 5.0.9a and earlier, even when configured with the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2192 (Cross-site scripting (XSS) vulnerability in Perception LiteServe 2.0.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2193 (Cross-site scripting (XSS) vulnerability in mojo.cgi for Mojo Mail 2.7 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2194 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2195 (Buffer overflow in the version update check for Winamp 2.80 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2196 (Samba before 2.2.5 does not properly terminate the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2197 (Unknown vulnerability in Sun Solaris 8.0 allows local users to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2198 (Buffer overflow in ZMailer before 2.99.51_1 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2199 (The default aide.conf file in Advanced Intrusion Detection Environment ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2200 (Benjamin Lefevre Dobermann FORUM 0.5 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2201 (The Printer Administration module for Webmin 0.990 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2202 (Outlook Express 6.0 does not delete messages from dbx files, even when ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2203 (Unknown vulnerability in the System Serial Console terminal in Solaris ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2204 (The default --checksig setting in RPM Package Manager 4.0.4 checks ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2205 (Buffer overflow in Webresolve 0.1.0 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2206 (The POP3 proxy service (POPROXY.EXE) in Norton AntiVirus 2001 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2207 (Buffer overflow in ssldump 0.9b2 and earlier, when running in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2208 (Extended Interior Gateway Routing Protocol (EIGRP), as implemented in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2209 (Unspecified "security vulnerability" in Baby FTP Server versions ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2210 (The installation of OpenOffice 1.0.1 allows local users to overwrite ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2211 (BIND 4 and BIND 8, when resolving recursive DNS queries for arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2212 (The DNS resolver in unspecified versions of Fujitsu UXP/V, when ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2213 (The DNS resolver in unspecified versions of Infoblox DNS One, when ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2214 (The php_if_imap_mime_header_decode function in the IMAP functionality ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2215 (The imap_header function in the IMAP functionality for PHP before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2216 (Soft3304 04WebServer before 1.20 does not properly process URL ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2217 (Multiple PHP remote file inclusion vulnerabilities in Web Server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2218 (CRLF injection vulnerability in the setUserValue function in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2219 (chetcpasswd.cgi in Pedro Lineu Orso chetcpasswd before 2.1 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2220 (Buffer overflow in Pedro Lineu Orso chetcpasswd before 1.12, when ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2221 (Untrusted search path vulnerability in Pedro Lineu Orso chetcpasswd ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2222 (isakmpd/message.c in isakmpd in FreeBSD before isakmpd-20020403_1, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2223 (Buffer overflow in NetScreen-Remote 8.0 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2224 (Buffer overflow in PGPFreeware 7.03 running on Windows NT 4.0 SP6 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2225 (SafeNet VPN client allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2226 (Buffer overflow in tftpd of TFTP32 2.21 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2227 (Buffer underflow in ssldump 0.9b2 and earlier allows remote attackers ...) NOTE: old CVE-2002-2228 (MailScanner before 4.0 5-1 and before 3.2 6-1 allows remote attackers ...) NOT-FOR-US: old or nfu CVE-2002-2229 (Directory traversal vulnerability in Sapio Design Ltd. WebReflex 1.53 ...) NOT-FOR-US: old or nfu CVE-2002-2230 (Cross-site scripting (XSS) vulnerability in Ikonboard 3.1.1 allows ...) NOT-FOR-US: old or nfu CVE-2002-2231 (Cross-site scripting (XSS) vulnerability in Ikonboard 3.1.1 allows ...) NOT-FOR-US: old or nfu CVE-2002-2232 (Buffer overflow in Enceladus Server Suite 3.9 allows remote attackers ...) NOT-FOR-US: old or nfu CVE-2002-2233 (Directory traversal vulnerability in Enceladus Server Suite 3.9 allows ...) NOT-FOR-US: old or nfu CVE-2002-2234 (NetScreen ScreenOS before 4.0.1 allows remote attackers to bypass the ...) NOT-FOR-US: old or nfu CVE-2002-2235 (member2.php in vBulletin 2.2.9 and earlier does not properly restrict ...) NOT-FOR-US: old or nfu CVE-2002-2236 (Format string vulnerability in the awp_log function in apt-www-proxy ...) NOT-FOR-US: old or nfu CVE-2002-2237 (tftp32 TFTP server 2.21 and earlier allows remote attackers to cause a ...) NOT-FOR-US: old or nfu CVE-2002-2238 (Directory traversal vulnerability in the Kunani ODBC FTP Server 1.0.10 ...) NOT-FOR-US: old or nfu CVE-2002-2239 (The Cisco Optical Service Module (OSM) for the Catalyst 6500 and 7600 ...) NOT-FOR-US: old or nfu CVE-2002-2240 (Directory traversal vulnerability in MyServer 0.11 and 0.2 allows ...) NOT-FOR-US: old or nfu CVE-2002-2241 (Buffer overflow in httpd32.exe in Deerfield VisNetic WebSite before ...) NOT-FOR-US: old or nfu CVE-2002-2242 (The Apple Package Manager in KisMAC 0.02a and earlier modifies file ...) NOT-FOR-US: old or nfu CVE-2002-2243 (Akfingerd 0.5 and possibly earlier versions only allows one connection ...) NOT-FOR-US: old or nfu CVE-2002-2244 (Akfingerd 0.5 and earlier versions allow local users to cause a denial ...) NOT-FOR-US: old or nfu CVE-2002-2245 (ftpd in NetBSD 1.5 through 1.5.3 and 1.6 does not properly quote a ...) NOT-FOR-US: old or nfu CVE-2002-2246 (Cross-site scripting (XSS) vulnerability in VisNetic Website before ...) NOT-FOR-US: old or nfu CVE-2002-2247 (The administrator/phpinfo.php script in Mambo Site Server 4.0.11 ...) NOT-FOR-US: old or nfu CVE-2002-2248 (Buffer overflow in the sun.awt.windows.WDefaultFontCharset Java class ...) NOT-FOR-US: old or nfu CVE-2002-2249 (PHP remote file inclusion vulnerability in News Evolution 2.0 allows ...) NOT-FOR-US: old or nfu CVE-2002-2250 (Multiple buffer overflows in Sybase Adaptive Server 12.0 and 12.5 ...) NOT-FOR-US: old or nfu CVE-2002-2251 (Buffer overflow in the changevalue function in libcgi.h for Marcos ...) NOT-FOR-US: old or nfu CVE-2002-2252 (SQL injection vulnerability in auth.inc.php in Thatware 0.5.0 and ...) NOT-FOR-US: old or nfu CVE-2002-2253 (Multiple buffer overflows in Cyrus Sieve / libSieve 2.1.2 and earlier ...) NOT-FOR-US: old or nfu CVE-2002-2254 (The experimental IP packet queuing feature in Netfilter / IPTables in ...) NOT-FOR-US: old or nfu CVE-2002-2255 (Cross-site scripting (XSS) vulnerability in search.php in phpBB 2.0.3 ...) NOT-FOR-US: old or nfu CVE-2002-2256 (Directory traversal vulnerability in pWins Webserver 0.2.5 and earlier ...) NOT-FOR-US: old or nfu CVE-2002-2257 (Stack-based buffer overflow in the parse_field function in cgi_lib.c ...) NOT-FOR-US: old or nfu CVE-2002-2258 (Moby NetSuite allows remote attackers to cause a denial of service ...) NOT-FOR-US: old or nfu CVE-2002-2259 (Buffer overflow in the French documentation patch for Gnuplot 3.7 in ...) NOT-FOR-US: old or nfu CVE-2002-2260 (Cross-site scripting (XSS) vulnerability in the quips feature in ...) NOT-FOR-US: old or nfu CVE-2002-2261 (Sendmail 8.9.0 through 8.12.6 allows remote attackers to bypass ...) NOT-FOR-US: old or nfu CVE-2002-2262 (Unspecified vulnerability in xntpd of HP-UX 10.20 through 11.11 allows ...) NOT-FOR-US: old or nfu CVE-2002-2263 (The installation program for HP-UX Visualize Conference B.11.00.11 ...) NOT-FOR-US: old or nfu CVE-2002-2264 (Unspecified vulnerability in Internet Group Management Protocol (IGMP) ...) NOT-FOR-US: old or nfu CVE-2002-2265 (Unspecified vulnerability in LDAP Module in System Authentication of Open ...) NOT-FOR-US: old or nfu CVE-2002-2266 (NetScreen ScreenOS 2.8 through 4.0, when forwarding H.323 or ...) NOT-FOR-US: old or nfu CVE-2002-2267 (bogopass in bogofilter 0.9.0.4 allows local users to overwrite ...) NOT-FOR-US: old or nfu CVE-2002-2268 (Buffer overflow in Webster HTTP Server allows remote attackers to ...) NOT-FOR-US: old or nfu CVE-2002-2269 (Directory traversal vulnerability in Webster HTTP Server allows remote ...) NOT-FOR-US: old or nfu CVE-2002-2270 (Unspecified vulnerability in the ied command in HP-UX 10.10, 10.20, and ...) NOT-FOR-US: old or nfu CVE-2002-2271 (Buffer overflow in BigFun 1.51b IRC client, when the Direct Client ...) NOT-FOR-US: old or nfu CVE-2002-2272 (Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 ...) NOT-FOR-US: old or nfu CVE-2002-2273 (Cross-site scripting (XSS) vulnerability in Webster HTTP Server allows ...) NOT-FOR-US: old or nfu CVE-2002-2274 (akfingerd 0.5 allows local users to read arbitrary files as the ...) NOT-FOR-US: old or nfu CVE-2002-2275 (Fortres 101 4.1 allows local users to bypass Fortres by pressing the ...) NOT-FOR-US: old or nfu CVE-2002-2276 (Ultimate PHP Board (UPB) 1.0 allows remote attackers to view the ...) NOT-FOR-US: old or nfu CVE-2002-2277 (SQL injection vulnerability in mod_search/index.php in PortailPHP 0.99 ...) NOT-FOR-US: old or nfu CVE-2002-2278 (Cross-site scripting (XSS) vulnerability in mod_search/index.php in ...) NOT-FOR-US: old or nfu CVE-2002-2279 (Unspecified vulnerability in the bind function in config.inc of aldap ...) NOT-FOR-US: old or nfu CVE-2002-2280 (syslogd on OpenBSD 2.9 through 3.2 does not change the source IP ...) NOT-FOR-US: old or nfu CVE-2002-2281 (Symantec Java! JIT (Just-In-Time) Compiler for Netscape Communicator ...) NOT-FOR-US: old or nfu CVE-2002-2282 (McAfee VirusScan 4.5.1, when the WebScanX.exe module is enabled, ...) NOT-FOR-US: old or nfu CVE-2002-2283 (Microsoft Windows XP with Fast User Switching (FUS) enabled does not ...) NOT-FOR-US: old or nfu CVE-2002-2284 (Netscape Communicator 4.0 through 4.79 allows remote attackers to ...) NOT-FOR-US: old or nfu CVE-2002-2285 (eTrust InoculateIT 6.0 with the "Incremental Scan" option enabled may ...) NOT-FOR-US: old or nfu CVE-2002-2286 (The parse-get function in utils.c for apt-www-proxy 0.1 allows remote ...) NOT-FOR-US: old or nfu CVE-2002-2287 (PHP remote file inclusion vulnerability in quick_reply.php for phpBB ...) NOT-FOR-US: old or nfu CVE-2002-2288 (Mambo Site Server 4.0.11 allows remote attackers to obtain the ...) NOT-FOR-US: old or nfu CVE-2002-2289 (soinfo.php in BadBlue 1.7.1 calls the phpinfo function, which allows ...) NOT-FOR-US: old or nfu CVE-2002-2290 (Mambo Site Server 4.0.11 installs with a default username and password ...) NOT-FOR-US: old or nfu CVE-2002-2291 (Calisto Internet Talker 0.04 and earlier allows remote attackers to ...) NOT-FOR-US: old or nfu CVE-2002-2292 (Directory traversal vulnerability in Remote Console Applet in Halycon ...) NOT-FOR-US: old or nfu CVE-2002-2293 (Webshots Desktop screensaver allows local users to bypass the password ...) NOT-FOR-US: old or nfu CVE-2002-2294 (Multiple buffer overflows in Symantec Raptor Firewall 6.5 and 6.5.3, ...) NOT-FOR-US: old or nfu CVE-2002-2295 (Buffer overflow in Pico Server (pServ) 2.0 beta 1 through beta 5 ...) NOT-FOR-US: old or nfu CVE-2002-2296 (Cross-site scripting (XSS) vulnerability in YaBB.pl in Yet Another ...) NOT-FOR-US: old or nfu CVE-2002-2297 (PHP remote file inclusion vulnerability in artlist.php in Thatware ...) NOT-FOR-US: old or nfu CVE-2002-2298 (PHP remote file inclusion vulnerability in config.php in Thatware 0.3 ...) NOT-FOR-US: old or nfu CVE-2002-2299 (PHP remote file inclusion vulnerability in thatfile.php in Thatware ...) NOT-FOR-US: old or nfu CVE-2002-2300 (Buffer overflow in ftpd 5.4 in 3Com NBX 4.0.17 or ftpd 5.4.2 in 3Com ...) NOT-FOR-US: old or nfu CVE-2002-2301 (Lawson Financials 8.0, when configured to use a third party relational ...) NOT-FOR-US: old or nfu CVE-2002-2302 (3D3.Com ShopFactory 5.5 through 5.8 allows remote attackers to modify ...) NOT-FOR-US: old or nfu CVE-2002-2303 (3D3.Com ShopFactory 5.8 uses client-side encryption and decryption for ...) NOT-FOR-US: old or nfu CVE-2002-2304 (SQL injection vulnerability in admin/auth/checksession.php in ...) NOT-FOR-US: old or nfu CVE-2002-2305 (SQL injection vulnerability in agentadmin.php in Immobilier allows ...) NOT-FOR-US: old or nfu CVE-2002-2306 (Sharman Networks KaZaA Media Desktop 1.7.1 allows remote attackers to ...) NOT-FOR-US: old or nfu CVE-2002-2307 (The default configuration of BenHur Firewall release 3 update 066 fix ...) NOT-FOR-US: old or nfu CVE-2002-2308 (Netscape Communicator 6.2.1 allows remote attackers to cause a denial ...) NOT-FOR-US: old or nfu CVE-2002-2309 (php.exe in PHP 3.0 through 4.2.2, when running on Apache, does not ...) NOT-FOR-US: old or nfu CVE-2002-2310 (ClickCartPro 4.0 stores the admin_user.db data file under the web ...) NOT-FOR-US: old or nfu CVE-2002-2311 (Microsoft Internet Explorer 6.0 and possibly others allows remote ...) NOT-FOR-US: old or nfu CVE-2002-2312 (Opera 6.0.1 allows remote attackers to upload arbitrary file contents ...) NOT-FOR-US: old or nfu CVE-2002-2313 (Eudora email client 5.1.1, with "use Microsoft viewer" enabled, allows ...) NOT-FOR-US: old or nfu CVE-2002-2314 (Mozilla 1.0 allows remote attackers to steal cookies from other ...) NOT-FOR-US: old or nfu CVE-2002-2315 (Cisco IOS 11.2.x and 12.0.x does not limit the size of its redirect ...) NOT-FOR-US: old or nfu CVE-2002-2316 (Cisco Catalyst 4000 series switches running CatOS 5.5.5, 6.3.5, and ...) NOT-FOR-US: old or nfu CVE-2002-2317 (Memory leak in the (1) httpd, (2) nntpd, and (3) vpn driver in ...) NOT-FOR-US: old or nfu CVE-2002-2318 (Cross-site scripting (XSS) vulnerability in Falcon web server ...) NOT-FOR-US: old or nfu CVE-2002-2319 (Static code injection vulnerability in users.php in MySimpleNews ...) NOT-FOR-US: old or nfu CVE-2002-2320 (MySimpleNews 1.0 allows remote attackers to delete arbitrary email ...) NOT-FOR-US: old or nfu CVE-2002-2321 (Cross-site scripting (XSS) vulnerability in (1) showcat.php and (2) ...) NOT-FOR-US: old or nfu CVE-2002-2322 (Ultimate PHP Board (UPB) 1.0b stores the users.dat data file under the ...) NOT-FOR-US: old or nfu CVE-2002-2323 (Sun PC NetLink 1.0 through 1.2 does not properly set the access ...) NOT-FOR-US: old or nfu CVE-2002-2324 (The "System Restore" directory and subdirectories, and possibly other ...) NOT-FOR-US: old or nfu CVE-2002-2325 (The c-client library in Internet Message Access Protocol (IMAP) dated ...) NOT-FOR-US: old or nfu CVE-2002-2326 (The default configuration of Mail.app in Mac OS X 10.0 through 10.0.4 ...) NOT-FOR-US: old or nfu CVE-2002-2327 (Unspecified vulnerability in the environmental monitoring subsystem in ...) NOT-FOR-US: old or nfu CVE-2002-2328 (Active Directory in Windows 2000, when supporting Kerberos V ...) NOT-FOR-US: old or nfu CVE-2002-2329 (ICQ client 2001b, 2002a and 2002b allows remote attackers to cause a ...) NOT-FOR-US: old or nfu CVE-2002-2330 (Cross-site scripting (XSS) vulnerability in stat.pl in StatsPlus 1.25 ...) NOT-FOR-US: old or nfu CVE-2002-2331 (W3Mail 1.0.2 through 1.0.5 with server side scripting (SSI) enabled in ...) NOT-FOR-US: old or nfu CVE-2002-2332 (Buffer overflow in Opera 6.01 allows remote attackers to cause a ...) NOT-FOR-US: old or nfu CVE-2002-2333 (Buffer overflow in konqueror in KDE 2.1 through 3.0 and 3.0.2 allows ...) NOT-FOR-US: old or nfu CVE-2002-2334 (Joe text editor 2.8 through 2.9.7 does not remove the group and user ...) NOT-FOR-US: old or nfu CVE-2002-2335 (Killer Protection 1.0 stores the vars.inc include file under the web ...) NOT-FOR-US: old or nfu CVE-2002-2336 (Norton Personal Firewall 2002 4.0, when configured to automatically ...) NOT-FOR-US: old or nfu CVE-2002-2337 (Kaspersky Anti-Hacker 1.0, when configured to automatically block ...) NOT-FOR-US: old or nfu CVE-2002-2338 (The POP3 mail client in Mozilla 1.0 and earlier, and Netscape ...) NOT-FOR-US: old or nfu CVE-2002-2339 (Cross-site scripting (XSS) vulnerability in configure.asp in ...) NOT-FOR-US: old or nfu CVE-2002-2340 (Cross-site scripting (XSS) vulnerability in read.php in Phorum 3.3.2a ...) NOT-FOR-US: old or nfu CVE-2002-2341 (Cross-site scripting (XSS) vulnerability in content blocking in ...) NOT-FOR-US: old or nfu CVE-2002-2342 (Bannermatic 1, 2, and 3 stores the (1) ban.log, (2) ban.bak, (3) ...) NOT-FOR-US: old or nfu CVE-2002-2343 (Cross-site scripting (XSS) vulnerability in NOCC 0.9 through 0.9.5 ...) NOT-FOR-US: old or nfu CVE-2002-2344 (Ensim WEBppliance 3.0 and 3.1 allows remote attackers to read mail ...) NOT-FOR-US: old or nfu CVE-2002-2345 (Oracle 9i Application Server 9.0.2 stores the web cache administrator ...) NOT-FOR-US: old or nfu CVE-2002-2346 (phpBB 2.0 through 2.0.3 generates names for uploaded avatar files with ...) NOT-FOR-US: old or nfu CVE-2002-2347 (Cross-site scripting (XSS) vulnerability in Oracle Java Server Page ...) NOT-FOR-US: old or nfu CVE-2002-2348 (Cross-site scripting (XSS) vulnerability in athcgi.exe in Authoria HR ...) NOT-FOR-US: old or nfu CVE-2002-2349 (phpinfo.php in phpBBmod 1.3.3 executes the phpinfo function, which ...) NOT-FOR-US: old or nfu CVE-2002-2350 (Cross-site scripting (XSS) vulnerability in z_user_show.php in ...) NOT-FOR-US: old or nfu CVE-2002-2351 (Eudora 5.1 allows remote attackers to bypass security warnings and ...) NOT-FOR-US: old or nfu CVE-2002-2352 (The NBActiveX.ocx ActiveX control in NeoBook 4 allows remote attackers ...) NOT-FOR-US: old or nfu CVE-2002-2353 (tftpd32 2.50 and 2.50.2 allows remote attackers to read or write ...) NOT-FOR-US: old or nfu CVE-2002-2354 (Netgear FM114P firmware 1.3 wireless firewall allows remote attackers ...) NOT-FOR-US: old or nfu CVE-2002-2355 (Netgear FM114P firmware 1.3 wireless firewall, when configured to ...) NOT-FOR-US: old or nfu CVE-2002-2356 (HAMweather 2.x allows remote attackers to modify administrative ...) NOT-FOR-US: old or nfu CVE-2002-2357 (MailEnable 1.5 015 through 1.5 018 allows remote attackers to cause a ...) NOT-FOR-US: old or nfu CVE-2002-2358 (Cross-site scripting (XSS) vulnerability in the FTP view feature in ...) NOT-FOR-US: old or nfu CVE-2002-2359 (Cross-site scripting (XSS) vulnerability in the FTP view feature in ...) NOT-FOR-US: old or nfu CVE-2002-2360 (The RPC module in Webmin 0.21 through 0.99, when installed without ...) NOT-FOR-US: old or nfu CVE-2002-2361 (The installer in Yahoo! Messenger 4.0, 5.0 and 5.5 does not verify ...) NOT-FOR-US: old or nfu CVE-2002-2362 (Cross-site scripting (XSS) vulnerability in form_header.php in ...) NOT-FOR-US: old or nfu CVE-2002-2363 (VJE.VJE-RUN in HP-UX 11.00 adds bin to /etc/PATH, which could allow ...) NOT-FOR-US: old or nfu CVE-2002-2364 (Cross-site scripting (XSS) vulnerability in PHP Ticket 0.5 and earlier ...) NOT-FOR-US: old or nfu CVE-2002-2365 (Simple WAIS (SWAIS) 1.11 allows remote attackers to execute arbitrary ...) NOT-FOR-US: old or nfu CVE-2002-2366 (Buffer overflow in the XML parser of Trillian 0.6351, 0.725 and 0.73 ...) NOT-FOR-US: old or nfu CVE-2002-2367 (Off-by-one buffer overflow in NEC SOCKS5 1.0 r11 and earlier allows ...) NOT-FOR-US: old or nfu CVE-2002-2368 (Multiple buffer overflows in NEC SOCKS5 1.0 r11 and earlier allow ...) NOT-FOR-US: old or nfu CVE-2002-2369 (Perception LiteServe 2.0 allows remote attackers to read password ...) NOT-FOR-US: old or nfu CVE-2002-2370 (SWS web server 0.0.4, 0.0.3 and 0.1.0 allows remote attackers to cause ...) NOT-FOR-US: old or nfu CVE-2002-2371 (Linksys WET11 firmware 1.31 and 1.32 allows remote attackers to cause ...) NOT-FOR-US: old or nfu CVE-2002-2372 (The telnet server in Infoprint 21 running controller software before ...) NOT-FOR-US: old or nfu CVE-2002-2373 (The default configuration of the TCP/IP printer configuration utility ...) NOT-FOR-US: old or nfu CVE-2002-2374 (Unspecified vulnerability in pprosetup in Sun PatchPro 2.0 has unknown ...) NOT-FOR-US: old or nfu CVE-2002-2375 (Directory traversal vulnerability in CommuniGate Pro 4.0b4 and ...) NOT-FOR-US: old or nfu CVE-2002-2376 (Cross-site scripting (XSS) vulnerability in E-Guest_sign.pl in E-Guest ...) NOT-FOR-US: old or nfu CVE-2002-2377 (Cross-site scripting (XSS) vulnerability in addentry.cgi in ZAP 1.0.3 ...) NOT-FOR-US: old or nfu CVE-2002-2378 (Cross-site scripting (XSS) vulnerability in AN HTTP 1.41d allows ...) NOT-FOR-US: old or nfu CVE-2002-2379 (** DISPUTED ** ...) NOT-FOR-US: old or nfu CVE-2002-2380 (NetDSL ADSL Modem 800 with Microsoft Network firmware 5.5.11 allows ...) NOT-FOR-US: old or nfu CVE-2002-2381 (Multiple buffer overflows in (1) tetrinet_inmessage, (2) speclist_add ...) NOT-FOR-US: old or nfu CVE-2002-2382 (cvsupd.sh in CVSup 1.2 allows local users to overwrite arbitrary files ...) NOT-FOR-US: old or nfu CVE-2002-2383 (SQL injection vulnerability in f2html.pl 0.1 through 0.4 allows remote ...) NOT-FOR-US: old or nfu CVE-2002-2384 (hotfoon4.exe in Hotfoon 4.00 stores user names and passwords in ...) NOT-FOR-US: old or nfu CVE-2002-2385 (Buffer overflow in hotfoon4.exe in Hotfoon 4.0 allows remote attackers ...) NOT-FOR-US: old or nfu CVE-2002-2386 (Cross-site scripting (XSS) vulnerability in the Quizz module for XOOPS ...) NOT-FOR-US: old or nfu CVE-2002-2387 (Directory traversal vulnerability in Hyperion FTP server 2.8.1 allows ...) NOT-FOR-US: old or nfu CVE-2002-2388 (Buffer overflow in INweb POP3 mail server 2.01 allows remote attackers ...) NOT-FOR-US: old or nfu CVE-2002-2389 (TheServer 1.74 web server stores server.ini under the web document ...) NOT-FOR-US: old or nfu CVE-2002-2390 (Buffer overflow in the IDENT daemon (identd) in Trillian 0.6351, ...) NOT-FOR-US: old or nfu CVE-2002-2391 (SQL injection vulnerability in index.php of WebChat 1.5 included in ...) NOT-FOR-US: old or nfu CVE-2002-2392 (Winamp 2.65 through 3.0 stores skin files in a predictable file ...) NOT-FOR-US: old or nfu CVE-2002-2393 (Serv-U FTP server 3.0, 3.1 and 4.0.0.4 does not accept new connections ...) NOT-FOR-US: old or nfu CVE-2002-2394 (InterScan VirusWall 3.6 for Linux and 3.52 for Windows allows remote ...) NOT-FOR-US: old or nfu CVE-2002-2395 (InterScan VirusWall 3.52 for Windows allows remote attackers to bypass ...) NOT-FOR-US: old or nfu CVE-2002-2396 (Buffer overflow in Advanced TFTP (atftp) 0.5 and 0.6, if installed ...) NOT-FOR-US: old or nfu CVE-2002-2397 (Sygate personal firewall 5.0 could allow remote attackers to bypass ...) NOT-FOR-US: old or nfu CVE-2002-2398 (The new thread posting page in APBoard 2.02 and 2.03 allows remote ...) NOT-FOR-US: old or nfu CVE-2002-2399 (Directory traversal vulnerability in viewAttachment.cgi in W3Mail ...) NOT-FOR-US: old or nfu CVE-2002-2400 (Buffer overflow in the httpdProcessRequest function in LibHTTPD 1.2 ...) NOT-FOR-US: old or nfu CVE-2002-2401 (NT Virtual DOS Machine (NTVDM.EXE) in Windows 2000, NT and XP does not ...) NOT-FOR-US: old or nfu CVE-2002-2402 (SURECOM broadband router EP-4501 uses a default SNMP read community ...) NOT-FOR-US: old or nfu CVE-2002-2403 (Directory traversal vulnerability in KeyFocus web server 1.0.8 allows ...) NOT-FOR-US: old or nfu CVE-2002-2404 (Buffer overflow in IISPop email server 1.161 and 1.181 allows remote ...) NOT-FOR-US: old or nfu CVE-2002-2405 (Check Point FireWall-1 4.1 and Next Generation (NG), with UserAuth ...) NOT-FOR-US: old or nfu CVE-2002-2406 (Buffer overflow in HTTP server in LiteServe 2.0, 2.0.1 and 2.0.2 ...) NOT-FOR-US: old or nfu CVE-2002-2407 (Certain patches for QNX Neutrino realtime operating system (RTOS) ...) NOT-FOR-US: old or nfu CVE-2002-2408 (Gordano Messaging Server (GMS) Mail 8 (a.k.a. NTMail) only filters ...) NOT-FOR-US: old or nfu CVE-2002-2409 (Photon microGUI in QNX Neutrino realtime operating system (RTOS) 6.1.0 ...) NOT-FOR-US: old or nfu CVE-2002-2410 (openwebmail.pl in Open WebMail 1.7 and 1.71 reveals sensitive ...) NOT-FOR-US: old or nfu CVE-2002-2411 (Buffer overflow in badmin.c in BannerWheel 1.0 allows remote attackers ...) NOT-FOR-US: old or nfu CVE-2002-2412 (Winamp 2.80 stores authentication credentials in plaintext in the (1) ...) NOT-FOR-US: old or nfu CVE-2002-2413 (WebSite Pro 3.1.11.0 on Windows allows remote attackers to read script ...) NOT-FOR-US: old or nfu CVE-2002-2414 (Opera 6.0.3, when using Squid 2.4 for HTTPS proxying, does not ...) NOT-FOR-US: old or nfu CVE-2002-2415 (Allied Telesyn AT-8024 1.3.1 and Rapier 24 switches allow remote ...) NOT-FOR-US: old or nfu CVE-2002-2416 (Directory traversal vulnerability in Zeroo web server 1.5 allows ...) NOT-FOR-US: old or nfu CVE-2002-2417 (acFTP 1.4 does not properly handle when an invalid password is ...) NOT-FOR-US: old or nfu CVE-2002-2418 (Cross-site scripting (XSS) vulnerability in acFreeProxy (aka acFP) ...) NOT-FOR-US: old or nfu CVE-2002-2419 (Direct connect text client (DCTC) client 0.83.3 allows remote ...) NOT-FOR-US: old or nfu CVE-2002-2420 (site_searcher.cgi in Super Site Searcher allows remote attackers to ...) NOT-FOR-US: old or nfu CVE-2002-2421 (acWEB 1.14 allows remote attackers to cause a denial of service ...) NOT-FOR-US: old or nfu CVE-2002-2422 (Cross-site scripting (XSS) vulnerability in Compaq Insight Management ...) NOT-FOR-US: old or nfu CVE-2002-2423 (Sendmail 8.12.0 through 8.12.6 truncates log messages longer than 100 ...) NOT-FOR-US: old or nfu CVE-2002-2424 (Cross-site scripting (XSS) vulnerability in PHP(Reactor) 1.2.7 pl1 ...) NOT-FOR-US: old or nfu CVE-2002-2425 (Sun AnswerBook2 1.2 through 1.4.2 allows remote attackers to execute ...) NOT-FOR-US: old or nfu CVE-2002-2426 (Cross-site request forgery (CSRF) vulnerability in Citrix Presentation ...) NOT-FOR-US: old or nfu CVE-2002-2427 (The security handler in GoAhead WebServer before 2.1.1 allows remote ...) TODO: check CVE-2002-2428 (webs.c in GoAhead WebServer before 2.1.4 allows remote attackers to ...) TODO: check CVE-2002-2429 (webs.c in GoAhead WebServer before 2.1.4 allows remote attackers to ...) TODO: check CVE-2002-2430 (GoAhead WebServer before 2.1.1 allows remote attackers to cause a ...) TODO: check CVE-2002-2431 (Unspecified vulnerability in GoAhead WebServer before 2.1.4 allows ...) TODO: check CVE-2002-2432 (Unspecified vulnerability in NWFTPD.nlm before 5.03b in the FTP server ...) TODO: check CVE-2002-2433 (NWFTPD.nlm before 5.03b in the FTP server in Novell NetWare allows ...) TODO: check CVE-2002-2434 (NWFTPD.nlm before 5.02i in the FTP server in Novell NetWare does not ...) TODO: check CVE-2003-0001 (Multiple ethernet Network Interface Card (NIC) device drivers do not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0002 (Cross-site scripting vulnerability (XSS) in ManualLogin.asp script for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0003 (Buffer overflow in the RPC Locator service for Microsoft Windows NT ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0004 (Buffer overflow in the Windows Redirector function in Microsoft ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0005 RESERVED CVE-2003-0006 RESERVED CVE-2003-0007 (Microsoft Outlook 2002 does not properly handle requests to encrypt ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0008 RESERVED CVE-2003-0009 (Cross-site scripting (XSS) vulnerability in Help and Support Center ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0010 (Integer overflow in JsArrayFunctionHeapSort function used by Windows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0011 (Unknown vulnerability in the DNS intrusion detection application ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0012 (The data collection script for Bugzilla 2.14.x before 2.14.5, 2.16.x ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0013 (The default .htaccess scripts for Bugzilla 2.14.x before 2.14.5, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0014 (gsinterf.c in bmv 1.2 and earlier allows local users to overwrite ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0015 (Double-free vulnerability in CVS 1.11.4 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0016 (Apache before 2.0.44, when running on unpatched Windows 9x and Me ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0017 (Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0018 (Linux kernel 2.4.10 through 2.4.21-pre4 does not properly handle the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0019 (uml_net in the kernel-utils package for Red Hat Linux 8.0 has ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0020 (Apache does not filter terminal escape sequences from its error logs, ...) BUG: 51815 CVE-2003-0021 (The "screen dump" feature in Eterm 0.9.1 and earlier allows attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0022 (The "screen dump" feature in rxvt 2.7.8 allows attackers to overwrite ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0023 (The menuBar feature in rxvt 2.7.8 allows attackers to modify menu ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0024 (The menuBar feature in aterm 0.42 allows attackers to modify menu ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0025 (Multiple SQL injection vulnerabilities in IMP 2.2.8 and earlier allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0026 (Multiple stack-based buffer overflows in the error handling routines ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0027 (Directory traversal vulnerability in Sun Kodak Color Management System ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0028 (Integer overflow in the xdrmem_getbytes() function, and possibly other ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0029 RESERVED CVE-2003-0030 (Buffer overflows in protegrity.dll of Protegrity Secure.Data Extension ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0031 (Multiple buffer overflows in libmcrypt before 2.5.5 allow attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0032 (Memory leak in libmcrypt before 2.5.5 allows attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0033 (Buffer overflow in the RPC preprocessor for Snort 1.8 and 1.9.x before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0034 (Buffer overflow in the mtink status monitor, as included in the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0035 (Buffer overflow in escputil, as included in the printer-drivers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0036 (ml85p, as included in the printer-drivers package for Mandrake Linux, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0037 (Buffer overflows in noffle news server 1.0.1 and earlier allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0038 (Cross-site scripting (XSS) vulnerability in options.py for Mailman 2.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0039 (ISC dhcrelay (dhcp-relay) 3.0rc9 and earlier, and possibly other ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0040 (SQL injection vulnerability in the PostgreSQL auth module for courier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0041 (Kerberos FTP client allows remote FTP sites to execute arbitrary code ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0042 (Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0043 (Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0044 (Multiple cross-site scripting (XSS) vulnerabilities in the (1) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0045 (Jakarta Tomcat before 3.3.1a on certain Windows systems may allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0046 (AbsoluteTelnet SSH2 client does not clear logon credentials from ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0047 (SSH2 clients for VanDyke (1) SecureCRT 4.0.2 and 3.4.7, (2) SecureFX ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0048 (PuTTY 0.53b and earlier does not clear logon credentials from memory, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0049 (Apple File Protocol (AFP) in Mac OS X before 10.2.4 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0050 (parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0051 (parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0052 (parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0053 (Cross-site scripting (XSS) vulnerability in parse_xml.cgi in Apple ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0054 (Apple Darwin Streaming Administration Server 4.1.2 and QuickTime ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0055 (Buffer overflow in the MP3 broadcasting module of Apple Darwin ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0056 (Buffer overflow in secure locate (slocate) before 2.7 allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0057 (Multiple buffer overflows in Hypermail 2 before 2.1.6 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0058 (MIT Kerberos V5 Key Distribution Center (KDC) before 1.2.5 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0059 (Unknown vulnerability in the chk_trans.c of the libkrb5 library for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0060 (Format string vulnerabilities in the logging routines for MIT Kerberos ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0061 (Buffer overflow in passwd for HP UX B.10.20 allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0062 (Buffer overflow in Eset Software NOD32 for UNIX before 1.013 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0063 (The xterm terminal emulator in XFree86 4.2.0 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0064 (The dtterm terminal emulator allows attackers to modify the window ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0065 (The uxterm terminal emulator allows attackers to modify the window ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0066 (The rxvt terminal emulator 2.7.8 and earlier allows attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0067 (The aterm terminal emulator 0.42 allows attackers to modify the window ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0068 (The Eterm terminal emulator 0.9.1 and earlier allows attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0069 (The PuTTY terminal emulator 0.53 allows attackers to modify the window ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0070 (VTE, as used by default in gnome-terminal terminal emulator 2.2 and as ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0071 (The DEC UDK processing feature in the xterm terminal emulator in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0072 (The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0073 (Double-free vulnerability in mysqld for MySQL before 3.23.55 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0074 (Format string vulnerability in mpmain.c for plpnfsd of the plptools ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0075 (Integer signedness error in the myFseek function of samplein.c for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0076 (Unknown vulnerability in the directory parser for Direct Connect 4 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0077 (The hanterm (hanterm-xf) terminal emulator 2.0.5 and earlier, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0078 (ssl3_get_record in s3_pkt.c for OpenSSL before 0.9.7a and 0.9.6 before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0079 (The DEC UDK processing feature in the hanterm (hanterm-xf) terminal ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0080 (The iptables ruleset in Gnome-lokkit in Red Hat Linux 8.0 does not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0081 (Format string vulnerability in packet-socks.c of the SOCKS dissector ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0082 (The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0083 (Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0084 (mod_auth_any package in Red Hat Enterprise Linux 2.1 and other ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0085 (Buffer overflow in the SMB/CIFS packet fragment re-assembly code for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0086 (The code for writing reg files in Samba before 2.2.8 allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0087 (Buffer overflow in libIM library (libIM.a) for National Language ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0088 (TruBlueEnvironment for MacOS 10.2.3 and earlier allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0089 (Buffer overflow in the Software Distributor utilities for HP-UX ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0090 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0091 (Stack-based buffer overflow in the bsd_queue() function for lpq on ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0092 (Heap-based buffer overflow in dtsession for Solaris 2.5.1 through ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0093 (The RADIUS decoder in tcpdump 3.6.2 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0094 (A patch for mcookie in the util-linux package for Mandrake Linux 8.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0095 (Buffer overflow in ORACLE.EXE for Oracle Database Server 9i, 8i, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0096 (Multiple buffer overflows in Oracle 9i Database release 2, Release 1, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0097 (Unknown vulnerability in CGI module for PHP 4.3.0 allows attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0098 (Unknown vulnerability in apcupsd before 3.8.6, and 3.10.x before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0099 (Multiple buffer overflows in apcupsd before 3.8.6, and 3.10.x before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0100 (Buffer overflow in Cisco IOS 11.2.x to 12.0.x allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0101 (miniserv.pl in (1) Webmin before 1.070 and (2) Usermin before 1.000 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0102 (Buffer overflow in tryelf() in readelf.c of the file command allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0103 (Format string vulnerability in Nokia 6210 handset allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0104 (Directory traversal vulnerability in PeopleTools 8.10 through 8.18, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0105 (ServerMask 2.2 and earlier does not obfuscate (1) ETag, (2) HTTP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0106 (The HTTP proxy for Symantec Enterprise Firewall (SEF) 7.0 allows proxy ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0107 (Buffer overflow in the gzprintf function in zlib 1.1.4, when zlib is ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0108 (isakmp_sub_print in tcpdump 3.6 through 3.7.1 allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0109 (Buffer overflow in ntdll.dll on Microsoft Windows NT 4.0, Windows NT ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0110 (The Winsock Proxy service in Microsoft Proxy Server 2.0 and the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0111 (The ByteCode Verifier component of Microsoft Virtual Machine (VM) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0112 (Buffer overflow in Windows Kernel allows local users to gain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0113 (Buffer overflow in URLMON.DLL in Microsoft Internet Explorer 5.01, 5.5 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0114 (The file upload control in Microsoft Internet Explorer 5.01, 5.5, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0115 (Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0116 (Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0117 (Buffer overflow in the HTTP receiver function (BizTalkHTTPReceive.dll ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0118 (SQL injection vulnerability in the Document Tracking and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0119 (The secldapclntd daemon in AIX 4.3, 5.1 and 5.2 uses an Internet ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0120 (adb2mhc in the mhc-utils package before 0.25+20010625-7.1 allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0121 (Clearswift MAILsweeper 4.x allows remote attackers to bypass ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0122 (Buffer overflow in Notes server before Lotus Notes R4, R5 before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0123 (Buffer overflow in Web Retriever client for Lotus Notes/Domino R4.5 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0124 (man before 1.5l allows attackers to execute arbitrary code via a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0125 (Buffer overflow in the web interface for SOHO Routefinder 550 before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0126 (The web interface for SOHO Routefinder 550 firmware 4.63 and earlier, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0127 (The kernel module loader in Linux kernel 2.2.x before 2.2.25, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0128 (The try_uudecoding function in mail-format.c for Ximian Evolution Mail ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0129 (Ximian Evolution Mail User Agent 1.2.2 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0130 (The handle_image function in mail-format.c for Ximian Evolution Mail ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0131 (The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0132 (A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0133 (GtkHTML, as included in Evolution before 1.2.4, allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0134 (Unknown vulnerability in filestat.c for Apache running on OS2, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0135 (vsftpd FTP daemon in Red Hat Linux 9 is not compiled against TCP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0136 (psbanner in the LPRng package allows local users to overwrite ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0137 (SNMP daemon in the DX200 based network element for Nokia Serving GPRS ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0138 (Version 4 of the Kerberos protocol (krb4), as used in Heimdal and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0139 (Certain weaknesses in the implementation of version 4 of the Kerberos ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0140 (Buffer overflow in Mutt 1.4.0 and possibly earlier versions, 1.5.x up ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0141 (The PNG deflate algorithm in RealOne Player 6.0.11.x and earlier, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0142 (Adobe Acrobat Reader (acroread) 6, under certain circumstances when ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0143 (The pop_msg function in qpopper 4.0.x before 4.0.5fc2 does not null ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0144 (Buffer overflow in the lprm command in the lprold lpr package on SuSE ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0145 (Unknown vulnerability in tcpdump before 3.7.2 related to an inability ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0146 (Multiple vulnerabilities in NetPBM 9.20 and earlier, and possibly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0147 (OpenSSL does not use RSA blinding by default, which allows local and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0148 (The default installation of MSDE via McAfee ePolicy Orchestrator 2.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0149 (Heap-based buffer overflow in ePO agent for McAfee ePolicy ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0150 (MySQL 3.23.55 and earlier creates world-writeable files and allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0151 (BEA WebLogic Server and Express 6.0 through 7.0 does not properly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0152 (Unknown vulnerability in bonsai Mozilla CVS query tool allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0153 (bonsai Mozilla CVS query tool leaks the absolute pathname of the tool ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0154 (Cross-site scripting vulnerabilities (XSS) in bonsai Mozilla CVS query ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0155 (bonsai Mozilla CVS query tool allows remote attackers to gain access ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0156 (Directory traversal vulnerability in Cross-Referencing Linux (LXR) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0157 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0158 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0159 (Heap-based buffer overflow in the NTLMSSP code for Ethereal 0.9.9 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0160 (Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0161 (The prescan() function in the address parser (parseaddr.c) in Sendmail ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0162 (Ecartis 1.0.0 (formerly listar) before snapshot 20030227 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0163 (decrypt_msg for the Gaim-Encryption GAIM plugin 1.15 and earlier does ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0164 RESERVED CVE-2003-0165 (Format string vulnerability in Eye Of Gnome (EOG) allows attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0166 (Integer signedness error in emalloc() function for PHP before 4.3.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0167 (Multiple off-by-one buffer overflows in the IMAP capability for Mutt ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0168 (Buffer overflow in Apple QuickTime Player 5.x and 6.0 for Windows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0169 (hpnst.exe in the GoAhead-Webs webserver for HP Instant TopTools before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0170 (Unknown vulnerability in ftpd in IBM AIX 5.2, when configured to use ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0171 (DirectoryServices in MacOS X trusts the PATH environment variable to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0172 (Buffer overflow in openlog function for PHP 4.3.1 on Windows operating ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0173 (xfsdq in xfsdump does not create quota information files securely, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0174 (The LDAP name service (nsd) in IRIX 6.5.19 and earlier does not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0175 (SGI IRIX before 6.5.21 allows local users to cause a denial of service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0176 (The Name Service Daemon (nsd), when running on an NIS master on SGI ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0177 (SGI IRIX 6.5.x through 6.5.20f, and possibly earlier versions, does ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0178 (Multiple buffer overflows in Lotus Domino Web Server before 6.0.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0179 (Buffer overflow in the COM Object Control Handler for Lotus Domino ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0180 (Lotus Domino Web Server (nhttp.exe) before 6.0.1 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0181 (Lotus Domino Web Server (nhttp.exe) before 6.0.1 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0182 RESERVED CVE-2003-0183 RESERVED CVE-2003-0184 RESERVED CVE-2003-0185 RESERVED CVE-2003-0186 RESERVED CVE-2003-0187 (The connection tracking core of Netfilter for Linux 2.4.20, with ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0188 (lv reads a .lv file from the current working directory, which allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0189 (The authentication module for Apache 2.0.40 through 2.0.45 on Unix ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0190 (OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0192 (Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0193 (msxlsview.sh in xlsview for catdoc 0.91 and earlier allows local users ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0194 (tcpdump does not properly drop privileges to the pcap user when ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0195 (CUPS before 1.1.19 allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0196 (Multiple buffer overflows in Samba before 2.2.8a may allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0197 (Buffer overflow gds_lock_mgr of Interbase Database 6.x allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0198 (Mac OS X before 10.2.5 allows guest users to modify the permissions of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0199 RESERVED CVE-2003-0200 RESERVED CVE-2003-0201 (Buffer overflow in the call_trans2open function in trans2.c for Samba ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0202 (The (1) halstead and (2) gather_stats scripts in metrics 1.0 allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0203 (Buffer overflow in moxftp 2.2 and earlier allows remote malicious FTP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0204 (KDE 2 and KDE 3.1.1 and earlier 3.x versions allows attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0205 (gkrellm-newsticker gkrellm plugin before 0.3-3.1 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0206 (gkrellm-newsticker gkrellm plugin before 0.3-3.1 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0207 (ps2epsi creates insecure temporary files when calling ghostscript, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0208 (Cross-site scripting (XSS) vulnerability in Macromedia Flash ad user ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0209 (Integer overflow in the TCP stream reassembly module (stream4) for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0210 (Buffer overflow in the administration service (CSAdmin) for Cisco ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0211 (Memory leak in xinetd 2.3.10 allows remote attackers to cause a denial ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0212 (handleAccept in rinetd before 0.62 does not properly resize the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0213 (ctrlpacket.c in PoPToP PPTP server before 1.1.4-b3 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0214 (run-mailcap in mime-support 3.22 and earlier allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0215 (SQL injection vulnerability in bttlxeForum 2.0 beta 3 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0216 (Unknown vulnerability in Cisco Catalyst 7.5(1) allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0217 (Cross-site scripting (XSS) vulnerability in Neoteris Instant Virtual ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0218 (Buffer overflow in PostMethod() function for Monkey HTTP Daemon ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0219 (Kerio Personal Firewall (KPF) 2.1.4 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0220 (Buffer overflow in the administrator authentication process for Kerio ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0221 (The (1) dupatch and (2) setld utilities in HP Tru64 UNIX 5.1B PK1 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0222 (Stack-based buffer overflow in Oracle Net Services for Oracle Database ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0223 (Cross-site scripting vulnerability (XSS) in the ASP function ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0224 (Buffer overflow in ssinc.dll for Microsoft Internet Information ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0225 (The ASP function Response.AddHeader in Microsoft Internet Information ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0226 (Microsoft Internet Information Services (IIS) 5.0 and 5.1 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0227 (The logging capability for unicast and multicast transmissions in the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0228 (Directory traversal vulnerability in Microsoft Windows Media Player ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0229 RESERVED CVE-2003-0230 (Microsoft SQL Server 7, 2000, and MSDE allows local users to gain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0231 (Microsoft SQL Server 7, 2000, and MSDE allows local or remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0232 (Microsoft SQL Server 7, 2000, and MSDE allows local users to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0233 (Heap-based buffer overflow in plugin.ocx for Internet Explorer 5.01, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0234 RESERVED CVE-2003-0235 (Format string vulnerability in POP3 client for Mirabilis ICQ Pro 2003a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0236 (Integer signedness errors in the POP3 client for Mirabilis ICQ Pro ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0237 (The "ICQ Features on Demand" functionality for Mirabilis ICQ Pro 2003a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0238 (The Message Session window in Mirabilis ICQ Pro 2003a allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0239 (icqateimg32.dll parsing/rendering library in Mirabilis ICQ Pro 2003a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0240 (The web-based administration capability for various Axis Network ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0241 (FrontRange GoldMine mail agent 5.70 and 6.00 before 30503 directly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0242 (IPSec in Mac OS X before 10.2.6 does not properly handle certain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0243 (Happycgi.com Happymall 4.3 and 4.4 allows remote attackers to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0244 (The route cache implementation in Linux 2.4, and the Netfilter IP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0245 (Vulnerability in the apr_psprintf function in the Apache Portable ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0246 (The ioperm system call in Linux kernel 2.4.20 and earlier does not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0247 (Unknown vulnerability in the TTY layer of the Linux kernel 2.4 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0248 (The mxcsr code in Linux kernel 2.4 allows attackers to modify CPU ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0249 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0250 RESERVED CVE-2003-0251 (ypserv NIS server before 2.7 allows remote attackers to cause a denial ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0252 (Off-by-one error in the xlog function of mountd in the Linux NFS utils ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0253 (The prefork MPM in Apache 2 before 2.0.47 does not properly handle ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0254 (Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0255 (The key validation code in GnuPG before 1.2.2 does not properly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0256 (The GnuPG plugin in kopete before 0.6.2 does not properly cleanse the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0257 (Format string vulnerability in the printer capability for IBM AIX .3, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0258 (Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0259 (Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0260 (Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0261 (fuzz 0.6 and earlier creates temporary files insecurely, which could ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0262 (leksbot 1.2.3 in Debian GNU/Linux installs the KATAXWR as setuid root, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0263 (Multiple buffer overflows in Floosietek FTGate Pro Mail Server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0264 (Multiple buffer overflows in SLMail 5.1.0.4420 allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0265 (Race condition in SDBINST for SAP database 7.3.0.29 creates critical ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0266 (Multiple buffer overflows in SLWebMail 3 on Windows systems allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0267 (ShowGodLog.dll in SLWebMail 3 on Windows systems allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0268 (SLWebMail 3 on Windows systems allows remote attackers to identify the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0269 (Buffer overflow in youbin allows local users to gain privileges via a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0270 (The administration capability for Apple AirPort 802.11 wireless access ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0271 (Buffer overflow in Personal FTP Server allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0272 (admin.php in miniPortail allows remote attackers to gain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0273 (Cross-site scripting (XSS) vulnerability in the web interface for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0274 (Buffer overflow in catmail for ListProc 8.2.09 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0275 (SSI.php in YaBB SE 1.5.2 allows remote attackers to execute arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0276 (Buffer overflow in Pi3Web 2.0.1 allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0277 (Directory traversal vulnerability in normal_html.cgi in Happycgi.com ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0278 (Cross-site scripting (XSS) vulnerability in normal_html.cgi in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0279 (Multiple SQL injection vulnerabilities in the Web_Links module for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0280 (Multiple buffer overflows in the SMTP Service for ESMTP CMailServer ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0281 (Buffer overflow in Firebird 1.0.2 and other versions before 1.5, and ...) BUG: 20837 CVE-2003-0282 (Directory traversal vulnerability in UnZip 5.50 allows attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0283 (Cross-site scripting (XSS) vulnerability in Phorum before 3.4.3 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0284 (Adobe Acrobat 5 does not properly validate JavaScript in PDF files, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0285 (IBM AIX 5.2 and earlier distributes Sendmail with a configuration file ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0286 (SQL injection vulnerability in register.asp in Snitz Forums 2000 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0287 (Cross-site scripting (XSS) vulnerability in Movable Type before 2.6, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0288 (Buffer overflow in the file & folder transfer mechanism for IP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0289 (Format string vulnerability in scsiopen.c of the cdrecord program in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0290 (Memory leak in eServ 2.9x allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0291 (3com OfficeConnect Remote 812 ADSL Router 1.1.7 does not properly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0292 (Cross-site scripting (XSS) vulnerability in Inktomi Traffic-Server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0293 (PalmOS allows remote attackers to cause a denial of service (CPU ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0294 (autohtml.php in php-proxima 6.0 and earlier allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0295 (Cross-site scripting (XSS) vulnerability in private.php for vBulletin ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0296 (The IMAP Client for Evolution 1.2.4 allows remote malicious IMAP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0297 (c-client IMAP Client, as used in imap-2002b and Pine 4.53, allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0298 (The IMAP Client for Mozilla 1.3 and 1.4a allows remote malicious IMAP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0299 (The IMAP Client, as used in mutt 1.4.1 and Balsa 2.0.10, allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0300 (The IMAP Client for Sylpheed 0.8.11 allows remote malicious IMAP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0301 (The IMAP Client for Outlook Express 6.00.2800.1106 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0302 (The IMAP Client for Eudora 5.2.1 allows remote malicious IMAP servers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0303 (SQL injection vulnerability in one||zero (aka One or Zero) Helpdesk ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0304 (one||zero (aka One or Zero) Helpdesk 1.4 rc4 allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0305 (The Service Assurance Agent (SAA) in Cisco IOS 12.0 through 12.2, aka ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0306 (Buffer overflow in EXPLORER.EXE on Windows XP allows attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0307 (Poster version.two allows remote authenticated users to gain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0308 (The Sendmail 8.12.3 package in Debian GNU/Linux 3.0 does not securely ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0309 (Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to bypass ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0310 (Cross-site scripting (XSS) vulnerability in articleview.php for eZ ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0311 RESERVED CVE-2003-0312 (Directory traversal vulnerability in Snowblind Web Server 1.0 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0313 (Directory traversal vulnerability in Snowblind Web Server 1.0 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0314 (Snowblind Web Server 1.0 allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0315 (Snowblind Web Server 1.0 allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0316 (Venturi Client before 2.2, as used in certain Fourelle and Venturi ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0317 (iisPROTECT 2.1 and 2.2 allows remote attackers to bypass ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0318 (Cross-site scripting (XSS) vulnerability in the Statistics module for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0319 (Buffer overflow in the IMAP server (IMAPMax) for SmartMax MailMax ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0320 (header.php in ttCMS 2.3 and earlier allows remote attackers to inject ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0321 (Multiple buffer overflows in BitchX IRC client 1.0-0c19 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0322 (Integer overflow in BitchX IRC client 1.0-0c19 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0323 (Multiple buffer overflows in ircII 20020912 allows remote malicious ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0324 (Buffer overflows in EPIC IRC Client (EPIC4) 1.0.1 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0325 (Buffer overflow in Maelstrom 3.0.6, 3.0.5, and earlier allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0326 (Integer overflow in parse_decode_path() of slocate may allow attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0327 (Sybase Adaptive Server Enterprise (ASE) 12.5 allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0328 (EPIC IRC Client (EPIC4) pre2.002, pre2.003, and possibly later ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0329 (CesarFTP 0.99g stores user names and passwords in plaintext in the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0330 (Buffer overflow in unknown versions of Maelstrom allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0331 (SQL injection vulnerability in ttForum allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0332 (The ISAPI extension in BadBlue 1.7 through 2.2, and possibly earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0333 (Multiple buffer overflows in kermit in HP-UX 10.20 and 11.00 (C-Kermit ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0334 (BitchX IRC client 1.0c20cvs and earlier allows attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0335 (rc.M in Slackware 9.0 calls quotacheck with the -M option, which ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0336 (Qualcomm Eudora 5.2.1 allows remote attackers to read arbitrary files ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0337 (The ckconfig command in lsadmin for Load Sharing Facility (LSF) 5.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0338 (Directory traversal vulnerability in WsMp3 daemon (WsMp3d) 0.0.10 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0339 (Multiple heap-based buffer overflows in WsMp3 daemon (WsMp3d) 0.0.10 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0340 (Demarc Puresecure 1.6 stores authentication information for the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0341 (Cross-site scripting (XSS) vulnerability in Owl Intranet Engine 0.71 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0342 (BlackMoon FTP Server 2.6 Free Edition, and possibly other ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0343 (BlackMoon FTP Server 2.6 Free Edition, and possibly other ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0344 (Buffer overflow in Microsoft Internet Explorer 5.01, 5.5, and 6.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0345 (Buffer overflow in the SMB capability for Microsoft Windows XP, 2000, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0346 (Multiple integer overflows in a Microsoft Windows DirectX MIDI library ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0347 (Heap-based buffer overflow in VBE.DLL and VBE6.DLL of Microsoft Visual ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0348 (A certain Microsoft Windows Media Player 9 Series ActiveX control ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0349 (Buffer overflow in the streaming media component for logging multicast ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0350 (The control for listing accessibility options in the Accessibility ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0351 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0352 (Buffer overflow in a certain DCOM interface for RPC in Microsoft ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0353 (Buffer overflow in a component of SQL-DMO for Microsoft Data Access ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0354 (Unknown vulnerability in GNU Ghostscript before 7.07 allows attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0355 (Safari 1.0 Beta 2 (v73) and earlier does not validate the Common Name ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0356 (Multiple off-by-one vulnerabilities in Ethereal 0.9.11 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0357 (Multiple integer overflow vulnerabilities in Ethereal 0.9.11 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0358 (Buffer overflow in (1) nethack 3.4.0 and earlier, and (2) falconseye ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0359 (nethack 3.4.0 and earlier installs certain setgid binaries with ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0360 (Multiple buffer overflows in gPS before 1.0.0 allow attackers to cause ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0361 (gPS before 1.1.0 does not properly follow the rgpsp connection source ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0362 (Buffer overflow in gPS before 0.10.2 may allow local users to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0363 (Format string vulnerability in LICQ 1.2.6, 1.0.3 and possibly other ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0364 (The TCP/IP fragment reassembly handling in the Linux kernel 2.4 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0365 (ICQLite 2003a creates the ICQ Lite directory with an ACE for "Full ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0366 (lyskom-server 2.0.7 and earlier allows unauthenticated users to cause ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0367 (znew in the gzip package allows local users to overwrite arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0368 (Nokia Gateway GPRS support node (GGSN) allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0369 RESERVED CVE-2003-0370 (Konqueror Embedded and KDE 2.2.2 and earlier does not validate the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0371 (Buffer overflow in Prishtina FTP client 1.x allows remote FTP servers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0372 (Signed integer vulnerability in libnasl in Nessus before 2.0.6 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0373 (Multiple buffer overflows in libnasl in Nessus before 2.0.6 allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0374 (Multiple unknown vulnerabilities in Nessus before 2.0.6, in libnessus ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0375 (Cross-site scripting (XSS) vulnerability in member.php of XMBforum XMB ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0376 (Buffer overflow in Eudora 5.2.1 allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0377 (SQL injection vulnerability in the web-based administration interface ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0378 (The Kerberos login authentication feature in Mac OS X, when used with ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0379 (Unknown vulnerability in Apple File Service (AFP Server) for Mac OS X ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0380 (Buffer overflow in atftp daemon (atftpd) 0.6.1 and earlier, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0381 (Multiple vulnerabilities in noweb 2.9 and earlier creates temporary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0382 (Buffer overflow in Eterm 0.9.2 allows local users to gain privileges ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0384 RESERVED CVE-2003-0385 (Buffer overflow in xaos 3.0-23 and earlier, when running setuid, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0386 (OpenSSH 3.6.1 and earlier, when restricting host access by numeric IP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0387 RESERVED CVE-2003-0388 (pam_wheel in Linux-PAM 0.78, with the trust option enabled and the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0389 (Cross-site scripting (XSS) vulnerability in the secure redirect ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0390 (Multiple buffer overflows in Options Parsing Tool (OPT) shared library ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0391 (Format string vulnerability in Magic WinMail Server 2.3, and possibly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0392 (Directory traversal vulnerability in ST FTP Service 3.0 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0393 (Privacyware Privatefirewall 3.0 does not block certain incoming ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0394 (objects.inc.php4 in BLNews 2.1.3 allows remote attackers to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0395 (Ultimate PHP Board (UPB) 1.9 allows remote attackers to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0396 (Buffer overflow in les for ATM on Linux (linux-atm) before 2.4.1, if ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0397 (Buffer overflow in FastTrack (FT) network code, as used in Kazaa 2.0.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0398 (Vignette StoryServer 4 and 5, and Vignette V/5 and V/6, with the SSI ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0399 (Vignette StoryServer 4 and 5, Vignette V/5, and possibly other ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0400 (Vignette StoryServer and Vignette V/5 does not properly calculate the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0401 (Vignette StoryServer and Vignette V/5 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0402 (The default login template (/vgn/login) in Vignette StoryServer 5 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0403 (Vignette StoryServer 5 and Vignette V/5 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0404 (Multiple Cross Site Scripting (XSS) vulnerabilities in Vignette ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0405 (Vignette StoryServer 5 and Vignette V/6 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0406 (PalmVNC 1.40 and earlier stores passwords in plaintext in the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0407 (Buffer overflow in gbnserver for Gnome Batalla Naval 1.0.4 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0408 (Buffer overflow in Uptime Client (UpClient) 5.0b7, and possibly other ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0409 (Buffer overflow in BRS WebWeaver 1.04 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0410 (Buffer overflow in AnalogX Proxy 4.13 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0411 (Sun ONE Application Server 7.0 for Windows 2000/XP allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0412 (Sun ONE Application Server 7.0 for Windows 2000/XP does not log the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0413 (Cross-site scripting (XSS) vulnerability in the webapps-simple sample ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0414 (The installation of Sun ONE Application Server 7.0 for Windows 2000/XP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0415 (Remote PC Access Server 2.2 allows remote attackers to cause a denial ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0416 (Cross-site scripting (XSS) vulnerability in index.cgi for Bandmin 1.4 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0417 (Directory traversal vulnerability in Son hServer 0.2 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0418 (The Linux 2.0 kernel IP stack does not properly calculate the size of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0419 (SMC Networks Barricade Wireless Cable/DSL Broadband Router SMC7004VWBR ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0420 (Information leak in dsimportexport for Apple Macintosh OS X Server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0421 (Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0422 (Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0423 (parse_xml.cgi in Apple QuickTime / Darwin Streaming Server before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0424 (Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0425 (Directory traversal vulnerability in Apple QuickTime / Darwin ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0426 (The installation of Apple QuickTime / Darwin Streaming Server before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0427 (Buffer overflow in mikmod 3.1.6 and earlier allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0428 (Unknown vulnerability in the DCERPC (DCE/RPC) dissector in Ethereal ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0429 (The OSI dissector in Ethereal 0.9.12 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0430 (The SPNEGO dissector in Ethereal 0.9.12 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0431 (The tvb_get_nstringz0 function in Ethereal 0.9.12 and earlier does not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0432 (Ethereal 0.9.12 and earlier does not handle certain strings properly, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0433 (Multiple buffer overflows in gnocatan 0.6.1 and earlier allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0434 (Various PDF viewers including (1) Adobe Acrobat 5.06 and (2) Xpdf 1.01 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0435 (Buffer overflow in net_swapscore for typespeed 0.4.1 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0436 (Buffer overflow in search.cgi for mnoGoSearch 3.1.20 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0437 (Buffer overflow in search.cgi for mnoGoSearch 3.2.10 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0438 (eldav WebDAV client for Emacs, version 0.7.2 and earlier, allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0439 RESERVED CVE-2003-0440 (The (1) semi MIME library 1.14.5 and earlier, and (2) wemi 1.14.0 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0441 (Multiple buffer overflows in Orville Write (orville-write) 2.53 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0442 (Cross-site scripting (XSS) vulnerability in the transparent SID ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0443 RESERVED CVE-2003-0444 (Heap-based buffer overflow in GTKSee 0.5 and 0.5.1 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0445 (Buffer overflow in webfs before 1.17.1 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0446 (Cross-site scripting (XSS) in Internet Explorer 5.5 and 6.0, possibly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0447 (The Custom HTTP Errors capability in Internet Explorer 5.01, 5.5 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0448 (Portmon 1.7 and possibly earlier versions allows local users to read ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0449 (Progress Database 9.1 to 9.1D06 trusts user input to find and load ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0450 (Cistron RADIUS daemon (radiusd-cistron) 1.6.6 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0451 (Multiple buffer overflows in xbl before 1.0k allow local users to gain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0452 (Buffer overflows in osh before 1.7-11 allow local users to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0453 (traceroute-nanog 6.1.1 allows local users to overwrite unauthorized ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0454 (Multiple buffer overflows in xgalaga 2.0.34 and earlier allow local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0455 (The imagemagick libmagick library 5.5 and earlier creates temporary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0456 (VisNetic WebSite 3.5 allows remote attackers to obtain the full ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0457 RESERVED CVE-2003-0458 (Unknown vulnerability in HP NonStop Server D40.00 through D48.03, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0459 (KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0460 (The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0461 (/proc/tty/driver/serial in Linux 2.4.x reveals the exact number of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0462 (A race condition in the way env_start and env_end pointers are ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0463 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0464 (The RPC code in Linux kernel 2.4 sets the reuse flag when sockets are ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0465 (The kernel strncpy function in Linux 2.4 and 2.5 does not %NUL pad the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0466 (Off-by-one error in the fb_realpath() function, as derived from the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0467 (Unknown vulnerability in ip_nat_sack_adjust of Netfilter in Linux ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0468 (Postfix 1.1.11 and earlier allows remote attackers to use Postfix to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0469 (Buffer overflow in the HTML Converter (HTML32.cnv) on various Windows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0470 (Buffer overflow in the "RuFSI Utility Class" ActiveX control (aka ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0471 (Buffer overflow in WebAdmin.exe for WebAdmin allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0472 (The IPv6 capability in IRIX 6.5.19 allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0473 (Unknown vulnerability in the IPv6 capability in IRIX 6.5.19 causes ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0474 (Directory traversal vulnerability in iWeb Server allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0475 (Directory traversal vulnerability in iWeb Server 2 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0476 (The execve system call in Linux 2.4.x records the file descriptor of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0477 (wzdftpd 0.1rc4 and earlier allows remote attackers to cause a denial ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0478 (Format string vulnerability in (1) Bahamut IRCd 1.4.35 and earlier, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0479 (Cross-site scripting (XSS) vulnerability in the guestbook for WebBBS ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0480 (VMware Workstation 4.0 for Linux allows local users to overwrite ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0481 (Multiple cross-site scripting (XSS) vulnerabilities in TUTOS 1.1 allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0482 (TUTOS 1.1 allows remote attackers to execute arbitrary code by ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0483 (Cross-site scripting (XSS) vulnerabilities in XMB Forum 1.8 Partagium ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0484 (Cross-site scripting (XSS) vulnerability in viewtopic.php for phpBB ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0485 (Buffer overflow in Progress 4GL Compiler 9.1D06 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0486 (SQL injection vulnerability in viewtopic.php for phpBB 2.0.5 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0487 (Multiple buffer overflows in Kerio MailServer 5.6.3 allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0488 (Multiple cross-site scripting (XSS) vulnerabilities in Kerio ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0489 (tcptraceroute 1.4 and earlier does not fully drop privileges after ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0490 (The installation of Dantz Retrospect Client 5.0.540 on MacOS X 10.2.6, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0491 (The Tutorials 2.0 module in XOOPS and E-XOOPS allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0492 (Cross-site scripting (XSS) vulnerability in search.asp for Snitz ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0493 (Snitz Forums 3.4.03 and earlier allows attackers to gain privileges as ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0494 (password.asp in Snitz Forums 3.4.03 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0495 (Cross-site scripting (XSS) vulnerability in LedNews 0.7 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0496 (Microsoft SQL Server before Windows 2000 SP4 allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0497 (CachÃ© Database 5.x installs /cachesys/bin/cache with world-writable ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0498 (CachÃ© Database 5.x installs the /cachesys/csp directory with insecure ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0499 (Mantis 0.17.5 and earlier stores its database password in cleartext in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0500 (SQL injection vulnerability in the PostgreSQL authentication module ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0501 (The /proc filesystem in Linux allows local users to obtain sensitive ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0502 (Apple QuickTime / Darwin Streaming Server before 4.1.3g allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0503 (Buffer overflow in the ShellExecute API function of SHELL32.DLL in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0504 (Multiple cross-site scripting (XSS) vulnerabilities in Phpgroupware ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0505 (Directory traversal vulnerability in Microsoft NetMeeting 3.01 2000 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0506 (Microsoft NetMeeting 3.01 2000 before SP4 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0507 (Stack-based buffer overflow in Active Directory in Windows 2000 before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0508 (Buffer overflow in the WWWLaunchNetscape function of Adobe Acrobat ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0509 (SQL injection vulnerability in Cyberstrong eShop 4.2 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0510 (Format string vulnerability in ezbounce 1.0 through 1.50 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0511 (The web server for Cisco Aironet AP1x00 Series Wireless devices ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0512 (Cisco IOS 12.2 and earlier generates a "% Login invalid" message ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0513 (Microsoft Internet Explorer allows remote attackers to bypass intended ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0514 (Apple Safari allows remote attackers to bypass intended cookie access ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0515 (SQL injection vulnerabilities in the (1) PostgreSQL or (2) MySQL ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0516 (cnd.c in mgetty 1.1.28 and earlier does not properly filter ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0517 (faxrunqd.in in mgetty 1.1.28 and earlier allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0518 (The screen saver in MacOS X allows users with physical access to cause ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0519 (Certain versions of Internet Explorer 5 and 6, in certain Windows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0520 (Trillian 1.0 Pro and 0.74 Freeware allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0521 (Cross-site scripting (XSS) vulnerability in cPanel 6.4.2 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0522 (Multiple SQL injection vulnerabilities in ProductCart 1.5 through 2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0523 (Cross-site scripting (XSS) vulnerability in msg.asp for certain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0524 (Qt in Knoppix 3.1 Live CD allows local users to overwrite arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0525 (The getCanonicalPath function in Windows NT 4.0 may free memory that ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0526 (Cross-site scripting (XSS) vulnerability in Microsoft Internet ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0527 RESERVED CVE-2003-0528 (Heap-based buffer overflow in the Distributed Component Object Model ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0529 RESERVED CVE-2003-0530 (Buffer overflow in the BR549.DLL ActiveX control for Internet Explorer ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0531 (Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0532 (Internet Explorer 5.01 SP3 through 6.0 SP1 does not properly determine ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0533 (Stack-based buffer overflow in certain Active Directory service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0534 RESERVED CVE-2003-0535 (Buffer overflow in xbl 1.0k and earlier allows local users to gain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0536 (Directory traversal vulnerability in phpSysInfo 2.1 and earlier allows ...) BUG: 26782 CVE-2003-0537 (The liece Emacs IRC client 2.0+0.20030527 and earlier creates ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0538 (The mailcap file for mozart 1.2.5 and earlier causes Oz applications ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0539 (skk (Simple Kana to Kanji conversion program) 12.1 and earlier, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0540 (The address parser code in Postfix 1.1.12 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0541 (gtkhtml before 1.1.10, as used in Evolution, allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0542 (Multiple stack-based buffer overflows in (1) mod_alias and (2) ...) BUG: 32271 BUG: 32194 CVE-2003-0543 (Integer overflow in OpenSSL 0.9.6 and 0.9.7 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0544 (OpenSSL 0.9.6 and 0.9.7 does not properly track the number of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0545 (Double free vulnerability in OpenSSL 0.9.7 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0546 (up2date 3.0.7 and 3.1.23 does not properly verify RPM GPG signatures, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0547 (GDM before 2.4.1.6, when using the "examine session errors" feature, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0548 (The X Display Manager Control Protocol (XDMCP) support for GDM before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0549 (The X Display Manager Control Protocol (XDMCP) support for GDM before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0550 (The STP protocol, as enabled in Linux 2.4.x, does not provide ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0551 (The STP protocol implementation in Linux 2.4.x does not properly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0552 (Linux 2.4.x allows remote attackers to spoof the bridge Forwarding ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0553 (Buffer overflow in the Client Detection Tool (CDT) plugin (npcdt.dll) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0554 (NeoModus Direct Connect 1.0 build 9, and possibly other versions, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0555 (ImageMagick 5.4.3.x and earlier allows attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0556 (Polycom MGC 25 allows remote attackers to cause a denial of service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0557 (SQL injection vulnerability in login.asp for StoreFront 6.0, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0558 (Buffer overflow in LeapFTP 2.7.3.600 allows remote FTP servers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0559 (mainfile.php in phpforum 2 RC-1, and possibly earlier versions, allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0560 (SQL injection vulnerability in shopexd.asp for VP-ASP allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0561 (Multiple buffer overflows in IglooFTP PRO 3.8 allow remote FTP servers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0562 (Buffer overflow in the CGI2PERL.NLM PERL handler in Novell Netware 5.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0563 RESERVED CVE-2003-0564 (Multiple vulnerabilities in multiple vendor implementations of the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0565 (Multiple vulnerabilities in multiple vendor implementations of the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0566 RESERVED CVE-2003-0567 (Cisco IOS 11.x and 12.0 through 12.2 allows remote attackers to cause ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0568 RESERVED CVE-2003-0569 RESERVED CVE-2003-0570 RESERVED CVE-2003-0571 RESERVED CVE-2003-0572 (Unknown vulnerability in nsd in SGI IRIX 6.5.x through 6.5.20f, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0573 (The DNS callbacks in nsd in SGI IRIX 6.5.x through 6.5.20f, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0574 (Unknown vulnerability in SGI IRIX 6.5.x through 6.5.20, and possibly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0575 (Heap-based buffer overflow in the name services daemon (nsd) in SGI ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0576 (Unknown vulnerability in the NFS daemon (nfsd) in SGI IRIX 6.5.19f and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0577 (mpg123 0.59r allows remote attackers to cause a denial of service and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0578 (cci_dir in IBM U2 UniVerse 10.0.0.9 and earlier creates hard links and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0579 (uvadmsh in IBM U2 UniVerse 10.0.0.9 and earlier trusts the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0580 (Buffer overflow in uvadmsh in IBM U2 UniVerse 10.0.0.9 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0581 (X Fontserver for Truetype fonts (xfstt) 1.4 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0582 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0583 (Buffer overflow in Backup and Restore Utility for Unix (BRU) 17.0 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0584 (Format string vulnerability in Backup and Restore Utility for Unix ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0585 (SQL injection vulnerability in login.asp of Brooky eStore 1.0.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0586 (Brooky eStore 1.0.1 through 1.0.2b allows remote attackers to obtain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0587 (Cross-site scripting (XSS) vulnerability in Infopop Ultimate Bulletin ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0588 (admin.php in Digi-news 1.1 allows remote attackers to bypass ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0589 (admin.php in Digi-ads 1.1 allows remote attackers to bypass ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0590 (Cross-site scripting (XSS) vulnerability in Splatt Forum allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0591 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0592 (Konqueror in KDE 3.1.3 and earlier (kdelibs) allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0593 (Opera allows remote attackers to bypass intended cookie access ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0594 (Mozilla allows remote attackers to bypass intended cookie access ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0595 (Buffer overflow in WiTango Application Server and Tango 2000 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0596 (FDclone 2.00a, and other versions before 2.02a, creates temporary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0597 (Unknown vulnerability in display of Merge before 5.3.23a in UnixWare ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0598 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0599 (Unknown vulnerability in the Virtual File System (VFS) capability for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0600 RESERVED CVE-2003-0601 (Workgroup Manager in Apple Mac OS X Server 10.2 through 10.2.6 does ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0602 (Multiple cross-site scripting vulnerabilities (XSS) in Bugzilla 2.16.x ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0603 (Bugzilla 2.16.x before 2.16.3, 2.17.x before 2.17.4, and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0604 (Windows Media Player (WMP) 7 and 8, as running on Internet Explorer ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0605 (The RPC DCOM interface in Windows 2000 SP3 and SP4 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0606 (sup 1.8 and earlier does not properly create temporary files, which ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0607 (Buffer overflow in xconq 7.4.1 allows local users to become part of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0608 RESERVED CVE-2003-0609 (Stack-based buffer overflow in the runtime linker, ld.so.1, on Solaris ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0610 (Directory traversal vulnerability in ePO agent for McAfee ePolicy ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0611 (Multiple buffer overflows in xtokkaetama 1.0 allow local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0612 (Multiple buffer overflows in main.c for Crafty 19.3 allow local users ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0613 (Buffer overflow in zblast-svgalib of zblast 1.2.1 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0614 (Cross-site scripting (XSS) vulnerability in search.php of Gallery 1.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0615 (Cross-site scripting (XSS) vulnerability in start_form() of CGI.pm ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0616 (Format string vulnerability in ePO service for McAfee ePolicy ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0617 (mindi 0.58 and earlier does not properly create temporary files, which ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0618 (Multiple vulnerabilities in suidperl 5.6.1 and earlier allow a local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0619 (Integer signedness error in the decode_fh function of nfs3xdr.c in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0620 (Multiple buffer overflows in man-db 2.4.1 and earlier, when installed ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0621 (The Administration Console for BEA Tuxedo 8.1 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0622 (The Administration Console for BEA Tuxedo 8.1 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0623 (Cross-site scripting (XSS) vulnerability in the Administration Console ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0624 (Cross-site scripting (XSS) vulnerability in InteractiveQuery.jsp for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0625 (Off-by-one error in certain versions of xfstt allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0626 (psdoccgi.exe in PeopleSoft PeopleTools 8.4 through 8.43 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0627 (psdoccgi.exe in PeopleSoft PeopleTools 8.4 through 8.43 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0628 (PeopleSoft Gateway Administration servlet (gateway.administration) in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0629 (Cross-site scripting (XSS) vulnerability in PeopleSoft IScript ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0630 (Multiple buffer overflows in the atari800.svgalib setuid program of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0631 (VMware GSX Server 2.5.1 build 4968 and earlier, and Workstation 4.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0632 (Buffer overflow in the Oracle Applications Web Report Review (FNDWRR) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0633 (Multiple vulnerabilities in aoljtest.jsp of Oracle Applications AOL/J ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0634 (Stack-based buffer overflow in the PL/SQL EXTPROC functionality for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0635 (Unknown vulnerability or vulnerabilities in Novell iChain 2.2 before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0636 (Novell iChain 2.2 before Support Pack 1 does not properly verify that ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0637 (Novell iChain 2.2 before Support Pack 1 uses a shorter timeout for a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0638 (Multiple buffer overflows in Novell iChain 2.1 before Field Patch 3, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0639 (Unknown vulnerability in Novell iChain 2.2 before Support Pack 1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0640 (BEA WebLogic Server and Express, when using NodeManager to start ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0641 (WatchGuard ServerLock for Windows 2000 before SL 2.0.3 allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0642 (WatchGuard ServerLock for Windows 2000 before SL 2.0.4 allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0643 (Integer signedness error in the Linux Socket Filter implementation ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0644 (Kdbg 1.1.0 through 1.2.8 does not check permissions of the .kdbgrc ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0645 (man-db 2.3.12 and 2.3.18 to 2.4.1 uses certain user-controlled DEFINE ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0646 (Multiple buffer overflows in ActiveX controls used by Trend Micro ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0647 (Buffer overflow in the HTTP server for Cisco IOS 12.2 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0648 (Multiple buffer overflows in vfte, based on FTE, before 0.50, allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0649 (Buffer overflow in xpcd-svga for xpcd 2.08 and earlier allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0650 (Directory traversal vulnerability in GSAPAK.EXE for GameSpy Arcade, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0651 (Buffer overflow in the mylo_log logging function for mod_mylo 0.2.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0652 (Buffer overflow in xtokkaetama allows local users to gain privileges ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0653 (The OSI networking kernel (sys/netiso) in NetBSD 1.6.1 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0654 (Buffer overflow in autorespond may allow remote attackers to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0655 (rscsi in cdrtools 2.01 and earlier allows local users to overwrite ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0656 (eroaster before 2.2.0 allows local users to overwrite arbitrary files ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0657 (Multiple SQL injection vulnerabilities in the infolog module for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0658 (Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0659 (Buffer overflow in a function in User32.dll on Windows NT through ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0660 (The Authenticode capability in Microsoft Windows NT through Server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0661 (The NetBT Name Service (NBNS) for NetBIOS in Windows NT 4.0, 2000, XP, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0662 (Buffer overflow in Troubleshooter ActiveX Control (Tshoot.ocx) in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0663 (Unknown vulnerability in the Local Security Authority Subsystem ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0664 (Microsoft Word 2002, 2000, 97, and 98(J) does not properly check ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0665 (Buffer overflow in the ActiveX control for Microsoft Access Snapshot ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0666 (Buffer overflow in Microsoft Wordperfect Converter allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0667 RESERVED CVE-2003-0668 RESERVED CVE-2003-0669 (Unknown vulnerability in Solaris 2.6 through 9 causes a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0670 (Sustworks IPNetSentryX and IPNetMonitorX allow local users to sniff ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0671 (Format string vulnerability in tcpflow, when used in a setuid context, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0672 (Format string vulnerability in pam-pgsql 0.5.2 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0676 (Directory traversal vulnerability in ViewLog for iPlanet ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0677 (Cisco CSS 11000 routers on the CS800 chassis allow remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0678 RESERVED CVE-2003-0679 (Unknown vulnerability in the libcpr library for the Checkpoint/Restart ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0680 (Unknown vulnerability in NFS for SGI IRIX 6.5.21 and earlier may allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0681 (A "potential buffer overflow in ruleset parsing" for Sendmail 8.12.9, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0682 ("Memory bugs" in OpenSSH 3.7.1 and earlier, with unknown impact, a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0683 (NFS in SGI 6.5.21m and 6.5.21f does not perform access checks in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0684 RESERVED CVE-2003-0685 (Buffer overflow in Netris 0.52 and earlier, and possibly other ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0686 (Buffer overflow in PAM SMB module (pam_smb) 1.1.6 and earlier, when ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0687 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0688 (The DNS map code in Sendmail 8.12.8 and earlier, when using the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0689 (The getgrouplist function in GNU libc (glibc) 2.2.4 and earlier allows ...) BUG: 33383 CVE-2003-0690 (KDM in KDE 3.1.3 and earlier does not verify whether the pam_setcred ...) BUG: 29406 CVE-2003-0691 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0692 (KDM in KDE 3.1.3 and earlier uses a weak session cookie generation ...) BUG: 29406 CVE-2003-0693 (A "buffer management error" in buffer_append_space of buffer.c for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0694 (The prescan function in Sendmail 8.12.9 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0695 (Multiple "buffer management errors" in OpenSSH before 3.7.1 may allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0696 (The getipnodebyname() API in AIX 5.1 and 5.2 does not properly close ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0697 (Format string vulnerability in lpd in the bos.rte.printers fileset for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0698 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0699 (The C-Media PCI sound driver in Linux before 2.4.21 does not use the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0700 (The C-Media PCI sound driver in Linux before 2.4.22 does not use the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0701 (Buffer overflow in Internet Explorer 6 SP1 for certain languages that ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0702 (Unknown vulnerability in an ISAPI plugin for ISS Server Sensor 7.0 XPU ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0703 (KisMAC before 0.05d trusts user-supplied variables to load arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0704 (KisMAC before 0.05d trusts user-supplied variables when chown'ing ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0705 (Buffer overflow in mah-jong 1.5.6 and earlier allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0706 (Unknown vulnerability in mah-jong 1.5.6 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0707 (Buffer overflow in LinuxNode (node) before 0.3.2 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0708 (Format string vulnerability in LinuxNode (node) before 0.3.2 may allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0709 (Buffer overflow in the whois client, which is not setuid but is ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0710 RESERVED CVE-2003-0711 (Stack-based buffer overflow in the PCHealth system in the Help and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0712 (Cross-site scripting (XSS) vulnerability in the HTML encoding for the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0713 RESERVED CVE-2003-0714 (The Internet Mail Service in Exchange Server 5.5 and Exchange 2000 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0715 (Heap-based buffer overflow in the Distributed Component Object Model ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0716 RESERVED CVE-2003-0717 (The Messenger Service for Windows NT through Server 2003 does not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0718 (The WebDAV Message Handler for Internet Information Services (IIS) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0719 (Buffer overflow in the Private Communications Transport (PCT) protocol ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0720 (Buffer overflow in PINE before 4.58 allows remote attackers to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0721 (Integer signedness error in rfc2231_get_param from strings.c in PINE ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0722 (The default installation of sadmind on Solaris uses weak ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0723 (Buffer overflow in gkrellmd for gkrellm 2.1.x before 2.1.14 may allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0724 (ssh on HP Tru64 UNIX 5.1B and 5.1A does not properly handle RSA ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0725 (Buffer overflow in the RTSP protocol parser for the View Source ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0726 (RealOne player allows remote attackers to execute arbitrary script in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0727 (Multiple buffer overflows in the XML Database (XDB) functionality for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0728 (Horde before 2.2.4 allows remote malicious web sites to steal session ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0729 (Buffer overflow in Tellurian TftpdNT 1.8 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0730 (Multiple integer overflows in the font libraries for XFree86 4.3.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0731 (CiscoWorks Common Management Foundation (CMF) 2.1 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0732 (CiscoWorks Common Management Foundation (CMF) 2.1 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0733 (Multiple cross-site scripting (XSS) vulnerabilities in WebLogic ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0734 (Unknown vulnerability in the pam_filter mechanism in pam_ldap before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0735 (SQL injection vulnerability in the Calendar module of phpWebSite 0.9.x ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0736 (Multiple cross-site scripting (XSS) vulnerabilities in phpWebSite ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0737 (The calendar module in phpWebSite 0.9.x and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0738 (The calendar module in phpWebSite 0.9.x and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0739 (VMware Workstation 4.0.1 for Linux, build 5289 and earlier, allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0740 (Stunnel 4.00, and 3.24 and earlier, leaks a privileged file descriptor ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0741 RESERVED CVE-2003-0742 (SCO Internet Manager (mana) allows local users to execute arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0743 (Heap-based buffer overflow in smtp_in.c for Exim 3 (exim3) before 3.36 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0744 (The fetchnews NNTP client in leafnode 1.9.3 to 1.9.41 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0745 (SNMPc 6.0.8 and earlier performs authentication to the server on the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0746 (Various Distributed Computing Environment (DCE) implementations, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0747 (wgate.dll in SAP Internet Transaction Server (ITS) 4620.2.0.323011 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0748 (Directory traversal vulnerability in wgate.dll for SAP Internet ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0749 (Cross-site scripting (XSS) vulnerability in wgate.dll for SAP Internet ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0750 (secure.php in PY-Membres 4.2 and earlier allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0751 (SQL injection vulnerability in pass_done.php for PY-Membres 4.2 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0752 (SQL injection vulnerability in global.php3 of AttilaPHP 3.0, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0753 (nphpd.php in newsPHP 216 and earlier allows remote attackers to read ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0754 (nphpd.php in newsPHP 216 and earlier allows remote attackers to bypass ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0755 (Buffer overflow in sys_cmd.c for gtkftpd 1.0.4 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0756 (Directory traversal vulnerability in sitebuilder.cgi in SiteBuilder ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0757 (Check Point FireWall-1 4.0 and 4.1 before SP5 allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0758 (Buffer overflow in db2dart in IBM DB2 Universal Data Base 7.2 before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0759 (Buffer overflow in db2licm in IBM DB2 Universal Data Base 7.2 before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0760 (Blubster 2.5 allows remote attackers to cause a denial of service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0761 (Buffer overflow in the get_msg_text of chan_sip.c in the Session ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0762 (Buffer overflow in (1) foxweb.dll and (2) foxweb.exe of Foxweb 2.5 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0763 (Cross-site scripting (XSS) vulnerability in Escapade Scripting Engine ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0764 (Escapade Scripting Engine (ESP) allows remote attackers to obtain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0765 (The IN_MIDI.DLL plugin 3.01 and earlier, as used in Winamp 2.91, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0766 (Multiple heap-based buffer overflows in FTP Desktop client 3.5, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0767 (Buffer overflow in RogerWilco graphical server 1.4.1.6 and earlier, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0768 (Microsoft ASP.Net 1.1 allows remote attackers to bypass the Cross-Site ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0769 (Cross-site scripting (XSS) vulnerability in the ICQ Web Front ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0770 (FUNC.pm in IkonBoard 3.1.2a and earlier, including 3.1.1, does not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0771 (Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0772 (Multiple buffer overflows in WS_FTP 3 and 4 allow remote authenticated ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0773 (saned in sane-backends 1.0.7 and earlier does not check the IP address ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0774 (saned in sane-backends 1.0.7 and earlier does not quickly handle ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0775 (saned in sane-backends 1.0.7 and earlier calls malloc with an ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0776 (saned in sane-backends 1.0.7 and earlier does not properly "check the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0777 (saned in sane-backends 1.0.7 and earlier, when debug messages are ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0778 (saned in sane-backends 1.0.7 and earlier, and possibly later versions, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0779 (SQL injection vulnerability in the Call Detail Record (CDR) logging ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0780 (Buffer overflow in get_salt_from_password from sql_acl.cc for MySQL ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0781 (Unknown vulnerability in ecartis before 1.0.0 does not properly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0782 (Multiple buffer overflows in ecartis before 1.0.0 allow attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0783 (Multiple buffer overflows in hztty 2.0 allow local users to gain root ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0784 (Format string vulnerability in tsm for the bos.rte.security fileset on ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0785 (ipmasq before 3.5.12, in certain configurations, may forward packets ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0786 (The SSH1 PAM challenge response authentication in OpenSSH 3.7.1 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0787 (The PAM conversation function in OpenSSH 3.7.1 and 3.7.1p1 interprets ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0788 (Unknown vulnerability in the Internet Printing Protocol (IPP) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0789 (mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not ...) BUG: 32271 CVE-2003-0790 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0791 (The Script.prototype.freeze/thaw functionality in Mozilla 1.4 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0792 (Fetchmail 6.2.4 and earlier does not properly allocate memory for long ...) BUG: 37717 CVE-2003-0793 (GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0794 (GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not limit ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0795 (The vty layer in Quagga before 0.96.4, and Zebra 0.93b and earlier, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0796 (Unknown vulnerability in rpc.mountd SGI IRIX 6.5.18 through 6.5.22 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0797 (Unknown vulnerability in rpc.mountd in SGI IRIX 6.5 through 6.5.22 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0798 RESERVED CVE-2003-0799 RESERVED CVE-2003-0800 RESERVED CVE-2003-0801 (Cross-site scripting (XSS) vulnerability in Nokia Electronic ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0802 (Nokia Electronic Documentation (NED) 5.0 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0803 (Nokia Electronic Documentation (NED) 5.0 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0804 (The arplookup function in FreeBSD 5.1 and earlier, Mac OS X before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0805 (Multiple buffer overflows in UMN gopher daemon (gopherd) 2.x and 3.x ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0806 (Buffer overflow in the Windows logon process (winlogon) in Microsoft ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0807 (Buffer overflow in the COM Internet Services and in the RPC over HTTP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0808 RESERVED CVE-2003-0809 (Internet Explorer 5.01 through 6.0 does not properly handle object ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0810 RESERVED CVE-2003-0811 RESERVED CVE-2003-0812 (Stack-based buffer overflow in a logging function for Windows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0813 (A multi-threaded race condition in the Windows RPC DCOM functionality ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0814 (Internet Explorer 6 SP1 and earlier allows remote attackers to bypass ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0815 (Internet Explorer 6 SP1 and earlier allows remote attackers to bypass ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0816 (Internet Explorer 6 SP1 and earlier allows remote attackers to bypass ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0817 (Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0818 (Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0819 (Buffer overflow in the H.323 filter of Microsoft Internet Security and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0820 (Microsoft Word 97, 98(J), 2000, and 2002, and Microsoft Works Suites ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0821 (Microsoft Excel 97, 2000, and 2002 allows remote attackers to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0822 (Buffer overflow in the debug functionality in fp30reg.dll of Microsoft ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0823 (Internet Explorer 6 SP1 and earlier allows remote attackers to direct ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0824 (Unknown vulnerability in the SmartHTML interpreter (shtml.dll) in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0825 (The Windows Internet Naming Service (WINS) for Microsoft Windows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0826 (lsh daemon (lshd) does not properly return from certain functions in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0827 (The DB2 Discovery Service for IBM DB2 before FixPak 10a allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0828 (Buffer overflow in freesweep in Debian GNU/Linux 3.0 allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0829 RESERVED CVE-2003-0830 (Buffer overflow in marbles 1.0.2 and earlier allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0831 (ProFTPD 1.2.7 through 1.2.9rc2 does not properly translate newline ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0832 (Directory traversal vulnerability in webfs before 1.20 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0833 (Stack-based buffer overflow in webfs before 1.20 allows attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0834 (Buffer overflow in CDE libDtHelp library allows local users to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0835 (Multiple buffer overflows in asf_http_request of MPlayer before 0.92 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0836 (Stack-based buffer overflow in IBM DB2 Universal Data Base 7.2 before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0837 (Stack-based buffer overflow in IBM DB2 Universal Data Base 7.2 for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0838 (Internet Explorer allows remote attackers to bypass zone restrictions ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0839 (Directory traversal vulnerability in the "Shell Folders" capability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0840 (Buffer overflow in dtprintinfo on HP-UX 11.00, and possibly other ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0841 (The grid option in PeopleSoft 8.42 stores temporary .xls files in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0842 (Stack-based buffer overflow in mod_gzip_printf for mod_gzip 1.3.26.1a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0843 (Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0844 (mod_gzip 1.3.26.1a and earlier, and possibly later official versions, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0845 (Unknown vulnerability in the HSQLDB component in JBoss 3.2.1 and 3.0.8 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0846 (SuSEconfig.javarunt in the javarunt package on SuSE Linux 7.3Pro ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0847 (SuSEconfig.susewm in the susewm package on SuSE Linux 8.2Pro allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0848 (Heap-based buffer overflow in main.c of slocate 2.6, and possibly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0849 (Buffer overflow in net.c for cfengine 2.x before 2.0.8 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0850 (The TCP reassembly functionality in libnids before 1.18 allows remote ...) BUG: 32724 CVE-2003-0851 (OpenSSL 0.9.6k allows remote attackers to cause a denial of service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0852 (Format string vulnerability in send_message.c for Sylpheed-claws 0.9.4 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0853 (An integer overflow in ls in the fileutils or coreutils packages may ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0854 (ls in the fileutils or coreutils packages allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0855 (Pan 0.13.3 and earlier allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0856 (iproute 2.4.7 and earlier allows local users to cause a denial of ...) BUG: 34294 CVE-2003-0857 (The (1) ipq_read and (2) ipulog_read functions in iptables allow local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0858 (Zebra 0.93b and earlier, and quagga before 0.95, allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0859 (The getifaddrs function in GNU libc (glibc) 2.2.4 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0860 (Buffer overflows in PHP before 4.3.3 have unknown impact and unknown ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0861 (Integer overflows in (1) base64_encode and (2) the GD library for PHP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0862 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0863 (The php_check_safe_mode_include_dir function in fopen_wrappers.c of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0864 (Buffer overflow in m_join in channel.c for IRCnet IRCD 2.10.x to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0865 (Heap-based buffer overflow in readstring of httpget.c for mpg123 0.59r ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0866 (The Catalina org.apache.catalina.connector.http package in Tomcat ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0867 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0868 RESERVED CVE-2003-0869 RESERVED CVE-2003-0870 (Heap-based buffer overflow in Opera 7.11 and 7.20 allows remote ...) BUG: 31775 CVE-2003-0871 (Unknown vulnerability in QuickTime Java in Mac OS X v10.3 and Mac OS X ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0872 (Certain scripts in OpenServer before 5.0.6 allow local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0873 RESERVED CVE-2003-0874 (Multiple SQL injection vulnerabilities in DeskPRO 1.1.0 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0875 (Symbolic link vulnerability in the slpd script slpd.all_init for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0876 (Finder in Mac OS X 10.2.8 and earlier sets global read/write/execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0877 (Mac OS X before 10.3 with core files enabled allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0878 (slpd daemon in Mac OS X before 10.3 allows local users to overwrite ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0879 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0880 (Unknown vulnerability in Mac OS X before 10.3 allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0881 (Mail in Mac OS X before 10.3, when configured to use MD5 Challenge ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0882 (Mac OS X before 10.3 initializes the TCP timestamp with a constant ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0883 (The System Preferences capability in Mac OS X before 10.3 allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0884 RESERVED CVE-2003-0885 (Xscreensaver 4.14 contains certain debugging code that should have ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0886 (Format string vulnerability in hfaxd for Hylafax 4.1.7 and earlier ...) BUG: 33368 CVE-2003-0887 (ez-ipupdate 3.0.11b7 and earlier creates insecure temporary cache ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0888 RESERVED CVE-2003-0889 RESERVED CVE-2003-0890 RESERVED CVE-2003-0891 RESERVED CVE-2003-0892 RESERVED CVE-2003-0893 RESERVED CVE-2003-0894 (Buffer overflow in the (1) oracle and (2) oracleO programs in Oracle ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0895 (Buffer overflow in the Mac OS X kernel 10.2.8 and earlier allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0896 (The loadClass method of the sun.applet.AppletClassLoader class in the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0897 ("Shatter" vulnerability in CommCtl32.dll in Windows XP may allow local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0898 (IBM DB2 7.2 before FixPak 10a, and earlier versions including 7.1, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0899 (Buffer overflow in defang in libhttpd.c for thttpd 2.21 to 2.23b1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0900 (Perl 5.8.1 on Fedora Core does not properly initialize the random ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0901 (Buffer overflow in to_ascii for PostgreSQL 7.2.x, and 7.3.x before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0902 (Unknown vulnerability in minimalist mailing list manager 2.4, 2.2, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0903 (Buffer overflow in a component of Microsoft Data Access Components ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0904 (Microsoft Exchange 2003 and Outlook Web Access (OWA), when configured ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0905 (Unknown vulnerability in Windows Media Station Service and Windows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0906 (Buffer overflow in the rendering for (1) Windows Metafile (WMF) or (2) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0907 (Help and Support Center in Microsoft Windows XP SP1 does not properly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0908 (The Utility Manager in Microsoft Windows 2000 executes winhlp32.exe ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0909 (Windows XP allows local users to execute arbitrary programs by ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0910 (The NtSetLdtEntries function in the programming interface for the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0911 RESERVED CVE-2003-0912 RESERVED CVE-2003-0913 (Unknown vulnerability in the Terminal application for Mac OS X 10.3 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0914 (ISC BIND 8.3.x before 8.3.7, and 8.4.x before 8.4.3, allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0915 RESERVED CVE-2003-0916 RESERVED CVE-2003-0917 RESERVED CVE-2003-0918 RESERVED CVE-2003-0919 RESERVED CVE-2003-0920 RESERVED CVE-2003-0921 RESERVED CVE-2003-0922 RESERVED CVE-2003-0923 RESERVED CVE-2003-0924 (netpbm 9.25 and earlier does not properly create temporary files, ...) BUG: 65647 CVE-2003-0925 (Buffer overflow in Ethereal 0.9.15 and earlier allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0926 (Ethereal 0.9.15 and earlier, and Tethereal, allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0927 (Heap-based buffer overflow in Ethereal 0.9.15 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0928 (Clearswift MAILsweeper before 4.3.15 does not properly detect and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0929 (Clearswift MAILsweeper before 4.3.15 does not properly detect and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0930 (Clearswift MAILsweeper before 4.3.15 does not properly detect ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0931 (Sygate Enforcer 4.0 earlier allows remote attackers to cause a denial ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0932 (Buffer overflow in omega-rpg 0.90 allows local users to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0933 (Buffer overflow in conquest 7.2 and earlier may allow a local user to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0934 (Symbol Access Portable Data Terminal (PDT) 8100 does not hide the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0935 (Net-SNMP before 5.0.9 allows a user or community to access data in MIB ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0936 (Symantec PCAnywhere 10.x and 11, when started as a service, allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0937 (SCO UnixWare 7.1.1, 7.1.3, and Open UNIX 8.0.0 allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0938 (vos24u.c in SAP database server (SAP DB) 7.4.03.27 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0939 (eo420_GetStringFromVarPart in veo420.c for SAP database server (SAP DB) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0940 (Directory traversal vulnerability in sqlfopenc for web-tools in SAP DB ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0941 (web-tools in SAP DB before 7.4.03.30 allows remote attackers to access ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0942 (Buffer overflow in Web Agent Administration service in web-tools for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0943 (web-tools in SAP DB before 7.4.03.30 installs several services that ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0944 (Buffer overflow in the WAECHO default service in web-tools in SAP DB ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0945 (The Web Database Manager in web-tools for SAP DB before 7.4.03.30 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0946 (Format string vulnerability in clamav-milter for Clam AntiVirus 0.60 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0947 (Buffer overflow in iwconfig, when installed setuid, allows local users ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0948 (Buffer overflow in iwconfig allows local users to execute arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0949 (xsok 1.02 does not properly drop privileges before finding and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0950 (PeopleSoft PeopleTools 8.1x, 8.2x, and 8.4x allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0951 (Partition Manager (parmgr) in HP-UX B.11.23 does not properly validate ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0952 RESERVED CVE-2003-0953 RESERVED CVE-2003-0954 (Buffer overflow in rcp for AIX 4.3.3, 5.1 and 5.2 allows local users ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0955 (OpenBSD kernel 3.3 and 3.4 allows local users to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0956 (Multiple race conditions in the handling of O_DIRECT in Linux kernel ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0957 RESERVED CVE-2003-0958 RESERVED CVE-2003-0959 (Multiple integer overflows in the 32bit emulation for AMD64 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0960 (OpenCA before 0.9.1.4 does not use the correct certificate in a chain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0961 (Integer overflow in the do_brk function for the brk system call in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0962 (Heap-based buffer overflow in rsync before 2.5.7, when running in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0963 (Buffer overflows in (1) try_netscape_proxy and (2) try_squid_eplf for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0964 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0965 (Cross-site scripting (XSS) vulnerability in the admin CGI script for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0966 (Buffer overflow in the frm command in elm 2.5.6 and earlier, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0967 (rad_decode in FreeRADIUS 0.9.2 and earlier allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0968 (Stack-based buffer overflow in SMB_Logon_Server of the rlm_smb ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0969 (mpg321 0.2.10 allows remote attackers to overwrite memory and possibly ...) BUG: 86033 CVE-2003-0970 (The Network Management Port on Sun Fire B1600 systems allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0971 (GnuPG (GPG) 1.0.2, and other versions up to 1.2.3, creates ElGamal ...) BUG: 34504 CVE-2003-0972 (Integer signedness error in ansi.c for GNU screen 4.0.1 and earlier, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0973 (Unknown vulnerability in mod_python 3.0.x before 3.0.4, and 2.7.x ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0974 (Applied Watch Command Center allows remote attackers to conduct ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0975 (Apple Safari 1.0 through 1.1 on Mac OS X 10.3.1 and Mac OS X 10.2.8 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0976 (NFS Server (XNFS.NLM) for Novell NetWare 6.5 does not properly enforce ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0977 (CVS server before 1.11.10 may allow attackers to cause the CVS server ...) BUG: 35371 CVE-2003-0978 (Format string vulnerability in gpgkeys_hkp (experimental HKP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0979 (FreeScripts VisitorBook LE (visitorbook.pl) does not properly escape ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0980 (Cross-site scripting (XSS) vulnerability in FreeScripts VisitorBook LE ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0981 (FreeScripts VisitorBook LE (visitorbook.pl) logs the reverse DNS name ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0982 (Buffer overflow in the authentication module for Cisco ACNS 4.x before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0983 (Cisco Unity on IBM servers is shipped with default settings that ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0984 (Real time clock (RTC) routines in Linux kernel 2.4.23 and earlier do ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0985 (The mremap system call (do_mremap) in Linux kernel 2.4.x before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0986 (Various routines for the ppc64 architecture on Linux kernel 2.6 prior ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0987 (mod_digest for Apache before 1.3.31 does not properly verify the nonce ...) BUG: 51815 CVE-2003-0988 (Buffer overflow in the VCF file information reader for KDE Personal ...) BUG: 38256 CVE-2003-0989 (tcpdump before 3.8.1 allows remote attackers to cause a denial of ...) BUG: 46258 BUG: 38206 CVE-2003-0990 (The parseAddress code in (1) SquirrelMail 1.4.0 and (2) GPG Plugin 1.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0991 (Unknown vulnerability in the mail command handler in Mailman before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0992 (Cross-site scripting (XSS) vulnerability in the create CGI script for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0993 (mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit ...) BUG: 51815 CVE-2003-0994 (The GUI functionality for an interactive session in Symantec ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0995 (Buffer overflow in the Microsoft Message Queue Manager (MSQM) allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0996 (Unknown "System Security Vulnerability" in Computer Associates (CA) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0997 (Unknown "Denial of Service Attack" vulnerability in Computer ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0998 (Unknown "potential system security vulnerability" in Computer ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-0999 (Unknown multiple vulnerabilities in (1) lpstat and (2) the libprint ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1000 (xchat 2.0.6 allows remote attackers to cause a denial of service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1001 (Buffer overflow in the Cisco Firewall Services Module (FWSM) in Cisco ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1002 (Cisco Firewall Services Module (FWSM) in Cisco Catalyst 6500 and 7600 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1003 (Cisco PIX firewall 5.x.x, and 6.3.1 and earlier, allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1004 (Cisco PIX firewall 6.2.x through 6.2.3, when configured as a VPN ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1005 (The PKI functionality in Mac OS X 10.2.8 and 10.3.2 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1006 (Buffer overflow in cd9660.util in Apple Mac OS X 10.0 through 10.3.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1007 (AppleFileServer (AFS) in Apple Mac OS X 10.2.8 and 10.3.2 does not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1008 (Unknown vulnerability in Mac OS X 10.2.8 and 10.3.2 allows local users ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1009 (Directory Services in Apple Mac OS X 10.0.2, 10.0.3, 10.2.8, 10.3.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1010 (Unknown vulnerability in fs_usage in Mac OS X 10.2.8 and 10.3.2 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1011 (Apple Mac OS X 10.0 through 10.2.8 allows local users with a USB ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1012 (The SMB dissector in Ethereal before 0.10.0 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1013 (The Q.931 dissector in Ethereal before 0.10.0, and Tethereal, allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1014 (Multiple content security gateway and antivirus products allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1015 (Multiple content security gateway and antivirus products allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1016 (Multiple content security gateway and antivirus products allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1017 (Macromedia Flash Player before 7,0,19,0 stores a Flash data file in a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1018 (Format string vulnerability in enq command in AIX 4.3, 5.1, and 5.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1019 RESERVED CVE-2003-1020 (The format_send_to_gui function in formats.c for irssi before 0.8.9 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1021 (The scosession program in OpenServer 5.0.6 and 5.0.7 allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1022 (Directory traversal vulnerability in fsp before 2.81.b18 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1023 (Stack-based buffer overflow in vfs_s_resolve_symlink of vfs/direntry.c ...) BUG: 45957 CVE-2003-1024 (Unknown vulnerability in the ls-F builtin function in tcsh on Solaris ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1025 (Internet Explorer 5.01 through 6 SP1 allows remote attackers to spoof ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1026 (Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1027 (Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1028 (The download function of Internet Explorer 6 SP1 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1029 (The L2TP protocol parser in tcpdump 3.8.1 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1030 (Buffer overflow in DameWare Mini Remote Control before 3.73 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1031 (Cross-site scripting (XSS) vulnerability in register.php for vBulletin ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1032 (Pi3Web web server 2.0.2 Beta 1, when the Directory Index is configured ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1033 (The (1) instdbmsrv and (2) instlserver programs in SAP DB Development ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1034 (The RPM installation of SAP DB 7.x creates the (1) dbmsrv or (2) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1035 (The default installation of SAP R/3 46C/D allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1036 (Multiple buffer overflows in the AGate component for SAP Internet ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1037 (Format string vulnerability in the WGate component for SAP Internet ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1038 (The AGate component for SAP Internet Transaction Server (ITS) allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1039 (Multiple buffer overflows in the mySAP.com architecture for SAP allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1040 (kmod in the Linux kernel does not set its uid, suid, gid, or sgid to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1041 (Internet Explorer 5.x and 6.0 allows remote attackers to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1042 (SQL injection vulnerability in collectstats.pl for Bugzilla 2.16.3 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1043 (SQL injection vulnerability in Bugzilla 2.16.3 and earlier, and 2.17.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1044 (editproducts.cgi in Bugzilla 2.16.3 and earlier, when usebuggroups is ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1045 (votes.cgi in Bugzilla 2.16.3 and earlier, and 2.17.1 through 2.17.4, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1046 (describecomponents.cgi in Bugzilla 2.17.3 and 2.17.4 does not properly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1047 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1048 (Double free vulnerability in mshtml.dll for certain versions of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1049 (IBM DB2 Universal Database 7 before FixPak 12 creates certain DMS ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1050 (Multiple buffer overflows in IBM DB2 Universal Database 8.1 may allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1051 (Multiple format string vulnerabilities in IBM DB2 Universal Database ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1052 (IBM DB2 7.1 and 8.1 allow the bin user to gain root privileges by ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1053 (Multiple buffer overflows in XShisen allow attackers to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1054 (mod_access_referer 1.0.2 allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1055 (Buffer overflow in the nss_ldap.so.1 library for Sun Solaris 8 and 9 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1056 (The ed editor for Sun Solaris 2.6, 7, and 8 allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1057 (Unknown vulnerability in CDE Print Viewer (dtprintinfo) for Sun ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1058 (The Xsun server for Sun Solaris 2.6 through 9, when running in Direct ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1059 (Unknown vulnerability in the libraries for the PGX32 frame buffer in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1060 (The NFS Server for Solaris 7, 8, and 9 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1061 (Race condition in Solaris 2.6 through 9 allows local users to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1062 (Unknown vulnerability in the sysinfo system call for Solaris for SPARC ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1063 (The patches (1) 105693-13, (2) 108800-02, (3) 105694-13, and (4) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1064 (Solaris 8 with IPv6 enabled allows remote attackers to cause a denial ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1065 (Unknown vulnerability in patches 108993-14 through 108993-19 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1066 (Buffer overflow in the syslog daemon for Solaris 2.6 through 9 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1067 (Multiple buffer overflows in the (1) dbm_open function, as used in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1068 (Buffer overflow in utmp_update for Solaris 2.6 through 9 allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1069 (The Telnet daemon (in.telnetd) for Solaris 2.6 through 9 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1070 (Unknown vulnerability in rpcbind for Solaris 2.6 through 9 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1071 (rpc.walld (wall daemon) for Solaris 2.6 through 9 allows local users ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1072 (Memory leak in lofiadm in Solaris 8 allows local users to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1073 (A race condition in the at command for Solaris 2.6 through 9 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1074 (Unknown vulnerability in newtask for Solaris 9 allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1075 (Unknown vulnerability in the FTP server (in.ftpd) for Solaris 2.6 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1076 (Unknown vulnerability in sendmail for Solaris 7, 8, and 9 allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1077 (Unknown vulnerability in UFS for Solaris 9 for SPARC, with logging ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1078 (The FTP client for Solaris 2.6, 7, and 8 with the debug (-d) flag ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1079 (Unknown vulnerability in UDP RPC for Solaris 2.5.1 through 9 for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1080 (Unknown vulnerability in mail for Solaris 2.6 through 9 allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1081 (Aspppls for Solaris 8 allows local users to overwrite arbitrary files ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1082 (Buffer overflow in utmp_update for Solaris 2.6 through 9 allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1083 (Stack-based buffer overflow in Monit 1.4 to 4.1 allows remote ...) BUG: 43967 CVE-2003-1084 (Monit 1.4 to 4.1 allows remote attackers to cause a denial of service ...) BUG: 43967 CVE-2003-1085 (The HTTP server in the Thomson TWC305, TWC315, and TCW690 cable modem ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1086 (PHP remote file inclusion vulnerability in pm/lib.inc.php in pMachine ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1087 (Unknown vulnerability in diagmond and possibly other applications in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1088 (Cross-site scripting (XSS) vulnerability in index.php for Zorum 3.4 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1089 (index.php for Zorum 3.4 allows remote attackers to determine the full ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1090 (Buffer overflow in AbsoluteTelnet before 2.12 RC10 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1091 (Integer overflow in MP3Broadcaster for Apple QuickTime/Darwin ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1092 (Unknown vulnerability in the "Automatic File Content Type Recognition ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1093 (BEA WebLogic Server 6.1, 7.0 and 7.0.0.1, when routing messages to a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1094 (BEA WebLogic Server and Express version 7.0 SP3 may follow certain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1095 (BEA WebLogic Server and Express 7.0 and 7.0.0.1, when using "memory" ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1096 (The Cisco LEAP challenge/response authentication mechanism uses ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1097 (Buffer overflow in rexec on HP-UX B.10.20, B.11.00, and B.11.04, when ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1098 (The Xserver for HP-UX 11.22 was not properly built, which introduced a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1099 (shar on HP-UX B.11.00, B.11.04, and B.11.11 creates temporary files ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1100 (Multiple cross-site scripting (XSS) vulnerabilities in Hummingbird ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1101 (Hummingbird CyberDOCS 3.5.1, 3.9, and 4.0 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1102 (Hummingbird CyberDOCS 3.5, 3.9, and 4.0, when running on IIS, uses ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1103 (SQL injection vulnerability in loginact.asp for Hummingbird CyberDOCS ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1104 (Buffer overflow in IBM Tivoli Firewall Toolbox (TFST) 1.2 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1105 (Unknown vulnerability in Internet Explorer 5.01 SP3 through 6.0 SP1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1106 (The SMTP service in Microsoft Windows 2000 before SP4 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1107 (The DHTML capability in Microsoft Windows Media Player (WMP) 6.4, 7.0, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1108 (The Session Initiation Protocol (SIP) implementation in Alcatel ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1109 (The Session Initiation Protocol (SIP) implementation in multiple Cisco ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1110 (The Session Initiation Protocol (SIP) implementation in Columbia SIP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1111 (The Session Initiation Protocol (SIP) implementation in multiple ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1112 (The Session Initiation Protocol (SIP) implementation in Ingate ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1113 (The Session Initiation Protocol (SIP) implementation in IPTel SIP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1114 (The Session Initiation Protocol (SIP) implementation in Mediatrix ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1115 (The Session Initiation Protocol (SIP) implementation in Nortel ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1116 (The communications protocol for the Report Review Agent (RRA), aka FND ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1117 (Buffer overflow in RealSystem Server 6.x, 7.x and 8.x, and RealSystem ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1118 (Buffer overflow in the SETI@home client 3.03 and other versions allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1119 (SSH Secure Shell before 3.2.9 allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1120 (Race condition in SSH Tectia Server 4.0.3 and 4.0.4 for Unix, when the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1121 (Services in ScriptLogic 4.01, and possibly other versions before 4.14, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1122 (ScriptLogic 4.01, and possibly other versions before 4.14, uses ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1123 (Sun Java Runtime Environment (JRE) and SDK 1.4.0_01 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1124 (Unknown vulnerability in Sun Management Center (SunMC) 2.1.1, 3.0, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1125 (Unknown vulnerability in ns-ldapd for Sun ONE Directory Server 4.16, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1126 (Unknown vulnerability in SunOne/iPlanet Web Server SP3 through SP5 on ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1127 (Whale Communications e-Gap 2.5 on Windows 2000 allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1128 (XMMS.pm in X2 XMMS Remote, as obtained from the vendor server between ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1129 (Buffer overflow in the Yahoo! Audio Conferencing (aka Voice Chat) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1130 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1131 (PHP remote file inclusion vulnerability in index.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1132 (The DNS server for Cisco Content Service Switch (CSS) 11000 and 11500, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1133 (Rit Research Labs The Bat! 1.0.11 through 2.0 creates new accounts ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1134 (Sun Java 1.3.1, 1.4.1, and 1.4.2 allows local users to cause a denial ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1135 (Buffer overflow in Yahoo! Messenger 5.6 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1136 (Cross-site scripting (XSS) vulnerability in Chi Kien Uong Guestbook ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1137 (Charles Steinkuehler sh-httpd 0.3 and 0.4 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1138 (The default configuration of Apache 2.0.40, as shipped with Red Hat ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1139 (Musicqueue 1.2.0 allows local users to overwrite arbitrary files by ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1140 (Buffer overflow in Musicqueue 1.2.0 allows local users to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1141 (Buffer overflow in NIPrint 4.10 allows remote attackers to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1142 (Help in NIPrint LPD-LPR Print Server 4.10 and earlier executes Windows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1143 (Croteam Serious Sam demo test 2 2.1a, Serious Sam: the First Encounter ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1144 (Buffer overflow in the log viewing interface in Perception LiteServe ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1145 (Cross-site scripting (XSS) vulnerability in friendmail.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1146 (Cross-site scripting (XSS) vulnerability in John Beatty Easy PHP Photo ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1147 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1148 (Multiple PHP remote file inclusion vulnerabilities in J-Pierre DEZELUS ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1149 (Cross-site scripting (XSS) vulnerability in Symantec Norton Internet ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1150 (Buffer overflow in the portmapper service (PMAP.NLM) in Novell NetWare ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1151 (Cross-site scripting (XSS) vulnerability in Fastream NETFile Server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1152 (WebTide 7.04 allows remote attackers to list arbitrary directories via ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1153 (byteHoard 0.7 and 0.71 allows remote attackers to list arbitrary files ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1154 (MAILsweeper for SMTP 4.3 allows remote attackers to bypass virus ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1155 (X-CD-Roast 0.98 alpha10 through alpha14 allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1156 (Java Runtime Environment (JRE) and Software Development Kit (SDK) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1157 (Cross-site scripting (XSS) vulnerability in login.asp in Citrix ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1158 (Multiple buffer overflows in the FTP service in Plug and Play Web ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1159 (Plug and Play Web Server Proxy 1.0002c allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1160 (FlexWATCH Network video server 132 allows remote attackers to bypass ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1161 (exit.c in Linux kernel 2.6-test9-CVS, as stored on kernel.bkbits.net, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1162 (index.php in Tritanium Bulletin Board 1.2.3 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1163 (hash.c in Ganglia gmond 2.5.3 allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1164 (Cross-site scripting (XSS) vulnerability in Mldonkey 2.5-4 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1165 (Buffer overflow in BRS WebWeaver 1.06 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1166 (Directory traversal vulnerability in (1) Openfile.aspx and (2) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1167 (misc.cpp in KPopup 0.9.1 trusts the PATH variable when executing ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1168 (HTTP Commander 4.0 allows remote attackers to obtain sensitive ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1169 (DATEV Nutzungskontrolle 2.1 and 2.2 has insecure write permissions for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1170 (Format string vulnerability in main.cpp in kpopup 0.9.1 and 0.9.5pre2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1171 (Heap-based buffer overflow in the sec_filter_out function in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1172 (Directory traversal vulnerability in the view-source sample file in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1173 (Centrinity FirstClass 7.1 allows remote attackers to access sensitive ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1174 (Buffer overflow in NullSoft Shoutcast Server 1.9.2 allows local users ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1175 (Cross-site scripting (XSS) vulnerability in index.php in Sympoll 1.5 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1176 (post_message_form.asp in Web Wiz Forums 6.34 through 7.5, when quote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1177 (Buffer overflow in the base64 decoder in MERCUR Mailserver 4.2 before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1178 (Eval injection vulnerability in comments.php in Advanced Poll 2.0.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1179 (Multiple PHP remote file inclusion vulnerabilities in Advanced Poll ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1180 (Directory traversal vulnerability in Advanced Poll 2.0.2 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1181 (Advanced Poll 2.0.2 allows remote attackers to obtain sensitive ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1182 (Cross-site scripting (XSS) vulnerability in MPM Guestbook 1.2 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1183 (The WebCache component in Oracle Files 9.0.3.1.0, 9.0.3.2.0, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1184 (Multiple cross-site scripting (XSS) vulnerabilities in ThWboard Beta ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1185 (Multiple SQL injection vulnerabilities in ThWboard before Beta 2.8.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1186 (Buffer overflow in TelCondex SimpleWebServer 2.12.30210 Build3285 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1187 (Cross-site scripting (XSS) vulnerability in include.php in PHPKIT ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1188 (Unichat allows remote attackers to cause a denial of service (crash) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1189 (Unknown vulnerability in Nokia IPSO 3.7, configured as IP Clusters, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1190 (Cross-site scripting (XSS) vulnerability in PHPRecipeBook 1.24 through ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1191 (chatbox.php in e107 0.554 and 0.603 allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1192 (Stack-based buffer overflow in IA WebMail Server 3.1.0 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1193 (Multiple SQL injection vulnerabilities in the Portal DB (1) List of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1194 (Cross-site scripting (XSS) vulnerability in Booby .1 through 0.2.3 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1195 (SQL injection vulnerability in getmember.asp in VieBoard 2.6 Beta 1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1196 (SQL injection vulnerability in viewtopic.asp in VieBoard 2.6 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1197 (Cross-site scripting (XSS) vulnerability in index.php for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1198 (connection.c in Cherokee web server before 0.4.6 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1199 (Cross-site scripting (XSS) vulnerability in MyProxy 20030629 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1200 (Stack-based buffer overflow in FORM2RAW.exe in Alt-N MDaemon 6.5.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1201 (ldbm_back_exop_passwd in the back-ldbm backend in passwd.c for ...) BUG: 26728 CVE-2003-1202 (The checklogin function in omail.pl for omail webmail 0.98.4 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1203 (Cross-site scripting (XSS) vulnerability in index.php for Mambo Site ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1204 (Multiple cross-site scripting (XSS) vulnerabilities in Mambo Site ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1205 (Crob FTP Server 2.60.1 allows remote authenticated users to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1206 (Format string vulnerability in Crob FTP Server 2.60.1 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1207 (Crob FTP Server 3.5.1 allows remote authenticated users to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1208 (Multiple buffer overflows in Oracle 9i 9 before 9.2.0.3 allow local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1209 (The Post_Method function in Monkey HTTP Daemon before 0.6.2 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1210 (Multiple SQL injection vulnerabilities in the Downloads module for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1211 (Cross-site scripting (XSS) vulnerability in search.asp for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1212 (MaxWebPortal 1.30 allows remote attackers to perform unauthorized ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1213 (The default installation of MaxWebPortal 1.30 stores the portal ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1214 (Unknown vulnerability in the server login for VisualShapers ezContents ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1215 (SQL injection vulnerability in groupcp.php for phpBB 2.0.6 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1216 (SQL injection vulnerability in search.php for phpBB 2.0.6 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1217 RESERVED CVE-2003-1218 RESERVED CVE-2003-1219 (Cross-site scripting (XSS) vulnerability in the tep_href_link function ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1220 (BEA WebLogic Server proxy plugin for BEA Weblogic Express and Server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1221 (BEA WebLogic Express and Server 7.0 through 8.1 SP 1, under certain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1222 (BEA Weblogic Express and Server 8.0 through 8.1 SP 1, when using a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1223 (The Node Manager for BEA WebLogic Express and Server 6.1 through 8.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1224 (Weblogic.admin for BEA WebLogic Server and Express 7.0 and 7.0.0.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1225 (The default CredentialMapper for BEA WebLogic Server and Express 7.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1226 (BEA WebLogic Server and Express 7.0 and 7.0.0.1 stores certain secrets ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1227 (PHP remote file include vulnerability in index.php for Gallery 1.4 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1228 (Buffer overflow in the prepare_reply function in request.c for Mathopd ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1229 (X509TrustManager in (1) Java Secure Socket Extension (JSSE) in SDK and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1230 (The implementation of SYN cookies (syncookies) in FreeBSD 4.5 through ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1231 (Cross-site scripting (XSS) vulnerability in index.php in ECW-Shop 5.5 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1232 (Emacs 21.2.1 does not prompt or warn the user before executing Lisp ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1233 (Pedestal Software Integrity Protection Driver (IPD) 1.3 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1234 (Integer overflow in the f_count counter in FreeBSD before 4.2 through ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1235 (BRW WebWeaver 1.03 allows remote attackers to obtain sensitive server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1236 (Multiple format string vulnerabilities in the logger function in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1237 (Cross-site scripting vulnerability (XSS) in WWWBoard 2.0A2.1 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1238 (Cross-site scripting vulnerability (XSS) in Nuked-Klan 1.3 beta and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1239 (Directory traversal vulnerability in sendphoto.php in WihPhoto 0.86 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1240 (PHP remote file inclusion vulnerability in CuteNews 0.88 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1241 (Cross-site scripting vulnerability (XSS) in (1) admin_index.php, (2) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1242 (Sage 1.0 b3 allows remote attackers to obtain the root web server path ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1243 (Cross-site scripting vulnerability (XSS) in Sage 1.0 b3 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1244 (SQL injection vulnerability in page_header.php in phpBB 2.0, 2.0.1 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1245 (index2.php in Mambo 4.0.12 allows remote attackers to gain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1246 (NtCreateSymbolicLinkObject in ntdll.dll in Integrity Protection Driver ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1247 (Multiple buffer overflows in H-Sphere WebShell 2.3 allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1248 (H-Sphere WebShell 2.3 allows remote attackers to execute arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1249 (WebIntelligence 2.7.1 uses guessable user session cookies, which ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1250 (Efficient Networks 5861 DSL router, when running firmware 5.3.80 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1251 (The (1) menu.inc.php, (2) datasets.php and (3) mass_operations.inc.php ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1252 (register.php in S8Forum 3.0 allows remote attackers to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1253 (PHP remote file inclusion vulnerability in Bookmark4U 1.8.3 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1254 (Active PHP Bookmarks (APB) 1.1.01 allows remote attackers to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1255 (add_bookmark.php in Active PHP Bookmarks (APB) 1.1.01 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1256 (aff_liste_langue.php in E-theni allows remote attackers to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1257 (find_theni_home.php in E-theni allows remote attackers to obtain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1258 (activate.php in versatileBulletinBoard (vBB) 0.9.5 and 0.9.6 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1259 (Buffer overflow in CuteFTP 4.2 and 5.0 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1260 (Buffer overflow in CuteFTP 5.0 allows remote attackers to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1261 (Buffer overflow in CuteFTP 5.0 and 5.0.1 allows local users to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1262 (Buffer overflow in the http_fetch function of HTTP Fetcher 1.0.0 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1263 (ICAL.EXE in iCal 3.7 allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1264 (TFTP server in Longshine Wireless Access Point (WAP) LCS-883R-AC-B, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1265 (Netscape 7.0 and Mozilla 5.0 do not immediately delete messages in the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1266 (The (1) FTP, (2) POP3, (3) SMTP, and (4) NNTP servers in EServer 2.92 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1267 (GuildFTPd 0.999 allows remote attackers to cause a denial of service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1268 (Multiple SQL injection vulnerabilities in (1) addcustomer.asp, (2) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1269 (AN HTTP 1.41e allows remote attackers to obtain the root web server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1270 (AN HTTP 1.41e allows remote attackers to cause a denial of service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1271 (Cross-site scripting vulnerability (XSS) in AN HTTP 1.41e allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1272 (Multiple buffer overflows in Winamp 3.0 allow remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1273 (Winamp 3.0 allows remote attackers to cause a denial of service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1274 (Winamp 3.0 allows remote attackers to cause a denial of service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1275 (Pocket Internet Explorer (PIE) 3.0 allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1276 (Netfone.exe of NetTelephone 3.5.6 uses weak encryption for user PIN's ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1277 (Cross-site scripting (XSS) vulnerabilities in Yet Another Bulletin ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1278 (Cross-site scripting vulnerability (XSS) in OpenTopic 2.3.1 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1279 (S-PLUS 6.0 allows local users to overwrite arbitrary files and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1280 (Directory traversal vulnerability in cgihtml 1.69 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1281 (cgihtml 1.69 allows local users to overwrite arbitrary files via a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1282 (IBM Net.Data allows remote attackers to obtain sensitive information ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1283 (KaZaA Media Desktop (KMD) 2.0 launches advertisements in the Internet ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1284 (Sambar Server before 6.0 beta 6 allows remote attackers to obtain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1285 (Multiple cross-site scripting (XSS) vulnerabilities in Sambar Server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1286 (HTTP Proxy in Sambar Server before 6.0 beta 6, when security.ini lacks ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1287 (Sambar Server before 6.0 beta 3 allows attackers with physical access ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1288 (Multiple race conditions in Linux-VServer 1.22 with Linux kernel ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1289 (The iBCS2 system call translator for statfs in NetBSD 1.5 through ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1290 (BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, with RMI ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1291 (VMware ESX Server 1.5.2 before Patch 4 allows local users to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1292 (PHP remote file include vulnerability in Derek Ashauer ashNews 0.83 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1293 (Multiple cross-site scripting (XSS) vulnerabilities in NukedWeb ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1294 (Xscreensaver before 4.15 creates temporary files insecurely in (1) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1295 (Unspecified vulnerability in xscreensaver 4.12, and possibly other ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1296 (Easy File Sharing (EFS) Web Server 1.2 allows remote authenticated ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1297 (Easy File Sharing (EFS) Web Server 1.2 stores the (1) option.ini (aka ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1298 (Multiple directory traversal vulnerabilities in siteman.php3 in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1299 (Directory traversal vulnerability in Baby FTP Server 1.2, and possibly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1300 (Baby FTP Server (BabyFTP) 1.2, and possibly other versions before May ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1301 (Sun Java Runtime Environment (JRE) 1.x before 1.4.2_11 and 1.5.x ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1302 (The IMAP functionality in PHP before 4.3.1 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1303 (Buffer overflow in the imap_fetch_overview function in the IMAP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1304 (EarlyImpact ProductCart 1.0 through 2.0 stores database/EIPC.mdb under ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1305 (Microsoft Internet Explorer allows remote attackers to cause a denial ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1306 (Microsoft URLScan 2.5, with the RemoveServerHeader option enabled, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1307 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1308 (CRLF injection vulnerability in fvwm-menu-directory for fvwm 2.5.x ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1309 (The DeviceIoControl function in the TrueVector Device Driver ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1310 (The DeviceIoControl function in the Norton Device Driver (NAVAP.sys) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1311 (siteminderagent/SmMakeCookie.ccc in Netegrity SiteMinder does not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1312 (siteminderagent/SmMakeCookie.ccc in Netegrity SiteMinder places a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1313 (Multiple PHP remote file inclusion vulnerabilities in EternalMart ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1314 (PHP remote file inclusion vulnerability in admin/auth.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1315 (SQL injection vulnerability in auth.php in Land Down Under (LDU) v601 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1316 (mod.php in eNdonesia 8.2 allows remote attackers to obtain sensitive ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1317 (Cross-site scripting (XSS) vulnerability in mod.php in eNdonesia 8.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1318 (Twilight Webserver 1.3.3.0 allows remote attackers to cause a denial ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1319 (Multiple buffer overflows in SmartFTP 1.0.973, and other versions ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1320 (SonicWALL firmware before 6.4.0.1 allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1321 (Buffer overflow in Avant Browser 8.02 allows remote attackers to cause ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1322 (Multiple stack-based buffer overflows in Atrium MERCUR IMAPD in MERCUR ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1323 (Elm ME+ 2.4 before PL109S, when installed setgid mail and the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1324 (Race condition in the can_open function in Elm ME+ 2.4, when installed ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1325 (The SV_CheckForDuplicateNames function in Valve Software Half-Life ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1326 (Microsoft Internet Explorer 5.5 and 6.0 allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1327 (Buffer overflow in the SockPrintf function in wu-ftpd 2.6.2 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1328 (The showHelp() function in Microsoft Internet Explorer 5.01, 5.5, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1329 (ftpd.c in wu-ftpd 2.6.2, when running on "operating systems that only ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1330 (Clearswift MAILsweeper for SMTP 4.3.6 SP1 does not execute custom "on ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1331 (Stack-based buffer overflow in the mysql_real_connect function in the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1332 (Stack-based buffer overflow in the reply_nttrans function in Samba ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1333 (Unspecified vulnerability in the Cache' Server Page (CSP) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1334 (Cross-site scripting (XSS) vulnerability in Kai Blankenhorn Bitfolge ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1335 (Directory traversal vulnerability in Kai Blankenhorn Bitfolge simple ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1336 (Buffer overflow in mIRC before 6.11 allows remote attackers to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1337 (Heap-based buffer overflow in Aprelium Abyss Web Server 1.1.2 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1338 (CRLF injection vulnerability in Aprelium Abyss Web Server 1.1.2 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1339 (Stack-based buffer overflow in eZnet.exe, as used in eZ (a) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1340 (Multiple SQL injection vulnerabilities in Francisco Burzi PHP-Nuke 5.6 ...) NOT-FOR-US: PHP Nuke CVE-2003-1341 (The default installation of Trend Micro OfficeScan 3.0 through 3.54 ...) NOT-FOR-US: Trend Micro OfficeScan CVE-2003-1342 (Trend Micro Virus Control System (TVCS) 1.8 running with IIS allows ...) NOT-FOR-US: Trend Micro Virus Control System CVE-2003-1343 (Trend Micro ScanMail for Exchange (SMEX) before 3.81 and before 6.1 ...) NOT-FOR-US: Trend Micro ScanMail for Exchange CVE-2003-1344 (Trend Micro Virus Control System (TVCS) Log Collector allows remote ...) NOT-FOR-US: Trend Micro Virus Control CVE-2003-1345 (Directory traversal vulnerability in s.dll in WebCollection Plus 5.00 ...) NOT-FOR-US: WebCollection Plus CVE-2003-1346 (D-Link wireless access point DWL-900AP+ 2.2, 2.3 and possibly 2.5 ...) NOT-FOR-US: D-Link wireless access point CVE-2003-1347 (Multiple cross-site scripting (XSS) vulnerabilities in Geeklog 1.3.7 ...) NOT-FOR-US: Geeklog CVE-2003-1348 (Cross-site scripting (XSS) vulnerability in guestbook.cgi in ftls.org ...) NOT-FOR-US: ftls.org Guestbook CVE-2003-1349 (Directory traversal vulnerability in NITE ftp-server (NiteServer) 1.83 ...) NOT-FOR-US: NITE ftp-server CVE-2003-1350 (List Site Pro 2.0 allows remote attackers to hijack user accounts by ...) NOT-FOR-US: List Site Pro CVE-2003-1351 (Directory traversal vulnerability in edittag.cgi in EditTag 1.1 allows ...) NOT-FOR-US: EditTag CVE-2003-1352 (Gabber 0.8.7 sends an email to a specific address during user login ...) NOT-FOR-US: Gabber CVE-2003-1353 (Multiple cross-site scripting (XSS) vulnerabilities in Outreach ...) NOT-FOR-US: Outreach CVE-2003-1354 (Multiple GameSpy 3D 2.62 compatible gaming servers generate very large ...) NOT-FOR-US: GameSpy 3D 2.62 CVE-2003-1355 (Buffer overflow in the remote console (rcon) in Battlefield 1942 1.2 ...) NOT-FOR-US: Battlefield 1942 1.2 and 1.3 CVE-2003-1356 (The "file handling" in sort in HP-UX 10.01 through 10.20, and 11.00 ...) NOT-FOR-US: HP-UX CVE-2003-1357 (ProxyView has a default administrator password of Administrator for ...) NOT-FOR-US: ProxyView CVE-2003-1358 (rs.F300 for HP-UX 10.0 through 11.22 uses the PATH environment ...) NOT-FOR-US: HP-UX CVE-2003-1359 (Buffer overflow in stmkfont utility of HP-UX 10.0 through 11.22 allows ...) NOT-FOR-US: HP-UX CVE-2003-1360 (Buffer overflow in the setupterm function of (1) lanadmin and (2) ...) NOT-FOR-US: HP-UX CVE-2003-1361 (Unknown vulnerability in VERITAS Bare Metal Restore (BMR) of Tivoli ...) NOT-FOR-US: VERITAS Bare Metal Restore CVE-2003-1362 (Bastille B.02.00.00 of HP-UX 11.00 and 11.11 does not properly ...) NOTE: old CVE-2003-1363 (The remote web management interface of Aprelium Technologies Abyss Web ...) NOT-FOR-US: Abyss Web Server CVE-2003-1364 (Aprelium Technologies Abyss Web Server 1.1.2, and possibly other ...) NOT-FOR-US: Abyss Web Server CVE-2003-1365 (The escape_dangerous_chars function in CGI::Lite 2.0 and earlier does ...) NOT-FOR-US: CGI::Lite CVE-2003-1366 (chpass in OpenBSD 2.0 through 3.2 allows local users to read portions ...) NOT-FOR-US: chpass in OpenBSD CVE-2003-1367 (The which_access variable for Majordomo 2.0 through 1.94.4, and ...) NOT-FOR-US: Majordomo CVE-2003-1368 (Buffer overflow in the 32bit FTP client 9.49.1 allows remote attackers ...) NOT-FOR-US: 32bit FTP client CVE-2003-1369 (Buffer overflow in ByteCatcher FTP client 1.04b allows remote ...) NOT-FOR-US: ByteCatcher CVE-2003-1370 (Multiple cross-site scripting (XSS) vulnerabilities in Nuked-Klan 1.2b ...) NOT-FOR-US: Nuked Klan CVE-2003-1371 (Nuked-Klan 1.3b, and possibly earlier versions, allows remote ...) NOT-FOR-US: Nuked Klan CVE-2003-1372 (Cross-site scripting (XSS) vulnerability in links.php script in ...) NOT-FOR-US: myPHPNuke CVE-2003-1373 (Directory traversal vulnerability in auth.php for PhpBB 1.4.0 through ...) NOTE: old CVE-2003-1374 (Buffer overflow in disable of HP-UX 11.0 may allow local users to ...) NOT-FOR-US: HP-UX CVE-2003-1375 (Buffer overflow in wall for HP-UX 10.20 through 11.11 may allow local ...) NOT-FOR-US: wall CVE-2003-1376 (WinZip 8.0 uses weak random number generation for password protected ...) NOT-FOR-US: WinZip CVE-2003-1377 (Buffer overflow in the reverse DNS lookup of Smart IRC Daemon (SIRCD) ...) NOT-FOR-US: Smart IRC Daemon CVE-2003-1378 (Microsoft Outlook Express 6.0 and Outlook 2000, with the security zone ...) NOT-FOR-US: Microsoft Outlook Express CVE-2003-1379 (clarkconnectd in ClarkConnect Linux 1.2 allows remote attackers to ...) NOT-FOR-US: ClarkConnect CVE-2003-1380 (Directory traversal vulnerability in BisonFTP Server 4 release 2 ...) NOT-FOR-US: BisonFTP CVE-2003-1381 (Format string vulnerability in AMX 0.9.2 and earlier, a plugin for ...) NOT-FOR-US: AMX CVE-2003-1382 (Buffer overflow in ISMail 1.4.3 and earlier allow remote attackers to ...) NOT-FOR-US: ISMail CVE-2003-1383 (WEB-ERP 0.1.4 and earlier allows remote attackers to obtain sensitive ...) NOT-FOR-US: WEB ERP CVE-2003-1384 (Cross-site scripting (XSS) vulnerability in index.php in PY-Livredor ...) NOT-FOR-US: PY-Livredor CVE-2003-1385 (ipchat.php in Invision Power Board 1.1.1 allows remote attackers to ...) NOT-FOR-US: Invision Power Board CVE-2003-1386 (AXIS 2400 Video Server 2.00 through 2.33 allows remote attackers to ...) NOT-FOR-US: AXIS 2400 Video Server CVE-2003-1387 (Buffer overflow in Opera 6.05 and 6.06, and possibly other versions, ...) NOTE: old CVE-2003-1388 (Buffer overflow in Opera 7.02 Build 2668 allows remote attackers to ...) NOTE: old CVE-2003-1389 (RTS CryptoBuddy 1.2 and earlier truncates long passphrases without ...) NOT-FOR-US: CryptoBuddy CVE-2003-1390 (RTS CryptoBuddy 1.2 and earlier stores bytes 53 through 55 of a ...) NOT-FOR-US: CryptoBuddy CVE-2003-1391 (RTS CryptoBuddy 1.0 and 1.2 uses a weak encryption algorithm for the ...) NOT-FOR-US: CryptoBuddy CVE-2003-1392 (CryptoBuddy 1.0 and 1.2 does not use the user-supplied passphrase to ...) NOT-FOR-US: CryptoBuddy CVE-2003-1393 (Buffer overflow in Gupta SQLBase 8.1.0 allows remote attackers to ...) NOT-FOR-US: Gupta CVE-2003-1394 (CoffeeCup Software Password Wizard 4.0 stores sensitive information ...) NOT-FOR-US: CoffeeCup Software Password CVE-2003-1395 (Buffer overflow in KaZaA Media Desktop 2.0 allows remote attackers to ...) NOT-FOR-US: KaZaA CVE-2003-1396 (Heap-based buffer overflow in Opera 6.05 through 7.10 allows remote ...) NOTE: old CVE-2003-1397 (The PluginContext object of Opera 6.05 and 7.0 allows remote attackers ...) NOTE: old CVE-2003-1398 (Cisco IOS 12.0 through 12.2, when IP routing is disabled, accepts ...) NOT-FOR-US: Cisco IOS CVE-2003-1399 (eject 2.0.10, when installed setuid on systems such as SuSE Linux 7.3, ...) NOTE: old CVE-2003-1400 (Cross-site scripting (XSS) vulnerability in the Your_Account module ...) NOT-FOR-US: Your_Account CVE-2003-1401 (login.php in php-Board 1.0 stores plaintext passwords in $username.txt ...) NOT-FOR-US: php Board CVE-2003-1402 (PHP remote file inclusion vulnerability in hit.php for Kietu 2.0 and ...) NOT-FOR-US: Kietu CVE-2003-1403 (foo.php3 in DotBr 0.1 allows remote attackers to obtain sensitive ...) NOT-FOR-US: DotBr CVE-2003-1404 (DotBr 0.1 stores config.inc with insufficient access control under the ...) NOT-FOR-US: DotBr CVE-2003-1405 (DotBr 0.1 allows remote attackers to execute arbitrary shell commands ...) NOT-FOR-US: DotBr CVE-2003-1406 (PHP remote file inclusion vulnerability in D-Forum 1.00 through 1.11 ...) NOT-FOR-US: D-Forum CVE-2003-1407 (Buffer overflow in cmd.exe in Windows NT 4.0 may allow local users to ...) NOT-FOR-US: Windows NT 4.0 CVE-2003-1408 (Lotus Domino Server 5.0 and 6.0 allows remote attackers to read the ...) NOT-FOR-US: Lotus Domino Server CVE-2003-1409 (TOPo 1.43 allows remote attackers to obtain sensitive information by ...) NOT-FOR-US: TOPo CVE-2003-1410 (PHP remote file inclusion vulnerability in email.php (aka email.php3) ...) NOT-FOR-US: Cedric CVE-2003-1411 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Cedric CVE-2003-1412 (PHP remote file inclusion vulnerability in index.php for GONiCUS ...) NOT-FOR-US: GOsa CVE-2003-1413 (parse_xml.cgi in Apple Darwin Streaming Server 4.1.1 allows remote ...) NOT-FOR-US: Apple Darwin Streaming Server CVE-2003-1414 (Directory traversal vulnerability in parse_xml.cg Apple Darwin ...) NOT-FOR-US: Apple Darwin Streaming Server CVE-2003-1415 (NetCharts XBRL Server 4.0.0 allows remote attackers to obtain ...) NOT-FOR-US: NetCharts CVE-2003-1416 (BisonFTP Server 4 release 2 allows remote attackers to cause a denial ...) NOT-FOR-US: BisonFTP CVE-2003-1417 (nCipher Support Software 6.00, when using generatekey KeySafe to ...) NOT-FOR-US: nCipher CVE-2003-1418 (Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote ...) NOTE: old CVE-2003-1419 (Netscape 7.0 allows remote attackers to cause a denial of service ...) NOT-FOR-US: Netscape 7.0 CVE-2003-1420 (Cross-site scripting (XSS) vulnerability in Opera 6.0 through 7.0 with ...) NOTE: old CVE-2003-1421 (Unspecified vulnerability in mod_mysql_logger shared object in SuckBot ...) NOT-FOR-US: SuckBot CVE-2003-1422 (Multiple unspecified vulnerabilities in the installer for SYSLINUX ...) NOTE: old CVE-2003-1423 (Petitforum stores the liste.txt data file under the web document root ...) NOT-FOR-US: Petitforum CVE-2003-1424 (message.php in Petitforum does not properly authenticate users, which ...) NOT-FOR-US: Petitforum CVE-2003-1425 (guestbook.cgi in cPanel 5.0 allows remote attackers to execute ...) NOT-FOR-US: cPanel CVE-2003-1426 (Openwebmail in cPanel 5.0, when run using suid Perl, adds the ...) NOT-FOR-US: cPanel CVE-2003-1427 (Directory traversal vulnerability in the web configuration interface ...) NOT-FOR-US: Netgear FM114P web configuration CVE-2003-1428 (Gallery 1.3.3 creates directories with insecure permissions, which ...) NOTE: old CVE-2003-1429 (Buffer overflow in Proxomitron Naoko 4.4 allows remote attackers to ...) NOT-FOR-US: Proxomitron Naoko CVE-2003-1430 (Directory traversal vulnerability in Unreal Tournament Server 436 and ...) NOTE: old CVE-2003-1431 (Buffer overflow in Epic Games Unreal Engine 226f through 436 allows ...) NOTE: old CVE-2003-1432 (Epic Games Unreal Engine 226f through 436 allows remote attackers to ...) NOTE: old CVE-2003-1433 (Epic Games Unreal Engine 226f through 436 does not validate the ...) NOTE: old CVE-2003-1434 (login_ldap 3.1 and 3.2 allows remote attackers to initiate ...) NOT-FOR-US: login_ldap CVE-2003-1435 (SQL injection vulnerability in PHP-Nuke 5.6 and 6.0 allows remote ...) NOT-FOR-US: PHP-Nuke CVE-2003-1436 (PHP remote file inclusion vulnerability in nukebrowser.php in ...) NOT-FOR-US: Nukebrowser CVE-2003-1437 (BEA WebLogic Express and WebLogic Server 7.0 and 7.0.0.1, stores ...) NOT-FOR-US: BEA WebLogic Server CVE-2003-1438 (Race condition in BEA WebLogic Server and Express 5.1 through 7.0.0.1, ...) NOT-FOR-US: BEA WebLogic Server CVE-2003-1439 (Secure Internet Live Conferencing (SILC) 0.9.11 and 0.9.12 stores ...) NOTE: old CVE-2003-1440 (SpamProbe 0.8a allows remote attackers to cause a denial of service ...) NOTE: old CVE-2003-1441 (Posadis 0.50.4 through 0.50.8 allows remote attackers to cause a ...) NOTE: old CVE-2003-1442 (The web administration page for the Ericsson HM220dp ADSL modem does ...) NOT-FOR-US: web CVE-2003-1443 (Kaspersky Antivirus (KAV) 4.0.9.0 does not detect viruses in files ...) NOT-FOR-US: Kaspersky Antivirus CVE-2003-1444 (Kaspersky Antivirus (KAV) 4.0.9.0 allows local users to cause a denial ...) NOT-FOR-US: Kaspersky Antivirus CVE-2003-1445 (Stack-based buffer overflow in Far Manager 1.70beta1 and earlier ...) NOT-FOR-US: Far Manager CVE-2003-1446 (Buffer overflow in the save_into_file function in save.c for Rogue ...) NOT-FOR-US: Rogue CVE-2003-1447 (IBM WebSphere Advanced Server Edition 4.0.4 uses a weak encryption ...) NOT-FOR-US: WebSphere Advanced Server Edition CVE-2003-1448 (Memory leak in the Windows 2000 kernel allows remote attackers to ...) NOT-FOR-US: Windows 2000 CVE-2003-1449 (Aladdin Knowlege Systems eSafe Gateway 3.5.126.0 does not check the ...) NOT-FOR-US: eSafe Gateway CVE-2003-1450 (BitchX 75p3 and 1.0c16 through 1.0c20cvs allows remote attackers to ...) NOTE: old CVE-2003-1451 (Buffer overflow in Symantec Norton AntiVirus 2002 allows remote ...) NOT-FOR-US: Norton AntiVirus CVE-2003-1452 (Untrusted search path vulnerability in Qualcomm qpopper 4.0 through ...) NOTE: doesn't affect us as we don't install poppassd CVE-2003-1453 (Cross-site scripting (XSS) vulnerability in the MytextSanitizer ...) NOT-FOR-US: MytextSanitizer CVE-2003-1454 (Invision Power Services Invision Board 1.0 through 1.1.1, when a forum ...) NOT-FOR-US: Invision Power Services Invision Board CVE-2003-1455 (Multiple buffer overflows in the launch_bcrelay function in pptpctrl.c ...) NOT-FOR-US: PoPToP CVE-2003-1456 (Album.pl 6.1 allows remote attackers to execute arbitrary commands, ...) NOT-FOR-US: Album pl CVE-2003-1457 (Auerswald COMsuite CTI ControlCenter 3.1 creates a default ...) NOT-FOR-US: Auerswald COMsuite CTI ControlCenter CVE-2003-1458 (SQL injection vulnerability in Profile.php in ttCMS 2.2 and ttForum ...) NOT-FOR-US: ttCMS CVE-2003-1459 (Multiple PHP remote file inclusion vulnerabilities in ttCMS 2.2 and ...) NOT-FOR-US: ttCMS CVE-2003-1460 (Worker Filemanager 1.0 through 2.7 sets the permissions on the ...) NOT-FOR-US: Worker Filemanager CVE-2003-1461 (Buffer overflow in rwrite for HP-UX 11.0 could allow local users to ...) NOT-FOR-US: rwrite CVE-2003-1462 (mod_survey 3.0.0 through 3.0.15-pre6 does not check whether a survey ...) NOTE: old CVE-2003-1463 (Absolute path traversal vulnerability in Alt-N Technologies WebAdmin ...) NOT-FOR-US: WebAdmin CVE-2003-1464 (Buffer overflow in Siemens 45 series mobile phones allows remote ...) NOT-FOR-US: Siemens CVE-2003-1465 (Directory traversal vulnerability in download.php in Phorum 3.4 ...) NOT-FOR-US: Phorum CVE-2003-1466 (Unspecified vulnerability in Phorum 3.4 through 3.4.2 allows remote ...) NOT-FOR-US: Phorum CVE-2003-1467 (Multiple cross-site scripting (XSS) vulnerabilities in (1) login.php, ...) NOT-FOR-US: old or nfu CVE-2003-1468 (The Web_Links module in PHP-Nuke 6.0 through 6.5 final allows remote ...) NOT-FOR-US: PHP Nuke CVE-2003-1469 (The default configuration of ColdFusion MX has the "Enable Robust ...) NOT-FOR-US: ColdFusion CVE-2003-1470 (Buffer overflow in IMAP service in MDaemon 6.7.5 and earlier allows ...) NOT-FOR-US: MDaemon CVE-2003-1471 (MDaemon POP server 6.0.7 and earlier allows remote authenticated users ...) NOT-FOR-US: MDaemon CVE-2003-1472 (Buffer overflow in 3D-FTP client 4.0 allows remote FTP servers to ...) NOT-FOR-US: 3D FTP CVE-2003-1473 (Buffer overflow in LTris 1.0.1 of FreeBSD Ports Collection 2003-02-25 ...) NOT-FOR-US: FreeBSD Ports Collection CVE-2003-1474 (slashem-tty in the FreeBSD Ports Collection is installed with write ...) NOT-FOR-US: FreeBSD Ports Collection CVE-2003-1475 (Netbus 1.5 through 1.7 allows more than one client to be connected at ...) NOT-FOR-US: Netbus CVE-2003-1476 (Cerberus FTP Server 2.1 stores usernames and passwords in plaintext, ...) NOT-FOR-US: Cerberus CVE-2003-1477 (MAILsweeper for SMTP 4.3.6 and 4.3.7 allows remote attackers to cause ...) NOT-FOR-US: MAILsweeper CVE-2003-1478 (Konqueror in KDE 3.0.3 allows remote attackers to cause a denial of ...) NOTE: old CVE-2003-1479 (Cross-site scripting (XSS) vulnerability in webcamXP 1.02.432 and ...) NOT-FOR-US: webcamXP CVE-2003-1480 (MySQL 3.20 through 4.1.0 uses a weak algorithm for hashed passwords, ...) NOTE: old CVE-2003-1481 (CommuniGate Pro 3.1 through 4.0.6 sends the session ID in the referer ...) NOT-FOR-US: CommuniGate CVE-2003-1482 (The backup configuration file for Microsoft MN-500 wireless base ...) NOT-FOR-US: Microsoft CVE-2003-1483 (FlashFXP 1.4 uses a weak encryption algorithm for user passwords, ...) NOT-FOR-US: FlashFXP CVE-2003-1484 (Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a ...) NOT-FOR-US: MSIE CVE-2003-1485 (Clearswift MAILsweeper 4.0 through 4.3.7 allows remote attackers to ...) NOT-FOR-US: MAILsweeper CVE-2003-1486 (Phorum 3.4 through 3.4.2 allows remote attackers to obtain the full ...) NOT-FOR-US: Phorum CVE-2003-1487 (Multiple "command injection" vulnerabilities in Phorum 3.4 through ...) NOT-FOR-US: Phorum CVE-2003-1488 (The (1) verif_admin.php and (2) check_admin.php scripts in Truegalerie ...) NOT-FOR-US: Truegalerie CVE-2003-1489 (upload.php in Truegalerie 1.0 allows remote attackers to read ...) NOT-FOR-US: Truegalerie CVE-2003-1490 (SonicWall Pro running firmware 6.4.0.1 allows remote attackers to ...) NOT-FOR-US: SonicWall CVE-2003-1491 (Kerio Personal Firewall (KPF) 2.1.4 has a default rule to accept ...) NOT-FOR-US: Kerio CVE-2003-1492 (Netscape Navigator 7.0.2 and Mozilla allows remote attackers to access ...) NOTE: old CVE-2003-1493 (Memory leak in HP OpenView Network Node Manager (NNM) 6.2 and 6.4 ...) NOT-FOR-US: HP CVE-2003-1494 (Unspecified vulnerability in HP OpenView Network Node Manager (NNM) ...) NOT-FOR-US: HP CVE-2003-1495 (Unspecified vulnerability in the non-SSL web agent in various HP ...) NOT-FOR-US: HP Management Agent CVE-2003-1496 (Unspecified vulnerability in CDE dtmailpr of HP Tru64 4.0F through ...) NOT-FOR-US: HP Tru64 CVE-2003-1497 (Buffer overflow in the system log viewer of Linksys BEFSX41 1.44.3 ...) NOT-FOR-US: Linksys BEFSX41 CVE-2003-1498 (Cross-site scripting (XSS) vulnerability in search.php for WRENSOFT ...) NOT-FOR-US: Zoom Search CVE-2003-1499 (Directory traversal vulnerability in index.php in Bytehoard 0.7 allows ...) NOT-FOR-US: Bytehoard CVE-2003-1500 (PHP remote file inclusion vulnerability in _functions.php in ...) NOT-FOR-US: cpCommerce CVE-2003-1501 (Directory traversal vulnerability in the file upload CGI of Gast ...) NOT-FOR-US: Gast Arbeiter CVE-2003-1502 (mod_throttle 3.0 allows local users with Apache privileges to access ...) NOT-FOR-US: mod_throttle CVE-2003-1503 (Buffer overflow in AOL Instant Messenger (AIM) 5.2.3292 allows remote ...) NOT-FOR-US: AIM CVE-2003-1504 (SQL injection vulnerability in variables.php in Goldlink 3.0 allows ...) NOT-FOR-US: Goldlink CVE-2003-1505 (Microsoft Internet Explorer 6.0 allows remote attackers to cause a ...) NOT-FOR-US: MSIE CVE-2003-1506 (Cross-site scripting (XSS) vulnerability in dansguardian.pl in Adelix ...) NOT-FOR-US: censornet CVE-2003-1507 (Planet Technology WGSD-1020 and WSW-2401 Ethernet switches use a ...) NOT-FOR-US: Planet Technology WGSD-1020 and WSW-2401 Ethernet switches CVE-2003-1508 (Buffer overflow in mIRC 6.12, when the DCC get dialog window has been ...) NOT-FOR-US: mIRC CVE-2003-1509 (Real Networks RealOne Enterprise Desktop 6.0.11.774, RealOne Player ...) NOTE: old CVE-2003-1510 (TinyWeb 1.9 allows remote attackers to cause a denial of service (CPU ...) NOT-FOR-US: TinyWeb CVE-2003-1511 (Cross-site scripting (XSS) vulnerability in Bajie Java HTTP Server ...) NOT-FOR-US: Bajie Java HTTP Server CVE-2003-1512 (Buffer overflow in mIRC 6.1 and 6.11 allows remote attackers to cause ...) NOT-FOR-US: mIRC CVE-2003-1513 (Multiple cross-site scripting (XSS) vulnerabilities in example scripts ...) NOTE: old CVE-2003-1514 (eMule 0.29c allows remote attackers to cause a denial of service ...) NOT-FOR-US: eMule CVE-2003-1515 (Origo ASR-8100 ADSL Router 3.21 has an administration service running ...) NOT-FOR-US: Origo CVE-2003-1516 (The org.apache.xalan.processor.XSLProcessorVersion class in Java ...) NOTE: old CVE-2003-1517 (cart.pl in Dansie shopping cart allows remote attackers to obtain the ...) NOT-FOR-US: Dansie CVE-2003-1518 (Adiscon WinSyslog 4.21 SP1 allows remote attackers to cause a denial ...) NOT-FOR-US: WinSyslog CVE-2003-1519 (Cross-site scripting (XSS) vulnerability in Vivisimo clustering engine ...) NOT-FOR-US: Vivisimo CVE-2003-1520 (SQL injection vulnerability in FuzzyMonkey My Classifieds 2.11 allows ...) NOT-FOR-US: My Classifieds CVE-2003-1521 (Sun Java Plug-In 1.4 through 1.4.2_02 allows remote attackers to ...) NOTE: old CVE-2003-1522 (Cross-site scripting (XSS) vulnerability in PSCS VPOP3 Web Mail server ...) NOT-FOR-US: VPOP3 CVE-2003-1523 (SQL injection vulnerability in the IMAP daemon in dbmail 1.1 allows ...) NOTE: old CVE-2003-1524 (PGPi PGPDisk 6.0.2i does not unmount a PGP partition when the switch ...) NOT-FOR-US: PGPi PGPDisk CVE-2003-1525 (Unspecified vulnerability in My Photo Gallery 3.5, and possibly ...) NOT-FOR-US: My Photo Gallery CVE-2003-1526 (PHP-Nuke 7.0 allows remote attackers to obtain the installation path ...) NOT-FOR-US: PHP-Nuke CVE-2003-1527 (BlackICE Defender 2.9.cap and Server Protection 3.5.cdf, when ...) NOT-FOR-US: BlackICE CVE-2003-1528 (nsr_shutdown in Fujitsu Siemens NetWorker 6.0 allows local users to ...) NOT-FOR-US: NetWorker CVE-2003-1529 (Directory traversal vulnerability in Seagull Software Systems J Walk ...) NOT-FOR-US: J Walk CVE-2003-1530 (SQL injection vulnerability in privmsg.php in phpBB 2.0.3 and earlier ...) NOTE: old CVE-2003-1531 (Cross-site scripting (XSS) vulnerability in testcgi.exe in Lilikoi ...) NOT-FOR-US: Ceilidh CVE-2003-1532 (SQL injection vulnerability in compte.php in PhpMyShop 1.00 allows ...) NOT-FOR-US: PhpMyShop CVE-2003-1533 (SQL injection vulnerability in accesscontrol.php in PhpPass 2 allows ...) NOT-FOR-US: PhpPass CVE-2003-1534 (Cross-site scripting (XSS) vulnerability in jgb.php3 in Justice ...) NOT-FOR-US: Justice Guestbook CVE-2003-1535 (Justice Guestbook 1.3 allows remote attackers to obtain the full ...) NOT-FOR-US: Justice Guestbook CVE-2003-1536 (Multiple cross-site scripting (XSS) vulnerabilities in Codeworx ...) NOT-FOR-US: Codeworx CVE-2003-1537 (Directory traversal vulnerability in PostNuke 0.723 and earlier allows ...) NOT-FOR-US: PostNuke CVE-2003-1538 (susehelp in SuSE Linux 8.1, Enterprise Server 8, Office Server, and ...) NOT-FOR-US: SuSE Linux CVE-2003-1539 (Cross-site scripting (XSS) vulnerability in ONEdotOH Simple File ...) NOT-FOR-US: ONEdotOH Simple File Manager CVE-2003-1540 (WF-Chat 1.0 Beta stores sensitive information under the web root with ...) NOT-FOR-US: WFChat CVE-2003-1541 (PlanetMoon Guestbook tr3.a stores sensitive information under the web ...) NOT-FOR-US: PlanetMoon Guestbook CVE-2003-1542 (Directory traversal vulnerability in plugins/file.php in ...) NOT-FOR-US: Ondrej Jombik phpWebFileManager CVE-2003-1543 (Cross-site scripting (XSS) vulnerability in Bajie Http Web Server ...) NOT-FOR-US: Bajie Java HTTP Server CVE-2003-1544 (Unrestricted critical resource lock in Terminal Services for Windows ...) NOT-FOR-US: Microsoft windows nt CVE-2003-1545 (Absolute path traversal vulnerability in nukestyles.com viewpage.php ...) NOT-FOR-US: NukeStyles ViewPage CVE-2003-1546 (Cross-site scripting (XSS) vulnerability in gbook.php in Filebased ...) NOT-FOR-US: Filebased Guestbook CVE-2003-1547 (Cross-site scripting (XSS) vulnerability in block-Forums.php in the ...) NOT-FOR-US: Francisco Burzi PHP Nuke CVE-2003-1548 (MyABraCaDaWeb 1.0.2 and earlier allows remote attackers to obtain ...) NOT-FOR-US: MyABraCaDaWeb CVE-2003-1549 (Cross-site scripting (XSS) vulnerability in header.php in ...) NOT-FOR-US: MyABraCaDaWeb CVE-2003-1550 (XOOPS 2.0, and possibly earlier versions, allows remote attackers to ...) NOT-FOR-US: masked in the tree CVE-2003-1551 (Unspecified vulnerability in Novell GroupWise 6 SP3 WebAccess before ...) NOT-FOR-US: Novell Groupwise CVE-2003-1552 (Unrestricted file upload vulnerability in uploader.php in Uploader 1.1 ...) NOT-FOR-US: Graeme Uploader CVE-2003-1553 (Haakon Nilsen Simple Internet Publishing System (SIPS) 0.2.2 stores ...) NOT-FOR-US: SIPS CVE-2003-1554 (Cross-site scripting (XSS) vulnerability in scozbook/add.php in ...) NOT-FOR-US: ScozNet ScozBook CVE-2003-1555 (ScozNet ScozBook 1.1 BETA allows remote attackers to obtain sensitive ...) NOT-FOR-US: ScozNet ScozBook CVE-2003-1556 (Cross-site scripting (XSS) vulnerability in cc_guestbook.pl in CGI ...) NOT-FOR-US: cgi_city cc_guestbook CVE-2003-1557 (Off-by-one buffer overflow in spamc of SpamAssassin 2.40 through 2.43, ...) NOT-FOR-US: we do not ship this version CVE-2003-1558 (Buffer overflow in httpd.c of fnord 1.6 allows remote attackers to ...) BUG: 14023 CVE-2003-1559 (Microsoft Internet Explorer 5.22, and other 5 through 6 SP1 versions, ...) NOT-FOR-US: Microsoft ie CVE-2003-1560 (Netscape 4 sends Referer headers containing https:// URLs in requests ...) NOT-FOR-US: Netscape Navigator CVE-2003-1561 (Opera, probably before 7.50, sends Referer headers containing https:// ...) NOTE: old CVE-2003-1562 (sshd in OpenSSH 3.6.1p2 and earlier, when PermitRootLogin is disabled ...) NOTE: Fixed since <4.0 CVE-2003-1563 (Sun Cluster 2.2 through 3.2 for Oracle Parallel Server / Real ...) NOT-FOR-US: Sun cluster CVE-2003-1564 (libxml2, possibly before 2.5.0, does not properly detect recursion ...) NOTE: outdated (<2.5.0) CVE-2003-1565 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1566 (Microsoft Internet Information Services (IIS) 5.0 does not log ...) NOT-FOR-US: Microsoft CVE-2003-1567 (The undocumented TRACK method in Microsoft Internet Information ...) NOT-FOR-US: Microsoft Internet Information Services IIS CVE-2003-1568 (GoAhead WebServer before 2.1.6 allows remote attackers to cause a ...) NOT-FOR-US: GoAhead CVE-2003-1569 (GoAhead WebServer before 2.1.5 on Windows 95, 98, and ME allows remote ...) NOT-FOR-US: path CVE-2003-1570 (The server in IBM Tivoli Storage Manager (TSM) 5.1.x, 5.2.x before ...) NOT-FOR-US: ibm tivoli_storage_manager CVE-2003-1571 (Web Wiz Guestbook 6.0 stores sensitive information under the web root ...) NOT-FOR-US: webwizguide web_wiz_guestbook CVE-2003-1572 (Sun Java Media Framework (JMF) 2.1.1 through 2.1.1c allows unsigned ...) NOTE: obsolete CVE-2003-1573 (The PointBase 4.6 database component in the J2EE 1.4 reference ...) NOT-FOR-US: sun j2ee CVE-2003-1574 (TikiWiki 1.6.1 allows remote attackers to bypass authentication by ...) NOT-FOR-US: obsolete CVE-2003-1575 (VERITAS File System (VxFS) 3.3.3, 3.4, and 3.5 before MP1 Rolling ...) NOT-FOR-US: Solaris CVE-2003-1576 (Buffer overflow in pamverifier in Change Manager (CM) 1.0 for Sun ...) NOT-FOR-US: pamverifier in Change Manager CM CVE-2003-1577 (Sun ONE (aka iPlanet) Web Server 4.1 through SP12 and 6.0 through SP5, ...) NOT-FOR-US: conjunction CVE-2003-1578 (Sun ONE (aka iPlanet) Web Server 4.1 through SP12 and 6.0 through SP5, ...) NOT-FOR-US: Sun CVE-2003-1579 (Sun ONE (aka iPlanet) Web Server 6 on Windows, when DNS resolution is ...) NOT-FOR-US: Sun CVE-2003-1580 (The Apache HTTP Server 2.0.44, when DNS resolution is enabled for ...) NOT-FOR-US: Obsolete CVE-2003-1581 (The Apache HTTP Server 2.0.44, when DNS resolution is enabled for ...) NOT-FOR-US: Very old version, not shipped anymore. CVE-2003-1582 (Microsoft Internet Information Services (IIS) 6.0, when DNS resolution ...) NOT-FOR-US: conjunction CVE-2003-1583 (Cross-site scripting (XSS) vulnerability in WebTrends allows remote ...) NOT-FOR-US: WebTrends CVE-2003-1584 (Cross-site scripting (XSS) vulnerability in SurfStats allows remote ...) NOT-FOR-US: SurfStats CVE-2003-1585 (Cross-site scripting (XSS) vulnerability in WebLogExpert allows remote ...) NOT-FOR-US: WebLogExpert CVE-2003-1586 (Cross-site scripting (XSS) vulnerability in WebExpert allows remote ...) NOT-FOR-US: WebExpert CVE-2003-1587 (Cross-site scripting (XSS) vulnerability in LoganPro allows remote ...) NOT-FOR-US: LoganPro CVE-2003-1588 (Sun Cluster 2.2, when HA-Oracle or HA-Sybase DBMS services are used, ...) NOT-FOR-US: sun cluster CVE-2003-1589 (Unspecified vulnerability in Sun ONE (aka iPlanet) Web Server 4.1 ...) NOT-FOR-US: sun one_web_server CVE-2003-1590 (Unspecified vulnerability in Sun ONE (aka iPlanet) Web Server 6.0 SP3 ...) NOT-FOR-US: sun one_web_server CVE-2003-1591 (NWFTPD.nlm in the FTP server in Novell NetWare 6.0 before SP4 and 6.5 ...) NOT-FOR-US: novell netware CVE-2003-1592 (Multiple buffer overflows in NWFTPD.nlm in the FTP server in Novell ...) NOT-FOR-US: novell netware CVE-2003-1593 (NWFTPD.nlm in the FTP server in Novell NetWare 6.0 before SP4 and 6.5 ...) NOT-FOR-US: novell netware CVE-2003-1594 (NWFTPD.nlm before 5.04.05 in the FTP server in Novell NetWare 6.5 does ...) NOT-FOR-US: novell netware CVE-2003-1595 (NWFTPD.nlm before 5.04.05 in the FTP server in Novell NetWare 6.5 does ...) NOT-FOR-US: novell netware CVE-2003-1596 (NWFTPD.nlm before 5.03.12 in the FTP server in Novell NetWare does not ...) NOT-FOR-US: novell netware CVE-2004-0001 (Unknown vulnerability in the eflags checking in the 32-bit ptrace ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0002 (The TCP MSS (maximum segment size) functionality in netinet allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0003 (Unknown vulnerability in Linux kernel before 2.4.22 allows local users ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0004 (The libCheckSignature function in crypto-utils.lib for OpenCA 0.9.1.6 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0005 (Multiple buffer overflows in Gaim 0.75 allow remote attackers to cause ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0006 (Multiple buffer overflows in Gaim 0.75 and earlier, and Ultramagnetic ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0007 (Buffer overflow in the Extract Info Field Function for (1) MSN and (2) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0008 (Integer overflow in Gaim 0.74 and earlier, and Ultramagnetic before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0009 (Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0010 (Stack-based buffer overflow in the ncp_lookup function for ncpfs in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0011 (Buffer overflow in fsp before 2.81.b18 allows remote users to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0012 RESERVED CVE-2004-0013 (jabber 1.4.2, 1.4.2a, and possibly earlier versions, does not properly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0014 (Multiple buffer overflows in the nd WebDAV interface 0.8.2 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0015 (vbox3 0.1.8 and earlier does not properly drop privileges before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0016 (The calendar module for phpgroupware 0.9.14 does not enforce the "save ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0017 (Multiple SQL injection vulnerabilities in the (1) calendar and (2) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0018 RESERVED CVE-2004-0019 RESERVED CVE-2004-0020 RESERVED CVE-2004-0021 RESERVED CVE-2004-0022 RESERVED CVE-2004-0023 RESERVED CVE-2004-0024 RESERVED CVE-2004-0025 RESERVED CVE-2004-0026 RESERVED CVE-2004-0027 RESERVED CVE-2004-0028 (jitterbug 1.6.2 does not properly sanitize inputs, which allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0029 (Lotus Notes Domino 6.0.2 on Linux installs the notes.ini configuration ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0030 (PHP remote file inclusion vulnerability in (1) functions.php, (2) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0031 (PHPGEDVIEW 2.61 allows remote attackers to reinstall the software and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0032 (Cross-site scripting (XSS) vulnerability in search.php in PHPGEDVIEW ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0033 (admin.php in PHPGEDVIEW 2.61 allows remote attackers to obtain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0034 (Multiple cross-site scripting (XSS) vulnerabilities in Phorum 3.4.5 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0035 (SQL injection vulnerability in register.php for Phorum 3.4.5 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0036 (SQL injection vulnerability in calendar.php for vBulletin Forum 2.3.x ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0037 (FirstClass Desktop Client 7.1 allows remote attackers to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0038 (McAfee ePolicy Orchestrator (ePO) 2.5.1 Patch 13 and 3.0 SP2a Patch 3 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0039 (Multiple format string vulnerabilities in HTTP Application ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0040 (Stack-based buffer overflow in Check Point VPN-1 Server 4.1 through ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0041 (The mod_auth_shadow module 1.4 and earlier does not properly enforce ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0042 (vsftpd 1.1.3 generates different error messages depending on whether ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0043 (Buffer overflow in Yahoo Instant Messenger 5.6.0.1351 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0044 (Cisco Personal Assistant 1.4(1) and 1.4(2) disables password ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0045 (Buffer overflow in the ARTpost function in art.c in the control ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0046 (Cross-site scripting (XSS) vulnerability in SnapStream PVS LITE allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0047 (Multiple programs in trr19 1.0 do not properly drop privileges before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0048 RESERVED CVE-2004-0049 (Helix Universal Server/Proxy 9 and Mobile Server 10 allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0050 (Verity Ultraseek before 5.2.2 allows remote attackers to obtain the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0051 (Multiple content security gateway and antivirus products allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0052 (Multiple content security gateway and antivirus products allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0053 (Multiple content security gateway and antivirus products allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0054 (Multiple vulnerabilities in the H.323 protocol implementation for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0055 (The print_attr_string function in print-radius.c for tcpdump 3.8.1 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0056 (Multiple vulnerabilities in the H.323 protocol implementation for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0057 (The rawprint function in the ISAKMP decoding routines (print-isakmp.c) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0058 (Antivir / Linux 2.0.9-9, and possibly earlier versions, allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0059 (Directory traversal vulnerability in upload capability of WWW File ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0060 (WWW File Share Pro 2.42 and earlier allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0061 (WWW File Share Pro 2.42 and earlier allows remote attackers to bypass ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0062 (Integer overflow in the rnd arithmetic rounding function for various ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0063 (The SPP_VerifyPVV function in nCipher payShield SPP library 1.3.12, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0064 (The SuSEconfig.gnome-filesystem script for YaST in SuSE 9.0 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0065 (Multiple SQL injection vulnerabilities in phpGedView before 2.65 allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0066 (phpGedView before 2.65 allows remote attackers to obtain the absolute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0067 (Multiple cross-site scripting (XSS) vulnerabilities in phpGedView ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0068 (PHP remote file inclusion vulnerability in config.php for PhpDig 1.6.5 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0069 (Format string vulnerability in HD Soft Windows FTP Server 1.6 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0070 (PHP remote file inclusion vulnerability in module.php for ezContents ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0071 (Directory traversal vulnerability in buildManPage in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0072 (Directory traversal vulnerability in Accipiter Direct Server 6.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0073 (PHP remote file inclusion vulnerability in (1) config.php and (2) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0074 (Multiple buffer overflows in xsok 1.02 allows local users to gain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0075 (The Vicam USB driver in Linux before 2.4.25 does not use the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0076 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0077 (The do_mremap function for the mremap system call in Linux 2.2 to ...) BUG: 42024 CVE-2004-0078 (Buffer overflow in the index menu code (menu_pad_string of menu.c) for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0079 (The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and ...) BUG: 44941 CVE-2004-0080 (The login program in util-linux 2.11 and earlier uses a pointer after ...) BUG: 46422 CVE-2004-0081 (OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message ...) BUG: 44941 CVE-2004-0082 (The mksmbpasswd shell script (mksmbpasswd.sh) in Samba 3.0.0 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0083 (Buffer overflow in ReadFontAlias from dirfile.c of XFree86 4.1.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0084 (Buffer overflow in the ReadFontAlias function in XFree86 4.1.0 to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0085 (Unknown vulnerability in the Mail application for Mac OS X 10.1.5 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0086 (Unknown vulnerability in the Mail application for Mac OS X 10.3.2 has ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0087 (The System Configuration subsystem in Mac OS 10.2.8 and 10.3.2 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0088 (The System Configuration subsystem in Mac OS 10.2.8 allows local users ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0089 (Buffer overflow in TruBlueEnvironment in Mac OS X 10.3.x and 10.2.x ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0090 (Unknown vulnerability in Windows File Sharing for Mac OS X 10.1.5 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0091 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0092 (Unknown vulnerability in Safari web browser in Mac OS X 10.2.8 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0093 (XFree86 4.1.0 allows remote attackers to cause a denial of service and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0094 (Integer signedness errors in XFree86 4.1.0 allow remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0095 (McAfee ePolicy Orchestrator agent allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0096 (Unknown vulnerability in mod_python 2.7.9 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0097 (Multiple vulnerabilities in PWLib before 1.6.0 allow remote attackers ...) BUG: 45846 CVE-2004-0098 RESERVED CVE-2004-0099 (mksnap_ffs in FreeBSD 5.1 and 5.2 only sets the snapshot flag when ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0100 RESERVED CVE-2004-0101 RESERVED CVE-2004-0102 RESERVED CVE-2004-0103 (crawl before 4.0.0 beta23 does not properly "apply a size check" when ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0104 (Multiple format string vulnerabilities in Metamail 2.7 and earlier ...) BUG: 42133 CVE-2004-0105 (Multiple buffer overflows in Metamail 2.7 and earlier allow remote ...) BUG: 42133 CVE-2004-0106 (Multiple unknown vulnerabilities in XFree86 4.1.0 to 4.3.0, related to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0107 (The (1) post and (2) trigger scripts in sysstat 4.0.7 and earlier ...) BUG: 45159 CVE-2004-0108 (The isag utility, which processes sysstat data, allows local users to ...) BUG: 45159 CVE-2004-0109 (Buffer overflow in the ISO9660 file system component for Linux kernel ...) BUG: 55698 BUG: 54976 BUG: 53804 BUG: 49637 BUG: 47881 CVE-2004-0110 (Buffer overflow in the (1) nanohttp or (2) nanoftp modules in XMLSoft ...) BUG: 42735 CVE-2004-0111 (gdk-pixbuf before 0.20 allows attackers to cause a denial of service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0112 (The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, ...) BUG: 44941 CVE-2004-0113 (Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 ...) BUG: 45206 CVE-2004-0114 (The shmat system call in the System V Shared Memory interface for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0115 (VirtualPC_Services in Microsoft Virtual PC for Mac 6.0 through 6.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0116 (An Activation function in the RPCSS Service involved with DCOM ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0117 (Unknown vulnerability in the H.323 protocol implementation in Windows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0118 (The component for the Virtual DOS Machine (VDM) subsystem in Windows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0119 (The Negotiate Security Software Provider (SSP) interface in Windows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0120 (The Microsoft Secure Sockets Layer (SSL) library, as used in Windows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0121 (Argument injection vulnerability in Microsoft Outlook 2002 does not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0122 (Microsoft MSN Messenger 6.0 and 6.1 does not properly handle certain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0123 (Double free vulnerability in the ASN.1 library as used in Windows NT ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0124 (The DCOM RPC interface for Microsoft Windows NT 4.0, 2000, XP, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0125 (The jail system call in FreeBSD 4.x before 4.10-RELEASE does not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0126 (The jail_attach system call in FreeBSD 5.1 and 5.2 changes the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0127 (Directory traversal vulnerability in editconfig_gedcom.php for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0128 (PHP remote file inclusion vulnerability in the GEDCOM configuration ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0129 (Directory traversal vulnerability in export.php in phpMyAdmin 2.5.5 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0130 (login.php in phpGedView 2.65 and earlier allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0131 (The rad_print_request function in logger.c for GNU Radius daemon ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0132 (Multiple PHP remote file inclusion vulnerabilities in ezContents 2.0.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0133 (The XFS file system code in Linux 2.4.x has an information leak in ...) BUG: 55698 BUG: 54976 BUG: 53804 BUG: 49637 BUG: 47881 CVE-2004-0134 (cpr (libcpr) in SGI IRIX before 6.5.25 allows local users to gain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0135 (The syssgi SGI_IOPROBE system call in IRIX 6.5.20 through 6.5.24 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0136 (The mapelf32exec function call in IRIX 6.5.20 through 6.5.24 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0137 (Unknown vulnerability in init for IRIX 6.5.20 through 6.5.24 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0138 (The ELF loader in Linux kernel 2.4 before 2.4.25 allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0139 (Unknown vulnerability in the bsd.a kernel networking for SGI IRIX ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0140 RESERVED CVE-2004-0141 RESERVED CVE-2004-0142 RESERVED CVE-2004-0143 (Multiple vulnerabilities in Nokia 6310(i) Mobile phones allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0144 RESERVED CVE-2004-0145 RESERVED CVE-2004-0146 RESERVED CVE-2004-0147 RESERVED CVE-2004-0148 (wu-ftpd 2.6.2 and earlier, with the restricted-gid option enabled, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0149 (Multiple buffer overflows in xboing before 2.4 allow local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0150 (Buffer overflow in the getaddrinfo function in Python 2.2 before ...) BUG: 62440 CVE-2004-0151 (Unknown vulnerability in xitalk 1.1.11 and earlier allows local users ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0152 (Multiple stack-based buffer overflows in (1) the encode_mime function, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0153 (Multiple format string vulnerabilities in emil 2.1.0 and earlier may ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0154 (rpc.mountd in nfs-utils after 1.0.3 and before 1.0.6 allows attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0155 (The KAME IKE Daemon Racoon, when authenticating a peer during Phase 1, ...) BUG: 53915 CVE-2004-0156 (Format string vulnerabilities in the (1) die or (2) log_event ...) BUG: 48435 BUG: 47918 CVE-2004-0157 (x11.c in xonix 1.4 and earlier uses the current working directory to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0158 (Buffer overflow in lbreakout2 allows local users to gain 'games' group ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0159 (Format string vulnerability in hsftp 1.11 allows remote authenticated ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0160 (Synaesthesia 2.2 and earlier allows local users to execute arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0161 (Multiple content security gateway and antivirus products allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0162 (Multiple content security gateway and antivirus products allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0163 (Sygate Secure Enterprise (SSE) 3.5MR3 and earlier does not change the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0164 (KAME IKE daemon (racoon) does not properly handle hash values, which ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0165 (Format string vulnerability in Point-to-Point Protocol (PPP) daemon ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0166 (Unknown vulnerability in Safari web browser for Mac OS X 10.2.8 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0167 (DiskArbitration in Mac OS X 10.2.8 and 10.3.2 does not properly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0168 (Unknown vulnerability in CoreFoundation for Mac OS X 10.3.2, related ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0169 (QuickTime Streaming Server in MacOS X 10.2.8 and 10.3.2 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0170 RESERVED CVE-2004-0171 (FreeBSD 5.1 and earlier, and Mac OS X before 10.3.4, allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0172 (Heap-based buffer overflow in the search_for_command function of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0173 (Directory traversal vulnerability in Apache 1.3.29 and earlier, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0174 (Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using ...) BUG: 51815 CVE-2004-0175 (Directory traversal vulnerability in scp for OpenSSH before 3.4p1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0176 (Multiple buffer overflows in Ethereal 0.8.13 to 0.10.2 allow remote ...) BUG: 45543 CVE-2004-0177 (The ext3 code in Linux 2.4.x before 2.4.26 does not properly ...) BUG: 55698 BUG: 54976 BUG: 53804 BUG: 49637 BUG: 47881 CVE-2004-0178 (The OSS code for the Sound Blaster (sb16) driver in Linux 2.4.x before ...) BUG: 55698 BUG: 54976 BUG: 53804 BUG: 49637 BUG: 47881 CVE-2004-0179 (Multiple format string vulnerabilities in (1) neon 0.24.4 and earlier, ...) BUG: 47926 BUG: 48448 BUG: 47799 CVE-2004-0180 (The client for CVS before 1.11 allows a remote malicious CVS server to ...) BUG: 47800 CVE-2004-0181 (The JFS file system code in Linux 2.4.x has an information leak in ...) BUG: 55698 BUG: 54976 BUG: 53804 BUG: 49637 BUG: 47881 CVE-2004-0182 (Mailman before 2.0.13 allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0183 (TCPDUMP 3.8.1 and earlier allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0184 (Integer underflow in the isakmp_id_print for TCPDUMP 3.8.1 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0185 (Buffer overflow in the skey_challenge function in ftpd.c for wu-ftp ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0186 (smbmnt in Samba 2.x and 3.x on Linux 2.6, when installed setuid, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0187 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0188 (Heap-based buffer overflow in Calife 2.8.5 and earlier may allow local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0189 (The "%xx" URL decoding function in Squid 2.5STABLE4 and earlier allows ...) BUG: 45273 CVE-2004-0190 (Symantec FireWall/VPN Appliance model 200 records a cleartext ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0191 (Mozilla before 1.4.2 executes Javascript events in the context of a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0192 (Cross-site scripting (XSS) vulnerability in the Management Service for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0193 (Heap-based buffer overflow in the ISS Protocol Analysis Module (PAM), ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0194 (Stack-based buffer overflow in the OutputDebugString function for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0195 RESERVED CVE-2004-0196 RESERVED CVE-2004-0197 (Buffer overflow in Microsoft Jet Database Engine 4.0 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0198 RESERVED CVE-2004-0199 (Help and Support Center in Microsoft Windows XP and Windows Server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0200 (Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0201 (Heap-based buffer overflow in the HtmlHelp program (hh.exe) in HTML ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0202 (IDirectPlay4 Application Programming Interface (API) of Microsoft ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0203 (Cross-site scripting (XSS) vulnerability in Outlook Web Access for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0204 (Directory traversal vulnerability in the web viewers for Business ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0205 (Buffer overflow in Microsoft Internet Information Server (IIS) 4.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0206 (Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0207 ("Shatter" style vulnerability in the Window Management application ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0208 (The Virtual DOS Machine (VDM) subsystem of Microsoft Windows NT 4.0, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0209 (Unknown vulnerability in the Graphics Rendering Engine processes of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0210 (The POSIX component of Microsoft Windows NT and Windows 2000 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0211 (The kernel for Microsoft Windows Server 2003 does not reset certain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0212 (Stack-based buffer overflow in the Task Scheduler for Windows 2000 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0213 (Utility Manager in Windows 2000 launches winhlp32.exe while Utility ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0214 (Buffer overflow in Microsoft Internet Explorer and Explorer on Windows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0215 (Microsoft Outlook Express 5.5 and 6 allows attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0216 (Integer overflow in the Install Engine (inseng.dll) for Internet ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0217 (The LiveUpdate capability (liveupdate.sh) in Symantec AntiVirus Scan ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0218 (isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0219 (isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0220 (isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0221 (isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0222 (Multiple memory leaks in isakmpd in OpenBSD 3.4 and earlier allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0223 RESERVED CVE-2004-0224 (Multiple buffer overflows in (1) iso2022jp.c or (2) shiftjis.c for ...) BUG: 45584 CVE-2004-0225 RESERVED CVE-2004-0226 (Multiple buffer overflows in Midnight Commander (mc) before 4.6.0 may ...) BUG: 49990 CVE-2004-0227 (Buffer overflow in the zms script in ZoneMinder before 1.19.2 may ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0228 (Integer signedness error in the cpufreq proc handler (cpufreq_procctl) ...) BUG: 55698 BUG: 54976 BUG: 53804 BUG: 49637 BUG: 47881 CVE-2004-0229 (The framebuffer driver in Linux kernel 2.6.x does not properly use the ...) BUG: 55698 BUG: 54976 BUG: 53804 BUG: 49637 BUG: 47881 CVE-2004-0230 (TCP, when using a large Window Size, makes it easier for remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0231 (Multiple vulnerabilities in Midnight Commander (mc) before 4.6.0, with ...) BUG: 49990 CVE-2004-0232 (Multiple format string vulnerabilities in Midnight Commander (mc) ...) BUG: 49990 CVE-2004-0233 (Utempter allows device names that contain .. (dot dot) directory ...) BUG: 49536 CVE-2004-0234 (Multiple stack-based buffer overflows in the get_header function in ...) BUG: 49961 CVE-2004-0235 (Multiple directory traversal vulnerabilities in LHA 1.14 allow remote ...) BUG: 49961 CVE-2004-0236 (SQL injection vulnerability in login.asp in thePHOTOtool allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0237 (Directory traversal vulnerability in index.php in Aprox PHP Portal ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0238 (Multiple buffer overflows in Overkill (0verkill) 0.15pre3 might allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0239 (SQL injection vulnerability in showphoto.php in PhotoPost PHP Pro 4.6 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0240 (Directory traversal vulnerability in X-Cart 3.4.3 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0241 (X-Cart 3.4.3 allows remote attackers to execute arbitrary commands via ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0242 (X-Cart 3.4.3 allows remote attackers to gain sensitive information via ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0243 (AIX 4.3.3 through AIX 5.1, when direct remote login is disabled, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0244 (Cisco 6000, 6500, and 7600 series systems with Multilayer Switch ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0245 (Web Crossing 4.x and 5.x allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0246 (Multiple PHP remote file inclusion vulnerabilities in (1) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0247 (The client and server of Chaser 1.50 and earlier allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0248 (Cross-site scripting vulnerability (XSS) in PHPX 3.2.3 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0249 (PHPX 2.0 through 3.2.4 allows remote attackers to gain access to other ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0250 (SQL injection vulnerability in PhotoPost PHP Pro 4.6 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0251 (Cross-site scripting (XSS) vulnerability in rxgoogle.cgi allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0252 (TYPSoft FTP Server 1.10 allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0253 (IBM Cloudscape 5.1 running jdk 1.4.2_03 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0254 (Cross-site scripting (XSS) vulnerability in Discuz! Board 2.x and 3.x ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0255 (Xlight 1.52, with log to screen enabled, allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0256 (GNU libtool before 1.5.2, during compile time, allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0257 (OpenBSD 3.4 and NetBSD 1.6 and 1.6.1 allow remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0258 (Multiple buffer overflows in RealOne Player, RealOne Player 2.0, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0259 (The check_referer() function in Formmail.php 5.0 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0260 (The AddToMailingList function in CactuSoft CactuShop 5.0 Lite contains ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0261 (oj.cgi in OpenJournal 2.0 through 2.0.5 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0262 (Stack-based buffer overflow in The Palace 3.5 and earlier client ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0263 (PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0264 (palmhttpd for PalmOS allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0265 (Cross-site scripting (XSS) vulnerability in modules.php for Php-Nuke ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0266 (SQL injection vulnerability in the "public message" capability ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0267 (The (1) inoregupdate, (2) uniftest, or (3) unimove scripts in eTrust ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0268 (Multiple buffer overflows in EvolutionX 3921 and 3935 allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0269 (SQL injection vulnerability in PHP-Nuke 6.9 and earlier, and possibly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0270 (libclamav in Clam AntiVirus 0.65 allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0271 (Multiple cross-site scripting vulnerabilities (XSS) in MaxWebPortal ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0272 (SQL injection vulnerability in MaxWebPortal allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0273 (Directory traversal vulnerability in RealOne Player, RealOne Player ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0274 (Share.mod in Eggheads Eggdrop IRC bot 1.6.10 through 1.6.15 can ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0275 (SQL injection vulnerability in calendar_download.php in BosDates 3.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0276 (The get_real_string function in Monkey HTTP Daemon (monkeyd) 0.8.1 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0277 (Format string vulnerability in Dream FTP 1.02 allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0278 (Ratbag game engine, as used in products such as Dirt Track Racing, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0279 (AIM Sniff (aimSniff.pl) 0.9b allows local users to overwrite arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0280 (Caucho Technology Resin 2.1.12 allows remote attackers to view JSP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0281 (Caucho Technology Resin 2.1.12 allows remote attackers to gain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0282 (Crob FTP daemon 3.5.2 allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0283 (Mailmgr 1.2.3 allows local users to overwrite arbitrary files via a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0284 (Microsoft Internet Explorer 6.0, Outlook 2002, and Outlook 2003 allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0285 (PHP remote file inclusion vulnerabilities in include/footer.inc.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0286 (Buffer overflow in RobotFTP 1.0 and 2.0 beta 1 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0287 (Xlight FTP server 1.52 allows remote authenticated users to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0288 (Buffer overflow in the UdmDocToTextBuf function in mnoGoSearch 3.2.13 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0289 (Buffer overflow in sdbscan in SignatureDB 0.1.1 allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0290 (Buffer overflow in Purge Jihad 2.0.1 and earlier allows remote game ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0291 (SQL injection vulnerability in post.php for YaBB SE 1.5.4 and 1.5.5 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0292 (Buffer overflow in KarjaSoft Sami HTTP Server 1.0.4 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0293 (Directory traversal vulnerability in ShopCartCGI 2.3 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0294 (YaBB 1 SP 1.3.1 displays different error messages when a user exists ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0295 (TsFtpSrv.exe in Broker FTP 6.1.0.0 allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0296 (TsFtpSrv.exe in Broker FTP 6.1.0.0 allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0297 (Buffer overflow in the Lightweight Directory Access Protocol (LDAP) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0298 (CesarFTP 0.99e allows remote attackers to cause a denial of service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0299 (Buffer overflow in smallftpd 0.99 allows local users to cause a denial ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0300 (SQL injection vulnerability in Online Store Kit 3.0 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0301 (Cross-site scripting (XSS) vulnerability in more.php for Online Store ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0302 (Directory traversal vulnerability in OWLS 1.0 allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0303 (OWLS 1.0 allows remote attackers to retrieve arbitrary files via ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0304 (SQL injection vulnerability in browse_items.asp in WebCortex WebStores ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0305 (Cross-site scripting (XSS) vulnerability in error.asp in WebCortex ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0306 (Cisco ONS 15327 before 4.1(3), ONS 15454 before 4.6(1), ONS 15454 SD ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0307 (Cisco ONS 15327 before 4.1(3), ONS 15454 before 4.6(1), and ONS 15454 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0308 (Unknown vulnerability in Cisco ONS 15327 before 4.1(3), ONS 15454 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0309 (Stack-based buffer overflow in the SMTP service support in vsmon.exe ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0310 (Cross-site scripting (XSS) vulnerability in LiveJournal 1.0 and 1.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0311 (American Power Conversion (APC) Web/SNMP Management SmartSlot Card 3.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0312 (Linksys WAP55AG 1.07 allows remote attackers with access to an SNMP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0313 (Buffer overflow in PSOProxy 0.91 allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0314 (Cross-site scripting (XSS) vulnerability in done.jsp in WebzEdit 1.9 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0315 (Buffer overflow in Avirt Voice 4.0 allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0316 (Buffer overflow in Avirt Soho 4.3 allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0317 (Buffer overflow in eauth in Load Sharing Facility 4.x, 5.x, and 6.x ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0318 (Load Sharing Facility (LSF) 4.x, 5.x, and 6.x uses the LSF_EAUTH_UID ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0319 (Cross-site scripting (XSS) vulnerability in the font tag in ezBoard ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0320 (Unknown vulnerability in nCipher Hardware Security Modules (HSM) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0321 (Team Factor 1.25 and earlier allows remote attackers to cause a denial ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0322 (Multiple cross-site scripting (XSS) vulnerabilities in XMB 1.8 Final ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0323 (Multiple SQL injection vulnerabilities in XMB 1.8 Final SP2 allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0324 (Confirm 0.62 and earlier could allow remote attackers to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0325 (TYPSoft FTP Server 1.10 allows remote authenticated users to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0326 (Buffer overflow in the web proxy for GateKeeper Pro 4.7 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0327 (Directory traversal vulnerability in functions.php in PhpNewsManager ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0328 (Gigabyte Gn-B46B 2.4Ghz wireless broadband router firmware 1.003.00 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0329 (FreeChat 1.1.1a allows remote attackers to cause a denial of service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0330 (Buffer overflow in Serv-U ftp before 5.0.0.4 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0331 (Heap-based buffer overflow in Dell OpenManage Web Server 3.4.0 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0332 (Extremail 1.5.9 does not check passwords correctly when they are all ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0333 (Buffer overflow in the UUDeview package, as used in WinZip 6.2 through ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0334 (InnoMedia VideoPhone allows remote attackers to bypass Basic ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0335 (LAN SUITE Web Mail 602Pro, when configured to use the "Directory ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0336 (LAN SUITE Web Mail 602Pro allows remote attackers to gain sensitive ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0337 (Cross-site scripting (XSS) vulnerability in LAN SUITE Web Mail 602Pro ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0338 (SQL injection vulnerability in search.php for Invision Board Forum ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0339 (Cross-site scripting (XSS) vulnerability in ViewTopic.php in phpBB, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0340 (Stack-based buffer overflow in WFTPD Pro Server 3.21 Release 1, Pro ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0341 (WFTPD Pro Server 3.21 Release 1 allocates memory for a command until a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0342 (WFTPD Pro Server 3.21 Release 1, with the XeroxDocutech option ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0343 (Multiple SQL injection vulnerabilities in YaBB SE 1.5.4 through 1.5.5b ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0344 (Directory traversal vulnerability in ModifyMessage.php in YaBB SE ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0345 (Buffer overflow in Red Faction client 1.20 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0346 (Off-by-one buffer overflow in _xlate_ascii_write() in ProFTPD 1.2.7 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0347 (Cross-site scripting (XSS) vulnerability in delhomepage.cgi in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0348 (SQL injection vulnerability in viewCart.asp in SpiderSales shopping ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0349 (Directory traversal vulnerability in GWeb HTTP Server 0.6 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0350 (SpiderSales shopping cart does not enforce a minimum length for the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0351 (Spider Sales shopping cart stores the private key in the same database ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0352 (Cisco 11000 Series Content Services Switches (CSS) running WebNS ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0353 (Multiple buffer overflows in auth_ident() function in auth.c for GNU ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0354 (Multiple format string vulnerabilities in GNU Anubis 3.6.0 through ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0355 (Invision Power Board 1.3 Final allows remote attackers to gain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0356 (Stack-based buffer overflow in Supervisor Report Center in SL Mail Pro ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0357 (Stack-based buffer overflows in SL Mail Pro 2.0.9 allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0358 (Cross-site scripting (XSS) vulnerability in VirtuaNews Admin Panel Pro ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0359 (Cross-site scripting (XSS) vulnerability in index.php for Invision ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0360 (Unknown vulnerability in passwd(1) in Solaris 8.0 and 9.0 allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0361 (The Javascript engine in Safari 1.2 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0362 (Multiple stack-based buffer overflows in the ICQ parsing routines of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0363 (Stack-based buffer overflow in the SymSpamHelper ActiveX component ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0364 (The WrapNISUM ActiveX component (WrapUM.dll) in Norton Internet ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0365 (The dissect_attribute_value_pairs function in packet-radius.c for ...) BUG: 45543 CVE-2004-0366 (SQL injection vulnerability in the libpam-pgsql library before 0.5.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0367 (Ethereal 0.10.1 to 0.10.2 allows remote attackers to cause a denial of ...) BUG: 45543 CVE-2004-0368 (Double free vulnerability in dtlogin in CDE on Solaris, HP-UX, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0369 (Buffer overflow in Entrust LibKmp ISAKMP library, as used by Symantec ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0370 (The setsockopt call in the KAME Project IPv6 implementation, as used ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0371 (Heimdal 0.6.x before 0.6.1 and 0.5.x before 0.5.3 does not properly ...) BUG: 46590 CVE-2004-0372 (xine allows local users to overwrite arbitrary files via a symlink ...) BUG: 48108 BUG: 48107 BUG: 45448 CVE-2004-0373 RESERVED CVE-2004-0374 (Interchange before 5.0.1 allows remote attackers to "expose the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0375 (SYMNDIS.SYS in Symantec Norton Internet Security 2003 and 2004, Norton ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0376 (oftpd 0.3.6 and earlier allows remote attackers to cause a denial of ...) BUG: 45738 CVE-2004-0377 (Buffer overflow in the win32_stat function for (1) ActiveState's ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0378 RESERVED CVE-2004-0379 (Multiple cross-site scripting (XSS) vulnerabilities in Microsoft ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0380 (The MHTML protocol handler in Microsoft Outlook Express 5.5 SP2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0381 (mysqlbug in MySQL allows local users to overwrite arbitrary files via ...) BUG: 46242 CVE-2004-0382 (Unknown vulnerability in the CUPS printing system in Mac OS X 10.3.3 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0383 (Unknown vulnerability in Mail for Mac OS X 10.3.3 and 10.2.8, with ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0384 RESERVED CVE-2004-0385 (Heap-based buffer overflow in Oracle 9i Application Server Web Cache ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0386 (Buffer overflow in the HTTP parser for MPlayer 1.0pre3 and earlier, ...) BUG: 46246 CVE-2004-0387 (Stack-based buffer overflow in the RT3 plugin, as used in RealPlayer ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0388 (The mysqld_multi script in MySQL allows local users to overwrite ...) BUG: 46242 CVE-2004-0389 (RealNetworks Helix Universal Server 9.0.1 and 9.0.2 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0390 (SCO OpenServer 5.0.5 through 5.0.7 only supports Xauthority style ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0391 (Cisco Wireless LAN Solution Engine (WLSE) 2.0 through 2.5 and Hosting ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0392 (racoon before 20040407b allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0393 (Format string vulnerability in the msg function for rlpr daemon ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0394 (A "potential" buffer overflow exists in the panic() function in Linux ...) BUG: 55698 BUG: 54976 BUG: 53804 BUG: 49637 BUG: 47881 CVE-2004-0395 (The xatitv program in the gatos package does not properly drop root ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0396 (Heap-based buffer overflow in CVS 1.11.x up to 1.11.15, and 1.12.x up ...) BUG: 51460 CVE-2004-0397 (Stack-based buffer overflow during the apr_time_t data conversion in ...) BUG: 51462 CVE-2004-0398 (Heap-based buffer overflow in the ne_rfc1036_parse date parsing ...) BUG: 51461 BUG: 51490 CVE-2004-0399 (Stack-based buffer overflow in Exim 3.35, and other versions before 4, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0400 (Stack-based buffer overflow in Exim 4 before 4.33, when the ...) BUG: 50217 CVE-2004-0401 (Unknown vulnerability in libtasn1 0.1.x before 0.1.2, and 0.2.x before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0402 (Buffer overflow in xpcd-svga in xpcd before 2.08, and possibly other ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0403 (Racoon before 20040408a allows remote attackers to cause a denial of ...) BUG: 48847 CVE-2004-0404 (logcheck before 1.1.1 allows local users to overwrite arbitrary files ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0405 (CVS before 1.11 allows CVS clients to read arbitrary files via .. (dot ...) BUG: 47800 CVE-2004-0406 RESERVED CVE-2004-0407 (The HTML form upload capability in ColdFusion MX 6.1 does not reclaim ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0408 (Buffer overflow in the child_service function in the ident2 ident ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0409 (Stack-based buffer overflow in the Socks-5 proxy code for XChat 1.8.0 ...) BUG: 46856 CVE-2004-0410 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0411 (The URI handlers in Konqueror for KDE 3.2.2 and earlier do not ...) BUG: 51276 CVE-2004-0412 (Mailman before 2.1.5 allows remote attackers to obtain user passwords ...) BUG: 51671 CVE-2004-0413 (libsvn_ra_svn in Subversion 1.0.4 trusts the length field of (1) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0414 (CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not ...) BUG: 53408 CVE-2004-0415 (Linux kernel does not properly convert 64-bit file offset pointers to ...) BUG: 59769 BUG: 59905 BUG: 59378 CVE-2004-0416 (Double free vulnerability for the error_prog_name string in CVS 1.12.x ...) BUG: 53408 CVE-2004-0417 (Integer overflow in the "Max-dotdot" CVS protocol command ...) BUG: 53408 CVE-2004-0418 (serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, ...) BUG: 53408 CVE-2004-0419 (XDM in XFree86 opens a chooserFd TCP socket even when ...) BUG: 53226 CVE-2004-0420 (The Windows Shell application in Windows 98, Windows ME, Windows NT ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0421 (The Portable Network Graphics library (libpng) 1.0.15 and earlier ...) BUG: 49887 CVE-2004-0422 (flim before 1.14.3 creates temporary files insecurely, which allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0423 (The log_event function in ssmtp 2.50.6 and earlier allows local users ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0424 (Integer overflow in the ip_setsockopt function in Linux kernel 2.4.22 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0425 (Heap-based buffer overflow in SiteMinder Affiliate Agent 4.x allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0426 (rsync before 2.6.1 does not properly sanitize paths when running a ...) BUG: 49534 CVE-2004-0427 (The do_fork function in Linux 2.4.x before 2.4.26, and 2.6.x before ...) BUG: 55698 BUG: 54976 BUG: 53804 BUG: 49637 BUG: 47881 CVE-2004-0428 (Unknown vulnerability in CoreFoundation in Mac OS X 10.3.3 and Mac OS ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0429 (Unknown vulnerability related to "the handling of large requests" in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0430 (Stack-based buffer overflow in AppleFileServer for Mac OS X 10.3.3 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0431 (Integer overflow in Apple QuickTime (QuickTime.qts) before 6.5.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0432 (ProFTPD 1.2.9 treats the Allow and Deny directives for CIDR based ACL ...) BUG: 49496 CVE-2004-0433 (Multiple buffer overflows in the Real-Time Streaming Protocol (RTSP) ...) BUG: 49387 CVE-2004-0434 (k5admind (kadmind) for Heimdal allows remote attackers to execute ...) BUG: 50208 CVE-2004-0435 (Certain "programming errors" in the msync system call for FreeBSD ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0436 RESERVED CVE-2004-0437 (Titan FTP Server version 3.01 build 163, and possibly other versions ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0438 RESERVED CVE-2004-0439 RESERVED CVE-2004-0440 RESERVED CVE-2004-0441 RESERVED CVE-2004-0442 RESERVED CVE-2004-0443 RESERVED CVE-2004-0444 (Multiple vulnerabilities in SYMDNS.SYS for Symantec Norton Internet ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0445 (The SYMDNS.SYS driver in Symantec Norton Internet Security and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0446 RESERVED CVE-2004-0447 (Unknown vulnerability in Linux before 2.4.26 for IA64 allows local ...) BUG: 56479 BUG: 56171 CVE-2004-0448 (Format string vulnerability in the log function for jftpgw 0.13.4 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0449 RESERVED CVE-2004-0450 (Format string vulnerability in the printlog function in log2mail ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0451 (Multiple format string vulnerabilities in the (1) logquit, (2) logerr, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0452 (Race condition in the rmtree function in the File::Path module in Perl ...) BUG: 79685 BUG: 78634 BUG: 75696 CVE-2004-0453 (Format string vulnerability in the monitor "memory dump" command in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0454 (Buffer overflow in the msg function for rlpr daemon (rlprd) 2.04 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0455 (Buffer overflow in cgi.c in www-sql before 0.5.7 allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0456 (Stack-based buffer overflow in pavuk 0.9pl28, 0.9pl27, and possibly ...) BUG: 70516 CVE-2004-0457 (The mysqlhotcopy script in mysql 4.0.20 and earlier, when using the ...) BUG: 60744 CVE-2004-0458 (mah-jong before 1.6.2 allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0459 (The Clear Channel Assessment (CCA) algorithm in the IEEE 802.11 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0460 (Buffer overflow in the logging capability for the DHCP daemon (DHCPD) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0461 (The DHCP daemon (DHCPD) for ISC DHCP 3.0.1rc12 and 3.0.1rc13, when ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0462 (The built-in web servers for multiple networking devices do not set ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0463 RESERVED CVE-2004-0464 RESERVED CVE-2004-0465 (Directory traversal vulnerability in jretest.html in WebConnect 6.5 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0466 (WebConnect 6.5, 6.4.4, and possibly earlier versions allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0467 (Juniper JUNOS 5.x through JUNOS 7.x allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0468 (Memory leak in Juniper JUNOS Packet Forwarding Engine (PFE) allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0469 (Buffer overflow in the ISAKMP functionality for Check Point VPN-1 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0470 (BEA WebLogic Server and WebLogic Express 7.0 through SP5 and 8.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0471 (BEA WebLogic Server and WebLogic Express 7.0 through SP5 and 8.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0472 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0473 (Argument injection vulnerability in Opera before 7.50 does not ...) BUG: 50857 CVE-2004-0474 (Help Center (HelpCtr.exe) may allow remote attackers to read or ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0475 (The showHelp function in Internet Explorer 6 on Windows XP Pro allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0476 (Buffer overflow in 3Com OfficeConnect Remote 812 ADSL Router 1.1.9.4 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0477 (Unknown vulnerability in 3Com OfficeConnect Remote 812 ADSL Router ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0478 (Unknown versions of Mozilla allow remote attackers to cause a denial ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0479 (Internet Explorer 6 allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0480 (Argument injection vulnerability in IBM Lotus Notes 6.0.3 and 6.5 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0481 (The logging feature in kcms_configure in the KCMS package on Solaris 8 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0482 (Multiple integer overflows in (1) procfs_cmdline.c, (2) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0483 (Unknown vulnerability in rpc.mountd for SGI IRIX 6.5.24 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0484 (mshtml.dll in Microsoft Internet Explorer 6.0.2800 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0485 (The default protocol helper for the disk: URI on Mac OS X 10.3.3 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0486 (HelpViewer in Mac OS X 10.3.3 and 10.2.8 processes scripts that it did ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0487 (A certain ActiveX control in Symantec Norton AntiVirus 2004 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0488 (Stack-based buffer overflow in the ssl_util_uuencode_binary function ...) BUG: 51368 CVE-2004-0489 (Argument injection vulnerability in the SSH URI handler for Safari on ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0490 (cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0491 (The linux-2.4.21-mlock.patch in Red Hat Enterprise Linux 3 does not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0492 (Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache ...) BUG: 53544 CVE-2004-0493 (The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows ...) BUG: 55441 CVE-2004-0494 (Multiple extfs backend scripts for GNOME virtual file system (VFS) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0495 (Multiple unknown vulnerabilities in Linux kernel 2.4 and 2.6 allow ...) BUG: 55698 BUG: 54976 BUG: 53804 BUG: 49637 BUG: 47881 CVE-2004-0496 (Multiple unknown vulnerabilities in Linux kernel 2.6 allow local users ...) BUG: 56479 BUG: 56171 CVE-2004-0497 (Unknown vulnerability in Linux kernel 2.x may allow local users to ...) BUG: 56479 BUG: 56171 CVE-2004-0498 (The H.323 protocol agent in StoneSoft firewall engine 2.2.8 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0499 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0500 (Buffer overflow in the MSN protocol plugins (1) object.c and (2) slp.c ...) BUG: 61457 BUG: 60034 CVE-2004-0501 (Outlook 2003 allows remote attackers to bypass intended access ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0502 (Outlook 2003, when replying to an e-mail message, stores certain files ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0503 (Microsoft Outlook 2003 allows remote attackers to bypass the default ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0504 (Ethereal 0.10.3 allows remote attackers to cause a denial of service ...) BUG: 51022 CVE-2004-0505 (The AIM dissector in Ethereal 0.10.3 allows remote attackers to cause ...) BUG: 51022 CVE-2004-0506 (The SPNEGO dissector in Ethereal 0.9.8 to 0.10.3 allows remote ...) BUG: 51022 CVE-2004-0507 (Buffer overflow in the MMSE dissector for Ethereal 0.10.1 to 0.10.3 ...) BUG: 51022 CVE-2004-0508 RESERVED CVE-2004-0509 RESERVED CVE-2004-0510 (Multiple buffer overflows in MMDF on OpenServer 5.0.6 and 5.0.7, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0511 (Multiple unknown vulnerabilities in MMDF on OpenServer 5.0.6 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0512 (Multiple unknown vulnerabilities in MMDF on OpenServer 5.0.6 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0513 (Unspecified vulnerability in Mac OS X before 10.3.4 has unknown impact ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0514 (Unknown vulnerability in LoginWindow for Mac OS X 10.3.4, related to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0515 (Unknown vulnerability in LoginWindow for Mac OS X 10.3.4, related to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0516 (Unknown vulnerability in Mac OS X 10.3.4, related to "package ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0517 (Unknown vulnerability in Mac OS X 10.3.4, related to "handling of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0518 (Unknown vulnerability in AppleFileServer for Mac OS X 10.3.4, related ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0519 (Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail ...) BUG: 49675 CVE-2004-0520 (Cross-site scripting (XSS) vulnerability in mime.php for SquirrelMail ...) BUG: 52434 CVE-2004-0521 (SQL injection vulnerability in SquirrelMail before 1.4.3 RC1 allows ...) BUG: 49675 CVE-2004-0522 (Gallery 1.4.3 and earlier allows remote attackers to bypass ...) BUG: 52798 CVE-2004-0523 (Multiple buffer overflows in krb5_aname_to_localname for MIT Kerberos ...) BUG: 52744 CVE-2004-0524 (Buffer overflow in the chpasswd command in the Change_passwd plugin ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0525 (HP Integrated Lights-Out (iLO) 1.10 and other versions before 1.55 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0526 (Unknown versions of Internet Explorer and Outlook allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0527 (KDE Konqueror 2.1.1 and 2.2.2 allows remote attackers to spoof a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0528 (Netscape Navigator 7.1 allows remote attackers to spoof a legitimate ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0529 (The modified suexec program in cPanel, when configured for mod_php and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0530 (The PHP package in Slackware 8.1, 9.0, and 9.1, when linked against a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0531 RESERVED CVE-2004-0532 RESERVED CVE-2004-0533 (Business Objects WebIntelligence 2.7.0 through 2.7.4 only enforces ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0534 (Cross-site scripting (XSS) vulnerability in Business Objects InfoView ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0535 (The e1000 driver for Linux kernel 2.4.26 and earlier does not properly ...) BUG: 55698 BUG: 54976 BUG: 53804 BUG: 49637 BUG: 47881 CVE-2004-0536 (Format string vulnerability in Tripwire commercial 4.0.1 and earlier, ...) BUG: 52945 CVE-2004-0537 (Opera 7.50 and earlier allows remote web sites to provide a "Shortcut ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0538 (LaunchServices in Mac OS X 10.3.4 and 10.2.8 automatically registers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0539 (The "Show in Finder" button in the Safari web browser in Mac OS X ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0540 (Microsoft Windows 2000, when running in a domain whose Fully Qualified ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0541 (Buffer overflow in the ntlm_check_auth (NTLM authentication) function ...) BUG: 53367 CVE-2004-0542 (PHP before 4.3.7 on Win32 platforms does not properly filter all shell ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0543 (Multiple SQL injection vulnerabilities in Oracle Applications 11.0 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0544 (Multiple buffer overflows in LVM for AIX 5.1 and 5.2 allow local users ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0545 (LVM for AIX 5.1 and 5.2 allows local users to overwrite arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0546 RESERVED CVE-2004-0547 (Buffer overflow in the ODBC driver for PostgreSQL before 7.2.1 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0548 (Multiple stack-based buffer overflows in the word-list-compress ...) BUG: 53389 CVE-2004-0549 (The WebBrowser ActiveX control, or the Internet Explorer HTML ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0550 (Buffer overflow in Real Networks RealPlayer 10 allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0551 (Cisco CatOS 5.x before 5.5(20) through 8.x before 8.2(2) and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0552 (Sophos Small Business Suite 1.00 on Windows does not properly handle ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0553 RESERVED CVE-2004-0554 (Linux kernel 2.4.x and 2.6.x for x86 allows local users to cause a ...) BUG: 55698 BUG: 54976 BUG: 53804 BUG: 49637 BUG: 47881 CVE-2004-0555 (Buffer overflow in (1) queue.c and (2) queued.c in queue before 1.30.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0556 RESERVED CVE-2004-0557 (Multiple buffer overflows in the st_wavstartread function in wav.c for ...) BUG: 58733 CVE-2004-0558 (The Internet Printing Protocol (IPP) implementation in CUPS before ...) BUG: 64168 CVE-2004-0559 (The maketemp.pl script in Usermin 1.070 and 1.080 allows local users ...) BUG: 63167 CVE-2004-0560 (Integer overflow in gopher daemon (gopherd) 3.0.3 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0561 (Format string vulnerability in the log routine for gopher daemon ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0562 RESERVED CVE-2004-0563 (The tspc.conf configuration file in freenet6 before 0.9.6 and before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0564 (Roaring Penguin pppoe (rp-ppoe), if installed or configured to run ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0565 (Floating point information leak in the context switch code for Linux ...) BUG: 56479 BUG: 56171 CVE-2004-0566 (Integer overflow in imgbmp.cxx for Windows 2000 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0567 (The Windows Internet Naming Service (WINS) in Windows NT Server 4.0 SP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0568 (HyperTerminal application for Windows NT 4.0, Windows 2000, Windows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0569 (The RPC Runtime Library for Microsoft Windows NT 4.0 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0570 RESERVED CVE-2004-0571 (Microsoft Word for Windows 6.0 Converter does not properly validate ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0572 (Buffer overflow in the Windows Program Group Converter (grpconv.exe) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0573 (Buffer overflow in the converter for Microsoft WordPerfect 5.x on ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0574 (The Network News Transfer Protocol (NNTP) component of Microsoft ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0575 (Integer overflow in DUNZIP32.DLL for Microsoft Windows XP, Windows XP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0576 (The radius daemon (radiusd) for GNU Radius 1.1, when compiled with the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0577 (WinGate 5.2.3 build 901 and 6.0 beta 2 build 942, and other versions ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0578 (WinGate 5.2.3 build 901 and 6.0 beta 2 build 942, and other versions ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0579 (Format string vulnerability in super before 3.23 allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0580 (DHCP on Linksys BEFSR11, BEFSR41, BEFSR81, and BEFSRU31 Cable/DSL ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0581 (ksymoops-gznm script in Mandrake Linux 9.1 through 10.0, and Corporate ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0582 (Unknown vulnerability in Webmin 1.140 allows remote attackers to ...) BUG: 53375 CVE-2004-0583 (The account lockout functionality in (1) Webmin 1.140 and (2) Usermin ...) BUG: 54030 BUG: 53375 CVE-2004-0584 (Unknown vulnerability in Horde IMP 3.2.3 and earlier, before a ...) BUG: 53862 CVE-2004-0585 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0586 (acpRunner ActiveX 1.2.5.0 allows remote attackers to execute arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0587 (Insecure permissions for the /proc/scsi/qla2300/HbaApiNode file in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0588 (Cross-site scripting (XSS) vulnerability in the web mail module for ...) BUG: 54030 CVE-2004-0589 (Cisco IOS 11.1(x) through 11.3(x) and 12.0(x) through 12.2(x), when ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0590 (FreeS/WAN 1.x and 2.x, and other related products including ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0591 (Cross-site scripting (XSS) vulnerability in the print_header_uc ...) BUG: 58020 CVE-2004-0592 (The tcp_find_option function of the netfilter subsystem for IPv6 in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0593 (Sygate Enforcer 3.5MR1 and earlier passes broadcast traffic before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0594 (The memory_limit functionality in PHP 4.x up to 4.3.7, and 5.x up to ...) BUG: 56985 CVE-2004-0595 (The strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to ...) BUG: 56985 CVE-2004-0596 (The Equalizer Load-balancer for serial network interfaces (eql.c) in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0597 (Multiple buffer overflows in libpng 1.2.5 and earlier, as used in ...) BUG: 59419 BUG: 57380 BUG: 59424 CVE-2004-0598 (The png_handle_iCCP function in libpng 1.2.5 and earlier allows remote ...) BUG: 59419 BUG: 57380 BUG: 59424 CVE-2004-0599 (Multiple integer overflows in the (1) png_read_png in pngread.c or (2) ...) BUG: 59419 BUG: 57380 BUG: 59424 CVE-2004-0600 (Buffer overflow in the Samba Web Administration Tool (SWAT) in Samba ...) BUG: 57962 CVE-2004-0601 (distcc before 2.16, when running on 64-bit platforms, does not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0602 (The binary compatibility mode for FreeBSD 4.x and 5.x does not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0603 (gzexe in gzip 1.3.3 and earlier will execute an argument when the ...) BUG: 54890 CVE-2004-0604 (The HTTP client and server in giFT-FastTrack 0.8.6 and earlier allows ...) BUG: 54452 CVE-2004-0605 (Non-registered IRC users using (1) ircd-hybrid 7.0.1 and earlier, (2) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0606 (Cross-site scripting (XSS) vulnerability in Infoblox DNS One running ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0607 (The eay_check_x509cert function in KAME Racoon successfully verifies ...) BUG: 53915 CVE-2004-0608 (The Unreal Engine, as used in DeusEx 1.112fm and earlier, Devastation ...) BUG: 54726 CVE-2004-0609 (rssh 2.0 through 2.1.x expands command line arguments before entering ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0610 (The Web administration interface in Microsoft MN-500 Wireless Router ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0611 (Web-Based Administration in Netgear FVS318 VPN Router allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0612 (The Mobile Code filter in ZoneAlarm Pro 5.0.590.015 does not filter ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0613 (osTicket allows remote attackers to view sensitive uploaded files and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0614 (osTicket trusts a hidden form field in the submit form to limit the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0615 (Cross-site scripting (XSS) vulnerability in D-Link DI-614+ SOHO router ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0616 (The BT Voyager 2000 Wireless ADSL Router has a default public SNMP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0617 (Cross-site scripting (XSS) vulnerability in ArbitroWeb 0.6 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0618 (FreeBSD 5.1 for the Alpha processor allows local users to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0619 (Integer overflow in the ubsec_keysetup function for Linux Broadcom ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0620 (Cross-site scripting (XSS) vulnerability in (1) newreply.php or (2) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0621 (admin.php in Newsletter ZWS allows remote attackers to gain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0622 (Apple Mac OS X 10.3.4, 10.4, 10.5, and possibly other versions does ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0623 (Format string vulnerability in misc.c in GNU GNATS 4.00 may allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0624 (PHP remote file inclusion vulnerability in index.php for Artmedic ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0625 (SQL injection vulnerability in Infinity WEB 1.0 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0626 (The tcp_find_option function of the netfilter subsystem in Linux ...) BUG: 55694 CVE-2004-0627 (The check_scramble_323 function in MySQL 4.1.x before 4.1.3, and 5.0, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0628 (Stack-based buffer overflow in MySQL 4.1.x before 4.1.3, and 5.0, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0629 (Buffer overflow in the ActiveX component (pdf.ocx) for Adobe Acrobat ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0630 (The uudecoding feature in Adobe Acrobat Reader 5.0.5 and 5.0.6 for ...) BUG: 60205 CVE-2004-0631 (Buffer overflow in the uudecoding feature for Adobe Acrobat Reader ...) BUG: 60205 CVE-2004-0632 (Adobe Reader 6.0 does not properly handle null characters when ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0633 (The iSNS dissector for Ethereal 0.10.3 through 0.10.4 allows remote ...) BUG: 56423 CVE-2004-0634 (The SMB SID snooping capability in Ethereal 0.9.15 to 0.10.4 allows ...) BUG: 56423 CVE-2004-0635 (The SNMP dissector in Ethereal 0.8.15 through 0.10.4 allows remote ...) BUG: 56423 CVE-2004-0636 (Buffer overflow in the goaway function in the aim:goaway URI handler ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0637 (Oracle Database Server 8.1.7.4 through 9.2.0.4 allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0638 (Buffer overflow in the KSDWRTB function in the dbms_system package ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0639 (Multiple cross-site scripting (XSS) vulnerabilities in Squirrelmail ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0640 (Format string vulnerability in the SSL_set_verify function in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0641 (Thomson SpeedTouch 510 ADSL Router with firmware GV8BAA3.270, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0642 (Double free vulnerabilities in the error handling code for ASN.1 ...) BUG: 62417 CVE-2004-0643 (Double free vulnerability in the krb5_rd_cred function for MIT ...) BUG: 62417 CVE-2004-0644 (The asn1buf_skiptail function in the ASN.1 decoder library for MIT ...) BUG: 62417 CVE-2004-0645 (Buffer overflow in the wvHandleDateTimePicture function in wv library ...) BUG: 56595 CVE-2004-0646 (Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0647 (shorewall 1.4.10c and earlier, and 2.0.x before 2.0.3a, allows local ...) BUG: 55675 CVE-2004-0648 (Mozilla (Suite) before 1.7.1, Firefox before 0.9.2, and Thunderbird ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0649 (Buffer overflow in write_packet in control.c for l2tpd may allow ...) BUG: 53009 CVE-2004-0650 (UploadServlet in Cisco Collaboration Server (CCS) running ServletExec ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0651 (Unknown vulnerability in Sun Java Runtime Environment (JRE) 1.4.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0652 (BEA WebLogic Server and WebLogic Express 7.0 through 7.0 Service Pack ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0653 (Solaris 9, when configured as a Kerberos client with patch 112908-12 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0654 (Unknown vulnerability in the Basic Security Module (BSM), when ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0655 (eupdatedb in esearch 0.6.1 and earlier allows local users to create ...) BUG: 55424 CVE-2004-0656 (The accept_client function in PureFTPd 1.0.18 and earlier allows ...) BUG: 54590 CVE-2004-0657 (Integer overflow in the NTP daemon (NTPd) before 4.0 causes the NTP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0658 (Integer overflow in the hpsb_alloc_packet function (incorrectly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0659 (Buffer overflow in TranslateFilename for common.c in MPlayer 1.0pre4 ...) BUG: 55456 CVE-2004-0660 (Cross-site scripting (XSS) vulnerability in (1) show_archives.php, (2) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0661 (Integer signedness error in D-Link AirPlus DI-614+ running firmware ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0662 (PowerPortal 1.x allows remote attackers to gain sensitive information ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0663 (Cross-site scripting (XSS) vulnerability in modules.php in PowerPortal ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0664 (Directory traversal vulnerability in modules.php in PowerPortal 1.x ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0665 (csFAQ.cgi in csFAQ allows remote attackers to gain sensitive ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0666 (Off-by-one error in the POP3_readmsg function in popclient 3.0b6 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0667 (Rule Set Based Access Control (RSBAC) 1.2.2 through 1.2.3 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0668 (Web Access in Lotus Domino 6.5.1 allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0669 (Lotus Domino 6.5.0 and 6.5.1, with IMAP enabled, allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0670 (Prestige 650HW-31 running Rompager 4.7 software allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0671 (Brightmail Spamfilter 6.0 and earlier beta releases allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0672 (Multiple cross-site scripting (XSS) vulnerabilities in the primary and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0673 (Cross-site scripting (XSS) vulnerability in SCI Photo Chat Server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0674 (Enterasys XSR-1800 series Security Routers, when running firmware ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0675 (Cross-site scripting (XSS) vulnerability in (1) cart32.exe or (2) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0676 (Directory traversal vulnerability in Fastream NETFile FTP/Web Server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0677 (Fastream NETFile FTP Server 6.7.2.1085 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0678 (Cross-site scripting (XSS) in one2planet.infolet.InfoServlet in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0679 (The IP cloaking feature (cloak.c) in UnrealIRCd 3.2, and possibly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0680 (Zoom X3 ADSL modem has a terminal running on port 254 that can be ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0681 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0682 (comersus_gatewayPayPal.asp in Comersus Cart 5.09, and possibly other ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0683 (Symantec Norton AntiVirus 2002 and 2003 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0684 (WebSphere Edge Component Caching Proxy in WebSphere Edge Server 5.02, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0685 (Certain USB drivers in the Linux 2.4 kernel use the copy_to_user ...) BUG: 59769 BUG: 59905 BUG: 59378 CVE-2004-0686 (Buffer overflow in Samba 2.2.x to 2.2.9, and 3.0.0 to 3.0.4, when the ...) BUG: 57962 CVE-2004-0687 (Multiple stack-based buffer overflows in (1) xpmParseColors in ...) BUG: 78111 BUG: 66647 BUG: 64152 CVE-2004-0688 (Multiple integer overflows in (1) the xpmParseColors function in ...) BUG: 78111 BUG: 66647 BUG: 64152 CVE-2004-0689 (KDE before 3.3.0 does not properly handle when certain symbolic links ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0690 (The DCOPServer in KDE 3.2.3 and earlier allows local users to gain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0691 (Heap-based buffer overflow in the BMP image format parser for the QT ...) BUG: 60855 CVE-2004-0692 (The XPM parser in the QT library (qt3) before 3.3.3 allows remote ...) BUG: 60855 CVE-2004-0693 (The GIF parser in the QT library (qt3) before 3.3.3 allows remote ...) BUG: 60855 CVE-2004-0694 RESERVED BUG: 62618 CVE-2004-0695 (Stack-based buffer overflow in the FTP service for 4D WebSTAR 5.3.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0696 (The ShellExample.cgi script in 4D WebSTAR 5.3.2 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0697 (Unknown vulnerability in 4D WebSTAR 5.3.2 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0698 (4D WebSTAR 5.3.2 and earlier allows local users to read and modify ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0699 (Heap-based buffer overflow in ASN.1 decoding library in Check Point ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0700 (Format string vulnerability in the mod_proxy hook functions function ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0701 (Sun Ray Server Software (SRSS) 1.3 and 2.0 for Solaris 2.6, 7 and 8 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0702 (DBI in Bugzilla 2.17.1 through 2.17.7 displays the database password ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0703 (Unknown vulnerability in the administrative controls in Bugzilla ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0704 (Unknown vulnerability in (1) duplicates.cgi and (2) buglist.cgi in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0705 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0706 (Bugzilla 2.17.5 through 2.17.7 embeds the password in an image URL, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0707 (SQL injection vulnerability in editusers.cgi in Bugzilla 2.16.x before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0708 (MoinMoin 1.2.1 and earlier allows remote attackers to gain privileges ...) BUG: 53126 CVE-2004-0709 (HP OpenView Select Access 5.0 through 6.0 does not correctly decode ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0710 (IP Security VPN Services Module (VPNSM) in Cisco Catalyst 6500 Series ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0711 (The URL pattern matching feature in BEA WebLogic Server 6.x matches ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0712 (The configuration tools (1) config.sh in Unix or (2) config.cmd in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0713 (The remove method in a stateful Enterprise JavaBean (EJB) in BEA ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0714 (Cisco Internetwork Operating System (IOS) 12.0S through 12.3T attempts ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0715 (The WebLogic Authentication provider for BEA WebLogic Server and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0716 (Buffer overflow in the DCE daemon (DCED) for the DCE endpoint mapper ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0717 (Opera 7.51 for Windows and 7.50 for Linux does not properly prevent a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0718 (The (1) Mozilla 1.6, (2) Firebird 0.7, (3) Firefox 0.8, and (4) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0719 (Internet Explorer for Mac 5.2.3, Internet Explorer 6 on Windows XP, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0720 (Safari 1.2.2 does not properly prevent a frame in one domain from ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0721 (Konqueror 3.1.3, 3.2.2, and possibly other versions does not properly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0722 (Integer overflow in the SOAPParameter object constructor in (1) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0723 (Microsoft Java virtual machine (VM) 5.0.0.3810 allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0724 (The Half-Life engine before July 7 2004 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0725 (Cross-site scripting (XSS) vulnerability in help.php in Moodle 1.3.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0726 (The Windows Media Player control in Microsoft Windows 2000 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0727 (Microsoft Internet Explorer 6.0.2800.1106 on Microsoft Windows XP SP2, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0728 (The Remote Control Client service in Microsoft's Systems Management ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0729 (PhpBB 2.0.8 allows remote attackers to gain sensitive information via ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0730 (Multiple cross-site scripting (XSS) vulnerabilities in PhpBB 2.0.8 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0731 (Cross-site scripting (XSS) vulnerability in index.php in the Search ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0732 (SQL injection vulnerability in index.php in the Search module for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0733 (Format string vulnerability in OllyDbg 1.10 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0734 (Web_Store.cgi allows remote attackers to execute arbitrary commands ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0735 (Buffer overflow in Medal of Honor (1) Allied Assault 1.11v9 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0736 (The search module in Php-Nuke allows remote attackers to gain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0737 (Multiple cross-site scripting vulnerabilities in index.php in the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0738 (Multiple SQL injection vulnerabilities in the Search module in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0739 (Buffer overflow in Whisper FTP Surfer 1.0.7 allows remote FTP servers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0740 (The HTTP server in Lexmark T522 and possibly other models allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0741 (LionMax Software WWW File Share Pro 2.60 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0742 (Sun Java System Portal Server 6.2 (formerly Sun ONE) allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0743 (Safari in Mac OS X before 10.3.5, after sending form data using the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0744 (The TCP/IP Networking component in Mac OS X before 10.3.5 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0745 (LHA 1.14 and earlier allows attackers to execute arbitrary commands ...) BUG: 62618 CVE-2004-0746 (Konqueror in KDE 3.2.3 and earlier allows web sites to set cookies for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0747 (Buffer overflow in Apache 2.0.50 and earlier allows local users to ...) BUG: 64145 BUG: 63948 BUG: 62626 CVE-2004-0748 (mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause ...) BUG: 64145 BUG: 63948 BUG: 62626 CVE-2004-0749 (The mod_authz_svn module in Subversion 1.0.7 and earlier does not ...) BUG: 65085 CVE-2004-0750 (Unknown vulnerability in redhat-config-nfs before 1.0.13, when shares ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0751 (The char_buffer_read function in the mod_ssl module for Apache 2.x, ...) BUG: 64145 BUG: 63948 BUG: 62626 CVE-2004-0752 (OpenOffice (OOo) 1.1.2 creates predictable directory names with ...) BUG: 63556 CVE-2004-0753 (The BMP image processor for (1) gdk-pixbuf before 0.22 and (2) gtk2 ...) BUG: 64230 CVE-2004-0754 (Integer overflow in Gaim before 0.82 allows remote attackers to cause ...) BUG: 61457 CVE-2004-0755 (The FileStore capability in CGI::Session for Ruby before 1.8.1, and ...) BUG: 60525 CVE-2004-0756 RESERVED CVE-2004-0757 (Heap-based buffer overflow in the SendUidl in the POP3 capability for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0758 (Mozilla 1.5 through 1.7 allows a CA certificate to be imported even ...) BUG: 59419 BUG: 57380 CVE-2004-0759 (Mozilla before 1.7 allows remote web servers to read arbitrary files ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0760 (Mozilla allows remote attackers to cause Mozilla to open a URI as a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0761 (Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0762 (Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0763 (Mozilla Firefox 0.9.1 and 0.9.2 allows remote web sites to spoof ...) BUG: 59419 BUG: 57380 CVE-2004-0764 (Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0765 (The cert_TestHostName function in Mozilla before 1.7, Firefox before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0766 (NGSEC StackDefender 2.0 allows attackers to cause a denial of service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0767 (NGSEC StackDefender 1.10 allows attackers to cause a denial of service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0768 (libpng 1.2.5 and earlier does not properly calculate certain buffer ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0769 (Buffer overflow in LHA allows remote attackers to execute arbitrary ...) BUG: 62618 CVE-2004-0770 (romload.c in DGen Emulator 1.23 and earlier allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0771 (Buffer overflow in the extract_one function from lhext.c in LHA may ...) BUG: 62618 CVE-2004-0772 (Double free vulnerabilities in error handling code in krb524d for MIT ...) BUG: 62417 CVE-2004-0773 RESERVED CVE-2004-0774 (RealNetworks Helix Universal Server 9.0.2 for Linux and 9.0.3 for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0775 (Buffer overflow in WIDCOMM Bluetooth Connectivity Software, as used in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0776 RESERVED CVE-2004-0777 (Format string vulnerability in the auth_debug function in Courier-IMAP ...) BUG: 60865 CVE-2004-0778 (CVS 1.11.x before 1.11.17, and 1.12.x before 1.12.9, allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0779 (The (1) Mozilla 1.6, (2) Firebird 0.7 and (3) Firefox 0.8 web browsers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0780 (Buffer overflow in uustat in Sun Solaris 8 and 9 allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0781 (Cross-site scripting (XSS) vulnerability in list.cgi in the Icecast ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0782 (Integer overflow in pixbuf_create_from_xpm (io-xpm.c) in the XPM image ...) BUG: 64230 CVE-2004-0783 (Stack-based buffer overflow in xpm_extract_color (io-xpm.c) in the XPM ...) BUG: 64230 CVE-2004-0784 (The smiley theme functionality in Gaim before 0.82 allows remote ...) BUG: 61457 CVE-2004-0785 (Multiple buffer overflows in Gaim before 0.82 allow remote attackers ...) BUG: 61457 CVE-2004-0786 (The IPv6 URI parsing routines in the apr-util library for Apache ...) BUG: 64145 BUG: 63948 BUG: 62626 CVE-2004-0787 (Cross-site scripting (XSS) vulnerability in the web frontend in OpenCA ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0788 (Integer overflow in the ICO image decoder for (1) gdk-pixbuf before ...) BUG: 64230 CVE-2004-0789 (Multiple implementations of the DNS protocol, including (1) Poslib ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0790 (Multiple TCP/IP and ICMP implementations allow remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0791 (Multiple TCP/IP and ICMP implementations allow remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0792 (Directory traversal vulnerability in the sanitize_path function in ...) BUG: 60309 CVE-2004-0793 (The calendar program in bsdmainutils 6.0 through 6.0.14 does not drop ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0794 (Multiple signal handler race conditions in lukemftpd (aka tnftpd ...) BUG: 61412 CVE-2004-0795 (DB2 8.1 remote command server (DB2RCMD.EXE) executes the db2rcmdc.exe ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0796 (SpamAssassin 2.5x, and 2.6x before 2.64, allows remote attackers to ...) BUG: 59483 CVE-2004-0797 (The error handling in the (1) inflate and (2) inflateBack functions in ...) BUG: 61749 CVE-2004-0798 (Buffer overflow in the _maincfgret.cgi script for Ipswitch WhatsUp ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0799 (The HTTP daemon in Ipswitch WhatsUp Gold 8.03 and 8.03 Hotfix 1 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0800 (Format string vulnerability in CDE Mailer (dtmail) on Solaris 8 and 9 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0801 (Unknown vulnerability in foomatic-rip in Foomatic before 3.0.2 allows ...) BUG: 64166 CVE-2004-0802 (Buffer overflow in the BMP loader in imlib2 before 1.1.2 allows remote ...) BUG: 62487 BUG: 62309 BUG: 61619 CVE-2004-0803 (Multiple vulnerabilities in the RLE (run length encoding) decoders for ...) BUG: 73795 BUG: 69043 CVE-2004-0804 (Vulnerability in tif_dirread.c for libtiff allows remote attackers to ...) BUG: 73795 BUG: 69043 CVE-2004-0805 (Buffer overflow in layer2.c in mpg123 0.59r and possibly mpg123 0.59s ...) BUG: 63079 CVE-2004-0806 (cdrecord in the cdrtools package before 2.01, when installed setuid ...) BUG: 63187 CVE-2004-0807 (Samba 3.0.6 and earlier allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0808 (The process_logon_packet function in the nmbd server for Samba 3.0.6 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0809 (The mod_dav module in Apache 2.0.50 and earlier allows remote ...) BUG: 64145 BUG: 63948 BUG: 62626 CVE-2004-0810 (Buffer overflow in Netopia Timbuktu 7.0.3 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0811 (Unknown vulnerability in Apache 2.0.51 prevents "the merging of the ...) BUG: 64804 CVE-2004-0812 (Unknown vulnerability in the Linux kernel before 2.4.23, on the AMD ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0813 (Unknown vulnerability in the SG_IO functionality in ide-cd allows ...) BUG: 193196 CVE-2004-0814 (Multiple race conditions in the terminal layer in Linux 2.4.x, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0815 (The unix_clean_name function in Samba 2.2.x through 2.2.11, and 3.0.x ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0816 (Integer underflow in the firewall logging rules for iptables in Linux ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0817 (Multiple heap-based buffer overflows in the imlib BMP image handler ...) BUG: 62487 BUG: 62309 CVE-2004-0818 RESERVED CVE-2004-0819 (The bridge functionality in OpenBSD 3.4 and 3.5, when running a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0820 (Winamp before 5.0.4 allows remote attackers to execute arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0821 (The CFPlugIn in Core Foundation framework in Mac OS X allows user ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0822 (Buffer overflow in The Core Foundation framework ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0823 (OpenLDAP 1.0 through 2.1.19, as used in Apple Mac OS 10.3.4 and 10.3.5 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0824 (PPPDialer for Mac OS X 10.2.8 through 10.3.5 allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0825 (QuickTime Streaming Server in Mac OS X Server 10.2.8, 10.3.4, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0826 (Heap-based buffer overflow in Netscape Network Security Services (NSS) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0827 (Multiple buffer overflows in the ImageMagick graphics library 5.x ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0828 (The ctstrtcasd program in RSCT 2.3.0.0 and earlier on IBM AIX 5.2 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0829 (smbd in Samba before 2.2.11 allows remote attackers to cause a denial ...) BUG: 62476 CVE-2004-0830 (The Content Scanner Server in F-Secure Anti-Virus for Microsoft ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0831 (McAfee VirusScan 4.5.1 does not drop SYSTEM privileges before allowing ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0832 (The (1) ntlm_fetch_string and (2) ntlm_get_string functions in Squid ...) BUG: 61280 CVE-2004-0833 (Sendmail before 8.12.3 on Debian GNU/Linux, when using sasl and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0834 (Format string vulnerability in Speedtouch USB driver before 1.3.1 ...) BUG: 68436 CVE-2004-0835 (MySQL 3.x before 3.23.59, 4.x before 4.0.19, 4.1.x before 4.1.2, and ...) BUG: 67062 CVE-2004-0836 (Buffer overflow in the mysql_real_connect function in MySQL 4.x before ...) BUG: 67062 CVE-2004-0837 (MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows attackers to ...) BUG: 67062 CVE-2004-0838 (Lexar Safe Guard for JumpDrive Secure 1.0 stores the password ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0839 (Internet Explorer in Windows XP SP2, and other versions including 5.01 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0840 (The SMTP (Simple Mail Transfer Protocol) component of Microsoft ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0841 (Internet Explorer 6.x allows remote attackers to install arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0842 (Internet Explorer 6.0 SP1 and earlier, and possibly other versions, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0843 (Internet Explorer 5.5 and 6 does not properly handle plug-in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0844 (Internet Explorer 6 on Double Byte Character Set (DBCS) systems allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0845 (Internet Explorer 5.01, 5.5, and 6 does not properly cache SSL ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0846 (Unknown vulnerability in Microsoft Excel 2000, 2002, 2001 for Mac, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0847 (The Microsoft .NET forms authentication capability for ASP.NET allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0848 (Buffer overflow in Microsoft Office XP allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0849 (Integer overflow in the asn_decode_string() function defined in asn1.c ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0850 (Star before 1.5_alpha46 does not drop the effective user ID (euid) ...) BUG: 61797 CVE-2004-0851 (The (1) write_list and (2) dump_curr_list functions in Net-Acct before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0852 (Buffer overflow in htget 0.93 allows remote attackers to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0853 RESERVED CVE-2004-0854 RESERVED CVE-2004-0855 RESERVED CVE-2004-0856 RESERVED CVE-2004-0857 RESERVED CVE-2004-0858 RESERVED CVE-2004-0859 RESERVED CVE-2004-0860 RESERVED CVE-2004-0861 RESERVED CVE-2004-0862 RESERVED CVE-2004-0863 RESERVED CVE-2004-0864 RESERVED CVE-2004-0865 RESERVED CVE-2004-0866 (Internet Explorer 6.0 allows web sites to set cookies for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0867 (Mozilla Firefox 0.9.2 allows web sites to set cookies for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0868 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0869 (Internet Explorer does not prevent cookies that are sent over an ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0870 (KDE Konqueror does not prevent cookies that are sent over an insecure ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0871 (Mozilla does not prevent cookies that are sent over an insecure ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0872 (Opera does not prevent cookies that are sent over an insecure ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0873 (Apple iChat AV 2.1, AV 2.0, and 1.0.1 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0874 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0875 (Multiple cross-site scripting (XSS) vulnerabilities in Phpgroupware ...) BUG: 63063 CVE-2004-0876 RESERVED CVE-2004-0877 RESERVED CVE-2004-0878 RESERVED CVE-2004-0879 RESERVED CVE-2004-0880 (getmail 4.x before 4.2.0, when run as root, allows local users to ...) BUG: 64643 CVE-2004-0881 (getmail 4.x before 4.2.0, and other versions before 3.2.5, when run as ...) BUG: 64643 CVE-2004-0882 (Buffer overflow in the QFILEPATHINFO request handler in Samba 3.0.x ...) BUG: 70429 CVE-2004-0883 (Multiple vulnerabilities in the samba filesystem (smbfs) in Linux ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0884 (The (1) libsasl and (2) libsasl2 libraries in Cyrus-SASL 2.1.18 and ...) BUG: 56016 CVE-2004-0885 (The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the ...) BUG: 66807 CVE-2004-0886 (Multiple integer overflows in libtiff 3.6.1 and earlier allow remote ...) BUG: 73795 BUG: 69043 CVE-2004-0887 (SUSE Linux Enterprise Server 9 on the S/390 platform does not properly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0888 (Multiple integer overflows in xpdf 2.0 and 3.0, and other packages ...) BUG: 69624 BUG: 69936 BUG: 68571 BUG: 68665 BUG: 68558 BUG: 75801 BUG: 69019 BUG: 69662 CVE-2004-0889 (Multiple integer overflows in xpdf 3.0, and other packages that use ...) BUG: 69624 BUG: 69936 BUG: 68571 BUG: 68665 BUG: 68558 BUG: 75801 BUG: 69662 CVE-2004-0890 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0891 (Buffer overflow in the MSN protocol handler for gaim 0.79 to 1.0.1 ...) BUG: 68271 CVE-2004-0892 (Microsoft Proxy Server 2.0 and Microsoft ISA Server 2000 (which is ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0893 (The Local Procedure Call (LPC) interface of the Windows Kernel for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0894 (LSASS (Local Security Authority Subsystem Service) of Windows 2000 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0895 RESERVED CVE-2004-0896 RESERVED CVE-2004-0897 (The Indexing Service for Microsoft Windows XP and Server 2003 does not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0898 RESERVED CVE-2004-0899 (The DHCP Server service for Microsoft Windows NT 4.0 Server and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0900 (The DHCP Server service for Microsoft Windows NT 4.0 Server and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0901 (Microsoft Word for Windows 6.0 Converter (MSWRD632.WPC), as used in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0902 (Multiple heap-based buffer overflows in Mozilla Firefox before the ...) BUG: 63996 CVE-2004-0903 (Stack-based buffer overflow in the writeGroup function in ...) BUG: 63996 CVE-2004-0904 (Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox ...) BUG: 63996 CVE-2004-0905 (Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and ...) BUG: 63996 CVE-2004-0906 (The XPInstall installer in Mozilla Firefox before the Preview Release, ...) BUG: 63996 CVE-2004-0907 (The Linux install .tar.gz archives for Mozilla Firefox before the ...) BUG: 63996 CVE-2004-0908 (Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and ...) BUG: 63996 CVE-2004-0909 (Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and ...) BUG: 63996 CVE-2004-0910 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0911 (telnetd for netkit 0.17 and earlier, and possibly other versions, on ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0912 RESERVED CVE-2004-0913 (Unknown vulnerability in ecartis 0.x before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0914 (Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in ...) BUG: 78111 BUG: 78483 BUG: 68544 CVE-2004-0915 (Multiple unknown vulnerabilities in viewcvs before 0.9.2, when ...) BUG: 73772 BUG: 72461 CVE-2004-0916 (Directory traversal vulnerability in cabextract before 1.1 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0917 (The default installation of Vignette Application Portal installs the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0918 (The asn_parse_header function (asn1.c) in the SNMP module for Squid ...) BUG: 67167 CVE-2004-0919 (The syscons CONS_SCRSHOT ioctl in FreeBSD 5.x allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0920 (Symantec Norton AntiVirus 2004, and earlier versions, allows a virus ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0921 (AFP Server on Mac OS X 10.3.x to 10.3.5, when a guest has mounted an ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0922 (AFP Server on Mac OS X 10.3.x to 10.3.5, under certain conditions, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0923 (CUPS 1.1.20 and earlier records authentication information for a ...) BUG: 66501 CVE-2004-0924 (NetInfo Manager on Mac OS X 10.3.x through 10.3.5, after an initial ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0925 (Postfix on Mac OS X 10.3.x through 10.3.5, with SMTPD AUTH enabled, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0926 (Heap-based buffer overflow in Apple QuickTime on Mac OS 10.2.8 through ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0927 (ServerAdmin in Mac OS X 10.2.8 through 10.3.5 uses the same example ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0928 (The Microsoft IIS Connector in JRun 4.0 and Macromedia ColdFusion MX ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0929 (Heap-based buffer overflow in the OJPEGVSetField function in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0930 (The ms_fnmatch function in Samba 3.0.4 and 3.0.7 and possibly other ...) BUG: 70429 CVE-2004-0931 (MySQL MaxDB before 7.5.00.18 allows remote attackers to cause a denial ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0932 (McAfee Anti-Virus Engine DATS drivers before 4398 released on Oct 13th ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0933 (Computer Associates (CA) InoculateIT 6.0, eTrust Antivirus r6.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0934 (Kaspersky 3.x to 4.x allows remote attackers to bypass antivirus ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0935 (Eset Anti-Virus before 1.020 (16th September 2004) allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0936 (RAV antivirus allows remote attackers to bypass antivirus protection ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0937 (Sophos Anti-Virus before 3.87.0, and Sophos Anti-Virus for Windows 95, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0938 (FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of ...) BUG: 60587 CVE-2004-0939 (changepassword.cgi in Neoteris Instant Virtual Extranet (IVE) 3.x and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0940 (Buffer overflow in the get_tag function in mod_include for Apache ...) BUG: 68564 CVE-2004-0941 (Multiple buffer overflows in the gd graphics library (libgd) 2.0.21 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0942 (Apache webserver 2.0.52 and earlier allows remote attackers to cause a ...) BUG: 70138 CVE-2004-0943 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0944 (The web management interface for Mitel 3300 Integrated Communications ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0945 (The web management interface for Mitel 3300 Integrated Communications ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0946 (rquotad in nfs-utils (rquota_server.c) before 1.0.6-r6 on 64-bit ...) BUG: 72113 CVE-2004-0947 (Buffer overflow in unarj before 2.63a-r2 allows remote attackers to ...) BUG: 70966 CVE-2004-0948 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0949 (The smb_recv_trans2 function call in the samba filesystem (smbfs) in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0950 (NetOp Host before 7.65 build 2004278 allows remote attackers to obtain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0951 (The make_recovery command for the TFTP server in HP Ignite-UX before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0952 (HP-UX B.11.00 through B.11.23, when running Ignite-UX and using the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0953 (Buffer overflow in the C2S module in the open source Jabber 2.x server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0954 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0955 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0956 (MySQL before 4.0.20 allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0957 (Unknown vulnerability in MySQL 3.23.58 and earlier, when a local user ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0958 (php_variables.c in PHP before 5.0.2 allows remote attackers to read ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0959 (rfc1867.c in PHP before 5.0.2 allows local users to upload files to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0960 (FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of ...) BUG: 60587 CVE-2004-0961 (Memory leak in FreeRADIUS before 1.0.1 allows remote attackers to ...) BUG: 60587 CVE-2004-0962 (Apple Remote Desktop Client 1.2.4 executes a GUI application as root ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0963 (Buffer overflow in Microsoft Word 2002 (10.6612.6714) SP3, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0964 (Buffer overflow in Zinf 2.2.1 on Windows, and other older versions for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0965 (stmkfont in HP-UX B.11.00 through B.11.23 relies on the user-specified ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0966 (The (1) autopoint and (2) gettextize scripts in the GNU gettext ...) BUG: 85766 BUG: 66355 CVE-2004-0967 (The (1) pj-gs.sh, (2) ps2epsi, (3) pv.sh, and (4) sysvlp.sh scripts ...) BUG: 66357 CVE-2004-0968 (The catchsegv script in glibc 2.3.2 and earlier allows local users to ...) BUG: 66358 CVE-2004-0969 (The groffer script in the Groff package 1.18 and later versions, as ...) BUG: 68407 BUG: 68404 CVE-2004-0970 (The (1) gzexe, (2) zdiff, and (3) znew scripts in the gzip package, as ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0971 (The krb5-send-pr script in the kerberos5 (krb5) package in Trustix ...) BUG: 66359 CVE-2004-0972 (The lvmcreate_initrd script in the lvm package in Trustix Secure Linux ...) BUG: 69149 BUG: 68406 CVE-2004-0973 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0974 (The netatalk package in Trustix Secure Linux 1.5 through 2.1, and ...) BUG: 66370 CVE-2004-0975 (The der_chop script in the openssl package in Trustix Secure Linux 1.5 ...) BUG: 68407 BUG: 68404 CVE-2004-0976 (Multiple scripts in the perl package in Trustix Secure Linux 1.5 ...) BUG: 66360 CVE-2004-0977 (The make_oidjoins_check script in PostgreSQL 7.4.5 and earlier allows local ...) BUG: 66371 CVE-2004-0978 (Heap-based buffer overflow in the Hrtbeat.ocx (Heartbeat) ActiveX ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0979 (Internet Explorer on Windows XP does not properly modify the "Drag and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0980 (Format string vulnerability in ez-ipupdate.c for ez-ipupdate 3.0.10 ...) BUG: 69658 CVE-2004-0981 (Buffer overflow in the EXIF parsing routine in ImageMagick before ...) BUG: 69825 CVE-2004-0982 (Buffer overflow in the getauthfromURL function in httpget.c in mpg123 ...) BUG: 68343 CVE-2004-0983 (The CGI module in Ruby 1.6 before 1.6.8, and 1.8 before 1.8.2, allows ...) BUG: 69985 CVE-2004-0984 (Unknown vulnerability in the dotlock implementation in mailutils ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0985 (Internet Explorer 6.x on Windows XP SP2 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0986 (Iptables before 1.2.11, under certain conditions, does not properly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0987 (Buffer overflow in the process_menu function in yardradius 1.0.20 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0988 (Integer overflow on Apple QuickTime before 6.5.2, when running on ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0989 (Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and ...) BUG: 69154 CVE-2004-0990 (Integer overflow in GD Graphics Library libgd 2.0.28 (libgd2), and ...) BUG: 69070 CVE-2004-0991 (Buffer overflow in mpg123 before 0.59s-r9 allows remote attackers to ...) BUG: 76862 CVE-2004-0992 (Format string vulnerability in the -a option (daemon mode) in ...) BUG: 69379 CVE-2004-0993 (Buffer overflow in hpsockd before 0.6 allows remote attackers to cause ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0994 (Multiple integer overflows in xzgv 0.8 and earlier allow remote ...) BUG: 74069 CVE-2004-0995 RESERVED CVE-2004-0996 (main.c in cscope 15-4 and 15-5 creates temporary files with ...) BUG: 71595 CVE-2004-0997 (Unspecified vulnerability in the ptrace MIPS assembly code in Linux ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0998 (Format string vulnerability in telnetd-ssl 0.17 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-0999 (zgv 5.5.3 allows remote attackers to cause a denial of service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1000 (lintian 1.23 and earlier removes the working directory even if it was ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1001 (Unknown vulnerability in the passwd_check function in Shadow 4.0.4.1, ...) BUG: 69212 CVE-2004-1002 (Integer underflow in pppd in cbcp.c for ppp 2.4.1 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1003 (Trend ScanMail allows remote attackers to obtain potentially sensitive ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1004 (Multiple format string vulnerabilities in Midnight Commander (mc) ...) BUG: 77992 CVE-2004-1005 (Multiple buffer overflows in Midnight Commander (mc) 4.5.55 and ...) BUG: 77992 CVE-2004-1006 (Format string vulnerability in the log functions in dhcpd for dhcp 2.x ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1007 (The quoted-printable decoder in bogofilter 0.17.4 to 0.92.7 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1008 (Integer signedness error in the ssh2_rdpkt function in PuTTY before ...) BUG: 69123 CVE-2004-1009 (Midnight commander (mc) 4.5.55 and earlier allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1010 (Buffer overflow in Info-Zip 2.3 and possibly earlier versions, when ...) BUG: 70227 CVE-2004-1011 (Stack-based buffer overflow in Cyrus IMAP Server 2.2.4 through 2.2.8, ...) BUG: 72194 CVE-2004-1012 (The argument parser of the PARTIAL command in Cyrus IMAP Server 2.2.6 ...) BUG: 72194 CVE-2004-1013 (The argument parser of the FETCH command in Cyrus IMAP Server 2.2.x ...) BUG: 72194 CVE-2004-1014 (statd in nfs-utils 1.257 and earlier does not ignore the SIGPIPE ...) BUG: 72113 CVE-2004-1015 (Buffer overflow in proxyd for Cyrus IMAP Server 2.2.9 and earlier, ...) BUG: 72194 CVE-2004-1016 (The scm_send function in the scm layer for Linux kernel 2.4.x up to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1017 (Multiple "overflows" in the io_edgeport driver for Linux kernel 2.4.x ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1018 (Multiple integer handling errors in PHP before 4.3.10 allow attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1019 (The deserialization code in PHP before 4.3.10 and PHP 5.x up to 5.0.2 ...) BUG: 74547 CVE-2004-1020 (The addslashes function in PHP 4.3.9 does not properly escape a NULL ...) BUG: 74547 CVE-2004-1021 (iCal before 1.5.4 on Mac OS X 10.2.3, and other later versions, does ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1022 (Kerio Winroute Firewall before 6.0.7, ServerFirewall before 1.0.1, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1023 (Kerio Winroute Firewall before 6.0.9, ServerFirewall before 1.0.1, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1024 RESERVED CVE-2004-1025 (Multiple heap-based buffer overflows in imlib 1.9.14 and earlier, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1026 (Multiple integer overflows in the image handler for imlib 1.9.14 and ...) BUG: 77002 BUG: 72681 CVE-2004-1027 (Directory traversal vulnerability in the -x (extract) command line ...) BUG: 70966 CVE-2004-1028 (Untrusted execution path vulnerability in chcod on AIX IBM 5.1.0, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1029 (The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) ...) BUG: 72221 BUG: 72172 CVE-2004-1030 (fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions ...) BUG: 71311 CVE-2004-1031 (fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions ...) BUG: 71311 CVE-2004-1032 (fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions ...) BUG: 71311 CVE-2004-1033 (Fcron 2.0.1, 2.9.4, and possibly earlier versions leak file ...) BUG: 71311 CVE-2004-1034 (Buffer overflow in the http_open function in Kaffeine before 0.5, ...) BUG: 70055 BUG: 69663 CVE-2004-1035 (Multiple integer signedness errors in (1) imapcommon.c, (2) main.c, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1036 (Cross-site scripting (XSS) vulnerability in the decoding of encoded ...) BUG: 70739 CVE-2004-1037 (The search function in TWiki 20030201 allows remote attackers to ...) BUG: 71035 CVE-2004-1038 (A design error in the IEEE1394 specification allows attackers with ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1039 (The NFS mountd service on SCO UnixWare 7.1.1, 7.1.3, 7.1.4, and 7.0.1, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1040 RESERVED CVE-2004-1041 RESERVED CVE-2004-1042 RESERVED CVE-2004-1043 (Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1044 RESERVED CVE-2004-1045 RESERVED CVE-2004-1046 RESERVED CVE-2004-1047 RESERVED CVE-2004-1048 RESERVED CVE-2004-1049 (Integer overflow in the LoadImage API of the USER32 Lib for Microsoft ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1050 (Heap-based buffer overflow in Internet Explorer 6 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1051 (sudo before 1.6.8p2 allows local users to execute arbitrary commands ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1052 (Buffer overflow in the getnickuserhost function in BNC 2.8.9, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1053 (Integer overflow in fetch on FreeBSD 4.1 through 5.3 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1054 (Untrusted execution path vulnerability in invscout in IBM AIX 5.1.0, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1055 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...) BUG: 71819 CVE-2004-1056 (Direct Rendering Manager (DRM) driver in Linux kernel 2.6 does not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1057 (Multiple drivers in Linux kernel 2.4.19 and earlier do not properly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1058 (Race condition in Linux kernel 2.6 allows local users to read the ...) BUG: 59769 BUG: 59905 BUG: 59378 CVE-2004-1059 (Multiple cross-site scripting (XSS) vulnerabilities in mnoGoSearch ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1060 (Multiple TCP/IP and ICMP implementations, when using Path MTU (PMTU) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1061 (Cross-site scripting (XSS) vulnerability in Bugzilla before 2.18, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1062 (Multiple cross-site scripting (XSS) vulnerabilities in ViewCVS 0.9.2 ...) BUG: 73772 BUG: 72461 CVE-2004-1063 (PHP 4.x to 4.3.9, and PHP 5.x to 5.0.2, when running in safe mode on a ...) BUG: 74547 CVE-2004-1064 (The safe mode checks in PHP 4.x to 4.3.9 and PHP 5.x to 5.0.2 truncate ...) BUG: 74547 CVE-2004-1065 (Buffer overflow in the exif_read_data function in PHP before 4.3.10 ...) BUG: 74547 CVE-2004-1066 (The cmdline pseudofiles in (1) procfs on FreeBSD 4.8 through 5.3, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1067 (Off-by-one error in the mysasl_canon_user function in Cyrus IMAP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1068 (A "missing serialization" error in the unix_dgram_recvmsg function in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1069 (Race condition in SELinux 2.6.x through 2.6.9 allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1070 (The load_elf_binary function in the binfmt_elf loader (binfmt_elf.c) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1071 (The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1072 (The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1073 (The open_exec function in the execve functionality (exec.c) in Linux ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1074 (The binfmt functionality in the Linux kernel, when "memory overcommit" ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1075 (Cross-site scripting (XSS) vulnerability in standard_error_message.dtml ...) BUG: 72315 CVE-2004-1076 (Multiple buffer overflows in the RtConfigLoad function in rt-config.c ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1077 (Citrix Program Neighborhood Agent for Win32 8.00.24737 and earlier and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1078 (Stack-based buffer overflow in the client for Citrix Program ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1079 (Buffer overflow in (1) ncplogin and (2) ncpmap in nwclient.c for ncpfs ...) BUG: 72820 CVE-2004-1080 (The WINS service (wins.exe) on Microsoft Windows NT Server 4.0, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1081 (The Application Framework (AppKit) for Apple Mac OS X 10.2.8 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1082 (mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1083 (Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1084 (Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1085 (Human Interface Toolbox (HIToolBox) for Apple Mac 0S X 10.3.6 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1086 (Buffer overflow in PSNormalizer for Apple Mac OS X 10.3.6 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1087 (Terminal for Apple Mac OS X 10.3.6 may indicate that "Secure Keyboard ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1088 (Postfix server for Apple Mac OS X 10.3.6, when using CRAM-MD5, allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1089 (Unknown vulnerability in Apple Mac OS X 10.3.6 server, when using ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1090 (Midnight commander (mc) 4.5.55 and earlier allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1091 (Midnight commander (mc) 4.5.55 and earlier allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1092 (Midnight commander (mc) 4.5.55 and earlier allows remote attackers to ...) BUG: 77992 CVE-2004-1093 (Midnight commander (mc) 4.5.55 and earlier allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1094 (Buffer overflow in InnerMedia DynaZip DUNZIP32.dll file version ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1095 (Multiple integer overflows in (1) readbmp.c, (2) readgif.c, (3) ...) BUG: 69150 CVE-2004-1096 (Archive::Zip Perl module before 1.14, when used by antivirus programs ...) BUG: 68616 CVE-2004-1097 (Format string vulnerability in the cherokee_logger_ncsa_write_string ...) BUG: 67667 CVE-2004-1098 (MIMEDefang in MIME-tools 5.414 allows remote attackers to bypass virus ...) BUG: 69181 CVE-2004-1099 (Cisco Secure Access Control Server for Windows (ACS Windows) and Cisco ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1100 (Cross-site scripting (XSS) vulnerability in mailpost.exe in MailPost ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1101 (mailpost.exe in MailPost 5.1.1sv, and possibly earlier versions, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1102 (MailPost 5.1.1sv, and possibly earlier versions, displays a different ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1103 (MailPost 5.1.1sv, and possibly earlier versions, when debug mode is ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1104 (Microsoft Internet Explorer 6.0 SP2 allows remote attackers to spoof a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1105 (Nortel Networks Contivity VPN Client displays a different error ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1106 (Cross-site scripting (XSS) vulnerability in Gallery 1.4.4-pl3 and ...) BUG: 69904 CVE-2004-1107 (dispatch-conf in Portage 2.0.51-r2 and earlier allows local users to ...) BUG: 69147 BUG: 68846 CVE-2004-1108 (qpkg in Gentoolkit 0.2.0_pre10 and earlier allows local users to ...) BUG: 69147 BUG: 68846 CVE-2004-1109 (The FWDRV.SYS driver in Kerio Personal Firewall 4.1.1 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1110 (The mtink status monitor before 1.0.5 for Epson printers allows local ...) BUG: 70310 CVE-2004-1111 (Cisco IOS 2.2(18)EW, 12.2(18)EWA, 12.2(14)SZ, 12.2(18)S, 12.2(18)SE, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1112 (The buffer overflow trigger in Cisco Security Agent (CSA) before 4.0.3 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1113 (SQL injection vulnerability in SQLgrey Postfix greylisting service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1114 (Buffer overflow in the handling of command line arguments in Skype ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1115 (The init scripts in Search for Extraterrestrial Intelligence (SETI) ...) BUG: 69868 CVE-2004-1116 (The init scripts in Great Internet Mersenne Prime Search (GIMPS) 23.9 ...) BUG: 69868 CVE-2004-1117 (The init scripts in ChessBrain 20407 and earlier execute user-owned ...) BUG: 69868 CVE-2004-1118 (Buffer overflow in the WodFtpDLX.ocx (WeOnlyDo!) ActiveX component ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1119 (Stack-based buffer overflow in IN_CDDA.dll in Winamp 5.05, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1120 (Mulitple buffer overflows in (1) http.c, (2) http-retr.c, (3) main.c ...) BUG: 70090 CVE-2004-1121 (Apple Safari 1.0 through 1.2.3 allows remote attackers to spoof the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1122 (Safari 1.x to 1.2.4, and possibly other versions, allows inactive ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1123 (Darwin Streaming Server 5.0.1, and possibly earlier versions, allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1124 (Unknown vulnerability in chroot on SCO UnixWare 7.1.1 through 7.1.4 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1125 (Buffer overflow in the Gfx::doImage function in Gfx.cc for xpdf 3.00, ...) BUG: 77023 BUG: 75197 BUG: 74479 BUG: 75204 BUG: 75203 BUG: 75201 BUG: 75191 BUG: 75801 BUG: 75200 CVE-2004-1126 RESERVED CVE-2004-1127 (Buffer overflow in Open Dc Hub 0.7.14 allows remote attackers, with ...) BUG: 72371 CVE-2004-1128 (Buffer overflow in CMailCOM.dll in CMailServer 5.2 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1129 (SQL injection vulnerability in (1) fdelmail.asp, (2) addressc.asp, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1130 (Cross-site scripting (XSS) vulnerability in admin.asp in CMailServer ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1131 (Multiple buffer overflows in the enable command for SCO OpenServer ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1132 RESERVED CVE-2004-1133 (Multiple cross-site scripting (XSS) vulnerabilities in Microsoft W3Who ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1134 (Buffer overflow in the Microsoft W3Who ISAPI (w3who.dll) allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1135 (Multiple buffer overflows in WS_FTP Server 5.03 2004.10.14 allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1136 (Buffer overflow in CuteFTP Professional 6.0, and possibly other ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1137 (Multiple vulnerabilities in the IGMP functionality for Linux kernel ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1138 (VIM before 6.3 and gVim before 6.3 allow local users to execute ...) BUG: 73715 CVE-2004-1139 (Unknown vulnerability in the DICOM dissector in Ethereal 0.10.4 ...) BUG: 74443 CVE-2004-1140 (Ethereal 0.9.0 through 0.10.7 allows remote attackers to cause a ...) BUG: 74443 CVE-2004-1141 (The HTTP dissector in Ethereal 0.10.1 through 0.10.7 allows remote ...) BUG: 74443 CVE-2004-1142 (Ethereal 0.9.0 through 0.10.7 allows remote attackers to cause a ...) BUG: 74443 CVE-2004-1143 (The password generation in mailman before 2.1.5 generates only 5 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1144 (Unknown vulnerability in the 32bit emulation code in Linux 2.4 on ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1145 (Multiple vulnerabilities in Konqueror in KDE 3.3.1 and earlier (1) ...) BUG: 72750 CVE-2004-1146 (Multiple cross-site scripting (XSS) vulnerabilities in (1) main.c and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1147 (phpMyAdmin 2.6.0-pl2, and other versions before 2.6.1, with external ...) BUG: 74303 CVE-2004-1148 (phpMyAdmin before 2.6.1, when configured with UploadDir functionality, ...) BUG: 74303 CVE-2004-1149 (Computer Associates eTrust EZ Antivirus 7.0.0 to 7.0.4, including ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1150 (Stack-based buffer overflow in the in_cdda.dll plugin for Winamp 5.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1151 (Multiple buffer overflows in the (1) sys32_ni_syscall and (2) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1152 (Buffer overflow in the mailListIsPdf function in Adobe Acrobat Reader ...) BUG: 74406 CVE-2004-1153 (Format string vulnerability in Adobe Acrobat Reader 6.0.0 through ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1154 (Integer overflow in the Samba daemon (smbd) in Samba 2.x and 3.0.x ...) BUG: 73943 CVE-2004-1155 (Internet Explorer 5.01 through 6 allows remote attackers to spoof ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1156 (Mozilla before 1.7.6, and Firefox before 1.0.1, allows remote ...) BUG: 84074 BUG: 83267 CVE-2004-1157 (Opera 7.x up to 7.54, and possibly other versions, allows remote ...) BUG: 81747 BUG: 74321 BUG: 74076 BUG: 73871 CVE-2004-1158 (Konqueror 3.x up to 3.2.2-6, and possibly other versions, allows ...) BUG: 73869 BUG: 72804 CVE-2004-1159 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1160 (Netscape 7.x to 7.2, and possibly other versions, allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1161 (rssh 2.2.2 and earlier does not properly restrict programs that can be ...) BUG: 72816 BUG: 72815 CVE-2004-1162 (The unison command in scponly before 4.0 does not properly restrict ...) BUG: 72816 BUG: 72815 CVE-2004-1163 (Cisco CNS Network Registrar Central Configuration Management (CCM) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1164 (The lock manager in Cisco CNS Network Registrar 6.0 through 6.1.1.3 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1165 (Konqueror 3.3.1 allows remote attackers to execute arbitrary FTP ...) BUG: 73759 CVE-2004-1166 (CRLF injection vulnerability in Microsoft Internet Explorer ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1167 (mirrorselect before 0.89 creates temporary files in a world-writable ...) BUG: 73545 CVE-2004-1168 (Stack-based buffer overflow in the WebDav handler in MaxDB WebTools ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1169 (MaxDB WebTools 7.5.00.18 and earlier allows remote attackers to cause ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1170 (a2ps 4.13 allows remote attackers to execute arbitrary commands via ...) BUG: 61500 BUG: 75784 CVE-2004-1171 (KDE 3.2.x and 3.3.0 through 3.3.2, when saving credentials that are ...) BUG: 73869 BUG: 72804 CVE-2004-1172 (Stack-based buffer overflow in the Agent Browser in Veritas Backup ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1173 (Internet Explorer 6 allows remote attackers to bypass the popup ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1174 (direntry.c in Midnight Commander (mc) 4.5.55 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1175 (fish.c in midnight commander allows remote attackers execute arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1176 (Buffer underflow in extfs.c in Midnight Commander (mc) 4.5.55 and ...) BUG: 77992 CVE-2004-1177 (Cross-site scripting (XSS) vulnerability in the driver script in ...) BUG: 77524 CVE-2004-1178 RESERVED CVE-2004-1179 (The debstd script in debmake 3.6.x before 3.6.10 and 3.7.x before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1180 (Unknown vulnerability in the rwho daemon (rwhod) before 0.17, on ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1181 (htmlheadline before 21.8 allows local users to overwrite arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1182 (hfaxd in HylaFAX before 4.2.1, when installed with a "weak" ...) BUG: 75941 CVE-2004-1183 (Integer overflow in the tiffdump utility for libtiff 3.7.1 and earlier ...) BUG: 75213 CVE-2004-1184 (The EPSF pipe support in enscript 1.6.3 allows remote attackers or ...) BUG: 77408 CVE-2004-1185 (Enscript 1.6.3 does not sanitize filenames, which allows remote ...) BUG: 77408 CVE-2004-1186 (Multiple buffer overflows in enscript 1.6.3 allow remote attackers or ...) BUG: 77408 CVE-2004-1187 (Heap-based buffer overflow in the pnm_get_chunk function for xine ...) BUG: 74475 CVE-2004-1188 (The pnm_get_chunk function in xine 0.99.2 and earlier, and other ...) BUG: 74475 CVE-2004-1189 (The add_to_history function in svr_principal.c in libkadm5srv for MIT ...) BUG: 75143 CVE-2004-1190 (SUSE Linux before 9.1 and SUSE Linux Enterprise Server before 9 do not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1191 (Race condition in SuSE Linux 8.1 through 9.2, when run on SMP systems ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1192 (Format string vulnerability in the lprintf function in Citadel/UX 6.27 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1193 (Prevx Home 1.0 allows local users with administrator privileges to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1194 (Buffer overflow in Star Wars Battlefront 1.11 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1195 (Star Wars Battlefront 1.11 and earlier allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1196 (Cross-site scripting (XSS) vulnerability in inmail.pl in Insite Inmail ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1197 (Cross-site scripting (XSS) vulnerability in inshop.pl in Insite inShop ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1198 (Microsoft Internet Explorer allows remote attackers to cause a denial ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1199 (Safari 1.2.4 on Mac OS X 10.3.6 allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1200 (Firefox and Mozilla allow remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1201 (Opera 7.54 allows remote attackers to cause a denial of service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1202 (Cross-site scripting (XSS) vulnerability in parser.php in phpCMS 1.2.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1203 (parser.php in phpCMS 1.2.1 and earlier, with non-stealth and debug ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1204 (FluxBox 0.9.10 and earlier versions allows local users to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1205 (codebrowserpntm.php in PnTresMailer 6.03 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1206 (Directory traversal vulnerability in codebrowserpntm.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1207 (The Serious engine, as used in (1) Alpha Black Zero Intrepid Protocol ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1208 (Buffer overflow in Orbz 2.10 and earlier allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1209 (Verisign Payflow Link, when running with empty Accepted URL fields, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1210 (Cross-site scripting (XSS) vulnerability in proxylog.dat in IPCop ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1211 (Multiple buffer overflows in the IMAP service in Mercury/32 4.01a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1212 (Directory traversal vulnerability in btdownload.php in Blog Torrent ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1213 (Cross-site scripting (XSS) vulnerability in index.php in Advanced ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1214 (Format string vulnerability in Kreed 1.05 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1215 (Kreed 1.05 and earlier allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1216 (The scripts that handle players in Kreed 1.05 and earlier allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1217 (Hosting Controller 6.1 Hotfix 1.4, and possibly other versions, allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1218 (Remote Execute 2.30 allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1219 (paFileDB 3.1, when using sessions authentication and while the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1220 (Battlefield 1942 1.6.19 and earlier, and Battlefield Vietnam 1.2 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1221 (Directory traversal vulnerability in weblibs.pl in WebLibs 1.0 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1222 (weblibs.pl in WebLibs 1.0 allows remote attackers to execute arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1223 (The Management Agent in F-Secure Policy Manager 5.11.2810 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1224 (Off-by-one error in the mtr_curses_keyaction function for mtr 0.55 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1225 (SQL injection vulnerability in SugarCRM Sugar Sales before 2.0.1a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1226 (SugarCRM Sugar Sales 2.0.1c and earlier allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1227 (Directory traversal vulnerability in SugarCRM Sugar Sales 2.0.1c and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1228 (The install scripts in SugarCRM Sugar Sales 2.0.1c and earlier are not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1229 (Cross-site scripting vulnerability in the parser for Gadu-Gadu allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1230 (Gadu-Gadu allows remote attackers to gain sensitive information and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1231 (Directory traversal vulnerability in Gadu-Gadu allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1232 (Stack-based buffer overflow in the code that sends images in Gadu-Gadu ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1233 (Integer overflow in Gadu-Gadu allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1234 (load_elf_binary in Linux before 2.4.26 allows local users to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1235 (Race condition in the (1) load_elf_library and (2) binfmt_aout ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1236 (Buffer overflow in the LDAP component for Netscape Directory Server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1237 (Unknown vulnerability in the system call filtering code in the audit ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1238 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1239 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1240 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1241 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1242 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1243 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1244 (Windows Media Player 9 allows remote attackers to execute arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1245 RESERVED CVE-2004-1246 RESERVED CVE-2004-1247 RESERVED CVE-2004-1248 RESERVED CVE-2004-1249 RESERVED CVE-2004-1250 RESERVED CVE-2004-1251 RESERVED CVE-2004-1252 RESERVED CVE-2004-1253 RESERVED CVE-2004-1254 (WinRAR 3.40, and possibly earlier versions, allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1255 (Buffer overflow in the expandtabs function in 2fax 3.04 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1256 (Multiple buffer overflows in the (1) event_text and (2) event_specific ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1257 (Buffer overflow in the process_abc function in abc.c for abc2mtex ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1258 (Buffer overflow in the put_words function in subs.c for abcm2ps 3.7.20 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1259 (Multiple buffer overflows in the handle_directive function in abcpp.c ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1260 (Multiple buffer overflows in the (1) write_heading function in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1261 (Multiple buffer overflows in the preparse function in asp2php 0.76.23 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1262 (Buffer overflow in the bsb_open_header function in libbsb for bsb2ppm ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1263 (changepassword.cgi in ChangePassword 0.8, when installed setuid, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1264 (Buffer overflow in the simplify_path function in config.c for ChBg 1.5 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1265 (Buffer overflow in the readObjectChunk function in 3dsimp.cpp for the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1266 (Buffer overflow in the get_field_headers function in csv2xml.cpp for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1267 (Buffer overflow in the ParseCommand function in hpgl-input.c in the ...) BUG: 77023 BUG: 75197 BUG: 74479 CVE-2004-1268 (lppasswd in CUPS 1.1.22 ignores write errors when modifying the CUPS ...) BUG: 77023 BUG: 75197 BUG: 74479 CVE-2004-1269 (lppasswd in CUPS 1.1.22 does not remove the passwd.new file if it ...) BUG: 77023 BUG: 75197 BUG: 74479 CVE-2004-1270 (lppasswd in CUPS 1.1.22, when run in environments that do not ensure ...) BUG: 77023 BUG: 75197 BUG: 74479 CVE-2004-1271 (Buffer overflow in the dxfin function in d.c for dxfscope 0.2 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1272 (Buffer overflow in the save_embedded_address function in filter.c for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1273 (Buffer overflow in the DownloadLoop function in main.c for greed 0.81p ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1274 (The DownloadLoop function in main.c for greed 0.81p allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1275 (Buffer overflow in the remove_quote function in convert.c for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1276 (IglooFTP 0.6.1, when recursively uploading a directory, allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1277 (The download_selection_recursive() function in ftplist.c for IglooFTP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1278 (Buffer overflow in the switch_voice function in parse.c for jcabc2ps ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1279 (Buffer overflow in the get_file_list_stdin function in jpegtoavi 1.5 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1280 (The gui_popup_view_fly function in gui_tview_popup.c for junkie 0.3.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1281 (The ftp_retr function in junkie 0.3.1 allows remote malicious FTP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1282 (Buffer overflow in the strexpand function in string.c for LinPopUp ...) BUG: 74705 CVE-2004-1283 (Buffer overflow in the Mesh::type method in mesh.c for the mview ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1284 (Buffer overflow in the find_next_file function in playlist.c for ...) BUG: 74692 CVE-2004-1285 (Buffer overflow in the get_header function in asf_mmst_streaming.c for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1286 (Buffer overflow in the auto_filter_extern function in auto.c for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1287 (Buffer overflow in the error function in preproc.c for NASM 0.98.38 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1288 (Buffer overflow in the parse_html function in o3read.c for o3read ...) BUG: 74478 CVE-2004-1289 (Multiple buffer overflows in (1) the getline function in pcalutil.c ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1290 (Buffer overflow in the process_moves function in pgn2web.c for pgn2web ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1291 (Buffer overflow in qwik-smtpd allows remote attackers to use the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1292 (Buffer overflow in the parse_emelody function in parse_emelody.c for ...) BUG: 74700 CVE-2004-1293 (Buffer overflow in the ReadFontTbl function in reader.c for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1294 (The mget function in cmds.c for tnftp 20030825 allows remote FTP ...) BUG: 74704 CVE-2004-1295 (The slip_down function in slip.c for the uml_net program in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1296 (The (1) eqn2graph and (2) pic2graph scripts in groff 1.18.1 allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1297 (Buffer overflow in the process_font_table function in convert.c for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1298 (Buffer overflow in the parse function in vb2c.c for vb2c 0.02 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1299 (Buffer overflow in the get_attr function in html.c for vilistextum ...) BUG: 74694 CVE-2004-1300 (Buffer overflow in the open_aiff_file function in demux_aiff.c for ...) BUG: 74475 CVE-2004-1301 (Buffer overflow in the book_format_sql function in format.c for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1302 (The id3tag_sort function in id3tag.c for YAMT 0.5 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1303 (Buffer overflow in the get function in get.c for Yanf 0.4 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1304 (Stack-based buffer overflow in the ELF header parsing code in file ...) BUG: 72521 CVE-2004-1305 (The Windows Animated Cursor (ANI) capability in Windows NT, Windows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1306 (Heap-based buffer overflow in winhlp32.exe in Windows NT, Windows 2000 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1307 (Integer overflow in the TIFFFetchStripThing function in tif_dirread.c ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1308 (Integer overflow in (1) tif_dirread.c and (2) tif_fax3.c for libtiff ...) BUG: 75213 CVE-2004-1309 (Heap-based buffer overflow in the demux_open_bmp function in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1310 (Stack-based buffer overflow in the asf_mmst_streaming.c functionality ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1311 (Integer overflow in the real_setup_and_get_header function in real.c ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1312 (A bug in the HTML parser in a certain Microsoft HTML library, as used ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1313 (The Smc.exe process in My Firewall Plus 5.0 build 1117, and possibly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1314 (Safari 1.x allows remote attackers to spoof arbitrary web sites by ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1315 (viewtopic.php in phpBB 2.x before 2.0.11 improperly URL decodes the ...) BUG: 71681 CVE-2004-1316 (Heap-based buffer overflow in MSG_UnEscapeSearchUrl in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1317 (Stack-based buffer overflow in doexec.c in Netcat for Windows 1.1, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1318 (Cross-site scripting (XSS) vulnerability in namazu.cgi for Namazu ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1319 (The DHTML Edit Control (dhtmled.ocx) allows remote attackers to inject ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1320 (Asante FM2008 running firmware 1.06 is shipped with a default username ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1321 (The configuration backup in Asante FM2008 running firmware 1.06 stores ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1322 (Cisco Unity 2.x, 3.x, and 4.x, when integrated with Microsoft ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1323 (Multiple syscalls in the compat subsystem for NetBSD before 2.0 allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1324 (The Microsoft Windows Media Player 9.0 ActiveX control may allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1325 (The getItemInfoByAtom function in the ActiveX control for Microsoft ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1326 (Buffer overflow in dxterm in Ultrix 4.5 allows local users to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1327 (Buffer overflow in Crystal FTP Client 2.8 allows remote malicious ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1328 (Unknown vulnerability in newgrp in HP-UX B.11.00, B.11.04, and B.11.11 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1329 (Untrusted execution path vulnerability in the diag commands (1) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1330 (Buffer overflow in paginit in AIX 5.1 through 5.3 allows local users ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1331 (The execCommand method in Microsoft Internet Explorer 6.0 SP2 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1332 (Stack-based buffer overflow in the FTP daemon in HP-UX 11.11i, with ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1333 (Integer overflow in the vc_resize function in the Linux kernel 2.4 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1334 (Integer overflow in the ip_options_get function in the Linux kernel ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1335 (Memory leak in the ip_options_get function in the Linux kernel before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1336 (The xdvizilla script in tetex-bin 2.0.2 creates temporary files with ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1337 (The POSIX Capability Linux Security Module (LSM) for Linux kernel 2.6 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1338 (The triggers in Oracle 9i and 10g allow local users to gain privileges ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1339 (SQL injection vulnerability in the (1) MDSYS.SDO_GEOM_TRIG_INS1 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1340 (Debian GNU/Linux 3.0 installs the libpam-radius-auth package with the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1341 (Cross-site scripting (XSS) vulnerability in info2www before 1.2.2.9 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1342 (CVS 1.12 and earlier on Debian GNU/Linux, when using the repouid ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1343 (CVS 1.12 and earlier on Debian GNU/Linux does not properly handle when ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1344 RESERVED CVE-2004-1345 (Unknown vulnerability in Sun StorEdge Enterprise Storage Manager (ESM) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1346 (The Sun Solaris Volume Manager (SVM) on Solaris 9 allows local users ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1347 (X Display Manager (XDM) on Solaris 8 allows remote attackers to cause ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1348 (Unknown vulnerability in in.named on Solaris 8 allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1349 (gzip before 1.3 in Solaris 8, when called with the -f or -force flags, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1350 (Multiple buffer overflows in Sun Java System Web Proxy Server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1351 (Unknown vulnerability in the rwho daemon (in.rwhod) for Solaris 7 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1352 (Buffer overflow in the ping daemon of Sun Solaris 7 through 9 may ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1353 (Unknown vulnerability in LDAP on Sun Solaris 8 and 9, when using Role ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1354 (The Solaris Management Console (SMC) in Sun Solaris 8 and 9 generates ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1355 (Unknown vulnerability in the TCP/IP stack for Sun Solaris 8 and 9 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1356 (Unknown vulnerability in the sendfilev function in Sun Solaris 8 and 9 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1357 (The Secure Shell (SSH) Daemon (SSHD) in Sun Solaris 9 does not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1358 (The patches (1) 114332-08 and (2) 114929-06 for Sun Solaris 9 disable ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1359 (Multiple buffer overflows in uucp for Sun Solaris 2.6, 7, 8, and 9 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1360 (Unknown vulnerability in conv_fix in Sun Solaris 7 through 9, when ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1361 (Integer underflow in winhlp32.exe in Windows NT, Windows 2000 through ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1362 (The PL/SQL module for the Oracle HTTP Server in Oracle Application ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1363 (Buffer overflow in extproc in Oracle 10g allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1364 (Directory traversal vulnerability in extproc in Oracle 9i and 10g ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1365 (Extproc in Oracle 9i and 10g does not require authentication to load a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1366 (Oracle 10g Database Server stores the password for the SYSMAN account ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1367 (Oracle 10g Database Server, when installed with a password that ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1368 (ISQL*Plus in Oracle 10g Application Server allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1369 (The TNS Listener in Oracle 10g allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1370 (Multiple SQL injection vulnerabilities in PL/SQL procedures that run ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1371 (Stack-based buffer overflow in Oracle 9i and 10g allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1372 (Multiple stack-based buffer overflows in IBM DB2 7.x and 8.1 allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1373 (Format string vulnerability in SHOUTcast 1.9.4 allows remote attackers ...) BUG: 75482 CVE-2004-1374 (Multiple buffer overflows in NetBSD kernel may allow local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1375 (Unknown vulnerability in System Administration Manager (SAM) in HP-UX ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1376 (Directory traversal vulnerability in Microsoft Internet Explorer 5.01, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1377 (The (1) fixps (aka fixps.in) and (2) psmandup (aka psmandup.in) ...) BUG: 61500 BUG: 75784 CVE-2004-1378 (The expat XML parser code, as used in the open source Jabber (jabberd) ...) BUG: 64741 CVE-2004-1379 (Heap-based buffer overflow in the DVD subpicture decoder in xine ...) BUG: 64348 CVE-2004-1380 (Firefox before 1.0 and Mozilla before 1.7.5 allows inactive ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1381 (Firefox before 1.0 and Mozilla before 1.7.5 allow inactive ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1382 (The glibcbug script in glibc 2.3.4 and earlier allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1383 (Multiple SQL injection vulnerabilities in phpGroupWare 0.9.16.003 and ...) BUG: 74487 CVE-2004-1384 (Multiple cross-site scripting (XSS) vulnerabilities in phpGroupWare ...) BUG: 74487 CVE-2004-1385 (phpGroupWare 0.9.16.003 and earlier allows remote attackers to gain ...) BUG: 74487 CVE-2004-1386 (TikiWiki before 1.8.4.1 does not properly verify uploaded images, ...) BUG: 75568 CVE-2004-1387 (The check_forensic script in apache-utils package 1.3.31 allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1388 (Format string vulnerability in the gpsd_report function for BerliOS ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1389 (Unknown vulnerability in the Veritas NetBackup Administrative ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1390 (Multiple buffer overflows in the PPPoE daemon (PPPoEd) in QNX RTP 6.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1391 (Untrusted execution path vulnerability in the PPPoE daemon (PPPoEd) in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1392 (PHP 4.0 with cURL functions allows remote attackers to bypass the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1393 (Unknown vulnerability in the tcsetattr function for Sun Solaris ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1394 (The pfexec function for Sun Solaris 8 and 9 does not properly handle ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1395 (The Lithtech engine, as used in (1) Contract Jack 1.1 and earlier, (2) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1396 (Winamp 5.07 and possibly other versions, allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1397 (Cross-site scripting (XSS) vulnerability in UseModWiki 1.0 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1398 (Format string vulnerability in prelink.c in kextload in Apple OS X, as ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1399 (Directory traversal vulnerability in the Attachment module 2.3.10 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1400 (The control panel in ASP Calendar does not require authentication to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1401 (SQL injection vulnerability in verify.asp in Asp-rider allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1402 (SQL injection vulnerability in iWebNegar allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1403 (PHP remote file inclusion vulnerability in index.php in GNUBoard 3.39 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1404 (Attachment Mod 2.3.10 module for phpBB, when used with Apache ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1405 (MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1406 (SQL injection vulnerability in ikonboard.cgi in Ikonboard 3.1.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1407 (Multiple directory traversal vulnerabilities in singapore Image ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1408 (The addImage method for admin.class.php in Image Gallery Web ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1409 (Multiple cross-site scripting vulnerabilities in Image Gallery Web ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1410 (Cross-site scripting (XSS) vulnerability in Gadu-Gadu build 155 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1411 (Gadu-Gadu build 155 and earlier allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1412 (Cross-site scripting (XSS) vulnerability in index.php in Kayako ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1413 (Multiple SQL injection vulnerabilities in Kayako eSupport 2.x allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1414 (Gadu-Gadu 6.1 build 156 allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1415 (SQL injection vulnerability in (1) disp_album.php and possibly (2) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1416 (pnxr3260.dll in the RealOne 2.0 build 6.0.11.868 browser plugin, as ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1417 (Cross-site scripting (XSS) vulnerability in login.php in PsychoStats ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1418 (Cross-site scripting (XSS) vulnerability in WPKontakt 3.0.1 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1419 (PHP remote file inclusion vulnerability in ZeroBoard 4.1pl4 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1420 (Multiple cross-site scripting (XSS) vulnerabilities in header.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1421 (Multiple PHP remote file inclusion vulnerabilities (1) step_one.php, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1422 (WHM AutoPilot 2.4.6.5 and earlier allows remote attackers to gain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1423 (Multiple PHP remote file inclusion vulnerabilities in Sean Proctor ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1424 (Cross-site scripting (XSS) vulnerability in view.php in Moodle 1.4.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1425 (Directory traversal vulnerability in file.php in Moodle 1.4.2 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1426 (Directory traversal vulnerability in index.php in KorWeblog 1.6.2-cvs ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1427 (PHP remote file inclusion vulnerability in main.inc in KorWeblog ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1428 (ArGoSoft FTP before 1.4.2.1 generates an error message if the user ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1429 (ArGoSoft FTP 1.4.2.4 and earlier does not limit the number of times ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1430 (SQL injection vulnerability in the show_stats module in Arcade.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1431 (FormMail.php 5.0, and possibly other versions, allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1432 (Multiple versions of Cisco ONS 15327, ONS 15454, and ONS 15454 SDH, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1433 (Multiple versions of Cisco ONS 15327, ONS 15454, and ONS 15454 SDH, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1434 (Multiple versions of Cisco ONS 15327, ONS 15454, and ONS 15454 SDH, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1435 (Multiple versions of Cisco ONS 15327, ONS 15454, and ONS 15454 SDH, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1436 (The Transaction Language 1 (TL1) login interface in Cisco ONS 15327 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1437 (Multiple buffer overflows in the digest authentication functionality ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1438 (The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier ...) BUG: 57747 CVE-2004-1439 (Buffer overflow in BlackJumboDog 3.x allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1440 (Multiple heap-based buffer overflows in the modpow function in PuTTY ...) BUG: 59383 CVE-2004-1441 (Cross-site scripting (XSS) vulnerability in icq.cgi in Board Power ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1442 (Cross-site scripting (XSS) vulnerability in db2www CGI interpreter in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1443 (Cross-site scripting (XSS) vulnerability in the inline MIME viewer in ...) BUG: 59336 CVE-2004-1444 (Directory traversal vulnerability in Roundup 0.6.4 and earlier allows ...) BUG: 53494 CVE-2004-1445 (A race condition in nessus-adduser in Nessus 2.0.11 and possibly ...) BUG: 58014 CVE-2004-1446 (Unknown vulnerability in ScreenOS in Juniper Networks NetScreen ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1447 (Jetbox One 2.0.8 and possibly other versions stores passwords in the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1448 (Jetbox One 2.0.8 and possibly other versions allow remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1449 (Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1450 (Unknown vulnerability in LiveConnect in Mozilla 1.7 beta allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1451 (Mozilla before 1.6 does not display the entire URL in the status bar ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1452 (Tomcat before 5.0.27-r3 in Gentoo Linux sets the default permissions ...) BUG: 59232 CVE-2004-1453 (GNU glibc 2.3.4 before 2.3.4.20040619, 2.3.3 before 2.3.3.20040420, ...) BUG: 59526 CVE-2004-1454 (Cisco IOS 12.0S, 12.2, and 12.3, with Open Shortest Path First (OSPF) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1455 (Stack-based buffer overflow in Xine-lib-rc5 in xine-lib 1_rc5-r2 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1456 (filediff in CVStrac allows remote attackers to execute arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1457 (The Virtual Private Network (VPN) capability in Novell Bordermanager ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1458 (The CSAdmin web administration interface for Cisco Secure Access ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1459 (Cisco Secure Access Control Server (ACS) 3.2, when configured as a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1460 (Cisco Secure Access Control Server (ACS) 3.2(3) and earlier, when ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1461 (Cisco Secure Access Control Server (ACS) 3.2(3) and earlier spawns a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1462 (Unknown vulnerability in MoinMoin 1.2.2 and earlier allows remote ...) BUG: 57913 CVE-2004-1463 (Unknown vulnerability in the PageEditor in MoinMoin 1.2.2 and earlier, ...) BUG: 57913 CVE-2004-1464 (Cisco IOS 12.2(15) and earlier allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1465 (Multiple buffer overflows in WinZip 9.0 and earlier may allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1466 (The set_time_limit function in Gallery before 1.4.4_p2 deletes ...) BUG: 60742 CVE-2004-1467 (Multiple cross-site scripting (XSS) vulnerabilities in eGroupWare ...) BUG: 61510 CVE-2004-1468 (The web mail functionality in Usermin 1.x and Webmin 1.x allows remote ...) BUG: 63167 CVE-2004-1469 (Format string vulnerability in the log function in SUS 2.0.2, and ...) BUG: 63927 CVE-2004-1470 (CRLF injection vulnerability in SnipSnap 0.5.2a, and other versions ...) BUG: 64154 CVE-2004-1471 (Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1472 (Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R running ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1473 (Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R running ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1474 (Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R running ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1475 (Multiple stack-based buffer overflows in xine-lib 1-rc2 through 1-rc5 ...) BUG: 64348 BUG: 59948 CVE-2004-1476 (Stack-based buffer overflow in the VideoCD (VCD) code in xine-lib ...) BUG: 64348 CVE-2004-1477 (Cross-site scripting (XSS) vulnerability in the Management Console in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1478 (JRun 4.0 does not properly generate and handle the JSESSIONID, which ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1479 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1480 (Unknown vulnerability in the management station in HP StorageWorks ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1481 (Integer overflow in pnen3260.dll in RealPlayer 8 through 10.5 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1482 (The sbuf_getmsg function in BNC incorrectly handles backspace ...) BUG: 66912 CVE-2004-1483 (Multiple unknown vulnerabilities in the ActiveX and HTML file browsers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1484 (Format string vulnerability in the _msg function in error.c in socat ...) BUG: 68547 CVE-2004-1485 (Buffer overflow in the TFTP client in InetUtils 1.4.2 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1486 (Unknown vulnerability in Serviceguard A.11.13 through A.11.16.00 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1487 (wget 1.8.x and 1.9.x allows a remote malicious web server to overwrite ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1488 (wget 1.8.x and 1.9.x does not filter or quote control characters when ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1489 (Opera 7.54 and earlier does not properly limit an applet's access to ...) BUG: 81747 BUG: 74321 BUG: 74076 BUG: 73871 CVE-2004-1490 (Opera 7.54 and earlier allows remote attackers to spoof file types in ...) BUG: 81747 BUG: 74321 BUG: 74076 BUG: 73871 CVE-2004-1491 (Opera 7.54 and earlier uses kfmclient exec to handle unknown MIME ...) BUG: 81747 BUG: 74321 BUG: 74076 BUG: 73871 CVE-2004-1492 (Master of Orion III 1.2.5 and earlier allows remote attackers to cause ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1493 (Master of Orion III 1.2.5 and earlier allows remote attackers to cause ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1494 (Buffer overflow in the Screen Fetch option in XDICT 2002 through 2005 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1495 (The Repair Archive command in WinRAR 3.40 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1496 (Directory traversal vulnerability in Web Forums Server 1.6 and 2.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1497 (Web Forums Server 1.6 and 2.0 Power Pack stores passwords in plaintext ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1498 (SQL injection vulnerability in the compose message form in HELM 3.1.19 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1499 (Cross-site scripting (XSS) vulnerability in the compose message form ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1500 (Format string vulnerability in the Lithtech engine, as used in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1501 (The webmail service in 602 Lan Suite 2004.0.04.0909 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1502 (The Telnet proxy in 602 Lan Suite 2004.0.04.0909 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1503 (Integer overflow in the InitialDirContext in Java Runtime Environment ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1504 (The displaycontent function in config.php for Just Another Flat file ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1505 (Directory traversal vulnerability in index.php in Just Another Flat ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1506 (Multiple cross-site scripting (XSS) vulnerabilities in WebCalendar ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1507 (CRLF injection vulnerability in login.php in WebCalendar allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1508 (init.php in WebCalendar allows remote attackers to execute arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1509 (validate.php in WebCalendar allows remote attackers to gain sensitive ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1510 (WebCalendar allows remote attackers to gain privileges by modifying ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1511 (Hotfoon 4.0 does not notify users before opening links in web ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1512 (Cross-site scripting (XSS) vulnerability in Response_default.html in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1513 (04WebServer 1.42 does not adequately filter data that is written to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1514 (04WebServer 1.42 allows remote attackers to cause a denial of service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1515 (SQL injection vulnerability in (1) ttlast.php and (2) last10.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1516 (CRLF injection vulnerability in index.php in phpWebSite 0.9.3-4 allows ...) BUG: 71502 CVE-2004-1517 (Zone Labs IMsecure and IMsecure Pro before 1.5 allow remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1518 (SQL injection vulnerability in follow.php in Phorum 5.0.12 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1519 (SQL injection vulnerability in bug.php in phpBugTracker 0.9.1 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1520 (Stack-based buffer overflow in IPSwitch IMail 8.13 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1521 (Eudora 6.2.0.14 does not issue a warning when a user forwards an ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1522 (Format string vulnerability in Army Men RTS 1.0 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1523 (Format string vulnerability in the game console in Hired Team: Trial ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1524 (Hired Team: Trial 2.0 and earlier and 2.200 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1525 (Hired Team: Trial 2.0 and earlier and 2.200 allows remote attackers to cause ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1526 (Hired Team: Trial 2.0 and earlier and 2.200 does not limit how game ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1527 (Microsoft Internet Explorer 6.0 SP1 does not properly handle certain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1528 (The Event Calendar module 2.13 for PHP-Nuke allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1529 (Cross-site scripting (XSS) vulnerability in the Event Calendar module ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1530 (SQL injection vulnerability in the Event Calendar module 2.13 for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1531 (SQL injection vulnerability in post.php in Invision Power Board (IPB) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1532 (AppServ 2.5.x and earlier installs a default username and password, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1533 (Buffer overflow in pop3svr.exe for DMS POP3 1.5.3.27 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1534 (ZoneAlarm and ZoneAlarm Pro before 5.5.062, with ad-blocking enabled, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1535 (PHP remote file inclusion vulnerability in admin_cash.php for the Cash ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1536 (SQL injection vulnerability in index.php in the ibProArcade module for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1537 (Cross-site scripting (XSS) vulnerability in popup.php in PHPKIT 1.6.03 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1538 (SQL injection vulnerability in include.php in PHPKIT 1.6.03 through ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1539 (Halo: Combat Evolved 1.05 and earlier allows remote game servers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1540 (ZyXEL Prestige 623, 650, and 652 HW Routers, and possibly other ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1541 (SecureCRT 4.0, 4.1, and possibly other versions, allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1542 (Buffer overflow in Soldier of Fortune II 1.03 Gold and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1543 (Directory traversal vulnerability in viewimg.php in KorWeblog ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1544 (Cross-site scripting (XSS) vulnerability in Search.jsp in JSPWiki ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1545 (UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with Apache ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1546 (Multiple buffer overflows in MDaemon 6.5.1 allow remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1547 (The file server in ActivePost Standard 3.1 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1548 (Directory traversal vulnerability in the file server in ActivePost ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1549 (The conference menu in ActivePost Standard 3.1 sends passwords of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1550 (Motorola Wireless Router WR850G running firmware 4.03 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1551 (Cross-site scripting (XSS) vulnerability in the (1) email or (2) file ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1552 (SQL injection vulnerability in aspWebCalendar allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1553 (SQL injection vulnerability in aspWebAlbum allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1554 (PHP remote file inclusion vulnerability in livre_include.php in @lex ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1555 (Multiple SQL injection vulnerabilities in BroadBoard Instant ASP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1556 (MyWebServer 1.0.3 allows remote attackers to cause a denial of service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1557 (MyWebServer 1.0.3 allows remote attackers to bypass authentication, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1558 (Multiple stack-based buffer overflows in YPOPs! (aka YahooPOPS) 0.4 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1559 (Multiple cross-site scripting (XSS) vulnerabilities in Wordpress 1.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1560 (Microsoft SQL Server 7.0 allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1561 (Buffer overflow in Icecast 2.0.1 and earlier allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1562 (SQL injection vulnerability in redir_url.php in w-Agora 4.1.6a allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1563 (Multiple cross-site scripting (XSS) vulnerabilities in w-Agora 4.1.6a allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1564 (CRLF injection vulnerability in subscribe_thread.php in w-Agora 4.1.6a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1565 (list.php in w-Agora 4.1.6a allows remote attackers to reveal the full ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1566 (Cross-site scripting (XSS) vulnerability in index.php in Silent Storm ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1567 (profile.php in Silent Storm Portal 2.1 and 2.2 allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1568 (Directory traversal vulnerability in ParaChat Server 5.5 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1569 (Buffer overflow in (1) MusicConverter.exe, (2) playlist.exe, and (3) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1570 (SQL injection vulnerability in bBlog 0.7.2 and 0.7.3 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1571 (AJ-Fork 167 allows remote attackers to gain sensitive information via ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1572 (AJ-Fork 167 does not restrict access to directories such as (1) data, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1573 (The documentation for AJ-Fork 167 implies that users should set ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1574 (Buffer overflow in Vypress Messenger 3.5.1 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1575 (The XML parser in Xerces-C++ 2.5.0 allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1576 (Format string vulnerability in Judge Dredd: Dredd vs. Death 1.01 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1577 (index.php in PHP Links allows remote attackers to gain sensitive ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1578 (Cross-site scripting (XSS) vulnerability in index.php in Invision ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1579 (index.php in CubeCart 2.0.1 allows remote attackers to gain sensitive ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1580 (SQL injection vulnerability in index.php in CubeCart 2.0.1 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1581 (BlackBoard 1.5.1 allows remote attackers to gains sensitive ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1582 (PHP remote file inclusion vulnerability in BlackBoard 1.5.1 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1583 (Directory traversal vulnerability in the FTP server in TriDComm 1.3 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1584 (CRLF injection vulnerability in wp-login.php in WordPress 1.2 allows ...) BUG: 65798 CVE-2004-1585 (Flash Messaging 5.2.0g (rev 1.1.2) and earlier allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1586 (Flash Messaging clients can ignore disconnecting commands such as ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1587 (Buffer overflow in Monolith games including (1) Alien versus Predator ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1588 (SQL injection vulnerability in GoSmart Message Board allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1589 (Cross-site scripting (XSS) vulnerability in GoSmart Message Board ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1590 (Clientexec allows remote attackers to gain sensitive information via ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1591 (The web interface for Micronet Wireless Broadband Router SP916BM ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1592 (PHP remote file inclusion vulnerability in index.php in ocPortal 1.0.3 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1593 (Cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1594 (Cross-site scripting (XSS) vulnerability in FuseTalk 4.0 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1595 (Buffer overflow in ShixxNote 6.net build 117 allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1596 (The 3COM Wireless router 3CRADSL72 running Boot Code 1.3d allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1597 (RIM Blackberry 7230 running RIM Blackberry OS 3.7 SP1 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1598 (Adobe Acrobat and Acrobat Reader 6.0 allow remote attackers to read ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1599 (Cross-site scripting (XSS) vulnerability in index.php in CoolPHP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1600 (index.php in CoolPHP 1.0-stable allows remote attackers to gain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1601 (Directory traversal vulnerability in index.php in CoolPHP 1.0-stable ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1602 (ProFTPD 1.2.x, including 1.2.8 and 1.2.10, responds in a different ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1603 (cPanel 9.4.1-RELEASE-64 follows hard links, which allows local users ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1604 (cPanel 9.9.1-RELEASE-3 allows remote authenticated users to chmod ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1605 (SalesLogix 6.1 allows remote attackers to bypass authentication by ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1606 (slxweb.dll in SalesLogix 6.1 allows remote attackers to cause a denial ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1607 (slxweb.dll in SalesLogix 6.1 allows remote attackers to obtain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1608 (SQL injection vulnerability in SalesLogix 6.1 allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1609 (SalesLogix 6.1 includes usernames, passwords, and other sensitive ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1610 (SalesLogix 6.1 uses client-specified pathnames for writing certain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1611 (SalesLogix 6.1 does not verify if a user is authenticated before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1612 (Directory traversal vulnerability in SalesLogix 6.1 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1613 (Mozilla allows remote attackers to cause a denial of service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1614 (Mozilla allows remote attackers to cause a denial of service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1615 (Opera allows remote attackers to cause a denial of service (invalid ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1616 (Links allows remote attackers to cause a denial of service (memory ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1617 (Lynx, lynx-ssl, and lynx-cur before 2.8.6dev.8 allow remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1618 (Vypress Tonecast 1.3 and earlier allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1619 (Buffer overflow in Privateer's Bounty: Age of Sail II allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1620 (CRLF injection vulnerability in Serendipity before 0.7rc1 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1621 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1622 (SQL injection vulnerability in dosearch.php in UBB.threads 3.4.x ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1623 (The WAV file property handler in Windows XP SP1 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1624 (Carbon Copy 6.0.5257 does not drop system privileges when opening ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1625 (pGina 1.7.6 and possibly older versions, when the Restart or Shutdown ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1626 (Buffer overflow in Ability Server 2.34, and possibly other versions, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1627 (Buffer overflow in Ability Server 2.25, 2.32, 2.34, and possibly other ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1628 (Format string vulnerability in log.c in rssh before 2.2.2 allows ...) BUG: 66988 CVE-2004-1629 (Multiple SQL injection vulnerabilities in Dwc_articles 1.6 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1630 (Cross-site scripting (XSS) vulnerability in the login form in Open ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1631 (Open WorkFlow Engine (OpenWFE) 1.4.x allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1632 (Cross-site scripting (XSS) vulnerability in wiki.php in MoniWiki 1.0.8 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1633 (process_bug.cgi in Bugzilla 2.9 through 2.18rc2 and 2.19 from CVS does ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1634 (show_bug.cgi in Bugzilla 2.17.1 through 2.18rc2 and 2.19 from CVS, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1635 (Bugzilla 2.17.1 through 2.18rc2 and 2.19 from cvs, when using the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1636 (Heap-based buffer overflow in the WvTFTPServer::new_connection ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1637 (The Hawking Technologies HAR11A modem/router allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1638 (Buffer overflow in MailCarrier 2.51 allows remote attackers to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1639 (Mozilla Firefox before 0.10, Mozilla 5.0, and Gecko 20040913 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1640 (Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 0.94 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1641 (Heap-based buffer overflow in Titan FTP 3.21 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1642 (WFTPD Pro Server 3.21 allows remote authenticated users to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1643 (WS_FTP 5.0.2 allows remote authenticated users to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1644 (Xedus 1.0 allows remote attackers to cause a denial of service (refuse ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1645 (Cross-site scripting (XSS) vulnerability in Xedus 1.0 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1646 (Directory traversal vulnerability in Xedus 1.0 allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1647 (SQL injection vulnerability in Password Protect allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1648 (Cross-site scripting (XSS) vulnerability in (1) index.asp, (2) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1649 (Buffer overflow in Microsoft Msinfo32.exe might allow local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1650 (D-Link DCS-900 Internet Camera listens on UDP port 62976 for an IP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1651 (Multiple cross-site scripting (XSS) vulnerabilities in the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1652 (phpScheduleIt 1.0.0 RC1 does not clear administrative privileges if ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1653 (The default configuration for OpenSSH enables AllowTcpForwarding, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1654 (SQL injection vulnerability in the calendar module in phpWebsite ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1655 (Cross-site scripting (XSS) vulnerability in phpWebsite 0.9.3-4 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1656 (CRLF injection vulnerability in Comersus Shopping Cart 5.0991 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1657 (Cross-site scripting (XSS) vulnerability in the Activity and Events ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1658 (Kerio Personal Firewall 4.0 (KPF4) allows local users with ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1659 (Cross-site scripting (XSS) vulnerability in index.php in CuteNews ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1660 (PHP remote file inclusion vulnerability in CuteNews 1.3.6 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1661 (MailWorks Professional allows remote attackers to bypass ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1662 (YaBB SE 1.5.1 allows remote attackers to obtain sensitive information ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1663 (Engenio/LSI Logic storage controllers, as used in products such as ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1664 (Call of Duty 1.4 and earlier allows remote attackers to cause a denial ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1665 (Cross-site scripting (XSS) vulnerability in index.php in PsNews 1.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1666 (Buffer overflow in the MSN module in Trillian 0.74i allows remote MSN ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1667 (Off-by-one error in Halo Combat Evolved 1.04 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1668 (Multiple SQL injection vulnerabilities in index.php in Subjects 2.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1669 (Cross-site scripting (XSS) vulnerability in MERAK Mail Server 7.4.5 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1670 (Multiple directory traversal vulnerabilities Merak Mail Server 7.4.5 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1671 (Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly other ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1672 (attachment.html in Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1673 (accountsettings_add.html in Merak Mail Server 7.4.5 with Icewarp Web ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1674 (viewaction.html in Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1675 (Serv-U FTP server 4.x and 5.x allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1676 (Heap-based buffer overflow in the image sending feature in Gadu-Gadu ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1677 (pdesk.cgi in PerlDesk allows remote attackers to gain sensitive ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1678 (Directory traversal vulnerability in pdesk.cgi in PerlDesk allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1679 (Directory traversal vulnerability in TwinFTP 1.0.3 R2 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1680 (application.cgi in the Pingtel Xpressa handset running firmware ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1681 (Multiple buffer overflows in (1) phrelay-cfg, (2) phlocale, (3) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1682 (Format string vulnerability in QNX 6.1 FTP client allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1683 (A race condition in crrtrap for QNX RTP 6.1 allows local users to gain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1684 (Zyxel P681 running ZyNOS Vt020225a contains portions of memory in an ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1685 (SMC routers SMC7004VWBR running firmware 1.00.014 and SMC7008ABR EU ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1686 (Internet Explorer 6.0 in Windows XP SP2 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1687 (CRLF injection vulnerability in down.asp for Snitz Forums 2000 3.4.04 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1688 (Pigeon Server 3.02.0143 and earlier allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1689 (sudoedit (aka sudo -e) in sudo 1.6.8 opens a temporary file with root ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1690 (Cross-site scripting (XSS) vulnerability in the Web Server in DNS4Me ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1691 (The Web Server in DNS4Me 3.0.0.4 allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1692 (Cross-site scripting (XSS) vulnerability in index.php in Mambo 4.5 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1693 (PHP remote file inclusion vulnerability in Function.php in Mambo 4.5 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1694 (Symantec ON Command CCM 5.4.x and iCommand 3.0.x has four default ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1695 (EmuLive Server4 Commerce Edition Build 7560 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1696 (EmuLive Server4 Commerce Edition Build 7560 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1697 (The "Forgot your Password" link in Computer Associates (CA) Unicenter ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1698 (The Base64 function in PopMessenger 1.60 (before 20 Sep 2004) and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1699 (SettingsBase.php in Pinnacle ShowCenter 1.51 allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1700 (Cross-site scripting (XSS) vulnerability in SettingsBase.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1701 (Heap-based buffer overflow in the AuthenticationDialogue function in ...) BUG: 59895 CVE-2004-1702 (The AuthenticationDialogue function in cfservd for Cfengine 2.0.0 to ...) BUG: 59895 CVE-2004-1703 (Fusion News 3.6.1 allows remote attackers to add user accounts, if the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1704 (WpQuiz 2.60b1 through 2.60b8 allows remote attackers to gain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1705 (Buffer overflow in Citadel/UX 6.23 and earlier allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1706 (The U.S. Robotics USR808054 wireless access point allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1707 (The (1) dbsnmp and (2) nmo programs in Oracle 8i, Oracle 9i, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1708 (Webbsyte Chat 0.9.0 allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1709 (Datakey Rainbow iKey2032 USB token, when using the CIP client package, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1710 (page.cgi allows remote attackers to execute arbitrary commands via ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1711 (Cross-site scripting (XSS) vulnerability in post.php in Moodle before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1712 (Cross-site scripting (XSS) vulnerability in TypePad allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1713 (Unknown vulnerability in HP Process Resource Manager (PRM) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1714 (BlackICE PC Protection and Server Protection installs (1) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1715 (Directory traversal vulnerability in MIMEsweeper for Web before 5.0.4 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1716 (Cross-site scripting (XSS) vulnerability in PForum before 1.26 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1717 (Multiple buffer overflows in the psscan function in ps.c for gv ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1718 (The ZwOpenSection function in Integrity Protection Driver (IPD) 1.4 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1719 (Multiple cross-site scripting (XSS) vulnerabilities in Merak Webmail ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1720 (The (1) address.html and possibly (2) calendar.html pages in Merak ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1721 (The (1) function.php or (2) function.view.php scripts in Merak Mail ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1722 (SQL injection vulnerability in calendar.html in Merak Mail Server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1723 (The (1) updateuser.php and (2) forums_prune.php scripts in PHP-Fusion ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1724 (The ReadMe First.txt file in PHP-Fusion 4.0 instructs users to set the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1725 (Stack-based buffer overflow in xvbmp.c in XV allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1726 (Multiple integer overflows in (1) xviris.c, (2) xvpcx.c, and (3) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1727 (BadBlue 2.5 allows remote attackers to cause a denial of service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1728 (Buffer overflow in British National Corpus SARA (sarad) allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1729 (Cross-site scripting (XSS) vulnerability in Nihuo Web Log Analyzer 1.6 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1730 (Cross-site scripting (XSS) vulnerability in Mantis bugtracker allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1731 (signup_page.php in Mantis bugtracker allows remote attackers to send ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1732 (SQL injection vulnerability in out.ViewFolder.php in MyDMS before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1733 (Directory traversal vulnerability in MyDMS 1.4.2 and other versions ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1734 (PHP remote file inclusion vulnerability in Mantis 0.19.0a allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1735 (Cross-site scripting (XSS) vulnerability in the create list option in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1736 (Cacti 0.8.5a allows remote attackers to gain sensitive information via ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1737 (SQL injection vulnerability in auth_login.php in Cacti 0.8.5a allows ...) BUG: 60630 CVE-2004-1738 (Cross-site scripting (XSS) vulnerability in page.php in JShop allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1739 (Bird Chat 1.61 allows remote attackers to cause a denial of service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1740 (Music daemon (musicd) 0.0.3 and earlier allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1741 (Music daemon (musicd) 0.0.3 and earlier allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1742 (Directory traversal vulnerability in WebAPP 0.9.9 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1743 (Easy File Sharing (EFS) Webserver 1.25 allows remote attackers to view ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1744 (Easy File Sharing (EFS) Webserver 1.25 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1745 (Buffer overflow in Painkiller 1.3.1 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1746 (Cross-site scripting (XSS) vulnerability in index.php in PHP Code ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1747 (Cross-site scripting (XSS) vulnerability in NetworkEverywhere NR041 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1748 (NtRegmon before 6.12 allows local users to cause a denial of service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1749 (Attack Mitigator IPS 5500 3.11.008, and possibly other versions, when ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1750 (RealVNC 4.0 and earlier allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1751 (Ground Control II: Operation Exodus 1.0.0.7 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1752 (Stack-based buffer overflow in Gaucho 1.4 Build 145 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1753 (The Apple Java plugin, as used in Netscape 7.1 and 7.2, Mozilla 1.7.2, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1754 (The DNS proxy (DNSd) for multiple Symantec Gateway Security products ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1755 (The Web Services fat client for BEA WebLogic Server and Express 7.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1756 (BEA WebLogic Server and WebLogic Express 8.1 SP2 and earlier, and 7.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1757 (BEA WebLogic Server and Express 8.1, SP1 and earlier, stores the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1758 (BEA WebLogic Server and WebLogic Express version 8.1 up to SP2, 7.0 up ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1759 (Cisco voice products, when running the IBM Director Agent on IBM ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1760 (The default installation of Cisco voice products, when running the IBM ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1761 (Unknown vulnerability in Ethereal 0.8.13 to 0.10.2 allows attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1762 (Unknown vulnerability in F-Secure Anti-Virus (FSAV) 4.52 for Linux ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1763 (Buffer overflow in hsrun.exe for HAHTsite Scenario Server 5.1 Patch 06 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1764 (Buffer overflow in CDE libDtSvc on HP-UX B.11.00, B.11.04, B.11.11, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1765 (Off-by-one buffer overflow in ModSecurity (mod_security) 1.7.4 for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1766 (The default installation of NetScreen-Security Manager before Feature ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1767 (The kernel in Solaris 2.6, 7, 8, and 9 allows local users to gain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1768 (The character converters in the Spamhunter and Language ID modules for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1769 (The "Allow cPanel users to reset their password via email" feature in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1770 (The login page for cPanel 9.1.0, and possibly other versions, allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1771 (Scalable OGo (SOGo) 1.0 allows remote authenticated users to bypass ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1772 (Stack-based buffer overflow in shar in GNU sharutils 4.2.1 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1773 (Multiple buffer overflows in sharutils 4.2.1 and earlier may allow ...) BUG: 65773 CVE-2004-1774 (Buffer overflow in the SDO_CODE_SIZE procedure of the MD2 package ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1775 (Cisco VACM (View-based Access Control MIB) for Catalyst Operating ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1776 (Cisco IOS 12.1(3) and 12.1(3)T allows remote attackers to read and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1777 (A "range check error" in Skype for Windows before 0.98.0.28 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1778 (Skype 0.92.0.12 and 1.0.0.1 for Linux, and possibly other versions, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1779 (Cross-site scripting (XSS) vulnerability in board.php for ThWboard ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1780 (Info Touch Surfnet kiosk allows local users to deposit extra time into ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1781 (Info Touch Surfnet kiosk allows local users to crash Surfnet and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1782 (athenareg.php in Athena Web Registration allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1783 (Directory traversal vulnerability in Net2Soft Flash FTP Server 1.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1784 (Buffer overflow in the web server of Webcam Watchdog 3.63 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1785 (SQL injection vulnerability in calendar.php for Invision Power Board ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1786 (PortalApp places user credentials under the web root with insufficient ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1787 (SQL injection vulnerability in PostCalendar 4.0.0 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1788 (ASP-Nuke 1.3 and earlier places user credentials under the web ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1789 (Cross-site scripting (XSS) vulnerability in the web management ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1790 (Cross-site scripting (XSS) vulnerability in the web management ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1791 (The web management interface in Edimax AR-6004 ADSL Routers uses a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1792 (swnet.dll in YaSoft Switch Off 2.3 and earlier allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1793 (Stack-based buffer overflow in swnet.dll in YaSoft Switch Off 2.3 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1794 (Cross-site scripting (XSS) vulnerability in the VCard4J Toolkit allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1795 (Info Touch Surfnet kiosk allows local users to access the underlying ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1796 (PHP remote file inclusion vulnerability in HotNews 0.7.2 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1797 (Cross-site scripting (XSS) vulnerability in search.php for FreznoShop ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1798 (RealOne player 6.0.11.868 allows remote attackers to execute arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1799 (PF in certain OpenBSD versions, when stateful filtering is enabled, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1800 (Unknown vulnerability in Sysbotz SimpleData 4.0.1 and possibly earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1801 (Directory traversal vulnerability in PWebServer 0.3.3 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1802 (Chat Anywhere 2.72 and earlier allows remote attackers to hide their ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1804 (wMCam server 2.1.348 allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1805 (Format string vulnerability in games using the Epic Games Unreal ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1806 (SQL injection vulnerability in index.cfm in CFWebstore 5.0 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1807 (Cross-site scripting (XSS) vulnerability in index.cfm in CFWebstore ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1808 (Extcompose in metamail does not verify the output file before writing ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1809 (Cross-site scripting (XSS) vulnerability in phpBB 2.0.6d and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1810 (The Javascript engine in Opera 7.23 allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1811 (The SSL HTTP Server in HP Web-enabled Management Software 5.0 through ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1812 (Multiple stack-based buffer overflows in Agent Common Services (1) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1813 (VocalTec VGW4/8 Gateway 8.0 allows remote attackers to bypass ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1814 (Directory traversal vulnerability in VocalTec VGW4/8 Gateway 8.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1815 (Unknown vulnerability in ColdFusion MX 6.0 and 6.1, and JRun 4.0, when ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1816 (Unknown vulnerability in Sun Java System Application Server 7.0 Update ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1817 (Cross-site scripting (XSS) vulnerability in modules.php in Php-Nuke ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1818 (Cross-site scripting (XSS) vulnerability in nmimage.php in 4nalbum ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1819 (4nalbum 0.92 for PHP-Nuke 6.5 through 7.0 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1820 (PHP remote file inclusion vulnerability in displaycategory.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1821 (SQL injection vulnerability in 4nalbum 0.92 for PHP-Nuke 6.5 through ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1822 (Multiple cross-site scripting (XSS) vulnerabilities in Phorum 3.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1823 (Multiple cross-site scripting (XSS) vulnerabilities in Jelsoft ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1824 (Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1825 (Cross-site scripting (XSS) vulnerability in index.php in Mambo Open ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1826 (SQL injection vulnerability in index.php in Mambo Open Source 4.5 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1827 (Cross-site scripting (XSS) vulnerability in YaBB 1 Gold(SP1.3) and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1828 (Vcard 2.9 and possibly other versions does not require authorization ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1829 (Multiple cross-site scripting (XSS) vulnerabilities in error.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1830 (error.php in Error Manager 2.1 for PHP-Nuke 6.0 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1831 (Buffer overflow in Chrome 1.2.0.0 and earlier allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1832 (Buffer overflow in the GUI admin service in Mac OS X Server 10.3 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1833 (The admin.ib file in Borland Interbase 7.1 for Linux has default world ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1834 (mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1835 (Multiple SQL injection vulnerabilities in index.php in Invision ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1836 (SQL injection vulnerability in index.php in Invision Power Top Site ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1837 (Cross-site scripting (XSS) vulnerability in Mod_survey 3.0.x before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1838 (Directory traversal vulnerability in xweb 1.0 allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1839 (MS Analysis module 2.0 for PHP-Nuke allows remote attackers to obtain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1840 (Multiple cross-site scripting (XSS) vulnerabilities in MS Analysis ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1841 (SQL injection vulnerability in MS Analysis module 2.0 for PHP-Nuke ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1842 (Cross-site request forgery (CSRF) vulnerability in Php-Nuke 6.x ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1843 (SQL injection vulnerability in Member Management System 2.1 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1844 (Cross-site scripting (XSS) vulnerability in Member Management System ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1845 (Multiple cross-site scripting (XSS) vulnerabilities in News Manager ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1846 (Multiple SQL injection vulnerabilities in News Manager Lite 2.5 allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1847 (News Manager Lite 2.5 allows remote attackers to bypass authentication ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1848 (Ipswitch WS_FTP Server 4.0.2 allows remote attackers to cause a denial ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1849 (Multiple cross-site scripting (XSS) vulnerabilities in cPanel 9.1.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1850 (The Rage 1.01 and earlier allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1851 (Dameware Mini Remote Control 4.1.0.0 uses insufficiently random data ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1852 (DameWare Mini Remote Control 3.x before 3.74 and 4.x before 4.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1853 (Buffer overflow in Terminator 3: War of the Machines 1.0 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1854 (Buffer overflow in the logging function in Picophone 1.63 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1855 (Dark Age of Camelot before 1.68 live patch does not sign the RSA ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1856 (devices_update_printer_fw_upload.hts in HP Web JetAdmin 7.5.2546, when ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1857 (Directory traversal vulnerability in setinfo.hts in HP Web Jetadmin ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1858 (HP Web Jetadmin 7.5.2546 allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1859 (Directory traversal vulnerability in Trend Micro Interscan Web ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1860 (Buffer overflow in Check Point SmartDashboard in Check Point NG AI R54 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1861 (Invision NetSupport School Pro uses a weak encryption algorithm to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1862 (Multiple cross-site scripting (XSS) vulnerabilities in Extreme ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1863 (Multiple cross-site scripting (XSS) vulnerabilities in XMB (aka ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1864 (SQL injection vulnerability in Extreme Messageboard (XMB) 1.9 beta ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1865 (Cross-site scripting (XSS) vulnerability in the administration panel ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1866 (nstxd in Nstx 1.1 beta3 and earlier allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1867 (Cross-site scripting (XSS) vulnerability in guest.cgi in Fresh Guest ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1868 (Stack-based buffer overflow in WinSig.exe in eSignal 7.5 and 7.6 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1869 (Etherlords I 1.07 and earlier and Etherlords II 1.03 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1870 (Multiple SQL injection vulnerabilities in PhotoPost PHP Pro 4.6.x and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1871 (Multiple cross-site scripting (XSS) vulnerabilities in PhotoPost PHP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1872 (Cross-site scripting (XSS) vulnerability in WebCT Campus Edition ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1873 (SQL injection vulnerability in category.asp in A-CART Pro and A-CART ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1874 (Multiple cross-site scripting (XSS) vulnerabilities in (1) deliver.asp ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1875 (Multiple cross-site scripting (XSS) vulnerabilities in cPanel ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1876 (The "%f" feature in the VirusEvent directive in Clam AntiVirus daemon ...) BUG: 46264 CVE-2004-1877 (The p_submit_url value in the sample login form in the Oracle 9i ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1878 (LINBOX LIN:BOX allows remote attackers to bypass authentication, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1879 (Cross-site scripting (XSS) vulnerability in PHPKIT 1.6.03 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1880 (Memory leak in the back-bdb backend for OpenLDAP 2.1.12 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1881 (SQL injection vulnerability in (1) mailorder.asp or (2) payonline.asp ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1882 (Cross-site scripting (XSS) vulnerability in popuplargeimage.asp in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1883 (Multiple buffer overflows in Ipswitch WS_FTP Server 4.0.2 (1) allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1884 (Ipswitch WS_FTP Server 4.0.2 has a backdoor XXSESS_MGRYY username with ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1885 (Ipswitch WS_FTP Server 4.0.2 allows remote authenticated users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1886 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1887 (Ada Image Server (ImgSvr) 0.4 allows remote attackers to view ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1888 (display.cgi in Aborior Encore WebForum allows remote to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1889 (Unknown vulnerability in ftpd in SGI IRIX 6.5.20 through 6.5.23 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1890 (Unknown vulnerability in ftpd in SGI IRIX 6.5.20 through 6.5.23 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1891 (The ftp_syslog function in ftpd in SGI IRIX 6.5.20 "doesn't work with ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1892 (Stack-based buffer overflow in DecodeBase16 function, as used in the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1893 (Dreamweaver MX, when "Using Driver On Testing Server" or "Using DSN on ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1894 (TEXutil in ConTEXt, when executed with the --silent option, allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1895 (YaST Online Update (YOU) in SuSE 8.2 and 9.0 allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1896 (Heap-based buffer overflow in in_mod.dll in Nullsoft Winamp 2.91 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1897 (Administration interface in Monit 1.4 through 4.2 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1898 (Stack-based buffer overflow in the administration interface in Monit ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1899 (The administration interface in Monit 1.4 through 4.2 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1900 (Format string vulnerability in the logging function in IGI 2 Covert ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1901 (Portage before 2.0.50-r3 allows local users to overwrite arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1902 (The Citrix MetaFrame Password Manager 2.0, when a central credential ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1903 (Buffer overflow in blaxxun 3D 7.0 allows remote attackers to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1904 (Buffer overflow in ascontrol.dll in Panda ActiveScan 5.0 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1905 (ascontrol.dll in Panda ActiveScan 5.0 allows remote attackers to cause ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1906 (Mcafee FreeScan allows remote attackers to cause a denial of service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1907 (The Web Filtering functionality in Kerio Personal Firewall (KPF) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1908 (McFreeScan.CoMcFreeScan.1 ActiveX object in Mcafee FreeScan allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1909 (Claim Anti-Virus (ClamAV) 0.68 and earlier allows remote attackers to ...) BUG: 45357 CVE-2004-1910 (rufsi.dll in Symantec Virus Detection allows remote attackers to cause ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1911 (Cross-site scripting (XSS) vulnerability in AzDGDatingLite 2.1.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1912 (The (1) modules.php, (2) block-Calendar.php, (3) block-Calendar1.php, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1913 (Cross-site scripting (XSS) vulnerability in modules.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1914 (SQL injection vulnerability in modules.php in NukeCalendar 1.1.a, as ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1915 (Buffer overflow in the parse_all_client_messages function in LCDproc ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1916 (Multiple buffer overflows in LCDProc 0.4.1, and possibly other 0.4.x ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1917 (Format string vulnerability in test_func_func in LCDProc 0.4.1 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1918 (RSniff 1.0 allows remote attackers to cause a denial of service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1919 (The hash_strcmp function in hasch.c in Crackalaka 1.0.8 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1920 (X-Micro WLAN 11b Broadband Router 1.2.2, 1.2.2.3, 1.2.2.4, and 1.6.0.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1921 (X-Micro WLAN 11b Broadband Router 1.6.0.1 has a hardcoded "1502" ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1922 (Microsoft Internet Explorer 5.5 and 6.0 allocates memory based on the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1923 (Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1924 (Multiple cross-site scripting (XSS) vulnerabilities in Tiki ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1925 (Multiple SQL injection vulnerabilities in Tiki CMS/Groupware ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1926 (Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1927 (Directory traversal vulnerability in the map feature (tiki-map.phtml) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1928 (The image upload feature in Tiki CMS/Groupware (TikiWiki) 1.8.1 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1929 (SQL injection vulnerability in the bblogin function in functions.php ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1930 (Cross-site scripting (XSS) vulnerability in the cookiedecode function ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1932 (SQL injection vulnerability in (1) auth.php and (2) admin.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1933 (Citadel/UX 5.00 through 6.14 installs the database directory and files ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1934 (PHP remote file inclusion vulnerability in affich.php in Gemitel 3.50 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1935 (Cross-site scripting (XSS) vulnerability in SCT Campus Pipeline allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1936 (ZoneAlarm Pro 4.5.538.001 and possibly other versions allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1937 (Multiple directory traversal vulnerabilities in Nuked-KlaN 1.4b and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1938 (SQL injection vulnerability in userlogin.php in Phorum 3.4.7 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1939 (Cross-site scripting (XSS) vulnerability in Zaep AntiSpam 2.0 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1940 (sipclient.cpp in KPhone 4.0.1 and earlier allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1941 (Fastream NETFile FTP/Web Server 6.5.1.980 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1942 (The Solaris 9 patches 113579-02 through 113579-05, and 114342-02 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1943 (PHP remote file inclusion vulnerability in album_portal.php in phpBB ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1944 (Eudora 6.1 and 6.0.3 for Windows allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1945 (Buffer overflow in Kinesphere eXchange POP3 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1946 (Format string vulnerability in the PRINT_ERROR function in common.c ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1947 (The AVXSCANONLINE.AvxScanOnlineCtrl.1 ActiveX control in BitDefender ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1948 (NcFTP client 3.1.6 and 3.1.7, when the username and password are ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1949 (SQL injection vulnerability in PostNuke 7.2.6 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1950 (phpBB 2.0.8a and earlier trusts the IP address that is in the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1951 (xine 1.x alpha, 1.x beta, and 1.0rc through 1.0rc3a, and xine-ui ...) BUG: 48108 BUG: 48107 BUG: 45448 CVE-2004-1952 (SQL injection vulnerability in Advanced Guestbook 2.2 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1953 (phProfession 2.5 allows remote attackers to gain sensitive information ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1954 (Cross-site scripting (XSS) vulnerability in modules.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1955 (SQL injection vulnerability in modules.php in phProfession 2.5 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1956 (PostNuke 0.7.2.6 allows remote attackers to gain information via a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1957 (Multiple cross-site scripting (XSS) vulnerabilities in PostNuke 0.726 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1958 (Directory traversal vulnerability in manifest.ini in Unreal engine ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1959 (blocker_query.php in Protector System 1.15b1 for PHP-Nuke allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1960 (Cross-site scripting (XSS) vulnerability in blocker_query.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1961 (blocker.php in Protector System 1.15b1 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1962 (SQL injection vulnerability in index.php in Protector System 1.15b1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1963 (nqt.php in Network Query Tool (NQT) 1.6 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1964 (Cross-site scripting (XSS) vulnerability in nqt.php in Network Query ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1965 (Multiple cross-site scripting (XSS) vulnerabilities in Open Bulletin ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1966 (Multiple SQL injection vulnerabilities in Open Bulletin Board (OpenBB) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1967 (Cross-site request forgery (CSRF) vulnerabilities in (1) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1968 (The readmsg action in myhome.php in Open Bulletin Board (OpenBB) 1.0.6 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1969 (The avatar upload capability in Open Bulletin Board (OpenBB) 1.0.6 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1970 (Samsung SmartEther SS6215S switch, and possibly other Samsung ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1971 (modules.php in PHP-Nuke Video Gallery Module 0.1 Beta 5 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1972 (SQL injection vulnerability in modules.php in PHP-Nuke Video Gallery ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1973 (DiGi Web Server allows remote attackers to cause a denial of service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1974 (paFileDB 3.1 allows remote attackers to gain sensitive information via ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1975 (Cross-site scripting (XSS) vulnerability in the category module in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1976 (SMC Barricade broadband router 7008ABR and 7004VBR enable remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1977 (3com NBX IP VOIP NetSet Configuration Manager allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1978 (Cross-site scripting (XSS) vulnerability in help.php in Moodle before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1979 (Cross-site scripting (XSS) vulnerability in do_search.php in PROPS ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1980 (Directory traversal vulnerability in glossary.php in PROPS 0.6.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1981 (The web interface for Crystal Reports allows remote attackers to cause ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1982 (Post.pl in YaBB 1 Gold SP 1.2 allows remote attackers to modify ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1983 (The arch_get_unmapped_area function in mmap.c in the PaX patches for ...) BUG: 55698 BUG: 54976 BUG: 53804 BUG: 49637 BUG: 47881 CVE-2004-1984 (Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1985 (Cross-site scripting (XSS) vulnerability in menu.inc.php in Coppermine ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1986 (Directory traversal vulnerability in modules.php in Coppermine Photo ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1987 (picmgmtbatch.inc.php in Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1988 (PHP remote file inclusion vulnerability in init.inc.php in Coppermine ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1989 (PHP remote file inclusion vulnerability in theme.php in Coppermine ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1990 (Aldo's Web Server (aweb) 1.5 allows remote attackers to gain sensitive ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1991 (Directory traversal vulnerability in Aldo's Web Server (aweb) 1.5 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1992 (Buffer overflow in Serv-U FTP server before 5.0.0.6 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1993 (The patch to the checklogin function in omail.pl for omail webmail ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1994 (FuseTalk 4.0 allows remote attackers to ban other users via a direct ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1995 (Cross-Site Request Forgery (CSRF) vulnerability in FuseTalk 2.0 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1996 (Cross-site scripting (XSS) vulnerability in Simple Machines Forum ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1997 (Kolab stores OpenLDAP passwords in plaintext in the slapd.conf file, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1998 (The Downloads module in Php-Nuke 6.x through 7.2 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-1999 (Cross-site scripting (XSS) vulnerability in the Downloads module in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2000 (SQL injection vulnerability in the Downloads module in Php-Nuke 6.x ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2001 (ifconfig "-arp" in SGI IRIX 6.5 through 6.5.22m does not properly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2002 (Unknown vulnerability in SGI IRIX 6.5 through 6.5.22m allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2003 (Buffer overflow in the ssl_prcert function in the SSLway filter ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2004 (The Live CD in SUSE LINUX 9.1 Personal edition is configured without a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2005 (Buffer overflow in Eudora for Windows 5.2.1, 6.0.3, and 6.1 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2006 (Trend Micro OfficeScan 3.0 - 6.0 has default permissions of "Everyone ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2007 (Cross-site scripting (XSS) vulnerability in modules.php in NukeJokes ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2008 (SQL injection vulnerability in modules.php in NukeJokes 1.7 and 2 Beta ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2009 (NukeJokes 1.7 and 2 Beta allows remote attackers to obtain the full ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2010 (PHP remote file inclusion vulnerability in index.php in phpShop 0.7.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2011 (msxml3.dll in Internet Explorer 6.0.2600.0 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2012 (The systrace_exit function in the systrace utility for NetBSD-current ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2013 (Integer overflow in the SCTP_SOCKOPT_DEBUG_NAME SCTP socket option in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2014 (Wget 1.9 and 1.9.1 allows local users to overwrite arbitrary files via ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2015 (Cross-site scripting (XSS) vulnerability in WebCT Campus Edition ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2016 (Stack-based buffer overflow in the HTTP server in NetChat 7.3 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2017 (Multiple cross-site scripting (XSS) vulnerabilities in Turbo Traffic ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2018 (PHP remote file inclusion vulnerability in index.php in Php-Nuke 6.x ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2019 (The WebLinks module in Php-Nuke 6.x through 7.3 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2020 (Multiple cross-site scripting (XSS) vulnerabilities in Php-Nuke 6.x ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2021 (Directory traversal vulnerability in file_manager.php in osCommerce ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2022 (ActivePerl 5.8.x and others, and Larry Wall's Perl 5.6.1 and others, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2023 (SQL injection vulnerability in login.php in Zen Cart 1.1.2d, 1.1.4 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2024 (The distribution of Zen Cart 1.1.4 before patch 2 includes certain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2025 (SQL injection vulnerability in application_top.php for Zen Cart 1.1.3 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2026 (Format string vulnerability in the logmsg function in svc.c for Pound ...) BUG: 50421 CVE-2004-2027 (Buffer overflow in Icecast 2.0.0 and earlier allows remote attackers ...) BUG: 50935 CVE-2004-2028 (Cross-site scripting (XSS) vulnerability in stats.php in e107 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2029 (The Util_DecodeHTTPAuth function in BNBT BitTorrent Tracker Beta 7.5 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2030 (Multiple cross-site scripting (XSS) vulnerabilities in index.jsp for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2031 (Cross-site scripting (XSS) vulnerability in user.php in e107 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2032 (Netgear RP114 allows remote attackers to bypass the keyword based URL ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2033 (Orenosv 0.5.9f allows remote attackers to cause a denial of service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2034 (Buffer overflow in the (1) WTHoster and (2) WebDriver modules in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2035 (MiniShare 1.3.2 allows remote attackers to cause a denial of service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2036 (SQL injection vulnerability in the art_print function in print.inc.php ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2037 (Buffer overflow in Mollensoft Lightweight FTP Server 3.6 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2038 (Cross-site scripting (XSS) vulnerability in Land Down Under (LDU) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2039 (e107 0.615 allows remote attackers to obtain sensitive information via ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2040 (Multiple cross-site scripting (XSS) vulnerabilities in e107 0.615 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2041 (PHP remote file inclusion vulnerability in secure_img_render.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2042 (Multiple SQL injection vulnerabilities in e107 0.615 allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2043 (Buffer overflow in ibserver for Firebird Database 1.0 and other ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2044 (PHP-Nuke 7.3, and other products that use the PHP-Nuke codebase such ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2045 (The HTTP administration interface on Conceptronic CADSLR1 ADSL router ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2046 (Unknown vulnerability in APC PowerChute Business Edition 6.0 through ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2047 (Directory traversal vulnerability in EasyWeb FileManager 1.0 RC-1 for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2048 (radmin in eSeSIX Thintune thin clients running firmware 2.4.38 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2049 (eSeSIX Thintune thin clients running firmware 2.4.38 and earlier store ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2050 (eSeSIX Thintune thin clients running firmware 2.4.38 and earlier allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2051 (The Phoenix browser in eSeSIX Thintune thin clients running firmware ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2052 (eSeSIX Thintune thin clients running firmware 2.4.38 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2053 (PHP remote file inclusion vulnerability in index.php in EasyIns ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2054 (CRLF injection vulnerability in PhpBB 2.0.4 and 2.0.9 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2055 (Cross-site scripting (XSS) vulnerability in search.php for PhpBB 2.0.4 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2056 (SQL injection vulnerability in action.php in Nucleus CMS 3.01 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2057 (SQL injection vulnerability in ASPRunner 2.4 allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2058 (ASPRunner 2.4 allows remote attackers to gain sensitive information ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2059 (Multiple cross-site scripting vulnerabilities in ASPRunner 2.4 allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2060 (ASPRunner 2.4 stores the database under the web root in the db ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2061 (RiSearch 1.0.01 and RiSearch Pro 3.2.06 allows remote attackers to use ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2062 (SQL injection vulnerability in antiboard.php in AntiBoard 0.7.2 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2063 (Cross-site scripting (XSS) vulnerability in antiboard.php in AntiBoard ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2064 (Cross-site scripting (XSS) vulnerability in lostBook 1.1 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2065 (DansGuardian 2.8 and earlier allows remote attackers to bypass the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2066 (SQL injection vulnerability in session.php in LinPHA 0.9.4 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2067 (SQL injection vulnerability in controlpanel.php in Jaws Framework and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2068 (fetchnews in leafnode 1.9.47 and earlier allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2069 (sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly other versions, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2070 (The Altiris Client Service for Windows 5.6 SP1 Hotfix E (5.6.181) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2071 (Macallan Mail Solution 2.8.4.6 (Build 260), and possibly earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2072 (Cross-site scripting (XSS) vulnerability in index.php for Mambo Open ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2073 (Linux-VServer 1.24 allows local users with root privileges on a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2074 (Format string vulnerability in Dream FTP 1.02 allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2075 (Sophos Anti-Virus 3.78 allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2076 (Cross-site scripting (XSS) vulnerability in search.php for Jelsoft ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2077 (Nadeo Game Engine for Nadeo TrackMania and Nadeo Virtual Skipper 3 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2078 (Red-M Red-Alert 2.7.5 with software 3.1 build 24 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2079 (Red-M Red-Alert 2.7.5 with software 3.1 build 24 binds authentication ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2080 (Red-M Red-Alert 2.7.5 with software 3.1 build 24 converts multiple ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2081 (The samiftp.dll library in Sami FTP Server 1.1.3 allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2082 (The samiftp.dll library in Sami FTP Server 1.1.3 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2083 (Opera Web Browser 7.0 through 7.23 allows remote attackers to trick ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2084 (Cross-site scripting (XSS) vulnerability in search.php in JShop ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2085 (Multiple cross-site scripting (XSS) vulnerabilities in Brad Fears ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2086 (Stack-based buffer overflow in results.stm for Sambar Server before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2087 (Unknown vulnerability in SandSurfer before 1.7.0 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2088 (Sophos Anti-Virus 3.78 allows remote attackers to bypass virus ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2089 (Matrix FTP Server allows remote attackers to cause a denial of service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2090 (Microsoft Internet Explorer 5.0.1 through 6.0 allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2091 (Microsoft Baseline Security Analyzer (MBSA) 1.2 does not correctly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2092 (eTrust InoculateIT for Linux 6.0 uses insecure permissions for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2093 (Buffer overflow in the open_socket_out function in socket.c for rsync ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2094 (Cross-site scripting (XSS) vulnerability in WebcamXP 1.06.945 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2095 (Honeyd before 0.8 replies to TCP packets with the SYN and RST flags ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2096 (Cross-site scripting (XSS) vulnerability in Mephistoles httpd 0.6.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2097 (Multiple scripts on SuSE Linux 9.0 allow local users to overwrite ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2098 (Cross-site scripting (XSS) vulnerability in the banner engine (TBE) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2099 (Buffer overflow in Need for Speed Hot Pursuit 2.0 client (NFSHP2), ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2100 (GeoHttpServer, when configured to authenticate users, allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2101 (The sysinfo script in GeoHttpServer allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2102 (Cross-site scripting (XSS) vulnerability in FREESCO 2.05, a modified ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2103 (Cross-site scripting (XSS) vulnerability in Novell NetWare Enterprise ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2104 (Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2105 (The webacc servlet in Novell NetWare Enterprise Web Server 5.1 and 6.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2106 (Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2107 (Finjan SurfinGate 6.0 and 7.0, when running in proxy mode, does not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2108 (Multiple SQL injection vulnerabilities in QuadComm Q-Shop allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2109 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2110 (SQL injection vulnerability in register.php in Phorum before 3.4.6 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2111 (Stack-based buffer overflow in the site chmod command in Serv-U FTP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2112 (Directory traversal vulnerability in BremsServer 1.2.4 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2113 (Cross-site scripting (XSS) vulnerability in BremsServer 1.2.4 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2114 (Stack-based and heap-based buffer overflows in ProxyNow! 2.75 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2115 (Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2116 (Directory traversal vulnerability in Tiny Server 1.1 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2117 (Tiny Server 1.1 allows remote attackers to cause a denial of service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2118 (Tiny Server 1.1 allows remote attackers to cause a denial of service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2119 (Cross-site scripting (XSS) vulnerability in Tiny Server 1.1 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2120 (Reptile Web Server allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2121 (Multiple directory traversal vulnerabilities in Borland Web Server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2122 (Cross-site scripting (XSS) vulnerability in intraforum_db.cgi in Intra ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2123 (Multiple cross-site scripting (XSS) vulnerabilities in Nextplace.com ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2124 (The register_globals simulation capability in Gallery 1.3.1 through ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2125 (Buffer overflow in blackd.exe for BlackICE PC Protection 3.6 and other ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2126 (The upgrade for BlackICE PC Protection 3.6 and earlier sets insecure ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2127 (Directory traversal vulnerability in Web Blog 1.1 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2128 (Cross-site scripting (XSS) vulnerability in BRS WebWeaver 1.07 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2129 (SurfNOW 2.2 allows remote attackers to cause a denial of service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2130 (Multiple cross-site scripting (XSS) vulnerabilities in privmsg.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2131 (Stack-based buffer overflow in ontape for IBM Informix Dynamic Server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2132 (Directory traversal vulnerability in PJreview_Neo.cgi in PJ CGI Neo ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2133 (Certain third-party packages for CVSup 16.1h, such as SuSE Linux, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2134 (Oracle toplink mapping workBench uses a weak encryption algorithm for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2135 (cryptoloop on Linux kernel 2.6.x, when used on certain file systems ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2136 (dm-crypt on Linux kernel 2.6.x, when used on certain file systems ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2137 (Outlook Express 6.0, when sending multipart e-mail messages using the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2138 (Cross-site scripting (XSS) vulnerability in AWSguest.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2139 (Unknown vulnerability in Adminedit.pl YaBB 1 Gold before 1.3.2 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2140 (CRLF injection vulnerability in YaBB 1 Gold before 1.3.2 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2141 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2142 (Unknown vulnerability in the remote tape support (remote.c) in the RMT ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2143 (SQL injection vulnerability in the ReMOSitory Server add-on module to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2144 (Baal Smart Forms before 3.2 allows remote attackers to bypass ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2145 (SQL injection vulnerability in PD9 Software MegaBBS 2 and 2.1 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2146 (CRLF injection vulnerability in PD9 Software MegaBBS 2 and 2.1 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2147 (Unknown versions of Symantec Norton AntiVirus and Microsoft Outlook ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2148 (Unknown local vulnerability in the "change user" feature of Slava ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2149 (Buffer overflow in the prepared statements API in libmysqlclient for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2150 (Nettica Corporation INTELLIPEER Email Server 1.01 displays different ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2151 (Chatman 1.1.1 RC1 and earlier allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2152 (Cross-site scripting (XSS) vulnerability in 'raw' page output mode for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2153 (Multiple unknown vulnerabilities in Real Estate Management Software ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2154 (CUPS before 1.1.21rc1 treats a Location directive in cupsd.conf as ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2155 (Online-bookmarks before 0.4.6 allows remote attackers to bypass its ...) BUG: 235053 CVE-2004-2156 (Multiple unknown vulnerabilities in Online Recruitment Agency 1.0 have ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2157 (Cross-site scripting (XSS) vulnerability in Comment.php in Serendipity ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2158 (SQL injection vulnerability in Serendipity 0.7-beta1 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2159 (Multiple buffer overflows in XMLStarlet Command Line XML Toolkit 0.9.3 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2160 (Format string vulnerability in xml_elem.c for XMLStarlet Command Line ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2161 (SQL injection vulnerability in file_overview.php in TUTOS 1.1 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2162 (Multiple cross-site scripting (XSS) vulnerabilities in TUTOS 1.1 allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2163 (login_radius on OpenBSD 3.2, 3.5, and possibly other versions does not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2164 (shoprestoreorder.asp in VP-ASP 5.0 does not close the database ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2165 (Lords of the Realm III 1.01 and earlier, when in the lobby stage, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2166 (The print-from-email feature in the Canon ImageRUNNER (iR) 5000i and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2167 (Multiple buffer overflows in LaTeX2rtf 1.9.15, and possibly other ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2168 (BaSoMail 1.24 allows remote attackers to cause a denial of service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2169 (Application Access Server (A-A-S) 1.0.37 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2170 (Directory traversal vulnerability in sample_showcode.html in Caravan ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2171 (Cross-site scripting (XSS) vulnerability in Cherokee before 0.4.8 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2172 (EarlyImpact ProductCart uses a weak encryption scheme to encrypt ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2173 (SQL injection vulnerability in advSearch_h.asp in EarlyImpact ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2174 (Cross-site scripting (XSS) vulnerability in Custva.asp in EarlyImpact ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2175 (Multiple SQL injection vulnerabilities in ReviewPost PHP Pro allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2176 (The Internet Connection Firewall (ICF) in Microsoft Windows XP SP2 is ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2177 (Cross-site scripting (XSS) vulnerability in DevoyBB Web Forum 1.0.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2178 (SQL injection vulnerability in DevoyBB Web Forum 1.0.0 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2179 (asycpict.dll, as used in Microsoft products such as Front Page 97 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2180 (Multiple cross-site scripting (XSS) vulnerabilities in WowBB Forum ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2181 (Multiple SQL injection vulnerabilities in WowBB Forum 1.61 allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2182 (Session fixation vulnerability in Macromedia JRun 4.0 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2183 (Unknown vulnerability in WeHelpBUS 0.1 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2184 (Directory traversal vulnerability in Digicraft Yak! server 2.0 through ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2185 (Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki 1.3.5 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2186 (SQL injection vulnerability in MediaWiki 1.3.5 allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2187 (Unknown vulnerability in ImagePage for MediaWiki 1.3.5, related to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2188 (Cross-site scripting (XSS) vulnerability in DMXReady Site Chassis ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2189 (SQL injection vulnerability in DMXReady Site Chassis Manager allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2190 (Directory traversal vulnerability in Unzoo 4.4-2 has unknown impact ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2191 (Cross-site scripting (XSS) vulnerability in ttt-webmaster.php in Turbo ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2192 (SQL injection vulnerability in tttadmin/settings.php in Turbo Traffic ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2193 (Cross-site scripting (XSS) vulnerability in trade.php for CJOverkill ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2194 (MailEnable Professional Edition before 1.53 and Enterprise Edition ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2195 (PHP remote file inclusion vulnerability in index.php in Zanfi CMS lite ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2196 (Zanfi CMS lite 1.1 allows remote attackers to obtain the full path of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2197 (kdocker.cpp in kdocker 0.1 through 0.8 does not properly check the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2198 (account.asp in DUware DUclassmate 1.0 through 1.1 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2199 (Cross-site scripting (XSS) vulnerability in DUware DUclassified 4.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2200 (Cross-site scripting (XSS) vulnerability in DUware DUforum 3.0 through ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2201 (SQL injection vulnerability in DUware DUforum 3.0 through 3.1 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2202 (Multiple SQL injection vulnerabilities in DUware DUclassified 4.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2203 (Ansel 1.2 through 2.0 uses insecure default permissions, which allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2204 (Macromedia ColdFusion MX 6.0 and 6.1 application server, when running ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2205 (Unknown vulnerability in Veritas Cluster Server 1.0.1 through 4.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2206 (SQL injection vulnerability in NatterChat 1.12 allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2207 (Cross-site scripting (XSS) vulnerability in Ideal Science IdealBB ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2208 (CRLF injection vulnerability in Ideal Science IdealBB 1.4.9 through ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2209 (SQL injection vulnerability in Ideal Science IdealBB 1.4.9 through ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2210 (Multiple cross-site scripting (XSS) vulnerabilities in Express-Web ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2211 (Cross-site scripting (XSS) vulnerability in AliveSites Forums 2.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2212 (SQL injection vulnerability in forum.asp in AliveSites Forums 2.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2213 (Mbedthis AppWeb HTTP server before 1.1.3 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2214 (Mbedthis AppWeb HTTP server before 1.1.3 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2215 (RXVT-Unicode 3.4 and 3.5 does not properly close file descriptors, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2216 (Unknown vulnerability in Sun Java System Web Server 6.0 SP7 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2217 (Multiple unknown vulnerabilities in yhttpd in yChat before 0.7 allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2218 (SQL injection vulnerability in pmwh.php in PHPMyWebHosting 0.3.4 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2219 (Microsoft Internet Explorer 6 allows remote attackers to spoof the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2220 (F-Secure Anti-Virus for Microsoft Exchange 6.30 and 6.31 does not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2221 (Buffer overflow in SoftCart.exe in Mercantec SoftCart 4.00b allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2222 (Directory traversal vulnerability in index.php in FsPHPGallery before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2223 (FsPHPGallery before 1.2 allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2224 (Appfoundry Message Foundry 2.75 .0003 allows remote attackers to cause ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2225 (Mozilla Firefox before 0.10.1 allows remote attackers to delete ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2226 (Mozilla Mail 1.7.1 and 1.7.3, and Thunderbird before 0.9, when ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2227 (Mozilla Firefox before 1.0 truncates long filenames in the file ...) BUG: 70749 BUG: 68976 BUG: 76112 CVE-2004-2228 (Mozilla Firefox before 1.0 is installed with world-writable ...) BUG: 70749 BUG: 68976 BUG: 76112 CVE-2004-2229 (Multiple unknown vulnerabilities in Oracle 9i Lite Mobile Server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2230 (Heap-based buffer overflow in isakmpd on OpenBSD 3.4 through 3.6 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2231 (Zero G Software InstallAnywhere 5.0.6, 5.0.7, and earlier allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2232 (SQL injection vulnerability in sql.php in the Glossary module in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2233 (Unknown "front page vulnerability with Moodle servers" for Moodle ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2234 (Unknown vulnerability in Moodle before 1.2 allows teachers to log in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2235 (Unknown vulnerability in Moodle before 1.2 has unknown impact and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2236 (Unknown vulnerability in Moodle before 1.3.3 has unknown impact and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2237 (Unknown vulnerability in Moodle before 1.3.4 has unknown impact and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2238 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2239 (Buffer overflow in vsybase.c in vpopmail 5.4.2 and earlier might allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2240 (Multiple SQL injection vulnerabilities in Phorum 5.0.11 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2241 (Cross-site scripting (XSS) vulnerability in Phorum 5.0.11 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2242 (Cross-site scripting (XSS) vulnerability in search.php in Phorum, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2243 (Phorum allows remote attackers to hijack sessions of other users by ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2244 (The XML parser in Oracle 9i Application Server Release 2 9.0.3.0 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2245 (Cross-site scripting (XSS) vulnerability in Goollery 0.03 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2246 (Cross-site scripting (XSS) vulnerability in Goollery before 0.04b ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2247 (Unknown vulnerability in the "admin of paypal email addresses" in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2248 (Unknown vulnerability in RemoteEditor before 0.1.1 has unknown impact ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2249 (Unknown vulnerability in the "access code" in SecureEditor before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2250 (Unknown vulnerability in the "access code" in RemoteEditor before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2251 (The PPTP server in Astaro Security Linux before 4.024 provides ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2252 (The firewall in Astaro Security Linux before 4.024 sends responses to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2253 (Directory traversal vulnerability in user.cgi in SurgeLDAP 1.0g and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2254 (SurgeLDAP 1.0g (Build 12), and possibly other versions before 1.0h, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2255 (Directory traversal vulnerability in phpMyFAQ 1.3.12 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2256 (Directory traversal vulnerability in phpMyFAQ 1.4.0 alpha allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2257 (phpMyFAQ 1.4.0 allows remote attackers to access the Image Manager to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2258 (Xconfig in Hummingbird Exceed before 9.0.0.1, when the Screen ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2259 (vsftpd before 1.2.2, when under heavy load, allows attackers to cause ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2260 (Opera Browser 7.23, and other versions before 7.50, updates the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2261 (Cross-site scripting (XSS) vulnerability in e107 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2262 (ImageManager in e107 before 0.617 does not properly check the types of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2263 (SQL injection vulnerability in the valid function in fr_left.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2264 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2265 (UUDeview 0.5.20 and earlier handles temporary files insecurely during ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2266 (SQL injection vulnerability in Ansel 2.1 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2267 (Cross-site scripting (XSS) vulnerability in Ansel 2.1 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2268 (PimenGest2 before 1.1.1 allows remote attackers to obtain the database ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2269 (Stack-based buffer overflow in pads.c in Passive Asset Detection ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2270 (Unknown vulnerability in IBM Parallel Environment (PE) 3.2 and 4.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2271 (Buffer overflow in MiniShare 1.4.1 and earlier allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2272 (Buffer overflow in the sockFinger_DataArrival function in efFingerD ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2273 (efFingerD 0.2.12 allows remote attackers to cause a denial of service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2274 (Unknown vulnerability in Jigsaw before 2.2.4 has unknown impact and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2275 (i-mall.cgi in I-Mall Commerce allows remote attackers to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2276 (F-Secure Anti-Virus 5.41 and 5.42 on Windows, Client Security 5.50 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2277 (Buffer overflow in aGSM Half-Life client allows remote Half-Life ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2278 (Unknown cross-site scripting (XSS) vulnerability in the web GUI in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2279 (Cross-site scripting (XSS) vulnerability in Invision Power Board 1.3 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2280 (Buffer overflow in IBM Lotus Notes 6.5.x before 6.5.3 and 6.0.x before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2281 (Multiple unknown vulnerabilities in IBM Lotus Notes 6.5.x before 6.5.4 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2282 (DansGuardian before 2.7.7-2 allows remote attackers to bypass URL ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2283 (Unknown vulnerability in DansGuardian before 2.6.1-13 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2284 (The read_list_from_file function in vacation.pl for OpenWebmail before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2285 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2286 (Integer overflow in the duplication operator in ActivePerl allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2287 (Directory traversal vulnerability in explorer.php in DSM Light Web ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2288 (Cross-site scripting (XSS) vulnerability in index.php in Jelsoft ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2289 (Microsoft Windows XP Explorer allows local users to execute arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2290 (Microsoft Windows XP Explorer allows attackers to execute arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2291 (Microsoft Windows Internet Explorer 5.5 and 6.0 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2292 (Buffer overflow in Alt-N MDaemon 7.0.1 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2293 (Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.0 to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2294 (Canonicalize-before-filter error in the send_review function in the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2295 (SQL injection vulnerability in the Reviews module in PHP-Nuke 6.0 to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2296 (The preview_review function in the Reviews module in PHP-Nuke 6.0 to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2297 (The Reviews module in PHP-Nuke 6.0 to 7.3 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2298 (Novell Internet Messaging System (NIMS) 2.6 and 3.0, and NetMail 3.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2299 (Buffer overflow in Omnicron OmniHTTPd 3.0a and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2300 (Buffer overflow in snmpd in ucd-snmp 4.2.6 and earlier, when installed ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2301 (Eudora before 6.1.1 allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2302 (Race condition in the sysfs_read_file and sysfs_write_file functions ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2303 (MTools Mformat before 3.9.9, when installed setuid root, creates files ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2304 (Integer overflow in Trillian 0.74 and earlier, and Trillian Pro 2.01 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2305 (Computer Associates eTrust Antivirus EE 6.0 through 7.0 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2306 (Sun Solaris 7 through 9, when Basic Security Module (BSM) is enabled ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2307 (Microsoft Internet Explorer 6.0.2600 on Windows XP allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2308 (Cross-site scripting (XSS) vulnerability in cPanel 9.1.0 and possibly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2309 (Directory traversal vulnerability in Crob FTP Server 3.5.1 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2310 (Cross-site scripting (XSS) vulnerability in webadmin.nsf in Lotus ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2311 (Directory traversal vulnerability in webadmin.nsf in Lotus Domino R6 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2312 (Buffer overflow in GNU make for IBM AIX 4.3.3, when installed setgid, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2313 (Inter7 SqWebMail 3.4.1 through 3.6.1 generates different error ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2314 (The Telnet listener for Novell iChain Server before 2.2 Field Patch 3b ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2315 (Mbedthis AppWeb HTTP server before 1.0.2 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2316 (Mbedthis AppWeb HTTP server before 1.0.2 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2317 (Information leak in Mbedthis AppWeb HTTP server 1.0 through 1.1.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2318 (The administrative interface (surgeftpmgr.cgi) for SurgeFTP Server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2319 (IBM Informix Dynamic Server (IDS) before 9.40.xC3 allows local users ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2320 (The default configuration of BEA WebLogic Server and Express 8.1 SP2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2321 (BEA WebLogic Server and Express 8.1 SP1 and earlier allows local users ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2322 (SQL injection vulnerability in the (1) announce and (2) notes modules ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2323 (DotNetNuke (formerly IBuySpy Workshop) 1.0.6 through 1.0.10d allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2324 (SQL injection vulnerability in DotNetNuke (formerly IBuySpy Workshop) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2325 (Cross-site scripting (XSS) vulnerability in EditModule.aspx for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2326 (SQL injection vulnerability in IP3 Networks NetAccess Appliance before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2327 (Vizer Web Server 1.9.1 allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2328 (Clearswift MAILsweeper for SMTP before 4.3_13 allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2329 (Kerio Personal Firewall (KPF) 2.1.5 allows local users to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2330 (ColdFusion MX 6.1 and 6.1 J2EE allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2331 (ColdFusion MX 6.1 and 6.1 J2EE allows local users to bypass sandbox ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2332 (Multiple cross-site scripting (XSS) vulnerabilities in CPAN WWW::Form ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2333 (Bodington 2.1.0 RC1 and earlier does not secure the file upload area, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2334 (Multiple cross-site scripting (XSS) vulnerabilities in EMU Webmail ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2335 (The Macromedia installers and e-licensing client on Mac OS X, as used ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2336 (Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2337 (The /.inlook/.crypt file for inlook 0.7.3 and earlier is installed ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2338 (OpenBSD 3.3 and 3.4 does not properly parse Accept and Deny rules ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2339 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2340 (** UNVERIFIABLE ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2341 (PHP file include injection vulnerability in isearch.inc.php for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2342 (ChatterBox 2.0 allows remote attackers to cause a denial of service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2343 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2344 (Unknown vulnerability in the ASN.1/H.323/H.225 stack of VocalTec ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2345 (Unknown multiple vulnerabilities in Oracle9i Database Server 9.0.1.4, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2346 (Multiple cross-site scripting (XSS) vulnerabilities in Forum Web ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2347 (blog.cgi in Leif M. Wright Web Blog 1.1 and 1.1.5 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2348 (Sybari AntiGen for Domino 7.0 Build 722 SR2 alows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2349 (Multiple SQL injection vulnerabilities in Tunez before 1.20-pre2 allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2350 (SQL injection vulnerability in search.php for phpBB 1.0 through 2.0.6 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2351 (Cross-site scripting (XSS) vulnerability in GBook for Php-Nuke 1.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2352 (Cross-site scripting (XSS) vulnerability in GBook for PHP-Nuke 1.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2353 (BugPort before 1.099 stores its configuration file (conf/config.conf) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2354 (SQL injection vulnerability in 4nGuestbook 0.92 for PHP-Nuke 6.5 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2355 (Cross-site scripting (XSS) vulnerability in Crafty Syntax Live Help ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2356 (Early termination vulnerability in Fizmez Web Server 1.0 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2357 (The embedded MySQL 4.0 server for Proofpoint Protection Server does ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2358 (Cross-site scripting (XSS) vulnerability in admin_words.php for phpBB ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2359 (Dell TrueMobile 1300 WLAN Mini-PCI Card Util TrayApplet 3.10.39.0 does ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2360 (Targem Battle Mages 1.0 allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2361 (Digital Reality game engine, as used in Haegemonia 1.0 through 1.0.7 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2362 (PHPX 3.2.6 and earlier allows remote attackers to obtain the physical ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2363 (Validate-Before-Canonicalize vulnerability in the checkURI function in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2364 (Cross-site request forgery (CSRF) vulnerability in PHPX 3.0 through ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2365 (Memory leak in Microsoft Windows XP and Windows Server 2003 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2366 (Buffer overflow in GlobalSCAPE Secure FTP Server 2.0 B03.11.2004.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2367 (The Control Panel applet in WFTPD and WFTPD Pro 3.21 R1 and R2 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2368 (PHP remote file inclusion vulnerability in header.php in Opt-X 0.7.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2369 (Directory traversal vulnerability in webadmin.nsf for Lotus Domino R6 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2370 (Stack-based buffer overflow in Trillian 0.71 through 0.74f and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2371 (Multiple Red Storm web-based games, including Ghost Recon 1.4 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2372 (Buffer overflow in Bochs before 2.1.1, if installed setuid, allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2373 (The Buddy icon file for AOL Instant Messenger (AIM) 4.3 through 5.5 is ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2374 (BadBlue 2.4 allows remote attackers to obtain the location of the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2375 (Buffer overflow in the POP3 server in 1st Class Mail Server 4.0 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2376 (Buffer overflow in postfile.exe for Twilight Utilities Web Server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2377 (Alcatel OmniSwitch 7000 and 7800 allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2378 (@Mail 3.64 for Windows allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2379 (Multiple cross-site scripting (XSS) vulnerabilities in @Mail 3.64 for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2380 (Directory traversal vulnerability in postfile.exe for Twilight ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2381 (HttpRequest.java in Jetty HTTP Server before 4.2.19 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2382 (The PerfectNav plugin for Microsoft Internet Explorer allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2383 (Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2384 (NullSoft Winamp 5.02 allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2385 (EMU Webmail 5.2.7 allows remote attackers to obtain sensitive path ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2386 (Format string vulnerability in the LogMsg function in sercd before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2387 (Buffer overflow in the HandleCPCCommand function of sercd before 2.3.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2388 (rexecd for AIX 4.3.3 does not properly use a local copy of the pwd ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2389 (Unknown vulnerability in Jabber Gadu-Gadu Transport ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2390 (The roster import functionality in Jabber Gadu-Gadu Transport ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2391 (Jabber Gadu-Gadu Transport (a.k.a. jabber-gg-transport) 2.0.x before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2392 (libuser 0.51.7 allows attackers to cause a denial of service (crash or ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2393 (Java Secure Socket Extension (JSSE) 1.0.3 through 1.0.3_2 does not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2394 (Off-by-one error in passwd 0.68 and earlier, when using the --stdin ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2395 (Memory leak in passwd 0.68 allows local users to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2396 (passwd 0.68 does not check the return code for the pam_start function, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2397 (The web-based Management Console in Blue Coat Security Gateway OS 3.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2398 (Netenberg Fantastico De Luxe 2.8 uses database file names that contain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2399 (Secure Computing Corporation Sidewinder G2 6.1.0.01 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2400 (WinFTP Server 1.6 stores username and password credentials in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2401 (Stack-based buffer overflow in Ipswitch IMail Express Web Messaging ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2402 (Cross-site scripting (XSS) vulnerability in YaBB.pl in YaBB 1 GOLD SP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2403 (Cross-site request forgery (CSRF) vulnerability in YaBB 1 GOLD SP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2404 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2405 (Buffer overflow in multiple F-Secure Anti-Virus products, including ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2406 (Unknown "overflow" in the phpgw_config table for phpGroupWare before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2407 (Unknown vulnerability in phpGroupWare before 0.9.14.002 has unknown ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2408 (Linux VServer 1.27 and earlier, 1.3.9 and earlier, and 1.9.1 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2409 (Buffer overflow in the sh_hash_compdata function for Samhain 1.8.9 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2410 (Unknown vulnerability in sh_hash_compdata for Samhain 1.8.9 through ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2411 (The CleanseMessage function in shop$db.asp for VP-ASP Shopping Cart ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2412 (Multiple SQL injection vulnerabilities in VP-ASP Shopping Cart 4.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2413 (SQL injection vulnerability in VP-ASP Shopping Cart 4.0 through 5.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2414 (Novell NetWare 6.5 SP 1.1, when installing or upgrading using the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2415 (Davenport before 0.9.10 allows attackers to cause a denial of service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2416 (Buffer overflow in the logging component of CCProxy allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2417 (Format string vulnerability in smtp.c for smtp.proxy 1.1.3 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2418 (Buffer overflow in SlimFTPd 3.15 and earlier allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2419 (Keene Digital Media Server 1.0.2 allows local users to obtain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2420 (Hitachi Job Management Partner (JP1) JP1/File Transmission Server/FTP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2421 (Unknown vulnerability in Hitachi Job Management Partner (JP1) JP1/File ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2422 (Multiple features in Ipswitch IMail Server before 8.13 allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2423 (Unknown vulnerability in the Web calendaring component of Ipswitch ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2424 (BEA WebLogic Server and WebLogic Express 8.1 through 8.1 SP2 allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2425 (Axis Network Camera 2.40 and earlier, and Video Server 3.12 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2426 (Directory traversal vulnerability in Axis Network Camera 2.40 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2427 (Axis Network Camera 2.40 and earlier, and Video Server 3.12 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2428 (Abczone.it WWWguestbook 1.1 stores db/dbase.mdb under the web document ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2429 (Multiple stack-based and heap-based buffer overflows in EnderUNIX ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2430 (Trend OfficeScan Corporate Edition 5.58 and possibly earler does not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2431 (Unknown vulnerability in The Ignition Project ignitionServer 0.1.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2432 (WinAgents TFTP Server 3.0 allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2433 (Buffer overflow in the IsValidFile function in the ADM ActiveX control ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2434 (Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2435 (Cross-site scripting (XSS) vulnerability in PeopleSoft Human Resources ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2436 (Computer Associates Unicenter Common Services 3.0 and earlier stores ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2437 (SQL injection vulnerability in PHP-Fusion 4.01 allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2438 (Cross-site scripting (XSS) vulnerability in PHP-Fusion 4.01 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2439 (The remote upgrade capability in HP LaserJet 4200 and 4300 printers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2440 (Unspecified vulnerability in cmdline.c in proxytunnel 1.1.3 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2441 (Unspecified vulnerability in Kerio MailServer before 6.0.3 has unknown ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2442 (Multiple interpretation error in various F-Secure Anti-Virus products, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2443 (Jaws 0.3 allows remote attackers to bypass authentication and via an ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2444 (Cross-site scripting (XSS) vulnerability in index.php in Jaws 0.3 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2445 (Directory traversal vulnerability in index.php in Jaws 0.3 BETA allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2446 (Directory traversal vulnerability in 1st Class Mail Server 4.01 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2447 (Cross-site scripting (XSS) vulnerability in 1st Class Mail Server 4.01 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2448 (S-Mart Shopping Cart or RediCart 3.9.5b stores smart.cfg under the web ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2449 (Roger Wilco 1.4.1.6 and earlier or Roger Wilco Base Station 0.30a and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2450 (The client and server for Roger Wilco 1.4.1.6 and earlier or Roger ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2451 (Roger Wilco 1.4.1.6 and earlier, or Roger Wilco Base Station 0.30a or ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2452 (Unknown vulnerability in Hitachi Cosminexus Portal Framework 01-00, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2453 (Unknown vulnerability in Tutti Nova 0.10 through 0.12 (Beta) and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2454 (aMSN 0.90 for Microsoft Windows allows local users to obtain sensitive ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2455 (Sweex Wireless Broadband Router/Accesspoint 802.11g (LC000060) allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2456 (SQL injection vulnerability in index.php in miniBB 1.7f and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2457 (Unspecified vulnerability in 3Com OfficeConnect ADSL 11g Router allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2458 (Open WebMail 2.30 and earlier, when use_syshomedir is disabled or ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2459 (Unknown vulnerability in gnubiff 1.2.0 and earlier allows local users ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2460 (Unknown vulnerability in POP3 in gnubiff before 2.0.0 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2461 (Buffer overflow in pop3.c in gnubiff before 2.0.0 allows attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2462 (cplay 1.49 on Linux allows local users to overwrite arbitrary files ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2463 (Buffer overflow in ADA Image Server (ImgSvr) 0.4 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2464 (Directory traversal vulnerability in ADA Image Server (ImgSvr) 0.4 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2465 (Cross-site scripting (XSS) vulnerability in chat.ghp in Easy Chat ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2466 (chat.ghp in Easy Chat Server 1.2 allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2467 (chat.ghp in Easy Chat Server 1.2 allows remote attackers to add a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2468 (Cross-site scripting (XSS) vulnerability in SillySearch 2.3 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2469 (Unspecified vulnerability in Reservation.class.php for phpScheduleIt ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2470 (Unspecified vulnerability in MadBMS before 1.1.5 has unknown impact ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2471 (SQL injection vulnerability in the sloth TCL script in QuoteEngine ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2472 (Agnitum Outpost Pro Firewall 2.1 allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2473 (wmFrog weather monitor 0.1.6 and other versions before 0.2.0 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2474 (SQL injection vulnerability in PHPNews 1.2.3 allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2475 (Cross-site scripting (XSS) vulnerability in Google Toolbar 2.0.114.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2476 (Microsoft Internet Explorer 6.0 allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2477 (DiamondCS Process Guard Free 2.000 allows local users to disable the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2478 (Unspecified vulnerability in Jetty HTTP Server, as used in (1) IBM ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2479 (Squid Web Proxy Cache 2.5 might allow remote attackers to obtain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2480 (Squid Web Proxy Cache 2.3.STABLE5 allows remote attackers to bypass ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2481 (MyProxy 6.58 allows remote authenticated users in the Users Tab to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2482 (Microsoft Outlook 2000 and 2003, when configured to use Microsoft Word ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2483 (Kerio WinRoute Firewall before 6.0.9 uses information from PTR queries ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2484 (Cross-site scripting (XSS) vulnerability in PHP Gift Registry 1.3.5 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2485 (Unspecified vulnerability in PHP Live! before 2.8.2, due to a "major ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2486 (The DSS verification code in Dropbear SSH Server before 0.43 frees ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2487 (Directory traversal vulnerability in Nexgen FTP Server before 2.2.3.23 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2488 (Directory traversal vulnerability in Nexgen FTP Server before 2.2.3.23 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2489 (Format string vulnerability in IBM Informix Dynamic Server (IDS) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2490 (Buffer overflow in IBM Informix Dynamic Server (IDS) 9.40.xC1 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2491 (A race condition in Opera web browser 7.53 Build 3850 causes Opera to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2492 (Cross-site scripting (XSS) vulnerability in Groupmax World Wide Web ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2493 (Directory traversal vulnerability in Groupmax World Wide Web (GmaxWWW) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2494 (Cross-site scripting (XSS) vulnerability in _error in Ability Mail ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2495 (The (1) Webmail, (2) admin, and (3) SMTP services in Ability Mail ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2496 (The HTTP daemon in OpenText FirstClass 7.1 and 8.0 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2497 (Cross-site scripting (XSS) vulnerability in the error handler in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2498 (Unspecified vulnerability in the error handler in Hitachi Web Page ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2499 (Unspecified vulnerability in Hitachi Web Page Generator and Web Page ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2500 (Unknown vulnerability in IlohaMail before 0.8.14-rc1 has unknown ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2501 (Buffer overflow in the IMAP service of MailEnable Professional Edition ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2502 (im-switch before 11.4-46.1 in Fedora Core 2 allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2503 (INweb Mail Server 2.40 allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2504 (The GUI in Alt-N Technologies MDaemon 7.2 and earlier, including 6.8, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2505 (Macromedia ColdFusion MX before 6.1 does not restrict the size of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2506 (Unparsed web content delivery vulnerability in WIKINDX before 0.9.9g ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2507 (Absolute path traversal vulnerability in main.cgi in Linksys WVC11B ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2508 (Cross-site scripting (XSS) vulnerability in main.cgi in Linksys WVC11B ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2509 (Cross-site scripting (XSS) vulnerabilities in (1) calendar.php, (2) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2510 (Cross-site scripting (XSS) vulnerability in showflat.php in Infopop ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2511 (Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2512 (CRLF injection vulnerability in calendar.php in DCP-Portal 5.3.2 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2513 (Buffer overflow in the IMAP service of Mercury (Pegasus) Mail 4.01 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2514 (Cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2515 (Format string vulnerability in VMware Workstation 4.5.2 build-8848, if ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2516 (Directory traversal vulnerability in myServer 0.7 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2517 (myServer 0.7.1 allows remote attackers to cause a denial of service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2518 (Gattaca Server 2003 1.1.10.0 allows remote attackers to obtain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2519 (Gattaca Server 2003 1.1.10.0 allows remote attackers to cause a denial ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2520 (POP3 protocol in Gattaca Server 2003 1.1.10.0 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2521 (Mail server in Gattaca Server 2003 1.1.10.0 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2522 (Cross-site scripting (XSS) vulnerability in web.tmpl in Gattaca Server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2523 (Format string vulnerability in the msg command (cat_message function ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2524 (clogin.php in Benchmark Designs' WHM AutoPilot 2.4.5 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2525 (Cross-site scripting (XSS) vulnerability in compat.php in Serendipity ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2526 (Directory traversal vulnerability in ldacgi.exe in IBM Tivoli ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2527 (The local and remote desktop login screens in Microsoft Windows XP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2528 (Cross-site scripting (XSS) vulnerability in sresult.exe in Webcam ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2529 (Gadu-Gadu allows remote attackers to bypass the "image send" option by ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2530 (Visual truncation vulnerability in Gadu-Gadu allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2531 (X.509 Certificate Signature Verification in Gnu transport layer ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2532 (Serv-U FTP server before 5.1.0.0 has a default account and password ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2533 (Serv-U FTP Server 4.1 (possibly 4.0) allows remote attackers to cause ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2534 (Fastream NETFile Server 7.1.2 does not properly handle keep-alive ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2535 (The person-to-person secure messaging feature in Sticker before 3.1.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2536 (The exit_thread function (process.c) in Linux kernel 2.6 through 2.6.5 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2537 (Unspecified vulnerability in SurgeMail before 2.2c10 has unknown ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2538 (Direct static code injection vulnerability in the PCG simple ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2539 (Unknown vulnerability in Network Appliance NetCache 5.2 and Data ONTAP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2540 (readObject in (1) Java Runtime Environment (JRE) and (2) Software ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2541 (Buffer overflow in Cscope 15.5, and possibly multiple overflows, ...) BUG: 133829 CVE-2004-2542 (Multiple SQL injection vulnerabilities in Dynix (formerly known as ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2543 (Secure Computing Corporation Sidewinder G2 6.1.0.01 might allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2544 (Admin Console in Secure Computing Corporation Sidewinder G2 6.1.0.01 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2545 (Secure Computing Corporation Sidewinder G2 6.1.0.01 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2546 (Multiple memory leaks in Samba before 3.0.6 allow attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2547 (NetWin (1) SurgeMail before 2.0c and (2) WebMail allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2548 (Multiple cross-site scripting (XSS) vulnerabilities in NetWin (1) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2549 (Nortel Wireless LAN (WLAN) Access Point (AP) 2220, 2221, and 2225 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2550 (Multiple cross-site scripting (XSS) vulnerabilities in unspecified ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2551 (Multiple SQL injection vulnerabilities in Layton HelpBox 3.0.1 allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2552 (Buffer overflow in XBoard 4.2.7 and earlier might allow local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2553 (The Ignition Project ignitionServer 0.1.2 through 0.1.2-R2 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2554 (Novell Client Firewall (NCF) 2.0, as based on the Agnitum Outpost ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2555 (Riverdeep FoolProof Security 3.9.x on Windows 98 and Windows ME uses ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2556 (NetGear WG602 (aka WG602v1) Wireless Access Point firmware 1.04.0 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2557 (NetGear WG602 (aka WG602v1) Wireless Access Point 1.7.14 has a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2558 (Unspecified vulnerability in IBM Tivoli SecureWay Policy Director 3.8, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2559 (DokuWiki before 2004-10-19 allows remote attackers to access ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2560 (DokuWiki before 2004-10-19, when used on a web server that permits ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2561 (Multiple SQL injection vulnerabilities in Internet Software Sciences ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2562 (SQL injection vulnerability in jobedit.asp in Leigh Business ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2563 (Serena TeamTrack 6.1.1 allows remote attackers to obtain sensitive ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2564 (Multiple cross-site scripting (XSS) vulnerabilities in Sambar Server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2565 (Multiple directory traversal vulnerabilities in Sambar Server 6.1 Beta ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2566 (Multiple cross-site scripting (XSS) vulnerabilities in LiveWorld ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2567 (Multiple SQL injection vulnerabilities in ReciPants 1.1.1 allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2568 (Multiple cross-site scripting (XSS) vulnerabilities in ReciPants 1.1.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2569 (ipmenu 0.0.3 before Debian GNU/Linux ipmenu_0.0.3-5 allows local users ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2570 (Opera before 7.54 allows remote attackers to modify properties and ...) BUG: 59503 CVE-2004-2571 (Multiple buffer overflows in EnderUNIX isoqlog 2.1.1 allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2572 (AMAX Magic Winmail Server 3.6 allows remote attackers to obtain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2573 (PHP remote file inclusion vulnerability in tables_update.inc.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2574 (Cross-site scripting (XSS) vulnerability in index.php in phpGroupWare ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2575 (phpGroupWare 0.9.14.005 and earlier allow remote attackers to obtain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2576 (class.vfs_dav.inc.php in phpGroupWare 0.9.16.000 does not create ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2577 (The acl_check function in phpGroupWare 0.9.16RC2 always returns True, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2578 (phpGroupWare before 0.9.16.002 transmits the (1) header admin and (2) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2579 (ACLCHECK module in Novell iChain 2.3 allows attackers to bypass access ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2580 (Cross-site scripting (XSS) vulnerability in Novell iChain 2.3 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2581 (Novell iChain 2.3 allows attackers to cause a denial of service via a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2582 (Novell iChain 2.3 includes the build number in the VIA line of the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2583 (SMTP service in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2584 (frmAddfolder.aspx in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2585 (Cross-site scripting (XSS) vulnerability in frmCompose.aspx in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2586 (Directory traversal vulnerability in frmGetAttachment.aspx in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2587 (login.aspx in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2588 (Intentional information leak in phpinfo.php in XMB (aka extreme ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2589 (Gaim before 0.82 allows remote servers to cause a denial of service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2590 (Unspecified vulnerability in meindlSOFT Cute PHP Library (aka cphplib) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2591 (The data-overwrite capability of ButtUglySoftware CleanCache 2.19 does ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2592 (Quake II server before R1Q2, as used in multiple products, allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2593 (Buffer overflow in command-packet processing of Quake II server before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2594 (Absolute path traversal vulnerability in Quake II server before R1Q2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2595 (Absolute path traversal vulnerability in Quake II server before R1Q2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2596 (Quake II server before R1Q2, as used in multiple products, allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2597 (Quake II server before R1Q2, as used in multiple products, allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2598 (Quake II server before R1Q2, as used in multiple products, allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2599 (Multiple buffer overflows in Quake II server before R1Q2, as used in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2600 (The firmware for Intelligent Platform Management Interface (IPMI) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2601 (PHP remote file inclusion vulnerability in UberTec Help Center Live ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2602 (PHP remote file inclusion vulnerability in UberTec Help Center Live ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2603 (Cross-site scripting (XSS) vulnerability in the Search module in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2604 (Cross-site scripting (XSS) vulnerability in index.php in PHProxy ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2605 (aStats 1.6.5 allows local users to overwrite arbitrary files via a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2606 (The Web interface in Linksys WRT54G 2.02.7 and BEFSR41 version 3, with ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2607 (A numeric casting discrepancy in sdla_xfer in Linux kernel 2.6.x up to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2608 (SmartWebby Smart Guest Book stores SmartGuestBook.mdb (aka the "news ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2609 (The stuffit.com executable on Symantec PowerQuest DeployCenter 5.5 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2610 (mntd_mount.c in mntd before 0.4.2 might allow local users to gain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2611 (The Change Permissions function in the Sophster suite before 0.9.6 28 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2612 (BNC 2.9.0 only grants access when an incorrect password is provided, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2613 (Unspecified vulnerability in procfs in the Linux-VServer stable branch ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2614 (Buffer overflow in MyWeb 3.3 allows remote attackers to cause a denial ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2615 (The documentation for CuteNews 1.3.6 and possibly other versions ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2616 (The file server in ActivePost Standard 3.1 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2617 (Directory traversal vulnerability in Pegasi Web Server (PWS) 0.2.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2618 (Cross-site scripting (XSS) vulnerability in Pegasi Web Server (PWS) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2619 (ripMIME 1.3.2.3 and earlier allows remote attackers to bypass e-mail ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2620 (The MIMEH_read_headers function in ripMIME 1.3.1.0 does not properly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2621 (Nortel Contivity VPN Client 2.1.7, 3.00, 3.01, 4.91, and 5.01, when ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2622 (AClient.exe in Altiris Deployment Solution 6.x and 5.x does not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2623 (Unknown vulnerability in Rippy the Aggregator before 0.10, when ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2624 (Cross-site scripting (XSS) vulnerability in "TextSearch" in WackoWiki ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2625 (Cross-site scripting (XSS) vulnerability in Outblaze Email allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2626 (GUI overlay vulnerability in the Java API in Siemens S55 cellular ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2627 (Java 2 Micro Edition (J2ME) does not properly validate bytecode, which ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2628 (Multiple directory traversal vulnerabilities in thttpd 2.07 beta 0.4, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2629 (Multiple vulnerabilities in the H.323 protocol implementation for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2630 (The MIME transformation system ...) BUG: 67409 CVE-2004-2631 (Eval injection vulnerability in left.php in phpMyAdmin 2.5.1 up to ...) BUG: 57890 CVE-2004-2632 (phpMyAdmin 2.5.1 up to 2.5.7 allows remote attackers to modify ...) BUG: 57890 CVE-2004-2633 (Unspecified vulnerability in Sesamie 1.0 allows remote anonymous ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2634 (The (1) bos.rte.serv_aid or (2) bos.rte.console filesets in IBM AIX ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2635 (An ActiveX control for McAfee Security Installer Control System ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2636 (TinyWeb 1.9 allows remote attackers to read source code of scripts via ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2637 (The NAT implementation in Zonet ZSR1104WE Wireless Router Runtime Code ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2638 (The Admin Access With Levels plugin in osCommerce 1.5.1 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2639 (Unspecified vulnerability in Journalness 3.0.7 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2640 (Directory traversal vulnerability in lstat.cgi in LinuxStat before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2641 (Unspecified vulnerability in Sun Fire 3800/4800/4810/6800, Sun Fire ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2642 (Yeemp 0.9.9 and earlier does properly encrypt inbound files, which ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2643 (Directory traversal vulnerability in Microsoft cabarc allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2644 (Unspecified vulnerability in ASN.1 Compiler (asn1c) before 0.9.7 has ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2645 (Unspecified vulnerability in ASN.1 Compiler (asn1c) before 0.9.7 has ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2646 (The addUser function in UserManager.java in Free Web Chat 2.0 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2647 (Free Web Chat 2.0 allows remote attackers to cause a denial of service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2648 (FreezeX 1.00.100.0666 allows local users with administrator privileges ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2649 (Eudora 6.1.0.6 allows remote attackers to obfuscate URLs displayed in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2650 (Spooler in Apache Foundation James 2.2.0 allows local users to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2651 (Multiple cross-site scripting (XSS) vulnerabilities in YaCy before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2652 (The DecodeTCPOptions function in decode.c in Snort before 2.3.0, when ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2653 (Unspecified vulnerability in PD9 Software MegaBBS 2.0 and 2.1 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2654 (The clientAbortBody function in client_side.c in Squid Web Proxy Cache ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2655 (rdesktop 1.3.1 with xscreensaver 4.14, and possibly other versions, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2656 (Multiple cross-site scripting (XSS) vulnerabilities in Slashdot Like ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2657 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2658 (resmgr in SUSE CORE 9 does not properly identify terminal names, which ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2659 (Opera offers an Open button to verify that a user wishes to execute a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2660 (Memory leak in direct-io.c in Linux kernel 2.6.x before 2.6.10 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2661 (Soft3304 04WebServer before 1.41 does not properly check file names, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2662 (Soft3304 04WebServer before 1.41 allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2663 (The (1) SetDebugging and (2) RunEgatherer methods in IBM Access ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2664 (John Lim ADOdb Library for PHP before 4.23 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2665 (Unspecified vulnerability in the Address and Routing Parameter Area ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2666 (Mantis before 20041016 provides a complete Issue History (Bug History) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2667 (Cross-site scripting (XSS) vulnerability in Lotus Domino 6.0.x before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2668 (SQL injection vulnerability in Interchange before 4.8.9 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2669 (Multiple SQL injection vulnerabilities in Land Down Under (LDU) v701 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2670 (Multiple cross-site scripting (XSS) vulnerabilities in mod.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2671 (mod.php in eNdonesia 8.3 allows remote attackers to obtain sensitive ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2672 (Unspecified vulnerability in ArGoSoft FTP server before 1.4.2.2 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2673 (Multiple buffer overflows in ArGoSoft FTP Server before 1.4.1.6 allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2674 (Directory traversal vulnerability in ArGoSoft FTP Server before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2675 (ArGoSoft FTP Server before 1.4.1.6 allows remote authenticated users ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2676 (The Spy Sweeper Enterprise Client (SpySweeperTray.exe) in WebRoot Spy ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2677 (Format string vulnerability in qwik-smtpd.c in QwikMail SMTP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2678 (Unspecified vulnerability in HP Tru64 UNIX 5.1B PK2(BL22) and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2679 (Check Point Firewall-1 4.1 up to NG AI R55 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2680 (mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2681 (PeerSec MatrixSSL before 1.1 caches session keys for an indefinitely ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2682 (PeerSec MatrixSSL before 1.1 does not implement RSA blinding, which ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2683 (Unspecified vulnerability in the %XML.Utils.SchemaServer class in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2684 (Unspecified vulnerability in the %template package in InterSystems ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2685 (Buffer overflow in YoungZSoft CCProxy 6.2 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2686 (Directory traversal vulnerability in the vfs_getvfssw function in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2687 (distcc 2.x, as used in XCode 1.5 and others, when not configured to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-2688 (Cross-site scripting (XSS) vulnerability in index.php in NewsPHP ...) NOT-FOR-US: NewsPHP CVE-2004-2689 (NewsPHP allows remote attackers to gain unauthorized administrative ...) NOT-FOR-US: NewsPHP CVE-2004-2690 (Unrestricted file upload vulnerability in the Administration Panel for ...) NOT-FOR-US: Administration CVE-2004-2691 (Unspecified vulnerability in 3Com SuperStack 3 4400 switches with ...) NOT-FOR-US: 3Com CVE-2004-2692 (The exec_dir PHP patch (php-exec-dir) 4.3.2 through 4.3.7 with safe ...) NOT-FOR-US: exec_dir CVE-2004-2693 (HP-UX B.11.00 and B.11.11 with B6848AB GTK+ Support Libraries ...) NOT-FOR-US: HP UX CVE-2004-2694 (Microsoft Outlook Express 6.0 allows remote attackers to bypass ...) NOT-FOR-US: Microsoft CVE-2004-2695 (SQL injection vulnerability in the Authorize.net callback code ...) NOT-FOR-US: Authorize net CVE-2004-2696 (BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, when using ...) NOT-FOR-US: an CVE-2004-2697 (The Inventory Scout daemon (invscoutd) 1.3.0.0 and 2.0.2 for AIX 4.3.3 ...) NOT-FOR-US: Inventory CVE-2004-2698 (Race condition in IMWheel 1.0.0pre11 and earlier, when running with ...) NOT-FOR-US: IMWheel CVE-2004-2699 (deleteicon.aspx in AspDotNetStorefront 3.3 allows remote attackers to ...) NOT-FOR-US: AspDotNetStorefront CVE-2004-2700 (Unrestricted file upload vulnerability in AspDotNetStorefront 3.3 ...) NOT-FOR-US: AspDotNetStorefront CVE-2004-2701 (Cross-site scripting (XSS) vulnerability in signin.aspx for ...) NOT-FOR-US: signin aspx CVE-2004-2702 (Cross-site scripting (XSS) vulnerability in login_up.php3 in Plesk 7.0 ...) NOT-FOR-US: Plesk CVE-2004-2703 (Clearswift MIMEsweeper 5.0.5, when it has been upgraded from ...) NOT-FOR-US: a CVE-2004-2704 (Hastymail 1.0.1 and earlier (stable) and 1.1 and earlier (development) ...) NOT-FOR-US: Content Disposition CVE-2004-2705 (Unspecified vulnerability in Player vs. Player Gaming Network (PvPGN) ...) NOT-FOR-US: Player CVE-2004-2706 (Unspecified vulnerability in Gyach Enhanced (Gyach-E) before 1.0.4 ...) NOT-FOR-US: Gyach CVE-2004-2707 (Multiple unspecified vulnerabilities in Gyach Enhanced (Gyach-E) ...) NOT-FOR-US: Gyach CVE-2004-2708 (Gyach Enhanced (Gyach-E) before 1.0.0 stores passwords in plaintext, ...) NOT-FOR-US: plaintext CVE-2004-2709 (Buffer overflow in the strip_html_tags method for Gyach Enhanced ...) NOT-FOR-US: strip_html_tags CVE-2004-2710 (Multiple buffer overflows in Gyach Enhanced (Gyach-E) before 1.0.3 ...) NOT-FOR-US: Gyach CVE-2004-2711 (Multiple buffer overflows in Gyach Enhanced (Gyach-E) before 1.0.2 ...) NOT-FOR-US: Gyach CVE-2004-2712 (Buffer overflow in Gyach Enhanced (Gyach-E) before 1.0.0-SneakPeek-3 ...) NOT-FOR-US: Gyach CVE-2004-2713 (** DISPUTED ** ...) NOT-FOR-US: a CVE-2004-2714 (Unspecified vulnerability in Window Maker 0.80.2 and earlier allows ...) NOT-FOR-US: WindowMaker CVE-2004-2715 (edituser.php3 in PHPMyChat 0.14.5 allow remote attackers to bypass ...) NOT-FOR-US: PHPMyChat CVE-2004-2716 (Multiple SQL injection vulnerabilities in usersL.php3 in PHPMyChat ...) NOT-FOR-US: PHPMyChat CVE-2004-2717 (Multiple directory traversal vulnerabilities in admin.php3 in ...) NOT-FOR-US: PHPMyChat CVE-2004-2718 (PHPMyChat 0.14.5 does not remove or protect setup.php3 after ...) NOT-FOR-US: PHPMyChat CVE-2004-2719 (Buffer overflow in the UrlToLocal function in PunyLib.dll of Foxmail ...) NOT-FOR-US: UrlToLocal CVE-2004-2720 (Cross-site scripting (XSS) vulnerability in register.asp in Snitz ...) NOT-FOR-US: Snitz CVE-2004-2721 (The CheckGroup function in openSkat VTMF before 2.1 generates public ...) NOT-FOR-US: openSkat CVE-2004-2722 (** DISPUTED ** ...) NOT-FOR-US: plaintext CVE-2004-2723 (NessusWX 1.4.4 stores account passwords in plaintext in .session ...) NOT-FOR-US: plaintext CVE-2004-2724 (LionMax Software Chat Anywhere 2.72a allows remote attackers to cause ...) NOT-FOR-US: LionMax CVE-2004-2725 (Multiple cross-site scripting (XSS) vulnerabilities in Aztek Forum 4.0 ...) NOT-FOR-US: Aztek CVE-2004-2726 (HTTPMail service in MailEnable Professional 1.18 does not properly ...) NOT-FOR-US: MailEnable CVE-2004-2727 (Buffer overflow in MEHTTPS (HTTPMail) of MailEnable Professional 1.5 ...) NOT-FOR-US: MailEnable CVE-2004-2728 (Buffer overflow in the FTP server of Hummingbird Connectivity 7.1 and ...) NOT-FOR-US: Hummingbird Connectivity CVE-2004-2729 (Inetd32 Administration Tool of Hummingbird Connectivity 7.1 and 9.0 ...) NOT-FOR-US: Hummingbird Connectivity CVE-2004-2730 (Sysinternals PsTools before 2.05, including (1) PsExec before 1.54, ...) NOT-FOR-US: Microsoft Sysinternals PsTools CVE-2004-2731 (Multiple integer overflows in Sbus PROM driver ...) NOTE: old CVE-2004-2732 (nbmember.cgi in Netbilling 2.0 allows remote attackers to obtain ...) NOT-FOR-US: Netbilling CVE-2004-2733 (Web Wiz Forums 7.7a uses invalid logic to determine user privileges, ...) NOT-FOR-US: Web Wiz Forums CVE-2004-2734 (webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses ...) NOT-FOR-US: Novell NetWare CVE-2004-2735 (Cross-site scripting (XSS) vulnerability in P4DB 2.01 and earlier ...) NOT-FOR-US: Fredric Fredricson P4DB CVE-2004-2736 (Polar HelpDesk 3.0 allows remote attackers to bypass authentication by ...) NOT-FOR-US: Polar Software HelpDesk CVE-2004-2737 (SQL injection vulnerability in problist.asp in NetSupport DNA HelpDesk ...) NOT-FOR-US: NetSupport DNA HelpDesk CVE-2004-2738 (Cross-site scripting (XSS) vulnerability in check_user_id.php in ...) NOT-FOR-US: Zeroboard CVE-2004-2739 (The setup routine (setup.php) in PHProjekt 4.2.1 and earlier allows ...) NOT-FOR-US: 4.x has been removed some time ago. CVE-2004-2740 (PHP remote file inclusion vulnerability in authform.inc.php in ...) NOT-FOR-US: 4.x has been removed some time ago CVE-2004-2741 (Cross-site scripting (XSS) vulnerability in the "help window" ...) NOTE: Only affects Horde 2.X CVE-2004-2742 (Cross-site scripting (XSS) vulnerability in the report viewer in ...) NOT-FOR-US: report CVE-2004-2743 (upload.cgi in Mega Upload Progress Bar before 1.45 allows remote ...) NOT-FOR-US: Mega CVE-2004-2744 (Unspecified vulnerability in Tincan Limited PHPlist before 2.8.12 has ...) NOT-FOR-US: Tincan CVE-2004-2745 (Directory traversal vulnerability in Anteco Visual Technologies ...) NOT-FOR-US: Anteco CVE-2004-2746 (SQL injection vulnerability in adminlogin.asp in XTREME ASP Photo ...) NOT-FOR-US: Pensacola Web Designs XtremeASP PhotoGallery CVE-2004-2747 (Directory traversal vulnerability in Pablo Software Solutions Quick 'n ...) NOT-FOR-US: Pablo Software Solutions Quick n Easy FTP Server CVE-2004-2748 (viewreport.pl in NetIQ WebTrends Reporting Center Enterprise Edition ...) NOT-FOR-US: WebTrends Reporting Center CVE-2004-2749 (Directory traversal vulnerability in wra/public/wralogin in 2Wire ...) NOT-FOR-US: 2wire HomePortal CVE-2004-2750 (Directory traversal vulnerability in browser.php in JBrowser 1.0 ...) NOT-FOR-US: JBrowser CVE-2004-2751 (SQL injection vulnerability in the members_list module in PostNuke ...) NOT-FOR-US: PostNuke Software Foundation PostNuke CVE-2004-2752 (Cross-site scripting (XSS) vulnerability in the Downloads module in ...) NOT-FOR-US: PostNuke Software Foundation PostNuke CVE-2004-2753 (Unspecified vulnerability in SharedX in HP-UX B.11.00, B.11.11, and ...) NOT-FOR-US: HPUX CVE-2004-2754 (SQL injection vulnerability in SSI.php in YaBB SE 1.5.4, 1.5.3, and ...) NOT-FOR-US: YaBB SE CVE-2004-2755 (Cross-site scripting (XSS) vulnerability in Symantec Web Security 2.5, ...) NOT-FOR-US: Symantec Web Security CVE-2004-2756 (Cross-site scripting (XSS) vulnerability in viewtopic.php in Xoops ...) NOTE: old CVE-2004-2757 (Cross-site scripting (XSS) vulnerability in the failed login page in ...) NOT-FOR-US: Novell iChain CVE-2004-2758 (Multiple unspecified vulnerabilities in the H.323 protocol ...) NOT-FOR-US: SunForum CVE-2004-2759 (Shared Sun StorEdge QFS and SAM-QFS file systems, as used in ...) NOT-FOR-US: Sun StorEdge SAM QFS CVE-2004-2760 (sshd in OpenSSH 3.5p1, when PermitRootLogin is disabled, immediately ...) NOTE: Fixed since <4.0 CVE-2004-2761 (The MD5 Message-Digest Algorithm is not collision resistant, which ...) NOT-FOR-US: The PoC Rouge CA is expired. Nothing to do for us. CVE-2004-2762 (The server in IBM Tivoli Storage Manager (TSM) 4.2.x on MVS, 5.1.9.x ...) NOT-FOR-US: ibm tivoli_storage_manager CVE-2004-2763 (The default configuration of Sun ONE/iPlanet Web Server 4.1 SP1 ...) NOT-FOR-US: sun iplanet_web_server CVE-2004-2764 (Sun SDK and Java Runtime Environment (JRE) 1.4.2 through 1.4.2_04, ...) NOTE: obsolete CVE-2004-2765 (Cross-site scripting (XSS) vulnerability in Webmail in Sun ONE ...) NOT-FOR-US: Webmail in Sun ONE Messaging Server CVE-2004-2766 (Webmail in Sun ONE Messaging Server 6.1 and iPlanet Messaging Server ...) NOT-FOR-US: Sun ONE Messaging Server CVE-2004-2767 (NWFTPD.nlm before 5.04.25 in the FTP server in Novell NetWare does not ...) NOT-FOR-US: novell netware CVE-2004-2768 (dpkg 1.9.21 does not properly reset the metadata of a file during ...) NOT-FOR-US: Obsolete CVE-2004-2769 (Cerberus FTP Server before 4.0.3.0 allows remote authenticated users ...) NOT-FOR-US: cerberusftp ftp_server CVE-2004-9998 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2004-9999 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0001 (Race condition in the page fault handler (fault.c) for Linux kernel ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0002 (poppassd_pam 1.0 and earlier, when changing a user password, does not ...) BUG: 75820 CVE-2005-0003 (The 64 bit ELF support in Linux kernel 2.6 before 2.6.10, on 64-bit ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0004 (The mysqlaccess script in MySQL 4.0.23 and earlier, 4.1.x before ...) BUG: 77805 CVE-2005-0005 (Heap-based buffer overflow in psd.c for ImageMagick 6.1.0, 6.1.7, and ...) BUG: 79336 BUG: 77932 CVE-2005-0006 (The COPS dissector in Ethereal 0.10.6 through 0.10.8 allows remote ...) BUG: 78559 CVE-2005-0007 (Unknown vulnerability in the DLSw dissector in Ethereal 0.10.6 through ...) BUG: 78559 CVE-2005-0008 (Unknown vulnerability in the DNP dissector in Ethereal 0.10.5 through ...) BUG: 78559 CVE-2005-0009 (Unknown vulnerability in the Gnutella dissector in Ethereal 0.10.6 ...) BUG: 78559 CVE-2005-0010 (Unknown vulnerability in the MMSE dissector in Ethereal 0.10.4 through ...) BUG: 78559 CVE-2005-0011 (Multiple vulnerabilities in fliccd, when installed setuid root as part ...) BUG: 79585 CVE-2005-0012 (Format string vulnerability in the a_Interface_msg function in Dillo ...) BUG: 76665 CVE-2005-0013 (nwclient.c in ncpfs before 2.2.6 does not drop root privileges before ...) BUG: 77414 CVE-2005-0014 (Buffer overflow in ncplogin in ncpfs before 2.2.6 allows remote ...) BUG: 77414 CVE-2005-0015 (diatheke.pl in Sword 1.5.7a allows remote attackers to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0016 (Buffer overflow in the exported_display function in xatitv in gatos ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0017 (The f2c translator in the f2c package 3.1 allows local users to read ...) BUG: 79725 CVE-2005-0018 (The f2 shell script in the f2c package 3.1 allows local users to read ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0019 (Unknown vulnerability in hztty 2.0 and earlier allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0020 (Buffer overflow in playmidi before 2.4 allows local users to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0021 (Multiple buffer overflows in Exim before 4.43 may allow attackers to ...) BUG: 76893 CVE-2005-0022 (Buffer overflow in the spa_base64_to_bits function in Exim before ...) BUG: 76893 CVE-2005-0023 (gnome-pty-helper in GNOME libzvt2 and libvte4 allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0024 RESERVED CVE-2005-0025 RESERVED CVE-2005-0026 RESERVED CVE-2005-0027 RESERVED CVE-2005-0028 RESERVED CVE-2005-0029 RESERVED CVE-2005-0030 RESERVED CVE-2005-0031 RESERVED CVE-2005-0032 RESERVED CVE-2005-0033 (Buffer overflow in the code for recursion and glue fetching in BIND ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0034 (An "incorrect assumption" in the authvalidated validator function in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0035 (The Acrobat web control in Adobe Acrobat and Acrobat Reader 7.0 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0036 (The DNS implementation in DeleGate 8.10.2 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0037 (The DNS implementation of DNRD before 2.10 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0038 (The DNS implementation of PowerDNS 2.9.16 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0039 (Certain configurations of IPsec, when using Encapsulating Security ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0040 (Multiple cross-site scripting (XSS) vulnerabilities in DotNetNuke ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0041 RESERVED CVE-2005-0042 RESERVED CVE-2005-0043 (Buffer overflow in Apple iTunes 4.7 allows remote attackers to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0044 (The OLE component in Windows 98, 2000, XP, and Server 2003, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0045 (The Server Message Block (SMB) implementation for Windows NT 4.0, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0046 RESERVED CVE-2005-0047 (Windows 2000, XP, and Server 2003 does not properly "validate the use ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0048 (Microsoft Windows XP SP2 and earlier, 2000 SP3 and SP4, Server 2003, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0049 (Windows SharePoint Services and SharePoint Team Services for Windows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0050 (The License Logging service for Windows NT Server, Windows 2000 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0051 (The Server service (srvsvc.dll) in Windows XP SP1 and SP2 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0052 RESERVED CVE-2005-0053 (Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0054 (Internet Explorer 5.01, 5.5, and 6 allows remote attackers to spoof a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0055 (Internet Explorer 5.01, 5.5, and 6 does not properly validate buffers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0056 (Internet Explorer 5.01, 5.5, and 6 does not properly validate certain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0057 (The Hyperlink Object Library for Windows 98, 2000, XP, and Server 2003 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0058 (Buffer overflow in the Telephony Application Programming Interface ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0059 (Buffer overflow in the Message Queuing component of Microsoft Windows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0060 (Buffer overflow in the font processing component of Microsoft Windows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0061 (The kernel of Microsoft Windows 2000, Windows XP SP1 and SP2, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0062 RESERVED CVE-2005-0063 (The document processing application used by the Windows Shell in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0064 (Buffer overflow in the Decrypt::makeFileKey2 function in Decrypt.cc ...) BUG: 78620 BUG: 78619 BUG: 78128 BUG: 77888 BUG: 79704 BUG: 78629 BUG: 75801 BUG: 78249 CVE-2005-0065 (The original design of TCP does not check that the TCP sequence number ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0066 (The original design of TCP does not check that the TCP Acknowledgement ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0067 (The original design of TCP does not require that port numbers be ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0068 (The original design of ICMP does not require authentication for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0069 (The (1) tcltags or (2) vimspell.sh scripts in vim 6.3 allow local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0070 (Synaesthesia 2.1 and earlier, and possibly other versions, when ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0071 (vdr before 1.2.6 does not securely create files, which allows ...) BUG: 78230 CVE-2005-0072 (zhcon before 0.2 does not drop privileges before reading a user ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0073 (Buffer overflow in queue.c in a support script for sympa 3.3.3, when ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0074 (Buffer overflow in pcdsvgaview in xpcd 2.08 allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0075 (prefs.php in SquirrelMail before 1.4.4, with register_globals enabled, ...) BUG: 78116 CVE-2005-0076 (Multiple buffer overflows in the XView library 3.2 may allow local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0077 (The DBI library (libdbi-perl) for Perl allows local users to overwrite ...) BUG: 79685 BUG: 78634 BUG: 75696 CVE-2005-0078 (The KDE screen saver in KDE before 3.0.5 does not properly check the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0079 (Buffer overflow in xtrlock 2.0 allows local users to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0080 (The 55_options_traceback.dpatch patch for mailman 2.1.5 in Ubuntu 4.10 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0081 (MySQL MaxDB 7.5.0.0, and other versions before 7.5.0.21, allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0082 (The sapdbwa_GetUserData function in MySQL MaxDB 7.5.0.0, and other ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0083 (MySQL MaxDB 7.5.00 for Windows, and possibly earlier versions and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0084 (Buffer overflow in the X11 dissector in Ethereal 0.8.10 through 0.10.8 ...) BUG: 78559 CVE-2005-0085 (Cross-site scripting (XSS) vulnerability in ht://dig (htdig) before ...) BUG: 80602 CVE-2005-0086 (Heap-based buffer overflow in less in Red Hat Enterprise Linux 3 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0087 (The alsa-lib package in Red Hat Linux 4 disables stack protection for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0088 (The publisher handler for mod_python 2.7.8 and earlier allows remote ...) BUG: 80109 CVE-2005-0089 (The SimpleXMLRPCServer library module in Python 2.2, 2.3 before 2.3.5, ...) BUG: 80592 CVE-2005-0090 (A regression error in the Red Hat Enterprise Linux 4 kernel 4GB/4GB ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0091 (Unknown vulnerability in the Red Hat Enterprise Linux 4 kernel 4GB/4GB ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0092 (Unknown vulnerability in the Red Hat Enterprise Linux 4 kernel 4GB/4GB ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0093 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0094 (Buffer overflow in the gopherToHTML function in the Gopher reply ...) BUG: 77521 BUG: 77934 CVE-2005-0095 (The WCCP message parsing code in Squid 2.5.STABLE7 and earlier allows ...) BUG: 77521 BUG: 77934 CVE-2005-0096 (Memory leak in the NTLM fakeauth_auth helper for Squid 2.5.STABLE7 and ...) BUG: 77521 BUG: 77934 CVE-2005-0097 (The NTLM component in Squid 2.5.STABLE7 and earlier allows remote ...) BUG: 77521 BUG: 77934 CVE-2005-0098 (Multiple buffer overflows in the SDL port of abuse (abuse-SDL) before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0099 (The SDL port of abuse (abuse-SDL) before 2.00 does not properly drop ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0100 (Format string vulnerability in the movemail utility in (1) Emacs 20.x, ...) BUG: 79686 CVE-2005-0101 (Buffer overflow in the socket_getline function in Newspost 2.1.1 and ...) BUG: 78530 CVE-2005-0102 (Integer overflow in camel-lock-helper in Evolution 2.0.2 and earlier ...) BUG: 79183 CVE-2005-0103 (PHP remote file inclusion vulnerability in webmail.php in SquirrelMail ...) BUG: 78116 CVE-2005-0104 (Cross-site scripting (XSS) vulnerability in webmail.php in ...) BUG: 78116 CVE-2005-0105 (Unknown vulnerability in typespeed 0.4.1 and earlier allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0106 (SSLeay.pm in libnet-ssleay-perl before 1.25 uses the /tmp/entropy file ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0107 (bsmtpd 2.3 and earlier does not properly sanitize e-mail addresses, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0108 (Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0109 (Hyper-Threading technology, as used in FreeBSD and other operating ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0110 (Internet Explorer 6 on Windows XP SP2 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0111 (Stack-based buffer overflow in the websql CGI program in MySQL MaxDB ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0112 (The web-based administrative interface for 3Com OfficeConnect Wireless ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0113 (inpview in SGI IRIX allows local users to execute arbitrary commands ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0114 (vsdatant.sys in Zone Lab ZoneAlarm before 5.5.062.011, ZoneAlarm ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0115 (Stack-based buffer overflow in DataRescue Interactive Disassembler ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0116 (AWStats 6.1, and other versions before 6.3, allows remote attackers to ...) BUG: 81775 BUG: 77963 CVE-2005-0117 (Buffer overflow in XShisen before 1.36 allows local users to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0118 (helvis 1.8h2_1 and earlier stores recovery files in world readable ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0119 (helvis 1.8h2_1 and earlier allows local users to recover and read the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0120 (helvis 1.8h2_1 and earlier allows local users to delete arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0121 (Multiple buffer overflows in golddig 2.0 and earlier allow local users ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0122 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0123 RESERVED CVE-2005-0124 (The coda_pioctl function in the coda functionality (pioctl.c) for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0125 (The "at" commands on Mac OS X 10.3.7 and earlier do not properly drop ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0126 (ColorSync on Mac OS X 10.3.7 and 10.3.8 allows attackers to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0127 (Mail in Mac OS X 10.3.7, when generating a Message-ID header, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0128 RESERVED CVE-2005-0129 (The Quick Buttons feature in Konversation 0.15 allows remote attackers ...) BUG: 78712 CVE-2005-0130 (Certain Perl scripts in Konversation 0.15 allow remote attackers to ...) BUG: 78712 CVE-2005-0131 (The Quick Connection dialog in Konversation 0.15 inadvertently uses ...) BUG: 78712 CVE-2005-0132 RESERVED CVE-2005-0133 (ClamAV 0.80 and earlier allows remote attackers to cause a denial of ...) BUG: 79194 BUG: 78656 CVE-2005-0134 (The X server in SCO UnixWare 7.1.1, 7.1.3, and 7.1.4 does not properly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0135 (The unw_unwind_to_user function in unwind.c on Itanium (ia64) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0136 (The Linux kernel before 2.6.11 on the Itanium IA64 platform has ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0137 (Linux kernel 2.6 on Itanium (ia64) architectures allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0138 (rpc.mountd in SGI IRIX 6.5.25, 6.5.26, and 6.5.27 does not correctly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0139 (Unknown vulnerability in rpc.mountd in SGI IRIX 6.5.25, 6.5.26, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0140 (Buffer overflow in PeID allows attackers to execute arbitrary code via ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0141 (Firefox before 1.0 and Mozilla before 1.7.5 allow remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0142 (Firefox 0.9, Thunderbird 0.6 and other versions before 0.9, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0143 (Firefox before 1.0 and Mozilla before 1.7.5 display the SSL lock icon ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0144 (Firefox before 1.0 and Mozilla before 1.7.5 display the secure site ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0145 (Firefox before 1.0 does not properly distinguish between ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0146 (Firefox before 1.0 and Mozilla before 1.7.5 allow remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0147 (Firefox before 1.0 and Mozilla before 1.7.5, when configured to use a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0148 (Thunderbird before 0.9, when running on Windows systems, uses the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0149 (Thunderbird 0.6 through 0.9 and Mozilla 1.7 through 1.7.3 does not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0150 (Firefox before 1.0 allows the user to store a (1) javascript: or (2) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0151 (Unknown vulnerability in the installation of Adobe License Management ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0152 (PHP remote file inclusion vulnerability in Squirrelmail 1.2.6 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0153 RESERVED CVE-2005-0154 RESERVED CVE-2005-0155 (The PerlIO implementation in Perl 5.8.0, when installed with setuid ...) BUG: 80460 CVE-2005-0156 (Buffer overflow in the PerlIO implementation in Perl 5.8.0, when ...) BUG: 80460 CVE-2005-0157 (The confirm add-on in SmartList 3.15 and earlier allows attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0158 (Format string vulnerability in bidwatcher before 1.3.17 allows remote ...) BUG: 82460 CVE-2005-0159 (The tpkg-* scripts in the toolchain-source 3.0.4 package on Debian ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0160 (Multiple buffer overflows in unace 1.2b allow attackers to execute ...) BUG: 81958 CVE-2005-0161 (Multiple directory traversal vulnerabilities in unace 1.2b allow ...) BUG: 81958 CVE-2005-0162 (Stack-based buffer overflow in the get_internal_addresses function in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0163 RESERVED CVE-2005-0164 RESERVED CVE-2005-0165 RESERVED CVE-2005-0166 RESERVED CVE-2005-0167 RESERVED CVE-2005-0168 RESERVED CVE-2005-0169 RESERVED CVE-2005-0170 RESERVED CVE-2005-0171 RESERVED CVE-2005-0172 RESERVED CVE-2005-0173 (squid_ldap_auth in Squid 2.5 and earlier allows remote authenticated ...) BUG: 80341 BUG: 80201 BUG: 78776 BUG: 79495 CVE-2005-0174 (Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the ...) BUG: 80341 BUG: 80201 BUG: 78776 BUG: 79495 CVE-2005-0175 (Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the ...) BUG: 80341 BUG: 80201 BUG: 78776 BUG: 79495 CVE-2005-0176 (The shmctl function in Linux 2.6.9 and earlier allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0177 (nls_ascii.c in Linux before 2.6.8.1 uses an incorrect table size, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0178 (Race condition in the setsid function in Linux before 2.6.8.1 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0179 (Linux kernel 2.4.x and 2.6.x allows local users to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0180 (Multiple integer signedness errors in the sg_scsi_ioctl function in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0181 RESERVED CVE-2005-0182 (The mod_dosevasive module 1.9 and earlier for Apache creates temporary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0183 (ftpfile in the Vacation plugin 0.15 and earlier for Squirrelmail ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0184 (Directory traversal vulnerability in ftpfile in the Vacation plugin ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0185 (Stack-based buffer overflow in NodeManager Professional 2.00 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0186 (Cisco IOS 12.1YD, 12.2T, 12.3 and 12.3T, when configured for the IOS ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0187 (Stack-based buffer overflow in the SetSkin function in AtHoc toolbar ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0188 (Format string vulnerability in the SetBaseURL function in AtHoc ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0189 (Stack-based buffer overflow in the HandleAction function in RealPlayer ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0190 (Directory traversal vulnerability in RealPlayer 10.5 (6.0.12.1040) and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0191 (Off-by-one buffer overflow in the processing of tags in Real Metadata ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0192 (Directory traversal vulnerability in the parsing of Skin file names in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0193 (Buffer overflow in the (1) -v and (2) -a switches in mRouter in iSync ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0194 (Squid 2.5, when processing the configuration file, parses empty Access ...) BUG: 77521 BUG: 77934 CVE-2005-0195 (Cisco IOS 12.0S through 12.3YH allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0196 (Cisco IOS 12.0 through 12.3YL, with BGP enabled and running the bgp ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0197 (Cisco IOS 12.1T, 12.2, 12.2T, 12.3 and 12.3T, with Multi Protocol ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0198 (A logic error in the CRAM-MD5 code for the University of Washington ...) BUG: 79874 CVE-2005-0199 (Integer underflow in the Lists_MakeMask() function in lists.c in ...) BUG: 79705 CVE-2005-0200 (TikiWiki before 1.8.5 does not properly validate files that have been ...) BUG: 78944 CVE-2005-0201 (D-BUS (dbus) before 0.22 does not properly restrict access to a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0202 (Directory traversal vulnerability in the true_path function in ...) BUG: 81109 CVE-2005-0203 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0204 (Linux kernel before 2.6.9, when running on the AMD64 and Intel EM64T ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0205 (KPPP 2.1.2 in KDE 3.1.5 and earlier, when setuid root without certain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0206 (The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0207 (Unknown vulnerability in Linux kernel 2.4.x, 2.5.x, and 2.6.x allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0208 (The HTML parsing functions in Gaim before 1.1.4 allow remote attackers ...) BUG: 83253 CVE-2005-0209 (Netfilter in Linux kernel 2.6.8.1 allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0210 (Netfilter in the Linux kernel 2.6.8.1 allows local users to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0211 (Buffer overflow in wccp.c in Squid 2.5 before 2.5.STABLE7 allows ...) BUG: 80341 BUG: 80201 BUG: 78776 BUG: 79495 CVE-2005-0212 (The Amp II engine as used by Gore: Ultimate Soldier 1.50 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0213 (Directory traversal vulnerability in WinHKI 1.4d allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0214 (Directory traversal vulnerability in Simple PHP Blog (SPHPBlog) 0.3.7c ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0215 (Mozilla 1.6 and possibly other versions allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0216 (Cross-site scripting (XSS) vulnerability in formmail.php in Woltlab ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0217 (SQL injection vulnerability in index.php in Invision Community Blog ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0218 (ClamAV 0.80 and earlier allows remote attackers to bypass virus ...) BUG: 79194 BUG: 78656 CVE-2005-0219 (Multiple cross-site scripting (XSS) vulnerabilities in Gallery ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0220 (Cross-site scripting vulnerability in login.php in Gallery 1.4.4-pl2 ...) BUG: 78522 CVE-2005-0221 (Cross-site scripting (XSS) vulnerability in login.php in Gallery 2.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0222 (main.php in Gallery 2.0 Alpha allows remote attackers to gain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0223 (The Software Development Kit (SDK) and Run Time Environment (RTE) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0224 (Unknown vulnerability in HP-UX B.11.04 running Virtualvault 4.5 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0225 (firehol.sh in FireHOL before 1.224 creates temporary files with ...) BUG: 79330 CVE-2005-0226 (Format string vulnerability in the Log_Resolver function in log.c for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0227 (PostgreSQL (pgsql) 7.4.x, 7.2.x, and other versions allows local users ...) BUG: 80342 CVE-2005-0228 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0229 (CitrusDB 0.3.5 and earlier stores the newfile.txt temporary data file ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0230 (Firefox 1.0 does not prevent the user from dragging an executable file ...) BUG: 84074 BUG: 83267 CVE-2005-0231 (Firefox 1.0 does not invoke the Javascript Security Manager when a ...) BUG: 84074 BUG: 83267 CVE-2005-0232 (Firefox 1.0 allows remote attackers to modify Boolean configuration ...) BUG: 84074 BUG: 83267 CVE-2005-0233 (The International Domain Name (IDN) support in Firefox 1.0, Camino ...) BUG: 84074 BUG: 83267 CVE-2005-0234 (The International Domain Name (IDN) support in Safari 1.2.5 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0235 (The International Domain Name (IDN) support in Opera 7.54 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0236 (The International Domain Name (IDN) support in Omniweb 5 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0237 (The International Domain Name (IDN) support in Konqueror 3.2.1 on KDE ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0238 (The International Domain Name (IDN) support in Epiphany allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0239 (viewcert.php in the S/MIME plugin 0.4 and 0.5 for Squirrelmail allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0240 (Format string vulnerability in chdev on IBM AIX 5.2 allows local users ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0241 (The httpProcessReplyHeader function in http.c for Squid 2.5-STABLE7 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0242 (The Audio Setup Wizard (asw.dll) in Yahoo! Messenger 6.0.0.1750, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0243 (Yahoo! Messenger 6.0.0.1750, and possibly other versions before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0244 (PostgreSQL 8.0.0 and earlier allows local users to bypass the EXECUTE ...) BUG: 80342 CVE-2005-0245 (Buffer overflow in gram.y for PostgreSQL 8.0.0 and earlier may allow ...) BUG: 80342 CVE-2005-0246 (The intagg contrib module for PostgreSQL 8.0.0 and earlier allows ...) BUG: 80342 CVE-2005-0247 (Multiple buffer overflows in gram.y for PostgreSQL 8.0.1 and earlier ...) BUG: 81350 CVE-2005-0248 (The Solaris Management Console (SMC) GUI for Solaris 8 and 9, when ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0249 (Heap-based buffer overflow in the DEC2EXE module for Symantec ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0250 (Format string vulnerability in auditselect on IBM AIX 5.1, 5.2, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0251 (Cross-site scripting (XSS) vulnerability in bibindex.php for BibORB ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0252 (SQL injection vulnerability in BibORB 1.3.2, and possibly earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0253 (Directory traversal vulnerability in index.php for BibORB 1.3.2, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0254 (BibORB 1.3.2, and possibly earlier versions, does not properly enforce ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0255 (String handling functions in Mozilla 1.7.3, Firefox 1.0, and ...) BUG: 84075 BUG: 84074 BUG: 83267 CVE-2005-0256 (The wu_fnmatch function in wu_fnmatch.c in wu-ftpd 2.6.1 and 2.6.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0257 RESERVED CVE-2005-0258 (Directory traversal vulnerability in (1) usercp_register.php and (2) ...) BUG: 82955 CVE-2005-0259 (phpBB 2.0.11, and possibly other versions, with remote avatars and ...) BUG: 82955 CVE-2005-0260 (Stack-based buffer overflow in the Discovery Service for BrightStor ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0261 (lspath in AIX 5.2, 5.3, and possibly earlier versions, does not drop ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0262 (Buffer overflow in ipl_varyon on AIX 5.1, 5.2, and 5.3 allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0263 (Buffer overflow in netpmon on AIX 5.1, 5.2, and 5.3 allows local users ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0264 (Multiple cross-site scripting (XSS) vulnerabilities in browse.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0265 (Multiple SQL injection vulnerabilities in browse.php in OWL 0.7 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0266 (Cross-site scripting (XSS) vulnerability in index.php in SugarCRM 1.X ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0267 (index.php in FlatNuke 2.5.1 allows remote attackers to create an ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0268 (Direct code injection vulnerability in FlatNuke 2.5.1 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0269 (The file extension check in GNUBoard 3.40 and earlier only verifies ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0270 (Multiple cross-site scripting (XSS) vulnerabilities in ReviewPost PHP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0271 (Multiple SQL injection vulnerabilities in ReviewPost PHP Pro before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0272 (ReviewPost PHP Pro before 2.84 allows remote attackers to upload and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0273 (Multiple SQL injection vulnerabilities in showgallery.php in PhotoPost ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0274 (Multiple cross-site scripting (XSS) vulnerabilities in showgallery.php ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0275 (TFTP in 3Com 3CDaemon 2.0 revision 10 allows remote attackers to cause ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0276 (Multiple format string vulnerabilities in the FTP service in 3Com ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0277 (Buffer overflow in the FTP service in 3Com 3CDaemon 2.0 revision 10 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0278 (The FTP service in 3Com 3CDaemon 2.0 revision 10 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0279 (Soldner Secret Wars 30830 and earlier does not properly handle the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0280 (Format string vulnerability in Soldner Secret Wars 30830 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0281 (Cross-site scripting (XSS) vulnerability in the web interface in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0282 (SQL injection vulnerability in member.php in MyBulletinBoard (MyBB) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0283 (Directory traversal vulnerability in index.php in QwikiWiki allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0284 (SQL injection vulnerability in addentry.php in Woltlab Burning Book ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0285 (Webseries Payment Application does not properly restrict privileged ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0286 (eMotion MediaPartner Web Server 5.0 and 5.1 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0287 (Bottomline Webseries Payment Application allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0288 (The change password functionality in Bottomline Webseries Payment ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0289 (Apple AirPort Express prior to 6.1.1 and Extreme prior to 5.5.1, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0290 (NETGEAR FVS318 running firmware 2.4, and possibly other versions, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0291 (Cross-site scripting (XSS) vulnerability in the log viewer in NETGEAR ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0292 (Multiple SQL injection vulnerabilities in index.php in PHP Gift ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0293 (Directory traversal vulnerability in minis.php in Minis 0.2.1 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0294 (minis.php in Minis 0.2.1 allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0295 (npptnt2.sys in nProtect Gameguard provides unrestricted I/O to any ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0296 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0297 (SQL injection vulnerability in Oracle Database 9i and 10g allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0298 (The DIRECTORY objects in Oracle 8i through Oracle 10g contain the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0299 (Directory traversal vulnerability in GForge 3.3 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0300 (Directory traversal vulnerability in session.php in JSBoard 2.0.9 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0301 (comersus_backoffice_install10.asp in BackOffice Lite 6.0 and 6.01 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0302 (SQL injection vulnerability in default.asp in BackOffice Lite 6.0 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0303 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0304 (Directory traversal vulnerability in DivX Player 2.6 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0305 (CRLF injection vulnerability in users.php in Siteman 1.1.10 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0306 (MercuryBoard 1.1.1 allows remote attackers to gain sensitive ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0307 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0308 (Buffer overflow in the wsprintf function in W32Dasm 8.93 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0309 (Multiple cross-site scripting (XSS) vulnerabilities in (1) index.php ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0310 (Exponent 0.95 allows remote attackers to obtain sensitive information ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0311 (Ingate Firewall 4.1.3 and earlier does not terminate the PPTP session ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0312 (WarFTPD 1.82 RC9, when running as an NT service, allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0313 (Multiple directory traversal vulnerabilities in Magic Winmail Server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0314 (Cross-site scripting (XSS) vulnerability in user.php in Magic Winmail ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0315 (The FTP service in Magic Winmail Server 4.0 Build 1112 does not verify ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0316 (WebWasher Classic 2.2.1 and 3.3, when running in server mode, does not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0317 (Cross-site scripting (XSS) vulnerability in useredit_account.wdm in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0318 (useredit_account.wdm in Alt-N WebAdmin 3.0.4 does not properly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0319 (Direct remote injection vulnerability in modalfram.wdm in Alt-N ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0320 (Multiple cross-site scripting vulnerabilities in MERAK Mail Server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0321 (MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0322 (MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0 and Mail Server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0323 (Cross-site scripting (XSS) vulnerability in Infinite Mobile Delivery ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0324 (Infinite Mobile Delivery Webmail 2.6 allows remote attackers to gain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0325 (Xpand Rally 1.0.0.0 allows remote attackers or remote malicious game ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0326 (pafiledb.php in PaFileDB 3.1 allows remote attackers to gain sensitive ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0327 (pafiledb.php in Pafiledb 3.1 may allow remote attackers to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0328 (Zyxel P310, P314, P324 and Netgear RT311, RT314 running the latest ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0329 (Directory traversal vulnerability in ZipGenius 5.5 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0330 (Buffer overflow in Painkiller 1.35 and earlier, and possibly other ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0331 (Directory traversal vulnerability in WinRAR 3.42 and earlier, when the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0332 (Directory traversal vulnerability in DeskNow Mail and Collaboration ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0333 (LANChat Pro Revival 1.666c allows remote attackers to cause a denial ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0334 (Linksys PSUS4 running firmware 6032 allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0335 (Directory traversal vulnerability in EMotion MediaPartner Web Server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0336 (Cross-site scripting (XSS) vulnerability in EMotion MediaPartner Web ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0337 (Postfix 2.1.3, when /proc/net/if_inet6 is not available and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0338 (Buffer overflow in Savant Web Server 3.1 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0339 (Buffer overflow in Foxmail 2.0 allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0340 (Integer signedness error in Apple File Service (AFP Server) allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0341 (Apple Safari 1.2.4 does not obey the Content-type field in the HTTP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0342 (The Finder in Mac OS X and earlier allows local users to overwrite ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0343 (SQL injection vulnerability in PerlDesk 1.x allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0344 (Directory traversal vulnerability in 602LAN SUITE 2004.0.04.1221 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0345 (viewthread.php in php-fusion 4.x does not check the (1) forum_id or ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0346 (SafeNet SoftRemote VPN Client stores the VPN password (pre-shared key) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0347 (Integer overflow in RealArcade 1.2.0.994 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0348 (Directory traversal vulnerability in RealArcade 1.2.0.994 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0349 (The production release of the UniversalAgent for UNIX in BrightStor ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0350 (Heap-based buffer overflow in multiple F-Secure Anti-Virus and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0351 (Buffer overflow in (1) termsh, (2) atcronsh, and (3) auditsh in SCO ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0352 (Servers Alive 4.1 and 5.0, when running as a service, does not drop ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0353 (Buffer overflow in the Sentinel LM (Lservnt) service in the Sentinel ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0354 RESERVED CVE-2005-0355 RESERVED CVE-2005-0356 (Multiple TCP implementations with Protection Against Wrapped Sequence ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0357 (EMC Legato NetWorker, Sun Solstice Backup 6.0 and 6.1, and StorEdge ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0358 (EMC Legato NetWorker, Solstice Backup 6.0 and 6.1, and StorEdge ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0359 (The Legato PortMapper in EMC Legato NetWorker, Sun Solstice Backup 6.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0360 (The Microsoft Log Sink Class ActiveX control in pkmcore.dll is marked ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0361 RESERVED CVE-2005-0362 (awstats.pl in AWStats 6.2 allows remote attackers to execute arbitrary ...) BUG: 81775 BUG: 77963 CVE-2005-0363 (awstats.pl in AWStats 4.0 and 6.2 allows remote attackers to execute ...) BUG: 81775 BUG: 77963 CVE-2005-0364 (Unknown vulnerability in BIND 9.2.0 in HP-UX B.11.00, B.11.11, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0365 (The dcopidlng script in KDE 3.2.x and 3.3.x creates temporary files ...) BUG: 81652 CVE-2005-0366 (The integrity check feature in OpenPGP, when handling a message that ...) BUG: 85547 CVE-2005-0367 (Multiple directory traversal vulnerabilities in ArGoSoft Mail Server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0368 (Multiple SQL injection vulnerabilities in CMScore allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0369 (Armagetron 0.2.6.0 and earlier and Armagetron Advanced 0.2.7.0 earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0370 (Armagetron 0.2.6.0 and earlier and Armagetron Advanced 0.2.7.0 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0371 (Armagetron 0.2.6.0 and earlier and Armagetron Advanced 0.2.7.0 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0372 (Directory traversal vulnerability in gftp before 2.0.18 for GTK+ ...) BUG: 81994 CVE-2005-0373 (Buffer overflow in digestmd5.c CVS release 1.170 (also referred to as ...) BUG: 56016 CVE-2005-0374 (Cross-site scripting (XSS) vulnerability in Bitboard 2.5 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0375 (imageview.php in SGallery 1.01 allows remote attackers to obtain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0376 (PHP remote file inclusion vulnerability in SGallery 1.01 allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0377 (SQL injection vulnerability in imageview.php for SGallery 1.01 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0378 (Multiple cross-site scripting (XSS) vulnerabilities in Horde 3.0 allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0379 (Multiple directory traversal vulnerabilities in ZeroBoard 4.1pl5 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0380 (Multiple PHP remote file inclusion vulnerabilities in (1) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0381 (Cross-site scripting (XSS) vulnerability in f.aspx in forumKIT 1.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0382 (Breed patch 1 and earlier allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0383 (Trend Micro Control Manager 3.0 Enterprise Edition allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0384 (Unknown vulnerability in the PPP driver for the Linux kernel 2.6.8.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0385 (Buffer overflow in luxman before 0.41, if used with certain insecure ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0386 (Cross-site scripting (XSS) vulnerability in network.cgi in mailreader ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0387 (remstats 1.0.13 and earlier, when processing uptime data, allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0388 (Unknown vulnerability in the remoteping service in remstats 1.0.13 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0389 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0390 (Buffer overflow in the HTTP redirection capability in conn.c for Axel ...) BUG: 88264 CVE-2005-0391 (geneweb 4.10 and earlier does not properly check file permissions and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0392 (ppxp does not drop root privileges before opening log files, which ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0393 (The helper scripts for crip 3.5 do not properly use temporary files, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0394 RESERVED CVE-2005-0395 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0396 (Desktop Communication Protocol (DCOP) daemon, aka dcopserver, in KDE ...) BUG: 83814 CVE-2005-0397 (Format string vulnerability in the SetImageInfo function in image.c ...) BUG: 83542 CVE-2005-0398 (The KAME racoon daemon in ipsec-tools before 0.5 allows remote ...) BUG: 84479 CVE-2005-0399 (Heap-based buffer overflow in GIF2.cpp in Firefox before 1.0.2, ...) BUG: 84075 BUG: 86148 BUG: 84074 CVE-2005-0400 (The ext2_make_empty function call in the Linux kernel before 2.6.11.6 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0401 (FireFox 1.0.1 and Mozilla before 1.7.6 do not sufficiently address all ...) BUG: 86148 BUG: 84074 CVE-2005-0402 (Firefox before 1.0.2 allows remote attackers to execute arbitrary code ...) BUG: 86148 CVE-2005-0403 (init_dev in tty_io.c in the Red Hat backport of NPTL to Red Hat ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0404 (KMail 1.7.1 in KDE 3.3.2 allows remote attackers to spoof email ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0405 RESERVED CVE-2005-0406 (A design flaw in image processing software that modifies JPEG images ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0407 (Cross-site scripting (XSS) vulnerability in Openconf 1.04, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0408 (CitrusDB 0.3.6 and earlier generates easily predictable MD5 hashes of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0409 (CitrusDB 0.3.6 and earlier does not verify authorization for the (1) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0410 (SQL injection vulnerability in importcc.php for CitrusDB 0.3.6 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0411 (Directory traversal vulnerability in index.php for CitrusDB 0.3.6 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0412 (Cross-site scripting (XSS) vulnerability in Spidean PostWrap allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0413 (Multiple SQL injection vulnerabilities in MyPHP Forum 1.0 allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0414 (SQL injection vulnerability in post.php for MercuryBoard 1.1.1 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0415 (Multiple memory leaks in the MQL parser in Emdros before 1.1.22 allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0416 (The Windows Animated Cursor (ANI) capability in Windows NT, Windows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0417 (Unknown "high risk" vulnerability in DB2 Universal Database 8.1 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0418 (Argument injection vulnerability in Java Web Start for J2SE 1.4.2 up ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0419 (Multiple heap-based buffer overflows in 3Com 3CServer allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0420 (Microsoft Outlook Web Access (OWA), when used with Exchange, allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0421 (DelphiTurk FTP 1.0 stores usernames and passwords in the profile.dat ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0422 (DelphiTurk CodeBank (aka KodBank) 3.1 and earlier stores usernames and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0423 (SQL injection vulnerability in login.asp in ASPjar Guestbook allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0424 (Unknown vulnerability in the delete.asp program in certain versions of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0425 (Unknown vulnerability in IBM Websphere Application Server 5.0, 5.1, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0426 (Unknown vulnerability in Solaris 8 and 9 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0427 (The ebuild of Webmin before 1.170-r3 on Gentoo Linux includes the ...) BUG: 77731 CVE-2005-0428 (The DNSPacket::expand method in dnspacket.cc in PowerDNS before 2.9.17 ...) BUG: 80713 CVE-2005-0429 (Direct code injection vulnerability in forumdisplay.php in vBulletin ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0430 (The Quake 3 engine, as used in multiple game packages, allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0431 (Barracuda Spam Firewall 3.1.10 and earlier does not restrict the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0432 (BEA WebLogic Server 7.0 Service Pack 5 and earlier, and 8.1 Service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0433 (Php-Nuke 7.5 allows remote attackers to determine the full path of the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0434 (Multiple cross-site scripting (XSS) vulnerabilities in Php-Nuke 7.5 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0435 (awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to read ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0436 (Direct code injection vulnerability in awstats.pl in AWStats 6.3 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0437 (Directory traversal vulnerability in awstats.pl in AWStats 6.3 and 6.4 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0438 (awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to obtain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0439 (Buffer overflow in the decode_post function in ELOG before 2.5.7 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0440 (ELOG before 2.5.7 allows remote attackers to bypass authentication and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0441 (Multiple stack-based buffer overflows in Sybase Adaptive Server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0442 (Directory traversal vulnerability in index.php for CubeCart 2.0.4 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0443 (index.php in CubeCart 2.0.4 allows remote attackers to (1) obtain the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0444 (VMware before 4.5.2.8848-r5 searches for gdk-pixbuf shared libraries ...) BUG: 81344 CVE-2005-0445 (Cross-site scripting (XSS) vulnerability in Open WebMail 2.x allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0446 (Squid 2.5.STABLE8 and earlier allows remote attackers to cause a ...) BUG: 81997 CVE-2005-0447 (Solaris 7, 8, and 9 allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0448 (Race condition in the rmtree function in File::Path.pm in Perl before ...) BUG: 79685 BUG: 78634 BUG: 75696 CVE-2005-0449 (The netfilter/iptables module in Linux before 2.6.8.1 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0450 (Directory traversal vulnerability in Sami HTTP Server 1.0.5 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0451 (Sami HTTP Server 1.0.5 allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0452 (Multiple cross-site scripting (XSS) vulnerabilities in Microsoft ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0453 (The buffer_urldecode function in Lighttpd 1.3.7 and earlier does not ...) BUG: 81776 CVE-2005-0454 (Multiple SQL injection vulnerabilities in DCP-Portal 6.1.1 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0455 (Stack-based buffer overflow in the CSmil1Parser::testAttributeFailed ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0456 (Opera 7.54 and earlier does not properly validate base64 encoded ...) BUG: 81747 BUG: 74321 BUG: 74076 BUG: 73871 CVE-2005-0457 (Opera 7.54 and earlier on Gentoo Linux uses an insecure path for ...) BUG: 81747 BUG: 74321 BUG: 74076 BUG: 73871 CVE-2005-0458 (Cross-site scripting (XSS) vulnerability in contact_us.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0459 (phpMyAdmin 2.6.2-dev, and possibly earlier versions, allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0460 (index.php in MercuryBoard 1.0.x and 1.1.x allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0461 (Unknown vulnerability in NewsBruiser 2.x before 2.6.1 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0462 (Cross-site scripting (XSS) vulnerability in MercuryBoard 1.0.x and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0463 (Unknown "major security flaws" in Ulog-php before 1.0, related to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0464 (gr_osview in SGI IRIX 6.5.22, and possibly other 6.5 versions, does ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0465 (gr_osview in SGI IRIX does not drop privileges before opening files, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0466 RESERVED CVE-2005-0467 (Multiple integer overflows in the (1) sftp_pkt_getstring and (2) ...) BUG: 82753 CVE-2005-0468 (Heap-based buffer overflow in the env_opt_add function in telnet.c for ...) BUG: 89861 BUG: 87145 BUG: 87019 CVE-2005-0469 (Buffer overflow in the slc_add_reply function in various BSD-based ...) BUG: 89861 BUG: 87145 BUG: 87019 BUG: 87211 CVE-2005-0470 (Buffer overflow in wpa_supplicant before 0.2.7 allows remote attackers ...) BUG: 81993 CVE-2005-0471 (Sun Java JRE 1.1.x through 1.4.x writes temporary files with long ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0472 (Gaim before 1.1.3 allows remote attackers to cause a denial of service ...) BUG: 83253 CVE-2005-0473 (The HTML parsing functions in Gaim before 1.1.3 allow remote attackers ...) BUG: 83253 CVE-2005-0474 (SQL injection vulnerability in the user_valid_crypt function in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0475 (SQL injection vulnerability in paFAQ Beta4, and possibly other ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0476 (Cross-site scripting (XSS) vulnerability in hpm_guestbook.cgi allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0477 (Cross-site scripting (XSS) vulnerability in the SML code for Invision ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0478 (Multiple buffer overflows in TrackerCam 5.12 and earlier allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0479 (Directory traversal vulnerability in ComGetLogFile.php3 for TrackerCam ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0480 (Cross-site scripting (XSS) vulnerability in TrackerCam 5.12 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0481 (TrackerCam 5.12 and earlier allows remote attackers to read log files ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0482 (TrackerCam 5.12 and earlier allows remote attackers to cause a denial ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0483 (Multiple directory traversal vulnerabilities in sitenfo.sh, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0484 (Format string vulnerability in gprostats for GProFTPD before 8.1.9 may ...) BUG: 81894 CVE-2005-0485 (Cross-site scripting (XSS) vulnerability in comment.php for paNews ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0486 (Tarantella Secure Global Desktop Enterprise Edition 4.00 and 3.42, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0487 (Cross-site scripting (XSS) vulnerability in index.php for Kayako ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0488 (Certain BSD-based Telnet clients, including those used on Solaris and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0489 (The /proc handling (proc/base.c) Linux kernel 2.4 before 2.4.17 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0490 (Multiple stack-based buffer overflows in libcURL and cURL 7.12.1, and ...) BUG: 82534 CVE-2005-0491 (Stack-based buffer overflow in Knox Arkeia Server Backup 5.3.x allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0492 (Adobe Acrobat Reader 6.0.3 and 7.0.0 allows remote attackers to cause ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0493 (CRLF injection vulnerability in bizmail.cgi in Biz Mail Form before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0494 (The RgSecurity form in the HTTP server for the Thomson TCW690 cable ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0495 (Cross-site scripting (XSS) vulnerability in ZeroBoard allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0496 (Arkeia Network Backup Client 5.x contains hard-coded credentials that ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0497 (ADP Elite System Max 9000 allows remote authenticated users to gain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0498 (Gigafast router (aka CompUSA router) allows remote attackers to gain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0499 (Gigafast router (aka CompUSA router) with the DNS proxy option enabled ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0500 (Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0501 (Buffer overflow in Bontago 1.1 and earlier allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0502 (Directory traversal vulnerability in Xinkaa 1.0.3 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0503 (uim before 0.4.5.1 trusts certain environment variables when libUIM is ...) BUG: 82678 CVE-2005-0504 (Buffer overflow in the MoxaDriverIoctl function for the moxa serial ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0505 (Unknown vulnerability in Information Resource Manager (IRM) before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0506 (The Avaya IP Office Phone Manager, and other products such as the IP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0507 (Directory traversal vulnerability in SD Server 4.0.70 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0508 (Unknown vulnerability in Squiggle for Batik before 1.5.1 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0509 (Multiple cross-site scripting (XSS) vulnerabilities in the Mono 1.0.5 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0510 (The daemon for fallback-reboot before 0.995 allows attackers to cause ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0511 (misc.php for vBulletin 3.0.6 and earlier, when "Add Template Name in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0512 (PHP remote file inclusion vulnerability in Tar.php in Mambo 4.5.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0513 (PHP remote file inclusion vulnerability in mail_autocheck.php in the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0514 (Cross-site scripting (XSS) vulnerability in Verity Ultraseek before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0515 (Smc.exe in My Firewall Plus 5.0 build 1117, and possibly other ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0516 (The ImageGalleryPlugin (ImageGalleryPlugin.pm) in Twiki allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0517 (PeerFTP_5 stores sensitive information such as passwords in plaintext ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0518 (eXeem 0.21 stores sensitive information such as passwords in plaintext ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0519 (ArGoSoft FTP Server before 1.4.2.7 allows remote attackers to read ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0520 (ArGoSoft FTP Server before 1.4.2.8 allows remote attackers to read ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0521 (SendLink 1.5 stores sensitive information, possibly including ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0522 (Chat Anywhere 2.72a stores sensitive information such as passwords in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0523 (Format string vulnerability in ProZilla 1.3.7.3 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0524 (The php_handle_iff function in image.c for PHP 4.2.2, 4.3.9, 4.3.10 ...) BUG: 87517 CVE-2005-0525 (The php_next_marker function in image.c for PHP 4.2.2, 4.3.9, 4.3.10 ...) BUG: 87517 CVE-2005-0526 (Multiple cross-site scripting (XSS) vulnerabilities in PBLang 4.65 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0527 (Firefox 1.0 allows remote attackers to execute arbitrary code via ...) BUG: 84074 BUG: 83267 CVE-2005-0528 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0529 (Linux kernel 2.6.10 and 2.6.11rc1-bk6 uses different size types for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0530 (Signedness error in the copy_from_read_buf function in n_tty.c for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0531 (The atm_get_addr function in addr.c for Linux kernel 2.6.10 and 2.6.11 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0532 (The reiserfs_copy_from_user_to_file_region function in reiserfs/file.c ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0533 (Heap-based buffer overflow in Trend Micro AntiVirus Library VSAPI ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0534 (Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki 1.3.x ...) BUG: 82954 BUG: 80729 CVE-2005-0535 (Cross-site request forgery (CSRF) vulnerability in MediaWiki 1.3.x ...) BUG: 82954 BUG: 80729 CVE-2005-0536 (Directory traversal vulnerability in MediaWiki 1.3.x before 1.3.11 and ...) BUG: 82954 BUG: 80729 CVE-2005-0537 (Multiple SQL injection vulnerabilities in page.php for iGeneric (iG) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0538 (Directory traversal vulnerability in (1) GinpPictureServlet.java and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0539 (Unknown vulnerability in IBM Hardware Management Console (HMC) before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0540 (Cyclades AlterPath Manager (APM) Console Server 1.2.1 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0541 (consoleConnect.jsp in Cyclades AlterPath Manager (APM) Console Server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0542 (saveUser.do in Cyclades AlterPath Manager (APM) Console Server 1.2.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0543 (Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.6.1 allows ...) BUG: 83792 BUG: 83190 CVE-2005-0544 (phpMyAdmin 2.6.1 allows remote attackers to obtain the full path of ...) BUG: 83792 BUG: 83190 CVE-2005-0545 (Microsoft Windows XP Pro SP2 and Windows 2000 Server SP4 running ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0546 (Multiple buffer overflows in Cyrus IMAPd before 2.2.11 may allow ...) BUG: 82404 CVE-2005-0547 (Unknown vulnerability in ftpd on HP-UX B.11.00, B.11.04, B.11.11, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0548 (Cross-site scripting (XSS) vulnerability in Solaris AnswerBook2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0549 (Cross-site scripting (XSS) vulnerability in Solaris AnswerBook2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0550 (Buffer overflow in Microsoft Windows 2000, Windows XP SP1 and SP2, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0551 (Stack-based buffer overflow in WINSRV.DLL in the Client Server Runtime ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0552 RESERVED CVE-2005-0553 (Race condition in the memory management routines in the DHTML object ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0554 (Buffer overflow in the URL processor of Microsoft Internet Explorer ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0555 (Buffer overflow in the Content Advisor in Microsoft Internet Explorer ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0556 RESERVED CVE-2005-0557 RESERVED CVE-2005-0558 (Buffer overflow in Microsoft Word 2000, Word 2002, and Word 2003 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0559 RESERVED CVE-2005-0560 (Heap-based buffer overflow in the SvrAppendReceivedChunk function in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0561 RESERVED CVE-2005-0562 (GIF file validation error in MSN Messenger 6.2 allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0563 (Cross-site scripting (XSS) vulnerability in Microsoft Outlook Web ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0564 (Stack-based buffer overflow in Microsoft Word 2000 and Word 2002, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0565 (The Announce module in phpWebSite 0.10.0 and earlier allows remote ...) BUG: 83297 CVE-2005-0566 (Buffer overflow in Golden FTP Server Pro (goldenftpd) 2.x allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0567 (Multiple PHP remote file inclusion vulnerabilities in phpMyAdmin 2.6.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0568 (Soldier of Fortune II 1.03 gold allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0569 (Multiple SQL injection vulnerabilities in PunBB 1.2.1 allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0570 (profile.php in PunBB 1.2.1 allows remote attackers to cause a denial ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0571 (admin_loader.php in PunBB 1.2.1 allows remote attackers to read ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0572 (index.php in phpWebSite 0.10.0 and earlier allows remote attackers to ...) BUG: 83297 CVE-2005-0573 (Gaim 1.1.3 on Windows systems allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0574 (Directory traversal vulnerability in CIS WebServer 3.5.13 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0575 (Buffer overflow in Stormy Studios Knet 1.04c and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0576 (Unknown vulnerability in Standard Type Services Framework (STSF) Font ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0577 (Format string vulnerability in DNA MKBold-MKItalic 0.06_1 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0578 (Firefox before 1.0.1 and Mozilla Suite before 1.7.6 use a predictable ...) BUG: 84074 BUG: 83267 CVE-2005-0579 (nxagent in FreeNX before 0.2.8 does not properly handle when the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0580 (cmd5checkpw, when running setuid, does not properly drop privileges ...) BUG: 78256 CVE-2005-0581 (Multiple buffer overflows in Computer Associates (CA) License Client ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0582 (Buffer overflow in Computer Associates (CA) License Client 0.1.0.15 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0583 (Directory traversal vulnerability in Computer Associates (CA) License ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0584 (Firefox before 1.0.1 and Mozilla before 1.7.6, when displaying the ...) BUG: 84074 BUG: 83267 CVE-2005-0585 (Firefox before 1.0.1 and Mozilla before 1.7.6 truncates long ...) BUG: 84074 BUG: 83267 CVE-2005-0586 (Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious ...) BUG: 83267 CVE-2005-0587 (Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0588 (Firefox before 1.0.1 and Mozilla before 1.7.6 does not restrict ...) BUG: 84074 BUG: 83267 CVE-2005-0589 (The Form Fill feature in Firefox before 1.0.1 allows remote attackers ...) BUG: 83267 CVE-2005-0590 (The installation confirmation dialog in Firefox before 1.0.1, ...) BUG: 84075 BUG: 84074 BUG: 83267 CVE-2005-0591 (Firefox before 1.0.1 allows remote attackers to spoof the (1) security ...) BUG: 84074 BUG: 83267 CVE-2005-0592 (Heap-based buffer overflow in the UTF8ToNewUnicode function for ...) BUG: 84075 BUG: 84074 BUG: 83267 CVE-2005-0593 (Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote attackers ...) BUG: 84074 BUG: 83267 CVE-2005-0594 (Buffer overflow in the Netinfo Setup Tool (NeST) allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0595 (Buffer overflow in ext.dll in BadBlue 2.55 allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0596 (PHP 4 (PHP4) allows attackers to cause a denial of service (daemon ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0597 (Cisco devices running Application and Content Networking System (ACNS) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0598 (The RealServer RealSubscriber on Cisco devices running Application and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0599 (Cisco devices running Application and Content Networking System (ACNS) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0600 (Cisco devices running Application and Content Networking System (ACNS) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0601 (Cisco devices running Application and Content Networking System (ACNS) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0602 (Unzip 5.51 and earlier does not properly warn the user when extracting ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0603 (viewtopic.php in phpBB 2.0.12 and earlier allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0604 (lnss.exe in GFI Languard Network Security Scanner 5.0 stores the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0605 (scan.c for LibXPM may allow attackers to execute arbitrary code via a ...) BUG: 83656 BUG: 83655 BUG: 83598 CVE-2005-0606 (Cross-site scripting (XSS) vulnerability in settings.inc.php for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0607 (CubeCart 2.0.0 through 2.0.5 allows remote attackers to determine the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0608 (Heap-based buffer overflow in server.cpp for WebMod 0.47 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0609 RESERVED CVE-2005-0610 (Multiple symlink vulnerabilities in portupgrade before 20041226_2 in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0611 (Heap-based buffer overflow in RealNetworks RealPlayer 10.5 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0612 (Cisco IP/VC Videoconferencing System 3510, 3520, 3525 and 3530 contain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0613 (Unknown vulnerability in FCKeditor 2.0 RC2, when used with PHP-Nuke, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0614 (sessions.php in phpBB 2.0.12 and earlier allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0615 (Multiple SQL injection vulnerabilities in (1) index.php, (2) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0616 (Multiple cross-site scripting (XSS) vulnerabilities in the Download ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0617 (SQL injection vulnerability in dl-search.php in PostNuke 0.750 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0618 (The SMTP binding function in Symantec Firewall/VPN Appliance 200/200R ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0619 (Einstein 1.0.1 stores sensitive information such as usernames and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0620 (Einstein 1.0 stores credit card information in plaintext in the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0621 (Scrapland 1.0 and earlier allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0622 (RaidenHTTPD 1.1.32, and possibly other versions before 1.1.34, allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0623 (Buffer overflow in RaidenHTTPD 1.1.32, and possibly other versions ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0624 (reportbug before 2.62 creates the .reportbugrc configuration file with ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0625 (reportbug 3.2 includes settings from .reportbugrc in bug reports, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0626 (Race condition in Squid 2.5.STABLE7 to 2.5.STABLE9, when using the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0627 (Qt before 3.3.4 searches the BUILD_PREFIX directory, which could be ...) BUG: 75181 CVE-2005-0628 (Multiple cross-site scripting (XSS) vulnerabilities in Forumwa 1.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0629 (Multiple cross-site scripting (XSS) vulnerabilities in profile.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0630 (sendpm.php in PBLang 4.63 allows remote authenticated users to read ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0631 (delpm.php in PBLang 4.63 allows remote authenticated users to delete ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0632 (PHP remote file inclusion vulnerability in auth.php in PHPNews 1.2.4 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0633 (Buffer overflow in Trillian 3.0 and Pro 3.0 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0634 (Buffer overflow in Golden FTP Server 1.92 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0635 (Buffer overflow in Foxmail Server 2.0 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0636 (Format string vulnerability in Foxmail Server 2.0 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0637 (The copy functions in locore.s such as copyout in OpenBSD 3.5 and 3.6, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0638 (xloadimage before 4.1-r2, and xli before 1.17, allows attackers to ...) BUG: 79762 CVE-2005-0639 (Multiple vulnerabilities in xli before 1.17 may allow remote attackers ...) BUG: 79762 CVE-2005-0640 (Computer Associates (CA) Unicenter Asset Management (UAM) 4.0 does not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0641 (Cross-site scripting (XSS) vulnerability in the Reporter for Computer ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0642 (SQL injection vulnerability in the Query Designer for Computer ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0643 (Buffer overflow in McAfee Scan Engine 4320 with DAT version before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0644 (Buffer overflow in McAfee Scan Engine 4320 with DAT version before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0645 (Cross-site scripting (XSS) vulnerability in show.inc.php in cuteNews ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0646 (SQL injection vulnerability in auth.php in paNews 2.0.4b allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0647 (admin_setup.php in paNews 2.0.4b allows remote attackers to inject ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0648 (Multiple vulnerabilities in Pixel-Apes SafeHTML before 1.3.0 allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0649 (Pixel-Apes SafeHTML before 1.2.1 allows remote attackers to bypass ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0650 (Multiple cross-site scripting (XSS) vulnerabilities in ProjectBB ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0651 (Multiple SQL injection vulnerabilities in ProjectBB 0.4.5.1 allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0652 (Unknown vulnerability in HP OpenVMS VAX 7.x and 6.x and OpenVMS Alpha ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0653 (phpMyAdmin 2.6.1 does not properly grant permissions on tables with an ...) BUG: 83792 BUG: 83190 CVE-2005-0654 (gifload.exe in GIMP 2.0.5, 2.2.3, and possibly 2.2.4 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0655 (auraCMS 1.5 allows remote attackers to obtain sensitive information ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0656 (Multiple cross-site scripting (XSS) vulnerabilities in auraCMS 1.5 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0657 (Directory traversal vulnerability in Computalynx CProxy 3.3.x and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0658 (SQL injection vulnerability in a third party extension to TYPO3 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0659 (phpBB 2.0.13 and earlier allows remote attackers to obtain sensitive ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0660 (Multiple cross-site scripting (XSS) vulnerabilities in D-Forum 1.11 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0661 (SQL injection vulnerability in the getwbbuserdata function in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0662 (Cross-site scripting (XSS) vulnerability in index.php for MercuryBoard ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0663 (SQL injection vulnerability in index.php for MercuryBoard 1.1.2 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0664 (Buffer overflow in the EXIF library (libexif) 0.6.9 does not properly ...) BUG: 84076 CVE-2005-0665 (Format string vulnerability in xv before 3.10a allows remote attackers ...) BUG: 83686 CVE-2005-0666 (Unknown vulnerability in PaX from the September 2003 release to 2.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0667 (Buffer overflow in Sylpheed before 1.0.3 and other versions before ...) BUG: 84056 CVE-2005-0668 (Unknown vulnerability in HTTP Anti Virus Proxy (HAVP) before 0.51 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0669 (Multiple SQL injection vulnerabilities in mod.php for phpCOIN 1.2.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0670 (Cross-site scripting (XSS) vulnerability in phpCOIN 1.2.0 through ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0671 (Format string vulnerability in Carsten's 3D Engine (Ca3DE), March 2004 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0672 (Carsten's 3D Engine (Ca3DE), March 2004 version and earlier, allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0673 (Cross-site scripting (XSS) vulnerability in usercp_register.php for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0674 (Cross-site scripting (XSS) vulnerability in the News module for paBox ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0675 (Cross-site scripting (XSS) vulnerability in index.php for Zorum 3.5 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0676 (index.php in Zorum 3.5 allows remote attackers to trigger an SQL ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0677 (index.php for Zorum 3.5 allows remote attackers to perform certain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0678 (PHP remote file inclusion vulnerability in formmail.inc.php for Form ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0679 (PHP remote file inclusion vulnerability in tell_a_friend.inc.php for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0680 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0681 (Nokia Symbian 60 allows remote attackers to cause a denial of service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0682 (Cross-site scripting (XSS) vulnerability in common.inc in Drupal ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0683 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0684 (Multiple buffer overflows in the web tool for MySQL MaxDB before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0685 (Multiple access validation errors in OutStart Participate Enterprise ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0686 (Integer overflow in mlterm 2.5.0 through 2.9.1, with gdk-pixbuf ...) BUG: 84174 CVE-2005-0687 (Format string vulnerability in Hashcash 1.16 allows remote attackers ...) BUG: 83541 CVE-2005-0688 (Windows Server 2003 and XP SP2, with Windows Firewall turned off, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0689 (includer.cgi in The Includer allows remote attackers to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0690 (Gene6 FTP Server does not properly restrict access to the control ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0691 (PHP remote file inclusion vulnerability in article mode for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0692 (Cross-site scripting (XSS) vulnerability in fusion_core.php for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0693 (Buffer overflow in JoWood Chaser 1.50 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0694 (Hosting Controller 6.1 Hotfix 1.7 and earlier stores log files under ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0695 (The password recovery feature (forgotpassword.asp) in Hosting ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0696 (Buffer overflow in ArGoSoft FTP Server 1.4.2.8 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0697 (SQL injection vulnerability in the process_picture function ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0698 (PHP remote file inclusion vulnerability in PHPWebLog 0.5.3 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0699 (Multiple buffer overflows in the dissect_a11_radius function in the ...) BUG: 84547 CVE-2005-0700 (The export_index action in myadmin.php for Aztek Forum 4.0 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0701 (Directory traversal vulnerability in Oracle Database Server 8i and 9i ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0702 (SQL injection vulnerability in phpMyFAQ 1.4 and 1.5 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0703 (Xerox MicroServer Web Server for various WorkCentre products including ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0704 (Buffer overflow in the Etheric dissector in Ethereal 0.10.7 through ...) BUG: 84547 CVE-2005-0705 (The GPRS-LLC dissector in Ethereal 0.10.7 through 0.10.9, with the ...) BUG: 84547 CVE-2005-0706 (Buffer overflow in discdb.c for grip 3.1.2 allows attackers to cause a ...) BUG: 84936 BUG: 84704 CVE-2005-0707 (Buffer overflow in the IMAP daemon (IMAP4d32.exe) for Ipswitch ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0708 (The sendfile system call in FreeBSD 4.8 through 4.11 and 5 through 5.4 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0709 (MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote ...) BUG: 84819 CVE-2005-0710 (MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote ...) BUG: 84819 CVE-2005-0711 (MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, uses predictable ...) BUG: 84819 CVE-2005-0712 (Mac OS X before 10.3.8 users world-writable permissions for certain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0713 (The Bluetooth Setup Assistant for Mac OS X before 10.3.8 can be ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0714 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0715 (AFP Server in Mac OS X before 10.3.8 uses insecure permissions for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0716 (Stack-based buffer overflow in the Core Foundation Library in Mac OS X ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0717 RESERVED CVE-2005-0718 (Squid 2.5.STABLE7 and earlier allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0719 (Unknown vulnerability in the systems message queue in HP Tru64 Unix ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0720 (PHP remote file inclusion vulnerability in admin/header.php in PHP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0721 (PHP remote file inclusion vulnerability in modules.php in eXPerience2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0722 (eXPerience2 allows remote attackers to obtain the full path for the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0723 (Cross-site scripting (XSS) vulnerability in the jumpmenu function in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0724 (paFileDB 3.1 and earlier allows remote attackers to obtain sensitive ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0725 (SQL injection vulnerability in the getAllbyArticle function in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0726 (SQL injection vulnerability in editpost.php in UBB.threads 6.0 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0727 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0728 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0729 (Format string vulnerability in Xpand Rally 1.1.0.0 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0730 (PY Software Active Webcam WebServer (webcam.exe) 5.5 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0731 (PY Software Active Webcam WebServer (webcam.exe) 5.5 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0732 (PY Software Active Webcam WebServer (webcam.exe) 5.5 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0733 (PY Software Active Webcam WebServer (webcam.exe) 5.5 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0734 (PY Software Active Webcam WebServer (webcam.exe) 5.5 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0735 (newsscript.pl for NewsScript allows remote attackers to gain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0736 (Integer overflow in sys_epoll_wait in eventpoll.c for Linux kernel 2.6 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0737 (Buffer overflow in Yahoo! Messenger allows remote attackers to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0738 (Stack consumption vulnerability in Microsoft Exchange Server 2003 SP1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0739 (The IAPP dissector (packet-iapp.c) for Ethereal 0.9.1 to 0.10.9 does ...) BUG: 84547 CVE-2005-0740 (The TCP stack (tcp_input.c) in OpenBSD 3.5 and 3.6 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0741 (Cross-site scripting (XSS) vulnerability in YaBB.pl for YaBB 2.0 RC1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0742 (Cross-site scripting (XSS) vulnerability in Sun Java System ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0743 (The custom avatar uploading feature (uploader.php) for XOOPS 2.0.9.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0744 (The web GUI for Novell iChain 2.2 and 2.3 SP2 and SP3 allows attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0745 (UTStarcom iAN-02EX VoIP Analog Terminal Adaptor (ATA) allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0746 (The Mini FTP server in Novell iChain 2.2 and 2.3 SP2 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0747 (ApplyYourself i-Class allows remote attackers to obtain sensitive ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0748 (PHP remote file inclusion vulnerability in initdb.php for WEBInsta ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0749 (The load_elf_library in the Linux kernel before 2.6.11.6 allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0750 (The bluez_sock_create function in the Bluetooth stack for Linux kernel ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0751 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0752 (The Plugin Finder Service (PFS) in Firefox before 1.0.3 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0753 (Buffer overflow in CVS before 1.11.20 allows remote attackers to ...) BUG: 89579 BUG: 86476 CVE-2005-0754 (Kommander in KDE 3.2 through KDE 3.4.0 executes data files without ...) BUG: 89092 CVE-2005-0755 (Heap-based buffer overflow in RealPlayer 10 and earlier, Helix Player ...) BUG: 89862 CVE-2005-0756 (ptrace in Linux kernel 2.6.8.1 does not properly verify addresses on ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0757 (The xattr file system code, as backported in Red Hat Enterprise Linux ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0758 (zgrep in gzip before 1.3.5 does not properly sanitize arguments, which ...) BUG: 90626 BUG: 89946 CVE-2005-0759 (ImageMagick before 6.0 allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0760 (The TIFF decoder in ImageMagick before 6.0 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0761 (Unknown vulnerability in ImageMagick before 6.1.8 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0762 (Heap-based buffer overflow in the SGI parser in ImageMagick before 6.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0763 (Buffer overflow in Midnight Commander (mc) 4.5.55 and earlier may ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0764 (Buffer overflow in command.C for rxvt-unicode before 5.3 allows remote ...) BUG: 84680 CVE-2005-0765 (Unknown vulnerability in the JXTA dissector in Ethereal 0.10.9 allows ...) BUG: 84547 CVE-2005-0766 (Unknown vulnerability in the sFlow dissector in Ethereal 0.9.14 ...) BUG: 84547 CVE-2005-0767 (Race condition in the Radeon DRI driver for Linux kernel 2.6.8.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0768 (Buffer overflow in the administration web server for GoodTech Telnet ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0769 (Multiple buffer overflows in OpenSLP before 1.1.5 allow remote ...) BUG: 85347 CVE-2005-0770 (Format string vulnerability in DataRescue Interactive Disassembler and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0771 (VERITAS Backup Exec Server (beserver.exe) 9.0 through 10.0 for Windows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0772 (VERITAS Backup Exec 9.0 through 10.0 for Windows Servers, and 9.0.4019 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0773 (Stack-based buffer overflow in VERITAS Backup Exec Remote Agent 9.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0774 (SQL injection vulnerability in member.php and possibly other scripts ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0775 (The reportpost action in misc.php for PhotoPost PHP 5.0 RC3 does not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0776 (adm-photo.php in PhotoPost PHP 5.0 RC3 does not properly verify ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0777 (Multiple cross-site scripting (XSS) vulnerabilities in PhotoPost PHP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0778 (PhotoPost PHP 5.0 RC3 does not fully verify that an uploaded file is ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0779 (PlatinumFTP 1.0.18, and possibly earlier versions, allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0780 (paFileDB 3.1 and earlier allows remote attackers to obtain sensitive ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0781 (SQL injection vulnerability in (1) viewall.php and (2) category.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0782 (Cross-site scripting (XSS) vulnerability in (1) viewall.php and (2) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0783 (Cross-site scripting (XSS) vulnerability in Phorum before 5.0.14a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0784 (Multiple cross-site scripting (XSS) vulnerabilities in Phorum before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0785 (Cross-site scripting (XSS) vulnerability in usersrecentposts in YaBB ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0786 (SQL injection vulnerability in gb_new.inc in SimpGB allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0787 (Wine 20050211 and earlier creates temp files with world readable ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0788 (LimeWire 4.1.2 through 4.5.6 allows remote attackers to read arbitrary ...) BUG: 85380 CVE-2005-0789 (Directory traversal vulnerability in LimeWire 3.9.6 through 4.6.0 ...) BUG: 85380 CVE-2005-0790 (phpAdsNew 2.0.4 allows remote attackers to obtain sensitive ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0791 (Cross-site scripting (XSS) vulnerability in adframe.php in phpAdsNew ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0792 (SQL injection vulnerability in ZPanel 2.0 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0793 (PHP remote file inclusion vulnerability in zpanel.php in ZPanel allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0794 (ZPanel 2.0 and 2.5 beta 10 does not remove or protect installation ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0795 (HolaCMS 1.4.9 does not restrict file access to the holaDB/votes ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0796 (Directory traversal vulnerability in HolaCMS 1.4.9-1 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0797 (Novell iChain Mini FTP Server 2.3 displays different error messages ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0798 (Novell iChain Mini FTP Server 2.3, and possibly earlier versions, does ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0799 (MySQL 4.1.9, and possibly earlier versions, allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0800 (PHP remote file inclusion vulnerability in install.php in mcNews 1.3 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0801 (Directory traversal vulnerability in includer.cgi in The Includer ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0802 (Cross-site scripting (XSS) vulnerability in search.asp in ACS Blog 0.8 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0803 (The GetEnhMetaFilePaletteEntries API in GDI32.DLL in Windows 2000 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0804 (Format string vulnerability in MailEnable 1.8 allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0805 (SQL injection vulnerability in index.php in Subdreamer Light, when ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0806 (Evolution 2.0.3 allows remote attackers to cause a denial of service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0807 (Multiple buffer overflows in Cain & Abel before 2.67 allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0808 (Apache Tomcat before 5.x allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0809 (NotifyLink, when configured for client key retrieval, allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0810 (SQL injection vulnerability in NotifyLink before 3.0 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0811 (The web interface in NotifyLink 3.0 does not properly restrict access ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0812 (The web interface in NotifyLink 3.0 displays passwords in cleartext on ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0813 (Buffer overflow in Initial Redirect (ir) Squid Proxy Plug-In 0.1 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0814 (Unknown vulnerability in lshd in Lysator LSH 1.x and 2.x before 2.0.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0815 (Multiple "range checking flaws" in the ISO9660 filesystem handler in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0816 (Buffer overflow in newgrp in Solaris 7 through 9 allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0817 (Unknown vulnerability in the DNSd proxy, as used in Symantec Gateway ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0818 (Cross-site scripting (XSS) vulnerability in PunBB 1.2.3 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0819 (The xvesa code in Novell Netware 6.5 SP2 and SP3 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0820 (Microsoft Office InfoPath 2003 SP1 includes sensitive information in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0821 (Unknown vulnerability in Citrix MetaFrame Conferencing Manager 3.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0822 (Citrix Metaframe Password Manager 2.5 and earlier stores a password in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0823 (ThePoolClub (1) iPool and (2) iSnooker 1.6.81 and earlier stores ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0824 (The internal_dump function in Mathopd before 1.5p5, and 1.6x before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0825 (Buffer overflow in LTris before 1.0.10 allows local users to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0826 (OllyDbg 1.10 and earlier allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0827 (Viewcat.php in (1) RUNCMS 1.1A, (2) Ciamos 0.9.2 RC1, e-Xoops 1.05 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0828 (highlight.php in (1) RUNCMS 1.1A, (2) CIAMOS 0.9.2 RC1, (3) e-Xoops ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0829 (Cross-site scripting (XSS) vulnerability in setuser.php of the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0830 (Multiple buffer overflows in Xzabite DYNDNSUpdate 0.6.15 and earlier, ...) BUG: 84659 CVE-2005-0831 (PHP-Post allows remote attackers to spoof the names of other users by ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0832 (Cross-site scripting (XSS) vulnerability in PHP-Post before 0.33 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0833 (Belkin 54G (F5D7130) wireless router allows remote attackers to access ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0834 (Belkin 54G (F5D7130) wireless router enables SNMP by default in a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0835 (The SNMP service in the Belkin 54G (F5D7130) wireless router allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0836 (Argument injection vulnerability in Java Web Start for J2SE 1.4.2 up ...) BUG: 85804 CVE-2005-0837 (IceCast 2.20 allows remote attackers to bypass the XSL parser and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0838 (Multiple buffer overflows in the XSL parser for IceCast 2.20 may allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0839 (Linux kernel 2.6 before 2.6.11 does not restrict access to the N_MOUSE ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0840 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0841 (SQL injection vulnerability in (1) people.php, (2) track.php, (3) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0842 (Cross-site scripting (XSS) vulnerability in index.php in Kayako ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0843 (CRLF injection vulnerability in search.php in Phorum 5.0.14a allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0844 (Nortel VPN client 5.01 stores the cleartext password in the memory of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0845 (Directory traversal vulnerability in the Webmail interface in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0846 (Multiple cross-site scripting (XSS) vulnerabilities in the email ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0847 (Code Ocean FTP server 1.0 allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0848 (Multiple games developed by FUN labs, including 4X4 Off-road Adventure ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0849 (Multiple games developed by FUN labs, including 4X4 Off-road Adventure ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0850 (FileZilla FTP server before 0.9.6 allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0851 (FileZilla FTP server before 0.9.6, when using MODE Z (zlib ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0852 (Microsoft Windows XP SP1 allows local users to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0853 (betaparticle blog (bp blog) stores the database under the web root, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0854 (betaparticle blog (bp blog), posisbly before version 4, allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0855 (CoolForum 0.8.1 beta and earlier allows remote attackers to obtain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0856 (CoolForum 0.8.1 beta and earlier allows remote attackers to manipulate ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0857 (Cross-site scripting (XSS) vulnerability in avatar.php for CoolForum ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0858 (Multiple SQL injection vulnerabilities in CoolForum 0.8 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0859 (PHP remote file inclusion vulnerability in CzarNews 1.13b allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0860 (PHP remote file inclusion vulnerability in TRG News Script 3.0 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0861 (Multiple buffer overflows in DeleGate before 8.11.1 may allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0862 (Multiple PHP remote file inclusion vulnerabilities in PHPOpenChat ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0863 (Cross-site scripting (XSS) vulnerability in PHPOpenChat v3.x allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0864 (The Boa web server, as used in Samsung ADSL Modem SMDK8947v1.2 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0865 (Samsung ADSL Modem SMDK8947v1.2 uses default passwords for the (1) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0866 (cdrecord before 4:2.0, when DEBUG is enabled, allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0867 (Integer overflow in Linux kernel 2.6 allows local users to overwrite ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0868 (AS/400 Telnet 5250 terminal emulation clients, as implemented by (1) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0869 (phpSysInfo 2.3 allows remote attackers to obtain sensitive information ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0870 (Multiple cross-site scripting (XSS) vulnerabilities in phpSysInfo 2.3, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0871 (calendar_scheduler.php in Topic Calendar 1.0.1 module for phpBB, when ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0872 (Cross-site scripting (XSS) vulnerability in calendar_scheduler.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0873 (Multiple cross-site scripting (XSS) vulnerabilities in test.jsp in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0874 (Multiple buffer overflows in the (1) AIM, (2) MSN, (3) RSS, and other ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0875 (Multiple buffer overflows in the Yahoo plug-in for Trillian 2.0, 3.0, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0876 (Off-by-one buffer overflow in Dnsmasq before 2.21 may allow attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0877 (Dnsmasq before 2.21 allows remote attackers to poison the DNS cache ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0878 (Cross-site scripting (XSS) vulnerability in MercuryBoard before 1.1.3 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0879 (PHP remote file include vulnerability in (1) content.php and (2) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0880 (content.php in Vortex Portal allows remote attackers to obtain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0881 (Cross-site scripting (XSS) vulnerability in articles.newcomment for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0882 (SQL injection vulnerability in admincore.php in BirdBlog before 1.2.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0883 (Multiple cross-site scripting (XSS) vulnerabilities in base.php for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0884 (DigitalHive 2.0 allows remote attackers to re-install the product by ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0885 (Multiple cross-site scripting (XSS) vulnerabilities in XMB Forum 1.9.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0886 (Cross-site scripting (XSS) vulnerability in Invision Power Board 2.0.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0887 (Eval injection vulnerability in Double Choco Latte before 0.9.4.3 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0888 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0889 (Cross-site scripting (XSS) vulnerability in index.php for Dream4 Koobi ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0890 (SQL injection vulnerability in Dream4 Koobi CMS 4.2.3 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0891 (Double free vulnerability in gtk 2 (gtk2) before 2.2.4 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0892 (Buffer overflow in smail 3.2.0.120 allows remote attackers or local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0893 (modes.c in smail 3.2.0.120 implements signal handlers with certain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0894 (OpenmosixCollector and OpenMosixView in OpenMosixView 1.5 allow local ...) BUG: 86686 CVE-2005-0895 (Netcomm 1300NB DSL Modem allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0896 (Multiple cross-site scripting (XSS) vulnerabilities in review.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0897 (PHP remote file inclusion vulnerability in catalog.php in E-Store ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0898 (Cross-site scripting (XSS) vulnerability in downloadform.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0899 (AS/400 running OS400 5.2 installs and enables LDAP by default, which ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0900 (marks.php in NukeBookmarks 0.6 for PHP-Nuke allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0901 (Multiple cross-site scripting (XSS) vulnerabilities in NukeBookmarks ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0902 (SQL injection vulnerability in marks.php in NukeBookmarks 0.6 for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0903 (Buffer overflow in QuickTime PictureViewer 6.5.1 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0904 (Remote Desktop in Windows XP SP1 does not verify the "Force shutdown ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0905 (Maxthon 1.2.0 allows remote malicious web sites to obtain potentially ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0906 (Buffer overflow in a player logging function in the Tincat network ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0907 (Multiple SQL injection vulnerabilities in Valdersoft Shopping Cart 3.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0908 (Multiple cross-site scripting (XSS) vulnerabilities in Valdersoft ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0909 (PHP remote file inclusion vulnerability in shoutact.php for TKai's ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0910 (Multiple cross-site scripting (XSS) vulnerabilities in exoops allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0911 (Multiple SQL injection vulnerabilities in exoops may allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0912 (Unknown vulnerabilities in deplate before 0.7.2 have unknown impact, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0913 (Unknown vulnerability in the regex_replace modifier ...) BUG: 86488 CVE-2005-0914 (Multiple cross-site scripting (XSS) vulnerabilities in CPG Dragonfly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0915 (Webmasters-Debutants WD Guestbook 2.8 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0916 (AIO in the Linux kernel 2.6.11 on the PPC64 or IA64 architectures with ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0917 (PHP remote file inclusion vulnerability in index_header.php for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0918 (The NPSVG3.dll ActiveX control for Adobe SVG Viewer 3.02 and earlier, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0919 (Adventia Chat 3.1 and Server Pro 3.0 allows remote attackers to inject ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0920 (Multiple SQL injection vulnerabilities in Bugtracker.NET 2.0.1 allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0921 (Microsoft Outlook 2002 Connector for IBM Lotus Domino 2.0 allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0922 (Unknown vulnerability in the Auto-Protect module in Symantec Norton ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0923 (The SmartScan feature in the Auto-Protect module for Symantec Norton ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0924 (Cross-site scripting (XSS) vulnerability in Adventia E-Data 2.0 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0925 (Cross-site scripting (XSS) vulnerability in login.asp for Ublog Reload ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0926 (Buffer overflow in Sylpheed before 1.0.4 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0927 (Unknown vulnerability in subs.pl for WebAPP 0.9.9 through 0.9.9.2 has ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0928 (Multiple cross-site scripting (XSS) vulnerabilities in PhotoPost PHP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0929 (SQL injection vulnerability in PhotoPost PHP Pro 5.x may allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0930 (Cross-site scripting (XSS) vulnerability in message.php in Chatness ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0931 (PHP remote file inclusion vulnerability in The Includer 1.0 and 1.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0932 (Multiple SQL injection vulnerabilities in phpCOIN 1.2.1b and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0933 (Directory traversal vulnerability in auxpage.php for phpCOIN 1.2.1b ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0934 (Multiple cross-site scripting (XSS) vulnerabilities in WackoWiki R4 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0935 (Multiple SQL injection vulnerabilities in ESMI PayPal Storefront allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0936 (Cross-site scripting vulnerability in products1h.php in ESMI PayPal ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0937 (Some futex functions in futex.c for Linux kernel 2.6.x perform ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0938 (Ublog Reload 1.0 through 1.0.4 stores ublogreload.mdb under the web ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0939 RESERVED CVE-2005-0940 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0941 (The StgCompObjStream::Load function in OpenOffice.org OpenOffice 1.1.4 ...) BUG: 88863 CVE-2005-0942 (The XP Server process (xp_server) in Sybase Adaptive Server Enterprise ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0943 (Cisco VPN 3000 series Concentrator running firmware 4.1.7.A and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0944 (Unknown vulnerability in Microsoft Jet DB engine (msjet40.dll) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0945 (Cross-site scripting (XSS) vulnerability in ACS Blog 1.1.1 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0946 (SQL injection vulnerability in phpCoin 1.2.1b and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0947 (Directory traversal vulnerability in auxpage.php in phpCoin 1.2.1b and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0948 (SQL injection vulnerability in ad_click.asp for PortalApp allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0949 (Multiple cross-site scripting (XSS) vulnerabilities in content.asp in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0950 (Directory traversal vulnerability in FastStone 4in1 Browser 1.2 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0951 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0952 (Cross-site scripting vulnerability in pafiledb.php in PaFileDB 3.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0953 (Race condition in bzip2 1.0.2 and earlier allows local users to modify ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0954 (Windows Explorer and Internet Explorer in Windows 2000 SP1 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0955 (SQL injection vulnerability in InterAKT MX Shop 1.1.1 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0956 (Multiple SQL injection vulnerabilities in index.php in InterAKT MX ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0957 (Bay Technical Associates RPC-3 Telnet Host 3.05 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0958 (Format string vulnerability in the log_do function in log.c for YepYep ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0959 (Buffer overflow in the mt_do_dir function in YepYep mtftpd 0.0.3 may ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0960 (Multiple vulnerabilities in the SACK functionality in (1) tcp_input.c ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0961 (Cross-site scripting (XSS) vulnerability in Horde 3.0.4 before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0962 (SQL injection vulnerability in index.php for Lighthouse Squirrelcart ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0963 (An error in the Toshiba ACPI BIOS 1.6 causes the BIOS to only examine ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0964 (Unknown vulnerability in Kerio Personal Firewall 4.1.2 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0965 (The gaim_markup_strip_html function in Gaim 1.2.0, and possibly ...) BUG: 87903 CVE-2005-0966 (The IRC protocol plugin in Gaim 1.2.0, and possibly earlier versions, ...) BUG: 87903 CVE-2005-0967 (Gaim 1.2.0 allows remote attackers to cause a denial of service ...) BUG: 87903 CVE-2005-0968 (Computer Associates (CA) eTrust Intrusion Detection 3.0 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0969 (Heap-based buffer overflow in the syscall emulation functionality in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0970 (Mac OS X 10.3.9 and earlier allows users to install, create, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0971 (Stack-based buffer overflow in the semop system call in Mac OS X ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0972 (Integer overflow in the searchfs system call in Mac OS X 10.3.9 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0973 (Unknown vulnerability in the setsockopt system call in Mac OS X 10.3.9 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0974 (Unknown vulnerability in the nfs_mount call in Mac OS X 10.3.9 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0975 (Integer signedness error in the parse_machfile function in the mach-o ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0976 (AppleWebKit (WebCore and WebKit), as used in multiple products such as ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0977 (The shmem_nopage function in shmem.c for the tmpfs driver in Linux ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0978 (Directory traversal vulnerability in the Object Push service in IVT ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0979 (Multiple buffer overflows in RUMBA 7.3 and earlier allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0980 (PHP remote file inclusion vulnerability in index.php in AlstraSoft ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0981 (Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft EPay ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0982 (Multiple cross-site scripting (XSS) vulnerabilities in Yet Another ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0983 (Quake 3 engine, as used in multiple games, allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0984 (Buffer overflow in the G_Printf function in Star Wars Jedi Knight: ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0985 (Unspecified vulnerability in the Mac OS X kernel before 10.3.8 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0986 (NLSCCSTR.DLL in the web service in IBM Lotus Domino Server 6.5.1, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0987 (Unknown vulnerability in IRC Services NickServ LISTLINKS before 5.0.50 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0988 (Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a ...) BUG: 90626 BUG: 89946 CVE-2005-0989 (The find_replen function in jsstr.c in the Javascript engine for ...) BUG: 89305 BUG: 89303 BUG: 98855 CVE-2005-0990 (unshar (unshar.c) in sharutils 4.2.1 allows local users to overwrite ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0991 (RC.BOOT in IBM AIX 5.1, 5.2, and 5.3 does not "use a secure location ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0992 (Cross-site scripting (XSS) vulnerability in index.php in phpMyAdmin ...) BUG: 87952 CVE-2005-0993 (Buffer overflow in nwprint in SCO OpenServer 5.0.7 allows local users ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0994 (Multiple SQL injection vulnerabilities in ProductCart 2.7 allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0995 (Multiple cross-site scripting (XSS) vulnerabilities in ProductCart 2.7 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0996 (Multiple SQL injection vulnerabilities in the Downloads module for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0997 (Multiple SQL injection vulnerabilities in the Web_Links module for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0998 (The Web_Links module for PHP-Nuke 7.6 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-0999 (SQL injection vulnerability in the Top module for PHP-Nuke 6.x through ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1000 (Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 7.6 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1001 (PHP-Nuke 7.6 allows remote attackers to obtain sensitive information ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1002 (logwebftbs2000.exe in Logics Software File Transfer (LOG-FT) allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1003 (Directory traversal vulnerability in index.php for ProfitCode ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1004 (Cross-site scripting (XSS) vulnerability in usrdetails.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1005 (ProfitCode PayProCart 3.0 allows remote attackers to bypass ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1006 (Multiple cross-site scripting (XSS) vulnerabilities in SonicWALL SOHO ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1007 (Unknown vulnerability in the LIST functionality in CommuniGate Pro ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1008 (Cross-site scripting (XSS) vulnerability in posts.asp for ASP-DEv XM ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1009 (Multiple buffer overflows in BakBone NetVault 6.x and 7.x allow (1) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1010 (Cross-site scripting (XSS) vulnerability in Comersus Cart 6 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1011 (SQL injection vulnerability in content.asp in SiteEnable allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1012 (Cross-site scripting (XSS) vulnerability in Iatek SiteEnable allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1013 (The SMTP service in MailEnable Enterprise 1.04 and earlier and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1014 (Buffer overflow in the IMAP service for MailEnable Enterprise 1.04 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1015 (Buffer overflow in MailEnable Imapd (MEIMAP.exe) allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1016 (Cross-site scripting (XSS) vulnerability in links_add_form.asp for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1017 (SQL injection vulnerability in the Update_Events function in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1018 (Buffer overflow in the UniversalAgent for Computer Associates (CA) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1019 (Buffer overflow in the getConfig function in Aeon 0.2a and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1020 (Secure Shell (SSH) 2 in Cisco IOS 12.0 through 12.3 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1021 (Memory leak in Secure Shell (SSH) in Cisco IOS 12.0 through 12.3, when ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1022 (ColdFusion 6.1 Updater 1 places Java .class files under the web root ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1023 (Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.x to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1024 (modules.php in PHP-Nuke 6.x to 7.6 allows remote attackers to obtain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1025 (The FTP server in AS/400 4.3, when running in IFS mode, allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1026 (Multiple SQL injection vulnerabilities in SnailSource phpBB 2.0.x mods ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1027 (Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.x ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1028 (PHP-Nuke 6.x through 7.6 allows remote attackers to obtain sensitive ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1029 (Multiple SQL injection vulnerabilities in Active Auction House allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1030 (Multiple cross-site scripting (XSS) vulnerabilities in Active Auction ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1031 (RUNCMS 1.1A, and possibly other products based on e-Xoops (exoops), ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1032 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1033 (CubeCart 2.0.6 allows remote attackers to obtain sensitive information ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1034 (SurgeFTP 2.2m1 allows remote attackers to cause a denial of service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1035 (Multiple buffer overflows in Pavuk before 0.9.32 have unknown attack ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1036 (FreeBSD 5.x to 5.4 on AMD64 does not properly initialize the IO ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1037 (Unknown vulnerability in AIX 5.3.0, when configured as an NIS client, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1038 (crontab in Vixie cron 4.1, when running with the -e option, allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1039 (Race condition in Core Utilities (coreutils) 5.2.1, when (1) mkdir, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1040 (Multiple unknown vulnerabilities in netapplet in Novell Linux Desktop ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1041 (The fib_seq_start function in fib_hash.c in Linux kernel allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1042 (Integer overflow in the exif_process_IFD_TAG function in exif.c in PHP ...) BUG: 87517 CVE-2005-1043 (exif.c in PHP before 4.3.11 allows remote attackers to cause a denial ...) BUG: 87517 CVE-2005-1044 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1045 (OpenText FirstClass 8.0 client does not properly sanitize strings ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1046 (Buffer overflow in the kimgio library for KDE 3.4.0 allows remote ...) BUG: 88862 CVE-2005-1047 (Meilad File upload script (up.php) mod for phpBB 2.0.x does not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1048 (SQL injection vulnerability in modules.php in PostNuke 0.760 RC3 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1049 (Multiple cross-site scripting vulnerabilities in PostNuke 0.760-RC3 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1050 (The modload op in the Reviews module for PostNuke 0.760-RC3 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1051 (SQL injection vulnerability in profile.php in PunBB 1.2.4 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1052 (Microsoft Outlook 2003 and Outlook Web Access (OWA) 2003 do not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1053 (Multiple cross-site scripting (XSS) vulnerabilities in orderwiz.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1054 (PHP remote file inclusion vulnerability in news.php in ModernBill ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1055 (TowerBlog 0.6 and earlier stores the login data file under the web ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1056 (Unknown vulnerability in HP OpenView Network Node Manager (NMM) 6.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1057 (Cisco IOS 12.2T, 12.3 and 12.3T, when using Easy VPN Server XAUTH ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1058 (Cisco IOS 12.2T, 12.3 and 12.3T, when processing an ISAKMP profile ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1059 (Linksys WET11 1.5.4 allows remote attackers to change the password ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1060 (Unknown vulnerability in the TCP/IP functionality (TCPIP.NLM) in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1061 (The secure script in LogWatch before 2.6-2 allows attackers to prevent ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1062 (The administration protocol for Kerio WinRoute Firewall 6.x up to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1063 (The administration protocol for Kerio WinRoute Firewall 6.x up to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1064 (The copy_symlink function in rsnapshot 1.2.0 and 1.1.x before 1.1.7 ...) BUG: 88681 CVE-2005-1065 (tetex in Novell Linux Desktop 9 allows local users to determine the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1066 (Race condition in rpdump in Pine 4.62 and earlier allows local users ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1067 (Vulnerability in Access_user Class before 1.75 allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1068 (Cross-site scripting (XSS) vulnerability in sCssBoard 1.11 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1069 (Unknown vulnerability in sCssBoard 1.11 and earlier has unknown ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1070 (SQL injection vulnerability in index.php in Invision Power Board 1.3.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1071 (SQL injection vulnerability in banner.inc.php in JPortal Web Portal ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1072 (Cross-site scripting (XSS) vulnerability in PunBB before 1.2.5 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1073 (Directory traversal vulnerability in index.php for RadScripts RadBids ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1074 (SQL injection vulnerability in index.php for RadScripts RadBids Gold 2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1075 (Multiple cross-site scripting (XSS) vulnerabilities in RadScripts ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1076 (Cross-site scripting (XSS) vulnerability in the discussion board ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1077 (Multiple cross-site scripting (XSS) vulnerabilities in XAMPP 1.4.x ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1078 (XAMPP 1.4.x has multiple default or null passwords, which allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1079 (SQL injection vulnerability in index.php for zOOm Media Gallery 2.1.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1080 (Directory traversal vulnerability in the Java Archive Tool (Jar) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1081 (Cross-site scripting (XSS) vulnerability in view.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1082 (Multiple SQL injection vulnerabilities in AzDGDatingPlatinum 1.1.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1083 (index.php in aeDating 3.2 allows remote attackers to include arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1084 (SQL injection vulnerability in sdating.php in aeDating 3.2 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1085 (Cross-site scripting (XSS) vulnerability in the control panel in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1086 (Buffer overflow in the cmdIS.DLL plugin for AN HTTPD Server 1.42n ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1087 (CRLF injection vulnerability in the cmdIS.DLL plugin for AN HTTPD ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1088 (Unknown vulnerability in DameWare NT Utilities 4.8 and earlier, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1089 (Unknown vulnerability in DC++ before 0.674 allows attackers to append ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1090 (Directory traversal vulnerability in the readFile and writeFile API ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1091 (Maxthon 1.2.0 and 1.2.1 allows remote attackers to bypass the security ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1092 (Lightspeed DeluxeFTP 6.01 stores usernames and passwords in plaintext ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1093 (Buffer overflow in the PopUp Plus 2.0.3.8 plugin for Miranda IM, with ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1094 (FTP Now 2.6.14 stores usernames and passwords in plaintext in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1095 (Cross-site scripting (XSS) vulnerability in main.asp for Ocean12 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1096 (SQL injection vulnerability in main.asp for Ocean12 Membership Manager ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1097 (Rebrand P2P Share Spy 2.2 stores the user password in plaintext in the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1098 (GetDataBack for NTFS 2.31 stores the username and license key in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1099 (Multiple buffer overflows in the HandleChild function in server.c in ...) BUG: 88904 CVE-2005-1100 (Format string vulnerability in the ErrorLog function in cnf.c in ...) BUG: 88904 CVE-2005-1101 (Multiple buffer overflows in Lotus Domino Server 6.0.5 and 6.5.4 allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1102 (Multiple cross-site scripting (XSS) vulnerabilities in ...) BUG: 94512 BUG: 88926 CVE-2005-1103 (Sygate Security Agent (SSA) in Sygate Secure Enterprise 3.5 through ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1104 (Multiple cross-site scripting (XSS) vulnerabilities in Centra 7 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1105 (Directory traversal vulnerability in the MimeBodyPart.getFileName ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1106 (PictureViewer in QuickTime for Windows 6.5.2 allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1107 (McAfee Internet Security Suite 2005 uses insecure default ACLs for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1108 (The ij_untrusted_url function in JunkBuster 2.0.2-r2, with ...) BUG: 88537 CVE-2005-1109 (The filtering of URLs in JunkBuster before 2.0.2-r3 allows remote ...) BUG: 88537 CVE-2005-1110 (Stack-based buffer overflow in the RespondeHTTPPendiente function in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1111 (Race condition in cpio 2.6 and earlier allows local users to modify ...) BUG: 90619 CVE-2005-1112 (IBM WebSphere Application Server 6.0 and earlier, when sharing the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1113 (Multiple cross-site scripting (XSS) vulnerabilities in PhpBB Plus 1.52 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1114 (Multiple SQL injection vulnerabilities in album_search.php in Photo ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1115 (Multiple cross-site scripting (XSS) vulnerabilities in Photo Album ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1116 (Cross-site scripting (XSS) vulnerability in the Calendar module for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1117 (PHP remote file inclusion vulnerability in index.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1118 (Cross-site scripting (XSS) vulnerability in IISWebAgentIF.dll in the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1119 (Sudo VISudo 1.6.8 and earlier allows local users to corrupt arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1120 (Multiple cross-site scripting (XSS) vulnerabilities in IlohaMail ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1121 (Format string vulnerability in the my_xlog function in lib.c for Oops! ...) BUG: 91303 CVE-2005-1122 (Format string vulnerability in cgi.c for Monkey daemon (monkeyd) ...) BUG: 87916 CVE-2005-1123 (Monkey daemon (monkeyd) before 0.9.1 allows remote attackers to cause ...) BUG: 87916 CVE-2005-1124 (Unknown vulnerability in the libgss Generic Security Services Library ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1125 (Race condition in libsafe 2.0.16 and earlier, when running in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1126 (The SIOCGIFCONF ioctl (ifconf function) in FreeBSD 4.x through 4.11 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1127 (Format string vulnerability in the log function in Net::Server 0.87 ...) BUG: 142386 CVE-2005-1128 (Multiple SQL injection vulnerabilities in VHCS 2.4 and earlier allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1129 (eGroupWare 1.0.6 and earlier, when an e-mail is composed with an ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1130 (Cross-site scripting (XSS) vulnerability in index.php in Pinnacle Cart ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1131 (Unknown vulnerability in Veritas i3 Focalpoint Server 7.1 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1132 (LG U8120 mobile phone allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1133 (The POP3 server in IBM iSeries AS/400 returns different error messages ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1134 (SQL injection vulnerability in exit.php for Serendipity 0.8 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1135 (Cross-site scripting (XSS) vulnerability in search.php for Simple PHP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1136 (Simple PHP Blog (sphpBlog) 0.4.0 stores the (1) password.txt and (2) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1137 (Simple PHP Blog (sphpBlog) 0.4.0 allows remote attackers to obtain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1138 (Unknown vulnerability in WebMail in Kerio MailServer before 6.0.9 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1139 (Opera 8 Beta 3, when using first-generation vetted digital ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1140 (Cross-site scripting (XSS) vulnerability in myBloggie 2.1.1 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1141 (Integer overflow in the readpgm function in pnm.c for GOCR 0.40, when ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1142 (Heap-based buffer overflow in the readpgm function in pnm.c for GOCR ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1143 (Cross-site scripting (XSS) vulnerability in index.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1144 (popup.php in EasyPHPCalendar before 6.2.8 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1145 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1146 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1147 (calendar.pl in CalendarScript 3.20 allows remote attackers to obtain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1148 (calendar.pl in CalendarScript 3.21 allows remote attackers to obtain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1149 (SQL injection vulnerability in admin/login.asp in aspclick.it ACNews ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1150 (Unknown vulnerability in Sun Java System Web Server 6.0 SP7 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1151 (qpopper 4.0.5 and earlier does not properly drop privileges before ...) BUG: 90622 CVE-2005-1152 (popauth.c in qpopper 4.0.5 and earlier does not properly set the ...) BUG: 90622 CVE-2005-1153 (Firefox before 1.0.3 and Mozilla Suite before 1.7.7, when blocking a ...) BUG: 89305 BUG: 89303 CVE-2005-1154 (Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote ...) BUG: 89305 BUG: 89303 CVE-2005-1155 (The favicon functionality in Firefox before 1.0.3 and Mozilla Suite ...) BUG: 89305 BUG: 89303 CVE-2005-1156 (Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 ...) BUG: 89305 BUG: 89303 CVE-2005-1157 (Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1158 (Multiple "missing security checks" in Firefox before 1.0.3 allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1159 (The native implementations of InstallTrigger and other functions in ...) BUG: 89305 BUG: 89303 CVE-2005-1160 (The privileged "chrome" UI code in Firefox before 1.0.3 and Mozilla ...) BUG: 89305 BUG: 89303 CVE-2005-1161 (Multiple SQL injection vulnerabilities in OneWorldStore allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1162 (Multiple cross-site scripting (XSS) vulnerabilities in OneWorldStore ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1163 (Multiple buffer overflows in Yager 5.24 and earlier allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1164 (Yager 5.24 and earlier allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1165 (Yager 5.24 and earlier allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1166 (The DNTUS26 process in Dameware NT Utilities and the DWRCS process in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1167 (Musicmatch 10.00.2047 and earlier store log files in the Program Files ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1168 (DiagCollectionControl.dll in Musicmatch 10.00.2047 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1169 (Mafia Blog .4 BETA does not properly protect the admin directory, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1170 (SQL injection vulnerability in mod.php in the datenbank module for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1171 (Cross-site scripting (XSS) vulnerability in mod.php in the datenbank ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1172 (Cross-site scripting (XSS) vulnerability in init.inc.php in Coppermine ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1173 (Buffer overflow in PMSoftware Simple Web Server 1.0 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1174 (MIT Kerberos 5 (krb5) 1.3 through 1.4.1 Key Distribution Center (KDC) ...) BUG: 98799 CVE-2005-1175 (Heap-based buffer overflow in the Key Distribution Center (KDC) in MIT ...) BUG: 98799 CVE-2005-1176 (Race condition in JFS2 on AIX 5.2 and 5.3, when deleting a file while ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1177 (Unknown vulnerability in (1) Webmin and (2) Usermin before 1.200 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1178 (SQL injection vulnerability in Oracle Forms 10g allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1179 (Unknown vulnerability in Xerox MicroServer Web Server for various ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1180 (HTTP Response Splitting vulnerability in the Surveys module in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1181 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1182 (Unknown vulnerability in Incoming Remote Command (iSeries Access for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1183 (Cross-site scripting (XSS) vulnerability in mvnForum 1.0 RC4 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1184 (The TCP/IP stack in multiple operating systems allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1185 (Unquoted Windows search path vulnerability in Musicmatch Jukebox ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1186 (Musicmatch Jukebox 10.00.2047 and earlier adds the musicmatch.com ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1187 (Heap-based buffer overflow in WinHex 12.05 SR-14, and possibly other ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1188 (Cross-site scripting (XSS) vulnerability in comersus_searchItem.asp in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1189 (Cross-site scripting (XSS) vulnerability in WebcamXP PRO v2.16.468 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1190 (WebcamXP PRO v2.16.468 and earlier allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1191 (The Web View DLL (webvw.dll), as used in Windows Explorer on Windows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1192 (Unknown vulnerability in HP-UX B.11.00, B.11.04, B.11.11, B.11.22, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1193 (The bbencode_second_pass and make_clickable functions in bbcode.php ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1194 (Stack-based buffer overflow in the ieee_putascii function for nasm ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1195 (Multiple heap-based buffer overflows in the code used to handle (1) ...) BUG: 89277 CVE-2005-1196 (SQL injection vulnerability in kb.php in the Knowledge Base module for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1197 (SQL injection vulnerability in the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1198 (Directory traversal vulnerability in apexec.pl for Anaconda Foundation ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1199 (SQL injection vulnerability in printthread.php in UBB.Threads allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1200 (PHP remote file inclusion vulnerability in main_index.php in AZ ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1201 (Multiple directory traversal vulnerabilities in AZ Bulletin board ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1202 (Multiple cross-site scripting (XSS) vulnerabilities in eGroupware ...) BUG: 89517 CVE-2005-1203 (Multiple SQL injection vulnerabilities in index.php in eGroupware ...) BUG: 89517 CVE-2005-1204 (Desktop Rover 3.0, and possibly earlier versions, allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1205 (The Telnet client for Microsoft Windows XP, Windows Server 2003, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1206 (Buffer overflow in the Server Message Block (SMB) functionality for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1207 (Buffer overflow in the Web Client service in Microsoft Windows XP and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1208 (Integer overflow in Microsoft Windows 98, 2000, XP SP2 and earlier, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1209 RESERVED CVE-2005-1210 RESERVED CVE-2005-1211 (Buffer overflow in the PNG image rendering component of Microsoft ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1212 (Buffer overflow in Microsoft Step-by-Step Interactive Training ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1213 (Stack-based buffer overflow in the news reader for Microsoft Outlook ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1214 (Microsoft Agent allows remote attackers to spoof trusted Internet ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1215 (Microsoft ISA Server 2000 allows remote attackers to poison the ISA ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1216 (Microsoft ISA Server 2000 allows remote attackers to connect to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1217 RESERVED CVE-2005-1218 (The Microsoft Windows kernel in Microsoft Windows 2000 Server, Windows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1219 (Buffer overflow in the Microsoft Color Management Module for Windows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1220 (Shoutbox SCRIPT 3.0.2 and earlier allows remote attackers to obtain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1221 (SQL injection vulnerability in login.asp for Ecommerce-Carts EcommPro ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1222 (cat_for_gen.php in Annuaire Netref 4.2 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1223 (Multiple SQL injection vulnerabilities in Ocean12 Calendar manager ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1224 (Multiple SQL injection vulnerabilities in DUware DUportal Pro 3.4 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1225 (SQL injection vulnerability in Coppermine Photo Gallery 1.3.2 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1226 (Coppermine Photo Gallery 1.3.2 stores passwords in plaintext, which ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1227 (Cross-site scripting (XSS) vulnerability in PHProjekt 4.2 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1228 (Directory traversal vulnerability in gunzip -N in gzip 1.2.4 through ...) BUG: 90626 BUG: 89946 CVE-2005-1229 (Directory traversal vulnerability in cpio 2.6 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1230 (Directory traversal vulnerability in Yawcam 0.2.5 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1231 (Cross-site scripting (XSS) vulnerability in the NewTerm function in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1232 (Buffer overflow in Sun Java System Web Proxy Server (aka Sun ONE Proxy ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1233 (Cross-site scripting (XSS) vulnerability in index.php in PHP Labs ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1234 (Multiple SQL injection vulnerabilities in phpbb-Auction allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1235 (auction_my_auctions.php in phpbb-Auction 1.2m and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1236 (Multiple SQL injection vulnerabilities in DUware DUportal 3.1.2 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1237 (SQL injection vulnerability in news.php in FlexPHPNews 0.0.3 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1238 (By design, the built-in FTP server for iSeries AS/400 systems does not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1239 (Directory traversal vulnerability in the third party tool from ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1240 (Directory traversal vulnerability in the third party tool from ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1241 (Directory traversal vulnerability in the third party tool from ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1242 (Directory traversal vulnerability in the third party tool from Bsafe, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1243 (Directory traversal vulnerability in the third party tool from ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1244 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1245 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.2, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1246 (Format string vulnerability in the snmppd_log function in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1247 (webadmin.exe in Novell Nsure Audit 1.0.1 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1248 (Buffer overflow in Apple iTunes before 4.8 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1249 (The IMAP daemon (IMAPD32.EXE) in Ipswitch Collaboration Suite (ICS) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1250 (SQL injection vulnerability in the logon screen of the web front end ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1251 RESERVED CVE-2005-1252 (Directory traversal vulnerability in the Web Calendaring server in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1253 RESERVED CVE-2005-1254 (Stack-based buffer overflow in the IMAP server for Ipswitch IMail 8.12 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1255 (Multiple stack-based buffer overflows in the IMAP server in IMail 8.12 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1256 (Stack-based buffer overflow in the IMAP daemon (IMAPD32.EXE) in IMail ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1257 RESERVED CVE-2005-1258 RESERVED CVE-2005-1259 RESERVED CVE-2005-1260 (bzip2 allows remote attackers to cause a denial of service (hard drive ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1261 (Stack-based buffer overflow in the URL parsing function in Gaim before ...) BUG: 91862 CVE-2005-1262 (Gaim 1.2.1 and earlier allows remote attackers to cause a denial of ...) BUG: 91862 CVE-2005-1263 (The elf_core_dump function in binfmt_elf.c for Linux kernel 2.x.x to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1264 (Raw character devices (raw.c) in the Linux kernel 2.6.x call the wrong ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1265 (The mmap function in the Linux Kernel 2.6.10 can be used to create ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1266 (Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to ...) BUG: 96776 BUG: 95492 BUG: 94722 CVE-2005-1267 (The bgp_update_print function in tcpdump 3.x does not properly handle ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1268 (Off-by-one error in the mod_ssl Certificate Revocation List (CRL) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1269 (Gaim before 1.3.1 allows remote attackers to cause a denial of service ...) BUG: 95347 CVE-2005-1270 (The (1) check_update.sh and (2) rkhunter script in Rootkit Hunter ...) BUG: 90007 CVE-2005-1271 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1272 (Stack-based buffer overflow in the Backup Agent for Microsoft SQL ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1273 RESERVED CVE-2005-1274 (Stack-based buffer overflow in the getIfHeader function in the WebDAV ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1275 (Heap-based buffer overflow in the ReadPNMImage function in pnm.c for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1276 RESERVED CVE-2005-1277 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1278 (The isis_print function, as called by isoclns_print, in tcpdump 3.9.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1279 (tcpdump 3.8.3 and earlier allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1280 (The rsvp_print function in tcpdump 3.9.1 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1281 (Ethereal 0.10.10 and earlier allows remote attackers to cause a denial ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1282 (Multiple cross-site scripting (XSS) vulnerabilities in Argosoft Mail ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1283 (Multiple directory traversal vulnerabilities in Argosoft Mail Server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1284 (The addnew script in Argosoft Mail Server Pro 1.8.7.6 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1285 (Cross-site scripting (XSS) vulnerability in thread.php in WoltLab ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1286 (Unquoted Windows search path vulnerability in BitDefender 8 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1287 (Multiple SQL injection vulnerabilities in BK Forum 4.0 allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1288 (inc_login_check.asp ACS Blog 0.8 through 1.1.3 allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1289 (index.cgi in E-Cart 2004 1.1 and earlier allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1290 (Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.14 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1291 (Multiple SQL injection vulnerabilities in CartWIZ ASP Cart allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1292 (Multiple cross-site scripting (XSS) vulnerabilities in CartWIZ ASP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1293 (Multiple SQL injection vulnerabilities in default.asp in StorePortal ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1294 (The affix_sock_register in the Affix Bluetooth Protocol Stack for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1295 (include.cgi script allows remote attackers to read arbitrary files via ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1296 (include.cgi script allows remote attackers to execute arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1297 (Cross-site scripting (XSS) vulnerability in the include.cgi script ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1298 (The inserter.cgi script allows remote attackers to read arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1299 (The inserter.cgi script allows remote attackers to execute arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1300 (Cross-site scripting (XSS) vulnerability in the inserter.cgi script ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1301 (nProtect:Netizen 2005.3.17.1 does not properly verify that the update ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1302 (SQL injection vulnerability in Confixx 3.08 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1303 (The citat.pl script allows remote attackers to read arbitrary files ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1304 (The citat.pl script allows remote attackers to execute arbitrary files ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1305 (The hyper.cgi script allows remote attackers to read arbitrary files ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1306 (The Adobe Reader control in Adobe Reader and Acrobat 7.0 and 7.0.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1307 (The (1) stopserver.sh and (2) startserver.sh scripts in Adobe Version ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1308 (SqWebMail allows remote attackers to inject arbitrary web script or ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1309 (Cross-site scripting (XSS) vulnerability in bBlog 0.7.4 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1310 (SQL injection vulnerability in bBlog 0.7.4 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1311 (Cross-site scripting (XSS) vulnerability in Yappa-NG before 2.3.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1312 (PHP remote file inclusion vulnerability in Yappa-NG before 2.3.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1313 (Cross-site scripting (XSS) vulnerability in Horde Passwd module before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1314 (Cross-site scripting (XSS) vulnerability in Horde Kronolith module ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1315 (Cross-site scripting (XSS) vulnerability in Horde Turba module before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1316 (Cross-site scripting (XSS) vulnerability in Horde Accounts module ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1317 (Cross-site scripting (XSS) vulnerability in Horde Chora module before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1318 (Cross-site scripting (XSS) vulnerability in Horde Forwards E-Mail ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1319 (Cross-site scripting (XSS) vulnerability in Horde IMP Webmail client ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1320 (Cross-site scripting (XSS) vulnerability in Horde Mnemo Note Manager ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1321 (Cross-site scripting (XSS) vulnerability in Horde Vacation module ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1322 (Cross-site scripting (XSS) vulnerability in Horde Nag Task List ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1323 (Buffer overflow in NetFtpd for NetTerm 5.1.1 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1324 (Multiple cross-site scripting (XSS) vulnerabilities in index.php for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1325 (set_lang.php in phpMyVisites 1.3 allows remote attackers to read and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1326 (Buffer overflow in VooDoo cIRCle BOTNET before 1.0.33 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1327 (Cross-site scripting (XSS) vulnerability in pms.php for Woltlab ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1328 (OneWorldStore allows remote attackers to cause a denial of service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1329 (owOfflineCC.asp in OneWorldStore allows remote attackers to obtain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1330 (AppKit in Mac OS X 10.3.9 allows attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1331 (The AppleScript Editor in Mac OS X 10.3.9 does not properly display ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1332 (Bluetooth-enabled systems in Mac OS X 10.3.9 enables the Bluetooth ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1333 (Directory traversal vulnerability in the Bluetooth file and object ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1334 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1335 (Unknown vulnerability in Mac OS X 10.3.9 allows local users to gain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1336 (Buffer overflow in the Foundation framework for Mac OS X 10.3.9 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1337 (Apple Help Viewer 2.0.7 and 3.0.0 in Mac OS X 10.3.9 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1338 (Mac OS X 10.3.9, when using an LDAP server that does not use ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1339 (lukemftpd in Mac OS X 10.3.9 allows remote authenticated users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1340 (The HTTP proxy service in Server Admin for Mac OS X 10.3.9 does not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1341 (Apple Terminal 1.4.4 allows attackers to execute arbitrary commands ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1342 (The x-man-page: URI handler for Apple Terminal 1.4.4 in Mac OS X ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1343 (Stack-based buffer overflow in the VPN daemon (vpnd) for Mac OS X ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1344 (Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1345 (Squid 2.5.STABLE9 and earlier does not trigger a fatal error when it ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1346 (Multiple Symantec AntiVirus products, including Norton AntiVirus 2005 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1347 (** UNVERIFIABLE ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1348 (Buffer overflow in HTTPMail in MailEnable Enterprise 1.04 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1349 (Buffer overflow in Convert-UUlib (Convert::UUlib) before 1.051 allows ...) BUG: 89501 CVE-2005-1350 (The ad.cgi script allows remote attackers to read arbitrary files via ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1351 (The ad.cgi script allows remote attackers to execute arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1352 (Cross-site scripting (XSS) vulnerability in the ad.cgi script allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1353 (The forum.pl script allows remote attackers to read arbitrary files ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1354 (The forum.pl script allows remote attackers to execute arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1355 (includer.cgi in The Includer allows remote attackers to read arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1356 (Cross-site scripting (XSS) vulnerability in includer.cgi script in The ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1357 (text.cgi script allows remote attackers to read arbitrary files via a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1358 (text.cgi script allows remote attackers to execute arbitrary commands ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1359 (Cross-site scripting (XSS) vulnerability in text.cgi script allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1360 (PHP remote file inclusion vulnerability in error.php in GrayCMS 1.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1361 (Multiple SQL injection vulnerabilities in MetaCart e-Shop 8.0 allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1362 (Multiple SQL injection vulnerabilities in MetaCart 2.0 for Paypal ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1363 (Multiple SQL injection vulnerabilities in MetaCart 2.0 for PayFlow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1364 (Multiple SQL injection vulnerabilities in MetaBid Auctions allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1365 (Pico Server (pServ) 3.2 and earlier allows remote attackers to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1366 (Pico Server (pServ) 3.2 and earlier allows remote attackers to obtain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1367 (Pico Server (pServ) 3.2 and earlier allows local users to read ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1368 (The key_user_lookup function in security/keys/key.c in Linux kernel ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1369 (The (1) it87 and (2) via686a drivers in I2C for Linux 2.6.x before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1370 (Unknown vulnerability in Radia Management Agent (RMA) in HP OpenView ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1371 (BPFTPServer service in BulletProof FTP Server 2.4.0.31 does not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1372 (nvstatsmngr.exe process in BakBone NetVault 7.1 does not properly drop ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1373 (Multiple SQL injection vulnerabilities in index.php in Dream4 Koobi ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1374 (Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.5.3 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1375 (Multiple SQL injection vulnerabilities in Claroline 1.5.3 through 1.6 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1376 (Multiple directory traversal vulnerabilities in (1) document.php or ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1377 (Multiple PHP remote file inclusion vulnerabilities in Claroline 1.5.3 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1378 (SQL injection vulnerability in posting_notes.php in the notes module ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1379 (The LAM runtime environment package (lam-runtime-7.0.6-2mdk) on ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1380 (Cross-site scripting (XSS) vulnerability in BEA Admin Console 8.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1381 (Multiple cross-site scripting (XSS) vulnerabilities in Oracle Webcache ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1382 (The webcacheadmin module in Oracle Webcache 9i allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1383 (The OHS component 1.0.2 through 10.x, when UseWebcacheIP is disabled, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1384 (Multiple SQL injection vulnerabilities in phpCoin 1.2.2 allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1385 (Safari 1.3 allows remote attackers to cause a denial of service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1386 (PHP-Nuke 7.6 and earlier allows remote attackers to obtain sensitive ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1387 (Cocktail 3.5.4 and possibly earlier in Mac OS X passes the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1388 (Cross-site scripting (XSS) vulnerability in SURVIVOR before 0.9.6 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1389 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1390 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1391 (Buffer overflow in the add_port function in APSIS Pound 1.8.2 and ...) BUG: 90851 CVE-2005-1392 (The SQL install script in phpMyAdmin 2.6.2 is created with ...) BUG: 88831 CVE-2005-1393 (Multiple buffer overflows in ArcGIS for ESRI ArcInfo Workstation 9.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1394 (Format string vulnerability in ArcGIS for ESRI ArcInfo Workstation 9.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1395 (Buffer overflow in Ce/Ceterm (aka ARPUS/Ce) 2.5.4 and earlier may ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1396 (Race condition in Ce/Ceterm (aka ARPUS/Ce) 2.5.4 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1397 (SQL injection vulnerability in search.php for PHP-Calendar before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1398 (phpcart.php in PHPCart 3.2 allows remote attackers to change product ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1399 (FreeBSD 4.6 to 4.11 and 5.x to 5.4 uses insecure default permissions ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1400 (The i386_get_ldt system call in FreeBSD 4.7 to 4.11 and 5.x to 5.4 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1401 (Format string vulnerability in the client for Mtp-Target 1.2.2 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1402 (Integer signedness error in certain older versions of the NeL library, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1403 (Multiple cross-site scripting (XSS) vulnerabilities in JustWilliam's ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1404 (MyPHP Forum 1.0 allows remote attackers to spoof the username by ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1405 (HTTP response splitting vulnerability in the @SetHTTPHeader function ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1406 (The kernel in FreeBSD 4.x to 4.11 and 5.x to 5.4 does not properly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1407 (Skype for Windows 1.2.0.0 to 1.2.0.46 allows local users to bypass the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1408 (Apple Keynote 2.0 and 2.0.1 allows remote attackers to read arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1409 (PostgreSQL 7.3.x through 8.0.x gives public EXECUTE access to certain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1410 (The tsearch2 module in PostgreSQL 7.4 through 8.0.x declares the (1) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1411 (Cybration ICUII 7.0 stores passwords in plaintext in the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1412 (SQL injection vulnerability in verify.asp for Ecomm Professional ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1413 (Multiple SQL injection vulnerabilities in enVivo!CMS allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1414 (ExoticSoft FilePocket 1.2 stores sensitive proxy information, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1415 (Buffer overflow in GlobalSCAPE Secure FTP Server 3.0.2 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1416 (Directory traversal vulnerability in 04WebServer 1.81 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1417 (Multiple SQL injection vulnerabilities in MaxWebPortal 2.x, 1.35, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1418 (NetLeaf Limited NotJustBrowsing 1.0.3 stores the View Lock Password in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1419 (SQL injection vulnerability in the admin login panel for Ocean12 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1420 (Raysoft/Raybase Video Cam Server 1.0.0 beta allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1421 (Directory traversal vulnerability in Raysoft/Raybase Video Cam Server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1422 (Raysoft/Raybase Video Cam Server 1.0.0 beta allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1423 (Directory traversal vulnerability in the mail program in 602LAN SUITE ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1424 (StumbleInside GoText 1.01 stores sensitive username, mail address,and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1425 (Uapplication Uguestbook 1.0 stores sensitive information under the web ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1426 (Uapplication Ublog Reload stores sensitive information under the web ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1427 (Uapplication Uphotogallery stores the database under the web document ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1428 (edit_image.asp in Uapplication Uphotogallery allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1429 (SQL injection vulnerability in login.asp in WWWguestbook 1.1 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1430 (Mac OS X 10.3.x and earlier uses insecure permissions for a pseudo ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1431 (The "record packet parsing" in GnuTLS 1.2 before 1.2.3 and 1.0 before ...) BUG: 90726 CVE-2005-1432 RESERVED CVE-2005-1433 (Multiple unknown vulnjerabilities HP OpenView Event Correlation ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1434 (Multiple unknown vulnerabilities in OpenView Network Node Manager (OV ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1435 (Open WebMail (OWM) before 2.51 20050430 allows remote authenticated ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1436 (Multiple cross-site scripting (XSS) vulnerabilities in osTicket allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1437 (Multiple SQL injection vulnerabilities in osTicket allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1438 (PHP remote file inclusion vulnerability in main.php in osTicket allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1439 (Directory traversal vulnerability in attachments.php in osTicket ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1440 (Multiple cross-site scripting (XSS) vulnerabilities in ViArt Shop ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1441 (Format string vulnerability in Lotus Domino 6.0.x before 6.0.5 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1442 (Buffer overflow in the Lotus Notes client for Domino 6.5 before 6.5.4 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1443 (Multiple cross-site scripting (XSS) vulnerabilities in index.php for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1444 (Multiple cross-site scripting (XSS) vulnerabilities in SitePanel 2.6.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1445 (Multiple directory traversal vulnerabilities in SitePanel 2.6.1 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1446 (SitePanel 2.6.1 and earlier (SitePanel2) allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1447 (PHP remote file inclusion vulnerability in main.php in SitePanel 2.6.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1448 (Cross-site scripting (XSS) vulnerability in the BBCode plugin for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1449 (Unknown vulnerability in serendipity_config_local.inc.php for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1450 (Unknown vulnerability in "the function used to validate path-names for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1451 (The media manager in Serendipity before 0.8 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1452 (Serendipity before 0.8 allows Chief users to "hide plugins installed ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1453 (fetchnews in leafnode 1.9.48 to 1.11.1 allows remote NNTP servers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1454 (SQL injection vulnerability in the radius_xlat function in the SQL ...) BUG: 91736 CVE-2005-1455 (Buffer overflow in the sql_escape_func function in the SQL module for ...) BUG: 91736 CVE-2005-1456 (Multiple unknown vulnerabilities in the (1) DHCP and (2) Telnet ...) BUG: 90539 CVE-2005-1457 (Multiple unknown vulnerabilities in the (1) AIM, (2) LDAP, (3) ...) BUG: 90539 CVE-2005-1458 (Multiple unknown "other problems" in the KINK dissector in Ethereal ...) BUG: 90539 CVE-2005-1459 (Multiple unknown vulnerabilities in the (1) WSP, (2) BER, (3) SMB, (4) ...) BUG: 90539 CVE-2005-1460 (Multiple unknown dissectors in Ethereal before 0.10.11 allow remote ...) BUG: 90539 CVE-2005-1461 (Multiple buffer overflows in the (1) SIP, (2) CMIP, (3) CMP, (4) CMS, ...) BUG: 90539 CVE-2005-1462 (Double free vulnerability in the ICEP dissector in Ethereal before ...) BUG: 90539 CVE-2005-1463 (Multiple format string vulnerabilities in the (1) DHCP and (2) ANSI A ...) BUG: 90539 CVE-2005-1464 (Multiple unknown vulnerabilities in the (1) KINK, (2) L2TP, (3) MGCP, ...) BUG: 90539 CVE-2005-1465 (Unknown vulnerability in the NCP dissector in Ethereal before 0.10.11 ...) BUG: 90539 CVE-2005-1466 (Unknown vulnerability in the DICOM dissector in Ethereal before ...) BUG: 90539 CVE-2005-1467 (Unknown vulnerability in the NDPS dissector in Ethereal before 0.10.11 ...) BUG: 90539 CVE-2005-1468 (Multiple unknown vulnerabilities in the (1) WSP, (2) Q.931, (3) H.245, ...) BUG: 90539 CVE-2005-1469 (Unknown vulnerability in the GSM dissector in Ethereal before 0.10.11 ...) BUG: 90539 CVE-2005-1470 (Multiple unknown vulnerabilities in the (1) TZSP, (2) MGCP, (3) ISUP, ...) BUG: 90539 CVE-2005-1471 (Heap-based buffer overflow in RSA SecurID Web Agent 5, 5.2, and 5.3 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1472 (Certain system calls in Apple Mac OS X 10.4.1 do not properly enforce ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1473 (SecurityAgent in Apple Mac OS X 10.4.1 allows attackers with physical ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1474 (Dashboard in Apple Mac OS X 10.4.1 allows remote attackers to install ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1475 (The XMLHttpRequest object in Opera 8.0 Final Build 1095 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1476 (Firefox 1.0.3 allows remote attackers to execute arbitrary Javascript ...) BUG: 92394 BUG: 92393 BUG: 91859 CVE-2005-1477 (The install function in Firefox 1.0.3 allows remote web sites on the ...) BUG: 92394 BUG: 92393 BUG: 91859 CVE-2005-1478 (Format string vulnerability in dSMTP (dsmtp.exe) in DMail 3.1a allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1479 (SQL injection vulnerability in jgs_portal.php in JGS-Portal 3.0.1 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1480 (Directory traversal vulnerability in RaidenFTPD before 2.4.2241 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1481 (Multiple SQL injection vulnerabilities in Aaron Outpost ASP Inline ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1482 (ArticleLive 2005 allows remote attackers to gain privileges by ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1483 (Multiple cross-site scripting (XSS) vulnerabilities in ArticleLive ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1484 (Directory traversal vulnerability in Golden FTP server pro 2.52 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1485 (Golden FTP Server Pro allows 2.52 allows remote attackers to obtain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1486 (Multiple cross-site scripting vulnerabilities in FishCart 3.1 allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1487 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1488 (Multiple cross-site scripting (XSS) vulnerabilities in Merak Mail ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1489 (Unknown vulnerability in Merak Mail Server 8.0.3 with Icewarp Web Mail ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1490 (Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2, when the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1491 (Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1492 (Cross-site scripting (XSS) vulnerability in user.cgi in Gossamer ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1493 (Directory traversal vulnerability in SimpleCam 1.2 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1494 (Multiple cross-site scripting (XSS) vulnerabilities in admin.cgi in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1495 (Oracle Database 9i and 10g disables Fine Grained Audit (FGA) after the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1496 (The DBMS_Scheduler in Oracle 10g allows remote attackers with CREATE ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1497 (index.php in myBloggie 2.1.1 allows remote attackers to obtain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1498 (Multiple cross-site scripting (XSS) vulnerabilities in myBloggie 2.1.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1499 (delcomment.php in myBloggie 2.1.1 allows remote attackers to delete ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1500 (Multiple SQL injection vulnerabilities in myBloggie 2.1.1 allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1501 (MidiCart PHP Shopping Cart allows remote attackers to obtain sensitive ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1502 (Cross-site scripting (XSS) vulnerability in MidiCart PHP Shopping Cart ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1503 (Multiple SQL injection vulnerabilities in MidiCart PHP Shopping Cart ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1504 (GameSpy SDK CD-Key Validation Toolkit, as used by many online games, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1505 (The new account wizard in Mail.app 2.0 in Mac OS 10.4, when ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1506 (SQL injection vulnerability in out.php in CJ Ultra (CJUltra) Plus ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1507 (Buffer overflow in the Tomcat plugin in 4d WebSTAR 5.33 and 5.4 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1508 (Multiple cross-site scripting (XSS) vulnerabilities in PwsPHP 1.2.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1509 (SQL injection vulnerability in profil.php in PwsPHP 1.2.2 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1510 (PwsPHP 1.2.2 allows remote attackers to obtain sensitive information ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1511 (PwsPHP 1.2.2 allows remote attackers to bypass authentication and post ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1512 (The Admin panel in PwsPHP 1.2.2 does not properly verify uploaded ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1513 (Integer overflow in the stralloc_readyplus function in qmail, when ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1514 (commands.c in qmail, when running on 64 bit platforms with a large ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1515 (Integer signedness error in the qmail_put and substdio_put functions ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1516 (DList (dlist.exe) in DMail 3.1a allows remote attackers to bypass ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1517 (Unknown vulnerability in Cisco Firewall Services Module (FWSM) 2.3.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1518 (Unknown vulnerability in Solaris 7 through 9, when using Federated ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1519 (Squid 2.5 STABLE9 and earlier, when the DNS client port is unfiltered ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1520 (Buffer overflow in the header_get_field_name function in header.c for ...) BUG: 94053 CVE-2005-1521 (Integer overflow in the fetch_io function of the imap4d server in GNU ...) BUG: 94053 CVE-2005-1522 (The imap4d server for GNU Mailutils 0.5 and 0.6, and other versions ...) BUG: 94053 CVE-2005-1523 (Format string vulnerability in imap4d server in GNU Mailutils 0.5 and ...) BUG: 94053 CVE-2005-1524 (PHP file inclusion vulnerability in top_graph_header.php in Cacti ...) BUG: 97475 BUG: 96243 CVE-2005-1525 (SQL injection vulnerability in config_settings.php for Cacti before ...) BUG: 97475 BUG: 96243 CVE-2005-1526 (PHP remote file inclusion vulnerability in config_settings.php in ...) BUG: 97475 BUG: 96243 CVE-2005-1527 (Eval injection vulnerability in awstats.pl in AWStats 6.4 and earlier, ...) BUG: 102145 CVE-2005-1528 (Untrusted search path vulnerability in the crttrap command in QNX ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1529 RESERVED CVE-2005-1530 (Sophos Anti-Virus 5.0.1, with "Scan inside archive files" enabled, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1531 (Firefox before 1.0.4 and Mozilla Suite before 1.7.8 does not properly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1532 (Firefox before 1.0.4 and Mozilla Suite before 1.7.8 do not properly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1533 RESERVED CVE-2005-1534 RESERVED CVE-2005-1535 RESERVED CVE-2005-1536 RESERVED CVE-2005-1537 RESERVED CVE-2005-1538 RESERVED CVE-2005-1539 RESERVED CVE-2005-1540 RESERVED CVE-2005-1541 RESERVED CVE-2005-1542 RESERVED CVE-2005-1543 (Multiple stack-based and heap-based buffer overflows in Remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1544 (Stack-based buffer overflow in libTIFF before 3.7.2 allows remote ...) BUG: 91584 CVE-2005-1545 (Integer overflow in the ELF parser in HT Editor before 0.8.0 allows ...) BUG: 91569 CVE-2005-1546 (Buffer overflow in the PE parser in HT Editor before 0.8.0 allows ...) BUG: 91569 CVE-2005-1547 (Heap-based buffer overflow in the demo version of Bakbone Netvault, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1548 (SQL injection vulnerability in index.php in Advanced Guestbook 2.3.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1549 (Directory traversal vulnerability in easymsgb.pl in Easy Message Board ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1550 (easymsgb.pl in Easy Message Board allows remote attackers to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1551 (Sophos Anti-Virus 3.93 does not check downloaded files for viruses ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1552 (GeoVision Digital Video Surveillance System 6.04, 6.1 and 7.0, when ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1553 (GeoVision Digital Video Surveillance System 6.04, 6.1 and 7.0 uses a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1554 (SQL injection vulnerability in view_user.php in WowBB 1.6, 1.61, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1555 (Cross-site scripting (XSS) vulnerability in the JRun Web Server in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1556 (Gamespy cd-key validation system allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1557 (Multiple cross-site scripting (XSS) vulnerabilities in WebApp ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1558 (The web module in Neteyes Nexusway allows remote attackers to bypass ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1559 (The web module in Neteyes Nexusway allows remote attackers to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1560 (The SSH module in Neteyes Nexusway allows remote attackers to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1561 (Multiple cross-site scripting (XSS) vulnerabilities in post.asp in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1562 (Multiple SQL injection vulnerabilities in MaxWebPortal 1.3.5 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1563 (Bugzilla 2.10 through 2.18, 2.19.1, and 2.19.2 displays a different ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1564 (post_bug.cgi in Bugzilla 2.10 through 2.18, 2.19.1, and 2.19.2 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1565 (Bugzilla 2.17.1 through 2.18, 2.19.1, and 2.19.2, when a user is ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1566 (Acrowave AAP-3100AR wireless router allows remote attackers to bypass ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1567 (SQL injection vulnerability in topic.php in DirectTopics 2.1 and 2.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1568 (topic.php in DirectTopics 2.1 and 2.2 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1569 (Cross-site scripting (XSS) vulnerability in DirectTopics 2.1 and 2.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1570 (forum.asp in bttlxeForum 2.0 allows remote attackers to obtain full ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1571 (Multiple directory traversal vulnerabilities in ShowOff! 1.5.4 allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1572 (ShowOff! 1.5.4 allows remote attackers to cause a denial of service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1573 (SQL injection vulnerability in admin_login.asp for ASP Virtual News ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1574 (Windows Media Player 9 and 10, in certain cases, allows content ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1575 (The file download dialog in Mozilla Firefox 0.10.1 and 1.0 for Windows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1576 (The file download dialog in Mozilla Firefox 0.10.1 and 1.0 for Windows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1577 (APG Technology ClassMaster does not properly restrict access to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1578 (EnCase Forensic Edition 4.18a does not support Device Configuration ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1579 (Apple QuickTime Player 7.0 on Mac OS X 10.4 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1580 (users.ini.php in BoastMachine 3.0 does not properly restrict the types ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1581 (Cross-site scripting (XSS) vulnerability in Bug Report 1.0 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1582 (Cross-site scripting (XSS) vulnerability in index.php for 1Two News ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1583 (1Two News 1.0 allows remote attackers to (1) delete images for new ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1584 (Cross-site scripting (XSS) vulnerability in index.php for Quick.Forum ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1585 (Multiple SQL injection vulnerabilities in Quick.Forum 2.1.6 allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1586 (Quick.Forum 2.1.6 stores potentially sensitive information such as ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1587 (Cross-site scripting (XSS) vulnerability in index.php for Quick.cart ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1588 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1589 (The pkt_ioctl function in the pktcdvd block device ioctl handler ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1590 (The Altiris Client Service for Windows (ACLIENT.EXE) 6.0.88 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1591 (Unknown vulnerability in NIS+ on Solaris 7, 8, and 9 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1592 (Multiple "javascript vulerabilities in BB code" in BirdBlog before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1593 (Cross-site scripting (XSS) vulnerability in catalog.php for CodeThat ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1594 (SQL injection vulnerability in catalog.php for CodeThat ShoppingCart ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1595 (CodeThat ShoppingCart 1.3.1 stores config.ini under the web root, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1596 (index.php in Fusion SBX 1.2 and earlier does not properly use the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1597 (Cross-site scripting (XSS) vulnerability in (1) search.php and (2) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1598 (SQL injection vulnerability in Invision Power Board (IPB) 2.0.3 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1599 (Cross-site scripting (XSS) vulnerability in Kryloff Technologies ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1600 (A "mathematical flaw" in the implementation of the El Gamal signature ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1601 (MRO Maximo Self Service 4 and 5 stores certain information under the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1602 (SQL injection vulnerability in login.asp for Net56 Browser Based File ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1603 (NiteEnterprises Remote File Manager 1.0 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1604 (PHP Advanced Transfer Manager (phpATM) 1.21 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1605 (Cross-site scripting (XSS) vulnerability in the guestbook for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1606 (H-Sphere Winbox 2.4.2 and 2.4.3 RC1 stores sensitive information such ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1607 (Cross-site scripting (XSS) vulnerability in shop.cgi in Remote Cart ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1608 (Multiple unknown vulnerabilities in the Blocks module in Spidean ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1609 (Unknown vulnerability in Sun StorEdge 6130 Arrays (SE6130) with serial ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1610 (Cross-site scripting (XSS) vulnerability in security.php for Tru-Zone ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1611 (Cross-site scripting (XSS) vulnerability in WebX in Web Crossing 5.x ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1612 (SQL injection vulnerability in read.php in Open Bulletin Board ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1613 (Cross-site scripting (XSS) vulnerability in member.php in Open ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1614 (Cross-site scripting (XSS) vulnerability in viewforum.php in Ultimate ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1615 (viewforum.php in Ultimate PHP Board (UPB) 1.8 through 1.9.6 may allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1616 (viewforum.php in Ultimate PHP Board (UPB) 1.8 through 1.9.6 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1617 (Willings WebCam and WebCam Lite 2.8 and earlier stores the password in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1618 (The YMSGR URL handler in Yahoo! Messenger 5.x through 6.0 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1619 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1620 (Cross-site scripting (XSS) vulnerability in Skull-Splitter Guestbook ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1621 (Directory traversal vulnerability in the pnModFunc function in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1622 (Cross-site scripting (XSS) vulnerability in productsByCategory.asp in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1623 RESERVED CVE-2005-1624 RESERVED CVE-2005-1625 (Stack-based buffer overflow in the UnixAppOpenFilePerform function in ...) BUG: 98101 CVE-2005-1626 (Multiple buffer overflows in handlers.c for Pico Server (pServ) before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1627 (Unknown vulnerability in Viewglob before 2.0.1, related to "a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1628 (apage.cgi in WebAPP 0.9.9.2.1, and possibly earlier versions, allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1629 (SQL injection vulnerability in member.php for Photopost PHP Pro allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1630 (Unknown vulnerability in Attachment Mod before 2.3.13, related to a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1631 (booby.php in Booby 1.0.0 and earlier allows remote attackers to view ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1632 (Cheetah 0.9.15 and 0.9.16 searches the /tmp directory for modules ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1633 (Multiple SQL injection vulnerabilities in JGS-XA JGS-Portal 3.0.2 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1634 (Multiple cross-site scripting (XSS) vulnerabilities in JGS-XA ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1635 (JGS-XA JGS-Portal 3.0.2 and earlier allows remote attackers to obtain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1636 (mysql_install_db in MySQL 4.1.x before 4.1.12 and 5.x up to 5.0.4 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1637 (Multiple SQL injection vulnerabilities in NPDS 4.8 and 5.0 allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1638 (The _writeAttrs function in SafeHTML before 1.3.2 does not properly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1639 (SQL injection vulnerability in Sigmaweb.DLL in Sigma ISP Manager 6.6 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1640 (mod_channel.bas in The Ignition Project ignitionServer 0.3.0 to 0.3.6, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1641 (mod_channel in The Ignition Project ignitionServer 0.3.0 to 0.3.6, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1642 (SQL injection vulnerability in the verify_email function in Woltlab ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1643 (The ZCom_BitStream::Deserialize function in Zoidcom 1.0 beta 4 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1644 (Cross-site scripting (XSS) vulnerability in guestbook.php for 1Two ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1645 (Keyvan1 ImageGallery stores the image.mdb database under the web ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1646 (The default installation of Fastream NETFile FTP/Web Server 7.4.6, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1647 (Gurgens (GASoft) Guest Book 2.1 stores the db/Genid.dat database file ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1648 (Gurgens (GASoft) Ultimate Forum 1.0 stores the db/Genid.dat database ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1649 (The IPv6 support in Windows XP SP2, 2003 Server SP1, and Longhorn, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1650 (The web mail service in Woppoware PostMaster 4.2.2 (build 3.2.5) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1651 (Directory traversal vulnerability in message.htm for Woppoware ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1652 (message.htm for Woppoware PostMaster 4.2.2 (build 3.2.5) allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1653 (Cross-site scripting (XSS) vulnerability in message.htm for Woppoware ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1654 (Hosting Controller 6.1 Hotfix 1.9 and earlier allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1655 (AOL Instant Messenger 5.5.x and earlier allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1656 (Mercur Messaging 2005 SP2 allows remote attackers to read the source ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1657 (Multiple directory traversal vulnerabilities in Mercur Messaging 2005 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1658 (Directory traversal vulnerability in filemanager.cpp in MyServer 0.8 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1659 (Cross-site scripting (XSS) vulnerability in filemanager.cpp in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1660 (HTMLJunction EZGuestbook stores the guestbook.mdb file under the web ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1661 (Jeuce Personal Webserver 2.13 allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1662 (Directory traversal vulnerability in Jeuce Personal Web Server 2.13 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1663 (Jeuce Personal Web Server 2.13 allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1664 (The __VIEWSTATE functionality in Microsoft ASP.NET 1.x allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1665 (The __VIEWSTATE functionality in Microsoft ASP.NET 1.x, when not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1666 (Multiple buffer overflows in Orenosv HTTP/FTP Server 0.8.1 allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1667 (DataTrac Activity Console 1.1 allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1668 (YusASP Web Asset Manager 1.0 allows remote attackers to gain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1669 (Cross-site scripting (XSS) vulnerability in Opera 8.0 Final Build 1095 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1670 (Unknown vulnerability in Extreme BlackDiamond 10808 and 8800 switches ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1671 (The Logfile feature in Yahoo! Messenger 5.x through 6.0 can be ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1672 (Multiple cross-site scripting (XSS) vulnerabilities in Help Center ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1673 (Multiple SQL injection vulnerabilities in Help Center Live allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1674 (Cross-Site Request Forgery (CSRF) vulnerability in Help Center Live ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1675 (Groove Virtual Office before 3.1 build 2338, before 3.1a build 2364, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1676 (Multiple cross-site scripting (XSS) vulnerabilities in Groove Mobile ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1677 (Unknown vulnerability in Groove Virtual Office before 3.1 build 2338, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1678 (Groove Virtual Office before 3.1 build 2338, before 3.1a build 2364, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1679 (Stack-based buffer overflow in the error directive in picasm 1.12b and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1680 (D-Link DSL-502T, DSL-504T, DSL-562T, and DSL-G604T, when ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1681 (PHP remote file inclusion vulnerability in common.php in phpATM 1.21, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1682 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1683 (Buffer overflow in winword.exe 10.2627.6714 and earlier in Microsoft ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1684 (Cross-site scripting (XSS) vulnerability in default.asp for episodex ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1685 (episodex guestbook allows remote attackers to bypass authentication ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1686 (Format string vulnerability in gedit 2.10.2 may allow attackers to ...) BUG: 93352 CVE-2005-1687 (SQL injection vulnerability in wp-trackback.php in Wordpress 1.5 and ...) BUG: 94512 BUG: 88926 CVE-2005-1688 (Wordpress 1.5 and earlier allows remote attackers to obtain sensitive ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1689 (Double free vulnerability in the krb5_recvauth function in MIT ...) BUG: 98799 CVE-2005-1690 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1691 (Directory traversal vulnerability in Internet Graphics Server in SAP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1692 (Format string vulnerability in gxine 0.4.1 through 0.4.4, and other ...) BUG: 93532 CVE-2005-1693 (Integer overflow in Computer Associates Vet Antivirus library, as used ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1694 (Multiple SQL injection vulnerabilities in Xanthia.php in the Xanthia ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1695 (Multiple cross-site scripting (XSS) vulnerabilities in the RSS module ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1696 (Multiple cross-site scripting (XSS) vulnerabilities in PostNuke 0.750 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1697 (The RSS module in PostNuke 0.750 and 0.760RC2 and RC3 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1698 (PostNuke 0.750 and 0.760RC3 allows remote attackers to obtain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1699 (Directory traversal vulnerability in pnadminapi.php in the Xanthia ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1700 (SQL injection vulnerability in pnadmin.php in the Xanthia module in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1701 (SQL injection vulnerability in PortailPHP 1.3 allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1702 (Format string vulnerability in Warrior Kings: Battles 1.23 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1703 (Warrior Kings: Battles 1.23 and earlier allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1704 (Integer overflow in the Binary File Descriptor (BFD) library for gdb ...) BUG: 91654 BUG: 91398 BUG: 88398 BUG: 91817 BUG: 91398 CVE-2005-1705 (gdb before 6.3 searches the current working directory to load the ...) BUG: 91654 BUG: 91398 BUG: 88398 CVE-2005-1706 (Unknown vulnerability in MailScanner 4.41.3 and earlier, related to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1707 (The fn_show_postinst function in Gentoo webapp-config before 1.10-r14 ...) BUG: 91785 CVE-2005-1708 (templates.admin.users.user_form_processing in Blue Coat Reporter ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1709 (Unknown vulnerability in Blue Coat Reporter before 7.1.2 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1710 (Multiple cross-site scripting (XSS) vulnerabilities in Blue Coat ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1711 (Gibraltar Firewall 2.2 and earlier, when using the ClamAV update to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1712 (Unknown vulnerability in Serendipity 0.8, when used with multiple ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1713 (Multiple cross-site scripting (XSS) vulnerabilities in Serendipity 0.8 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1714 (Cross-site scripting (XSS) vulnerability in NetWin SurgeMail 3.0c2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1715 (Cross-site scripting (XSS) vulnerability in index.php for TOPo 2.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1716 (TOPo 2.2 (2.2.178) stores data files in the data directory under the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1717 (ZyXEL Prestige 650R-31 router running ZyNOS FW v3.40(KO.1) allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1718 (Buffer overflow in LS Games War Times 1.03 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1719 (Unknown vulnerability in ALWIL avast! antivirus 4 (4.6.6230) and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1720 (AFP Server for Mac OS X 10.4.1, when using an ACL enabled volume, does ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1721 (Buffer overflow in the legacy client support for AFP Server for Mac OS ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1722 (Unknown vulnerability in the CoreGraphics Window Server for Mac OS X ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1723 (LaunchServices in Apple Mac OS X 10.4.x up to 10.4.1 does not properly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1724 (NFS on Apple Mac OS X 10.4.x up to 10.4.1 does not properly obey the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1725 (launchd 106 in Apple Mac OS X 10.4.x up to 10.4.1 allows local users ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1726 (The CoreGraphics Window Server in Mac OS X 10.4.1 allows local users ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1727 (Apple Mac OS X 10.4.x up to 10.4.1 sets insecure world- and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1728 (MCX Client for Apple Mac OS X 10.4.x up to 10.4.1 insecurely logs ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1729 (Novell eDirectory 8.7.3 allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1730 (Multiple vulnerabilities in the OpenSSL ASN.1 parser, as used in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1731 RESERVED CVE-2005-1732 (Cookie Cart allows remote attackers to read the Order Notification ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1733 (Cookie Cart stores the password file under the web document root with ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1734 (Multiple SQL injection vulnerabilities in PROMS before 0.11 allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1735 (Multiple cross-site scripting (XSS) vulnerabilities in PROMS before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1736 (PROMS 0.11 does not properly handle "certain combinations of rights," ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1737 (Multiple unknown vulnerabilities in PROMS 0.11 allow "non-authorized ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1738 (Format string vulnerability in the logPrintBadfile function in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1739 (The XWD Decoder in ImageMagick before 6.2.2.3, and GraphicsMagick ...) BUG: 90595 BUG: 90423 CVE-2005-1740 (fixproc in Net-snmp 5.x before 5.2.1-r1 creates temporary files ...) BUG: 91792 CVE-2005-1741 (Gearbox Software Halo: Combat Evolved 1.6 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1742 (BEA WebLogic Server and WebLogic Express 8.1 SP2 and SP3 allows users ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1743 (BEA WebLogic Server and WebLogic Express 8.1 through Service Pack 3 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1744 (BEA WebLogic Server and WebLogic Express 7.0 through Service Pack 5 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1745 (The UserLogin control in BEA WebLogic Portal 8.1 through Service Pack ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1746 (The cluster cookie parsing code in BEA WebLogic Server 7.0 through ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1747 (Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1748 (The embedded LDAP server in BEA WebLogic Server and Express 8.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1749 (Buffer overflow in BEA WebLogic Server and WebLogic Express 6.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1750 (SQL injection vulnerability in login.asp in ezdwc NewsletterEz 3.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1751 (Race condition in shtool 2.0.1 and earlier allows local users to ...) BUG: 93784 BUG: 93782 CVE-2005-1752 (viewFile.php in the scm component of Gforge before 4.0 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1753 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1754 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1755 (PHP remote file inclusion vulnerability in poll_vote.php in PHP Poll ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1756 (Cross-site scripting (XSS) vulnerability in the ModWeb agent for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1757 (Buffer overflow in the Modweb agent for Novell NetMail 3.52 before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1758 (Buffer overflow in the IMAP command continuation function in Novell ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1759 (Race condition in shtool 2.0.1 and earlier allows local users to ...) BUG: 93784 BUG: 93782 CVE-2005-1760 (sysreport 1.3.15 and earlier includes contents of the up2date file in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1761 (Linux kernel 2.6 and 2.4 on the IA64 architecture allows local users ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1762 (The ptrace call in the Linux kernel 2.6.8.1 and 2.6.10 for the AMD64 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1763 (Buffer overflow in ptrace in the Linux Kernel for 64-bit architectures ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1764 (Linux 2.6.11 on 64-bit x86 (x86_64) platforms does not use a guard ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1765 (syscall in the Linux kernel 2.6.8.1 and 2.6.10 for the AMD64 platform, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1766 (Heap-based buffer overflow in rtffplin.cpp in RealPlayer 10.5 ...) BUG: 96923 CVE-2005-1767 (traps.c in the Linux kernel 2.6.x and 2.4.x executes stack segment ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1768 (Race condition in the ia32 compatibility code for the execve system ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1769 (Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail ...) BUG: 95937 CVE-2005-1770 (Buffer overflow in the Aavmker4 device driver in Avast! Antivirus 4.6 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1771 (Unknown vulnerability in HP-UX trusted systems B.11.00 through B.11.23 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1772 (Buffer overflow in the client cd-key hash in Terminator 3: War of the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1773 (Multiple unknown vulnerabilities in L-Soft LISTSERV 14.3, 1.8e, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1774 (WEB-DAV Linux File System (davfs2) 0.2.3 does not properly enforce ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1775 (Terminator 3: War of the Machines 1.16 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1776 (Buffer overflow in the READ_TCP_STRING function in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1777 (SQL injection vulnerability in readpmsg.php in PostNuke 0.750 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1778 (Cross-site scripting (XSS) vulnerability in readpmsg.php in PostNuke ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1779 (SQL injection vulnerability in password.asp in MaxWebPortal 1.35, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1780 (SQL injection vulnerability in admin/login.asp in Active News Manager ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1781 (Unknown vulnerability in SMTP authentication for MailEnable allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1782 (Multiple cross-site scripting (XSS) vulnerabilities in BookReview beta ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1783 (BookReview beta 1.0 allows remote attackers to obtain the path of the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1784 (Hosting Controller 6.1 HotFix 2.0 and earlier allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1785 (SQL injection vulnerability in ad/login.asp in ZonGG 1.2 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1786 (SQL injection vulnerability in admin.asp in FunkyASP AD System 1.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1787 (setup.php in phpStat 1.5 allows remote attackers to bypass ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1788 (SQL injection vulnerability in resellerresources.asp in Hosting ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1789 (SQL injection vulnerability in SignIn.asp in India Software Solution ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1790 (Microsoft Internet Explorer 6 SP2 6.0.2900.2180 and 6.0.2800.1106, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1791 (Microsoft Internet Explorer 6 SP2 (6.0.2900.2180) crashes when the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1792 (Memory leak in Windows Management Instrumentation (WMI) service allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1793 (User32.DLL in Microsoft Windows 98SE, and possibly other operating ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1794 (Microsoft Terminal Server using Remote Desktop Protocol (RDP) 5.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1795 (The filecopy function in misc.c in Clam AntiVirus (ClamAV) before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1796 (Format string vulnerability in the curses_msg function in the Ncurses ...) BUG: 94474 CVE-2005-1797 (The design of Advanced Encryption Standard (AES), aka Rijndael, allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1798 (Directory traversal vulnerability in ServersCheck Monitoring Software ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1799 (Cross-site scripting (XSS) vulnerability in FreeStyle Wiki 3.5.7 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1800 (Cross-site scripting (XSS) vulnerability in Jaws Glossary gadget 0.4 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1801 (The vCard viewer in Nokia 9500 allows attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1802 (Nortel VPN Router (aka Contivity) allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1803 (Multiple cross-site scripting (XSS) vulnerabilities in Net Portal ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1804 (Multiple SQL injection vulnerabilities in Net Portal Dynamic System ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1805 (SQL injection vulnerability in login.asp in an unknown product by ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1806 (Format string vulnerability in PeerCast 0.1211 and earlier allows ...) BUG: 96199 CVE-2005-1807 (The Data function in class.smtp.php in PHPMailer 1.7.2 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1808 (Firefly Studios Stronghold 2 1.2 and earlier allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1809 (Sony Ericsson P900 Beamer allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1810 (SQL injection vulnerability in template-functions-category.php in ...) BUG: 94512 BUG: 88926 CVE-2005-1811 (Cross-site scripting (XSS) vulnerability in usercp.php for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1812 (Multiple stack-based buffer overflows in FutureSoft TFTP Server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1813 (Directory traversal vulnerability in FutureSoft TFTP Server Evaluation ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1814 (Stack-based buffer overflow in PicoWebServer 1.0 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1815 (Multiple buffer overflows in Hummingbird Connectivity inetD 10.0.0.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1816 (Invision Power Board (IPB) 1.0 through 2.0.4 allows non-root admins to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1817 (Invision Power Board (IPB) 1.0 through 1.3 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1818 (Multiple SQL injection vulnerabilities in NewLife Blogger before 3.3.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1819 (Cross-site scripting (XSS) vulnerability in NikoSoft WebMail before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1820 (zboard.php in Zeroboard version 4.1pl2 to 4.1pl5 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1821 (PHP remote file inclusion vulnerability in pdl_header.inc.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1822 (Multiple SQL injection vulnerabilities in Qualiteam X-Cart 4.0.8 allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1823 (Multiple cross-site scripting (XSS) vulnerabilities in Qualiteam ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1824 (The sql_escape_string function in auth/sql.c for the mailutils SQL ...) BUG: 94824 CVE-2005-1825 (Multiple stack-based buffer overflows in the nvd_exec function in HP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1826 (Buffer overflow in HP Radia Notify Daemon 3.1.0.0 (formerly by ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1827 (D-Link DSL-504T allows remote attackers to bypass authentication and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1828 (D-Link DSL-504T stores usernames and passwords in cleartext in the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1829 (Microsoft Internet Explorer 6 SP2 allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1830 (The DbgMsg.sys driver in Compuware SoftICE DriverStudio 3.1 and 3.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1831 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1832 (Multiple cross-site scripting (XSS) vulnerabilities in MyBulletinBoard ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1833 (Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) 1.00 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1834 (SQL injection vulnerability in login.asp in NEXTWEB (i)Site allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1835 (NEXTWEB (i)Site stores databases under the web document root with ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1836 (NEXTWEB (i)Site allows remote attackers to cause a denial of service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1837 (Fortinet firewall running FortiOS 2.x contains a hardcoded username ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1838 (Multiple cross-site scripting vulnerabilities in castnewPost.asp in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1839 (Multiple SQL injection vulnerabilities in Doug Luxem Liberum Help Desk ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1840 (Directory traversal vulnerability in class.layout_phpcms.php in phpCMS ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1841 (The control for Adobe Reader 5.0.9 and 5.0.10 on Linux, Solaris, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1842 (VCNative for Adobe Version Cue 1.0 and 1.0.1, as used in Creative ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1843 (VCNative for Adobe Version Cue 1.0 and 1.0.1, as used in Creative ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1844 RESERVED CVE-2005-1845 RESERVED CVE-2005-1846 (Multiple directory traversal vulnerabilities in YaMT before 0.5_2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1847 (Multiple buffer overflows in YaMT before 0.5_2 allow attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1848 (The dhcpcd DHCP client before 1.3.22 allows remote attackers to cause ...) BUG: 98394 CVE-2005-1849 (inftrees.h in zlib 1.2.2 allows remote attackers to cause a denial of ...) BUG: 123286 BUG: 105695 BUG: 100540 BUG: 100686 BUG: 99751 CVE-2005-1850 (Certain contributed scripts for ekg Gadu Gadu client 1.5 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1851 (A certain contributed script for ekg Gadu Gadu client 1.5 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1852 (Multiple integer overflows in libgadu, as used in Kopete in KDE 3.2.3 ...) BUG: 99583 BUG: 99890 BUG: 99816 BUG: 99754 CVE-2005-1853 (gopher.c in the Gopher client 3.0.5 does not properly create temporary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1854 (Unknown vulnerability in apt-cacher in Debian 3.1, related to "missing ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1855 (Backup Manager (backup-manager) before 0.5.8 creates backup files with ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1856 (The CD-burning feature in backup-manager 0.5.8 and earlier uses a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1857 (Format string vulnerability in simpleproxy before 3.4 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1858 (FUSE 2.x before 2.3.0 does not properly clear previously used memory ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1859 (Unknown vulnerability in arshell in the Array Service (arrayd) for SGI ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1860 RESERVED CVE-2005-1861 RESERVED CVE-2005-1862 RESERVED CVE-2005-1863 RESERVED CVE-2005-1864 (PHP remote file inclusion vulnerability in cal_admintop.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1865 (Multiple SQL injection vulnerabilities in Calendarix Advanced 1.5 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1866 (Cross-site scripting (XSS) vulnerability in calendar.php in Calendarix ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1867 (Symantec Brightmail AntiSpam before 6.0.2 has a hard-coded database ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1868 (I-Man 0.9, and possibly earlier versions, allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1869 (PHP remote file inclusion vulnerability in start_lobby.php in MWChat ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1870 (PHP remote file inclusion vulnerability in childwindow.inc.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1871 (Unknown vulnerability in the privilege system in Drupal 4.4.0 through ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1872 (Buffer overflow in the administrative console in IBM WebSphere ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1873 (Multiple buffer overflows in Crob FTP 3.6.1, and possibly earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1874 (Directory traversal vulnerability in Dzip before 2.9 allows remote ...) BUG: 93079 CVE-2005-1875 (Multiple SQL injection vulnerabilities in list.php in Exhibit Engine ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1876 (Direct code injection vulnerability in CuteNews 1.3.6 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1877 (Cross-site scripting (XSS) vulnerability in view_ticket.php in Lpanel ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1878 (GIPTables Firewall 1.1 and earlier allows local users to overwrite ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1879 (LutelWall 0.97 and earlier allows local users to overwrite arbitrary ...) BUG: 95378 CVE-2005-1880 (everybuddy 0.4.3 and earlier allows local users to overwrite arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1881 (upload.php in YaPiG 0.92b, 0.93u and 0.94u does not properly restrict ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1882 (PHP remote file inclusion vulnerability in last_gallery.php in YaPiG ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1883 (global.php in YaPiG 0.92b allows remote attackers to include arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1884 (Directory traversal vulnerability in the (1) rmdir or (2) mkdir ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1885 (view.php in YaPiG 0.92b, 0.93u and 0.94u allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1886 (Cross-site scripting (XSS) vulnerability in view.php in YaPiG 0.92b, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1887 (Unknown vulnerability in the Sun Solaris C library (libc and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1888 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.5 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1889 (Unknown vulnerability in Sun ONE Application Server 6.5 SP1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1890 (Unknown vulnerability in Mortiforo before 0.9.1 allows users to access ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1891 (The GIF parser in ateimg32.dll in AOL Instant Messenger (AIM) 5.9.3797 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1892 (FlatNuke 2.5.3 allows remote attackers to cause a denial of service or ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1893 (FlatNuke 2.5.3 allows remote attackers to obtain sensitive information ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1894 (Direct code injection vulnerability in FlatNuke 2.5.3 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1895 (Cross-site scripting (XSS) vulnerability in FlatNuke 2.5.3 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1896 (Directory traversal vulnerability in thumb.php in FlatNuke 2.5.3 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1897 (Unknown vulnerability in FlexCast Audio Video Streaming Server before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1898 (The passthrough functionality in phpThumb.php in phpThumb() before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1899 (Rakkarsoft RakNet network library 2.33 and earlier, when released ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1900 (Sawmill before 7.1.6 allows remote attackers to bypass authentication ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1901 (Multiple cross-site scripting (XSS) vulnerabilities in Sawmill before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1902 (Directory traversal vulnerability in the IMAP service for SPA-PRO Mail ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1903 (Buffer overflow in the IMAP service for SPA-PRO Mail @Solomon 4.00 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1904 (SQL injection vulnerability in login.asp in JiRo's Upload System (JUS) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1905 (The klif.sys driver in Kaspersky Labs Anti-Virus 5.0.227, 5.0.228, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1906 (SQL injection vulnerability in login.asp in livingmailing 1.3 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1907 (The ISA Firewall service in Microsoft Internet Security and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1908 (Perception LiteWeb allows remote attackers to bypass access controls ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1909 (The web server control panel in 602LAN SUITE 2004 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1910 (SQL injection vulnerability in login.asp for WWWeb Concepts Events ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1911 (The fetchnews NNTP client in leafnode 1.11.2 and earlier can hang ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1912 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1913 (The Linux kernel 2.6 before 2.6.12.1 allows local users to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1914 (CenterICQ 4.20.0 and earlier creates temporary files with predictable ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1915 (The log4sh_readProperties function in log4sh 1.2.5 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1916 (linki.py in ekg 2005-06-05 and earlier allows local users to overwrite ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1917 (kpopper 1.0 and earlier allows local users to create and overwrite ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1918 (The original patch for a GNU tar directory traversal vulnerability ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1919 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1920 (The (1) Kate and (2) Kwrite applications in KDE KDE 3.2.x through ...) BUG: 155613 CVE-2005-1921 (Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka ...) BUG: 97651 BUG: 97460 BUG: 97629 BUG: 97399 BUG: 97655 BUG: 97461 BUG: 97648 BUG: 97374 CVE-2005-1922 (The MS-Expand file handling in Clam AntiVirus (ClamAV) before 0.86 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1923 (The ENSURE_BITS macro in mszipd.c for Clam AntiVirus (ClamAV) 0.83, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1924 (The G/PGP (GPG) Plugin 2.1 and earlier for Squirrelmail allow remote ...) BUG: 185010 CVE-2005-1925 (Multiple directory traversal vulnerabilities in Tikiwiki before 1.9.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1926 RESERVED CVE-2005-1927 RESERVED CVE-2005-1928 (Trend Micro ServerProtect EarthAgent for Windows Management Console ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1929 (Multiple heap-based buffer overflows in (1) isaNVWRequest.dll and (2) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1930 (Directory traversal vulnerability in the Crystal Report component ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1931 (GoodTech SMTP Server 5.14 allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1932 (Lpanel 1.59 and earlier, and other versions before 1.597, allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1933 (Dashboard in Apple Mac OS X Tiger 10.4 allows attackers to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1934 (Gaim before 1.3.1 allows remote attackers to cause a denial of service ...) BUG: 95347 CVE-2005-1935 (Heap-based buffer overflow in the BERDecBitString function in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1936 (Unknown vulnerability in the web server for the ESS/ Network ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1937 (A regression error in Firefox 1.0.3 and Mozilla 1.7.7 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1938 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1939 (Directory traversal vulnerability in Ipswitch WhatsUp Small Business ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1940 RESERVED CVE-2005-1941 (SilverCity before 0.9.5-r1 installs (1) cgi-styler-form.py, (2) ...) BUG: 93558 CVE-2005-1942 (Cisco switches that support 802.1x security allow remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1943 (Multiple SQL injection vulnerabilities in Loki download manager 2.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1944 (xmysqladmin 1.0 and earlier allows local users to delete arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1945 (Cross-site scripting (XSS) vulnerability in the convert_highlite_words ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1946 (Multiple SQL injection vulnerabilities in Invision Blog before 1.1.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1947 (Cross-site request forgery (CSRF) vulnerability in Invision Gallery ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1948 (Multiple SQL injection vulnerabilities in Invision Gallery before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1949 (The eping_validaddr function in functions.php for the ePing plugin for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1950 (hints.pl in Webhints 1.03 allows remote attackers to execute arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1951 (Multiple HTTP Response Splitting vulnerabilities in osCommerce 2.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1952 (Directory traversal vulnerability in Pico Server (pServ) 3.3 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1953 (Heap-based buffer overflow in the CGI extension for Pico Server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1954 (singapore 0.9.11 allows remote attackers to obtain sensitive ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1955 (Cross-site scripting (XSS) vulnerability in index.php in singapore ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1956 (File Upload Manager allows remote attackers to upload arbitrary files ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1957 (mtnpeak.net File Upload Manager does not properly check user ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1958 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1959 (jammail.pl in jamchen JamMail 1.8 allows remote attackers to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1960 (The getemails function in C.J. Steele Tattle allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1961 (Unknown vulnerability in ObjectWeb Consortium C-JDBC before 1.3.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1962 (Cross-site scripting (XSS) vulnerability in Cerberus Helpdesk 0.97.3 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1963 (Cerberus Helpdesk 0.97.3 allows remote attackers to obtain sensitive ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1964 (PHP remote file inclusion vulnerability in utilit.php for Ovidentia ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1965 (PHP remote file inclusion vulnerability in siteframe.php for Broadpool ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1966 (The eTrace_validaddr function in eTrace plugin for e107 portal allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1967 (Multiple SQL injection vulnerabilities in ProductCart Ecommerce before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1968 (Cross-site scripting (XSS) vulnerability in ProductCart Ecommerce ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1969 (Cross-site scripting (XSS) vulnerability in Pragma Systems ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1970 (Symantec pcAnywhere 10.5x and 11.x before 11.5, with "Launch with ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1971 (Directory traversal vulnerability in InteractivePHP FusionBB .11 Beta ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1972 (Multiple SQL injection vulnerabilities in InteractivePHP FusionBB .11 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1973 (Java Web Start in Java 2 Platform Standard Edition (J2SE) 5.0 and 5.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1974 (Unspecified vulnerability in Java 2 Platform, Standard Edition (J2SE) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1975 (Multiple cross-site scripting (XSS) vulnerabilities in Annuaire 1Two ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1976 (Novell NetMail 3.5.2a, 3.5.2b, and 3.5.2c, when running on Linux, sets ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1977 RESERVED CVE-2005-1978 (COM+ in Microsoft Windows does not properly "create and use memory ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1979 (Distributed Transaction Controller in Microsoft Windows allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1980 (Distributed Transaction Controller in Microsoft Windows allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1981 (Unknown vulnerability in Microsoft Windows 2000 Server and Windows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1982 (Unknown vulnerability in the PKINIT Protocol for Microsoft Windows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1983 (Stack-based buffer overflow in the Plug and Play (PnP) service for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1984 (Buffer overflow in the Print Spooler service (Spoolsv.exe) for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1985 (The Client Service for NetWare (CSNW) on Microsoft Windows 2000 SP4, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1986 RESERVED CVE-2005-1987 (Buffer overflow in Collaboration Data Objects (CDO), as used in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1988 (Unknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1989 (Unknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1990 (Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1991 RESERVED CVE-2005-1992 (The XMLRPC server in utils.rb for the ruby library (libruby) 1.8 sets ...) BUG: 96784 CVE-2005-1993 (Race condition in sudo 1.3.1 up to 1.6.8p8, when the ALL ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1994 (Finjan SurfinGate 7.0SP2 and SP3 allows remote attackers to download ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1995 (Bitrix Site Manager 4.0.x allows remote attackers to obtain sensitive ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1996 (PHP remote file inclusion vulnerability in start.php in Bitrix Site ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1997 (show.php in McGallery 1.1 allows remote attackers to connect to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1998 (Directory traversal vulnerability in admin.php in McGallery 1.1 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-1999 (Multiple cross-site scripting (XSS) vulnerabilities in pafiledb.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2000 (Multiple SQL injection vulnerabilities in paFileDB 3.1 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2001 (Directory traversal vulnerability in pafiledb.php in paFileDB 3.1 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2002 (SQL injection vulnerability in content.php in Mambo 4.5.2.2 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2003 (Ultimate PHP Board (UPB) 1.9.6 GOLD allows remote attackers to obtain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2004 (Multiple cross-site scripting vulnerabilities in Ultimate PHP Board ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2005 (Ultimate PHP Board (UPB) 1.9.6 GOLD and earlier stores the users.dat ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2006 (JBOSS 3.2.2 through 3.2.7 and 4.0.2 allows remote attackers to obtain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2007 (Directory traversal vulnerability in Edgewall Trac 0.8.3 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2008 (Yaws Webserver 1.55 and earlier allows remote attackers to obtain the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2009 (Multiple SQL injection vulnerabilities in Ublog Reload 1.0.5 allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2010 (Cross-site scripting (XSS) vulnerability in trackback.asp in Ublog ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2011 (Multiple cross-site scripting (XSS) vulnerabilities in paFAQ 1.0 Beta ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2012 (Multiple SQL injection vulnerabilities in login in paFAQ 1.0 Beta 4 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2013 (paFAQ 1.0 Beta 4 allows remote attackers to obtain sensitive ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2014 (The "upload a language pack" feature in paFAQ 1.0 Beta 4 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2015 RESERVED CVE-2005-2016 RESERVED CVE-2005-2017 (Symantec AntiVirus 9 Corporate Edition allows local users to gain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2018 RESERVED CVE-2005-2019 (ipfw in FreeBSD 5.4, when running on Symmetric Multi-Processor (SMP) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2020 (Directory traversal vulnerability in the web server for 3Com Network ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2021 (Cross-site scripting (XSS) vulnerability in cPanel 9.1 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2022 (Unknown vulnerability in Webmail in iPlanet Messaging Server 5.2 Patch ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2023 (The send_pinentry_environment function in asshelp.c in gpg2 on SUSE ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2024 (Vipul Razor Agents (razor-agents) before 2.70 allows remote attackers ...) BUG: 96776 BUG: 95492 BUG: 94722 CVE-2005-2025 (Cisco VPN 3000 Concentrator before 4.1.7.F allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2026 (Enterasys Vertical Horizon VH-2402S before firmware 2.05.05.09 has a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2027 (Enterasys Vertical Horizon VH-2402S before firmware 2.05.05.09 does ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2028 (SQL injection vulnerability in index.php for MercuryBoard 1.1.4 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2029 (amaroK Web Frontend 1.3 stores the globals.inc file under the web root ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2030 (Ultimate PHP Board (UPB) 1.9.6 GOLD uses weak encryption for passwords ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2031 (Multiple SQL injection vulnerabilities in socialMPN allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2032 (Unknown vulnerability in lpadmin on Sun Solaris 7, 8, and 9 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2033 (Directory traversal vulnerability in folderview.asp for Blue-Collar ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2034 (Cross-site scripting (XSS) vulnerability in folderview.asp for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2035 (SQL injection vulnerability in login.asp for Cool Cafe (Cool Café) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2036 (modifyUser.asp in Cool Cafe (Cool Café) Chat 1.2.1 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2037 (Multiple SQL injection vulnerabilities in Fortibus CMS 4.0.0 allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2038 (Fortibus CMS 4.0.0 allows remote attackers to modify information of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2039 (Unknown vulnerability in "various plugins" for NanoBlogger 3.2.1 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2040 (Multiple buffer overflows in the getterminaltype function in telnetd ...) BUG: 96727 CVE-2005-2041 (Buffer overflow in addschup in HAURI ViRobot 2.0, and possibly other ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2042 (Cross-site scripting (XSS) vulnerability in ajax-spell before 1.8 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2043 (Directory traversal vulnerability in XAMPP before 1.4.14 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2044 (Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.4.3 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2045 (Multiple SQL injection vulnerabilities in DUware DUportal PRO 3.4.3 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2046 (Multiple SQL injection vulnerabilities in DUware DUamazon Pro 3.0 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2047 (Multiple SQL injection vulnerabilities in DUware DUpaypal Pro 3.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2048 (Multiple SQL injection vulnerabilities in DUware DUforum 3.1, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2049 (Multiple SQL injection vulnerabilities in DUware DUclassmate 1.2 allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2050 (Unknown vulnerability in Tor before 0.1.0.10 allows remote attackers ...) BUG: 96320 CVE-2005-2051 (Buffer overflow in the VERITAS Backup Exec Web Administration Console ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2052 (Heap-based buffer overflow in vidplin.dll in RealPlayer 10 and 10.5 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2053 (Just another flat file (JAF) CMS before 3.0 Final allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2054 (Unknown vulnerability in RealPlayer 10 and 10.5 (6.0.12.1040-1069) and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2055 (RealPlayer 8, 10, 10.5 (6.0.12.1040-1069), and Enterprise and RealOne ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2056 (The Quantum archive decompressor in Clam AntiVirus (ClamAV) before ...) BUG: 96960 CVE-2005-2057 (Multiple cross-site scripting (XSS) vulnerabilities in Infopop ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2058 (Multiple SQL injection vulnerabilities in Infopop UBB.Threads before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2059 (Multiple cross-site request forgery (CSRF) vulnerabilities in (1) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2060 (Multiple HTTP Response Splitting vulnerabilities in (1) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2061 (Infopop UBB.Threads before 6.5.2 Beta allows remote attackers to include ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2062 (Multiple SQL injection vulnerabilities in ActiveBuyAndSell 6.2 allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2063 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2064 (Multiple cross-site scripting vulnerabilities in ASP Nuke 0.80 allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2065 (HTTP response splitting vulnerability in language_select.asp in ASP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2066 (SQL injection vulnerability in comment_post.asp in ASP Nuke 0.80 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2067 (SQL injection vulnerability in article.asp in unknown versions of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2068 (FreeBSD 4.x through 4.11 and 5.x through 5.4 allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2069 (pam_ldap and nss_ldap, when used with OpenLDAP and connecting to a ...) BUG: 96767 CVE-2005-2070 (The ClamAV Mail fILTER (clamav-milter) 0.84 through 0.85d, when used ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2071 (traceroute in Sun Solaris 10 on x86 systems allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2072 (The runtime linker (ld.so) in Solaris 8, 9, and 10 trusts the LD_AUDIT ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2073 (Unknown vulnerability in IBM DB2 8.1.4 through 8.1.9 and 8.2.0 through ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2074 (Cross-site scripting (XSS) vulnerability in PHP-Fusion 6.0.105 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2075 (PHP-Fusion 5.0 and 6.0 stores the database file with a predictable ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2076 (HP Version Control Repository Manager (VCRM) before 2.1.1.730 does not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2077 (Cross-site scripting (XSS) vulnerability in error.asp for Hosting ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2078 (BisonFTP Server V4R1 allows remote authenticated users to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2079 (Heap-based buffer overflow in the Admin Plus Pack Option for VERITAS ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2080 (Unknown vulnerability in Remote Agent for Windows Servers (RAWS) in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2081 (Stack-based buffer overflow in the function that parses commands in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2082 (im_trbbs.cgi in imTRSET 1.02 and earlier allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2083 (Format string vulnerability in IMAP4 in IA eMailServer Corporate ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2084 (Cross-site scripting (XSS) vulnerability in SearchResults.aspx in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2085 (Buffer overflow in Inframail Advantage Server Edition 6.0 through 6.7 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2086 (PHP remote file inclusion vulnerability in viewtopic.php in phpBB ...) BUG: 97278 CVE-2005-2087 (Internet Explorer 5.01 SP4 up to 6 on various Windows operating ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2088 (The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2089 (Microsoft IIS 5.0 and 6.0 allows remote attackers to poison the web ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2090 (Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2091 (IBM WebSphere 5.1 and WebSphere 5.0 allows remote attackers to poison ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2092 (BEA Systems WebLogic 8.1 SP1 allows remote attackers to poison the web ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2093 (Oracle 9i Application Server (Oracle9iAS) 9.0.2 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2094 (Sun SunONE web server 6.1 SP1 allows remote attackers to poison the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2095 (options_identities.php in SquirrelMail 1.4.4 and earlier uses the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2096 (zlib 1.2 and later versions allows remote attackers to cause a denial ...) BUG: 105695 BUG: 100540 BUG: 100686 BUG: 98121 CVE-2005-2097 (xpdf and kpdf do not properly validate the "loca" table in PDF files, ...) BUG: 100265 BUG: 100263 BUG: 99769 CVE-2005-2098 (The KEYCTL_JOIN_SESSION_KEYRING operation in the Linux kernel before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2099 (The Linux kernel before 2.6.12.5 does not properly destroy a keyring ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2100 (The rw_vm function in usercopy.c in the 4GB split patch for the Linux ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2101 (langen2kvtml in KDE 3.0 to 3.4.2 creates insecure temporary files in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2102 (The AIM/ICQ module in Gaim before 1.5.0 allows remote attackers to ...) BUG: 102000 CVE-2005-2103 (Buffer overflow in the AIM and ICQ module in Gaim before 1.5.0 allows ...) BUG: 102000 CVE-2005-2104 (sysreport before 1.3.7 allows local users to obtain sensitive ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2105 (Cisco IOS 12.2T through 12.4 allows remote attackers to bypass ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2106 (Unknown vulnerability in Drupal 4.5.0 through 4.5.3, 4.6.0, and 4.6.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2107 (Multiple cross-site scripting (XSS) vulnerabilities in post.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2108 (SQL injection vulnerability in XMLRPC server in WordPress 1.5.1.2 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2109 (wp-login.php in WordPress 1.5.1.2 and earlier allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2110 (WordPress 1.5.1.2 and earlier allows remote attackers to obtain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2111 (login.cgi in Community Link Pro Web Editor allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2112 (Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.0.11 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2113 (SQL injection vulnerability in the loginUser function in the XMLRPC ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2114 (Mozilla 1.7.8, Firefox 1.0.4, Camino 0.8.4, Netscape 8.0.2, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2115 (Soldier of Fortune II 1.02x and 1.03 allows remote attackers to cause ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2116 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2117 (Web View in Windows Explorer on Microsoft Windows 2000 SP4, XP SP1 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2118 (Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2119 (The MIDL_user_allocate function in the Microsoft Distributed ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2120 (Stack-based buffer overflow in the Plug and Play (PnP) service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2121 RESERVED CVE-2005-2122 (Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2123 (Multiple integer overflows in the Graphics Rendering Engine ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2124 (Unspecified vulnerability in the Graphics Rendering Engine (GDI32.DLL) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2125 RESERVED CVE-2005-2126 (The FTP client in Windows XP SP1 and Server 2003, and Internet ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2127 (Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2128 (QUARTZ.DLL in Microsoft Windows Media Player 9 allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2129 RESERVED CVE-2005-2130 RESERVED CVE-2005-2131 RESERVED CVE-2005-2132 (RPC portmapper (rpcbind) in SCO UnixWare 7.1.1 m5, 7.1.3 mp5, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2133 (DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-1915. Reason: ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2134 (The (1) clcs and (2) emuxki drivers in NetBSD 1.6 through 2.0.2 allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2135 (SQL injection vulnerability in verify.asp in EtoShop Dynamic Biz ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2136 (Raritan Dominion SX (DSX) Console Servers DSX16, DSX32, DSX4, DSX8, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2137 (Unknown vulnerability in NateOn Messenger 3.0 allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2138 (Cross-site scripting (XSS) vulnerability in index.php in Comdev ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2139 (PHP remote file inclusion vulnerability in user_check.php for Pavsta ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2140 (Directory traversal vulnerability in default.asp for FSboard 2.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2141 (TCP Chat 1.0 allows remote attackers to cause a denial of service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2142 (Directory traversal vulnerability in Golden FTP Server 2.60 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2143 (Microsoft Front Page allows attackers to cause a denial of service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2144 (Prevx Pro 2005 1.0 allows local users to bypass file protection and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2145 (The kernel driver in Prevx Pro 2005 1.0 does not verify the source of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2146 (SSH Tectia Server 4.3.1 and earlier, and SSH Secure Shell for Windows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2147 (Trac before 0.8.4 allows remote attackers to read or upload arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2148 (Cacti 0.8.6e and earlier does not perform proper input validation to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2149 (config.php in Cacti 0.8.6e and earlier allows remote attackers to set ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2150 (Windows NT 4.0 and Windows 2000 before URP1 for Windows 2000 SP4 does ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2151 (spf.c in Courier Mail Server does not properly handle DNS failures ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2152 (SQL injection vulnerability in Geeklog before 1.3.11 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2153 (SQL injection vulnerability in class.ticket.php in osTicket 1.3.1 beta ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2154 (PHP local file inclusion vulnerability in (1) view.php and (2) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2155 (PHP remote file inclusion vulnerability in EasyPHPCalendar 6.1.5 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2156 (SQL injection vulnerability in news.php in PHPNews 1.2.5 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2157 (PHP remote file inclusion vulnerability in survey.inc.php for nabopoll ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2158 (A regression error in the embedded HSQLDB in JBoss jBPM 2.0 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2159 (mshftp.dll in PlanetDNS PlanetFileServer 2.0.1.3 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2160 (IMail stores usernames and passwords in cleartext in a cookie, which ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2161 (Cross-site scripting (XSS) vulnerability in phpBB 2.0.16 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2162 (PHP remote file inclusion vulnerability in form.inc.php3 in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2163 (Cross-site scripting (XSS) vulnerability in index.php in AutoIndex PHP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2164 (SQL injection vulnerability in Covide Groupware-CRM allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2165 (read.cgi in GlobalNoteScript allows remote attackers to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2166 (SQL injection vulnerability in index.php in Plague News System 0.6 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2167 (Cross-site scripting (XSS) vulnerability in index.php in Plague News ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2168 (delete.php in Plague News System 0.6 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2169 (Directory traversal vulnerability in source.php in Quick & Dirty ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2170 (The LCF component (lcfd) in IBM Tivoli Management Framework Endpoint ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2171 RESERVED CVE-2005-2172 RESERVED CVE-2005-2173 (The Flag::validate and Flag::modify functions in Bugzilla 2.17.1 to ...) BUG: 98348 CVE-2005-2174 (Bugzilla 2.17.x, 2.18 before 2.18.2, 2.19.x, and 2.20 before 2.20rc1 ...) BUG: 98348 CVE-2005-2175 (The web interface for Lotus Notes mail automatically processes HTML in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2176 (Novell NetMail automatically processes HTML in an attachment without ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2177 (Net-SNMP 5.0.x before 5.0.10.2, 5.2.x before 5.2.1.2, and 5.1.3, when ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2178 (probe.cgi allows remote attackers to execute arbitrary commands via ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2179 (PHP remote file inclusion vulnerability in BlogModel.php in Jaws 0.5.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2180 (gen-index in GNATS 4.0, 4.1.0, and possibly earlier versions, when ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2181 (Cisco 7940/7960 Voice over IP (VoIP) phones do not properly check the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2182 (Grandstream BudgeTone (BT) 100 Voice over IP (VoIP) phones do not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2183 (class.xmail.php in PhpXmail 0.7 through 1.1 does not properly handle ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2184 (eRoom 6.x does not properly restrict files that can be attached, which ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2185 (eRoom does not set an expiration for Cookies, which allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2186 (Multiple cross-site scripting (XSS) vulnerabilities in McAfee ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2187 (McAfee IntruShield Security Management System allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2188 (McAfee IntruShield Security Management System obtains the user ID from ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2189 (Lantronix SecureLinx console server running firmware 2.0 and 3.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2190 (Multiple SQL injection vulnerabilities in Comersus shopping cart allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2191 (Multiple cross-site scripting (XSS) vulnerabilities in Comersus ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2192 (SimplePHPBlog 0.4.0 stores password hashes in config/password.txt with ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2193 (SQL injection vulnerability in the user profile edit module in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2194 (Unspecified vulnerability in the Apple Mac OS X kernel before 10.4.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2195 (Apple Darwin Streaming Server 5.5 and earlier allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2196 (The Apple AirPort card uses a default WEP key when not connected to a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2197 (SQL injection vulnerability in sql.cls.php in Id Board 1.1.3 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2198 (PHP remote file inclusion vulnerability in lang.php in SPiD before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2199 (PHP remote file inclusion vulnerability in inc/functions.inc.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2200 (Multiple unknown vulnerabilities in the MicroServer Web Server for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2201 (Unknown vulnerability in the MicroServer Web Server for Xerox ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2202 (Cross-site scripting (XSS) vulnerability in the MicroServer Web Server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2203 (login.php in phpWishlist before 0.1.15 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2204 (Cross-site scripting (XSS) vulnerability in Computer Associates (CA) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2205 (The ReadLog function in kaiseki.cgi in pngren allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2206 (Multiple SQL injection vulnerabilities in CartWIZ allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2207 (Cross-site scripting (XSS) vulnerability in store/login.asp in CartWIZ ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2208 (PrivaShare 1.1b allows remote attackers to cause a denial of service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2209 (Capturix ScanShare 1.06 build 50 stores sensitive information such as ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2210 (Stack-based buffer overflow in Internet Download Manager 4.05 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2211 (Backup Manager 0.5.8a creates temporary files insecurely, which allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2212 (Backup Manager 0.5.8a creates an archive repository with world ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2213 (Buffer overflow in the mms_interp_header function in mms.c in MMS ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2214 (apt-setup in Debian GNU/Linux installs the apt.conf file with insecure ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2215 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.x ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2216 (PHP remote file inclusion vulnerability in gals.php in PhotoGal Photo ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2217 (Dansie Shopping Cart stores the vars.dat file under the web root with ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2218 (The device file system (devfs) in FreeBSD 5.x does not properly check ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2219 (Hosting Controller 6.1 Hotfix 2.1 allows remote authenticated users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2220 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2221 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2222 (Unknown vulnerability in the HTTPMail service in MailEnable Professional ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2223 (Unknown vulnerability in the SMTP service in MailEnable Standard ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2224 (aspnet_wp.exe in Microsoft ASP.NET web services allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2225 (Microsoft MSN Messenger allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2226 (Microsoft Outlook Express 6.0 leaks the default news server account ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2227 (Softiacom wMailserver 1.0 stores passwords in plaintext in the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2228 (Web Wiz Forums 7.9 and 8.0 allows remote attackers to view message ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2229 (Blog Torrent 0.92 and earlier stores sensitive files under the web ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2230 (Electronic Mail Operator (elmo) 1.3.2-r1 and earlier creates the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2231 (High Availability Linux Project Heartbeat 1.2.3 allows local users to ...) BUG: 97175 CVE-2005-2232 (Buffer overflow in invscout in IBM AIX 5.1.0 through 5.3.0 might allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2233 (Buffer overflow in multiple "p" commands in IBM AIX 5.1, 5.2 and 5.3 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2234 (Buffer overflow in the getlvname command in IBM AIX 5.1, 5.2 and 5.3, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2235 (Buffer overflow in the diagTasksWebSM command in IBM AIX 5.1, 5.2 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2236 (Format string vulnerability in the paginit command in IBM AIX 5.3, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2237 (Format string vulnerability in the swcons command in IBM AIX 5.3, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2238 (ftpd in IBM AIX 5.1, 5.2 and 5.3 allows remote authenticated users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2239 (oftpd 0.3.7 allows remote attackers to cause a denial of service via a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2240 (xpvm.tcl in xpvm 1.2.5 allows local users to overwrite arbitrary files ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2241 (Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2242 (Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2243 (Memory leak in inetinfo.exe in Cisco CallManager (CCM) 3.2 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2244 (The aupair service (aupair.exe) in Cisco CallManager (CCM) 3.2 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2245 (Unknown vulnerability in F5 BIG-IP 9.0.2 through 9.1 allows attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2246 (Multiple PHP remote file inclusion vulnerabilities in iPhotoAlbum 1.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2247 (Multiple unknown vulnerabilities in Moodle before 1.5.1 have unknown ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2248 (Directory traversal vulnerability in DownloadProtect before 1.0.3 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2249 (Multiple unknown vulnerabilities in Jinzora 2.0.1 have unknown impact ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2250 (Buffer overflow in Bluetooth FTP client (BTFTP) in Nokia Affix 2.1.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2251 (PHP remote file inclusion vulnerability in secure.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2252 (PhpAuction 2.5 allows remote attackers to bypass authentication and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2253 (SQL injection vulnerability in PhpAuction 2.5 allow remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2254 (Multiple cross-site scripting (XSS) vulnerabilities in PhpAuction 2.5 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2255 (Directory traversal vulnerability in PhpAuction 2.5 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2256 (Encoded directory traversal vulnerability in phpPgAdmin 3.1 to 3.5.3 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2257 (The saveProfile function in PhpSlash 0.8.0 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2258 (PHP remote file inclusion vulnerability in photolist.inc.php in Squito ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2259 (The dispallclosed2 function in dispallclosed.pl for multiple USANet ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2260 (The browser user interface in Firefox before 1.0.5, Mozilla before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2261 (Firefox before 1.0.5, Thunderbird before 1.0.5, Mozilla before 1.7.9, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2262 (Firefox 1.0.3 and 1.0.4, and Netscape 8.0.2, allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2263 (The InstallTrigger.install method in Firefox before 1.0.5 and Mozilla ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2264 (Firefox before 1.0.5 allows remote attackers to steal sensitive ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2265 (Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2266 (Firefox before 1.0.5 and Mozilla before 1.7.9 allows a child frame to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2267 (Firefox before 1.0.5 allows remote attackers to steal information and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2268 (Firefox before 1.0.5 and Mozilla before 1.7.9 does not clearly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2269 (Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 does ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2270 (Firefox before 1.0.5 and Mozilla before 1.7.9 does not properly clone ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2271 (iCab 2.9.8 does not clearly associate a Javascript dialog box with the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2272 (Safari version 2.0 (412) does not clearly associate a Javascript ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2273 (Opera 7.x and 8 before 8.01 does not clearly associate a Javascript ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2274 (Microsoft Internet Explorer 6.0 does not clearly associate a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2275 RESERVED CVE-2005-2276 (Cross-site scripting (XSS) vulnerability in Novell Groupwise WebAccess ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2277 (Bluetooth FTP client (BTFTP) in Nokia Affix 2.1.2 and 3.2.0 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2278 (Stack-based buffer overflow in the IMAP daemon (imapd) in MailEnable ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2279 (Cisco ONS 15216 Optical Add/Drop Multiplexer (OADM) running firmware ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2280 (Cisco Security Agent (CSA) 4.5 allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2281 (WebEOC before 6.0.2 uses a weak encryption scheme for passwords, which ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2282 (Multiple cross-site scripting (XSS) vulnerabilities in WebEOC before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2283 (WebEOC before 6.0.2 does not properly restrict the size of an uploaded ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2284 (Multiple SQL injection vulnerabilities in WebEOC before 6.0.2 allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2285 (WebEOC before 6.0.2 stores sensitive information in locations such as ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2286 (WebEOC before 6.0.2 does not properly check user authorization, which ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2287 (SoftiaCom wMailServer 1.0 and 2.0 allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2288 (Cross-site scripting (XSS) vulnerability in PHPCounter 7.2 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2289 (PHPCounter 7.2 allows remote attackers to obtain sensitive information ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2290 (wps_shop.cgi in WPS Web Portal System 0.7.0 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2291 (Oracle JDeveloper 9.0.4, 9.0.5, and 10.1.2 passes the cleartext ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2292 (Oracle JDeveloper 9.0.4, 9.0.5, and 10.1.2 stores cleartext passwords ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2293 (Oracle Formsbuilder 9.0.4 stores database usernames and passwords in a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2294 (Oracle Forms 4.5, 6.0, 6i, and 9i on Unix, when a large number of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2295 (NetPanzer 0.8 and earlier allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2296 (YabbSE 1.5.5c allows remote attackers to obtain sensitive information ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2297 (Stack-based buffer overflow in TreeAction.do in Sybase EAServer 4.2.5 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2298 (BitDefender Engine 1.6.1 and earlier does not properly scan all ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2299 (Multiple cross-site scripting (XSS) vulnerabilities in Simple Message ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2300 (Skype 1.1.0.20 and earlier allows local users to overwrite arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2301 (PowerDNS before 2.9.18, when running with an LDAP backend, does not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2302 (PowerDNS before 2.9.18, when allowing recursion to a restricted range ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2303 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2304 (Microsoft MSN Messenger 9.0 and Internet Explorer 6.0 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2305 (DG Remote Control Server 1.6.2 allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2306 (Race condition in Macromedia JRun 4.0, ColdFusion MX 6.1 and 7.0, when ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2307 (netman.dll in Microsoft Windows Connections Manager Library allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2308 (The JPEG decoder in Microsoft Internet Explorer allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2309 (Opera 8.01 allows remote attackers to cause a denial of service (CPU ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2310 (Buffer overflow in Winamp 5.03a, 5.09 and 5.091, and other versions ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2311 (SMS 1.9.2m and earlier allows local users to overwrite arbitrary files ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2312 (management.php in Realnode Emilda 1.2.2 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2313 (Check Point SecuRemote NG with Application Intelligence R54 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2314 (inc.login.php in PHPsFTPd 0.2 through 0.4 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2315 (Buffer overflow in Domain Name Relay Daemon (DNRD) before 2.19.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2316 (Domain Name Relay Daemon (DNRD) before 2.19.1 allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2317 (Shorewall 2.4.x before 2.4.1, 2.2.x before 2.2.5, and 2.0.x before ...) BUG: 99398 CVE-2005-2318 (Cross-site scripting (XSS) vulnerability in showerr.asp in DVBBS 7.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2319 (PHP remote file include vulnerability in Yawp library 1.0.6 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2320 (WebCalendar before 1.0.0 does not properly restrict access to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2321 (PHP remote file inclusion vulnerability in CaLogic 1.2.2 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2322 (Cross-site scripting (XSS) vulnerability in Class-1 Forum 0.24.4 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2323 (Multiple SQL injection vulnerabilities in Class-1 Forum 0.24.4 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2324 (Cross-site scripting (XSS) vulnerability in Clever Copy 2.0 and 2.0a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2325 (Clever Copy 2.0 and 2.0a allows remote attackers to obtain the full ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2326 (Cross-site scripting (XSS) vulnerability in Clever Copy 2.0 and 2.0a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2327 (Cross-site scripting (XSS) vulnerability in e107 0.617 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2328 (PHP remote file inclusion vulnerability in im.php in Laffer 0.3.2.6 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2329 (MRV Communications In-Reach LX-8000S, LX-4000S, and LX-1000S 3.5.0, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2330 (Directory traversal vulnerability in extras/update.php in osCommerce 2.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2331 (PHP remote file inclusion vulnerability in display.php in MooseGallery ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2332 (Cross-site scripting (XSS) vulnerability in PHPPageProtect 1.0.0a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2333 (Cross-site scripting (XSS) vulnerability in smilies_popup.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2334 (Y.SAK allows remote attackers to execute arbitrary commands via shell ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2335 (Buffer overflow in the POP3 client in Fetchmail before 6.2.5.2 allows ...) BUG: 99865 CVE-2005-2336 (Cross-site scripting (XSS) vulnerability in Hiki 0.8.0 to 0.8.2 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2337 (Ruby 1.6.x up to 1.6.8, 1.8.x up to 1.8.2, and 1.9.0 development up to ...) BUG: 106996 CVE-2005-2338 (Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.0.12 JP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2339 (Cross-site scripting (XSS) vulnerability in the Unicode version of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2340 (Heap-based buffer overflow in Apple Quicktime before 7.0.4 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2341 (Heap-based buffer overflow in Research in Motion (RIM) BlackBerry ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2342 (Research in Motion (RIM) BlackBerry Router allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2343 (Research in Motion (RIM) BlackBerry Handheld web browser for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2344 (The BlackBerry Attachment Service in Research in Motion (RIM) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2345 RESERVED CVE-2005-2346 (Buffer overflow in Novell GroupWise 6.5 Client allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2347 RESERVED CVE-2005-2348 RESERVED CVE-2005-2349 RESERVED CVE-2005-2350 RESERVED CVE-2005-2351 RESERVED CVE-2005-2352 RESERVED CVE-2005-2353 (run-mozilla.sh in Thunderbird, with debugging enabled, allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2354 RESERVED CVE-2005-2355 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2356 RESERVED CVE-2005-2357 (Directory traversal vulnerability in EMC Navisphere Manager 6.4.1.0.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2358 (EMC Navisphere Manager 6.4.1.0.0 allows remote attackers to list ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2359 (The AES-XCBC-MAC algorithm in IPsec in FreeBSD 5.3 and 5.4, when used ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2360 (Unknown vulnerability in the LDAP dissector in Ethereal 0.8.5 through ...) BUG: 100316 CVE-2005-2361 (Unknown vulnerability in the (1) AgentX dissector, (2) PER dissector, ...) BUG: 100316 CVE-2005-2362 (Unknown vulnerability several dissectors in Ethereal 0.9.0 through ...) BUG: 100316 CVE-2005-2363 (Unknown vulnerability in the (1) SMPP dissector, (2) 802.3 dissector, ...) BUG: 100316 CVE-2005-2364 (Unknown vulnerability in the (1) GIOP dissector, (2) WBXML, or (3) ...) BUG: 100316 CVE-2005-2365 (Unknown vulnerability in the SMB dissector in Ethereal 0.9.0 through ...) BUG: 100316 CVE-2005-2366 (Unknown vulnerability in the BER dissector in Ethereal 0.10.11 allows ...) BUG: 100316 CVE-2005-2367 (Format string vulnerability in the proto_item_set_text function in ...) BUG: 100316 CVE-2005-2368 (vim 6.3 before 6.3.082, with modelines enabled, allows external ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2369 (Multiple integer signedness errors in libgadu, as used in ekg before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2370 (Multiple "memory alignment errors" in libgadu, as used in ekg before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2371 (Directory traversal vulnerability in Oracle Reports 6.0, 6i, 9i, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2372 (Oracle Forms 4.5 through 10g starts form executables from arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2373 (Buffer overflow in SlimFTPd 3.15 and 3.16 allows remote authenticated ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2374 (Belkin 54g wireless routers do not properly set an administrative ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2375 (Format string vulnerability in Race Driver 1.20 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2376 (Buffer overflow in Race Driver 1.20 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2377 (nss_ldap 181 to versions before 213, as used in Mandrake Corporate ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2378 (Directory traversal vulnerability in Oracle Reports allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2379 (Multiple cross-site scripting (XSS) vulnerabilities in Oracle Reports ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2380 (Multiple cross-site scripting vulnerabilities in PHP Surveyor 0.98 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2381 (PHP Surveyor 0.98 allows remote attackers to obtain sensitive ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2382 (Oray PeanutHull 3.0.1.0 and earlier does not properly drop SYSTEM ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2383 (SQL injection vulnerability in auth.php in PHPNews 1.2.5 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2384 (Directory traversal vulnerability in a third-party compression library ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2385 (Buffer overflow in a third-party compression library (UNACEV2.DLL), as ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2386 (Cross-site scripting (XSS) vulnerability in viewCart.asp in CartWIZ ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2387 (Multiple stack-based buffer overflows in GoodTech SMTP server 5.16 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2388 (Buffer overflow in a certain USB driver, as used on Microsoft Windows, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2389 (NDMP server in Veritas NetBackup 5.1 allows attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2390 (Multiple format string vulnerabilities in ProFTPD before 1.3.0rc2 ...) BUG: 100364 CVE-2005-2391 (Unknown vulnerability in 3Com OfficeConnect Wireless 11g Access Point ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2392 (Cross-site scripting (XSS) vulnerability in index.php for CMSimple 2.4 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2393 (Cross-site scripting (XSS) vulnerability in CuteNews 1.3.6 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2394 (show_news.php in CuteNews 1.3.6 allows remote attackers to obtain the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2395 (Mozilla Firefox 1.0.4 and 1.0.5 does not choose the challenge with the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2396 (Cross-site scripting (XSS) vulnerability in MediaWiki 1.4.6 and ...) BUG: 99132 CVE-2005-2397 (Cross-site scripting (XSS) vulnerability in guestbook.php in phpBook ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2398 (Multiple SQL injection vulnerabilities in PHP Surveyor 0.98 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2399 (PHP Surveyor 0.98 allows remote attackers to trigger SQL errors via ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2400 (The inc.login.php scripts in PHPFinance 0.3 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2401 (PHP-Fusion allows remote attackers to inject arbitrary Cascading Style ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2402 (Cross-site scripting (XSS) vulnerability in search.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2403 (The login protocol in RealChat 3.5.1b does not use authentication, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2404 (SQL injection vulnerability in sendcard.php in Sendcard 3.2.3 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2405 (Opera 8.01, when the "Arial Unicode MS" font (ARIALUNI.TTF) is ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2406 (Opera 8.01 allows remote attackers to conduct cross-site scripting ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2407 (A design error in Opera 8.01 and earlier allows user-assisted ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2408 RESERVED CVE-2005-2409 (Format string vulnerability in util.c in nbsmtp 0.99 and earlier, ...) BUG: 100274 CVE-2005-2410 (Format string vulnerability in the nm_info_handler function in Network ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2411 (Cross-Site Request Forgery (CSRF) vulnerability in tDiary 2.1.1, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2412 (PHP remote file inclusion vulnerability in block.php in PHP FirstPost ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2413 (PHP remote file inclusion vulnerability in apa_phpinclude.inc.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2414 (Race condition in the xpcom library, as used by web browsers such as ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2415 (Multiple SQL injection vulnerabilities in Contrexx before 1.0.5 allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2416 (Multiple cross-site scripting (XSS) vulnerabilities in Contrexx before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2417 (Contrexx before 1.0.5 allows remote attackers to obtain sensitive ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2418 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2419 (B-FOCuS Router 312+ allows remote attackers to bypass authentication ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2420 (flsearch.pl in FtpLocate 2.02 allows remote attackers to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2421 (Multiple SQL injection vulnerabilities in index.php and other pages in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2422 (Cross-site scripting (XSS) vulnerability in index.php in Beehive Forum ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2423 (Beehive Forum allows remote attackers to obtain sensitive information ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2424 (The management interface for Siemens SANTIS 50 running firmware ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2425 (Stack-based buffer overflow in Ares FileShare 1.1 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2426 (FTPshell Server 3.38 allows remote authenticated users to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2427 (Cross-site scripting (XSS) vulnerability in viewCart.asp in CartWIZ ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2428 (Lotus Domino R5 and R6 WebMail, with "Generate HTML for all fields" ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2429 (Firefox, when opening Microsoft Word documents, does not properly set ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2430 (Multiple cross-site scripting (XSS) vulnerabilities in GForge 4.5 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2431 (The (1) lost password and (2) account pending features in GForge 4.5 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2432 (SQL injection vulnerability in PhpList allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2433 (PhpList allows remote attackers to obtain sensitive information via a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2434 (Linksys WRT54G router uses the same private key and certificate for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2435 (Cross-site scripting (XSS) vulnerability in browse.php in Website ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2436 (browse.php in Website Baker Project allows remote attackers to obtain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2437 (Website Baker Project does not properly verify the file extensions of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2438 (Cross-site scripting (XSS) vulnerability in UseBB 0.5.1 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2439 (SQL injection vulnerability in UseBB 0.5.1 and earlier, when ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2440 (SQL injection vulnerability in login.asp in Thomson Web Skill Vantage ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2441 (Multiple cross-site scripting (XSS) vulnerabilities in VBzoom allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2442 (Cross-Application Scripting (XAS) vulnerability in SPI Dynamics ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2443 (Kshout 2.x and 3.x stores settings.dat under the web document root ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2444 (Trillian Pro 3.1 build 121, when checking Yahoo e-mail, stores the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2445 (SQL injection vulnerability in viewPrd.asp in Product Cart 2.6 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2446 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2447 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2448 (Multiple "endianness errors" in libgadu in ekg before 1.6rc2 allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2449 (Race condition in sandbox before 1.2.11 allows local users to create ...) BUG: 96782 CVE-2005-2450 (Multiple integer overflows in the (1) TNEF, (2) CHM, or (3) FSG file ...) BUG: 100178 CVE-2005-2451 (Cisco IOS 12.0 through 12.4 and IOS XR before 3.2, with IPv6 enabled, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2452 (libtiff up to 3.7.0 allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2453 (Cross-site scripting (XSS) vulnerability in NetworkActiv Web Server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2454 (IBM Lotus Notes 6.5.4 and 6.5.5, and 7.0.0 and 7.0.1, uses insecure ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2455 (Greasemonkey before 0.3.5 allows remote web servers to (1) read ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2456 (Array index overflow in the xfrm_sk_policy_insert function in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2457 (The driver for compressed ISO file systems (zisofs) in the Linux ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2458 (inflate.c in the zlib routines in the Linux kernel before 2.6.12.5 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2459 (The huft_build function in inflate.c in the zlib routines in the Linux ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2460 (Multiple cross-site scripting (XSS) vulnerabilities in Kayako ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2461 (Multiple SQL injection vulnerabilities in the calendar feature in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2462 (Kayako liveResponse 2.x, when logging in a user, records the password ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2463 (Kayako liveResponse 2.x allows remote attackers to obtain sensitive ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2464 (login.php in PCXP/TOPPE CMS allows remote attackers to bypass ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2465 (Cross-site scripting (XSS) vulnerability in pm.php in PCXP/TOPPE CMS ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2466 (Multiple SQL injection vulnerabilities in the auth_user function in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2467 (Multiple cross-site scripting (XSS) vulnerabilities in MySQL Eventum ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2468 (Multiple SQL injection vulnerabilities in MySQL Eventum 1.5.5 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2469 (Stack-based buffer overflow in the NMAP Agent for Novell NetMail 3.52C ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2470 (Buffer overflow in a "core application plug-in" for Adobe Reader 5.1 ...) BUG: 102730 CVE-2005-2471 (pstopnm in netpbm does not properly use the "-dSAFER" option when ...) BUG: 100398 CVE-2005-2472 (Multiple buffer overflows in BusinessMail 4.60.00 allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2473 (Multiple SQL injection vulnerabilities in ChurchInfo allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2474 (ChurchInfo allows remote attackers to execute obtain sensitive ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2475 (Race condition in Unzip 5.52 allows local users to modify permissions ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2476 (Cross-site scripting (XSS) vulnerability in lost_passowrd.php in Naxtor ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2477 (shop_display_products.php in Naxtor Shopping Cart 1.0 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2478 (SQL injection vulnerability in SilverNews 2.0.3 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2479 (Quick 'n Easy FTP Server 3.0 allows remote attackers to cause a denial ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2480 (Cross-site scripting (XSS) vulnerability in ColdFusion Fusebox 4.1.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2481 (ColdFusion Fusebox 4.1.0 allows remote attackers to obtain sensitive ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2482 (The StateToOptions function in msfweb in Metasploit Framework 2.4 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2483 (Eval injection vulnerability in Karrigell before 2.1.8 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2484 (Buffer overflow in the rdb_query function for Denora IRC Stats 1.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2485 (Cross-site scripting (XSS) vulnerability in the Helpdesk in Logicampus ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2486 (SQL injection vulnerability in mod_forum/read_message.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2487 (Unknown vulnerability in Sun McData switches and directors 4300, 4500, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2488 (Cross-site scripting (XSS) vulnerability in Web Content Management ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2489 (Web Content Management News System allows remote attackers to create ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2490 (Stack-based buffer overflow in the sendmsg function call in the Linux ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2491 (Integer overflow in pcre_compile.c in Perl Compatible Regular ...) BUG: 104807 BUG: 103554 BUG: 102373 BUG: 104009 BUG: 104010 BUG: 103337 CVE-2005-2492 (The raw_sendmsg function in the Linux kernel 2.6 before 2.6.13.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2493 RESERVED CVE-2005-2494 (kcheckpass in KDE 3.2.0 up to 3.4.2 allows local users to gain root ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2495 (Multiple integer overflows in XFree86 before 4.3.0 allow ...) BUG: 105688 CVE-2005-2496 (The xntpd ntp (ntpd) daemon before 4.2.0b, when run with the -u option ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2497 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2498 (Eval injection vulnerability in PHPXMLRPC 1.1.1 and earlier (PEAR ...) BUG: 102377 BUG: 102374 BUG: 102576 BUG: 102378 BUG: 102373 BUG: 102785 BUG: 102380 CVE-2005-2499 (slocate before 2.7 does not properly process very long paths, which ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2500 (Buffer overflow in the xdr_xcode_array2 function in xdr.c in Linux ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2501 (Buffer overflow in AppKit for Mac OS X 10.3.9 and 10.4.2 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2502 (Buffer overflow in AppKit for Mac OS X 10.3.9 and 10.4.2, as used in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2503 (AppKit for Mac OS X 10.3.9 and 10.4.2 allows attackers with physical ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2504 (The System Profiler in Mac OS X 10.4.2 labels a Bluetooth device with ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2505 (Buffer overflow in CoreFoundation in Mac OS X 10.3.9 allows attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2506 (Algorithmic complexity vulnerability in CoreFoundation in Mac OS X ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2507 (Buffer overflow in Directory Services in Mac OS X 10.3.9 and 10.4.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2508 (dsidentity in Directory Services in Mac OS X 10.4.2 allows local users ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2509 (Unknown vulnerability in loginwindow in Mac OS X 10.4.2 and earlier, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2510 (The Server Admin tool in servermgr_ipfilter for Mac OS X 10.4 to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2511 (Unknown vulnerability in Mac OS X 10.4.2 and earlier, when using ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2512 (Mail.app in Mac OS 10.4.2 and earlier, when printing or forwarding an ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2513 (Unknown vulnerability in HItoolbox for Mac OS X 10.4.2 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2514 (Buffer overflow in ping in Mac OS X 10.3.9 allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2515 (Quartz Composer Screen Saver in Mac OS X 10.4.2 allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2516 (Safari in Mac OS X 10.3.9 and 10.4.2, when rendering Rich Text Format ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2517 (Safari in Mac OS X 10.3.9 and 10.4.2 submits forms from an XSL ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2518 (Buffer overflow in servermgrd in Mac OS X 10.3.9 and 10.4.2 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2519 (slpd in Directory Services in Mac OS X 10.3.9 creates insecure ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2520 (The password assistant in Mac OS X 10.4 to 10.4.2, when used to create ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2521 (Buffer overflow in traceroute in Mac OS X 10.3.9 allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2522 (Safari in WebKit in Mac OS X 10.4 to 10.4.2 directly accesses URLs ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2523 (Multiple cross-site scripting (XSS) vulnerabilities in Weblog Server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2524 (Safari after 2.0 in Apple Mac OS X 10.3.9 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2525 (CUPS in Mac OS X 10.3.9 and 10.4.2 does not properly close file ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2526 (CUPS in Mac OS X 10.3.9 and 10.4.2 allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2527 (Race condition in Java 1.4.2 before 1.4.2 Release 2 on Apple Mac OS X ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2528 RESERVED CVE-2005-2529 (Unspecified vulnerability in Java 1.4.2 before 1.4.2 Release 2 on Apple Mac ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2530 (Unspecified vulnerability in Java 1.3.1 before 1.3.1_16 on Apple Mac OS X ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2531 (OpenVPN before 2.0.1, when running with "verb 0" and without TLS ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2532 (OpenVPN before 2.0.1 does not properly flush the OpenSSL error queue ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2533 (OpenVPN before 2.0.1, when running in "dev tap" Ethernet bridging ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2534 (Race condition in OpenVPN before 2.0.1, when --duplicate-cn is not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2535 (Buffer overflow in the Discovery Service in BrightStor ARCserve Backup ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2536 (pstotext before 1.8g does not properly use the "-dSAFER" option when ...) BUG: 100245 CVE-2005-2537 (FlatNuke 2.5.5 and possibly earlier versions allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2538 (FlatNuke 2.5.5 and possibly earlier versions allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2539 (Multiple cross-site scripting (XSS) vulnerabilities in FlatNuke 2.5.5 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2540 (CRLF injection vulnerability in FlatNuke 2.5.5 and possibly earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2541 (Tar 1.15.1 does not properly warn the user when extracting setuid or ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2542 (Invision Power Board (IPB) 1.0.3 allows remote attackers to inject ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2543 (Directory traversal vulnerability in wce.download.php in Comdev ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2544 (PHP remote file inclusion vulnerability in config.php in Comdev ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2545 (Multiple cross-site scripting (XSS) vulnerabilities in PHPOpenChat ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2546 (Arab Portal 2.0 allows remote attackers to obtain sensitive ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2547 (security.c in hcid for BlueZ 2.16, 2.17, and 2.18 allows remote ...) BUG: 101557 CVE-2005-2548 (vlan_dev.c in the VLAN code for Linux kernel 2.6.8 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2549 (Multiple format string vulnerabilities in Evolution 1.5 through ...) BUG: 102051 CVE-2005-2550 (Format string vulnerability in Evolution 1.4 through 2.3.6.1 allows ...) BUG: 102051 CVE-2005-2551 (Buffer overflow in dhost.exe in iMonitor for Novell eDirectory 8.7.3 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2552 (Unknown vulnerability in HP ProLiant DL585 servers running Integrated ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2553 (The find_target function in ptrace32.c in the Linux kernel 2.4.x ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2554 (The web server for Network Associates ePolicy Orchestrator Agent 3.5.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2555 (Linux kernel 2.6.x does not properly restrict socket policy access to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2556 (core/database_api.php in Mantis 0.19.0a1 through 1.0.0a3, with ...) BUG: 103308 CVE-2005-2557 (Cross-site scripting (XSS) vulnerability in view_all_set.php in Mantis ...) BUG: 103308 CVE-2005-2558 (Stack-based buffer overflow in the init_syms function in MySQL 4.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2559 (doping.php in ePing plugin 1.02 and earlier for e107 portal allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2560 (Cross-site scripting (XSS) vulnerability in index.cfm in CFBB 1.1.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2561 (Multiple SQL injection vulnerabilities in MYFAQ 1.0 allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2562 (SQL injection vulnerability in Gravity Board X (GBX) 1.1 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2563 (Multiple cross-site scripting (XSS) vulnerabilities in Gravity Board X ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2564 (Direct static code injection vulnerability in editcss.php in Gravity ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2565 (Gravity Board X (GBX) 1.1 allows remote attackers to obtain sensitive ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2566 (Multiple SQL injection vulnerabilities in Open Bulletin Board (OpenBB) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2567 (PHP remote file inclusion vulnerability in SysCP 1.2.10 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2568 (Eval injection vulnerability in the template engine for SysCP 1.2.10 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2569 (Multiple cross-site scripting (XSS) vulnerabilities in FunkBoard ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2570 (FunkBoard 0.66CF, and possibly earlier versions, allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2571 (FunkBoard 0.66CF, and possibly earlier versions, does not properly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2572 (MySQL, when running on Windows, allows remote authenticated users with ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2573 (The mysql_create_function function in sql_udf.cc for MySQL 4.0 before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2574 (xmb.php in XMB Forum 1.9.1 extracts and defines all provided ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2575 (SQL injection vulnerability in u2u.inc.php in XMB Forum 1.9.1 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2576 (CaLogic 1.22, and possibly earlier versions, allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2577 (Wyse Winterm 1125SE running firmware 4.2.09f or 4.4.061f allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2578 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2579 (Nortel Contivity VPN Client V05_01.030, when configuring a certificate ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2580 (Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) 1.00 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2581 (Grandstream BudgeTone 101 and 102 running firmware 1.0.6.7 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2582 (Kaspersky Anti-Virus for Unix/Linux File Servers 5.0-5 uses ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2583 (Mentor ADSL-FR4II router running firmware 2.00.0111 has an undocumented ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2584 (The web administration interface in Mentor ADSL-FR4II router running ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2585 (Mentor ADSL-FR4II router running firmware 2.00.0111 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2586 (Mentor ADSL-FR4II router running firmware 2.00.0111 stores the web ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2587 (SQL injection vulnerability in emailvalidate.php in PHPTB Topic Boards ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2588 (Multiple cross-site scripting (XSS) vulnerabilities in DVBBS 7.1 SP2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2589 (Unknown vulnerability in Linksys WRT54GS wireless router with firmware ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2590 (Cross-site scripting (XSS) vulnerability in Parlano MindAlign 5.0 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2591 (Parlano MindAlign 5.0 and later versions allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2592 (Unknown vulnerability in Parlano MindAlign 5.0 and later versions ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2593 (Parlano MindAlign 5.0 and later versions uses weak encryption, with ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2594 (Apple Safari 1.3 (132) on Mac OS X 1.3.9 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2595 (Cross-site scripting (XSS) vulnerability in Dada Mail before 2.10 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2596 (User.php in Gallery, as used in Postnuke, allows users with any Admin ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2597 (AOL Client Software 9.0 uses insecure permissions for its installation ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2598 (Multiple directory traversal vulnerabilities in Dokeos 1.6 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2599 (Hummingbird FTP for Connectivity 10.0 uses weak encryption (trivial ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2600 (FUDForum 2.6.15 with "Tree View" enabled, as used in other products ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2601 (SQL injection vulnerability in MidiCart allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2602 (Mozilla Thunderbird 1.0 and Firefox 1.0.6 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2603 (Cross-site scripting (XSS) vulnerability in index.php for My Image ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2604 (index.php for My Image Gallery (Mig ) 1.4.1 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2605 (Unknown vulnerability in Lasso Professional Server8.0.4 and 8.0.5 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2606 (Unknown vulnerability in the "frontend authentication" in PHlyMail ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2607 (PHP file include vulnerability in download.php in PHPSimplicity ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2608 (SafeHTML before 1.3.5 does not properly filter script in UTF-7 and CSS ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2609 (index.php in VegaDNS 0.8.1, 0.9.8, and possibly other versions, allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2610 (Cross-site scripting (XSS) vulnerability in index.php in VegaDNS ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2611 (VERITAS Backup Exec for Windows Servers 8.6 through 10.0, Backup Exec ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2612 (Direct code injection vulnerability in WordPress 1.5.1.3 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2613 (Unknown vulnerability in CPAINT Ajax Toolkit before 1.3-SP allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2614 (Discuz! 4.0 rc4 does not properly restrict types of files that are ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2615 (Unknown vulnerability in session.php in EQdkp before 1.3.0 has unknown ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2616 (Multiple PHP file include vulnerabilities in ezUpload 2.2 allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2617 (The syscall32_setup_pages function in syscall32.c for Linux kernel ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2618 (Multiple stack-based buffer overflows in Autonomy (formerly Verity) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2619 (Directory traversal vulnerability in kvarcve.dll in Autonomy (formerly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2620 (grpWise.exe for Novell GroupWise client 5.5 through 6.5.2 stores the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2621 (index.php in ECW-Shop 6.0.2 allows remote attackers to obtain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2622 (Cross-site scripting (XSS) vulnerability in index.php in ECW-Shop ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2623 (ECW-Shop 6.0.2 allows remote attackers to reduce the total cost of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2624 (Eval injection vulnerability in CPAINT 1.3-SP allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2625 (Incomplete blacklist vulnerability in the checkBlacklist function in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2626 (Unspecified vulnerability in Kismet before 2005-08-R1 allows remote ...) BUG: 102702 CVE-2005-2627 (Multiple integer underflows in Kismet before 2005-08-R1 allow remote ...) BUG: 102702 CVE-2005-2628 (Macromedia Flash 6 and 7 (Flash.ocx) allows remote attackers to ...) BUG: 112251 CVE-2005-2629 (Integer overflow in RealNetworks RealPlayer 8, 10, and 10.5, RealOne ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2630 (Heap-based buffer overflow in DUNZIP32.DLL for RealPlayer 8, 10, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2631 (Cisco Clean Access (CCA) 3.3.0 to 3.3.9, 3.4.0 to 3.4.5, and 3.5.0 to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2632 (SQL injection vulnerability in login_admin_mediabox404.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2633 (Multiple PHP file inclusion vulnerabilities in (1) admin_o.php, (2) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2634 (Buffer overflow in the Log-SCR function in the "Log to Screen" feature ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2635 (Multiple directory traversal vulnerabilities in phpAdsNew and phpPgAds ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2636 (SQL injection vulnerability in lib-view-direct.inc.php in phpAdsNew ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2637 (Multiple SQL injection vulnerabilities in PHPFreeNews 1.40 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2638 (Multiple cross-site scripting (XSS) vulnerabilities in PHPFreeNews ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2639 (Buffer overflow in Chris Moneymaker's World Poker Championship 1.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2640 (Behavioral discrepancy information leak in Juniper Netscreen VPN ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2641 (Unknown vulnerability in pam_ldap before 180 does not properly handle ...) BUG: 103659 CVE-2005-2642 (Buffer overflow in the mutt_decode_xbit function in Handler.c for Mutt ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2643 (Tor 0.1.0.13 and earlier, and experimental versions 0.1.1.4-alpha and ...) BUG: 102245 CVE-2005-2644 (Buffer overflow in JaguarEditControl.dll in Isemarket JaguarControl ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2645 (Unknown vulnerability in Xerox MicroServer Web Server in Document ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2646 (Unknown vulnerability in Xerox MicroServer Web Server in Document ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2647 (Cross-site scripting (XSS) vulnerability in Xerox MicroServer Web ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2648 (Directory traversal vulnerability in index.php in W-Agora 4.2.0 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2649 (Cross-site scripting (XSS) vulnerability in ATutor 1.5.1 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2650 (Cross-site scripting (XSS) vulnerability in sign.asp in Emefa ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2651 (gorum/prod.php in Zorum 3.5 allows remote attackers to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2652 (Zorum 3.5 allows remote attackers to obtain the full installation path ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2653 (Cross-site scripting (XSS) vulnerability in BBCaffe 2.0 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2654 (phpldapadmin before 0.9.6c allows remote attackers to gain anonymous ...) BUG: 104293 CVE-2005-2655 (lockmail in maildrop before 1.5.3 does not drop privileges before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2656 (Polygen before 1.0.6 generates precompiled grammar objects with ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2657 (Unknown vulnerability in common-lisp-controller 4.18 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2658 (Buffer overflow in utility.cpp in Turquoise SuperStat (turqstat) 2.2.4 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2659 (Buffer overflow in the LZX decompression in CHM Lib (chmlib) 0.35, as ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2660 (apachetop 0.12.5 and earlier, when running in debug mode, allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2661 (Format string vulnerability in the ParseBannerAndCapability function ...) BUG: 107679 CVE-2005-2662 (masqmail before 0.2.18 allows remote attackers to execute arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2663 (masqmail before 0.2.18 allows local users to overwrite arbitrary files ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2664 (Whisper 32 1.16, and possibly earlier versions, stores passwords in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2665 (Stack-based buffer overflow in expires.c in Elm 2.5 PL5 through PL7, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2666 (SSH, as implemented in OpenSSH before 4.0 and possibly other ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2667 (Unknown vulnerability in Computer Associates (CA) Message Queuing (CAM ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2668 (Multiple buffer overflows in Computer Associates (CA) Message Queuing ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2669 (Computer Associates (CA) Message Queuing (CAM / CAFT) 1.05, 1.07 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2670 (Directory traversal vulnerability in HAURI Anti-Virus products ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2671 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2672 (pwmconfig in LM_sensors before 2.9.1 creates temporary files ...) BUG: 103568 CVE-2005-2673 (SQL injection vulnerability in modcp.php in WoltLab Burning Board ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2674 (** DISPUTED ** Note: the vendor has disputed this issue. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2675 (** DISPUTED ** Note: the vendor has disputed this issue. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2676 (Cross-site scripting (XSS) vulnerability in displayimage.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2677 (ACNews stores the database in a file under the web document root with ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2678 (Microsoft IIS 5.1 and 6 allows remote attackers to spoof the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2679 (Buffer overflow in Sysinternals Process Explorer 9.23, and other ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2680 (Unspecified vulnerability in BEA WebLogic Portal 8.1 through SP4, when ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2681 (Unspecified vulnerability in the command line processing (CLI) logic ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2682 (aspell_setup.php in the SpellChecker plugin in DTLink AreaEdit before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2683 (Multiple SQL injection vulnerabilities in PHPKit 1.6.1 allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2684 (nquser.php in Virtual Edge Netquery 3.11 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2685 (SaveWebPortal 3.4 allows remote attackers to execute arbitrary PHP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2686 (Directory traversal vulnerability in SaveWebPortal 3.4 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2687 (PHP remote file inclusion vulnerability in SaveWebPortal 3.4 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2688 (Multiple cross-site scripting (XSS) vulnerabilities in SaveWebPortal ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2689 (Multiple cross-site scripting (XSS) vulnerabilities in PostNuke ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2690 (SQL injection vulnerability in the Downloads module in PostNuke ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2691 (includes/common.php in RunCMS 1.2 and earlier calls the extract ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2692 (Multiple SQL injection vulnerabilities in RunCMS 1.2 and earlier allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2693 (cvsbug in CVS 1.12.12 and earlier creates temporary files insecurely, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2694 (Buffer overflow in WinAce 2.6.0.5, and possibly earlier versions, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2695 (Unspecified vulnerability in the SSL certificate checking ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2696 (IBM Lotus Notes does not properly restrict access to password hashes ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2697 (SQL injection vulnerability in search.php for MyBulletinBoard (MyBB) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2698 (Cross-site scripting (XSS) vulnerability in browse.php in Nephp ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2699 (Unrestricted file upload vulnerability in admin/admin.php in PHPKit ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2700 (ssl_engine_kernel.c in mod_ssl before 2.8.24, when using ...) BUG: 104807 BUG: 103554 CVE-2005-2701 (Heap-based buffer overflow in Firefox before 1.0.7 and Mozilla Suite ...) BUG: 105396 CVE-2005-2702 (Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote ...) BUG: 105396 CVE-2005-2703 (Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote ...) BUG: 105396 CVE-2005-2704 (Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote ...) BUG: 105396 CVE-2005-2705 (Integer overflow in the JavaScript engine in Firefox before 1.0.7 and ...) BUG: 105396 CVE-2005-2706 (Firefox before 1.0.7 and Mozilla before Suite 1.7.12 allows remote ...) BUG: 105396 CVE-2005-2707 (Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote ...) BUG: 105396 CVE-2005-2708 (The search_binary_handler function in exec.c in Linux 2.4 kernel on ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2709 (The sysctl functionality (sysctl.c) in Linux kernel before 2.6.14.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2710 (Format string vulnerability in Real HelixPlayer and RealPlayer 10 ...) BUG: 107309 CVE-2005-2711 (ISS BlackIce 3.6, as used in multiple products including BlackICE PC ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2712 (The LDAP server (nldap.exe) in IBM Lotus Domino before 7.0.1, 6.5.5, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2713 (passwd in Directory Services in Mac OS X 10.3.x before 10.3.9 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2714 (passwd in Directory Services in Mac OS X 10.3.x before 10.3.9 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2715 (Format string vulnerability in the Java user interface service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2716 (The event_pin_code_request function in the btsrv daemon (btsrv.c) in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2717 (PHP remote file inclusion vulnerability in WebCalendar before 1.0.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2718 (Buffer overflow in ad_pcm.c in MPlayer 1.0pre7 and earlier allows ...) BUG: 103555 CVE-2005-2719 (Ventrilo 2.1.2 through 2.3.0 allows remote attackers to cause a denial ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2720 (Stack-based buffer overflow in the ACE archive decompression library ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2721 (Multiple cross-site scripting (XSS) vulnerabilities in (1) index.php ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2722 (Foojan PHP Weblog allows remote attackers to obtain sensitive ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2723 (SQL injection vulnerability in auth.php in PaFileDB 3.1, when ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2724 (Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2725 (The inputtrap utility in QNX RTOS 6.1.0, 6.3, and possibly earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2726 (Directory traversal vulnerability in Home Ftp Server 1.0.7 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2727 (Home Ftp Server 1.0.7 stores sensitive user information and server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2728 (The byte-range filter in Apache 2.0 before 2.0.54 allows remote ...) BUG: 102991 CVE-2005-2729 (The HTTP proxy in Astaro Security Linux 6.0 does not properly filter ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2730 (The HTTP proxy in Astaro Security Linux 6.0 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2731 (Directory traversal vulnerability in Astaro Security Linux 6.0, when ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2732 (AWStats 6.4, and possibly earlier versions, allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2733 (upload_img_cgi.php in Simple PHP Blog (SPHPBlog) does not properly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2734 (Cross-site scripting (XSS) vulnerability in Gallery 1.5.1-RC2 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2735 (Cross-site scripting (XSS) vulnerability in phpGraphy 0.9.9a and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2736 (Cross-site scripting (XSS) vulnerability in YaPig 0.95 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2737 (Cross-site scripting (XSS) vulnerability in PhotoPost PHP Pro 5.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2738 (Java 1.4.2 before 1.4.2 Release 2 on Apple Mac OS X does not prevent multiple ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2739 (Keychain Access in Mac OS X 10.4.2 and earlier keeps a password ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2740 RESERVED CVE-2005-2741 (Authorization Services in securityd for Apple Mac OS X 10.3.9 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2742 (SecurityAgent in Apple Mac OS X 10.4.2, under certain circumstances, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2743 (The Java extensions for QuickTime 6.52 and earlier in Apple Mac OS X ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2744 (Buffer overflow in QuickDraw Manager for Apple OS X 10.3.9 and 10.4.2, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2745 (Mail.app in Mail for Apple Mac OS X 10.3.9, when using Kerberos 5 for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2746 (Mail.app in Mail for Apple Mac OS X 10.3.9 and 10.4.2 includes message ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2747 (Buffer overflow in ImageIO for Apple Mac OS X 10.4.2, as used by ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2748 (The malloc function in the libSystem library in Apple Mac OS X 10.3.9 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2749 (Unspecified vulnerability in the Finder Get Info window for Mac OS X ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2750 (Software Update in Mac OS X 10.4.2, when the user marks all updates to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2751 (memberd in Mac OS X 10.4 up to 10.4.2, in certain situations, does not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2752 (An unspecified kernel interface in Mac OS X 10.4.2 and earlier does ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2753 (Integer overflow in Apple QuickTime before 7.0.3 allows user-assisted ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2754 (Integer overflow in Apple QuickTime before 7.0.3 allows user-assisted ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2755 (Apple QuickTime Player before 7.0.3 allows user-assisted attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2756 (Apple QuickTime before 7.0.3 allows user-assisted attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2757 (Heap-based buffer overflow in CoreFoundation in Mac OS X and OS X ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2758 (Integer signedness error in the administrative interface for Symantec ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2759 (** SPLIT ** The jlucaller program in LiveUpdate for Symantec Norton ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2760 RESERVED CVE-2005-2761 (Cross-site scripting (XSS) vulnerability in phpGroupWare 0.9.16.000 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2762 (Avaya VPNRemote before 4.2.33 stores credentials in cleartext in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2763 (Multiple format string vulnerabilities in OpenTTD before 0.4.0.1 allow ...) BUG: 102631 CVE-2005-2764 (Multiple buffer overflows in OpenTTD before 0.4.0.1 allow attackers to ...) BUG: 102631 CVE-2005-2765 (The user interface in the Windows Firewall does not properly display ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2766 (Symantec AntiVirus Corporate Edition 9.0.1.x and 9.0.4.x, and possibly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2767 (Buffer overflow in LeapFTP allows remote attackers to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2768 (Heap-based buffer overflow in the Sophos Antivirus Library, as used by ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2769 (Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2770 (WRQ Reflection for Secure IT Windows Server 6.0 (formerly known as ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2771 (WRQ Reflection for Secure IT Windows Server 6.0 (formerly known as ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2772 (Multiple stack-based buffer overflows in University of Minnesota ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2773 (HP OpenView Network Node Manager 6.2 through 7.50 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2774 (Format string vulnerability in Lithium II mod 1.24 for Quake 2 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2775 (php_api.php in phpWebNotes 2.0.0 uses the extract function to modify ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2776 (Multiple cross-site scripting (XSS) vulnerabilities in Looking Glass ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2777 (Looking Glass 20040427 allows remote attackers to execute arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2778 (SQL injection vulnerability in member.php in MyBulletinBoard (MyBB) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2779 (The iTAN Online-Banking Security System allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2780 (Cross-site scripting (XSS) vulnerability in Land Down Under (LDU) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2781 (The Avatar upload feature in FUD Forum before 2.7.0 does not properly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2782 (PHP remote file inclusion vulnerability in al_initialize.php for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2783 (Cross-site scripting (XSS) vulnerability in PHP-Fusion 6.00.107 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2784 (SQL injection vulnerability in the login function for the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2785 (cosmoshop 8.10.78 and earlier stores passwords in plaintext in the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2786 (Directory traversal vulnerability in bestmail_edit.cgi in cosmoshop ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2787 (comment_delete_cgi.php in Simple PHP Blog allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2788 (Multiple SQL injection vulnerabilities in Land Down Under (LDU) 801 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2789 (BFCommand & Control Server Manager BFCC 1.22_A and earlier, and BFVCC ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2790 (BFCommand & Control Server Manager BFCC 1.22_A and earlier, and BFVCC ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2791 (BFCommand & Control Server Manager BFCC 1.22_A and earlier, and BFVCC ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2792 (Directory traversal vulnerability in welcome.php in phpLDAPadmin 0.9.6 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2793 (PHP remote file inclusion vulnerability in welcome.php in phpLDAPadmin ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2794 (store.c in Squid 2.5.STABLE10 and earlier allows remote attackers to ...) BUG: 104603 CVE-2005-2795 RESERVED CVE-2005-2796 (The sslConnectTimeout function in ssl.c for Squid 2.5.STABLE10 and ...) BUG: 104603 CVE-2005-2797 (OpenSSH 4.0, and other versions before 4.2, does not properly handle ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2798 (sshd in OpenSSH before 4.2, when GSSAPIDelegateCredentials is enabled, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2799 (Buffer overflow in apply.cgi in Linksys WRT54G 3.01.03, 3.03.6, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2800 (Memory leak in the seq_file implemenetation in the SCSI procfs ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2801 (xattr.c in the ext2 and ext3 file system code for Linux kernel 2.6 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2802 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2803 (Cross-site scripting (XSS) vulnerability in Hiki 0.8.1 to 0.8.2 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2804 (Integer overflow in the registry parsing code in GroupWise 6.5.3, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2805 (forum_post.php in e107 0.6 allows remote attackers to post to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2806 (client.cpp in BNBT EasyTracker 7.7r3.2004.10.27 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2807 (frox 0.7.18, when running setuid root, does not properly drop ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2808 (frox 0.7.16 and 0.7.17 does not properly parse certain Deny ACLs, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2809 (silc daemon (silcd.c) in Secure Internet Live Conferencing (SILC) 1.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2810 (Multiple stack-based buffer overflows in urban before 1.5.3 allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2811 (Untrusted search path vulnerability in Net-SNMP 5.2.1.2 and earlier, ...) BUG: 103776 CVE-2005-2812 (man2web allows remote attackers to execute arbitrary commands via -P ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2813 (Directory traversal vulnerability in FlatNuke 2.5.6 and possibly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2814 (Cross-site scripting (XSS) vulnerability in FlatNuke 2.5.6 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2815 (print.php in FlatNuke 2.5.6 allows remote attackers to obtain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2816 (Cross-site scripting (XSS) vulnerability in Greymatter allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2817 (Simple Machines Forum (SMF) 1-0-5 and earlier supports the use of URLs ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2818 (Cross-site scripting (XSS) vulnerability in DownFile 1.3 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2819 (DownFile 1.3 allows remote attackers to gain administrator privileges ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2820 (Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2821 RESERVED CVE-2005-2822 RESERVED CVE-2005-2823 RESERVED CVE-2005-2824 RESERVED CVE-2005-2825 RESERVED CVE-2005-2826 RESERVED CVE-2005-2827 (The thread termination routine in the kernel for Windows NT 4.0 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2828 RESERVED CVE-2005-2829 (Multiple design errors in Microsoft Internet Explorer 5.01, 5.5, and 6 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2830 (Microsoft Internet Explorer 5.01, 5.5, and 6, when using an HTTPS ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2831 (Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2832 RESERVED CVE-2005-2833 RESERVED CVE-2005-2834 RESERVED CVE-2005-2835 RESERVED CVE-2005-2836 (Multiple cross-site scripting (XSS) vulnerabilities in Phorum 5.0.17a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2837 (Multiple eval injection vulnerabilities in PlainBlack Software WebGUI ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2838 (SQL injection vulnerability in login.php in myBloggie 2.1.3-beta and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2839 (Multiple cross-site scripting (XSS) vulnerabilities in MAXdev MD-Pro ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2840 (Multiple unknown vulnerabilities in MAXdev MD-Pro 1.0.72 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2841 (Buffer overflow in Firewall Authentication Proxy for FTP and/or Telnet ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2842 (Buffer overflow in dwrcs.exe in DameWare Mini Remote Control before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2843 (Helpdesk software Hesk 0.92 does not properly verify usernames and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2844 (Buffer overflow in MMClient.exe in Indiatimes Messenger 6.0 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2845 (Ariba Spend Management System sends the username and password to the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2846 (PHP remote file inclusion vulnerability in lang.php in CMS Made Simple ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2847 (img.pl in Barracuda Spam Firewall running firmware 3.1.16 and 3.1.17 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2848 (Directory traversal vulnerability in img.pl in Barracuda Spam Firewall ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2849 (Argument injection vulnerability in Barracuda Spam Firewall running ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2850 (SlimFTPd 3.17 allows remote attackers to cause a denial of service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2851 (smb4k 0.4 and other versions before 0.6.3 allows local users to read ...) BUG: 111089 CVE-2005-2852 (Unknown vulnerability in CIFS.NLM in Novell Netware 6.5 SP2 and SP3, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2853 (Multiple cross-site scripting (XSS) vulnerabilities in GuppY 4.5.3a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2854 (CRLF injection vulnerability in thesitewizard.com chfeedback.pl ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2855 (Cross-site scripting (XSS) vulnerability in Unclassified NewsBoard ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2856 (Stack-based buffer overflow in the WinACE UNACEV2.DLL third-party ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2857 (Free SMTP Server 2.2 allows remote attackers to use the server as an ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2858 (The Fetch.FetchContact.1 ActiveX control (Fetch.dll) for Rediff Bol ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2859 (Savant Web Server stores user credentials in plaintext in the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2860 (Cross-site scripting (XSS) vulnerability in Nikto 1.35 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2861 (Cross-site scripting (XSS) vulnerability in N-Stealth Commercial ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2862 (ADSL Road Runner modem in the Annex A family has a service running on ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2863 (Cross-site scripting (XSS) vulnerability in openwebmail-main.pl in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2864 (URBAN 1.5.3_1 allows local users to overwrite arbitrary files via a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2865 (Multiple PHP remote file inclusion vulnerabilities in aMember Pro ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2866 (Mercora IMRadio 4.0.0.0 stores usernames and passwords in plaintext in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2867 (SQL injection vulnerability in BlueWhaleCRM allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2868 (ZipTorrent 1.3.7.3 stores sensitive information in plaintext in the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2869 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2870 (Unknown vulnerability in the net-svc script on Solaris 10 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2871 (Buffer overflow in the International Domain Name (IDN) support in ...) BUG: 105396 CVE-2005-2872 (The ipt_recent kernel module (ipt_recent.c) in Linux kernel before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2873 (The ipt_recent kernel module (ipt_recent.c) in Linux kernel 2.6.12 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2874 (The is_path_absolute function in scheduler/client.c for the daemon in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2875 (Py2Play allows remote attackers to execute arbitrary Python code via ...) BUG: 103524 CVE-2005-2876 (umount in util-linux 2.8 to 2.12q, 2.13-pre1, and 2.13-pre2, and other ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2877 (The history (revision control) function in TWiki 02-Sep-2004 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2878 (Format string vulnerability in search.c in the imap4d server in GNU ...) BUG: 105458 CVE-2005-2879 (Advansysperu Software USB Lock Auto-Protect (AP) 1.5 uses a weak ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2880 (Multiple SQL injection vulnerabilities in phpCommunityCalendar 4.0.3, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2881 (phpCommunityCalendar 4.0.3 allows remote attackers to bypass ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2882 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2883 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2884 (Cross-site scripting (XSS) vulnerability in events.php in Land Down ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2885 (The Downloads page in MAXdev MD-Pro 1.0.73, and possibly earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2886 (Multiple cross-site scripting (XSS) vulnerabilities in MAXdev MD-Pro ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2887 (MAXdev MD-Pro 1.0.73, and possibly earlier versions, allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2888 (Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2889 (Check Point NGX R60 does not properly verify packets against the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2890 (SecureOL VE2 1.05.1008 does not properly restrict public access to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2891 (WebArchiveX.dll 5.5.0.76 installed before September 6th, 2005 is ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2892 (Directory traversal vulnerability in setcookie.php in PBLang 4.65, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2893 (Direct static code injection vulnerability in setcookie.php in PBLang ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2894 (Cross-site scripting (XSS) vulnerability in the user registration in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2895 (setcookie.php in PBLang 4.65, and possibly earlier versions, allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2896 (SQL injection vulnerability in WEB//NEWS 1.4 allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2897 (WEB//NEWS 1.4 allows remote attackers to obtain sensitive information ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2898 (** DISPUTED ** NOTE: this issue has been disputed by the vendor. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2899 (Multiple cross-site scripting (XSS) vulnerabilities in details.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2900 (Cross-site scripting (XSS) vulnerability in top.php in CjLinkOut 1.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2901 (Multiple Cross-site scripting (XSS) vulnerabilities in CjWeb2Mail 3.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2902 (SQL injection vulnerability in class-1 Forum Software 0.24.4 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2903 (Heap-based buffer overflow in NOD32 2.5 with nod32.002 1.033 build ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2904 (Zebedee 2.4.1, when "allowed redirection port" is not set, allows ...) BUG: 105115 CVE-2005-2905 RESERVED CVE-2005-2906 RESERVED CVE-2005-2907 RESERVED CVE-2005-2908 RESERVED CVE-2005-2909 RESERVED CVE-2005-2910 RESERVED CVE-2005-2911 RESERVED CVE-2005-2912 (Linksys WRT54G router allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2913 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2914 (ezconfig.asp in Linksys WRT54G router 3.01.03, 3.03.6, non-default ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2915 (ezconfig.asp in Linksys WRT54G router 3.01.03, 3.03.6, non-default ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2916 (Linksys WRT54G 3.01.03, 3.03.6, 4.00.7, and possibly other versions ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2917 (Squid 2.5.STABLE10 and earlier, while performing NTLM authentication, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2918 (The open_cmd_tube function in mount.c for gtkdiskfree 1.9.3 and ...) BUG: 104565 CVE-2005-2919 (libclamav/fsg.c in Clam AntiVirus (ClamAV) before 0.87 allows remote ...) BUG: 106279 CVE-2005-2920 (Buffer overflow in libclamav/upx.c in Clam AntiVirus (ClamAV) before ...) BUG: 106279 CVE-2005-2921 RESERVED CVE-2005-2922 (Heap-based buffer overflow in the embedded player in multiple ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2923 (The IMAP server in IMail Server 8.20 in Ipswitch Collaboration Suite ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2924 RESERVED CVE-2005-2925 (runpriv in SGI IRIX allows local users to bypass intended restrictions ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2926 (Stack-based buffer overflow in (1) backupsh and (2) authsh in SCO ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2927 (Stack-based buffer overflow in ppp in SCO Unixware 7.1.3 and 7.1.4, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2928 RESERVED CVE-2005-2929 (Lynx 2.8.5, and other versions before 2.8.6dev.15, allows remote ...) BUG: 112213 CVE-2005-2930 (Stack-based buffer overflow in the _chm_find_in_PMGL function in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2931 (Format string vulnerability in the SMTP service in IMail Server 8.20 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2932 (Multiple Check Point Zone Labs ZoneAlarm products before 7.0.362, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2933 (Buffer overflow in the mail_valid_net_parse_work function in mail.c ...) BUG: 108206 CVE-2005-2934 (Unspecified vulnerability in ptrace in SCO UnixWare 7.1.3 and 7.1.4 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2935 (Unquoted Windows search path vulnerability in Microsoft AntiSpyware ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2936 (Unquoted Windows search path vulnerability in RealNetworks RealPlayer ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2937 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2938 (Unquoted Windows search path vulnerability in iTunesHelper.exe in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2939 (Unquoted Windows search path vulnerability in VMWare Workstation 5.0.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2940 (Unquoted Windows search path vulnerability in Microsoft Antispyware ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2941 RESERVED CVE-2005-2942 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2943 (Stack-based buffer overflow in sendmail in XMail before 1.22 allows ...) BUG: 109381 CVE-2005-2944 (The perform_file_save function in GNOME Workstation Command Center ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2945 (arc 5.21j and earlier create temporary files with world-readable ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2946 (The default configuration on OpenSSL before 0.9.8 uses MD5 for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2947 (Buffer overflow in KillProcess 2.20 and earlier allows user-assisted ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2948 (KillProcess 2.20 and earlier allows local users to bypass kill list ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2949 (pam_per_user before 0.4 does not verify if the user name changes ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2950 (Cross-site scripting (XSS) vulnerability in Sawmill 7.0.0 through ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2951 (Directory traversal vulnerability in security.inc.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2952 (Directory traversal vulnerability in s.pl in Subscribe Me Pro ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2953 (Cross-site scripting (XSS) vulnerability in merchant.mvc in MIVA ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2954 (SQL injection vulnerability in password_reminder.php in ATutor before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2955 (config.inc.php in ATutor 1.5.1, and possibly earlier versions, uses an ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2956 (ATutor 1.5.1, and possibly earlier versions, stores temporary chat ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2957 (Stack-based buffer overflow in AVIRA Desktop for Windows 1.00.00.68 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2958 (Multiple format string vulnerabilities in the GNOME Data Access ...) BUG: 110467 CVE-2005-2959 (Incomplete blacklist vulnerability in sudo 1.6.8 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2960 (cfengine 1.6.5 and 2.1.16 allows local users to overwrite arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2961 (Buffer overflow in the get_string_ahref function for ProZilla 1.3.7.4 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2962 (The post-installation script for ntlmaps before 0.9.9 sets ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2963 (The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2964 (Stack-based buffer overflow in AbiWord before 2.2.10 allows attackers ...) BUG: 107351 CVE-2005-2965 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2966 (The Python SVG import plugin (diasvg_import.py) for DIA 0.94 and ...) BUG: 107916 CVE-2005-2967 (Format string vulnerability in input_cdda.c in xine-lib 1-beta through ...) BUG: 107854 CVE-2005-2968 (Firefox 1.0.6 and Mozilla 1.7.10 allows attackers to execute arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2969 (The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and ...) BUG: 108852 CVE-2005-2970 (Memory leak in the worker MPM (worker.c) for Apache 2, in certain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2971 (Heap-based buffer overflow in the KWord RTF importer for KOffice 1.2.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2972 (Multiple stack-based buffer overflows in the RTF import feature in ...) BUG: 109157 CVE-2005-2973 (The udp_v6_get_port function in udp.c in Linux 2.6 before 2.6.14-rc5, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2974 (libungif library before 4.1.0 allows attackers to cause a denial of ...) BUG: 109997 CVE-2005-2975 (io-xpm.c in the gdk-pixbuf XPM image rendering library in GTK+ before ...) BUG: 112608 CVE-2005-2976 (Integer overflow in io-xpm.c in gdk-pixbuf 0.22.0 in GTK+ before 2.8.7 ...) BUG: 112608 CVE-2005-2977 (The SELinux version of PAM before 0.78 r3 allows local users to ...) BUG: 109485 CVE-2005-2978 (pnmtopng in netpbm before 10.25, when using the -trans option, uses ...) BUG: 109705 CVE-2005-2979 (SQL injection vulnerability in index.php in phpoutsourcing Noah's ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2980 (Cross-site scripting (XSS) vulnerability in index.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2981 (Cross-site scripting (XSS) vulnerability in Orion 1.3.8 and 1.4.5 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2982 (Cross-site scripting (XSS) vulnerability in CompaqHTTPServer 2.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2983 (SQL injection vulnerability in Oracle Reports that use Lexical ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2984 (Avocent CCM console server running firmware 2.1 CCM4850 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2985 (SQL injection vulnerability in search_result.php in AEwebworks ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2986 (The v3flt2k.sys driver in AhnLab V3Pro 2004 Build 6.0.0.383, V3 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2987 (SQL injection vulnerability in login.php in Digital Scribe 1.4 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2988 (HP LaserJet 2430, and possibly other printers that use Jetdirect ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2989 (Multiple SQL injection vulnerabilities in DeluxeBB 1.0 and 1.0.5 allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2990 (AuthInfo.java in LineContol Java Client (jlc) before 0.8.1 stores ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2991 (ncompress 4.2.4 and earlier allows local users to overwrite arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2992 (arc 5.21j and earlier allows local users to overwrite arbitrary files ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2993 (Unspecified vulnerability in the FTP Daemon (ftpd) for HP Tru64 UNIX ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2994 (Unspecified vulnerability in the web client for IBM Rational ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2995 (bacula 1.36.3 and earlier allows local users to modify or read ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2996 (Multiple heap-based and stack-based buffer overflows in certain DCOM ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2997 (Multiple directory traversal vulnerabilities in PHP Advanced Transfer ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2998 (PHP Advanced Transfer Manager 1.30 has a default password for the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-2999 (PHP Advanced Transfer Manager 1.30 allows remote attackers to obtain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3000 (Multiple cross-site scripting (XSS) vulnerabilities in viewers/txt.php ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3001 (Unspecified vulnerability in the "tl" driver in Solaris 10 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3002 (Multi-Computer Control System (MCCS) 1.0 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3003 (SQL injection vulnerability in index.php in NooTopList 1.0.0 release ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3004 (SQL injection vulnerability in Interakt MX Shop 3.2.0 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3005 (Helpdesk Software Hesk allows remote attackers to bypass ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3006 (The mail client in Opera before 8.50 opens attached files from the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3007 (Opera before 8.50 allows remote attackers to spoof the content type of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3008 (Tofu 0.2 allows remote attackers to execute arbitrary Python code via ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3009 (Cross-site scripting (XSS) vulnerability in CuteNews allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3010 (Direct static code injection vulnerability in the flood protection ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3011 (The sort_offline function for texindex in texinfo 4.8 and earlier ...) BUG: 106105 CVE-2005-3012 (The MasterDataCD::createImage function in masterdatacd.cpp for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3013 (Buffer overflow in liby2util in Yet another Setup Tool (YaST) for SuSE ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3014 (Cross-site scripting (XSS) vulnerability in Ensim webplliance allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3015 (Cross-site scripting (XSS) vulnerability in IBM Lotus Domino 6.5.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3016 (Multiple unspecified vulnerabilities in the WYSIWYG editor in PHP-Nuke ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3017 (PHP file inclusion vulnerability in index.php in Content2Web 1.0.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3018 (Apple Safari allows remote attackers to cause a denial of service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3019 (Multiple SQL injection vulnerabilities in vBulletin before 3.0.9 allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3020 (Multiple cross-site scripting (XSS) vulnerabilities in vBulletin ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3021 (image.php in vBulletin 3.0.9 and earlier allows remote attackers with ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3022 (Multiple SQL injection vulnerabilities in vBulletin 3.0.9 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3023 (Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.0.9 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3024 (Multiple SQL injection vulnerabilities in vBulletin 3.0.7 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3025 (Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.0.7 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3026 (Directory traversal vulnerability in index.php in Alstrasoft Epay Pro ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3027 (Sybari Antigen 8.0 SR2 does not properly filter SMTP messages, which ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3028 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3029 (Stack-based buffer overflow in AhnLab V3Pro 2004 build 6.0.0.383, V3 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3030 (Directory traversal vulnerability in the archive decompression library ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3031 (Buffer overflow in vxFtpSrv 0.9.7 allows remote attackers to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3032 (Buffer overflow in vxTftpSrv 1.7.0 allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3033 (Stack-based buffer overflow in vxWeb 1.1.4 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3034 (Compuware DriverStudio Remote Control service (DSRsvc.exe) 2.7 and 3.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3035 (Compuware DriverStudio Remote Control service (DSRsvc.exe) 2.7 and 3.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3036 (File Transfer Anywhere 3.01 stores sensitive password information in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3037 (Cross-site scripting (XSS) vulnerability in Handy Address Book Server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3038 (Unspecified vulnerability in Hosting Controller 6.1 before Hotfix 2.4 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3039 (SQL injection vulnerability in infopage.asp in Mall23 eCommerce allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3040 (Directory traversal vulnerability in the web interface (ISALogin.dll) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3041 (Unspecified "drag-and-drop vulnerability" in Opera Web Browser before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3042 (miniserv.pl in Webmin before 1.230 and Usermin before 1.160, when ...) BUG: 106705 CVE-2005-3043 (SQL injection vulnerability in AddItem.asp in Mall23 eCommerce allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3044 (Multiple vulnerabilities in Linux kernel before 2.6.13.2 allow local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3045 (SQL injection vulnerability in search.php in My Little Forum 1.5 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3046 (SQL injection vulnerability in password.php in PhpMyFaq 1.5.1 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3047 (Multiple cross-site scripting (XSS) vulnerabilities in PhpMyFaq 1.5.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3048 (Directory traversal vulnerability in index.php in PhpMyFaq 1.5.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3049 (PhpMyFaq 1.5.1 stores data files under the web document root with ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3050 (PhpMyFaq 1.5.1 allows remote attackers to obtain sensitive information ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3051 (Stack-based buffer overflow in the ARJ plugin (arj.dll) 3.9.2.0 for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3052 (SQL injection vulnerability in module/down.inc.php in jportal 2.3.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3053 (The sys_set_mempolicy function in mempolicy.c in Linux kernel 2.6.x ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3054 (fopen_wrappers.c in PHP 4.4.0, and possibly other versions, does not ...) BUG: 111032 BUG: 107602 CVE-2005-3055 (Linux kernel 2.6.8 to 2.6.14-rc2 allows local users to cause a denial ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3056 RESERVED CVE-2005-3057 (The FTP component in FortiGate 2.8 running FortiOS 2.8MR10 and v3beta, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3058 (Interpretation conflict in Fortinet FortiGate 2.8, running FortiOS ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3059 (Multiple unspecified vulnerabilities in Opera 8.50 on Linux and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3060 (Buffer overflow in getconf in IBM AIX 5.2 to 5.3 allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3061 (Multiple stack-based buffer overflows in PowerArchiver 8.10 through ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3062 (PHP remote file inclusion vulnerability in index.php in AlstraSoft ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3063 (SQL injection vulnerability in MailGust 1.9 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3064 (MultiTheftAuto 0.5 patch 1 and earlier does not properly verify client ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3065 (MultiTheftAuto 0.5 patch 1 and earlier allows remote attackers cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3066 (Cross-site scripting (XSS) vulnerability in perldiver.pl in PerlDiver ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3067 (Cross-site scripting (XSS) vulnerability in perldiver.cgi in PerlDiver ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3068 (Unspecified vulnerability in Eric Integrated Development Environment ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3069 (xferfaxstats in HylaFax 4.2.1 and earlier allows local users to ...) BUG: 106882 CVE-2005-3070 (HylaFax 4.2.1 and earlier does not create or verify ownership of the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3071 (Unspecified vulnerability in Unix File System (UFS) on Solaris 8 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3072 (SQL injection vulnerability in pages/forum/submit.html in Interchange ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3073 (Unspecified vulnerability in Interchange 5.0.1 allows attackers 4.9.3, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3074 (SQL injection vulnerability in rsyslogd in RSyslog before 1.0.1 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3075 (SQL injection vulnerability in Zengaia before 0.2 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3076 (Simplog 0.9.1 might allow remote attackers to execute arbitrary SQL ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3077 (Microsoft Internet Explorer 5.2.3 for Mac OS allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3078 (Cross-site scripting (XSS) vulnerability in PunBB before 1.2.8 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3079 (PunBB before 1.2.8 allows remote attackers to perform "code inclusion" ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3080 (contrib/example.php in GeSHi before 1.0.7.3 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3081 (wzdftpd 0.5.4 allows remote authenticated users to execute arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3082 (SQL injection vulnerability in admin.php in SEO-Board 1.0.2 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3083 (Cross-site scripting (XSS) vulnerability in index.php in CMS Made ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3084 (Buffer overflow in the TIFF library in the Photo Viewer for Sony PSP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3085 (Multiple cross-site scripting (XSS) vulnerabilities in rss.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3086 (Directory traversal vulnerability in admin/about.php in contentServ ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3087 (The SecureW2 3.0 TLS implementation uses weak random number generators ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3088 (fetchmailconf before 1.49 in fetchmail 6.2.0, 6.2.5 and 6.2.5.2 ...) BUG: 110366 CVE-2005-3089 (Firefox 1.0.6 allows attackers to cause a denial of service (crash) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3090 (Cross-site scripting (XSS) vulnerability in bug_actiongroup_page.php ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3091 (Cross-site scripting (XSS) vulnerability in Mantis before 1.0.0rc1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3092 (Heap-based buffer overflow in Image-Line Software FL Studio 5.0.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3093 (Nokia 7610 and 3210 phones allows attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3094 (Avi Alkalay man-cgi script allows remote attackers to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3095 (Avi Alkalay notify program, dated 19 Aug 2001, allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3096 (Avi Alkalay nslookup.cgi program, dated 16 June 2002, allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3097 (Directory traversal vulnerability in Avi Alkalay contribute.cgi (aka ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3098 (poppassd in Qualcomm qpopper 4.0.8 allows local users to modify ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3099 (Unspecified vulnerability in the (1) Xsun and (2) Xprt commands in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3100 (Unspecified "PPTP Remote DoS Vulnerability" in Astaro Security Linux ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3101 (The password reset feature in Movable Type before 3.2 generates ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3102 (The administrative interface in Movable Type allows attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3103 (Cross-site scripting (XSS) vulnerability in Movable Type before 3.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3104 (mt-comments.cgi in Movable Type before 3.2 allows attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3105 (The mprotect code (mprotect.c) in Linux 2.6 on Itanium IA64 Montecito ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3106 (Race condition in Linux 2.6, when threads are sharing memory mapping ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3107 (fs/exec.c in Linux 2.6, when one thread is tracing another thread that ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3108 (mm/ioremap.c in Linux 2.6 on 64-bit x86 systems allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3109 (The HFS and HFS+ (hfsplus) modules in Linux 2.6 allow attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3110 (Race condition in ebtables netfilter module (ebtables.c) in Linux 2.6, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3111 (The handler code for backupninja 0.8 and earlier creates temporary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3112 (The "reset password" feature in Macromedia Breeze 5.0 stores passwords ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3113 (The ActiveX control for NateOn Messenger (NateonDownloadManager.ocx) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3114 (Buffer overflow in the ActiveX control for NateOn Messenger ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3115 (mpeg-tools before 1.5b-r2 creates multiple temporary files insecurely, ...) BUG: 107344 CVE-2005-3116 (Stack-based buffer overflow in a shared library as used by the Volume ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3117 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3118 (Mason before 1.0.0 does not install the init script after the user ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3119 (Memory leak in the request_key_auth_destroy function in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3120 (Stack-based buffer overflow in the HTrjis function in Lynx 2.8.6 and ...) BUG: 108451 CVE-2005-3121 (A rule file in module-assistant before 0.9.10 causes a temporary file ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3122 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3123 (Directory traversal vulnerability in GNUMP3D before 2.9.6 allows ...) BUG: 109667 CVE-2005-3124 (syslogtocern in Acme thttpd before 2.23 allows local users to write ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3125 RESERVED CVE-2005-3126 (The (1) kantiword (kantiword.sh) and (2) gantiword (gantiword.sh) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3127 (Cross-site scripting (XSS) vulnerability in index.php in lucidCMS ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3128 (Cross-site scripting (XSS) vulnerability in add.php in Address Add ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3129 (Cross-site request forgery (CSRF) vulnerability in Serendipity 0.8.4 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3130 (SQL injection vulnerability in lucidCMS 1.0.11 allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3131 (Multiple cross-site scripting (XSS) vulnerabilities in MERAK Mail ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3132 (MERAK Mail Server 8.2.4r with Icewarp Web Mail 5.5.1, and possibly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3133 (Multiple directory traversal vulnerabilities in MERAK Mail Server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3134 (Citrix Metaframe Presentation Server 3.0 and 4.0 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3135 (Buffer overflow in Virtools Web Player 3.0.0.100 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3136 (Directory traversal vulnerability in Virtools Web Player 3.0.0.100 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3137 (The (1) cfmailfilter and (2) cfcron.in files for cfengine 1.6.5 allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3138 (Bugzilla 2.18rc1 through 2.18.3, 2.19 through 2.20rc2, and 2.21 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3139 (Bugzilla 2.19.1 through 2.20rc2 and 2.21, with user matching turned on ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3140 (Procom NetFORCE 800 4.02 M10 Build 20 and possibly other versions ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3141 (Cerulean Studios Trillian 3.0 allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3142 (Heap-based buffer overflow in Kaspersky Antivirus (KAV) 5.0 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3143 (Unspecified vulnerability in the Mailbox Server for 4D WebStar before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3144 (httpAdapter.c in sblim-sfcb before 0.9.2 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3145 (httpAdapter.c in sblim-sfcb before 0.9.2 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3146 (StoreBackup before 1.19 allows local users to perform unauthorized ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3147 (StoreBackup before 1.19 creates the backup root with world-readable ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3148 (StoreBackup before 1.19 does not properly set the uid and guid for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3149 (Uim 0.4.x before 0.4.9.1 and 0.5.0 and earlier does not properly ...) BUG: 107748 CVE-2005-3150 (Format string vulnerability in the Log_Flush function in Weex 2.6.1.5, ...) BUG: 107849 CVE-2005-3151 (Buffer overflow in blenderplay in Blender Player 2.37a allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3152 (Multiple cross-site scripting (XSS) vulnerabilities in CubeCart 3.0.3 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3153 (login.php in myBloggie 2.1.3 beta and earlier allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3154 (Format string vulnerability in the logging funtionality in BitDefender ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3155 (Buffer overflow in the W3C logging for MailEnable Enterprise 1.1 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3156 (Directory traversal vulnerability in printfaq.php in EasyGuppy (Guppy ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3157 (SQL injection vulnerability in messages.php in PHP-Fusion 6.00.109 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3158 (SQL injection vulnerability in messages.php in PHP-Fusion 6.00.106 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3159 (SQL injection vulnerability in messages.php in PHP-Fusion allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3160 (Multiple SQL injection vulnerabilities in photogallery.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3161 (Multiple SQL injection vulnerabilities in PHP-Fusion before 6.00.110 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3162 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3163 (Unspecified vulnerability in Polipo 0.9.8 and earlier allows attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3164 (The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3165 (Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3166 (Unspecified vulnerability in "edit submission handling" for MediaWiki ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3167 (Incomplete blacklist vulnerability in MediaWiki before 1.4.11 does not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3168 (The SECEDIT command on Microsoft Windows 2000 before Update Rollup 1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3169 (Microsoft Windows 2000 before Update Rollup 1 for SP4, when the "audit ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3170 (The LDAP client on Microsoft Windows 2000 before Update Rollup 1 for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3171 (Microsoft Windows 2000 before Update Rollup 1 for SP4 records Event ID ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3172 (The WideCharToMultiByte function in Microsoft Windows 2000 before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3173 (Microsoft Windows 2000 before Update Rollup 1 for SP4 does not apply ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3174 (Microsoft Windows 2000 before Update Rollup 1 for SP4 allows users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3175 (Microsoft Windows 2000 before Update Rollup 1 for SP4 allows a local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3176 (Microsoft Windows 2000 before Update Rollup 1 for SP4 does not record ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3177 (CHKDSK in Microsoft Windows 2000 before Update Rollup 1 for SP4, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3178 (Buffer overflow in xloadimage 4.1 and earlier, and xli, might allow ...) BUG: 108365 CVE-2005-3179 (drm.c in Linux kernel 2.6.10 to 2.6.13 creates a debug file in sysfs ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3180 (The Orinoco driver (orinoco.c) in Linux kernel 2.6.13 and earlier does ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3181 (The audit system in Linux kernel 2.6.6, and other versions before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3182 (Buffer overflow in the HTTP management interface for GFI MailSecurity ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3183 (The HTBoundary_put_block function in HTBound.c for W3C libwww ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3184 (Buffer overflow vulnerability in the unicode_to_bytes in the Service ...) BUG: 109348 CVE-2005-3185 (Stack-based buffer overflow in the ntlm_output function in http-ntlm.c ...) BUG: 109097 CVE-2005-3186 (Integer overflow in the GTK+ gdk-pixbuf XPM image rendering library in ...) BUG: 112608 CVE-2005-3187 (The listening daemon in Blue Coat Systems Inc. WinProxy before 6.1a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3188 (Buffer overflow in Nullsoft Winamp 5.094 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3189 (Directory traversal vulnerability in Qualcomm WorldMail IMAP Server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3190 (Buffer overflow in Computer Associates (CA) iGateway 3.0 and 4.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3191 (Multiple heap-based buffer overflows in the (1) ...) BUG: 115851 BUG: 114429 BUG: 115286 BUG: 114428 CVE-2005-3192 (Heap-based buffer overflow in the StreamPredictor function in Xpdf ...) BUG: 115851 BUG: 114429 BUG: 115286 BUG: 114428 CVE-2005-3193 (Heap-based buffer overflow in the JPXStream::readCodestream function ...) BUG: 115851 BUG: 114429 BUG: 115286 BUG: 114428 BUG: 115775 CVE-2005-3194 (Multiple buffer overflows in ALZip 6.12 (Korean), 6.1 (International), ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3195 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3196 (Planet Technology Corp FGSW2402RS switch with firmware 1.2 has a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3197 (Stack-based buffer overflow in PWIWrapper.dll for Webroot Desktop ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3198 (Webroot Desktop Firewall before 1.3.0build52 allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3199 (Multiple SQL injection vulnerabilities in aradmin.asp for aspReady FAQ ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3200 (Multiple cross-site scripting (XSS) vulnerabilities in Utopia News Pro ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3201 (SQL injection vulnerability in news.php for Utopia News Pro (UNP) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3202 (Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTML DB ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3203 (The manual installation of Oracle HTML DB (HTMLDB) 1.3 through 1.3.6 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3204 (Cross-site scripting (XSS) vulnerability in Oracle XML DB 9iR2 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3205 (Cross-site scripting (XSS) vulnerability in iSQL*Plus (iSQLPlus) in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3206 (iSQL*Plus (isqlplus) for Oracle9i Database Server Release 2 9.0.2.4 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3207 (The forms servlet (f90servlet) in Oracle Forms 4.5.10.22 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3208 (Multiple SQL injection vulnerabilities in (1) aeNovo, (2) aeNovoShop ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3209 (Aenovo products (1) aeNovo, (2) aeNovoShop, and (3) aeNovoWYSI store ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3210 (Multiple interpretation error in unspecified versions of Kaspersky ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3211 (Multiple interpretation error in unspecified versions of BitDefender ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3212 (Multiple interpretation error in unspecified versions of NOD32 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3213 (Multiple interpretation error in unspecified versions of F-Prot ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3214 (Multiple interpretation error in unspecified versions of Avast ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3215 (Multiple interpretation error in unspecified versions of McAfee ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3216 (Multiple interpretation error in unspecified versions of Sophos ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3217 (Multiple interpretation error in unspecified versions of Symantec ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3218 (Multiple interpretation error in unspecified versions of Dr.Web ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3219 (Multiple interpretation error in unspecified versions of Avira ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3220 (Multiple interpretation error in unspecified versions of Norman Virus ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3221 (Multiple interpretation error in unspecified versions of Fortinet ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3222 (Multiple interpretation error in unspecified versions of VBA32 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3223 (Multiple interpretation error in unspecified versions of Rising ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3224 (Multiple interpretation error in unspecified versions of AntiVir ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3225 (Multiple interpretation error in unspecified versions of (1) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3226 (Multiple interpretation error in unspecified versions of ArcaVir ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3227 (Multiple interpretation error in unspecified versions of UNA Antivirus ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3228 (Multiple interpretation error in unspecified versions of Ikarus ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3229 (Multiple interpretation error in unspecified versions of ClamAV ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3230 (Multiple interpretation error in unspecified versions of Panda ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3231 (Multiple interpretation error in unspecified versions of CAT Quick ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3232 (Multiple interpretation error in unspecified versions of TheHacker ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3233 (Multiple interpretation error in unspecified versions of Trustix ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3234 (Multiple interpretation error in unspecified versions of Grisoft AVG ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3235 (Multiple interpretation error in unspecified versions of Proland ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3236 (Multiple SQL injection vulnerabilities in Cyphor 0.19 allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3237 (Cross-site scripting (XSS) vulnerability in Cyphor 0.19 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3238 (Multiple unspecified vulnerabilities in Solaris 10 SCTP Socket Option ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3239 (The OLE2 unpacker in clamd in Clam AntiVirus (ClamAV) 0.87-1 allows ...) BUG: 109213 CVE-2005-3240 (Race condition in Microsoft Internet Explorer allows user-assisted ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3241 (Multiple vulnerabilities in Ethereal 0.10.12 and earlier allow remote ...) BUG: 109348 CVE-2005-3242 (Ethereal 0.10.12 and earlier allows remote attackers to cause a denial ...) BUG: 109348 CVE-2005-3243 (Multiple buffer overflows in Ethereal 0.10.12 and earlier might allow ...) BUG: 109348 CVE-2005-3244 (The BER dissector in Ethereal 0.10.3 to 0.10.12 allows remote ...) BUG: 109348 CVE-2005-3245 (Unspecified vulnerability in the ONC RPC dissector in Ethereal 0.10.3 ...) BUG: 109348 CVE-2005-3246 (Ethereal 0.10.12 and earlier allows remote attackers to cause a denial ...) BUG: 109348 CVE-2005-3247 (The SigComp UDVM in Ethereal 0.10.12 allows remote attackers to cause ...) BUG: 109348 CVE-2005-3248 (Unspecified vulnerability in the X11 dissector in Ethereal 0.10.12 and ...) BUG: 109348 CVE-2005-3249 (Unspecified vulnerability in the WSP dissector in Ethereal 0.10.1 to ...) BUG: 109348 CVE-2005-3250 (Unknown vulnerability in Solaris 10 allows local users to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3251 (Directory traversal vulnerability in the gallery script in Gallery 2.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3252 (Stack-based buffer overflow in the Back Orifice (BO) preprocessor for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3253 (Wireless Access Points (AP) for (1) Avaya AP-3 through AP-6 2.5 to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3254 (The CGIwrap program before 3.9 on Debian GNU/Linux uses an incorrect ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3255 (The (1) cgiwrap and (2) php-cgiwrap packages before 3.9 in Debian ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3256 (The key selection dialogue in Enigmail before 0.92.1 can incorrectly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3257 (The VT implementation (vt_ioctl.c) in Linux kernel 2.6.12, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3258 (The rfc1738_do_escape function in ftp.c for Squid 2.5 STABLE11 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3259 (Multiple SQL injection vulnerabilities in versatileBulletinBoard (vBB) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3260 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3261 (getversions.php in versatileBulletinBoard (vBB) 1.0.0 RC2 lists the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3262 (Format string vulnerability in RARLAB WinRAR 2.90 through 3.50 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3263 (Stack-based buffer overflow in UNACEV2.DLL for RARLAB WinRAR 2.90 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3264 (Cross-site scripting (XSS) vulnerability in thread.php for Zeroblog ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3265 (Buffer overflow in Skype for Windows 1.1.x.0 through 1.4.x.83 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3266 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3267 (Integer overflow in Skype client before 1.4.x.84 on Windows, before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3268 (yiff server (yiff-server) 2.14.2 on Debian GNU/Linux runs as root and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3269 (Stack-based buffer overflow in help.cgi in the HTTP administrative ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3270 (Untrusted search path vulnerability in DiskMountNotify for Symantec ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3271 (Exec in Linux kernel 2.6 does not properly clear posix-timers in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3272 (Linux kernel before 2.6.12 allows remote attackers to poison the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3273 (The rose_rt_ioctl function in rose_route.c for Radionet Open Source ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3274 (Race condition in ip_vs_conn_flush in Linux 2.6 before 2.6.13 and 2.4 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3275 (The NAT code (1) ip_nat_proto_tcp.c and (2) ip_nat_proto_udp.c in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3276 (The sys_get_thread_area function in process.c in Linux 2.6 before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3277 (The LPD service in HP-UX 10.20 11.11 (11i) and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3278 (Integer overflow in the openpsfile function in gsinterf.c for Jan ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3279 (Stack-based buffer overflow in the vgasco_printf function in Jan Kybic ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3280 (Paros 3.2.5 uses a default password for the "sa" account in the ...) BUG: 120352 CVE-2005-3281 (Directory traversal vulnerability in NukeFixes 3.1 for PHP-Nuke 7.8 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3282 (Splatt Forum 3.0 to 3.2 allows remote attackers to bypass ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3283 (Cross-site scripting (XSS) vulnerability in TikiWiki before 1.9.1.1 ...) BUG: 109858 CVE-2005-3284 (Multiple buffer overflows in AhnLab V3 AntiVirus V3Pro 2004 before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3285 (Cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3286 (The FWDRV driver in Kerio Personal Firewall 4.2 and Server Firewall ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3287 (Incomplete blacklist vulnerability in Mailsite Express allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3288 (Mailsite Express allows remote attackers to upload and execute files ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3289 (LSCFG in IBM AIX 5.2 and 5.3 does not create temporary files securely, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3290 (SQL injection vulnerability in Accelerated Mortgage Manager allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3291 (Stani's Python Editor (SPE) 0.7.5 is installed with world-writable ...) BUG: 108538 CVE-2005-3292 (Multiple cross-site scripting (XSS) vulnerabilities in Xeobook 0.93 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3293 (Xerver 4.17 allows remote attackers to (1) obtain source code of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3294 (Typsoft FTP Server 1.11, with "Sub Directory Include" enabled, allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3295 (Unspecified vulnerability in HP-UX B.11.23 on Itanium platforms allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3296 (The FTP server in HP-UX 10.20, B.11.00, and B.11.11, allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3297 (Multiple integer overflows in OpenWBEM on SuSE Linux 9 allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3298 (Multiple buffer overflows in OpenWBEM on SuSE Linux 9 allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3299 (PHP file inclusion vulnerability in grab_globals.lib.php in phpMyAdmin ...) BUG: 108939 CVE-2005-3300 (The register_globals emulation layer in grab_globals.php for ...) BUG: 110146 CVE-2005-3301 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...) BUG: 110146 CVE-2005-3302 (Eval injection vulnerability in bvh_import.py in Blender 2.36 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3303 (The FSG unpacker (fsg.c) in Clam AntiVirus (ClamAV) 0.80 through 0.87 ...) BUG: 109213 CVE-2005-3304 (Multiple SQL injection vulnerabilities in PHP-Nuke 7.8 allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3305 (Multiple SQL injection vulnerabilities in Nuked Klan 1.7 allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3306 (Cross-site scripting (XSS) vulnerability in index.php for FlatNuke ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3307 (Directory traversal vulnerability in index.php for FlatNuke 2.5.6 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3308 (Multiple cross-site scripting (XSS) vulnerabilities in Zomplog 3.4 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3309 (Multiple SQL injection vulnerabilities in Zomplog 3.4 allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3310 (Interpretation conflict in phpBB 2.0.17, with remote avatars and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3311 (BMC Software Control-M 6.1.03 for Solaris, and possibly other ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3312 (The HTML rendering engine in Microsoft Internet Explorer 6.0 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3313 (The IRC protocol dissector in Ethereal 0.10.13 allows remote attackers ...) BUG: 109348 CVE-2005-3314 (Stack-based buffer overflow in the IMAP daemon in Novell Netmail 3.5.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3315 (Multiple SQL injection vulnerabilities in Novell ZENworks Patch ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3316 (The installation of ON Symantec Discovery 4.5.x and Symantec Discovery ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3317 (Multiple stack-based buffer overflows in ZipGenius 5.5.1.468 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3318 (Buffer overflow in the _chm_decompress_block function in CHM lib ...) BUG: 110557 CVE-2005-3319 (The apache2handler SAPI (sapi_apache2.c) in the Apache module ...) BUG: 111032 BUG: 107602 CVE-2005-3320 (Cross-site scripting (XSS) vulnerability in SiteTurn Domain Manager ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3321 (chkstat in SuSE Linux 9.0 through 10.0 allows local users to modify ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3322 (Unspecified vulnerability in Squid on SUSE Linux 9.0 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3323 (docutils in Zope 2.6, 2.7 before 2.7.8, and 2.8 before 2.8.2 allows ...) BUG: 109087 CVE-2005-3324 (SQL injection vulnerability in chat.php in MWChat 6.8 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3325 (Multiple SQL injection vulnerabilities in (1) acid_qry_main.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3326 (SQL injection vulnerability in usercp.php in MyBulletinBoard (MyBB) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3327 (Network Appliance Data ONTAP 7.0 and earlier allows iSCSI Initiators ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3328 (PHP remote file inclusion vulnerability in common.php in PunBB 1.1.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3329 (Cross-site scripting (XSS) vulnerability in RSA Authentication Agent ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3330 (The _httpsrequest function in Snoopy 1.2, as used in products such as ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3331 (viewpatch in mgdiff 1.0 allows local users to overwrite arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3332 (PHP remote file include vulnerability in admin/define.inc.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3333 (SQL injection vulnerability in eBASEweb 3.0 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3334 (Cross-site scripting (XSS) vulnerability in index.php in Flyspray ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3335 (PHP file inclusion vulnerability in bug_sponsorship_list_view_inc.php ...) BUG: 110326 CVE-2005-3336 (SQL injection vulnerability in Mantis 1.0.0RC2 and 0.19.2 allows ...) BUG: 110326 CVE-2005-3337 (Multiple cross-site scripting (XSS) vulnerabilities in Mantis before ...) BUG: 110326 CVE-2005-3338 (Unspecified vulnerability in Mantis before 0.19.3, when using ...) BUG: 110326 CVE-2005-3339 (Mantis before 0.19.3 caches the User ID longer than necessary, which ...) BUG: 110326 CVE-2005-3340 (The tuxpaint-import.sh script in Tux Paint (tuxpaint) 0.9.14 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3341 (DHIS tools DNS package (dhis-tools-dns) before 5.0 allows local users ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3342 (noweb 2.10c and earlier allows local users to overwrite arbitrary ...) BUG: 122705 CVE-2005-3343 (tkdiff before 4.1.1 allows local users to overwrite arbitrary files ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3344 (The default installation of Horde 3.0.4 contains an administrative ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3345 (rssh 2.0.0 through 2.2.3 allows local users to bypass access ...) BUG: 115082 CVE-2005-3346 (Buffer overflow in the environment variable substitution code in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3347 (Multiple directory traversal vulnerabilities in index.php in ...) BUG: 112482 CVE-2005-3348 (HTTP response splitting vulnerability in index.php in phpSysInfo 2.4 ...) BUG: 112482 CVE-2005-3349 (GNU Gnump3d before 2.9.8 allows local users to modify or delete ...) BUG: 111990 CVE-2005-3350 (libungif library before 4.1.0 allows attackers to corrupt memory and ...) BUG: 109997 CVE-2005-3351 (SpamAssassin 3.0.4 allows attackers to bypass spam detection via an ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3352 (Cross-site scripting (XSS) vulnerability in the mod_imap module of ...) BUG: 118875 BUG: 115324 CVE-2005-3353 (The exif_read_data function in the Exif module in PHP before 4.4.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3354 (Stack-based buffer overflow in the ldif_get_line function in ldif.c of ...) BUG: 111853 CVE-2005-3355 (Directory traversal vulnerability in GNU Gnump3d before 2.9.8 has ...) BUG: 111990 CVE-2005-3356 (The mq_open system call in Linux kernel 2.6.9, in certain situations, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3357 (mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost ...) BUG: 118875 BUG: 115324 CVE-2005-3358 (Linux kernel before 2.6.15 allows local users to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3359 (The atm module in Linux kernel 2.6 before 2.6.14 allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3360 (The installation of Trend Micro PC-Cillin Internet Security 2005 12.00 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3361 (Cross-site scripting (XSS) vulnerability in forum/index.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3362 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3363 (SQL injection vulnerability in Saphp Lesson, possibly saphp Lesson1.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3364 (Multiple SQL injection vulnerabilities in DboardGear allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3365 (Multiple SQL injection vulnerabilities in DCP-Portal 6 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3366 (PHP file inclusion vulnerability in index.php in PHP iCalendar 2.0a2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3367 (Cross-site scripting (XSS) vulnerability in journal.php in SparkleBlog ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3368 (Cross-site scripting (XSS) vulnerability in the Search_Enhanced module ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3369 (Multiple SQL injection vulnerabilities in the Info-DB module ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3370 (Multiple interpretation error in ArcaVir 2005 package 2005-06-21 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3371 (Multiple interpretation error in AVG 7 7.0.323 allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3372 (Multiple interpretation error in eTrust CA 7.0.1.4 with the 11.9.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3373 (Multiple interpretation error in Dr.Web 4.32b allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3374 (Multiple interpretation error in F-Prot 3.16c allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3375 (Multiple interpretation error in Ikarus demo version allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3376 (Multiple interpretation error in Kaspersky 5.0.372 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3377 (Multiple interpretation error in (1) McAfee Internet Security Suite ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3378 (Multiple interpretation error in Norman 5.81 with the 5.83.02 engine ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3379 (Multiple interpretation error in Trend Micro (1) PC-Cillin 2005 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3380 (Multiple interpretation error in Panda Titanium 2005 4.02.01 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3381 (Multiple interpretation error in Ukrainian National Antivirus (UNA) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3382 (Multiple interpretation error in Sophos 3.91 with the 2.28.4 engine ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3383 (SQL injection vulnerability in Techno Dreams Announcement script ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3384 (SQL injection vulnerability in Techno Dreams Guest Book script allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3385 (SQL injection vulnerability in Techno Dreams Mailing List script ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3386 (SQL injection vulnerability in Techno Dreams Web Directory script ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3387 (The startup script in packages/RedHat/ntop.init in ntop before 3.2, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3388 (Cross-site scripting (XSS) vulnerability in the phpinfo function in ...) BUG: 111032 BUG: 107602 CVE-2005-3389 (The parse_str function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, ...) BUG: 111032 BUG: 107602 CVE-2005-3390 (The RFC1867 file upload feature in PHP 4.x up to 4.4.0 and 5.x up to ...) BUG: 111032 BUG: 107602 CVE-2005-3391 (Multiple vulnerabilities in PHP before 4.4.1 allow remote attackers to ...) BUG: 111032 BUG: 107602 CVE-2005-3392 (Unspecified vulnerability in PHP before 4.4.1, when using the virtual ...) BUG: 111032 BUG: 107602 CVE-2005-3393 (Format string vulnerability in the foreign_option function in ...) BUG: 111116 CVE-2005-3394 (Multiple SQL injection vulnerabilities in forum.php in oaboard forum ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3395 (SQL injection vulnerability in Invision Gallery 2.0.3 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3396 (Buffer overflow in the chcons (chcon) command in IBM AIX 5.2 and 5.3, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3397 (Cross-site scripting (XSS) vulnerability in Comersus BackOffice allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3398 (The default configuration of the web server for the Solaris Management ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3399 (Multiple interpretation error in CAT-QuickHeal 8.0 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3400 (Multiple interpretation error in Fortinet 2.48.0.0 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3401 (Multiple interpretation error in TheHacker 5.8.4.128 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3402 (The SMTP client in Mozilla Thunderbird 1.0.5 BETA, 1.0.7, and possibly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3403 (Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.4.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3404 (Multiple PHP file inclusion vulnerabilities in ATutor 1.4.1 through ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3405 (ATutor 1.4.1 through 1.5.1-pl1 allows remote attackers to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3406 (Cross-site scripting (XSS) vulnerability in phpESP 1.7.5 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3407 (SQL injection vulnerability in phpESP 1.7.5 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3408 (SQL injection vulnerability in news.php in gCards version 1.43 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3409 (OpenVPN 2.x before 2.0.4, when running in TCP mode, allows remote ...) BUG: 111116 CVE-2005-3410 RESERVED CVE-2005-3411 (Cross-site scripting (XSS) vulnerability in post.asp in Snitz Forums ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3412 (Cross-site scripting (XSS) vulnerability in Elite Forum 1.0.0.0 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3413 (Cross-site scripting (XSS) vulnerability in desktop.php in eyeOS 0.8.4 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3414 (eyeOS 0.8.4 stores usrinfo.xml under the web document root with ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3415 (phpBB 2.0.17 and earlier allows remote attackers to bypass protection ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3416 (phpBB 2.0.17 and earlier, when register_globals is enabled and the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3417 (phpBB 2.0.17 and earlier, when the register_long_arrays directive is ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3418 (Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.17 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3419 (SQL injection vulnerability in usercp_register.php in phpBB 2.0.17 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3420 (usercp_register.php in phpBB 2.0.17 allows remote attackers to modify ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3421 (estcmd in Hyper Estraier 1.0.1 on Windows systems allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3422 (Cross-site scripting (XSS) vulnerability in error.asp in ASP Fast ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3423 (Multiple SQL injection vulnerabilities in Subdreamer 2.2.1 allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3424 (Cross-site scripting (XSS) vulnerability in GNUMP3D before 2.9.5 ...) BUG: 109667 CVE-2005-3425 (Cross-site scripting (XSS) vulnerability in GNUMP3D before 2.9.6 ...) BUG: 109667 CVE-2005-3426 (Cisco CSS 11500 Content Services Switch (CSS) with SSL termination ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3427 (The Cisco Management Center (MC) for IPS Sensors (IPS MC) 2.1 can omit ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3428 (Cross-site scripting (XSS) vulnerability in Rockliffe MailSite Express ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3429 (Rockliffe MailSite Express before 6.1.22, with the option to save ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3430 (Incomplete blacklist vulnerability in Rockliffe MailSite Express ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3431 (Absolute path traversal vulnerability in Rockliffe MailSite Express ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3432 (MiniGal 2 (MG2) 0.5.1 allows remote attackers to list password ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3433 (Buffer overflow in Mirabilis ICQ 2003a allows user-assisted attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3434 (Archilles Newsworld before 1.5.0-rc1 stores (1) account.nwd and (2) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3435 (admin_news.php in Archilles Newsworld up to 1.3.0 allows attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3436 (Cross-site scripting (XSS) vulnerability in Nuked-Klan 1.7 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3437 (Unspecified vulnerability in the PL/SQL component in Oracle Database ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3438 (Multiple unspecified vulnerabilities in Oracle Database Server 9i up ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3439 (Multiple unspecified vulnerabilities in Oracle Database Server 10g up ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3440 (Unspecified vulnerability in Database Scheduler in Oracle Database ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3441 (Unspecified vulnerability in Intelligent Agent in Oracle Database ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3442 (Multiple unspecified vulnerabilities in Oracle Database Server 8i up ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3443 (Unspecified vulnerability in the Spatial component in Oracle Database ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3444 (Multiple unspecified vulnerabilities in the Programmatic Interface in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3445 (Multiple unspecified vulnerabilities in HTTP Server in Oracle Database ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3446 (Unspecified vulnerability in Internet Directory in Oracle Database ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3447 (Unspecified vulnerability in Single Sign-On in Oracle Database Server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3448 (Unspecified vulnerability in the OC4J Module in Oracle Application ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3449 (Multiple unspecified vulnerabilities in Oracle Application Server 9.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3450 (Unspecified vulnerability in the HTTP Server in Oracle Application ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3451 (Unspecified vulnerability in SQL*ReportWriter in Oracle Application ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3452 (Unspecified vulnerability in Web Cache in Oracle Application Server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3453 (Multiple unspecified vulnerabilities in Web Cache in Oracle ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3454 (Multiple unspecified vulnerabilities in Oracle Collaboration Suite 10g ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3455 (Multiple unspecified vulnerabilities in Oracle E-Business Suite and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3456 (Multiple unspecified vulnerabilities in Oracle E-Business Suite and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3457 (Unspecified vulnerability in Oracle E-Business Suite and Applications ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3458 (Unspecified vulnerability in Oracle E-Business Suite and Applications ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3459 (Unspecified vulnerability in Oracle E-Business Suite and Applications ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3460 (Unspecified vulnerability in Oracle Agent in Oracle Enterprise Manager ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3461 (Unspecified vulnerability in PeopleTools in Oracle PeopleSoft ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3462 (Unspecified vulnerability in PeopleTools in Oracle PeopleSoft ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3463 (Unspecified vulnerability in PeopleTools in Oracle PeopleSoft ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3464 (Unspecified vulnerability in PeopleTools in Oracle PeopleSoft ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3465 (Unspecified vulnerability in JDEdwards HTML Server in Oracle ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3466 (Unspecified vulnerability in Enterprise CRM Sales in Oracle 8.81 up to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3467 (Serv-U FTP Server before 6.1.0.4 allows attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3468 (Directory traversal vulnerability in F-Secure Anti-Virus for Microsoft ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3469 (SQL injection vulnerability in index.php in News2Net 3.0.0.0 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3470 (SQL injection vulnerability in in the authenticate function in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3471 (Directory traversal vulnerability in the ruleset view for MailWatch ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3472 (Unspecified vulnerability in Sun Java System Communications Express ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3473 (Multiple cross-site scripting (XSS) vulnerabilities in Simple PHP Blog ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3474 (The aries.sys driver in Sony First4Internet XCP DRM software hides any ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3475 (Hasbani Web Server (WindWeb) 2.0 allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3476 (Unspecified vulnerability in HP OpenVMS Integrity 8.2-1 and 8.2, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3477 (Multiple interpretation error in the image upload handling code in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3478 (SQL injection vulnerability in index.php in PHPCafe.net Tutorials ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3479 (Cross-site scripting (XSS) vulnerability in login.asp in Ringtail ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3480 (login.asp in Ringtail CaseBook 6.1.0 displays different error messages ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3481 (Cisco IOS 12.0 to 12.4 might allow remote attackers to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3482 (Cisco 1200, 1131, and 1240 series Access Points, when operating in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3483 (Buffer overflow in GO-Global for Windows 3.1.0.3270 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3484 (Directory traversal vulnerability in NeroNET 1.2.0.2 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3485 (Buffer overflow in Glider Collect'n kill 1.0.0.0 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3486 (Multiple format string vulnerabilities in Scorched 3D 39.1 (bf) and ...) BUG: 111421 CVE-2005-3487 (Multiple buffer overflows in Scorched 3D 39.1 (bf) and earlier allow ...) BUG: 111421 CVE-2005-3488 (Scorched 3D 39.1 (bf) and earlier allows remote attackers to cause a ...) BUG: 111421 CVE-2005-3489 (Buffer overflow in Asus Video Security 3.5.0.0 and earlier, when using ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3490 (Directory traversal vulnerability in the web server in Asus Video ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3491 (Multiple buffer overflows in the receiver function in loop.c in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3492 (FlatFrag 0.3 and earlier allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3493 (Battle Carry .005 and earlier allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3494 (Cross-site scripting (XSS) vulnerability in Ar-blog 5.2 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3495 (Ar-blog 5.2 and earlier allows remote attackers to bypass ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3496 (Cross-site scripting (XSS) vulnerability in PHP Handicapper allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3497 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3498 (IBM WebSphere Application Server 5.0.x before 5.02.15, 5.1.x before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3499 (Frisk F-Prot Antivirus allows remote attackers to bypass protection ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3500 (The tnef_attachment function in tnef.c for Clam AntiVirus (ClamAV) ...) BUG: 109213 CVE-2005-3501 (The cabd_find function in cabd.c of the libmspack library (mspack) for ...) BUG: 109213 CVE-2005-3502 (attachment_send.php in Cerberus Helpdesk allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3503 (chfn in pwdutils 3.0.4 and earlier on SuSE Linux, and possibly other ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3504 (Buffer overflow in swcons in IBM AIX 5.2, when debug malloc is ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3505 (Cross-site scripting (XSS) vulnerability in the Entropy Chat script in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3506 (Cross-site scripting (XSS) vulnerability in proxy.asp in Sambar Server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3507 (Directory traversal vulnerability in CuteNews 1.4.1 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3508 (SQL injection vulnerability in showGallery.php in Gallery (Galerie) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3509 (Multiple SQL injection vulnerabilities in JPortal allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3510 (Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3511 (Multiple cross-site scripting (XSS) vulnerabilities in Spymac Web OS ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3512 (Cross-site scripting (XSS) vulnerability in index.php in VUBB alpha ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3513 (index.php in VUBB alpha rc1 allows remote attackers to obtain the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3514 (Multiple cross-site scripting (XSS) vulnerabilities in Chipmunk Forum ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3515 (Cross-site scripting (XSS) vulnerability in recommend.php in Chipmunk ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3516 (Cross-site scripting (XSS) vulnerability in recommend.php in Chipmunk ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3517 (Chipmunk Scripts Guestbook allows remote attackers to obtain the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3518 (SQL injection vulnerability in search.php in PunBB 1.2.7 and 1.2.8 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3519 (Multiple PHP file inclusion vulnerabilities in MySource 2.14.0 allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3520 (Multiple cross-site scripting (XSS) vulnerabilities in MySource 2.14.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3521 (SQL injection vulnerability in resetcore.php in e107 0.617 through ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3522 (Cross-site scripting (XSS) vulnerability in index.jsp in ManageEngine ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3523 (Format string vulnerability in friendsd2 in GpsDrive allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3524 (Buffer overflow in the SSL-ready version of linux-ftpd ...) BUG: 111573 CVE-2005-3525 (Stack-based buffer overflow in an ActiveX control for the installer ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3526 (Buffer overflow in the IMAP daemon in Ipswitch Collaboration Suite ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3527 (Race condition in do_coredump in signal.c in Linux kernel 2.6 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3528 (Cross-site scripting (XSS) vulnerability in tiki-view_forum_thread.php ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3529 (tiki-view_forum_thread.php in TikiWiki 1.9.0 through 1.9.2 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3530 (Cross-site scripting (XSS) vulnerability in Antville 1.1 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3531 (fusermount in FUSE before 2.4.1, if installed setuid root, allows ...) BUG: 112902 CVE-2005-3532 (authpam.c in courier-authdaemon for Courier Mail Server 0.37.3 through ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3533 (Buffer overflow in OSH before 1.7-15 allows local users to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3534 (Buffer overflow in the Network Block Device (nbd) server 2.7.5 and ...) BUG: 116314 CVE-2005-3535 (Buffer overflow in KETM 0.0.6 allows local users to execute arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3536 (SQL injection vulnerability in phpBB 2 before 2.0.18 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3537 (A "missing request validation" error in phpBB 2 before 2.0.18 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3538 (hfaxd in HylaFAX 4.2.3, when PAM support is disabled, accepts ...) BUG: 116389 CVE-2005-3539 (Multiple eval injection vulnerabilities in HylaFAX 4.2.3 and earlier ...) BUG: 116389 CVE-2005-3540 (Buffer overflow in petris before 1.0.1 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3541 RESERVED CVE-2005-3542 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3543 (SQL injection vulnerability in search.php in Phorum 5.0.0alpha through ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3544 (Cross-site scripting (XSS) vulnerability in u2u.php in XMB 1.9.3 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3545 (SQL injection vulnerability in index.php of the report module in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3546 (suid.cgi scripts in F-Secure (1) Internet Gatekeeper for Linux before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3547 (Cross-site scripting (XSS) vulnerability in Invision Power Board 2.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3548 (Directory traversal vulnerability in Task Manager in Invision Power ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3549 (Direct code injection vulnerability in Task Manager in Invision Power ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3550 (Directory traversal vulnerability in admin.php in toendaCMS before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3551 (toendaCMS before 0.6.2 stores user account and session data in the web ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3552 (Multiple cross-site scripting (XSS) vulnerabilities in PHPKIT 1.6.1 R2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3553 (Multiple SQL injection vulnerabilities in include.php in PHPKIT 1.6.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3554 (Multiple eval injection vulnerabilities in the help function in PHPKIT ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3555 (Multiple SQL injection vulnerabilities in PHPlist 2.10.1 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3556 (Multiple cross-site scripting (XSS) vulnerabilities in PHPlist 2.10.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3557 (Directory traversal vulnerability in admin/defaults.php in PHPlist ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3558 (PHP file inclusion vulnerability in index.php in OSTE 1.0 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3559 (Directory traversal vulnerability in vmail.cgi in Asterisk 1.0.9 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3560 (Zone Labs (1) ZoneAlarm Pro 6.0, (2) ZoneAlarm Internet Security Suite ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3561 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3562 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3563 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3564 (envd daemon in HP-UX B.11.00 through B.11.11 allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3565 (Unknown vulnerability in remshd daemon in HP-UX B.11.00, B.11.11, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3566 (Buffer overflow in various ha commands of VERITAS Cluster Server for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3567 (slapd daemon in IBM Tivoli Directory Server (ITDS) 5.2.0 and 6.0.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3568 (db2fmp process in IBM DB2 Content Manager before 8.2 Fix Pack 10 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3569 (INSO service in IBM DB2 Content Manager before 8.2 Fix Pack 10 on AIX ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3570 (Unspecified cross-site scripting (XSS) vulnerability in Horde before ...) BUG: 112491 CVE-2005-3571 (PHP file inclusion vulnerability in protection.php in CodeGrrl (a) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3572 (SQL injection vulnerability in index.php in Peel 2.6 through 2.7 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3573 (Scrubber.py in Mailman 2.1.5-8 does not properly handle UTF8 character ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3574 (PHP file inclusion vulnerability in index.php of iCMS allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3575 (SQL injection vulnerability in show.php in Cyphor 0.19 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3576 (ts.exe in Walla TeleSite 3.0 and earlier allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3577 (Cross-site scripting vulnerability (XSS) in ts.exe (aka ts.cgi) in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3578 (SQL injection vulnerability in ts.exe (aka ts.cgi) in Walla TeleSite ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3579 (ts.exe (aka ts.cgi) in Walla TeleSite 3.0 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3580 (QDBM before 1.8.33-r2 allows local users in the portage group to ...) BUG: 108534 BUG: 105760 BUG: 105717 CVE-2005-3581 (GDAL before 1.3.0-r1 allows local users in the portage group to ...) BUG: 108534 BUG: 105760 BUG: 105717 CVE-2005-3582 (ImageMagick before 6.2.4.2-r1 allows local users in the portage group ...) BUG: 108534 BUG: 105760 BUG: 105717 CVE-2005-3583 ((1) Java Runtime Environment (JRE) and (2) Software Development Kit ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3584 (Cross-site scripting (XSS) vulnerability in forum.php in PhpWebThings ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3585 (SQL injection vulnerability in forum.php in PhpWebThings 1.4.4 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3586 (content.php in Mambo 4.5.2 through 4.5.2.3 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3587 (Improper boundary checks in petite.c in Clam AntiVirus (ClamAV) before ...) BUG: 109213 CVE-2005-3588 (SQL injection vulnerability in admin.php in Advanced Guestbook 2.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3589 (Buffer overflow in FileZilla Server Terminal 0.9.4d may allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3591 (Macromedia Flash plugin (1) Flash.ocx 7.0.19.0 (Windows) and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3592 (index.php CuteNews 1.4.0 and earlier allows remote attackers to obtain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3594 (game_score.php in e107 allows remote attackers to insert high scores ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3595 (By default Microsoft Windows XP Home Edition installs with a blank ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3596 (SQL injection vulnerability in ASPKnowledgebase allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3597 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3598 RESERVED CVE-2005-3599 RESERVED CVE-2005-3600 RESERVED CVE-2005-3601 RESERVED CVE-2005-3602 RESERVED CVE-2005-3603 RESERVED CVE-2005-3604 RESERVED CVE-2005-3605 RESERVED CVE-2005-3606 RESERVED CVE-2005-3607 RESERVED CVE-2005-3608 RESERVED CVE-2005-3609 RESERVED CVE-2005-3610 RESERVED CVE-2005-3611 RESERVED CVE-2005-3612 RESERVED CVE-2005-3613 RESERVED CVE-2005-3614 RESERVED CVE-2005-3615 RESERVED CVE-2005-3616 RESERVED CVE-2005-3617 RESERVED CVE-2005-3618 (Cross-site request forgery (CSRF) vulnerability in the management ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3619 (Cross-site scripting (XSS) vulnerability in the management interface ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3620 (The management interface for VMware ESX Server 2.0.x before 2.0.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3621 (CRLF injection vulnerability in phpMyAdmin before 2.6.4-pl4 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3622 (phpMyAdmin 2.7.0-beta1 and earlier allows remote attackers to obtain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3623 (nfs2acl.c in the Linux kernel 2.6.14.4 does not check for MAY_SATTR ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3624 (The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, ...) BUG: 118665 BUG: 115789 BUG: 117495 BUG: 117494 BUG: 117481 BUG: 115851 BUG: 114429 CVE-2005-3625 (Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, ...) BUG: 118665 BUG: 115789 BUG: 117495 BUG: 117494 BUG: 117481 BUG: 115851 BUG: 114429 CVE-2005-3626 (Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, ...) BUG: 118665 BUG: 115789 BUG: 117495 BUG: 117494 BUG: 117481 BUG: 115851 BUG: 114429 CVE-2005-3627 (Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, ...) BUG: 118665 BUG: 115789 BUG: 117495 BUG: 117494 BUG: 117481 BUG: 115851 BUG: 114429 CVE-2005-3628 (Buffer overflow in the JBIG2Bitmap::JBIG2Bitmap function in ...) BUG: 115851 BUG: 114429 CVE-2005-3629 (initscripts in Red Hat Enterprise Linux 4 does not properly handle ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3630 (Fedora Directory Server before 10 allows remote attackers to obtain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3631 (udev does not properly set permissions on certain files in /dev/input, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3632 (Multiple buffer overflows in pnmtopng in netpbm 10.0 and earlier allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3633 (HTTP response splitting vulnerability in frameset.htm in SAP Web ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3634 (frameset.htm in the BSP runtime in SAP Web Application Server (WAS) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3635 (Multiple cross-site scripting (XSS) vulnerabilities in SAP Web ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3636 (Cross-site scripting (XSS) vulnerability in SAP Web Application Server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3637 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3638 (Cross-site scripting (XSS) vulnerabilities in Ekinboard 1.0.3 allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3639 (PHP file inclusion vulnerability in the osTicket module in Help Center ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3640 (Multiple buffer overflows in the IMAP Groupware Mail server of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3641 (Oracle Databases running on Windows XP with Simple File Sharing ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3642 (IBM Informix Dynamic Database server running on Windows XP with Simple ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3643 (IBM DB2 Database server running on Windows XP with Simple File Sharing ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3644 (PNP_GetDeviceList (upnp_getdevicelist) in UPnP for Microsoft Windows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3645 (phpAdsNew and phpPgAds 2.0.6 and possibly earlier versions allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3646 (Multiple SQL injection vulnerabilities in lib-sessions.inc.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3647 (Folder Guard allows local users to bypass protections by running from ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3648 (Multiple SQL injection vulnerabilities in the get_record function in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3649 (jumpto.php in Moodle 1.5.2 allows remote attackers to redirect users ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3650 (The CodeSupport.ocx ActiveX control, as used by Sony to uninstall the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3651 (Stack-based buffer overflow in the dissect_ospf_v3_address_prefix ...) BUG: 115030 CVE-2005-3652 (Heap-based buffer overflow in Citrix Program Neighborhood client 9.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3653 (Heap-based buffer overflow in the iGateway service for various ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3654 (Blue Coat Systems Inc. WinProxy before 6.1a allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3655 (Heap-based buffer overflow in Novell Open Enterprise Server Remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3656 (Multiple format string vulnerabilities in logging functions in ...) BUG: 118096 CVE-2005-3657 (The ActiveX control in MCINSCTL.DLL for McAfee VirusScan Security ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3658 (Multiple heap-based buffer overflows in EMC Legato NetWorker 7.1.x ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3659 (nsrd.exe in EMC Legato NetWorker 7.1.x before 7.1.4 and 7.2.x before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3660 (Linux kernel 2.4 and 2.6 allows attackers to cause a denial of service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3661 (Dell TrueMobile 2300 Wireless Broadband Router running firmware ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3662 (Off-by-one buffer overflow in pnmtopng before 2.39, when using the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3663 (Unquoted Windows search path vulnerability in Kaspersky Anti-Virus 5.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3664 (Heap-based buffer overflow in Kaspersky Anti-Virus Engine, as used in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3665 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...) BUG: 114662 CVE-2005-3666 (Multiple unspecified format string vulnerabilities in multiple ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3667 (Multiple unspecified vulnerabilities in multiple unspecified ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3668 (Multiple buffer overflows in multiple unspecified implementations of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3669 (Multiple unspecified vulnerabilities in the Internet Key Exchange ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3670 (Multiple unspecified vulnerabilities in the Internet Key Exchange ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3671 (The Internet Key Exchange version 1 (IKEv1) implementation in Openswan ...) BUG: 113201 BUG: 112568 CVE-2005-3672 (The Internet Key Exchange version 1 (IKEv1) implementation in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3673 (The Internet Key Exchange version 1 (IKEv1) implementation in Check ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3674 (The Internet Key Exchange version 1 (IKEv1) implementation in the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3675 (The Transmission Control Protocol (TCP) allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3676 (SQL injection vulnerability in download.php in PhpWebThings 1.4.4 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3677 (Buffer overflow in RealNetworks RealPlayer 10 and 10.5 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3678 (Google Talk before 1.0.0.76, with email notification enabled, allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3679 (SQL injection vulnerability in admin/index.php in ActiveCampaign ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3680 (Directory traversal vulnerability in editor_registry.php in XOOPS ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3681 (SQL injection vulnerability in viewcat.php in XOOPS WF-Downloads ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3682 (Multiple SQL injection vulnerabilities in Wizz Forum 1.20 allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3683 (Stack-based buffer overflow in freeFTPd before 1.0.9 with Logging ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3684 (Multiple buffer overflows in freeFTPd 1.0.8, without logging enabled, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3685 (Cross-site scripting (XSS) vulnerability in shopadmin.asp in VP-ASP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3686 (SQL injection vulnerability in search.inc.php in Unclassified ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3687 (cancel_account.php in WHM AutoPilot 2.5.30 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3688 (Cross-site scripting (XSS) vulnerability in members.php in XMB 1.9.3 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3689 (post.php in XMB 1.9.2 allows remote attackers to obtain the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3690 (Stack-based buffer overflow in the IMAP service (meimaps.exe) of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3691 (Directory traversal vulnerability in the IMAP service (meimaps.exe) of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3692 (Cross-site scripting (XSS) vulnerability in AMAX Magic Winmail Server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3693 (The AxWebRemoveCtrl ActiveX control for uninstalling the SunnComm ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3694 (centericq 4.20.0-r3 with "Enable peer-to-peer communications" set ...) BUG: 114038 BUG: 100519 CVE-2005-3695 (Cross-site scripting (XSS) vulnerability in admin/config/confMgr.php ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3696 (SQL injection vulnerability in Arki-DB 1.0 and 2.0 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3697 (Unspecified vulnerability in the administration interface in Uresk ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3698 (PHP Easy Download allows remote attackers to bypass authentication via ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3699 (Opera Web Browser 8.50 and 8.0 through 8.0.2 allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3700 (Unknown vulnerability in iodbcadmintool in the ODBC Administrator ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3701 (Unspecified vulnerability in passwordserver in Mac OS X Server 10.3.9 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3702 (Safari in Mac OS X and OS X Server 10.3.9 and 10.4.3 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3703 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3704 (System log server in Mac OS X and OS X Server 10.4 through 10.4.3 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3705 (Heap-based buffer overflow in WebKit in Mac OS X and OS X Server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3706 (Heap-based buffer overflow in LibSystem in Mac OS X 10.4 through ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3707 (Buffer overflow in Apple Quicktime before 7.0.4 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3708 (Integer overflow in Apple Quicktime before 7.0.4 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3709 (Integer underflow in Apple Quicktime before 7.0.4 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3710 (Integer overflow in Apple Quicktime before 7.0.4 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3711 (Integer overflow in Apple Quicktime before 7.0.4 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3712 (Heap-based buffer overflow in rsync in Mac OS X 10.4 through 10.4.5 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3713 (Heap-based buffer overflow in Apple Quicktime before 7.0.4 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3714 (The network interface for Apple AirPort Express 6.x before Firmware ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3715 (Senao SI-680H Wireless VoIP Phone Firmware 0.03.0839 leaves the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3716 (The SNMP daemon in UTStarcom F1000 VOIP WIFI Phone s2.0 running ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3717 (The telnet daemon in UTStarcom F1000 VOIP WIFI Phone s2.0 running ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3718 (UTStarcom F1000 VOIP WIFI Phone s2.0 running VxWorks 5.5.1 with kernel ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3719 (Hitachi IP5000 VOIP WIFI Phone 1.5.6 has a hard-coded administrator ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3720 (The default index page in the HTTP server in Hitachi IP5000 VOIP WIFI ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3721 (The default configuration of the HTTP server in Hitachi IP5000 VOIP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3722 (The SNMP v1/v2c daemon in Hitachi IP5000 VOIP WIFI Phone 1.5.6 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3723 (Hitachi IP5000 VOIP WIFI Phone 1.5.6 does not allow the user to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3724 (Zyxel P2000W Version 1 VOIP WIFI Phone Wj.00.10 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3725 (Zyxel P2000W Version 1 VOIP WIFI Phone Wj.00.10 uses hardcoded IP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3726 (SQL injection vulnerability in Interspire ArticleLive NX 0.3 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3727 (SQL injection vulnerability in debug/query_results.jsp in Idetix ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3728 (Idetix Software Systems Revize CMS stores conf/revize.xml under the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3729 (Idetix Software Systems Revize CMS allows remote attackers to obtain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3730 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3731 (Unspecified vulnerability in yaSSL before 1.0.6 has unknown impact and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3732 (The Internet Key Exchange version 1 (IKEv1) implementation ...) BUG: 113201 BUG: 112568 CVE-2005-3733 (The Internet Key Exchange version 1 (IKEv1) implementation in Juniper ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3734 (Cross-site scripting (XSS) vulnerability in the "add content" page in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3735 (Multiple SQL injection vulnerabilities in e-Quick Cart allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3736 (Multiple cross-site scripting (XSS) vulnerabilities in e-Quick Cart ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3737 (Buffer overflow in the SVG importer (style.cpp) of inkscape 0.41 ...) BUG: 109993 CVE-2005-3738 (globals.php in Mambo Site Server 4.0.14 and earlier, when ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3739 (Unspecified vulnerability in subheader.php in PHP-Fusion 6.00.206 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3740 (Multiple SQL injection vulnerabilities in PHP-Fusion 6.00.206 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3741 (Almond Classifieds does not properly verify the password, which allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3742 (Cross-site scripting (XSS) vulnerability in popup.php in Advanced Poll ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3743 (SQL injection vulnerability in results.php in SimplePoll allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3744 (SQL injection vulnerability in index.php in phpComasy 0.7.5 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3745 (Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3746 (SQL injection vulnerability in thread.php in APBoard allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3747 (Unspecified vulnerability in Jetty before 5.1.6 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3748 (SQL injection vulnerability in the Search module in Tru-Zone Nuke ET ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3749 (Unspecified "absolute path vulnerabilities" in the diagela command ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3750 (Opera before 8.51 on Linux and Unix systems allows remote attackers to ...) BUG: 113239 CVE-2005-3751 (HTTP request smuggling vulnerability in Pound before 1.9.4 allows ...) BUG: 118541 CVE-2005-3752 (Unspecified vulnerability in ldapdiff before 1.1.1 has unknown impact ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3753 (Linux kernel before after 2.6.12 and before 2.6.13.1 might allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3754 (Cross-site scripting (XSS) vulnerability in Google Mini Search ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3755 (Directory traversal vulnerability in Google Mini Search Appliance, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3756 (Google Mini Search Appliance, and possibly Google Search Appliance, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3757 (The Saxon XSLT parser in Google Mini Search Appliance, and possibly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3758 (Cross-site scripting (XSS) vulnerability in Google Mini Search ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3759 (Multiple cross-site scripting (XSS) vulnerabilities in Horde before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3760 (Double free vulnerability in the BBOORB module in IBM WebSphere ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3761 (Cross-site scripting (XSS) vulnerability in Exponent CMS 0.96.3 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3762 (SQL injection vulnerability in the navigation module ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3763 (Exponent CMS 0.96.3 and later versions includes the full installation ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3764 (The image gallery (imagegallery) component in Exponent CMS 0.96.3 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3765 (Exponent CMS 0.96.3 and later versions performs a chmod on uploaded ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3766 (Exponent CMS 0.96.3 and later versions stores sensitive user pages ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3767 (Exponent CMS 0.96.3 and later versions does not properly restrict the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3768 (Buffer overflow in the Internet Key Exchange version 1 (IKEv1) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3769 (SQL injection vulnerability in files.php in PHP Download Manager 1.1.3 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3770 (Multiple cross-site scripting (XSS) vulnerabilities in PHP-Post (PHPp) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3771 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3772 (Multiple SQL injection vulnerabilities in Joomla! before 1.0.4 allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3773 (Unspecified vulnerability in Joomla! before 1.0.4 has unknown impact ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3774 (Cisco PIX 6.3 and 7.0 allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3775 (PHP remote file inclusion vulnerability in pollvote.php in PollVote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3776 (Multiple cross-site scripting (XSS) vulnerabilities in MyBulletinBoard ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3777 (MyBulletinBoard (MyBB) 1.0 PR2 Rev 686 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3778 (Unspecified vulnerability in MyBulletinBoard (MyBB) before 1.0 PR2 Rev ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3779 (Unspecified vulnerability in xterm for HP-UX 11.00, 11.11, and 11.23 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3780 (Multiple buffer overflows in IPUpdate 1.1 might allow attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3781 (Unspecified vulnerability in in.named in Solaris 9 allows attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3782 (Mac OS X 10.4.3 up to 10.4.6, when loginwindow uses the "Name and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3783 (The ptrace functionality (ptrace.c) in Linux kernel 2.6 before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3784 (The auto-reap of child processes in Linux kernel 2.6 before 2.6.15 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3785 (Second-order symlink vulnerability in eix-sync.in in Ebuild IndeX ...) BUG: 112061 CVE-2005-3786 (Novell ZENworks for Desktops 4.0.1, ZENworks for Servers 3.0.2, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3787 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3788 (Race condition in Cisco Adaptive Security Appliance (ASA) 7.0(0), ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3789 (Multiple directory traversal vulnerabilities in phpwcms 1.2.5 allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3790 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3791 (HTTP response splitting vulnerability in phpAdsNew and phpPgAds 2.0.6 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3792 (Multiple SQL injection vulnerabilities in the Search module in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3793 (Multiple SQL injection vulnerabilities in AlstraSoft Affiliate Network ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3794 (AlstraSoft Affiliate Network Pro 7.2 allows remote attackers to obtain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3795 (Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3796 (Direct static code injection vulnerability in admin_options_manage.php ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3797 (PHP remote file inclusion vulnerability in payment_paypal.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3798 (SQL injection vulnerability in admin/index.php in AlstraSoft Template ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3799 (phpBB 2.0.18 allows remote attackers to obtain sensitive information ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3800 (Macromedia Contribute Publishing Server (CPS) before 1.11 uses a weak ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3801 (CounterPane PasswordSafe 1.x and 2.x allows local users to test ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3802 (Belkin F5D7232-4 and F5D7230-4 wireless routers with firmware 4.03.03 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3803 (Cisco IP Phone (VoIP) 7920 1.0(8) contains certain hard-coded ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3804 (Cisco IP Phone (VoIP) 7920 1.0(8) listens to UDP port 17185 to support ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3805 (A locking problem in POSIX timer cleanup handling on exit in Linux ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3806 (The IPv6 flow label handling code (ip6_flowlabel.c) in Linux kernels ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3807 (Memory leak in the VFS file lease handling in locks.c in Linux kernels ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3808 (Integer overflow in the invalidate_inode_pages2_range function in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3809 (The nfattr_to_tcp function in ip_conntrack_proto_tcp.c in ctnetlink in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3810 (ip_conntrack_proto_icmp.c in ctnetlink in Linux kernel 2.6.14 up to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3811 (Directory traversal vulnerability in admin/main.php in AMAX Magic ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3812 (freeFTPd 1.0.10 allows remote authenticated users to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3813 (IMAP service (meimaps.exe) of MailEnable Professional 1.7 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3814 (Multiple cross-site scripting (XSS) vulnerabilities in SmartPPC Pro ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3815 (SQL injection vulnerability in forum.php in Orca Forum 4.3b and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3816 (Multiple SQL injection vulnerabilities in forum.php in freeForum 1.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3817 (Multiple SQL injection vulnerabilities in Softbiz Web Host Directory ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3818 (Multiple cross-site scripting (XSS) vulnerabilities in vTiger CRM 4.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3819 (Multiple SQL injection vulnerabilities in vTiger CRM 4.2 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3820 (Multiple directory traversal vulnerabilities in index.php in vTiger ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3821 (Cross-site scripting (XSS) vulnerability in vTiger CRM 4.2 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3822 (Multiple SQL injection vulnerabilities in vTiger CRM 4.2 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3823 (The Users module in vTiger CRM 4.2 and earlier allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3824 (The uploads module in vTiger CRM 4.2 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3825 (SQL injection vulnerability in index.php in Comdev Vote Caster 3.1 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3826 (Multiple SQL injection vulnerabilities in Ezyhelpdesk 1.0 allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3827 (SQL injection vulnerability in product_cat in AgileBill 1.4.92 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3828 (SQL injection vulnerability in index.php in ActiveCampaign ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3829 (index.php in ActiveCampaign KnowledgeBuilder 2.4 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3830 (index.php in ActiveCampaign SupportTrio 1.4 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3831 (Stack-based buffer overflow in (1) CxZIP60.dll and (2) CxZIP60u.dll, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3832 (Stack-based buffer overflow in (1) CxUux60.dll and (2) CxUux60u.dll, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3833 (SQL injection vulnerability in songinfo.php in Tunez 1.21 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3834 (Cross-site scripting (XSS) vulnerability in search.php in Tunez 1.21 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3835 (PHP remote file inclusion vulnerability in support/index.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3836 (SQL injection vulnerability in DeskLance 2.3 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3837 (Cross-site scripting (XSS) vulnerability in the search module in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3838 (Multiple SQL injection vulnerabilities in search.php in IsolSoft ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3839 (Cross-site scripting (XSS) vulnerability in SupportPRO Supportdesk ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3840 (SQL injection vulnerability in kb.php in Omnistar Live 5.2 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3841 (Cross-site scripting (XSS) vulnerability in kPlaylist 1.6 (build 400), ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3842 (SQL injection vulnerability in index.php in pdjk-support suite 1.1a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3843 (SQL injection vulnerability in faq.php in Nicecoder iDesk 1.0 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3844 (SQL injection vulnerability in phpWordPress PHP News and Article ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3845 (SQL injection vulnerability in invoices.php in EZ Invoice Inc 2.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3846 (SQL injection vulnerability in news.php in Fantastic News 2.1.1 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3847 (The handle_stop_signal function in signal.c in Linux kernel 2.6.11 up ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3848 (Memory leak in the icmp_push_reply function in Linux 2.6 before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3849 (Cross-site scripting (XSS) vulnerability in the Search module in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3850 (Cross-site scripting (XSS) vulnerability in search.asp in Online ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3851 (Cross-site scripting (XSS) vulnerability in search.asp in Online ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3852 (SQL injection vulnerability in search.asp in Online Work Order Suite ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3853 (SQL injection vulnerability in snews.php in sNews 1.3 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3854 (Cross-site scripting (XSS) vulnerability in index.php in EasyPageCMS ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3855 (SQL injection vulnerability in process.php in 1-2-3 music store allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3856 (The Popular URL capability (popularurls.cpp) in Krusader 1.60.0 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3857 (The time_out_leases function in locks.c for Linux kernel before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3858 (Memory leak in the ip6_input_finish function in ip6_input.c in Linux ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3859 (PHP remote file inclusion vulnerability in q-news.php in Q-News 2.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3860 (PHP remote file inclusion vulnerability in athena.php in Oliver May ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3861 (PHP remote file inclusion vulnerability in content.php in phpGreetz ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3862 (Buffer overflow in unalz before 0.53 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3863 (Stack-based buffer overflow in kkstrtext.h in ktools library 0.3 and ...) BUG: 114038 BUG: 100519 BUG: 135020 CVE-2005-3864 (SQL injection vulnerability in index.php in SourceWell 1.1.2 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3865 (SQL injection vulnerability in index.php in AllWeb search 3.0 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3866 (Cross-site scripting (XSS) vulnerability in SearchFeed Search Engine ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3867 (Cross-site scripting (XSS) vulnerability in RevenuePilot Search Engine ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3868 (Multiple SQL injection vulnerabilities in K-Search 1.0 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3869 (Cross-site scripting (XSS) vulnerability in index.php in Google API ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3870 (Multiple SQL injection vulnerabilities in edmobbs9r.php in edmoBBS 0.9 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3871 (Multiple SQL injection vulnerabilities in Joels Bulletin board (JBB) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3872 (Multiple SQL injection vulnerabilities in Ugroup 2.6.2 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3873 (SQL injection vulnerability in topic.php in ShockBoard 3.0 and 4.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3874 (SQL injection vulnerability in netzbr.php in Netzbrett 1.5.1 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3875 (Multiple SQL injection vulnerabilities in Enterprise Connector 1.0.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3876 (Multiple SQL injection vulnerabilities in adcbrowres.php in AD Center ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3877 (Multiple SQL injection vulnerabilities in Simple Document Management ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3878 (Directory traversal vulnerability in index.php in PHP Doc System 1.5.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3879 (Multiple SQL injection vulnerabilities in Softbiz Resource Repository ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3880 (Multiple SQL injection vulnerabilities in Omnistar KBase 4.0 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3881 (SQL injection vulnerability in search.php in AtlantisFAQ Knowledge ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3882 (SQL injection vulnerability in answer.php in FAQSystems FAQRing ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3883 (CRLF injection vulnerability in the mb_send_mail function in PHP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3884 (Multiple SQL injection vulnerabilities in the search action in Zainu ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3885 (The ps2epsi extension shell script (ps2epsi.sh) in Inkscape before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3886 (Unspecified vulnerability in Cisco Security Agent (CSA) 4.5.0 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3887 (Gadu-Gadu 7.20 does not properly handle MS-DOS device names in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3888 (Memory leak in Gadu-Gadu 7.20 allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3889 (Gadu-Gadu 7.20 allows remote attackers to cause a denial of service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3890 (Gadu-Gadu 7.20 allows remote attackers to cause a denial of service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3891 (Stack-based buffer overflow in Gadu-Gadu 7.20 allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3892 (Gadu-Gadu 7.20 allows remote attackers to eavesdrop on a user via a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3893 (Multiple SQL injection vulnerabilities in index.pl in Open Ticket ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3894 (Multiple cross-site scripting (XSS) vulnerabilities in index.pl in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3895 (Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3896 (Mozilla allows remote attackers to cause a denial of service (CPU ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3897 (Apple Safari 2.0.2 allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3898 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3899 (The automatic update feature in Google Talk allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3900 (Macromedia Breeze Communication Server and Breeze Live Server does 5.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3901 (Macromedia Flash Communication Server MX 1.0 and 1.5 does not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3902 (Cross-site scripting (XSS) vulnerability in gui/errordocs/index.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3903 (Buffer overflow in uidadmin in SCO Unixware 7.1.3 and 7.1.4 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3904 (Unspecified vulnerability in Java Management Extensions (JMX) in Java ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3905 (Unspecified vulnerability in reflection APIs in Java SDK and JRE ...) BUG: 118114 CVE-2005-3906 (Multiple unspecified vulnerabilities in reflection APIs in Java SDK ...) BUG: 118114 CVE-2005-3907 (Unspecified vulnerability in Java Runtime Environment in Java JDK and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3908 (Cross-site scripting (XSS) vulnerability in search.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3909 (SQL injection vulnerability in merchants/index.php in Post Affiliate ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3910 (merchants/index.php in Post Affiliate Pro 2.0.4 and earlier, with ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3911 (Multiple SQL injection vulnerabilities in calendar.php in BosDates 4.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3912 (Format string vulnerability in miniserv.pl Perl web server in Webmin ...) BUG: 113888 CVE-2005-3913 (Unspecified vulnerability in the domain alias management in Virtual ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3914 (Multiple SQL injection vulnerabilities in AFFcommerce 1.1.4 allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3915 (The Internet Key Exchange version 1 (IKEv1) implementation in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3916 (SQL injection vulnerability in memberlist.php in WSN Forum 1.21 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3917 (SQL injection vulnerability in usersession in CommodityRentals 2.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3918 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3919 (Cross-site scripting (XSS) vulnerability in PBLang 4.65 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3920 (SQL injection vulnerability in Babe Logger 2 allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3921 (Cross-site scripting (XSS) vulnerability in Cisco IOS Web Server for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3922 (Heap-based buffer overflow in pskcmp.dll in Panda Software Antivirus ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3923 (NetObjects Fusion 9 (NOF9) allows remote attackers to obtain sensitive ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3924 (SQL injection vulnerability in themes/kategorie/index.php in Randshop ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3925 (Multiple SQL injection vulnerabilities in Central Manchester CLC ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3926 (Direct static code injection vulnerability in error.php in GuppY 4.5.9 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3927 (Multiple directory traversal vulnerabilities in GuppY 4.5.9 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3928 (Buffer overflow in phgrafx in QNX 6.2.1 and 6.3.0 allows local users ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3929 (Directory traversal vulnerability in the create function in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3930 (SQL injection vulnerability in index.php in N-13 News 1.2 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3931 (SQL injection vulnerability in default.asp in ASP-Rider 1.6 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3932 (SQL injection vulnerability in okiraku.php in O-Kiraku Nikki 1.3 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3933 (SQL injection vulnerability in index.php in 88Script's Event Calendar ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3934 (Buffer overflow in Symantec pcAnywhere 11.0.1, 11.5.1, and all other ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3935 (SQL injection vulnerability in SocketKB 1.1.0 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3936 (PHP file include vulnerability in SocketKB 1.1.0 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3937 (SQL injection vulnerability in Softbiz B2B Trading Marketplace Script ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3938 (SQL injection vulnerability in Softbiz FAQ Script 1.1 and earler ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3939 (Multiple SQL injection vulnerabilities in WSN Knowledge Base 1.2.0 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3940 (SQL injection vulnerability in ringmaker.php in Orca Ringmaker 2.3c ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3941 (SQL injection vulnerability in blog.php in Orca Blog 1.3b and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3942 (SQL injection vulnerability in knowledgebase-control.php in Orca ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3943 (Multiple SQL injection vulnerabilities in ilyav FAQ System 1.1 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3944 (SQL injection vulnerability in survey.php in ilyav Survey System 1.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3945 (The SynAttackProtect protection in Microsoft Windows 2003 before SP1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3946 (Opera 8.50 allows remote attackers to cause a denial of service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3947 (Directory traversal vulnerability in index.php in PHP Upload Center ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3948 (Directory traversal vulnerability in main.php in PHPAlbum 0.2.3 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3949 (Multiple SQL injection vulnerabilities in WebCalendar 1.0.1 allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3950 (nuauth in NuFW 1.0.x before 1.0.16 and 1.1 allows authenticated users ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3951 (SQL injection vulnerability in survey.php in PHP Labs Survey Wizard ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3952 (SQL injection vulnerability in PHP Labs Top Auction allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3953 (SQL injection vulnerability in Bedeng PSP 1.1 allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3954 (Cross-site scripting (XSS) vulnerability in blogBuddies 0.3 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3955 (Multiple cross-site scripting (XSS) vulnerabilities in MagpieRSS 7.1, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3956 (Multiple SQL injection vulnerabilities in index.php in DMANews 0.904 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3957 (Unspecified vulnerability in the Trackback functionality in DotClear ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3958 (SQL injection vulnerability in index.php in Entergal MX 2.0 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3959 (Multiple cross-site scripting (XSS) vulnerabilities in FreeWebStat 1.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3960 (Kadu 0.4.2 and 0.5.0pre allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3961 (export_handler.php in WebCalendar 1.0.1 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3962 (Integer overflow in the format string functionality (Perl_sv_vcatpvfn) ...) BUG: 114113 CVE-2005-3963 (SQL injection vulnerability in session.php in DotClear before 1.2.3 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3964 (Multiple buffer overflows in libUil (libUil.so) in OpenMotif 2.2.3, ...) BUG: 116481 BUG: 114234 CVE-2005-3965 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3966 (Cross-site scripting (XSS) vulnerability in search.jsp in Java Search ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3967 (Cross-site scripting (XSS) vulnerability in the dosearchsite.action ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3968 (SQL injection vulnerability in auth.inc.php in PHPX 3.5.9 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3969 (SQL injection vulnerability in MXChange before 0.2.0-pre10 PL492 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3970 (Cross-site scripting (XSS) vulnerability in MXChange before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3971 (Cross-site scripting (XSS) vulnerability in the login form in Citrix ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3972 (Cross-site scripting (XSS) vulnerability in extremesearch.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3973 (Multiple cross-site scripting (XSS) vulnerabilities in Drupal 4.5.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3974 (Drupal 4.5.0 through 4.5.5 and 4.6.0 through 4.6.3, when running on ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3975 (Interpretation conflict in file.inc in Drupal 4.5.0 through 4.5.5 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3976 (SQL injection vulnerability in type.asp, as used in multiple DUware ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3977 (Cross-site scripting (XSS) vulnerability in QualityEBiz Quality PPC ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3978 (Multiple SQL injection vulnerabilities in NetClassifieds Premium ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3979 (relocate_server.php in Coppermine Photo Gallery (CPG) 1.4.2 and 1.4 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3980 (SQL injection vulnerability in the ticket query module in Edgewall ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3981 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3982 (CRLF injection vulnerability in layers_toggle.php in WebCalendar 1.0.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3983 (Unknown vulnerability in the login page for HP Systems Insight Manager ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3984 (SQL injection vulnerability in WebCalendar 1.0.1 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3985 (The Internet Key Exchange version 1 (IKEv1) implementation in Astaro ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3986 (Multiple SQL injection vulnerabilities in Instant Photo Gallery 1 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3987 (Multiple SQL injection vulnerabilities in Tradesoft CMS allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3988 (SQL injection vulnerability in article.php in Pineapple Technologies ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3989 (Memory leak in Avaya TN2602AP IP Media Resource 320 circuit pack ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3990 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3991 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyChat ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3992 (Multiple buffer overflows in WinEggDropShell remote access trojan ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3993 (Multiple unspecified vulnerabilities in MailEnable Professional 1.6 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3994 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3995 (Format string vulnerability in the dosyslog function in the OBEX ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3996 (SQL injection vulnerability in admin/password_forgotten.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3997 (Zen Cart 1.2.6d and earlier, under certain PHP configurations, allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3998 (Cross-site scripting (XSS) vulnerability in search.asp in Solupress ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-3999 (Cross-site scripting (XSS) vulnerability in Search.asp in SiteBeater ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4000 (Cross-site scripting (XSS) vulnerability in archive.asp in SiteBeater ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4001 (Multiple SQL injection vulnerabilities in phpYellowTM Pro Edition and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4002 (WebEOC before 6.0.2 uses the same secret key for all installations, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4003 (Multiple SQL injection vulnerabilities in Absolute Shopping Package ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4004 (Cross-site scripting (XSS) vulnerability in search.asp in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4005 (SQL injection vulnerability in messages.php in PHP-Fusion 6.00.109 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4006 (SAPID CMS before 1.2.3.03 allows remote attackers to bypass ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4007 (Multiple unspecified vulnerabilities in SAPID CMS before 1.2.3.03, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4008 (SQL injection vulnerability in jax_calendar.php in Jax Calendar 1.34 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4009 (Multiple SQL injection vulnerabilities in PHP Lite Calendar Express ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4010 (SQL injection vulnerability in KBase Express 1.0.0 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4011 (SQL injection vulnerability in calendar.php in Codewalkers ltwCalendar ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4012 (Multiple cross-site scripting (XSS) vulnerabilities in PHP Web ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4013 (PHP Web Statistik 1.4 stores the stat.cfg file under the web root with ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4014 (stat.php in PHP Web Statistik 1.4 allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4015 (PHP Web Statistik 1.4 does not rotate the log database or limit the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4016 (SQL injection vulnerability in Widget Property 1.1.19 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4017 (property.php in Widget Property 1.1.19 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4018 (SQL injection vulnerability in ls.php in Landshop Real Estate Commerce ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4019 (SQL injection vulnerability in index.php in Relative Real Estate ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4020 (SQL injection vulnerability in create.php in Widget Imprint 1.0.26 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4021 (The installer for Gallery 2.0 before 2.0.2 stores the install log ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4022 (Cross-site scripting (XSS) vulnerability in the "Add Image From Web" ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4023 (Unspecified vulnerability in the zipcart module in Gallery 2.0 before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4024 (Cross-site scripting (XSS) vulnerability in Interspire FastFind 2004 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4025 (Help Desk Reloaded Free Help Desk does not remove or protect ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4026 (search.php in Geeklog 1.4.x before 1.4.0rc1, and 1.3.x before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4027 (SQL injection vulnerability in SimpleBBS 1.1 allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4028 (Multiple cross-site scripting (XSS) vulnerabilities in aMember allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4029 (WebEOC before 6.0.2 allows remote attackers to obtain valid usernames ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4030 (SQL injection vulnerability in Quicksilver Forums before 1.5.1 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4031 (Eval injection vulnerability in MediaWiki 1.5.x before 1.5.3 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4032 (Cross-site scripting (XSS) vulnerability in search.cgi in Easy Search ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4033 (Nodezilla 0.4.13-corno-fulgure does not properly protect the evl_data ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4034 (Multiple SQL injection vulnerabilities in Web4Future eDating ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4035 (Multiple SQL injection vulnerabilities in Web4Future eCommerce ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4036 (Cross-site scripting (XSS) vulnerability in index.cgi in Web4Future ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4037 (SQL injection vulnerability in functions.php in Web4Future Affiliate ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4038 (SQL injection vulnerability in comentarii.php in Web4Future Portal ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4039 (Directory traversal vulnerability in arhiva.php in Web4Future Portal ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4040 (SQL injection vulnerability in FileLister 0.51 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4041 (Cross-site scripting (XSS) vulnerability in search.cgi in MR CGI Guy ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4042 (Cross-site scripting (XSS) vulnerability in Warm Links 1.0.0 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4043 (SQL injection vulnerability in view.php in Hobosworld HobSR 1.0 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4044 (Cross-site scripting (XSS) vulnerability in search.cgi in Amazon ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4045 (Unspecified vulnerability in System Communications Services 6 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4046 (Unspecified vulnerability in Reverse SSL Proxy Plug-in for Sun Java ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4047 (Cross-site scripting (XSS) vulnerability in kb.asp in IISWorks ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4048 (Heap-based buffer overflow in the avcodec_default_get_buffer function ...) BUG: 122029 BUG: 115760 BUG: 116181 BUG: 115849 BUG: 119512 CVE-2005-4049 (Multiple SQL injection vulnerabilities in Blog System 1.2 allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4050 (Buffer overflow in multiple Multi-Tech Systems MultiVOIP devices with ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4051 (e107 0.6174 allows remote attackers to vote multiple times for a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4052 (e107 0.6174 allows remote attackers to redirect users to other web ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4053 (Cross-site scripting (XSS) vulnerability in coWiki 0.3.4 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4054 (SQL injection vulnerability in index.php in PluggedOut Blog 1.9.5 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4055 (SQL injection vulnerability in index.php in Cars Portal 1.1 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4056 (SQL injection vulnerability in search.php in PluggedOut Nexus 0.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4057 (Cross-site scripting (XSS) vulnerability in search.php in PluggedOut ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4058 (SQL injection vulnerability in saralblog 1 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4059 (SQL injection vulnerability in searchdb.asp in LocazoList 1.03c and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4060 (Cross-site scripting (XSS) vulnerability in search.asp in rwAuction ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4061 (Cross-site scripting (XSS) vulnerability in PASearch.asp in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4062 (Cross-site scripting (XSS) vulnerability in CPSearch.asp in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4063 (Multiple cross-site scripting (XSS) vulnerabilities in NetAuctionHelp ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4064 (Multiple SQL injection vulnerabilities in A-FAQ 1.0 allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4065 (SQL injection vulnerability in the search module in Edgewall Trac ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4066 (Total Commander 6.53 uses weak encryption to store FTP usernames and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4067 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4068 (Unspecified "absolute path vulnerability" in umountall in IBM AIX 5.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4069 (SunnComm MediaMax DRM 5.0.21.0, as used by Sony BMG, assigns insecure ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4070 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4071 (Multiple SQL injection vulnerabilities in CFMagic Magic Forum Personal ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4072 (Cross-site scripting (XSS) vulnerability in CFMagic Magic Forum ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4073 (SQL injection vulnerability in view_archive.cfm in CFMagic Magic List ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4074 (Directory traversal vulnerability in index.cfm in CF_Nuke 4.6 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4075 (Multiple cross-site scripting (XSS) vulnerabilities in index.cfm in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4076 (Buffer overflow in Appfluent Technology Database IDS 2.0 allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4077 (Multiple off-by-one errors in the cURL library (libcurl) 7.11.2 ...) BUG: 126433 BUG: 114710 CVE-2005-4078 (Multiple cross-site scripting (XSS) vulnerabilities in Ideal BB.NET ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4079 (The register_globals emulation in phpMyAdmin 2.7.0 rc1 allows remote ...) BUG: 114662 CVE-2005-4080 (Horde IMP 4.0.4 and earlier does not sanitize strings containing UTF16 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4081 (Multiple SQL injection vulnerabilities in Alisveristr E-commerce allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4082 (The dhcp.client program for QNX 4.25 vmware is setuid, possibly by ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4083 (Directory traversal vulnerability in xs_edit.php in the eXtreme Styles ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4084 (xs_edit.php in the phpBB eXtreme Styles module 2.2.1 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4085 (Buffer overflow in BlueCoat (a) WinProxy before 6.1a and (b) the web ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4086 (Directory traversal vulnerability in acceptDecline.php in Sugar Suite ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4087 (PHP remote file include vulnerability in acceptDecline.php in Sugar ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4088 (SQL injection vulnerability in index.php in phpForumPro 2.2 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4089 (Microsoft Internet Explorer allows remote attackers to bypass ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4090 (Unspecified vulnerability in HP-UX B.11.00 to B.11.23, when IPSEC is ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4091 (Cross-site scripting (XSS) vulnerability in 1search.cgi in 1-Script ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4092 (Multiple heap-based buffer overflows in QuickTime.qts in Apple ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4093 (Check Point VPN-1 SecureClient NG with Application Intelligence R56, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4094 (connector.php in the fckeditor2rc2 addon in DoceboLMS 2.0.4 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4095 (Directory traversal vulnerability in connector.php in the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4096 RESERVED CVE-2005-4097 RESERVED CVE-2005-4098 RESERVED CVE-2005-4099 RESERVED CVE-2005-4100 RESERVED CVE-2005-4101 RESERVED CVE-2005-4102 RESERVED CVE-2005-4103 RESERVED CVE-2005-4104 RESERVED CVE-2005-4105 RESERVED CVE-2005-4106 RESERVED CVE-2005-4107 RESERVED CVE-2005-4108 RESERVED CVE-2005-4109 RESERVED CVE-2005-4110 RESERVED CVE-2005-4111 RESERVED CVE-2005-4112 RESERVED CVE-2005-4113 RESERVED CVE-2005-4114 RESERVED CVE-2005-4115 RESERVED CVE-2005-4116 RESERVED CVE-2005-4117 RESERVED CVE-2005-4118 RESERVED CVE-2005-4119 RESERVED CVE-2005-4120 RESERVED CVE-2005-4121 RESERVED CVE-2005-4122 RESERVED CVE-2005-4123 RESERVED CVE-2005-4124 RESERVED CVE-2005-4125 RESERVED CVE-2005-4126 (** UNVERIFIABLE, PRERELEASE ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4127 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4128 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4129 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4130 (** UNVERIFIABLE, PRERELEASE ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4131 (Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4132 (Unspecified "security leak" vulnerability in Contenido before 4.6.4, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4133 (Sun Update Connection in Sun Solaris 10, when configured to use a web ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4134 (Mozilla Firefox 1.5, Netscape 8.0.4 and 7.2, and K-Meleon before ...) BUG: 130887 BUG: 129924 CVE-2005-4135 (Direct static code injection vulnerability in includes/newtopic.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4136 (Cross-site scripting (XSS) vulnerability in login.php in DRZES HMS 3.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4137 (SQL injection vulnerability in viewinvoice.php in DRZES HMS 3.2 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4138 (Multiple cross-site scripting (XSS) vulnerabilities in ThWboard before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4139 (Multiple SQL injection vulnerabilities in ThWboard before 3 Beta 2.84 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4140 (SQL injection vulnerability in admin/login/index.php in Website Baker ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4141 (Multiple SQL injection vulnerabilities in ASPMForum allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4142 (The web interface for subscribing new users in Lyris ListManager 5.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4143 (SQL injection vulnerability in Lyris ListManager 5.0 through 8.9a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4144 (Lyris ListManager 5.0 through 8.9a allows remote attackers to add ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4145 (The MSDE version of Lyris ListManager 5.0 through 8.9b configures the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4146 (Lyris ListManager before 8.9b allows remote attackers to obtain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4147 (The TCLHTTPd service in Lyris ListManager before 8.9b allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4148 (Lyris ListManager 8.5, and possibly other versions before 8.8, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4149 (Lyris ListManager 8.8 through 8.9b allows remote attackers to obtain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4150 (Cross-site scripting (XSS) vulnerability in the portal login page in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4151 (The Wipe Free Space utility in PGP Desktop Home 8.0 and Desktop ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4152 (Soti Pocket Controller-Professional 5.0 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4153 (Mailman 2.1.4 through 2.1.6 allows remote attackers to cause a denial ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4154 (Unspecified vulnerability in PEAR installer 1.4.2 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4155 (registration.PHP in ATutor 1.5.1 pl2 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4156 (Unspecified vulnerability in Mambo 4.5 (1.0.0) through 4.5 (1.0.9), ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4157 (Unspecified vulnerability in Kerio WinRoute Firewall before 6.1.3 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4158 (Sudo before 1.6.8 p12, when the Perl taint flag is off, does not clear ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4159 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4160 (Directory traversal vulnerability in getdox.php in Torrential 1.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4161 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4162 (Cross-site scripting (XSS) vulnerability in cal_make.pl in ACME ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4163 (Directory traversal vulnerability in captcha.php in Captcha PHP 0.9 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4164 (SQL injection vulnerability in view.php in PHP-addressbook 1.2 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4165 (Multiple SQL injection vulnerabilities in ASP-DEV ASP Resources Forum ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4166 (Cross-site scripting (XSS) vulnerability in password.asp in DUWare ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4167 (Cross-site scripting (XSS) vulnerability in eFiction 1.0 and 1.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4168 (Multiple SQL injection vulnerabilities in eFiction 1.0, 1.1, and 2.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4169 (Multiple SQL injection vulnerabilities in eFiction 1.0 allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4170 (SQL injection vulnerability in eFiction 1.1 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4171 (The "Upload new image" command in the "Manage Images" eFiction 1.1, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4172 (eFiction 1.0, 1.1, and 2.0 allows remote attackers to obtain sensitive ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4173 (eFiction 1.0, 1.1, and 2.0 allows remote attackers to obtain sensitive ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4174 (eFiction 1.0, 1.1, and 2.0, in unspecified environments, might allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4175 (Insyde BIOS V190 does not clear the keyboard buffer after reading the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4176 (AWARD Bios Modular 4.50pg does not clear the keyboard buffer after ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4177 (Cross-site scripting (XSS) vulnerability in book.cfm in Magic Book ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4178 (Buffer overflow in Dropbear server before 0.47 allows authenticated ...) BUG: 116006 CVE-2005-4179 RESERVED CVE-2005-4180 RESERVED CVE-2005-4181 RESERVED CVE-2005-4182 RESERVED CVE-2005-4183 RESERVED CVE-2005-4184 RESERVED CVE-2005-4185 RESERVED CVE-2005-4186 RESERVED CVE-2005-4187 RESERVED CVE-2005-4188 RESERVED CVE-2005-4189 (Multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4190 (Multiple cross-site scripting (XSS) vulnerabilities in Horde ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4191 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4192 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4193 (Cross-site scripting (XSS) vulnerability in UseBB before 0.7 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4194 (Buffer overflow in MediaServerList.exe in Sights 'n Sounds Streaming ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4195 (Multiple SQL injection vulnerabilities in Scout Portal Toolkit (SPT) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4196 (Multiple cross-site scripting (XSS) vulnerabilities in Scout Portal ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4197 (tunnelform.yaws in Nortel SSL VPN 4.2.1.6 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4198 (SQL injection vulnerability in index.php in Netref 3.0 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4199 (Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4200 (Multiple unspecified vulnerabilities in MyBulletinBoard (MyBB) before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4201 (Directory traversal vulnerability in My Album Online 1.0 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4202 (Multiple directory traversal vulnerabilities in LogiSphere 0.9.9j ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4203 (LogiSphere 0.9.9j does not restrict the number of messages that can be ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4204 (Cross-site scripting (XSS) vulnerability in LogiSphere 0.9.9j allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4205 (Cross-site scripting (XSS) vulnerability in searchdb.asp in LocazoList ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4206 (Blackboard Learning and Community Portal System in Academic Suite ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4207 (SQL injection vulnerability in BTGrup Admin WebController Script ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4208 (Directory traversal vulnerability in Flatnuke 2.5.6 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4209 (WorldClient webmail in Alt-N MDaemon 8.1.3 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4210 (Opera before 8.51, when running on Windows with Input Method Editor ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4211 (PHP remote file inclusion vulnerability in coin_includes/db.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4212 (Directory traversal vulnerability in coin_includes/db.php in phpCOIN ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4213 (SQL injection vulnerability in mod.php in phpCOIN 1.2.2 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4214 (phpCOIN 1.2.2 allows remote attackers to obtain the installation path ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4215 (Motorola SB5100E Cable Modem allows remote attackers to cause a denial ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4216 (The Administration Service (FMSAdmin.exe) in Macromedia Flash Media ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4217 (Perl in Apple Mac OS X Server 10.3.9 does not properly drop privileges ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4218 (SQL injection vulnerability in forum.php in PHPWebThings 1.4 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4219 (setting.php in Innovative CMS (ICMS, formerly Imoel-CMS) contains ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4220 (Netgear RP114, and possibly other versions and devices, allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4221 (SQL injection vulnerability in link.php in Arab Portal System 2 Beta 2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4222 (Multiple cross-site scripting (XSS) vulnerabilities in guestbook.cgi ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4223 (Multiple "potential" SQL injection vulnerabilities in Utopia News Pro ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4224 (Multiple "potential" SQL injection vulnerabilities in e107 0.7 might ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4225 (Multiple "potential" SQL injection vulnerabilities in myBloggie 2.1.3 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4226 (Multiple "potential" SQL injection vulnerabilities in phpWebThings 1.4 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4227 (Multiple "potential" SQL injection vulnerabilities in DCP-Portal 6.1.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4228 (Multiple SQL injection vulnerabilities in PhpWebGallery 1.5.1 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4229 (Cross-site scripting (XSS) vulnerability in auction.pl in EveryAuction ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4230 (SQL injection vulnerability in poll.php in Link Up Gold 2.5 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4231 (Cross-site scripting (XSS) vulnerability in Link Up Gold 2.5 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4232 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4233 (SQL injection vulnerability in advertiser_statistic.php in Ad Manager ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4234 (SQL injection vulnerability in gallery.php in EncapsGallery 1.0.0 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4235 (Cross-site scripting (XSS) vulnerability in knowledgebase.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4236 (Cross-site scripting (XSS) vulnerability in search.php in CKGOLD ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4237 (Cross-site scripting (XSS) vulnerability in MySQL Auction 3.0 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4238 (Cross-site scripting (XSS) vulnerability in view_filters_page.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4239 (Cross-site scripting (XSS) vulnerability in Search/DisplayResults.php ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4240 (SQL injection vulnerability in search.php in VCD-db 0.98 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4241 (Cross-site scripting (XSS) vulnerability in the category page in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4242 (Multiple cross-site scripting (XSS) vulnerabilities in Horde Turba H3 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4243 (Multiple SQL injection vulnerabilities in QuickPayPro 3.1 allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4244 (SQL injection vulnerability in Snipe Gallery 3.1.4 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4245 (Cross-site scripting (XSS) vulnerability in search.php in Snipe ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4246 (SQL injection vulnerability in Plogger Beta 2 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4247 (Cross-site scripting (XSS) vulnerability in index.php in Plogger Beta ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4248 (Multiple cross-site scripting (XSS) vulnerabilities in QuickPayPro 3.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4249 (ADP Forum 2.0 through 2.0.3 stores sensitive information in plaintext ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4250 (Directory traversal vulnerability in mcGallery PRO 2.2 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4251 (Multiple SQL injection vulnerabilities in mcGallery PRO 2.2 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4252 (Cross-site scripting (XSS) vulnerability in mcGallery PRO 2.2 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4253 (Cross-site scripting (XSS) vulnerability in getdox.php in Torrential ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4254 (SQL injection vulnerability in view_Results.php in DreamLevels ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4255 (Cross-site scripting (XSS) vulnerability in TextSearch in WikkaWiki ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4256 (Cross-site scripting (XSS) vulnerability in forum.asp in ASP-DEV XM ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4257 (Linksys WRT54GS and BEFW11S4 allows remote attackers to cause a denial ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4258 (Unspecified Cisco Catalyst Switches allow remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4259 (Multiple SQL injection vulnerabilities in ASPBB 0.4 allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4260 (Interpretation conflict in includes/mainfile.php in PHP-Nuke 7.9 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4261 (Unspecified vulnerability in Positive Software Corporation CP+ ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4262 (Cross-site scripting (XSS) vulnerability in the News module in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4263 (SQL injection vulnerability in the News module in Envolution allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4264 (Multiple SQL injection vulnerabilities in index.php in PHP Support ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4265 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4266 (WorldClient.dll in Alt-N MDaemon and WorldClient 8.1.3 trusts a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4267 (Stack-based buffer overflow in Qualcomm WorldMail 3.0 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4268 (Buffer overflow in cpio 2.6-8.FC4 on 64-bit platforms, when creating a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4269 (mshtml.dll in Microsoft Windows XP, Server 2003, and Internet Explorer ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4270 (Buffer overflow in Watchfire AppScan QA 5.0.609 and 5.0.134 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4271 (Buffer overflow in the malloc debug system in IBM AIX 5.3 allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4272 (Multiple buffer overflows in IBM AIX 5.1, 5.2, and 5.3 allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4273 (Multiple unspecified vulnerabilities in (1) getShell and (2) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4274 (Unspecified vulnerability in Business Objects WebIntelligence 6.5x ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4275 (Scientific Atlanta DPX2100 Cable Modem allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4276 (Westell Versalink 327W allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4277 (Cross-site scripting (XSS) vulnerability in index.php in toendaCMS ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4278 (Untrusted search path vulnerability in Perl before 5.8.7-r1 on Gentoo ...) BUG: 106678 BUG: 105721 BUG: 105719 CVE-2005-4279 (Untrusted search path vulnerability in Qt-UnixODBC before 3.3.4-r1 on ...) BUG: 106678 BUG: 105721 BUG: 105719 CVE-2005-4280 (Untrusted search path vulnerability in CMake before 2.2.0-r1 on Gentoo ...) BUG: 106678 BUG: 105721 BUG: 105719 CVE-2005-4281 (Cross-site scripting (XSS) vulnerability in Zaygo HostingCart 2.0 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4282 (Cross-site scripting (XSS) vulnerability in Zaygo DomainCart 2.0 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4283 (Cross-site scripting (XSS) vulnerability in The CITY Shop 1.3 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4284 (Cross-site scripting (XSS) vulnerability in StaticStore Search Engine ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4285 (Cross-site scripting (XSS) vulnerability in pdestore.cgi in Dick ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4286 (Unspecified vulnerability in PhpLogCon before 1.2.2 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4287 (PHP remote file include vulnerability in MarmaraWeb E-commerce allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4288 (Cross-site scripting (XSS) vulnerability in index.php in MarmaraWeb ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4289 (Cross-site scripting (XSS) vulnerability in EDCstore.pl in eDatCat 0.3 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4290 (Cross-site scripting (XSS) vulnerability in index.cgi in ECW-Cart 2.03 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4291 (Cross-site scripting (XSS) vulnerability in cart.cgi in ECTOOLS ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4292 (Cross-site scripting (XSS) vulnerability in CommerceSQL 1.0 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4293 (Cross-site scripting (XSS) vulnerability in cp-app.cgi in ClickCartPro ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4294 (Cross-site scripting (XSS) vulnerability in Alkacon OpenCms before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4295 (Cross-site scripting (XSS) vulnerability in Absolute Image Gallery XE ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4296 (AppServ Open Project 2.5.3 allows remote attackers to cause a denial ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4297 (Cross-site scripting (XSS) vulnerability in bbBoard 2.56 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4298 (Cross-site scripting (XSS) vulnerability in atl.cgi in AtlantForum ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4299 (Cross-site scripting (XSS) vulnerability in atl.cgi in Atlant Pro 4.02 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4300 (Format string vulnerability in the lire_pop function in pop.c in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4301 (Cross-site scripting (XSS) vulnerability in phpXplorer 0.9.12 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4302 (Directory traversal vulnerability in index.php in ezDatabase 2.1.2 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4303 (SQL injection vulnerability in index.php for ezDatabase 2.1.2 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4304 (index.php in ezDatabase 2.1.2 and earlier allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4305 (Cross-site scripting (XSS) vulnerability in Edgewall Trac 0.9, 0.9.1, ...) BUG: 118302 CVE-2005-4306 (Multiple cross-site scripting (XSS) vulnerabilities in SiteNet BBS 2.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4307 (Cross-site scripting (XSS) vulnerability in ScareCrow 2.13 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4308 (index.php in ezUpload Pro 2.2 and earlier allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4309 (SQL injection vulnerability in ezUpload Pro 2.2 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4310 (SSH Tectia Server 5.0.0 (A, F, and T), when allowing host-based ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4311 (Cross-site scripting (XSS) vulnerability in DCForum 6.25 and earlier, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4312 (SQL injection vulnerability in index.php in AlmondSoft Almond ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4313 (SQL injection vulnerability in index.php in AlmondSoft Almond ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4314 (Cross-site scripting (XSS) vulnerability in ppcal.cgi in PPCal ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4315 (SQL injection vulnerability in the search function in Plexum PLEXCART ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4316 (HP-UX B.11.00, B.11.04, B.11.11, and B.11.23 allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4317 (Limbo CMS 1.0.4.2 and earlier, with register_globals off, does not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4318 (SQL injection vulnerability in index.php in Limbo CMS 1.0.4.2 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4319 (Directory traversal vulnerability in index2.php in Limbo CMS 1.0.4.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4320 (Limbo CMS 1.0.4.2 and earlier allows remote attackers to obtain the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4321 (The Internet Key Exchange version 1 (IKEv1) implementation in Apani ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4322 (Multiple cross-site scripting (XSS) vulnerabilities in Hitachi ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4323 (Unspecified vulnerability in Hitachi Cosminexus Collaboration Portal ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4324 (Hitachi Groupmax Mail SMTP 06-50 through 06-52-/A and 07-00 through ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4325 (Multiple unspecified vulnerabilities in Driverse before 0.56b have ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4326 (The web interface for American Power Conversion (APC) PowerChute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4327 (Multiple cross-site scripting (XSS) vulnerabilities in Michael Arndt ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4328 (Cross-site scripting (XSS) vulnerability in webglimpse.cgi in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4329 (SQL injection vulnerability in pafiledb.php in PHP Arena paFileDB ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4330 (SQL injection vulnerability in browse.ihtml in iHTML Merchant Mall ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4331 (SQL injection vulnerability in merchant.ihtml in iHTML Merchant ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4332 (Cisco Clean Access 3.5.5 and earlier on the Secure Smart Manager ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4333 (Multiple cross-site scripting (XSS) vulnerabilities in Binary Board ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4334 (SQL injection vulnerability in ZixForum 1.12 allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4335 (ProjectForum 4.7.0 and earlier allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4336 (Cross-site scripting (XSS) vulnerability in ProjectForum 4.7.0 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4337 (The login page in Blackboard Learning and Community Portal System in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4338 (announcement.pl in Blackboard Learning and Community Portal System in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4339 (Cross-site scripting (XSS) vulnerability in Blackboard Learning and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4340 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4341 (Blackboard Learning and Community Portal System in Academic Suite ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4342 (ColdFusion Sandbox on Adobe (formerly Macromedia) ColdFusion MX 6.0, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4343 (Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with JRun, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4344 (Adobe (formerly Macromedia) ColdFusion MX 7.0 does not honor when the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4345 (Adobe (formerly Macromedia) ColdFusion MX 7.0 exposes the password ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4346 (Invalid SQL syntax error in blog.php in phpBB Blog 2.2.2 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4347 (The Linux 2.4 kernel patch in kernel-patch-vserver before 1.9.5.5 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4348 (fetchmail before 6.3.1 and before 6.2.5.5, when configured for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4349 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4350 (Unspecified vulnerability in WBEM Services A.01.x before A.01.05.12 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4351 (The securelevels implementation in FreeBSD 7.0 and earlier, OpenBSD up ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4352 (The securelevels implementation in NetBSD 2.1 and earlier, and Linux ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4353 (SQL injection vulnerability in index.php in toendaCMS 0.6.2.1, when ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4354 (Cross-site scripting (XSS) vulnerability in webglimpse.cgi in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4355 (Multiple cross-site scripting (XSS) vulnerabilities in UStore allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4356 (SQL injection vulnerability in UStore allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4357 (Cross-site scripting (XSS) vulnerability in phpBB 2.0.18, when ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4358 (admin/admin_disallow.php in phpBB 2.0.18 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4359 (SQL injection vulnerability in includes/core.inc.php in ODFaq 2.1.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4360 (The URL parser in Microsoft Internet Information Services (IIS) 5.1 on ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4361 (Cross-site scripting (XSS) vulnerability in search.html in Magnolia ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4362 (SQL injection vulnerability in page.php in Komodo CMS 2.1 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4363 (Cross-site scripting (XSS) vulnerability in the search engine in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4364 (Cross-site scripting (XSS) vulnerability in index.cfm in Hot Banana ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4365 (Multiple cross-site scripting (XSS) vulnerabilities in FLIP 0.9.0.1029 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4366 (Multiple SQL injection vulnerabilities in DRZES HMS 3.2 allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4367 (Cross-site scripting (XSS) vulnerability in register_domain.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4368 (roundcube webmail Alpha, with a default high verbose level ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4369 (Cross-site scripting (XSS) vulnerability in Acuity CMS 2.6.2 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4370 (SQL injection vulnerability in main_content.asp in Acidcat 2.1.13 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4371 (Acidcat 2.1.13 and earlier stores the database under the web root with ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4372 (Cross-site scripting (XSS) vulnerability in account.html in Adaptive ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4373 (Adaptive Website Framework (AWF) 2.10 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4374 (Multiple cross-site scripting (XSS) vulnerabilities in Allinta 2.3.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4375 (Cross-site scripting (XSS) vulnerability in Amaxus 3 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4376 (Directory traversal vulnerability in Amaxus 3 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4377 (Cross-site scripting (XSS) vulnerability in Page.asp in Baseline CMS ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4378 (SQL injection vulnerability in Page.asp in Baseline CMS 1.95 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4379 (Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 1.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4380 (Multiple SQL injection vulnerabilities in Bitweaver 1.1 and 1.1.1 beta ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4381 (Multiple cross-site scripting (XSS) vulnerabilities in Caravel CMS 3.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4382 (SQL injection vulnerability in CitySoft Community Enterprise 4.x ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4383 (Cross-site scripting (XSS) vulnerability in index.cfm in CitySoft ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4384 (CitySoft Community Enterprise 4.x allows remote attackers to obtain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4385 (Cross-site scripting (XSS) vulnerability in search.htm in Cofax 2.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4386 (Cross-site scripting (XSS) vulnerability in Colony CMS 2.75 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4387 (Cross-site scripting (XSS) vulnerability in home.php in contenite 0.11 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4388 (Cross-site scripting (XSS) vulnerability in search.cfm in CONTENS 3.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4389 (search.cfm in CONTENS 3.0 and earlier allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4390 (SQL injection vulnerability in index.php in ContentServ 3.1 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4391 (Cross-site scripting (XSS) vulnerability in damoon allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4392 (SQL injection vulnerability in printer_friendly.cfm in e-publish CMS ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4393 (Cross-site scripting (XSS) vulnerability in show.cfm in e-publish CMS ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4394 (Cross-site scripting (XSS) vulnerability in EPiX 3.1.2 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4395 (Cross-site scripting (XSS) vulnerability in FarCry 3.0 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4396 (Cross-site scripting (XSS) vulnerability in admin/Default.asp in iCMS ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4397 (SQL injection vulnerability in RunScript.asp iCMS allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4398 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4399 (Cross-site scripting (XSS) vulnerability in search/index.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4400 (Cross-site scripting (XSS) vulnerability in downloads/portal_ent in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4401 (Cross-site scripting (XSS) vulnerability in Lutece 1.2.3 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4402 (Buffer overflow in MailEnable Professional 1.71 and earlier, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4403 (SQL injection vulnerability in index.php in Marwel 2.7 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4404 (SQL injection vulnerability in default.asp in Media2 CMS Shop 18.x ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4405 (redqueen.cgi in Red Queen 1.02 and earlier allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4406 (SQL injection vulnerability in index.cfm in Mercury CMS 4.0 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4407 (Cross-site scripting (XSS) vulnerability in index.cfm in Mercury CMS ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4408 (Multiple SQL injection vulnerabilities in Miraserver 1.0 RC4 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4409 (Cross-site scripting (XSS) vulnerability in MMBase 1.7.4 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4410 (Cross-site scripting (XSS) vulnerability in NQcontent 3 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4411 (Buffer overflow in Mercury Mail Transport System 4.01b allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4412 (Citrix Program Neighborhood client before 9.150 caches the user ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4413 (Multiple cross-site scripting (XSS) vulnerabilities in sample scripts ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4414 (Unspecified vulnerability in Teamwork 3 before alpha 1.7 has unknown ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4415 (Cross-site scripting (XSS) vulnerability in index.php in TML CMS 0.5 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4416 (SQL injection vulnerability in index.php in TML CMS 0.5 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4417 (The default configuration of Widcomm Bluetooth for Windows (BTW) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4418 (util-vserver before 0.30.208-1 with kernel-patch-vserver before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4419 (Multiple SQL injection vulnerabilities in CategoryResults.cfm in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4420 (Cross-site scripting (XSS) vulnerability in Honeycomb Archive ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4421 (Dev-Editor 3.0 allows remote attackers to access any directory outside ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4422 (Unrestricted file upload vulnerability in toendaCMS before 0.6.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4423 (Unrestricted file upload vulnerability in PHPFM before 0.2.3 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4424 (Directory traversal vulnerability in PHPKIT 1.6.1 R2 and earlier might ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4425 (Unspecified vulnerability in Kerio WinRoute Firewall before 6.1.3 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4426 (Interpretation conflict in YaBB before 2.1 allows remote authenticated ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4427 (Multiple SQL injection vulnerabilities in Cerberus Helpdesk allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4428 (Cross-site scripting (XSS) vulnerability in index.php in Cerberus ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4429 (SQL injection vulnerability in CS-Cart 1.3.0 allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4430 (SQL injection vulnerability in LogicBill 1.0 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4431 (SQL injection vulnerability in WowBB 1.65 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4432 (Cross-site scripting (XSS) vulnerability in index.php in PlaySMS 0.8 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4433 (Cross-site scripting (XSS) vulnerability in search.php in Esselbach ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4434 (Cross-site scripting (XSS) vulnerability in AbleDesign ReSearch 2.x ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4435 (Cross-site scripting (XSS) vulnerability in index.php AbleDesign D-Man ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4436 (Extended Interior Gateway Routing Protocol (EIGRP) 1.2, as implemented ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4437 (MD5 Neighbor Authentication in Extended Interior Gateway Routing ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4438 (Heap-based buffer overflow in Dec2Rar.dll 3.2.14.3, as distributed in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4439 (Buffer overflow in ELOG elogd 2.6.0-beta4 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4440 (The 802.1q VLAN protocol allows remote attackers to bypass network ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4441 (The PVLAN protocol allows remote attackers to bypass network ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4442 (Untrusted search path vulnerability in OpenLDAP before 2.2.28-r3 on ...) BUG: 112577 BUG: 105380 CVE-2005-4443 (Untrusted search path vulnerability in Gauche before 0.8.6-r1 on ...) BUG: 112577 BUG: 105380 CVE-2005-4444 (Stack-based buffer overflow in the trace message functionality in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4445 (Off-by-one error in Pegasus Mail 4.21a through 4.21c and 4.30PB1 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4446 (Cross-site scripting (XSS) vulnerability in index.asp in ASPBite 8.x ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4447 (SQL injection vulnerability in articles\articles_funcs.php in phpCOIN ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4448 (FlatNuke 2.5.6 verifies authentication credentials based on an MD5 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4449 (verify.php in FlatNuke 2.5.6 allows remote authenticated ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4450 (Cross-site request forgery (CSRF) vulnerability in phpMyAdmin 2.7.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4451 (Unspecified vulnerability in Software Distributor in HP-UX B.11.11 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4452 (Information Call Center stores the CallCenterData.mdb database under ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4453 (UserProfile.cs in Ultraapps Issue Manager before 2.1 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4454 (Validate-before-filter vulnerability in cleanhtml.pl 1.129 in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4455 (cleanhtml.pl 1.129 in LiveJournal CVS before Dec 13 2005 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4456 (Multiple buffer overflows in MailEnable Professional 1.71 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4457 (MailEnable Enterprise 1.1 before patch ME-10009 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4458 (Group.pm in Metadot Portal Server 6.4.4 and earlier does not properly ...) BUG: 235055 CVE-2005-4459 (Heap-based buffer overflow in the NAT networking components vmnat.exe ...) BUG: 116238 CVE-2005-4460 (Cross-site scripting (XSS) vulnerability in Beehive Forum 0.6.2 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4461 (SQL injection vulnerability in index.php in Beehive Forum 0.6.2 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4462 (PHP remote file include vulnerability in usermods.php in Tolva PHP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4463 (WordPress before 1.5.2 allows remote attackers to obtain sensitive ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4464 (Ingate Firewall before 4.3.4 and SIParator before 4.3.4 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4465 (The Internet Key Exchange version 1 (IKEv1) implementation in NEC ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4466 (Heap-based buffer overflow in the SIPParser function in i3sipmsg.dll ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4467 (Directory traversal vulnerability in help_text_vars.php in PHPGedView ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4468 (PHP remote file include vulnerability in help_text_vars.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4469 (Multiple direct static code injection vulnerabilities in PHPGedView ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4470 (Heap-based buffer overflow in the get_bhead function in readfile.c in ...) BUG: 118163 CVE-2005-4471 (POP3 service in Avaya Modular Messaging Message Storage Server (MSS) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4472 (Stack-based buffer overflow in the Macromedia JRun 4 web server (JWS) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4473 (Unspecified vulnerability in Macromedia JRun 4 web server (JWS) allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4474 (Buffer overflow in the "Add to archive" command in WinRAR 3.51 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4475 (Cross-site scripting (XSS) vulnerability in OpenCms 6.0.3 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4476 (Cross-site scripting (XSS) vulnerability in store/search/results.html ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4477 (Cross-site scripting (XSS) vulnerability in papaya CMS 4.0.4 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4478 (Multiple SQL injection vulnerabilities in Papoo 2.1.2 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4479 (SQL injection vulnerability in article.php in phpSlash 0.8.1 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4480 (Cross-site scripting (XSS) vulnerability in Plexcor CMS 4.0 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4481 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4482 (Cross-site scripting (XSS) vulnerability in login.asp in PortalApp 3.3 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4483 (Cross-site scripting (XSS) vulnerability in login.asp in SiteEnable ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4484 (Multiple cross-site scripting (XSS) vulnerabilities in IntranetApp 3.3 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4485 (Multiple cross-site scripting (XSS) vulnerabilities in ProjectApp 3.3 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4486 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4487 (Cross-site scripting (XSS) vulnerability in RAMSite R|1 CMS 1.0 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4488 (Multiple cross-site scripting (XSS) vulnerabilities in index.tpl in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4489 (Cross-site scripting (XSS) vulnerability in Scoop 1.1 RC1 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4490 (Multiple cross-site scripting (XSS) vulnerabilities in SCOOP! 2.3 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4491 (Multiple cross-site scripting (XSS) vulnerabilities in Sitekit CMS 6.6 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4492 (Cross-site scripting (XSS) vulnerability in Starphire SiteSage 5.0.18 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4493 (Cross-site scripting (XSS) vulnerability in SpearTek 6.0 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4494 (Cross-site scripting (XSS) vulnerability in SPIP 1.8.2 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4495 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4496 (Cross-site scripting (XSS) vulnerability in search in SyntaxCMS 1.2.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4497 (Cross-site scripting (XSS) vulnerability in Tangora Portal CMS 4.0 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4498 (Cross-site scripting (XSS) vulnerability in Text-e 1.6.4 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4499 (The Downloadable RADIUS ACLs feature in Cisco PIX and VPN 3000 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4500 (SQL injection vulnerability in MusicBox 2.3 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4501 (MediaWiki before 1.5.4 uses a hard-coded "internal placeholder ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4502 (Cross-site scripting (XSS) vulnerability in httprint v202, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4503 (httprint v202, and possibly other versions before v301, allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4504 (The khtml::RenderTableSection::ensureRows function in KHTMLParser in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4505 (Unquoted Windows search path vulnerability in McAfee VirusScan ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4506 (Nexus Concepts Dev Hound 2.24 and earlier stores username and password ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4507 (Multiple cross-site scripting (XSS) vulnerabilities in Nexus Concepts ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4508 (Nexus Concepts Dev Hound 2.24 and earlier allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4509 (SQL injection vulnerability in index.asp in pTools allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4510 (Directory traversal vulnerability in server.np in NetPublish Server 7 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4511 (Format string vulnerability in TN3270 Resource Gateway 1.1.0 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4512 (Cross-site scripting (XSS) vulnerability in WAXTRAPP 3.0.1 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4513 (Cross-site scripting (XSS) vulnerability in WANDSOFT e-SEARCH allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4514 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4515 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4516 (Multiple cross-site scripting (XSS) vulnerabilities in PHP-Fusion ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4517 (SQL injection vulnerability in PHP-Fusion 6.00.200 through 6.00.300 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4518 (Mantis before 0.19.4 allows remote attackers to bypass the file upload ...) BUG: 116036 CVE-2005-4519 (Multiple SQL injection vulnerabilities in the manage user page ...) BUG: 116036 CVE-2005-4520 (Unspecified "port injection" vulnerabilities in filters in Mantis ...) BUG: 116036 CVE-2005-4521 (CRLF injection vulnerability in Mantis 1.0.0rc3 and earlier allows ...) BUG: 116036 CVE-2005-4522 (Multiple cross-site scripting (XSS) vulnerabilities in the ...) BUG: 116036 CVE-2005-4523 (Mantis 1.0.0rc3 and earlier discloses private bugs via public RSS ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4524 (Mantis 1.0.0rc3 does not properly handle "Make note private" when a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4525 (SmcGui.exe in Sygate Protection Agent 5.0 build 6144 allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4526 (Clearswift MIMEsweeper For Web (a.k.a. WEBsweeper) 4.0 through 5.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4527 (Multiple SQL injection vulnerabilities in Direct News 4.9 allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4528 (SQL injection vulnerability in the Chatspot 2.0.0a7 module for phpBB ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4529 (The Chatspot 2.0.0a7 module for phpBB might allow remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4530 (Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft EPay ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4531 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4532 (scponlyc in scponly 4.1 and earlier, when the operating system ...) BUG: 116526 CVE-2005-4533 (Argument injection vulnerability in scponlyc in scponly 4.1 and ...) BUG: 116526 CVE-2005-4534 (The shadow database feature (syncshadowdb) in Bugzilla 2.9 through ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4535 RESERVED CVE-2005-4536 (Mail::Audit module in libmail-audit-perl 2.1-5, when logging is ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4537 RESERVED CVE-2005-4538 RESERVED CVE-2005-4539 RESERVED CVE-2005-4540 RESERVED CVE-2005-4541 RESERVED CVE-2005-4542 RESERVED CVE-2005-4543 RESERVED CVE-2005-4544 RESERVED CVE-2005-4545 (Cross-site scripting (XSS) vulnerability in search.asp in NetDirect ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4546 (search.php in eggblog 2.0 allows remote attackers to obtain the full ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4547 (Cross-site scripting (XSS) vulnerability in home/search.php in eggblog ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4548 (SQL injection vulnerability in the "user area" in RWS Statistics ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4549 (Cross-site scripting (XSS) vulnerability in Oracle Application Server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4550 (The PORTAL schema in Oracle Application Server (OracleAS) Discussion ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4551 (Cross-site scripting (XSS) vulnerability in sign.php in codegrrl ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4552 (The (1) slsmgr and (2) slsadmin programs in Sun Solaris PC NetLink 2.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4553 (Buffer overflow in Golden FTP Server 1.92 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4554 (Multiple SQL injection vulnerabilities in DEV web management system ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4555 (Cross-site scripting (XSS) vulnerability in add.php in DEV web ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4556 (PHP remote file include vulnerability in IceWarp Web Mail 5.5.1, as ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4557 (dir/include.html in IceWarp Web Mail 5.5.1, as used by Merak Mail ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4558 (IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4559 (mail/include.html in IceWarp Web Mail 5.5.1, as used by Merak Mail ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4560 (The Windows Graphical Device Interface library (GDI32.DLL) in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4561 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4562 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4563 (SQL injection vulnerability in main.php in Enterprise Heart Enterprise ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4564 (The Internet Key Exchange version 1 (IKEv1) implementation in ADTRAN ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4565 (Format string vulnerability in the Internet Key Exchange version 1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4566 (Buffer overflow in the Internet Key Exchange version 1 (IKEv1) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4567 (Multiple cross-site scripting (XSS) vulnerabilities in FTGate ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4568 (Multiple format string vulnerabilities in FTGate Technology (formerly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4569 (Stack-based buffer overflow in index.fts in FTGate Technology ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4570 (The Internet Key Exchange version 1 (IKEv1) implementations in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4571 (Cross-site scripting (XSS) vulnerability in myEZshop Shopping Cart ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4572 (Multiple SQL injection vulnerabilities in myEZshop Shopping Cart allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4573 (PHP remote file include vulnerability in plog-admin-functions.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4574 (Cross-site scripting (XSS) vulnerability in loader.cfm in PaperThin ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4575 (PaperThin CommonSpot Content Server 4.5 and earlier allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4576 (Multiple cross-site scripting (XSS) vulnerabilities in the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4577 (Multiple cross-site scripting (XSS) vulnerabilities in Hitachi ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4578 (Multiple SQL injection vulnerabilities in Hitachi Business Logic - ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4579 (Multiple HTTP response splitting vulnerabilities in Hitachi Business ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4580 (Cross-site scripting (XSS) vulnerability in Day Communique 4 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4581 (Buffer overflow in Electric Sheep 2.6.3 client allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4582 (Electric Sheep 2.6.3 does not require authentication or integrity ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4583 (Unspecified vulnerability in the Management Interface in VMware ESX ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4584 (BZFlag server 2.0.4 and earlier allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4585 (Unspecified vulnerability in the GTP dissector for Ethereal 0.9.1 to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4586 (Multiple SQL injection vulnerabilities in PHPSurveyor before 0.991 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4587 (Juniper NetScreen-Security Manager (NSM) 2004 FP2 and FP3 allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4588 (Cross-site scripting (XSS) vulnerability in Koobi 5 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4589 (Spb Kiosk Engine 1.0.0.1 stores the administrator's passcode in the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4590 (Spb Kiosk Engine 1.0.0.1 allows local users to bypass restrictions on ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4591 (Heap-based buffer overflow in bogofilter 0.96.2, 0.95.2, 0.94.14, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4592 (Heap-based buffer overflow in bogofilter and bogolexer 0.96.2 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4593 (PHP remote file inclusion vulnerability in phpDocumentor 1.3.0 rc4 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4594 (Stack-based buffer overflow in TUGZip 3.4.0.0 allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4595 (Untrusted search path vulnerability (RPATH) in XnView 1.70 and NView ...) BUG: 117063 CVE-2005-4596 (Cross-site scripting (XSS) vulnerability in read.php in AdesGuestbook ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4597 (Cross-site scripting (XSS) vulnerability in index.php in iPei ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4598 (Cross-site scripting (XSS) vulnerability in home.php in OoApp ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4599 (Cross-site scripting (XSS) vulnerability in tiny_mce_gzip.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4600 (Directory traversal vulnerability in tiny_mce_gzip.php in TinyMCE ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4601 (The delegate code in ImageMagick 6.2.4.5-0.3 allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4602 (SQL injection vulnerability in inc/function_upload.php in MyBB before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4603 (Cross-site scripting (XSS) vulnerability in printthread.php in MyBB ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4604 (Buffer overflow in MTink in the printer-filters-utils package allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4605 (The procfs code (proc_misc.c) in Linux 2.6.14.3 and other versions ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4606 (SQL injection vulnerability in check_user.asp in multiple Web Wiz ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4607 (Cross-site scripting (XSS) vulnerability in index.php in BugPort 1.147 ...) BUG: 235060 CVE-2005-4608 (SQL injection vulnerability in index.php in BugPort 1.147 allows ...) BUG: 235060 CVE-2005-4609 (index.php in BugPort 1.147 and earlier allows remote attackers to ...) BUG: 235060 CVE-2005-4610 (Format string vulnerability in the server for Dopewars before 1.5.12, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4611 (SQL injection vulnerability in search.php in Free ClickBank 1.0 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4612 (Multiple SQL injection vulnerabilities in VUBB alpha rc1 allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4613 (Cross-site scripting (XSS) vulnerability in VUBB alpha rc1 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4614 (Multiple SQL injection vulnerabilities in digiSHOP 3.1.17 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4615 (SQL injection vulnerability in news.php in DapperDesk 3.0.1 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4616 (SQL injection vulnerability in index.php in iSupport 1.06 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4617 (SQL injection vulnerability in tickets.php in cSupport 1.0 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4618 (Buffer overflow in sysctl in the Linux Kernel 2.6 before 2.6.15 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4619 (SQL injection vulnerability in index.php in phpoutsourcing Zorum Forum ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4620 (Buffer overflow in WinRAR 3.50 and earlier allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4621 (Cross-site scripting (XSS) vulnerability in the editavatar page in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4622 (Directory traversal vulnerability in eFileGo 3.01 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4623 (upload.exe in eFileGo 3.01 allows remote attackers to cause a denial ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4624 (The m_join function in channel.c for PTnet ircd 1.5 and 1.6 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4625 (Drivers for certain display adapters, including (1) an unspecified ATI ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4626 (The default configuration of Recruitment Software installs ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4627 (Cross-site scripting (XSS) vulnerability in index.php in (1) GmailSite ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4628 (SQL injection vulnerability in index.php in HelpDeskPoint 2.38 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4629 (SQL injection vulnerability in SMBCMS 2.1 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4630 (SQL injection vulnerability in index.php in ClientExec 2.3 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4631 (SQL injection vulnerability in index.php in Zina 0.12.07 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4632 (SQL injection vulnerability in poll_frame.php in Vote! Pro 4.0 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4633 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4634 (SQL injection vulnerability in index.php in ActiveCampaign SupportTrio ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4635 (The nl_fib_input function in fib_frontend.c in the Linux kernel before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4636 (OpenOffice.org 2.0 and earlier, when hyperlinks has been disabled, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4637 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4638 (index.php in Kayako SupportSuite 3.00.26 and earlier allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4639 (Buffer overflow in the CA-driver (dst_ca.c) for TwinHan DST ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4640 (SQL injection vulnerability in index.php in class-1 Poll Software 0.4 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4641 (SQL injection vulnerability in home.php in eazyCMS 2.0 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4642 (Multiple cross-site scripting (XSS) vulnerabilities in HydroBB 1.0.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4643 (SQL injection vulnerability in index.php in Antharia OnContent // CMS ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4644 (Cross-site scripting (XSS) vulnerability in the HTML WikiProcessor in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4645 (SQL injection vulnerability in index.php in 3CFR allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4646 (Unspecified vulnerability in index.php in PEARLINGER Pearl Forums 2.4 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4647 (Multiple SQL injection vulnerabilities in PEARLINGER Pearl Forums 2.4 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4648 (Buffer overflow in Illustrate dBpowerAMP Music Converter 11.5 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4649 (Multiple cross-site scripting (XSS) vulnerabilities in Advanced ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4650 (Joomla! 1.03 does not restrict the number of "Search" Mambots, which ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4651 (SQL injection vulnerability in index.php in AlstraSoft EPay Pro 2.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4652 (SQL injection vulnerability in PHlyMail 3.02.01 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4653 (Unspecified vulnerability in ss.php in AL-Caricatier 2.5 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4654 (Multiple unspecified vulnerabilities in Oracle for OpenView (OfO) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4655 (Cross-site scripting (XSS) vulnerability in submit.php in PHP-Fusion ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4656 (SQL injection vulnerability in index.php in TClanPortal 1.1.3 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4657 (Ocean12 Calendar Manager Pro 1.01 allows remote attackers to bypass ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4658 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4659 (IPCop (aka IPCop Firewall) before 1.4.10 has world-readable ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4660 (Race condition in IPCop (aka IPCop Firewall) before 1.4.10 might allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4661 (The notifyendsubs cron job in Campsite before 2.3.3 sends an e-mail ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4662 (Multiple SQL injection vulnerabilities in OcoMon 1.20, and possibly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4663 (Cross-site scripting (XSS) vulnerability in OcoMon 1.20, and possibly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4664 (SQL injection vulnerability in OcoMon 1.21, and possibly other ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4665 (Cross-site scripting (XSS) vulnerability in PunBB 1.2.6 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4666 (Cross-site scripting (XSS) vulnerability in PHlyMail before 3.3 Beta1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4667 (Buffer overflow in UnZip 5.50 and earlier allows user-assisted ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4668 (The embedded HSQLDB in ParosProxy before 3.2.7, when running with JDK ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4669 (SQL injection vulnerability in RT Internet Solutions (RTIS) WebAdmin ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4670 (Cross-site scripting (XSS) vulnerability in message.php in CityPost ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4671 (Cross-site scripting (XSS) vulnerability in simple-upload-53.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4672 (Cross-site scripting (XSS) vulnerability in image-editor-52/index.php ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4673 (ioFTPD 0.5.84 u responds with different messages depending on whether ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4674 (Multiple SQL injection vulnerabilities in list.php in Complete PHP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4675 (Cross-site scripting (XSS) vulnerability in list.php in Complete PHP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4676 (Buffer overflow in Andreas Huggel Exiv2 before 0.9 does not null ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4677 (SQL injection vulnerability in additional_images.php (aka the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4678 (Apple Safari 2.0.2 (aka 416.12) allows remote attackers to spoof the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4679 (Internet Explorer 6 for Windows XP Service Pack 2 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4680 (Sophos Anti-Virus before 4.02, 4.5.x before 4.5.9, 4.6.x before 4.6.9, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4681 (** DISPUTED ** Buffer overflow in mIRC 5.91, 6.03, 6.12, and 6.16 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4682 (Cross-site scripting (XSS) vulnerability in error.asp in AudienceView ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4683 (PADL MigrationTools 46, when a failure occurs, stores contents of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4684 (Konqueror can associate a cookie with multiple domains when the DNS ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4685 (Firefox and Mozilla can associate a cookie with multiple domains when ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4686 (PunBB 1.2.9, when used alone or with F-ART BLOG:CMS, includes ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4687 (PunBB 1.2.9, used alone or with F-ART BLOG:CMS, may trust a client's ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4688 (PunBB 1.2.9 does not require password entry when changing the e-mail ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4689 (Six Apart Movable Type 3.16 stores account names and password hashes ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4690 (Six Apart Movable Type 3.16 allows local users with blog-creation ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4691 (imake in NetBSD before 2.0.3, NetBSD-current before 12 September 2005, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4692 (Unspecified vulnerability in mroovca stats (mroovcastats) before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4693 (Gaim-Encryption 2.38-1 on Debian Linux allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4694 (Unspecified vulnerability in the www_add method in Asset.pm in Plain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4695 (Symantec Brightmail AntiSpam 6.0 build 1 and 2 allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4696 (The Microsoft Wireless Zero Configuration system (WZCS) stores WEP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4697 (The Microsoft Wireless Zero Configuration system (WZCS) allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4698 (Cross-site scripting (XSS) vulnerability in TellMe 1.2 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4699 (Argument injection vulnerability in TellMe 1.2 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4700 (TellMe 1.2 and earlier, when the Server (o_Server) and HEAD (o_Head) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4701 (Unspecified vulnerability in Process File System (procfs) in Sun ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4702 (SQL injection vulnerability in the favorites module in index.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4703 (Apache Tomcat 4.0.3, when running on Windows, allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4704 (Unspecified vulnerability in BEA WebLogic Server and WebLogic Express ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4705 (BEA WebLogic Server and WebLogic Express 8.1 through SP4, 7.0 through ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4706 (Unspecified vulnerability in the "privilege management" feature of Sun ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4707 (Multiple cross-site scripting (XSS) vulnerabilities in PHP GEN before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4708 (Adobe Macromedia MX 2004 products, Captivate, Contribute 2, Contribute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4709 (The popSubjectContext method in the SecurityAssociation class in JBoss ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4710 (Unspecified vulnerability in multiple Autodesk and AutoCAD products ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4711 (SQL injection vulnerability in Neocrome Land Down Under (LDU) 801 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4712 (CRLF injection vulnerability in process_signup.php in PHP Handicapper ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4713 (Unspecified vulnerability in the SQL logging facility in PAM-MySQL ...) BUG: 120842 CVE-2005-4714 (Format string vulnerability in the vmps_log function in OpenVMPS (VLAN ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4715 (Multiple SQL injection vulnerabilities in modules.php in PHP-Nuke 7.8, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4716 (Hitachi TP1/Server Base and TP1/NET/Library 2 on IBM AIX allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4717 (Microsoft Internet Explorer 6.0 on Windows NT 4.0 SP6a, Windows 2000 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4718 (Opera 8.02 and earlier allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4719 (Multiple SQL injection vulnerabilities in Sysbotz Systems Panel 1.0.6 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4720 (Mozilla Firefox 1.0.7 and earlier on Linux allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4721 (Cross-site scripting (XSS) vulnerability in search.cfm in tmsPUBLISHER ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4722 (_Request_Message.cfm in tmsPUBLISHER 3.3 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4723 (D-Link DI-524 Wireless Router, DI-624 Wireless Router, and DI-784 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4724 (SQL injection vulnerability in post.php in PhpTagCool 1.0.3 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4725 (Geeklog before 1.3.11sr3 allows remote attackers to bypass intended ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4726 (MUTE 0.4 uses improper flood protection algorithms, which allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4727 (Cross-site scripting (XSS) vulnerability in gbook.cgi in gBook before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4728 (Untrusted search path vulnerability (RPATH) in amaya 9.2.1 on Debian ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4729 (SQL injection vulnerabilitiy in show.php in VBZooM Forum allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4730 (Unspecified vulnerability in PEAR Text_Password 1.0 has unknown impact ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4731 (The Next action in PEAR HTML_QuickForm_Controller 1.0.4 includes the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4732 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4733 (NetBSD 2.0 before 20050316 and NetBSD-current before 20050112 allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4734 (Stack-based buffer overflow in IISWebAgentIF.dll in RSA Authentication ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4735 (IBM DB2 Universal Database (UDB) 810 before 8.1 FP10 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4736 (IBM DB2 Universal Database (UDB) 820 before 8.2 FP10 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4737 (IBM DB2 Universal Database (UDB) 820 before ESE AIX 5765F4100 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4738 (IBM DB2 Universal Database (UDB) 810 before ESE AIX 5765F4100 does not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4739 (IBM DB2 Universal Database (UDB) 820 before version 8 FixPak 10 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4740 (IBM DB2 Universal Database (UDB) 810 before version 8 FixPak 10 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4741 (NetBSD 1.6, NetBSD 2.0 through 2.1, and NetBSD-current before 20051031 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4742 (Unspecified vulnerability in Echelog 0.6.2 allows attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4743 (Multiple SQL injection vulnerabilities in index.php in NeLogic Nephp ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4744 (Off-by-one error in the sql_error function in sql_unixodbc.c in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4745 (SQL injection vulnerability in the rlm_sqlcounter module in FreeRADIUS ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4746 (Multiple buffer overflows in FreeRADIUS 1.0.3 and 1.0.4 allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4747 (Cross-site scripting (XSS) vulnerability in WebHost Automation Ltd ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4748 (PHP remote file include vulnerability in functions_admin.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4749 (HTTP request smuggling vulnerability in BEA WebLogic Server and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4750 (BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP5 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4751 (Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4752 (BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4753 (BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4754 (BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4755 (BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier (1) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4756 (BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4757 (BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier, and 7.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4758 (Unspecified vulnerability in the Administration server in BEA WebLogic ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4759 (BEA WebLogic Server and WebLogic Express 8.1 and 7.0, during a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4760 (BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier, and 7.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4761 (BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP5 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4762 (BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4763 (BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4764 (BEA WebLogic Server and WebLogic Express 9.0, 8.1, and 7.0 lock out ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4765 (BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier and 7.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4766 (BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4767 (BEA WebLogic Server and WebLogic Express 8.1 SP5 and earlier, and 7.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4768 (SQL injection vulnerability in manage_account.php in Tux Racer TuxBank ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4769 (SQL injection vulnerability in addrbook.php in Belchior Foundry vCard ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4770 (SQL injection vulnerability in an unspecified Accelerated Enterprise ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4771 (Trusted Mobility Agent PC Policy in Trust Digital Trusted Mobility ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4772 (liby2util in Yet another Setup Tool (YaST) in SUSE Linux before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4773 (The configuration of VMware ESX Server 2.x, 2.0.x, 2.1.x, and 2.5.x ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4774 (Cross-site scripting (XSS) vulnerability in Xerver 4.17 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4775 (Michael Scholz and Sebastian Stein Contineo 2.0, when the admin ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4776 (Integer overflow in the FreeBSD compatibility code (freebsd_misc.c) in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4777 (Tashcom ASPEdit 2.9 stores the administration password (aka the FTP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4778 (The powersave daemon in SUSE Linux 10.0 before 20051007 has an ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4779 (verifiedexecioctl in verified_exec.c in NetBSD 2.0.2 calls NDINIT with ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4780 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4781 (Multiple SQL injection vulnerabilities in SergiDs Top Music module 3.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4782 (NetBSD 2.0 before 2.0.4, 2.1 before 2.1.1, and 3, when the kernel is ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4783 (kernfs_xread in kernfs_vnops.c in NetBSD before 20050831 does not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4784 (Multiple buffer overflows in the POSIX readdir_r function, as used in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4785 (Cross-site scripting (XSS) vulnerability in QuickBlogger 1.4 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4786 (Buffer overflow in the archive decompression library (vrAZMain.dll ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4787 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4788 (resmgr in SUSE Linux 9.2 and 9.3, and possibly other distributions, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4789 (resmgr in SUSE Linux 9.2 and 9.3, and possibly other distributions, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4790 (Multiple untrusted search path vulnerabilities in SUSE Linux 9.3 and ...) BUG: 199841 BUG: 189249 BUG: 199841 CVE-2005-4791 (Multiple untrusted search path vulnerabilities in SUSE Linux 10.0 ...) BUG: 199839 CVE-2005-4792 (SQL injection vulnerability in index.php in Appalachian State ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4793 (Multiple unspecified vulnerabilities in the web utility function in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4794 (Cisco IP Phones 7902/7905/7912, ATA 186/188, Unity Express, ACNS, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4795 (Unspecified vulnerability in the multi-language environment library ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4796 (Unspecified vulnerability in the XView library (libxview.so) in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4797 (Directory traversal vulnerability in printd line printer daemon (lpd) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4798 (Buffer overflow in NFS readlink handling in the Linux Kernel 2.4 up to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4799 (Multiple cross-site scripting (XSS) vulnerabilities in Yet Another PHP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4800 (Direct static code injection vulnerability in Yet Another PHP Image ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4801 (Multiple cross-site request forgery (CSRF) vulnerabilities in Yet ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4802 (Flexbackup 1.2.1 and earlier allows local users to overwrite files and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4803 (graphviz before 2.2.1 allows local users to overwrite arbitrary files ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4804 (Unspecified vulnerability in Sun Java System Application Server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4805 (Unspecified vulnerability in Sun Java System Application Server 7 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4806 (Multiple unspecified vulnerabilities in Sun Java System Web Proxy ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4807 (Stack-based buffer overflow in the as_bad function in messages.c in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4808 (Buffer overflow in reset_vars in config/tc-crx.c in the GNU as (gas) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4809 (Mozilla Firefox 1.0.1 and possibly other versions, including Mozilla ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4810 (Microsoft Internet Explorer 7.0 Beta3 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4811 (The hugepage code (hugetlb.c) in Linux kernel 2.6, possibly 2.6.12 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4812 (The SISCO OSI stack for Windows, as used by MMS-EASE 7.10 and earlier, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4813 (Unspecified vulnerability in Report Application Server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4814 (Unrestricted file upload vulnerability in Segue CMS before 1.3.6, when ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4815 (SAP 6.4 before 6.40 patch 4, 6.2 before 6.20 patch 1364, 4.6 before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4816 (Buffer overflow in mod_radius in ProFTPD before 1.3.0rc2 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4817 (Format string vulnerability in ui.c in Textbased MSN Client (TMSNC) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4818 (Multiple SQL injection vulnerabilities in Copernicus Europa allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4819 (Cross-site scripting (XSS) vulnerability in Lotus Domino versions ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4820 (SMC Wireless Router model SMC7904WBRA allows remote attackers to cause ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4821 (Multiple SQL injection vulnerabilities in Land Down Under (LDU) v801 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4822 (SQL injection vulnerability in projects/project-edit.asp in Digger ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4823 (Buffer overflow in the HP HTTP Server 5.0 through 5.95 of the HP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4824 (PHP remote file inclusion vulnerability in web/classes.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4825 (Cisco Clean Access 3.5.5 and earlier on the Secure Smart Manager ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4826 (Unspecified vulnerability in the VLAN Trunking Protocol (VTP) feature ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4827 (Internet Explorer 6.0, and possibly other versions, allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4828 (Kolab Server 2.0.0 and 2.0.1 does not properly handle when a large ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4829 (VirtueMart before 1.0.1 does not properly handle errors when a user is ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4830 (CRLF injection vulnerability in viewcvs in ViewCVS 0.9.2 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4831 (viewcvs in ViewCVS 0.9.2 allows remote attackers to set the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4832 (SQL injection vulnerability in the Oracle Database Server 10g allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4833 (IBM WebSphere Application Server (WAS) 6.0 before 20050201, when ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4834 (IBM WebSphere Application Server (WAS) 5.0.2.5 through 5.1.1.3 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4835 (The ath_rate_sample function in the ath_rate/sample/sample.c sample ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4836 (The HTTP/1.1 connector in Apache Tomcat 4.1.15 and later does not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4837 (snmp_api.c in snmpd in Net-SNMP 5.2.x before 5.2.2, 5.1.x before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4838 (Multiple cross-site scripting (XSS) vulnerabilities in the example web ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4839 (PureTLS before 0.9b5 does not clear optional Extensions and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4840 (The Outlook Express Address Book control, when using Internet Explorer ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4841 (The Outlook Progress Ctl control allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4842 (The System Monitor Source Properties control allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4843 (The SmartConnect Class control allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4844 (The CLSID_ApprenticeICW control allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4845 (The Java Plug-in 1.4.2_03 and 1.4.2_04 controls, and the 1.4.2_03 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4846 (Format string vulnerability in Logger.cc for Spey 0.3.3 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4847 (Unspecified vulnerability in Spey 0.3.3 has unknown impact and attack ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4848 (Buffer overflow in the decompression algorithm in Research in Motion ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4849 (Apache Derby before 10.1.2.1 exposes the (1) user and (2) password ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4850 (eZ publish 3.5 through 3.7 before 20050608 requires both edit and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4851 (eZ publish 3.4.4 through 3.7 before 20050722 applies certain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4852 (The siteaccess URIMatching implementation in eZ publish 3.5 through ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4853 (The default configuration of the forum package in eZ publish 3.5 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4854 (eZ publish 3.5 through 3.7 before 20050830 does not use a folder's ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4855 (Unrestricted file upload vulnerability in eZ publish 3.5 before 3.5.5, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4856 (The admin interface in eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4857 (eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4858 (Multiple cross-site scripting (XSS) vulnerabilities in mimic2.cgi in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4859 (mimicboard2 (Mimic2) 086 and earlier stores sensitive information ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4860 (Spectrum Cash Receipting System before 6.504 uses weak cryptography ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4861 (functions.php in Ragnarok Online Control Panel (ROCP) 4.3.4a allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4862 (The search functionality in XWiki 0.9.793 indexes cleartext user ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4863 (Stack-based buffer overflow in db2fmp in IBM DB2 7.x and 8.1 allows ...) NOT-FOR-US: db2fmp CVE-2005-4864 (Stack-based buffer overflow in libdb2.so in IBM DB2 7.x and 8.1 allows ...) NOT-FOR-US: IBM CVE-2005-4865 (Stack-based buffer overflow in call in IBM DB2 7.x and 8.1 allows ...) NOT-FOR-US: call CVE-2005-4866 (Stack-based buffer overflow in JDBC Applet Server in IBM DB2 8.1 ...) NOT-FOR-US: JDBC CVE-2005-4867 (Stack-based buffer overflow in the SATENCRYPT function in IBM DB2 8.1, ...) NOT-FOR-US: SATENCRYPT CVE-2005-4868 (Shared memory sections and events in IBM DB2 8.1 have default ...) NOT-FOR-US: IBM CVE-2005-4869 (The (1) to_char and (2) to_date function in IBM DB2 8.1 allows local ...) NOT-FOR-US: IBM CVE-2005-4870 (Stack-based buffer overflows in the (1) xmlvarcharfromfile, (2) ...) NOT-FOR-US: 1 CVE-2005-4871 (Certain XML functions in IBM DB2 8.1 run with the privileges of DB2 ...) NOT-FOR-US: IBM CVE-2005-4872 (Perl-Compatible Regular Expression (PCRE) library before 6.2 does not ...) BUG: 198198 CVE-2005-4873 (Multiple stack-based buffer overflows in the phpcups PHP module for ...) NOTE: old CVE-2005-4874 (The XMLHttpRequest object in Mozilla 1.7.8 supports the HTTP TRACE ...) NOTE: obsolete CVE-2005-4875 (TYPO3 3.8.0 and earlier allows remote attackers to obtain sensitive ...) NOT-FOR-US: TYPO3 CVE-2005-4876 (Cross-site scripting (XSS) vulnerability in the login form (login.jsp) ...) NOTE: obsolete CVE-2005-4877 (Cross-site scripting (XSS) vulnerability in the login form (login.jsp) ...) NOTE: obsolete CVE-2005-4878 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...) NOT-FOR-US: Analysis Console for Intrusion Databases ACID CVE-2005-4879 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: jax_scripts jax_guestbook CVE-2005-4880 (Jax Guestbook 3.1 and 3.31 stores sensitive information under the web ...) NOT-FOR-US: jax_scripts jax_guestbook CVE-2005-4881 (The netlink subsystem in the Linux kernel 2.4.x before 2.4.37.6 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4882 (tftpd in Philippe Jounin Tftpd32 2.74 and earlier, as used in Wyse ...) NOT-FOR-US: philippe_jounin tftpd32 CVE-2005-4883 (Race condition in Philippe Jounin Tftpd32 before 2.80 allows remote ...) NOT-FOR-US: philippe_jounin tftpd32 CVE-2005-4884 (Unspecified vulnerability in the Oracle OLAP component in Oracle ...) NOT-FOR-US: oracle database_server CVE-2005-4885 (Unspecified vulnerability on certain Sun StorEdge 6130 (SE6130) ...) NOT-FOR-US: Unspecified CVE-2005-4886 (The selinux_parse_skb_ipv6 function in security/selinux/hooks.c in the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2005-4887 (NWFTPD.nlm before 5.06.05 in the FTP server in Novell NetWare 6.5 SP5 ...) NOT-FOR-US: novell netware CVE-2005-4888 (NWFTPD.nlm before 5.06.04 in the FTP server in Novell NetWare allows ...) NOT-FOR-US: novell netware CVE-2005-4889 (lib/fsm.c in RPM before 4.4.3 does not properly reset the metadata of ...) NOT-FOR-US: old version CVE-2006-0001 (Stack-based buffer overflow in Microsoft Publisher 2000 through 2003 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0002 (Unspecified vulnerability in Microsoft Outlook 2000 through 2003, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0003 (Unspecified vulnerability in the RDS.Dataspace ActiveX control, which ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0004 (Microsoft PowerPoint 2000 in Office 2000 SP3 has an interaction with ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0005 (Buffer overflow in the plug-in for Microsoft Windows Media Player ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0006 (Heap-based buffer overflow in the bitmap processing routine in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0007 (Buffer overflow in GIFIMP32.FLT, as used in Microsoft Office 2003 SP1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0008 (The ShellAbout API call in Korean Input Method Editor (IME) in Korean ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0009 (Buffer overflow in Microsoft Office 2000 SP3, XP SP3, and other ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0010 (Heap-based buffer overflow in T2EMBED.DLL in Microsoft Windows 2000 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0011 RESERVED CVE-2006-0012 (Unspecified vulnerability in Windows Explorer in Microsoft Windows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0013 (Buffer overflow in the Web Client service (WebClnt.dll) for Microsoft ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0014 (Buffer overflow in Microsoft Outlook Express 5.5 and 6 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0015 (Cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0016 RESERVED CVE-2006-0017 RESERVED CVE-2006-0018 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0019 (Heap-based buffer overflow in the encodeURI and decodeURI functions in ...) BUG: 118550 CVE-2006-0020 (An unspecified Microsoft WMF parsing application, as used in Internet ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0021 (Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0022 (Unspecified vulnerability in Microsoft PowerPoint in Microsoft Office ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0023 (Microsoft Windows XP SP1 and SP2 before August 2004, and possibly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0024 (Multiple unspecified vulnerabilities in Adobe Flash Player 8.0.22.0 ...) BUG: 102777 CVE-2006-0025 (Stack-based buffer overflow in Microsoft Windows Media Player 9 and 10 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0026 (Buffer overflow in Microsoft Internet Information Services (IIS) 5.0, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0027 (Unspecified vulnerability in Microsoft Exchange allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0028 (Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0029 (Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0030 (Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0031 (Stack-based buffer overflow in Microsoft Excel 2000, 2002, and 2003, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0032 (Cross-site scripting (XSS) vulnerability in the Indexing Service in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0033 (Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0034 (Heap-based buffer overflow in the CRpcIoManagerServer::BuildContext ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0035 (The netlink_rcv_skb function in af_netlink.c in Linux kernel 2.6.14 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0036 (ip_nat_pptp in the PPTP NAT helper (netfilter/ip_nat_helper_pptp.c) in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0037 (ip_nat_pptp in the PPTP NAT helper (netfilter/ip_nat_helper_pptp.c) in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0038 (Integer overflow in the do_replace function in netfilter for Linux ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0039 (Race condition in the do_add_counters function in netfilter for Linux ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0040 (GNOME Evolution 2.4.2.1 and earlier allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0041 RESERVED CVE-2006-0042 (Unspecified vulnerability in (1) apreq_parse_headers and (2) ...) BUG: 128610 CVE-2006-0043 (Buffer overflow in the realpath function in nfs-server rpc.mountd, as ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0044 (Unspecified vulnerability in context.py in Albatross web application ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0045 (crawl before 4.0.0 does not securely call programs when saving and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0046 (squid_redirect script in adzapper before 2006-01-29 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0047 (packets.c in Freeciv 2.0 before 2.0.8 allows remote attackers to cause ...) BUG: 125304 CVE-2006-0048 (Francesco Stablum tcpick 0.2.1 allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0049 (gpg in GnuPG before 1.4.2.2 does not properly verify non-detached ...) BUG: 125217 CVE-2006-0050 (snmptrapfmt in Debian 3.0 allows local users to overwrite arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0051 (Buffer overflow in playlistimport.cpp in Kaffeine Player 0.4.2 through ...) BUG: 127326 CVE-2006-0052 (The attachment scrubber (Scrubber.py) in Mailman 2.1.5 and earlier, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0053 (Imager (libimager-perl) before 0.50 allows user-assisted attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0054 (The ipfw firewall in FreeBSD 6.0-RELEASE allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0055 (The ispell_op function in ee on FreeBSD 4.10 to 6.0 uses predictable ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0056 (Double free vulnerability in the authentication and authentication ...) BUG: 120842 CVE-2006-0057 (Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0058 (Signal handler race condition in Sendmail 8.13.x before 8.13.6 allows ...) BUG: 125623 CVE-2006-0059 (Heap-based buffer overflow in the ISO Transport Service over TCP (RFC ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0060 RESERVED CVE-2006-0061 RESERVED CVE-2006-0062 RESERVED CVE-2006-0063 (Cross-site scripting (XSS) vulnerability in phpBB 2.0.19, when ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0064 (PHP remote file include vulnerability in includes/orderSuccess.inc.php ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0065 (SQL injection vulnerability in (1) functions.php, (2) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0066 (SQL injection vulnerability in index.php in PHPjournaler 1.0 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0067 (SQL injection vulnerability in login.php in VEGO Links Builder 2.00 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0068 (SQL injection vulnerability in Primo Cart 1.0 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0069 (Cross-site scripting (XSS) vulnerability in addentry.php in Chipmunk ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0070 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0071 (The ebuild for pinentry before 0.7.2-r2 on Gentoo Linux sets setgid ...) BUG: 116822 CVE-2006-0072 (Buffer overflow in termsh on SCO OpenServer 5.0.7 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0073 (Cross-site scripting (XSS) vulnerability in DiscusWare Discus Freeware ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0074 (SQL injection vulnerability in profile.php in PHPenpals allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0075 (Direct static code injection vulnerability in phpBook 1.3.2 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0076 (PHP remote file include vulnerability in forum.php in oaBoard 1.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0077 (Off-by-one error in the getfattr function in File::ExtAttr before 0.03 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0078 (Multiple cross-site scripting (XSS) vulnerabilities in B-net Software ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0079 (SQL injection vulnerability in auth.php in ScozNet ScozBook BETA 1.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0080 (Cross-site scripting (XSS) vulnerability in vBulletin 3.5.2, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0081 (ialmnt5.sys in the ialmrnt5 display driver in Intel Graphics ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0082 (Format string vulnerability in the SetImageInfo function in image.c ...) BUG: 119476 BUG: 83542 CVE-2006-0083 (Format string vulnerability in the logging code of SMS Server Tools ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0084 (Cross-site scripting vulnerability in index.php in raSMP 2.0.0 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0085 (SQL injection vulnerability in Nkads 1.0 alfa 3 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0086 (Cross-site scripting vulnerability in index.php in Next Generation ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0087 (SQL injection vulnerability in (1) pages.php and (2) detail.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0088 (SQL injection vulnerability in intouch.lib.php in inTouch 0.5.1 Alpha ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0089 (Buffer overflow in ESRI ArcPad 7.0.0.156 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0090 (Directory traversal vulnerability in index.php in IDV Directory Viewer ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0091 (Cross-site scripting (XSS) vulnerability in webmail in Open-Xchange ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0092 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0093 (Cross-site scripting (XSS) vulnerability in index.php in @Card ME PHP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0094 (PHP remote file include vulnerability in forum.php in oaBoard 1.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0095 (dm-crypt in Linux kernel 2.6.15 and earlier does not clear a structure ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0096 (wan/sdla.c in Linux kernel 2.6.x before 2.6.11 and 2.4.x before 2.4.29 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0097 (Stack-based buffer overflow in the create_named_pipe function in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0098 (The dupfdopen function in sys/kern/kern_descrip.c in OpenBSD 3.7 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0099 (PHP remote file include vulnerability in (1) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0100 (Buffer overflow in NicoFTP 3.0.1.19 and earlier might allow local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0101 (Multiple cross-site scripting (XSS) vulnerabilities in sBLOG 0.7.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0102 (Cross-site scripting (XSS) vulnerability in TinyPHPForum (TPF) 3.6 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0103 (TinyPHPForum 3.6 and earlier stores the (1) users/[USERNAME].hash and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0104 (Directory traversal vulnerability in TinyPHPForum 3.6 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0105 (PostgreSQL 8.0.x before 8.0.6 and 8.1.x before 8.1.2, when running on ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0106 (gdi/driver.c and gdi/printdrv.c in Wine 20050930, and other versions, ...) BUG: 118101 CVE-2006-0107 (SQL injection vulnerability in Timecan CMS allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0108 (SQL injection vulnerability in mcl_login.asp in Timecan CMS allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0109 (Cross-site scripting vulnerability in category.php in Modular Merchant ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0110 (Cross-site scripting (XSS) vulnerability in escribir.php in Foro Domus ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0111 (Cross-site scripting vulnerability in index.php in Boxcar Media ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0112 (Cross-site scripting (XSS) vulnerability in index.php in Enhanced ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0113 (Enhanced Simple PHP Gallery 1.7 allows remote attackers to obtain the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0114 (The vCard functions in Joomla! 1.0.5 use predictable sequential IDs ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0115 (Multiple SQL injection vulnerabilities in OnePlug Solutions OnePlug ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0116 (Cross-site scripting vulnerability search.inetstore in iNETstore ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0117 (Buffer overflow in IBM Lotus Notes and Domino Server before 6.5.5 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0118 (Unspecified vulnerability in IBM Lotus Notes and Domino Server before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0119 (Multiple unspecified vulnerabilities in IBM Lotus Notes and Domino ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0120 (Multiple unspecified vulnerabilities in IBM Lotus Notes and Domino ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0121 (Multiple memory leaks in IBM Lotus Notes and Domino Server before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0122 (Cross-site scripting (XSS) vulnerability in Public/Index.asp in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0123 (Multiple SQL injection vulnerabilities in ADN Forum 1.0b allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0124 (Cross-site scripting (XSS) vulnerability in crear.php in ADN Forum ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0125 (Unspecified vulnerability in appserv/main.php in AppServ 2.4.5 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0126 (rxvt-unicode before 6.3, on certain platforms that use openpty and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0127 (Directory traversal vulnerability in the IMAP service of Rockliffe ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0128 (Buffer overflow in the IMAP service of Rockliffe MailSite before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0129 (Mail Management Agent (MAILMA) (aka Mail Management Server) in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0130 (Mail Management Agent (MAILMA) (aka Mail Management Server) in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0131 (boastMachine 3.1 allows remote attackers to obtain sensitive ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0132 (Directory traversal vulnerability in webftp.php in SysCP WebFTP 1.2.6 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0133 (Multiple directory traversal vulnerabilities in AIX 5.3 ML03 allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0134 (Cross-site scripting (XSS) vulnerability in register.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0135 (SQL injection vulnerability in login.php in TheWebForum (twf) 1.2.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0136 (Multiple cross-site scripting (XSS) vulnerabilities in the guestbook ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0137 (SQL injection vulnerability in linkcategory.php in Phanatic Softwares ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0138 (aMSN (aka Alvaro's Messenger) allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0139 (The send-private-message functionality (send-private-message.asp) in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0140 (Cross-site scripting (XSS) vulnerability in post.php in NavBoard V16 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0141 (Qualcomm Eudora Internet Mail Server (EIMS) before 3.2.8 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0142 (Cross-site scripting (XSS) vulnerability in andromeda.php in Andromeda ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0143 (Microsoft Windows Graphics Rendering Engine (GRE) allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0144 (The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0145 (The kernfs_xread function in kernfs in NetBSD 1.6 through 2.1, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0146 (The server.php test script in ADOdb for PHP before 4.70, as used in ...) BUG: 129284 CVE-2006-0147 (Dynamic code evaluation vulnerability in tests/tmssql.php test script ...) BUG: 129284 CVE-2006-0148 (NetSarang Xlpd 2.1 allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0149 (Cross-site scripting (XSS) vulnerability in SimpBook 1.0, with ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0150 (Multiple format string vulnerabilities in the auth_ldap_log_reason ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0151 (sudo 1.6.8 and other versions does not clear the PYTHONINSPECT ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0152 (Cross-site scripting (XSS) in search_result.php in phpChamber 1.2 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0153 (427BB 2.2 and 2.2.1 verifies authentication credentials based on the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0154 (SQL injection vulnerability in showthread.php in 427BB 2.2 and 2.2.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0155 (Cross-site scripting (XSS) vulnerability in posts.php in 427BB 2.2 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0156 (Cross-site scripting (XSS) vulnerability in Foxrum 4.0.4f allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0157 (settings.php in Reamday Enterprises Magic News Plus 1.0.3 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0158 (SQL injection vulnerability in index.php in CyberDoc SiteSuite CMS ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0159 (SQL injection vulnerability in escribir.php in Foro Domus 2.10 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0160 (SQL injection vulnerability in add_post.php3 in Venom Board 1.22 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0161 (Unspecified vulnerability in uucp in Sun Solaris 8 and 9 has unknown ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0162 (Heap-based buffer overflow in libclamav/upx.c in Clam Antivirus ...) BUG: 118459 CVE-2006-0163 (SQL injection vulnerability in the search module ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0164 (phgstats.inc.php in phgstats before 0.5.1, if register_globals is ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0165 (Cross-site scripting (XSS) vulnerability in the DataForm Entries ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0166 (Symantec Norton SystemWorks and SystemWorks Premier 2005 and 2006 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0167 (SQL injection vulnerability in MyPhPim 01.05 allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0168 (Cross-site scripting (XSS) vulnerability in MyPhPim 01.05 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0169 (addresses.php3 in MyPhPim 01.05 does not restrict uploaded files, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0170 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0171 (PHP remote file include vulnerability in index.php in OrjinWeb ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0172 (Cross-site scripting (XSS) vulnerability in the file manager utility ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0173 (Hummingbird Collaboration (aka Hummingbird Enterprise Collaboration) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0174 (Hummingbird Collaboration (aka Hummingbird Enterprise Collaboration) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0175 (Cross-site scripting (XSS) vulnerability in search_form.asp in Web Wiz ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0176 (Buffer overflow in certain functions in src/fileio.c and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0177 (Multiple buffer overflows in Cray UNICOS 9.0.2.2 might allow local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0178 (Format string vulnerability in /bin/ftp in UNICOS 9.0.2.2 allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0179 (The Cisco IP Phone 7940 allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0180 (Cross-site scripting (XSS) vulnerability in CaLogic Calendars 1.2.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0181 (Cisco Security Monitoring, Analysis and Response System (CS-MARS) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0182 (login.php in ACal Calendar Project 2.2.5 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0183 (Direct static code injection vulnerability in edit.php in ACal ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0184 (Multiple SQL injection vulnerabilities in AspTopSites allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0185 (Multiple cross-site scripting vulnerabilities in the (1) Pool or (2) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0186 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0187 (By design, Microsoft Visual Studio 2005 automatically executes code in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0188 (webmail.php in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to ...) BUG: 123781 CVE-2006-0189 (Buffer overflow in eStara Softphone 3.0.1.14 through 3.0.1.46 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0190 (Unspecified vulnerability in Sun Solaris 9 and 10 for the x86 platform ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0191 (Unspecified vulnerability in Sun Solaris 10 allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0192 (SQL injection vulnerability in Login_Validate.asp in ASPSurvey 1.10 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0193 (Cross-site scripting (XSS) vulnerability in the Hosting Control Panel ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0194 (Cross-site scripting (XSS) vulnerability in default.asp in FogBugz ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0195 (Interpretation conflict in the MagicHTML filter in SquirrelMail 1.4.0 ...) BUG: 123781 CVE-2006-0196 (Unspecified vulnerability in Serial line sniffer (aka slsnif) 0.4.4 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0197 (The XClientMessageEvent struct used in certain components of X.Org ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0198 (Cross-site scripting (XSS) vulnerability in a certain module, possibly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0199 (SQL injection vulnerability in news.asp in Mini-Nuke CMS System 1.8.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0200 (Format string vulnerability in the error-reporting feature in the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0201 (Dave Nielsen and Patrick Breitenbach PayPal Web Services (aka PHP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0202 (Dave Nielsen and Patrick Breitenbach PayPal Web Services (aka PHP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0203 (membership.asp in Mini-Nuke CMS System 1.8.2 and earlier does not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0204 (Multiple cross-site scripting (XSS) vulnerabilities in Wordcircle 2.17 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0205 (Multiple SQL injection vulnerabilities in Wordcircle 2.17 allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0206 (Eval injection vulnerability in Light Weight Calendar (LWC) 1.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0207 (Multiple HTTP response splitting vulnerabilities in PHP 5.1.1 allow ...) BUG: 125878 CVE-2006-0208 (Multiple cross-site scripting (XSS) vulnerabilities in PHP 4.4.1 and ...) BUG: 125878 CVE-2006-0209 (SQL injection vulnerability in general_functions.php in TankLogger 2.4 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0210 (Cross-site scripting (XSS) vulnerability in index.php in Interspire ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0211 (Cross-site scripting (XSS) vulnerability in forgotPassword.asp in Helm ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0212 (Directory traversal vulnerability in OBEX Push services in Toshiba ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0213 (Kolab Server 2.0.1, 2.0.2 and development versions pre-2.1-20051215 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0214 (Eval injection vulnerability in ezDatabase 2.0 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0215 (Cross-site scripting (XSS) vulnerability in admin.php in QualityEBiz ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0216 (admin.php in QualityEBiz Quality PPC (QPPC) 1.0 build 1644 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0217 (Multiple cross-site scripting (XSS) vulnerabilities in Ultimate ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0218 (Multiple unspecified vulnerabilities in MyBulletinBoard (MyBB) before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0219 (The original distribution of MyBulletinBoard (MyBB) to update from ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0220 (Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 5.3 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0221 (SQL injection vulnerability in index.asp in the Admin Panel in Dragon ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0222 (Cross-site scripting (XSS) vulnerability in fullview.php in AlstraSoft ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0223 (Directory traversal vulnerability in Shanghai TopCMM 123 Flash Chat ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0224 (Buffer overflow in Library of Assorted Spiffy Things (LibAST) 0.6.1 ...) BUG: 120106 CVE-2006-0225 (scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands ...) BUG: 119232 CVE-2006-0226 (Integer overflow in IEEE 802.11 network subsystem (ieee80211_ioctl.c) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0227 (Multiple unspecified vulnerabilities in lpsched in Sun Solaris 8, 9, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0228 (The RBAC functionality in grsecurity before 2.1.8 does not properly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0229 (Unquoted Windows search path vulnerability in Wehntrust might allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0230 (Symantec Scan Engine 5.0.0.24, and possibly other versions before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0231 (Symantec Scan Engine 5.0.0.24, and possibly other versions before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0232 (Symantec Scan Engine 5.0.0.24, and possibly other versions before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0233 (Cross-site scripting (XSS) vulnerability in functions.php in microBlog ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0234 (SQL injection vulnerability in index.php in microBlog 2.0 RC-10 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0235 (SQL injection vulnerability in WhiteAlbum 2.5 allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0236 (GUI display truncation vulnerability in Mozilla Thunderbird 1.0.2, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0237 (Cross-site scripting (XSS) vulnerability in index.php in GTP iCommerce ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0238 (SQL injection vulnerability in wp-stats.php in GaMerZ WP-Stats 2.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0239 (Multiple cross-site scripting (XSS) vulnerabilities in Simple Blog 2.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0240 (Multiple SQL injection vulnerabilities in Simple Blog 2.1 allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0241 (Cross-site scripting vulnerability in WBNews 1.1.0 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0242 (Cross-site scripting vulnerability in index.php in PHP Fusebox 4.0.6 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0243 (Cross-site scripting (XSS) vulnerability in SMBCMS 2.1 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0244 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0245 (Multiple cross-site scripting (XSS) vulnerabilities in CubeCart ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0246 (Cross-site scripting (XSS) vulnerability in down.pl in Widexl Download ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0247 (Cross-site scripting (XSS) vulnerability in anyboard.cgi in Netbula ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0248 (Virata-EmWeb web server 6_1_0, as used in (1) Intracom JetSpeed 500 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0249 (SQL injection vulnerability in viewcat.php in BitDamaged geoBlog ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0250 (Format string vulnerability in the snmp_input function in snmptrapd in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0251 (Cross-site scripting (XSS) vulnerability in fom.cgi in Faq-O-Matic ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0252 (SQL injection vulnerability in Benders Calendar 1.0 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0253 (Buffer overflow in the Bluetooth OBEX Object Push service in "Blue ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0254 (Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0255 (Unquoted Windows search path vulnerability in Check Point VPN-1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0256 (Unspecified vulnerability in the Advanced Queuing component of Oracle ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0257 (Unspecified vulnerability in the Change Data Capture component of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0258 (Unspecified vulnerability in the Connection Manager component of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0259 (Multiple unspecified vulnerabilities in Oracle Database server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0260 (Multiple unspecified vulnerabilities in Oracle Database server 9.2.0.7 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0261 (Multiple unspecified vulnerabilities in Oracle Database server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0262 (Unspecified vulnerability in the Net Foundation Layer component of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0263 (Multiple unspecified vulnerabilities in Oracle Database server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0264 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0265 (Multiple unspecified vulnerabilities in Oracle Database server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0266 (Unspecified vulnerability in the Query Optimizer component of Oracle ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0267 (Unspecified vulnerability in the Query Optimizer component of Oracle ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0268 (Unspecified vulnerability in the Security component of Oracle Database ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0269 (Unspecified vulnerability in the Streams Capture component of Oracle ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0270 (Unspecified vulnerability in the Transparent Data Encryption (TDE) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0271 (Unspecified vulnerability in the Upgrade & Downgrade component of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0272 (Unspecified vulnerability in the XML Database component of Oracle ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0273 (Unspecified vulnerability in the Portal component of Oracle ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0274 (Unspecified vulnerability in the Oracle Reports Developer component of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0275 (Unspecified vulnerability in the Oracle Reports Developer component of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0276 (Multiple unspecified vulnerabilities in Oracle Collaboration Suite ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0277 (Multiple unspecified vulnerabilities in Oracle E-Business Suite and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0278 (Multiple unspecified vulnerabilities in Oracle E-Business Suite and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0279 (Multiple unspecified vulnerabilities in Oracle E-Business Suite and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0280 (Unspecified vulnerability in Oracle PeopleSoft Enterprise Portal 8.4 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0281 (Unspecified vulnerability in Oracle JD Edwards HTML Server 8.95.F1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0282 (Unspecified vulnerability in Oracle Database Server 8.1.7.4, 9.0.1.5, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0283 (Unspecified vulnerability in Oracle Database Server 10.1.0.4.2, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0284 (Multiple unspecified vulnerabilities in Oracle Application Server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0285 (Unspecified vulnerability in the Java Net component of Oracle Database ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0286 (Unspecified vulnerability in the Oracle HTTP Server component of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0287 (Unspecified vulnerability in the Oracle HTTP Server component of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0288 (Multiple unspecified vulnerabilities in the Oracle Reports Developer ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0289 (Multiple unspecified vulnerabilities in Oracle Application Server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0290 (Unspecified vulnerability in Oracle Database Server 9.2.0.7, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0291 (Multiple unspecified vulnerabilities in Oracle Database Server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0292 (The Javascript interpreter (jsinterp.c) in Mozilla and Firefox before ...) BUG: 130888 BUG: 130887 BUG: 129924 CVE-2006-0293 (The function allocation code (js_NewFunction in jsfun.c) in Firefox ...) BUG: 130887 CVE-2006-0294 (Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running Javascript ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0295 (Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0296 (The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, ...) BUG: 130888 BUG: 130887 BUG: 129924 CVE-2006-0297 (Multiple integer overflows in Mozilla Firefox 1.5, Thunderbird 1.5 if ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0298 (The XML parser in Mozilla Firefox before 1.5.0.1 and SeaMonkey before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0299 (The E4X implementation in Mozilla Firefox before 1.5.0.1, Thunderbird ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0300 (Buffer overflow in tar 1.14 through 1.15.90 allows user-assisted ...) BUG: 123038 CVE-2006-0301 (Heap-based buffer overflow in Splash.cc in xpdf, as used in other ...) BUG: 121511 BUG: 121375 BUG: 120985 CVE-2006-0302 (ZyXel P2000W VoIP 802.11b Wireless Phone running firmware WV.00.02 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0303 (Multiple unspecified vulnerabilities in the (1) publishing component, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0304 (Buffer overflow in Dual DHCP DNS Server 1.0 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0305 (Clipcomm CPW-100E VoIP 802.11b Wireless Handset Phone running firmware ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0306 (The DM Primer (dmprimer.exe) in the DM Deployment Common Component in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0307 (The DM Primer in the DM Deployment Common Component in Computer ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0308 (PHP remote file inclusion vulnerability in htmltonuke.php in the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0309 (Linksys BEFVP41 VPN Router 2.0 with firmware 1.01.04 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0310 (Cross-site scripting (XSS) vulnerability in aoblogger 2.3 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0311 (SQL injection vulnerability in login.php in aoblogger 2.3 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0312 (create.php in aoblogger 2.3 allows remote attackers to bypass ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0313 (Multiple SQL injection vulnerabilities in PDFdirectory before 1.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0314 (PDFdirectory before 1.0 stores sensitive data in plaintext, which ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0315 (index.php in EZDatabase before 2.1.2 does not properly cleanse the p ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0316 (Buffer overflow in YGPPicFinder.DLL in AOL You've Got Pictures (YGP) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0317 (Cross-site scripting (XSS) vulnerability in rkrt_stats.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0318 (SQL injection vulnerability in index.php in BlogPHP 1.0, when ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0319 (Directory traversal vulnerability in the FTP server (port 22003/tcp) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0320 (SQL injection vulnerability in admin/processlogin.php in Bit 5 Blog ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0321 (fetchmail 6.3.0 and other versions before 6.3.2 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0322 (Unspecified vulnerability the edit comment formatting functionality in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0323 (Buffer overflow in swfformat.dll in multiple RealNetworks products and ...) BUG: 127352 CVE-2006-0324 (SQL injection vulnerability in WebspotBlogging 3.0 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0325 (Etomite Content Management System 0.6, and possibly earlier versions, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0326 RESERVED CVE-2006-0327 (TYPO3 3.7.1 allows remote attackers to obtain sensitive information ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0328 (Format string vulnerability in Tftpd32 2.81 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0329 (SQL injection vulnerability in HITSENSER Data Mart Server BS, BS-S, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0330 (Cross-site scripting (XSS) vulnerability in Gallery before 1.5.2 ...) BUG: 119590 CVE-2006-0331 (Buffer overflow in Change passwd 3.1 (chpasswd) SquirrelMail plugin ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0332 (Pantomime in Ecartis 1.0.0 snapshot 20050909 stores e-mail attachments ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0333 (Cross-site scripting (XSS) vulnerability in ar-blog 5.2 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0334 (Cross-site scripting (XSS) vulnerability in search.php in My Amazon ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0335 (Multiple unspecified vulnerabilities in Kerio WinRoute Firewall before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0336 (Kerio WinRoute Firewall before 6.1.4 Patch 2 allows attackers to cause ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0337 (Buffer overflow in multiple F-Secure Anti-Virus products and versions ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0338 (Multiple F-Secure Anti-Virus products and versions for Windows and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0339 (Buffer overflow in BitComet Client 0.60 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0340 (Unspecified vulnerability in Stack Group Bidding Protocol (SGBP) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0341 (Cross-site scripting (XSS) vulnerability in WCONSOLE.DLL in Rockliffe ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0342 (RockLiffe MailSite HTTP Mail management agent (httpma) 7.0.3.1 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0343 (Unspecified vulnerability in the Port Discovery Standard and Advanced ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0344 (Directory traversal vulnerability in Intervations FileCOPA FTP Server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0345 (Multiple SQL injection vulnerabilities in SaralBlog 1.0 allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0346 (Cross-site scripting (XSS) vulnerability in SaralBlog 1.0 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0347 (Directory traversal vulnerability in ELOG before 2.6.1 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0348 (Format string vulnerability in the write_logfile function in ELOG ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0349 (SQL injection vulnerability in eggblog 2.0 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0350 (Cross-site scripting (XSS) vulnerability in eggblog 2.0 allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0351 (Unspecified "critical denial-of-service vulnerability" in MyDNS before ...) BUG: 119548 CVE-2006-0352 (The default configuration of Fluffington FLog 1.01 installs ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0353 (unix_random.c in lshd for lsh 2.0.1 leaks file descriptors related to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0354 (Cisco IOS before 12.3-7-JA2 on Aironet Wireless Access Points (WAP) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0355 (Helmsman Research (aka CoolUtils) HomeFtp 1.1 allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0356 (Ari Pikivirta Home Ftp Server 1.0.7 allows remote attackers to cause ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0357 (Grant Averett Cerberus FTP Server 2.32, and possibly earlier versions, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0358 (Multiple SQL injection vulnerabilities in PowerPortal, possibly 1.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0359 (Buffer overflow in CounterPath eyeBeam SIP Softphone allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0360 (MPM SIP HP-180W Wireless IP Phone WE.00.17 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0361 (Cross-site scripting (XSS) vulnerability in addcomment.php in Bit 5 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0362 (TippingPoint Intrusion Prevention System (IPS) TOS before 2.1.4.6324, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0363 (The "Remember my Password" feature in MSN Messenger 7.5 stores ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0364 (Cross-site scripting (XSS) vulnerability in MyBulletinBoard (MyBB) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0365 (Cross-site scripting (XSS) vulnerability in XMB (aka extreme message ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0366 (Cross-site scripting (XSS) vulnerability in Phpclanwebsite (aka PCW) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0367 (Unspecified vulnerability in Cisco CallManager 3.2 and earlier, 3.3 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0368 (Cisco CallManager 3.2 and earlier, 3.3 before 3.3(5)SR1, 4.0 before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0369 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0370 (Noah Medling RCBlog 1.03 stores the data and config directories under ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0371 (Directory traversal vulnerability in index.php in Noah Medling RCBlog ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0372 (Multiple SQL injection vulnerabilities in config.php in Insane Visions ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0373 (Cross-site scripting (XSS) vulnerability in register.aspx in Douran ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0374 (Advantage Century Telecommunication (ACT) P202S IP Phone 1.01.21 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0375 (Advantage Century Telecommunication (ACT) P202S IP Phone 1.01.21 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0376 (The 802.11 wireless client in certain operating systems including ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0377 (CRLF injection vulnerability in SquirrelMail 1.4.0 to 1.4.5 allows ...) BUG: 123781 CVE-2006-0378 (Cross-site scripting (XSS) vulnerability in Netrix X-Site Manager ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0379 (FreeBSD kernel 5.4-STABLE and 6.0 does not completely initialize a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0380 (A logic error in FreeBSD kernel 5.4-STABLE and 6.0 causes the kernel ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0381 (A logic error in the IP fragment cache functionality in pf in FreeBSD ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0382 (Apple Mac OS X 10.4.5 and allows local users to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0383 (IPSec when used with VPN networks in Mac OS X 10.4 through 10.4.5 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0384 (automount in Mac OS X 10.4.5 and earlier allows remote file servers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0385 RESERVED CVE-2006-0386 (FileVault in Mac OS X 10.4.5 and earlier does not properly mount user ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0387 (Stack-based buffer overflow in Safari in Mac OS X 10.4.5 and earlier, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0388 (Safari in Mac OS X 10.3 before 10.3.9 and 10.4 before 10.4.5 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0389 (Cross-site scripting (XSS) vulnerability in Syndication (Safari RSS) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0390 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0391 (Directory traversal vulnerability in the BOM framework in Mac OS X ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0392 (Buffer overflow in Apple Mac OS X 10.4.7 allows user-assisted ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0393 (OpenSSH in Apple Mac OS X 10.4.7 allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0394 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0395 (The Download Validation in Mail in Mac OS X 10.4 does not properly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0396 (Buffer overflow in Mail in Apple Mac OS X 10.4 up to 10.4.5, when ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0397 (Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0398 (Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0399 (Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0400 (CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0401 (Unspecified vulnerability in Mac OS X before 10.4.6, when running on ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0402 (SQL injection vulnerability in Zoph before 0.5pre1 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0403 (Multiple SQL injection vulnerabilities in e-moBLOG 1.3 allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0404 (Note-A-Day Weblog 2.2 stores sensitive data under the web document ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0405 (The TIFFFetchShortPair function in tif_dirread.c in libtiff 3.8.0 ...) BUG: 129675 CVE-2006-0406 (search.php in MyBB 1.0.2 allows remote attackers to obtain sensitive ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0407 (Cross-site scripting (XSS) vulnerability in post.php in AZ Bulletin ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0408 (rsh utility in Sun Grid Engine (SGE) before 6.0u7_1 allows local users ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0409 (Cross-site scripting (XSS) vulnerability in index.php in Pixelpost ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0410 (SQL injection vulnerability in ADOdb before 4.71, when using ...) BUG: 129284 BUG: 120215 CVE-2006-0411 (claro_init_local.inc.php in Claroline 1.7.2 uses guessable session ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0412 (SQL injection vulnerability in CyberShop allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0413 (Multiple SQL injection vulnerabilities in index.php in NewsPHP allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0414 (Tor before 0.1.1.20 allows remote attackers to identify hidden ...) BUG: 134329 CVE-2006-0415 (Cross-site scripting (XSS) vulnerability in index.php in SleeperChat ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0416 (SleeperChat 0.3f and earlier allows remote attackers to bypass ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0417 (SQL injection vulnerability in login.php in miniBloggie 1.0 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0418 (Eval injection vulnerability in 123 Flash Chat Server 5.0 and 5.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0419 (BEA WebLogic Server and WebLogic Express 9.0, 8.1 through SP5, and 7.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0420 (BEA WebLogic Server and WebLogic Express 8.1 through SP4 and 7.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0421 (By design, BEA WebLogic Server and WebLogic Express 7.0 and 6.1, when ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0422 (Multiple unspecified vulnerabilities in BEA WebLogic Server and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0423 (BEA WebLogic Portal 8.1 through SP3 stores the password for the RDBMS ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0424 (BEA WebLogic Server and WebLogic Express 8.1 through SP4, 7.0 through ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0425 (BEA WebLogic Portal 8.1 through SP4 allows remote attackers to obtain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0426 (BEA WebLogic Server and WebLogic Express 8.1 through SP4, when ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0427 (Unspecified vulnerability in BEA WebLogic Server and WebLogic Express ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0428 (Unspecified vulnerability in BEA WebLogic Portal 8.1 SP3 through SP5, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0429 (BEA WebLogic Server and WebLogic Express 9.0 causes new security ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0430 (Certain configurations of BEA WebLogic Server and WebLogic Express ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0431 (Unspecified vulnerability in BEA WebLogic Server and WebLogic Express ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0432 (Unspecified vulnerability in BEA WebLogic Server and WebLogic Express ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0433 (Selective Acknowledgement (SACK) in FreeBSD 5.3 and 5.4 does not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0434 (Directory traversal vulnerability in action.php in phpXplorer allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0435 (Unspecified vulnerability in Oracle PL/SQL (PLSQL), as used in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0436 (Unspecified vulnerability in HP HP-UX B.11.00, B.11.04, and B.11.11 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0437 (Cross-site scripting (XSS) vulnerability in admin_smilies.php in phpBB ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0438 (Cross-site request forgery (CSRF) vulnerability in phpBB 2.0.19, when ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0439 (Text Rider 2.4 stores sensitive data in the data directory under the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0440 (Text Rider 2.4 allows attackers to bypass authentication and upload ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0441 (Stack-based buffer overflow in Sami FTP Server 2.0.1 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0442 (Multiple cross-site scripting (XSS) vulnerabilities in usercp.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0443 (Cross-site scripting (XSS) vulnerability in archive.php in CheesyBlog ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0444 (SQL injection vulnerability in index.php in Phpclanwebsite (aka PCW) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0445 (index.php in Phpclanwebsite 1.23.1 allows remote authenticated users ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0446 (Unspecified vulnerability in WeBWorK 2.1.3 and 2.2-pre1 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0447 (Multiple buffer overflows in E-Post Mail Server 4.10 and SPA-PRO Mail ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0448 (Multiple directory traversal vulnerabilities in (1) EPSTIMAP4S.EXE and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0449 (Early termination vulnerability in the IMAP service in E-Post Mail ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0450 (phpBB 2.0.19 and earlier allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0451 (Multiple memory leaks in the LDAP component in Fedora Directory Server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0452 (dn2ancestor in the LDAP component in Fedora Directory Server 1.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0453 (The LDAP component in Fedora Directory Server 1.0 allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0454 (Linux kernel before 2.6.15.3 down to 2.6.12, while constructing an ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0455 (gpgv in GnuPG before 1.4.2.1, when using unattended signature ...) BUG: 122721 CVE-2006-0456 (The strnlen_user function in Linux kernel before 2.6.16 on IBM S/390 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0457 (Race condition in the (1) add_key, (2) request_key, and (3) keyctl ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0458 (The DCC ACCEPT command handler in irssi before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0459 (flex.skl in Will Estes and John Millaway Fast Lexical Analyzer ...) BUG: 122940 CVE-2006-0460 (Multiple buffer overflows in BomberClone before 0.11.6.2 allow remote ...) BUG: 121605 CVE-2006-0461 (Cross-site scripting (XSS) vulnerability in core.input.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0462 (SQL injection vulnerability in comentarios.php in AndoNET Blog ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0463 (Cross-site scripting (XSS) vulnerability in IdeoContent Manager allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0464 (Multiple SQL injection vulnerabilities in index.php in IdeoContent ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0465 (Cross-site scripting (XSS) vulnerability in risultati_ricerca.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0466 (Cross-site scripting (XSS) vulnerability in search.asp in Goldstag ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0467 (Unspecified vulnerability in Pioneers (formerly gnocatan) before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0468 (CommuniGate Pro Core Server before 5.0.7 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0469 (Cross-site scripting (XSS) vulnerability in UebiMiau 2.7.9, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0470 (Cross-site scripting (XSS) vulnerability in search.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0471 (Cross-site scripting (XSS) vulnerability in the bbcode function in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0472 (Cross-site scripting (XSS) vulnerability in guestbook.php in my little ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0473 (Cross-site scripting (XSS) vulnerability in the bbcode function in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0474 (Multiple integer overflows in Shareaza 2.2.1.0 allow remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0475 (PHP-Ping 1.3 does not properly validate ping counts, which allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0476 (Buffer overflow in Nullsoft Winamp 5.12 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0477 (Buffer overflow in git-checkout-index in GIT before 1.1.5 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0478 (CRE Loaded 6.15 allows remote attackers to perform privileged actions, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0479 (pmwiki.php in PmWiki 2.1 beta 20, with register_globals enabled, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0480 (Cross-site scripting (XSS) vulnerability in the Articles module in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0481 (Heap-based buffer overflow in the alpha strip capability in libpng ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0482 (Linux kernel 2.6.15.1 and earlier, when running on SPARC ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0483 (Cisco VPN 3000 series concentrators running software 4.7.0 through ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0484 (Directory traversal vulnerability in Vis.pl, as part of the FACE ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0485 (The TCL shell in Cisco IOS 12.2(14)S before 12.2(14)S16, 12.2(18)S ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0486 (Certain Cisco IOS releases in 12.2S based trains with maintenance ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0487 (Multiple unspecified vulnerabilities in Tumbleweed MailGate Email ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0488 (The VDM (Virtual DOS Machine) emulation environment for MS-DOS ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0489 (** DISPUTED ** Buffer overflow in the font command of mIRC, probably ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0490 (SQL injection vulnerability in login.asp in ASPThai.Net ASPThai Forums ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0491 (SQL injection vulnerability in SZUserMgnt.class.php in SZUserMgnt 1.4 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0492 (Multiple SQL injection vulnerabilities in Calendarix allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0493 (Cross-site scripting (XSS) vulnerability in MG2 (formerly known as ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0494 (Directory traversal vulnerability in MyBB (aka MyBulletinBoard) 1.02 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0495 (Cross-site scripting (XSS) vulnerability in the Add Thread to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0496 (Cross-site scripting (XSS) vulnerability in Mozilla 1.7.12 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0497 (Multiple SQL injection vulnerabilities in PHP GEN before 1.4 allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0498 (Multiple cross-site scripting (XSS) vulnerabilities in PHP GEN before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0499 (Cross-site scripting (XSS) vulnerability in rlink.php in Rlink 1.0.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0500 (MyCO Guestbook 1.0 stores the admin directory under the web document ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0501 (Cross-site scripting (XSS) vulnerability in MyCO Guestbook 1.0 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0502 (PHP remote file inclusion vulnerability in loginout.php in FarsiNews ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0503 (IMAP service in MailEnable Professional Edition before 1.72 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0504 (Unspecified vulnerability in MailEnable Enterprise Edition before 1.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0505 (zbattle.net Zbattle client 1.09 SR-1 beta allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0506 (Cross-site scripting (XSS) vulnerability in index.php in Nuked-klaN ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0507 (Multiple cross-site scripting (XSS) vulnerabilities in Easy CMS allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0508 (Easy CMS stores the images directory under the web document root with ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0509 (Multiple cross-site scripting (XSS) vulnerabilities in clients.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0510 (SQL injection vulnerability in userlogin.jsp in Daffodil CRM 1.5 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0511 (** DISPUTED ** Blackboard Academic Suite 6.0 and earlier does not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0512 (PADL MigrationTools 46 creates temporary files insecurely, which ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0513 (Directory traversal vulnerability in pkmslogout in Tivoli Web Server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0514 RESERVED CVE-2006-0515 (Cisco PIX/ASA 7.1.x before 7.1(2) and 7.0.x before 7.0(5), PIX 6.3.x ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0516 (Unspecified vulnerability in the kernel processing in Solaris 10 64 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0517 (Multiple SQL injection vulnerabilities in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0518 (Cross-site scripting (XSS) vulnerability in index.php3 in SPIP 1.8.2-e ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0519 (SPIP 1.8.2-e and earlier and 1.9 Alpha 2 (5539) and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0520 (SQL injection vulnerability index.php in Dragoran Portal module 1.3 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0521 (Cross-site scripting (XSS) vulnerability in results.php in BrowserCRM ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0522 (SQL injection vulnerability in the Authentication Servlet in Symantec ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0523 (SQL injection vulnerability in global.php in MyBB before 1.03 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0524 (Cross-site scripting (XSS) vulnerability in ashnews.php in Derek ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0525 (Multiple Adobe products, including (1) Photoshop CS2, (2) Illustrator ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0526 (The default configuration of the America Online (AOL) client software ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0527 (BIND 4 (BIND4) and BIND 8 (BIND8), if used as a target forwarder, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0528 (The cairo library (libcairo), as used in GNOME Evolution and possibly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0529 (Computer Associates (CA) Message Queuing (CAM / CAFT) before 1.07 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0530 (Computer Associates (CA) Message Queuing (CAM / CAFT) before 1.07 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0531 (Unspecified vulnerability in Sun Java System Access Manager 7.0 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0532 (Cross-site scripting (XSS) vulnerability in resultat.asp in SoftMaker ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0533 (Cross-site scripting (XSS) vulnerability in webmailaging.cgi in cPanel ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0534 (Multiple cross-site scripting (XSS) vulnerabilities in default.asp in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0535 (Multiple cross-site scripting (XSS) vulnerabilities in Community ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0536 (Cross-site scripting (XSS) vulnerability in neomail.pl in NeoMail 1.27 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0537 (Buffer overflow in the POP3 server in Kinesphere Corporation eXchange ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0538 (CipherTrust IronMail 5.0.1, when "Denial of Service Protection" is ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0539 (The convert-fcrontab program in fcron 3.0.0 might allow local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0540 (Multiple SQL injection vulnerabilities in Tachyon Vanilla Guestbook ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0541 (Multiple cross-site scripting (XSS) vulnerabilities in Tachyon Vanilla ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0542 (Multiple SQL injection vulnerabilities in config.php in NukedWeb ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0543 (Cerulean Trillian 3.1.0.120 allows remote attackers to cause a denial ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0544 (urlmon.dll in Microsoft Internet Explorer 7.0 beta 2 (aka 7.0.5296.0) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0545 (SQL injection vulnerability in showflat.php in Groupee (formerly known ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0546 (Unspecified vulnerability in index.php in a certain application ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0547 (Oracle Database 8i, 9i, and 10g allow remote authenticated users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0548 (SQL injection vulnerability in the Oracle Text component of Oracle ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0549 (SQL injection vulnerability in the SYS.DBMS_METADATA_UTIL package in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0550 (Buffer overflow in an unspecified Oracle Client utility might allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0551 (SQL injection vulnerability in the Data Pump Metadata API in Oracle ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0552 (Unspecified vulnerability in the Net Listener component of Oracle ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0553 (PostgreSQL 8.1.0 through 8.1.2 allows authenticated database users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0554 (Linux kernel 2.6 before 2.6.15.5 allows local users to obtain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0555 (The Linux Kernel before 2.6.15.5 allows local users to cause a denial ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0556 RESERVED CVE-2006-0557 (sys_mbind in mempolicy.c in Linux kernel 2.6.16 and earlier does not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0558 (perfmon (perfmon.c) in Linux kernel on IA64 architectures allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0559 (Format string vulnerability in the SMTP server for McAfee WebShield ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0560 RESERVED CVE-2006-0561 (Cisco Secure Access Control Server (ACS) 3.x for Windows stores ACS ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0562 (Cross-site scripting (XSS) vulnerability in problem.php in PluggedOut ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0563 (SQL injection vulnerability in exec.php in PluggedOut Blog 1.9.9c ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0564 (Stack-based buffer overflow in Microsoft HTML Help Workshop ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0565 (PHP remote file include vulnerability in inc/backend_settings.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0566 (The LDAP component in CommuniGate Pro Core Server 5.0.7 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0567 (Directory traversal vulnerability in Files Xaraya module before 0.5.1, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0568 (Cross-site scripting (XSS) vulnerability in throw.main in Outblaze ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0569 (Cross-site scripting (XSS) vulnerability in user_class.php in Papoo ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0570 (Multiple SQL injection vulnerabilities in phpstatus 1.0, when ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0571 (Multiple cross-site scripting (XSS) vulnerabilities in phpstatus 1.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0572 (phpstatus 1.0 does not require passwords when using cookies to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0573 (Multiple cross-site scripting (XSS) vulnerabilies in cPanel 10 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0574 (Cross-site scripting (XSS) vulnerability in mime/handle.html in cPanel ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0575 (convert-fcrontab in Fcron 2.9.5 and 3.0.0 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0576 (Untrusted search path vulnerability in opcontrol in OProfile 0.9.1 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0577 (Lexmark X1185 printer allows local users to gain SYSTEM privileges by ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0578 (Blue Coat Proxy Security Gateway OS (SGOS) 4.1.2.1 does not enforce ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0579 (Multiple integer overflows in (1) the new_demux_packet function in ...) BUG: 122029 BUG: 115760 CVE-2006-0580 (IBM Lotus Domino Server 7.0 allows remote attackers to cause a denial ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0581 (SQL injection vulnerability in Hosting Controller 6.1 Hotfix 2.8 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0582 (Unspecified vulnerability in rshd in Heimdal 0.6.x before 0.6.6 and ...) BUG: 121839 CVE-2006-0583 (SQL injection vulnerability in mailarticle.php in Clever Copy 3.0 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0584 (The PSCipher function in PeopleSoft People Tools 8.4x uses PKCS #5 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0585 (jscript.dll in Microsoft Internet Explorer 6.0 SP1 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0586 (Multiple SQL injection vulnerabilities in Oracle 10g Release 1 before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0587 (Unspecified vulnerability in util.php in Gallery before 1.5.2-pl2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0588 (SQL injection vulnerability in search.php in MyTopix 1.2.3 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0589 (MyTopix 1.2.3 allows remote attackers to obtain the installation path ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0590 (MyTopix 1.2.3 allows remote attackers to obtain the installation path ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0591 (The crypt_gensalt functions for BSDI-style extended DES-based and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0592 (Unspecified vulnerability in the Lexmark Printer Sharing LexBce Server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0593 (Cross-site scripting (XSS) vulnerability in PHP-Fusion before 6.00.304 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0594 RESERVED CVE-2006-0595 RESERVED CVE-2006-0596 RESERVED CVE-2006-0597 (Multiple stack-based buffer overflows in elogd.c in elog before 2.5.7 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0598 (Buffer overflow in elogd.c in elog before 2.5.7 r1558-4 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0599 (The (1) elog.c and (2) elogd.c components in elog before 2.5.7 r1558-4 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0600 (elog before 2.5.7 r1558-4 allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0601 RESERVED CVE-2006-0602 (Multiple SQL injection vulnerabilities in Hinton Design phphg ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0603 (Multiple cross-site scripting vulnerabilities in signed.php in Hinton ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0604 (check.php in Hinton Design phphg Guestbook 1.2 does not check the user ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0605 (Multiple cross-site scripting (XSS) vulnerabilities in Unknown Domain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0606 (SQL injection vulnerability in Unknown Domain Shoutbox 2005.07.21 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0607 (check.php in Hinton Design phphd 1.0 does not check passwords when ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0608 (Multiple SQL injection vulnerabilities in Hinton Design phphd 1.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0609 (Cross-site scripting (XSS) vulnerability in add.php in Hinton Design ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0610 (Multiple SQL injection vulnerabilities in 2200net Calendar system 1.2, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0611 (Directory traversal vulnerability in compose.pl in @Mail 4.3 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0612 (Powersave daemon before 0.10.15.2 allows local users to gain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0613 (Unspecified vulnerability in Java Web Start after 1.0.1_02, as used in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0614 (Unspecified vulnerability in Sun Java JDK and JRE 5.0 Update 3 and ...) BUG: 122156 CVE-2006-0615 (Multiple unspecified vulnerabilities in Sun Java JDK and JRE 5.0 ...) BUG: 122156 CVE-2006-0616 (Unspecified vulnerability in Sun Java JDK and JRE 5.0 Update 4 and ...) BUG: 122156 CVE-2006-0617 (Multiple unspecified vulnerabilities in Sun Java JDK and JRE 5.0 ...) BUG: 122156 CVE-2006-0618 (Format string vulnerability in fontsleuth in QNX Neutrino RTOS 6.3.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0619 (Multiple stack-based buffer overflows in QNX Neutrino RTOS 6.3.0 allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0620 (Race condition in phfont in QNX Neutrino RTOS 6.2.1 allows local users ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0621 (Multiple buffer overflows in QNX Neutrino RTOS 6.2.0 allow local users ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0622 (QNX Neutrino RTOS 6.3.0 allows local users to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0623 (QNX Neutrino RTOS 6.3.0 ships /etc/rc.d/rc.local with world-writable ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0624 (SQL injection vulnerability in check.asp in Whomp Real Estate Manager ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0625 (Directory traversal vulnerability in Spip_RSS.PHP in SPIP 1.8.2g and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0626 (SQL injection vulnerability in spip_acces_doc.php3 in SPIP 1.8.2g and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0627 (Cross-site scripting (XSS) vulnerability in Clever Copy 2.0, 2.0a, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0628 (myquiz.pl in Dale Ray MyQuiz 1.01 allows remote attackers to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0629 (Unspecified vulnerability in AOL Instant Messenger (AIM) 5.9.3861 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0630 (RITLabs The Bat! before 3.0.0.15 displays certain important headers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0631 (CRLF injection vulnerability in mailback.pl in Erik C. Thauvin ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0632 (The gen_rand_string function in phpBB 2.0.19 uses insufficiently ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0633 (The make_password function in ipsclass.php in Invision Power Board ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0634 (Borland C++Builder 6 (BCB6) with Update Pack 4 Enterprise edition ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0635 (Tiny C Compiler (TCC) 0.9.23 (aka TinyCC) evaluates the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0636 (desktop.php in eyeOS 0.8.9 and earlier tests for the existence of the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0637 (Buffer overflow in cram.dll in QUALCOMM Eudora WorldMail 3.0 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0638 (SQL injection vulnerability in moderation.php in MyBB (aka ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0639 (Cross-site scripting (XSS) vulnerability in search.php in MyBB (aka ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0640 (Orbicule Undercover allows attackers with physical or root access to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0641 (Orbicule Undercover uses a third-party web server to determine the IP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0642 (Trend Micro ServerProtect 5.58, and possibly InterScan Messaging ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0643 (Cross-site scripting (XSS) vulnerability in WiredRed e/pop Web ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0644 (Multiple directory traversal vulnerabilities in install.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0645 (Tiny ASN.1 Library (libtasn1) before 0.2.18, as used by (1) GnuTLS ...) BUG: 122307 CVE-2006-0646 (ld in SUSE Linux 9.1 through 10.0, and SLES 9, in certain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0647 (LDAP service in Sun Java System Directory Server 5.2, running on Linux ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0648 (Multiple directory traversal vulnerabilities in PHP iCalendar 2.0.1, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0649 (Cross-site scripting (XSS) vulnerability in DataparkSearch before 4.37 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0650 (Cross-site scripting (XSS) vulnerability in cpaint2.inc.php in the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0651 (SQL injection vulnerability in index.php in vwdev allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0652 (WHMCompleteSolution (WHMCS) before 2.3 assigns incorrect permissions ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0653 (Multiple SQL injection vulnerabilities in Hinton Design phpht Topsites ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0654 (check.php in Hinton Design phpht Topsites 1.3 does not validate ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0655 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0656 (Directory traversal vulnerability in HP Systems Insight Manager 4.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0657 (Cross-site scripting (XSS) vulnerability in Softcomplex PHP Event ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0658 (Incomplete blacklist vulnerability in connector.php in FCKeditor 2.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0659 (Multiple PHP remote file include vulnerabilities in RunCMS 1.2 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0660 (Multiple directory traversal vulnerabilities in FarsiNews 2.5 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0661 (Cross-site scripting (XSS) vulnerability in Scriptme SmE GB Host 1.21 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0662 (Cross-site scripting (XSS) vulnerability in Lotus Domino iNotes Client ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0663 (Multiple cross-site scripting (XSS) vulnerabilities in Lotus Domino ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0664 (Cross-site scripting (XSS) vulnerability in config_defaults_inc.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0665 (Unspecified vulnerability in (1) query_store.php and (2) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0666 (Unspecified vulnerability in the (1) unix_mp and (2) unix_64 kernels ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0667 (lscfg in IBM AIX 5.2 and 5.3 allows local users to modify arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0668 (SQL injection vulnerability in index.php in PwsPHP 1.2.3 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0669 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0670 (Buffer overflow in l2cap.c in hcidump 1.29 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0671 (Buffer overflow in Sony Ericsson K600i, V600i, W800i, and T68i cell ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0672 (Unspecified vulnerability in HP PSC 1210 All-in-One Drivers before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0673 (Multiple SQL injection vulnerabilities in cms/index.php in Magic ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0674 (Buffer overflow in the arp command of IBM AIX 5.3 L, 5.3, 5.2.2, 5.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0675 (Cross-site scripting (XSS) vulnerability in search.php in Siteframe ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0676 (Cross-site scripting (XSS) vulnerability in header.php in PHP-Nuke 6.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0677 (telnetd in Heimdal 0.6.x before 0.6.6 and 0.7.x before 0.7.2 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0678 (PostgreSQL 7.3.x before 7.3.14, 7.4.x before 7.4.12, 8.0.x before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0679 (SQL injection vulnerability in index.php in the Your_Account module in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0680 (Unspecified vulnerability in WebGUI before 6.8.6-gamma allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0681 (Format string vulnerability in powerd.c in Power Daemon (powerd) 2.0.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0682 (Multiple cross-site scripting (XSS) vulnerabilities in bbcodes system ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0683 (Cross-site scripting (XSS) vulnerability in Virtual Hosting Control ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0684 (change_password.php in Virtual Hosting Control System (VHCS) 2.4.7.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0685 (The check_login function in login.php in Virtual Hosting Control ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0686 (add_user.php in Virtual Hosting Control System (VHCS) 2.4.7.1 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0687 (process.php in DocMGR 0.54.2 does not initialize the $siteModInfo ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0688 (PHP remote file include vulnerability in application.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0689 (Cross-site scripting (XSS) vulnerability in the Registration Form in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0690 (Multiple SQL injection vulnerabilities in TTS Time Tracking Software ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0691 (edituser.php in TTS Time Tracking Software 3.0 does not verify that ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0692 (Multiple SQL injection vulnerabilities in Carey Briggs PHP/MYSQL ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0693 (Multiple SQL injection vulnerabilities in rb_auth.php in Roberto Butti ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0694 (Unspecified vulnerability in the loaders (load_*.php) in Ansilove ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0695 (Ansilove before 1.03 does not filter uploaded file extensions, which ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0696 (SQL injection vulnerability in Zen Cart before 1.2.7 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0697 (Zen Cart before 1.2.7 does not protect the admin/includes directory, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0698 (Unspecified vulnerabilities in Zen Cart before 1.2.7 allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0699 (Cross-site scripting (XSS) vulnerability in search.php in QWikiWiki ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0700 (imageVue 16.1 allows remote attackers to obtain folder permission ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0701 (readfolder.php in imageVue 16.1 allows remote attackers to list ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0702 (admin/upload.php in imageVue 16.1 allows remote attackers to upload ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0703 (Unspecified vulnerability in index.php in imageVue 16.1 has unknown ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0704 (iE Integrator 4.4.220114, when configured without a "bespoke error ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0705 (Format string vulnerability in a logging function as used by various ...) BUG: 168584 CVE-2006-0706 (Cross-site scripting vulnerability in eintrag.php in Gästebuch ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0707 (PyBlosxom before 1.3.2, when running on certain webservers, allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0708 (Multiple buffer overflows in NullSoft Winamp 5.13 and earlier allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0709 (Buffer overflow in Metamail 2.7-50 allows remote attackers to cause a ...) BUG: 126052 CVE-2006-0710 (Double free vulnerability in isode.eddy in Isode M-Vault Server 11.3 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0711 (The (1) addfolder and (2) deletefolder functions in neomail-prefs.pl ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0712 (mail_html template in Squishdot 1.5.0 and earlier does not properly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0713 (Directory traversal vulnerability in LinPHA 1.0 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0714 (Directory traversal vulnerability in the installation file ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0715 (Cross-site scripting (XSS) vulnerability in sNews 1.3 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0716 (SQL injection vulnerability in index.php in sNews 1.3 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0717 (IBM Tivoli Directory Server 6.0 allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0718 (The Internet Key Exchange version 1 (IKEv1) implementation in Avaya ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0719 (SQL injection vulnerability in member_login.php in PHP Classifieds ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0720 (Stack-based buffer overflow in Nullsoft Winamp 5.12 and 5.13 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0721 (SQL injection vulnerability in pmlite.php in RunCMS 1.2 and 1.3a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0722 (settings.php in Reamday Enterprises Magic Downloads 1.1.3, when ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0723 (PHP remote file inclusion vulnerability in preview.php in Reamday ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0724 (profile.php in Reamday Enterprises Magic News Lite 1.2.3, when ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0725 (PHP remote file inclusion vulnerability in prepend.php in Plume CMS ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0726 (Cross-site scripting (XSS) vulnerability in linking.php in CPG-Nuke ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0727 (SQL injection vulnerability in mstrack.php in MusOX DF MSAnalysis ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0728 (SQL injection vulnerability in search.php in webSPELL 4.01.00 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0729 (SQL injection vulnerability in functions.php in Teca Diary PE 1.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0730 (Multiple unspecified vulnerabilities in Dovecot before 1.0beta3 allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0731 (WmRoot/adapter-index.dsp in SAP Business Connector Core Fix 7 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0732 (Directory traversal vulnerability in SAP Business Connector (BC) 4.6 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0733 (** DISPUTED ** Cross-site scripting (XSS) vulnerability in WordPress ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0734 (The SV_CheckForDuplicateNames function in Valve Software Half-Life ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0735 (Cross-site scripting (XSS) vulnerability in BBcode.pm in M. Blom ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0736 (Stack-based buffer overflow in the pam_micasa PAM authentication ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0737 (eStara SIP softphone allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0738 (Multiple format string vulnerabilities in eStara SIP softphone allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0739 (eStara SIP softphone allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0740 RESERVED CVE-2006-0741 (Linux kernel before 2.6.15.5, when running on Intel processors, allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0742 (The die_if_kernel function in arch/ia64/kernel/unaligned.c in Linux ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0743 (Format string vulnerability in LocalSyslogAppender in Apache log4net ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0744 (Linux kernel before 2.6.16.5 does not properly handle uncanonical ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0745 (X.Org server (xorg-server) 1.0.0 and later, X11R6.9.0, and X11R7.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0746 (Certain patches for kpdf do not include all relevant patches from xpdf ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0747 (Integer underflow in Freetype before 2.2 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0748 (Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before ...) BUG: 130888 BUG: 130887 BUG: 129924 CVE-2006-0749 (nsHTMLContentSink.cpp in Mozilla Firefox and Thunderbird 1.x before ...) BUG: 130888 BUG: 130887 BUG: 129924 CVE-2006-0750 (SQL injection vulnerability in army.php in supersmashbrothers (SSB) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0751 (Multiple unspecified vulnerabilities in the (1) Filesystem in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0752 (Niels Provos Honeyd before 1.5 replies to certain illegal IP packet ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0753 (Memory leak in Microsoft Internet Explorer 6 for Windows XP Service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0754 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0755 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0756 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0757 (Multiple eval injection vulnerabilities in HiveMail 1.3 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0758 (Multiple cross-site scripting (XSS) vulnerabilities in HiveMail 1.3 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0759 (Multiple SQL injection vulnerabilities in HiveMail 1.3 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0760 (LightTPD 1.4.8 and earlier, when the web root is on a case-insensitive ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0761 (Buffer overflow in BlackBerry Attachment Service in Research in Motion ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0762 (WinAbility Folder Guard 4.11 allows local users to gain unauthorized ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0763 (Cross-site scripting (XSS) vulnerability in dowebmailforward.cgi in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0764 (The Authentication, Authorization, and Accounting (AAA) capability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0765 (GUI display truncation vulnerability in ICQ Inc. (formerly Mirabilis) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0766 (ICQ Inc. (formerly Mirabilis) ICQ 2003a, 2003b, Lite 4.0, Lite 4.1, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0767 (CGIWrap before 3.10 allows remote attackers to obtain sensitive ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0768 (Kadu 0.4.3 allows remote attackers to cause a denial of service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0769 (Unspecified vulnerability in in.rexecd in Solaris 10 allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0770 (Cross-site scripting (XSS) vulnerability in calendar.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0771 (Format string vulnerability in PunkBuster 1.180 and earlier, as used ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0772 (SQL injection vulnerability in Hitachi Business Logic - Container ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0773 (Cross-site scripting (XSS) vulnerability in Hitachi Business Logic - ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0774 (SQL injection vulnerability in deleteSession() in DB_eSession library ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0775 (Multiple SQL injection vulnerabilities in show.php in BirthSys 3.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0776 (Cross-site scripting (XSS) vulnerability in guestex.pl in Teca Scripts ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0777 (Unspecified vulnerability in guestex.pl in Teca Scripts Guestex 1.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0778 (Multiple SQL injection vulnerabilities in XMB Forums 1.9.3 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0779 (Cross-site scripting (XSS) vulnerability in u2u.php in XMB Forums ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0780 (Multiple cross-site scripting (XSS) vulnerabilities in weblog.pl in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0781 (Directory traversal vulnerability in weblog.pl in PerlBlog 1.09b and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0782 (Unspecified vulnerability in weblog.pl in PerlBlog 1.09b and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0783 (Cross-site scripting (XSS) vulnerability in page.php in in Siteframe ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0784 (D-Link DWL-G700AP with firmware 2.00 and 2.01 allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0785 (Absolute path traversal vulnerability in include.php in PHPKIT 1.6.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0786 (Incomplete blacklist vulnerability in include.php in PHPKIT 1.6.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0787 (wimpy_trackplays.php in Plaino Wimpy MP3 Player, possibly 5.2 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0788 (Kyocera 3830 (aka FS-3830N) printers have a back door that allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0789 (Certain unspecified Kyocera printers have a default "admin" account ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0790 (Rockliffe MailSite 7.0 and earlier allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0791 (PHP remote file inclusion vulnerability in index.php in DreamCost ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0792 (Cross-site scripting (XSS) vulnerability in preferences.personal.php ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0793 (frameset.php in V-webmail 1.6.2 allows remote attackers to conduct ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0794 (help.php in V-webmail 1.6.2 allows remote attackers to obtain the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0795 (Absolute path traversal vulnerability in convert.cgi in Quirex 2.0.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0796 (Cross-site scripting (XSS) vulnerability in default.php in Clever Copy ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0797 (Nokia N70 cell phone allows remote attackers to caues a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0798 (Multiple directory traversal vulnerabilities in the IMAP service in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0799 (Microsoft Internet Explorer allows remote attackers to spoof a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0800 (Interpretation conflict in PostNuke 0.761 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0801 (SQL injection vulnerability in the NS-Languages module for PostNuke ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0802 (Cross-site scripting (XSS) vulnerability in the NS-Languages module ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0803 (The signature verification functionality in the YaST Online Update ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0804 (Off-by-one error in TIN 1.8.0 and earlier might allow attackers to ...) BUG: 150229 CVE-2006-0805 (The CAPTCHA functionality in php-Nuke 6.0 through 7.9 uses fixed ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0806 (Multiple cross-site scripting (XSS) vulnerabilities in ADOdb 4.71, as ...) BUG: 129284 CVE-2006-0807 (Stack-based buffer overflow in NJStar Chinese and Japanese Word ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0808 (MUTE 0.4 allows remote attackers to cause a denial of service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0809 (Multiple SQL injection vulnerabilities in Skate Board 0.9 allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0810 (Unspecified vulnerability in config.php in Skate Board 0.9 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0811 (Cross-site scripting (XSS) vulnerability in reguser.php in Skate Board ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0812 (The VisNetic AntiVirus Plug-in (DKAVUpSch.exe) for Mail Server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0813 (Heap-based buffer overflow in WinACE 2.60 allows user-assisted ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0814 (response.c in Lighttpd 1.4.10 and possibly previous versions, when run ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0815 (NetworkActiv Web Server 3.5.15 allows remote attackers to read script ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0816 (Orion Application Server before 2.0.7, when running on Windows, allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0817 (Absolute path directory traversal vulnerability in (a) MERAK Mail ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0818 (Absolute path directory traversal vulnerability in (1) MERAK Mail Server for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0819 (Dwarf HTTP Server 1.3.2 allows remote attackers to obtain the source ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0820 (Cross-site scripting (XSS) vulnerability in Dwarf HTTP Server 1.3.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0821 (SQL injection vulnerability in index.php in BXCP 0.299 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0822 (Unspecified vulnerability in EmuLinker Kaillera Server before 0.99.17 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0823 (Multiple SQL injection vulnerabilities in Geeklog 1.4.0 before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0824 (Multiple unspecified vulnerabilities in lib-common.php in Geeklog ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0825 (Multiple unspecified vulnerabilities in ESS/ Network Controller and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0826 (Unspecified vulnerability in ESS/ Network Controller and MicroServer ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0827 (Cross-site scripting vulnerability in ESS/ Network Controller and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0828 (Unspecified vulnerability in ESS/ Network Controller and MicroServer ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0829 (Cross-site scripting vulnerability in E-Blah Platinum 9.7 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0830 (The scripting engine in Internet Explorer allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0831 (PHP remote file include vulnerability in index.php in Tasarim Rehberi ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0832 (Multiple SQL injection vulnerabilities in admin.asp in WPC.easy allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0833 (Multiple cross-site scripting (XSS) vulnerabilities in Barracuda ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0834 (Uniden UIP1868P VoIP Telephone and Router has a default password of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0835 (SQL injection vulnerability in dropbase.php in MitriDAT Web Calendar ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0836 (Mozilla Thunderbird 1.5 allows user-assisted attackers to cause an ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0837 (IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 has world-readable ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0838 (IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 stores cleartext ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0839 (The frag3 preprocessor in Sourcefire Snort 2.4.3 does not properly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0840 (manage_user_page.php in Mantis 1.00rc4 and earlier does not properly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0841 (Multiple cross-site scripting (XSS) vulnerabilities in Mantis 1.00rc4 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0842 (Cross-site scripting (XSS) vulnerability in Calacode @Mail 4.3 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0843 (Leif M. Wright's Blog 3.5 stores the config file and other txt files ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0844 (Leif M. Wright's Blog 3.5 does not make a password comparison when ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0845 (Leif M. Wright's Blog 3.5 allows remote authenticated users with ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0846 (Multiple cross-site scripting (XSS) vulnerabilities in Leif M. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0847 (Directory traversal vulnerability in the staticfilter component in ...) BUG: 134273 CVE-2006-0848 (The "Open 'safe' files after downloading" option in Safari on Apple ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0849 RESERVED CVE-2006-0850 (SQL injection vulnerability in include/includes/user/login.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0851 (SQL injection vulnerability in the forum module of ilchClan 1.05g and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0852 (Direct static code injection vulnerability in write.php in Admbook ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0853 (Buffer overflow in the IMAP service of TrueNorth Internet Anywhere ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0854 (PHP remote file inclusion vulnerability in common.php in Intensive ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0855 (Stack-based buffer overflow in the fullpath function in misc.c for zoo ...) BUG: 123782 CVE-2006-0856 (SQL injection vulnerability in login.php in Scriptme SmE GB Host 1.21 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0857 (Cross-site scripting (XSS) vulnerability in Chatbox Plugin 1.0 in e107 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0858 (Unquoted Windows search path vulnerability in (1) snsmcon.exe, (2) the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0859 (Michael Salzer Guestbox 0.6, and other versions before 0.8, allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0860 (Multiple cross-site scripting (XSS) vulnerabilities in Michael Salzer ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0861 (Michael Salzer Guestbox 0.6, and other versoins before 0.8, allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0862 (Unspecified vulnerability in InfoVista PortalSE 2.0 Build 20087 on ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0863 (InfoVista PortalSE 2.0 Build 20087 on Solaris 8 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0864 (filescan in Global Hauri ViRobot 2.0 20050817 does not verify the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0865 (PunBB 1.2.10 and earlier allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0866 (PunBB 1.2.10 and earlier allows remote attackers to conduct brute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0867 (Buffer overflow in certain versions of South River (aka SRT) WebDrive, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0868 (Multiple unspecified injection vulnerabilities in unspecified Auth ...) BUG: 123832 CVE-2006-0869 (Directory traversal vulnerability in the "remember me" feature in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0870 (SQL injection vulnerability in pages.asp in Mini-Nuke CMS System 1.8.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0871 (Directory traversal vulnerability in the _setTemplate function in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0872 (Directory traversal vulnerability in init.inc.php in Coppermine Photo ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0873 (Absolute path traversal vulnerability in docs/showdocs.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0874 (Multiple unspecified vulnerabilities in Intensive Point iUser ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0875 (Cross-site scripting vulnerability in ratefile.php in RunCMS 1.3a5 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0876 (POPFile before 0.22.4 allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0877 (Cross-site scripting vulnerability in Easy Forum 2.5 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0878 (Noah's Classifieds 1.3 allows remote attackers to obtain the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0879 (SQL injection vulnerability in the search tool in Noah's Classifieds ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0880 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0881 (Multiple PHP remote file include vulnerabilities in gorum/gorumlib.php ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0882 (Directory traversal vulnerability in include.php in Noah's Classifieds ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0883 (OpenSSH on FreeBSD 5.3 and 5.4, when used with OpenPAM, does not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0884 (The WYSIWYG rendering engine ("rich mail" editor) in Mozilla ...) BUG: 130888 BUG: 130887 CVE-2006-0885 (Cross-site scripting (XSS) vulnerability in show_news.php in CuteNews ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0886 (Cross-site scripting (XSS) vulnerability in register.php in DEV web ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0887 (Eval injection vulnerability in sessions.inc in PHP Base Library ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0888 (index.php in Invision Power Board (IPB) 2.0.1, with Code Confirmation ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0889 (Cross-site scripting (XSS) vulnerability in Calcium 3.10.1 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0890 (Directory traversal vulnerability in SpeedProject Squeez 5.1, as used ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0891 (Multiple directory traversal vulnerabilities in NOCC Webmail 1.0 allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0892 (NOCC Webmail 1.0 stores e-mail attachments in temporary files with ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0893 (NOCC Webmail 1.0 allows remote attackers to obtain sensitive ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0894 (Multiple cross-site scripting (XSS) vulnerabilities in NOCC Webmail ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0895 (NOCC Webmail 1.0 allows remote attackers to obtain the installation ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0896 (Cross-site scripting (XSS) vulnerability in Sources/Register.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0897 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0898 (Crypt::CBC Perl module 2.16 and earlier, when running in RandomIV ...) BUG: 126048 CVE-2006-0899 (Directory traversal vulnerability in index.php in 4Images 1.7.1 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0900 (nfsd in FreeBSD 6.0 kernel allows remote attackers to cause a denial ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0901 (Unspecified vulnerability in the hsfs filesystem in Solaris 8, 9, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0902 RESERVED CVE-2006-0903 (MySQL 5.0.18 and earlier allows local users to bypass logging ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0904 RESERVED CVE-2006-0905 (A "programming error" in fast_ipsec in FreeBSD 4.8-RELEASE through ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0906 (SQL injection vulnerability in D3Jeeb Pro 3 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0907 (SQL injection vulnerability in PHP-Nuke before 7.8 Patched 3.2 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0908 (PHP-Nuke 7.8 Patched 3.2 allows remote attackers to bypass SQL ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0909 (Invision Power Board (IPB) 2.1.4 and earlier allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0910 (Invision Power Board (IPB) 2.1.4 and earlier allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0911 (NmService.exe in Ipswitch WhatsUp Professional 2006 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0912 (Oreka before 0.5 allows remote attackers to cause a denial of service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0913 (SQL injection vulnerability in whineatnews.pl in Bugzilla 2.17 through ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0914 (Bugzilla 2.16.10, 2.17 through 2.18.4, and 2.20 does not properly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0915 (Bugzilla 2.16.10 does not properly handle certain characters in the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0916 (Bugzilla 2.19.3 through 2.20 does not properly handle "//" sequences ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0917 (Melange Chat Server (aka M-Chat), when accessed via a web browser, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0918 (Buffer overflow in RITLabs The Bat! 3.60.07 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0919 (SQL injection vulnerability in index.php (aka the login page) in Oi! ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0920 (Oi! Email Marketing System 3.0 (aka Oi! 3) stores the server's FTP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0921 (Multiple directory traversal vulnerabilities in connector.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0922 (CubeCart 3.0 through 3.6 does not properly check authorization for an ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0923 (Multiple cross-site scripting (XSS) vulnerabilities in MyPHPNuke (MPN) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0924 (Cross-site scripting (XSS) vulnerability in Brown Bear iCal 3.10 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0925 (Format string vulnerability in the IMAP4rev1 server in Alt-N MDaemon ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0926 (Multiple directory traversal vulnerabilities in Allume StuffIt ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0927 (Multiple cross-site scripting (XSS) vulnerabilities in the JGS-XA ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0928 (The POP3 Server in ArGoSoft Mail Server Pro 1.8 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0929 (Directory traversal vulnerability in the IMAP server in ArGoSoft Mail ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0930 (Directory traversal vulnerability in Webmail in ArGoSoft Mail Server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0931 (Directory traversal vulnerability in PEAR::Archive_Tar 1.2, and other ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0932 (Directory traversal vulnerability in zip.lib.php 0.1.1 in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0933 (Cross-site scripting (XSS) vulnerability in PHPX 3.5.9 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0934 (Cross-site scripting (XSS) vulnerability in webinsta Limbo 1.0.4.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0935 (Microsoft Word 2003 allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0936 (Free Host Shop Website Generator 3.3 allows remote authenticated users ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0937 (U.N.U. Mailgust 1.9 allows remote attackers to obtain sensitive ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0938 (Cross-site scripting (XSS) vulnerability in eZ publish 3.7.3 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0939 (SQL injection vulnerability in DCI-Taskeen 1.03 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0940 (Multiple direct static code injection vulnerabilities in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0941 (Multiple cross-site scripting (XSS) vulnerabilities in post.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0942 (SQL injection vulnerability in profil.php in PwsPHP 1.2.3, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0943 (SQL injection vulnerability in the sondages module in index.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0944 (Archangel Weblog 0.90.02 allows remote attackers to bypass ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0945 (PHP remote file include vulnerability in admin/index.php in Archangel ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0946 (Cross-site scripting (XSS) vulnerability in Thomson SpeedTouch modems ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0947 (Thomson SpeedTouch modem running firmware 5.3.2.6.0 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0948 (AOL 9.0 Security Edition revision 4184.2340, and probably other ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0949 (RaidenHTTPD 1.1.47 allows remote attackers to obtain source code of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0950 (unalz 0.53 allows user-assisted attackers to overwrite arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0951 (The GUI (nod32.exe) in NOD32 2.5 runs with SYSTEM privileges when the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0952 RESERVED CVE-2006-0953 RESERVED CVE-2006-0954 RESERVED CVE-2006-0955 RESERVED CVE-2006-0956 (nuauth in NuFW before 1.0.21 does not properly handle blocking TLS ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0957 (Direct static code injection vulnerability in func.inc.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0958 (Cross-site scripting (XSS) vulnerability in func.inc.php in ZoneO-Soft ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0959 (SQL injection vulnerability in misc.php in MyBulletinBoard (MyBB) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0960 (uConfig agent in Compex NetPassage WPE54G router allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0961 (SQL injection vulnerability in yazdir.asp in Cilem Hiber 1.1 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0962 (SQL injection vulnerability in vuBB 0.2 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0963 (Multiple buffer overflows in STLport 5.0.2 might allow local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0964 (Client Firewall in NCP Network Communication Secure Client 8.11 Build ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0965 (NCP Network Communication Secure Client 8.11 Build 146, and possibly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0966 (NCP Network Communication Secure Client 8.11 Build 146, and possibly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0967 (NCP Network Communication Secure Client 8.11 Build 146, and possibly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0968 (The ncprwsnt service in NCP Network Communication Secure Client 8.11 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0969 (PHP remote file inclusion vulnerability in index.php in Top sites de ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0970 (PHP remote file inclusion vulnerability in index.php in one or more ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0971 (Directory traversal vulnerability in Lionel Reyero DirectContact 0.3b ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0972 (SQL injection vulnerability in news.php in Tony Baird Fantastic News ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0973 (SQL injection vulnerability in topics.php in Appalachian State ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0974 (Cross-site scripting (XSS) vulnerability in failure.asp in Battleaxe ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0975 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0976 (Directory traversal vulnerability in scan_lang_insert.php in Boris ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0977 (Craig Morrison Mail Transport System Professional (aka MTS Pro) acts ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0978 (Multiple cross-site scripting (XSS) vulnerabilities in the View ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0979 (Unspecified vulnerability in the local weblog publisher in Nidelven IT ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0980 (Multiple cross-site scripting (XSS) vulnerabilities in Jay Eckles CGI ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0981 (Directory traversal vulnerability in e-merge WinAce 2.6 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0982 (The on-access scanner for McAfee Virex 7.7 for Macintosh, in some ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0983 (Cross-site scripting (XSS) vulnerability in index.php in QwikiWiki 1.4 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0984 (Cross-site scripting (XSS) vulnerability in inc_header.php in EJ3 TOPo ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0985 (Multiple cross-site scripting (XSS) vulnerabilities in the "post ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0986 (WordPress 2.0.1 and earlier allows remote attackers to obtain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0987 (The default configuration of ISC BIND, when configured as a caching ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0988 (The default configuration of the DNS Server service on Windows Server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0989 (Stack-based buffer overflow in the volume manager daemon (vmd) in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0990 (Stack-based buffer overflow in the NetBackup Catalog daemon (bpdbm) in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0991 (Buffer overflow in the NetBackup Sharepoint Services server daemon ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0992 (Stack-based buffer overflow in Novell GroupWise Messenger before 2.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0993 (The web management interface in 3Com TippingPoint SMS Server before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0994 (Multiple Sophos Anti-Virus products, including Anti-Virus for Windows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0995 (EMC Dantz Retrospect 7 backup client 7.0.107, and other versions ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0996 (Cross-site scripting (XSS) vulnerability in phpinfo (info.c) in PHP ...) BUG: 133524 BUG: 131135 BUG: 128883 BUG: 127939 CVE-2006-0997 (The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0998 (The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-0999 (The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1000 (Multiple SQL injection vulnerabilities in Pentacle In-Out Board 3.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1001 (SQL injection vulnerability in the board module in LanSuite LanParty ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1002 (NETGEAR WGT624 Wireless DSL router has a default account of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1003 (The backup configuration option in NETGEAR WGT624 Wireless Firewall ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1004 (Cross-site scripting (XSS) vulnerability in agencyprofile.asp in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1005 (agencyprofile.asp in Parodia 6.2 and earlier might allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1006 (Multiple SQL injection vulnerabilities in sendcard.php in sendcard ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1007 (Multiple SQL injection vulnerabilities in N8cms 1.1 and 1.2 allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1008 (Multiple cross-site scripting (XSS) vulnerabilities in N8cms 1.1 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1009 (M4 Project enigma-suite before 0.73.3 (Windows) has a default password ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1010 (Buffer overflow in socket/request.c in CrossFire before 1.9.0, when ...) BUG: 126169 CVE-2006-1011 (LetterMerger 1.2 stores user information in Access database files with ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1012 (SQL injection vulnerability in WordPress 1.5.2, and possibly other ...) BUG: 121661 CVE-2006-1013 (PHP remote file include vulnerability in index.php in SMartBlog (aka ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1014 (Argument injection vulnerability in certain PHP 4.x and 5.x ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1015 (Argument injection vulnerability in certain PHP 3.x, 4.x, and 5.x ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1016 (Buffer overflow in the IsComponentInstalled method in Internet ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1017 (The c-client library 2000, 2001, or 2004 for PHP before 4.4.4 and 5.x ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1018 (SQL injection vulnerability in poems.php in DCI-Designs Dawaween 1.03 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1019 (Cross-site scripting (XSS) vulnerability in fce.php in UKiBoard 3.0.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1020 (SQL injection vulnerability in forumlib.php in Johnny_Vegas Vegas ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1021 (Cross-site scripting (XSS) vulnerability in sol_menu.php in PeHePe ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1022 (PHP remote file include vulnerability in sol_menu.php in PeHePe Uyelik ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1023 (Directory traversal vulnerability in HP System Management Homepage ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1024 (SQL injection vulnerability in MgrLogin.asp in Addsoft StoreBot 2005 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1025 (Cross-site scripting (XSS) vulnerability in manage.asp in Addsoft ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1026 (JFacets before 0.2 allows remote attackers to gain privileges as any ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1027 (feedcreator.class.php (aka the syndication component) in Joomla! 1.0.7 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1028 (feedcreator.class.php (aka the syndication component) in Joomla! 1.0.7 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1029 (The cross-site scripting (XSS) countermeasures in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1030 (Unspecified vulnerability in mod_templatechooser in Joomla! 1.0.7 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1031 (config/config_inc.php in iGENUS Webmail 2.02 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1032 (Eval injection vulnerability in the decode function in rpc_decoder.php ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1033 (Multiple cross-site scripting (XSS) vulnerabilities in Dragonfly CMS ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1034 (Multiple cross-site scripting (XSS) vulnerabilities in Woltlab Burning ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1035 (Unspecified vulnerability in the Oracle Diagnostics module 2.2 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1036 (Multiple unspecified vulnerabilities in the Oracle Diagnostics module ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1037 (SQL injection vulnerability in the Oracle Diagnostics module 2.2 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1038 (Buffer overflow in SecureCRT 5.0.4 and earlier and SecureFX 3.0.4 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1039 (SAP Web Application Server (WebAS) Kernel before 7.0 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1040 (Cross-site scripting (XSS) vulnerability in vBulletin 3.0.12 and 3.5.3 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1041 (Multiple cross-site scripting (XSS) vulnerabilities in Gregarius 0.5.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1042 (Multiple SQL injection vulnerabilities in Gregarius 0.5.2 allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1043 (Stack-based buffer overflow in Microsoft Visual Studio 6.0 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1044 (Multiple buffer overflows in LISTSERV 14.3 and 14.4, including ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1045 (The HTML rendering engine in Mozilla Thunderbird 1.5, when "Block ...) BUG: 130888 BUG: 130887 CVE-2006-1046 (server.cpp in Monopd 0.9.3 allows remote attackers to cause a denial ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1047 (Unspecified vulnerability in the "Remember Me login functionality" in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1048 (Joomla! 1.0.7 and earlier allows attackers to bypass intended access ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1049 (Multiple SQL injection vulnerabilities in the Admin functionality in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1050 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1051 (SQL injection vulnerability in Akarru Social BookMarking Engine before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1052 (The selinux_ptrace logic in hooks.c in SELinux for Linux 2.6.6 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1053 RESERVED CVE-2006-1054 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1055 (The fill_write_buffer function in sysfs/file.c in Linux kernel 2.6.12 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1056 (The Linux kernel before 2.6.16.9 and the FreeBSD kernel, when running ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1057 (Race condition in daemon/slave.c in gdm before 2.14.1 allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1058 (BusyBox 1.1.1 does not use a salt when generating passwords, which ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1059 (The winbindd daemon in Samba 3.0.21 to 3.0.21c writes the machine ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1060 (Heap-based buffer overflow in zgv before 5.8 and xzgv before 0.8 might ...) BUG: 127008 CVE-2006-1061 (Heap-based buffer overflow in cURL and libcURL 7.15.0 through 7.15.2 ...) BUG: 125766 CVE-2006-1062 (Unspecified vulnerability in lurker.cgi for Lurker 2.0 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1063 (Unspecified vulnerability in Lurker 2.0 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1064 (Multiple cross-site scripting (XSS) vulnerabilities in Lurker 2.0 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1065 (SQL injection vulnerability in search.php in MyBulletinBoard (MyBB) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1066 (Linux kernel 2.6.16-rc2 and earlier, when running on x86_64 systems ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1067 (Linksys WRT54G routers version 5 (running VXWorks) allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1068 (Netgear 614 and 624 routers, possibly running VXWorks, allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1069 (Unspecified vulnerability in the session handling for Geeklog 1.4.x ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1070 (Cross-site scripting (XSS) vulnerability in dv_gbook.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1071 (Cross-site scripting (XSS) vulnerability in index.php in DVguestbook ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1072 (Cross-site scripting (XSS) vulnerability in Daverave Simplog 1.0.2 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1073 (Directory traversal vulnerability in index.php in Daverave Simplog ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1074 (Jason Boettcher Liero Xtreme 0.62b and earlier allow remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1075 (Format string vulnerability in the visualization function in Jason ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1076 (SQL injection vulnerability in index.php, possibly during a showtopic ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1077 (Multiple cross-site scripting (XSS) vulnerabilities in the commentary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1078 (Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1079 (htpasswd, as used in Acme thttpd 2.25b and possibly other products ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1080 (Cross-site scripting (XSS) vulnerability in login.php in Game-Panel ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1081 (SQL injection vulnerability in forgotten_password.php in Jonathan ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1082 (Multiple cross-site scripting (XSS) vulnerabilities in phpArcadeScript ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1083 (Multiple directory traversal vulnerabilities in PHP-Stats 0.1.9.1 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1084 (Multiple SQL injection vulnerabilities in PHP-Stats 0.1.9.1 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1085 (admin.php in PHP-Stats 0.1.9.1 and earlier allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1086 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1087 (Direct static code injection vulnerability in the modify_config action ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1088 (PHP-Stats 0.1.9.1 and earlier allows remote attackers to obtain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1089 (Cross-site scripting (XSS) vulnerability in header.php in PunBB 1.2.10 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1090 (register.php in PunBB 1.2.10 allows remote attackers to cause an ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1091 (Kaspersky Antivirus 5.0.5 and 5.5.3 allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1092 (Unspecified vulnerability in the pagedata subsystem of the process ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1093 (Unspecified vulnerability in IBM WebSphere 5.0.2.10 through 5.0.2.15 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1094 (SQL injection vulnerability in Datenbank MOD 2.7 and earlier for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1095 (Directory traversal vulnerability in the FileSession object in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1096 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1097 (Multiple cross-site scripting (XSS) vulnerabilities in Datenbank MOD ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1098 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1099 (PHP remote file include vulnerability in logIT 1.3 and 1.4 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1100 (Buffer overflow in the sgetstr function in shared/cube.h in ...) BUG: 125289 CVE-2006-1101 (The (1) sgetstr and (2) getint functions in Sauerbraten 2006_02_28, as ...) BUG: 125289 CVE-2006-1102 (Sauerbraten 2006_02_28, as derived from the Cube engine, allows remote ...) BUG: 125289 CVE-2006-1103 (engine/server.cpp in Sauerbraten 2006_02_28, as derived from the Cube ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1104 (Multiple SQL injection vulnerabilities in Pixelpost 1.5 beta 1 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1105 (Pixelpost 1.5 beta 1 and earlier allows remote attackers to obtain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1106 (Cross-site scripting (XSS) vulnerability in Pixelpost 1.5 beta 1 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1107 (Cross-site scripting (XSS) vulnerability in news.php in NMDeluxe ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1108 (SQL injection vulnerability in news.php in NMDeluxe before 1.0.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1109 (SQL injection vulnerability in index.asp in Total Ecommerce 1.0 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1110 (Cross-site scripting (XSS) vulnerability in Aztek Forum 4.0 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1111 (Aztek Forum 4.0 allows remote attackers to obtain sensitive ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1112 (Aztek Forum 4.0 allows remote attackers to obtain sensitive ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1113 (SQL injection vulnerability in podcast.php in Loudblog before 0.42 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1114 (Multiple directory traversal vulnerabilities in Loudblog before 0.42 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1115 (nCipher HSM before 2.22.6, when generating a Diffie-Hellman ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1116 (The CBC-MAC integrity functions in the nCipher nCore API before 2.18 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1117 (nCipher firmware before V10, as used by (1) nShield, (2) nForce, (3) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1118 (SQL injection vulnerability in bmail before Aardvark PR9.1 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1119 (fantastico in Cpanel does not properly handle when it has insufficient ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1120 (Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1121 (Cross-site scripting (XSS) vulnerability in CuteNews 1.4.1 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1122 (Cross-site scripting (XSS) vulnerability in Default.asp in D2KBlog ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1123 (SQL injection vulnerability in D2KBlog 1.0.3 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1124 (Buffer overflow in RevilloC MailServer and Proxy 1.21 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1125 (Grisoft AVG Free 7.1, and other versions including 7.0.308, sets ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1126 (Gallery 2 up to 2.0.2 allows remote attackers to spoof their IP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1127 (Cross-site scripting (XSS) vulnerability in Gallery 2 up to 2.0.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1128 (Directory traversal vulnerability in the session handling class ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1129 (SQL injection vulnerability in config.php in EKINboard 1.0.3 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1130 (Cross-site scripting (XSS) vulnerability in EKINboard 1.0.3 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1131 (Cross-site scripting (XSS) vulnerability in read.php in bitweaver CMS ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1132 (SQL injection vulnerability in show.php in vbzoom 1.11 allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1133 (Multiple cross-site scripting (XSS) vulnerabilities in vbzoom 1.11 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1134 (SQL injection vulnerability in CyBoards PHP Lite 1.25, when ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1135 (Multiple cross-site scripting (XSS) vulnerabilities in sBlog 0.7.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1136 (Buffer overflow in the PostScript file interpreter code for Xerox ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1137 (Multiple unspecified vulnerabilities in Xerox CopyCentre and Xerox ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1138 (Unspecified vulnerability in the web server code in Xerox CopyCentre ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1139 (Unspecified vulnerability in the ESS/ Network Controller in Xerox ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1140 (SQL injection vulnerability in rss.php in RedBLoG 0.5 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1141 (Buffer overflow in qmailadmin.c in QmailAdmin before 1.2.10 allows ...) BUG: 153896 CVE-2006-1142 (Unspecified vulnerability in Ravenous Web Server before 0.7.1 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1143 (Cross-site scripting (XSS) vulnerability in FTPoed Blog Engine 1.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1144 (Cross-site scripting (XSS) vulnerability in HitHost 1.0.0 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1145 (Format string vulnerability in the safe_cprintf function in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1146 (Stack-based buffer overflow in the Cmd_Say_f function in g_cmds.c in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1147 (The Com_sprintf function in q_shared.c in Alien Arena 2006 Gold ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1148 (Multiple stack-based buffer overflows in the procConnectArgs function ...) BUG: 123432 CVE-2006-1149 (PHP remote file inclusion vulnerability in lib/OWL_API.php in OWL ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1150 (Buffer overflow in Tenes Empanadas Graciela (TEG) 0.11.1, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1151 (Cross-site scripting vulnerability in index.php in M-Phorum 0.2 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1152 (PHP remote file inclusion vulnerability in index.php in M-Phorum 0.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1153 (SQL injection vulnerability in D2-Shoutbox 4.2 allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1154 (PHP remote file inclusion vulnerability in archive.php in Fantastic ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1155 (Cross-site scripting (XSS) vulnerability in manas tungare Site ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1156 (SQL injection vulnerability in manas tungare Site Membership Script ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1157 (Cross-site scripting (XSS) vulnerability in Vz Scripts ADP Forum 2.0.3 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1158 (Kerio MailServer before 6.1.3 Patch 1 allows remote attackers to cause ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1159 (Format string vulnerability in Easy File Sharing (EFS) Web Server 3.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1160 (Cross-site scripting (XSS) vulnerability in Easy File Sharing (EFS) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1161 (Absolute path traversal vulnerability in Easy File Sharing (EFS) Web ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1162 (Directory traversal vulnerability in Nodez 4.6.1.1 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1163 (Cross-site scripting (XSS) vulnerability in Nodez 4.6.1.1 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1164 (Nodez 4.6.1.1 and earlier stores sensitive data in the list.gtdat file ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1165 (Cross-site scripting (XSS) vulnerability in the mediamanager module in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1166 (Monotone 0.25 and earlier, when a user creates a file in a directory ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1167 (SGI ProPack 3 SP6 kernel displays the frame buffer contents of the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1168 (The decompress function in compress42.c in (1) ncompress 4.2.4 and (2) ...) BUG: 141728 CVE-2006-1169 RESERVED CVE-2006-1170 RESERVED CVE-2006-1171 RESERVED CVE-2006-1172 (Stack-based buffer overflow in the createPKCS10 function in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1173 (Sendmail before 8.13.7 allows remote attackers to cause a denial of ...) BUG: 135141 CVE-2006-1174 (useradd in shadow-utils before 4.0.3, and possibly other versions ...) BUG: 133615 CVE-2006-1175 (The WeOnlyDo! SFTP (wodSFTP) ActiveX control is marked as safe for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1176 (Buffer overflow in eBay Enhanced Picture Services (aka EPUImageControl ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1177 RESERVED CVE-2006-1178 (Tamarack MMSd before 7.992 allows remote attackers to cause a denial ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1179 RESERVED CVE-2006-1180 RESERVED CVE-2006-1181 RESERVED CVE-2006-1182 (Adobe Graphics Server 2.0 and 2.1 (formerly AlterCast) and Adobe ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1183 (The Ubuntu 5.10 installer does not properly clear passwords from the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1184 (Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1185 (Unspecified vulnerability in Microsoft Internet Explorer 5.01 through ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1186 (Microsoft Internet Explorer 5.01 through 6 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1187 RESERVED CVE-2006-1188 (Microsoft Internet Explorer 5.01 through 6 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1189 (Buffer overflow in URLMON.DLL in Microsoft Internet Explorer 5.01 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1190 (Microsoft Internet Explorer 5.01 through 6 does not always return the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1191 (Microsoft Internet Explorer 5.01 through 6 does not always correctly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1192 (Microsoft Internet Explorer 5.01 through 6 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1193 (Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1194 (Integer signedness error in the enet_protocol_handle_incoming_commands ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1195 (The enet_protocol_handle_send_fragment function in protocol.c for ENet ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1196 (Multiple cross-site scripting (XSS) vulnerabilities in QwikiWiki 1.5 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1197 (SafeDisc installs the driver service for the secdrv.sys driver with ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1198 (Comvigo IM Lock 2006 uses a simple substitution cipher to encrypt a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1199 (Cross-site scripting (XSS) vulnerability in iframe.php in daverave ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1200 (Direct static code injection vulnerability in add_link.txt in daverave ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1201 (Directory traversal vulnerability in resetpw.php in eschew.net ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1202 (Multiple cross-site scripting (XSS) vulnerabilities in textfileBB 1.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1203 (PHP remote file include vulnerability in common.php in txtForum ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1204 (Multiple cross-site scripting (XSS) vulnerabilities in txtForum ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1205 (Multiple cross-site scripting (XSS) vulnerabilities in myWebland ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1206 (Matt Johnston Dropbear SSH server 0.47 and earlier, as used in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1207 (PHP Upload Center stores password hashes under the web root with ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1208 (Sergey Korostel PHP Upload Center allows remote attackers to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1209 (PHP Advanced Transfer Manager 1.00 through 1.30 stores sensitive ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1210 (The web interface for IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1211 (IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 configures a MySQL ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1212 (Unspecified vulnerability in index.php in Core CoreNews 2.0.1 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1213 (JiRo's Banner System Experience and Professional 1.0 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1214 (UnrealIRCd 3.2.3 allows remote attackers to cause an unspecified ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1215 (Cross-site scripting (XSS) vulnerability in misc.php in Woltlab ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1216 (Cross-site scripting (XSS) vulnerability in bigshow.php in Runcms 1.x ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1217 (SQL injection vulnerability in DSPoll 1.1 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1218 (Unspecified vulnerability in the HTTP proxy in Novell BorderManager ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1219 (Directory traversal vulnerability in Gallery 2.0.3 and earlier, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1220 (Integer overflow in the mach_msg_send function in the kernel for Mac ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1221 (Untrusted search path vulnerability in the TrueVector service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1222 (Multiple cross-site scripting (XSS) vulnerabilities in zeroboard 4.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1223 (Cross-site scripting (XSS) vulnerability in Jupiter Content Manager ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1224 (Directory traversal vulnerability in dwnld.php in GuppY 4.5.11 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1225 (CRLF injection vulnerability in Drupal 4.5.x before 4.5.8 and 4.6.x ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1226 (Cross-site scripting (XSS) vulnerability in Drupal 4.5.x before 4.5.8 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1227 (Drupal 4.5.x before 4.5.8 and 4.6.x before 4.5.8, when menu.module is ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1228 (Session fixation vulnerability in Drupal 4.5.x before 4.5.8 and 4.6.x ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1229 (SQL injection vulnerability in search.asp in Hosting Controller 6.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1230 (Multiple cross-site scripting (XSS) vulnerabilities in create.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1231 (CAPI4HylaFAX 1.3, when compiled with GENERATE_DEBUGSFFDATAFILE set, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1232 (Multiple SQL injection vulnerabilities in DSDownload 1.0, with ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1233 (Multiple cross-site scripting (XSS) vulnerabilities in WMNews allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1234 (SQL injection vulnerability in index.php in DSCounter 1.2, with ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1235 (Directory traversal vulnerability in admin/deleteuser.php in HitHost ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1236 (Buffer overflow in the SetUp function in socket/request.c in CrossFire ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1237 (Multiple SQL injection vulnerabilities in DSNewsletter 1.0, with ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1238 (SQL injection vulnerability in DSLogin 1.0, with magic_quotes_gpc ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1239 (Cross-site scripting (XSS) vulnerability in issue/createissue.aspx in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1240 (Buffer overflow in inet_server.cpp in (1) fb_inet_server and (2) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1241 (Firebird 1.5.2.4731 installs (1) fb_lock_mgr, (2) gds_drop, and (3) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1242 (The ip_push_pending_frames function in Linux 2.4.x and 2.6.x before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1243 (Directory traversal vulnerability in install05.php in Simple PHP Blog ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1244 (Unspecified vulnerability in certain versions of xpdf after 3.00, as ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1245 (Buffer overflow in mshtml.dll in Microsoft Internet Explorer ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1246 (Unspecified vulnerability in mklvcopy in BOS.RTE.LVM in IBM AIX 5.3 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1247 (rm_mlcache_file in bos.rte.install in AIX 5.1.0 through 5.3.0 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1248 (Unspecified vulnerability in usermod in HP-UX B.11.00, B.11.11, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1249 (Integer overflow in Apple QuickTime Player 7.0.3 and 7.0.4 and iTunes ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1250 (Unspecified vulnerability in the Webmail module in Winmail before 4.3 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1251 (Argument injection vulnerability in greylistclean.cron in sa-exim 4.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1252 (Eval injection vulnerability in cal.php in Light Weight Calendar (LWC) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1253 (Unspecified vulnerability in glFTPd before 2.01 RC5 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1254 (Unspecified vulnerability in BorderWare MXtreme 5.0 and 6.0 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1255 (Stack-based buffer overflow in the IMAP service in Mercur Messaging ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1256 (Cross-site scripting (XSS) vulnerability in guestbook.php in Soren ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1257 (The sample files in the authfiles directory in Microsoft Commerce ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1258 (Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.0.1 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1259 (Multiple SQL injection vulnerabilities in Maian Support 1.0 allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1260 (Horde Application Framework 3.0.9 allows remote attackers to read ...) BUG: 126435 BUG: 127889 CVE-2006-1261 (Multiple cross-site scripting (XSS) vulnerabilities in ASPPortal 3.00 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1262 (Multiple SQL injection vulnerabilities in ASPPortal 3.00 have unknown ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1263 (Multiple "unannounced" cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1264 (Cross-site scripting (XSS) vulnerability in xhawk.net discussion 2.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1265 (SQL injection vulnerability in discussion.class.php in xhawk.net ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1266 (Cross-site scripting (XSS) vulnerability in Service_Requests.asp in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1267 (Invision Power Board 2.1.4 allows remote attackers to hijack sessions ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1268 (The Internet Key Exchange implementation in Funkwerk X2300 7.2.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1269 (Buffer overflow in the parse function in parse.c in zoo 2.10 might ...) BUG: 125622 CVE-2006-1270 (Multiple cross-site scripting (XSS) vulnerabilities in zones.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1271 (SQL injection vulnerability in index.php in OxyNews allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1272 (Multiple cross-site scripting (XSS) vulnerabilities in member.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1273 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1274 (Classic Planer in AntiVir PersonalEdition Classic 7 does not drop ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1275 (GGZ Gaming Zone 0.0.12 allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1276 (admin.php in Himpfen Consulting Company PHP SimpleNEWS 1.0.0 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1277 (Cross-site scripting (XSS) vulnerability in signup.php in @1 File ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1278 (SQL injection vulnerability in @1 File Store 2006.03.07 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1279 (CGI::Session 4.03-1 allows local users to overwrite arbitrary files ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1280 (CGI::Session 4.03-1 does not set proper permissions on temporary files ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1281 (Cross-site scripting (XSS) vulnerability in member.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1282 (CRLF injection vulnerability in inc/function.php in MyBulletinBoard ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1283 (opiepasswd in One-Time Passwords in Everything (OPIE) in FreeBSD ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1284 (The installation of SQLAnywhere in Symantec Ghost 8.0 and 8.2, as used ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1285 (SQLAnywhere in Symantec Ghost 8.0 and 8.2, as used in Symantec Ghost ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1286 (Buffer overflow in the login dialog in dbisqlc.exe in SQLAnywhere for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1287 (Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1288 (Multiple SQL injection vulnerabilities in Invision Power Board (IPB) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1289 (Multiple SQL injection vulnerabilities in Milkeyway Captive Portal 0.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1290 (Multiple cross-site scripting (XSS) vulnerabilities in Milkeyway ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1291 (publish.ical.php in Jim Hu and Chad Little PHP iCalendar 2.21 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1292 (Directory traversal vulnerability in Jim Hu and Chad Little PHP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1293 (Cross-site scripting (XSS) vulnerability in index.php in Contrexx CMS ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1294 (PHP remote file include vulnerability in PageController.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1295 (Cross-site scripting (XSS) vulnerability in recherche.php3 in SPIP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1296 (Untrusted search path vulnerability in Beagle 0.2.2.1 might allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1297 (Unspecified vulnerability in Veritas Backup Exec for Windows Server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1298 (Format string vulnerability in the Job Engine service (bengine.exe) in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1299 RESERVED CVE-2006-1300 (Microsoft .NET framework 2.0 (ASP.NET) in Microsoft Windows 2000 SP4, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1301 (Microsoft Excel 2000 through 2004 allows user-assisted attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1302 (Buffer overflow in Microsoft Excel 2000 through 2003 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1303 (Multiple unspecified vulnerabilities in Microsoft Internet Explorer ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1304 (Buffer overflow in Microsoft Excel 2000 through 2003 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1305 (Microsoft Outlook 2000, 2002, and 2003 allows user-assisted remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1306 (Microsoft Excel 2000 through 2004 allows user-assisted attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1307 RESERVED CVE-2006-1308 (Unspecified vulnerability in Microsoft Excel 2000 through 2004 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1309 (Microsoft Excel 2000 through 2004 allows user-assisted attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1310 RESERVED CVE-2006-1311 (The RichEdit component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1; ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1312 RESERVED CVE-2006-1313 (Microsoft JScript 5.1, 5.5, and 5.6 on Windows 2000 SP4, and 5.6 on ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1314 (Heap-based buffer overflow in the Server Service (SRV.SYS driver) in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1315 (The Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1316 (Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1317 RESERVED CVE-2006-1318 RESERVED CVE-2006-1319 (chpst in runit 1.3.3-1 for Debian GNU/Linux, when compiled on little ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1320 (util.c in rssh 2.3.0 in Debian GNU/Linux does not use braces to make a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1321 (Cross-site scripting (XSS) vulnerability in webcheck before 1.9.6 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1322 (Novell Netware NWFTPD 5.06.05 allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1323 (Directory traversal vulnerability in WinHKI 1.6 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1324 (Cross-site scripting (XSS) vulnerability in acp/lib/class_db_mysql.php ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1325 (Cross-site scripting (XSS) vulnerability in Streber 0.055 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1326 (Multiple cross-site scripting (XSS) vulnerabilities in Invision Power ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1327 (SQL injection vulnerability in reg.php in SoftBB 0.1 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1328 (SQL injection vulnerability in count.php in Skull-Splitter PHP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1329 (The SASL negotiation in Jabber Studio jabberd before 2.0s11 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1330 (Multiple SQL injection vulnerabilities in phpWebsite 0.83 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1331 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1332 (Noah's Classifieds 1.3 and earlier allows remote attackers to obtain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1333 (Multpile SQL injection vulnerabilities in BetaParticle Blog 6.0 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1334 (Multiple SQL injection vulnerabilities in Maian Weblog 2.0 allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1335 (gnome screensaver before 2.14, when running on an X server with ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1336 (Cross-site scripting vulnerability in calendar.php in ExtCalendar 1.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1337 (Buffer overflow in the POP 3 (POP3) service in MailEnable Standard ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1338 (Webmail in MailEnable Professional Edition before 1.73 and Enterprise ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1339 (Directory traversal vulnerability in inc/functions.inc.php in CuteNews ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1340 (CuteNews 1.4.1 and possibly other versions allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1341 (SQL injection vulnerability in events.php in Maian Events 1.0 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1342 (net/ipv4/af_inet.c in Linux kernel 2.4 does not clear ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1343 (net/ipv4/netfilter/ip_conntrack_core.c in Linux kernel 2.4 and 2.6, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1344 (Cross-site scripting (XSS) vulnerability in VeriSign haydn.exe, as ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1345 (polls.php in MyBB (aka MyBulletinBoard) 1.10 allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1346 (Directory traversal vulnerability in inc/setLang.php in Greg ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1347 (SQL injection vulnerability in loginfunction.php in Greg Neustaetter ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1348 (Cross-site scripting (XSS) vulnerability in index.php in Greg ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1349 (Multiple cross-site scripting (XSS) vulnerabilities in Musicbox 2.3 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1350 (PHP remote file include vulnerability in index.php in 99Articles.com ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1351 (BEA WebLogic Server 6.1 SP7 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1352 (BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1353 (Multiple SQL injection vulnerabilities in ASPPortal 3.1.1 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1354 (Unspecified vulnerability in FreeRADIUS 1.0.0 up to 1.1.0 allows ...) BUG: 127229 CVE-2006-1355 (avast! Antivirus 4.6.763 and earlier sets "BUILTIN\Everyone" ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1356 (Stack-based buffer overflow in the count_vcards function in LibVC 3, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1357 (Cross-site scripting (XSS) vulnerability in my.support.php3 in F5 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1358 (Unspecified vulnerability in BEA WebLogic Portal 8.1 up to SP5 causes ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1359 (Microsoft Internet Explorer 6 and 7 Beta 2 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1360 (Multiple SQL injection vulnerabilities in MusicBox 2.3 Beta 2 allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1361 (Cross-site scripting (XSS) vulnerability in OSWiki before 0.3.1 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1362 (Multiple SQL injection vulnerabilities in Mini-Nuke CMS System 1.8.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1363 (images.php in Justin White (aka YTZ) Free Web Publishing System ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1364 (Microsoft w3wp (aka w3wp.exe) does not properly handle when the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1365 (The Motorola PEBL U6, the Motorola V600, and possibly the Motorola ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1366 (Buffer overflow in the Motorola PEBL U6 08.83.76R, and possibly other ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1367 (The Motorola PEBL U6 08.83.76R, the Motorola V600, and possibly the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1368 (Buffer overflow in the USB Gadget RNDIS implementation in the Linux ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1369 (Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1370 (Buffer overflow in RealNetworks RealPlayer 10.5 6.0.12.1040 through ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1371 (Laurentiu Matei eXpandable Home Page (XHP) CMS 0.5 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1372 (Multiple SQL injection vulnerabilities in 1WebCalendar 4.0 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1373 (Cross-site scripting (XSS) vulnerability in status_image.php in PHP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1374 (SQL injection vulnerability in viewStatement.php in AdMan 1.0.20051221 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1375 (AdMan 1.0.20051221 and earlier allows remote attackers to obtain the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1376 (The installation of Debian GNU/Linux 3.1r1 from the network install CD ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1377 (Cross-site scripting (XSS) vulnerability in img.php in (1) EasyMoblog ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1378 (PasswordSafe 3.0 beta, when running on Windows before XP, uses a weak ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1379 (Trend Micro PC-cillin Internet Security 2006 14.00.1485 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1380 (ISNTSmtp directory in Trend Micro InterScan Messaging Security Suite ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1381 (Trend Micro OfficeScan 5.5, and probably other versions before 6.5, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1382 (PHP remote file inclusion vulnerability in impex/ImpExData.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1383 (Directory traversal vulnerability in Baby FTP Server (BabyFTP) 1.24 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1384 (Cross-site scripting (XSS) vulnerability in apwc_win_main.jsp in the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1385 (Stack-based buffer overflow in the parseTaggedData function in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1386 (The (1) rdiff and (2) preview scripts in TWiki 4.0 and 4.0.1 ignore ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1387 (TWiki 4.0, 4.0.1, and 20010901 through 20040904 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1388 (Unspecified vulnerability in Microsoft Internet Explorer 6.0 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1389 (Unspecified vulnerability in swagentd in HP-UX B.11.00, B.11.04, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1390 (The configuration of NetHack 3.4.3-r1 and earlier, Falcon's Eye 1.9.4a ...) BUG: 127319 BUG: 127167 BUG: 122376 BUG: 125902 CVE-2006-1391 (The (a) Quick 'n Easy Web Server before 3.1.1 and (b) Baby ASP Web ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1392 (Multiple cross-site scripting (XSS) vulnerabilities in index.cgi in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1393 (Multiple cross-site scripting (XSS) vulnerabilities in the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1394 (Multiple cross-site scripting (XSS) vulnerabilities in the Microsoft ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1395 (SQL injection vulnerability in mb.cgi in Cholod MySQL Based Message ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1396 (Multiple cross-site scripting (XSS) vulnerabilities in Cholod MySQL ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1397 (Multiple cross-site scripting (XSS) vulnerabilities in (a) phpAdsNew ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1398 (Cross-site scripting (XSS) vulnerability in guestbook.php in G-Book ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1399 (Cross-site scripting (XSS) vulnerability in searchresult.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1400 (Cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1401 (Multiple cross-site scripting (XSS) vulnerabilities in search.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1402 (Buffer overflow in client/server Doom (csDoom) 0.7 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1403 (Format string vulnerability in the PrintString function in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1404 (Multiple cross-site scripting (XSS) vulnerabilities in bol.cgi in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1405 (Cross-site scripting (XSS) vulnerability in search.aspx in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1406 (Multiple cross-site scripting (XSS) vulnerabilities in wbadmlog.aspx ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1407 (Multiple cross-site scripting (XSS) vulnerabilities in Helm Web ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1408 (Vavoom 1.19.1 and earlier allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1409 (Buffer overflow in Vavoom 1.19.1 and earlier allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1410 (Multiple cross-site scripting (XSS) vulnerabilities in XIGLA Absolute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1411 (Cross-site scripting (XSS) vulnerability in Absolute Image Gallery XE ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1412 (TFT Gallery 0.10 stores sensitive information under the web root with ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1413 (Multiple cross-site scripting (XSS) vulnerabilities in EZHomepagePro ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1414 (Multiple cross-site scripting (XSS) vulnerabilities in toast.asp in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1415 (Cross-site scripting (XSS) vulnerability in iforget.aspx in dotNetBB ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1416 (Cross-site scripting (XSS) vulnerability in afmsearch.aspx in Absolute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1417 (Multiple cross-site scripting (XSS) vulnerabilities in Caloris ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1418 (Cross-site scripting (XSS) vulnerability in default.asp in Caloris ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1419 (SQL injection vulnerability in the Calendar module in nuked-klan 1.7.5 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1420 (SQL injection vulnerability in print.php in SaphpLesson 2.0 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1421 (Multiple SQL injection vulnerabilities in akocomment.php in AkoComment ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1422 (SQL injection vulnerability in details_view.php in PHP Booking Calendar ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1423 (SQL injection vulnerability in showflat.php in UBB.threads 5.5.1, 6.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1424 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1425 (Cross-site scripting (XSS) vulnerability in track.php in phpmyfamily ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1426 (Multiple SQL injection vulnerabilities in Pixel Motion Blog allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1427 (Multiple cross-site scripting (XSS) vulnerabilities in WebAPP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1428 (Multiple cross-site scripting (XSS) vulnerabilities in phpCOIN 1.2.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1429 (Cross-site scripting (XSS) vulnerability in accountlogon.cfm in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1430 (Multiple cross-site scripting (XSS) vulnerabilities in CONTROLzx HMS ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1431 (Cross-site scripting (XSS) vulnerability in local.cfm in fusionZONE ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1432 (fusionZONE couponZONE 4.2 allows remote attackers to obtain the full ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1433 (Annuaire (Directory) 1.0 allows remote attackers to obtain sensitive ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1434 (Cross-site scripting (XSS) vulnerability in inscription.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1435 (Cross-site scripting (XSS) vulnerability in genmessage.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1436 (Multiple cross-site scripting (XSS) vulnerabilities in UPOINT @1 Event ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1437 (UPOINT @1 Event Publisher stores sensitive information under the web ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1438 (Multiple cross-site scripting (XSS) vulnerabilities in Andy's PHP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1439 (NSSecureTextField in AppKit in Apple Mac OS X 10.4.6 does not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1440 (BOM in Apple Mac OS X 10.3.9 and 10.4.6 allows attackers to overwrite ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1441 (Integer overflow in CFNetwork in Apple Mac OS X 10.4.6 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1442 (The bundle API in CoreFoundation in Apple Mac OS X 10.3.9 and 10.4.6 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1443 (Integer underflow in CoreFoundation in Apple Mac OS X 10.3.9 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1444 (CoreGraphics in Apple Mac OS X 10.4.6, when "Enable access for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1445 (Buffer overflow in the FTP server (FTPServer) in Apple Mac OS X 10.3.9 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1446 (Keychain in Apple Mac OS X 10.3.9 and 10.4.6 might allow an ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1447 (LaunchServices in Apple Mac OS X 10.4.6 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1448 (Finder in Apple Mac OS X 10.3.9 and 10.4.6 allows user-assisted ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1449 (Integer overflow in Mail in Apple Mac OS X 10.3.9 and 10.4.6 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1450 (Mail in Apple Mac OS X 10.3.9 and 10.4.6 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1451 (MySQL Manager in Apple Mac OS X 10.3.9 and 10.4.6, when setting up a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1452 (Stack-based buffer overflow in Preview in Apple Mac OS 10.4 up to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1453 (Stack-based buffer overflow in Apple QuickTime before 7.1 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1454 (Heap-based buffer overflow in Apple QuickTime before 7.1 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1455 (QuickTime Streaming Server in Apple Mac OS X 10.3.9 and 10.4.6 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1456 (Buffer overflow in QuickTime Streaming Server in Apple Mac OS X 10.3.9 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1457 (Safari on Apple Mac OS X 10.4.6, when "Open `safe' files after ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1458 (Integer overflow in Apple QuickTime Player before 7.1 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1459 (Multiple integer overflows in Apple QuickTime before 7.1 allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1460 (Multiple buffer overflows in Apple QuickTime before 7.1 allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1461 (Multiple buffer overflows in Apple QuickTime before 7.1 allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1462 (Multiple integer overflows in Apple QuickTime before 7.1 allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1463 (Heap-based buffer overflow in Apple QuickTime before 7.1 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1464 (Buffer overflow in Apple QuickTime before 7.1 allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1465 (Buffer overflow in Apple QuickTime before 7.1 allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1466 (Xcode Tools before 2.3 for Mac OS X 10.4, when running the WebObjects ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1467 (Integer overflow in the AAC file parsing code in Apple iTunes before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1468 (Unspecified vulnerability in Apple File Protocol (AFP) server in Apple ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1469 (Stack-based buffer overflow in ImageIO in Apple Mac OS X 10.4 up to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1470 (OpenLDAP in Apple Mac OS X 10.4 up to 10.4.6 allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1471 (Format string vulnerability in the CF_syslog function launchd in Apple ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1472 (Unspecified vulnerability in AFP Server in Apple Mac OS X 10.3.9 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1473 (Integer overflow in AFP Server for Apple Mac OS X 10.3.9 and 10.4.7 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1474 (Cross-site scripting (XSS) vulnerability in the "failed" functionality ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1475 (Windows Firewall in Microsoft Windows XP SP2 does not produce ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1476 (Windows Firewall in Microsoft Windows XP SP2 produces incorrect ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1477 (Multiple PHP remote file inclusion vulnerabilities in Turnkey Web ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1478 (Directory traversal vulnerability in (1) initiate.php and (2) possibly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1479 (Multiple cross-site scripting (XSS) vulnerabilities in Serge Rey ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1480 (Directory traversal vulnerability in start.php in WebAlbum 2.02 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1481 (SQL injection vulnerability in search.php in PHP Ticket 0.71 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1482 (Cross-site scripting (XSS) vulnerability in index.php in ConfTool 1.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1483 (Blazix Web Server before 1.2.6, when running on Windows, allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1484 (Genius VideoCAM NB Driver does not drop privileges when saving files, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1485 (gm-upload.cgi in Greymatter 1.3.1 allows remote authenticated users ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1486 (Multiple cross-site scripting (XSS) vulnerabilities in index.cfm in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1487 (Cross-site scripting (XSS) vulnerability in ActiveCampaign SupportTrio ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1488 (ActiveCampaign SupportTrio 2.5 allows remote attackers to obtain the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1489 (Multiple SQL injection vulnerabilities in FusionZONE CouponZONE ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1490 (PHP before 5.1.3-RC1 might allow remote attackers to obtain portions ...) BUG: 133524 BUG: 131135 BUG: 128883 BUG: 127939 CVE-2006-1491 (Eval injection vulnerability in Horde Application Framework versions ...) BUG: 126435 BUG: 127889 CVE-2006-1492 (Directory traversal vulnerability in dir.php in Explorer XP allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1493 (Cross-site scripting (XSS) vulnerability in dir.php in Explorer XP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1494 (Directory traversal vulnerability in file.c in PHP 4.4.2 and 5.1.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1495 (SQL injection vulnerability in general/sendpassword.php in (1) ...) BUG: 235052 CVE-2006-1496 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1497 (Directory traversal vulnerability in index.php in ViHor Design allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1498 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.5.8 and ...) BUG: 127971 CVE-2006-1499 (SQL injection vulnerability in vCounter.php in vCounter 1.0 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1500 (SQL injection vulnerability in index.php in Tilde CMS 3.0 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1501 (SQL injection vulnerability in index.php in OneOrZero 1.6.3.0 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1502 (Multiple integer overflows in MPlayer 1.0pre7try2 allow remote ...) BUG: 127969 CVE-2006-1503 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1504 (Multiple cross-site scripting (XSS) vulnerabilities in Arab Portal 2.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1505 (base_maintenance.php in Basic Analysis and Security Engine (BASE) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1506 (Unspecified vulnerability in rsh in Sun Microsystems Sun Grid Engine ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1507 (Cross-site scripting (XSS) vulnerability in PHPKIT 1.6.03 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1508 (Multiple cross-site scripting (XSS) vulnerabilities in MH Software ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1509 (/sbin/passwd in HP-UX B.11.00, B.11.11, and B.11.23 before 20060326 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1510 (Buffer overflow in calloc.c in the Microsoft Windows XP SP2 ntdll.dll ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1511 (Buffer overflow in the ILASM assembler in the Microsoft .NET 1.0 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1512 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1513 (Multiple buffer overflows in abc2ps before 1.3.3 allow user-assisted ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1514 (Multiple buffer overflows in the abcmidi-yaps translator in abcmidi ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1515 (Buffer overflow in the addnewword function in typespeed 0.4.4 and ...) BUG: 135071 CVE-2006-1516 (The check_connection function in sql_parse.cc in MySQL 4.0.x up to ...) BUG: 132146 CVE-2006-1517 (sql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and ...) BUG: 132146 CVE-2006-1518 (Buffer overflow in the open_table function in sql_base.cc in MySQL ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1519 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1520 (Format string vulnerability in ANSI C Sender Policy Framework library ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1521 RESERVED CVE-2006-1522 (The sys_add_key function in the keyring code in Linux kernel 2.6.16.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1523 (The __group_complete_signal function in the RCU signal handling ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1524 (madvise_remove in Linux kernel 2.6.16 up to 2.6.16.6 does not follow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1525 (ip_route_input in Linux kernel 2.6 before 2.6.16.8 allows local users ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1526 (Buffer overflow in the X render (Xrender) extension in X.org X server ...) BUG: 130979 CVE-2006-1527 (The SCTP-netfilter code in Linux kernel before 2.6.16.13 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1528 (Linux kernel before 2.6.13 allows local users to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1529 (Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1530 (Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1531 (Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1532 (Cross-site scripting (XSS) vulnerability in search.php in PHP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1533 (SQL injection vulnerability in newsletter.php in Sourceworkshop ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1534 (Multiple SQL injection vulnerabilities in Null news allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1535 (Cross-site scripting (XSS) vulnerability in login.php in Phoetux.net ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1536 (Multiple SQL injection vulnerabilities in Phoetux.net PhxContacts ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1537 (Craig Knudsen WebCalendar 1.1.0-CVS allows remote attackers to obtain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1538 (The Enova X-Wall ASIC encrypts with a key obtained via Microwire from ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1539 (Multiple buffer overflows in the checkscores function in scores.c in ...) BUG: 122399 CVE-2006-1540 (MSO.DLL in Microsoft Office 2000, Office XP (2002), and Office 2003 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1541 (SQL injection vulnerability in Default.asp in EzASPSite 2.0 RC3 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1542 (Stack-based buffer overflow in Python 2.4.2 and earlier, running on ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1543 (Multiple SQL injection vulnerabilities in vscripts (aka Kuba ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1544 (Multiple cross-site scripting (XSS) vulnerabilities in news.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1545 (Direct static code injection vulnerability in admin/config.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1546 (Apache Software Foundation (ASF) Struts before 1.2.9 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1547 (ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1548 (Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1549 (PHP 4.4.2 and 5.1.2 allows local users to cause a crash (segmentation ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1550 (Multiple buffer overflows in the xfig import code (xfig-import.c) in ...) BUG: 128107 CVE-2006-1551 (Eval injection vulnerability in pajax_call_dispatcher.php in PAJAX ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1552 (Integer overflow in ImageIO in Apple Mac OS X 10.4 up to 10.4.5 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1553 (SQL injection vulnerability in functions/final_functions.php in VSNS ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1554 (Cross-site scripting (XSS) vulnerability in VSNS Lemon 3.2.0 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1555 (VSNS Lemon 3.2.0 allows remote attackers to bypass authentication and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1556 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1557 (Multiple SQL injection vulnerabilities in X-Changer 0.2 allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1558 (Cross-site scripting (XSS) vulnerability in search.php in PHP Script ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1559 (SQL injection vulnerability in PHP Script Index allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1560 (Multiple SQL injection vulnerabilities in SkinTech phpNewsManager 1.48 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1561 (SQL injection vulnerability in index.php in vscripts (aka Kuba ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1562 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1563 (Direct static code injection vulnerability in config.php in vscripts ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1564 (Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1565 (Untrusted search path vulnerability in libgpib-perl 3.2.06-2 in Debian ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1566 (Untrusted search path vulnerability in libtunepimp-perl 0.4.2-1 in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1567 (Cross-site scripting (XSS) vulnerability in searchresults.asp in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1568 (Multiple cross-site scripting (XSS) vulnerabilities in register.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1569 (Multiple SQL injection vulnerabilities in RedCMS 0.1 allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1570 (Cross-site scripting (XSS) vulnerability in Esqlanelapse 2.0 and 2.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1571 (Multiple SQL injection vulnerabilities in loginprocess.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1572 (SQL injection vulnerability in post.php in Oxygen 1.1.3 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1573 (PHP remote file inclusion vulnerability in index.php in MediaSlash ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1574 (Cross-site scripting (XSS) vulnerability in Groupmax World Wide Web, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1575 (Multiple cross-site scripting (XSS) vulnerabilities in news.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1576 (Direct static code injection vulnerability in QLnews 1.2 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1577 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1578 (Multiple SQL injection vulnerabilities in Keystone Digital Library ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1579 (SQL injection vulnerability in topics.php in Dynamic Bulletin Board ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1580 (Multiple cross-site scripting (XSS) vulnerabilities in Bugzero 4.3.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1581 (Directory traversal vulnerability in index.php in Blank'N'Berg 0.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1582 (Cross-site scripting (XSS) vulnerability in index.php in Blank'N'Berg ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1583 (Cross-site scripting (XSS) vulnerability in index.php in Warcraft III ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1584 (Unspecified vulnerability in index.php in Warcraft III Replay Parser ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1585 (Multiple SQL injection vulnerabilities in MonAlbum 0.8.7 allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1586 (SQL injection vulnerability in admin_login.asp in ISP of Egypt SiteMan ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1587 (NetBSD 1.6 up to 3.0, when a user has "set record" in .mailrc with the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1588 (The bridge ioctl (if_bridge code) in NetBSD 1.6 through 3.0 does not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1589 (The elf_load_file function in NetBSD 2.0 through 3.0 allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1590 (Cross-site scripting (XSS) vulnerability in the PrintFreshPage ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1591 (Heap-based buffer overflow in Microsoft Windows Help winhlp32.exe ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1592 (Buffer overflow in the is_client_wad_ok function in w_wad.cpp for (1) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1593 (The (1) ZD_MissingPlayer, (2) ZD_UseItem, and (3) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1594 (Multiple directory traversal vulnerabilities in document/rqmkhtml.php ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1595 (Cross-site scripting (XSS) vulnerability in document/rqmkhtml.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1596 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1597 RESERVED CVE-2006-1598 (AN HTTPD 1.42n, and possibly other versions before 1.42p, allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1599 (Unspecified vulnerability in VCEngine.php in v-creator before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1600 (SQL injection vulnerability in category.php in PhpWebGallery 1.4.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1601 (Unspecified vulnerability in SunPlex Manager in Sun Cluster 3.1 4/04 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1602 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1603 (Cross-site scripting (XSS) vulnerability in profile.php in phpBB ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1604 (Unspecified vulnerability in Exponent CMS before 0.96.5 RC 1 has ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1605 (Unspecified vulnerability in the image module in Exponent CMS before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1606 (Unspecified vulnerability in the image module in Exponent CMS before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1607 (Unspecified vulnerability in the banner module in Exponent CMS before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1608 (The copy function in file.c in PHP 4.4.2 and 5.1.2 allows local users ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1609 (Unspecified vulnerability in Hitachi XFIT/S, XFIT/S/JCA, XFIT/S/ZGN, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1610 (PHP remote file inclusion vulnerability in lib/armygame.php in SQuery ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1611 (Directory traversal vulnerability in KGB Archiver before 1.1.5.22 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1612 (Multiple cross-site scripting (XSS) vulnerabilities in visview.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1613 (Multiple SQL injection vulnerabilities in aWebNews 1.0 allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1614 (Integer overflow in the cli_scanpe function in the PE header parser ...) BUG: 128963 CVE-2006-1615 (Multiple format string vulnerabilities in the logging code in Clam ...) BUG: 128963 CVE-2006-1616 (Multiple SQL injection vulnerabilities in Advanced Poll 2.02 allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1617 (Multiple cross-site scripting (XSS) vulnerabilities in Advanced Poll ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1618 (Format string vulnerability in the (1) Con_message and (2) conPrintf ...) BUG: 128690 CVE-2006-1619 (IBM WebSphere Application Server 4.0.1 through 4.0.3 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1620 (admin/accounts/AccountActions.asp in Hosting Controller 2002 RC 1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1621 (Directory traversal vulnerability in admin/folders/saveuploadfiles.asp ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1622 (Cross-site scripting (XSS) vulnerability in PHPSelect linksubmit ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1623 (Unspecified vulnerability in main.php in an unspecified "file created ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1624 (The default configuration of syslogd in the Linux sysklogd package ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1625 (Cross-site scripting (XSS) vulnerability in inc/functions_post.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1626 (Internet Explorer 6 for Windows XP SP2 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1627 (Adobe Document Server for Reader Extensions 6.0 does not provide ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1628 (Adobe LiveCycle Workflow 7.01 and LiveCycle Forum Manager 7.01 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1629 (OpenVPN 2.0 through 2.0.5 allows remote malicious servers to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1630 (The cli_bitset_set function in libclamav/others.c in Clam AntiVirus ...) BUG: 128963 CVE-2006-1631 (Unspecified vulnerability in the HTTP compression functionality in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1632 RESERVED CVE-2006-1633 RESERVED CVE-2006-1634 (Cross-site scripting (XSS) vulnerability in index.php in LucidCMS ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1635 (LucidCMS 2.0.0 RC4 allows remote attackers to obtain sensitive ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1636 (PHP remote file inclusion vulnerability in get_header.php in VWar ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1637 (Multiple cross-site scripting (XSS) vulnerabilities in aWebBB 1.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1638 (Multiple SQL injection vulnerabilities in aWebBB 1.2 allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1639 (SQL injection vulnerability in index.php in wpBlog 0.4 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1640 (Cross-site scripting (XSS) vulnerability in news.php in CzarNews 1.14 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1641 (Multiple SQL injection vulnerabilities in CzarNews 1.14 allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1642 (Cross-site scripting (XSS) vulnerability in Interact 2.1.1 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1643 (SQL injection vulnerability in login.php in Interact 2.1.1 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1644 (login.php in Interact 2.1.1 generates different responses depending on ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1645 (Cross-site scripting (XSS) vulnerability in Anton Vlasov and Rostislav ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1646 (The Internet Key Exchange version 1 (IKEv1) implementation ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1647 (An unspecified "logical programming mistake" in SMART SynchronEyes ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1648 (SMART SynchronEyes Student and Teacher 6.0, and possibly earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1649 (The "restore to" selection in the "quarantine a file" capability of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1650 (Firefox 1.5.0.1 allows remote attackers to spoof the address bar and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1651 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1652 (Multiple buffer overflows in (a) UltraVNC (aka Ultr@VNC) 1.0.1 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1653 (PHP remote file inclusion vulnerability in loadkernel.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1654 (Directory traversal vulnerability in the HP Color LaserJet 2500 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1655 (Multiple buffer overflows in mpg123 0.59r allow user-assisted ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1656 (vserver in util-vserver 0.30.209 executes a command as root when the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1657 (Cross-site scripting (XSS) vulnerability in index.php in Chucky ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1658 (Direct static code injection vulnerability in ticker.db.php in Chucky ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1659 (Multiple SQL injection vulnerabilities in Softbiz Image Gallery allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1660 (Cross-site scripting (XSS) vulnerability in image_desc.php in Softbiz ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1661 (Multiple cross-site scripting (XSS) vulnerabilities in SKForum 1.5 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1662 (The frontpage option in Limbo CMS 1.0.4.2 and 1.0.4.1 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1663 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1664 (Buffer overflow in xine_list_delete_current in libxine 1.14 and ...) BUG: 128838 BUG: 208100 CVE-2006-1665 (Multiple cross-site scripting (XSS) vulnerabilities in Arab Portal ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1666 (SQL injection vulnerability in forum.php in Arab Portal 2.0.1 stable ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1667 (SQL injection vulnerability in slides.php in Eric Gerdes Crafty Syntax ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1668 (newimage.php in Eric Gerdes Crafty Syntax Image Gallery (CSIG) (aka ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1669 (SQL injection vulnerability in chat/messagesL.php3 in phpHeaven Team ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1670 (Control cards for Cisco Optical Networking System (ONS) 15000 series ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1671 (Control cards for Cisco Optical Networking System (ONS) 15000 series ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1672 (The installation of Cisco Transport Controller (CTC) for Cisco Optical ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1673 (Cross-site scripting (XSS) vulnerability in vbugs.php in Dark_Wizard ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1674 (Cross-site scripting (XSS) vulnerability in search.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1675 (Multiple cross-site scripting (XSS) vulnerabilities in PHPWebGallery ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1676 (SQL injection vulnerability in the display function in the Topics ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1677 (MAXdev MDPro 1.0.73 and 1.0.72, and possibly other versions before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1678 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1679 (Cross-site scripting (XSS) vulnerability in modules/online.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1680 (Jupiter CMS 1.1.5, when display_errors is enabled, allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1681 (Cross-site scripting (XSS) vulnerability in Cherokee HTTPD 0.5 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1682 (Cross-site scripting (XSS) vulnerability in webplus.exe in TalentSoft ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1683 (SQL injection vulnerability in admin/login.php in Chipmunk Guestbook ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1684 (Unspecified vulnerability in ecotwo Shopsystem 1.0-192 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1685 (Multiple SQL injection vulnerabilities in modules.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1686 (Unspecified vulnerability in modules.php in APT-webshop-system 4.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1687 (Cross-site scripting (XSS) vulnerability in APT-webshop-system 4.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1688 (Multiple PHP remote file inclusion vulnerabilities in SQuery 4.5 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1689 (Unspecified vulnerability in su in HP HP-UX B.11.11, when using the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1690 (Cross-site scripting (XSS) vulnerability in subscribe.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1691 (SQL injection vulnerability in MWNewsletter 1.0.0b allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1692 (Multiple SQL injection vulnerabilities in MWNewsletter 1.0.0b allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1693 (Unspecified vulnerability in GlobalSCAPE Secure FTP Server before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1694 (SQL injection vulnerability in members.php in XBrite Members 1.1 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1695 (The fbgs script in the fbi package 2.01-1.4, when the TMPDIR ...) BUG: 129470 CVE-2006-1696 (Cross-site scripting (XSS) vulnerability in Gallery before 1.5.3 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1697 (Cross-site scripting (XSS) vulnerability in Matt Wright Guestbook ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1698 (Cross-site scripting (XSS) vulnerability in Matt Wright Guestbook ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1699 (Cross-site scripting (XSS) vulnerability in index.php in Aweb Banner ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1700 (Buy.php in Aweb Scripts Seller uses predictable cookies for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1701 (Cross-site scripting (XSS) vulnerability in the Pages module in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1702 (PHP remote file inclusion vulnerability in spip_login.php3 in SPIP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1703 (PHP remote file inclusion vulnerability in lire.php in Sire 2.0 nws ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1704 (Sire 2.0 nws allows remote attackers to upload arbitrary image files ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1705 (Oracle Database 9.2.0.0 to 10.2.0.3 allows local users with "SELECT" ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1706 (Multiple SQL injection vulnerabilities in Shopweezle 2.0 allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1707 (index.php in Shopweezle 2.0 allows remote attackers to include ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1708 (SQL injection vulnerability in member.php in Clansys 1.1 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1709 (Cross-site scripting (XSS) vulnerability in shop_main.cgi in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1710 (SQL injection vulnerability in admin.php in Design Nation DNGuestbook ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1711 (Plone 2.0.5, 2.1.2, and 2.5-beta1 does not restrict access to the (1) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1712 (Cross-site scripting (XSS) vulnerability in the private archive script ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1713 (Cross-site scripting (XSS) vulnerability in index.php in Christoph ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1714 (CRLF injection vulnerability in index.php in Christoph Roeder ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1715 (Multiple directory traversal vulnerabilities in Christian Kindahl ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1716 (Cross-site scripting (XSS) vulnerability in inc/functions_post.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1717 (Cross-site scripting (XSS) vulnerability in newthread.php in MyBB (aka ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1718 (Magus Perde Clever Copy 3.0 and earlier stores sensitive information ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1719 (Internet Explorer 6 allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1720 (Cross-site scripting (XSS) vulnerability in search.php in SaphpLesson ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1721 (digestmd5.c in the CMU Cyrus Simple Authentication and Security Layer ...) BUG: 129523 CVE-2006-1722 (Cross-site scripting (XSS) vulnerability in suche.htm in ShopXS 4.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1723 (Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1724 (Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1725 (Mozilla Firefox 1.5 before 1.5.0.2 and SeaMonkey before 1.0.1 causes ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1726 (Unspecified vulnerability in Firefox and Thunderbird 1.5 before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1727 (Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x ...) BUG: 130888 BUG: 130887 BUG: 129924 CVE-2006-1728 (Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x ...) BUG: 130888 BUG: 130887 BUG: 129924 CVE-2006-1729 (Mozilla Firefox 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla ...) BUG: 130887 BUG: 129924 CVE-2006-1730 (Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 ...) BUG: 130888 BUG: 130887 BUG: 129924 CVE-2006-1731 (Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, ...) BUG: 130888 BUG: 130887 BUG: 129924 CVE-2006-1732 (Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x ...) BUG: 130888 BUG: 130887 BUG: 129924 CVE-2006-1733 (Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, ...) BUG: 130888 BUG: 130887 BUG: 129924 CVE-2006-1734 (Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, ...) BUG: 130888 BUG: 130887 BUG: 129924 CVE-2006-1735 (Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, ...) BUG: 130888 BUG: 130887 BUG: 129924 CVE-2006-1736 (Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite ...) BUG: 130887 BUG: 129924 CVE-2006-1737 (Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5 and ...) BUG: 130888 BUG: 130887 BUG: 129924 CVE-2006-1738 (Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x ...) BUG: 130888 BUG: 130887 BUG: 129924 CVE-2006-1739 (The CSS border-rendering code in Mozilla Firefox and Thunderbird 1.x ...) BUG: 130888 BUG: 130887 BUG: 129924 CVE-2006-1740 (Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite ...) BUG: 130887 BUG: 129924 CVE-2006-1741 (Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite ...) BUG: 130888 BUG: 130887 BUG: 129924 CVE-2006-1742 (The JavaScript engine in Mozilla Firefox and Thunderbird 1.x before ...) BUG: 130888 BUG: 130887 BUG: 129924 CVE-2006-1743 (Multiple SQL injection vulnerabilities in form.php in JBook 1.4 allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1744 (Buffer overflow in pl_main.c in sail in BSDgames before 2.17-7 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1745 (Cross-site scripting (XSS) vulnerability in login.php in Bitweaver 1.3 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1746 (Directory traversal vulnerability in PHPList 2.10.2 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1747 (PHP remote file inclusion vulnerability in Virtual War (VWar) 1.5.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1748 (Cross-site scripting (XSS) vulnerability in XMB Forum 1.9.5 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1749 (PHP remote file inclusion vulnerability in config.php in phpListPro ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1750 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1751 (Multiple SQL injection vulnerabilities in MvBlog before 1.6 allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1752 (Multiple cross-site scripting (XSS) vulnerabilities in the backend in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1753 (A cron job in fcheck before 2.7.59 allows local users to overwrite ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1754 (SQL injection vulnerability in index.php in SWSoft Confixx 3.0.6, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1755 (SQL injection vulnerability in admin.php in MD News 1 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1756 (MD News 1 allows remote attackers to bypass authentication via a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1757 (Cross-site scripting (XSS) vulnerability in index.php in Vegadns 0.99 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1758 (SQL injection vulnerability in index.php in Vegadns 0.99 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1759 (Cross-site scripting (XSS) vulnerability in allgemein_transfer.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1760 (Multiple cross-site scripting (XSS) vulnerabilities in JetPhoto allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1761 (Cross-site scripting vulnerability in index.php in blur6ex 0.3.452 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1762 (Directory traversal vulnerability in index.php in blur6ex 0.3.452 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1763 (Multiple SQL injection vulnerabilities in index.php in blur6ex 0.3.452 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1764 (Hosting Controller 6.1 stores forum/db/forum.mdb under the web ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1765 (Cross-site scripting (XSS) vulnerability in index.php in JBook 1.3 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1766 (Multiple SQL injection vulnerabilities in Papoo 2.1.5, and 3 beta1 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1767 (Multiple PHP remote file inclusion vulnerabilities in nicecoder.com ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1768 (Multiple cross-site scripting (XSS) vulnerabilities in register.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1769 (Multiple cross-site scripting (XSS) vulnerabilities in UserLand Manila ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1770 (Multiple PHP remote file inclusion vulnerabilities in Azerbaijan ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1771 (Directory traversal vulnerability in misc in pbcs.dll in SAXoTECH ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1772 (debconf in Debian GNU/Linux, when configuring mnogosearch in the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1773 (SQL injection vulnerability in include.php in PHPKIT 1.6.1 Release 2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1774 (HP System Management Homepage (SMH) 2.1.3.132, when running on ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1775 (Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.19 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1776 (PHP remote file inclusion vulnerability in doc/index.php in Jeremy ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1777 (Directory traversal vulnerability in doc/index.php in Jeremy Ashcraft ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1778 (Multiple SQL injection vulnerabilities in Jeremy Ashcraft Simplog ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1779 (Cross-site scripting (XSS) vulnerability in login.php in Jeremy ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1780 (The Bourne shell (sh) in Solaris 8, 9, and 10 allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1781 (PHP remote file inclusion vulnerability in functions.php in Circle R ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1782 (Unspecified vulnerability in Solaris 8 and 9 allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1783 (Cross-site scripting (XSS) vulnerability in PatroNet CMS allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1784 (PHP remote file inclusion vulnerability in admin/configset.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1785 (Adobe Document Server for Reader Extensions 6.0 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1786 (Cross-site scripting (XSS) vulnerability in Adobe Document Server for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1787 (Adobe Document Server for Reader Extensions 6.0 includes a user's ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1788 (Adobe Document Server for Reader Extensions 6.0, during log on, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1789 (Directory traversal vulnerability in pajax_call_dispatcher.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1790 (A regression fix in Mozilla Firefox 1.0.7 allows remote attackers to ...) BUG: 130888 BUG: 130887 BUG: 129924 CVE-2006-1791 (Directory traversal vulnerability in acc.php in QuickBlogger 1.4 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1792 (Unspecified vulnerability in the POP service in MailEnable Standard ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1793 (Directory traversal vulnerability in runCMS 1.2 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1794 (SQL injection vulnerability in Mambo 4.5.3, 4.5.3h, and possibly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1795 (Cross-site scripting (XSS) vulnerability in tablepublisher.cgi in UPDI ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1796 (Cross-site scripting (XSS) vulnerability in the paging links ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1797 (The kernel in NetBSD-current before September 28, 2005 allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1798 (SQL injection vulnerability in rateit.php in RateIt 2.2 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1799 (censtore.cgi in Censtore 7.3.002 and earlier allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1800 (Directory traversal vulnerability in posts.php in SimpleBBS 1.0.6 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1801 (Cross-site scripting (XSS) vulnerability in planetsearchplus.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1802 (Cross-site scripting (XSS) vulnerability in index.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1803 (Cross-site scripting (XSS) vulnerability in sql.php in phpMyAdmin ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1804 (SQL injection vulnerability in sql.php in phpMyAdmin 2.7.0-pl1 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1805 (SQL injection vulnerability in member.php in PowerClan 1.14 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1806 (Cross-site scripting (XSS) vulnerability in index.php in Musicbox ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1807 (Multiple SQL injection vulnerabilities in index.php in Musicbox 2.3.3 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1808 (Cross-site scripting (XSS) vulnerability in index.php in Lifetype ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1809 (index.php in Lifetype 1.0.3 allows remote attackers to obtain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1810 (Multiple cross-site scripting (XSS) vulnerabilities in FlexBB 0.5.5 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1811 (Multiple SQL injection vulnerabilities in FlexBB 0.5.5 BETA allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1812 (phpWebFTP 3.2 and earlier stores script.js under the web document root ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1813 (Directory traversal vulnerability in index.php in phpWebFTP 3.2 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1814 (NetBSD 1.6, 2.0, 2.1 and 3.0 allows local users to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1815 (Multiple cross-site scripting (XSS) vulnerabilities in register.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1816 (PHP remote file inclusion vulnerability in VBulletin 3.5.1, 3.5.2, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1817 (SQL injection vulnerability in authcheck.php in warforge.NEWS 1.0, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1818 (Multiple cross-site scripting (XSS) vulnerabilities in warforge.NEWS ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1819 (Directory traversal vulnerability in the loadConfig function in ...) BUG: 130295 CVE-2006-1820 (Cross-site scripting (XSS) vulnerability in index.php in ModX 0.9.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1821 (Directory traversal vulnerability in index.php in ModX 0.9.1 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1822 (Cross-site scripting (XSS) vulnerability in search.php in FarsiNews ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1823 (Directory traversal vulnerability in FarsiNews 2.5.3 Pro and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1824 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1825 (Cross-site scripting (XSS) vulnerability in index.php in phpLinks ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1826 (Multiple cross-site scripting (XSS) vulnerabilities in Snipe Gallery ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1827 (Integer signedness error in format_jpeg.c in Asterisk 1.2.6 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1828 (SQL injection vulnerability in php121language.php in PHP121 1.4 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1829 (EAServer Manager in Sybase EAServer 5.2 and 5.3 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1830 (Sun Java Studio Enterprise 8, when installed as root, creates certain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1831 (Direct static code injection vulnerability in sysinfo.cgi in sysinfo ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1832 (sysinfo.cgi in sysinfo 1.21 allows remote attackers to obtain the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1833 (Intel RNG Driver in NetBSD 1.6 through 3.0 may incorrectly detect the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1834 (Integer signedness error in Opera before 8.54 allows remote attackers ...) BUG: 129800 CVE-2006-1835 (Cross-site scripting (XSS) vulnerability in yearcal.php in Calendarix ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1836 (Untrusted search path vulnerability in unspecified components in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1837 (SQL injection vulnerability in archiv2.php in Fuju News 1.0 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1838 (edit_kategorie.php in Fuju News 1.0 allows remote attackers to bypass ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1839 (PHP remote file inclusion vulnerability in language.php in PHP Album ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1840 (Multiple format string vulnerabilities in Empire Server before 4.3.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1841 (Cross-site scripting (XSS) vulnerability in search.php in boastMachine ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1842 (Cross-site scripting (XSS) vulnerability in global.php in ShoutBOOK ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1843 (Cross-site scripting (XSS) vulnerability in global.php in ShoutBOOK ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1844 (The Debian installer for the (1) shadow 4.0.14 and (2) base-config ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1845 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1846 (Cross-site scripting (XSS) vulnerability in the Your_Account module in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1847 (SQL injection vulnerability in the Your_Account module in PHP-Nuke 7.8 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1848 (Multiple cross-site scripting (XSS) vulnerabilities in stats_view.php ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1849 (Multiple SQL injection vulnerabilities in members_only/index.cgi in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1850 (Multiple cross-site scripting (XSS) vulnerabilities in xFlow 5.46.11 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1851 (xFlow 5.46.11 and earlier allows remote attackers to determine the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1852 (SQL injection vulnerability in category.php in Article Publisher Pro ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1853 (Multiple SQL injection vulnerabilities in ModernBill 4.3.2 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1854 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1855 (choose_new_parent in Linux kernel before 2.6.11.12 includes certain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1856 (Certain modifications to the Linux kernel 2.6.16 and earlier do not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1857 (Buffer overflow in SCTP in Linux kernel before 2.6.16.17 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1858 (SCTP in Linux kernel before 2.6.16.17 allows remote attackers to cause ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1859 (Memory leak in __setlease in fs/locks.c in Linux kernel before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1860 (lease_init in fs/locks.c in Linux kernel before 2.6.16.16 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1861 (Multiple integer overflows in FreeType before 2.2 allow remote ...) BUG: 192712 BUG: 124828 CVE-2006-1862 (The virtual memory implementation in Linux kernel 2.6.x allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1863 (Directory traversal vulnerability in CIFS in Linux 2.6.16 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1864 (Directory traversal vulnerability in smbfs in Linux 2.6.16 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1865 (Argument injection vulnerability in Beagle before 0.2.5 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1866 (Multiple unspecified vulnerabilities in Oracle Database Server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1867 (Unspecified vulnerability in Oracle Database Server 9.2.0.6 has ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1868 (Buffer overflow in the Advanced Replication component in Oracle ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1869 (Unspecified vulnerability in Oracle Database Server 8.1.7.4 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1870 (Unspecified vulnerability in Oracle Database Server 8.1.7.4, 9.0.1.5, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1871 (SQL injection vulnerability in Oracle Database Server 9.2.0.7 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1872 (Unspecified vulnerability in Oracle Database Server 9.0.1.5 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1873 (Unspecified vulnerability in Oracle Database Server 9.2.0.7, 10.1.0.4, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1874 (Unspecified vulnerability in Oracle Database Server 8.1.7.4, 9.0.1.5, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1875 (Unspecified vulnerability in Oracle Database Server 9.0.1.5, 9.2.0.7, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1876 (Unspecified vulnerability in Oracle Database Server 9.2.0.7 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1877 (Unspecified vulnerability in Oracle Database Server 8.1.7.4, 9.0.1.5, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1878 (Cross-site scripting (XSS) vulnerability in index.php in phpFaber ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1879 (Multiple unspecified vulnerabilities in the Email Server component in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1880 (Multiple unspecified vulnerabilities in Oracle E-Business Suite and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1881 (Unspecified vulnerability in the Financials for Asia/Pacific component ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1882 (Multiple unspecified vulnerabilities in Oracle E-Business Suite and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1883 (Unspecified vulnerability in the Oracle Application Object Library ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1884 (Unspecified vulnerability in the Oracle Thesaurus Management System ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1885 (Multiple unspecified vulnerabilities in the Reporting Framework ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1886 (Unspecified vulnerability in the PeopleTools component in Oracle ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1887 (Unspecified vulnerability in Oracle JD Edwards EnterpriseOne Security ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1888 (phpGraphy 0.9.11 and earlier allows remote attackers to bypass ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1889 (Cross-site scripting (XSS) vulnerability in the search action handler ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1890 (Multiple PHP remote file inclusion vulnerabilities in myWebland ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1891 (Cross-site scripting (XSS) vulnerability in Martin Scheffler betaboard ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1892 (avast! 4 Linux Home Edition 1.0.5 allows local users to modify ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1893 (Cross-site scripting (XSS) vulnerability in print.php in ar-blog 5.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1894 (Cross-site scripting (XSS) vulnerability in RevoBoard 1.8, as derived ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1895 (Direct static code injection vulnerability in includes/template.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1896 (Unspecified vulnerability in phpBB allows remote authenticated users ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1897 (Webplus (aka talentsoft) Web+Shop 5.3.6, when Redirect URL for "Script ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1898 (Multiple cross-site scripting (XSS) vulnerabilities in Ralph Capper ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1899 (Multiple cross-site scripting (XSS) vulnerabilities in dev Neuron Blog ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1900 (Multiple buffer overflows in World Wide Web Consortium (W3C) Amaya ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1901 (Mozilla Camino 1.0 and earlier allow remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1902 (fold_binary in fold-const.c in GNU Compiler Collection (gcc) 4.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1903 (Multiple cross-site scripting (XSS) vulnerabilities in UserLand Manila ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1904 (Cross-site scripting (XSS) vulnerability in index.php in AnimeGenesis ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1905 (Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine ...) BUG: 130801 CVE-2006-1906 (Cross-site scripting (XSS) vulnerability in index.php in jjgan852 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1907 (Multiple SQL injection vulnerabilities in myEvent 1.x allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1908 (Cross-site scripting vulnerability in addevent.php in myEvent 1.x ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1909 (Directory traversal vulnerability in index.php in Coppermine 1.4.4 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1910 (config.php in S9Y Serendipity 1.0 beta 2 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1911 (Cross-site scripting (XSS) vulnerability in MyBB (MyBulletinBoard) 1.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1912 (MyBB (MyBulletinBoard) 1.1.0 does not set the constant KILL_GLOBAL ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1913 (Cross-site scripting (XSS) vulnerability in jax_guestbook.php in Jax ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1914 (DbbS 2.0-alpha and earlier allows remote attackers to obtain sensitive ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1915 (SQL injection vulnerability in topics.php in DbbS 2.0-alpha and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1916 (Multiple cross-site scripting (XSS) vulnerabilities in profile.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1917 (SQL injection vulnerability in member.php in Blackorpheus ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1918 (Multiple cross-site scripting (XSS) vulnerabilities in Papoo 2.1.5 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1919 (PHP remote file inclusion vulnerability in index.php in Internet ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1920 (SQL injection vulnerability in index.php in PMTool 1.2.2 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1921 (nettools.php in PHP Net Tools 2.7.1 allows remote attackers to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1922 (PHP remote file inclusion vulnerability in (1) about.php or (2) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1923 (Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1924 (SQL injection vulnerability in functions/db_api.php in LinPHA 1.1.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1925 (Directory traversal vulnerability in the editnews module ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1926 (SQL injection vulnerability in showtopic.php in ThWboard 2.84 beta 3 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1927 (Cisco IOS XR, when configured for Multi Protocol Label Switching ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1928 (Cisco IOS XR, when configured for Multi Protocol Label Switching ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1929 (PHP remote file inclusion vulnerability in include/common.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1930 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1931 (The HTTP/XMLRPC server in Ruby before 1.8.2 uses blocking sockets, ...) BUG: 130657 CVE-2006-1932 (Off-by-one error in the OID printing routine in Ethereal 0.10.x up to ...) BUG: 130505 CVE-2006-1933 (Multiple unspecified vulnerabilities in Ethereal 0.10.x up to 0.10.14 ...) BUG: 130505 CVE-2006-1934 (Multiple buffer overflows in Ethereal 0.10.x up to 0.10.14 allow ...) BUG: 130505 CVE-2006-1935 (Buffer overflow in Ethereal 0.9.15 up to 0.10.14 allows remote ...) BUG: 130505 CVE-2006-1936 (Buffer overflow in Ethereal 0.8.5 up to 0.10.14 allows remote ...) BUG: 130505 CVE-2006-1937 (Multiple unspecified vulnerabilities in Ethereal 0.10.x up to 0.10.14 ...) BUG: 130505 CVE-2006-1938 (Multiple unspecified vulnerabilities in Ethereal 0.8.x up to 0.10.14 ...) BUG: 130505 CVE-2006-1939 (Multiple unspecified vulnerabilities in Ethereal 0.9.x up to 0.10.14 ...) BUG: 130505 CVE-2006-1940 (Unspecified vulnerability in Ethereal 0.10.4 up to 0.10.14 allows ...) BUG: 130505 CVE-2006-1941 (Neon Responder 5.4 for LANsurveyor allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1942 (Mozilla Firefox 1.5.0.2 and possibly other versions before 1.5.0.4, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1943 (Multiple cross-site scripting (XSS) vulnerabilities in Smarter Scripts ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1944 (Multiple cross-site scripting (XSS) vulnerabilities in SibSoft ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1945 (Cross-site scripting (XSS) vulnerability in awstats.pl in AWStats 6.5 ...) BUG: 130487 CVE-2006-1946 (Multiple cross-site scripting (XSS) vulnerabilities in Visale 1.0 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1947 (Multiple SQL injection vulnerabilities in plexum.php in NicPlex Plexum ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1948 (The "Add Sender to Address Book" operation ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1949 (SQL injection vulnerability in plexcart.pl in NicPlex PlexCart X3 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1950 (Multiple cross-site scripting (XSS) vulnerabilities in banners.cgi in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1951 (Directory traversal vulnerability in SolarWinds TFTP Server 8.1 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1952 (Directory traversal vulnerability in WinAgents TFTP Server for Windows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1953 (Directory traversal vulnerability in Caucho Resin 3.0.17 and 3.0.18 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1954 (SQL injection vulnerability in authent.php4 in Nicolas Fischer (aka ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1955 (PHP remote file inclusion vulnerability in authent.php4 in Nicolas ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1956 (The com_rss option (rss.php) in (1) Mambo and (2) Joomla! allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1957 (The com_rss option (rss.php) in (1) Mambo and (2) Joomla! allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1958 (Multiple SQL injection vulnerabilities in WWWThreads RC 3 allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1959 (PHP remote file inclusion vulnerability in direct.php in ActualScripts ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1960 (Cross-site scripting (XSS) vulnerability in the appliance web user ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1961 (Cisco CiscoWorks Wireless LAN Solution Engine (WLSE) and WLSE Express ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1962 (SQL injection vulnerability in PCPIN Chat 5.0.4 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1963 (Directory traversal vulnerability in main.php in PCPIN Chat 5.0.4 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1964 (SQL injection vulnerability in Haberler.asp in ASPSitem 1.83 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1965 (Multiple cross-site scripting (XSS) vulnerabilities in aasi media Net ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1966 (An unspecified Fortinet product, possibly Fortinet28, allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1967 (Cross-site scripting (XSS) vulnerability in calendar/Visitor.cgi in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1968 (Cross-site scripting (XSS) vulnerability in news/NsVisitor.cgi in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1969 (Cross-site scripting (XSS) vulnerability in search/search.cgi in an ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1970 (Cross-site scripting (XSS) vulnerability in classifieds/viewcat.cgi in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1971 (Cross-site scripting (XSS) vulnerability in login.php in KRANKIKOM ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1972 (Cross-site scripting (XSS) vulnerability in EasyGallery.php in Wingnut ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1973 (Multiple unspecified vulnerabilities in Linksys RT31P2 VoIP router ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1974 (SQL injection vulnerability in index.php in MyBB (MyBulletinBoard) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1975 (Cross-site scripting (XSS) vulnerability in guestbook_newentry.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1976 (Cross-site scripting (XSS) vulnerability in addRequest.php in Prayer ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1977 (Cross-site scripting (XSS) vulnerability in FlexBB 0.5.7 BETA and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1978 (SQL injection vulnerability in inc/start.php in FlexBB 0.5.5 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1979 (Cross-site scripting (XSS) vulnerability in mwguest.php in Manic Web ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1980 (Cross-site scripting (XSS) vulnerability in W2B Online Banking allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1981 (Unspecified vulnerability in Java InputMethods on Mac OS X 10.4.5 may ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1982 (Heap-based buffer overflow in the LZWDecodeVector function in Mac OS X ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1983 (Multiple heap-based buffer overflows in Mac OS X 10.4.6 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1984 (Unspecified vulnerability in the _cg_TIFFSetField function in Mac OS X ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1985 (Heap-based buffer overflow in BOM BOMArchiveHelper 10.4 (6.3) Build ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1986 (Apple Safari 2.0.3 allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1987 (Apple Safari 2.0.3 allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1988 (The WebTextRenderer(WebInternal) _CG_drawRun:style:geometry: function ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1989 (Buffer overflow in the get_database function in the HTTP client in ...) BUG: 131791 CVE-2006-1990 (Integer overflow in the wordwrap function in string.c in PHP 4.4.2 and ...) BUG: 133524 BUG: 131135 BUG: 128883 BUG: 127939 CVE-2006-1991 (The substr_compare function in string.c in PHP 5.1.2 allows ...) BUG: 133524 BUG: 131135 BUG: 128883 BUG: 127939 CVE-2006-1992 (mshtml.dll 6.00.2900.2873, as used in Microsoft Internet Explorer, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1993 (Mozilla Firefox 1.5.0.2, when designMode is enabled, allows remote ...) BUG: 131138 CVE-2006-1994 (PHP remote file inclusion vulnerability in dForum 1.5 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1995 (Directory traversal vulnerability in index.php in Scry Gallery 1.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1996 (Scry Gallery 1.1 allows remote attackers to obtain sensitive ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1997 (Unspecified vulnerability in Sybase Pylon Anywhere groupware ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-1998 (OpenTTD 0.4.7 and earlier allows local users to cause a denial of ...) BUG: 131010 CVE-2006-1999 (The multiplayer menu in OpenTTD 0.4.7 allows remote attackers to cause ...) BUG: 131010 CVE-2006-2000 (Cross-site scripting (XSS) vulnerability in /lms/a2z.jsp in logMethods ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2001 (Cross-site scripting (XSS) vulnerability in index.php in Scry Gallery ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2002 (PHP remote file inclusion vulnerability in stats.php in MyGamingLadder ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2003 (Cross-site scripting (XSS) vulnerability in cgi-bin/guest in Community ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2004 (Multiple SQL injection vulnerabilities in RI Blog 1.1 allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2005 (Eval injection vulnerability in index.php in ClanSys 1.1 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2006 (Multiple directory traversal vulnerabilities in IZArc Archiver 3.5 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2007 (Heap-based buffer overflow in Winny 2.0 b7.1 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2008 (PHP remote file inclusion vulnerability in movie_cls.php in Built2Go ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2009 (PHP remote file inclusion vulnerability in agenda.php3 in phpMyAgenda ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2010 (Multiple SQL injection vulnerabilities in check_login.asp in Bloggage ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2011 (Cross-site scripting (XSS) vulnerability in member.php in 4images 1.7 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2012 (Format string vulnerability in Skulltag 0.96f and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2013 (SQL injection vulnerability in page.php in SL_site 1.0 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2014 (Directory traversal vulnerability in gallerie.php in SL_site 1.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2015 (Cross-site scripting (XSS) vulnerability in SL_site 1.0 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2016 (Multiple cross-site scripting (XSS) vulnerabilities in phpLDAPadmin ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2017 (Dnsmasq 2.29 allows remote attackers to cause a denial of service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2018 (SQL injection vulnerability in calendar.php in vBulletin 3.0.x allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2019 (Apple Mac OS X Safari 2.0.3, 1.3.1, and possibly other versions allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2020 (Asterisk Recording Interface (ARI) in Asterisk@Home before 2.8 stores ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2021 (Absolute path traversal vulnerability in recordings/misc/audio.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2022 (Buffer overflow in the parse_url function in the RTSP module ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2023 (Integer overflow in the RTSP_msg_len function in rtsp/RTSP_msg_len.c ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2024 (Multiple vulnerabilities in libtiff before 3.8.1 allow ...) BUG: 129675 CVE-2006-2025 (Integer overflow in the TIFFFetchData function in tif_dirread.c for ...) BUG: 129675 CVE-2006-2026 (Double free vulnerability in tif_jpeg.c in libtiff before 3.8.1 allows ...) BUG: 129675 CVE-2006-2027 (Buffer overflow in Unicode processing in the logging functionality in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2028 (Cross-site scripting (XSS) vulnerability in imagelist.php in Jeremy ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2029 (Multiple SQL injection vulnerabilities in Jeremy Ashcraft Simplog ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2030 (The Allied Telesyn AT-9724TS switch allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2031 (Cross-site scripting (XSS) vulnerability in index.php in phpMyAdmin ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2032 (Multiple SQL injection vulnerabilities in Core CoreNews 2.0.1 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2033 (PHP remote file inclusion vulnerability in Core CoreNews 2.0.1 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2034 (SQL injection vulnerability in function/showprofile.php in FlexBB ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2035 (Websense, when configured to permit access to the dynamic content ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2036 (iOpus Secure Email Attachments (SEA), probably 1.0, does not properly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2037 (Cross-site scripting (XSS) vulnerability in index.php in Thwboard 3.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2038 (Multiple SQL injection vulnerabilities in ampleShop 2.1 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2039 (Multiple SQL injection vulnerabilities in the osTicket module in Help ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2040 (Multiple SQL injection vulnerabilities in photokorn 1.53 and 1.542 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2041 (PhpWebGallery before 1.6.0RC1 allows remote attackers to obtain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2042 (Adobe Dreamweaver 8 before 8.0.2 and MX 2004 can generate code that ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2043 (na-img-4.0.34.bin for the IP3 Networks NetAccess NA75 allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2044 (na-img-4.0.34.bin for the IP3 Networks NetAccess NA75 has a default ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2045 (The (1) shadow password file in na-img-4.0.34.bin for the IP3 Networks ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2046 (Multiple SQL injection vulnerabilities in Application Dynamics ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2047 (Application Dynamics Cartweaver ColdFusion 2.16.11 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2048 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2049 (Cross-site scripting (XSS) vulnerability in dcboard.cgi in DCScripts ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2050 (SQL injection vulnerability in dcboard.cgi in DCScripts DCForumLite ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2051 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2052 (Cross-site scripting (XSS) vulnerability in Verosky Media Instant ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2053 (Multiple SQL injection vulnerabilities in QuickEStore 7.9 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2054 (3Com Baseline Switch 2848-SFP Plus Model #3C16486 with firmware before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2055 (Argument injection vulnerability in Microsoft Outlook 2003 SP1 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2056 (Argument injection vulnerability in Internet Explorer 6 for Windows XP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2057 (Argument injection vulnerability in Mozilla Firefox 1.0.6 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2058 (Argument injection vulnerability in Avant Browser 10.1 Build 17 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2059 (action_public/search.php in Invision Power Board (IPB) 2.1.x and 2.0.x ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2060 (Directory traversal vulnerability in action_admin/paysubscriptions.php ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2061 (SQL injection vulnerability in lib/func_taskmanager.php in Invision ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2062 (Multiple SQL injection vulnerabilities in Leadhound Full and LITE 2.1, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2063 (Multiple cross-site scripting (XSS) vulnerabilities in Leadhound Full ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2064 (Unspecified vulnerability in the libpkcs11 library in Sun Solaris 10 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2065 (SQL injection vulnerability in save.php in PHPSurveyor 0.995 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2066 (Multiple cross-site scripting (XSS) vulnerabilities pm_popup.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2067 (SQL injection vulnerability in vb_board_functions.php in MKPortal 1.1, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2068 (Unspecified vulnerability in Hitachi JP1 products allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2069 (The recursor in PowerDNS before 3.0.1 allows remote attackers to cause ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2070 (Cross-site scripting (XSS) vulnerability in member.php in DevBB 1.0.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2071 (Linux kernel 2.4.x and 2.6.x up to 2.6.16 allows local users to bypass ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2072 (Multiple unspecified vulnerabilities in DeleGate 9.x before 9.0.6 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2073 (Unspecified vulnerability in ISC BIND allows remote attackers to cause ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2074 (Unspecified vulnerability in Juniper Networks JUNOSe E-series routers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2075 (Unspecified vulnerability in MyDNS 1.1.0 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2076 (Memory leak in Paul Rombouts pdnsd before 1.2.4 allows remote ...) BUG: 131341 CVE-2006-2077 (Buffer overflow in Paul Rombouts pdnsd before 1.2.4 has unknown impact ...) BUG: 131341 CVE-2006-2078 (Multiple unspecified vulnerabilities in multiple FITELnet products, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2079 (Cross-site scripting (XSS) vulnerability in portfolio.php in Verosky ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2080 (SQL injection vulnerability in portfolio_photo_popup.php in Verosky ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2081 (Oracle Database Server 10g Release 2 allows local users to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2082 (Directory traversal vulnerability in Quake 3 engine, as used in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2083 (Integer overflow in the receive_xattr function in the extended ...) BUG: 131631 CVE-2006-2084 (Multiple cross-site scripting (XSS) vulnerabilities in FarsiNews 2.5.3 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2085 (Multiple buffer overflows in (1) CxAce60.dll and (2) CxAce60u.dll in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2086 (Buffer overflow in JuniperSetupDLL.dll, loaded from JuniperSetup.ocx ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2087 (The Gmax Mail client in Hitachi Groupmax before 20060426 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2088 (Multiple cross-site scripting (XSS) vulnerabilities in Devsyn Open ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2089 (Multiple cross-site scripting (XSS) vulnerabilities in misc.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2090 (Multiple SQL injection vulnerabilities in misc.php in MySmartBB 1.1.x ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2091 (admin.php in Virtual War (VWar) 1.5 and versions before 1.2 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2092 (Unspecified vulnerability in HP StorageWorks Secure Path for Windows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2093 (Nessus before 2.2.8, and 3.x before 3.0.3, allows user-assisted ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2094 (Microsoft Internet Explorer before Windows XP Service Pack 2 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2095 (Phex before 2.8.6 allows remote attackers to cause a denial of service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2096 (plug.php in Land Down Under (LDU) 802 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2097 (SQL injection vulnerability in func_msg.php in Invision Power Board ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2098 (PHP remote file inclusion vulnerability in Thumbnail AutoIndex before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2099 (Directory traversal vulnerability in UltraISO 8.0.0.1392 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2100 (Directory traversal vulnerability in Magic ISO 5.0 Build 0166 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2101 (Directory traversal vulnerability in WinISO 5.3 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2102 (Directory traversal vulnerability in PowerISO 2.9 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2103 (SQL injection vulnerability in MyBB (MyBulletinBoard) 1.1.1 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2104 (Multiple cross-site scripting (XSS) vulnerabilities in Kamgaing Email ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2105 (Directory traversal vulnerability in index.php in Jupiter CMS 1.1.4 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2106 (Cross-site scripting (XSS) vulnerability in Edgewall Software Trac ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2107 (Buffer overflow in BL4 SMTP Server 0.1.4 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2108 (parser.exe in Océ (OCE) 3121/3122 Printer allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2109 (Cross-site scripting (XSS) vulnerability in the parse_query_str ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2110 (Virtual Private Server (Vserver) 2.0.x before 2.0.2-rc18 and 2.1.x ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2111 (A component in Microsoft Outlook Express 6 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2112 (Fuji Xerox Printing Systems (FXPS) print engine, as used in products ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2113 (The embedded HTTP server in Fuji Xerox Printing Systems (FXPS) print ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2114 (Buffer overflow in SWS web Server 0.1.7 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2115 (Format string vulnerability in SWS web Server 0.1.7 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2116 (planetGallery allows remote attackers to gain administrator privileges ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2117 (Cross-site scripting (XSS) vulnerability in Thyme 1.3 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2118 (JMK's Picture Gallery allows remote attackers to bypass authentication ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2119 (PHP remote file inclusion vulnerability in event/index.php in Artmedic ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2120 (The TIFFToRGB function in libtiff before 3.8.1 allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2121 (PHP remote file include vulnerability in admin/config_settings.tpl.php ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2122 (PHP remote file inclusion vulnerability in index.php in CoolMenus allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2123 (Multiple SQL injection vulnerabilities in the report interface in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2124 (Multiple cross-site scripting (XSS) vulnerabilities in SunShop 3.5 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2125 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2126 (SQL injection vulnerability in pocategories.php in MaxTrade 1.0.1 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2127 (SQL injection vulnerability in weblog_posting.php in Blog Mod 0.2.x ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2128 (Multiple SQL injection vulnerabilities in Pro Publish 2.0 allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2129 (Direct static code injection vulnerability in Pro Publish 2.0 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2130 (SQL injection vulnerability in include/class_poll.php in Advanced Poll ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2131 (include/class_poll.php in Advanced Poll 2.0.4 uses the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2132 (SQL injection vulnerability in detail.asp in DUclassified allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2133 (SQL injection vulnerability in index.php in BoonEx Barracuda 1.1 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2134 (PHP remote file inclusion vulnerability in /includes/kb_constants.php ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2135 (SQL injection vulnerability in login.php in Ruperts News allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2136 (SQL injection vulnerability in news.php in AZNEWS allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2137 (PHP remote file inclusion vulnerability in master.php in OpenPHPNuke ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2138 (Cross-site scripting (XSS) vulnerability in neomail.pl in NeoMail 1.29 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2139 (Multiple SQL injection vulnerabilities in PHP Newsfeed 20040723 allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2140 (Multiple cross-site scripting (XSS) vulnerabilities in OrbitHYIP 2.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2141 (Cross-site scripting (XSS) vulnerability in popup_image in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2142 (PHP remote file inclusion vulnerability in classes/adodbt/sql.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2143 (Multiple cross-site scripting (XSS) vulnerabilities in TextFileBB ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2144 (PHP remote file inclusion vulnerability in kopf.php in DMCounter ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2145 (Multiple SQL injection vulnerabilities in index.php in HB-NS 1.1.6 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2146 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2147 (resmgrd in resmgr for SUSE Linux and other distributions does not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2148 (Multiple buffer overflows in client.c in CGI:IRC (CGIIRC) before 0.5.8 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2149 (PHP remote file inclusion vulnerability in sources/lostpw.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2150 (PHP remote file inclusion vulnerability in top/list.php in phpBB ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2151 (PHP remote file inclusion vulnerability in toplist.php in phpBB ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2152 (PHP remote file inclusion vulnerability in admin/addentry.php in phpBB ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2153 (Cross-site scripting (XSS) vulnerability in HTM_PASSWD in DirectAdmin ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2154 (EMC Retrospect for Windows 6.5 before 6.5.382, 7.0 before 7.0.344, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2155 (EMC Retrospect for Windows 6.5 before 6.5.382, 7.0 before 7.0.344, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2156 (Directory traversal vulnerability in help/index.php in X7 Chat 2.0 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2157 (SQL injection vulnerability in gallery.php in Plogger Beta 2.1 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2158 (Dynamic variable evaluation vulnerability in index.php in Stadtaus ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2159 (CRLF injection vulnerability in help.php in Russcom Network Loginphp ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2160 (Cross-site scripting (XSS) vulnerability in Russcom Network Loginphp ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2161 (Buffer overflow in (1) TZipBuilder 1.79.03.01, (2) Abakt 0.9.2 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2162 (Buffer overflow in CGI scripts in Nagios 1.x before 1.4 and 2.x before ...) BUG: 133487 BUG: 132159 CVE-2006-2163 (Cross-site scripting (XSS) vulnerability in index.php in Pinnacle Cart ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2164 (Multiple SQL injection vulnerabilities in Avactis Shopping Cart 0.1.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2165 (Multiple cross-site scripting (XSS) vulnerabilities in Avactis ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2166 (Unspecified vulnerability in the HTTP management interface in Cisco ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2167 (Cross-site scripting (XSS) vulnerability in SloughFlash SF-Users 1.0, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2168 (FileProtection Express 1.0.1 and earlier allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2169 (RT: Request Tracker 3.5.HEAD allows remote attackers to obtain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2170 (Buffer overflow in ArgoSoft FTP Server 1.4.3.6 allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2171 (Buffer overflow in WDM.exe in WarFTPD allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2172 (Buffer overflow in Gene6 FTP Server 3.1.0 allows remote authenticated ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2173 (Buffer overflow in FileZilla FTP Server 2.2.22 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2174 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2175 (PHP remote file inclusion vulnerability in FtrainSoft Fast Click 2.3.8 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2176 (Multiple cross-site scripting (XSS) vulnerabilities in links.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2177 (Cross-site scripting (XSS) vulnerability in viewcat.php in geoBlog 1.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2178 (Multiple cross-site scripting (XSS) vulnerabilities in CyberBuild ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2179 (Multiple SQL injection vulnerabilities in CyberBuild allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2180 (Buffer overflow in Golden FTP Server Pro 2.70 allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2181 (Multiple cross-site scripting (XSS) vulnerabilities in Albinator 2.0.8 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2182 (Multiple PHP remote file inclusion vulnerabilities in (1) eday.php, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2183 (Untrusted search path vulnerability in Truecrypt 4.1, when running ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2184 (Cross-site scripting (XSS) vulnerability in search.php in PHPKB ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2185 (PORTAL.NLM in Novell Netware 6.5 SP5 writes the username and password ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2186 (zenphoto 1.0.1 beta and earlier allow remote attackers to obtain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2187 (Multiple cross-site scripting (XSS) vulnerabilities in zenphoto 1.0.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2188 (Multiple cross-site scripting (XSS) vulnerabilities in CMScout 1.10 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2189 (SQL injection vulnerability in search.php in Servous sBLOG 0.7.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2190 (Cross-site scripting (XSS) vulnerability in ow-shared.pl in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2191 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2192 RESERVED CVE-2006-2193 (Buffer overflow in the t2p_write_pdf_string function in tiff2pdf in libtiff ...) BUG: 135881 CVE-2006-2194 (The winbind plugin in pppd for ppp 2.4.4 and earlier does not check ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2195 (Cross-site scripting (XSS) vulnerability in horde 3 (horde3) before ...) BUG: 136830 CVE-2006-2196 (Unspecified vulnerability in pinball 0.3.1 allows local users to gain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2197 (Integer overflow in wv2 before 0.2.3 might allow context-dependent ...) BUG: 136759 CVE-2006-2198 (OpenOffice.org (aka StarOffice) 1.1.x up to 1.1.5 and 2.0.x before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2199 (Unspecified vulnerability in Java Applets in OpenOffice.org 1.1.x (aka ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2200 (Stack-based buffer overflow in libmms, as used by (a) MiMMS 0.0.9 and ...) BUG: 139319 CVE-2006-2201 (Unspecified vulnerability in CA Resource Initialization Manager ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2202 (SQL injection vulnerability in post.php in Invision Gallery 2.0.6 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2203 (Unspecified vulnerability in Kerio MailServer before 6.1.4 has unknown ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2204 (SQL injection vulnerability in the topic deletion functionality ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2205 (The audio_write function in NetBSD 3.0 allows local users to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2206 (The MS-Logon authentication scheme in UltraVNC (aka Ultr@VNC) 1.0.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2207 RESERVED CVE-2006-2208 (Multiple cross-site scripting (XSS) vulnerabilities in mynews.inc.php ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2209 (Multiple SQL injection vulnerabilities in index.php in PHP Arena ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2210 (Cross-site scripting (XSS) vulnerability in index.php in 321soft ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2211 (Absolute path traversal vulnerability in index.php in 321soft ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2212 (Buffer overflow in KarjaSoft Sami FTP Server 2.0.2 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2213 (Hostapd 0.3.7-2 allows remote attackers to cause a denial of service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2214 (Multiple SQL injection vulnerabilities in 4images 1.7.1 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2215 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2216 (Open Bulletin Board (OpenBB) 1.0.8 allows remote attackers to obtain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2217 (SQL injection vulnerability in index.php in Invision Power Board ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2218 (Unspecified vulnerability in Internet Explorer 6.0 on Microsoft ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2219 (phpBB 2.0.20 does not verify user-specified input variable types ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2220 (phpBB 2.0.20 does not properly verify user-specified input variables ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2221 (A third-party installer generation tool, possibly BitRock ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2222 (Buffer overflow in zawhttpd 0.8.23, and possibly previous versions, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2223 (RIPd in Quagga 0.98 and 0.99 before 20060503 does not properly ...) BUG: 132353 CVE-2006-2224 (RIPd in Quagga 0.98 and 0.99 before 20060503 does not properly enforce ...) BUG: 132353 CVE-2006-2225 (Buffer overflow in XM Easy Personal FTP Server 4.3 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2226 (Buffer overflow in XM Easy Personal FTP Server 4.2 and 5.0.1 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2227 (Cross-site scripting (XSS) vulnerability in misc.php in PunBB 1.2.11 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2228 (Cross-site scripting (XSS) vulnerability in w-Agora (aka Web-Agora) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2229 (OpenVPN 2.0.7 and earlier, when configured to use the --management ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2230 (Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2231 (Multiple cross-site scripting (XSS) vulnerabilities in addguest.cgi in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2232 (Cross-site scripting (XSS) vulnerability in Scriptsez Cute Guestbook ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2233 (Buffer overflow in BankTown Client Control (aka BtCxCtl20Com) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2234 (Multiple cross-site scripting (XSS) vulnerabilities in TyroCMS beta ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2235 (CodeMunkyX (aka free-php.net) Simple Poll 1.0, when authentication is ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2236 (Buffer overflow in the Quake 3 Engine, as used by (1) ET 2.60, (2) ...) BUG: 132377 CVE-2006-2237 (The web interface for AWStats 6.4 and 6.5, when statistics updates are ...) BUG: 130487 CVE-2006-2238 (Heap-based buffer overflow in Apple QuickTime before 7.1 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2239 (SQL injection vulnerability in readarticle.php in Newsadmin 1.1 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2240 (Unspecified vulnerability in the (1) web cache or (2) web proxy in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2241 (PHP remote file inclusion vulnerability in show.php in Fast Click SQL ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2242 (acFTP 1.4 allows remote attackers to cause a denial of service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2243 (Multiple cross-site scripting (XSS) vulnerabilities in Web4Future News ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2244 (Multiple SQL injection vulnerabilities in Web4Future News Portal allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2245 (PHP remote file inclusion vulnerability in auction\auction_common.php ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2246 (Cross-site scripting (XSS) vulnerability in UBlog 1.6 Access Edition ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2247 (WebCalendar 1.0.1 to 1.0.3 generates different error messages ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2248 (Xeneo Web Server 2.2.22.0 allows remote attackers to obtain the source ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2249 (Multiple cross-site scripting (XSS) vulnerabilities in search.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2250 (CuteNews 1.4.1 allows remote attackers to obtain sensitive information ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2251 (SQL injection vulnerability in the do_mmod function in mod.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2252 (Cross-site scripting vulnerability in submit.php in OpenFAQ 0.4.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2253 (PHP remote file inclusion vulnerability in visible_count_inc.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2254 (Buffer overflow in filecpnt.exe in FileCOPA 1.01 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2255 (Multiple SQL injection vulnerabilities in Creative Community Portal ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2256 (PHP remote file inclusion vulnerability in includes/dbal.php in EQdkp ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2257 (Cross-site scripting (XSS) vulnerability in index.php in easyEvent 1.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2258 (Cross-site scripting (XSS) vulnerability in Logon.asp in MaxxSchedule ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2259 (SQL injection vulnerability in Logon.asp in MaxxSchedule 1.0 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2260 (Cross-site scripting (XSS) vulnerability in the project module ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2261 (PHP remote file inclusion vulnerability in day.php in ACal 2.2.6 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2262 (Cross-site scripting (XSS) vulnerability in index.php in singapore ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2263 (SQL injection vulnerability in shopcurrency.asp in VP-ASP 6.00 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2264 (Multiple SQL injection vulnerabilities in Ocean12 Calendar Manager Pro ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2265 (Cross-site scripting vulnerability in admin/main.asp in Ocean12 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2266 (SQL injection vulnerability in Chirpy! 0.1 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2267 (Kerio WinRoute Firewall before 6.2.1 allows remote attackers to cause ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2268 (SQL injection vulnerability in FlexCustomer 0.0.4 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2269 (Cross-site scripting (XSS) vulnerability in myWebland MyBloggie 2.1.3 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2270 (PHP remote file inclusion vulnerability in includes/config.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2271 (The ECNE chunk handling in Linux SCTP (lksctp) before 2.6.17 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2272 (Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2273 (The InstallProduct routine in the Verisign VUpdater.Install (aka ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2274 (Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2275 (Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2276 (bgpd in Quagga 0.98 and 0.99 before 20060504 allows local users to ...) BUG: 132353 CVE-2006-2277 (Multiple Apple Mac OS X 10.4 applications might allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2278 (SaphpLesson 3.0 does not initialize array variables, which allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2279 (Multiple SQL injection vulnerabilities in SaphpLesson 3.0 allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2280 (Directory traversal vulnerability in website.php in openEngine 1.8 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2281 (X-Scripts X-Poll (xpoll) 2.30 allows remote attackers to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2282 (Cross-site scripting (XSS) vulnerability in X7 Chat 2.0.2 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2283 (Multiple PHP remote file inclusion vulnerabilities in SpiffyJr phpRaid ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2284 (Multiple PHP remote file inclusion vulnerabilities in Claroline 1.7.5 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2285 (PHP remote file inclusion vulnerability in authldap.php in Dokeos ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2286 (Multiple PHP remote file inclusion vulnerabilities in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2287 (Multiple cross-site scripting (XSS) vulnerabilities in Vision Source ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2288 (Avahi before 0.6.10 allows local users to cause a denial of service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2289 (Buffer overflow in avahi-core in Avahi before 0.6.10 allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2290 (Multiple cross-site scripting (XSS) vulnerabilities in kommentar.php ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2291 (Cross-site scripting (XSS) vulnerability in calendar_new.asp in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2292 (Multiple SQL injection vulnerabilities in IA-Calendar allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2293 (SQL injection vulnerability in all_calendars.asp in MultiCalendars 3.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2294 (Cross-site scripting (XSS) vulnerability in Dynamic Galerie 1.0 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2295 (Directory traversal vulnerability in Dynamic Galerie 1.0 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2296 (SQL injection vulnerability in search_result.asp in EDirectoryPro 2.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2297 (Heap-based buffer overflow in Microsoft Infotech Storage System ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2298 (The Internet Key Exchange version 1 (IKEv1) implementation in the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2299 RESERVED CVE-2006-2300 (Multiple SQL injection vulnerabilities in EImagePro allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2301 (SQL injection vulnerability in admin_default.asp in OzzyWork Galeri ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2302 (SQL injection vulnerability in admin_default.asp in DUGallery 2.x ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2303 (Cross-Application Scripting (XAS) vulnerability in ICQ Client 5.04 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2304 (Multiple integer overflows in the DPRPC library (DPRPCW32.DLL) in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2305 (Multiple cross-site scripting (XSS) vulnerabilities in Jadu CMS allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2306 (Cross-site scripting (XSS) vulnerability in moreinfo.asp in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2307 (Cross-site scripting (XSS) vulnerability in Website Baker CMS before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2308 (Directory traversal vulnerability in the IMAP service in EServ/3 3.25 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2309 (The HTTP service in EServ/3 3.25 allows remote attackers to obtain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2310 (BlueDragon Server and Server JX 6.2.1.286 for Windows allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2311 (Cross-site scripting (XSS) vulnerability in BlueDragon Server and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2312 (Argument injection vulnerability in the URI handler in Skype 2.0.*.104 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2313 (PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before ...) BUG: 134168 CVE-2006-2314 (PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before ...) BUG: 134168 CVE-2006-2315 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2316 (S24EvMon.exe in the Intel PROset/Wireless software, possibly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2317 (Unspecified vulnerability in Ideal Science Ideal BB 1.5.4a and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2318 (Incomplete blacklist vulnerability in Ideal Science Ideal BB 1.5.4a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2319 (Ideal Science Ideal BB 1.5.4a and earlier does not properly check file ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2320 (Multiple SQL injection vulnerabilities in Ideal Science Ideal BB ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2321 (Multiple cross-site scripting (XSS) vulnerabilities in Ideal Science ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2322 (The transparent proxy feature of the Cisco Application Velocity System ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2323 (Multiple PHP remote file inclusion vulnerabilities in SmartISoft ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2324 (180solutions Zango downloads "required Adware components" without ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2325 (Cross-site scripting (XSS) vulnerability in index.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2326 (Directory traversal vulnerability in index.php in OnlyScript.info ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2327 (Multiple integer overflows in the DPRPC library (DPRPCNLM.NLM) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2328 (SQL injection vulnerability in lib/adodb/server.php in AngelineCMS ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2329 (AngelineCMS 0.6.5 and earlier allow remote attackers to obtain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2330 (PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2331 (Multiple directory traversal vulnerabilities in PHP-Fusion 6.00.306 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2332 (Mozilla Firefox 1.5.0.3 allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2333 (Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2334 (The RtlDosPathNameToNtPathName_U API function in NTDLL.DLL in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2335 (Jelsoft vBulletin accepts uploads of Cascading Style Sheets (CSS) and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2336 (SQL injection vulnerability in showthread.php in MyBB (aka ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2337 (Directory traversal vulnerability in webcm in the D-Link DSL-G604T ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2338 (PlaNet Concept plaNetStat 20050127 allows remote attackers to gain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2339 (SQL injection vulnerability in index.php in evoTopsites 2.x and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2340 (Cross-site scripting (XSS) vulnerability in PassMasterFlex and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2341 (The HTTP proxy in Symantec Gateway Security 5000 Series 2.0.1 and 3.0, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2342 (IBM WebSphere Application Server 6.0.2 before FixPack 3 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2343 (Cross-site scripting (XSS) vulnerability in Search.do in ManageEngine ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2344 (SQL injection vulnerability in inc/elementz.php in AliPAGER 1.5, with ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2345 (Cross-site scripting (XSS) vulnerability in inc/elementz.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2346 (vpopmail 5.4.14 and 5.4.15, with cleartext passwords enabled, allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2347 (E-Business Designer (eBD) 3.1.4 and earlier allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2348 (Cross-site scripting (XSS) vulnerability in form_grupo.html in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2349 (E-Business Designer (eBD) 3.1.4 and earlier allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2350 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2351 (Multiple cross-site scripting (XSS) vulnerabilities in IPswitch ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2352 (Multiple cross-site scripting (XSS) vulnerabilities in IPswitch ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2353 (NmConsole/DeviceSelection.asp in Ipswitch WhatsUp Professional 2006 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2354 (NmConsole/Login.asp in Ipswitch WhatsUp Professional 2006 and Ipswitch ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2355 (Ipswitch WhatsUp Professional 2006 and Ipswitch WhatsUp Professional ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2356 (NmConsole/utility/RenderMap.asp in Ipswitch WhatsUp Professional 2006 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2357 (Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2358 (Multiple cross-site scripting (XSS) vulnerabilities in various scripts ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2359 (Cross-site scripting (XSS) vulnerability in charts.php in the Chart ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2360 (SQL injection vulnerability in charts.php in the Chart mod for phpBB ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2361 (PHP remote file inclusion vulnerability in pafiledb_constants.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2362 (Buffer overflow in getsym in tekhex.c in libbfd in Free Software ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2363 (SQL injection vulnerability in the weblinks option (weblinks.html.php) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2364 (Cross-site scripting (XSS) vulnerability in the validation feature in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2365 (Cross-site scripting (XSS) vulnerability in a_login.php in Vizra ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2366 (ircp_io.c in libopenobex for ircp 1.2, when ircp is run with the -r ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2367 (Cross-site scripting (XSS) vulnerability in index.php in Clansys (aka ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2368 (Cross-site scripting (XSS) vulnerability in index.php in Clansys (aka ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2369 (RealVNC 4.1.1, and other products that use RealVNC such as AdderLink ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2370 (Buffer overflow in the Routing and Remote Access service (RRAS) in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2371 (Buffer overflow in the Remote Access Connection Manager service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2372 (Buffer overflow in the DHCP Client service for Microsoft Windows 2000 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2373 (The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2374 (The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2375 RESERVED CVE-2006-2376 (Integer overflow in the PolyPolygon function in Graphics Rendering ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2377 RESERVED CVE-2006-2378 (Buffer overflow in the ART Image Rendering component (jgdw400.dll) in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2379 (Buffer overflow in the TCP/IP Protocol driver in Microsoft Windows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2380 (Microsoft Windows 2000 SP4 does not properly validate an RPC server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2381 RESERVED CVE-2006-2382 (Heap-based buffer overflow in Microsoft Internet Explorer 5.01 SP4 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2383 (Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2384 (Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2385 (Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2386 (Unspecified vulnerability in Microsoft Outlook Express 6 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2387 (Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2388 (Microsoft Office Excel 2000 through 2004 allows user-assisted ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2389 (Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2390 (Cross-site scripting (XSS) vulnerability in OZJournals 1.2 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2391 (Buffer overflow in EMC Retrospect Client 5.1 through 7.5 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2392 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2393 (The client_cmd function in Empire 4.3.2 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2394 (Cross-site scripting (XSS) vulnerability in chat.php in PHP Live ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2395 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2396 (Cross-site scripting (XSS) vulnerability in phpODP 1.5h allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2397 (Multiple cross-site scripting (XSS) vulnerabilities in GPhotos 1.5 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2398 (Directory traversal vulnerability in index.php in GPhotos 1.5 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2399 (Stack-based buffer overflow in the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2400 (The leetnet functions (leetnet/rudp.cpp) in Outgun 1.0.3 bot 2 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2401 (The leetnet functions (leetnet/rudp.cpp) in Outgun 1.0.3 bot 2 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2402 (Buffer overflow in the changeRegistration function in servernet.cpp ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2403 (Buffer overflow in FileZilla before 2.2.23 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2404 (Directory traversal vulnerability in popup.php in RadScripts RadLance ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2405 (Directory traversal vulnerability in unb_lib/abbc.conf.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2406 (Directory traversal vulnerability in bb_lib/abbc.css.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2407 (Stack-based buffer overflow in (1) WeOnlyDo wodSSHServer ActiveX ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2408 (Multiple buffer overflows in Raydium before SVN revision 310 allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2409 (Format string vulnerability in the raydium_log function in console.c ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2410 (raydium_network_netcall_exec function in network.c in Raydium SVN ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2411 (Buffer overflow in raydium_network_read function in network.c in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2412 (The raydium_network_read function in network.c in Raydium SVN revision ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2413 (GNUnet before SVN revision 2781 allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2414 (Directory traversal vulnerability in Dovecot 1.0 beta and 1.0 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2415 (Multiple cross-site scripting (XSS) vulnerabilities in FlexChat 2.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2416 (SQL injection vulnerability in class2.php in e107 0.7.2 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2417 (Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.0.x before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2418 (Cross-site scripting (XSS) vulnerabilities in certain versions of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2419 (Cross-site scripting (XSS) vulnerability in index.php in Directory ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2420 (Bugzilla 2.20rc1 through 2.20 and 2.21.1, when using RSS 1.0, allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2421 (Stack-based buffer overflow in Pragma FortressSSH 4.0.7.20 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2422 (phpCOIN 1.2.3 and earlier stores messages based upon e-mail addresses, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2423 (Cross-site scripting (XSS) vulnerability in ftplogin/index.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2424 (PHP remote file inclusion vulnerability in ezUserManager 1.6 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2425 (Multiple cross-site scripting (XSS) vulnerabilities in PRV.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2426 (Sun Java Runtime Environment (JRE) 1.5.0_6 and earlier, JDK 1.5.0_6 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2427 (freshclam in (1) Clam Antivirus (ClamAV) 0.88 and (2) ClamXav 1.0.3h ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2428 (add.asp in DUware DUbanner 3.1 allows remote attackers to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2429 (Unspecified vulnerability in IBM WebSphere Application Server 6.0.2, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2430 (IBM WebSphere Application Server 5.0.2 and earlier, 5.1.1 and earlier, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2431 (Cross-site scripting (XSS) vulnerability in the 500 Internal Server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2432 (IBM WebSphere Application Server 5.0.2 (or any earlier cumulative fix) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2433 (Unspecified vulnerability in IBM WebSphere Application Server 6.0.2, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2434 (Unspecified vulnerability in WebSphere 5.1.1 (or any earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2435 (Unspecified vulnerability in IBM WebSphere Application Server 5.0.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2436 (WebSphere Application Server 5.0.2 (or any earlier cumulative fix) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2437 (The viewfile servlet in the documentation package (resin-doc) for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2438 (Directory traversal vulnerability in the viewfile servlet in the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2439 (Stack-based buffer overflow in ZipCentral 4.01 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2440 (Heap-based buffer overflow in the libMagick componet of ImageMagick ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2441 (Pioneers meta-server before 0.9.55, when the server-console is not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2442 (kphone 4.2 creates .qt/kphonerc with world-readable permissions, which ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2443 (The Debian package of knowledgetree 2.0.7 creates environment.php with ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2444 (The snmp_trap_decode function in the SNMP NAT helper for Linux kernel ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2445 (Race condition in run_posix_cpu_timers in Linux kernel before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2446 (Race condition between the kfree_skb and __skb_unlink functions in the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2447 (SpamAssassin before 3.1.3, when running with vpopmail and the paranoid ...) BUG: 135746 CVE-2006-2448 (Linux kernel before 2.6.16.21 and 2.6.17, when running on PowerPC, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2449 (KDE Display Manager (KDM) in KDE 3.2.0 up to 3.5.3 allows local users ...) BUG: 136201 CVE-2006-2450 (auth.c in LibVNCServer 0.7.1 allows remote attackers to bypass ...) BUG: 142661 BUG: 142559 BUG: 136916 CVE-2006-2451 (The suid_dumpable support in Linux kernel 2.6.13 up to versions before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2452 (GNOME GDM 2.8, 2.12, 2.14, and 2.15, when the "face browser" feature ...) BUG: 135027 CVE-2006-2453 (Multiple unspecified format string vulnerabilities in Dia have ...) BUG: 133699 CVE-2006-2454 RESERVED CVE-2006-2455 RESERVED CVE-2006-2456 RESERVED CVE-2006-2457 RESERVED CVE-2006-2458 (Multiple heap-based buffer overflows in Libextractor 0.5.13 and ...) BUG: 133570 CVE-2006-2459 (SQL injection vulnerability in messages.php in PHP-Fusion 6.00.307 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2460 (Sugar Suite Open Source (SugarCRM) 4.2 and earlier, when ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2461 (BEA WebLogic Server before 8.1 Service Pack 4 does not properly set ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2462 (BEA WebLogic Server 8.1 before Service Pack 4 and 7.0 before Service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2463 (view_album.php in SelectaPix 1.31 and earlier allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2464 (stopWebLogic.sh in BEA WebLogic Server 8.1 before Service Pack 4 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2465 (Buffer overflow in MP3Info 0.8.4 allows attackers to execute arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2466 (BEA WebLogic Server 8.1 up to SP4 and 7.0 up to SP6 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2467 (BEA WebLogic Server 8.1 up to SP4, 7.0 up to SP6, and 6.1 up to SP7 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2468 (The WebLogic Server Administration Console in BEA WebLogic Server 8.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2469 (The HTTP handlers in BEA WebLogic Server 9.0, 8.1 up to SP5, 7.0 up to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2470 (Unspecified vulnerability in the WebLogic Server Administration ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2471 (Multiple vulnerabilities in BEA WebLogic Server 8.1 through SP4, 7.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2472 (Unspecified vulnerability in BEA WebLogic Server 9.1 and 9.0, 8.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2473 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2474 (SQL injection vulnerability in lshop.cgi in Cosmoshop 8.11.106 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2475 (Directory traversal vulnerability in (1) edit_mailtexte.cgi and (2) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2476 (Bitrix Site Manager 4.1.x stores updater.log under the web document ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2477 (Cross-site scripting (XSS) vulnerability in the administrative ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2478 (Bitrix Site Manager 4.1.x allows remote attackers to redirect users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2479 (The Update functionality in Bitrix Site Manager 4.1.x does not verify ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2480 (Format string vulnerability in Dia 0.94 allows user-assisted ...) BUG: 133699 CVE-2006-2481 (VMware ESX Server 2.0.x before 2.0.2 and 2.x before 2.5.2 patch 4 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2482 (Heap-based buffer overflow in the TZipTV component in (1) ZipTV for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2483 (PHP remote file inclusion vulnerability in cart_content.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2484 (Cross-site scripting (XSS) vulnerability in index.html in IceWarp ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2485 (PHP remote file inclusion vulnerability in includes/class_template.php ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2486 (SQL injection vulnerability in find.php in YapBB 1.2 Beta2 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2487 (Multiple PHP remote file inclusion vulnerabilities in ScozNews 1.2.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2488 (Multiple cross-site scripting (XSS) vulnerabilities in Spymac WebOS ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2489 (Integer overflow in CGI scripts in Nagios 1.x before 1.4.1 and 2.x ...) BUG: 133487 BUG: 132159 CVE-2006-2490 (Multiple cross-site scripting (XSS) vulnerabilities in Mobotix IP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2491 (Cross-site scripting (XSS) vulnerability in (1) index.php and (2) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2492 (Buffer overflow in Microsoft Word in Office 2000 SP3, Office XP SP3, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2493 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2494 (Stack-based buffer overflow in IntelliTamper 2.07 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2495 (Cross-site request forgery (CSRF) vulnerability in the Entry Manager ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2496 (Buffer overflow in iMonitor 2.4 in Novell eDirectory 8.8 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2497 (Multiple cross-site scripting (XSS) vulnerabilities in AspBB 0.5.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2498 (Invision Power Board (IPB) before 2.1.6 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2499 (SQL injection vulnerability in default.asp in CodeAvalanche News ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2500 (Cross-site scripting (XSS) vulnerability in add_news.asp in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2501 (Cross-site scripting (XSS) vulnerability in Sun ONE Web Server 6.0 SP9 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2502 (Stack-based buffer overflow in pop3d in Cyrus IMAPD (cyrus-imapd) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2503 (SQL injection vulnerability in misc.php in DeluxeBB 1.06 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2504 (Multiple SQL injection vulnerabilities in mono AZBOARD 1.0 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2505 (Oracle Database Server 10g Release 2 allows local users to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2506 (Multiple cross-site scripting (XSS) vulnerabilities in search.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2507 (Multiple PHP remote file inclusion vulnerabilities in Teake Nutma ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2508 (SQL injection vulnerability in tr1.php in YourFreeWorld.com Stylish ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2509 (SQL injection vulnerability in login.php in YourFreeWorld.com Short ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2510 (Cross-site scripting (XSS) vulnerability in the URL submission form in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2511 (The ActiveX version of FrontRange iHEAT allows remote authenticated ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2512 (SQL injection vulnerability in Hitachi EUR Professional Edition, EUR ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2513 (Unspecified vulnerability in the installation process in Sun Java ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2514 (Coppermine galleries before 1.4.6, when running on Apache with ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2515 (Cross-site scripting (XSS) vulnerability in index.php in Hiox ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2516 (mainfile.php in XOOPS 2.0.13.2 and earlier, when register_globals is ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2517 (SQL injection vulnerability in MyWeb Portal Office, Standard Edition, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2518 (Cross-site scripting (XSS) vulnerability in phpwcms 1.2.5-DEV allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2519 (Directory traversal vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2520 (Directory traversal vulnerability in BitZipper 4.1.2 SR-1 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2521 (PHP remote file inclusion vulnerability in cron.php in phpMyDirectory ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2522 (Dayfox Blog 2.0 and earlier stores user credentials in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2523 (PHP remote file inclusion vulnerability in config.php in phpListPro ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2524 (Cross-site scripting (XSS) vulnerability in UseBB 1.0 RC1 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2525 (SQL injection vulnerability in UseBB 1.0 RC1 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2526 (PHP remote file inclusion vulnerability in index.php in PHP Easy ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2527 (Admin/admin.php in phpBazar 2.1.0 and earlier allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2528 (PHP remote file inclusion vulnerability in classified_right.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2529 (editor/filemanager/upload/php/upload.php in FCKeditor before 2.3 Beta, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2530 (avatar_upload.asp in Avatar MOD 1.3 for Snitz Forums 3.4, and possibly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2531 (Ipswitch WhatsUp Professional 2006 only verifies the users identity ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2532 (stats.php in Destiney Rated Images Script 0.5.0 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2533 (Cross-site scripting (XSS) vulnerability in (1) addWeblog.php and (2) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2534 (Destiney Links Script 2.1.2 does not protect library and other support ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2535 (index.php in Destiney Links Script 2.1.2 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2536 (Cross-site scripting (XSS) vulnerability in Destiney Links Script ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2537 (Multiple format string vulnerabilities in (a) OpenBOR 2.0046 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2538 (IE Tab 1.0.9 plugin for Mozilla Firefox 1.5.0.3 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2539 (Sybase EAServer 5.0 for HP-UX Itanium, 5.2 for IBM AIX, HP-UX PA-RISC, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2540 (Privacy leak in install.php for Diesel PHP Job Site sends sensitive ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2541 (SQL injection vulnerability in settings.asp in Zixforum 1.12 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2542 (xmcdconfig in xmcd for Debian GNU/Linux 2.6-17.1 creates /var/lib/cddb ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2543 (Xtreme Topsites 1.1 allows remote attackers to trigger MySQL errors ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2544 (Multiple SQL injection vulnerabilities in Xtreme Topsites 1.1, with ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2545 (Multiple cross-site scripting (XSS) vulnerabilities in Xtreme Topsites ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2546 (A recommended admin password reset mechanism for BEA WebLogic Server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2547 (Unspecified vulnerability in the sapdba command in SAP with Informix ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2548 (Prodder before 0.5, and perlpodder before 0.5, allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2549 (Stack-based buffer overflow in PDF Form Filling and Flattening Tool ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2550 (perlpodder before 0.5 allows remote attackers to execute arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2551 (Unspecified vulnerability in the kernel in HP-UX B.11.00 allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2552 (Jemscripts DownloadControl 1.0 allows remote attackers to obtain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2553 (Cross-site scripting (XSS) vulnerability in Jemscripts DownloadControl ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2554 (Buffer overflow in the tell_player_surr_changes function in Genecys ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2555 (The parse_command function in Genecys 0.2 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2556 (Cross-site scripting (XSS) vulnerability in Florian Amrhein NewsPortal ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2557 (PHP remote file inclusion vulnerability in extras/poll/poll.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2558 (Cross-site scripting (XSS) vulnerability in IpLogger 1.7 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2559 (Linksys WRT54G Wireless-G Broadband Router allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2560 (Sitecom WL-153 router firmware before 1.38 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2561 (Edimax BR-6104K router allows remote attackers to bypass access ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2562 (ZyXEL P-335WT router allows remote attackers to bypass access ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2563 (The cURL library (libcurl) in PHP 4.4.2 and 5.1.4 allows attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2564 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2565 (SQL injection vulnerability in Alstrasoft Article Manager Pro 1.6 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2566 (Alstrasoft Article Manager Pro 1.6 allows remote attackers to obtain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2567 (Cross-site scripting (XSS) vulnerability in submit_article.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2568 (PHP remote file inclusion vulnerability in addpost_newpoll.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2569 (SQL injection vulnerability in links.php in 4R Linklist 1.0 RC2 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2570 (PHP remote file inclusion vulnerability in CaLogic Calendars 1.2.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2571 (Cross-site scripting (XSS) vulnerability in search.html in Alkacon ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2572 (Cross-site scripting (XSS) vulnerability in index.php in DGBook 1.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2573 (SQL injection vulnerability in index.php in DGBook 1.0, with ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2574 (Multiple unspecified vulnerabilities in Software Distributor in HP-UX ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2575 (The setFrame function in Lib/2D/Surface.hpp for NetPanzer 0.8 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2576 (Multiple PHP remote file inclusion vulnerabilities in Docebo 3.0.3 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2577 (Multiple PHP remote file inclusion vulnerabilities in Docebo 3.0.3 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2578 (admin/cron.php in eSyndicat Directory 1.2, when register_globals is ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2579 (Unspecified vulnerability in HP OpenView Storage Data Protector 5.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2580 (Multiple unspecified vulnerabilities in HP OpenView Network Node ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2581 (Cross-site scripting (XSS) vulnerability in Wiki content in RWiki ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2582 (The editing form in RWiki 2.1.0pre1 through 2.1.0 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2583 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2584 (Multiple cross-site scripting (XSS) vulnerabilities in post.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2585 (SQL injection vulnerability in Destiney Links Script 2.1.2 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2586 (Cross-site scripting (XSS) vulnerability in IpLogger 1.7 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2587 (Buffer overflow in the WebTool HTTP server component in (1) PunkBuster ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2588 (Russcom PHPImages allows remote attackers to upload files of arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2589 (SQL injection vulnerability in rss.php in MyBB (aka MyBulletinBoard) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2590 (SQL injection vulnerability in e107 before 0.7.5 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2591 (Unspecified vulnerability in e107 before 0.7.5 has unknown impact and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2592 (Unspecified vulnerability in DSChat 1.0 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2593 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2594 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2595 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2596 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2597 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2598 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2599 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2600 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2601 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2602 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2603 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2604 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2605 (Cross-site scripting (XSS) vulnerability in DSChat 1.0 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2606 (Cross-site scripting (XSS) vulnerability in Chatty, possibly 1.0.2 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2607 (do_command.c in Vixie cron (vixie-cron) 4.1 does not check the return ...) BUG: 134194 CVE-2006-2608 (artmedic newsletter 4.1 and possibly other versions, when ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2609 (artmedic newsletter 4.1.2 and possibly other versions, when ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2610 (Cross-site scripting (XSS) vulnerability in view.php in phpRaid 2.9.5 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2611 (Cross-site scripting (XSS) vulnerability in includes/Sanitizer.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2612 (Novell Client for Windows 4.8 and 4.9 does not restrict access to the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2613 (Mozilla Suite 1.7.13, Mozilla Firefox 1.5.0.3 and possibly other ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2614 (Sun N1 System Manager 1.1 for Solaris 10 before patch 121161-01 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2615 (ping.php in Russcom.Ping allows remote attackers to execute arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2616 (SQL injection vulnerability in the search script in (1) AlstraSoft Web ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2617 ((1) AlstraSoft Web Host Directory 1.2, aka (2) HyperStop WebHost ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2618 (Cross-site scripting (XSS) vulnerability in (1) AlstraSoft Web Host ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2619 RESERVED CVE-2006-2620 RESERVED CVE-2006-2621 RESERVED CVE-2006-2622 RESERVED CVE-2006-2623 RESERVED CVE-2006-2624 RESERVED CVE-2006-2625 RESERVED CVE-2006-2626 RESERVED CVE-2006-2627 RESERVED CVE-2006-2628 RESERVED CVE-2006-2629 (Race condition in Linux kernel 2.6.15 to 2.6.17, when running on SMP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2630 (Stack-based buffer overflow in Symantec Antivirus 10.1 and Client ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2631 (phpFoX allows remote authenticated users to modify arbitrary accounts ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2632 (Cross-site scripting (XSS) vulnerability in Andrew Godwin ByteHoard ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2633 (Absolute path traversal vulnerability in the copy action in index.php ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2634 (Cross-site scripting (XSS) vulnerability in Neocrome Land Down Under ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2635 (Multiple cross-site scripting (XSS) vulnerabilities in Tikiwiki (aka ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2636 (newsadmin.asp in Katy Whitton NewsCMSLite allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2637 (Cross-site scripting (XSS) vulnerability in view.php in TuttoPhp (1) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2638 (SQL injection vulnerability in member.asp in qjForum allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2639 (Cross-site scripting (XSS) vulnerability in the input forms in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2640 (Cross-site scripting (XSS) vulnerability in OmegaMw7a.ASP in OMEGA ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2641 (** UNVERIFIABLE ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2642 (** UNVERIFIABLE ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2643 (Cross-site scripting (XSS) vulnerability in index.php in Monster Top ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2644 (AWStats 6.5, and possibly other versions, allows remote authenticated ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2645 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2646 (Buffer overflow in Alt-N MDaemon, possibly 9.0.1 and earlier, allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2647 (Untrusted search path vulnerability in update_flash for IBM AIX 5.1, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2648 (Cross-site scripting (XSS) vulnerability in perform_search.asp for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2649 (Multiple cross-site scripting (XSS) vulnerabilities in (a) search.php, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2650 (SQL injection vulnerability in cosmicshop/search.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2651 (Cross-site scripting (XSS) vulnerability in index.php in Vacation ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2652 (Cross-site scripting (XSS) vulnerability in WikiNi 0.4.2 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2653 (Cross-site scripting (XSS) vulnerability in login_error.shtml for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2654 (Directory traversal vulnerability in smbfs smbfs on FreeBSD 4.10 up to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2655 (The build process for ypserv in FreeBSD 5.3 up to 6.1 accidentally ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2656 (Stack-based buffer overflow in the tiffsplit command in libtiff 3.8.2 ...) BUG: 135881 CVE-2006-2657 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2658 (Directory traversal vulnerability in the xsp component in mod_mono in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2659 (libs/comverp.c in Courier MTA before 0.53.2 allows attackers to cause ...) BUG: 135005 CVE-2006-2660 (Buffer consumption vulnerability in the tempnam function in PHP 5.1.4 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2661 (ftutil.c in Freetype before 2.2 allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2662 (VMware Server before RC1 does not clear user credentials from memory ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2663 (Multiple cross-site scripting (XSS) vulnerabilities in iFlance 1.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2664 (Cross-site scripting (XSS) vulnerability in iFdate 1.2 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2665 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2666 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2667 (Direct static code injection vulnerability in WordPress 2.0.2 and ...) BUG: 134397 CVE-2006-2668 (Multiple PHP remote file inclusion vulnerabilities in Docebo LMS 2.05 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2669 (Multiple cross-site scripting (XSS) vulnerabilities in Pre Shopping ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2670 (Multiple cross-site scripting (XSS) vulnerabilities in ChatPat 1.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2671 (SQL injection vulnerability in ChatPat 1.0 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2672 (Multiple cross-site scripting (XSS) vulnerabilities in Realty Pro One ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2673 (Cross-site scripting (XSS) vulnerability in search.html in Bulletin ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2674 (Multiple SQL injection vulnerabilities in Tamber Forum 1.9.13 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2675 (PHP remote file inclusion vulnerability in ubbt.inc.php in UBBThreads ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2676 (Dispatch.cgi/_user/uservCard/ in SiteScape Forum 7.2 and possibly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2677 (SiteScape Forum 7.2 and possibly earlier stores the avf.rc ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2678 (Multiple cross-site scripting (XSS) vulnerabilities in Pre News ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2679 (Unspecified vulnerability in the VPN Client for Windows Graphical User ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2680 (Cross-site scripting (XSS) vulnerability in index.php in AZ Photo ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2681 (PHP remote file inclusion vulnerability in SocketMail Lite and Pro ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2682 (PHP remote file inclusion vulnerability in BE_config.php in Back-End ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2683 (PHP remote file inclusion vulnerability in 404.php in open-medium.CMS ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2684 (Cross-site scripting (XSS) vulnerability in the search module in CMS ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2685 (PHP remote file inclusion vulnerability in Basic Analysis and Security ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2686 (PHP remote file inclusion vulnerabilities in ActionApps 2.8.1 allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2687 (Cross-site scripting (XSS) vulnerability in adduser.php in PHP-AGTC ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2688 (SQL injection vulnerability in the employees node (class.employee.inc) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2689 (Multiple cross-site scripting (XSS) vulnerabilities in EVA-Web 2.1.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2690 (An unspecified script in EVA-Web 2.1.2 and earlier, probably ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2691 (Unspecified "information leakage" vulnerabilities in aMuleWeb for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2692 (Multiple unspecified vulnerabilities in aMuleWeb for AMule before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2693 (Directory traversal vulnerability in admin/admin_hacks_list.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2694 (Multiple PHP remote file inclusion vulnerabilities in EzUpload Pro ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2695 (admin/upprocess.php in DGNews 1.5 and earlier allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2696 (Cross-site scripting (XSS) vulnerabilities in Easy-Content Forums 1.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2697 (Multiple SQL injection vulnerabilities in Easy-Content Forums 1.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2698 (Geeklog 1.4.0sr2 and earlier allows remote attackers to obtain the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2699 (Cross-site scripting (XSS) vulnerability in getimage.php in Geeklog ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2700 (SQL injection vulnerability in admin/auth.inc.php in Geeklog 1.4.0sr2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2701 (SQL injection vulnerability in Geeklog 1.4.0sr2 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2702 (vars.php in WordPress 2.0.2, possibly when running on Mac OS X, allows ...) BUG: 134397 CVE-2006-2703 (The RedCarpet command-line client (rug) does not verify SSL ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2704 (Secure Elements Class 5 AVR server and client (aka C5 EVM) before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2705 (Secure Elements Class 5 AVR server (aka C5 EVM) before 2.8.1 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2706 (Secure Elements Class 5 AVR server (aka C5 EVM) before 2.8.1 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2707 (Secure Elements Class 5 AVR server (aka C5 EVM) before 2.8.1 does not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2708 (Secure Elements Class 5 AVR client (aka C5 EVM) before 2.8.1 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2709 (Secure Elements Class 5 AVR (aka C5 EVM) before 2.8.1 do not validate ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2710 (Secure Elements Class 5 AVR (aka C5 EVM) before 2.8.1 uses the same ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2711 (Secure Elements Class 5 AVR (aka C5 EVM) 2.8.1 and earlier, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2712 (Secure Elements Class 5 AVR (aka C5 EVM) client and server before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2713 (Secure Elements Class 5 AVR client (aka C5 EVM) before 2.8.1 generates ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2714 (Secure Elements Class 5 AVR client (aka C5 EVM) before 2.8.1 does not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2715 (The Administration Console in Secure Elements Class 5 AVR (aka C5 EVM) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2716 (Secure Elements Class 5 AVR server (aka C5 EVM) before 2.8.1 uses a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2717 (Unspecified vulnerability in Secure Elements Class 5 AVR client and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2718 (JIWA Financials 6.4.14 passes a Microsoft SQL Server account's ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2719 (JIWA Financials 6.4.14 stores usernames and passwords for all accounts ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2720 (SQL injection vulnerability in news.php in VARIOMAT allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2721 (Cross-site scripting (XSS) vulnerability in news.php in VARIOMAT ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2722 (SQL injection vulnerability in view_album.php in SelectaPix 1.4 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2723 (Unspecified versions of Mozilla Firefox allow remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2724 (Cross-site scripting (XSS) vulnerability in PunBB 1.2.11 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2725 (SQL injection vulnerability in rss/posts.php in Eggblog before 3.07 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2726 (PHP remote file inclusion vulnerability in Fastpublish CMS 1.6.9.d ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2727 (home/register.php in Eggblog before 3.0 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2728 (Cross-site scripting (XSS) vulnerability in superalbum/index.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2729 (Cross-site scripting (XSS) vulnerability in superalbum/index.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2730 (PHP remote file inclusion vulnerability in admin/lib_action_step.php ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2731 (Multiple SQL injection vulnerabilities in Enigma Haber 4.3 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2732 (SQL injection vulnerability in Your_Account.asp in Mini-Nuke 2.3 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2733 (membership.asp in Mini-Nuke 2.3 and earlier uses plaintext security ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2734 (enter.asp in Mini-Nuke 2.3 and earlier makes it easier for remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2735 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2736 (PHP remote file inclusion vulnerability in blend_data/blend_common.php ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2737 (utilities/register.asp in Nukedit 4.9.6 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2738 (The open source version of Open-Xchange 0.8.2 and earlier uses a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2739 (PHP remote file inclusion vulnerability in footers.php in Epicdesigns ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2740 (Multiple SQL injection vulnerabilities in Epicdesigns tinyBB 0.3 allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2741 (Cross-site scripting (XSS) vulnerability in Epicdesigns tinyBB 0.3 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2742 (SQL injection vulnerability in Drupal 4.6.x before 4.6.7 and 4.7.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2743 (Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2744 (PHP remote file inclusion vulnerability in p-popupgallery.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2745 (Multiple PHP remote file inclusion vulnerabilities in F@cile ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2746 (Multiple cross-site scripting (XSS) vulnerabilities in F@cile ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2747 (Directory traversal vulnerability in index.php in PhpMyDesktop|arcade ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2748 (SQL injection vulnerability in the do_mysql_query function in core.php ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2749 (SQL injection vulnerability in search.php in Open Searchable Image ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2750 (Cross-site scripting (XSS) vulnerability in the do_mysql_query ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2751 (Cross-site scripting (XSS) vulnerability in Open Searchable Image ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2752 (The RedCarpet /etc/ximian/rcd.conf configuration file in Novell Linux ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2753 (SQL injection vulnerability in MySQL 4.1.x before 4.1.20 and 5.0.x ...) BUG: 135076 CVE-2006-2754 (Stack-based buffer overflow in st.c in slurpd for OpenLDAP before ...) BUG: 134010 CVE-2006-2755 (Cross-site scripting (XSS) vulnerability in index.php in UBBThreads ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2756 (Eitsop My Web Server 1.0 allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2757 (Cross-site scripting (XSS) vulnerability in Chipmunk guestbook allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2758 (Directory traversal vulnerability in jetty 6.0.x (jetty6) beta16 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2759 (jetty 6.0.x (jetty6) beta16 allows remote attackers to read arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2760 (SQL injection vulnerability in modules.php in 4nNukeWare 4nForum 0.91 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2761 (SQL injection vulnerability in Hitachi HITSENSER3 HITSENSER3/PRP, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2762 (PHP remote file inclusion vulnerability in includes/config.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2763 (SQL injection vulnerability in Pre News Manager 1.0 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2764 (Cross-site scripting (XSS) vulnerability in GuestbookXL 1.3 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2765 (Cross-site scripting (XSS) vulnerability in news_information.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2766 (Buffer overflow in INETCOMM.DLL, as used in Microsoft Internet ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2767 (PHP remote file inclusion vulnerability in Ottoman 1.1.2, when ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2768 (PHP remote file inclusion vulnerability in METAjour 2.1, when ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2769 (The HTTP Inspect preprocessor (http_inspect) in Snort 2.4.0 through ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2770 (Directory traversal vulnerability in randompic.php in pppBLOG 0.3.8 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2771 (admin/radera/tabort.asp in Hogstorps hogstorp guestbook 2.0 does not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2772 (Cross-site scripting (XSS) vulnerability in add.asp in Hogstorps ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2773 (admin/redigera/redigera2.asp in Hogstorps hogstorp Guestbook 2.0 does ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2774 (Cross-site scripting (XSS) vulnerability in search.php in QontentOne ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2775 (Mozilla Firefox and Thunderbird before 1.5.0.4 associates XUL ...) BUG: 135256 BUG: 135254 CVE-2006-2776 (Certain privileged UI code in Mozilla Firefox and Thunderbird before ...) BUG: 135256 BUG: 135254 CVE-2006-2777 (Unspecified vulnerability in Mozilla Firefox before 1.5.0.4 and ...) BUG: 135254 CVE-2006-2778 (The crypto.signText function in Mozilla Firefox and Thunderbird before ...) BUG: 135256 BUG: 135254 CVE-2006-2779 (Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote attackers ...) BUG: 135256 BUG: 135254 CVE-2006-2780 (Integer overflow in Mozilla Firefox and Thunderbird before 1.5.0.4 ...) BUG: 135256 BUG: 135254 CVE-2006-2781 (Double free vulnerability in nsVCard.cpp in Mozilla Thunderbird before ...) BUG: 135256 CVE-2006-2782 (Firefox 1.5.0.2 does not fix all test cases associated with ...) BUG: 135254 CVE-2006-2783 (Mozilla Firefox and Thunderbird before 1.5.0.4 strip the Unicode ...) BUG: 135256 BUG: 135254 CVE-2006-2784 (The PLUGINSPAGE functionality in Mozilla Firefox before 1.5.0.4 allows ...) BUG: 135254 CVE-2006-2785 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox before ...) BUG: 135254 CVE-2006-2786 (HTTP response smuggling vulnerability in Mozilla Firefox and ...) BUG: 135256 BUG: 135254 CVE-2006-2787 (EvalInSandbox in Mozilla Firefox and Thunderbird before 1.5.0.4 allows ...) BUG: 135256 BUG: 135254 CVE-2006-2788 (Double free vulnerability in the getRawDER function for nsIX509Cert in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2789 (Evolution 2.2.x and 2.3.x in GNOME 2.7 and 2.8, when "load images if ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2790 (A package component in Sun Storage Automated Diagnostic Environment ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2791 (Directory traversal vulnerability in index.php in iBoutique.MALL and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2792 (SQL injection vulnerability in misc.php in Woltlab Burning Board (WBB) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2793 (SQL injection vulnerability in Anket.asp in ASPSitem 2.0 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2794 (Hesabim.asp in ASPSitem 2.0 and earlier allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2795 (Multiple cross-site scripting (XSS) vulnerabilities in XiTi Tracking ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2796 (Cross-site scripting (XSS) vulnerability in gallery.php in Captivate ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2797 (Multiple SQL injection vulnerabilities in phpCommunityCalendar 4.0.3 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2798 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2799 (Cross-site scripting (XSS) vulnerability in content_footer.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2800 (Multiple cross-site scripting (XSS) vulnerabilities in Unak CMS 1.5 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2801 (Multiple SQL injection vulnerabilities in Unak CMS 1.5 RC2 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2802 (Buffer overflow in the HTTP Plugin (xineplug_inp_http.so) for xine-lib ...) BUG: 133520 CVE-2006-2803 (Multiple cross-site scripting (XSS) vulnerabilities in PHP ManualMaker ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2804 (Cross-site scripting (XSS) vulnerability in index.cfm in Goss ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2805 (SQL injection vulnerability in VBulletin 3.0.10 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2806 (The SMTP server in Apache Java Mail Enterprise Server (aka Apache ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2807 (ASPwebSoft Speedy Asp Discussion Forum allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2808 (Cross-site scripting (XSS) vulnerability in Lycos Tripod htmlGEAR ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2809 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2810 (Multiple cross-site scripting (XSS) vulnerabilities in Belchior ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2811 (Multiple PHP remote file inclusion vulnerabilities in Cantico ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2812 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2813 (Directory traversal vulnerability in easy-scart.cgi in iShopCart ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2814 (Multiple buffer overflows in the (1) vGetPost and (2) main functions ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2815 (Multiple cross-site scripting (XSS) vulnerabilities in Two Shoes ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2816 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2817 (SQL injection vulnerability in bolum.php in tekno.Portal allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2818 (PHP remote file inclusion vulnerability in common-menu.php in Cameron ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2819 (PHP remote file inclusion vulnerability in Wiki.php in Barnraiser ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2820 (Cross-site scripting (XSS) vulnerability in HotWebScripts.com Weblog ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2821 (Multiple cross-site scripting (XSS) vulnerabilities in DeltaScripts ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2822 (SQL injection vulnerability in admin/default.asp in Dusan Drobac ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2823 (Katrien De Graeve a.shopKart 2.0 (aka ashopKart20) stores sensitive ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2824 (Logicalware MailManager before 2.0.10 does not remove 0xc8 0x27 (0xc8 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2825 (cPanel does not automatically synchronize the PHP open_basedir ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2826 (SQL injection vulnerability in sessions.inc in PHP Base Library ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2827 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2828 (Global variable overwrite vulnerability in PHP-Nuke allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2829 (Buffer overflow in Hawk Monitoring Agent (HMA) for TIBCO Hawk before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2830 (Buffer overflow in TIBCO Rendezvous before 7.5.1, TIBCO Runtime Agent ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2831 (Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2832 (Cross-site scripting (XSS) vulnerability in the upload module ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2833 (Cross-site scripting (XSS) vulnerability in the taxonomy module in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2834 (PHP remote file inclusion vulnerability in includes/common.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2835 (SQL injection vulnerability in saphplesson 2.0 allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2836 (SQL injection vulnerability in comment.php in Pineapple Technologies ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2837 (Cross-site scripting (XSS) vulnerability in Techno Dreams Guest Book ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2838 (Buffer overflow in the web console in F-Secure Anti-Virus for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2839 (Directory traversal vulnerability in PG Problem Editor module ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2840 (Cross-site scripting (XSS) vulnerability in (1) uploads.php and (2) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2841 (Multiple PHP remote file inclusion vulnerabilities in AssoCIateD (aka ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2842 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2843 (PHP remote file inclusion vulnerability in Redaxo 2.7.4 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2844 (Multiple PHP remote file inclusion vulnerabilities in Redaxo 3.0 allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2845 (PHP remote file inclusion vulnerability in Redaxo 3.0 up to 3.2 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2846 (Cross-site scripting (XSS) vulnerability in Print.PHP in VisionGate ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2847 (SQL injection vulnerability in links.asp in aspWebLinks 2.0 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2848 (links.asp in aspWebLinks 2.0 allows remote attackers to change the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2849 (PHP remote file inclusion vulnerability in includes/webdav/server.php ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2850 (Cross-site scripting (XSS) vulnerability in recentchanges.php in PHP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2851 (Cross-site scripting (XSS) vulnerability in index.php in dotProject ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2852 (PHP remote file inclusion vulnerability in dotWidget CMS 1.0.6 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2853 (SQL injection vulnerability in content.php in abarcar Realty Portal ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2854 (SQL injection vulnerability in index.php in iBWd Guestbook 1.0 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2855 (SQL injection vulnerability in index.php in xueBook 1.0 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2856 (ActiveState ActivePerl 5.8.8.817 for Windows configures the site/lib ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2857 (SQL injection vulnerability in index.php in LifeType 1.0.4 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2858 (SQL injection vulnerability in viewmsg.asp in LocazoList Classifieds ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2859 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2860 (PHP remote file inclusion vulnerability in Webspotblogging 3.0.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2861 (SQL injection vulnerability in index.php in Particle Wiki 1.0.2 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2862 (SQL injection vulnerability in viewimage.php in Particle Gallery 1.0.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2863 (PHP remote file inclusion vulnerability in class.cs_phpmailer.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2864 (Multiple PHP remote file inclusion vulnerabilities in BlueShoes ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2865 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2866 (PHP remote file inclusion vulnerability in layout/prepend.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2867 (SQL injection vulnerability in editpost.php in CoolForum 0.8.3 beta ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2868 (Multiple PHP remote file inclusion vulnerabilities in Claroline 1.7.6 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2869 (Unspecified vulnerability in the CHM unpacker in avast! before 4.7.844 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2870 (Cross-site scripting (XSS) vulnerability in forum_search.asp in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2871 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2872 (PHP remote file inclusion vulnerability in config.php in Rumble 1.02 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2873 (Cross-site scripting (XSS) vulnerability in hava.asp in Enigma Haber ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2874 (Unspecified vulnerability in OSADS Alliance Database before 1.4 has ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2875 (Stack-based buffer overflow in the CL_ParseDownload function of Quake ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2876 (Cross-site scripting (XSS) vulnerability in cat.php in PHP Pro Publish ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2877 (PHP remote file inclusion vulnerability in Bookmark4U 2.0.0 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2878 (The spellchecker (spellcheck.php) in DokuWiki 2006/06/04 and earlier ...) BUG: 135623 CVE-2006-2879 (SQL injection vulnerability in newscomments.php in Alex News-Engine ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2880 (Cross-site scripting (XSS) vulnerability in the Contributed Packages ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2881 (Multiple PHP remote file inclusion vulnerabilities in DreamAccount 3.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2882 (Multiple cross-site scripting (XSS) vulnerabilities submit.asp in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2883 (Cross-site scripting (XSS) vulnerability in search.php in Kmita FAQ ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2884 (SQL injection vulnerability in index.php in Kmita FAQ 1.0 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2885 (Multiple cross-site scripting (XSS) vulnerabilities in KnowledgeTree ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2886 (view.php in KnowledgeTree Open Source 3.0.3 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2887 (Multiple SQL injection vulnerabilities in myNewsletter 1.1.2 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2888 (PHP remote file inclusion vulnerability in _wk/wk_lang.php in Wikiwig ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2889 (Multiple SQL injection vulnerabilities in index.php in Pixelpost ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2890 (Pixelpost 1-5rc1-2 and earlier, when register_globals is enabled, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2891 (Cross-site scripting (XSS) vulnerability in admin/index.php for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2892 (Cross-site scripting (XSS) vulnerability in index.php in GANTTy 1.0.3 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2893 (index.php in GANTTy 1.0.3 allows remote attackers to obtain the full ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2894 (Mozilla Firefox 1.5.0.4, 2.0.x before 2.0.0.8, Mozilla Suite 1.7.13, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2895 (Cross-site scripting (XSS) vulnerability in MediaWiki 1.6.0 up to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2896 (profile.php in FunkBoard CF0.71 allows remote attackers to change ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2897 (Cross-site scripting (XSS) vulnerability in FunkBoard 0.71 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2898 (The IAX2 channel driver (chan_iax2) for Asterisk 1.2.x before 1.2.9 ...) BUG: 135680 CVE-2006-2899 (Unspecified vulnerability in ESTsoft InternetDISK versions before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2900 (Internet Explorer 6 allows user-assisted remote attackers to read ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2901 (The web server for D-Link Wireless Access-Point (DWL-2100ap) firmware ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2902 (Directory traversal vulnerability in Particle Links 1.2.2 might allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2903 (Cross-site scripting (XSS) vulnerability in admin.php in Particle ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2904 (SQL injection vulnerability in index.php in Partial Links 1.2.2 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2905 (Partial Links 1.2.2 allows remote attackers to obtain sensitive ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2906 (The LZW decoding in the gdImageCreateFromGifPtr function in the Thomas ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2907 RESERVED CVE-2006-2908 (The domecode function in inc/functions_post.php in MyBulletinBoard ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2909 (Stack-based buffer overflow in the info tip shell extension ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2910 (Buffer overflow in jetAudio 6.2.6.8330 (Basic), and possibly other ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2911 (SQL injection vulnerability in controlpanel/index.php in CMS Mundo before 1.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2912 (Multiple SQL injection vulnerabilities in SelectaPix 1.31 allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2913 (Cross-site scripting (XSS) vulnerability in SelectaPix 1.31 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2914 (PHP remote file inclusion vulnerability in DeluxeBB 1.06 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2915 (Multiple SQL injection vulnerabilities in DeluxeBB 1.06 allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2916 (artswrapper in aRts, when running setuid root on Linux 2.6.0 or later ...) BUG: 163146 BUG: 135970 CVE-2006-2917 (Directory traversal vulnerability in the IMAP server in WinGate ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2918 (The Lanap BotDetect APS.NET CAPTCHA component before 1.5.4.0 stores ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2919 (Unspecified vulnerability in Microsoft NetMeeting 3.01 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2920 (Sylpheed-Claws before 2.2.2 and Sylpheed before 2.2.6 allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2921 (PHP remote file inclusion vulnerability in cmpro_header.inc.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2922 (Multiple PHP remote file inclusion vulnerabilities in MiraksGalerie ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2923 (The iax_net_read function in the iaxclient open source library, as ...) BUG: 136099 CVE-2006-2924 (Ingate Firewall in the SIP module before 4.4.1 and SIParator before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2925 (Cross-site scripting (XSS) vulnerability in the web interface in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2926 (Stack-based buffer overflow in the WWW Proxy Server of Qbik WinGate ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2927 (Multiple cross-site scripting (XSS) vulnerabilities in post.asp in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2928 (Multiple PHP remote file inclusion vulnerabilities in CMS-Bandits 2.5 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2929 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2930 (Unspecified vulnerability in Sun Grid Engine 5.3 and Sun N1 Grid ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2931 (CMS Mundo before 1.0 build 008 does not properly verify uploaded image files, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2932 (A regression error in the restore_all code path of the 4/4GB split ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2933 (kdesktop_lock in kdebase before 3.1.3-5.11 for KDE in Red Hat ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2934 (SCTP conntrack (ip_conntrack_proto_sctp.c) in netfilter for Linux ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2935 (The dvd_read_bca function in the DVD handling code in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2936 (The ftdi_sio driver (usb/serial/ftdi_sio.c) in Linux kernel 2.6.x up ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2937 (OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote ...) BUG: 152640 BUG: 145510 CVE-2006-2938 REJECTED CVE-2006-2939 REJECTED CVE-2006-2940 (OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions ...) BUG: 152640 BUG: 145510 CVE-2006-2941 (Mailman before 2.1.9rc1 allows remote attackers to cause a denial of ...) BUG: 139976 CVE-2006-2942 (TWiki 4.0.0, 4.0.1, and 4.0.2 allows remote attackers to gain Twiki ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2943 (Unspecified vulnerability in CGI-RESCUE WebFORM 4.1 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2944 (Unspecified vulnerability in CGI-RESCUE FORM2MAIL 1.21 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2945 (Unspecified vulnerability in the user profile change functionality in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2946 (Dmx Forum 2.1a stores _includes/bd.inc under the web root with ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2947 (Dmx Forum 2.1a allows remote attackers to obtain username and password ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2948 (A-CART 2.0 stores the acart2_0.mdb file under the web document root ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2949 (Cross-site scripting (XSS) vulnerability in private.php in MyBB 1.1.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2950 (Net Portal Dynamic System (NPDS) 5.10 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2951 (Multiple cross-site scripting (XSS) vulnerabilities in Net Portal ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2952 (Directory traversal vulnerability in Net Portal Dynamic System (NPDS) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2953 (Cross-site scripting (XSS) vulnerability in default.asp in OfficeFlow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2954 (SQL injection vulnerability in files.asp in OfficeFlow 2.6 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2955 (Multiple cross-site scripting (XSS) vulnerabilities in KAPhotoservice ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2956 (Multiple cross-site scripting (XSS) vulnerabilities in i.List 1.5 beta ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2957 (Cross-site scripting (XSS) vulnerability in i.List 1.5 beta and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2958 (Directory traversal vulnerability in FilZip 3.05 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2959 (SQL injection vulnerability in inc_header.asp in Snitz Forum 3.4.05 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2960 (PHP remote file inclusion vulnerability in includes/joomla.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2961 (Stack-based buffer overflow in CesarFTP 0.99g and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2962 (PHP remote file inclusion vulnerability in sql_fcnsOLD.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2963 (Cross-site scripting (XSS) vulnerability in Suchergebnisse.asp in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2964 (Multiple PHP remote file inclusion vulnerabilities in Xtreme Scripts ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2965 (Multiple cross-site scripting (XSS) vulnerabilities in Particle Soft ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2966 (Cross-site scripting (XSS) vulnerability in Particle Soft Particle ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2967 (Syworks SafeNET allows local users to bypass restrictions on network ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2968 (Cross-site scripting (XSS) vulnerability in search.php in PHP Labware ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2969 (Cross-site scripting (XSS) vulnerability in L0j1k tinyMuw 0.1.0 allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2970 (videoPage.php in L0j1k tinyMuw 0.1.0 allows remote attackers to obtain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2971 (Integer overflow in the recv_packet function in 0verkill 0.16 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2972 (SQL injection vulnerability in vs_resource.php in Arantius Vice Stats ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2973 (Multiple SQL injection vulnerabilities in month.php in PHP Lite ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2974 (Multiple cross-site scripting (XSS) vulnerabilities in EmailArchitect ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2975 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2976 (Unspecified vulnerability in usermgr.php in Coppermine Photo Gallery ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2977 (SQL injection vulnerability in big.php in Mafia Moblog 0.6M1 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2978 (Mafia Moblog 0.6M1 and earlier allows remote attackers to obtain the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2979 (Multiple cross-site scripting (XSS) vulnerabilities in ViArt Shop Free ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2980 (SQL injection vulnerability in block_forum_topic_new.php in ViArt Shop ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2981 (SQL injection vulnerability in vs_search.php in Arantius Vice Stats ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2982 (Multiple PHP remote file inclusion vulnerabilities in Enterprise ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2983 (PHP remote file inclusion vulnerability in Enterprise Timesheet and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2984 (Cross-site scripting (XSS) vulnerability in index.php in IntegraMOD ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2985 (SQL injection vulnerability in index.php in IntegraMOD 1.4.0 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2986 (Multiple cross-site scripting (XSS) vulnerabilities in Baby Katie ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2987 (Multiple SQL injection vulnerabilities in Dominios Europa PICRATE (aka ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2988 (Cross-site scripting (XSS) vulnerability in dictionary.php in Chemical ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2989 (Cross-site scripting (XSS) vulnerability in listpics.asp in ASP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2990 (Cross-site scripting (XSS) vulnerability in default.asp in VanillaSoft ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2991 (Multiple cross-site scripting (XSS) vulnerabilities in Ringlink 3.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2992 (Cross-site scripting (XSS) vulnerability in display.asp in My Photo ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2993 (Multiple SQL injection vulnerabilities in My Photo Scrapbook 1.0 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2994 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2995 (Multiple PHP remote file inclusion vulnerabilities in WebprojectDB ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2996 (PHP remote file inclusion vulnerability in inc/design.inc.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2997 (Cross-site scripting (XSS) vulnerability in ZMS 2.9 and earlier, when ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2998 (PHP remote file inclusion vulnerability in board/post.php in free ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-2999 (Cross-site scripting (XSS) vulnerability in search.php in OkScripts ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3000 (Cross-site scripting (XSS) vulnerability in search.php in OkScripts ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3001 (Cross-site scripting (XSS) vulnerability in search.php in OkScripts ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3002 (Cross-site scripting (XSS) vulnerability in details.php in Easy ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3003 (details.php in Easy Ad-Manager allows remote attackers to obtain the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3004 (Multiple cross-site scripting (XSS) vulnerabilities in Ez Ringtone ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3005 (The JPEG library in media-libs/jpeg before 6b-r7 on Gentoo Linux is ...) BUG: 130889 CVE-2006-3006 (Cross-site scripting (XSS) vulnerability in iFoto 0.20, and possibly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3007 (Multiple cross-site scripting (XSS) vulnerabilities in SHOUTcast 1.9.5 ...) BUG: 136221 BUG: 136721 CVE-2006-3008 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3009 (Multiple cross-site scripting (XSS) vulnerabilities in Open Business ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3010 (Multiple SQL injection vulnerabilities in Open Business Management ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3011 (The error_log function in basic_functions.c in PHP before 4.4.4 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3012 (SQL injection vulnerability in phpBannerExchange before 2.0 Update 6 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3013 (Interpretation conflict in resetpw.php in phpBannerExchange before 2.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3014 (Microsoft Excel allows user-assisted attackers to execute arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3015 (Argument injection vulnerability in WinSCP 3.8.1 build 328 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3016 (Unspecified vulnerability in session.c in PHP before 5.1.3 has unknown ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3017 (zend_hash_del_key_or_index in zend_hash.c in PHP before 4.4.3 and 5.x ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3018 (Unspecified vulnerability in the session extension functionality in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3019 (Multiple PHP remote file inclusion vulnerabilities in phpCMS 1.2.1pl2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3020 (Multiple cross-site scripting (XSS) vulnerabilities in FullPhoto.asp ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3021 (Multiple cross-site scripting (XSS) vulnerabilities in BlueCollar ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3022 (Cross-site scripting (XSS) vulnerability in zoom.php in fipsGallery ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3023 (Multiple cross-site scripting (XSS) vulnerabilities in thumbnails.asp ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3024 (Multiple cross-site scripting (XSS) vulnerabilities in EvGenius ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3025 (Cross-site scripting (XSS) vulnerability in Cal.PHP3 in Chris Lea ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3026 (Multiple cross-site scripting (XSS) vulnerabilities in ClickGallery ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3027 (Multiple SQL injection vulnerabilities in Enthrallwebe ePhotos 2.2 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3028 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3029 (Cross-site scripting (XSS) vulnerability in default.asp in ClickTech ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3030 (Multiple cross-site scripting (XSS) vulnerabilities in DwZone Shopping ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3031 (Multiple cross-site scripting (XSS) vulnerabilities in index.asp in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3032 (Multiple cross-site scripting (XSS) vulnerabilities in Xtreme ASP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3033 (Cross-site scripting (XSS) vulnerability in MyScrapbook 3.1 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3034 (MyScrapbook 3.1 allows remote attackers to obtain sensitive ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3035 (Multiple cross-site scripting (XSS) vulnerabilities in addwords.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3036 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3037 (Multiple cross-site scripting (XSS) vulnerabilities in publish.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3038 (Cross-site scripting (XSS) vulnerability in index.php in Cescripts ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3039 (Cross-site scripting (XSS) vulnerability in index.php in Cescripts ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3040 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3041 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3042 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3043 (Cross-site scripting (XSS) vulnerability in search.cfm in CreaFrameXe ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3044 (Cross-site scripting (XSS) vulnerability in LogiSphere 1.6.0 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3045 (PHP remote file inclusion vulnerability in manage_songs.php in Foing ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3046 (Unspecified vulnerability in the admin login feature in Subtext 1.5, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3047 (Cross-site scripting (XSS) vulnerability in TikiWiki 1.9.3.2 and ...) BUG: 134483 BUG: 136723 CVE-2006-3048 (SQL injection vulnerability in TikiWiki 1.9.3.2 and possibly earlier ...) BUG: 134483 BUG: 136723 CVE-2006-3049 (Multiple cross-site scripting (XSS) vulnerabilities in booking3.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3050 (Directory traversal vulnerability in detail.php in SixCMS 6.0, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3051 (Cross-site scripting (XSS) vulnerability in list.php in SixCMS 6.0, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3052 (Cross-site scripting (XSS) vulnerability in Event Registration allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3053 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3054 (Multiple SQL injection vulnerabilities in VBZooM 1.11 allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3055 (Multiple SQL injection vulnerabilities in VBZooM 1.02 allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3056 (SQL injection vulnerability in language.php in VBZooM 1.01 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3057 (Unspecified vulnerability in NetworkManager daemon for DHCP (dhcdbd) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3058 RESERVED CVE-2006-3059 (Unspecified vulnerability in Microsoft Excel 2000 through 2004 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3060 (Cross-site scripting (XSS) vulnerability in P.A.I.D 2.2 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3061 (Multiple cross-site scripting (XSS) vulnerabilities in 5 Star Review ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3062 (Cross-site scripting (XSS) vulnerability in index.php in myPHP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3063 (Multiple cross-site scripting (XSS) vulnerabilities in myPHP Guestbook ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3064 (SQL injection vulnerability in the add_hit function in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3065 (SQL injection vulnerability in engine/shards/blog.php in blur6ex ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3066 (Buffer overflow in the TCP/IP listener in IBM DB2 Universal Database ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3067 (Multiple unspecified vulnerabilities in IBM DB2 Universal Database ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3068 (IBM DB2 Universal Database (UDB) before 8.2 FixPak 12 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3069 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3070 (write_ok.php in Zeroboard 4.1 pl8, when installed on Apache with ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3071 (Cross-site scripting (XSS) vulnerability in index.php in MP3 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3072 (M4 Macro Library in Symantec Security Information Manager before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3073 (Multiple cross-site scripting (XSS) vulnerabilities in the WebVPN ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3074 (klif.sys in Kaspersky Internet Security 6.0 and 7.0, Kaspersky ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3075 (Multiple PHP remote file inclusion vulnerabilities in PictureDis ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3076 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3077 (Cross-site scripting (XSS) vulnerability in guestbook.cfm in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3078 (Multiple SQL injection vulnerabilities in APBoard 2.2-r3 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3079 (Cross-site scripting (XSS) vulnerability in index.cfm in SSPwiz Plus ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3080 (Cross-site scripting (XSS) vulnerability in viewposts.cfm in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3081 (mysqld in MySQL 4.1.x before 4.1.18, 5.0.x before 5.0.19, and 5.1.x ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3082 (parse-packet.c in GnuPG (gpg) 1.4.3 and 1.9.20, and earlier versions, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3083 (The (1) krshd and (2) v4rcp applications in (a) MIT Kerberos 5 (krb5) ...) BUG: 143371 BUG: 143240 CVE-2006-3084 (The (1) ftpd and (2) ksu programs in (a) MIT Kerberos 5 (krb5) up to ...) BUG: 143371 BUG: 143240 CVE-2006-3085 (xt_sctp in netfilter for Linux kernel before 2.6.17.1 allows attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3086 (Stack-based buffer overflow in the HrShellOpenWithMonikerDisplayName ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3087 (Multiple cross-site scripting (XSS) vulnerabilities in EZGallery 1.5 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3088 (Cross-site scripting (XSS) vulnerability in index.php in Car ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3089 (Multiple cross-site scripting (XSS) vulnerabilities in PhpMyFactures ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3090 (Multiple SQL injection vulnerabilities in PhpMyFactures 1.0, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3091 (PhpMyFactures 1.0, and possibly 1.2 and earlier, allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3092 (PhpMyFactures 1.2 and earlier allows remote attackers to bypass ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3093 (Multiple unspecified vulnerabilities in Adobe Acrobat Reader ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3094 (Multiple SQL injection vulnerabilities in Calendarix Basic ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3095 (Multiple cross-site scripting (XSS) vulnerabilities in iPostMX 2005 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3096 (Multiple SQL injection vulnerabilities in iPostMX 2005 2.0 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3097 (Unspecified vulnerability in Support Tools Manager (xstm, cstm, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3098 RESERVED CVE-2006-3099 RESERVED CVE-2006-3100 RESERVED CVE-2006-3101 (Cross-site scripting (XSS) vulnerability in LogonProxy.cgi in Cisco ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3102 (Race condition in articles/BitArticle.php in Bitweaver 1.3, when run ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3103 (Cross-site scripting (XSS) vulnerability in Bitweaver 1.3 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3104 (users/index.php in Bitweaver 1.3 allows remote attackers to obtain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3105 (CRLF injection vulnerability in Bitweaver 1.3 allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3106 (Cross-site scripting (XSS) vulnerability in index.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3107 (Multiple PHP remote file inclusion vulnerabilities in Docebo 3.0.3 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3108 (Cross-site scripting (XSS) vulnerability in EmailArchitect Email ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3109 (Cross-site scripting (XSS) vulnerability in Cisco CallManager 3.3 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3110 (Cross-site scripting (XSS) vulnerability in main.php in Chipmailer ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3111 (Multiple SQL injection vulnerabilities in main.php in Chipmailer 1.09 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3112 (Chipmailer 1.09 allows remote attackers to obtain sensitive ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3113 (Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and ...) BUG: 141842 CVE-2006-3114 (PC Tools AntiVirus 2.1.0.51 uses insecure default permissions on the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3115 (SQL injection vulnerability in view.php in phpRaid 3.0.4, and possibly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3116 (Multiple PHP remote file inclusion vulnerabilities in phpRaid 3.0.4 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3117 (Heap-based buffer overflow in OpenOffice.org (aka StarOffice) 1.1.x up ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3118 (spread uses a temporary file with a static filename based on the port ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3119 (The fbgs framebuffer Postscript/PDF viewer in fbi before 2.01 has a ...) BUG: 141684 CVE-2006-3120 (Format string vulnerability in Brian Wotring Osiris before 4.2.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3121 (The peel_netstring function in cl_netstring.c in the heartbeat ...) BUG: 141894 CVE-2006-3122 (The supersede_lease function in memory.c in ISC DHCP (dhcpd) server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3123 (Multiple integer overflows in the (1) dodecrypt and (2) doencrypt ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3124 (Buffer overflow in the HTTP header parsing in Streamripper before ...) BUG: 144861 CVE-2006-3125 (Array index error in tetrinet.c in gtetrinet 0.7.8 and earlier allows ...) BUG: 144867 CVE-2006-3126 (c2faxrecv in capi4hylafax 01.02.03 allows remote attackers to execute ...) BUG: 145982 CVE-2006-3127 (Memory leak in Network Security Services (NSS) 3.11, as used in Sun ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3128 (choose_file.php in easy-CMS 0.1.2, when mod_mime is installed, does ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3129 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in NC ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3130 (SQL injection vulnerability in index.php in Clubpage allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3131 (Multiple cross-site scripting (XSS) vulnerabilities in Clubpage allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3132 (Cross-site scripting (XSS) vulnerability in qtofm.php4 in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3133 RESERVED CVE-2006-3134 (Buffer overflow in GraceNote CDDBControl ActiveX Control, as used by ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3135 (Multiple SQL injection vulnerabilities in CMS Mundo 1.0 build 008, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3136 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3137 (Cross-site scripting (XSS) vulnerability in productDetail.asp in Edge ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3138 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyDirectory ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3139 (Multiple SQL injection vulnerabilities in war.php in Virtual War ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3140 (SQL injection vulnerability in index.php in openCI 1.0 BETA 0.20.1 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3141 (Cross-site scripting (XSS) vulnerability in details.cfm in Tradingeye ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3142 (SQL injection vulnerability in forum.php in VBZooM 1.11 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3143 (Cross-site scripting (XSS) vulnerability in icue_login.asp in Maximus ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3144 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3145 (Buffer overflow in pamtofits of NetPBM 10.30 through 10.33 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3146 (The TOSRFBD.SYS driver for Toshiba Bluetooth Stack 4.00.29 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3147 (Unspecified vulnerability in Hosting Controller before 6.1 (aka Hotfix ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3148 (SQL injection vulnerability, possibly in search.inc.php, in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3149 (Cross-site scripting (XSS) vulnerability in topic.php in phpMyForum ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3150 (SQL injection vulnerability in index.php in CavoxCms 1.0.16 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3151 (Cross-site scripting (XSS) vulnerability in index.php in AssoCIateD ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3152 (Multiple SQL injection vulnerabilities in phpTRADER 4.9 SP5 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3153 (Cross-site scripting (XSS) vulnerability in index.pl in Ultimate ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3154 (SQL injection vulnerability in index.pl in Ultimate Estate 1.0 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3155 (Multiple cross-site scripting (XSS) vulnerabilities in Ultimate ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3156 (Cross-site scripting (XSS) vulnerability in index.cgi in Ultimate ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3157 (Cross-site scripting (XSS) vulnerability in index.php in Thinkfactory ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3158 (index.php in Eduha Meeting does not properly restrict file extensions ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3159 (pipe_master in Sun ONE/iPlanet Messaging Server 5.2 HotFix 1.16 (built ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3160 (Cross-site scripting (XSS) vulnerability in fm.php in ONEdotOH Simple ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3161 (SQL injection vulnerability in misc.php in SaphpLesson 1.1 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3162 (PHP remote file inclusion vulnerability in include/inc_foot.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3163 (Multiple SQL injection vulnerabilities in galeria.php in IMGallery 2.4 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3164 (SQL injection vulnerability in category.php in TPL Design tplShop 2.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3165 (SQL injection vulnerability in propview.php in Free Realty 2.9-0.7 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3166 (Cross-site scripting (XSS) vulnerability in propview.php in Free ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3167 (Free Realty before 2.9 allows remote attackers to obtain the full path ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3168 (SQL injection vulnerability in CS-Forum before 0.82 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3169 (Multiple cross-site scripting (XSS) vulnerabilities in CS-Forum 0.81 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3170 (CS-Forum before 0.82 allows remote attackers to obtain sensitive ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3171 (CRLF injection vulnerability in CS-Forum before 0.82 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3172 (Multiple PHP remote file inclusion vulnerabilities in Content*Builder ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3173 (Multiple PHP remote file inclusion vulnerabilities in Content*Builder ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3174 (Cross-site scripting (XSS) vulnerability in search.php in SquirrelMail ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3175 (Multiple PHP remote file inclusion vulnerabilities in mcGuestbook 1.3 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3176 (SQL injection vulnerability in xarancms_haupt.php in xarancms 2.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3177 (PHP remote file inclusion vulnerability in Admin/rtf_parser.php in The ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3178 (Directory traversal vulnerability in extract_chmLib example program in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3179 (Cross-site scripting (XSS) vulnerability in tools_ftp_pwaendern.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3180 (Cross-site scripting (XSS) vulnerability in ftp_index.php in Confixx ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3181 (SQL injection vulnerability in index.php in MobeScripts Mobile Space ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3182 (Directory traversal vulnerability in index.php in MobeScripts Mobile ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3183 (Cross-site scripting (XSS) vulnerability in index.php in MobeScripts ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3184 (Direct static code injection vulnerability in ASP Stats Generator ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3185 (PHP remote file inclusion vulnerability in data/header.php in CMS ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3186 (Multiple cross-site scripting (XSS) vulnerabilities in CMS Faethon ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3187 (Multiple cross-site scripting (XSS) vulnerabilities in Sharky e-shop ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3188 (Multiple SQL injection vulnerabilities in Sharky e-shop 3.05 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3189 (Cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3190 (SQL injection vulnerability in administration/includes/login/auth.php ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3191 (Cross-site scripting (XSS) vulnerability in comment.php in MPCS 0.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3192 (PHP remote file inclusion vulnerability in Ad Manager Pro 2.6 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3193 (Multiple PHP remote file inclusion vulnerabilities in Grayscale ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3194 (Directory traversal vulnerability in index.php in singapore 0.10.0 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3195 (Cross-site scripting (XSS) vulnerability in index.php in singapore ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3196 (index.php in singapore 0.10.0 and earlier allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3197 (Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3198 (Integer overflow in Opera 8.54 and earlier allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3199 (Opera 9 allows remote attackers to cause a denial of service (crash) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3200 (Unspecified versions of Internet Explorer allow remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3201 (Unspecified vulnerability in the kernel in HP-UX B.11.00, B.11.11, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3202 (The ip6_savecontrol function in NetBSD 2.0 through 3.0, under certain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3203 (The installation of Ultimate PHP Board (UPB) 1.9.6 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3204 (Ultimate PHP Board (UPB) 1.9.6 and earlier uses a cryptographically ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3205 (Ultimate PHP Board (UPB) 1.9.6 and earlier allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3206 (register.php in Ultimate PHP Board (UPB) 1.9.6 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3207 (Directory traversal vulnerability in newpost.php in Ultimate PHP Board ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3208 (Direct static code injection vulnerability in Ultimate PHP Board (UPB) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3209 (** DISPUTED ** The Task scheduler (at.exe) on Microsoft Windows XP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3210 (Ralf Image Gallery (RIG) 0.7.4 and other versions before 1.0, when ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3211 (Cross-site scripting (XSS) vulnerability in sign.php in cjGuestbook ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3212 (Cross-site scripting (XSS) vulnerability in sign.php in cjGuestbook ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3213 (SQL injection vulnerability in WeBBoA Hosting 1.1 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3214 (Unspecified vulnerability in Hitachi Groupmax Address Server 7 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3215 (Clearswift MAILsweeper for SMTP before 4.3.20 and MAILsweeper for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3216 (Clearswift MAILsweeper for SMTP before 4.3.20 and MAILsweeper for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3217 (JaguarEditControl (JEdit) ActiveX Control 1.1.0.20 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3218 (SQL injection vulnerability in profile.php in Woltlab Burning Board ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3219 (SQL injection vulnerability in thread.php in Woltlab Burning Board ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3220 (SQL injection vulnerability in studienplatztausch.php in Woltlab ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3221 (SQL injection vulnerability in index.php in DataLife Engine 4.1 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3222 (The FTP proxy module in Fortinet FortiOS (FortiGate) before 2.80 MR12 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3223 (Format string vulnerability in CA Integrated Threat Management (ITM), ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3224 (Apple Safari 2.0.3 (417.9.3) on Mac OS X 10.4.6 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3225 (Cross-site scripting (XSS) vulnerability in Sun ONE Application Server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3226 (Cisco Secure Access Control Server (ACS) 4.x for Windows uses the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3227 (Interpretation conflict between Internet Explorer and other web ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3228 (Buffer overflow in in_midi.dll for WinAmp 2.90 up to 5.23, including ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3229 (Cross-site scripting (XSS) vulnerability in Open WebMail (OWM) 2.52, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3230 (Cross-site scripting (XSS) vulnerability in index.tmpl in Azureus ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3231 (Unspecified vulnerability in IBM WebSphere Application Server (WAS) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3232 (Unspecified vulnerability in IBM WebSphere Application Server before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3233 (Cross-site scripting (XSS) vulnerability in openwebmail-read.pl in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3234 (Multiple SQL injection vulnerabilities in index.php in FineShop 3.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3235 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3236 (Multiple SQL injection vulnerabilities in thinkWMS 1.0 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3237 (Cross-site scripting (XSS) vulnerability in index.php in Enterprise ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3238 (Multiple SQL injection vulnerabilities in VBZooM 1.00 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3239 (SQL injection vulnerability in message.php in VBZooM 1.11 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3240 (Cross-site scripting (XSS) vulnerability in classes/ui.class.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3241 (Cross-site scripting (XSS) vulnerability in messages.php in XennoBB ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3242 (Stack-based buffer overflow in the browse_get_namespace function in ...) BUG: 138125 CVE-2006-3243 (SQL injection vulnerability in usercp.php in MyBB (MyBulletinBoard) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3244 (Multiple SQL injection vulnerabilities in Anthill 0.2.6 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3245 (Multiple cross-site scripting (XSS) vulnerabilities in activatemember ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3246 (Cross-site scripting (XSS) vulnerability in show.php in GL-SH Deaf ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3247 (Multiple cross-site scripting (XSS) vulnerabilities in show.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3248 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3249 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3250 (Heap-based buffer overflow in Windows Live Messenger 8.0 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3251 (Heap-based buffer overflow in the array_push function in hashcash.c ...) BUG: 134960 CVE-2006-3252 (Buffer overflow in the Online Registration Facility for Algorithmic ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3253 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3254 (SQL injection vulnerability in newthread.php in Woltlab Burning Board ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3255 (SQL injection vulnerability in showmods.php in Woltlab Burning Board ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3256 (SQL injection vulnerability in report.php in Woltlab Burning Board ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3257 (Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.7.7 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3258 (Multiple cross-site scripting (XSS) vulnerabilities in index.html in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3259 (Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.5 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3260 (Cross-site scripting (XSS) vulnerability in index.php in vlbook 1.02 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3261 (Cross-site scripting (XSS) vulnerability in Trend Micro Control ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3262 (SQL injection vulnerability in the Weblinks module (weblinks.php) in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3263 (SQL injection vulnerability in the Weblinks module (weblinks.php) in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3264 (Cross-site scripting (XSS) vulnerability in mclient.cgi in Namo ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3265 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3266 (Multiple PHP remote file inclusion vulnerabilities in Bee-hive Lite ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3267 (SQL injection vulnerability in index.php in Infinite Core Technologies ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3268 (Unspecified vulnerability in the Windows Client API in Novell ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3269 (PHP remote file inclusion vulnerability in includes/functions_cms.php ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3270 (SQL injection vulnerability in cms_admin.php in THoRCMS 1.3.1 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3271 (Multiple SQL injection vulnerabilities in Softbiz Dating 1.0 allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3272 (Cross-site request forgery (CSRF) vulnerability in menu.php in Some ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3273 (Cross-site scripting (XSS) vulnerability in menu.php in Some Chess 1.5 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3274 (Directory traversal vulnerability in Webmin before 1.280, when run on ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3275 (SQL injection vulnerability in profile.php in YaBB SE 1.5.5 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3276 (Heap-based buffer overflow in RealNetworks Helix DNA Server 10.0 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3277 (The SMTP service of MailEnable Standard 1.92 and earlier, Professional ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3278 (Cross-site scripting (XSS) vulnerability in H-Sphere 2.5.1 Beta 1 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3279 (Cross-site scripting (XSS) vulnerability in aeDating 4.1 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3280 (Cross-domain vulnerability in Microsoft Internet Explorer 6.0 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3281 (Microsoft Internet Explorer 6.0 does not properly handle Drag and Drop ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3282 (requirements.php in Dating Agent PRO 4.7.1 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3283 (SQL injection vulnerability in Dating Agent PRO 4.7.1 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3284 (Cross-site scripting (XSS) vulnerability in Dating Agent PRO 4.7.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3285 (The internal database in Cisco Wireless Control System (WCS) for Linux ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3286 (The internal database in Cisco Wireless Control System (WCS) for Linux ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3287 (Cisco Wireless Control System (WCS) for Linux and Windows 4.0(1) and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3288 (Unspecified vulnerability in the TFTP server in Cisco Wireless Control ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3289 (Cross-site scripting (XSS) vulnerability in the login page of the HTTP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3290 (HTTP server in Cisco Wireless Control System (WCS) for Linux and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3291 (The web interface on Cisco IOS 12.3(8)JA and 12.3(8)JA1, as used on ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3292 (SQL injection vulnerability in the Search gadget in Jaws 0.6.2 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3293 (parse_notice (TiCPU) in EnergyMech (emech) before 3.0.2 allows remote ...) BUG: 132749 CVE-2006-3294 (PHP remote file inclusion vulnerability in mod_cbsms_messages.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3295 (Cross-site scripting (XSS) vulnerability in header.php in Open ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3296 (SQL injection vulnerability in view.php in Open Guestbook 0.5 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3297 (Cross-site scripting (XSS) vulnerability in error.php in UebiMiau ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3298 (Yahoo! Messenger 7.5.0.814 and 7.0.438 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3299 (Cross-site scripting (XSS) vulnerability in index.php in Usenet Script ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3300 (PHP remote file inclusion vulnerability in sms_config/gateway.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3301 (Multiple cross-site scripting (XSS) vulnerabilities in phpQLAdmin ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3302 (PHP remote file inclusion vulnerability in mod_cbsms.php in CBSMS ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3303 (Multiple cross-site scripting (XSS) vulnerabilities in pm.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3304 (SQL injection vulnerability in cp.php in DeluxeBB 1.07 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3305 (Multiple cross-site scripting (XSS) vulnerabilities in UebiMiau ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3306 (Cross-site scripting (XSS) vulnerability in the preparestring funtion ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3307 (Multiple SQL injection vulnerabilities in Project EROS bbsengine ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3308 (Unspecified vulnerability in the wpprop code for Project EROS ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3309 (SQL injection vulnerability in SPT--ForumTopics.php in Scout Portal ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3310 RESERVED CVE-2006-3311 (Buffer overflow in Adobe Flash Player 8.0.24.0 and earlier, Flash ...) BUG: 147421 CVE-2006-3312 (Multiple cross-site scripting (XSS) vulnerabilities in ashmans and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3313 (Cross-site scripting (XSS) vulnerability in search.jsp in Netsoft ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3314 (PHP remote file inclusion vulnerability in page.php in an unspecified ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3315 (PHP remote file inclusion vulnerability in page.php in an unspecified ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3316 (Multiple PHP remote file inclusion vulnerabilities in phpRaid 3.0.5 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3317 (PHP remote file inclusion vulnerability in phpRaid 3.0.6 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3318 (SQL injection vulnerability in register.php for phpRaid 3.0.6 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3319 (Cross-site scripting (XSS) vulnerability in rss/index.php in PHP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3320 (Cross-site scripting (XSS) vulnerability in command.php in SiteBar ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3321 (Multiple cross-site scripting (XSS) vulnerabilities in openforum.asp ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3322 (SQL injection vulnerability in includes/functions_logging.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3323 (PHP remote file inclusion vulnerability in admin/admin.php in MF ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3324 (The Automatic Downloading option in the id3 Quake 3 Engine and the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3325 (client/cl_parse.c in the id3 Quake 3 Engine 1.32c and the Icculus ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3326 (Directory traversal vulnerability in QuickZip 3.06.3 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3327 (Cross-site scripting (XSS) vulnerability in Custom dating biz dating ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3328 (new_ticket.cgi in Hostflow 2.2.1-15 allows remote attackers to steal ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3329 (SQL injection vulnerability in search.php in PHP/MySQL Classifieds ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3330 (Cross-site scripting (XSS) vulnerability in AddAsset1.php in PHP/MySQL ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3331 (Opera before 9.0 does not reset the SSL security bar after displaying ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3332 (SQL injection vulnerability in index.php in Zorum Forum 3.5 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3333 (Cross-site scripting (XSS) vulnerability in index.php in Zorum Forum ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3334 (Buffer overflow in the png_decompress_chunk function in pngrutil.c in ...) BUG: 138672 BUG: 138433 CVE-2006-3335 (Unspecified vulnerability in mkdir in HP-UX B.11.00, B.11.04, B.11.11, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3336 (TWiki 01-Dec-2000 up to 4.0.3 allows remote attackers to bypass the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3337 (Cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3338 (Cross-site scripting (XSS) vulnerability in Atlassian JIRA 3.6.2-#156 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3339 (secure/ConfigureReleaseNote.jspa in Atlassian JIRA 3.6.2-#156 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3340 (Multiple PHP remote file inclusion vulnerabilities in Pearl For Mambo ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3341 (SQL injection vulnerability in annonces-p-f.php in MyAds module 2.04jp ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3342 (Cross-site scripting (XSS) vulnerability in index.php in Arctic 1.0.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3343 (PHP remote file inclusion vulnerability in recipe/cookbook.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3344 (Siemens Speedstream Wireless Router 2624 allows local users to bypass ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3345 (Cross-site scripting (XSS) vulnerability in AliPAGER, possibly 1.5 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3346 (SQL injection vulnerability in tree.php in MyNewsGroups 0.6 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3347 (SQL injection vulnerability in index.php in deV!Lz Clanportal DZCP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3348 (Multiple SQL injection vulnerabilities in HSPcomplete 3.2.2 and 3.3 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3349 (Multiple SQL injection vulnerabilities in SmS Script allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3350 (Stack-based buffer overflow in AutoVue SolidModel Professional Desktop ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3351 (Buffer overflow in Windows Explorer (explorer.exe) on Windows XP and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3352 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3353 (Opera 9 allows remote attackers to cause a denial of service (crash) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3354 (Microsoft Internet Explorer 6 allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3355 (Heap-based buffer overflow in httpdget.c in mpg123 before 0.59s-rll ...) BUG: 133988 CVE-2006-3356 (The TIFFFetchAnyArray function in ImageIO in Apple OS X 10.4.7 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3357 (Heap-based buffer overflow in HTML Help ActiveX control (hhctrl.ocx) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3358 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3359 (Multiple SQL injection vulnerabilities in index.php in NewsPHP 2006 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3360 (Directory traversal vulnerability in index.php in phpSysInfo 2.5.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3361 (PHP remote file inclusion vulnerability in Stud.IP 1.3.0-2 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3362 (Unrestricted file upload vulnerability in connectors/php/connector.php ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3363 (PHP remote file inclusion vulnerability in index.php in the Glossaire ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3364 (SQL injection vulnerability in index.php in the NP_SEO plugin in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3365 (V3 Chat allows remote attackers to obtain the installation path via ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3366 (Multiple cross-site scripting (XSS) vulnerabilities in V3 Chat allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3367 (Mp3 JudeBox Server (Mp3NetBox) Beta 1 stores config.inc under the web ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3368 (Efone 20000723 stores config.inc under the web document root with ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3369 (Kamikaze-QSCM 0.1 stores config.inc under the web document root with ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3370 (Blueboy 1.0.3 stores bb_news_config.inc under the web document root ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3371 (Eupla Foros 1.0 stores the inc/config.inc file under the web document ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3372 (Apple Safari 2.0.4/419.3 allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3373 (Unspecified vulnerability in the client/bin/logfetch script in Hobbit ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3374 (PHP remote file inclusion vulnerability in index.php in Randshop 1.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3375 (PHP remote file inclusion vulnerability in includes/header.inc.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3376 (Integer overflow in player.c in libwmf 0.2.8.4, as used in multiple ...) BUG: 139325 CVE-2006-3377 (Cross-site scripting (XSS) vulnerability in JMB Software AutoRank PHP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3378 (passwd command in shadow in Ubuntu 5.04 through 6.06 LTS, when called ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3379 (Algorithmic complexity vulnerability in Hiki Wiki 0.6.0 through 0.6.5 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3380 (Algorithmic complexity vulnerability in FreeStyle Wiki before 3.6.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3381 (SturGeoN Upload allows remote attackers to execute arbitrary PHP code ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3382 (Cross-site scripting (XSS) vulnerability in search.php in mAds 1.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3383 (Cross-site scripting (XSS) vulnerability in index.php in mAds 1.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3384 (SQL injection vulnerability in divers.php in Vincent Leclercq News 5.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3385 (Cross-site scripting (XSS) vulnerability in divers.php in Vincent ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3386 (index.php in Vincent Leclercq News 5.2 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3387 (Directory traversal vulnerability in sources/post.php in Fusion News ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3388 (Cross-site scripting (XSS) vulnerability in phpMyAdmin before 2.8.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3389 (index.php in WordPress 2.0.3 allows remote attackers to obtain ...) BUG: 142142 CVE-2006-3390 (WordPress 2.0.3 allows remote attackers to obtain the installation ...) BUG: 142142 CVE-2006-3391 (The Execute function in iMBCContents ActiveX Control before 2.0.0.59 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3392 (Webmin before 1.290 and Usermin before 1.220 calls the simplify_path ...) BUG: 138552 CVE-2006-3393 (Papyrus NASCAR Racing 4 4.1.3.1.6 and earlier, 2002 Season 1.1.0.2 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3394 (SQL injection vulnerability in the files mod in index.php in BXCP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3395 (PHP remote file inclusion vulnerability in top.php in SiteBuilder-FX ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3396 (PHP remote file inclusion vulnerability in galleria.html.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3397 (Multiple cross-site scripting (XSS) vulnerabilities in Taskjitsu ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3398 (The "change password forms" in Taskjitsu before 2.0.1 includes ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3399 (Cross-site scripting (XSS) vulnerability in wiki.php in MoniWiki ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3400 (Stack-based buffer overflow in the CG_ServerCommand function in Quake ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3401 (Stack-based buffer overflow in Quake 3 Engine as used by Quake 3: ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3402 (SQL injection vulnerability in VirtuaStore 2.0 allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3403 (The smdb daemon (smbd/service.c) in Samba 3.0.1 through 3.0.22 allows remote ...) BUG: 139369 CVE-2006-3404 (Buffer overflow in the xcf_load_vector function in app/xcf/xcf-load.c ...) BUG: 139524 CVE-2006-3405 (Cross-site scripting (XSS) vulnerability in qtofm.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3406 (Directory traversal vulnerability in qtofm.php in QTOFileManager 1.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3407 (Tor before 0.1.1.20 allows remote attackers to spoof log entries or ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3408 (Unspecified vulnerability in the directory server (dirserver) in Tor ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3409 (Integer overflow in Tor before 0.1.1.20 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3410 (Tor before 0.1.1.20 creates "internal circuits" primarily consisting ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3411 (TLS handshakes in Tor before 0.1.1.20 generate public-private keys ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3412 (Tor before 0.1.1.20 does not sufficiently obey certain firewall ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3413 (The privoxy configuration file in Tor before 0.1.1.20, when run on ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3414 (Tor before 0.1.1.20 supports server descriptors that contain hostnames ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3415 (Tor before 0.1.1.20 uses improper logic to validate the "OR" ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3416 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3417 (Tor client before 0.1.1.20 prefers entry points based on is_fast or ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3418 (Tor before 0.1.1.20 does not validate that a server descriptor's ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3419 (Tor before 0.1.1.20 uses OpenSSL pseudo-random bytes ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3420 (Cross-site request forgery (CSRF) vulnerability in editpost.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3421 (PHP remote file inclusion vulnerability in SmartSiteCMS 1.0 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3422 (PHP remote file inclusion vulnerability in WonderEdit Pro CMS allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3423 (WebEx Downloader ActiveX Control and WebEx Downloader Java before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3424 (Multiple buffer overflows in WebEx Downloader ActiveX Control, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3425 (FastPatch for (a) PatchLink Update Server (PLUS) before 6.1 P1 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3426 (Directory traversal vulnerability in (a) PatchLink Update Server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3427 (Microsoft Internet Explorer 6 allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3428 (Cross-site scripting (XSS) vulnerability in TigerTom TTCalc 1.0 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3429 (Cross-site scripting (XSS) vulnerability in TigerTom TTCalc 1.0 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3430 (SQL injection vulnerability in checkprofile.asp in (1) PatchLink ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3431 (Buffer overflow in certain Asian language versions of Microsoft Excel ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3432 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3433 RESERVED CVE-2006-3434 (Unspecified vulnerability in Microsoft Office 2000, XP, 2003, 2004 for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3435 (PowerPoint in Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3436 (Cross-site scripting (XSS) vulnerability in Microsoft .NET Framework ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3437 RESERVED CVE-2006-3438 (Unspecified vulnerability in Microsoft Hyperlink Object Library ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3439 (Buffer overflow in the Server Service in Microsoft Windows 2000 SP4, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3440 (Buffer overflow in the Winsock API in Microsoft Windows 2000 SP4, XP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3441 (Buffer overflow in the DNS Client service in Microsoft Windows 2000 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3442 (Unspecified vulnerability in Pragmatic General Multicast (PGM) in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3443 (Untrusted search path vulnerability in Winlogon in Microsoft Windows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3444 (Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3445 (Integer overflow in the ReadWideString function in agentdpv.dll in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3446 RESERVED CVE-2006-3447 RESERVED CVE-2006-3448 (Buffer overflow in the Step-by-Step Interactive Training in Microsoft ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3449 (Unspecified vulnerability in Microsoft PowerPoint 2000 through 2003, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3450 (Microsoft Internet Explorer 6 allows remote attackers to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3451 (Microsoft Internet Explorer 5 SP4 and 6 do not properly garbage ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3452 (Adobe Reader and Acrobat 6.0.4 and earlier, on Mac OSX, has insecure ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3453 (Buffer overflow in Adobe Acrobat 6.0 to 6.0.4 allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3454 (Multiple format string vulnerabilities in Symantec AntiVirus Corporate ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3455 (The SAVRT.SYS device driver, as used in Symantec AntiVirus Corporate ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3456 (The Symantec NAVOPTS.DLL ActiveX control (aka ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3457 (Symantec On-Demand Agent (SODA) before 2.5 MR2 Build 2157, and the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3458 (Zope 2.7.0 to 2.7.8, 2.8.0 to 2.8.7, and 2.9.0 to 2.9.3 (Zope2) does ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3459 (Multiple stack-based buffer overflows in the TIFF library (libtiff) ...) BUG: 142383 CVE-2006-3460 (Heap-based buffer overflow in the JPEG decoder in the TIFF library ...) BUG: 142383 CVE-2006-3461 (Heap-based buffer overflow in the PixarLog decoder in the TIFF library ...) BUG: 142383 CVE-2006-3462 (Heap-based buffer overflow in the NeXT RLE decoder in the TIFF library ...) BUG: 142383 CVE-2006-3463 (The EstimateStripByteCounts function in TIFF library (libtiff) before ...) BUG: 142383 CVE-2006-3464 (TIFF library (libtiff) before 3.8.2 allows context-dependent attackers ...) BUG: 142383 CVE-2006-3465 (Unspecified vulnerability in the custom tag support for the TIFF ...) BUG: 142383 CVE-2006-3466 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3467 (Integer overflow in FreeType before 2.2 allows remote attackers to ...) BUG: 144092 CVE-2006-3468 (Linux kernel 2.6.x, when using both NFS and EXT3, allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3469 (Format string vulnerability in time.cc in MySQL Server 4.1 before ...) BUG: 142429 CVE-2006-3470 (The Dell Openmanage CD launches X11 and SSH daemons that do not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3471 (Microsoft Internet Explorer 6 on Windows XP allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3472 (Microsoft Internet Explorer 6.0 and 6.0 SP1 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3473 (CRLF injection vulnerability in form_mail Drupal Module before 1.8.2.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3474 (Multiple SQL injection vulnerabilities in Belchior Foundry vCard PRO ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3475 (Multiple PHP remote file inclusion vulnerabilities in free QBoard 1.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3476 (Cross-site scripting (XSS) vulnerability in comments.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3477 (Unspecified vulnerability in the POP service in Stalker CommuniGate ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3478 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3479 (Cross-site request forgery (CSRF) vulnerability in the del_block ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3480 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3481 (Multiple SQL injection vulnerabilities in Joomla! before 1.0.10 allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3482 (Cross-site scripting (XSS) vulnerability in maillist.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3483 (PHPMailList 1.8.0 stores sensitive information under the web document ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3484 (Multiple cross-site scripting (XSS) vulnerabilities in ATutor before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3485 (Multiple SQL injection vulnerabilities in AstroDog Press Some Chess ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3486 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3487 (VirtuaStore 2.0 stores sensitive files under the web root with ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3488 (Absolute path traversal vulnerability in administrador.asp in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3489 (F-Secure Anti-Virus 2003 through 2006 and other versions, Internet ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3490 (F-Secure Anti-Virus 2003 through 2006 and other versions, Internet ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3491 (Stack-based buffer overflow in Kaillera Server 0.86 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3492 (The CORBA::ORBInvokeRec::set_answer_invoke function in orb.cc in MICO ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3493 (Buffer overflow in LsCreateLine function (mso_203) in mso.dll and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3494 (Multiple cross-site scripting (XSS) vulnerabilities in Buddy Zone ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3495 (AFP Server in Apple Mac OS X 10.3.9 and 10.4.7 stores reconnect keys ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3496 (AFP Server in Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3497 (Unspecified vulnerability in the "compression state handling" in Bom ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3498 (Stack-based buffer overflow in bootpd in the DHCP component for Apple ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3499 (The dynamic linker (dyld) in Apple Mac OS X 10.3.9 allows local users ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3500 (The dynamic linker (dyld) in Apple Mac OS X 10.4.7 allows local users ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3501 (Integer overflow in ImageIO for Apple Mac OS X 10.4.7 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3502 (Unspecified vulnerability in ImageIO in Apple Mac OS X 10.4.7 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3503 (Integer overflow in ImageIO in Apple Mac OS X 10.4.7 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3504 (The Download Validation in LaunchServices for Apple Mac OS X 10.4.7 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3505 (WebKit in Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3506 (Buffer overflow in the Xsan Filesystem driver on Mac OS X 10.4.7 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3507 (Multiple stack-based buffer overflows in the AirPort wireless driver ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3508 (Heap-based buffer overflow in the AirPort wireless driver on Apple Mac ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3509 (Integer overflow in the API for the AirPort wireless driver on Apple ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3510 (The Remote Data Service Object (RDS.DataControl) in Microsoft Internet ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3511 (Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3512 (Internet Explorer 6 on Windows XP allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3513 (danim.dll in Microsoft Internet Explorer 6 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3514 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3515 (SQL injection vulnerability in the loginADP function in ajaxp.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3516 (Multiple SQL injection vulnerabilities in FreeHost allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3517 (PHP remote file inclusion vulnerability in stats.php in RW::Download, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3518 (SQL injection vulnerability in SayfalaAltList.asp in Webvizyon Portal ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3519 (Multiple cross-site scripting (XSS) vulnerabilities in The Banner ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3520 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3521 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3522 (Cross-site scripting (XSS) vulnerability in Clearswift MIMEsweeper for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3523 (Clearswift MIMEsweeper for Web before 5.1.15 Hotfix allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3524 (Buffer overflow in SIPfoundry sipXtapi released before 20060324 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3525 (SQL injection vulnerability in category.php in PHCDownload 1.0.0 Final ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3526 (Multiple cross-site scripting (XSS) vulnerabilities in guestbook.php ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3527 (Multiple PHP remote file inclusion vulnerabilities in BosClassifieds ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3528 (Multiple PHP remote file inclusion vulnerabilities in Simpleboard ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3529 (Memory leak in Juniper JUNOS 6.4 through 8.0, built before May 10, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3530 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3531 (includes/editor/insert_image.php in Pivot 1.30 RC2 and earlier creates ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3532 (PHP file inclusion vulnerability in includes/edit_new.php in Pivot ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3533 (Multiple cross-site scripting (XSS) vulnerabilities in Pivot 1.30 RC2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3534 (Directory traversal vulnerability in Nullsoft SHOUTcast DSP before ...) BUG: 136221 BUG: 136721 CVE-2006-3535 (Directory traversal vulnerability in Nullsoft SHOUTcast DSP before ...) BUG: 136221 BUG: 136721 CVE-2006-3536 (Direct static code injection vulnerability in code/class_db_text.php ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3537 (PHP remote file inclusion vulnerability in index.php in Randshop ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3538 (Multiple cross-site scripting (XSS) vulnerabilities in demo.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3539 (Multiple cross-site scripting (XSS) vulnerabilities in DKScript.com ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3540 (Check Point Zone Labs ZoneAlarm Internet Security Suite 6.5.722.000, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3541 (SQL injection vulnerability in Meine Links (aka My Links) in Kyberna ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3542 (Multiple cross-site scripting (XSS) vulnerabilities in Garry Glendown ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3543 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3544 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3545 (** DISPUTED ** Microsoft Internet Explorer 7.0 Beta allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3546 (Patrice Freydiere ImgSvr (aka ADA Image Server) allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3547 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3548 (Multiple cross-site scripting (XSS) vulnerabilities in Horde ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3549 (services/go.php in Horde Application Framework 3.0.0 through 3.0.10 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3550 (Multiple cross-site scripting (XSS) vulnerabilities in F5 Networks ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3551 (NCP Secure Enterprise Client (aka VPN/PKI client) 8.30 Build 59, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3552 (Premium Anti-Spam in Ipswitch IMail Secure Server 2006 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3553 (PlaNet Concept planetNews allows remote attackers to bypass ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3554 (Directory traversal vulnerability in index.php in MKPortal 1.0.1 Final ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3555 (Multiple cross-site scripting (XSS) vulnerabilities in submit.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3556 (PHP remote file inclusion vulnerability in extcalendar.php in Mohamed ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3557 (MT Orumcek Toplist 2.2 stores DB/orumcektoplist.mdb under the web root ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3558 (Multiple cross-site scripting (XSS) vulnerabilities in Arif Supriyanto ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3559 (Multiple SQL injection vulnerabilities in Arif Supriyanto auraCMS 1.62 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3560 (SQL injection vulnerability in topics.php in Blue Dojo Graffiti Forums ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3561 (BT Voyager 2091 Wireless firmware 2.21.05.08m_A2pB018c1.d16d and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3562 (PHP remote file inclusion vulnerabilities in plume cms 1.0.4 allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3563 (Cross-site scripting (XSS) vulnerability in gallery/thumb.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3564 (Multiple cross-site scripting (XSS) vulnerabilities in HiveMail 1.3 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3565 (SQL injection vulnerability in search.results.php in HiveMail 1.3 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3566 (search.results.php in HiveMail 3.1 and earlier allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3567 (Cross-site scripting (XSS) vulnerability in the web administration ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3568 (Multiple cross-site scripting (XSS) vulnerabilities in guestbook.php ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3569 (Unspecified vulnerability in NetApp Data ONTAP 7.0x through 7.0.4P8D9, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3570 (Cross-site scripting (XSS) vulnerability in the webform module in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3571 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3572 (SQL injection vulnerability in forumthread.php in Papoo 3 RC3 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3573 (Format string vulnerability in the WriteText function in agl_text.cpp ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3574 (Multiple cross-site scripting (XSS) vulnerabilities in Hitachi ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3575 (Unknown vulnerability in the Buffer Overflow Protection in McAfee ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3576 (SQL injection vulnerability in search.php in SenseSites CommonSense ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3577 (SQL injection vulnerability in index.php in LifeType 1.0.5 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3578 (Directory traversal vulnerability in Fujitsu ServerView 2.50 up to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3579 (Cross-site scripting (XSS) vulnerability in Fujitsu ServerView 2.50 up ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3580 (SQL injection vulnerability in pages.asp in ASP Stats Generator before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3581 (Multiple stack-based buffer overflows in Audacious AdPlug 2.0 and ...) BUG: 139593 BUG: 139957 CVE-2006-3582 (Multiple heap-based buffer overflows in Audacious AdPlug 2.0 and ...) BUG: 139593 BUG: 139957 CVE-2006-3583 (Session fixation vulnerability in Jetbox CMS 2.1 SR1 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3584 (Dynamic variable evaluation vulnerability in index.php in Jetbox CMS ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3585 (Multiple cross-site scripting (XSS) vulnerabilities in Jetbox CMS 2.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3586 (SQL injection vulnerability in Jetbox CMS 2.1 SR1 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3587 (Unspecified vulnerability in Adobe (Macromedia) Flash Player 8.0.24.0 ...) BUG: 147421 CVE-2006-3588 (Unspecified vulnerability in Adobe (Macromedia) Flash Player 8.0.24.0 ...) BUG: 147421 CVE-2006-3589 (vmware-config.pl in VMware for Linux, ESX Server 2.x, and Infrastructure ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3590 (mso.dll, as used by Microsoft PowerPoint 2000 through 2003, allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3591 (Microsoft Internet Explorer 6 allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3592 (Unspecified vulnerability in the command line interface (CLI) in Cisco ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3593 (The command line interface (CLI) in Cisco Unified CallManager (CUCM) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3594 (Buffer overflow in Cisco Unified CallManager (CUCM) 5.0(1) through ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3595 (The default configuration of IOS HTTP server in Cisco Router Web Setup ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3596 (The device driver for Intel-based gigabit network adapters in Cisco ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3597 (passwd before 1:4.0.13 on Ubuntu 6.06 LTS leaves the root password ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3598 (SQL injection vulnerability in the Sections module for PHP-Nuke allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3599 (SQL injection vulnerability in the Nuke Advanced Classifieds module ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3600 (Multiple stack-based buffer overflows in the LookupTRM::lookup ...) BUG: 140184 CVE-2006-3601 (** UNVERIFIABLE ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3602 (Directory traversal vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3603 (Cross-site scripting (XSS) vulnerability in index.php in FlexWATCH ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3604 (Directory traversal vulnerability in FlexWATCH Network Camera 3.0 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3605 (Microsoft Internet Explorer 6 allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3606 (Unspecified vulnerability in Sun Solaris X Inter Client Exchange ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3607 (Multiple cross-site scripting (XSS) vulnerabilities in Softbiz Banner ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3608 (The Gallery module in Simone Vellei Flatnuke 2.5.7 and earlier, when ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3609 (Cross-site scripting (XSS) vulnerability in index.php in Orbitcoders ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3610 (index.php in Orbitcoders OrbitMATRIX 1.0 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3611 (Directory traversal vulnerability in pm.php in Phorum 5 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3612 (Cross-site scripting (XSS) vulnerability in Phorum 5.1.14 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3613 (Multiple cross-site scripting (XSS) vulnerabilities in Chamberland ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3614 (index.php in Orbitcoders OrbitMATRIX 1.0 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3615 (Multiple PHP remote file inclusion vulnerabilities in Phorum 5.1.14, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3616 (Multiple cross-site scripting (XSS) vulnerabilities in Carbonize ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3617 (Cross-site scripting (XSS) vulnerability in pblguestbook.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3618 (SQL injection vulnerability in pblguestbook.php in Pixelated By Lev ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3619 (Directory traversal vulnerability in FastJar 0.93, as used in Gnu GCC ...) BUG: 193196 CVE-2006-3620 (Cross-site scripting (XSS) vulnerability in the showtopic module in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3621 (SQL injection vulnerability in the showtopic module in Koobi Pro CMS ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3622 (The showtopic module in Koobi Pro CMS 5.6 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3623 (Directory traversal vulnerability in Framework Service component in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3624 (Multiple cross-site scripting (XSS) vulnerabilities in FLV Players 8 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3625 (FLV Players 8 allows remote attackers to obtain sensitive information ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3626 (Race condition in Linux kernel 2.6.17.4 and earlier allows local users ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3627 (Unspecified vulnerability in the GSM BSSMAP dissector in Wireshark ...) BUG: 140856 CVE-2006-3628 (Multiple format string vulnerabilities in Wireshark (aka Ethereal) ...) BUG: 140856 CVE-2006-3629 (Unspecified vulnerability in the MOUNT dissector in Wireshark ...) BUG: 140856 CVE-2006-3630 (Multiple off-by-one errors in Wireshark (aka Ethereal) 0.9.7 to ...) BUG: 140856 CVE-2006-3631 (Unspecified vulnerability in the SSH dissector in Wireshark (aka ...) BUG: 140856 CVE-2006-3632 (Buffer overflow in Wireshark (aka Ethereal) 0.8.16 to 0.99.0 ...) BUG: 140856 CVE-2006-3633 (OSSP shiela 1.1.5 and earlier allows remote authenticated users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3634 (The (1) __futex_atomic_op and (2) futex_atomic_cmpxchg_inatomic ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3635 RESERVED CVE-2006-3636 (Multiple cross-site scripting (XSS) vulnerabilities in Mailman before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3637 (Microsoft Internet Explorer 5.01 SP4 and 6 does not properly handle ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3638 (Microsoft Internet Explorer 5.01 and 6 does not properly handle ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3639 (Microsoft Internet Explorer 5.01 and 6 does not properly identify the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3640 (Microsoft Internet Explorer 5.01 and 6 allows certain script to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3641 RESERVED CVE-2006-3642 RESERVED CVE-2006-3643 (Cross-site scripting (XSS) vulnerability in Internet Explorer 5.01 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3644 RESERVED CVE-2006-3645 RESERVED CVE-2006-3646 RESERVED CVE-2006-3647 (Integer overflow in Microsoft Word 2000, 2002, 2003, 2004 for Mac, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3648 (Unspecified vulnerability in Microsoft Windows 2000 SP4, XP SP1 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3649 (Buffer overflow in Microsoft Visual Basic for Applications (VBA) SDK ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3650 (Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac do not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3651 (Unspecified vulnerability in Microsoft Word 2000, 2002, and Office ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3652 (Microsoft Internet Security and Acceleration (ISA) Server 2004 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3653 (wksss.exe 8.4.702.0 in Microsoft Works Spreadsheet 8.0 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3654 (Buffer overflow in wksss.exe 8.4.702.0 in Microsoft Works Spreadsheet ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3655 (Unspecified vulnerability in mso.dll in Microsoft PowerPoint 2003 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3656 (Unspecified vulnerability in Microsoft PowerPoint 2003 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3657 (Microsoft Internet Explorer 6 allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3658 (Microsoft Internet Explorer 6 allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3659 (Microsoft Internet Explorer 6 allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3660 (Unspecified vulnerability in Microsoft PowerPoint 2003 has unknown ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3661 (Cross-site scripting (XSS) vulnerability in Index.PHP in CuteNews ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3662 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3663 (Finjan Vital Security Appliance 5100/8100 NG 8.3.5 stores passwords in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3664 (Unspecified vulnerability in NIS server on Sun Solaris 8, 9, and 10 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3665 (SquirrelMail 1.4.6 and earlier, with register_globals enabled, allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3666 (SQL injection vulnerability in AjaxPortal 3.0, with magic_quotes_gpc ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3667 (Unspecified vulnerability in Sybase/Financial Fusion Consumer Banking ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3668 (Heap-based buffer overflow in the it_read_envelope function in Dynamic ...) BUG: 142387 CVE-2006-3669 (Mercury Messenger, possibly 1.7.1.1 and other versions, when running ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3670 (Stack-based buffer overflow in Winlpd 1.26 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3671 (Cross-site request forgery (CSRF) vulnerability in the communicate ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3672 (KDE Konqueror 3.5.1 and earlier allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3673 (nNetObject.cpp in Armagetron Advanced 2.8.2 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3674 (nNetObject.cpp in Armagetron Advanced 2.8.2 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3675 (Password Safe 2.11, 2.16 and 3.0BETA1 does not respect the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3676 (admin/gallery_admin.php in planetGallery before 14.07.2006 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3677 (Mozilla Firefox 1.5 before 1.5.0.5 and SeaMonkey before 1.0.3 allows ...) BUG: 141842 CVE-2006-3678 (TippingPoint IPS running the TippingPoint Operating System (TOS) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3679 (FatWire Content Server 5.5.0 allows remote attackers to bypass access ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3680 (Cross-site scripting (XSS) vulnerability in photocycle in Photocycle ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3681 (Multiple cross-site scripting (XSS) vulnerabilities in awstats.pl in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3682 (awstats.pl in AWStats 6.5 build 1.857 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3683 (PHP remote file inclusion vulnerability in poll.php in Flipper Poll ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3684 (PHP remote file inclusion vulnerability in calendar.php in SoftComplex ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3685 (PHP remote file inclusion vulnerability in CzarNews 1.12 through 1.14 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3686 (Unspecified vulnerability in [SYSEXE]SMPUTIL.EXE in HP OpenVMS 7.3-2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3687 (Stack-based buffer overflow in the Universal Plug and Play (UPnP) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3688 (SQL injection vulnerability in Room.php in Francisco Charrua ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3689 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3690 (Multiple PHP remote file inclusion vulnerabilities in MiniBB Forum ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3691 (Multiple SQL injection vulnerabilities in VBZooM 1.11 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3692 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3693 (Rocks Clusters 4.1 and earlier allows local users to gain privileges ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3694 (Multiple unspecified vulnerabilities in Ruby before 1.8.5 allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3695 (Trac before 0.9.6 does not disable the "raw" or "include" commands ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3696 (filtnt.sys in Outpost Firewall Pro before 3.51.759.6511 (462) allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3697 (Agnitum Outpost Firewall Pro 3.51.759.6511 (462), as used in (1) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3698 (Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 have ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3699 (Unspecified vulnerability in the Core RDBMS component in Oracle ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3700 (Multiple unspecified vulnerabilities in Oracle Database 9.2.0.6 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3701 (Unspecified vulnerability in the Dictionary component in Oracle ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3702 (Multiple unspecified vulnerabilities in Oracle Database 8.1.7.4, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3703 (Unspecified vulnerability in InterMedia for Oracle Database 9.0.1.5, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3704 (Unspecified vulnerability in the Oracle ODBC Driver for Oracle ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3705 (Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 have ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3706 (Unspecified vulnerability in OC4J for Oracle Application Server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3707 (Unspecified vulnerability in OC4J for Oracle Application Server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3708 (Unspecified vulnerability in OC4J for Oracle Application Server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3709 (Unspecified vulnerability in OC4J for Oracle Application Server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3710 (Unspecified vulnerability in OC4J for Oracle Application Server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3711 (Unspecified vulnerability in OC4J for Oracle Application Server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3712 (Unspecified vulnerability in OC4J for Oracle Application Server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3713 (Unspecified vulnerability in OC4J for Oracle Application Server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3714 (Unspecified vulnerability in OC4J for Oracle Application Server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3715 (Unspecified vulnerability in Calendar for Oracle Collaboration Suite ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3716 (Multiple unspecified vulnerabilities in Oracle E-Business Suite and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3717 (Multiple unspecified vulnerabilities in Oracle E-Business Suite and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3718 (Multiple unspecified vulnerabilities in Oracle Exchange for Oracle ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3719 (Unspecified vulnerability in CORE: Repository for Oracle Enterprise ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3720 (Unspecified vulnerability in Enterprise Config Management for Oracle ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3721 (Multiple unspecified vulnerabilities in Oracle Management Service for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3722 (Unspecified vulnerability in PeopleSoft Enterprise Portal for Oracle ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3723 (Unspecified vulnerability in PeopleSoft Enterprise Portal for Oracle ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3724 (Unspecified vulnerability in JD Edwards HTML Server for Oracle ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3725 (Norton Personal Firewall 2006 9.1.0.33 allows local users to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3726 (Buffer overflow in FileCOPA FTP Server before 1.01 released on 18th ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3727 (Multiple SQL injection vulnerabilities in Eskolar CMS 0.9.0.0 allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3728 (Unspecified vulnerability in the kernel in Solaris 10 with patch ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3729 (DataSourceControl in Internet Explorer 6 on Windows XP SP2 with Office ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3730 (Integer overflow in Microsoft Internet Explorer 6 on Windows XP SP2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3731 (Mozilla Firefox 1.5.0.4 and earlier allows remote user-assisted ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3732 (Cisco Security Monitoring, Analysis and Response System (CS-MARS) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3733 (jmx-console/HtmlAdaptor in the jmx-console in the JBoss web ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3734 (Multiple unspecified vulnerabilities in the Command Line Interface ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3735 (Multiple PHP remote file inclusion vulnerabilities in Mail2Forum ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3736 (PHP remote file inclusion vulnerability in core/videodb.class.xml.php ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3737 (Cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3738 (Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL ...) BUG: 194039 BUG: 188799 BUG: 152640 BUG: 145510 CVE-2006-3739 (Integer overflow in the CIDAFM function in X.Org 6.8.2 and XFree86 X ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3740 (Integer overflow in the scan_cidfont function in X.Org 6.8.2 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3741 (The perfmonctl system call (sys_perfmonctl) in Linux kernel 2.4.x and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3742 (The KDE PAM configuration shipped with Fedora Core 5 causes KDM ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3743 (Multiple buffer overflows in ImageMagick before 6.2.9 allow ...) BUG: 143533 BUG: 144091 CVE-2006-3744 (Multiple integer overflows in ImageMagick before 6.2.9 allows ...) BUG: 143533 BUG: 144091 CVE-2006-3745 (Unspecified vulnerability in the sctp_make_abort_user function in the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3746 (Integer overflow in parse_comment in GnuPG (gpg) 1.4.4 allows remote ...) BUG: 142248 CVE-2006-3747 (Off-by-one error in the ldap scheme handling in the Rewrite module ...) BUG: 141986 CVE-2006-3748 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3749 (PHP remote file inclusion vulnerability in sitemap.xml.php in Sitemap ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3750 (PHP remote file inclusion vulnerability in server.php in the Hashcash ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3751 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3752 (Multiple SQL injection vulnerabilities in class.php in Professional ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3753 (setcookie.php for the administration login in Professional Home Page ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3754 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3755 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3756 (Cross-site scripting (XSS) vulnerability in Geeklog 1.4.0sr4 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3757 (index.php in Zen Cart 1.3.0.2 allows remote attackers to obtain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3758 (inc/init.php in Archive Mode (Light) in MyBB (aka MyBulletinBoard) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3759 (Unspecified vulnerability in MyBB (aka MyBulletinBoard) 1.1.4, related ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3760 (Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3761 (Cross-site scripting (XSS) vulnerability in inc/functions_post.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3762 (The Touch Control ActiveX control 2.0.0.55 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3763 (SQL injection vulnerability in category.php in Diesel Joke Site allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3764 (Till Gerken phpPolls 1.0.3 allows remote attackers to create a new ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3765 (Multiple cross-site scripting (XSS) vulnerabilities in Huttenlocher ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3766 (Darren's $5 Script Archive osDate 1.1.7 and earlier allows users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3767 (Cross-site scripting (XSS) vulnerability in showprofile.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3768 (Integer underflow in filecpnt.exe in FileCOPA FTP Server 1.01 before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3769 (Multiple cross-site scripting (XSS) vulnerabilities in Top XL 1.1 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3770 (Multiple SQL injection vulnerabilities in index.php in phpFaber ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3771 (Multiple PHP remote file inclusion vulnerabilities in component.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3772 (PHP-Post 0.21 and 1.0, and possibly earlier versions, when auto-login ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3773 (PHP remote file inclusion vulnerability in smf.php in the SMF-Forum ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3774 (PHP remote file inclusion vulnerability in performs.php in the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3775 (SQL injection vulnerability in the init function in class_session.php ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3776 (PHP remote file inclusion vulnerability in order/index.php in IDevSpot ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3777 (PHP remote file inclusion vulnerability in index.php in IDevSpot ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3778 (IBM Lotus Notes 6.0, 6.5, and 7.0 does not properly handle replies to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3779 (Citrix MetaFrame up to XP 1.0 Feature 1, except when running on ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3780 (Keyifweb Keyif Portal 2.0 stores sensitive information under the web ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3781 (Unspecified vulnerability in Sun Solaris 10 allows context-dependent ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3782 (Unspecified vulnerability in the kernel debugger (kmdb) in Sun Solaris ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3783 (Sun Solaris 10 allows local users to cause a denial of service (panic) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3784 (Symantec pcAnywhere 12.5 uses weak default permissions for the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3785 (Symantec pcAnywhere 12.5 obfuscates the passwords in a GUI textbox ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3786 (Symantec pcAnywhere 12.5 uses weak integrity protection for .cif (aka ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3787 (kpf4ss.exe in Sunbelt Kerio Personal Firewall 4.3.x before 4.3.268 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3788 (Multiple buffer overflows in multiplay.cpp in UFO2000 svn 1057 allow ...) BUG: 142392 CVE-2006-3789 (Multiple array index errors in the (1) recv_rules, (2) ...) BUG: 142392 CVE-2006-3790 (The decode_stringmap function in server_transport.cpp for UFO2000 svn ...) BUG: 142392 CVE-2006-3791 (The decode_stringmap function in server_transport.cpp for UFO2000 svn ...) BUG: 142392 CVE-2006-3792 (SQL injection vulnerability in ServerClientUfo::recv_packet in ...) BUG: 142392 CVE-2006-3793 (PHP remote file inclusion vulnerability in constants.php in SiteDepth ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3794 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3795 (Multiple cross-site scripting (XSS) vulnerabilities in DeluxeBB before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3796 (DeluxeBB 1.07 and earlier does not properly handle a username composed ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3797 (SQL injection vulnerability in DeluxeBB 1.07 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3798 (DeluxeBB 1.07 and earlier allows remote attackers to overwrite the (1) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3799 (DeluxeBB 1.07 and earlier allows remote attackers to bypass SQL ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3800 (Cross-site scripting (XSS) vulnerability in Amazing Flash AFCommerce ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3801 (Mozilla Firefox 1.5 before 1.5.0.5 and SeaMonkey before 1.0.3 does not ...) BUG: 141842 CVE-2006-3802 (Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and ...) BUG: 141842 CVE-2006-3803 (Race condition in the JavaScript garbage collection in Mozilla Firefox ...) BUG: 141842 CVE-2006-3804 (Heap-based buffer overflow in Mozilla Thunderbird before 1.5.0.5 and ...) BUG: 141842 CVE-2006-3805 (The Javascript engine in Mozilla Firefox before 1.5.0.5, Thunderbird ...) BUG: 141842 CVE-2006-3806 (Multiple integer overflows in the Javascript engine in Mozilla Firefox ...) BUG: 141842 CVE-2006-3807 (Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and ...) BUG: 141842 CVE-2006-3808 (Mozilla Firefox before 1.5.0.5 and SeaMonkey before 1.0.3 allows ...) BUG: 141842 CVE-2006-3809 (Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and ...) BUG: 141842 CVE-2006-3810 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox 1.5 before ...) BUG: 141842 CVE-2006-3811 (Multiple vulnerabilities in Mozilla Firefox before 1.5.0.5, ...) BUG: 141842 CVE-2006-3812 (Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and ...) BUG: 141842 CVE-2006-3813 (A regression error in the Perl package for Red Hat Enterprise Linux 4 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3814 (Buffer overflow in the Loader_XM::load_instrument_internal function in ...) BUG: 142391 CVE-2006-3815 (heartbeat.c in heartbeat before 2.0.6 sets insecure permissions in a ...) BUG: 141894 CVE-2006-3816 (Krusader 1.50-beta1 up to 1.70.0 stores passwords for remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3817 (Cross-site scripting (XSS) vulnerability in Novell GroupWise WebAccess ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3818 (Cross-site scripting (XSS) vulnerability in the login page in Novell ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3819 (Eval injection vulnerability in the configure script in TWiki 4.0.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3820 (Cross-site scripting (XSS) vulnerability in loudblog/index.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3821 (Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.5.3 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3822 (SQL injection vulnerability in index.php in GeodesicSolutions ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3823 (SQL injection vulnerability in index.php in GeodesicSolutions (1) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3824 (systeminfo.c for Sun Solaris allows local users to read kernel memory ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3825 (The IPv4 implementation in Sun Solaris 10 before 20060721 allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3826 (Multiple cross-site scripting (XSS) vulnerabilities in Kailash Nadh ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3827 (SQL injection vulnerability in bmc/Inc/core/admin/search.inc.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3828 (Incomplete blacklist vulnerability in Kailash Nadh boastMachine ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3829 (Cross-site request forgery (CSRF) vulnerability in bmc/admin.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3830 (The Languages selection in the admin interface in Kailash Nadh ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3831 (The Backup selection in Kailash Nadh boastMachine (formerly bMachine) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3832 (SQL injection vulnerability in index.php in Gerrit van Aaken Loudblog ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3833 (index.php in EJ3 TOPo 2.2.178 allows remote attackers to overwrite ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3834 (EJ3 TOPo 2.2.178 includes the password in cleartext in the ID field to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3835 (Apache Tomcat 5 before 5.5.17 allows remote attackers to list ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3836 (Directory traversal vulnerability in index.php in UNIDOmedia Chameleon ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3837 (delcookie.php in Professional Home Page Tools Guestbook changes the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3838 (Multiple stack-based buffer overflows in eIQnetworks Enterprise ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3839 RESERVED CVE-2006-3840 (The SMB Mailslot parsing functionality in PAM in multiple ISS products ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3841 (Cross-site scripting (XSS) vulnerability in WebScarab before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3842 (Cross-site scripting (XSS) vulnerability in Zoho Virtual Office 3.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3843 (PHP remote file inclusion vulnerability in com_calendar.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3844 (Buffer overflow in Quick 'n Easy FTP Server 3.0 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3845 (Stack-based buffer overflow in lzh.fmt in WinRAR 3.00 through 3.60 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3846 (PHP remote file inclusion vulnerability in extadminmenus.class.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3847 (PHP remote file inclusion vulnerability in (1) admin.php, and possibly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3848 (Cross-site scripting (XSS) vulnerability in CGI wrapper for IP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3849 (Stack-based buffer overflow in Warzone 2100 and Warzone Resurrection ...) BUG: 142389 CVE-2006-3850 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3851 (SQL injection vulnerability in upgradev1.php in X7 Chat 2.0.4 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3852 (Cross-site scripting (XSS) vulnerability in index.php in Micro ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3853 (Buffer overflow in IBM Informix Dynamic Server (IDS) before 9.40.TC7 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3854 (Buffer overflow in IBM Informix Dynamic Server (IDS) 9.40.TC7, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3855 (The ifx_load_internal function in IBM Informix Dynamic Server (IDS) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3856 (IBM Informix Dynamic Server (IDS) before 9.40.xC7 and 10.00 before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3857 (Multiple buffer overflows in IBM Informix Dynamic Server (IDS) before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3858 (IBM Informix Dynamic Server (IDS) before 9.40.xC8 and 10.00 before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3859 (IBM Informix Dynamic Server (IDS) allows remote authenticated users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3860 (IBM Informix Dynamic Server (IDS) before 9.40.xC7 and 10.00 before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3861 (IBM Informix Dynamic Server (IDS) before 9.40.xC7 and 10.00 before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3862 (Buffer overflow in IBM Informix Dynamic Server (IDS) 9.40.TC5 through ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3863 RESERVED CVE-2006-3864 (Unspecified vulnerability in mso.dll in Microsoft Office 2000, XP, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3865 RESERVED CVE-2006-3866 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3867 (Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3868 (Unspecified vulnerability in Microsoft Office XP and 2003 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3869 (Heap-based buffer overflow in URLMON.DLL in Microsoft Internet ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3870 RESERVED CVE-2006-3871 RESERVED CVE-2006-3872 RESERVED CVE-2006-3873 (Heap-based buffer overflow in URLMON.DLL in Microsoft Internet ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3874 RESERVED CVE-2006-3875 (Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3876 (Unspecified vulnerability in PowerPoint in Microsoft Office 2000, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3877 (Unspecified vulnerability in PowerPoint in Microsoft Office 2000, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3878 (Opsware Network Automation System (NAS) 6.0 installs /etc/init.d/mysql ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3879 (Integer overflow in the loadChunk function in loaders/load_gt2.c in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3880 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3881 (Cross-site scripting (XSS) vulnerability in Shalwan MusicBox 2.3.4 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3882 (Shalwan MusicBox 2.3.4 and earlier allows remote attackers to obtain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3883 (Multiple cross-site scripting (XSS) vulnerabilities in Gonafish ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3884 (Multiple SQL injection vulnerabilities in links.php in Gonafish ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3885 (Directory traversal vulnerability in Check Point Firewall-1 R55W ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3886 (SQL injection vulnerability in Shalwan MusicBox 2.3.4 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3887 (Buffer overflow in AOL You've Got Pictures (YGP) Screensaver ActiveX ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3888 (Buffer overflow in AOL You've Got Pictures (YGP) Pic Downloader ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3889 RESERVED CVE-2006-3890 (Stack-based buffer overflow in the Sky Software FileView ActiveX ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3891 RESERVED CVE-2006-3892 (The Management Console server in EMC NetWorker (formerly Legato ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3893 (Multiple buffer overflows in the ActiveX controls in Newtone ImageKit ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3894 (The RSA Crypto-C before 6.3.1 and Cert-C before 2.8 libraries, as used ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3895 RESERVED CVE-2006-3896 (The NeoScale Systems CryptoStor 700 series appliance before 2.6 relies ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3897 (Stack overflow in Microsoft Internet Explorer 6 on Windows 2000 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3898 (Microsoft Internet Explorer 6.0 on Windows XP SP2 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3899 (Microsoft Internet Explorer 6.0 on Windows XP SP2 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3900 (Cross-site scripting (XSS) vulnerability in guestbook.php in TP-Book ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3901 (Multiple stack-based buffer overflows in Tumbleweed Email Firewall ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3902 (Cross-site scripting (XSS) vulnerability in index.php in phpFaber ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3903 (CRLF injection vulnerability in (1) index.php and (2) admin.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3904 (SQL injection vulnerability in manager/index.php in Etomite CMS 0.6.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3905 (SQL injection vulnerability in Webland MyBloggie 2.1.3 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3906 (Internet Key Exchange (IKE) version 1 protocol, as implemented on ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3907 (Siemens SpeedStream 2624 allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3908 (Format string vulnerability in the flush_output function in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3909 (Cross-site scripting (XSS) vulnerability in calendar.php in WWWthreads ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3910 (Internet Explorer 6 on Windows XP SP2, when Outlook is installed, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3911 (PHP remote file inclusion vulnerability in OSI Codes PHP Live! 3.2.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3912 (Stack-based buffer overflow in the SFX module in WinRAR before 3.60 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3913 (Buffer overflow in Freeciv 2.1.0-beta1 and earlier, and SVN 15 Jul ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3914 (Cross-site scripting (XSS) vulnerability in Blackboard Academic Suite ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3915 (Microsoft Internet Explorer 6 on Windows XP SP2 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3916 (Cross-site scripting (XSS) vulnerability in snews.php in sNews (aka ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3917 (PHP remote file inclusion vulnerability in inc/gabarits.php in R. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3918 (http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3919 (SQL injection vulnerability in index.php in SD Studio CMS allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3920 (The TCP implementation in Sun Solaris 8, 9, and 10 before 20060726 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3921 (Sun Java System Application Server (SJSAS) 7 through 8.1 and Web ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3922 (PHP remote file inclusion vulnerability in mod_membre/inscription.php ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3923 (Cross-site scripting (XSS) vulnerability in add.php in Fire-Mouse ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3924 (Multiple cross-site scripting (XSS) vulnerabilities in Dokeos before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3925 (Stack-based buffer overflow in ITIRecorder.MicRecorder ActiveX control ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3926 (Multiple SQL injection vulnerabilities in PhpProBid 5.24 allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3927 (Cross-site scripting (XSS) vulnerability in auctionsearch.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3928 (PHP remote file inclusion vulnerability in index.php in WMNews 0.2a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3929 (Cross-site scripting (XSS) vulnerability in the Forms/rpSysAdmin ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3930 (PHP remote file inclusion vulnerability in admin.a6mambohelpdesk.php ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3931 (Buffer overflow in the daemon function in midirecord.cc in Tuomas ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3932 (SQL injection vulnerability in links.php in Gonafish LinksCaffe 3.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3933 (Cross-site scripting (XSS) vulnerability in Alkacon OpenCms before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3934 (Absolute path traversal vulnerability in downloadTrigger.jsp in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3935 (system/workplace/views/admin/admin-main.jsp in Alkacon OpenCms before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3936 (system/workplace/editors/editor.jsp in Alkacon OpenCms before 6.2.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3937 (post.php in x_atrix xGuestBook 1.02 allows remote attackers to obtain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3938 (DotClear allows remote attackers to obtain sensitive information via a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3939 (ScriptsCenter ezUpload Pro 2.2.0 allows remote attackers to perform ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3940 (Multiple SQL injection vulnerabilities in phpbb-Auction allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3941 (Unspecified vulnerability in the daemons for Sun N1 Grid Engine 5.3 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3942 (The server driver (srv.sys) in Microsoft Windows NT 4.0, 2000, XP, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3943 (Stack-based buffer overflow in NDFXArtEffects in Microsoft Internet ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3944 (Microsoft Internet Explorer 6 on Windows XP SP2 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3945 (The CSS functionality in Opera 9 on Windows XP SP2 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3946 (WebCore in Apple Mac OS X 10.3.9 and 10.4 through 10.4.7 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3947 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3948 (Cross-site scripting (XSS) vulnerability in modules.php in PHP-Nuke ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3949 (PHP remote file inclusion vulnerability in artlinks.dispnew.php in the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3950 (SQL injection vulnerability in x-statistics.php in X-Scripts ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3951 (PHP remote file inclusion vulnerability in moodle.php in Mam-moodle ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3952 (Stack-based buffer overflow in EFS Software Easy File Sharing FTP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3953 (Cross-site scripting (XSS) vulnerability in usercp.php in MyBB (aka ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3954 (Directory traversal vulnerability in usercp.php in MyBB (aka ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3955 (Multiple PHP remote file inclusion vulnerabilities in MiniBB Forum ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3956 (Multiple cross-site scripting (XSS) vulnerabilities in contact.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3957 (PHP remote file inclusion vulnerability in payment.php in BosDev ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3958 (Multiple unspecified cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3959 (SQL injection vulnerability in protect.php in X-Scripts X-Protection ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3960 (SQL injection vulnerability in top.php in X-Scripts X-Poll, probably ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3961 (Buffer overflow in McSubMgr ActiveX control (mcsubmgr.dll) in McAfee ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3962 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3963 (Multiple SQL injection vulnerabilities in Banex PHP MySQL Banner ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3964 (PHP remote file inclusion vulnerability in members.php in Banex PHP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3965 (Banex PHP MySQL Banner Exchange 2.21 stores lib.inc under the web ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3966 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3967 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3968 (The crypto provider in Sun Solaris 10 3/05 HW2 without patch ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3969 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3970 (PHP remote file inclusion vulnerability in lmo.php in the LMO ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3971 (Cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3972 (Directory traversal vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3973 (My Firewall Plus 5.0 Build 1119 does not verify if explorer.exe is ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3974 (Cross-site scripting (XSS) vulnerability in cgi-bin/admin in 3Com ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3975 (Unspecified vulnerability in CA eTrust Antivirus WebScan allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3976 (Unspecified vulnerability in CA eTrust Antivirus WebScan before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3977 (Unspecified vulnerability in CA eTrust Antivirus WebScan before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3978 (Unspecified vulnerability in a Verity third party library, as used on ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3979 (The AdminAPI of ColdFusion MX 7 allows attackers to bypass ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3980 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3981 (PHP remote file inclusion vulnerability in about.mgm.php in Mambo ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3982 (PHP remote file inclusion vulnerability in quickie.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3983 (PHP remote file inclusion vulnerability in editprofile.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3984 (PHP remote file inclusion vulnerability in phpAdsNew/view.inc.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3985 (Stack-based buffer overflow in DZIPS32.DLL 6.0.0.4 in ConeXware ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3986 (PHP remote file inclusion vulnerability in index.php in Knusperleicht ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3987 (Multiple PHP remote file inclusion vulnerabilities in index.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3988 (PHP remote file inclusion vulnerability in index.php in Knusperleicht ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3989 (PHP remote file inclusion vulnerability in index.php in Knusperleicht ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3990 (Multiple PHP remote file inclusion vulnerabilities in Paul M. Jones ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3991 (PHP remote file inclusion vulnerability in index.php in Vlad Vostrykh ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3992 (Unspecified vulnerability in the Centrino (1) w22n50.sys, (2) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3993 (PHP remote file inclusion vulnerability in copyright.php in Olaf ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3994 (SQL injection vulnerability in the u2u_send_recp function in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3995 (Multiple PHP remote file inclusion vulnerabilities in (1) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3996 (SQL injection vulnerability in links/index.php in ATutor 1.5.3.1 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3997 (PHP remote file inclusion vulnerability in hsList.php in WoWRoster ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3998 (PHP remote file inclusion vulnerability in conf.php in WoWRoster (aka ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-3999 (ISS BlackICE PC Protection 3.6.cpj, 3.6.cpiE, and possibly earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4000 (Directory traversal vulnerability in cgi-bin/preview_email.cgi in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4001 (Login.pm in Barracuda Spam Firewall (BSF) 3.3.01.001 through ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4002 (Cross-site scripting (XSS) vulnerability in user.module in Drupal 4.6 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4003 (The config method in Henrik Storner Hobbit monitor before 4.1.2p2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4004 (Directory traversal vulnerability in index.php in vbPortal 3.0.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4005 (BomberClone 0.11.6 and earlier allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4006 (The do_gameinfo function in BomberClone 0.11.6 and earlier, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4007 (PHP remote file inclusion vulnerability in index.php in Knusperleicht ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4008 (PHP remote file inclusion vulnerability in index.php in Knusperleicht ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4009 (Cross-site scripting (XSS) vulnerability in war.php in Virtual War ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4010 (SQL injection vulnerability in war.php in Virtual War (Vwar) 1.5.0 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4011 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4012 (Multiple PHP remote file inclusion vulnerabilities in circeOS SaveWeb ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4013 (Multiple directory traversal vulnerabilities in Symantec Brightmail ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4014 (Symantec Brightmail AntiSpam (SBAS) before 6.0.4, when the Control ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4015 (Hewlett-Packard (HP) ProCurve 3500yl, 6200yl, and 5400zl switches with ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4016 (Cross-site scripting (XSS) vulnerability in /toendaCMS in toendaCMS ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4017 (Cross-site scripting (XSS) vulnerability in the search module in Inter ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4018 (Heap-based buffer overflow in the pefromupx function in ...) BUG: 143093 CVE-2006-4019 (Dynamic variable evaluation vulnerability in compose.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4020 (scanf.c in PHP 5.1.4 and earlier, and 4.4.3 and earlier, allows ...) BUG: 143126 CVE-2006-4021 (The cryptographic module in ScatterChat 1.0.x allows attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4022 (Intel 2100 PRO/Wireless Network Connection driver PROSet before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4023 (The ip2long function in PHP 5.1.4 and earlier may incorrectly validate ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4024 (The FESTAHES_Load function in pce/hes.c in Festalon 0.5.0 through ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4025 (SQL injection vulnerability in profile.php in XennoBB 2.1.0 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4026 (PHP remote file inclusion vulnerability in SAPID CMS 123 rc3 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4027 RESERVED CVE-2006-4028 (Multiple unspecified vulnerabilities in WordPress before 2.0.4 have ...) BUG: 142142 CVE-2006-4029 (Stack-based buffer overflow in sipd.dll in AGEphone 1.24 and 1.38.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4030 (Unspecified vulnerability in the stats module in Gallery 1.5.1-RC2 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4031 (MySQL 4.1 before 4.1.21 and 5.0 before 5.0.24 allows a local user to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4032 (Unspecified vulnerability in Cisco IOS CallManager Express (CME) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4033 (Heap-based buffer overflow in Lhaplus.exe in Lhaplus 1.52, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4034 (PHP remote file inclusion vulnerability in include/html/config.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4035 (SQL injection vulnerability in counterchaos.php in CounterChaos 0.48c ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4036 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4037 (Unspecified vulnerability in Fenestrae Faxination Server allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4038 (Multiple cross-site scripting (XSS) vulnerabilities in eintragen.php ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4039 (Multiple SQL injection vulnerabilities in eintragen.php in GaesteChaos ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4040 (PHP remote file inclusion vulnerability in myevent.php in myWebland ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4041 (SQL injection vulnerability in Pike before 7.6.86, when using a ...) BUG: 136065 CVE-2006-4042 (Multiple SQL injection vulnerabilities in trackback.php in myWebland ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4043 (index.php in myWebland myBloggie 2.1.4 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4044 (PHP remote file inclusion vulnerability in Beautifier/Core.php in Brad ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4045 (PHP remote file inclusion vulnerability in news.php in Torbstoff News ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4046 (Multiple stack-based buffer overflows in Open Cubic Player 2.6.0pre6 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4047 (SQL injection vulnerability in index.php in Netious CMS 0.4 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4048 (Netious CMS 0.4 initializes session IDs based on the client IP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4049 (Unspecified vulnerability in the utxconfig utility in Sun Ray Server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4050 (PHP remote file inclusion vulnerability in auto_check_renewals.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4051 (PHP remote file inclusion vulnerability in global.php in Turnkey Web ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4052 (Multiple PHP remote file inclusion vulnerabilities in Turnkey Web ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4053 (PHP remote file inclusion vulnerability in templates/header.php in ME ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4054 (Multiple PHP remote file inclusion vulnerabilities in ME Download ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4055 (Multiple PHP remote file inclusion vulnerabilities in Olaf Noehring ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4056 (Multiple SQL injection vulnerabilities in the authentication process ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4057 (Buffer overflow in the preview_create function in gui.cpp in Mitch ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4058 (Cross-site scripting (XSS) vulnerability in archive.php in Simplog ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4059 (Multiple PHP remote file inclusion vulnerabilities in USOLVED ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4060 (PHP remote file inclusion vulnerability in calendar.php in Visual ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4061 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4062 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4063 (Multiple PHP remote file inclusion vulnerabilities in Csaba Godor ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4064 (SQL injection vulnerability in default.asp in YenerTurk Haber Script ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4065 (Multiple PHP remote file inclusion vulnerabilities in Dmitry Sheiko ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4066 (The Graphical Device Interface Plus library (gdiplus.dll) in Microsoft ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4067 (Cross-site scripting (XSS) vulnerability in cake/libs/error.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4068 (The pswd.js script relies on the client to calculate whether a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4069 (Multiple cross-site scripting (XSS) vulnerabilities in Elaine Aquino ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4070 (Format string vulnerability in Imendio Planner 0.13 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4071 (Sign extension vulnerability in the createBrushIndirect function in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4072 (Multiple SQL injection vulnerabilities in Club-Nuke [XP] 2.0 LCID 2048 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4073 (Multiple PHP remote file inclusion vulnerabilities in Fabian Hainz ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4074 (PHP remote file inclusion vulnerability in lib/tpl/default/main.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4075 (Multiple PHP remote file inclusion vulnerabilities in Wim Fleischhauer ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4076 (Multiple PHP remote file inclusion vulnerabilities in Wim Fleischhauer ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4077 (PHP remote file inclusion vulnerability in CheckUpload.php in Vincenzo ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4078 (pm.php (aka the PM system) in DeluxeBB 1.08, and possibly earlier, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4079 (Cross-site scripting (XSS) vulnerability in newpost.php in DeluxeBB ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4080 (DeluxeBB 1.08, and possibly earlier, uses cookies that include the MD5 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4081 (preview_email.cgi in Barracuda Spam Firewall (BSF) 3.3.01.001 through ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4082 (Barracuda Spam Firewall (BSF), possibly 3.3.03.053, contains a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4083 (PHP remote file inclusion vulnerability in viewevent.php in myWebland ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4084 (Unspecified vulnerability in phpAutoMembersArea (phpAMA) before 3.2.4 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4085 (PHP remote file inclusion vulnerability in Olaf Noehring The Search ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4086 (Cross-site scripting (XSS) vulnerability in index.php in Elaine Aquino ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4087 (Cross-site scripting (XSS) vulnerability in admin.cgi in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4088 (Multiple cross-site scripting (XSS) vulnerabilities in CivicSpace ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4089 (Multiple buffer overflows in Andy Lo-A-Foe AlsaPlayer 0.99.76 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4090 (Cross-site scripting (XSS) vulnerability in Webligo BlogHoster 2.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4091 (Multiple cross-site scripting (XSS) vulnerabilities in Archangel ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4092 (Simpliciti Locked Browser does not properly limit a user's actions to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4093 (Linux kernel 2.x.6 before 2.6.17.9 and 2.4.x before 2.4.33.1 on ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4094 RESERVED CVE-2006-4095 (BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers ...) BUG: 146486 CVE-2006-4096 (BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers to ...) BUG: 146486 CVE-2006-4097 (Multiple unspecified vulnerabilities in the CSRadius service in Cisco ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4098 (Stack-based buffer overflow in the CSRadius service in Cisco Secure Access ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4099 (Business Objects Crystal Enterprise 9 and 10 generates predictable ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4100 RESERVED CVE-2006-4101 RESERVED CVE-2006-4102 (PHP remote file inclusion vulnerability in tpl.inc.php in Falko Timme ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4103 (PHP remote file inclusion vulnerability in article-raw.php in Jason ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4104 (Cross-site scripting (XSS) vulnerability in admin.cgi in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4105 (Cross-site scripting (XSS) vulnerability in Fill Threads Database ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4106 (Cross-site scripting (XSS) vulnerability in blursoft blur6ex 0.3 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4107 (SQL injection vulnerability in the Job Search module (job.module) 4.6 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4108 (SQL injection vulnerability in Bibliography (biblio.module) 4.6 before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4109 (Cross-site scripting (XSS) vulnerability in Bibliography ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4110 (Apache 2.2.2, when running on Windows, allows remote attackers to read ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4111 (Ruby on Rails before 1.1.5 allows remote attackers to execute Ruby ...) BUG: 143369 CVE-2006-4112 (Unspecified vulnerability in the "dependency resolution mechanism" in ...) BUG: 143369 CVE-2006-4113 (PHP remote file inclusion vulnerability in genpage-cgi.php in Brian ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4114 (SQL injection vulnerability in view_com.php in Nicolas Grandjean ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4115 (PHP remote file inclusion vulnerability in common.inc.php in PgMarket ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4116 (Multiple stack-based buffer overflows in Lhaz before 1.32 allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4117 (The squeue_drain function in Sun Solaris 10, possibly only when run on ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4118 (Multiple SQL injection vulnerabilities in GeheimChaos 0.5 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4119 (SQL injection vulnerability in gc.php in GeheimChaos 0.5 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4120 (Cross-site scripting (XSS) vulnerability in the Recipe module ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4121 (PHP remote file inclusion vulnerability in owimg.php3 in See-Commerce ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4122 (Simple one-file guestbook 1.0 and earlier allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4123 (PHP remote file inclusion vulnerability in boitenews4/index.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4124 (The libXm library in LessTif 0.95.0 and earlier allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4125 (Stack-based buffer overflow in main.c in DConnect Daemon 0.7.0 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4126 (The dc_chat function in cmd.dc.c in DConnect Daemon 0.7.0 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4127 (Multiple format string vulnerabilities in DConnect Daemon 0.7.0 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4128 (Multiple heap-based buffer overflows in Symantec VERITAS Backup Exec ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4129 (PHP remote file inclusion vulnerability in admin.webring.docs.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4130 (PHP remote file inclusion vulnerability in admin.remository.php in the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4131 (Multiple buffer overflows in ArcSoft MMS Composer 1.5.5.6, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4132 (ArcSoft MMS Composer 1.5.5.6 and possibly earlier, and 2.0.0.13 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4133 (Heap-based buffer overflow in SAP Internet Graphics Service (IGS) 6.40 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4134 (Unspecified vulnerability related to a "design flaw" in SAP Internet ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4135 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4136 (Multiple unspecified vulnerabilities in IBM WebSphere Application ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4137 (IBM WebSphere Application Server before 6.1.0.1 allows attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4138 (Multiple unspecified vulnerabilities in Microsoft Windows Help File ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4139 (Race condition in Sun Solaris 10 allows attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4140 (Directory traversal vulnerability in IPCheck Server Monitor before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4141 (SQL injection vulnerability in news.php in Virtual War (VWar) 1.5.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4142 (SQL injection vulnerability in extra/online.php in Virtual War (VWar) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4143 (Netgear FVG318 running firmware 1.0.40 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4144 (Integer overflow in the ReadSGIImage function in sgi.c in ImageMagick ...) BUG: 143533 BUG: 144091 CVE-2006-4145 (The Universal Disk Format (UDF) filesystem driver in Linux kernel ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4146 (Buffer overflow in the (1) DWARF (dwarfread.c) and (2) DWARF2 ...) BUG: 193196 CVE-2006-4147 RESERVED CVE-2006-4148 RESERVED CVE-2006-4149 RESERVED CVE-2006-4150 RESERVED CVE-2006-4151 RESERVED CVE-2006-4152 RESERVED CVE-2006-4153 RESERVED CVE-2006-4154 (Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x ...) BUG: 151359 CVE-2006-4155 (Unspecified vulnerability in func_topic_threaded.php (aka threaded ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4156 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4157 (Cross-site scripting (XSS) vulnerability in index.php in Yet another ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4158 (PHP remote file inclusion vulnerability in Login.php in Spaminator 1.7 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4159 (Multiple PHP remote file inclusion vulnerabilities in Chaussette ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4160 (Multiple PHP remote file inclusion vulnerabilities in Tony Bibbs and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4161 (Directory traversal vulnerability in the avatar_gallery action in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4162 (Cross-site scripting (XSS) vulnerability in Dragonfly CMS 9.0.6.1 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4163 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4164 (PHP remote file inclusion vulnerability in inc/header.inc.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4165 (Cross-site scripting (XSS) vulnerability in NetCommons 1.0.8 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4166 (PHP remote file inclusion vulnerability in TinyWebGallery 1.5 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4167 RESERVED CVE-2006-4168 (Integer overflow in the exif_data_load_data_entry function in ...) BUG: 181922 CVE-2006-4169 (Multiple directory traversal vulnerabilities in the G/PGP (GPG) Plugin ...) BUG: 185010 CVE-2006-4170 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4171 RESERVED CVE-2006-4172 (Integer overflow vulnerability in the i386_set_ldt call in FreeBSD ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4173 RESERVED CVE-2006-4174 RESERVED CVE-2006-4175 (The LDAP server (ns-slapd) in Sun Java System Directory Server 5.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4176 RESERVED CVE-2006-4177 (Heap-based buffer overflow in the NCP engine in Novell eDirectory ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4178 (Integer signedness error in the i386_set_ldt call in FreeBSD 5.5, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4179 RESERVED CVE-2006-4180 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4181 (Format string vulnerability in the sqllog function in the SQL ...) BUG: 156376 CVE-2006-4182 (Integer overflow in ClamAV 0.88.1 and 0.88.4, and other versions ...) BUG: 151561 CVE-2006-4183 (Heap-based buffer overflow in Microsoft DirectX SDK (February 2006) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4184 (SmartLine DeviceLock before 5.73 Build 305 does not properly enforce ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4185 (Unspecified vulnerability in the NCPENGINE in Novell eDirectory ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4186 (The iManager in eMBoxClient.jar in Novell eDirectory 8.7.3.8 writes ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4187 (Unspecified vulnerability in HP-UX B.11.00, B.11.11 and B.11.23, when ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4188 (Unspecified vulnerability in the LP subsystem in HP-UX B.11.00, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4189 (Multiple PHP remote file inclusion vulnerabilities in Dolphin 5.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4190 (Directory traversal vulnerability in autohtml.php in the AutoHTML ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4191 (Directory traversal vulnerability in memcp.php in XMB (Extreme Message ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4192 (Multiple buffer overflows in MODPlug Tracker (OpenMPT) 1.17.02.43 and ...) BUG: 143404 CVE-2006-4193 (Microsoft Internet Explorer 6.0 SP1 and possibly other versions allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4194 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4195 (PHP remote file inclusion vulnerability in param.peoplebook.php in the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4196 (PHP remote file inclusion vulnerability in index.php in WEBInsta CMS ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4197 (Multiple buffer overflows in libmusicbrainz (aka mb_client or ...) BUG: 144089 CVE-2006-4198 (PHP remote file inclusion vulnerability in includes/session.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4199 (Cross-site scripting (XSS) vulnerability in Soft3304 04WebServer 1.83 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4200 (Unspecified vulnerability in 04WebServer 1.83 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4201 (Unspecified vulnerability in the backup agent and Cell Manager in HP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4202 (SQL injection vulnerability in proje_goster.php in Spidey Blog Script ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4203 (PHP remote file inclusion vulnerability in help.mmp.php in the MMP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4204 (Multiple PHP remote file inclusion vulnerabilities in PHProjekt 5.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4205 (Multiple PHP remote file inclusion vulnerabilities in WebDynamite ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4206 (Cross-site scripting (XSS) vulnerability in calendar.asp in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4207 (Multiple PHP remote file inclusion vulnerabilities in Bob Jewell ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4208 (Directory traversal vulnerability in wp-db-backup.php in Skippy ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4209 (PHP remote file inclusion vulnerability in install3.php in WEBInsta ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4210 (nu_mail.inc.php in Andreas Kansok phPay 2.02 and 2.02.1, when ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4211 (Cross-site scripting (XSS) vulnerability in b0zz and Chris Vincent Owl ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4212 (SQL injection vulnerability in b0zz and Chris Vincent Owl Intranet ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4213 (PHP remote file inclusion vulnerability in config.php in David Kent ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4214 (Multiple SQL injection vulnerabilities in Zen Cart 1.3.0.2 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4215 (PHP remote file inclusion vulnerability in index.php in Zen Cart ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4216 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4217 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4218 (Directory traversal vulnerability in Zen Cart 1.3.0.2 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4219 (The Terminal Services COM object (tsuserex.dll) allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4220 (Multiple cross-site scripting (XSS) vulnerabilities in webacc in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4221 (Stack-based buffer overflow in the IBM Access Support eGatherer ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4222 (Multiple unspecified vulnerabilities in IBM WebSphere Application ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4223 (IBM WebSphere Application Server (WAS) before 6.0.2.13 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4224 (Cross-site scripting (XSS) vulnerability in calendar.php in Virtual ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4225 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4226 (MySQL before 4.1.21, 5.0 before 5.0.25, and 5.1 before 5.1.12, when ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4227 (MySQL before 5.0.25 and 5.1 before 5.1.12 evaluates arguments of suid ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4228 (Symantec Veritas NetBackup PureDisk Remote Office Edition 6.0 before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4229 (PHP remote file inclusion vulnerability in archive.php in the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4230 (Multiple PHP remote file inclusion vulnerabilities in index.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4231 (IrfanView 3.98 (with plugins) allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4232 (Race condition in the grid-proxy-init tool in Globus Toolkit 3.2.x, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4233 (Globus Toolkit 3.2.x, 4.0.x, and 4.1.0 before 20060815 allow local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4234 (PHP remote file inclusion vulnerability in classes/query.class.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4235 (Buffer overflow in the import project functionality in Sony SonicStage ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4236 (Multiple PHP remote file inclusion vulnerabilities in POWERGAP allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4237 (PHP remote file inclusion vulnerability in pageheaderdefault.inc.php ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4238 (SQL injection vulnerability in torrents.php in WebTorrent (WTcom) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4239 (PHP remote file inclusion vulnerability in include/urights.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4240 (PHP remote file inclusion vulnerability in index.php in Fusion News ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4241 (PHP remote file inclusion vulnerability in processor/reporter.sql.php ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4242 (PHP remote file inclusion vulnerability in install.jim.php in the JIM ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4243 RESERVED CVE-2006-4244 (SQL-Ledger 2.4.4 through 2.6.17 authenticates users by verifying that ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4245 RESERVED CVE-2006-4246 (Usermin before 1.220 (20060629) allows remote attackers to read ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4247 (Unspecified vulnerability in the Password Reset Tool before 0.4.1 on ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4248 (thttpd on Debian GNU/Linux, and possibly other distributions, allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4249 (Unspecified vulnerability in PlonePAS in Plone 2.5 and 2.5.1, when ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4250 (Buffer overflow in man and mandb (man-db) 2.4.3 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4251 (Buffer overflow in PowerDNS Recursor 3.1.3 and earlier might allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4252 (PowerDNS Recursor 3.1.3 and earlier allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4253 (Concurrency vulnerability in Mozilla Firefox 1.5.0.6 and earlier ...) BUG: 147651 BUG: 147653 BUG: 147652 CVE-2006-4254 (Unspecified vulnerability in setlocale in IBM AIX 5.1.0 through 5.3.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4255 (Cross-site scripting (XSS) vulnerability in horde/imp/search.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4256 (index.php in Horde Application Framework before 3.1.2 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4257 (IBM DB2 Universal Database (UDB) before 8.1 FixPak 13 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4258 (Absolute path traversal vulnerability in the get functionality in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4259 (Cross-site scripting (XSS) vulnerability in index.php in Fotopholder ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4260 (Directory traversal vulnerability in index.php in Fotopholder 1.8 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4261 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4262 (Multiple buffer overflows in cscope 15.5 and earlier allow ...) BUG: 144869 CVE-2006-4263 (Multiple PHP remote file inclusion vulnerabilities in the Product ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4264 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4265 (Kaspersky Anti-Hacker 1.8.180, when Stealth Mode is enabled, allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4266 (Symantec Norton Personal Firewall 2006 9.1.0.33, and possibly earlier, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4267 (Multiple SQL injection vulnerabilities in CubeCart 3.0.11 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4268 (Multiple cross-site scripting (XSS) vulnerabilities in CubeCart 3.0.11 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4269 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4270 (PHP remote file inclusion vulnerability in mambelfish.class.php in the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4271 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4272 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4273 (Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin 3.5.4 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4274 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4275 (PHP remote file inclusion vulnerability in catalogshop.php in the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4276 (PHP remote file inclusion vulnerability in Tutti Nova 1.6 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4277 (Multiple PHP remote file inclusion vulnerabilities in Tutti Nova 1.6 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4278 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4279 (SQL injection vulnerability in topic_post.php in XennoBB 2.2.1 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4280 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4281 (PHP remote file inclusion vulnerability in akocomments.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4282 (PHP remote file inclusion vulnerability in MamboLogin.php in the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4283 (Multiple PHP remote file inclusion vulnerabilities in SOLMETRA SPAW ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4284 (SQL injection vulnerability in comments.asp in LBlog 1.05 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4285 (PHP remote file inclusion vulnerability in news.php in Fantastic News ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4286 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4287 (Multiple PHP remote file inclusion vulnerabilities in NES Game and NES ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4288 (PHP remote file inclusion vulnerability in admin.a6mambocredits.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4289 (Buffer overflow in Sony VAIO Media Server 2.x, 3.x, 4.x, and 5.x ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4290 (Directory traversal vulnerability in Sony VAIO Media Server 2.x, 3.x, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4291 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4292 (Unspecified vulnerability in Niels Provos Honeyd before 1.5b allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4293 (Multiple cross-site scripting (XSS) vulnerabilities in cPanel 10 allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4294 (Directory traversal vulnerability in viewfile in TWiki 4.0.0 through 4.0.4 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4295 (Cross-site scripting (XSS) vulnerability in ascan_6.asp in Panda ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4296 (PHP remote file inclusion vulnerability in classes/Tar.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4297 (SQL injection vulnerability in shopping_cart.php in osCommerce before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4298 (Multiple directory traversal vulnerabilities in cache.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4299 (Cross-site scripting (XSS) vulnerability in tiki-searchindex.php in ...) BUG: 145714 CVE-2006-4300 (SQL injection vulnerability in comments.asp in SimpleBlog 2.0 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4301 (Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4302 (The Java Plug-in J2SE 1.3.0_02 through 5.0 Update 5, and Java Web ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4303 (Race condition in (1) libnsl and (2) TLI/XTI API routines in Sun ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4304 (Buffer overflow in the sppp driver in FreeBSD 4.11 through 6.1, NetBSD ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4305 (Buffer overflow in SAP DB and MaxDB before 7.6.00.30 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4306 (Unspecified vulnerability in Sun Solaris 8 and 9 before 20060821 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4307 (Unspecified vulnerability in the format command in Sun Solaris 8 and 9 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4308 (Multiple cross-site scripting (XSS) vulnerabilities in Blackboard ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4309 (VNC server on the AK-Systems Windows Terminal 1.2.5 ExVLP is not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4310 (Mozilla Firefox 1.5.0.6 allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4311 (PHP remote file inclusion vulnerability in Sonium Enterprise ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4312 (Cisco PIX 500 Series Security Appliances and ASA 5500 Series Adaptive ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4313 (Multiple unspecified vulnerabilities in Cisco VPN 3000 series ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4314 (The manager server in Symantec Enterprise Security Manager (ESM) 6 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4315 (Unquoted Windows search path vulnerability in multiple SSH Tectia ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4316 (SSH Tectia Management Agent 2.1.2 allows local users to gain root ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4317 (Cross-site scripting (XSS) vulnerability in attachment.php in WoltLab ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4318 (Buffer overflow in WFTPD Server 3.23 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4319 (Buffer overflow in the format command in Solaris 8, 9, and 10 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4320 (PHP remote file inclusion vulnerability in sef.php in the OpenSEF ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4321 (PHP remote file inclusion vulnerability in cpg.php in the Coppermine ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4322 (PHP remote file inclusion vulnerability in estateagent.php in the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4323 (SQL injection vulnerability in list.php in CityForFree indexcity 1.0, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4324 (Cross-site scripting (XSS) vulnerability in add_url2.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4325 (Cross-site scripting (XSS) vulnerability in gbook.php in Doika ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4326 (Stack-based buffer overflow in Justsystem Ichitaro 9.x through 13.x, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4327 (Multiple cross-site scripting (XSS) vulnerabilities in add_url.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4328 (SQL injection vulnerability in admin.php in CloudNine Interactive ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4329 (Multiple PHP remote file inclusion vulnerabilities in Shadows Rising ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4330 (Unspecified vulnerability in the SCSI dissector in Wireshark (formerly ...) BUG: 144946 CVE-2006-4331 (Multiple off-by-one errors in the IPSec ESP preference parser in ...) BUG: 144946 CVE-2006-4332 (Unspecified vulnerability in the DHCP dissector in Wireshark (formerly ...) BUG: 144946 CVE-2006-4333 (The SSCOP dissector in Wireshark (formerly Ethereal) before 0.99.3 allows ...) BUG: 144946 CVE-2006-4334 (Unspecified vulnerability in gzip 1.3.5 allows context-dependent ...) BUG: 145511 CVE-2006-4335 (Array index error in the make_table function in unlzh.c in the LZH ...) BUG: 151252 BUG: 145511 CVE-2006-4336 (Buffer underflow in the build_tree function in unpack.c in gzip 1.3.5 allows ...) BUG: 151252 BUG: 145511 CVE-2006-4337 (Buffer overflow in the make_table function in the LHZ component in ...) BUG: 151252 BUG: 145511 CVE-2006-4338 (unlzh.c in the LHZ component in gzip 1.3.5 allows context-dependent ...) BUG: 151252 BUG: 145511 CVE-2006-4339 (OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, ...) BUG: 146438 BUG: 146375 BUG: 148283 CVE-2006-4340 (Mozilla Network Security Service (NSS) library before 3.11.3, as used ...) BUG: 148283 BUG: 147653 BUG: 147652 CVE-2006-4341 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4342 (The kernel in Red Hat Enterprise Linux 3, when running on SMP systems, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4343 (The get_server_hello function in the SSLv2 client code in OpenSSL ...) BUG: 152640 BUG: 145510 CVE-2006-4344 (CRLF injection vulnerability in CGI-Rescue Mail F/W System (formd) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4345 (Stack-based buffer overflow in channels/chan_mgcp.c in MGCP in ...) BUG: 151881 BUG: 144941 CVE-2006-4346 (Asterisk 1.2.10 supports the use of client-controlled variables to ...) BUG: 151881 BUG: 144941 CVE-2006-4347 (SQL injection vulnerability in user logon authentication request ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4348 (PHP remote file inclusion vulnerability in config.kochsuite.php in the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4349 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4350 (SQL injection vulnerability in index.php in OneOrZero 1.6.4.1 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4351 (Cross-site scripting (XSS) vulnerability in index.php in OneOrZero ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4352 (The ArrowPoint cookie functionality for Cisco 11000 series Content ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4353 (Unspecified vulnerability in Sun Java System Content Delivery Server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4354 (PHP remote file inclusion vulnerability in e/class/CheckLevel.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4355 (Cross-site scripting (XSS) vulnerability in Drupal Easylinks Module ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4356 (SQL injection vulnerability in Drupal Easylinks Module ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4357 (PHP remote file inclusion vulnerability in clients/index.php in Diesel ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4358 (Cross-site scripting (XSS) vulnerability in index.php in Diesel Pay ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4359 (Stack-based buffer overflow in Trident Software PowerZip 7.06 Build ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4360 (Cross-site scripting (XSS) vulnerability in E-commerce 4.7 for Drupal ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4361 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4362 (Cross-site scripting (XSS) vulnerability in getad.php in Diesel Paid ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4363 (PHP remote file inclusion vulnerability in admin.cropcanvas.php in the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4364 (Multiple heap-based buffer overflows in the POP3 server in Alt-N ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4365 (Multiple PHP remote file inclusion vulnerabilities in VistaBB 2.0.33 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4366 (PHP remote file inclusion vulnerability in index.php in RedBLoG 0.5 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4367 (SQL injection vulnerability in alltopics.php in the All Topics Hack ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4368 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4369 (Absolute path traversal vulnerability in includes/functions_portal.php ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4370 (Alt-N WebAdmin 3.2.3 and 3.2.4 running with MDaemon 9.0.5, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4371 (Multiple directory traversal vulnerabilities in Alt-N WebAdmin 3.2.3 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4372 (PHP remote file inclusion vulnerability in admin.lurm_constructor.php ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4373 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4374 (IrfanView 3.98 (with plugins) allows user-assisted attackers to cause ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4375 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4376 (Multiple cross-site scripting (XSS) vulnerabilities in Guder und Koch ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4377 (Multiple SQL injection vulnerabilities in Guder und Koch ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4378 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4379 (Stack-based buffer overflow in the SMTP Daemon in Ipswitch ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4380 (MySQL before 4.1.13 allows local users to cause a denial of service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4381 (Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4382 (Multiple buffer overflows in Apple QuickTime before 7.1.3 allow ...) BUG: 150288 CVE-2006-4383 RESERVED CVE-2006-4384 (Heap-based buffer overflow in Apple QuickTime before 7.1.3 allows ...) BUG: 150288 CVE-2006-4385 (Buffer overflow in Apple QuickTime before 7.1.3 allows user-assisted ...) BUG: 150288 CVE-2006-4386 (Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted ...) BUG: 150288 CVE-2006-4387 (Apple Mac OS X 10.4 through 10.4.7, when the administrator clears the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4388 (Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted ...) BUG: 150288 CVE-2006-4389 (Apple QuickTime before 7.1.3 allows user-assisted remote attackers to ...) BUG: 150288 CVE-2006-4390 (CFNetwork in Apple Mac OS X 10.4 through 10.4.7 and 10.3.9 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4391 (Buffer overflow in Apple ImageIO on Apple Mac OS X 10.4 through 10.4.7 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4392 (The Mach kernel, as used in operating systems including (1) Mac OS X ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4393 (Unspecified vulnerability in LoginWindow in Apple Mac OS X 10.4 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4394 (A logic error in LoginWindow in Apple Mac OS X 10.4 through 10.4.7, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4395 (Unspecified vulnerability in QuickDraw Manager in Apple Mac OS X ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4396 (The Apple Type Services (ATS) server in Mac OS X 10.4.8 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4397 (Unchecked error condition in LoginWindow in Apple Mac OS X 10.4 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4398 (Multiple buffer overflows in the Apple Type Services (ATS) server in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4399 (User interface inconsistency in Workgroup Manager in Apple Mac OS X ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4400 (Stack-based buffer overflow in the Apple Type Services (ATS) server in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4401 (Unspecified vulnerability in CFNetwork in Mac OS 10.4.8 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4402 (Heap-based buffer overflow in the Finder in Apple Mac OS X 10.4.8 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4403 (The FTP server in Apple Mac OS X 10.4.8 and earlier, when FTP Access ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4404 (The Installer application in Apple Mac OS X 10.4.8 and earlier, when ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4405 RESERVED CVE-2006-4406 (Buffer overflow in PPP on Apple Mac OS X 10.4.x up to 10.4.8 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4407 (The Security Framework in Apple Mac OS X 10.3.x up to 10.3.9 does not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4408 (The Security Framework in Apple Mac OS X 10.4 through 10.4.8 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4409 (The Online Certificate Status Protocol (OCSP) service in the Security ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4410 (The Security Framework in Apple Mac OS X 10.3.9, and 10.4.x before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4411 (The VPN service in Apple Mac OS X 10.3.x through 10.3.9 and 10.4.x ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4412 (WebKit in Apple Mac OS X 10.3.x through 10.3.9 and 10.4 through 10.4.8 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4413 (Apple Remote Desktop before 3.1 uses insecure permissions for certain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4414 RESERVED CVE-2006-4415 RESERVED CVE-2006-4416 (Untrusted search path vulnerability in the mkvg command in IBM AIX 5.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4417 (SQL injection vulnerability in edituser.php in Xoops before 2.0.15 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4418 (Directory traversal vulnerability in index.php for Wikepage 2006.2a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4419 (SQL injection vulnerability in note.php in ProManager 0.73 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4420 (Directory traversal vulnerability in include_lang.php in Phaos 0.9.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4421 (Cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4422 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4423 (Multiple PHP remote file inclusion vulnerabilities in Bigace 1.8.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4424 (PHP remote file inclusion vulnerability in coin_includes/constants.php ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4425 (Multiple PHP remote file inclusion vulnerabilities in phpCOIN 1.2.3 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4426 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4427 (index.php in eFiction before 2.0.7 allows remote attackers to bypass ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4428 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4429 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4430 (The Cisco Network Admission Control (NAC) 3.6.4.1 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4431 (Multiple buffer overflows in the (a) Session Clustering Daemon and the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4432 (Directory traversal vulnerability in Zend Platform 2.2.1 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4433 (PHP before 4.4.3 and 5.x before 5.1.4 does not limit the character set ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4434 (Use-after-free vulnerability in Sendmail before 8.13.8 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4435 (OpenBSD 3.8, 3.9, and possibly earlier versions allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4436 (isakmpd in OpenBSD 3.8, 3.9, and possibly earlier versions, creates ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4437 (Eval injection vulnerability in Tagger LE allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4438 (Heap-based buffer overflow in SpIDer for Dr.Web Scanner for Linux ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4439 (pkgadd in Sun Solaris 10 before 20060825 installs files with insecure ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4440 (PHP remote file inclusion vulnerability in main.php in Ay System ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4441 (Multiple PHP remote file inclusion vulnerabilities in Ay System ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4442 (Cross-site scripting (XSS) vulnerability in PHP iAddressBook before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4443 (PHP remote file inclusion vulnerability in myajaxphp.php in AlstraSoft ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4444 (Multiple SQL injection vulnerabilities in Cybozu Garoon 2.1.0 for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4445 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4446 (Heap-based buffer overflow in DirectAnimation.PathControl COM object ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4447 (X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, ...) BUG: 163146 BUG: 135974 CVE-2006-4448 (Multiple PHP remote file inclusion vulnerabilities in interact 2.2, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4449 (Cross-site scripting (XSS) vulnerability in attachment.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4450 (usercp_avatar.php in PHPBB 2.0.20, when avatar uploading is enabled, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4451 (Direct static code injection vulnerability in CJ Tag Board 3.0 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4452 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4453 (Cross-site scripting (XSS) vulnerability in PmWiki before 2.1.18 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4454 (Cross-site scripting (XSS) vulnerability in hlstats.php in HLstats ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4455 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4456 (PHP remote file inclusion vulnerability in functions.php in phpECard ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4457 (PHP remote file inclusion vulnerability in index.php in phpECard 2.1.4 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4458 (Directory traversal vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4459 (Integer overflow in AnywhereUSB/5 1.80.00 allows local users to cause ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4460 (Cross-site scripting (XSS) vulnerability in PHP iAddressBook before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4461 (Paessler IPCheck Server Monitor before 5.3.3.639/640 does not properly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4462 (Gonafish.com LinksCaffe 2.0 and 3.0 do not properly restrict access to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4463 (SQL injection vulnerability in the administrator control panel in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4464 (The Nokia Browser, possibly Nokia Symbian 60 Browser 3rd edition, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4465 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4466 (Joomla! before 1.0.11 does not properly unset variables when the input ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4467 (Simple Machines Forum (SMF) 1.1RCx before 1.1RC3, and 1.0.x before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4468 (Multiple unspecified vulnerabilities in Joomla! before 1.0.11, related ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4469 (Unspecified vulnerability in PEAR.php in Joomla! before 1.0.11 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4470 (Joomla! before 1.0.11 omits some checks for whether _VALID_MOS is ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4471 (The Admin Upload Image functionality in Joomla! before 1.0.11 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4472 (Multiple unspecified vulnerabilities in Joomla! before 1.0.11 allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4473 (Unspecified vulnerability in com_content in Joomla! before 1.0.11, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4474 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4475 (Joomla! before 1.0.11 does not limit access to the Admin Popups ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4476 (Multiple unspecified vulnerabilities in Joomla! before 1.0.11, related ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4477 (Multiple PHP remote file inclusion vulnerabilities in Visual Shapers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4478 (SQL injection vulnerability in headeruserdata.php in Visual Shapers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4479 (Cross-site scripting (XSS) vulnerability in loginreq2.php in Visual ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4480 (Incomplete blacklist vulnerability in the nk_CSS function in nuked.php ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4481 (The (1) file_exists and (2) imap_reopen functions in PHP before 5.1.5 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4482 (Multiple heap-based buffer overflows in the (1) str_repeat and (2) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4483 (The cURL extension files (1) ext/curl/interface.c and (2) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4484 (Buffer overflow in the LWZReadByte_ function in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4485 (The stripos function in PHP before 5.1.5 has unknown impact and attack ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4486 (Integer overflow in memory allocation routines in PHP before 5.1.6, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4487 (DUware DUpoll 3.0 and 3.1 stores _private/Dupoll.mdb under the web ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4488 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4489 (Multiple PHP remote file inclusion vulnerabilities in MiniBill ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4490 (Multiple directory traversal vulnerabilities in Cybozu Office before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4491 (Directory traversal vulnerability in Cybozu Collaborex, AG before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4492 (Unspecified vulnerability in Cybozu Office 6.5 Build 1.2 for Windows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4493 (xbiff2 1.9 creates $HOME/.xbiff2rc in a user's home directory with ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4494 (Microsoft Visual Studio 6.0 allows remote attackers to cause a denial ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4495 (Microsoft Internet Explorer allows remote attackers to cause a denial ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4496 (Cross-site scripting (XSS) vulnerability in comments.php in IwebNegar ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4497 (SQL injection vulnerability in comments.php in IwebNegar 1.1 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4498 (PHP remote file inclusion vulnerability in sommaire_admin.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4499 (ModernBill 5.0.4 and earlier uses cURL with insecure settings for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4500 (Cross-site scripting (XSS) vulnerability in index.php in ezPortal/ztml ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4501 (SQL injection vulnerability in index.php in ezPortal/ztml CMS 1.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4502 (ezPortal/ztml CMS 1.0 allows remote attackers to bypass authentication ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4503 (Directory traversal vulnerability in link.php in NX5Linx 1.0 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4504 (SQL injection vulnerability in NX5Linx 1.0 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4505 (CRLF injection vulnerability in links.php in NX5Linx 1.0 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4506 (idmlib.sh in nxdrv in Novell Identity Manager (IDM) 3.0.1 allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4507 (Unspecified vulnerability in the TIFF viewer (possibly libTIFF) in the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4508 (Unspecified vulnerability in (1) Tor 0.1.0.x before 0.1.0.18 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4509 (Integer overflow in the evtFilteredMonitorEventsRequest function in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4510 (The evtFilteredMonitorEventsRequest function in the LDAP service in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4511 (Messenger Agents (nmma.exe) in Novell GroupWise 2.0.2 and 1.0.6 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4512 RESERVED CVE-2006-4513 (Multiple integer overflows in the WV library in wvWare (formerly ...) BUG: 153800 CVE-2006-4514 (Heap-based buffer overflow in the ole_info_read_metabat function in ...) BUG: 156693 CVE-2006-4515 RESERVED CVE-2006-4516 (Integer signedness error in FreeBSD 6.0-RELEASE allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4517 (Novell iManager 2.5 and 2.0.2 allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4518 (Qbik WinGate 6.1.4 and earlier allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4519 (Multiple integer overflows in the image loader plug-ins in GIMP before ...) BUG: 182047 CVE-2006-4520 (ncp in Novell eDirectory before 8.7.3 SP9, and 8.8.x before 8.8.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4521 (The BerDecodeLoginDataRequest function in the libnmasldap.so NMAS ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4522 (Unspecified vulnerability in dtterm in IBM AIX 5.2 and 5.3 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4523 (The web-based management interface in 2Wire, Inc. HomePortal and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4524 (Multiple SQL injection vulnerabilities in login_verif.asp in Digiappz ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4525 (Cross-site scripting (XSS) vulnerability in CubeCart 3.0.12 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4526 (SQL injection vulnerability in includes/content/viewCat.inc.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4527 (includes/content/gateway.inc.php in CubeCart 3.0.12 and earlier, when ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4528 (Multiple cross-site scripting (XSS) vulnerabilities in membrepass 1.5 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4529 (SQL injection vulnerability in recherchemembre.php in membrepass 1.5. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4530 (Direct static code injection vulnerability in include/change.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4531 (PHP remote file inclusion vulnerability in lib/config.php in Pheap CMS ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4532 (PHP remote file inclusion vulnerability in articles/article.php in Yet ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4533 (Multiple PHP remote file inclusion vulnerabilities in Plume CMS 1.0.6 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4534 (Unspecified vulnerability in Microsoft Word 2000, 2002, and Office ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4535 (The Linux kernel 2.6.17.10 and 2.6.17.11 and 2.6.18-rc5 allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4536 (SQL injection vulnerability in module/rejestracja.php in CMS Frogss ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4537 (NET$SESSION_CONTROL.EXE in DECnet-Plus in OpenVMS ALPHA 7.3-2 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4538 (Linux kernel 2.6.17 and earlier, when running on IA64 or SPARC ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4539 ((1) includes/widgets/module_company_tickets.php and (2) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4540 (Cross-site scripting (XSS) vulnerability in learncenter.asp in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4541 (RapDrv.sys in BlackICE PC Protection 3.6.cpn, cpj, cpiE, and possibly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4542 (Webmin before 1.296 and Usermin before 1.226 do not properly handle a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4543 (Cross-site scripting (XSS) vulnerability in index.php in HLStats 1.34 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4544 (Multiple PHP remote file inclusion vulnerabilities in ExBB 1.9.1, when ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4545 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4546 (Lyris ListManager 8.95 allows remote authenticated users, who have ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4547 (Lyris ListManager 8.95 allows remote authenticated users to obtain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4548 (e107 0.75 and earlier does not properly unset variables when the input ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4549 (CHXO Feedsplitter 2006-01-21 allows remote attackers to read the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4550 (Directory traversal vulnerability in CHXO Feedsplitter 2006-01-21 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4551 (Eval injection vulnerability in CHXO Feedsplitter 2006-01-21 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4552 (Cross-site scripting (XSS) vulnerability in CHXO Feedsplitter ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4553 (PHP remote file inclusion vulnerability in plugin.class.php in the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4554 (Stack-based buffer overflow in the ReadFile function in the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4555 (Buffer overflow in the Retro64 / Miniclip CR64Loader ActiveX control ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4556 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4557 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4558 (DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4559 (Multiple PHP remote file inclusion vulnerabilities in Yet Another ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4560 (Internet Explorer 6 on Windows XP SP2 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4561 (Mozilla Firefox 1.5.0.6 allows remote attackers to execute arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4562 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4563 (Cross-site scripting (XSS) vulnerability in the MyHeadlines before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4564 (SQL injection vulnerability in Sources/ManageBoards.php in Simple ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4565 (Heap-based buffer overflow in Mozilla Firefox before 1.5.0.7, ...) BUG: 147651 BUG: 147653 BUG: 147652 CVE-2006-4566 (Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and ...) BUG: 147651 BUG: 147653 BUG: 147652 CVE-2006-4567 (Mozilla Firefox before 1.5.0.7 and Thunderbird before 1.5.0.7 makes it ...) BUG: 147653 BUG: 147652 CVE-2006-4568 (Mozilla Firefox before 1.5.0.7 and SeaMonkey before 1.0.5 allows ...) BUG: 147651 BUG: 147652 CVE-2006-4569 (The popup blocker in Mozilla Firefox before 1.5.0.7 opens the "blocked ...) BUG: 147652 CVE-2006-4570 (Mozilla Thunderbird before 1.5.0.7 and SeaMonkey before 1.0.5, with ...) BUG: 147651 BUG: 147653 CVE-2006-4571 (Multiple unspecified vulnerabilities in Firefox before 1.5.0.7, ...) BUG: 147651 BUG: 147653 BUG: 147652 CVE-2006-4572 (ip6_tables in netfilter in the Linux kernel before 2.6.16.31 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4573 (Multiple unspecified vulnerabilities in the "utf8 combining characters ...) BUG: 152770 CVE-2006-4574 (Off-by-one error in the MIME Multipart dissector in Wireshark ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4575 (Multiple SQL injection vulnerabilities in The Address Book 1.04e allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4576 (Cross-site scripting (XSS) vulnerability in The Address Book 1.04e allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4577 (Multiple cross-site scripting (XSS) vulnerabilities in The Address Book 1.04e ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4578 (export.php in The Address Book 1.04e writes username and password hash ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4579 (Directory traversal vulnerability in users.php in The Address Book ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4580 (register.php in The Address Book 1.04e allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4581 (Unrestricted file upload vulnerability in The Address Book 1.04e validates ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4582 (Cross-site request forgery (CSRF) vulnerability in The Address Book 1.04e ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4583 (Multiple PHP remote file inclusion vulnerabilities in FlashChat before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4584 (Tr Forum 2.0 allows remote attackers to bypass authentication and add ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4585 (SQL injection vulnerability in admin/editer.php in Tr Forum 2.0 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4586 (The admin panel in Tr Forum 2.0 accepts a username and password hash ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4587 (Multiple cross-site scripting (XSS) vulnerabilities in vtiger CRM ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4588 (vtiger CRM 4.2.4, and possibly earlier, allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4589 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4590 (SQL injection vulnerability in admin/default.asp in Jetstat.com JS ASP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4591 (Multiple PHP remote file inclusion vulnerabilities in AlstraSoft ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4592 (Incomplete blacklist vulnerability in default.asp in 8pixel.net Simple ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4593 (Cross-site scripting (XSS) vulnerability in index.php in SoftBB 0.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4594 (Multiple PHP remote file inclusion vulnerabilities in PHP Advanced ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4595 (muforum (µforum) 0.4c stores membres/members.dat under the web ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4596 (PHP remote file inclusion in MyBace Light Skrip, when register_globals ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4597 (SQL injection vulnerability in devam.asp in ICBlogger 2.0 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4598 (Multiple SQL injection vulnerabilities in links.php in ssLinks 1.22 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4599 (SQL injection vulnerability in aut_verifica.inc.php in Autentificator ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4600 (slapd in OpenLDAP before 2.3.25 allows remote authenticated users with ...) BUG: 193196 CVE-2006-4601 (SQL injection vulnerability in index.php in Annuaire 1Two 2.2 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4602 (Unrestricted file upload vulnerability in jhot.php in TikiWiki 1.9.4 ...) BUG: 145714 CVE-2006-4603 (NCH Swift Sound Web Dictate 1.02 allows remote attackers to bypass ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4604 (PHP remote file inclusion vulnerability in LFXlib/access_manager.php ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4605 (PHP remote file inclusion vulnerability in index.php in Longino Jacome ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4606 (Multiple SQL injection vulnerabilities in Longino Jacome php-Revista ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4607 (admin/index.php in Longino Jacome php-Revista 1.1.2 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4608 (Multiple cross-site scripting (XSS) vulnerabilities in Longino Jacome ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4609 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4610 (PHP remote file inclusion vulnerability in index.php in GrapAgenda ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4611 (Buffer overflow in the _tor_resolve function in dsocks.c in dsocks ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4612 (SQL injection vulnerability in ReplyNew.asp in ZIXForum 1.12 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4613 (Multiple unspecified vulnerabilities in SnapGear before 3.1.4u1 allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4614 (PDAapps Verichat for Pocket PC 1.30bh stores usernames and passwords ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4615 (Shape Services IM+ Mobile Instant Messenger for Pocket PC 3.10 stores ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4616 (SMTP service in MailEnable Standard, Professional, and Enterprise ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4617 (Unrestricted file upload vulnerability in fileupload.html in vtiger ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4618 (PHP remote file inclusion vulnerability in adodb-postgres7.inc.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4619 (The start update window in update.exe in Avira AntiVir PersonalEdition ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4620 (The useredit_account.wdm module in Alt-N WebAdmin 3.2.5 running with ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4621 (PHP remote file inclusion vulnerability in settings.php in Pheap 1.2, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4622 (PHP remote file inclusion vulnerability in annonce.php in AnnonceV ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4623 (The Unidirectional Lightweight Encapsulation (ULE) decapsulation ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4624 (CRLF injection vulnerability in Utils.py in Mailman before 2.1.9rc1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4625 (PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4626 (Heap-based buffer overflow in alwil avast! Anti-virus Engine before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4627 (System Information ActiveX control (msinfo.dll), when accessed via ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4628 (Cross-site scripting (XSS) vulnerability in VCD-db before 0.983 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4629 (PHP remote file inclusion vulnerability in affichage/commentaires.php ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4630 (PHP remote file inclusion vulnerability in jscript.php in Sky GUNNING ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4631 (Direct static code injection vulnerability in admin/save_opt.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4632 (Multiple SQL injection vulnerabilities in SoftBB 0.1, and possibly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4633 (index.php in SoftBB 0.1, and possibly earlier, allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4634 (Cross-site scripting (XSS) vulnerability in index.php in VBZooM allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4635 (Unspecified vulnerability in MySource Classic 2.14.6, and possibly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4636 (Directory traversal vulnerability in SZEWO PhpCommander 3.0 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4637 (Multiple PHP remote file inclusion vulnerabilities in ACGV News 0.9.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4638 (PHP remote file inclusion vulnerability in article.php in ACGV News ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4639 (Multiple PHP remote file inclusion vulnerabilities in C-News.fr C-News ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4640 (Unspecified vulnerability in Adobe Flash Player before 9.0.16.0 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4641 (SQL injection vulnerability in kategori.asp in Muratsoft Haber Portal ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4642 (AuditWizard 6.3.2, when using "Remote Audit," logs the administrator ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4643 (SQL injection vulnerability in consult/joueurs.php in Uni-Vert ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4644 (PHP remote file inclusion vulnerability in modules/home.module.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4645 (PHP remote file inclusion vulnerability in akarru.gui/main_content.php ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4646 (Cross-site scripting (XSS) vulnerability in the Drupal 4.7 Pathauto ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4647 (PHP remote file inclusion vulnerability in news.php in Sponge News 2.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4648 (PHP remote file inclusion vulnerability in bp_ncom.php in BinGo News ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4649 (PHP remote file inclusion vulnerability in bp_news.php in BinGo News ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4650 (Cisco IOS 12.0, 12.1, and 12.2, when GRE IP tunneling is used and the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4651 (Directory traversal vulnerability in download/index.php, and possibly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4652 ((1) Amazing Little Poll and (2) Amazing Little Picture Poll have a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4653 ((1) Amazing Little Poll and (2) Amazing Little Picture Poll store ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4654 (Format string vulnerability in Easy Address Book Web Server 1.2 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4655 (Buffer overflow in the Strcmp function in the XKEYBOARD extension in X ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4656 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4657 (Panda Platinum Internet Security 2006 10.02.01 and 2007 11.00.00 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4658 (Panda Platinum Internet Security 2006 10.02.01 and 2007 11.00.00 uses ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4659 (The Panda Platinum Internet Security 2006 10.02.01 and 2007 11.00.00 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4660 (Multiple cross-site scripting (XSS) vulnerabilities in the RSS Feed ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4661 (AOL ICQ Toolbar 1.3 for Internet Explorer (toolbaru.dll) does not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4662 (Heap-based buffer overflow in the MCRegEx__Search function in AOL ICQ ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4663 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4664 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4665 (Cross-site scripting (XSS) vulnerability in index.php in MKPortal M1.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4666 (Multiple PHP remote file inclusion vulnerabilities in Stefan Ernst ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4667 (Multiple SQL injection vulnerabilities in RunCMS 1.4.1 allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4668 (Cross-site scripting (XSS) vulnerability in index.php in Rob Hensley ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4669 (PHP remote file inclusion vulnerability in admin/system/include.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4670 (Multiple PHP remote file inclusion vulnerabilities in PhotoKorn ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4671 (PHP remote file inclusion vulnerability in headlines.php in Fantastic ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4672 (PHP remote file inclusion vulnerability in profitCode ppalCart 2.5 EE, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4673 (Global variable overwrite vulnerability in maincore.php in PHP-Fusion ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4674 (Direct static code injection vulnerability in doku.php in DokuWiki ...) BUG: 146800 CVE-2006-4675 (Unrestricted file upload vulnerability in lib/exe/media.php in ...) BUG: 146800 CVE-2006-4676 (TIBCO RendezVous 7.4.11 and earlier logs base64-encoded usernames and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4677 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4678 (PHP remote file inclusion vulnerability in News Evolution 3.0.3 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4679 (DokuWiki before 2006-03-09c enables the debug feature by default, ...) BUG: 146800 CVE-2006-4680 (The Remote UI in Canon imageRUNNER includes usernames and passwords ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4681 (Directory traversal vulnerability in Redirect.bat in IBM Director ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4682 (Multiple unspecified vulnerabilities in IBM Director before 5.10 allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4683 (IBM Director before 5.10 allows remote attackers to obtain sensitive ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4684 (The docutils module in Zope (Zope2) 2.7.0 through 2.7.9 and 2.8.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4685 (The XMLHTTP ActiveX control in Microsoft XML Parser 2.6 and XML Core ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4686 (Buffer overflow in the Extensible Stylesheet Language Transformations ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4687 (Microsoft Internet Explorer 5.01 through 6 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4688 (Buffer overflow in Client Service for NetWare (CSNW) in Microsoft ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4689 (Unspecified vulnerability in the driver for the Client Service for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4690 RESERVED CVE-2006-4691 (Stack-based buffer overflow in the NetpManageIPCConnect function in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4692 (Argument injection vulnerability in the Windows Object Packager ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4693 (Unspecified vulnerability in Microsoft Word 2004 for Mac and v.X for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4694 (Unspecified vulnerability in PowerPoint in Microsoft Office 2000, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4695 (Unspecified vulnerability in certain COM objects in Microsoft Office ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4696 (Unspecified vulnerability in the Server service in Microsoft Windows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4697 (Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4698 RESERVED CVE-2006-4699 RESERVED CVE-2006-4700 RESERVED CVE-2006-4701 RESERVED CVE-2006-4702 (Buffer overflow in the Windows Media Format Runtime in Microsoft ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4703 RESERVED CVE-2006-4704 (Cross-zone scripting vulnerability in the WMI Object Broker ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4705 (SQL injection vulnerability in login.php in dwayner79 and Dominic ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4706 (Cross-site scripting (XSS) vulnerability in inc/functions_post.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4707 (Cross-site scripting (XSS) vulnerability in admin/global.php (aka the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4708 (Multiple cross-site scripting (XSS) vulnerabilities in Vikingboard ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4709 (SQL injection vulnerability in topic.php in Vikingboard 0.1b allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4710 (Multiple cross-site scripting (XSS) vulnerabilities in NewsGator ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4711 (Multiple cross-site scripting (XSS) vulnerabilities in Sage allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4712 (Multiple cross-site scripting (XSS) vulnerabilities in Sage 1.3.6 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4713 (PHP remote file inclusion vulnerability in config.php in PSYWERKS PUMA ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4714 (PHP remote file inclusion vulnerability in index.php in SpoonLabs ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4715 (SQL injection vulnerability in pdf_version.php in SpoonLabs Vivvo ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4716 (PHP remote file inclusion vulnerability in demarrage.php in Fire Soft ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4717 (The login redirection mechanism in the Drupal 4.7 Pubcookie module ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4718 (Multiple cross-site scripting (XSS) vulnerabilities in livre_or.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4719 (Multiple PHP remote file inclusion vulnerabilities in MyABraCaDaWeb ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4720 (PHP remote file inclusion vulnerability in random2.php in mcGalleryPRO ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4721 (Directory traversal vulnerability in admin.php in CCleague Pro Sports ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4722 (PHP remote file inclusion vulnerability in Open Bulletin Board ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4723 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4724 (Unspecified vulnerability in the ColdFusion Flash Remoting Gateway in Adobe ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4725 (Adobe ColdFusion MX 7 and 7.01 allows local users to bypass security ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4726 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 6.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4727 (Cross-site scripting (XSS) vulnerability in emfadmin/statusView.do in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4728 RESERVED CVE-2006-4729 RESERVED CVE-2006-4730 RESERVED CVE-2006-4731 (Multiple directory traversal vulnerabilities in (1) login.pl and (2) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4732 (Unspecified vulnerability in Microsoft Visual Basic (VB) 6 has an ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4733 (PHP remote file inclusion vulnerability in sipssys/code/box.inc.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4734 (Multiple SQL injection vulnerabilities in tiki-g-admin_processes.php ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4735 (Kellan Elliott-McCrea MagpieRSS allows remote attackers to obtain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4736 (Multiple SQL injection vulnerabilities in index.php in CMS.R. 5.5 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4737 (SQL injection vulnerability in index.php in Jetbox CMS allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4738 (PHP remote file inclusion vulnerability in phpthumb.php in Jetbox CMS ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4739 (Multiple cross-site scripting (XSS) vulnerabilities in Jetbox CMS ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4740 (Jetbox CMS allows remote attackers to obtain sensitive information via ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4741 (PHP remote file inclusion vulnerability in bits_listings.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4742 (Cross-site scripting (XSS) vulnerability in user_add.php in IDevSpot ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4743 (WordPress 2.0.2 through 2.0.5 allows remote attackers to obtain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4744 (Abidia (1) O-Anywhere and (2) Abidia Wireless transmit authentication ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4745 (ScaryBear PocketExpense Pro 3.9.1 uses an internally recorded key to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4746 (PHP remote file inclusion vulnerability in news/include/customize.php ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4747 (Multiple cross-site scripting (XSS) vulnerabilities in IdevSpot ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4748 (Multiple SQL injection vulnerabilities in F-ART BLOG:CMS 4.1 allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4749 (Multiple PHP remote file inclusion vulnerabilities in PHP Advanced ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4750 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4751 (Cross-site scripting (XSS) vulnerability in index.php in Laurentiu ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4752 (Laurentiu Matei eXpandable Home Page (XHP) CMS 0.5.1 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4753 (Directory traversal vulnerability in index.php in PHProg before 1.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4754 (Cross-site scripting (XSS) vulnerability in index.php in PHProg before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4755 (Cross-site scripting (XSS) vulnerability in alpha.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4756 (SQL injection vulnerability in alpha.php in phpMyDirectory 10.4.6 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4757 (Multiple SQL injection vulnerabilities in the admin section in e107 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4758 (phpBB 2.0.21 does not properly handle pathnames ending in %00, which ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4759 (PunBB 1.2.12 does not properly handle an avatar directory pathname ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4760 (Multiple cross-site scripting (XSS) vulnerabilities in Benjamin Pasero ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4761 (Multiple cross-site scripting (XSS) vulnerabilities in Luke Hutteman ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4762 (Multiple cross-site scripting (XSS) vulnerabilities in Ykoon RssReader ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4763 (IBM Lotus Domino Web Access (DWA) 7.0.1 does not expire a client's ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4764 (PHP remote file inclusion vulnerability in common.php in Thomas LETE ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4765 (NETGEAR DG834GT Wireless ADSL router running firmware 1.01.28 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4766 (Directory traversal vulnerability in print.php in Stefan Ernst ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4767 (Multiple directory traversal vulnerabilities in Stefan Ernst ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4768 (Multiple direct static code injection vulnerabilities in add_go.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4769 (PHP remote file inclusion vulnerability in abf_js.php in p4CMS 1.05 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4770 (PHP remote file inclusion vulnerability in menu.php in MiniPort@l 2.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4771 (Cross-site scripting (XSS) vulnerability in haut.php in ForumJBC 4 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4772 (HotPlug CMS stores sensitive information under the web root with ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4773 (Sun StorEdge 6130 Array Controllers with firmware 06.12.10.11 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4774 (The VLAN Trunking Protocol (VTP) feature in Cisco IOS 12.1(19) allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4775 (The VLAN Trunking Protocol (VTP) feature in Cisco IOS 12.1(19) and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4776 (Heap-based buffer overflow in the VLAN Trunking Protocol (VTP) feature ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4777 (Heap-based buffer overflow in the DirectAnimation Path Control ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4778 (SQL injection vulnerability in Creative Commons Tools ccHost before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4779 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4780 (PHP remote file inclusion vulnerability in includes/functions.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4781 (Heap-based buffer overflow in FutureSoft TFTP Server Multithreaded ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4782 (src/index.php in WebSPELL 4.01.01 and earlier, when register_globals ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4783 (SQL injection vulnerability in squads.php in WebSPELL 4.01.01 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4784 (Multiple cross-site scripting (XSS) vulnerabilities in Moodle 1.6.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4785 (SQL injection vulnerability in blog/edit.php in Moodle 1.6.1 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4786 (Moodle 1.6.1 and earlier allows remote attackers to obtain sensitive ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4787 (AlphaMail before 1.0.16 allows local users to obtain sensitive ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4788 (PHP remote file inclusion vulnerability in includes/log.inc.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4789 (Buffer overflow in Open Movie Editor 0.0.20060901 allows local users ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4790 (verify.c in GnuTLS before 1.4.4, when using an RSA key with exponent ...) BUG: 147682 CVE-2006-4791 RESERVED CVE-2006-4792 RESERVED CVE-2006-4793 (Multiple SQL injection vulnerabilities in icerik.asp in TualBLOG 1.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4794 (Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.5 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4795 (Unspecified vulnerability in the Address and Routing Parameter Area ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4796 (Cross-site scripting (XSS) vulnerability in forum.asp in Snitz Forums ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4797 (Cross-site scripting (XSS) vulnerability in tag.php in CloudNine ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4798 (SQL-Ledger before 2.4.4 stores a password in a query string, which ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4799 (Buffer overflow in ffmpeg for xine-lib before 1.1.2 might allow ...) BUG: 133520 CVE-2006-4800 (Multiple buffer overflows in libavcodec in ffmpeg before ...) BUG: 133520 CVE-2006-4801 (Race condition in Deja Vu, as used in Roxio Toast Titanium 7 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4802 (Format string vulnerability in the Real Time Virus Scan service in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4803 (The Fan-Out Linux and UNIX receiver scripts in Novell Identity Manager ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4804 RESERVED CVE-2006-4805 (epan/dissectors/packet-xot.c in the XOT dissector (dissect_xot_pdu) in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4806 (Multiple integer overflows in imlib2 allow user-assisted remote ...) BUG: 154216 CVE-2006-4807 (loader_tga.c in imlib2 before 1.2.1, and possibly other versions, ...) BUG: 154216 CVE-2006-4808 (Heap-based buffer overflow in loader_tga.c in imlib2 before 1.2.1, and ...) BUG: 154216 CVE-2006-4809 (Stack-based buffer overflow in loader_pnm.c in imlib2 before 1.2.1, ...) BUG: 154216 CVE-2006-4810 (Buffer overflow in the readline function in util/texindex.c, as used ...) BUG: 154316 CVE-2006-4811 (Integer overflow in Qt 3.3 before 3.3.7, 4.1 before 4.1.5, and 4.2 ...) BUG: 153704 BUG: 151838 CVE-2006-4812 (Integer overflow in PHP 5 up to 5.1.6 and 4 before 4.3.0 allows remote ...) BUG: 150261 CVE-2006-4813 (The __block_prepare_write function in fs/buffer.c for Linux kernel ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4814 (The mincore function in the Linux kernel before 2.4.33.6 does not ...) BUG: 170857 CVE-2006-4815 RESERVED CVE-2006-4816 RESERVED CVE-2006-4817 RESERVED CVE-2006-4818 RESERVED CVE-2006-4819 (Heap-based buffer overflow in Opera 9.0 and 9.01 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4820 (Unspecified vulnerability in X.25 on HP-UX B.11.00, B.11.11, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4821 (Cross-site scripting (XSS) vulnerability in the Drupal 4.7 Userreview ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4822 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4823 (PHP remote file inclusion vulnerability in scripts/news_page.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4824 (PHP remote file inclusion vulnerability in lib/activeutil.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4825 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4826 (PHP remote file inclusion vulnerability in bottom.php in Shadowed ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4827 (Multiple PHP remote file inclusion vulnerabilities in Vmist Downstat ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4828 (PHP remote file inclusion vulnerability in zipndownload.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4829 (Multiple cross-site scripting (XSS) vulnerabilities in David Czarnecki ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4830 (Directory traversal vulnerability in EditBlogTemplatesPlugin.java in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4831 (Unspecified vulnerability in IP over DNS is now easy (iodine) before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4832 (Buffer overflow in the telnet service in Verso NetPerformer FRAD ACT ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4833 (Verso NetPerformer FRAD ACT SDM-95xx 7.xx (R1) and earlier, SDM-93xx ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4834 (PHP remote file inclusion vulnerability in index.php in Jule Slootbeek ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4835 (Bluview Blue Magic Board (BMB) (aka BMForum) 5.5 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4836 (SQL injection vulnerability in login.php in DCP-Portal SE 6.0 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4837 (Multiple PHP remote file inclusion vulnerabilities in DCP-Portal SE ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4838 (Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal SE ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4839 (Sophos Anti-Virus 5.1 allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4840 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4841 RESERVED CVE-2006-4842 (The Netscape Portable Runtime (NSPR) API 4.6.1 and 4.6.2, as used in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4843 (Cross-site scripting (XSS) vulnerability in the Active Content Filter ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4844 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4845 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4846 (Unspecified vulnerability in Citrix Access Gateway with Advanced ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4847 (Multiple buffer overflows in Ipswitch WS_FTP Server 5.05 before Hotfix ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4848 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4849 (PHP remote file inclusion vulnerability in header.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4850 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4851 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4852 (SQL injection vulnerability in browse.asp in QuadComm Q-Shop 3.5 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4853 (SQL injection vulnerability in kategorix.asp in Haberx 1.02 through ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4854 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4855 (The \Device\SymEvent driver in Symantec Norton Personal Firewall 2006 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4856 (Multiple cross-site scripting (XSS) vulnerabilities in Roller ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4857 (SQL injection vulnerability in default.asp (aka the login page) in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4858 (PHP remote file inclusion vulnerability in install.serverstat.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4859 (Unrestricted file upload vulnerability in contact.html.php in the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4860 (Multiple unspecified vulnerabilities in (1) index.php, (2) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4861 (SQL injection vulnerability in loginprocess.asp in Mohammed Mehdi ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4862 (SQL injection vulnerability in default.aspx in easypage allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4863 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4864 (PHP remote file inclusion vulnerability in index.php in All Enthusiast ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4865 (Walter Beschmout PhpQuiz allows remote attackers to obtain sensitive ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4866 (Buffer overflow in kextload in Apple OS X, as used by TDIXSupport in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4867 (SQL injection vulnerability in mods.php in GNUTurk 2G and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4868 (Stack-based buffer overflow in the Vector Graphics Rendering engine ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4869 (PHP remote file inclusion vulnerability in phpunity-postcard.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4870 (Multiple PHP remote file inclusion vulnerabilities in AEDating 4.1, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4871 (SQL injection vulnerability in search_run.asp in Keyvan1 (aka Keyvan ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4872 (SQL injection vulnerability in search.asp in Keyvan1 (aka Keyvan ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4873 (Jupiter CMS allows remote attackers to obtain sensitive information ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4874 (Multiple cross-site scripting (XSS) vulnerabilities in Jupiter CMS ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4875 (Unrestricted file upload vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4876 (Multiple SQL injection vulnerabilities in Jupiter CMS allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4877 (Variable overwrite vulnerability in David Bennett PHP-Post (PHPp) 1.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4878 (Directory traversal vulnerability in footer.php in David Bennett ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4879 (SQL injection vulnerability in profile.php in David Bennett PHP-Post ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4880 (David Bennett PHP-Post (PHPp) 1.0 and earlier allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4881 (Multiple cross-site scripting (XSS) vulnerabilities in David Bennett ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4882 (SQL injection vulnerability in Review.asp in Julian Roberts Charon ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4883 (Multiple cross-site scripting (XSS) vulnerabilities in IDevSpot ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4884 (Multiple cross-site scripting (XSS) vulnerabilities in IDevSpot ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4885 (PHP remote file inclusion vulnerability in Shadowed Portal 5.599 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4886 (The VirusScan On-Access Scan component in McAfee VirusScan Enterprise ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4887 (Apple Remote Desktop (ARD) for Mac OS X 10.2.8 and later does not drop ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4888 (Microsoft Internet Explorer 6 and earlier allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4889 (Multiple PHP remote file inclusion vulnerabilities in Telekorn ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4890 (Multiple PHP remote file inclusion vulnerabilities in UNAK-CMS 1.5 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4891 (SQL injection vulnerability in ArticlesTableview.asp in Techno Dreams ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4892 (SQL injection vulnerability in faqview.asp in Techno Dreams FAQ ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4893 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4894 (Cross-site scripting (XSS) vulnerability in forms/lostpassword.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4895 (IDevSpot NexieAffiliate 1.9 and earlier allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4896 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4897 (CMtextS 1.0 and earlier stores users_logins/admin.txt under the web ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4898 (PHP remote file inclusion vulnerability in include/phpxd/phpXD.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4899 (The ePPIServlet script in Computer Associates (CA) eTrust Security ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4900 (Directory traversal vulnerability in Computer Associates (CA) eTrust ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4901 (Computer Associates (CA) eTrust Security Command Center 1.0 and r8 up ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4902 (The NetBackup bpcd daemon (bpcd.exe) in Symantec Veritas NetBackup 5.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4903 RESERVED CVE-2006-4904 (Dynamic variable evaluation vulnerability in cmpi.php in Qualiteam ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4905 (PHP remote file inclusion vulnerability in index.php in Artmedic Links ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4906 (SQL injection vulnerability in modules/calendar/week.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4907 (OSU 3.11alpha and 3.10a allows remote attackers to obtain sensitive ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4908 (OSU 3.11alpha and 3.10a allows remote attackers to obtain sensitive ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4909 (Cross-site scripting (XSS) vulnerability in Cisco Guard DDoS ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4910 (The web administration interface (mainApp) to Cisco IDS before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4911 (Unspecified vulnerability in Cisco IPS 5.0 before 5.0(6p2) and 5.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4912 (PHP remote file inclusion vulnerability in PHP DocWriter 0.3 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4913 (Directory traversal vulnerability in chat/getStartOptions.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4914 (Directory traversal vulnerability in A.l-Pifou 1.8p2 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4915 (Cross-site scripting (XSS) vulnerability in index.php in Innovate ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4916 (SQL injection vulnerability in uye_profil.asp in Tekman Portal (TR) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4917 (Cross-site scripting (XSS) vulnerability in search.php in PT News ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4918 (Multiple PHP remote file inclusion vulnerabilities in Simple ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4919 (Directory traversal vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4920 (Multiple PHP remote file inclusion vulnerabilities in Site@School ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4921 (PHP remote file inclusion vulnerability in Site@School (S@S) 2.4.03 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4922 (Unrestricted file upload vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4923 (Cross-site scripting (XSS) vulnerability in search.php in eSyndiCat ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4924 (sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, ...) BUG: 148228 CVE-2006-4925 (packet.c in ssh in OpenSSH allows remote attackers to cause a denial ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4926 (The NDIS-TDI Hooking Engine, as used in the (1) KLICK (KLICK.SYS) and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4927 (The (a) NAVENG (NAVENG.SYS) and (b) NAVEX15 (NAVEX15.SYS) device ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4928 RESERVED CVE-2006-4929 RESERVED CVE-2006-4930 RESERVED CVE-2006-4931 RESERVED CVE-2006-4932 RESERVED CVE-2006-4933 RESERVED CVE-2006-4934 RESERVED CVE-2006-4935 (The Database module in Moodle before 1.6.2 does not properly handle ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4936 (Moodle before 1.6.2 does not properly validate the module instance id ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4937 (lib/setup.php in Moodle before 1.6.2 sets the error reporting level to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4938 (help.php in Moodle before 1.6.2 does not check the existence of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4939 (backup/backup_scheduled.php in Moodle before 1.6.2 generates trace ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4940 (login/forgot_password.php in Moodle before 1.6.2 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4941 (Multiple cross-site scripting (XSS) vulnerabilities in Moodle before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4942 (Moodle before 1.6.2, when the configuration lacks (1) algebra or (2) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4943 (course/jumpto.php in Moodle before 1.6.2 does not validate the session ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4944 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4945 (Multiple PHP remote file inclusion vulnerabilities in Cardway (aka ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4946 (PHP remote file inclusion vulnerability in include/startup.inc.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4947 (Cross-site scripting (XSS) vulnerability in the Drupal 4.7 Search ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4948 (Stack-based buffer overflow in tftpd.exe in ProSysInfo TFTP Server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4949 (Cross-site scripting (XSS) vulnerability in the Drupal 4.6 Site ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4950 (Cisco IOS 12.2 through 12.4 before 20060920, as used by Cisco IAD2430, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4951 (Neon WebMail for Java before 5.08 allows remote attackers to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4952 (The updatemail servlet in Neon WebMail for Java before 5.08 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4953 (Multiple SQL injection vulnerabilities in Neon WebMail for Java before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4954 (The updateuser servlet in Neon WebMail for Java before 5.08 does not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4955 (Directory traversal vulnerability in the downloadfile servlet in Neon ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4956 (Cross-site scripting (XSS) vulnerability in the updateuser servlet in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4957 (SQL injection vulnerability in the GetMember function in functions.php ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4958 (Multiple cross-site scripting (XSS) vulnerabilities in Sun Secure ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4959 (Sun Secure Global Desktop (SSGD, aka Tarantella) before 4.3 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4960 (Cross-site scripting (XSS) vulnerability in index.php Php Blue Dragon ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4961 (SQL injection vulnerability in the GetModuleConfig function in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4962 (Directory traversal vulnerability in pbd_engine.php in Php Blue Dragon ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4963 (Directory traversal vulnerability in index.php in Exponent CMS 0.96.3 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4964 (Cross-site scripting (XSS) vulnerability in MAXdev MDPro 1.0.76 before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4965 (Apple QuickTime 7.1.3 Player and Plug-In allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4966 (PHP remote file inclusion vulnerability in inc/ifunctions.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4967 (Multiple cross-site scripting (XSS) vulnerabilities in NextAge Cart ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4968 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4969 (Multiple PHP remote file inclusion vulnerabilities in WAHM E-Commerce ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4970 (PHP remote file inclusion vulnerability in enc/content.php in WAHM ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4971 (MyBB (aka MyBulletinBoard) allows remote attackers to obtain sensitive ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4972 (Cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4973 (Cross-site scripting (XSS) vulnerability in Default.aspx in Perpetual ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4974 (Buffer overflow in Ipswitch WS_FTP Limited Edition (LE) 5.08 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4975 (Yahoo! Messenger for WAP permits saving messages that contain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4976 (The Date Library in John Lim ADOdb Library for PHP allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4977 (Multiple unrestricted file upload vulnerabilities in (1) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4978 (Multiple SQL injection vulnerabilities in Walter Beschmout PhpQuiz 1.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4979 (Direct static code injection vulnerability in cfgphpquiz/install.php ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4980 (Buffer overflow in the repr function in Python 2.3 through 2.6 before ...) BUG: 149065 CVE-2006-4981 (Symantec Sygate NAC allows physically proximate attackers to bypass ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4982 (Cisco NAC maintains an exception list that does not record device ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4983 (Cisco NAC allows quarantined devices to communicate over the network ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4984 (Multiple PHP remote file inclusion vulnerabilities in Grayscale ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4985 (Multiple cross-site scripting (XSS) vulnerabilities in Grayscale ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4986 (Grayscale BandSite CMS allows remote attackers to obtain sensitive ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4987 (Multiple PHP remote file inclusion vulnerabilities in Patrick ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4988 (Multiple cross-site scripting (XSS) vulnerabilities in Patrick ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4989 (Patrick Michaelis Wili-CMS allows remote attackers to obtain sensitive ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4990 (Multiple PHP remote file inclusion vulnerabilities in PhotoPost allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4991 (RSA Keon Certificate Authority (KeonCA) Manager 6.5.1 and 6.6 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4992 (Multiple PHP remote file inclusion vulnerabilities in JD-WordPress for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4993 (Multiple PHP remote file inclusion vulnerabilities in AllMyGuests ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4994 (Multiple unquoted Windows search path vulnerabilities in Apache ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4995 (PHP remote file inclusion vulnerability in BSQ Sitestats ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4996 (Unspecified vulnerability in JoomlaLib (com_joomlalib) before 1.2.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4997 (The clip_mkip function in net/atm/clip.c of the ATM subsystem in Linux ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-4998 RESERVED CVE-2006-4999 RESERVED CVE-2006-5000 (Multiple buffer overflows in WS_FTP Server 5.05 before Hotfix 1, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5001 (Unspecified vulnerability in the log analyzer in WS_FTP Server 5.05 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5002 (Unspecified vulnerability in IBM Inventory Scout for AIX 2.2.0.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5003 (Unspecified vulnerability in the named8 command in IBM AIX 5.2.0 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5004 (Unspecified vulnerability in the rdist command in IBM AIX 5.2.0 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5005 (Unspecified vulnerability in bos.net.tcp.client in IBM AIX 5.2.0 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5006 (Buffer overflow in cfgmgr in IBM AIX 5.2.0 and 5.3.0 allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5007 (Untrusted search path vulnerability in uucp in IBM AIX 5.2.0 and 5.3.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5008 (Unspecified vulnerability in utape in IBM AIX 5.2.0 and 5.3.0 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5009 (Unspecified vulnerability in xlock in IBM AIX 5.2.0 and 5.3.0 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5010 (Untrusted search path vulnerability in acctctl in IBM AIX 5.3.0 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5011 (Untrusted search path vulnerability in snappd in IBM AIX 5.2.0 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5012 (Unspecified vulnerability in Sun Solaris 8, 9, and 10 before 20060925 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5013 (Sun Solaris 10 before patch 118855-16 (20060925), when run on x64 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5014 (Unspecified vulnerability in cPanel before 10.9.0 12 Tree allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5015 (PHP remote file inclusion vulnerability in hit.php in Kietu 3.2 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5016 (Unrestricted file upload vulnerability in admin/x_image.php in Szava ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5017 (SQL injection vulnerability in admin/all_users.php in Szava Gyula and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5018 (ContentKeeper 123.25 and earlier places passwords in cleartext in an ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5019 (Google Mini 4.4.102.M.36 and earlier allows remote attackers to obtain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5020 (Multiple PHP remote file inclusion vulnerabilities in SolidState 0.4 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5021 (Multiple PHP remote file inclusion vulnerabilities in redgun RedBLoG ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5022 (PHP remote file inclusion vulnerability in includes/global.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5023 (SQL injection vulnerability in kategori.asp in xweblog 2.1 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5024 (Multiple unspecified vulnerabilities in Paisterist Simple HTTP Scanner ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5025 (Multiple unspecified vulnerabilities in Paisterist Simple HTTP Scanner ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5026 (Multiple unspecified vulnerabilities in Paisterist Simple HTTP Scanner ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5027 (Jeroen Vennegoor JevonCMS, possibly pre alpha, allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5028 (Directory traversal vulnerability in filemanager/filemanager.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5029 (SQL injection vulnerability in thread.php in WoltLab Burning Board ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5030 (SQL injection vulnerability in modules/messages/index.php in exV2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5031 (Directory traversal vulnerability in app/webroot/js/vendors.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5032 (PHP remote file inclusion vulnerability in dix.php3 in PHPartenaire ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5033 (Unspecified vulnerability in StoresAndCalendarsList.cgi in Paul Smith ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5034 (Directory traversal vulnerability in Paul Smith Computer Services vCAP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5035 (Multiple cross-site scripting (XSS) vulnerabilities in Paul Smith ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5036 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5037 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5038 (The FiWin SS28S WiFi VoIP SIP/Skype Phone, firmware version 01_02_07, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5039 (Unspecified vulnerability in Events 1.3 beta module (com_events) for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5040 (Unspecified vulnerability in SEF404x (com_sef) for Joomla! has ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5041 (Unspecified vulnerability in Hot Properties (possibly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5042 (Unspecified vulnerability in mosMedia (com_mosmedia) 1.0.8 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5043 (Multiple PHP remote file inclusion vulnerabilities in the Joomlaboard ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5044 (Unspecified vulnerability in Prince Clan (Princeclan) Chess component ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5045 (Unspecified vulnerability in PollXT component (com_pollxt) 1.22.07 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5046 (Unspecified vulnerability in RS Gallery2 (com_rsgallery2) 1.11.3 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5047 (Unspecified vulnerability in rsgallery2.html.php in RS Gallery2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5048 (Multiple PHP remote file inclusion vulnerabilities in Security Images ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5049 (Unspecified vulnerability in Classifieds (com_classifieds) component ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5050 (Directory traversal vulnerability in httpd in Rob Landley BusyBox ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5051 (Signal handler race condition in OpenSSH before 4.4 allows remote ...) BUG: 149502 CVE-2006-5052 (Unspecified vulnerability in portable OpenSSH before 4.4, when running ...) BUG: 149502 CVE-2006-5053 (PHP remote file inclusion vulnerability in webnews/template.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5054 (SQL injection vulnerability in uye/uye_ayrinti.asp in iyzi Forum 1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5055 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5056 (Cross-site scripting (XSS) vulnerability in index.php in Opial ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5057 (Multiple cross-site scripting (XSS) vulnerabilities in Ktools.net ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5058 (Buffer overflow in (1) Call of Duty 1.5b and earlier, (2) Call of Duty ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5059 (Multiple cross-site scripting (XSS) vulnerabilities in WWWthreads ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5060 (Cross-site scripting (XSS) vulnerability in login.php in Jamroom ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5061 (PHP remote file inclusion vulnerability in mcf.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5062 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5063 (Cross-site scripting (XSS) vulnerability in Elog 2.6.1 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5064 (Multiple cross-site scripting (XSS) vulnerabilities in BirdBlog 1.4 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5065 (PHP remote file inclusion vulnerability in libs/dbmax/mysql.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5066 (Multiple cross-site scripting (XSS) vulnerabilities in DanPHPSupport ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5067 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5068 (PHP remote file inclusion vulnerability in admin/index.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5069 (Cross-site scripting (XSS) vulnerability in class.tx_indexedsearch.php ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5070 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5071 (Multiple cross-site scripting (XSS) vulnerabilities in eyeOS before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5072 (The System.CodeDom.Compiler classes in Novell Mono create temporary ...) BUG: 150264 CVE-2006-5073 (Unspecified vulnerability in Sun Solaris 8, 9 and 10 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5074 (Cross-site scripting (XSS) vulnerability in home.php in PHP Invoice ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5075 (The Kernel SSL Proxy service (svc:/network/ssl/proxy) in Sun Solaris ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5076 (Multiple PHP remote file inclusion vulnerabilities in OpenConcept ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5077 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5078 (PHP remote file inclusion vulnerability in view/general.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5079 (PHP remote file inclusion vulnerability in class.mysql.php in Matt ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5080 (Cross-site scripting (XSS) vulnerability in the search function in Six ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5081 (PHP remote file inclusion vulnerability in acc.php in QuickBlogger ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5082 (Unspecified vulnerability in Sugar Suite Open Source (SugarCRM) before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5083 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5084 (Format string vulnerability in the NSRunAlertPanel function in eBay ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5085 (Static code injection vulnerability in config.php in Blog Pixel Motion ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5086 (Blog Pixel Motion 2.1.1 allows remote attackers to change the username ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5087 (Multiple PHP remote file inclusion vulnerabilities in evoBB 0.3 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5088 (PHP remote file inclusion vulnerability in connected_users.lib.php3 in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5089 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5090 (Multiple cross-site scripting (XSS) vulnerabilities in Phoenix ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5091 (Unspecified vulnerability in HP-UX B.11.11 and B.11.23 CIFS Server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5092 (PHP remote file inclusion vulnerability in navigation/menu.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5093 (PHP remote file inclusion vulnerability in index.php in Tagmin Control ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5094 (PHP remote file inclusion vulnerability in includes/functions_kb.php ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5095 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5096 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5097 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5098 (lib/exec/fetch.php in DokuWiki before 2006-03-09e allows remote ...) BUG: 149266 CVE-2006-5099 (lib/exec/fetch.php in DokuWiki before 2006-03-09e, when ...) BUG: 149266 CVE-2006-5100 (PHP remote file inclusion vulnerability in parse/parser.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5101 (PHP remote file inclusion vulnerability in include.php in Comdev CSV ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5102 (PHP remote file inclusion vulnerability in include/editfunc.inc.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5103 (PHP remote file inclusion vulnerability in admin/index2.php in bbsNew ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5104 (SQL injection vulnerability in global.php in Jelsoft vBulletin 2.x ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5105 (Multiple PHP remote file inclusion vulnerabilities in SyntaxCMS 1.1.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5106 (Cross-site scripting (XSS) vulnerability in FacileForms before 1.4.7 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5107 (Multiple SQL injection vulnerabilities in Devellion CubeCart 2.0.x ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5108 (Multiple cross-site scripting (XSS) vulnerabilities in Devellion ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5109 (Devellion CubeCart 2.0.x allows remote attackers to obtain sensitive ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5110 (Cross-site scripting (XSS) vulnerability in home.php in PHP Invoice ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5111 (The libksba library 0.9.12 and possibly other versions, as used by ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5112 (Buffer overflow in InterVations NaviCOPA Web Server 2.01 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5113 (Directory traversal vulnerability in common.php in Yuuki Yoshizawa ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5114 (Multiple cross-site scripting (XSS) vulnerabilities in wgate in SAP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5115 (Directory traversal vulnerability in kgcall.php in KGB 1.87 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5116 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5117 (phpMyAdmin before 2.9.1-rc1 has a libraries directory under the web ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5118 (PHP remote file inclusion vulnerability in index.php3 in the PDD ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5119 (Multiple cross-site scripting (XSS) vulnerabilities in Zen Cart 1.3.5 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5120 (Multiple cross-site scripting (XSS) vulnerabilities in Scott Metoyer ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5121 (SQL injection vulnerability in modules/Downloads/admin.php in the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5122 (Multiple cross-site scripting (XSS) vulnerabilities in Mercury ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5123 (Multiple PHP remote file inclusion vulnerabilities in Albrecht ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5124 (Multiple PHP remote file inclusion vulnerabilities in Joshua Muheim ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5125 (Directory traversal vulnerability in window.php, possibly used by ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5126 (PHP remote file inclusion vulnerability in index.php in John Himmelman ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5127 (Multiple cross-site scripting (XSS) vulnerabilities in Bartels Schoene ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5128 (SQL injection vulnerability in index.php in Bartels Schoene ConPresso ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5129 (Multiple cross-site scripting (XSS) vulnerabilities in ph03y3nk just ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5130 (Multiple cross-site scripting (XSS) vulnerabilities in ph03y3nk just ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5131 (module/shout/jafshout.php (aka the shoutbox) in ph03y3nk just another ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5132 (Multiple PHP remote file inclusion vulnerabilities in phpMyAgenda 3.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5133 (Buffer overflow in GuildFTPd 0.999.13 allows remote attackers to have ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5134 (Mercury SiteScope 8.2 (8.1.2.0) allows remote authenticated users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5135 (Multiple PHP remote file inclusion vulnerabilities in A-Blog 2 allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5136 (Multiple PHP remote file inclusion vulnerabilities in ubbt.inc.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5137 (Multiple direct static code injection vulnerabilities in Groupee ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5138 (Groupee UBB.threads 6.5.1.1 allows remote attackers to obtain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5139 (Unspecified vulnerability in MkPortal allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5140 (SQL injection vulnerability in display.php in Lappy512 PHP Krazy Image ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5141 (PHP remote file inclusion vulnerability in script.php in Kevin A. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5142 (Stack-based buffer overflow in CA BrightStor ARCserve Backup R11.5 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5143 (Multiple buffer overflows in CA BrightStor ARCserve Backup r11.5 SP1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5144 (Cross-site scripting (XSS) vulnerability in userupload.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5145 (Multiple SQL injection vulnerabilities in OlateDownload 3.4.0 allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5146 (Multiple cross-site scripting (XSS) vulnerabilities in Yblog allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5147 (PHP remote file inclusion vulnerability in wamp_dir/setup/yesno.phtml ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5148 (Multiple PHP remote file inclusion vulnerabilities in Forum82 2.5.2b ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5149 (Multiple directory traversal vulnerabilities in OpenBiblio before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5150 (SQL injection vulnerability in the reports system in OpenBiblio before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5151 (Unspecified vulnerability in HP Ignite-UX server before C.6.9.150 for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5152 (Cross-site scripting (XSS) vulnerability in Microsoft Internet ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5153 (The (1) fwdrv.sys and (2) khips.sys drivers in Sunbelt Kerio Personal ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5154 (PHP remote file inclusion vulnerability in cp/sig.php in DeluxeBB 1.09 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5155 (PHP remote file inclusion vulnerability in core/pdf.php in VideoDB ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5156 (Buffer overflow in McAfee ePolicy Orchestrator before 3.5.0.720 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5157 (Format string vulnerability in the ActiveX control (ATXCONSOLE.OCX) in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5158 (The nlmclnt_mark_reclaim in clntlock.c in NFS lockd in Linux kernel ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5159 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5160 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5161 (IBM Client Security Password Manager stores and distributes saved ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5162 (wininet.dll in Microsoft Internet Explorer 6.0 SP2 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5163 (IBM Informix Dynamic Server 10.UC3RC1 Trial for Linux and possibly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5164 (Multiple cross-site scripting (XSS) vulnerabilities in cart.php in Sum ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5165 (PHP remote file inclusion vulnerability in inc/functions.inc.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5166 (PHP remote file inclusion vulnerability in functions.php in PHP Web ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5167 (Multiple PHP remote file inclusion vulnerabilities in BasiliX 1.1.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5168 (Cross-site scripting (XSS) vulnerability in the search functionality ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5169 (Cross-site scripting (XSS) vulnerability in John Himmelman (aka ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5170 (pam_ldap in nss_ldap on Red Hat Enterprise Linux 4, Fedora Core 3 and ...) BUG: 153916 CVE-2006-5171 (Stack-based buffer overflow in the RPC interface in Mediasvr.exe in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5172 (Stack-based buffer overflow in the RPC interface in Mediasvr.exe in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5173 (Linux kernel does not properly save or restore EFLAGS during a context ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5174 (The copy_from_user function in the uaccess code in Linux kernel 2.6 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5175 (Cross-site request forgery (CSRF) vulnerability in the administrative ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5176 (Buffer overflow in NTLM authentication in MailEnable Professional 2.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5177 (The NTLM authentication in MailEnable Professional 2.0 and Enterprise ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5178 (Race condition in the symlink function in PHP 5.1.6 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5179 (Intoto iGateway VPN and iGateway SSL-VPN allow context-dependent ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5180 (PHP remote file inclusion vulnerability in include/main.inc.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5181 (Multiple PHP remote file inclusion vulnerabilities in Joshua Muheim ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5182 (PHP remote file inclusion vulnerability in frontpage.php in Dan Jensen ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5183 (Multiple PHP remote file inclusion vulnerabilities in Dayfox Designs ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5184 (SQL injection vulnerability in PKR Internet Taskjitsu before 2.0.6 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5185 (Eval injection vulnerability in Template.php in HAMweather 3.9.8.4 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5186 (PHP remote file inclusion vulnerability in functions.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5187 (PHP remote file inclusion vulnerability in includes/functions.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5188 (Directory traversal vulnerability in download.php in webGENEius GOOP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5189 (PHP remote file inclusion vulnerability in funzioni/lib/show_hlp.php ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5190 (Multiple cross-site scripting (XSS) vulnerabilities in osCommerce 2.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5191 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5192 (PHP remote file inclusion vulnerability in includes/footer.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5193 (PHP remote file inclusion vulnerability in index.php in Josh Schmidt ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5194 (Cross-site scripting (XSS) vulnerability in index.php in net2ftp 0.93 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5195 (Multiple cross-site scripting (XSS) vulnerabilities in Wheatblog 1.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5196 (The HTTP interface in the Motorola SURFboard SB4200 Cable Modem allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5197 (PDshopPro stores sensitive information under the web root with ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5198 (The WZFILEVIEW.FileViewCtrl.61 ActiveX control (aka Sky Software ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5199 (Adobe Contribute Publishing Server leaks the administrator password in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5200 (Unspecified vulnerability in Adobe Breeze 5 Licensed Server and Breeze ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5201 (Multiple packages on Sun Solaris, including (1) NSS; (2) Java JDK and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5202 (Linksys WRT54g firmware 1.00.9 does not require credentials when ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5203 (Invision Power Board (IPB) 2.1.7 and earlier allows remote restricted ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5204 (Cross-site scripting (XSS) vulnerability in action_admin/member.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5205 (Directory traversal vulnerability in Invision Gallery 2.0.7 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5206 (SQL injection vulnerability in Invision Gallery 2.0.7 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5207 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5208 (Multiple SQL injection vulnerabilities in PHP Classifieds 7.1 allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5209 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5210 (Directory traversal vulnerability in IronWebMail before 6.1.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5211 (Trend Micro OfficeScan 6.0 in Client/Server/Messaging (CSM) Suite for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5212 (Trend Micro OfficeScan 6.0 in Client/Server/Messaging (CSM) Suite for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5213 (Sun Solaris 10 before 20061006 uses "incorrect and insufficient ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5214 (Race condition in the Xsession script, as used by X Display Manager ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5215 (The Xsession script, as used by X Display Manager (xdm) in NetBSD ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5216 (Stack-based buffer overflow in Sergey Lyubka Simple HTTPD (shttpd) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5217 (SQL injection vulnerability in giris_yap.asp in Emek Portal 2.1 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5218 (Integer overflow in the systrace_preprepl function (STRIOCREPLACE) in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5219 (SQL injection vulnerability in blog/index.php in the blog module in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5220 (Multiple PHP remote file inclusion vulnerabilities in WebYep 1.1.9, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5221 (Multiple SQL injection vulnerabilities in Cahier de texte 2.0 allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5222 (Multiple PHP remote file inclusion vulnerabilities in Dimension of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5223 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5224 (PHP remote file inclusion vulnerability in includes/logger_engine.php ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5225 (Multiple SQL injection vulnerabilities in AAIportal before 1.4.0 allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5226 (PHP remote file inclusion vulnerability in moteur/moteur.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5227 (Cross-site scripting (XSS) vulnerability in admin.php in TorrentFlux ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5228 (Multiple SQL injection vulnerabilities in the Google Gadget login.php ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5229 (OpenSSH portable 4.1 on SUSE Linux, and possibly other platforms and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5230 (PHP remote file inclusion vulnerability in forum.php in FreeForum ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5231 (Grandstream GXP-2000 VoIP Desktop Phone, firmware version 1.1.0.5, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5232 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5233 (Polycom SoundPoint IP 301 VoIP Desktop Phone, firmware version ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5234 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5235 (PHP remote file inclusion vulnerability in includes/functions_kb.php ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5236 (SQL injection vulnerability in search.php in 4images 1.7.x allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5237 (SQL injection vulnerability in Blue Smiley Organizer before 4.46 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5238 (Unspecified vulnerability in the file upload module in Blue Smiley ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5239 (Multiple cross-site scripting (XSS) vulnerabilities in eXpBlog 0.3.5 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5240 (PHP remote file inclusion vulnerability in engine/require.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5241 (Multiple PHP remote file inclusion vulnerabilities in OpenDock Easy ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5242 (SQL injection vulnerability in Etomite Content Management System (CMS) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5243 (Multiple PHP remote file inclusion vulnerabilities in OpenDock Easy ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5244 (Multilple PHP remote file inclusion vulnerabilities in OpenDock Easy ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5245 (Eazy Cart allows remote attackers to bypass authentication and gain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5246 (Eazy Cart allows remote attackers to change prices and other critical ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5247 (Multiple cross-site scripting (XSS) vulnerabilities in Eazy Cart allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5248 (Eazy Cart stores sensitive information under the web root with ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5249 (PHP remote file inclusion vulnerability in tagmin/delTagUser.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5250 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5251 (PHP remote file inclusion vulnerability in index.php in Deep CMS 2.0a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5252 (PHP remote file inclusion vulnerability in includes/core.lib.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5253 (PHP remote file inclusion vulnerability in strload.php in Dayana ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5254 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5255 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5256 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5257 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5258 (The spell checking component of (1) Asbru Web Content Management ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5259 (PHP remote file inclusion vulnerability in param_editor.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5260 (PHP remote file inclusion vulnerability in compteur.php in Compteur 2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5261 (Multiple PHP remote file inclusion vulnerabilities in PHPMyNews 1.4 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5262 (CRLF injection vulnerability in lib/session.php in Hastymail 1.5 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5263 (Directory traversal vulnerability in templates/header.php3 in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5264 (Cross-site scripting (XSS) vulnerability in sql.php in MysqlDumper ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5265 (Unspecified vulnerability in Microsoft Dynamics GP (formerly Great ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5266 (Multiple buffer overflows in Microsoft Dynamics GP (formerly Great ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5267 RESERVED CVE-2006-5268 (Unspecified vulnerability in Trend Micro ServerProtect 5.7 and 5.58 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5269 (Heap-based buffer overflow in an unspecified procedure in Trend Micro ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5270 (Integer overflow in the Microsoft Malware Protection Engine ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5271 (Integer underflow in McAfee ePolicy Orchestrator 3.5 through 3.6.1, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5272 (Stack-based buffer overflow in McAfee ePolicy Orchestrator 3.5 through ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5273 (Heap-based buffer overflow in McAfee ePolicy Orchestrator 3.5 through ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5274 (Integer overflow in McAfee ePolicy Orchestrator 3.5 through 3.6.1, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5275 RESERVED CVE-2006-5276 (Stack-based buffer overflow in the DCE/RPC preprocessor in Snort ...) BUG: 167730 CVE-2006-5277 (Off-by-one error in the Certificate Trust List (CTL) Provider service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5278 (Integer overflow in the Real-Time Information Server (RIS) Data ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5279 RESERVED CVE-2006-5280 (PHP remote file inclusion vulnerability in includes/import-archive.php ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5281 (PHP remote file inclusion vulnerability in naboard_pnr.php in n@board ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5282 (Multiple PHP remote file inclusion vulnerabilities in SH-News 3.1 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5283 (PHP remote file inclusion vulnerability in ftag.php in Minichat 6.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5284 (PHP remote file inclusion vulnerability in auth/phpbb.inc.php in Shen ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5285 (SQL injection vulnerability in index.php in XeoPort 0.81, and possibly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5286 (Unspecified vulnerability in IKE.NLM in Novell BorderManager 3.8 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5287 (Multiple SQL injection vulnerabilities in sign.php in Xeobook 0.93 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5288 (Cisco 2700 Series Wireless Location Appliances before 2.1.34.0 have a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5289 (Multiple PHP remote file inclusion vulnerabilities in Vtiger CRM 4.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5290 (The ESS/ Network Controller and MicroServer Web Server components of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5291 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5292 (PHP remote file inclusion vulnerability in photo_comment.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5293 (Cross-site scripting (XSS) vulnerability in index.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5294 (Cross-site scripting (XSS) vulnerability in index.php in phplist ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5295 (Unspecified vulnerability in ClamAV before 0.88.5 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5296 (PowerPoint in Microsoft Office 2003 does not properly handle a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5297 (Race condition in the safe_open function in the Mutt mail client ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5298 (The mutt_adv_mktemp function in the Mutt mail client 1.5.12 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5299 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5300 (Unspecified vulnerability in HP Version Control Agent before 2.1.5 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5301 (PHP remote file inclusion vulnerability in includes/antispam.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5302 (Multiple PHP remote file inclusion vulnerabilities in Redaction System ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5303 (Secure Computing SafeWord RemoteAccess 2.1 allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5304 (PHP remote file inclusion vulnerability in inc/settings.php in IncCMS ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5305 (PHP remote file inclusion vulnerability in lat2cyr.php in the lat2cyr ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5306 (Multiple PHP remote file inclusion vulnerabilities in the Journals ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5307 (Multiple PHP remote file inclusion vulnerabilities in AFGB GUESTBOOK ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5308 (Multiple PHP remote file inclusion vulnerabilities in Open Conference ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5309 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5310 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5311 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5312 (PHP remote file inclusion vulnerability in shoutbox.php in the Ajax ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5313 (Hastymail 1.5 and earlier before 20061008 allows remote authenticated ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5314 (PHP remote file inclusion vulnerability in ftag.php in TribunaLibre ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5315 (PHP remote file inclusion vulnerability in main.php in registroTL ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5316 (registroTL stores sensitive information under the web root with ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5317 (PHP remote file inclusion vulnerability in index.php in eboli allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5318 (PHP remote file inclusion vulnerability in index.php in Nayco JASmine ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5319 (Directory traversal vulnerability in redir.php in Foafgen 0.3 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5320 (Directory traversal vulnerability in getimg.php in Album Photo Sans ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5321 (Multiple cross-site scripting (XSS) vulnerabilities in phplist before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5322 (Multiple SQL injection vulnerabilities in phplist before 2.10.3 allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5323 (Unspecified vulnerability in IBM WebSphere Application Server before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5324 (The Web Services Notification (WSN) security component of IBM ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5325 (Multiple PHP remote file inclusion vulnerabilities in Dimitri Seitz ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5326 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5327 (Untrusted search path vulnerability in OpenBase SQL 10.0 and earlier, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5328 (OpenBase SQL 10.0 and earlier, as used in Apple Xcode 2.2 2.2 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5329 RESERVED CVE-2006-5330 (CRLF injection vulnerability in Adobe Flash Player plugin 9.0.16 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5331 RESERVED CVE-2006-5332 (Unspecified vulnerability in xdb.dbms_xdbz in the XMLDB component for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5333 (Unspecified vulnerability in Oracle Spatial component in Oracle ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5334 (Unspecified vulnerability in Oracle Spatial component in Oracle ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5335 (Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5336 (Multiple unspecified vulnerabilities in the Change Data Capture (CDC) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5337 (Unspecified vulnerability in the Core RDBMS component in Oracle ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5338 (Unspecified vulnerability in the Core RDBMS component in Oracle ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5339 (Unspecified vulnerability in Oracle Spatial component in Oracle ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5340 (Multiple unspecified vulnerabilities in Oracle Spatial component in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5341 (Multiple unspecified vulnerabilities in XMLDB component in Oracle ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5342 (Unspecified vulnerability in Oracle Spatial component in Oracle ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5343 (Unspecified vulnerability in Database Scheduler component in Oracle ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5344 (Multiple unspecified vulnerabilities in Oracle Spatial component in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5345 (Unspecified vulnerability in Oracle Spatial component in Oracle ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5346 (Unspecified vulnerability in Oracle HTTP Server 9.2.0.7, as used in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5347 (Unspecified vulnerability in Oracle HTTP Server 9.2.0.7 and Oracle ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5348 (Unspecified vulnerability in Oracle HTTP Server 9.2.0.7, Oracle ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5349 (Unspecified vulnerability in Oracle HTTP Server 9.2.0.7, when running ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5350 (Unspecified vulnerability in Oracle HTTP Server 9.2.0.7 and Oracle ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5351 (Multiple unspecified vulnerabilities in Oracle Application Express ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5352 (Multiple unspecified vulnerabilities in Oracle Application Express 1.5 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5353 (Unspecified vulnerability in Oracle HTTP Server component in Oracle ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5354 (Unspecified vulnerability in Oracle HTTP Server 9.2.0.7 and 10.1.0.5, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5355 (Unspecified vulnerability in Oracle Single Sign-On component in Oracle ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5356 (Unspecified vulnerability in Oracle Containers for J2EE component in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5357 (Unspecified vulnerability in Oracle HTTP Server component in Oracle ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5358 (Unspecified vulnerability in Oracle Forms component in Oracle ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5359 (Multiple unspecified vulnerabilities in Oracle Reports Developer ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5360 (Unspecified vulnerability in Oracle Forms component in Oracle ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5361 (Unspecified vulnerability in Oracle Containers for J2EE in Oracle ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5362 (Unspecified vulnerability in Oracle Containers for J2EE component in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5363 (Unspecified vulnerability in Oracle Single Sign-On component in Oracle ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5364 (Unspecified vulnerability in Oracle Containers for J2EE component in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5365 (Unspecified vulnerability in Oracle Forms in Oracle Application Server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5366 (Multiple unspecified vulnerabilities in Oracle Collaboration Suite ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5367 (Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.7 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5368 (Unspecified vulnerability in Oracle Exchange component in Oracle ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5369 (Unspecified vulnerability in Oracle Application Object Library in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5370 (Multiple unspecified vulnerabilities in Oracle E-Business Suite ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5371 (Unspecified vulnerability in Oracle Email Center component in Oracle ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5372 (Multiple unspecified vulnerabilities in Oracle E-Business Suite ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5373 (Unspecified vulnerability in Oracle Install Base component in Oracle ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5374 (Unspecified vulnerability in Oracle Pharmaceutical Applications 4.5.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5375 (Multiple unspecified vulnerabilities in PeopleTools component in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5376 (Multiple unspecified vulnerabilities in PeopleTools component in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5377 (Unspecified vulnerability in PeopleSoft component in Oracle PeopleSoft ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5378 (Unspecified vulnerability in JD Edwards HTML Server in JD Edwards ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5379 (The accelerated rendering functionality of NVIDIA Binary Graphics ...) BUG: 151635 CVE-2006-5380 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5381 (Contenido CMS stores sensitive data under the web root with ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5382 (3Com Switch SS3 4400 switches, firmware 5.11, 6.00 and 6.10 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5383 (SQL injection vulnerability in comadd.php in Def-Blog 1.0.1 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5384 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5385 (PHP remote file inclusion vulnerability in admin/admin_spam.php in the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5386 (PHP remote file inclusion vulnerability in process.php in NuralStorm ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5387 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5388 (SQL injection vulnerability in index.php in WebSPELL 4.01.01 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5389 (tools/tellhim.php in PHP-Wyana allows remote attackers to obtain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5390 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5391 (Xfire 1.64 and earlier allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5392 (Multiple PHP remote file inclusion vulnerabilities in OpenDock ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5393 (Cisco Secure Desktop (CSD) does not require that the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5394 (The default configuration of Cisco Secure Desktop (CSD) has an ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5395 (Buffer overflow in Microsoft Class Package Export Tool (aka ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5396 (The tcp_fuse_rcv_drain function in the Sun Solaris 10 kernel before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5397 (The Xinput module (modules/im/ximcp/imLcIm.c) in X.Org libX11 1.0.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5398 (SQL injection vulnerability in comments.php in Simplog 0.9.3.1 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5399 (PHP remote file inclusion vulnerability in classes/Import_MM.class.php ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5400 (PHP remote file inclusion vulnerability in forum/track.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5401 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5402 (Multiple PHP remote file inclusion vulnerabilities in PHPmybibli 3.0.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5403 (Stack-based buffer overflow in an ActiveX control used in Symantec ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5404 (Unspecified vulnerability in an ActiveX control used in Symantec ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5405 (Unspecified vulnerability in Toshiba Bluetooth wireless device driver ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5406 (Passgo Defender 5.2 creates the application directory with insecure ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5407 (PHP remote file inclusion vulnerability in open_form.php in osTicket ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5408 (Multiple cross-site scripting (XSS) vulnerabilities in the wireless ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5409 (Multiple SQL injection vulnerabilities in the wireless IDS management ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5410 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5411 (Unrestricted file upload vulnerability in upload.php for Free Web ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5412 (admin.php in PHP Outburst Easynews 4.4.1 and earlier, when ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5413 (Multiple PHP remote file inclusion vulnerabilities in SuperMod 3.0.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5414 (Barry Nauta BRIM before 1.2.1 allows remote authenticated users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5415 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5416 (Cross-site scripting (XSS) vulnerability in my.acctab.php3 in F5 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5417 (McAfee Network Agent (mcnasvc.exe) 1.0.178.0, as used by multiple ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5418 (PHP remote file inclusion vulnerability in archive/archive_topic.php ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5419 (PHP remote file inclusion vulnerability in client.php in University of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5420 (Kerio WinRoute Firewall 6.2.2 and earlier allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5421 (WSN Forum 1.3.4 and earlier allows remote attackers to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5422 (PHP remote file inclusion vulnerability in calcul-page.php in Lodel ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5423 (PHP remote file inclusion vulnerability in admin/admin_module.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5424 (Unspecified vulnerability in Justsystem Ichitaro 2006, 2006 trial ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5425 (XORP (eXtensible Open Router Platform) 1.2 and 1.3 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5426 (PHP remote file inclusion vulnerability in lib/lcUser.php in LoCal ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5427 (PHP remote file inclusion vulnerability in plugins/main.php in Php AMX ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5428 (rpc.php in Cerberus Helpdesk 3.2.1 does not verify a client's ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5429 (Multiple PHP remote file inclusion vulnerabilities in Barry Nauta BRIM ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5430 (Cross-site scripting (XSS) vulnerability in the search functionality ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5431 (PHP remote file inclusion vulnerability in gorum/dbproperty.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5432 (Multiple direct static code injection vulnerabilities in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5433 (PHP remote file inclusion vulnerability in modules/guestbook/index.php ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5434 (PHP remote file inclusion vulnerability in p-news.php in P-News 1.16 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5435 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5436 (PHP remote file inclusion vulnerability in index.php in FreeFAQ 1.0.e ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5437 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5438 (PHP remote file inclusion vulnerability in adminfoot.php in Comdev ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5439 (PHP remote file inclusion vulnerability in adminfoot.php in Comdev ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5440 (PHP remote file inclusion vulnerability in adminfoot.php in Comdev ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5441 (PHP remote file inclusion vulnerability in adminfoot.php in Comdev Web ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5442 (ViewVC 1.0.2 and earlier does not specify a charset in its HTTP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5443 (Unspecified vulnerability in XIAO Gang WWW Interactive Mathematics ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5444 (Integer overflow in the get_input function in the Skinny channel ...) BUG: 151881 BUG: 144941 CVE-2006-5445 (Unspecified vulnerability in the SIP channel driver ...) BUG: 151881 BUG: 144941 CVE-2006-5446 (SQL injection vulnerability in lobby/config.php in Casinosoft Casino ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5447 (Cross-site scripting (XSS) vulnerability in index.php in DEV Web ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5448 (The drmstor.dll ActiveX object in Microsoft Windows Digital Rights ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5449 (procmail in Ingo H3 before 1.1.2 Horde module allows remote ...) BUG: 153927 CVE-2006-5450 (SQL injection vulnerability in index.asp in Kinesis Interactive Cinema ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5451 (Multiple cross-site scripting (XSS) vulnerabilities in TorrentFlux 2.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5452 (Buffer overflow in dtmail on HP Tru64 UNIX 4.0F through 5.1B and HP-UX ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5453 (Multiple cross-site scripting (XSS) vulnerabilities in Bugzilla 2.18.x ...) BUG: 151563 CVE-2006-5454 (Bugzilla 2.18.x before 2.18.6, 2.20.x before 2.20.3, 2.22.x before ...) BUG: 151563 CVE-2006-5455 (Cross-site request forgery (CSRF) vulnerability in editversions.cgi in ...) BUG: 151563 CVE-2006-5456 (Multiple buffer overflows in GraphicsMagick before 1.1.7 and ...) BUG: 152672 BUG: 152668 CVE-2006-5457 (Multiple cross-site scripting (XSS) vulnerabilities in the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5458 (PHP remote file inclusion vulnerability in common.php in Hinton Design ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5459 (Multiple PHP remote file inclusion vulnerabilities in Download-Engine ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5460 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5461 (Avahi before 0.6.15 does not verify the sender identity of netlink ...) BUG: 154322 CVE-2006-5462 (Mozilla Network Security Service (NSS) library before 3.11.3, as used ...) BUG: 154449 BUG: 154434 BUG: 154448 CVE-2006-5463 (Unspecified vulnerability in Mozilla Firefox before 1.5.0.8, ...) BUG: 154449 BUG: 154434 BUG: 154448 CVE-2006-5464 (Multiple unspecified vulnerabilities in the layout engine in Mozilla ...) BUG: 154449 BUG: 154434 BUG: 154448 CVE-2006-5465 (Buffer overflow in PHP before 5.2.0 allows remote attackers to execute ...) BUG: 153911 CVE-2006-5466 (Heap-based buffer overflow in the showQueryPackage function in librpm ...) BUG: 154218 CVE-2006-5467 (The cgi.rb CGI library for Ruby 1.8 allows remote attackers to cause a ...) BUG: 153497 CVE-2006-5468 (Unspecified vulnerability in the HTTP dissector in Wireshark (formerly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5469 (Unspecified vulnerability in the WBXML dissector in Wireshark ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5470 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5471 (PHP remote file inclusion vulnerability in example/lib/grid3.lib.php ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5472 (PHP remote file inclusion vulnerability in Softerra PHP Developer ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5473 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5474 (The "forgot password" function in OneOrZero Helpdesk before 1.6.5.4 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5475 (Multiple cross-site scripting (XSS) vulnerabilities in the XML parser ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5476 (Cross-site request forgery (CSRF) vulnerability in Drupal 4.6.x before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5477 (Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allows form ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5478 (Multiple stack-based buffer overflows in Novell eDirectory 8.8.x ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5479 (The NCP Engine in Novell eDirectory before 8.7.3.8 FTF1 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5480 (PHP remote file inclusion vulnerability in lib/rs.php in 2le.net ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5481 (Multiple PHP remote file inclusion vulnerabilities in 2le.net Castor ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5482 (ufs_vnops.c in FreeBSD 6.1 allows local users to cause an unspecified ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5483 (p1003_1b.c in FreeBSD 6.1 allows local users to cause an unspecified ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5484 (SSH Tectia Client/Server/Connector 5.1.0 and earlier, Manager 2.2.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5485 (Multiple PHP remote file inclusion vulnerabilities in SpeedBerg ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5486 (Cross-site scripting (XSS) vulnerability in Webmail in Sun Java System ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5487 (Directory traversal vulnerability in Marshal MailMarshal SMTP 5.x, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5488 (SQL injection vulnerability in XchangeBoard 1.70, and possibly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5489 (Research in Motion (RIM) BlackBerry Enterprise Server 4.1 SP2 before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5490 (Multiple SQL injection vulnerabilities in Segue Content Management ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5491 (Multiple SQL injection vulnerabilities in include/index.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5492 (Unspecified vulnerability in Maerys Archive (Maarch) before 2.0.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5493 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5494 (Multiple PHP remote file inclusion vulnerabilities in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5495 (Multiple PHP remote file inclusion vulnerabilities in Trawler Web CMS ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5496 (Multiple cross-site scripting (XSS) vulnerabilities in Timothy Claason ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5497 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5498 (Directory traversal vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5499 (Multiple cross-site scripting (XSS) vulnerabilities in Serendipity ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5500 (Multiple SQL injection vulnerabilities in the checkUser function in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5501 (Buffer overflow in the AOL.PicDownloadCtrl.1 ActiveX control ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5502 (Heap-based buffer overflow in the AOL.PicDownloadCtrl.1 ActiveX ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5503 (Cross-site scripting (XSS) vulnerability in index.php in Simple ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5504 (Cross-site scripting (XSS) vulnerability in index.php in Simple ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5505 (Multiple PHP file inclusion vulnerabilities in 2BGal 3.0 allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5506 (Multiple PHP remote file inclusion vulnerabilities in WiClear 0.10 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5507 (Multiple PHP remote file inclusion vulnerabilities in Der Dirigent ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5508 (Multiple SQL injection vulnerabilities in addentry.php in WoltLab ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5509 (Eval injection vulnerability in addentry.php in WoltLab Burning Book ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5510 (Directory traversal vulnerability in explorer_load_lang.php in PH ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5511 (Direct static code injection vulnerability in delete.php in JaxUltraBB ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5512 (Cross-site scripting (XSS) vulnerability in article.htm in Zwahlen ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5513 (SQL injection vulnerability in GeoNetwork opensource before 2.0.3 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5514 (SQL injection vulnerability in quiz.php in Web Group Communication ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5515 (Cross-site scripting (XSS) vulnerability in lib-history.inc.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5516 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5517 (Multiple PHP remote file inclusion vulnerabilities in Rhode Island ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5518 (Multiple PHP remote file inclusion vulnerabilities in Christopher ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5519 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5520 (PHP remote file inclusion vulnerability in functions.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5521 (PHP remote file inclusion vulnerability in DNS/RR.php in Net_DNS 0.03 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5522 (Multiple PHP remote file inclusion vulnerabilities in Johannes Erdfelt ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5523 (PHP remote file inclusion vulnerability in common.php in EZ-Ticket ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5524 (Cross-site scripting (XSS) vulnerability in index.php in phplist ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5525 (Incomplete blacklist vulnerability in mainfile.php in PHP-Nuke 7.9 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5526 (Multiple PHP remote file inclusion vulnerabilities in Teake Nutma ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5527 (PHP remote file inclusion vulnerability in lib.editor.inc.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5528 (Directory traversal vulnerability in mod.php in SchoolAlumni Portal ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5529 (Cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5530 (Multiple cross-site scripting (XSS) vulnerabilities in Boesch SimpNews ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5531 (PHP remote file inclusion vulnerability in embedded.php in Ascended ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5532 (Cross-site scripting (XSS) vulnerability in rmgs/images.php in RMSOFT ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5533 (Multiple PHP remote file inclusion vulnerabilities in AROUNDMe 0.6.9, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5534 (Multiple cross-site scripting (XSS) vulnerabilities in index.htm in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5535 (Multiple cross-site scripting (XSS) vulnerabilities in WebHostManager ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5536 (Directory traversal vulnerability in cgi-bin/webcm in D-Link DSL-G624T ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5537 (Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/webcm ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5538 (D-Link DSL-G624T firmware 3.00B01T01.YA-C.20060616 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5539 (PHP remote file inclusion vulnerability in login/secure.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5540 (backend/parser/analyze.c in PostgreSQL 8.1.x before 8.1.5 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5541 (backend/parser/parse_coerce.c in PostgreSQL 7.4.1 through 7.4.14, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5542 (backend/tcop/postgres.c in PostgreSQL 8.1.x before 8.1.5 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5543 (PHP remote file inclusion vulnerability in misc/function.php3 in PHP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5544 (Visual truncation vulnerability in Microsoft Internet Explorer 7 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5545 (Premium Antispam in Symantec Mail Security for Domino Server 5.1.x ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5546 (PHP remote file inclusion vulnerability in OTSCMS/OTSCMS.php in Open ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5547 (PHP remote file inclusion vulnerability in OTSCMS/OTSCMS.php in Open ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5548 (PHP remote file inclusion vulnerability in OTSCMS/OTSCMS.php in Open ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5549 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5550 (The kernel in FreeBSD 6.1 and OpenBSD 4.0 allows local users to cause ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5551 (Stack-based buffer overflow in QK SMTP 3.01 and earlier might allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5552 (Multiple heap-based buffer overflows in RevilloC MailServer 1.21 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5553 (Cisco Security Agent (CSA) for Linux 4.5 before 4.5.1.657 and 5.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5554 (Directory traversal vulnerability in index.php in Imageview 5 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5555 (PHP remote file inclusion vulnerability in constantes.inc.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5556 (Buffer overflow in the localtime_r function, and certain other ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5557 (Stack-based buffer overflow in the (1) swpackage and (2) swmodify ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5558 (Format string vulnerability in the swask command in HP-UX B.11.11 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5559 (The Execute method in the ADODB.Connection 2.7 and 2.8 ActiveX control ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5560 (Cross-site scripting (XSS) vulnerability in heading.php in Boesch ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5561 (SQL injection vulnerability in admincp.php in Discuz! GBK 5.0.0 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5562 (PHP remote file inclusion vulnerability in include/database.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5563 (Unspecified vulnerability in Yahoo! Messenger (Service 18) before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5564 (Cross-site scripting (XSS) vulnerability in user.php in MAXdev MD-Pro ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5565 (CRLF injection vulnerability in MAXdev MD-Pro 1.0.76 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5566 (CRLF injection vulnerability in premium/index.php in Shop-Script ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5567 (Multiple heap-based buffer overflows in AOL Nullsoft WinAmp before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5568 (FtpXQ Server 3.0.1 allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5569 (FtpXQ Server 3.0.1 installs with two default testing accounts, which ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5570 (Directory traversal vulnerability in /scripts/cruise/cws.exe in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5571 (Stack-based buffer overflow in /scripts/cruise/cws.exe in CruiseWorks ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5572 RESERVED CVE-2006-5573 RESERVED CVE-2006-5574 (Unspecified vulnerability in the Brazilian Portuguese Grammar Checker ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5575 RESERVED CVE-2006-5576 RESERVED CVE-2006-5577 (Microsoft Internet Explorer 6 and earlier allows remote attackers to obtain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5578 (Microsoft Internet Explorer 6 and earlier allows remote attackers to read ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5579 (Microsoft Internet Explorer 6 allows remote attackers to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5580 RESERVED CVE-2006-5581 (Unspecified vulnerability in Microsoft Internet Explorer 6 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5582 RESERVED CVE-2006-5583 (Buffer overflow in the SNMP Service in Microsoft Windows 2000 SP4, XP SP2, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5584 (The Remote Installation Service (RIS) in Microsoft Windows 2000 SP4 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5585 (The Client-Server Run-time Subsystem in Microsoft Windows XP SP2 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5586 (The Graphics Rendering Engine in Microsoft Windows 2000 SP4 and XP SP2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5587 (Multiple PHP remote file inclusion vulnerabilities in MDweb 1.3 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5588 (Multiple PHP remote file inclusion vulnerabilities in CMS Faethon 2.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5589 (Multiple SQL injection vulnerabilities in LedgerSMB (LSMB) 1.1.0 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5590 (PHP remote file inclusion vulnerability in index.php in ArticleBeach ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5591 (Multiple SQL injection vulnerabilities in Admin/check.asp in PacPoll ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5592 (Admin/adpoll.asp in PacPoll 4.0 and earlier allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5593 (Buffer overflow in Desknet's (niokeru) before 5.0J R1.0 might allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5594 (PHP remote file inclusion vulnerability in University of British ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5595 (Unspecified vulnerability in the AirPcap support in Wireshark ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5596 (Directory traversal vulnerability in the SSL server in AEP Smartgate ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5597 (join.asp in MiniHTTP Web Forum & File Server PowerPack 4.0 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5598 (Cross-site scripting (XSS) vulnerability in index.php for GOOP Gallery ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5599 (Cross-site scripting (XSS) vulnerability in Oracle Application Express ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5600 (Axalto Protiva 1.1, possibly only non-commercial versions, stores ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5601 (Stack-based buffer overflow in the eap_do_notify function in eap.c in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5602 (Multiple memory leaks in xsupplicant before 1.2.6, and possibly other ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5603 (SQL injection vulnerability in pop_mail.asp in Snitz Forums 2000 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5604 (Directory traversal vulnerability in phpcards.header.php in phpCards ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5605 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5606 (Multiple SQL injection vulnerabilities in BytesFall Explorer ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5607 (Directory traversal vulnerability in /cgi-bin/webcm in INCA IM-204 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5608 (SQL injection vulnerability in Extended Tracker (xtracker) 4.7 before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5609 (Directory traversal vulnerability in dir.php in TorrentFlux 2.1 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5610 (PHP remote file inclusion vulnerability in player/includes/common.php ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5611 (Unspecified vulnerability in Toshiba Bluetooth Stack before 4.20.01 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5612 (PHP remote file inclusion vulnerability in aide.php3 (aka aide.php) in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5613 (PHP remote file inclusion in Core/core.inc.php in MP3 Streaming ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5614 (Microsoft Windows NAT Helper Components (ipnathlp.dll) on Windows XP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5615 (PHP remote file inclusion vulnerability in publish.php in Textpattern ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5616 (Multiple unspecified vulnerabilities in OpenPBS, as used in SUSE Linux ...) BUG: 153495 CVE-2006-5617 (Directory traversal vulnerability in index.php in Thepeak File Upload ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5618 (Directory traversal vulnerability in script/cat_for_aff.php in Netref ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5619 (The seqfile handling (ip6fl_get_n function in ip6_flowlabel.c) in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5620 (PHP remote file inclusion vulnerability in include/menu_builder.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5621 (PHP remote file inclusion vulnerability in end.php in ask_rave 0.9 PR, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5622 (SQL injection vulnerability in picmgr.php in Coppermine Photo Gallery ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5623 (PHP remote file inclusion vulnerability in ip.inc.php in Electronic ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5624 (Multiple PHP remote file inclusion vulnerabilities in Multi-Page ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5625 (PHP remote file inclusion vulnerability in wwwdev/nxheader.inc.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5626 (Cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5627 (Multiple PHP remote file inclusion vulnerabilities in QnECMS 2.5.6 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5628 (SQL injection vulnerability in login.asp in UNISOR Content Management ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5629 (Multiple SQL injection vulnerabilities in Hosting Controller 6.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5630 (Hosting Controller 6.1 before Hotfix 3.3 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5631 (Cross-site scripting (XSS) vulnerability in change_pass.php in iG Shop ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5632 (Cross-site scripting (XSS) vulnerability in change_pass.php in iG Shop ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5633 (Firefox 1.5.0.7 and 2.0, and Seamonkey 1.1b, allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5634 (Multiple PHP remote file inclusion vulnerabilities in phpProfiles 2.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5635 (SQL injection vulnerability in forum/search.asp in Web Wiz Forums ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5636 (PHP remote file inclusion vulnerability in common.php in Simple ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5637 (PHP remote file inclusion vulnerability in faq_reply.php in Faq ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5638 (Multiple SQL injection vulnerabilities in cherche.php in PHPMyRing ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5639 (Unspecified vulnerability in the random number generator in OpenWBEM ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5640 (SQL injection vulnerability in guestbookview.asp in Techno Dreams ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5641 (SQL injection vulnerability in MainAnnounce2.asp in Techno Dreams ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5642 (Unspecified vulnerability in NmnLogger 1.0.0 and earlier has unknown ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5643 (Cross-site scripting (XSS) vulnerability in search_de.html in foresite ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5644 RESERVED CVE-2006-5645 (Sophos Anti-Virus and Endpoint Security before 6.0.5, Anti-Virus for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5646 (Heap-based buffer overflow in Sophos Anti-Virus and Endpoint Security ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5647 (Sophos Anti-Virus and Endpoint Security before 6.0.5, Anti-Virus for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5648 (Ubuntu Linux 6.10 for the PowerPC (PPC) allows local users to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5649 (Unspecified vulnerability in the "alignment check exception handling" ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5650 (The ICQPhone.SipxPhoneManager ActiveX control in America Online ICQ ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5651 (list.php in DigiOz Guestbook before 1.7.1 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5652 (Cross-site scripting (XSS) vulnerability in Sun iPlanet Messaging ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5653 (Cross-site scripting (XSS) vulnerability in the errorHTML function in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5654 (Unspecified vulnerability in the Network Security Services (NSS) in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5655 (SQL injection vulnerability in index.php in OpenDocMan 1.2p3 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5656 (Memory leak in the push_align function in src/util.c in Vilistextum ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5657 (Multiple off-by-one errors in src/text.c in Vilistextum before 2.6.9 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5658 (BlooMooWeb ActiveX control (AidemATL.dll) allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5659 (PAM_extern before 0.2 sends a password as a command line argument, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5660 (Cisco Security Agent Management Center (CSAMC) 5.1 before 5.1.0.79 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5661 (Cross-site scripting (XSS) vulnerability in nquser.php in VIRtech ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5662 (SQL injection vulnerability in easy notesManager (eNM) 0.0.1 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5663 (IBM Informix Dynamic Server 10.00, Informix Client Software ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5664 (The installation script in IBM Informix Dynamic Server 10.00, Informix ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5665 (PHP remote file inclusion vulnerability in admin/modules_data.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5666 (SQL injection vulnerability in includes/menu.inc.php in E-Annu 1.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5667 (Multiple PHP remote file inclusion vulnerabilities in P-Book 1.17 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5668 (Unspecified vulnerability in Ampache 3.3.2 and earlier, when ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5669 (PHP remote file inclusion vulnerability in gestion/savebackup.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5670 (PHP remote file inclusion vulnerability in forgot_pass.php in Free ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5671 (PHP remote file inclusion vulnerability in contact.php in Free Image ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5672 (PHP remote file inclusion vulnerability in web/init_mysource.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5673 (PHP remote file inclusion vulnerability in bb_func_txt.php in miniBB ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5674 (Multiple PHP remote file inclusion vulnerabilities in miniBB 2.0.2 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5675 (Multiple unspecified vulnerabilities in Pentaho Business Intelligence ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5676 (SQL injection vulnerability in consult/classement.php in Uni-Vert ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5677 (resmom/start_exec.c in pbs_mom in TORQUE Resource Manager 2.0.0p8 and ...) BUG: 152104 CVE-2006-5678 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5679 (Integer overflow in the ffs_mountfs function in FreeBSD 6.1 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5680 (The libarchive library in FreeBSD 6-STABLE after 2006-09-05 and before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5681 (QuickTime for Java on Mac OS X 10.4 through 10.4.8, when used with ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5682 RESERVED CVE-2006-5683 RESERVED CVE-2006-5684 RESERVED CVE-2006-5685 RESERVED CVE-2006-5686 RESERVED CVE-2006-5687 RESERVED CVE-2006-5688 RESERVED CVE-2006-5689 RESERVED CVE-2006-5690 RESERVED CVE-2006-5691 RESERVED CVE-2006-5692 RESERVED CVE-2006-5693 RESERVED CVE-2006-5694 RESERVED CVE-2006-5695 RESERVED CVE-2006-5696 RESERVED CVE-2006-5697 RESERVED CVE-2006-5698 RESERVED CVE-2006-5699 RESERVED CVE-2006-5700 RESERVED CVE-2006-5701 (Double free vulnerability in squashfs module in the Linux kernel ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5702 (Tikiwiki 1.9.5 allows remote attackers to obtain sensitive information ...) BUG: 153820 CVE-2006-5703 (Cross-site scripting (XSS) vulnerability in tiki-featured_link.php in ...) BUG: 153820 CVE-2006-5704 (HP NonStop Server G06.29, when running Standard Security T6533G06 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5705 (Multiple directory traversal vulnerabilities in ...) BUG: 153303 CVE-2006-5706 (Unspecified vulnerabilities in PHP, probably before 5.2.0, allow local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5707 (SQL injection vulnerability in index.php in PHPEasyData Pro 1.4.1 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5708 (Multiple unspecified vulnerabilities in MDaemon and WorldClient in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5709 (Unspecified vulnerability in WorldClient in Alt-N Technologies MDaemon ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5710 (The Airport driver for certain Orinoco based Airport cards in Darwin ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5711 (ECI Telecom B-FOCuS Wireless 802.11b/g ADSL2+ Router allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5712 (Cross-site scripting (XSS) vulnerability in Mirapoint WebMail allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5713 (Cross-site scripting (XSS) vulnerability in Easy File Sharing (EFS) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5714 (Easy File Sharing (EFS) Web Server 4.0, when running on an NTFS file ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5715 (Easy File Sharing (EFS) Easy Address Book 1.2, when run on an NTFS ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5716 (Directory traversal vulnerability in aff_news.php in FreeNews 2.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5717 (Multiple cross-site scripting (XSS) vulnerabilities in Zend Google ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5718 (Cross-site scripting (XSS) vulnerability in error.php in phpMyAdmin ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5719 (SQL injection vulnerability in libs/sessions.lib.php in BytesFall ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5720 (SQL injection vulnerability in modules/journal/search.php in the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5721 (The \Device\SandBox driver in Outpost Firewall PRO 4.0 (964.582.059) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5722 (Multiple PHP remote file inclusion vulnerabilities in Segue CMS 1.5.9 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5723 (SQL injection vulnerability in DataparkSearch Engine 4.42 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5724 (Heap-based buffer overflow the "Answering Service" function in ICQ ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5725 (The SSL server in AEP Smartgate 4.3b allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5726 (alloccgblk in the UFS filesystem in Solaris 10 allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5727 (PHP remote file inclusion vulnerability in admin/controls/cart.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5728 (XM Easy Personal FTP Server 5.2.1 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5729 (Yazd Discussion Forum before 3.0 beta does not properly manage forum ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5730 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5731 (Directory traversal vulnerability in classes/index.php in Lithium CMS ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5732 (SQL injection vulnerability in logout.php in T.G.S. CMS 0.1.7 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5733 (Directory traversal vulnerability in error.php in PostNuke 0.763 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5734 (Multiple PHP remote file inclusion vulnerabilities in ATutor 1.5.3.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5735 (Directory traversal vulnerability in include/common.php in PunBB ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5736 (SQL injection vulnerability in search.php in PunBB before 1.2.14, when ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5737 (PunBB uses a predictable cookie_seed value that can be derived from ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5738 (Multiple SQL injection vulnerabilities in PunBB before 1.2.14 allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5739 (PHP remote file inclusion vulnerability in cpadmin/cpa_index.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5740 (Unspecified vulnerability in the LDAP dissector in Wireshark (formerly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5741 (Multiple cross-site scripting (XSS) vulnerabilities in AirMagnet ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5742 (The AirMagnet Enterprise console and Remote Sensor console (Laptop) in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5743 (Multiple cross-site scripting (XSS) vulnerabilities in Highwall ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5744 (Multiple SQL injection vulnerabilities in Highwall Enterprise and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5745 (Unspecified vulnerability in the setRequestHeader method in the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5746 (The console in AirMagnet Enterprise before 7.5 build 6307 does not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5747 (Unspecified vulnerability in Mozilla Firefox before 1.5.0.8, ...) BUG: 154449 BUG: 154434 BUG: 154448 CVE-2006-5748 (Multiple unspecified vulnerabilities in the JavaScript engine in ...) BUG: 154449 BUG: 154434 BUG: 154448 CVE-2006-5749 (The isdn_ppp_ccp_reset_alloc_state function in drivers/isdn/isdn_ppp.c ...) BUG: 158809 CVE-2006-5750 (Directory traversal vulnerability in the DeploymentFileRepository ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5751 (Integer overflow in the get_fdb_entries function in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5752 (Cross-site scripting (XSS) vulnerability in mod_status.c in the ...) BUG: 186219 CVE-2006-5753 (Unspecified vulnerability in the listxattr system call in Linux ...) BUG: 158811 CVE-2006-5754 (The aio_setup_ring function in Linux kernel does not properly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5755 (Linux kernel before 2.6.18, when running on x86_64 systems, does not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5756 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5757 (Race condition in the __find_get_block_slow function in the ISO9660 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5758 (The Graphics Rendering Engine in Microsoft Windows 2000 through 2000 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5759 (index.php in Rhadrix If-CMS, possibly 1.01 and 2.07, allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5760 (Multiple PHP remote file inclusion vulnerabilities in phpDynaSite ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5761 (Cross-site scripting (XSS) vulnerability in index.php in Rhadrix ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5762 (PHP remote file inclusion vulnerability in forgot_pass.php in Free ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5763 (Multiple PHP remote file inclusion vulnerabilities in Free File ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5764 (PHP remote file inclusion vulnerability in contact.php in Free File ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5765 (SQL injection vulnerability in rss.php in Article Script 1.6.3 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5766 (PHP remote file inclusion vulnerability in volume.php in Article ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5767 (PHP remote file inclusion vulnerability in includes/xhtml.php in Drake ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5768 (Multiple PHP remote file inclusion vulnerabilities in Cyberfolio 2.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5769 (Multiple cross-site scripting (XSS) vulnerabilities in admin.tool CMS ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5770 (Multiple cross-site scripting (XSS) vulnerabilities in ac4p Mobile ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5771 (Cross-site scripting (XSS) vulnerability in Arkoon SSL360 1.0 and 2.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5772 (Multiple SQL injection vulnerabilities in index.php in FreeWebshop ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5773 (Directory traversal vulnerability in index.php in FreeWebshop 2.2.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5774 (Cross-site scripting (XSS) vulnerability in Hyper NIKKI System before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5775 (Cross-site scripting (XSS) vulnerability in profile.php in FunkBoard ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5776 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5777 (Creasito E-Commerce Content Manager 1.3.08 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5778 (ftpd in linux-ftpd 0.17, and possibly other versions, performs a chdir ...) BUG: 150292 CVE-2006-5779 (OpenLDAP before 2.3.29 allows remote attackers to cause a denial of ...) BUG: 154349 CVE-2006-5780 (Stack-based buffer overflow in nfsd.exe in XLink Omni-NFS Server 5.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5781 (Stack-based buffer overflow in the handshake function in iodine 0.3.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5782 (radexecd.exe in HP OpenView Client Configuraton Manager (CCM) does not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5783 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5784 (Unspecified vulnerability in enserver.exe in SAP Web Application ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5785 (Unspecified vulnerability in SAP Web Application Server 6.40 before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5786 (Directory traversal vulnerability in class2.php in e107 0.7.5 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5787 (admin/index.php in IPrimal Forums as of 20061105 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5788 (PHP remote file inclusion vulnerability in (1) index.php and (2) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5789 (War FTP Daemon (WarFTPd) 1.82.00-RC11 allows remote authenticated ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5790 (Multiple format string vulnerabilities in elogd.c in ELOG 2.6.2 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5791 (Multiple cross-site scripting (XSS) vulnerabilities in elogd.c in ELOG ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5792 (Unspecified vulnerability in XLink Omni-NFS Enterprise allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5793 (The sPLT chunk handling code (png_set_sPLT function in pngset.c) in ...) BUG: 154380 CVE-2006-5794 (Unspecified vulnerability in the sshd Privilege Separation Monitor in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5795 (Multiple PHP remote file inclusion vulnerabilities in OpenEMR 2.8.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5796 (Multiple PHP remote file inclusion vulnerabilities in Soholaunch Pro ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5797 (Multiple SQL injection vulnerabilities in default.asp in Xenis.creator ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5798 (SQL injection vulnerability in default.asp in Xenis.creator CMS allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5799 (Multiple cross-site scripting (XSS) vulnerabilities in default.asp in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5800 (Cross-site scripting (XSS) vulnerability in default.asp in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5801 (The owserver module in owfs and owhttpd 2.5p5 and earlier does not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5802 (SQL injection vulnerability in message_details.php in The Web Drivers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5803 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5804 (PHP remote file inclusion vulnerability in admin.php in Advanced ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5805 (Microsoft Internet Explorer 7 allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5806 (SSL VPN Client in Cisco Secure Desktop before 3.1.1.45, when ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5807 (Cisco Secure Desktop (CSD) before 3.1.1.45 allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5808 (The installation of Cisco Secure Desktop (CSD) before 3.1.1.45 uses ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5809 (Multiple unspecified vulnerabilities in Jonathon J. Freeman OvBB ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5810 (Cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5811 (PHP remote file inclusion vulnerability in library/translation.inc.php ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5812 (Unspecified vulnerability in Kerio MailServer allows attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5813 (Unspecified vulnerability in Novell eDirectory 8.8 allows attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5814 (Unspecified vulnerability in Novell eDirectory allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5815 (Stack-based buffer overflow in the sreplace function in ProFTPD 1.3.0 ...) BUG: 154650 CVE-2006-5816 (Multiple PHP remote file inclusion vulnerabilities in Dmitry Sheiko ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5817 (prl_dhcpd in Parallels Desktop for Mac Build 1940 uses insecure ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5818 (Multiple buffer overflows in tunekrnl in IBM Lotus Domino 6.x before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5819 (Verity Ultraseek before 5.7 allows remote attackers to use the server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5820 (The LinkSBIcons method in the SuperBuddy ActiveX control ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5821 (Heap-based buffer overflow in the IMA_SECURE_DecryptData1 function in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5822 (Stack-based buffer overflow in the NetBackup bpcd daemon (bpcd.exe) in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5823 (The zlib_inflate function in Linux kernel 2.6.x allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5824 (Integer overflow in the ffs_rdextattr function in FreeBSD 6.1 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5825 (Cross-site scripting (XSS) vulnerability in index.php in Kayako ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5826 (Buffer overflow in Texas Imperial Software WFTPD Pro Server 3.23.1.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5827 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5828 (SQL injection vulnerability in detail.php in DeltaScripts PHP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5829 (Multiple SQL injection vulnerabilities in All In One Control Panel ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5830 (Multiple cross-site scripting (XSS) vulnerabilities in All In One ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5831 (PHP remote file inclusion vulnerability in admin/code/index.php in All ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5832 (All In One Control Panel (AIOCP) 1.3.007 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5833 (gbcms_php_files/up_loader.php GreenBeast CMS 1.3 does not require ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5834 (Directory traversal vulnerability in general.php in OpenSolution ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5835 (The Notes Remote Procedure Call (NRPC) protocol in IBM Lotus Notes ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5836 (The fpathconf syscall function in bsd/kern/kern_descrip.c in the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5837 (Static code injection vulnerability in chat_panel.php in the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5838 (PHP remote file inclusion vulnerability in lib/class.Database.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5839 (PHP remote file inclusion vulnerability in ad_main.php in PHPAdventure ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5840 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5841 (Multiple PHP remote file inclusion vulnerabilities in dodosmail.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5842 (The keystore file in Unicore Client before 5.6 build 5, when running ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5843 (Cross-site scripting (XSS) vulnerability in index.php in Speedywiki ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5844 (Speedywiki 2.0 allows remote attackers to obtain the full path of the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5845 (Unrestricted file upload vulnerability in index.php in Speedywiki 2.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5846 (Directory traversal vulnerability in index.php in FreeWebshop 2.2.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5847 (Cross-site scripting (XSS) vulnerability in index.php in FreeWebshop ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5848 REJECTED CVE-2006-5849 (PHP remote file inclusion vulnerability in inc/irayofuncs.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5850 (Stack-based buffer overflow in Essentia Web Server 2.15 for Windows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5851 (openexec in OpenBase SQL before 10.0.1 allows local users to create ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5852 (Untrusted search path vulnerability in openexec in OpenBase SQL before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5853 (Cross-site scripting (XSS) vulnerability in logon.aspx in Immediacy ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5854 (Multiple buffer overflows in the Spooler service (nwspool.dll) in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5855 (Multiple buffer overflows in IBM Tivoli Storage Manager (TSM) before 5.2.9 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5856 (Stack-based buffer overflow in the Adobe Download Manager before 2.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5857 (Adobe Reader and Acrobat 7.0.8 and earlier allows user-assisted remote ...) BUG: 159874 CVE-2006-5858 (Adobe ColdFusion MX 7 through 7.0.2, and JRun 4, when run on Microsoft ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5859 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 7 7.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5860 (Cross-site scripting (XSS) vulnerability in the administrator console ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5861 (The Independent Management Architecture (IMA) service (ImaSrv.exe) in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5862 (Directory traversal vulnerability in the session mechanism of the web ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5863 (PHP remote file inclusion vulnerability in inc/session.php for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5864 (Stack-based buffer overflow in the ps_gettext function in ps.c for GNU ...) BUG: 156573 BUG: 154645 BUG: 154573 CVE-2006-5865 (PHP remote file inclusion vulnerability in language.inc.php in MyAlbum ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5866 (Directory traversal vulnerability in Mdoc/view-sourcecode.php for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5867 (fetchmail before 6.3.6-rc4 does not properly enforce TLS and may transmit ...) BUG: 160463 CVE-2006-5868 (Multiple buffer overflows in Imagemagick 6.0 before 6.0.6.2, and 6.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5869 (pstotext before 1.9 allows user-assisted attackers to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5870 (Multiple integer overflows in OpenOffice.org (OOo) 2.0.4 and earlier, ...) BUG: 159951 CVE-2006-5871 (smbfs in Linux kernel 2.6.8 and other versions, and 2.4.x before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5872 (login.pl in SQL-Ledger before 2.6.21 and LedgerSMB before 1.1.5 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5873 (Buffer overflow in the cluster_process_heartbeat function in cluster.c ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5874 (Clam AntiVirus (ClamAV) 0.88 and earlier allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5875 (eoc.py in Enemies of Carlotta (EoC) before 1.2.4 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5876 (The soup_headers_parse function in soup-headers.c for libsoup HTTP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5877 (The enigmail extension before 0.94.2 does not properly handle large, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5878 (Cross-site request forgery (CSRF) vulnerability in Edgewall Trac 0.10 ...) BUG: 154574 CVE-2006-5879 (SQL injection vulnerability in default1.asp in ASPPortal 4.0.0 beta ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5880 (SQL injection vulnerability on the subMenu page in switch.asp in Munch ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5881 (SQL injection vulnerability in cl_CatListing.asp in Dynamic Dataworx ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5882 (Stack-based buffer overflow in the Broadcom BCMWL5.SYS wireless device ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5883 (Multiple cross-site scripting (XSS) vulnerabilities in cPanel 10 allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5884 (Multiple unspecified vulnerabilities in DirectAnimation ActiveX ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5885 (SQL injection vulnerability in Products.asp in NuStore 1.0 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5886 (SQL injection vulnerability in propertysdetails.asp in Dynamic ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5887 (SQL injection vulnerability in CampusNewsDetails.asp in Dynamic ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5888 (SQL injection vulnerability in viewarticle.asp in Superfreaker Studios ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5889 (SQL injection vulnerability in printLog.php in BrewBlogger (BB) 1.3.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5890 (SQL injection vulnerability in detail.asp in Superfreaker Studios ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5891 (SQL injection vulnerability in detail.asp in Superfreaker Studios ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5892 (SQL injection vulnerability in MoreInfo.asp in The Net Guys ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5893 (Multiple PHP remote file inclusion vulnerabilities in iWonder Designs ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5894 (Directory traversal vulnerability in lang.php in Rama CMS 0.68 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5895 (PHP remote file inclusion vulnerability in core/core.php in EncapsCMS ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5896 (REMLAB Web Mech Designer 2.0.5 allows remote attackers to obtain the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5897 (Multiple directory traversal vulnerabilities in PhpMyChat Plus 1.9 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5898 (Directory traversal vulnerability in localization/languages.lib.php3 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5899 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5900 (Cross-site scripting (XSS) vulnerability in the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5901 (Hawking Technology wireless router WR254-CA uses a hardcoded IP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5902 (viksoe GMail Drive shell extension allows remote attackers to perform ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5903 (Rahul Jonna Gmail File Space (GSpace) allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5904 (Multiple PHP remote file inclusion vulnerabilities in MWChat Pro 7.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5905 (Web Directory Pro allows remote attackers to (1) backup the database ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5906 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5907 (SQL injection vulnerability in modules/bannieres/bannieres.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5908 (Multiple SQL injection vulnerabilities in the login_user function in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5909 (generaloptions.php in Paul Tarjan Stanford Conference And Research ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5910 (Multiple PHP remote file inclusion vulnerabilities in Campware ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5911 (Multiple PHP remote file inclusion vulnerabilities in Campware ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5912 (Unspecified vulnerability in Campware Campsite before 2.6.2 has ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5913 (Microsoft Internet Explorer 7 allows remote attackers to (1) cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5914 (SQL injection vulnerability in ls.php in SAMEDIA LandShop allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5915 (Multiple cross-site scripting (XSS) vulnerabilities in ls.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5916 (Intego VirusBarrier X4 allows context-dependent attackers to bypass ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5917 (Multiple SQL injection vulnerabilities in OmniStar Article Manager ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5918 (Unrestricted file upload vulnerability in RapidKill (aka PHP Rapid ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5919 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5920 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5921 (Multiple cross-site scripting (XSS) vulnerabilities in add_comment.php ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5922 (index.php in Wheatblog (wB) allows remote attackers to obtain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5923 (PHP remote file inclusion vulnerability in index.php in Chris Mac ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5924 (Cross-site scripting (XSS) vulnerability in index.php in Efficient IP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5925 (Links web browser 1.00pre12 and Elinks 0.9.2 with smbclient installed ...) BUG: 155358 BUG: 157028 CVE-2006-5926 (Multiple SQL injection vulnerabilities in mail.php in Vallheru before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5927 (SQL injection vulnerability in cpLogin.asp in ASP Scripter Easy Portal ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5928 (Multiple PHP remote file inclusion vulnerabilities in Phpjobscheduler ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5929 (PHP remote file inclusion vulnerability in firepjs.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5930 (Multiple PHP remote file inclusion vulnerabilities in Aigaion Web ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5931 (Multiple PHP remote file inclusion vulnerabilities in Aigaion Web ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5932 (Kahua before 0.7, when running multiple applications under a single ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5933 (SQL injection vulnerability in update.asp in UltraSite 1.0 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5934 (SQL injection vulnerability in admin/default.asp in Estate Agent ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5935 (SQL injection vulnerability in index.php in ShopSystems 4.0 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5936 (SQL injection vulnerability in dept.asp in SiteXpress E-Commerce ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5937 (Multiple integer overflows in Grisoft AVG Anti-Virus before 7.1.407 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5938 (Grisoft AVG Anti-Virus before 7.1.407 has unknown impact and remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5939 (Grisoft AVG Anti-Virus before 7.1.407 allows remote attackers to cause ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5940 (Unspecified vulnerability in Grisoft AVG Anti-Virus before 7.1.407 has ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5941 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5942 (Cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5943 (Multiple SQL injection vulnerabilities in inventory/display/imager.asp ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5944 (Cross-site scripting (XSS) vulnerability in csm/asp/listings.asp in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5945 (Multiple SQL injection vulnerabilities in MGinternet Car Site Manager ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5946 (SQL injection vulnerability in demo/glossary/glossary.asp in FunkyASP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5947 (Multiple directory traversal vulnerabilities in Conxint FTP Server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5948 (PHP remote file inclusion vulnerability in pntUnit/Inspect.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5949 (Directory traversal vulnerability in ALTools ALFTP FTP Server 4.1 beta ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5950 (Unspecified vulnerability in ALTools ALFTP FTP Server 4.1 beta 1, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5951 (PHP remote file inclusion vulnerability in pipe.php in Exophpdesk 1.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5952 (SQL injection vulnerability in admin/default.asp in ASP Smiley 1.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5953 (SQL injection vulnerability in viewcart.asp in Evolve shopping cart ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5954 (SQL injection vulnerability in page.asp in NetVIOS 2.0 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5955 (SQL injection vulnerability in listings.asp in 20/20 DataShed (aka ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5956 (XLineSoft PHPRunner 3.1 stores the (1) database server name, (2) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5957 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5958 (Multiple cross-site scripting (XSS) vulnerabilities in INFINICART ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5959 (SQL injection vulnerability in browse.asp in A+ Store E-Commerce ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5960 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5961 (Buffer overflow in Mercury Mail Transport System 4.01b for Windows has ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5962 (Multiple SQL injection vulnerabilities in Hpecs Shopping Cart allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5963 (Directory traversal vulnerability in PentaZip 8.5.1.190 and PentaSuite-PRO ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5964 (choShilA.bpl in PentaZip 8.5.1.190 and PentaSuite-PRO 8.5.1.221 allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5965 (PassGo SSO Plus 2.1.0.32, and probably earlier versions, uses insecure ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5966 (Panda ActiveScan 5.53.00, and other versions before 5.54.01, allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5967 (Race condition in Panda ActiveScan 5.53.00, and other versions before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5968 (MDaemon 9.0.5, 9.0.6, 9.51, and 9.53, and possibly other versions, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5969 (CRLF injection vulnerability in the evalFolderLine function in fvwm ...) BUG: 155078 CVE-2006-5970 (Verity Ultraseek before 5.7 allows remote attackers to obtain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5971 (Absolute path traversal vulnerability in admin/logfile.txt in Verity ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5972 (Stack-based buffer overflow in WG111v2.SYS in NetGear WG111v2 wireless ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5973 (Off-by-one buffer overflow in Dovecot 1.0test53 through 1.0.rc14, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5974 (fetchmail 6.3.5 and 6.3.6 before 6.3.6-rc4, when refusing a message ...) BUG: 160463 CVE-2006-5975 (Multiple cross-site scripting (XSS) vulnerabilities in comments.asp in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5976 (Multiple SQL injection vulnerabilities in admin_login.asp in BlogMe ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5977 (Multiple SQL injection vulnerabilities in MultiCalendars allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5978 (Unspecified vulnerability in E-Xoopport before 2.2.0 has unknown ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5979 (Renasoft NetJetServer 2.5.3.939, and possibly earlier, uses insecure ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5980 (adm_lgn_admin.asp in Renasoft NetJetServer 2.5.3.939, and possibly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5981 (Multiple directory traversal vulnerabilities in SeleniumServer FTP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5982 (SeleniumServer FTP Server 1.0, and possibly earlier, stores user ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5983 (Multiple cross-site scripting (XSS) vulnerabilities in JBMC Software ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5984 (Multiple cross-site scripting (XSS) vulnerabilities in Helm Web ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5985 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5986 (admin/options.php in Extreme CMS 0.9, and possibly earlier, does not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5987 (SQL injection vulnerability in default.asp in ASPintranet, possibly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5988 (Unspecified vulnerability in Windows 2000 Advanced Server SP4 running ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5989 (Off-by-one error in the der_get_oid function in mod_auth_kerb 5.0 ...) BUG: 155782 CVE-2006-5990 (VMWare VirtualCenter client 2.x before 2.0.1 Patch 1 (Build 33643) and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5991 (Multiple SQL injection vulnerabilities in wwweb concepts CactuShop ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5992 RESERVED CVE-2006-5993 RESERVED CVE-2006-5994 (Unspecified vulnerability in Microsoft Word 2000 and 2002, Office Word ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-5995 RESERVED CVE-2006-5996 RESERVED CVE-2006-5997 RESERVED CVE-2006-5998 RESERVED CVE-2006-5999 RESERVED CVE-2006-6000 RESERVED CVE-2006-6001 RESERVED CVE-2006-6002 RESERVED CVE-2006-6003 RESERVED CVE-2006-6004 RESERVED CVE-2006-6005 RESERVED CVE-2006-6006 RESERVED CVE-2006-6007 (save_profile.asp in WebEvents (Online Event Registration Template) 2.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6008 (ftpd in Linux Netkit (linux-ftpd) 0.17, and possibly other versions, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6009 (Unspecified vulnerability in the Java Runtime Environment (JRE) Swing ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6010 (SAP allows remote attackers to obtain potentially sensitive ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6011 (Unspecified vulnerability in SAP Web Application Server before 6.40 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6012 (Cross-site scripting (XSS) vulnerability in csm/asp/listings.asp in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6013 (Integer signedness error in the fw_ioctl (FW_IOCTL) function in the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6014 (The NetBSD-current kernel before 20061028 does not properly perform ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6015 (Buffer overflow in the JavaScript implementation in Safari on Apple ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6016 (wp-admin/user-edit.php in WordPress before 2.0.5 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6017 (WordPress before 2.0.5 does not properly store a profile containing a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6018 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6019 (Cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6020 (Cross-site scripting (XSS) vulnerability in announce.php in Blog ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6021 (SQL injection vulnerability in the login component in BestWebApp ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6022 (Cross-site scripting (XSS) vulnerability in login_form.asp in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6023 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6024 (Multiple buffer overflows in Eudora Worldmail, possibly Worldmail 3 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6025 (QUALCOMM Eudora WorldMail 4.0 allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6026 (Heap-based buffer overflow in Real Networks Helix Server and Helix ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6027 (Adobe Reader (Adobe Acrobat Reader) 7.0 through 7.0.8 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6028 (Directory traversal vulnerability in textview.php in Anton Vlasov ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6029 (SQL injection vulnerability in vir_Login.asp in Property Pro 1.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6030 (Multiple SQL injection vulnerabilities in E-Calendar Pro 3.0 allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6031 (Multiple SQL injection vulnerabilities in Greater Cincinnati Internet ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6032 (Multiple cross-site scripting (XSS) vulnerabilities in Simple PHP Blog ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6033 (Multiple directory traversal vulnerabilities in Simple PHP Blog ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6034 (Multiple SQL injection vulnerabilities in SitesOutlet E-commerce Kit-1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6035 (Cross-site scripting (XSS) vulnerability in list.php in BLOG:CMS 4.1.3 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6036 (SQL injection vulnerability in OpenHuman before 1.0 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6037 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6038 (SQL injection vulnerability in editpoll.php in Powie's PHP Forum ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6039 (SQL injection vulnerability in matchdetail.php in Powie's PHP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6040 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6041 (Multiple PHP remote file inclusion vulnerabilities in Laurent Van den ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6042 (PHP remote file inclusion vulnerability in core/editor.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6043 (PHP file inclusion vulnerability in loginform-inc.php in Oliver ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6044 (PHP remote file inclusion vulnerability in gallery_top.inc.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6045 (Multiple PHP remote file inclusion vulnerabilities in Comdev One Admin ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6046 (Multiple cross-site scripting (XSS) vulnerabilities in eggblog 3.1.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6047 (Directory traversal vulnerability in manager/index.php in Etomite ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6048 (SQL injection vulnerability in index.php in Etomite CMS 0.6.1.2, when ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6049 (PHP remote file inclusion vulnerability in shambo2.php in the Shambo2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6050 (Multiple SQL injection vulnerabilities in ClickTech Texas Rank'em ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6051 (PHP remote file inclusion vulnerability in reporter.logic.php in the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6052 (NetEpi Case Manager before 0.98 generates different error messages ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6053 (The ext3fs_dirhash function in Linux kernel 2.6.x allows local users ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6054 (The ext2 file system code in Linux kernel 2.6.x allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6055 (Stack-based buffer overflow in A5AGU.SYS 1.0.1.41 for the D-Link ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6056 (Linux kernel 2.6.x up to 2.6.18 and possibly other versions, when ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6057 (The Linux kernel 2.6.x up to 2.6.18, and possibly other versions, on ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6058 (The minix filesystem code in Linux kernel 2.6.x before 2.6.24, ...) BUG: 158788 CVE-2006-6059 (Buffer overflow in MA521nd5.SYS driver 5.148.724.2003 for NetGear ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6060 (The NTFS filesystem code in Linux kernel 2.6.x up to 2.6.18, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6061 (com.apple.AppleDiskImageController in Apple Mac OS X 10.4.8, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6062 (Unspecified vulnerability in Apple Mac OS X 10.4.8, and possibly other ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6063 (Stack-based buffer overflow in Un4seen XMPlay 3.3.0.5 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6064 (Multiple buffer overflows in the Message Parsing Interpreter (MPI) in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6065 (PHP remote file inclusion vulnerability in includes/mx_common.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6066 (Multiple SQL injection vulnerabilities in Dragon Calendar / Events ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6067 (Multiple SQL injection vulnerabilities in 20/20 DataShed (aka Real ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6068 (Directory traversal vulnerability in the cached_album function in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6069 (index.php in mAlbum 0.3 and earlier allows remote attackers to obtain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6070 (SQL injection vulnerability in module/account/register/register.asp in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6071 (TWiki 4.0.5 and earlier, when running under Apache 1.3 using ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6072 (SQL injection vulnerability in bpg/publications_list.asp in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6073 (Multiple SQL injection vulnerabilities in Enthrallweb eShopping Cart ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6074 (Multiple SQL injection vulnerabilities in Enthrallweb eShopping Cart ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6075 (Cross-site scripting (XSS) vulnerability in addpost1.asp in BaalAsp ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6076 (Buffer overflow in the Tape Engine (tapeeng.exe) in CA (formerly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6077 (The (1) Password Manager in Mozilla Firefox 2.0, and 1.5.0.8 and ...) BUG: 165555 CVE-2006-6078 (PHP remote file inclusion vulnerability in common.inc.php in a-ConMan ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6079 (Multiple PHP remote file inclusion vulnerabilities in LoudMouth 2.4 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6080 (Multiple SQL injection vulnerabilities in categories.asp in gNews ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6081 (PHP remote file inclusion vulnerability in Smarty_Compiler.class.php ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6082 (Multiple cross-site scripting (XSS) vulnerabilities in CreaScripts ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6083 (SQL injection vulnerability in search.asp in CreaScripts Creadirectory ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6084 (Directory traversal vulnerability in abitwhizzy.php in aBitWhizzy ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6085 (Kile before 1.9.3 does not assign a backup file the same permissions ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6086 (PHP remote file inclusion vulnerability in src/ark_inc.php in e-Ark ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6087 (Cross-site scripting (XSS) vulnerability in weblog.php in my little ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6088 (Multiple cross-site scripting (XSS) vulnerabilities in BlueCollar ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6089 (Multiple cross-site scripting (XSS) vulnerabilities in addpost1.asp in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6090 (Multiple SQL injection vulnerabilities in BaalAsp forum allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6091 (Cross-site scripting (XSS) vulnerability in Grim Pirate GrimBB before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6092 (Multiple SQL injection vulnerabilities in vehiclelistings.asp in 20/20 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6093 (Multiple PHP remote file inclusion vulnerabilities in adminprint.php ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6094 (Multiple SQL injection vulnerabilities in ActiveNews Manager allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6095 (Multiple SQL injection vulnerabilities in ActiveNews Manager allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6096 (Cross-site scripting (XSS) vulnerability in activenews_search.asp in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6097 (GNU tar 1.16 and 1.15.1, and possibly other versions, allows ...) BUG: 155901 CVE-2006-6098 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6099 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6100 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6101 (Integer overflow in the ProcRenderAddGlyphs function in the Render ...) BUG: 157421 CVE-2006-6102 (Integer overflow in the ProcDbeGetVisualInfo function in the DBE ...) BUG: 157421 CVE-2006-6103 (Integer overflow in the ProcDbeSwapBuffers function in the DBE ...) BUG: 157421 CVE-2006-6104 (The System.Web class in the XSP for ASP.NET server 1.1 through 2.0 in ...) BUG: 159886 CVE-2006-6105 (Format string vulnerability in the host chooser window (gdmchooser) in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6106 (Multiple buffer overflows in the cmtp_recv_interopmsg function in the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6107 (Unspecified vulnerability in the match_rule_equal function in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6108 (Cross-site scripting (XSS) vulnerability in EC-CUBE before 1.0.1a-beta ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6109 (Multiple SQL injection vulnerabilities in CandyPress Store 3.5.2.14 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6110 (Multiple SQL injection vulnerabilities in an unspecified BPG-InfoTech ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6111 (Multiple SQL injection vulnerabilities in Alan Ward A-Cart Pro 2.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6112 (LifeType 1.0.x and 1.1.x have insufficient access control for all of the PHP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6113 (Monkey Boards 0.3.5 allows remote attackers to obtain sensitive ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6114 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6115 (SQL injection vulnerability in index.asp in fipsCMS 4.5 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6116 (SQL injection vulnerability in default2.asp in fipsForum 2.6 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6117 (SQL injection vulnerability in index1.asp in fipsGallery 1.5 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6118 (Cross-site scripting (XSS) vulnerability in thumbs.php in mmgallery ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6119 (mmgallery 1.55 allows remote attackers to obtain sensitive information ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6120 (Integer overflow in the KPresenter import filter for Microsoft ...) BUG: 155914 CVE-2006-6121 (Acer Notebook LunchApp.APlunch ActiveX control allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6122 (Multiple buffer overflows in TIN before 1.8.2 have unspecified impact ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6123 (Coppermine Photo Gallery (CPG) 1.4.8 stable, with register_globals ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6124 (Cross-site scripting (XSS) vulnerability in SeleniumServer Web Server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6125 (Heap-based buffer overflow in the wireless driver (WG311ND5.SYS) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6126 (Apple Mac OS X allows local users to cause a denial of service (memory ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6127 (Apple Mac OS X kernel allows local users to cause a denial of service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6128 (The ReiserFS functionality in Linux kernel 2.6.18, and possibly other ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6129 (Integer overflow in the fatfile_getarch2 in Apple Mac OS X allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6130 (Apple Mac OS X AppleTalk allows local users to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6131 (Untrusted search path vulnerability in (1) WSAdminServer and (2) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6132 (Multiple SQL injection vulnerabilities in Link Exchange Lite allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6133 (Stack-based buffer overflow in Visual Studio Crystal Reports for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6134 (Heap-based buffer overflow in the WMCheckURLScheme function in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6135 (Multiple unspecified vulnerabilities in IBM WebSphere Application ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6136 (IBM WebSphere Application Server 6.1.0 before Fix Pack 3 (6.1.0.3) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6137 (Multiple PHP remote file inclusion vulnerabilities in Sisfo Kampus 0.8 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6138 (Directory traversal vulnerability in download.php in Sisfo Kampus 0.8 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6139 (Directory traversal vulnerability in downloadexcel.php in Sisfo Kampus ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6140 (PHP remote file inclusion vulnerability in Sisfo Kampus 2006 (Semarang ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6141 (Buffer overflow in Tftpd32 3.01 allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6142 (Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6143 (The RPC library in Kerberos 5 1.4 through 1.4.4, and 1.5 through ...) BUG: 158810 CVE-2006-6144 (The "mechglue" abstraction interface of the GSS-API library for ...) BUG: 158810 CVE-2006-6145 (CRYPTOCard CRYPTO-Server before 6.4.56 stores LDAP credentials in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6146 (Buffer overflow in the HPDF_Page_Circle function in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6147 (Multiple SQL injection vulnerabilities in JiRos Links Manager allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6148 (Multiple cross-site scripting (XSS) vulnerabilities in submitlink.asp ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6149 (SQL injection vulnerability in index.asp in JiRos FAQ Manager 1.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6150 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6151 (PHP remote file inclusion vulnerability in centre.php in Messagerie ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6152 (Multiple SQL injection vulnerabilities in vSpin.net Classified System ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6153 (Multiple cross-site scripting (XSS) vulnerabilities in vSpin.net ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6154 (PHP remote file inclusion vulnerability in addcode.php in HIOX Star ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6155 (Multiple SQL injection vulnerabilities in addrating.php in HIOX Star ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6156 (Cross-site scripting (XSS) vulnerability in auth/message.php in HIOX ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6157 (SQL injection vulnerability in index.php in ContentNow 1.39 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6158 (Multiple cross-site scripting (XSS) vulnerabilities in (a) PMOS Help ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6159 (Multiple cross-site scripting (XSS) vulnerabilities in newticket.php ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6160 (SQL injection vulnerability in details.asp in Doug Luxem Liberum Help ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6161 (Multiple SQL injection vulnerabilities in Doug Luxem Liberum Help Desk ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6162 (Cross-site scripting (XSS) vulnerability in tiki-edit_structures.php ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6163 (Cross-site scripting (XSS) vulnerability in tiki-setup_base.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6164 (The _dl_unsetenv function in loader.c in the ELF ld.so in OpenBSD 3.9 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6165 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6166 (Cross-site scripting (XSS) vulnerability in jce.php in the JCE Admin ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6167 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6168 (tiki-register.php in TikiWiki before 1.9.7 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6169 (Heap-based buffer overflow in the ask_outfile_name function in ...) BUG: 156947 BUG: 156476 CVE-2006-6170 (Buffer overflow in the tls_x509_name_oneline function in the mod_tls ...) BUG: 154650 CVE-2006-6171 (** DISPUTED ** ...) BUG: 154650 CVE-2006-6172 (Buffer overflow in the asmrp_eval function in the RealMedia RTSP ...) BUG: 159727 BUG: 156645 CVE-2006-6173 (Buffer overflow in the shared_region_make_private_np function in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6174 (Cross-site scripting (XSS) vulnerability in tDiary before 2.0.3 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6175 (Directory traversal vulnerability in lib/FBView.php in Horde Kronolith ...) BUG: 156627 CVE-2006-6176 (Cross-site scripting (XSS) vulnerability in admin.php in Blogn before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6177 (SQL injection vulnerability in system/core/users/users.profile.inc.php ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6178 (Buffer overflow in PCCSRV\Web_console\RemoteInstallCGI\Wizard.exe for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6179 (Buffer overflow in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6180 (Cross-site scripting (XSS) vulnerability in articles.asp in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6181 (Multiple SQL injection vulnerabilities in default.asp in ClickTech ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6182 (The Gabriele Teotino GNotebook 0.7.0.1 gadget for Google Desktop ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6183 (Multiple stack-based buffer overflows in 3Com 3CTftpSvc 2.0.1, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6184 (Multiple stack-based buffer overflows in Allied Telesyn TFTP Server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6185 (Directory traversal vulnerability in script.php in Wabbit PHP Gallery ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6186 (Multiple directory traversal vulnerabilities in enomphp 4.0 allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6187 (Multiple SQL injection vulnerabilities in ClickTech Click Gallery ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6188 (Cross-site scripting (XSS) vulnerability in view_search.asp in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6189 (SQL injection vulnerability in displayCalendar.asp in ClickTech Click ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6190 (SQL injection vulnerability in anna.pl in Anna^ IRC Bot before 0.30 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6191 (SQL injection vulnerability in admin/edit.asp in 8pixel.net simpleblog ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6192 (Unspecified scripts in the admin directory in 8pixel.net SimpleBlog ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6193 (SQL injection vulnerability in edit.asp in BasicForum 1.1 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6194 (Multiple SQL injection vulnerabilities in index.asp in Ultimate Survey ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6195 (Multiple SQL injection vulnerabilities in Fixit iDMS Pro Image Gallery ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6196 (Cross-site scripting (XSS) vulnerability in the search functionality ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6197 (Multiple cross-site scripting (XSS) vulnerabilities in b2evolution ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6198 (Multiple cross-site scripting (XSS) vulnerabilities in cPanel WebHost ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6199 (Stack-based buffer overflow in BlazeVideo BlazeDVD Standard and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6200 (Multiple SQL injection vulnerabilities in the (1) rate_article and (2) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6201 (Heap-based buffer overflow in Borland idsql32.dll 5.1.0.4, as used by ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6202 (PHP remote file inclusion vulnerability in modules/NukeAI/util.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6203 (Directory traversal vulnerability in startdown.php in the Flyspray ME ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6204 (Multiple SQL injection vulnerabilities in Enthrallweb eHomes allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6205 (Multiple cross-site scripting (XSS) vulnerabilities in result.asp in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6206 (SQL injection vulnerability in item.asp in WarHound General Shopping ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6207 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6208 (Multiple SQL injection vulnerabilities in Enthrallweb eClassifieds ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6209 (Multiple SQL injection vulnerabilities in MidiCart ASP Shopping Cart ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6210 (SQL injection vulnerability in listpics.asp in ASP ListPics 5.0 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6211 (Multiple cross-site scripting (XSS) vulnerabilities in BirdBlog 1.4.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6212 (PHP remote file inclusion vulnerability in centre.php in Site News ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6213 (index.php in PEGames uses the extract function to overwrite critical ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6214 (SQL injection vulnerability in wallpaper.php in Wallpaper Website ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6215 (Multiple SQL injection vulnerabilities in Wallpaper Website (Wallpaper ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6216 (SQL injection vulnerability in admin_hacks_list.php in the Nivisec ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6217 (PHP remote file inclusion vulnerability in formdisp.php in the Mermaid ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6218 (Multiple SQL injection vulnerabilities in index.php in dev4u CMS allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6219 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6220 (Multiple SQL injection vulnerabilities in Recipes Website (Recipes ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6221 (2X ThinClientServer Enterprise Edition before 4.0.2248 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6222 (Stack-based buffer overflow in the NetBackup bpcd daemon (bpcd.exe) in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6223 (Cross-site scripting (XSS) vulnerability in Google Search Appliance ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6224 (PHP remote file inclusion vulnerability in the installation scripts in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6225 (Multiple PHP remote file inclusion vulnerabilities in GeekLog 1.4 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6226 (Multiple format string vulnerabilities in NeoEngine 0.8.2 and earlier, ...) BUG: 260956 CVE-2006-6227 (The Core::Receive function in neonet/core.cpp for NeoEngine 0.8.2 and ...) BUG: 260956 CVE-2006-6228 (Cross-site scripting (XSS) vulnerability in Codewalkers ltwCalendar ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6229 (Codewalkers ltwCalendar (aka PHP Event Calendar) before 4.2.1 logs ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6230 (SQL injection vulnerability in vuBB 0.2.1 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6231 (vuBB 0.2.1 and earlier allows remote attackers to obtain sensitive ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6232 (PHP remote file inclusion vulnerability in admin/index.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6233 (SQL injection vulnerability in the Downloads module for unknown ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6234 (Multiple SQL injection vulnerabilities in the Content module in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6235 (A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x ...) BUG: 156947 BUG: 156476 CVE-2006-6236 (Adobe Reader (Adobe Acrobat Reader) 7.0 through 7.0.8 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6237 (SQL injection vulnerability in the decode_cookie function in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6238 (The AutoFill feature in Apple Safari 2.0.4 does not properly verify ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6239 (webadmin in MailEnable NetWebAdmin Professional 2.32 and Enterprise ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6240 (Directory traversal vulnerability in Sorin Chitu Telnet-FTP Server 1.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6241 (Sorin Chitu Telnet-FTP Server 1.0 allows remote authenticated users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6242 (Multiple directory traversal vulnerabilities in Serendipity 1.0.3 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6243 (Multiple SQL injection vulnerabilities in index.asp in FipsSHOP allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6244 (Coalescent Systems freePBX (formerly Asterisk Management Portal) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6245 (Multiple SQL injection vulnerabilities in Photo Organizer (PO) 2.32b ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6246 (Photo Organizer 2.32b and earlier does not properly check the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6247 (Multiple SQL injection vulnerabilities in Uapplication UPhotoGallery ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6248 (index.php in GPhotos 1.5 allows remote attackers to obtain sensitive ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6249 (Cross-site scripting (XSS) vulnerability in Chama Cargo 4.36 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6250 (Format string vulnerability in Songbird Media Player 0.2 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6251 (Stack-based buffer overflow in VUPlayer 2.44 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6252 (Microsoft Windows Live Messenger 8.0 and earlier, when gestual ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6253 (Cahier de texte 2.0 stores sensitive information under the web root, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6254 (administration/telecharger.php in Cahier de texte 2.0 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6255 (Direct static code injection vulnerability in util.php in the NukeAI ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6256 (Cross-site scripting (XSS) vulnerability in the file manager in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6257 (The file manager in AlternC 0.9.5 and earlier, when warnings are ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6258 (The phpmyadmin subsystem in AlternC 0.9.5 and earlier transmits the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6259 (Multiple directory traversal vulnerabilities in (a) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6260 (SQL injection vulnerability in login.asp in Redbinaria Sistema ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6261 (Buffer overflow in Quintessential Player 4.50.1.82 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6262 (Directory traversal vulnerability in mboard.php in PHPJunkYard (aka ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6263 (Teredo clients, when source routing is enabled, recognize a Routing ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6264 (Teredo creates trusted peer entries for arbitrary incoming source ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6265 (Teredo clients, when located behind a restricted NAT, allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6266 (Teredo clients, when following item 6 of RFC4380 section 5.2.3, start ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6267 (PostNuke 0.7.5.0, and certain minor versions, allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6268 (SQL injection vulnerability in system/core/profile/profile.inc.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6269 (Multiple SQL injection vulnerabilities in Infinitytechs Restaurants CM ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6270 (Multiple SQL injection vulnerabilities in ASPMForum allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6271 (Multiple cross-site scripting (XSS) vulnerabilities in PHPOLL 0.96 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6272 (Cross-site scripting (XSS) vulnerability in sp_index.php in Simple PHP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6273 (sp_index.php in Simple PHP Gallery 1.1 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6274 (SQL injection vulnerability in articles.asp in Expinion.net iNews (1) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6275 (Race condition in the kernel in Sun Solaris 8 through 10 allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6276 (HTTP request smuggling vulnerability in Sun Java System Proxy Server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6277 (Directory traversal vulnerability in admin/FileServer.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6278 (Cross-site scripting (XSS) vulnerability in index.php in @lex ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6279 (index.php in @lex Guestbook 4.0.1 allows remote attackers to obtain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6280 (SQL injection vulnerability in viewthread.php in Oxygen (O2PHP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6281 (PHP remote file inclusion vulnerability in check_status.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6282 (members.php in Vikingboard 0.1.2 allows remote attackers to trigger a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6283 (Multiple cross-site scripting (XSS) vulnerabilities in Vikingboard ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6284 (Directory traversal vulnerability in admin.php in Vikingboard 0.1.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6285 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6286 (Palm Desktop 4.1.4 and earlier stores user data with weak permissions ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6287 (Stack-based buffer overflow in AtomixMP3 2.3 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6288 (Multiple buffer overflows in Niek Albers CoolPlayer 216 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6289 (Woltlab Burning Board (wBB) Lite 1.0.2 does not properly unset ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6290 (Multiple stack-based buffer overflows in the IMAP module (MEIMAPS.EXE) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6291 (Stack overflow in the IMAP module (MEIMAPS.EXE) in MailEnable ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6292 (Apple Airport Extreme firmware 0.1.27 in Mac OS X 10.4.8 on Mac mini, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6293 (Heap-based buffer overflow in FRISK Software F-Prot Antivirus before ...) BUG: 157612 CVE-2006-6294 (Multiple unspecified vulnerabilities in FRISK Software F-Prot ...) BUG: 157612 CVE-2006-6295 (PHP remote file inclusion vulnerability in includes/mx_common.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6296 (The RpcGetPrinterData function in the Print Spooler (spoolsv.exe) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6297 (Stack consumption vulnerability in the KFILE JPEG (kfile_jpeg) plugin ...) BUG: 155949 CVE-2006-6298 (SQL injection vulnerability in uye_giris_islem.asp in Metyus Okul ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6299 (Integer overflow in Msg.dll in Novell ZENworks 7 Asset Management ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6300 (Cross-site scripting (XSS) vulnerability in CuteNews 1.3.6 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6301 (DenyHosts 2.5 does not properly parse sshd log files, which allows ...) BUG: 157163 CVE-2006-6302 (fail2ban 0.7.4 and earlier does not properly parse sshd log files, ...) BUG: 157166 CVE-2006-6303 (The read_multipart function in cgi.rb in Ruby before 1.8.5-p2 does not ...) BUG: 157048 CVE-2006-6304 (The do_coredump function in fs/exec.c in the Linux kernel 2.6.19 sets ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6305 (Unspecified vulnerability in Net-SNMP 5.3 before 5.3.0.1, when ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6306 (Format string vulnerability in Novell Modular Authentication Services ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6307 (srvloc.sys in Novell Client for Windows before 4.91 SP3 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6308 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6309 (Multiple array index errors in IBM Tivoli Storage Manager (TSM) before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6310 (Microsoft Internet Explorer 6.0 SP1 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6311 (Microsoft Internet Explorer 6.0.2900.2180 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6312 RESERVED CVE-2006-6313 RESERVED CVE-2006-6314 RESERVED CVE-2006-6315 RESERVED CVE-2006-6316 RESERVED CVE-2006-6317 RESERVED CVE-2006-6318 (The show_elog_list function in elogd.c in elog 2.6.2 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6319 RESERVED CVE-2006-6320 RESERVED CVE-2006-6321 RESERVED CVE-2006-6322 RESERVED CVE-2006-6323 RESERVED CVE-2006-6324 RESERVED CVE-2006-6325 RESERVED CVE-2006-6326 RESERVED CVE-2006-6327 RESERVED CVE-2006-6328 (Directory traversal vulnerability in index.php for TorrentFlux 2.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6329 (index.php for TorrentFlux 2.2 allows remote attackers to delete files ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6330 (index.php for TorrentFlux 2.2 allows remote registered users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6331 (metaInfo.php in TorrentFlux 2.2, when $cfg["enable_file_priority"] is ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6332 (Stack-based buffer overflow in net80211/ieee80211_wireless.c in ...) BUG: 157449 CVE-2006-6333 (The tr_rx function in ibmtr.c for Linux kernel 2.6.19 assigns the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6334 (Heap-based buffer overflow in the SendChannelData function in wfica.ocx in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6335 (Multiple buffer overflows in Sophos Anti-Virus scanning engine before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6336 (Heap-based buffer overflow in the Mail Management Server (MAILMA.exe) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6337 (Multiple SQL injection vulnerabilities in giris.asp in Aspee and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6338 (Unrestricted file upload vulnerability in upload/index.php in deV!L`z ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6339 (SQL injection vulnerability in sites/index.php in deV!L`z Clanportal ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6340 (keystone.exe in nVIDIA nView allows attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6341 (Multiple PHP remote file inclusion vulnerabilities in mg.applanix ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6342 (Multiple SQL injection vulnerabilities in KLF-DESIGN (aka Kim L. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6343 (SQL injection vulnerability in polls.php in Neocrome Seditio 1.10 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6344 (Multiple unspecified vulnerabilities in Neocrome Seditio 1.10 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6345 (Directory traversal vulnerability in SAP Internet Graphics Service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6346 (Unspecified vulnerability in SAP Internet Graphics Service (IGS) 6.40 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6347 (Unrestricted file upload vulnerability in TFT-Gallery allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6348 (Cross-site scripting (XSS) vulnerability in board.php in mowdBB RC-6 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6349 (Multiple SQL injection vulnerabilities in PWP Technologies The ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6350 (listpics 5 stores sensitive data under the web root with insufficient ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6351 (KhaledMuratList stores sensitive data under the web root with ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6352 (FRISK Software F-Prot Antivirus before 4.6.7 allows user-assisted ...) BUG: 157612 CVE-2006-6353 (Multiple unspecified vulnerabilities in BOMArchiveHelper in Mac OS X ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6354 (Multiple SQL injection vulnerabilities in detail.asp in DuWare DuNews ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6355 (SQL injection vulnerability in default.asp in DuWare DuClassmate ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6356 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6357 (Cross-site scripting (XSS) vulnerability in templates/cat_temp.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6358 (SQL injection vulnerability in the login function in auth.inc in ...) BUG: 235053 CVE-2006-6359 (Cross-site scripting (XSS) vulnerability in Stefan Frech ...) BUG: 235053 CVE-2006-6360 (PHP remote file inclusion vulnerability in activate.php in PHP Upload ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6361 (Heap-based buffer overflow in the uploadprogress_php_rfc1867_file ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6362 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6363 (Cross-site scripting (XSS) vulnerability in admin.pl in BlueSocket ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6364 (Cross-site scripting (XSS) vulnerability in error.php in Inside ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6365 (SQL injection vulnerability in detail.asp in DUware DUpaypal 3.1, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6366 (Cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6367 (Multiple SQL injection vulnerabilities in detail.asp in DUware ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6368 (PHP remote file inclusion vulnerability in login.php.inc in awrate 1.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6369 (SQL injection vulnerability in lib/entry_reply_entry.php in Invision ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6370 (SQL injection vulnerability in forum/modules/gallery/post.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6371 (Cross-site scripting (XSS) vulnerability in pbguestbook.php in JAB ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6372 (Multiple cross-site scripting (XSS) vulnerabilities in pbguestbook.php ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6373 (PhpMyAdmin 2.7.0-pl2 allows remote attackers to obtain sensitive ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6374 (Multiple CRLF injection vulnerabilities in PhpMyAdmin 2.7.0-pl2 allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6375 (Cross-site scripting (XSS) vulnerability in display.php in Simple ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6376 (Multiple directory traversal vulnerabilities in fm.php in Simple File ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6377 (Uploadscript 1.2 and earlier stores sensitive data under the web root ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6378 (BTSaveMySql 1.2 stores sensitive data under the web root with ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6379 (Buffer overflow in the BrightStor Backup Discovery Service in multiple ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6380 (Cross-site scripting (XSS) vulnerability in index.asp in Ultimate ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6381 (Directory traversal vulnerability in getfile.asp in Ultimate HelpDesk ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6382 (The control panel for Positive Software H-Sphere before 2.5.0 RC3 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6383 (PHP 5.2.0 and 4.4 allows local users to bypass safe_mode and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6384 (Absolute path traversal vulnerability in abitwhizzy.php before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6385 (Stack-based buffer overflow in Intel PRO 10/100, PRO/1000, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6386 (Cross-site scripting (XSS) vulnerability in the CVS management/tracker ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6387 (Multiple SQL injection vulnerabilities in LINK Content Management ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6388 (Cross-site scripting (XSS) vulnerability in naprednaPretraga.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6389 (Multiple cross-site scripting (XSS) vulnerabilities in ac4p Mobile ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6390 (Multiple directory traversal vulnerabilities in Open Solution ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6391 (Multiple directory traversal vulnerabilities in Open Solution ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6392 (Directory traversal vulnerability in index.php in plx Web Studio (aka ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6393 (Cross-site scripting (XSS) vulnerability in Jonas Gauffin Publicera ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6394 (SQL injection vulnerability in certain database classes in Jonas ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6395 (Multiple memory leaks in Ulrik Petersen Emdros Database Engine before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6396 (Stack-based buffer overflow in BlazeVideo HDTV Player 2.1, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6397 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6398 (Multiple SQL injection vulnerabilities in Superfreaker Studios ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6399 (SQL injection vulnerability in Superfreaker Studios UPublisher 1.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6400 (Buffer overflow in JustSystems Hanako 2004 through 2006, Hanako viewer ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6401 (Multiple cross-site scripting (XSS) vulnerabilities in mystats.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6402 (SQL injection vulnerability in mystats.php in MyStats 1.0.8 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6403 (mystats.php in MyStats 1.0.8 and earlier allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6404 (INNOVATION Data Processing FDR/UPSTREAM 3.3.0 (GA Oct 2003) allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6405 (BitDefender Mail Protection for SMB 2.0 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6406 (Clam AntiVirus (ClamAV) 0.88.6 allows remote attackers to bypass virus ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6407 (F-Prot Antivirus for Linux x86 Mail Servers 4.6.6 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6408 (Kaspersky Anti-Virus for Linux Mail Servers 5.5.10 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6409 (F-Secure Anti-Virus for Linux Gateways 4.65 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6410 (Buffer overflow in an ActiveX control in VMWare 5.5.1 allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6411 (PhoneCtrl.exe in Linksys WIP 330 Wireless-G IP Phone 1.00.06A allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6412 RESERVED CVE-2006-6413 (Cross-site scripting (XSS) vulnerability in Amateras sns 3.11 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6414 (Multiple SQL injection vulnerabilities in dettaglio.asp in dol storye ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6415 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6416 (Multiple PHP remote file inclusion vulnerabilities in PhpLeague - ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6417 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6418 (Buffer overflow in the POSIX Threads library (libpthread) on HP Tru64 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6419 (jce.php in the JCE Admin Component in Ryan Demmer Joomla Content ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6420 (Multiple cross-site scripting (XSS) vulnerabilities in jce.php in the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6421 (Cross-site scripting (XSS) vulnerability in the private message box ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6422 (Agileco AgileBill 1.4.x and AgileVoice 1.4.x do not properly handle ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6423 (Stack-based buffer overflow in the IMAP service for MailEnable ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6424 (Multiple buffer overflows in Novell NetMail before 3.52e FTF2 allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6425 (Stack-based buffer overflow in the IMAP daemon (IMAPD) in Novell ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6426 (PHP remote file inclusion vulnerability in design/thinkedit/render.php ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6427 (The Web User Interface in Xerox WorkCentre and WorkCentre Pro before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6428 (Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6429 (Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6430 (Web services in Xerox WorkCentre and WorkCentre Pro before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6431 (Unspecified vulnerability in Xerox WorkCentre and WorkCentre Pro ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6432 (Unspecified vulnerability in the Scan-to-mailbox feature in Xerox ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6433 (Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6434 (Unspecified vulnerability in the Web User Interface in Xerox ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6435 (The SNMP implementation in Xerox WorkCentre and WorkCentre Pro before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6436 (Cross-site scripting (XSS) vulnerability in the Network controller in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6437 (ops3-dmn in Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6438 (Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6439 (Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6440 (Multple unspecified vulnerabilities in Xerox WorkCentre and WorkCentre ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6441 (Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6442 (Stack-based buffer overflow in the SetClientInfo function in the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6443 (Buffer overflow in the Novell Distributed Print Services (NDPS) Print ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6444 (Stack-based buffer overflow in Nostra DivX Player 2.1, 2.2.00.0, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6445 (Directory traversal vulnerability in error.php in Envolution 1.1.0 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6446 (SQL injection vulnerability in index.php in iWare Professional 5.0.4, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6447 (Multiple cross-site scripting (XSS) vulnerabilities in Vt-Forum Lite ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6448 (Multiple SQL injection vulnerabilities in Vt-Forum Lite 1.3 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6449 (Vt-Forum Lite 1.3 and earlier store sensitive information under the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6450 (Multiple SQL injection vulnerabilities in dagent/downloadreport.asp in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6451 (Multiple cross-site scripting (XSS) vulnerabilities in SWsoft Plesk ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6452 (Multiple cross-site scripting (XSS) vulnerabilities in the MyArticles ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6453 (PHP remote file inclusion vulnerability in JOWAMP_ShowPage.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6454 (execInBackground.php in J-OWAMP Web Interface 2.1b and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6455 (Multiple SQL injection vulnerabilities in admin/default.asp in DUware ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6456 (Unspecified vulnerability in Microsoft Word 2000, 2002, and 2003 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6457 (tiki-wiki_rss.php in Tikiwiki 1.9.5, 1.9.2, and possibly other ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6458 (The Trend Micro scan engine before 8.320 for Windows and before 8.150 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6459 (Cross-site scripting (XSS) vulnerability in toplist.php in PhpBB ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6460 (Yourfreeworld.com Short Url & Url Tracker Script allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6461 (tr1.php in Yourfreeworld Stylish Text Ads Script allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6462 (PHP remote file inclusion vulnerability in engine/oldnews.inc.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6463 (Unrestricted file upload vulnerability in admin/add.php in Midicart ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6464 (viewcart in Midicart accepts negative numbers in the Qty (quantity) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6465 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6466 (Multiple cross-site scripting (XSS) vulnerabilities in WBmap.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6467 (Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6468 (Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6469 (Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6470 (The SNMP Agent in Xerox WorkCentre and WorkCentre Pro before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6471 (Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6472 (The httpd.conf file in Xerox WorkCentre and WorkCentre Pro before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6473 (Multiple unspecified vulnerabilities in Xerox WorkCentre and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6474 (Untrusted search path vulnerability in McAfee VirusScan for Linux ...) BUG: 156989 CVE-2006-6475 (FRAgent.exe in Mandiant First Response (MFR) before 1.1.1, when run in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6476 (FRAgent.exe in Mandiant First Response (MFR) before 1.1.1, when run in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6477 (FRAgent.exe in Mandiant First Response (MFR) before 1.1.1, when run in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6478 (Multiple SQL injection vulnerabilities in AnnonceScriptHP 2.0 allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6479 (Multiple cross-site scripting (XSS) vulnerabilities in AnnonceScriptHP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6480 (admin/admin_membre/fiche_membre.php in AnnonceScriptHP 2.0 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6481 (Clam AntiVirus (ClamAV) 0.88.6 allows remote attackers to cause a ...) BUG: 157698 CVE-2006-6482 (Adobe ColdFusion MX7 allows remote attackers to obtain sensitive ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6483 (Adobe ColdFusion MX 7.x before 7.0.2 does not properly filter HTML ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6484 (The IMAP service for MailEnable Professional and Enterprise Edition ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6485 (Multiple cross-site scripting (XSS) vulnerabilities in ShopSite 8.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6486 (SQL injection vulnerability in EasyPage allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6487 (Cross-site scripting (XSS) vulnerability in index.php in DT Guestbook ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6488 (Stack-based buffer overflow in the DoModal function in the Dialog Wrapper ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6489 (The SISCO OSI stack, as used in SISCO MMS-EASE, ICCP Toolkit for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6490 (Multiple buffer overflows in the SupportSoft (1) SmartIssue ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6491 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6492 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6493 (Buffer overflow in the krbv4_ldap_auth function in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6494 (Directory traversal vulnerability in ld.so.1 in Sun Solaris 8, 9, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6495 (Stack-based buffer overflow in ld.so.1 in Sun Solaris 8, 9, and 10 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6496 (The (1) VetMONNT.sys and (2) VetFDDNT.sys drivers in CA Anti-Virus ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6497 (Multiple unspecified vulnerabilities in the layout engine for Mozilla ...) BUG: 158576 BUG: 158571 BUG: 156023 CVE-2006-6498 (Multiple unspecified vulnerabilities in the JavaScript engine for ...) BUG: 158576 BUG: 156023 CVE-2006-6499 (The js_dtoa function in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x ...) BUG: 158576 BUG: 156023 CVE-2006-6500 (Heap-based buffer overflow in Mozilla Firefox 2.x before 2.0.0.1, ...) BUG: 158576 BUG: 158571 BUG: 156023 CVE-2006-6501 (Unspecified vulnerability in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x ...) BUG: 158576 BUG: 158571 BUG: 156023 CVE-2006-6502 (Use-after-free vulnerability in the LiveConnect bridge code for ...) BUG: 158576 BUG: 158571 BUG: 156023 CVE-2006-6503 (Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird ...) BUG: 158576 BUG: 158571 BUG: 156023 CVE-2006-6504 (Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, and ...) BUG: 158576 BUG: 156023 CVE-2006-6505 (Multiple heap-based buffer overflows in Mozilla Thunderbird before ...) BUG: 158576 BUG: 158571 CVE-2006-6506 (The "Feed Preview" feature in Mozilla Firefox 2.0 before 2.0.0.1 sends ...) BUG: 156023 CVE-2006-6507 (Mozilla Firefox 2.0 before 2.0.0.1 allows remote attackers to bypass ...) BUG: 156023 CVE-2006-6508 (Cross-site request forgery (CSRF) vulnerability in phpBB 2.0.21 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6509 (Cross-site scripting (XSS) vulnerability in the skinning feature in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6510 (An unspecified ActiveX control in SiteKiosk before 6.5.150 is ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6511 (dadaIMC .99.3 uses an insufficiently restrictive FilesMatch directive ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6512 (Directory traversal vulnerability in the Browse function (/browse URI) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6513 (The CControl::Download function (/dl URI) in Winamp Web Interface ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6514 (Winamp Web Interface (Wawi) 7.5.13 and earlier uses an insufficient ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6515 (Mantis before 1.1.0a2 sets the default value of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6516 (Multiple PHP remote file inclusion vulnerabilities in KDPics 1.16 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6517 (Multiple cross-site scripting (XSS) vulnerabilities in KDPics 1.16 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6518 (Multiple cross-site scripting (XSS) vulnerabilities in ProNews 1.5 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6519 (SQL injection vulnerability in lire-avis.php in ProNews 1.5 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6520 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6521 (SQL injection vulnerability in lire-avis.php in Messageriescripthp 2.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6522 (Multiple cross-site scripting (XSS) vulnerabilities in WikiTimeScale ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6523 (Cross-site scripting (XSS) vulnerability in mail/manage.html in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6524 (SQL injection vulnerability in vdateUsr.asp in EzHRS HR Assist 1.05 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6525 (SQL injection vulnerability in vdateUsr.asp in EzHRS HR Assist 1.05 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6526 (PHP remote file inclusion vulnerability in index.php in Gizzar ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6527 (PHP remote file inclusion vulnerability in guest.php in Gizzar ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6528 (The Chatroom Module before 4.7.x.-1.0 for Drupal broadcasts Chatroom ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6529 (The Chatroom Module before 4.7.x.-1.0 for Drupal displays private ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6530 (SQL injection vulnerability in the Help Tip module before 4.7.x-1.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6531 (Cross-site scripting (XSS) vulnerability in the Help Tip module before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6532 (Multiple cross-site scripting (XSS) vulnerabilities in Vt-Forum Lite ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6533 (Directory traversal vulnerability in admin/templates_boxes_layout.php ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6534 (Multiple cross-site scripting (XSS) vulnerabilities in osCommerce ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6535 (The dev_queue_xmit function in Linux kernel 2.6 can fail before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6536 (Cross-site scripting (XSS) vulnerability in hata.asp in Cilem Haber ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6537 (IBM WebSphere Host On-Demand 6.0, 7.0, 8.0, 9.0, and possibly 10, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6538 (D-LINK DWL-2000AP+ firmware 2.11 allows remote attackers to cause (1) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6539 (Multiple buffer overflows in Winamp Web Interface (Wawi) 7.5.13 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6540 (SQL injection vulnerability in bt-trackback.php in Bluetrait before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6541 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6542 (SQL injection vulnerability in news.php in Fantastic News 2.1.4 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6543 (Multiple SQL injection vulnerabilities in login.asp in AppIntellect ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6544 (Cross-site scripting (XSS) vulnerability in CM68 News allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6545 (PHP remote file inclusion vulnerability in includes/common.php in the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6546 (PHP remote file inclusion vulnerability in inc/shows.inc.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6547 (Buffer overflow in the readAA function in read_aa.cpp in Winamp iPod ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6548 (Multiple cross-site scripting (XSS) vulnerabilities in cPanel WebHost ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6549 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6550 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6551 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6552 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6553 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6554 (Unspecified vulnerability in Kerio MailServer before 6.3.1 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6555 (Multiple SQL injection vulnerabilities in EasyFill before 0.5.1 allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6556 (The eyeHome function in apps/eyeHome.eyeapp/aplic.php in EyeOS before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6557 (Multiple unspecified vulnerabilities in Skulls! before 0.2.6 have ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6558 (Crob FTP Server 3.6.1 b.263 allows remote attackers to cause a denial ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6559 (SQL injection vulnerability in ProductDetails.asp in Lotfian Request ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6560 (PHP remote file inclusion vulnerability in includes/common.php in the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6561 (Unspecified vulnerability in Microsoft Word 2000, 2002, and Word ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6562 RESERVED CVE-2006-6563 (Stack-based buffer overflow in the pr_ctrls_recv_request function in ...) BUG: 158122 CVE-2006-6564 (FileZilla Server before 0.9.22 allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6565 (FileZilla Server before 0.9.22 allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6566 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6567 (PHP remote file inclusion vulnerability in includes/kb_constants.php ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6568 (Directory traversal vulnerability in includes/kb_constants.php in the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6569 (form.php in GenesisTrader 1.0 allows remote attackers to read source ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6570 (Unrestricted file upload vulnerability in upload.php in GenesisTrader ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6571 (Multiple cross-site scripting (XSS) vulnerabilities in form.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6572 (Unspecified vulnerability in Citrix Advanced Access Control (AAC) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6573 (Unspecified vulnerability in Citrix Access Gateway 4.5 Advanced ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6574 (Mantis before 1.1.0a2 does not implement per-item access control for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6575 (PHP remote file inclusion vulnerability in ldap.php in Brian Drawert ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6576 (Heap-based buffer overflow in Golden FTP Server (goldenftpd) 1.92 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6577 (SQL injection vulnerability in polls.php in Neocrome Land Down Under ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6578 (Microsoft Internet Information Services (IIS) 5.1 permits the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6579 (Microsoft Windows XP has weak permissions (FILE_WRITE_DATA and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6580 (admin/change.php in ProNews 1.5 does not check whether a user is ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6581 (PHP remote file inclusion vulnerability in tests/debug_test.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6582 (Multiple cross-site scripting (XSS) vulnerabilities in ScriptMate User ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6583 (ScriptMate User Manager 2.1 and earlier allow remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6584 (Multiple buffer overflows in italkplus (Italk+) before 0.92.1 allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6585 (The Extensions manager in Mozilla Firefox 2.0 does not properly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6586 (Multiple PHP remote file inclusion vulnerabilities in Vortex Blog ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6587 (Cross-site scripting (XSS) vulnerability in the forum implementation ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6588 (The forum implementation in the ecommerce component in the Apache Open ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6589 (Cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6590 (PHP remote file inclusion vulnerability in usercp_menu.php in AR ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6591 (PHP remote file inclusion vulnerability in fonctions/template.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6592 (Multiple PHP remote file inclusion vulnerabilities in Bloq 0.5.4 allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6593 (PHP remote file inclusion vulnerability in zufallscodepart.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6594 (SQL injection vulnerability in utilities/usermessages.asp in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6595 (Multiple SQL injection vulnerabilities in ScriptMate User Manager 2.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6596 (HyperAccess 8.4 allows user-assisted remote attackers to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6597 (Argument injection vulnerability in HyperAccess 8.4 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6598 (Directory traversal vulnerability in viewnfo.php in (1) TorrentFlux ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6599 (maketorrent.php in TorrentFlux 2.2 allows remote authenticated users ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6600 (Cross-site scripting (XSS) vulnerability in dir.php in TorrentFlux ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6601 (Windows Media Player 10.00.00.4036 in Microsoft Windows XP SP2 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6602 (explorer.exe in Windows Explorer 6.00.2900.2180 in Microsoft Windows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6603 (Buffer overflow in the YMMAPI.YMailAttach ActiveX control (ymmapi.dll) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6604 (Directory traversal vulnerability in downloaddetails.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6605 (Stack-based buffer overflow in the POP service in MailEnable Standard ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6606 (Multiple SQL injection vulnerabilities in Clarens jclarens before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6607 (The Java Key Store (JKS) for WebSphere Application Server (WAS) for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6608 (Unspecified vulnerability in SSH key based authentication in HP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6609 (Nexuiz before 2.2.1 allows remote attackers to cause a denial of ...) BUG: 166044 CVE-2006-6610 (clientcommands in Nexuiz before 2.2.1 has unknown impact and remote ...) BUG: 166044 CVE-2006-6611 (PHP remote file inclusion vulnerability in interface.php in Barman ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6612 (PHP remote file inclusion vulnerability in basic.inc.php in PhpMyCms ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6613 (Directory traversal vulnerability in language.php in phpAlbum 0.4.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6614 (The save_log_local function in Fully Automatic Installation (FAI) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6615 (PHP remote file inclusion vulnerability in includes/act_constants.php ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6616 (index.php in w00t Gallery 1.4.0 allows remote authenticated users with ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6617 (projectserver/logon/pdsrequest.asp in Microsoft Project Server 2003 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6618 (AntiHook 3.0.0.23 - Desktop relies on the Process Environment Block ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6619 (AVG Anti-Virus plus Firewall 7.5.431 relies on the Process Environment ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6620 (Comodo Personal Firewall 2.3.6.81 relies on the Process Environment ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6621 (Filseclab Personal Firewall 3.0.0.8686 relies on the Process ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6622 (Soft4Ever Look 'n' Stop (LnS) 2.05p2 before 20061215 relies on the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6623 (Sygate Personal Firewall 5.6.2808 relies on the Process Environment ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6624 (The FTP Server in Sambar Server 6.4 allows remote authenticated users ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6625 (Cross-site scripting (XSS) vulnerability in mod/forum/discuss.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6626 (Cross-site scripting (XSS) vulnerability in an unspecified component ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6627 (Integer overflow in the packed PE file parsing implementation in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6628 (Integer overflow in OpenOffice.org (OOo) 2.1 allows user-assisted ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6629 (lib/WeBWorK/PG/Translator.pm in WeBWorK Program Generation (PG) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6630 (PHP remote file inclusion vulnerability in ListRecords.php in osprey ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6631 (PHP remote file inclusion vulnerability in lib/xml/oai/GetRecord.php ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6632 (PHP remote file inclusion vulnerability in genepi.php in Genepi 1.6 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6633 (PHP remote file inclusion vulnerability in include/yapbb_session.php ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6634 (Multiple PHP remote file inclusion vulnerabilities in the ExtCalThai ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6635 (PHP remote file inclusion vulnerability in includes/functions.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6636 (Unspecified vulnerability in the Utility Classes for IBM WebSphere ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6637 (The Servlet Engine and Web Container in IBM WebSphere Application ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6638 (IBM DB2 8.1 before FixPak 14 allows remote attackers to cause a denial ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6639 (Multiple unspecified vulnerabilities in chetcpasswd 2.4.1 allow local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6640 (Multiple cross-site scripting (XSS) vulnerabilities in Omniture ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6641 (Unspecified vulnerability in CA CleverPath Portal before maintenance ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6642 (SQL injection vulnerability in haber.asp in Contra Haber Sistemi 1.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6643 (Fightersoft Multimedia Star FTP server 1.10 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6644 (PHP remote file inclusion vulnerability in pages/meeting_constants.php ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6645 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6646 (Multiple cross-site scripting (XSS) vulnerabilities in Drupal (1) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6647 (Cross-site scripting (XSS) vulnerability in the MySite 4.7.x before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6648 (PHP remote file inclusion vulnerability in main.inc.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6649 (Cross-site scripting (XSS) vulnerability in display.php in HyperVM 1.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6650 (PHP remote file inclusion vulnerability in charts_constants.php in the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6651 (Race condition in W29N51.SYS in the Intel 2200BG wireless driver ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6652 (Buffer overflow in the glob implementation (glob.c) in libc in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6653 (The accept function in NetBSD-current before 20061023, NetBSD 3.0 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6654 (The sendmsg function in NetBSD-current before 20061023, NetBSD 3.0 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6655 (The procfs implementation in NetBSD-current before 20061023, NetBSD ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6656 (Unspecified vulnerability in ptrace in NetBSD-current before 20061027, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6657 (The if_clone_list function in NetBSD-current before 20061027, NetBSD ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6658 (Inktomi Search 4.1.4 allows remote attackers to obtain sensitive ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6659 (The Microsoft Office Outlook Recipient ActiveX control (ole32.dll) in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6660 (The nodeType function in KDE libkhtml 4.2.0 and earlier, as used by ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6661 (Variable overwrite vulnerability in blog.php in PHP-Update 2.7 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6662 (Unspecified vulnerability in Linux User Management (novell-lum) on ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6663 (The server component in Marathon Aleph One before 0.17.1 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6664 (Format string vulnerability in Marathon Aleph One before 0.17.1 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6665 (Buffer overflow in Astonsoft DeepBurner Pro and Free 1.8.0 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6666 (PHP remote file inclusion vulnerability in index.php in VerliAdmin 0.3 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6667 (Multiple SQL injection vulnerabilities in VerliAdmin 0.3 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6668 (Cross-site scripting (XSS) vulnerability in VerliAdmin 0.3 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6669 (Cross-site scripting (XSS) vulnerability in export_handler.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6670 (Unspecified vulnerability in Nortel CallPilot 4.x Server has unknown ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6671 (SQL injection vulnerability in down.asp in Burak Yylmaz Download ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6672 (Multiple SQL injection vulnerabilities in Burak Yylmaz Download Portal ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6673 (WinFtp Server 2.0.2 allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6674 (Ozeki HTTP-SMS Gateway 1.0, and possibly earlier, stores usernames and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6675 (Cross-site scripting (XSS) vulnerability in Novell NetWare 6.5 Support ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6676 (Integer overflow in the (a) OLE2 and (b) CHM parsers for ESET NOD32 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6677 (ESET NOD32 Antivirus before 1.1743 allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6678 (The edit_textarea function in form-file.c in Netrik 1.15.4 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6679 (Pedro Lineu Orso chetcpasswd before 2.4 relies on the X-Forwarded-For ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6680 (Pedro Lineu Orso chetcpasswd before 2.3.1 does not document the need ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6681 (Pedro Lineu Orso chetcpasswd 2.3.3 does not have a rate limit for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6682 (Pedro Lineu Orso chetcpasswd 2.3.3 provides a different error message ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6683 (Pedro Lineu Orso chetcpasswd 2.4.1 and earlier verifies and updates ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6684 (Heap-based buffer overflow in Pedro Lineu Orso chetcpasswd before 2.4 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6685 (Heap-based buffer overflow in Pedro Lineu Orso chetcpasswd 2.3.3 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6686 (PHP remote file inclusion vulnerability in sender.php in Carsen Klock ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6687 (Cross-site scripting (XSS) vulnerability in Web Automated Perl Portal ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6688 (Web Automated Perl Portal (WebAPP) 0.9.9.4, and 0.9.9.3.4 Network ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6689 (Multiple PHP remote file inclusion vulnerabilities in Paristemi 0.8.3 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6690 (rtehtmlarea/pi1/class.tx_rtehtmlarea_pi1.php in Typo3 4.0.0 through ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6691 (Multiple PHP remote file inclusion vulnerabilities in Valdersoft ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6692 (Multiple format string vulnerabilities in zabbix before 20061006 allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6693 (Multiple buffer overflows in zabbix before 20061006 allow attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6694 (Directory traversal vulnerability in include/config.php in E-Uploader ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6695 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6696 (Double free vulnerability in Microsoft Windows 2000, XP, 2003, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6697 (CRLF injection vulnerability in webapp/jsp/calendar.jsp in Oracle ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6698 (The GConf daemon (gconfd) in GConf 2.14.0 creates temporary files ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6699 (Multiple CRLF injection vulnerabilities in Oracle Portal 9.0.2 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6700 (Cross-site scripting (XSS) vulnerability in @Mail WebMail allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6701 (Cross-site request forgery (CSRF) vulnerability in util.pl in @Mail ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6702 (Cross-site scripting (XSS) vulnerability in Global.pm in @Mail before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6703 (Multiple cross-site scripting (XSS) vulnerabilities in Oracle Portal ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6704 (Cross-site scripting (XSS) vulnerability in the Webadmin in @Mail ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6705 (Multiple unspecified vulnerabilities in the template files in Soumu ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6706 (SQL injection vulnerability in Soumu Workflow for Groupmax 01-00 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6707 (Stack-based buffer overflow in the NeoTraceExplorer.NeoTraceLoader ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6708 (Cross-site scripting (XSS) vulnerability in listings.asp in MGinternet ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6709 (Multiple SQL injection vulnerabilities in MGinternet Property Site ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6710 (Multiple PHP remote file inclusion vulnerabilities in PgmReloaded ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6711 (PHP remote file inclusion vulnerability in compteur/mapage.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6712 (Cross-site scripting (XSS) vulnerability in SugarCRM Open Source ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6713 (Buffer overflow in Hitachi Directory Server 2 P-2444-A124 before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6714 (Multiple memory leaks in Hitachi Directory Server 2 P-2444-A124 before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6715 (PHP remote file inclusion vulnerability in footer.inc.php in PowerClan ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6716 (SQL injection vulnerability in administration/administre2.php in Eric ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6717 (The Allied Telesis AT-9000/24 Ethernet switch accepts management ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6718 (The Allied Telesis AT-9000/24 Ethernet switch has a default password ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6719 (The ftp_syst function in ftp-basic.c in Free Software Foundation (FSF) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6720 (PHP remote file inclusion vulnerability in admin/index_sitios.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6721 (Multiple cross-site scripting (XSS) vulnerabilities in shout.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6722 (Bandwebsite (aka Bandsite portal system) 1.5 allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6723 (The Workstation service in Microsoft Windows 2000 SP4 and XP SP2 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6724 (BolinTech Dream FTP Server 1.02 allows remote authenticated users, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6725 (Multiple directory traversal vulnerabilities in PHPBuilder 0.0.2 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6726 (PHP remote file inclusion vulnerability in inertianews_main.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6727 (PHP remote file inclusion vulnerability in inertianews_class.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6728 (Unspecified vulnerability in the info request mechanism in LAN ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6729 (Cross-site scripting (XSS) vulnerability in a-blog 1.51 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6730 (OpenBSD and NetBSD permit usermode code to kill the display server and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6731 (Multiple buffer overflows in Sun Java Development Kit (JDK) and Java ...) BUG: 161835 BUG: 159547 BUG: 158659 CVE-2006-6732 (PHP remote file inclusion vulnerability in archive.php in cwmVote 1.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6733 (Cross-site scripting (XSS) vulnerability in support/view.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6734 (Cross-site scripting (XSS) vulnerability in modules/viewcategory.php ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6735 (modules/viewcategory.php in Minh Nguyen Duong Obie Website Mini Web ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6736 (Unspecified vulnerability in Sun Java Development Kit (JDK) and Java ...) BUG: 161835 BUG: 159547 BUG: 158659 CVE-2006-6737 (Unspecified vulnerability in Sun Java Development Kit (JDK) and Java ...) BUG: 161835 BUG: 159547 BUG: 158659 CVE-2006-6738 (PHP remote file inclusion vulnerability in statistic.php in cwmCounter ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6739 (PHP remote file inclusion vulnerability in buycd.php in Paristemi ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6740 (Multiple PHP remote file inclusion vulnerabilities in phpProfiles ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6741 (Cross-site request forgery (CSRF) vulnerability in urlobox in MKPortal ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6742 (Multiple buffer overflows in FTP Print Server 2.4 and 2.4.5 in HP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6743 (phpProfiles before 2.1.1 uses world writable permissions for certain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6744 (phpProfiles before 2.1.1 does not have an index.php or other index ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6745 (Multiple unspecified vulnerabilities in Sun Java Development Kit (JDK) ...) BUG: 161835 BUG: 159547 BUG: 158659 CVE-2006-6746 (Multiple cross-site scripting (XSS) vulnerabilities in Xt-News 0.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6747 (SQL injection vulnerability in show_news.php in Xt-News 0.1 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6748 (PHP remote file inclusion vulnerability in i-accueil.php in Newxooper ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6749 (Buffer overflow in the parse_expression function in parse_config in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6750 (Format string vulnerability in XM Easy Personal FTP Server 5.0.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6751 (Format string vulnerability in XM Easy Personal FTP Server 5.2.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6752 (Buffer overflow in FTPRush 1.0.0.610 might allow attackers to gain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6753 (Event Viewer (eventvwr.exe) in Microsoft Windows does not properly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6754 (Multiple SQL injection vulnerabilities in Ixprim 1.2 allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6755 (Ixprim 1.2 allows remote attackers to obtain sensitive information via ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6756 (The code function in install.fct.php in Ixprim 1.2 produces a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6757 (Directory traversal vulnerability in index.php in cwmExplorer 1.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6758 (Directory traversal vulnerability in Http explorer 1.02 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6759 (A certain ActiveX control in rpau3260.dll in RealNetworks RealPlayer ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6760 (Multiple PHP remote file inclusion vulnerabilities in template.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6761 (Stack-based buffer overflow in the IMAP daemon (IMAPD) in Novell ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6762 (The IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6763 (Multiple PHP remote file inclusion vulnerabilities in the Keep It ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6764 (PHP remote file inclusion vulnerability in authenticate.php in Keep It ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6765 (Multiple PHP file inclusion vulnerabilities in src/admin/pt_upload.php ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6766 (Multiple SQL injection vulnerabilities in cwmExplorer 1.1.0 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6767 (oftpd before 0.3.7 allows remote attackers to cause a denial of ...) BUG: 159178 CVE-2006-6768 (Multiple cross-site scripting (XSS) vulnerabilities in default.asp in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6769 (Multiple cross-site scripting (XSS) vulnerabilities in PHP Live! 3.2.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6770 (Multiple PHP remote file inclusion vulnerabilities in Jinzora Media ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6771 (Multiple PHP remote file inclusion vulnerabilities in Irokez CMS 0.7.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6772 (Format string vulnerability in the inputAnswer function in file.c in ...) BUG: 159145 CVE-2006-6773 (pages/register/register.php in Fishyshoop 0.930 beta allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6774 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6775 (acFTP 1.5 allows remote authenticated users to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6776 (Multiple SQL injection vulnerabilities in Future Internet allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6777 (Cross-site scripting (XSS) vulnerability in index.cfm in Future ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6778 (Cross-site scripting (XSS) vulnerability in shownews.php in TimberWolf ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6779 (Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6780 (SQL injection vulnerability in the login form in HLstats 1.20 through ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6781 (HLstats 1.20 through 1.34 allows remote attackers to obtain sensitive ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6782 (Cross-site scripting (XSS) vulnerability in pnamazu 2006.02.28 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6783 (logahead UNU 1.0 before 20061226 allows remote attackers to upload ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6784 (SQL injection vulnerability in Netbula Anyboard allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6785 (The (1) settings.php and (2) subscribers.php scripts in Open ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6786 (Open Newsletter 2.5 and earlier allows remote authenticated ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6787 (SQL injection vulnerability in admin/admin_mail_adressee.asp in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6788 (Multiple PHP remote file inclusion vulnerabilities in LuckyBot 3 allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6789 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6790 (Direct static code injection vulnerability in chat/login.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6791 (SQL injection vulnerability in SelGruFra.asp in chatwm 1.0 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6792 (SQL injection vulnerability in calendar_detail.asp in Calendar MX ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6793 (PHP remote file inclusion vulnerability in ataturk.php in Okul Merkezi ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6794 (SQL injection vulnerability in default.asp in Efkan Forum 1.0 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6795 (PHP remote file inclusion vulnerability in gallery/displayCategory.php ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6796 (PHP remote file inclusion vulnerability in admin/admin_settings.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6797 (The Client Server Run-Time Subsystem (CSRSS) in Microsoft Windows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6798 RESERVED CVE-2006-6799 (SQL injection vulnerability in Cacti 0.8.6i and earlier, when ...) BUG: 159278 CVE-2006-6800 (PHP remote file inclusion in eventcal/mod_eventcal.php in the event ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6801 (PHP remote file inclusion vulnerability in misc.php in SH-News 0.93, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6802 (SQL injection vulnerability in actualpic.asp in Enthrallweb ePages ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6803 (SQL injection vulnerability in Types.asp in Enthrallweb eCars 1.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6804 (SQL injection vulnerability in bus_details.asp in Dragon Business ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6805 (SQL injection vulnerability in newsdetail.asp in Enthrallweb eJobs ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6806 (SQL injection vulnerability in newsdetail.asp in Enthrallweb eMates ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6807 (SQL injection vulnerability in list.asp in Softwebs Nepal (aka Ananda ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6808 (Cross-site scripting (XSS) vulnerability in wp-admin/templates.php in ...) BUG: 159229 CVE-2006-6809 (Multiple PHP remote file inclusion vulnerabilities in process.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6810 (Unspecified vulnerability in the clear_user_list function in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6811 (KsIRC 1.3.12 allows remote attackers to cause a denial of service ...) BUG: 159658 CVE-2006-6812 (Multiple PHP remote file inclusion vulnerabilities in myPHPCalendar ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6813 (SQL injection vulnerability in detail.asp in Mxmania File Upload ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6814 (Directory traversal vulnerability in FolderManager/FolderManager.aspx ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6815 (Multiple cross-site scripting (XSS) vulnerabilities in DMXReady Secure ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6816 (Multiple SQL injection vulnerabilities in DMXReady Secure Login ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6817 (AlstraSoft Web Host Directory allows remote attackers to obtain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6818 (AlstraSoft Web Host Directory allows remote attackers to bypass ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6819 (AlstraSoft Web Host Directory stores sensitive information under the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6820 (myprofile.asp in Enthrallweb eCoupons does not properly validate the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6821 (myprofile.asp in Enthrallweb eNews does not properly validate the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6822 (myprofile.asp in Enthrallweb eClassifieds does not properly validate ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6823 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6824 (Multiple cross-site scripting (XSS) vulnerabilities in Jim Hu and Chad ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6825 (Calendar MX BASIC 1.0.2 and earlier store sensitive information under ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6826 (Unspecified vulnerability in the tab editor for Personal .NET Portal ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6827 (Flash8b.ocx in Macromedia Flash 8 allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6828 (Multiple SQL injection vulnerabilities in Efkan Forum 1.0 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6829 (Efkan Forum 1.0 and earlier store sensitive information under the web ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6830 (PHP remote file inclusion vulnerability in b2verifauth.php in b2 Blog ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6831 (SQL injection vulnerability in faqDsp.asp in aFAQ 1.0 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6832 (Cross-site scripting (XSS) vulnerability in Joomla! before 1.0.12 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6833 (com_categories in Joomla! before 1.0.12 does not validate input, which ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6834 (Multiple unspecified vulnerabilities in Joomla! before 1.0.12 have ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6835 (SQL injection vulnerability in Journal.inc.php in Neocrome Land Down ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6836 (Multiple unspecified vulnerabilities in osp-cert in IBM OS/400 V5R3M0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6837 (Multiple stack-based buffer overflows in the (1) LoadTree, (2) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6838 (Rediff Bol Downloader ActiveX (OCX) control allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6839 (Unspecified vulnerability in phpBB before 2.0.22 has unknown impact ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6840 (Unspecified vulnerability in phpBB before 2.0.22 has unknown impact ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6841 (Certain forms in phpBB before 2.0.22 lack session checks, which has ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6842 (SQL injection vulnerability in admin/admin_acronyms.php in the Acronym ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6843 (PHP remote file inclusion vulnerability in the BE IT EasyPartner 0.0.9 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6844 (Cross-site scripting (XSS) vulnerability in the optional user comment ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6845 (Cross-site scripting (XSS) vulnerability in index.php in CMS Made ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6846 (Multiple SQL injection vulnerabilities in While You Were Out (WYWO) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6847 (An ActiveX control in ierpplug.dll for RealNetworks RealPlayer 10.5 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6848 (SQL injection vulnerability in admin.asp in ASPTicker 1.0 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6849 (administration/index.php in Cahier de texte (CDT) 2.2 does not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6850 (PHP remote file inclusion vulnerability in include.php in the Roster ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6851 (Multiple cross-site scripting (XSS) vulnerabilities in contact_us.php ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6852 (Eval injection vulnerability in tDiary 2.0.3 and 2.1.4.200 61127 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6853 (Buffer overflow in Durian Web Application Server 3.02 freeware on ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6854 (The qcamvc_video_init function in qcamvc.c in De Marchi Daniele ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6855 (AIDeX Mini-WebServer 1.1 early release 3 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6856 (Direct static code injection vulnerability in WebText CMS 0.4.5.2 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6857 (Cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6858 (Miredo 0.9.8 through 1.0.5 does not properly authenticate a Teredo ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6859 (SQL injection vulnerability in coupon_detail.asp in Website Designs ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6860 (Buffer overflow in the sendToMythTV function in MythControlServer.c in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6861 (Multiple SQL injection vulnerabilities in Outfront Spooky Login 2.7 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6862 (Multiple cross-site scripting (XSS) vulnerabilities in Outfront Spooky ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6863 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6864 (PHP remote file inclusion vulnerability in E2_header.inc.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6865 (Directory traversal vulnerability in SAFileUpSamples/util/viewsrc.asp ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6866 (STphp EasyNews PRO 4.0 stores sensitive information under the web root ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6867 (Multiple PHP remote file inclusion vulnerabilities in Vladimir ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6868 (Multiple cross-site scripting (XSS) vulnerabilities in Zen Cart Web ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6869 (Directory traversal vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6870 (The consume_labels function in avahi-core/dns.c in Avahi before 0.6.16 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6871 (Multiple cross-site scripting (XSS) vulnerabilities in eNdonesia 8.4 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6872 (Directory traversal vulnerability in mod.php in eNdonesia 8.4 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6873 (Multiple SQL injection vulnerabilities in mod.php in eNdonesia 8.4 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6874 (Multiple cross-site scripting (XSS) vulnerabilities in friend.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6875 (Buffer overflow in the validateospheader function in the Open ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6876 (Buffer overflow in the fetchsms function in the SMS handling module ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6877 (Directory traversal vulnerability in index.php in Matteo Lucarelli ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6878 (admin/uploads.php in PHP-Update 2.7 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6879 (Unrestricted file upload vulnerability in admin/uploads.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6880 (Multiple SQL injection vulnerabilities in code/guestadd.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6881 (Buffer overflow in the Get_Wep function in cofvnet.c for ATMEL Linux ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6882 (Cross-site scripting (XSS) vulnerability in golden book allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6883 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6884 (Buffer overflow in the WZFILEVIEW.FileViewCtrl.61 ActiveX control (aka ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6885 (An ActiveX control in SwDir.dll in Macromedia Shockwave 10 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6886 (phpwcms 1.2.5-DEV allows remote attackers to obtain sensitive ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6887 (Unrestricted file upload vulnerability in logahead UNU 1.0 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6888 (P-News 1.16 and 1.17 store sensitive information under the web root ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6889 (FreeStyle Wiki (fswiki) 3.6.2 and earlier stores sensitive information ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6890 (Voodoo chat 1.0RC1b stores sensitive information under the web root ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6891 (Vz (Adp) Forum 2.0.3 stores sensitive information under the web root ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6892 (Cross-site scripting (XSS) vulnerability in the GetLocation function ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6893 (Tor allows remote attackers to discover the IP address of a hidden ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6894 (Multiple unspecified vulnerabilities in SPINE before 1.2 have unknown ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6895 (The Bluetooth stack in the Sony Ericsson T60 does not properly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6896 (The Bluetooth stack in the Plantronic Headset does not properly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6897 (Directory traversal vulnerability in Widcomm Bluetooth for Windows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6898 (Widcomm Bluetooth for Windows (BTW) before 4.0.1.1500 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6899 (hidd in BlueZ (bluez-utils) before 2.25 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6900 (Unspecified vulnerability in the Bluetooth stack in Apple Mac OS 10.4 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6901 (Unspecified vulnerability in the Bluetooth stack in Microsoft Windows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6902 (Unspecified vulnerability in the Bluetooth stack in Microsoft Windows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6903 (Unspecified vulnerability in the Toshiba Bluetooth stack allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6904 (Unspecified vulnerability in the Broadcom Bluetooth stack allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6905 (Unspecified vulnerability in the Widcomm Bluetooth stack allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6906 (Unspecified vulnerability in the Bluetooth stack on Mac OS 10.4.7 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6907 (Unspecified vulnerability in the Bluesoil Bluetooth stack has unknown ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6908 (Buffer overflow in the Bluetooth Stack COM Server in the Widcomm ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6909 (Stack-based buffer overflow in http.c in Karl Dahlke Edbrowse (aka ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6910 (formbankcgi.exe in Fersch Formbankserver 1.9, when the PATH_INFO ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6911 (SQL injection vulnerability in search.asp in Digitizing Quote And ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6912 (SQL injection vulnerability in phpMyFAQ 1.6.7 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6913 (Unspecified vulnerability in phpMyFAQ 1.6.7 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6914 (Unspecified vulnerability in ftpd in IBM AIX 5.2.0 and 5.3.0 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6915 (ftpd in IBM AIX 5.2.0 and 5.3.0 allows remote authenticated users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6916 (Getahead Direct Web Remoting (DWR) before 1.1.3 allows attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6917 (Multiple buffer overflows in Computer Associates (CA) BrightStor ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6918 (Unspecified vulnerability in the Admin login for Georgian discussion ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6919 (Firefox Sage extension 1.3.8 and earlier allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6920 (Cross-site scripting (XSS) vulnerability in Nucleus before 3.24 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6921 (Unspecified versions of the Linux kernel allow local users to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6922 (SQL injection vulnerability in Deadlock User Management System ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6923 (SQL injection vulnerability in newsletters/edition.php in bitweaver ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6924 (bitweaver 1.3.1 and earlier allows remote attackers to obtain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6925 (Multiple cross-site scripting (XSS) vulnerabilities in bitweaver 1.3.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6926 (Buffer overflow in eXtremail 2.1 has unknown impact and attack ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6927 (Multiple SQL injection vulnerabilities in Rialto 1.6 allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6928 (Multiple cross-site scripting (XSS) vulnerabilities in Rialto 1.6 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6929 (Multiple cross-site scripting (XSS) vulnerabilities in Rapid ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6930 (SQL injection vulnerability in viewad.asp in Rapid Classified 3.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6931 (Algorithmic complexity vulnerability in Snort before 2.6.1, during ...) BUG: 161632 CVE-2006-6932 (Multiple SQL injection vulnerabilities in Image Gallery with Access ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6933 (Easy Chat Server 2.1 stores sensitive information under the web root ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6934 (Multiple cross-site scripting (XSS) vulnerabilities in Portix-PHP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6935 (SQL injection vulnerability in the login component in Portix-PHP 0.4.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6936 (Cross-site scripting (XSS) vulnerability in Xtreme ASP Photo Gallery ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6937 (SQL injection vulnerability in displaypic.asp in Xtreme ASP Photo ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6938 (Directory traversal vulnerability in includes/common.php in NitroTech ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6939 (GNU ed before 0.3 allows local users to overwrite arbitrary files via ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6940 (Buffer overflow in the ParseHeader function in clsOWA.cls in POP3/SMTP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6941 (index.php in FreeWebshop 2.2.2 and earlier allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6942 (Multiple cross-site scripting (XSS) vulnerabilities in PhpMyAdmin ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6943 (PhpMyAdmin before 2.9.1.1 allows remote attackers to obtain the full ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6944 (phpMyAdmin before 2.9.1.1 allows remote attackers to bypass Allow/Deny ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6945 (SQL injection vulnerability in Virtuemart 1.0.7 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6946 (The web server in the NEC MultiWriter 1700C allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6947 (The FTP server in the NEC MultiWriter 1700C allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6948 (MyODBC Japanese conversion edition 3.51.06, 2.50.29, and 2.50.25 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6949 (Conti FTPServer 1.0 Build 2.8 stores user passwords in cleartext in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6950 (Directory traversal vulnerability in Conti FTPServer 1.0 Build 2.8 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6951 (Cross-site scripting (XSS) vulnerability in blog.php in OdysseusBlog ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6952 (Computer Associates Host Intrusion Prevention System (HIPS) drivers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6953 (The virtual keyboard implementation in GlobeTrotter Mobility Manager ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6954 (Flock beta 1 0.7 allows remote attackers to cause a denial of service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6955 (Opera allows remote attackers to cause a denial of service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6956 (Microsoft Internet Explorer allows remote attackers to cause a denial ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6957 (PHP remote file inclusion vulnerability in addons/mod_media/body.php ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6958 (Multiple PHP remote file inclusion vulnerabilities in phpBlueDragon ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6959 (WebRoot Spy Sweeper 4.5.9 and earlier allows local users to bypass the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6960 (The Compression Sweep feature in WebRoot Spy Sweeper 4.5.9 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6961 (WebRoot Spy Sweeper 4.5.9 and earlier does not detect malware based on ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6962 (PHP remote file inclusion vulnerability in rsgallery2.html.php in the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6963 (Multiple PHP remote file inclusion vulnerabilities in Docebo LMS 3.0.3 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6964 (MailEnable Professional before 1.78 provides a cleartext user password ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6965 (CRLF injection vulnerability in lib/exe/fetch.php in DokuWiki ...) BUG: 163781 CVE-2006-6966 (phpGraphy before 0.9.13a does not properly unset variables when the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6967 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6968 (Cross-site scripting (XSS) vulnerability in the group moderation ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6969 (Jetty before 4.2.27, 5.1 before 5.1.12, 6.0 before 6.0.2, and 6.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6970 (Opera 9.10 Final allows remote attackers to bypass the Fraud ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6971 (Mozilla Firefox 2.0, possibly only when running on Windows, allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6972 (SQL injection in torrents.php in BtitTracker 1.3.2 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6973 (Headstart Solutions DeskPRO does not require authentication for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6974 (Headstart Solutions DeskPRO stores sensitive information under the web ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6975 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6976 (PHP remote file inclusion vulnerability in centipaid_class.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6977 (Cross-site scripting (XSS) vulnerability in the "Basic Toolbar ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6978 (Cross-site scripting (XSS) vulnerability in the "Basic Toolbar ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6979 (The ruby handlers in the Magnatune component in Amarok do not properly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6980 (The magnatune.com album browser in Amarok allows attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6981 (3proxy 0.5 to 0.5.2, when NT-encoded passwords are being used, allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6982 (3proxy 0.5 to 0.5.2 does not offer NTLM authentication before basic ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6983 (Cross-domain vulnerability in MYweb4net Browser 3.8.8.0 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6984 (Cross-domain vulnerability in GreenBrowser 3.4.0622 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6985 (Cross-domain vulnerability in Maxthon 1.5.6 build 42 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6986 (Cross-domain vulnerability in PhaseOut 5.4.4 allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6987 (Cross-domain vulnerability in FineBrowser Freeware 3.2.2 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6988 (Cross-domain vulnerability in Slim Browser 4.07 build 100 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6989 (Cross-domain vulnerability in NetCaptor 4.5.7 Personal Edition allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6990 (Cross-domain vulnerability in Enigma Browser 3.8.8 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6991 (Cross-domain vulnerability in Fast Browser Pro 8.1 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6992 (Cross-domain vulnerability in GoSuRF Browser 2.62 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6993 (Multiple SQL injection vulnerabilities in pages/addcomment2.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6994 (Unrestricted file upload vulnerability in add.asp in OzzyWork Gallery, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6995 (mycontacts.php in V3 Chat allows remote authenticated users to gain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6996 (Multiple cross-site scripting (XSS) vulnerabilities in warforge.NEWS ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6997 (Unspecified vulnerability in a cryptographic feature in MailEnable ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6998 (install/loader_help.php in Headstart Solutions DeskPRO allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-6999 (attachment.php in Headstart Solutions DeskPRO allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7000 (Headstart Solutions DeskPRO allows remote attackers to obtain the full ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7001 (Directory traversal vulnerability in avatar.php in PhpMyChat Plus 1.9 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7002 (Cross-site scripting (XSS) vulnerability in add_comment.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7003 (PHP remote file inclusion vulnerability in admin/index.php in Fusion ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7004 (Cross-site scripting (XSS) vulnerability in email_request.php in PSY ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7005 (SQL injection vulnerability in item.php in PSY Auction allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7006 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7007 (Buffer overflow in Tiny FTPd 1.4 and earlier allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7008 (Unspecified vulnerability in Joomla! before 1.0.10 has unknown impact ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7009 (Joomla! before 1.0.10 allows remote attackers to spoof the frontend ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7010 (The mosgetparam implementation in Joomla! before 1.0.10, does not set ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7011 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7012 (scart.cgi in SCart 2.0 allows remote attackers to execute arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7013 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7014 (admin.php in BloggIT 1.01 and earlier does not properly establish a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7015 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7016 (phpjobboard allows remote attackers to bypass authentication and gain ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7017 (Multiple PHP remote file inclusion vulnerabilities in Indexu 5.0.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7018 (phpwcms 1.2.5-DEV and earlier, and 1.1 before RC4, allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7019 (phpwcms 1.2.5-DEV and earlier, and 1.1 before RC4, allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7020 (CRLF injection vulnerability in (1) include/inc_act/act_formmailer.php ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7021 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7022 (The Tools module in fx-APP 0.0.8.1 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7023 (Multiple cross-site scripting (XSS) vulnerabilities in fx-APP 0.0.8.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7024 (Multiple PHP remote file inclusion vulnerabilities in Harpia CMS 1.0.5 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7025 (SQL injection vulnerability in admin/config.php in Bookmark4U 2.0 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7026 (PHP remote file inclusion vulnerability in sources/join.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7027 (Microsoft Internet Security and Acceleration (ISA) Server 2004 logs ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7028 (Single CPU Sun systems running Solaris 7, 8, or 9, such as Netra, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7029 (Microsoft Internet Explorer 6 SP2 and earlier allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7030 (Microsoft Internet Explorer 6 SP2 and earlier allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7031 (Microsoft Internet Explorer 6.0.2900 SP2 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7032 (PHP remote file inclusion vulnerability in phpbb/getmsg.php in FlashBB ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7033 (Cross-site scripting (XSS) vulnerability in Super Link Exchange Script ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7034 (SQL injection vulnerability in directory.php in Super Link Exchange ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7035 (Directory traversal vulnerability in make_thumbnail.php in Super Link ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7036 (PHP remote file inclusion vulnerability in register.php for Andys Chat ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7037 (Mathcad 12 through 13.1 allows local users to bypass the security ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7038 (Multiple buffer overflows in MERCUR Messaging 2005 before Service Pack ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7039 (The IMAP4 service in MERCUR Messaging 2005 before Service Pack 4 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7040 (Unspecified vulnerability in MERCUR Messaging 2005 before Service Pack ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7041 (The SMTP service in MERCUR Messaging 2005 before Service Pack 4 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7042 (Cross-site scripting (XSS) vulnerability in directory/index.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7043 (Multiple cross-site scripting (XSS) vulnerabilities in Chipmunk ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7044 (PHP remote file inclusion vulnerability in comment.core.inc.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7045 (PHP remote file inclusion vulnerability in Clan Manager Pro (CMPRO) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7046 (PHP remote file inclusion vulnerability in cmpro.intern/login.inc.php ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7047 (include.php in Shoutpro 1.0 might allow remote attackers to bypass IP ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7048 (Multiple PHP remote file inclusion vulnerabilities in Claroline 1.7.5 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7049 (The Method method in WikkaWiki (Wikka Wiki) before 1.1.6.2 calls the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7050 (Cross-site scripting (XSS) vulnerability in WikkaWiki (Wikka Wiki) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7051 (The sys_timer_create function in posix-timers.c for Linux kernel 2.6.x ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7052 (Multiple PHP remote file inclusion vulnerabilities in DotWidget For ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7053 (Unspecified vulnerability in Arkoon FAST360 UTM appliances 3.0 through ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7054 (The DNS module in Arkoon FAST360 UTM appliances 3.0 up to 3.0/29, 3.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7055 (PHP remote file inclusion vulnerability in index.php in TotalCalendar ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7056 (Multiple PHP remote file inclusion vulnerabilities in DreamCost ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7057 (SQL injection vulnerability in search.php in Sphider before 1.3.1c ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7058 (Multiple cross-site scripting (XSS) vulnerabilities in Sphider before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7059 (Multiple cross-site scripting (XSS) vulnerabilities in Scriptsez.net ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7060 (cindex.php in Scriptsez.net E-Dating System allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7061 (Scriptsez.net E-Dating System stores data files with predictable names ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7062 (calendar.php in Kamgaing Email System (kmail) 2.3 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7063 (Directory traversal vulnerability in profile.php in TinyPHPforum 3.6 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7064 (Cross-site scripting (XSS) vulnerability in forum/admin.php for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7065 (Microsoft Internet Explorer allows remote attackers to cause a denial ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7066 (Microsoft Internet Explorer 6 on Windows XP SP2 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7067 (Oracle 10g R2 and possibly other versions allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7068 (PHP remote file inclusion vulnerability in CliServ Web Community 0.65 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7069 (PHP remote file inclusion vulnerability in smarty_config.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7070 (Unrestricted file upload vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7071 (SQL injection vulnerability in classes/class_session.php in Invision ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7072 (Cross-site scripting (XSS) vulnerability in GeoClassifieds Enterprise ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7073 (Cross-site scripting (XSS) vulnerability in Opentools Attachment Mod ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7074 (admin.php in SmartSiteCMS 1.0 allows remote attackers to bypass ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7075 (Buffer overflow in the meta_read_flac function in meta_decoder.c for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7076 (Cross-site scripting (XSS) vulnerability in guestbook.php in Advanced ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7077 (SQL injection vulnerability in guestbook.php in Advanced Guestbook 2.4 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7078 (Multiple cross-site scripting (XSS) vulnerabilities in Professional ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7079 (Variable extraction vulnerability in include/common.php in exV2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7080 (Directory traversal vulnerability in the avatar upload feature in exV2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7081 (Multiple PHP remote file inclusion vulnerabilities in PhpNews 1.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7082 (Rigter Portal System (RPS) 1.0, 2.0, and 3.0 allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7083 (Directory traversal vulnerability in index.php in Rigter Portal System ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7084 REJECTED NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7085 (Rigter Portal System (RPS) 1.0, 2.0, and 3.0 allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7086 (The (1) dlback.php and (2) dlback.cgi scripts in Hot Links allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7087 (CRLF injection vulnerability in the mail function in Dotdeb PHP before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7088 (Multiple SQL injection vulnerabilities in Simple PHP Forum before 0.4 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7089 (SQL injection vulnerability in connexion.php in Ban 0.1 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7090 (PHP remote file inclusion vulnerability in phpbb_security.php in phpBB ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7091 (PHP remote file inclusion vulnerability in config.php in phpht ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7092 (SQL injection vulnerability in includes/mambo.php in Mambo LaiThai ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7093 (Cross-site scripting (XSS) vulnerability in Mambo LaiThai 4.5.4 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7094 (ftpd, as used by Gentoo and Debian Linux, sets the gid to the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7095 (Integer signedness error in the network_receive_packet function in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7096 (Buffer overflow in the network_host_handle_join function in host.c in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7097 (Multiple unspecified vulnerabilities in TaskFreak! before 0.1.4 have ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7098 (The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7099 (Directory traversal vulnerability in index.php in SolarPay allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7100 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7101 (SQL injection vulnerability in admin.php in PHPWind 5.0.1 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7102 (Multiple PHP remote file inclusion vulnerabilities in phpBurningPortal ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7103 (Multiple directory traversal vulnerabilities in EZOnlineGallery 1.3 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7104 (PHP remote file inclusion vulnerability in htmltemplate.php in the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7105 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7106 (PHP remote file inclusion vulnerability in config.inc.php3 in Power ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7107 (PHP remote file inclusion vulnerability in upgrade.php in Coalescent ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7108 (login in util-linux-2.12a skips pam_acct_mgmt and chauth_tok when ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7109 (Unrestricted file upload vulnerability in IMCE before 1.6, a Drupal ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7110 (Directory traversal vulnerability in the delete function in IMCE ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7111 (Unspecified vulnerability in Futomi's CGI Cafe KMail CGI 1.0.3 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7112 (Directory traversal vulnerability in error.php in MD-Pro 1.0.76 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7113 (Unrestricted file upload vulnerability in P-News 2.0 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7114 (P-News 2.0 stores db/user.txt under the web document root with ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7115 (SQL injection vulnerability in PHPKit 1.6.1 RC2 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7116 (SQL injection vulnerability in includes/functions.php in Kubix 0.7 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7117 (Multiple directory traversal vulnerabilities in Kubix 0.7 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7118 (SQL injection vulnerability in index.asp in DMXReady Site Engine ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7119 (PHP remote file inclusion vulnerability in kernel/system/startup.php ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7120 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7121 (The HTTP server in Linksys SPA-921 VoIP Desktop Phone allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7122 (Cross-site scripting (XSS) vulnerability in the IP Address Lookup ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7123 (Multiple SQL injection vulnerabilities in BSQ Sitestats (component for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7124 (PHP remote file inclusion vulnerability in external/rssfeeds.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7125 (Cross-site scripting (XSS) vulnerability in Joomla BSQ Sitestats 1.8.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7126 (SQL injection vulnerability in Joomla BSQ Sitestats 1.8.0 and 2.2.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7127 (Multiple PHP remote file inclusion vulnerabilities in JAF CMS 4.0 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7128 (PHP remote file inclusion vulnerability in forum/forum.php JAF CMS 4.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7129 (ISS BlackICE PC Protection 3.6 cpj and cpu, and possibly earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7130 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7131 (PHP remote file inclusion vulnerability in extras/mt.php in Jinzora ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7132 (Directory traversal vulnerability in pmd-config.php in PHPMyDesk ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7133 (Directory traversal vulnerability in upload/bin/download.php in Upload ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7134 (Unrestricted file upload vulnerability in main_user.php in Upload Tool ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7135 (PHP remote file inclusion vulnerability in lib/functions.inc.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7136 (Multiple PHP remote file inclusion vulnerabilities in PHP Poll Creator ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7137 (Cross-site scripting (XSS) vulnerability in TinyPortal before 0.8.6 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7138 (SQL injection vulnerability in wwv_flow_utilities.gen_popup_list in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7139 (Kmail 1.9.1 on KDE 3.5.2, with "Prefer HTML to Plain Text" enabled, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7140 (The libike library, as used by in.iked, elfsign, and kcfd in Sun ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7141 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7142 (The centralized management feature for Utimaco Safeguard stores ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7143 (Cross-site scripting (XSS) vulnerability in Call Center Software 0.93 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7144 (SQL injection vulnerability in Call Center Software 0.93 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7145 (edit_user.php in Call Center Software 0.93 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7146 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7147 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7148 (PHP remote file inclusion vulnerability in includes/bb_usage_stats.php ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7149 (Multiple cross-site scripting (XSS) vulnerabilities in Mambo 4.6.x ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7150 (Multiple SQL injection vulnerabilities in Mambo 4.6.x allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7151 (Untrusted search path vulnerability in the libtool-ltdl library ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7152 (default.asp in ASP-Nuke Community 1.5 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7153 (PHP remote file inclusion vulnerability in index.php in MiniBB Forum 2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7154 (Iono allows remote attackers to obtain the full server path via ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7155 (Novell BorderManager 3.8 SP4 generates the same ISAKMP cookies for the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7156 (PHP remote file inclusion vulnerability in addon_keywords.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7157 (Buffer overflow in Google Earth v4.0.2091 (beta) allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7158 (Cross-site scripting (XSS) vulnerability in Oracle Application Express ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7159 (Directory traversal vulnerability in include/prune_torrents.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7160 (The Sandbox.sys driver in Outpost Firewall PRO 4.0, and possibly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7161 (SQL injection vulnerability in giris_yap.asp in Hazir Site 2.0 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7162 (PuTTY 0.59 and earlier uses weak file permissions for (1) ppk files ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7163 (DreameeSoft Password Master 1.0 stores the database in an unencrypted ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7164 (SimpleFileServlet in IBM WebSphere Application Server 5.0.1 through ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7165 (IBM WebSphere Application Server (WAS) 5.0 through 5.1.1.0 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7166 (IBM WebSphere Application Server (WAS) 5.1.1.9 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7167 (Unspecified vulnerability in ProRat Server 1.9 Fix2 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7168 (PHP remote file inclusion vulnerability in includes/not_mem.php in the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7169 (PHP remote file inclusion vulnerability in includes/header_simple.php ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7170 (Multiple SQL injection vulnerabilities in Koan Software Mega Mall ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7171 (product_review.php in Koan Software Mega Mall allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7172 (Multiple SQL injection vulnerabilities in php-stats.recphp.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7173 (Direct static code injection vulnerability in admin.php in PHP-Stats ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7174 (PHP remote file inclusion vulnerability in includes/functions.php in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7175 (The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7176 (The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7177 (MadWifi, when Ad-Hoc mode is used, allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7178 (MadWifi before 0.9.3 does not properly handle reception of an AUTH ...) BUG: 173434 CVE-2006-7179 (ieee80211_input.c in MadWifi before 0.9.3 does not properly process ...) BUG: 173434 CVE-2006-7180 (ieee80211_output.c in MadWifi before 0.9.3 sends unencrypted packets ...) BUG: 173434 CVE-2006-7181 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7182 (PHP remote file inclusion vulnerability in noticias.php in MNews 2.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7183 (PHP remote file inclusion vulnerability in styles.php in Exhibit ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7184 (Multiple PHP remote file inclusion vulnerabilities in Exhibit Engine ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7185 (PHP remote file inclusion vulnerability in includes/user_standard.php ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7186 (cgi-lib/subs.pl in web-app.net WebAPP before 0.9.9.3.5 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7187 (Cross-site scripting (XSS) vulnerability in the show_recent_searches ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7188 (The search function in cgi-lib/user-lib/search.pl in web-app.net ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7189 (Cross-site scripting (XSS) vulnerability in cgi-bin/admin/logs.cgi in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7190 (Cross-site scripting (XSS) vulnerability in cgi-bin/user-lib/topics.pl ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7191 (Untrusted search path vulnerability in lamdaemon.pl in LDAP Account ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7192 (Microsoft ASP .NET Framework 2.0.50727.42 does not properly handle ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7193 (** DISPUTED ** ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7194 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7195 (Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7196 (Cross-site scripting (XSS) vulnerability in the calendar application ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7197 (The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7198 (Unspecified vulnerability in IBM WebSphere Application Server (WAS) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7199 (EMC RSA Security SiteKey allows remote attackers to display the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7200 (EMC RSA Security SiteKey issues challenge-bypass tokens that persist ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7201 (EMC RSA Security SiteKey does not set the secure qualifier on the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7202 (The dofreePDF function in includes/pdf.php in Mambo 4.6.1 does not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7203 (The compat_sys_mount function in fs/compat.c in Linux kernel 2.6.20 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7204 (The imap_body function in PHP before 4.4.4 does not implement safemode ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7205 (The array_fill function in ext/standard/array.c in PHP 4.4.2 and 5.1.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7206 (Microsoft Internet Explorer 6 on Windows XP SP2 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7207 (Buffer overflow in ageet AGEphone before 1.4.0 might allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7208 (PHP remote file inclusion vulnerability in download.php in the Adam ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7209 (Multiple cross-site scripting (XSS) vulnerabilities in phpTrafficA ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7210 (Microsoft Windows 2000, XP, and Server 2003 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7211 (fb_lock_mgr in Firebird 1.5 uses weak permissions (0666) for the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7212 (Multiple buffer overflows in Firebird 1.5, one of which affects WNET, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7213 (Firebird 1.5 allows remote authenticated users without SYSDBA and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7214 (Multiple unspecified vulnerabilities in Firebird 1.5 allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7215 (The Intel Core 2 Extreme processor X6800 and Core 2 Duo desktop ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7216 (Apache Derby before 10.2.1.6 does not determine privilege requirements ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7217 (Apache Derby before 10.2.1.6 does not determine schema privilege ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7218 (eZ publish before 3.8.1 does not properly enforce permissions for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7219 (eZ publish before 3.8.5 does not properly enforce permissions for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7220 (Unspecified vulnerability in SAP SAPLPD and SAPSPRINT allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7221 (Multiple off-by-one errors in fsplib.c in fsplib before 0.8 allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7222 (Buffer overflow in the CFLICStream::_deltachunk function in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7223 (PreviewAction in XWiki 0.9.543 through 0.9.1252 does not set the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7224 REJECTED CVE-2006-7225 (Perl-Compatible Regular Expression (PCRE) library before 6.7 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7226 (Perl-Compatible Regular Expression (PCRE) library before 6.7 does not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2006-7227 (Integer overflow in Perl-Compatible Regular Expression (PCRE) library ...) BUG: 198198 CVE-2006-7228 (Integer overflow in Perl-Compatible Regular Expression (PCRE) library ...) BUG: 198373 BUG: 198198 CVE-2006-7229 (The skge driver 1.5 in Linux kernel 2.6.15 on Ubuntu does not properly ...) NOTE: Fixed in a later Kernel version than 2.6.15. CVE-2006-7230 (Perl-Compatible Regular Expression (PCRE) library before 7.0 does not ...) BUG: 198198 CVE-2006-7231 (SQL injection vulnerability in display.asp in Civica Software Civica ...) NOT-FOR-US: Civica Software Civica CVE-2006-7232 (sql_select.cc in MySQL 5.0.x before 5.0.32 and 5.1.x before 5.1.14 ...) NOT-FOR-US: this version is already obselete CVE-2006-7233 (Cross-site scripting (XSS) vulnerability in the login form (login.jsp) ...) BUG: 229515 CVE-2006-7234 (Untrusted search path vulnerability in Lynx before 2.8.6rel.4 allows ...) BUG: 245011 CVE-2006-7235 (Teamtek Universal FTP Server 1.0.50 allows remote attackers to cause a ...) NOT-FOR-US: 5e5 teamtek_universal_ftp_server CVE-2006-7236 (The default configuration of xterm on Debian GNU/Linux sid and ...) NOT-FOR-US: /etc/X11/app-defaults/XTerm:*allowWindowOps: false CVE-2006-7237 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: ixprim cms ixprim CVE-2006-7238 (Cross-site scripting (XSS) vulnerability in MyShoutPro before 1.2 ...) NOT-FOR-US: MyShoutPro CVE-2006-7239 (The _gnutls_x509_oid2mac_algorithm function in lib/gnutls_algorithms.c ...) NOT-FOR-US: Obsolete CVE-2006-7240 (gnome-power-manager 2.14.0 does not properly implement the ...) TODO: check CVE-2006-7241 (The Image Viewer component in IBM FileNet P8 Application Engine (P8AE) ...) NOT-FOR-US: ibm filenet_p8_application_engine CVE-2006-7242 (The Workplace (aka WP) component in IBM FileNet P8 Application Engine ...) NOT-FOR-US: ibm filenet_p8_application_engine CVE-2007-0001 (The file watch implementation in the audit subsystem (auditctl -w) in ...) TODO: check-old CVE-2007-0002 (Multiple heap-based buffer overflows in WordPerfect Document ...) BUG: 170828 BUG: 169675 CVE-2007-0003 (pam_unix.so in Linux-PAM 0.99.7.0 allows context-dependent attackers ...) TODO: check-old CVE-2007-0004 (The NFS client implementation in the kernel in Red Hat Enterprise ...) TODO: check-old CVE-2007-0005 (Multiple buffer overflows in the (1) read and (2) write handlers in ...) TODO: check-old CVE-2007-0006 (The key serial number collision avoidance code in the key_alloc_serial ...) TODO: check-old CVE-2007-0007 (gnucash 2.0.4 and earlier allows local users to overwrite arbitrary ...) TODO: check-old CVE-2007-0008 (Integer underflow in the SSLv2 support in Mozilla Network Security ...) BUG: 165555 CVE-2007-0009 (Stack-based buffer overflow in the SSLv2 support in Mozilla Network ...) BUG: 165555 CVE-2007-0010 (The GdkPixbufLoader function in GIMP ToolKit (GTK+) in GTK 2 (gtk2) ...) TODO: check-old CVE-2007-0011 (The web portal interface in Citrix Access Gateway (aka Citrix Advanced ...) NOT-FOR-US: citrix CVE-2007-0012 (Sun JRE 5.0 before update 14 allows remote attackers to cause a denial ...) NOTE: Looks like windows only, browser DoS not an issue CVE-2007-0013 RESERVED CVE-2007-0014 (ChainKey Java Code Protection allows attackers to decompile Java class ...) TODO: check-old CVE-2007-0015 (Buffer overflow in Apple QuickTime 7.1.3 allows remote attackers to ...) TODO: check-old CVE-2007-0016 (Stack-based buffer overflow in MoviePlay 4.76 allows remote attackers ...) TODO: check-old CVE-2007-0017 (Multiple format string vulnerabilities in (1) the cdio_log_handler ...) BUG: 159845 CVE-2007-0018 (Stack-based buffer overflow in the NCTAudioFile2.AudioFile ActiveX ...) TODO: check-old CVE-2007-0019 (Multiple heap-based buffer overflows in rumpusd in Rumpus 5.1 and ...) TODO: check-old CVE-2007-0020 (Heap-based buffer overflow in the SFTP protocol handler for Panic ...) TODO: check-old CVE-2007-0021 (Format string vulnerability in Apple iChat 3.1.6 allows remote ...) TODO: check-old CVE-2007-0022 (Untrusted search path vulnerability in writeconfig in Apple Mac OS X ...) TODO: check-old CVE-2007-0023 (The CFUserNotificationSendRequest function in ...) TODO: check-old CVE-2007-0024 (Integer overflow in the Vector Markup Language (VML) implementation ...) TODO: check-old CVE-2007-0025 (The MFC component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 ...) TODO: check-old CVE-2007-0026 (The OLE Dialog component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 ...) TODO: check-old CVE-2007-0027 (Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac ...) TODO: check-old CVE-2007-0028 (Microsoft Excel 2000, 2002, 2003, Viewer 2003, Office 2004 for Mac, ...) TODO: check-old CVE-2007-0029 (Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac ...) TODO: check-old CVE-2007-0030 (Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X ...) TODO: check-old CVE-2007-0031 (Heap-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, ...) TODO: check-old CVE-2007-0032 RESERVED CVE-2007-0033 (Microsoft Outlook 2002 and 2003 allows user-assisted remote attackers to ...) TODO: check-old CVE-2007-0034 (Buffer overflow in the Advanced Search (Finder.exe) feature of ...) TODO: check-old CVE-2007-0035 (Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, ...) TODO: check-old CVE-2007-0036 RESERVED CVE-2007-0037 RESERVED CVE-2007-0038 (Stack-based buffer overflow in the animated cursor code in Microsoft ...) TODO: check-old CVE-2007-0039 (The Exchange Collaboration Data Objects (EXCDO) functionality in ...) TODO: check-old CVE-2007-0040 (The LDAP service in Windows Active Directory in Microsoft Windows 2000 ...) TODO: check-old CVE-2007-0041 (The PE Loader service in Microsoft .NET Framework 1.0, 1.1, and 2.0 ...) TODO: check-old CVE-2007-0042 (Interpretation conflict in ASP.NET in Microsoft .NET Framework 1.0, ...) TODO: check-old CVE-2007-0043 (The Just In Time (JIT) Compiler service in Microsoft .NET Framework ...) TODO: check-old CVE-2007-0044 (Adobe Acrobat Reader Plugin before 8.0.0 for the Firefox, Internet ...) BUG: 159874 CVE-2007-0045 (Multiple cross-site scripting (XSS) vulnerabilities in Adobe Acrobat ...) BUG: 159874 CVE-2007-0046 (Double free vulnerability in the Adobe Acrobat Reader Plugin before ...) BUG: 159874 CVE-2007-0047 (CRLF injection vulnerability in Adobe Acrobat Reader Plugin before ...) TODO: check-old CVE-2007-0048 (Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin ...) BUG: 159874 CVE-2007-0049 (Geckovich TaskTracker Pro 1.5 and earlier allows remote attackers to ...) TODO: check-old CVE-2007-0050 (** DISPUTED ** ...) TODO: check-old CVE-2007-0051 (Format string vulnerability in Apple iPhoto 6.0.5 (316), and other ...) TODO: check-old CVE-2007-0052 (SQL injection vulnerability in haberdetay.asp in Vizayn Haber allows ...) TODO: check-old CVE-2007-0053 (SQL injection vulnerability in detail.asp in ASP SiteWare autoDealer ...) TODO: check-old CVE-2007-0054 (Cross-site scripting (XSS) vulnerability in gbrowse.php in Belchior ...) TODO: check-old CVE-2007-0055 (Directory traversal vulnerability in formbankcgi.exe/AbfrageForm in ...) TODO: check-old CVE-2007-0056 (Multiple cross-site scripting (XSS) vulnerabilities in AShop Deluxe ...) TODO: check-old CVE-2007-0057 (Cisco Clean Access (CCA) 3.6.x through 3.6.4.2 and 4.0.x through ...) TODO: check-old CVE-2007-0058 (Cisco Clean Access (CCA) 3.5.x through 3.5.9 and 3.6.x through 3.6.1.1 ...) TODO: check-old CVE-2007-0059 (Cross-zone scripting vulnerability in Apple Quicktime 3 to 7.1.3 ...) TODO: check-old CVE-2007-0060 (Stack-based buffer overflow in the Message Queuing Server (Cam.exe) in ...) TODO: check-old CVE-2007-0061 (The DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and ...) BUG: 193196 CVE-2007-0062 (Integer overflow in the ISC dhcpd 3.0.x before 3.0.7 and 3.1.x before ...) BUG: 193196 CVE-2007-0063 (Integer underflow in the DHCP server in EMC VMware Workstation before ...) BUG: 193196 CVE-2007-0064 (Heap-based buffer overflow in Windows Media Format Runtime 7.1, 9, ...) NOT-FOR-US: Windows Media Format Runtime CVE-2007-0065 (Heap-based buffer overflow in Object Linking and Embedding (OLE) ...) NOT-FOR-US: Microsoft Visual Basic CVE-2007-0066 (The kernel in Microsoft Windows 2000 SP4, XP SP2, and Server 2003, ...) NOT-FOR-US: WindoZe CVE-2007-0067 (Unspecified vulnerability in the Lotus Domino Web Server 6.0, 6.5.x ...) TODO: check-old CVE-2007-0068 (IBM Lotus Domino 7.0.x before 7.0.3 does not revalidate the signature ...) TODO: check-old CVE-2007-0069 (Unspecified vulnerability in the kernel in Microsoft Windows XP SP2, ...) NOT-FOR-US: WindoZe CVE-2007-0070 RESERVED CVE-2007-0071 (Integer overflow in Adobe Flash Player 9.0.115.0 and earlier, and ...) BUG: 204344 CVE-2007-0072 (Heap-based buffer overflow in an unspecified procedure in Trend Micro ...) NOT-FOR-US: an unspecified procedure in Trend Micro ServerProtect CVE-2007-0073 (Heap-based buffer overflow in an unspecified procedure in Trend Micro ...) NOT-FOR-US: an unspecified procedure in Trend Micro ServerProtect CVE-2007-0074 (Heap-based buffer overflow in an unspecified procedure in Trend Micro ...) NOT-FOR-US: an unspecified procedure in Trend Micro ServerProtect CVE-2007-0075 (AspBB stores sensitive information under the web root with ...) TODO: check-old CVE-2007-0076 (Openforum stores sensitive information under the web root with ...) TODO: check-old CVE-2007-0077 (lblog stores sensitive information under the web root with ...) TODO: check-old CVE-2007-0078 (BattleBlog stores sensitive information under the web root with ...) TODO: check-old CVE-2007-0079 (rblog stores sensitive information under the web root with ...) TODO: check-old CVE-2007-0080 (** DISPUTED ** ...) TODO: check-old CVE-2007-0081 (Sunbelt Kerio Personal Firewall (SKPF) 4.3.268 and 4.3.246, and ...) TODO: check-old CVE-2007-0082 (users_adm/start1.php in IMGallery 2.5 and earlier does not properly ...) TODO: check-old CVE-2007-0083 (Cross-site scripting (XSS) vulnerability in Nuked Klan 1.7 and earlier ...) TODO: check-old CVE-2007-0084 (** DISPUTED ** ...) TODO: check-old CVE-2007-0085 (Unspecified vulnerability in sys/dev/pci/vga_pci.c in the VGA graphics ...) TODO: check-old CVE-2007-0086 (** DISPUTED ** ...) TODO: check-old CVE-2007-0087 (** DISPUTED ** ...) TODO: check-old CVE-2007-0088 (Multiple directory traversal vulnerabilities in openmedia allow remote ...) TODO: check-old CVE-2007-0089 (jgbbs stores sensitive information under the web root with ...) TODO: check-old CVE-2007-0090 (WineGlass stores sensitive information under the web root with ...) TODO: check-old CVE-2007-0091 (newsCMSlite stores sensitive information under the web root with ...) TODO: check-old CVE-2007-0092 (SQL injection vulnerability in productdetail.asp in E-SMARTCART 1.0 ...) TODO: check-old CVE-2007-0093 (SQL injection vulnerability in page.php in Simple Web Content ...) TODO: check-old CVE-2007-0094 (Sven Moderow GuestBook 0.3a stores sensitive information under the web ...) TODO: check-old CVE-2007-0095 (phpMyAdmin 2.9.1.1 allows remote attackers to obtain sensitive ...) TODO: check-old CVE-2007-0096 (CarbonCommunities stores sensitive information under the web root with ...) TODO: check-old CVE-2007-0097 (Multiple stack-based buffer overflows in the (1) LoadTree and (2) ...) TODO: check-old CVE-2007-0098 (Directory traversal vulnerability in language.php in VerliAdmin 0.3 ...) TODO: check-old CVE-2007-0099 (Race condition in the msxml3 module in Microsoft XML Core Services ...) TODO: check-old CVE-2007-0100 (The Perforce client does not restrict the set of files that it ...) TODO: check-old CVE-2007-0101 (Cross-site request forgery (CSRF) vulnerability in SPINE allows remote ...) TODO: check-old CVE-2007-0102 (The Adobe PDF specification 1.3, as implemented by Apple Mac OS X ...) TODO: check-old CVE-2007-0103 (The Adobe PDF specification 1.3, as implemented by Adobe Acrobat ...) TODO: check-old CVE-2007-0104 (The Adobe PDF specification 1.3, as implemented by (a) xpdf 3.0.1 ...) TODO: check-old CVE-2007-0105 (Stack-based buffer overflow in the CSAdmin service in Cisco Secure ...) TODO: check-old CVE-2007-0106 (Cross-site scripting (XSS) vulnerability in the CSRF protection scheme ...) TODO: check-old CVE-2007-0107 (WordPress before 2.0.6, when mbstring is enabled for PHP, decodes ...) BUG: 159229 CVE-2007-0108 (nwgina.dll in Novell Client 4.91 SP3 for Windows 2000/XP/2003 does not ...) TODO: check-old CVE-2007-0109 (wp-login.php in WordPress 2.0.5 and earlier displays different error ...) BUG: 159229 CVE-2007-0110 (Cross-site scripting (XSS) vulnerability in nidp/idff/sso in Novell ...) TODO: check-old CVE-2007-0111 (Buffer overflow in Resco Photo Viewer for PocketPC 4.11 and 6.01, as ...) TODO: check-old CVE-2007-0112 (SQL injection vulnerability in cats.asp in createauction allows remote ...) TODO: check-old CVE-2007-0113 (Buffer overflow in Packeteer PacketShaper PacketWise 8.x allows remote ...) TODO: check-old CVE-2007-0114 (Sun Java System Content Delivery Server 5.0 and 5.0 PU1 allows remote ...) TODO: check-old CVE-2007-0115 (Static code injection vulnerability in Coppermine Photo Gallery 1.4.10 ...) TODO: check-old CVE-2007-0116 (Digger Solutions Intranet Open Source (IOS) stores sensitive ...) TODO: check-old CVE-2007-0117 (DiskManagementTool in the DiskManagement.framework 92.29 on Mac OS X ...) TODO: check-old CVE-2007-0118 (Multiple absolute path traversal vulnerabilities in EditTag 1.2 allow ...) TODO: check-old CVE-2007-0119 (Multiple cross-site scripting (XSS) vulnerabilities in EditTag 1.2 ...) TODO: check-old CVE-2007-0120 (Acunetix Web Vulnerability Scanner (WVS) 4.0 Build 20060717 and ...) TODO: check-old CVE-2007-0121 (Cross-site scripting (XSS) vulnerability in search.asp in RI Blog 1.3 ...) TODO: check-old CVE-2007-0122 (Multiple SQL injection vulnerabilities in Coppermine Photo Gallery ...) TODO: check-old CVE-2007-0123 (Unrestricted file upload vulnerability in Uber Uploader 4.2 allows ...) TODO: check-old CVE-2007-0124 (Unspecified vulnerability in Drupal before 4.6.11, and 4.7 before ...) TODO: check-old CVE-2007-0125 (Kaspersky Labs Antivirus Engine 6.0 for Windows and 5.5-10 for Linux ...) TODO: check-old CVE-2007-0126 (Heap-based buffer overflow in Opera 9.02 allows remote attackers to ...) BUG: 160369 CVE-2007-0127 (The Javascript SVG support in Opera before 9.10 does not properly ...) BUG: 160369 CVE-2007-0128 (SQL injection vulnerability in info_book.asp in Digirez 3.4 and ...) TODO: check-old CVE-2007-0129 (SQL injection vulnerability in main.asp in LocazoList 2.01a beta5 and ...) TODO: check-old CVE-2007-0130 (SQL injection vulnerability in user.php in iGeneric iG Calendar 1.0 ...) TODO: check-old CVE-2007-0131 (JAMWiki before 0.5.0 does not properly check permissions during moves ...) TODO: check-old CVE-2007-0132 (SQL injection vulnerability in compare_product.php in iGeneric iG Shop ...) TODO: check-old CVE-2007-0133 (Multiple SQL injection vulnerabilities in display_review.php in ...) TODO: check-old CVE-2007-0134 (Multiple eval injection vulnerabilities in iGeneric iG Shop 1.0 allow ...) TODO: check-old CVE-2007-0135 (PHP remote file inclusion vulnerability in inc/init.inc.php in Aratix ...) TODO: check-old CVE-2007-0136 (Multiple cross-site scripting (XSS) vulnerabilities in Drupal before ...) TODO: check-old CVE-2007-0137 (Cross-site scripting (XSS) vulnerability in SimpleBoxes/SerendipityNZ ...) TODO: check-old CVE-2007-0138 (formbankcgi.exe in Fersch Formbankserver 1.9, when the PATH_INFO ...) TODO: check-old CVE-2007-0139 (Unspecified vulnerability in the DECnet-Plus 7.3-2 feature in ...) TODO: check-old CVE-2007-0140 (SQL injection vulnerability in down.asp in Kolayindir Download ...) TODO: check-old CVE-2007-0141 (Cross-site scripting (XSS) vulnerability in yald.php in Yet Another ...) TODO: check-old CVE-2007-0142 (SQL injection vulnerability in orange.asp in ShopStoreNow E-commerce ...) TODO: check-old CVE-2007-0143 (Multiple PHP remote file inclusion vulnerabilities in NUNE News Script ...) TODO: check-old CVE-2007-0144 (Cross-site scripting (XSS) vulnerability in search.asp in Digitizing ...) TODO: check-old CVE-2007-0145 (PHP remote file inclusion vulnerability in bn_smrep1.php in BinGoPHP ...) TODO: check-old CVE-2007-0146 (Multiple cross-site scripting (XSS) vulnerabilities in Fix and Chips ...) TODO: check-old CVE-2007-0147 (Cuyahoga before 1.0.1 installs the FCKEditor component with an ...) TODO: check-old CVE-2007-0148 (Format string vulnerability in OmniGroup OmniWeb 5.5.1 allows remote ...) TODO: check-old CVE-2007-0149 (EMembersPro 1.0 stores sensitive information under the web root with ...) TODO: check-old CVE-2007-0150 (Multiple PHP remote file inclusion vulnerabilities in index.php in ...) TODO: check-old CVE-2007-0151 (MitiSoft stores sensitive information under the web root with ...) TODO: check-old CVE-2007-0152 (OhhASP stores sensitive information under the web root with ...) TODO: check-old CVE-2007-0153 (AJLogin 3.5 stores sensitive information under the web root with ...) TODO: check-old CVE-2007-0154 (Webulas stores sensitive information under the web root with ...) TODO: check-old CVE-2007-0155 (HarikaOnline 2.0 stores sensitive information under the web root with ...) TODO: check-old CVE-2007-0156 (M-Core stores the database under the web document root, which allows ...) TODO: check-old CVE-2007-0157 (Array index error in the uri_lookup function in the URI parser for ...) TODO: check-old CVE-2007-0158 RESERVED CVE-2007-0159 (Directory traversal vulnerability in the GeoIP_update_database_general ...) TODO: check-old CVE-2007-0160 (Stack-based buffer overflow in the LiveJournal support ...) BUG: 160793 CVE-2007-0161 (The PML Driver HPZ12 (HPZipm12.exe) in the HP all-in-one drivers, as ...) TODO: check-old CVE-2007-0162 (Unsanity Application Enhancer (APE) 2.0.2 installs with insecure ...) TODO: check-old CVE-2007-0163 (SecureKit Steganography 1.7.1 and 1.8 embeds password information in ...) TODO: check-old CVE-2007-0164 (Camouflage 1.2.1 embeds password information in the carrier file, ...) TODO: check-old CVE-2007-0165 (Unspecified vulnerability in libnsl in Sun Solaris 8 and 9 allows ...) TODO: check-old CVE-2007-0166 (The jail rc.d script in FreeBSD 5.3 up to 6.2 does not verify ...) TODO: check-old CVE-2007-0167 (Multiple PHP file inclusion vulnerabilities in WGS-PPC (aka PPC Search ...) TODO: check-old CVE-2007-0168 (The Tape Engine service in Computer Associates (CA) BrightStor ...) TODO: check-old CVE-2007-0169 (Multiple buffer overflows in Computer Associates (CA) BrightStor ...) TODO: check-old CVE-2007-0170 (PHP remote file inclusion vulnerability in index.php in AllMyVisitors ...) TODO: check-old CVE-2007-0171 (PHP remote file inclusion vulnerability in index.php in AllMyLinks ...) TODO: check-old CVE-2007-0172 (Multiple PHP remote file inclusion vulnerabilities in AllMyGuests ...) TODO: check-old CVE-2007-0173 (Directory traversal vulnerability in index.php in L2J Statistik Script ...) TODO: check-old CVE-2007-0174 (Multiple stack-based multiple buffer overflows in the BRWOSSRE2UC.dll ...) TODO: check-old CVE-2007-0175 (Cross-site scripting (XSS) vulnerability in htsrv/login.php in ...) TODO: check-old CVE-2007-0176 (Cross-site scripting (XSS) vulnerability in search/advanced_search.php ...) TODO: check-old CVE-2007-0177 (Cross-site scripting (XSS) vulnerability in the AJAX module in ...) TODO: check-old CVE-2007-0178 (PHP remote file inclusion vulnerability in info.php in Easy Banner Pro ...) TODO: check-old CVE-2007-0179 (SQL injection vulnerability in comment.php in PHPKIT 1.6.1 R2 allows ...) TODO: check-old CVE-2007-0180 (Stack-based buffer overflow in EF Commander 5.75 allows user-assisted ...) TODO: check-old CVE-2007-0181 (PHP remote file inclusion vulnerability in include/common_function.php ...) TODO: check-old CVE-2007-0182 (Multiple PHP remote file inclusion vulnerabilities in magic photo ...) TODO: check-old CVE-2007-0183 (Cross-site scripting (XSS) vulnerability in /search in iPlanet Web ...) TODO: check-old CVE-2007-0184 (Getahead Direct Web Remoting (DWR) before 1.1.4 allows attackers to ...) TODO: check-old CVE-2007-0185 (Getahead Direct Web Remoting (DWR) before 1.1.4 allows attackers to ...) TODO: check-old CVE-2007-0186 (Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass SSL ...) TODO: check-old CVE-2007-0187 (F5 FirePass 5.4 through 5.5.2 and 6.0 allows remote attackers to ...) TODO: check-old CVE-2007-0188 (F5 FirePass 5.4 through 5.5.1 does not properly enforce host access ...) TODO: check-old CVE-2007-0189 (** DISPUTED ** ...) TODO: check-old CVE-2007-0190 (PHP remote file inclusion vulnerability in edit_address.php in edit-x ...) TODO: check-old CVE-2007-0191 (Cross-site scripting (XSS) vulnerability in admin.php in MKPortal ...) TODO: check-old CVE-2007-0192 (Cross-site request forgery (CSRF) vulnerability in the save_main ...) TODO: check-old CVE-2007-0193 (FON La Fonera routers do not properly limit DNS service access by ...) TODO: check-old CVE-2007-0194 (admin.php in MKPortal M1.1 RC1 allows remote attackers to obtain ...) TODO: check-old CVE-2007-0195 (my.activation.php3 in F5 FirePass 5.4 through 5.5.1 and 6.0 displays ...) TODO: check-old CVE-2007-0196 (SQL injection vulnerability in admin_check_user.asp in Motionborg Web ...) TODO: check-old CVE-2007-0197 (Finder 10.4.6 on Apple Mac OS X 10.4.8 allows user-assisted remote ...) TODO: check-old CVE-2007-0198 (The JTapi Gateway process in Cisco Unified Contact Center Enterprise, ...) TODO: check-old CVE-2007-0199 (The Data-link Switching (DLSw) feature in Cisco IOS 11.0 through 12.4 ...) TODO: check-old CVE-2007-0200 (PHP remote file inclusion vulnerability in template.php in Geoffrey ...) TODO: check-old CVE-2007-0201 (Buffer overflow in the cmd_usr function in ftp-gw in TIS Internet ...) TODO: check-old CVE-2007-0202 (SQL injection vulnerability in index.php in @lex Guestbook 4.0.2 and ...) TODO: check-old CVE-2007-0203 (Multiple unspecified vulnerabilities in phpMyAdmin before 2.9.2-rc1 ...) TODO: check-old CVE-2007-0204 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...) TODO: check-old CVE-2007-0205 (Directory traversal vulnerability in admin/skins.php for @lex ...) TODO: check-old CVE-2007-0206 (Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) ...) TODO: check-old CVE-2007-0207 RESERVED CVE-2007-0208 (Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works ...) TODO: check-old CVE-2007-0209 (Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works ...) TODO: check-old CVE-2007-0210 (The Window Image Acquisition (WIA) Service in Microsoft Windows XP SP2 ...) TODO: check-old CVE-2007-0211 (The hardware detection functionality in the Windows Shell in Microsoft ...) TODO: check-old CVE-2007-0212 RESERVED CVE-2007-0213 (Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 does ...) TODO: check-old CVE-2007-0214 (The HTML Help ActiveX control (Hhctrl.ocx) in Microsoft Windows 2000 ...) TODO: check-old CVE-2007-0215 (Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, ...) TODO: check-old CVE-2007-0216 (wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office ...) NOT-FOR-US: Microsoft Works Suite CVE-2007-0217 (The wininet.dll FTP client code in Microsoft Internet Explorer 5.01 ...) TODO: check-old CVE-2007-0218 (Microsoft Internet Explorer 5.01 and 6 allows remote attackers to ...) TODO: check-old CVE-2007-0219 (Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects ...) TODO: check-old CVE-2007-0220 (Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) ...) TODO: check-old CVE-2007-0221 (Integer overflow in the IMAP (IMAP4) support in Microsoft Exchange ...) TODO: check-old CVE-2007-0222 (Directory traversal vulnerability in the EmChartBean server side ...) TODO: check-old CVE-2007-0223 (SQL injection vulnerability in shared/code/cp_functions_downloads.php ...) TODO: check-old CVE-2007-0224 (SQL injection vulnerability in shopgiftregsearch.asp in VP-ASP ...) TODO: check-old CVE-2007-0225 (Cross-site scripting (XSS) vulnerability in shopcustadmin.asp in ...) TODO: check-old CVE-2007-0226 (SQL injection vulnerability in wbsearch.aspx in uniForum 4 and earlier ...) TODO: check-old CVE-2007-0227 (slocate 3.1 does not properly manage database entries that specify ...) TODO: check-old CVE-2007-0228 (The DataCollector service in EIQ Networks Network Security Analyzer ...) TODO: check-old CVE-2007-0229 (Integer overflow in the ffs_mountfs function in Mac OS X 10.4.8 and ...) TODO: check-old CVE-2007-0230 (** DISPUTED ** PHP remote file inclusion vulnerability in install.php ...) TODO: check-old CVE-2007-0231 (Cross-site scripting (XSS) vulnerability in Movable Type (MT) 3.33, ...) TODO: check-old CVE-2007-0232 (PHP remote file inclusion vulnerability in ...) TODO: check-old CVE-2007-0233 (wp-trackback.php in WordPress 2.0.6 and earlier does not properly ...) TODO: check-old CVE-2007-0234 REJECTED TODO: check-old CVE-2007-0235 (Stack-based buffer overflow in the glibtop_get_proc_map_s function in ...) BUG: 162169 CVE-2007-0236 (Double free vulnerability in the _ATPsndrsp function in Apple Mac OS X ...) TODO: check-old CVE-2007-0237 (The ndeb-binary feature in Lookup (lookup-el) allows local users to ...) BUG: 197306 CVE-2007-0238 (Stack-based buffer overflow in filter\starcalc\scflt.cxx in the ...) BUG: 170828 CVE-2007-0239 (OpenOffice.org (OOo) Office Suite allows user-assisted remote ...) BUG: 170828 CVE-2007-0240 (Cross-site scripting (XSS) vulnerability in Zope 2.10.2 and earlier ...) TODO: check-old CVE-2007-0241 RESERVED CVE-2007-0242 (The UTF-8 decoder in codecs/qutfcodec.cpp in Qt 3.3.8 and 4.2.3 does ...) TODO: check-old CVE-2007-0243 (Buffer overflow in Sun JDK and Java Runtime Environment (JRE) 5.0 ...) BUG: 159547 BUG: 162511 CVE-2007-0244 (pptpgre.c in PoPToP Point to Point Tunneling Server (pptpd) before ...) BUG: 176936 CVE-2007-0245 (Heap-based buffer overflow in OpenOffice.org (OOo) 2.2.1 and earlier ...) BUG: 181773 CVE-2007-0246 (plugins/scmcvs/www/cvsweb.php in the CVSWeb CGI in GForge 4.5.16 ...) TODO: check-old CVE-2007-0247 (squid/src/ftp.c in Squid before 2.6.STABLE7 allows remote FTP servers ...) BUG: 162364 CVE-2007-0248 (The aclMatchExternal function in Squid before 2.6.STABLE7 allows ...) BUG: 162364 CVE-2007-0249 (Cross-site scripting (XSS) vulnerability in index.php in Nwom topsites ...) TODO: check-old CVE-2007-0250 (index.php in Nwom topsites 3.0 allows remote attackers to obtain ...) TODO: check-old CVE-2007-0251 (Integer underflow in the DecodeGRE function in src/decode.c in Snort ...) TODO: check-old CVE-2007-0252 (Unspecified vulnerability in easy-content filemanager allows remote ...) TODO: check-old CVE-2007-0253 (** DISPUTED ** ...) TODO: check-old CVE-2007-0254 (Format string vulnerability in the errors_create_window function in ...) BUG: 161558 CVE-2007-0255 (XINE 0.99.4 allows user-assisted remote attackers to cause a denial of ...) TODO: check-old CVE-2007-0256 (VideoLAN VLC 0.8.6a allows remote attackers to cause a denial of ...) TODO: check-old CVE-2007-0257 (** DISPUTED ** ...) TODO: check-old CVE-2007-0258 (Cross-site scripting (XSS) vulnerability in index.php in (1) Fastilo ...) TODO: check-old CVE-2007-0259 (Ezboxx Portal System Beta 0.7.6 and earlier allows remote attackers to ...) TODO: check-old CVE-2007-0260 (** DISPUTED ** ...) TODO: check-old CVE-2007-0261 (snews.php in sNews 1.5.30 and earlier does not properly exit when ...) TODO: check-old CVE-2007-0262 (WordPress 2.0.6, and 2.1Alpha 3 (SVN:4662), does not properly verify ...) TODO: check-old CVE-2007-0263 (Unspecified vulnerability in Total Commander before 6.5.6 allows ...) TODO: check-old CVE-2007-0264 (Buffer overflow in Winzip32.exe in WinZip 9.0 allows local users to ...) TODO: check-old CVE-2007-0265 (Multiple cross-site scripting (XSS) vulnerabilities in Ezboxx Portal ...) TODO: check-old CVE-2007-0266 (SQL injection vulnerability in boxx/ShowAppendix.asp in Ezboxx Portal ...) TODO: check-old CVE-2007-0267 (The ufs_lookup function in the Mac OS X 10.4.8 and FreeBSD 6.1 kernels ...) TODO: check-old CVE-2007-0268 (Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5, ...) TODO: check-old CVE-2007-0269 (Unspecified vulnerability in Oracle Database 9.2.0.8, 10.1.0.5, and ...) TODO: check-old CVE-2007-0270 (Buffer overflow in SYS.DBMS_DRS in Oracle Database 9.2.0.7 and ...) TODO: check-old CVE-2007-0271 (Unspecified vulnerability in Oracle Database 9.0.1.5 and 9.2.0.7 has ...) TODO: check-old CVE-2007-0272 (Multiple buffer overflows in MDSYS.MD in Oracle Database 8.1.7.4, ...) TODO: check-old CVE-2007-0273 (Unspecified vulnerability in Oracle Database 9.0.1.5, 9.2.0.8, ...) TODO: check-old CVE-2007-0274 (Multiple unspecified vulnerabilities in Oracle Database 9.2.0.7 and ...) TODO: check-old CVE-2007-0275 (Cross-site scripting (XSS) vulnerability in Oracle Reports Web ...) TODO: check-old CVE-2007-0276 (Multiple unspecified vulnerabilities in Oracle Database 8.1.7.4 and ...) TODO: check-old CVE-2007-0277 (Unspecified vulnerability in Oracle Database client-only 10.1.0.4 has ...) TODO: check-old CVE-2007-0278 (Multiple unspecified vulnerabilities in Oracle Database 8.1.7.4, ...) TODO: check-old CVE-2007-0279 (Multiple unspecified vulnerabilities in Oracle HTTP Server 9.2.0.8 and ...) TODO: check-old CVE-2007-0280 (Unspecified vulnerability in Oracle HTTP Server 9.0.1.5, Application ...) TODO: check-old CVE-2007-0281 (Multiple unspecified vulnerabilities in Oracle HTTP Server 9.0.1.5, ...) TODO: check-old CVE-2007-0282 (Unspecified vulnerability in Oracle HTTP Server 9.0.1.5, Application ...) TODO: check-old CVE-2007-0283 (Unspecified vulnerability in Oracle Application Server 9.0.4.3 and ...) TODO: check-old CVE-2007-0284 (Multiple unspecified vulnerabilities in Oracle Application Server ...) TODO: check-old CVE-2007-0285 (Unspecified vulnerability in Oracle Application Server 9.0.4.3, ...) TODO: check-old CVE-2007-0286 (Unspecified vulnerability in Oracle Application Server 10.1.2.0.2 and ...) TODO: check-old CVE-2007-0287 (Unspecified vulnerability in Oracle Application Server 9.0.4.3, ...) TODO: check-old CVE-2007-0288 (Unspecified vulnerability in Oracle Application Server 10.1.4.0 has ...) TODO: check-old CVE-2007-0289 (Multiple unspecified vulnerabilities in Oracle Collaboration Suite ...) TODO: check-old CVE-2007-0290 (Multiple unspecified vulnerabilities in Oracle E-Business Suite and ...) TODO: check-old CVE-2007-0291 (Unspecified vulnerability in Oracle E-Business Suite and Applications ...) TODO: check-old CVE-2007-0292 (Multiple unspecified vulnerabilities in Oracle Enterprise Manager ...) TODO: check-old CVE-2007-0293 (Multiple unspecified vulnerabilities in Oracle Enterprise Manager ...) TODO: check-old CVE-2007-0294 (Unspecified vulnerability in Oracle Enterprise Manager 10.2.0.1 has ...) TODO: check-old CVE-2007-0295 (Unspecified vulnerability in Oracle PeopleSoft Enterprise and JD ...) TODO: check-old CVE-2007-0296 (Unspecified vulnerability in Oracle PeopleSoft Enterprise and JD ...) TODO: check-old CVE-2007-0297 (Unspecified vulnerability in Oracle PeopleSoft Enterprise and JD ...) TODO: check-old CVE-2007-0298 (PHP remote file inclusion vulnerability in show.php in LunarPoll, when ...) TODO: check-old CVE-2007-0299 (Integer overflow in the byte_swap_sbin function in ...) TODO: check-old CVE-2007-0300 (PHP remote file inclusion vulnerability in i-accueil.php in TLM CMS ...) TODO: check-old CVE-2007-0301 (PHP remote file inclusion vulnerability in _admin/admin_menu.php in ...) TODO: check-old CVE-2007-0302 (Multiple cross-site scripting (XSS) vulnerabilities in InstantASP ...) TODO: check-old CVE-2007-0303 (Multiple unspecified vulnerabilities in Zina 1.0rc1 and earlier have ...) TODO: check-old CVE-2007-0304 (SQL injection vulnerability in duyuru.asp in MiNT Haber Sistemi 2.7 ...) TODO: check-old CVE-2007-0305 (SQL injection vulnerability in etkinlikbak.asp in Okul Web Otomasyon ...) TODO: check-old CVE-2007-0306 (SQL injection vulnerability in visu_user.asp in Digiappz DigiAffiliate ...) TODO: check-old CVE-2007-0307 (PHP remote file inclusion vulnerability in include/common.php in ...) TODO: check-old CVE-2007-0308 (Cross-site scripting (XSS) vulnerability in Plain Black WebGUI before ...) TODO: check-old CVE-2007-0309 (SQL injection vulnerability in blocks/block-Old_Articles.php in ...) TODO: check-old CVE-2007-0310 (BMC Remedy Action Request System 5.01.02 Patch 1267 generates ...) TODO: check-old CVE-2007-0311 (Texas Imperial Software WFTPD and WFTPD Pro Server 3.25 and earlier ...) TODO: check-old CVE-2007-0312 (wcSimple Poll stores sensitive information under the web root with ...) TODO: check-old CVE-2007-0313 (Unspecified vulnerability in GONICUS System Administration (GOsa) ...) TODO: check-old CVE-2007-0314 (Multiple PHP remote file inclusion vulnerabilities in Article System ...) TODO: check-old CVE-2007-0315 (Multiple buffer overflows in FileZilla before 2.2.30a allow remote ...) TODO: check-old CVE-2007-0316 (Multiple SQL injection vulnerabilities in All In One Control Panel ...) TODO: check-old CVE-2007-0317 (Format string vulnerability in the LogMessage function in FileZilla ...) TODO: check-old CVE-2007-0318 (The do_hfs_truncate function in Mac OS X 10.4.8 allows ...) TODO: check-old CVE-2007-0319 (Multiple stack-based buffer overflows in the Motive ...) TODO: check-old CVE-2007-0320 (Multiple buffer overflows in (a) an ActiveX control (iftw.dll) and (b) ...) TODO: check-old CVE-2007-0321 (Buffer overflow in the Update Service Agent ActiveX Control in ...) TODO: check-old CVE-2007-0322 (Multiple stack-based buffer overflows in the Intuit QuickBooks Online ...) TODO: check-old CVE-2007-0323 (Buffer overflow in the SetLanguage function in Research In Motion ...) TODO: check-old CVE-2007-0324 (Multiple buffer overflows in the LizardTech DjVu Browser Plug-in ...) TODO: check-old CVE-2007-0325 (Multiple buffer overflows in the Trend Micro OfficeScan Web-Deployment ...) TODO: check-old CVE-2007-0326 (Multiple stack-based buffer overflows in the PhotoChannel Networks PNI ...) TODO: check-old CVE-2007-0327 RESERVED CVE-2007-0328 (The DWUpdateService ActiveX control in the agent (agent.exe) in ...) TODO: check-old CVE-2007-0329 (download.php in Joonas Viljanen JV2 Folder Gallery allows remote ...) TODO: check-old CVE-2007-0330 (Buffer overflow in wsbho2k0.dll, as used by wsftpurl.exe, in Ipswitch ...) TODO: check-old CVE-2007-0331 (Cross-site scripting (XSS) vulnerability in liens.php3 in ...) TODO: check-old CVE-2007-0332 ((1) admin/adminlien.php3 and (2) admin/modif.php3 in liens_dynamiques ...) TODO: check-old CVE-2007-0333 (Agnitum Outpost Firewall PRO 4.0 allows local users to bypass access ...) TODO: check-old CVE-2007-0334 (Unspecified vulnerability in the SIP module in InGate Firewall and ...) TODO: check-old CVE-2007-0335 (Multiple directory traversal vulnerabilities in Jax Petition Book ...) TODO: check-old CVE-2007-0336 (Undercover.app/Contents/Resources/uc in Rixstep Undercover allows ...) TODO: check-old CVE-2007-0337 (Directory traversal vulnerability in sesskglogadmin.php in KGB 1.9 and ...) TODO: check-old CVE-2007-0338 (Heap-based buffer overflow in Dream FTP Server allows remote attackers ...) TODO: check-old CVE-2007-0339 (SQL injection vulnerability in index.php (aka the login form) in ...) TODO: check-old CVE-2007-0340 (SQL injection vulnerability in inc/header.inc.php in ThWboard ...) TODO: check-old CVE-2007-0341 (Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.1 and ...) TODO: check-old CVE-2007-0342 (WebCore in Apple WebKit build 18794 allows remote attackers to cause a ...) TODO: check-old CVE-2007-0343 (OpenBSD before 20070116 allows remote attackers to cause a denial of ...) TODO: check-old CVE-2007-0344 (Multiple format string vulnerabilities in (1) _invitedToRoom: and (2) ...) TODO: check-old CVE-2007-0345 (The (1) Activity Monitor.app/Contents/Resources/pmTool, (2) Keychain ...) TODO: check-old CVE-2007-0346 (SQL injection vulnerability in index.php in SmE FileMailer 1.21 allows ...) TODO: check-old CVE-2007-0347 (The is_eow function in format.c in CVSTrac before 2.0.1 does not ...) TODO: check-old CVE-2007-0348 (Stack-based buffer overflow in the IASystemInfo.dll ActiveX control in ...) TODO: check-old CVE-2007-0349 (Directory traversal vulnerability in upgrade.php in nicecoder.com ...) TODO: check-old CVE-2007-0350 (Multiple SQL injection vulnerabilities in (a) index.php and (b) dl.php ...) TODO: check-old CVE-2007-0351 (Microsoft Windows XP and Windows Server 2003 do not properly handle ...) TODO: check-old CVE-2007-0352 (Stack-based buffer overflow in Microsoft Help Workshop 4.03.0002 ...) TODO: check-old CVE-2007-0353 (Cross-site scripting (XSS) vulnerability in (1) index.php and (2) ...) TODO: check-old CVE-2007-0354 (SQL injection vulnerability in email.php in MGB OpenSource Guestbook ...) TODO: check-old CVE-2007-0355 (Buffer overflow in the Apple Minimal SLP v2 Service Agent (slpd) in ...) TODO: check-old CVE-2007-0356 (The Common Controls Replacement Project (CCRP) FolderTreeview (FTV) ...) TODO: check-old CVE-2007-0357 (Directory traversal vulnerability in the AVM IGD CTRL Service in ...) TODO: check-old CVE-2007-0358 (Unspecified vulnerability in the FTP server implementation in HP ...) TODO: check-old CVE-2007-0359 (PHP remote file inclusion vulnerability in frontpage.php in Uberghey ...) TODO: check-old CVE-2007-0360 (PHP remote file inclusion vulnerability in lang/index.php in Oreon ...) TODO: check-old CVE-2007-0361 (PHP remote file inclusion vulnerability in mep/frame.php in ...) TODO: check-old CVE-2007-0362 (Cross-site scripting (XSS) vulnerability in the RSS feed component in ...) TODO: check-old CVE-2007-0363 (Cross-site scripting (XSS) vulnerability in admin-search.php in (1) ...) TODO: check-old CVE-2007-0364 (Multiple cross-site scripting (XSS) vulnerabilities in nicecoder.com ...) TODO: check-old CVE-2007-0365 (Multiple cross-site scripting (XSS) vulnerabilities in All In One ...) TODO: check-old CVE-2007-0366 (Untrusted search path vulnerability in Rumpus 5.1 and earlier allows ...) TODO: check-old CVE-2007-0367 (Rumpus 5.1 and earlier has weak permissions for certain files and ...) TODO: check-old CVE-2007-0368 (Stack-based buffer overflow in mbse-bbs 0.70 and earlier allows local ...) TODO: check-old CVE-2007-0369 (SQL injection vulnerability in phpBP RC3 (2.204) and earlier allows ...) TODO: check-old CVE-2007-0370 (Unrestricted file upload vulnerability in index.php in phpBP RC3 ...) TODO: check-old CVE-2007-0371 (A certain ActiveX control in the Common Controls Replacement Project ...) TODO: check-old CVE-2007-0372 (Multiple SQL injection vulnerabilities in Francisco Burzi PHP-Nuke 7.9 ...) TODO: check-old CVE-2007-0373 (Multiple SQL injection vulnerabilities in Joomla! 1.5.0 Beta allow ...) TODO: check-old CVE-2007-0374 (SQL injection vulnerability in (1) Joomla! 1.0.11 and 1.5 Beta, and ...) TODO: check-old CVE-2007-0375 (Joomla! 1.5.0 Beta allows remote attackers to obtain sensitive ...) TODO: check-old CVE-2007-0376 (Cross-site scripting (XSS) vulnerability in Virtuemart 1.0.7 allows ...) TODO: check-old CVE-2007-0377 (Multiple SQL injection vulnerabilities in Xoops 2.0.16 allow remote ...) TODO: check-old CVE-2007-0378 (Multiple SQL injection vulnerabilities in DocMan 1.3 RC2 allow ...) TODO: check-old CVE-2007-0379 (Cross-site scripting (XSS) vulnerability in DocMan 1.3 RC2 allows ...) TODO: check-old CVE-2007-0380 (DocMan 1.3 RC2 allows remote attackers to obtain sensitive information ...) TODO: check-old CVE-2007-0381 (Multiple SQL injection vulnerabilities in ATutor 1.5.3.2 allow remote ...) TODO: check-old CVE-2007-0382 (Multiple SQL injection vulnerabilities in letterman.class.php in the ...) TODO: check-old CVE-2007-0383 (** DISPUTED ** ...) TODO: check-old CVE-2007-0384 (Cross-site scripting (XSS) vulnerability in preview in the reviews ...) TODO: check-old CVE-2007-0385 (The faq section in PostNuke 0.764 allows remote attackers to obtain ...) TODO: check-old CVE-2007-0386 (Unspecified vulnerability in the rating section in PostNuke 0.764 has ...) TODO: check-old CVE-2007-0387 (SQL injection vulnerability in models/category.php in the Weblinks ...) TODO: check-old CVE-2007-0388 (SQL injection vulnerability in search.php in Woltlab Burning Board ...) TODO: check-old CVE-2007-0389 (Directory traversal vulnerability in ArsDigita Community System (ACS) ...) TODO: check-old CVE-2007-0390 (Cross-site scripting (XSS) vulnerability in index.php in sabros.us 1.7 ...) TODO: check-old CVE-2007-0391 (Format string vulnerability in the log creation functionality of ...) TODO: check-old CVE-2007-0392 (IBM AIX 5.3 does not properly verify the status of file descriptors ...) TODO: check-old CVE-2007-0393 (Sun Solaris 9 does not properly verify the status of file descriptors ...) TODO: check-old CVE-2007-0394 (HP HP-UX B11.11 does not properly verify the status of file ...) TODO: check-old CVE-2007-0395 (PHP remote file inclusion vulnerability in ...) TODO: check-old CVE-2007-0396 (Unspecified vulnerability in HP-UX B.11.23, when running IPFilter in ...) TODO: check-old CVE-2007-0397 (The Cisco Security Monitoring, Analysis and Response System (CS-MARS) ...) TODO: check-old CVE-2007-0398 (Multiple cross-site scripting (XSS) vulnerabilities in forum.php3 in ...) TODO: check-old CVE-2007-0399 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) TODO: check-old CVE-2007-0400 (Cross-site scripting (XSS) vulnerability in admin/memberlist.php in ...) TODO: check-old CVE-2007-0401 (SQL injection vulnerability in admin/memberlist.php in Easebay ...) TODO: check-old CVE-2007-0402 (Cross-site scripting (XSS) vulnerability in admin/edit_member.php in ...) TODO: check-old CVE-2007-0403 (SQL injection vulnerability in admin/memberlist.php in Easebay ...) TODO: check-old CVE-2007-0404 (bin/compile-messages.py in Django 0.95 does not quote argument strings ...) TODO: check-old CVE-2007-0405 (The LazyUser class in the AuthenticationMiddleware for Django 0.95 ...) TODO: check-old CVE-2007-0406 (Multiple buffer overflows in the (1) main function in (a) client.c, ...) TODO: check-old CVE-2007-0407 (Cross-site scripting (XSS) vulnerability in Operation/User.pm in Plain ...) TODO: check-old CVE-2007-0408 (BEA Weblogic Server 8.1 through 8.1 SP4 does not properly validate ...) TODO: check-old CVE-2007-0409 (BEA WebLogic 7.0 through 7.0 SP6, 8.1 through 8.1 SP4, and 9.0 initial ...) TODO: check-old CVE-2007-0410 (Unspecified vulnerability in the thread management in BEA WebLogic 7.0 ...) TODO: check-old CVE-2007-0411 (BEA WebLogic Server 8.1 through 8.1 SP5, 9.0, 9.1, and 9.2 Gold, when ...) TODO: check-old CVE-2007-0412 (BEA WebLogic Server 6.1 through 6.1 SP7, 7.0 through 7.0 SP7, and 8.1 ...) TODO: check-old CVE-2007-0413 (BEA WebLogic Server 8.1 through 8.1 SP5 stores cleartext data in a ...) TODO: check-old CVE-2007-0414 (BEA WebLogic Server 6.1 through 6.1 SP7, 7.0 through 7.0 SP6, 8.1 ...) TODO: check-old CVE-2007-0415 (BEA WebLogic Server 8.1 through 8.1 SP5 does not properly enforce ...) TODO: check-old CVE-2007-0416 (The WSEE runtime (WS-Security runtime) in BEA WebLogic Server 9.0 and ...) TODO: check-old CVE-2007-0417 (BEA WebLogic Server 7.0 through 7.0 SP7, 8.1 through 8.1 SP5, 9.0, and ...) TODO: check-old CVE-2007-0418 (BEA WebLogic Server 7.0 through 7.0 SP6, 8.1 through 8.1 SP5, 9.0, and ...) TODO: check-old CVE-2007-0419 (The BEA WebLogic Server proxy plug-in before June 2006 for the Apache ...) TODO: check-old CVE-2007-0420 (BEA WebLogic Server 9.0, 9.1, and 9.2 Gold allows remote attackers to ...) TODO: check-old CVE-2007-0421 (BEA WebLogic Server 6.1 through 6.1 SP7, and 7.0 through 7.0 SP7 ...) TODO: check-old CVE-2007-0422 (BEA WebLogic Server 9.0, 9.1, and 9.2 Gold, when running on Solaris 9, ...) TODO: check-old CVE-2007-0423 (BEA WebLogic Portal 9.2 does not properly handle when an administrator ...) TODO: check-old CVE-2007-0424 (Unspecified vulnerability in the BEA WebLogic Server proxy plug-in for ...) TODO: check-old CVE-2007-0425 (Unspecified vulnerability in BEA WebLogic Platform and Server 8.1 ...) TODO: check-old CVE-2007-0426 (BEA WebLogic Portal 9.2, when running in a WebLogic Server clustered ...) TODO: check-old CVE-2007-0427 (Stack-based buffer overflow in Microsoft Help Workshop 4.03.0002 ...) TODO: check-old CVE-2007-0428 (Unspecified vulnerability in the chtbl_lookup function in hash.c for ...) TODO: check-old CVE-2007-0429 (DivXBrowserPlugin (aka DivX Web Player) npdivx32.dll, as distributed ...) TODO: check-old CVE-2007-0430 (The shared_region_map_file_np function in Apple Mac OS X 10.4.8 and ...) TODO: check-old CVE-2007-0431 (AVM Fritz!Box 7050, and possibly other product models, allows remote ...) TODO: check-old CVE-2007-0432 (BEA AquaLogic Service Bus 2.0, 2.1, and 2.5 does not properly reject ...) TODO: check-old CVE-2007-0433 (Unspecified vulnerability in BEA AquaLogic Enterprise Security 2.0 ...) TODO: check-old CVE-2007-0434 (BEA AquaLogic Enterprise Security 2.0 through 2.0 SP2, 2.1 through 2.1 ...) TODO: check-old CVE-2007-0435 (T-Com Speedport 500V routers with firmware 1.31 allow remote attackers ...) TODO: check-old CVE-2007-0436 (Barron McCann X-Kryptor Driver BMS1446HRR (Xgntr BMS1351 Install ...) TODO: check-old CVE-2007-0437 (Multiple cross-site scripting (XSS) vulnerabilities in the sample ...) TODO: check-old CVE-2007-0438 RESERVED CVE-2007-0439 RESERVED CVE-2007-0440 RESERVED CVE-2007-0441 (Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) ...) TODO: check-old CVE-2007-0442 (Unspecified vulnerability in IBM OS/400 R530 and R535 has unknown ...) TODO: check-old CVE-2007-0443 (Multiple buffer overflows in the CDDBControl ActiveX control in ...) TODO: check-old CVE-2007-0444 (Stack-based buffer overflow in the print provider library (cpprov.dll) ...) TODO: check-old CVE-2007-0445 (Heap-based buffer overflow in the arj.ppl module in the OnDemand ...) TODO: check-old CVE-2007-0446 (Stack-based buffer overflow in magentproc.exe for Hewlett-Packard ...) TODO: check-old CVE-2007-0447 (Heap-based buffer overflow in the Decomposer component in multiple ...) NOT-FOR-US: Decomposer CVE-2007-0448 (The fopen function in PHP 5.2.0 does not properly handle invalid URI ...) TODO: check-old CVE-2007-0449 (Multiple buffer overflows in LGSERVER.EXE in CA BrightStor ARCserve ...) TODO: check-old CVE-2007-0450 (Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x ...) BUG: 173122 CVE-2007-0451 (Apache SpamAssassin before 3.1.8 allows remote attackers to cause a ...) BUG: 166969 CVE-2007-0452 (smbd in Samba 3.0.6 through 3.0.23d allows remote authenticated users ...) TODO: check-old CVE-2007-0453 (Buffer overflow in the nss_winbind.so.1 library in Samba 3.0.21 ...) TODO: check-old CVE-2007-0454 (Format string vulnerability in the afsacl.so VFS module in Samba 3.0.6 ...) TODO: check-old CVE-2007-0455 (Buffer overflow in the gdImageStringFTEx function in gdft.c in GD ...) TODO: check-old CVE-2007-0456 (Unspecified vulnerability in the LLT dissector in Wireshark (formerly ...) TODO: check-old CVE-2007-0457 (Unspecified vulnerability in the IEEE 802.11 dissector in Wireshark ...) TODO: check-old CVE-2007-0458 (Unspecified vulnerability in the HTTP dissector in Wireshark (formerly ...) TODO: check-old CVE-2007-0459 (packet-tcp.c in the TCP dissector in Wireshark (formerly Ethereal) ...) TODO: check-old CVE-2007-0460 (Multiple buffer overflows in ulogd for SUSE Linux 9.3 up to 10.1, and ...) BUG: 161882 CVE-2007-0461 (Multiple memory leaks in the Dazuko anti-virus helper module before ...) TODO: check-old CVE-2007-0462 (The _GetSrcBits32ARGB function in Apple QuickDraw, as used by ...) TODO: check-old CVE-2007-0463 (Format string vulnerability in Apple Software Update 2.0.5 on Mac OS X ...) TODO: check-old CVE-2007-0464 (The _CFNetConnectionWillEnqueueRequests function in CFNetwork 129.19 ...) TODO: check-old CVE-2007-0465 (Format string vulnerability in Apple Installer 2.1.5 on Mac OS X ...) TODO: check-old CVE-2007-0466 (Telestream Flip4Mac Windows Media Components for Quicktime 2.1.0.33 ...) TODO: check-old CVE-2007-0467 (crashdump in Apple Mac OS X 10.4.8 allows local users in the admin ...) TODO: check-old CVE-2007-0468 (Stack-based buffer overflow in rcdll.dll in msdev.exe in Visual C++ ...) TODO: check-old CVE-2007-0469 (The extract_files function in installer.rb in RubyGems before 0.9.1 ...) TODO: check-old CVE-2007-0470 (Multiple unspecified vulnerabilities in tip in Sun Solaris 8, 9, and ...) TODO: check-old CVE-2007-0471 (sre/params.php in the Integrity Clientless Security (ICS) component in ...) TODO: check-old CVE-2007-0472 (Multiple race conditions in Smb4K before 0.8.0 allow local users to ...) BUG: 156152 CVE-2007-0473 (The writeFile function in core/smb4kfileio.cpp in Smb4K before 0.8.0 ...) BUG: 156152 CVE-2007-0474 (Smb4K before 0.8.0 allow local users, when present on the Smb4K ...) BUG: 156152 CVE-2007-0475 (Multiple stack-based buffer overflows in utilities/smb4k_*.cpp in ...) BUG: 156152 CVE-2007-0476 (The gencert.sh script, when installing OpenLDAP before 2.1.30-r10, ...) BUG: 159508 CVE-2007-0477 (Cross-site scripting (XSS) vulnerability in Openads 2.0.x before ...) TODO: check-old CVE-2007-0478 (WebCore on Apple Mac OS X 10.3.9 and 10.4.10, as used in Safari, does ...) BUG: 165606 CVE-2007-0479 (Memory leak in the TCP listener in Cisco IOS 9.x, 10.x, 11.x, and 12.x ...) TODO: check-old CVE-2007-0480 (Cisco IOS 9.x, 10.x, 11.x, and 12.x and IOS XR 2.0.x, 3.0.x, and 3.2.x ...) TODO: check-old CVE-2007-0481 (Cisco IOS allows remote attackers to cause a denial of service (crash) ...) TODO: check-old CVE-2007-0482 (cgi-bin/main in Sun Ray Server Software 2.0 and 3.0 before 20070123 ...) TODO: check-old CVE-2007-0483 (Multiple cross-site scripting (XSS) vulnerabilities in Enthusiast 3.1 ...) TODO: check-old CVE-2007-0484 (Multiple SQL injection vulnerabilities in Enthusiast 3.1 allow remote ...) TODO: check-old CVE-2007-0485 (PHP remote file inclusion vulnerability in defines.php in WebChat 0.77 ...) TODO: check-old CVE-2007-0486 (** DISPUTED ** ...) TODO: check-old CVE-2007-0487 (** DISPUTED ** ...) TODO: check-old CVE-2007-0488 (The Huawei Versatile Routing Platform 1.43 2500E-003 firmware on the ...) TODO: check-old CVE-2007-0489 (PHP remote file inclusion vulnerability in ...) TODO: check-old CVE-2007-0490 (index.php in Open-Realty 2.3.4 allows remote attackers to obtain ...) TODO: check-old CVE-2007-0491 (PHP remote file inclusion vulnerability in up.php in Sky GUNNING ...) TODO: check-old CVE-2007-0492 (Multiple SQL injection vulnerabilities in gallery.php in webSPELL ...) TODO: check-old CVE-2007-0493 (Use-after-free vulnerability in ISC BIND 9.3.0 up to 9.3.3, 9.4.0a1 up ...) BUG: 163692 CVE-2007-0494 (ISC BIND 9.0.x, 9.1.x, 9.2.0 up to 9.2.7, 9.3.0 up to 9.3.3, 9.4.0a1 ...) BUG: 163692 CVE-2007-0495 (PHP remote file inclusion vulnerability in include/config.inc.php in ...) TODO: check-old CVE-2007-0496 (PHP remote file inclusion vulnerability in lib/nl/nl.php in Neon Labs ...) TODO: check-old CVE-2007-0497 (PHP remote file inclusion vulnerability in upload/top.php in ...) TODO: check-old CVE-2007-0498 (PHP remote file inclusion vulnerability in up.php in MySpeach 2.1 beta ...) TODO: check-old CVE-2007-0499 (PHP remote file inclusion vulnerability in config.php in Sangwan Kim ...) TODO: check-old CVE-2007-0500 (PHP remote file inclusion vulnerability in include/includes.php in ...) TODO: check-old CVE-2007-0501 (PHP remote file inclusion vulnerability in index.php in Mafia Scum ...) TODO: check-old CVE-2007-0502 (SQL injection vulnerability in gallery.php in webSPELL 4.01.02 allows ...) TODO: check-old CVE-2007-0503 (Unspecified vulnerability in kcms_calibrate in Sun Solaris 8 and 9 ...) TODO: check-old CVE-2007-0504 (Eval injection vulnerability in poll_frame.php in Vote! Pro 4.0, and ...) TODO: check-old CVE-2007-0505 (Unrestricted file upload vulnerability in the Project issue tracking ...) TODO: check-old CVE-2007-0506 (The project_issue_access function in the Project issue tracking 4.7.0 ...) TODO: check-old CVE-2007-0507 (SQL injection vulnerability in the Acidfree module for Drupal before ...) TODO: check-old CVE-2007-0508 (PHP remote file inclusion vulnerability in lib/selectlang.php in ...) TODO: check-old CVE-2007-0509 (Multiple unspecified vulnerabilities in MaklerPlus before 1.2 have ...) TODO: check-old CVE-2007-0510 (Multiple buffer overflows in (1) graphs.c, (2) output.c, and (3) ...) TODO: check-old CVE-2007-0511 (Multiple PHP remote file inclusion vulnerabilities in phpXMLDOM ...) TODO: check-old CVE-2007-0512 (Hitachi TP1/LiNK 05-00 through 05-03-/F, 03-04 through 03-06-/K, and ...) TODO: check-old CVE-2007-0513 (Hitachi HiRDB Datareplicator 7HiRDB, 7(64), 6, 6(64), 5.0, and ...) TODO: check-old CVE-2007-0514 (Multiple cross-site scripting (XSS) vulnerabilities in multiple ...) TODO: check-old CVE-2007-0515 (Unspecified vulnerability in Microsoft Word allows user-assisted ...) TODO: check-old CVE-2007-0516 (Yana Framework before 2.8.5a allows remote authenticated users with ...) TODO: check-old CVE-2007-0517 (Scriptsez Random PHP Quote 1.0 stores sensitive information under the ...) TODO: check-old CVE-2007-0518 (Scriptsez Smart PHP Subscriber (aka subscribe) stores sensitive ...) TODO: check-old CVE-2007-0519 (Cross-site scripting (XSS) vulnerability in memcp.php in XMB U2U ...) TODO: check-old CVE-2007-0520 (SQL injection vulnerability in banner.php in Unique Ads (UDS) 1.x ...) TODO: check-old CVE-2007-0521 (The Sony Ericsson K700i and W810i phones allow remote attackers to ...) TODO: check-old CVE-2007-0522 (The Motorola MOTORAZR V3 phone allows remote attackers to cause a ...) TODO: check-old CVE-2007-0523 (The Nokia N70 phone allows remote attackers to cause a denial of ...) TODO: check-old CVE-2007-0524 (The LG Chocolate KG800 phone allows remote attackers to cause a denial ...) TODO: check-old CVE-2007-0525 (Multiple buffer overflows in Nickolas Grigoriadis Mini Web server ...) TODO: check-old CVE-2007-0526 (Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 1.3.1 ...) TODO: check-old CVE-2007-0527 (SQL injection vulnerability in the is_remembered function in ...) TODO: check-old CVE-2007-0528 (The admin web console implemented by the Centrality Communications ...) TODO: check-old CVE-2007-0529 (Cross-site scripting (XSS) vulnerability in index.html (aka the ...) TODO: check-old CVE-2007-0530 (** DISPUTED ** ...) TODO: check-old CVE-2007-0531 (PHP remote file inclusion vulnerability in includes/login.php in ...) TODO: check-old CVE-2007-0532 (Tuan Do Uploader (aka php-uploader) 6 beta 1 stores sensitive ...) TODO: check-old CVE-2007-0533 (The AToZed IntraWeb component 8.0 and earlier for Borland Delphi and ...) TODO: check-old CVE-2007-0534 (Multiple cross-site scripting (XSS) vulnerabilities in the (1) Project ...) TODO: check-old CVE-2007-0535 (Multiple eval injection vulnerabilities in Vote! Pro 4.0, and possibly ...) TODO: check-old CVE-2007-0536 (The chroot helper in rMake for rPath Linux 1 does not drop ...) TODO: check-old CVE-2007-0537 (The KDE HTML library (kdelibs), as used by Konqueror 3.5.5, does not ...) BUG: 165606 CVE-2007-0538 (Telligent Community Server 2.1 and earlier allows remote attackers to ...) TODO: check-old CVE-2007-0539 (The wp_remote_fopen function in WordPress before 2.1 allows remote ...) TODO: check-old CVE-2007-0540 (WordPress allows remote attackers to cause a denial of service ...) TODO: check-old CVE-2007-0541 (WordPress allows remote attackers to determine the existence of ...) TODO: check-old CVE-2007-0542 (Cross-site scripting (XSS) vulnerability in show.php in 212cafe ...) TODO: check-old CVE-2007-0543 (ZixForum 1.14 and earlier stores sensitive information under the web ...) TODO: check-old CVE-2007-0544 (Cross-site scripting (XSS) vulnerability in private.php in MyBB (aka ...) TODO: check-old CVE-2007-0545 (Maxtricity Tagger 0.1 stores sensitive information under the web root ...) TODO: check-old CVE-2007-0546 (Toxiclab Shoutbox 1 stores sensitive information under the web root ...) TODO: check-old CVE-2007-0547 (Cross-site scripting (XSS) vulnerability in CGI-RESCUE WebFORM 4.3 and ...) TODO: check-old CVE-2007-0548 (KarjaSoft Sami HTTP Server 2.0.1 allows remote attackers to cause a ...) TODO: check-old CVE-2007-0549 (Cross-site scripting (XSS) vulnerability in list3.php in 212cafeBoard ...) TODO: check-old CVE-2007-0550 (Cross-site scripting (XSS) vulnerability in search.php in 212cafeBoard ...) TODO: check-old CVE-2007-0551 (Multiple PHP remote file inclusion vulnerabilities in cmsimple/cms.php ...) TODO: check-old CVE-2007-0552 (Cross-site scripting (XSS) vulnerability in ...) TODO: check-old CVE-2007-0553 (Multiple cross-site scripting (XSS) vulnerabilities in index.inc.php ...) TODO: check-old CVE-2007-0554 (SQL injection vulnerability in print.asp in Guo Xu Guos Posting System ...) TODO: check-old CVE-2007-0555 (PostgreSQL 7.3 before 7.3.13, 7.4 before 7.4.16, 8.0 before 8.0.11, ...) BUG: 165482 CVE-2007-0556 (The query planner in PostgreSQL before 8.0.11, 8.1 before 8.1.7, and ...) BUG: 165482 CVE-2007-0557 (rMake before 1.0.4 drops root privileges in a way that retains the ...) TODO: check-old CVE-2007-0558 (PHP remote file inclusion vulnerability in modules/mail/main.php in ...) TODO: check-old CVE-2007-0559 (PHP remote file inclusion vulnerability in config.php in RPW 1.0.2 ...) TODO: check-old CVE-2007-0560 (SQL injection vulnerability in user.asp in ASP EDGE 1.2b and earlier ...) TODO: check-old CVE-2007-0561 (Multiple PHP remote file inclusion vulnerabilities in Xero Portal 1.2 ...) TODO: check-old CVE-2007-0562 (Windows Explorer (explorer.exe) 6.0.2900.2180 in Microsoft Windows XP ...) TODO: check-old CVE-2007-0563 (Multiple cross-site scripting (XSS) vulnerabilities in Symantec Web ...) TODO: check-old CVE-2007-0564 (The license registering interface in Symantec Web Security (SWS) ...) TODO: check-old CVE-2007-0565 (CGI-Rescue Shopping Basket Professional 7.50 and earlier allows remote ...) TODO: check-old CVE-2007-0566 (SQL injection vulnerability in news_detail.asp in ASP NEWS 3 and ...) TODO: check-old CVE-2007-0567 (Cross-site scripting (XSS) vulnerability in admin.php in ...) TODO: check-old CVE-2007-0568 (PHP remote file inclusion vulnerability in system/lib/package.php in ...) TODO: check-old CVE-2007-0569 (SQL injection vulnerability in xNews.php in xNews 1.3 allows remote ...) TODO: check-old CVE-2007-0570 (PHP remote file inclusion vulnerability in ains_main.php in Johannes ...) TODO: check-old CVE-2007-0571 (PHP remote file inclusion vulnerability in include/lib/lib_head.php in ...) TODO: check-old CVE-2007-0572 (PHP remote file inclusion vulnerability in include/irc/phpIRC.php in ...) TODO: check-old CVE-2007-0573 (PHP remote file inclusion vulnerability in includes/config.inc.php in ...) TODO: check-old CVE-2007-0574 (SQL injection vulnerability in rss/show_webfeed.php in SpoonLabs Vivvo ...) TODO: check-old CVE-2007-0575 (Multiple SQL injection vulnerabilities in the administrative login ...) TODO: check-old CVE-2007-0576 (PHP remote file inclusion vulnerability in xt_counter.php in Xt-Stats ...) TODO: check-old CVE-2007-0577 (PHP remote file inclusion vulnerability in function.inc.php in ...) TODO: check-old CVE-2007-0578 (The http_open function in httpget.c in mpg123 before 0.64 allows ...) TODO: check-old CVE-2007-0579 (Unspecified vulnerability in the calendar component in Horde Groupware ...) TODO: check-old CVE-2007-0580 (PHP remote file inclusion vulnerability in menu.php in Foro Domus 2.10 ...) TODO: check-old CVE-2007-0581 (PHP remote file inclusion vulnerability in functions.php in EclipseBB ...) TODO: check-old CVE-2007-0582 (SQL injection vulnerability in default.asp in ChernobiLe 1.0 allows ...) TODO: check-old CVE-2007-0583 (Multiple cross-site scripting (XSS) vulnerabilities in HTTP Commander ...) TODO: check-old CVE-2007-0584 (PHP remote file inclusion vulnerability in membres/membreManager.php ...) TODO: check-old CVE-2007-0585 (include/debug.php in Webfwlog 0.92 and earlier, when register_globals ...) TODO: check-old CVE-2007-0586 RESERVED CVE-2007-0587 RESERVED CVE-2007-0588 (The InternalUnpackBits function in Apple QuickDraw, as used by ...) TODO: check-old CVE-2007-0589 (SQL injection vulnerability in Forum Livre 1.0 allows remote attackers ...) TODO: check-old CVE-2007-0590 (Cross-site scripting (XSS) vulnerability in busca2.asp in Forum Livre ...) TODO: check-old CVE-2007-0591 (PHP remote file inclusion vulnerability in configure.php in Vu Le An ...) TODO: check-old CVE-2007-0592 (Cross-site scripting (XSS) vulnerability in EzDatabase 2.1.3 allows ...) TODO: check-old CVE-2007-0593 (Siteman 1.1.11 stores sensitive information under the web root with ...) TODO: check-old CVE-2007-0594 (Siteman 2.0.x2 stores sensitive information under the web root with ...) TODO: check-old CVE-2007-0595 (Cross-site scripting (XSS) vulnerability in search in High 5 Review ...) TODO: check-old CVE-2007-0596 (PHP remote file inclusion vulnerability in index/main.php in Aztek ...) TODO: check-old CVE-2007-0597 (Aztek Forum 4.00 allows remote attackers to obtain sensitive ...) TODO: check-old CVE-2007-0598 (SQL injection vulnerability in forum/load.php in Aztek Forum 4.00 ...) TODO: check-old CVE-2007-0599 (Variable overwrite vulnerability in common/config.php in Aztek Forum ...) TODO: check-old CVE-2007-0600 (SQL injection vulnerability in news_page.asp in Martyn Kilbryde ...) TODO: check-old CVE-2007-0601 (common/safety.php in Aztek Forum 4.00 allows remote attackers to enter ...) TODO: check-old CVE-2007-0602 (Buffer overflow in libvsapi.so in the VSAPI library in Trend Micro ...) TODO: check-old CVE-2007-0603 (PGP Desktop before 9.5.1 does not validate data objects received over ...) TODO: check-old CVE-2007-0604 (Cross-site scripting (XSS) vulnerability in Movable Type (MT) before ...) TODO: check-old CVE-2007-0605 (Cross-site scripting (XSS) vulnerability in picture.php in Advanced ...) TODO: check-old CVE-2007-0606 (w-agora 4.2.1 allows remote attackers to obtain sensitive information ...) TODO: check-old CVE-2007-0607 (W-Agora (Web-Agora) 4.2.1, when register_globals is enabled, stores ...) TODO: check-old CVE-2007-0608 (Advanced Guestbook 2.4.2 allows remote attackers to obtain sensitive ...) TODO: check-old CVE-2007-0609 (Directory traversal vulnerability in Advanced Guestbook 2.4.2 allows ...) TODO: check-old CVE-2007-0610 (Cross-site scripting (XSS) vulnerability in the mailform feature in ...) TODO: check-old CVE-2007-0611 (Multiple cross-site scripting (XSS) vulnerabilities in Free LAN ...) TODO: check-old CVE-2007-0612 (Multiple ActiveX controls in Microsoft Windows 2000, XP, 2003, and ...) TODO: check-old CVE-2007-0613 (The Bonjour functionality in mDNSResponder, iChat 3.1.6, and ...) TODO: check-old CVE-2007-0614 (The Bonjour functionality in mDNSResponder, iChat 3.1.6, and ...) TODO: check-old CVE-2007-0615 (Unspecified vulnerability in Hitachi JP1/HIBUN Advanced Edition ...) TODO: check-old CVE-2007-0616 (Directory traversal vulnerability in zen/template-functions.php in ...) TODO: check-old CVE-2007-0617 (The SpamBlocker.dll ActiveX control in Earthlink TotalAccess is marked ...) TODO: check-old CVE-2007-0618 (Unspecified vulnerability in (1) pop3d, (2) pop3ds, (3) imapd, and (4) ...) TODO: check-old CVE-2007-0619 (chmlib before 0.39 allows user-assisted remote attackers to execute ...) BUG: 163989 CVE-2007-0620 (download.php in FD Script 1.3.2 and earlier allows remote attackers to ...) TODO: check-old CVE-2007-0621 REJECTED TODO: check-old CVE-2007-0622 (Cross-site request forgery (CSRF) vulnerability in MyBB (aka ...) TODO: check-old CVE-2007-0623 (SQL injection vulnerability in index.php in MAXdev MDPro 1.0.76 allows ...) TODO: check-old CVE-2007-0624 (user.php in MAXdev MDPro 1.0.76 allows remote attackers to obtain the ...) TODO: check-old CVE-2007-0625 (nxconfigure.sh in NoMachine NX Server before 2.1.0-18 does not ...) TODO: check-old CVE-2007-0626 (The comment_form_add_preview function in comment.module in Drupal ...) TODO: check-old CVE-2007-0627 (Michael Still gtalkbot before 1.2 places username and password ...) TODO: check-old CVE-2007-0628 (Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System ...) TODO: check-old CVE-2007-0629 (The www_purgeList method in Plain Black WebGUI before 7.3.8 does not ...) TODO: check-old CVE-2007-0630 (Multiple SQL injection vulnerabilities in the generate_csv function in ...) TODO: check-old CVE-2007-0631 (SQL injection vulnerability in index.php in Eclectic Designs ...) TODO: check-old CVE-2007-0632 (SQL injection vulnerability in artreplydelete.asp in ASP EDGE 1.3a and ...) TODO: check-old CVE-2007-0633 (PHP remote file inclusion vulnerability in ...) TODO: check-old CVE-2007-0634 (Unspecified vulnerability in Sun Solaris 10 before 20070130 allows ...) TODO: check-old CVE-2007-0635 (Multiple PHP remote file inclusion vulnerabilities in EncapsCMS 0.3.6 ...) TODO: check-old CVE-2007-0636 (Unspecified vulnerability in inotify before 0.3.5 has unknown impact ...) TODO: check-old CVE-2007-0637 (Directory traversal vulnerability in zd_numer.php in Galeria Zdjec 3.0 ...) TODO: check-old CVE-2007-0638 (show.php in Vlad Alexa Mancini PHPFootball 1.6 allows remote attackers ...) TODO: check-old CVE-2007-0639 (Multiple static code injection vulnerabilities in error.php in GuppY ...) TODO: check-old CVE-2007-0640 (Buffer overflow in ZABBIX before 1.1.5 has unknown impact and attack ...) TODO: check-old CVE-2007-0641 (Buffer overflow in the EnumPrintersA function in dapcnfsd.dll 0.6.4.0 ...) TODO: check-old CVE-2007-0642 (SQL injection vulnerability in tForum 2.00 in the Raymond BERTHOU ...) TODO: check-old CVE-2007-0643 (Stack-based buffer overflow in Bloodshed Dev-C++ 4.9.9.2 allows ...) TODO: check-old CVE-2007-0644 (Format string vulnerability in Apple Safari 2.0.4 (419.3) allows ...) TODO: check-old CVE-2007-0645 (Format string vulnerability in iPhoto 6.0.5 allows remote ...) TODO: check-old CVE-2007-0646 (Format string vulnerability in iMovie HD 6.0.3, and Safari in Apple ...) TODO: check-old CVE-2007-0647 (Format string vulnerability in Help Viewer 3.0.0 allows remote ...) TODO: check-old CVE-2007-0648 (Cisco IOS after 12.3(14)T, 12.3(8)YC1, 12.3(8)YG, and 12.4, with voice ...) TODO: check-old CVE-2007-0649 (Variable overwrite vulnerability in interface/globals.php in OpenEMR ...) TODO: check-old CVE-2007-0650 (Buffer overflow in the open_sty function in mkind.c for makeindex 2.14 ...) BUG: 188172 BUG: 182055 BUG: 170861 CVE-2007-0651 (Multiple cross-site scripting (XSS) vulnerabilities in MailEnable ...) TODO: check-old CVE-2007-0652 (Cross-site request forgery (CSRF) vulnerability in MailEnable Professional ...) TODO: check-old CVE-2007-0653 (Integer overflow in X MultiMedia System (xmms) 1.2.10, and possibly ...) TODO: check-old CVE-2007-0654 (Integer underflow in X MultiMedia System (xmms) 1.2.10 allows ...) TODO: check-old CVE-2007-0655 (The MicroWorld Agent service (MWAGENT.EXE) in MicroWorld Technologies eScan ...) TODO: check-old CVE-2007-0656 (PHP remote file inclusion vulnerability in includes/functions.php in ...) TODO: check-old CVE-2007-0657 (Unspecified vulnerability in Nexuiz 2.2.2 allows remote attackers to ...) TODO: check-old CVE-2007-0658 (The (1) Textimage 4.7.x before 4.7-1.2 and 5.x before 5.x-1.1 module ...) TODO: check-old CVE-2007-0659 (download.php in the MuddyDogPaws FileDownload snippet before 2.5 for ...) TODO: check-old CVE-2007-0660 (Cross-site scripting (XSS) vulnerability in the IFrame module before ...) TODO: check-old CVE-2007-0661 (Intel Enterprise Southbridge 2 Baseboard Management Controller (BMC), ...) TODO: check-old CVE-2007-0662 (PHP remote file inclusion vulnerability in ...) TODO: check-old CVE-2007-0663 (SQL injection vulnerability in index.php in Eclectic Designs ...) TODO: check-old CVE-2007-0664 (thttpd before 2.25b-r6 in Gentoo Linux is started from the system root ...) BUG: 142047 CVE-2007-0665 (Format string vulnerability in the SCP module in Ipswitch WS_FTP 2007 ...) TODO: check-old CVE-2007-0666 (Ipswitch WS_FTP Server 5.04 allows FTP site administrators to execute ...) TODO: check-old CVE-2007-0667 (The redirect function in Form.pm for (1) LedgerSMB before 1.1.5 and ...) TODO: check-old CVE-2007-0668 (The Loopback Filesystem (LOFS) in Sun Solaris 10 allows local users in ...) TODO: check-old CVE-2007-0669 (Unspecified vulnerability in Twiki 4.0.0 through 4.1.0 allows local ...) TODO: check-old CVE-2007-0670 (Buffer overflow in bos.rte.libc in IBM AIX 5.2 and 5.3 allows local ...) TODO: check-old CVE-2007-0671 (Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 ...) TODO: check-old CVE-2007-0672 (LGSERVER.EXE in BrightStor Mobile Backup 4.0 allows remote attackers ...) TODO: check-old CVE-2007-0673 (LGSERVER.EXE in BrightStor ARCserve Backup for Laptops & Desktops ...) TODO: check-old CVE-2007-0674 (Pictures and Videos on Windows Mobile 5.0 and Windows Mobile 2003 and ...) TODO: check-old CVE-2007-0675 (A certain ActiveX control in sapi.dll (aka the Speech API) in Speech ...) TODO: check-old CVE-2007-0676 (SQL injection vulnerability in faq.php in ExoPHPDesk 1.2.1 and earlier ...) TODO: check-old CVE-2007-0677 (PHP remote file inclusion vulnerability in ...) TODO: check-old CVE-2007-0678 (SQL injection vulnerability in windows.asp in Fullaspsite Asp Hosting ...) TODO: check-old CVE-2007-0679 (PHP remote file inclusion vulnerability in lang/leslangues.php in ...) TODO: check-old CVE-2007-0680 (PHP remote file inclusion vulnerability in includes/functions.php in ...) TODO: check-old CVE-2007-0681 (profile.php in ExtCalendar 2 and earlier allows remote attackers to ...) TODO: check-old CVE-2007-0682 (PHP remote file inclusion vulnerability in ...) TODO: check-old CVE-2007-0683 (PHP remote file inclusion vulnerability in includes/functions.php in ...) TODO: check-old CVE-2007-0684 (PHP remote file inclusion vulnerability in portal.php in Cerulean ...) TODO: check-old CVE-2007-0685 (Internet Explorer on Windows Mobile 5.0 and Windows Mobile 2003 and ...) TODO: check-old CVE-2007-0686 (The Intel 2200BG 802.11 Wireless Mini-PCI driver 9.0.3.9 (w29n51.sys) ...) TODO: check-old CVE-2007-0687 (SQL injection vulnerability in i-search.php in Michelle's L2J Dropcalc ...) TODO: check-old CVE-2007-0688 (SQL injection vulnerability in oku.asp in Hunkaray Duyuru Scripti ...) TODO: check-old CVE-2007-0689 (MyBB 1.2.4 allows remote attackers to obtain sensitive information via ...) TODO: check-old CVE-2007-0690 (myEvent 1.6 allows remote attackers to obtain sensitive information ...) TODO: check-old CVE-2007-0691 REJECTED TODO: check-old CVE-2007-0692 (DGNews 2.1 allows remote attackers to obtain sensitive information via ...) TODO: check-old CVE-2007-0693 (SQL injection vulnerability in news.php in DGNews 2.1 allows remote ...) TODO: check-old CVE-2007-0694 (Cross-site scripting (XSS) vulnerability in footer.php in DGNews 2.1 ...) TODO: check-old CVE-2007-0695 (Multiple SQL injection vulnerabilities in Free LAN In(tra|ter)net ...) TODO: check-old CVE-2007-0696 (Cross-site scripting (XSS) vulnerability in error messages in Free LAN ...) TODO: check-old CVE-2007-0697 (index2.php in ACGVannu 1.3 and earlier allows remote attackers to ...) TODO: check-old CVE-2007-0698 (Multiple SQL injection vulnerabilities in ACGVannu 1.3 and earlier ...) TODO: check-old CVE-2007-0699 (PHP remote file inclusion vulnerability in includes/includes.php in ...) TODO: check-old CVE-2007-0700 (Directory traversal vulnerability in index.php in Guernion Sylvain ...) TODO: check-old CVE-2007-0701 (PHP remote file inclusion vulnerability in inc/common.inc.php in ...) TODO: check-old CVE-2007-0702 (Multiple PHP remote file inclusion vulnerabilities in phpEventMan ...) TODO: check-old CVE-2007-0703 (PHP remote file inclusion vulnerability in library/StageLoader.php in ...) TODO: check-old CVE-2007-0704 (PHP remote file inclusion vulnerability in install.php in Somery 0.4.6 ...) TODO: check-old CVE-2007-0705 (Cross-zone scripting vulnerability in Sleipnir 2.49 and earlier, and ...) TODO: check-old CVE-2007-0706 (Cross-zone scripting vulnerability in Darksky RSS bar for Internet ...) TODO: check-old CVE-2007-0707 (Stack-based buffer overflow in GOM Player 2.0.12.3375 allows ...) TODO: check-old CVE-2007-0708 (cmdmon.sys in Comodo Firewall Pro (formerly Comodo Personal Firewall) ...) TODO: check-old CVE-2007-0709 (cmdmon.sys in Comodo Firewall Pro (formerly Comodo Personal Firewall) ...) TODO: check-old CVE-2007-0710 (The Bonjour functionality in iChat in Apple Mac OS X 10.3.9 allows remote ...) TODO: check-old CVE-2007-0711 (Integer overflow in Apple QuickTime before 7.1.5, when installed on ...) TODO: check-old CVE-2007-0712 (Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows ...) TODO: check-old CVE-2007-0713 (Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows ...) TODO: check-old CVE-2007-0714 (Integer overflow in Apple QuickTime before 7.1.5 allows remote ...) TODO: check-old CVE-2007-0715 (Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows ...) TODO: check-old CVE-2007-0716 (Stack-based buffer overflow in Apple QuickTime before 7.1.5 allows ...) TODO: check-old CVE-2007-0717 (Integer overflow in Apple QuickTime before 7.1.5 allows remote ...) TODO: check-old CVE-2007-0718 (Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows ...) TODO: check-old CVE-2007-0719 (Stack-based buffer overflow in Apple Mac OS X 10.3.9 and 10.4 through ...) TODO: check-old CVE-2007-0720 (The CUPS service on multiple platforms allows remote attackers to ...) BUG: 170881 CVE-2007-0721 (Unspecified vulnerability in diskimages-helper in Apple Mac OS X ...) TODO: check-old CVE-2007-0722 (Integer overflow in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 ...) TODO: check-old CVE-2007-0723 (Unspecified vulnerability in the authentication feature for ...) TODO: check-old CVE-2007-0724 (The IOKit HID interface in Apple Mac OS X 10.3.9 and 10.4 through ...) TODO: check-old CVE-2007-0725 (Buffer overflow in the AirPortDriver module for AirPort in Apple Mac ...) TODO: check-old CVE-2007-0726 (The SSH key generation process in OpenSSH in Apple Mac OS X 10.3.9 and ...) TODO: check-old CVE-2007-0727 RESERVED CVE-2007-0728 (Unspecified vulnerability in Apple Mac OS X 10.3.9 and 10.4 through ...) TODO: check-old CVE-2007-0729 (Apple File Protocol (AFP) Client in Apple Mac OS X 10.3.9 through ...) TODO: check-old CVE-2007-0730 (Server Manager (servermgrd) in Apple Mac OS X 10.3.9 and 10.4 through ...) TODO: check-old CVE-2007-0731 (Stack-based buffer overflow in the Apple-specific Samba module (SMB ...) TODO: check-old CVE-2007-0732 (Unspecified vulnerability in the CoreServices daemon in CarbonCore in ...) TODO: check-old CVE-2007-0733 (Unspecified vulnerability in ImageIO in Apple Mac OS X 10.3.9 and 10.4 ...) TODO: check-old CVE-2007-0734 (fsck, as used by the AirPort Disk feature of the AirPort Extreme Base ...) TODO: check-old CVE-2007-0735 (Use-after-free vulnerability in Libinfo in Apple Mac OS X 10.3.9 ...) TODO: check-old CVE-2007-0736 (Integer overflow in the RPC library in Libinfo in Apple Mac OS X ...) TODO: check-old CVE-2007-0737 (The Login Window in Apple Mac OS X 10.3.9 through 10.4.9 does not ...) TODO: check-old CVE-2007-0738 (The Login Window in Apple Mac OS X 10.4 through 10.4.9 does not ...) TODO: check-old CVE-2007-0739 (The Login Window in Apple Mac OS X 10.4 through 10.4.9 displays the ...) TODO: check-old CVE-2007-0740 (Alias Manager in Apple Mac OS X 10.3.9 and 10.4.9 does not display ...) TODO: check-old CVE-2007-0741 (Buffer overflow in natd in network_cmds in Apple Mac OS X 10.3.9 ...) TODO: check-old CVE-2007-0742 (The WebFoundation framework in Apple Mac OS X 10.3.9 and earlier ...) TODO: check-old CVE-2007-0743 (URLMount in Apple Mac OS X 10.3.9 through 10.4.9 passes the username ...) TODO: check-old CVE-2007-0744 (SMB in Apple Mac OS X 10.3.9 through 10.4.9 does not properly clean ...) TODO: check-old CVE-2007-0745 (The Apple Security Update 2007-004 uses an incorrect configuration ...) TODO: check-old CVE-2007-0746 (Heap-based buffer overflow in the VideoConference framework in Apple ...) TODO: check-old CVE-2007-0747 (load_webdav in Apple Mac OS X 10.3.9 through 10.4.9 does not properly ...) TODO: check-old CVE-2007-0748 (Heap-based buffer overflow in Apple Darwin Streaming Proxy, when using ...) TODO: check-old CVE-2007-0749 (Multiple stack-based buffer overflows in the is_command function in ...) TODO: check-old CVE-2007-0750 (Integer overflow in CoreGraphics in Apple Mac OS X 10.4 up to 10.4.9 ...) TODO: check-old CVE-2007-0751 (A cleanup script in crontabs in Apple Mac OS X 10.3.9 and 10.4.9 might ...) TODO: check-old CVE-2007-0752 (The PPP daemon (pppd) in Apple Mac OS X 10.4.8 checks ownership of the ...) TODO: check-old CVE-2007-0753 (Format string vulnerability in the VPN daemon (vpnd) in Apple Mac OS X ...) TODO: check-old CVE-2007-0754 (Heap-based buffer overflow in Apple QuickTime before 7.1.3 allows ...) TODO: check-old CVE-2007-0755 RESERVED CVE-2007-0756 (Chicken of the VNC (cotv) 2.0 allows remote attackers to cause a ...) TODO: check-old CVE-2007-0757 (PHP remote file inclusion vulnerability in index.php in Miguel Nunes ...) TODO: check-old CVE-2007-0758 (PHP remote file inclusion vulnerability in lang.php in PHPProbid 5.24 ...) TODO: check-old CVE-2007-0759 (Multiple SQL injection vulnerabilities in EasyMoblog 0.5.1 allow ...) TODO: check-old CVE-2007-0760 (EQdkp 1.3.1 and earlier authenticates administrative requests by ...) TODO: check-old CVE-2007-0761 (PHP remote file inclusion vulnerability in config.php in phpBB ezBoard ...) TODO: check-old CVE-2007-0762 (PHP remote file inclusion vulnerability in includes/functions.php in ...) TODO: check-old CVE-2007-0763 (Cross-site scripting (XSS) vulnerability in the news comment ...) TODO: check-old CVE-2007-0764 (Unrestricted file upload vulnerability in F3Site 2.1 and earlier ...) TODO: check-old CVE-2007-0765 (SQL injection vulnerability in news.php in dB Masters Curium CMS 1.03 ...) TODO: check-old CVE-2007-0766 (Stack-based buffer overflow in Remotesoft .NET Explorer 2.0.1 allows ...) TODO: check-old CVE-2007-0767 (Cross-site scripting (XSS) vulnerability in the core in Phorum before ...) TODO: check-old CVE-2007-0768 (Multiple cross-site scripting (XSS) vulnerabilities in the Contact ...) TODO: check-old CVE-2007-0769 (** DISPUTED ** ...) TODO: check-old CVE-2007-0770 (Buffer overflow in GraphicsMagick and ImageMagick allows user-assisted ...) TODO: check-old CVE-2007-0771 (The utrace support in Linux kernel 2.6.18, and other versions, allows ...) TODO: check-old CVE-2007-0772 (The Linux kernel 2.6.13 and other versions before 2.6.20.1 allows ...) TODO: check-old CVE-2007-0773 (The Linux kernel before 2.6.9-42.0.8 in Red Hat 4.4 allows local users ...) TODO: check-old CVE-2007-0774 (Stack-based buffer overflow in the map_uri_to_worker function ...) BUG: 169433 CVE-2007-0775 (Multiple unspecified vulnerabilities in the layout engine in Mozilla ...) BUG: 165555 CVE-2007-0776 (Heap-based buffer overflow in the _cairo_pen_init function in Mozilla ...) BUG: 165555 CVE-2007-0777 (The JavaScript engine in Mozilla Firefox before 1.5.0.10 and 2.x ...) BUG: 165555 CVE-2007-0778 (The page cache feature in Mozilla Firefox before 1.5.0.10 and 2.x ...) BUG: 165555 CVE-2007-0779 (GUI overlay vulnerability in Mozilla Firefox 1.5.x before 1.5.0.10 and ...) BUG: 165555 CVE-2007-0780 (browser.js in Mozilla Firefox 1.5.x before 1.5.0.10 and 2.x before ...) BUG: 165555 CVE-2007-0781 RESERVED CVE-2007-0782 RESERVED CVE-2007-0783 RESERVED CVE-2007-0784 (SQL injection vulnerability in login.asp for tPassword in the Raymond ...) TODO: check-old CVE-2007-0785 (PHP remote file inclusion vulnerability in previewtheme.php in ...) TODO: check-old CVE-2007-0786 (SQL injection vulnerability in view.php in Noname Media Photo Galerie ...) TODO: check-old CVE-2007-0787 (PHP remote file inclusion vulnerability in controller.php in Simple ...) TODO: check-old CVE-2007-0788 (Cross-site scripting (XSS) vulnerability in MediaWiki 1.9.x before ...) TODO: check-old CVE-2007-0789 (SQL injection vulnerability in Mambo before 4.5.5 allows remote ...) TODO: check-old CVE-2007-0790 (Heap-based buffer overflow in SmartFTP 2.0.1002 allows remote FTP ...) TODO: check-old CVE-2007-0791 (Cross-site scripting (XSS) vulnerability in Atom feeds in Bugzilla ...) TODO: check-old CVE-2007-0792 (The mod_perl initialization script in Bugzilla 2.23.3 does not set the ...) TODO: check-old CVE-2007-0793 (PHP remote file inclusion vulnerability in inc/common.php in ...) TODO: check-old CVE-2007-0794 (** DISPUTED ** ...) TODO: check-old CVE-2007-0795 (Multiple PHP remote file inclusion vulnerabilities in Wap Portal ...) TODO: check-old CVE-2007-0796 (Blue Coat Systems WinProxy 6.1a and 6.0 r1c, and possibly earlier, ...) TODO: check-old CVE-2007-0797 (PHP remote file inclusion vulnerability in theme/settings.php in ...) TODO: check-old CVE-2007-0798 (Multiple cross-site scripting (XSS) vulnerabilities in Ublog Reload ...) TODO: check-old CVE-2007-0799 (SQL injection vulnerability in badword.asp in Ublog Reload 1.0.5 ...) TODO: check-old CVE-2007-0800 (Cross-zone vulnerability in Mozilla Firefox 1.5.0.9 considers blocked ...) BUG: 165555 CVE-2007-0801 (The nsExternalAppHandler::SetUpTempFile function in Mozilla Firefox ...) BUG: 165555 CVE-2007-0802 (Mozilla Firefox 2.0.0.1 allows remote attackers to bypass the Phishing ...) TODO: check-old CVE-2007-0803 (Multiple buffer overflows in STLport before 5.0.3 allow remote ...) BUG: 165837 CVE-2007-0804 (Directory traversal vulnerability in admin/subpages.php in GGCMS 1.1.0 ...) TODO: check-old CVE-2007-0805 (The ps (/usr/ucb/ps) command on HP Tru64 UNIX 5.1 1885 allows local ...) TODO: check-old CVE-2007-0806 (Les News 2.2 allows remote attackers to bypass authentication and gain ...) TODO: check-old CVE-2007-0807 (Cross-site scripting (XSS) vulnerability in info.php in flashChat ...) TODO: check-old CVE-2007-0808 (PHP remote file inclusion vulnerability in Mina Ajans Script allows ...) TODO: check-old CVE-2007-0809 (PHP remote file inclusion vulnerability in includes/class_template.php ...) TODO: check-old CVE-2007-0810 (PHP remote file inclusion vulnerability in MVCnPHP/BaseView.php in ...) TODO: check-old CVE-2007-0811 (Microsoft Internet Explorer 6.0 SP1 on Windows 2000, and 6.0 SP2 on ...) TODO: check-old CVE-2007-0812 (SQL injection vulnerability in pms.php in Woltlab Burning Board (wBB) ...) TODO: check-old CVE-2007-0813 (Cross-site scripting (XSS) vulnerability in Home production ...) TODO: check-old CVE-2007-0814 (Multiple cross-site scripting (XSS) vulnerabilities in Adrenalin's ASP ...) TODO: check-old CVE-2007-0815 (Cross-site scripting (XSS) vulnerability in images_archive.asp in ...) TODO: check-old CVE-2007-0816 (The RPC Server service (catirpc.exe) in CA (formerly Computer ...) TODO: check-old CVE-2007-0817 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion web ...) TODO: check-old CVE-2007-0818 REJECTED TODO: check-old CVE-2007-0819 (HP Network Node Manager (NNM) Remote Console 7.50, 7.51, and 7.53 ...) TODO: check-old CVE-2007-0820 (Multiple PHP remote file inclusion vulnerabilities in Cedric CLAIRE ...) TODO: check-old CVE-2007-0821 (Multiple directory traversal vulnerabilities in Cedric CLAIRE ...) TODO: check-old CVE-2007-0822 (umount, when running with the Linux 2.6.15 kernel on Slackware Linux ...) TODO: check-old CVE-2007-0823 (xterm on Slackware Linux 10.2 stores information that had been ...) TODO: check-old CVE-2007-0824 (PHP remote file inclusion vulnerability in inhalt.php in LightRO CMS ...) TODO: check-old CVE-2007-0825 (FlashFXP 3.4.0 build 1145 allows remote servers to cause a denial of ...) TODO: check-old CVE-2007-0826 (SQL injection vulnerability in forum.asp in Kisisel Site 2007 allows ...) TODO: check-old CVE-2007-0827 (The Alibaba Alipay PTA Module ActiveX control (PTA.DLL) allows remote ...) TODO: check-old CVE-2007-0828 (PHP remote file inclusion vulnerability in affichearticles.php3 in ...) TODO: check-old CVE-2007-0829 (avast! Server Edition before 4.7.726 does not demand a password in a ...) TODO: check-old CVE-2007-0830 (** DISPUTED ** ...) TODO: check-old CVE-2007-0831 (** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in ...) TODO: check-old CVE-2007-0832 (VMware Workstation 5.5.3 34685 does not immediately change the ...) TODO: check-old CVE-2007-0833 (VMware Workstation 5.5.3 34685, when the "Enable copy and paste to and ...) TODO: check-old CVE-2007-0834 (Cross-site scripting (XSS) vulnerability in FlashChat 4.7.8 allows ...) TODO: check-old CVE-2007-0835 (admin.php in Coppermine Photo Gallery 1.4.10, and possibly earlier, ...) TODO: check-old CVE-2007-0836 (admin.php in Coppermine Photo Gallery 1.4.10, and possibly earlier, ...) TODO: check-old CVE-2007-0837 (PHP remote file inclusion vulnerability in examples/inc/top.inc.php in ...) TODO: check-old CVE-2007-0838 (FreeProxy before 3.92 Build 1626 allows malicious users to cause a ...) TODO: check-old CVE-2007-0839 (Multiple PHP remote file inclusion vulnerabilities in ...) TODO: check-old CVE-2007-0840 (Cross-site scripting (XSS) vulnerability in HLstats before 1.35 allows ...) TODO: check-old CVE-2007-0841 (Multiple unspecified vulnerabilities in vbDrupal before 4.7.6.0 have ...) TODO: check-old CVE-2007-0842 (The 64-bit versions of Microsoft Visual C++ 8.0 standard library ...) TODO: check-old CVE-2007-0843 (The ReadDirectoryChangesW API function on Microsoft Windows 2000, XP, ...) TODO: check-old CVE-2007-0844 (The auth_via_key function in pam_ssh.c in pam_ssh before 1.92, when ...) TODO: check-old CVE-2007-0845 (admin/index.php in Advanced Poll 2.0.0 through 2.0.5-dev allows remote ...) TODO: check-old CVE-2007-0846 (Cross-site scripting (XSS) vulnerability in forum.php in Open Tibia ...) TODO: check-old CVE-2007-0847 (SQL injection vulnerability in mod/PM/reply.php in Open Tibia Server ...) TODO: check-old CVE-2007-0848 (PHP remote file inclusion vulnerability in classes/class_mail.inc.php ...) TODO: check-old CVE-2007-0849 (scripts/cronscript.php in SysCP 1.2.15 and earlier does not properly ...) TODO: check-old CVE-2007-0850 (scripts/cronscript.php in SysCP 1.2.15 and earlier includes and ...) TODO: check-old CVE-2007-0851 (Buffer overflow in the Trend Micro Scan Engine 8.000 and 8.300 before ...) TODO: check-old CVE-2007-0852 (Cross-site scripting (XSS) vulnerability in DevTrack 6.x allows remote ...) TODO: check-old CVE-2007-0853 (SQL injection vulnerability in DevTrack 6.0.3 allows remote attackers ...) TODO: check-old CVE-2007-0854 (Remote file inclusion vulnerability in scripts2/objcache in cPanel ...) TODO: check-old CVE-2007-0855 (Stack-based buffer overflow in RARLabs Unrar, as packaged in WinRAR ...) BUG: 166440 CVE-2007-0856 (TmComm.sys 1.5.0.1052 in the Trend Micro Anti-Rootkit Common Module ...) TODO: check-old CVE-2007-0857 (Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin before ...) TODO: check-old CVE-2007-0858 RESERVED CVE-2007-0859 (The Find feature in Palm OS Treo smart phones operates despite the ...) TODO: check-old CVE-2007-0860 (** DISPUTED ** ...) TODO: check-old CVE-2007-0861 (** DISPUTED ** ...) TODO: check-old CVE-2007-0862 (** DISPUTED ** ...) TODO: check-old CVE-2007-0863 (** DISPUTED ** ...) TODO: check-old CVE-2007-0864 (SQL injection vulnerability in register.php in LushiWarPlaner 1.0 ...) TODO: check-old CVE-2007-0865 (SQL injection vulnerability in comments.php in LushiNews 1.01 and ...) TODO: check-old CVE-2007-0866 (Unspecified vulnerability in HP OpenView Storage Data Protector on ...) TODO: check-old CVE-2007-0867 (PHP remote file inclusion vulnerability in classes/menu.php in ...) TODO: check-old CVE-2007-0868 (Unspecified vulnerability in the Chat Room functionality in Yahoo! ...) TODO: check-old CVE-2007-0869 (Cross-site scripting (XSS) vulnerability in the Attachment Manager ...) TODO: check-old CVE-2007-0870 (Unspecified vulnerability in Microsoft Word 2000 allows remote ...) TODO: check-old CVE-2007-0871 (Unrestricted file upload vulnerability in eXtremePow eXtreme File ...) TODO: check-old CVE-2007-0872 (Directory traversal vulnerability in the Plain Old Webserver (POW) ...) TODO: check-old CVE-2007-0873 (nabopoll 1.1.2 allows remote attackers to bypass authentication and ...) TODO: check-old CVE-2007-0874 (Allons_voter 1.0 allows remote attackers to bypass authentication and ...) TODO: check-old CVE-2007-0875 (** DISPUTED ** ...) TODO: check-old CVE-2007-0876 (Cross-site scripting (XSS) vulnerability in Quick Digital Image ...) TODO: check-old CVE-2007-0877 (Unspecified vulnerability in March Networks DVR 3000 and 4000 Digital ...) TODO: check-old CVE-2007-0878 (Unspecified vulnerability in Microsoft Internet Explorer on Windows ...) TODO: check-old CVE-2007-0879 (Buffer overflow in SmidgeonSoft PEBrowse Professional 8.2.1.0 allows ...) TODO: check-old CVE-2007-0880 (Capital Request Forms stores sensitive information under the web root ...) TODO: check-old CVE-2007-0881 (PHP remote file inclusion vulnerability in the Seitenschutz plugin for ...) TODO: check-old CVE-2007-0882 (Argument injection vulnerability in the telnet daemon (in.telnetd) in ...) TODO: check-old CVE-2007-0883 (Directory traversal vulnerability in ...) TODO: check-old CVE-2007-0884 (Buffer overflow in Roaring Penguin MIMEDefang 2.59 and 2.60 allows ...) TODO: check-old CVE-2007-0885 (Cross-site scripting (XSS) vulnerability in ...) TODO: check-old CVE-2007-0886 (Heap-based buffer underflow in axigen 1.2.6 through 2.0.0b1 allows ...) TODO: check-old CVE-2007-0887 (axigen 1.2.6 through 2.0.0b1 does not properly parse login ...) TODO: check-old CVE-2007-0888 (Directory traversal vulnerability in the TFTP server in Kiwi CatTools ...) TODO: check-old CVE-2007-0889 (Kiwi CatTools before 3.2.0 beta uses weak encryption ("reversible ...) TODO: check-old CVE-2007-0890 (Cross-site scripting (XSS) vulnerability in scripts/passwdmysql in ...) TODO: check-old CVE-2007-0891 (Cross-site scripting (XSS) vulnerability in the GetCurrentCompletePath ...) TODO: check-old CVE-2007-0892 (CRLF injection vulnerability in phpMyVisites before 2.2 allows remote ...) TODO: check-old CVE-2007-0893 (Directory traversal vulnerability in phpMyVisites before 2.2 allows ...) TODO: check-old CVE-2007-0894 (MediaWiki before 1.9.2 allows remote attackers to obtain sensitive ...) TODO: check-old CVE-2007-0895 (Race condition in recursive directory deletion with the (1) -r or (2) ...) TODO: check-old CVE-2007-0896 (Cross-site scripting (XSS) vulnerability in the (1) Sage before ...) TODO: check-old CVE-2007-0897 (Clam AntiVirus ClamAV before 0.90 does not close open file descriptors under ...) BUG: 167201 CVE-2007-0898 (Directory traversal vulnerability in clamd in Clam AntiVirus ClamAV before ...) BUG: 167201 CVE-2007-0899 RESERVED CVE-2007-0900 (Multiple PHP remote file inclusion vulnerabilities in TagIt! Tagboard ...) TODO: check-old CVE-2007-0901 (Multiple cross-site scripting (XSS) vulnerabilities in Info pages in ...) TODO: check-old CVE-2007-0902 (Unspecified vulnerability in the "Show debugging information" feature ...) TODO: check-old CVE-2007-0903 (Unspecified vulnerability in the mod_roster_odbc module in ejabberd ...) TODO: check-old CVE-2007-0904 (SQL injection vulnerability in projects.php in LightRO CMS 1.0 allows ...) TODO: check-old CVE-2007-0905 (PHP before 5.2.1 allows attackers to bypass safe_mode and open_basedir ...) TODO: check-old CVE-2007-0906 (Multiple buffer overflows in PHP before 5.2.1 allow attackers to cause ...) BUG: 153911 CVE-2007-0907 (Buffer underflow in PHP before 5.2.1 allows attackers to cause a ...) BUG: 153911 CVE-2007-0908 (The WDDX deserializer in the wddx extension in PHP 5 before 5.2.1 and ...) BUG: 153911 CVE-2007-0909 (Multiple format string vulnerabilities in PHP before 5.2.1 might allow ...) BUG: 153911 CVE-2007-0910 (Unspecified vulnerability in PHP before 5.2.1 allows attackers to ...) BUG: 153911 CVE-2007-0911 (Off-by-one error in the str_ireplace function in PHP 5.2.1 might allow ...) BUG: 153911 CVE-2007-0912 (Cross-Site Request Forgery (CSRF) vulnerability in admin/admin.adm.php ...) TODO: check-old CVE-2007-0913 (Unspecified vulnerability in Microsoft Powerpoint allows remote ...) TODO: check-old CVE-2007-0914 (Race condition in the TCP subsystem for Solaris 10 allows remote ...) TODO: check-old CVE-2007-0915 (Distributed SLS daemon (SLSd) on HP-UX B.11.11 allows remote attackers ...) TODO: check-old CVE-2007-0916 (Unspecified vulnerability in the Address and Routing Parameter Area ...) TODO: check-old CVE-2007-0917 (The Intrusion Prevention System (IPS) feature for Cisco IOS 12.4XE to ...) TODO: check-old CVE-2007-0918 (The ATOMIC.TCP signature engine in the Intrusion Prevention System ...) TODO: check-old CVE-2007-0919 (Directory traversal vulnerability in Nickolas Grigoriadis Mini Web ...) TODO: check-old CVE-2007-0920 (SQL injection vulnerability in philboard_forum.asp in Philboard 1.14 ...) TODO: check-old CVE-2007-0921 (Portal Search allows remote attackers to redirect a URL to an ...) TODO: check-old CVE-2007-0922 (Cross-site scripting (XSS) vulnerability in buscador/buscador.htm in ...) TODO: check-old CVE-2007-0923 (buscador/buscador.htm in Portal Search allows remote attackers to ...) TODO: check-old CVE-2007-0924 (Till Gerken phpPolls 1.0.3 allows remote attackers to bypass ...) TODO: check-old CVE-2007-0925 (Cross-site scripting (XSS) vulnerability in search/SearchResults.aspx ...) TODO: check-old CVE-2007-0926 (The dologin function in guestbook.php in KvGuestbook 1.0 Beta allows ...) TODO: check-old CVE-2007-0927 (Heap-based buffer overflow in uTorrent 1.6 allows remote attackers to ...) TODO: check-old CVE-2007-0928 (Virtual Calendar stores sensitive information under the web root with ...) TODO: check-old CVE-2007-0929 (Directory traversal vulnerability in php rrd browser before 0.2.1 ...) TODO: check-old CVE-2007-0930 (Variable extract vulnerability in Apache Stats before 0.0.3beta allows ...) TODO: check-old CVE-2007-0931 (Heap-based buffer overflow in the management interfaces in (1) Aruba ...) TODO: check-old CVE-2007-0932 (The (1) Aruba Mobility Controllers 200, 600, 2400, and 6000 and (2) ...) TODO: check-old CVE-2007-0933 (Buffer overflow in the wireless driver 6.0.0.18 for D-Link DWL-G650+ ...) TODO: check-old CVE-2007-0934 (Unspecified vulnerability in Microsoft Visio 2002 allows remote ...) TODO: check-old CVE-2007-0935 RESERVED CVE-2007-0936 (Multiple unspecified vulnerabilities in Microsoft Visio 2002 allow ...) TODO: check-old CVE-2007-0937 RESERVED CVE-2007-0938 (Microsoft Content Management Server (MCMS) 2001 SP1 and 2002 SP2 does ...) TODO: check-old CVE-2007-0939 (Cross-site scripting (XSS) vulnerability in Microsoft Content ...) TODO: check-old CVE-2007-0940 (Unspecified vulnerability in the Cryptographic API Component Object ...) TODO: check-old CVE-2007-0941 RESERVED CVE-2007-0942 (Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on ...) TODO: check-old CVE-2007-0943 (Unspecified vulnerability in Internet Explorer 5.01 and 6 SP1 allows ...) TODO: check-old CVE-2007-0944 (Unspecified vulnerability in the CTableCol::OnPropertyChange method in ...) TODO: check-old CVE-2007-0945 (Microsoft Internet Explorer 6 SP1 on Windows 2000 SP4; 6 and 7 on ...) TODO: check-old CVE-2007-0946 (Unspecified vulnerability in Microsoft Internet Explorer 7 on Windows ...) TODO: check-old CVE-2007-0947 (Use-after-free vulnerability in Microsoft Internet Explorer 7 on ...) TODO: check-old CVE-2007-0948 (Heap-based buffer overflow in Microsoft Virtual PC 2004 and PC for Mac ...) TODO: check-old CVE-2007-0949 (Stack-based buffer overflow in iTinySoft Studio Total Video Player ...) TODO: check-old CVE-2007-0950 (Cross-site scripting (XSS) vulnerability in listmain.asp in ...) TODO: check-old CVE-2007-0951 (SQL injection vulnerability in listmain.asp in Fullaspsite ASP Hosting ...) TODO: check-old CVE-2007-0952 (Multiple cross-site scripting (XSS) vulnerabilities in Scriptsez.net ...) TODO: check-old CVE-2007-0953 (Cross-site scripting (XSS) vulnerability in search.pl in @Mail 4.61 ...) TODO: check-old CVE-2007-0954 (MOHA Chat 0.1b7 and earlier does not require authentication for use of ...) TODO: check-old CVE-2007-0955 (The NTLM_UnPack_Type3 function in MENTLM.dll in MailEnable ...) TODO: check-old CVE-2007-0956 (The telnet daemon (telnetd) in MIT krb5 before 1.6.1 allows remote ...) BUG: 171889 CVE-2007-0957 (Stack-based buffer overflow in the krb5_klog_syslog function in the ...) BUG: 171889 CVE-2007-0958 (Linux kernel 2.6.x before 2.6.20 allows local users to read unreadable ...) TODO: check-old CVE-2007-0959 (Cisco PIX 500 and ASA 5500 Series Security Appliances 7.2.2, when ...) TODO: check-old CVE-2007-0960 (Unspecified vulnerability in Cisco PIX 500 and ASA 5500 Series ...) TODO: check-old CVE-2007-0961 (Cisco PIX 500 and ASA 5500 Series Security Appliances 6.x before ...) TODO: check-old CVE-2007-0962 (Cisco PIX 500 and ASA 5500 Series Security Appliances 7.0 before ...) TODO: check-old CVE-2007-0963 (Unspecified vulnerability in Cisco Firewall Services Module (FWSM) 3.x ...) TODO: check-old CVE-2007-0964 (Cisco FWSM 3.x before 3.1(3.18), when authentication is configured to ...) TODO: check-old CVE-2007-0965 (Cisco FWSM 3.x before 3.1(3.2), when authentication is configured to ...) TODO: check-old CVE-2007-0966 (Cisco Firewall Services Module (FWSM) 3.x before 3.1(3.11), when the ...) TODO: check-old CVE-2007-0967 (Cisco Firewall Services Module (FWSM) 3.x before 3.1(3.1) allows ...) TODO: check-old CVE-2007-0968 (Unspecified vulnerability in Cisco Firewall Services Module (FWSM) ...) TODO: check-old CVE-2007-0969 (Multiple cross-site scripting (XSS) vulnerabilities in WebTester ...) TODO: check-old CVE-2007-0970 (Multiple SQL injection vulnerabilities in WebTester 5.0.20060927 and ...) TODO: check-old CVE-2007-0971 (Multiple SQL injection vulnerabilities in Jupiter CMS 1.1.5 allow ...) TODO: check-old CVE-2007-0972 (Unrestricted file upload vulnerability in modules/emoticons.php in ...) TODO: check-old CVE-2007-0973 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) TODO: check-old CVE-2007-0974 (Multiple unspecified vulnerabilities in Ian Bezanson DropBox before ...) TODO: check-old CVE-2007-0975 (Variable extraction vulnerability in Ian Bezanson Apache Stats before ...) TODO: check-old CVE-2007-0976 (Buffer overflow in the ActSoft DVD-Tools ActiveX control ...) TODO: check-old CVE-2007-0977 (IBM Lotus Domino R5 and R6 WebMail, with "Generate HTML for all ...) TODO: check-old CVE-2007-0978 (Buffer overflow in swcons in IBM AIX 5.3 allows local users to gain ...) TODO: check-old CVE-2007-0979 (Unspecified vulnerability in LifeType before 1.1.6, and 1.2 before ...) TODO: check-old CVE-2007-0980 (Unspecified vulnerability in HP Serviceguard for Linux; packaged for ...) TODO: check-old CVE-2007-0981 (Mozilla based browsers, including Firefox before 1.5.0.10 and 2.x ...) BUG: 165555 CVE-2007-0982 (Cross-site scripting (XSS) vulnerability in error.php in TaskFreak! ...) TODO: check-old CVE-2007-0983 (PHP remote file inclusion vulnerability in _admin/nav.php in AT ...) TODO: check-old CVE-2007-0984 (SQL injection vulnerability in admin_poll.asp in PollMentor 2.0 allows ...) TODO: check-old CVE-2007-0985 (SQL injection vulnerability in nickpage.php in phpCC 4.2 beta and ...) TODO: check-old CVE-2007-0986 (PHP remote file inclusion vulnerability in index.php in Jupiter CMS ...) TODO: check-old CVE-2007-0987 (Directory traversal vulnerability in index.php in Jupiter CMS 1.1.5 ...) TODO: check-old CVE-2007-0988 (The zend_hash_init function in PHP 5 before 5.2.1 and PHP 4 before ...) BUG: 153911 CVE-2007-0989 RESERVED CVE-2007-0990 RESERVED CVE-2007-0991 RESERVED CVE-2007-0992 RESERVED CVE-2007-0993 REJECTED TODO: check-old CVE-2007-0994 (A regression error in Mozilla Firefox 2.x before 2.0.0.2 and 1.x ...) TODO: check-old CVE-2007-0995 (Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey ...) BUG: 165555 CVE-2007-0996 (The child frames in Mozilla Firefox before 1.5.0.10 and 2.x before ...) TODO: check-old CVE-2007-0997 (Race condition in the tee (sys_tee) system call in the Linux kernel ...) TODO: check-old CVE-2007-0998 (The VNC server implementation in QEMU, as used by Xen and possibly ...) TODO: check-old CVE-2007-0999 (Format string vulnerability in Ekiga 2.0.3, and probably other ...) TODO: check-old CVE-2007-1000 (The ipv6_getsockopt_sticky function in net/ipv6/ipv6_sockglue.c in the ...) TODO: check-old CVE-2007-1001 (Multiple integer overflows in the (1) createwbmp and (2) readwbmp ...) BUG: 169372 CVE-2007-1002 (Format string vulnerability in the write_html function in ...) BUG: 170879 CVE-2007-1003 (Integer overflow in ALLOCATE_LOCAL in the ProcXCMiscGetXIDList ...) BUG: 174200 BUG: 172575 CVE-2007-1004 (Mozilla Firefox might allow remote attackers to conduct spoofing and ...) TODO: check-old CVE-2007-1005 (Heap-based buffer overflow in SW3eng.exe in the eID Engine service in ...) TODO: check-old CVE-2007-1006 (Multiple format string vulnerabilities in the ...) BUG: 167643 CVE-2007-1007 (Format string vulnerability in GnomeMeeting 1.0.2 and earlier allows ...) TODO: check-old CVE-2007-1008 (Apple iTunes 7.0.2 allows user-assisted remote attackers to cause a ...) TODO: check-old CVE-2007-1009 (Macrovision InstallAnywhere Enterprise before 8.0.1 uses the ...) TODO: check-old CVE-2007-1010 (Multiple PHP remote file inclusion vulnerabilities in ZebraFeeds 1.0, ...) TODO: check-old CVE-2007-1011 (PHP remote file inclusion vulnerability in functions_inc.php in ...) TODO: check-old CVE-2007-1012 (Cross-site scripting (XSS) vulnerability in faq.php in DeskPRO 1.1.0 ...) TODO: check-old CVE-2007-1013 (PHP remote file inclusion vulnerability in generate.php in ...) TODO: check-old CVE-2007-1014 (Stack-based buffer overflow in VicFTPS before 5.0 allows remote ...) TODO: check-old CVE-2007-1015 (SQL injection vulnerability in HaberDetay.asp in Aktueldownload Haber ...) TODO: check-old CVE-2007-1016 (SQL injection vulnerability in Aktueldownload Haber script allows ...) TODO: check-old CVE-2007-1017 (PHP remote file inclusion vulnerability in show_news_inc.php in ...) TODO: check-old CVE-2007-1018 (PHP remote file inclusion vulnerability in tpl/header.php in ...) TODO: check-old CVE-2007-1019 (SQL injection vulnerability in news.php in webSPELL 4.01.02, when ...) TODO: check-old CVE-2007-1020 (Cross-site scripting (XSS) vulnerability in index.php in CedStat 1.31 ...) TODO: check-old CVE-2007-1021 (SQL injection vulnerability in inc_listnews.asp in CodeAvalanche News ...) TODO: check-old CVE-2007-1022 (SQL injection vulnerability in h_goster.asp in Turuncu Portal 1.0 ...) TODO: check-old CVE-2007-1023 (SQL injection vulnerability in pop_profile.asp in Snitz Forums 2000 ...) TODO: check-old CVE-2007-1024 (PHP remote file inclusion vulnerability in include.php in Meganoide's ...) TODO: check-old CVE-2007-1025 (PHP remote file inclusion vulnerability in inc/functions_inc.php in ...) TODO: check-old CVE-2007-1026 (SQL injection vulnerability in view.php in XLAtunes 0.1 and earlier ...) TODO: check-old CVE-2007-1027 (Certain setuid DB2 binaries in IBM DB2 before 9 Fix Pack 2 for Linux ...) TODO: check-old CVE-2007-1028 (Cross-site scripting (XSS) vulnerability in the Barry Jaspan Image ...) TODO: check-old CVE-2007-1029 (Stack-based buffer overflow in the Connect method in the IMAP4 ...) TODO: check-old CVE-2007-1030 (Niels Provos libevent 1.2 and 1.2a allows remote attackers to cause a ...) TODO: check-old CVE-2007-1031 (Directory traversal vulnerability in include/db_conn.php in SpoonLabs ...) TODO: check-old CVE-2007-1032 (Unspecified vulnerability in phpMyFAQ 1.6.9 and earlier, when ...) TODO: check-old CVE-2007-1033 (Unspecified vulnerability in the Secure site 4.7.x-1.x-dev and ...) TODO: check-old CVE-2007-1034 (SQL injection vulnerability in the category file in modules.php in the ...) TODO: check-old CVE-2007-1035 (Unspecified vulnerability in certain demonstration scripts in getID3 ...) TODO: check-old CVE-2007-1036 (The default configuration of JBoss does not restrict access to the (1) ...) TODO: check-old CVE-2007-1037 (Stack-based buffer overflow in News File Grabber 4.1.0.1 and earlier ...) TODO: check-old CVE-2007-1038 (Shemes.com Grabit 1.5.3, and possibly earlier, allows remote attackers ...) TODO: check-old CVE-2007-1039 (Unspecified vulnerability in Peanut Knowledge Base (PeanutKB) 0.0.3 ...) TODO: check-old CVE-2007-1040 (Directory traversal vulnerability in archives.php in Xpression News ...) TODO: check-old CVE-2007-1041 (Multiple stack-based buffer overflows in S&H Computer Systems News ...) TODO: check-old CVE-2007-1042 (Directory traversal vulnerability in news.php in Xpression News ...) TODO: check-old CVE-2007-1043 (Ezboo webstats, possibly 3.0.3, allows remote attackers to bypass ...) TODO: check-old CVE-2007-1044 (Pearson Education PowerSchool 4.3.6 allows remote attackers to list ...) TODO: check-old CVE-2007-1045 (mAlbum 0.3 has default accounts (1) "login"/"pass" for its ...) TODO: check-old CVE-2007-1046 (Dem_trac allows remote attackers to read log file contents via a ...) TODO: check-old CVE-2007-1047 (Unspecified vulnerability in Distributed Checksum Clearinghouse (DCC) ...) TODO: check-old CVE-2007-1048 (PHP remote file inclusion vulnerability in admin_rebuild_search.php in ...) TODO: check-old CVE-2007-1049 (Cross-site scripting (XSS) vulnerability in the wp_explain_nonce ...) BUG: 168529 CVE-2007-1050 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) TODO: check-old CVE-2007-1051 (Comodo Firewall Pro (formerly Comodo Personal Firewall) 2.4.17.183 and ...) TODO: check-old CVE-2007-1052 (** DISPUTED ** ...) TODO: check-old CVE-2007-1053 (** DISPUTED ** ...) TODO: check-old CVE-2007-1054 (Cross-site scripting (XSS) vulnerability in the AJAX features in ...) TODO: check-old CVE-2007-1055 (Cross-site scripting (XSS) vulnerability in the AJAX features in ...) TODO: check-old CVE-2007-1056 (VMware Workstation 5.5.3 build 34685 does not provide per-user ...) TODO: check-old CVE-2007-1057 (The Net Direct client for Linux before 6.0.5 in Nortel Application ...) TODO: check-old CVE-2007-1058 (SQL injection vulnerability in user_pages/page.asp in Online Web ...) TODO: check-old CVE-2007-1059 (PHP remote file inclusion vulnerability in function.php in Ultimate ...) TODO: check-old CVE-2007-1060 (Multiple PHP remote file inclusion vulnerabilities in Interspire ...) TODO: check-old CVE-2007-1061 (SQL injection vulnerability in index.php in Francisco Burzi PHP-Nuke ...) TODO: check-old CVE-2007-1062 (The Cisco Unified IP Conference Station 7935 3.2(15) and earlier, and ...) TODO: check-old CVE-2007-1063 (The SSH server in Cisco Unified IP Phone 7906G, 7911G, 7941G, 7961G, ...) TODO: check-old CVE-2007-1064 (Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, ...) TODO: check-old CVE-2007-1065 (Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, ...) TODO: check-old CVE-2007-1066 (Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, ...) TODO: check-old CVE-2007-1067 (Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, ...) TODO: check-old CVE-2007-1068 (The (1) TTLS CHAP, (2) TTLS MSCHAP, (3) TTLS MSCHAPv2, (4) TTLS PAP, ...) TODO: check-old CVE-2007-1069 (The memory management in VMware Workstation before 5.5.4 allows ...) TODO: check-old CVE-2007-1070 (Multiple stack-based buffer overflows in Trend Micro ServerProtect for ...) TODO: check-old CVE-2007-1071 (Integer overflow in the gifGetBandProc function in ImageIO in Apple ...) TODO: check-old CVE-2007-1072 (The command line interface (CLI) in Cisco Unified IP Phone 7906G, ...) TODO: check-old CVE-2007-1073 (Static code injection vulnerability in install.php in mcRefer allows ...) TODO: check-old CVE-2007-1074 (Multiple buffer overflows in NewsBin Pro 5.33 and NewsBin Pro 4.x ...) TODO: check-old CVE-2007-1075 (TurboFTP 5.30 Build 572 allows remote servers to cause a denial of ...) TODO: check-old CVE-2007-1076 (Multiple directory traversal vulnerabilities in phpTrafficA 1.4.1, and ...) TODO: check-old CVE-2007-1077 (SQL injection vulnerability in page.asp in Design4Online UserPages2 ...) TODO: check-old CVE-2007-1078 (PHP remote file inclusion vulnerability in index.php in ...) TODO: check-old CVE-2007-1079 (Stack-based buffer overflow in Rhino Software, Inc. FTP Voyager ...) TODO: check-old CVE-2007-1080 (Multiple heap-based buffer overflows in TurboFTP 5.30 Build 572 allow ...) TODO: check-old CVE-2007-1081 (The start function in class.t3lib_formmail.php in TYPO3 before 4.0.5, ...) TODO: check-old CVE-2007-1082 (FTP Explorer 1.0.1 Build 047, and other versions before 1.0.1.52, ...) TODO: check-old CVE-2007-1083 (Buffer overflow in the Configuration Checker (ConfigChk) ActiveX ...) TODO: check-old CVE-2007-1084 (Mozilla Firefox 2.0.0.1 and earlier does not prompt users before ...) TODO: check-old CVE-2007-1085 (Cross-site scripting (XSS) vulnerability in Google Desktop allows ...) TODO: check-old CVE-2007-1086 (Unspecified binaries in IBM DB2 8.x before 8.1 FixPak 15 and 9.1 ...) TODO: check-old CVE-2007-1087 (IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 does not ...) TODO: check-old CVE-2007-1088 (Stack-based buffer overflow in IBM DB2 8.x before 8.1 FixPak 15 and ...) TODO: check-old CVE-2007-1089 (IBM DB2 Universal Database (UDB) 9.1 GA through 9.1 FP1 allows local ...) TODO: check-old CVE-2007-1090 (Microsoft Windows Explorer on Windows XP and 2003 allows remote ...) TODO: check-old CVE-2007-1091 (Microsoft Internet Explorer 7 allows remote attackers to prevent users ...) TODO: check-old CVE-2007-1092 (Mozilla Firefox 1.5.0.9 and 2.0.0.1, and SeaMonkey before 1.0.8 allow ...) TODO: check-old CVE-2007-1093 (Multiple unspecified vulnerabilities in JP1/Cm2/Network Node Manager ...) TODO: check-old CVE-2007-1094 (Microsoft Internet Explorer 7 allows remote attackers to cause a ...) TODO: check-old CVE-2007-1095 (Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 do not ...) BUG: 196480 CVE-2007-1096 (Cross-site scripting (XSS) vulnerability in ps_cart.php in VirtueMart ...) TODO: check-old CVE-2007-1097 (Unrestricted file upload vulnerability in the onAttachFiles function ...) TODO: check-old CVE-2007-1098 (Multiple unspecified vulnerabilities in ScryMUD before 2.1.11 have ...) TODO: check-old CVE-2007-1099 (dbclient in Dropbear SSH client before 0.49 does not sufficiently warn ...) TODO: check-old CVE-2007-1100 (Directory traversal vulnerability in download.php in Ahmet Sacan ...) TODO: check-old CVE-2007-1101 (Multiple cross-site scripting (XSS) vulnerabilities in Photostand ...) TODO: check-old CVE-2007-1102 (Photostand 1.2.0 allows remote attackers to obtain sensitive ...) TODO: check-old CVE-2007-1103 (Tor does not verify a node's uptime and bandwidth advertisements, ...) TODO: check-old CVE-2007-1104 (PHP remote file inclusion vulnerability in top.php in PHP Module ...) TODO: check-old CVE-2007-1105 (PHP remote file inclusion vulnerability in functions.php in Extreme ...) TODO: check-old CVE-2007-1106 (PHP remote file inclusion vulnerability in ...) TODO: check-old CVE-2007-1107 (SQL injection vulnerability in thumbnails.php in Coppermine Photo ...) TODO: check-old CVE-2007-1108 (PHP remote file inclusion vulnerability in index.php in Christian ...) TODO: check-old CVE-2007-1109 (Multiple cross-site scripting (XSS) vulnerabilities in Phpwebgallery ...) TODO: check-old CVE-2007-1110 (Directory traversal vulnerability in data/showcode.php in ...) TODO: check-old CVE-2007-1111 (Multiple cross-site scripting (XSS) vulnerabilities in ActiveCalendar ...) TODO: check-old CVE-2007-1112 (Kaspersky Anti-Virus 6.0 and Internet Security 6.0 exposes unsafe ...) TODO: check-old CVE-2007-1113 RESERVED CVE-2007-1114 (The child frames in Microsoft Internet Explorer 7 inherit the default ...) TODO: check-old CVE-2007-1115 (The child frames in Opera 9 before 9.20 inherit the default charset ...) TODO: check-old CVE-2007-1116 (The CheckLoadURI function in Mozilla Firefox 1.8 lists the about: URI ...) TODO: check-old CVE-2007-1117 (Unspecified vulnerability in Publisher 2007 in Microsoft Office 2007 ...) TODO: check-old CVE-2007-1118 (Multiple PHP remote file inclusion vulnerabilities in eFiction 3.1.1 ...) TODO: check-old CVE-2007-1119 (Unspecified vulnerability in Novell ZENworks 7 Desktop Management ...) TODO: check-old CVE-2007-1120 (The (1) Import.LoadFromURL and (2) Export.asText.SaveToFile functions ...) TODO: check-old CVE-2007-1121 (Multiple SQL injection vulnerabilities in Mathis Dirksen-Thedens ...) TODO: check-old CVE-2007-1122 (Multiple SQL injection vulnerabilities in Mathis Dirksen-Thedens ...) TODO: check-old CVE-2007-1123 (Multiple PHP remote file inclusion vulnerabilities in ZPanel 2.0 allow ...) TODO: check-old CVE-2007-1124 (Directory traversal vulnerability in gallery.php in XeroXer Simple ...) TODO: check-old CVE-2007-1125 (Cross-site scripting (XSS) vulnerability in gallery.php in XeroXer ...) TODO: check-old CVE-2007-1126 (Directory traversal vulnerability in index.php in xtcommerce allows ...) TODO: check-old CVE-2007-1127 (Directory traversal vulnerability in enc/stylecss.php in shopkitplus ...) TODO: check-old CVE-2007-1128 (shopkitplus allows remote attackers to obtain sensitive information ...) TODO: check-old CVE-2007-1129 (Multiple unrestricted file upload vulnerabilities in MTCMS 3.2 allow ...) TODO: check-old CVE-2007-1130 (PHP remote file inclusion vulnerability in sinagb.php in Sinapis ...) TODO: check-old CVE-2007-1131 (PHP remote file inclusion vulnerability in sinapis.php in Sinapis ...) TODO: check-old CVE-2007-1132 (Multiple cross-site scripting (XSS) vulnerabilities in the "Contact ...) TODO: check-old CVE-2007-1133 (PHP remote file inclusion vulnerability in fcring.php in FCRing 1.3 ...) TODO: check-old CVE-2007-1134 (Unspecified vulnerability in Watchtower (WT) before 0.12 has unknown ...) TODO: check-old CVE-2007-1135 (Multiple SQL injection vulnerabilities in WebMplayer before ...) TODO: check-old CVE-2007-1136 (index.php in WebMplayer before 0.6.1-Alpha allows remote attackers to ...) TODO: check-old CVE-2007-1137 (putmail.py in Putmail before 1.4 does not detect when a user attempts ...) TODO: check-old CVE-2007-1138 (Absolute path traversal vulnerability in list_main_pages.php in ...) TODO: check-old CVE-2007-1139 (Unrestricted file upload vulnerability in Cromosoft Simple Plantilla ...) TODO: check-old CVE-2007-1140 (Directory traversal vulnerability in edit.php in pheap allows remote ...) TODO: check-old CVE-2007-1141 (PHP remote file inclusion vulnerability in preview.php in Magic News ...) TODO: check-old CVE-2007-1142 (Cross-site scripting (XSS) vulnerability in Magic News Plus 1.0.2 ...) TODO: check-old CVE-2007-1143 (Directory traversal vulnerability in pn-menu.php in J-Web Pics ...) TODO: check-old CVE-2007-1144 (Directory traversal vulnerability in jwpn-photos.php in J-Web Pics ...) TODO: check-old CVE-2007-1145 (Multiple cross-site scripting (XSS) vulnerabilities in Kayako ...) TODO: check-old CVE-2007-1146 (PHP remote file inclusion vulnerability in function.php in arabhost ...) TODO: check-old CVE-2007-1147 (PHP remote file inclusion vulnerability in view.php in hbm allows ...) TODO: check-old CVE-2007-1148 (PHP remote file inclusion vulnerability in install/index.php in ...) TODO: check-old CVE-2007-1149 (Multiple directory traversal vulnerabilities in LoveCMS 1.4 allow ...) TODO: check-old CVE-2007-1150 (Unrestricted file upload vulnerability in LoveCMS 1.4 allows remote ...) TODO: check-old CVE-2007-1151 (Cross-site scripting (XSS) vulnerability in LoveCMS 1.4 allows remote ...) TODO: check-old CVE-2007-1152 (Multiple directory traversal vulnerabilities in Pyrophobia 2.1.3.1 ...) TODO: check-old CVE-2007-1153 (Multiple PHP remote file inclusion vulnerabilities in CutePHP CuteNews ...) TODO: check-old CVE-2007-1154 (SQL injection vulnerability in webSPELL allows remote attackers to ...) TODO: check-old CVE-2007-1155 (Unrestricted file upload vulnerability in webSPELL allows remote ...) TODO: check-old CVE-2007-1156 (JBrowser allows remote attackers to bypass authentication and access ...) TODO: check-old CVE-2007-1157 (Cross-site request forgery (CSRF) vulnerability in ...) TODO: check-old CVE-2007-1158 (Directory traversal vulnerability in index.php in the Pagesetter 6.2.0 ...) TODO: check-old CVE-2007-1159 (Cross-site scripting (XSS) vulnerability in modules/out.php in ...) TODO: check-old CVE-2007-1160 (webSPELL 4.0, and possibly later versions, allows remote attackers to ...) TODO: check-old CVE-2007-1161 (Cross-site scripting (XSS) vulnerability in call_entry.php in Call ...) TODO: check-old CVE-2007-1162 (A certain ActiveX control in the Common Controls Replacement Project ...) TODO: check-old CVE-2007-1163 (SQL injection vulnerability in printview.php in webSPELL 4.01.02 and ...) TODO: check-old CVE-2007-1164 (Multiple PHP remote file inclusion vulnerabilities in DBImageGallery ...) TODO: check-old CVE-2007-1165 (Multiple PHP remote file inclusion vulnerabilities in DBGuestbook 1.1 ...) TODO: check-old CVE-2007-1166 (SQL injection vulnerability in result.php in Nabopoll 1.2 allows ...) TODO: check-old CVE-2007-1167 (inc/filebrowser/browser.php in deV!L`z Clanportal (DZCP) 1.4.5 and ...) TODO: check-old CVE-2007-1168 (Trend Micro ServerProtect for Linux (SPLX) 1.25, 1.3, and 2.5 before ...) TODO: check-old CVE-2007-1169 (The web interface in Trend Micro ServerProtect for Linux (SPLX) 1.25, ...) TODO: check-old CVE-2007-1170 (SimBin GTR - FIA GT Racing Game 1.5.0.0 and earlier, GT Legends ...) TODO: check-old CVE-2007-1171 (SQL injection vulnerability in includes/nsbypass.php in NukeSentinel ...) TODO: check-old CVE-2007-1172 (SQL injection vulnerability in nukesentinel.php in NukeSentinel ...) TODO: check-old CVE-2007-1173 (Multiple buffer overflows in the CentennialIPTransferServer service ...) TODO: check-old CVE-2007-1174 (Multiple cross-site scripting (XSS) vulnerabilities in WebAPP before ...) TODO: check-old CVE-2007-1175 (Cross-site scripting (XSS) vulnerability in an admin feature in WebAPP ...) TODO: check-old CVE-2007-1176 (Multiple cross-site scripting (XSS) vulnerabilities in WebAPP before ...) TODO: check-old CVE-2007-1177 (WebAPP before 0.9.9.5 does not properly filter certain characters in ...) TODO: check-old CVE-2007-1178 (WebAPP before 0.9.9.5 does not check access in certain contexts ...) TODO: check-old CVE-2007-1179 (WebAPP before 0.9.9.5 does not properly manage e-mail addresses in ...) TODO: check-old CVE-2007-1180 (WebAPP before 0.9.9.5 does not check referrers in certain forms, which ...) TODO: check-old CVE-2007-1181 (WebAPP before 0.9.9.5 passes (1) Unused Informations and (2) the ...) TODO: check-old CVE-2007-1182 (WebAPP before 0.9.9.5 allows remote Guest users to edit a Guest ...) TODO: check-old CVE-2007-1183 (WebAPP before 0.9.9.5 allows remote authenticated users to spoof ...) TODO: check-old CVE-2007-1184 (The default configuration of WebAPP before 0.9.9.5 has a CAPTCHA ...) TODO: check-old CVE-2007-1185 (The (1) Search, (2) Edit Profile, (3) Recommend, and (4) User Approval ...) TODO: check-old CVE-2007-1186 (WebAPP before 0.9.9.5 does not "censor" the Latest Member real name, ...) TODO: check-old CVE-2007-1187 (WebAPP before 0.9.9.5 allows remote authenticated users, without admin ...) TODO: check-old CVE-2007-1188 (WebAPP before 0.9.9.5 allows remote attackers to submit Search form ...) TODO: check-old CVE-2007-1189 (Integer overflow in the envwrite function in the Alcatel-Lucent Bell ...) TODO: check-old CVE-2007-1190 (Unspecified vulnerability in the EmbeddedWB Web Browser ActiveX ...) TODO: check-old CVE-2007-1191 (The Social Bookmarks (del.icio.us) plug-in 8F in Quicksilver writes ...) TODO: check-old CVE-2007-1192 (Thomas R. Pasawicz HyperBook Guestbook 1.30 stores sensitive ...) TODO: check-old CVE-2007-1193 (Multiple unspecified vulnerabilities in the Login page in OrangeHRM ...) TODO: check-old CVE-2007-1194 (Norman SandBox Analyzer does not use the proper range for Interrupt ...) TODO: check-old CVE-2007-1195 (Multiple buffer overflows in XM Easy Personal FTP Server 5.3.0 allow ...) TODO: check-old CVE-2007-1196 (Unspecified vulnerability in Citrix Presentation Server Client for ...) TODO: check-old CVE-2007-1197 (Multiple unspecified vulnerabilities in Epiware before 4.7.5 have ...) TODO: check-old CVE-2007-1198 (Cross-site scripting (XSS) vulnerability in TaskFreak! before 0.5.7 ...) TODO: check-old CVE-2007-1199 (Adobe Reader and Acrobat Trial allow remote attackers to read ...) BUG: 170177 CVE-2007-1200 RESERVED CVE-2007-1201 (Unspecified vulnerability in certain COM objects in Microsoft Office ...) NOT-FOR-US: Microsoft BizTalk Server CVE-2007-1202 (Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, ...) TODO: check-old CVE-2007-1203 (Unspecified vulnerability in Microsoft Excel 2000 SP3, 2002 SP3, 2003 ...) TODO: check-old CVE-2007-1204 (Stack-based buffer overflow in the Universal Plug and Play (UPnP) ...) TODO: check-old CVE-2007-1205 (Unspecified vulnerability in Microsoft Agent (msagent\agentsvr.exe) in ...) TODO: check-old CVE-2007-1206 (The Virtual DOS Machine (VDM) in the Windows Kernel in Microsoft ...) TODO: check-old CVE-2007-1207 RESERVED CVE-2007-1208 RESERVED CVE-2007-1209 (Use-after-free vulnerability in the Client/Server Run-time Subsystem ...) TODO: check-old CVE-2007-1210 RESERVED CVE-2007-1211 (Unspecified kernel GDI functions in Microsoft Windows 2000 SP4; XP ...) TODO: check-old CVE-2007-1212 (Buffer overflow in the Graphics Device Interface (GDI) in Microsoft ...) TODO: check-old CVE-2007-1213 (The TrueType Fonts rasterizer in Microsoft Windows 2000 SP4 allows ...) TODO: check-old CVE-2007-1214 (Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and 2004 ...) TODO: check-old CVE-2007-1215 (Buffer overflow in the Graphics Device Interface (GDI) in Microsoft ...) TODO: check-old CVE-2007-1216 (Double free vulnerability in the GSS-API library ...) BUG: 171889 CVE-2007-1217 (Buffer overflow in the bufprint function in capiutil.c in libcapi, as ...) TODO: check-old CVE-2007-1218 (Off-by-one buffer overflow in the parse_elements function in the ...) TODO: check-old CVE-2007-1219 (PHP remote file inclusion vulnerability in actions/del.php in Admin ...) TODO: check-old CVE-2007-1220 (The Hypervisor in Microsoft Xbox 360 kernel 4532 and 4548 does not ...) TODO: check-old CVE-2007-1221 (The Hypervisor in Microsoft Xbox 360 kernel 4532 and 4548 allows ...) TODO: check-old CVE-2007-1222 (Parallels Desktop for Mac before 20070216 implements Drag and Drop by ...) TODO: check-old CVE-2007-1223 (Unspecified vulnerability in Hitachi OSAS/FT/W before 20070223 allows ...) TODO: check-old CVE-2007-1224 (Grok Developments NetProxy 4.03 allows remote attackers to bypass URL ...) TODO: check-old CVE-2007-1225 (The connection log file implementation in Grok Developments NetProxy ...) TODO: check-old CVE-2007-1226 (McAfee VirusScan for Mac (Virex) before 7.7 patch 1 has weak ...) TODO: check-old CVE-2007-1227 (VShieldCheck in McAfee VirusScan for Mac (Virex) before 7.7 patch 1 ...) TODO: check-old CVE-2007-1228 (IBM DB2 UDB 8.2 before Fixpak 7 (aka fixpack 14), and DB2 9 before Fix ...) TODO: check-old CVE-2007-1229 (Cross-site scripting (XSS) vulnerability in the Nullsoft ...) TODO: check-old CVE-2007-1230 (Multiple cross-site scripting (XSS) vulnerabilities in ...) BUG: 168529 CVE-2007-1231 (Multiple cross-site scripting (XSS) vulnerabilities in SQLiteManager ...) TODO: check-old CVE-2007-1232 (Directory traversal vulnerability in SQLiteManager 1.2.0 allows remote ...) TODO: check-old CVE-2007-1233 (PHP remote file inclusion vulnerability in downloadcounter.php in ...) TODO: check-old CVE-2007-1234 (Multiple cross-site scripting (XSS) vulnerabilities in sitex allow ...) TODO: check-old CVE-2007-1235 (Unrestricted file upload vulnerability in sitex allows remote ...) TODO: check-old CVE-2007-1236 (sitex allows remote attackers to obtain sensitive information via a ...) TODO: check-old CVE-2007-1237 (sitex allows remote attackers to obtain potentially sensitive ...) TODO: check-old CVE-2007-1238 (Microsoft Office 2003 allows user-assisted remote attackers to cause a ...) TODO: check-old CVE-2007-1239 (Microsoft Excel 2003 does not properly parse .XLS files, which allows ...) TODO: check-old CVE-2007-1240 (Multiple cross-site scripting (XSS) vulnerabilities in Docebo CMS ...) TODO: check-old CVE-2007-1241 (Cross-site scripting (XSS) vulnerability in setup.php in Audins ...) TODO: check-old CVE-2007-1242 (SQL injection vulnerability in system/index.php in Audins Audiens 3.3 ...) TODO: check-old CVE-2007-1243 (Audins Audiens 3.3 allows remote attackers to bypass authentication ...) TODO: check-old CVE-2007-1244 (Cross-site request forgery (CSRF) vulnerability in the AdminPanel in ...) BUG: 168529 CVE-2007-1245 (IrfanView 3.99 allows remote attackers to cause a denial of service ...) TODO: check-old CVE-2007-1246 (The DMO_VideoDecoder_Open function in loader/dmo/DMO_VideoDecoder.c in ...) BUG: 168917 BUG: 170208 CVE-2007-1247 (Multiple PHP remote file inclusion vulnerabilities in aWeb Labs ...) TODO: check-old CVE-2007-1248 (Multiple cross-site scripting (XSS) vulnerabilities in built2go News ...) TODO: check-old CVE-2007-1249 (MoveSortedContentAction in C1 Financial Services Contelligent 9.1.4 ...) TODO: check-old CVE-2007-1250 (SQL injection vulnerability in section/default.asp in ANGEL Learning ...) TODO: check-old CVE-2007-1251 (Format string vulnerability in the new_warning function in ...) TODO: check-old CVE-2007-1252 (Buffer overflow in Symantec Mail Security for SMTP 5.0 before Patch ...) TODO: check-old CVE-2007-1253 (Eval injection vulnerability in the (a) kmz_ImportWithMesh.py Script ...) BUG: 168907 CVE-2007-1254 (SQL injection vulnerability in part.userprofile.php in Connectix ...) TODO: check-old CVE-2007-1255 (Unrestricted file upload vulnerability in admin.bbcode.php in ...) TODO: check-old CVE-2007-1256 (Mozilla Firefox 2.0.0.2 allows remote attackers to spoof the address ...) TODO: check-old CVE-2007-1257 (The Network Analysis Module (NAM) in Cisco Catalyst Series 6000, 6500, ...) TODO: check-old CVE-2007-1258 (Unspecified vulnerability in Cisco IOS 12.2SXA, SXB, SXD, and SXF; and ...) TODO: check-old CVE-2007-1259 (Multiple unspecified vulnerabilities in WebAPP before 0.9.9.6 have ...) TODO: check-old CVE-2007-1260 (Stack-based buffer overflow in the connectHandle function in ...) TODO: check-old CVE-2007-1261 (Unspecified vulnerability in the reports system in OpenBiblio before ...) TODO: check-old CVE-2007-1262 (Multiple cross-site scripting (XSS) vulnerabilities in the HTML filter ...) TODO: check-old CVE-2007-1263 (GnuPG 1.4.6 and earlier and GPGME before 1.1.4, when run from the ...) TODO: check-old CVE-2007-1264 (Enigmail 0.94.2 and earlier does not properly use the --status-fd ...) TODO: check-old CVE-2007-1265 (KMail 1.9.5 and earlier does not properly use the --status-fd argument ...) TODO: check-old CVE-2007-1266 (Evolution 2.8.1 and earlier does not properly use the --status-fd ...) TODO: check-old CVE-2007-1267 (Sylpheed 2.2.7 and earlier does not properly use the --status-fd ...) TODO: check-old CVE-2007-1268 (Mutt 1.5.13 and earlier does not properly use the --status-fd argument ...) TODO: check-old CVE-2007-1269 (GNUMail 1.1.2 and earlier does not properly use the --status-fd ...) TODO: check-old CVE-2007-1270 (Double free vulnerability in VMware ESX Server 3.0.0 and 3.0.1 allows ...) TODO: check-old CVE-2007-1271 (Buffer overflow in VMware ESX Server 3.0.0 and 3.0.1 might allow ...) TODO: check-old CVE-2007-1272 RESERVED CVE-2007-1273 (Integer overflow in the ktruser function in NetBSD-current before ...) TODO: check-old CVE-2007-1274 RESERVED CVE-2007-1275 RESERVED CVE-2007-1276 (Multiple cross-site scripting (XSS) vulnerabilities in chooser.cgi in ...) TODO: check-old CVE-2007-1277 (WordPress 2.1.1, as downloaded from some official distribution sites ...) TODO: check-old CVE-2007-1278 (Unspecified vulnerability in the IIS connector in Adobe JRun 4.0 ...) TODO: check-old CVE-2007-1279 (Unspecified vulnerability in the installer for Adobe Bridge 1.0.3 ...) TODO: check-old CVE-2007-1280 (Cross-site scripting (XSS) vulnerability in Adobe RoboHelp X5, 6, and ...) TODO: check-old CVE-2007-1281 (Kaspersky AntiVirus Engine 6.0.1.411 for Windows and 5.5-10 for Linux ...) TODO: check-old CVE-2007-1282 (Integer overflow in Mozilla Thunderbird before 1.5.0.10 and SeaMonkey ...) BUG: 165555 CVE-2007-1283 RESERVED CVE-2007-1284 RESERVED CVE-2007-1285 (The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows ...) BUG: 169372 CVE-2007-1286 (Integer overflow in PHP 4.4.4 and earlier allows remote ...) BUG: 169372 BUG: 153911 CVE-2007-1287 (A regression error in the phpinfo function in PHP 4.4.3 to 4.4.6, and ...) TODO: check-old CVE-2007-1288 (Multiple PHP remote file inclusion vulnerabilities in Webmobo WB News ...) TODO: check-old CVE-2007-1289 (SQL injection vulnerability in ViewBugs.php in Tyger Bug Tracking ...) TODO: check-old CVE-2007-1290 (SQL injection vulnerability in ViewReport.php in Tyger Bug Tracking ...) TODO: check-old CVE-2007-1291 (Multiple cross-site scripting (XSS) vulnerabilities in Tyger Bug ...) TODO: check-old CVE-2007-1292 (SQL injection vulnerability in inlinemod.php in Jelsoft vBulletin ...) TODO: check-old CVE-2007-1293 (SQL injection vulnerability in Rigter Portal System (RPS) 6.2, when ...) TODO: check-old CVE-2007-1294 (A certain ActiveX control in the DivXBrowserPlugin (npdivx32.dll) in ...) TODO: check-old CVE-2007-1295 (SQL injection vulnerability in topic_title.php in AJ Forum 1.0 allows ...) TODO: check-old CVE-2007-1296 (SQL injection vulnerability in postingdetails.php in AJ Classifieds ...) TODO: check-old CVE-2007-1297 (SQL injection vulnerability in view_profile.php in AJDating 1.0 allows ...) TODO: check-old CVE-2007-1298 (SQL injection vulnerability in subcat.php in AJ Auction 1.0 allows ...) TODO: check-old CVE-2007-1299 (PHP remote file inclusion vulnerability in index.php in Mani Stats ...) TODO: check-old CVE-2007-1300 (DOURAN Software Technologies ISPUtil 3.32.84.1, and possibly earlier ...) TODO: check-old CVE-2007-1301 (Stack-based buffer overflow in the IMAP service in MailEnable ...) TODO: check-old CVE-2007-1302 (SQL injection vulnerability in guestbook.php in LI-Guestbook 1.1, when ...) TODO: check-old CVE-2007-1303 (Directory traversal vulnerability in rb.cgi in RRDBrowse 1.6 and ...) TODO: check-old CVE-2007-1304 (Multiple SQL injection vulnerabilities in add2.php in Sava's Guestbook ...) TODO: check-old CVE-2007-1305 (Multiple cross-site scripting (XSS) vulnerabilities in add2.php in ...) TODO: check-old CVE-2007-1306 (Asterisk 1.4 before 1.4.1 and 1.2 before 1.2.16 allows remote ...) BUG: 169616 CVE-2007-1307 (Unspecified vulnerability in Lenovo Intel PRO/1000 LAN adapter before ...) TODO: check-old CVE-2007-1308 (ecma/kjs_html.cpp in KDE JavaScript (KJS), as used in Konqueror in KDE ...) TODO: check-old CVE-2007-1309 (Novell Access Management 3 SSLVPN Server allows remote authenticated ...) TODO: check-old CVE-2007-1310 RESERVED CVE-2007-1311 RESERVED CVE-2007-1312 RESERVED CVE-2007-1313 (NETxAutomation NETxEIB OPC Server before 3.0.1300 does not properly ...) TODO: check-old CVE-2007-1314 RESERVED CVE-2007-1315 RESERVED CVE-2007-1316 RESERVED CVE-2007-1317 RESERVED CVE-2007-1318 RESERVED CVE-2007-1319 (Unspecified vulnerability in the IOPCServer::RemoveGroup function in ...) TODO: check-old CVE-2007-1320 (Multiple heap-based buffer overflows in the cirrus_invalidate_region ...) TODO: check-old CVE-2007-1321 (Integer signedness error in the NE2000 emulator in QEMU 0.8.2, as used ...) BUG: 176674 NOTE: fixed before. CVE-2007-1322 (QEMU 0.8.2 allows local users to halt a virtual machine by executing ...) TODO: check-old CVE-2007-1323 REJECTED CVE-2007-1324 (SnapGear 560, 585, 580, 640, 710, and 720 appliances before the ...) TODO: check-old CVE-2007-1325 (The PMA_ArrayWalkRecursive function in libraries/common.lib.php in ...) TODO: check-old CVE-2007-1326 (SQL injection vulnerability in index.php in Serendipity 1.1.1 allows ...) TODO: check-old CVE-2007-1327 (The SILC_SERVER_CMD_FUNC function in apps/silcd/command.c in ...) TODO: check-old CVE-2007-1328 (Cross-site scripting (XSS) vulnerability in formulaire.php in Bernard ...) TODO: check-old CVE-2007-1329 (Directory traversal vulnerability in SQL-Ledger, and LedgerSMB before ...) TODO: check-old CVE-2007-1330 (Comodo Firewall Pro (CFP) (formerly Comodo Personal Firewall) ...) TODO: check-old CVE-2007-1331 (Multiple cross-site scripting (XSS) vulnerabilities in TKS Banking ...) TODO: check-old CVE-2007-1332 (Multiple cross-site request forgery (CSRF) vulnerabilities in TKS ...) TODO: check-old CVE-2007-1333 RESERVED CVE-2007-1334 RESERVED CVE-2007-1335 RESERVED CVE-2007-1336 RESERVED CVE-2007-1337 (The virtual machine process (VMX) in VMware Workstation before 5.5.4 ...) TODO: check-old CVE-2007-1338 (The default configuration of the AirPort utility in Apple AirPort ...) TODO: check-old CVE-2007-1339 (SQL injection vulnerability in index.php in Links Management ...) TODO: check-old CVE-2007-1340 (PHP remote file inclusion vulnerability in eintrag.php in Weltennetz ...) TODO: check-old CVE-2007-1341 (include/auth/auth.php in Simple Invoices before 2007 03 05 does not ...) TODO: check-old CVE-2007-1342 (Cross-site scripting (XSS) vulnerability in admincp/index.php in ...) TODO: check-old CVE-2007-1343 (includes/functions.php in Craig Knudsen WebCalendar before 1.0.5 does ...) TODO: check-old CVE-2007-1344 (Multiple buffer overflows in src/ezstream.c in Ezstream before 0.3.0 ...) TODO: check-old CVE-2007-1345 (Unspecified vulnerability in cube.exe in the GINA component for CA ...) TODO: check-old CVE-2007-1346 (Unspecified vulnerability in ipmitool for Sun Fire X2100M2 and X2200M2 ...) TODO: check-old CVE-2007-1347 (Microsoft Windows Explorer on Windows 2000 SP4 FR and XP SP2 FR, and ...) TODO: check-old CVE-2007-1348 RESERVED CVE-2007-1349 (PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in ...) BUG: 172676 CVE-2007-1350 (Stack-based buffer overflow in webadmin.exe in Novell NetMail 3.5.2 ...) TODO: check-old CVE-2007-1351 (Integer overflow in the bdfReadCharacters function in bdfread.c in (1) ...) BUG: 174200 BUG: 172575 BUG: 172577 CVE-2007-1352 (Integer overflow in the FontFileInitTable function in X.Org libXfont ...) BUG: 174200 BUG: 172575 CVE-2007-1353 (The setsockopt function in the L2CAP and HCI Bluetooth support in the ...) TODO: check-old CVE-2007-1354 (The Access Control functionality (JMXOpsAccessControlFilter) in JMX ...) TODO: check-old CVE-2007-1355 (Multiple cross-site scripting (XSS) vulnerabilities in the ...) TODO: check-old CVE-2007-1356 REJECTED TODO: check-old CVE-2007-1357 (The atalk_sum_skb function in AppleTalk for Linux kernel 2.6.x before ...) TODO: check-old CVE-2007-1358 (Cross-site scripting (XSS) vulnerability in certain applications using ...) TODO: check-old CVE-2007-1359 (Interpretation conflict in ModSecurity (mod_security) 2.1.0 and ...) BUG: 169778 CVE-2007-1360 (Unspecified vulnerability in the Nodefamily module for Drupal 5.x ...) TODO: check-old CVE-2007-1361 (Cross-site scripting (XSS) vulnerability in virtuemart_parser.php in ...) TODO: check-old CVE-2007-1362 (Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and ...) BUG: 180436 CVE-2007-1363 (Multiple SQL injection vulnerabilities in DropAFew before 0.2.1 allow ...) TODO: check-old CVE-2007-1364 (DropAFew before 0.2.1 does not require authorization for certain ...) TODO: check-old CVE-2007-1365 (Buffer overflow in kern/uipc_mbuf2.c in OpenBSD 3.9 and 4.0 allows ...) TODO: check-old CVE-2007-1366 (QEMU 0.8.2 allows local users to crash a virtual machine via the ...) TODO: check-old CVE-2007-1367 (Cross-site scripting (XSS) vulnerability in the login page in Avaya ...) TODO: check-old CVE-2007-1368 (The Project issue tracking module before 4.7.x-1.3, 4.7.x-2.* before ...) TODO: check-old CVE-2007-1369 (ini_modifier (sgid-zendtech) in Zend Platform 2.2.3 and earlier allows ...) TODO: check-old CVE-2007-1370 (Zend Platform 2.2.3 and earlier has incorrect ownership for scd.sh and ...) TODO: check-old CVE-2007-1371 (Multiple buffer overflows in Conquest 8.2a and earlier (1) allow local ...) TODO: check-old CVE-2007-1372 (PHP remote file inclusion vulnerability in styles/internal/header.php ...) TODO: check-old CVE-2007-1373 (Stack-based buffer overflow in Mercury/32 (aka Mercury Mail Transport ...) TODO: check-old CVE-2007-1374 (Cross-site scripting (XSS) vulnerability in pop_profile.asp in Snitz ...) TODO: check-old CVE-2007-1375 (Integer overflow in the substr_compare function in PHP 5.2.1 and ...) BUG: 153911 CVE-2007-1376 (The shmop functions in PHP before 4.4.5, and before 5.2.1 in the 5.x ...) BUG: 153911 CVE-2007-1377 (AcroPDF.DLL in Adobe Reader 8.0, when accessed from Mozilla Firefox, ...) TODO: check-old CVE-2007-1378 (The ovrimos_longreadlen function in the Ovrimos extension for PHP ...) TODO: check-old CVE-2007-1379 (The ovrimos_close function in the Ovrimos extension for PHP before ...) TODO: check-old CVE-2007-1380 (The php_binary serialization handler in the session extension in PHP ...) BUG: 153911 CVE-2007-1381 (The wddx_deserialize function in wddx.c 1.119.2.10.2.12 and ...) TODO: check-old CVE-2007-1382 (The PHP COM extensions for PHP on Windows systems allow ...) TODO: check-old CVE-2007-1383 (Integer overflow in the 16 bit variable reference counter in PHP 4 ...) BUG: 153911 CVE-2007-1384 (Directory traversal vulnerability in torrent.cpp in KTorrent before ...) BUG: 170303 CVE-2007-1385 (chunkcounter.cpp in KTorrent before 2.1.2 allows remote attackers to ...) BUG: 170303 CVE-2007-1386 RESERVED CVE-2007-1387 (The DirectShow loader (loader/dshow/DS_VideoDecoder.c) in MPlayer ...) BUG: 168917 CVE-2007-1388 (The do_ipv6_setsockopt function in net/ipv6/ipv6_sockglue.c in Linux ...) TODO: check-old CVE-2007-1389 (dynaliens 2.0 and 2.1 allows remote attackers to bypass authentication ...) TODO: check-old CVE-2007-1390 (Multiple cross-site scripting (XSS) vulnerabilities in dynaliens 2.0 ...) TODO: check-old CVE-2007-1391 (PHP remote file inclusion vulnerability in ...) TODO: check-old CVE-2007-1392 (Directory traversal vulnerability in down.php in netForo! 0.1g allows ...) TODO: check-old CVE-2007-1393 (PHP remote file inclusion vulnerability in mysave.php in Magic CMS ...) TODO: check-old CVE-2007-1394 (Direct static code injection vulnerability in startsession.php in Flat ...) TODO: check-old CVE-2007-1395 (Incomplete blacklist vulnerability in index.php in phpMyAdmin 2.8.0 ...) TODO: check-old CVE-2007-1396 (The import_request_variables function in PHP 4.0.7 through 4.4.6, and ...) TODO: check-old CVE-2007-1397 (Multiple stack-based buffer overflows in the (1) ExtractRnick and (2) ...) TODO: check-old CVE-2007-1398 (The frag3 preprocessor in Snort 2.6.1.1, 2.6.1.2, and 2.7.0 beta, when ...) TODO: check-old CVE-2007-1399 (Stack-based buffer overflow in the zip:// URL wrapper in PECL ZIP ...) TODO: check-old CVE-2007-1400 (Plash permits sandboxed processes to open /dev/tty, which allows local ...) TODO: check-old CVE-2007-1401 (Buffer overflow in the crack extension (CrackLib), as bundled with PHP ...) TODO: check-old CVE-2007-1402 (The Rediff Toolbar 2.0 ActiveX control in redifftoolbar.dll allows ...) TODO: check-old CVE-2007-1403 (Multiple stack-based buffer overflows in an ActiveX control in ...) TODO: check-old CVE-2007-1404 (tftpd.exe in ProSysInfo TFTP Server TFTPDWIN 0.4.2 allows remote ...) TODO: check-old CVE-2007-1405 (Cross-site scripting (XSS) vulnerability in the "download wiki page as ...) TODO: check-old CVE-2007-1406 (Trac before 0.10.3.1 does not send a Content-Disposition HTTP header ...) TODO: check-old CVE-2007-1407 (Unspecified vulnerability in OpenSolution Quick.Cart before 2.1 has ...) TODO: check-old CVE-2007-1408 (Multiple vulnerabilities in (1) bank.php, (2) landfill.php, (3) ...) TODO: check-old CVE-2007-1409 (WordPress allows remote attackers to obtain sensitive information via ...) BUG: 168529 CVE-2007-1410 (SQL injection vulnerability in kategori.asp in GaziYapBoz Game Portal ...) TODO: check-old CVE-2007-1411 (Buffer overflow in PHP 4.4.6 and earlier, and unspecified PHP 5 ...) TODO: check-old CVE-2007-1412 (The cpdf_open function in the ClibPDF (cpdf) extension in PHP 4.4.6 ...) TODO: check-old CVE-2007-1413 (Buffer overflow in the snmpget function in the snmp extension in PHP ...) TODO: check-old CVE-2007-1414 (Multiple PHP remote file inclusion vulnerabilities in Coppermine Photo ...) TODO: check-old CVE-2007-1415 (Multiple PHP remote file inclusion vulnerabilities in PMB Services ...) TODO: check-old CVE-2007-1416 (PHP remote file inclusion vulnerability in createurl.php in JCcorp ...) TODO: check-old CVE-2007-1417 (SQL injection vulnerability in index.php in HC NEWSSYSTEM 1.0-4 allows ...) TODO: check-old CVE-2007-1418 (Cross-site scripting (XSS) vulnerability in ...) TODO: check-old CVE-2007-1419 (The Java Management Extensions Remote API Remote Method Invocation ...) TODO: check-old CVE-2007-1420 (MySQL 5.x before 5.0.36 allows local users to cause a denial of ...) BUG: 171934 BUG: 170126 CVE-2007-1421 (Multiple PHP remote file inclusion vulnerabilities in Premod SubDog 2 ...) TODO: check-old CVE-2007-1422 (SQL injection vulnerability in goster.asp in fystyq Duyuru Scripti ...) TODO: check-old CVE-2007-1423 (Multiple PHP remote file inclusion vulnerabilities in WORK system ...) TODO: check-old CVE-2007-1424 (Multiple PHP remote file inclusion vulnerabilities in Softnews Media ...) TODO: check-old CVE-2007-1425 (SQL injection vulnerability in index.php in Triexa SonicMailer Pro ...) TODO: check-old CVE-2007-1426 (The web interface in AstroCam 2.0.0 through 2.6.5 allows remote ...) TODO: check-old CVE-2007-1427 (Directory traversal vulnerability in download_pdf.php in AssetMan 2.4a ...) TODO: check-old CVE-2007-1428 (SQL injection vulnerability in search.php in PHP Labs JobSitePro 1.0 ...) TODO: check-old CVE-2007-1429 (Multiple PHP remote file inclusion vulnerabilities in Moodle 1.7.1 ...) TODO: check-old CVE-2007-1430 (PHP remote file inclusion vulnerability in ...) TODO: check-old CVE-2007-1431 (Multiple unspecified vulnerabilities in PennMUSH 1.8.3 before 1.8.3p1 ...) TODO: check-old CVE-2007-1432 (Grayscale Blog 0.8.0, and possibly earlier versions, allows remote ...) TODO: check-old CVE-2007-1433 (Cross-site scripting (XSS) vulnerability in Grayscale Blog 0.8.0, and ...) TODO: check-old CVE-2007-1434 (SQL injection vulnerability in Grayscale Blog 0.8.0, and possibly ...) TODO: check-old CVE-2007-1435 (Buffer overflow in D-Link TFTP Server 1.0 allows remote attackers to ...) TODO: check-old CVE-2007-1436 (Unspecified vulnerability in admin.pl in SQL-Ledger before 2.6.26 and ...) TODO: check-old CVE-2007-1437 (Unspecified vulnerability in LedgerSMB before 1.1.5 and SQL-Ledger ...) TODO: check-old CVE-2007-1438 (SQL injection vulnerability in devami.asp in X-Ice News System 1.0 ...) TODO: check-old CVE-2007-1439 (PHP remote file inclusion vulnerability in ressourcen/dbopen.php in ...) TODO: check-old CVE-2007-1440 (SQL injection vulnerability in search.asp in JGBBS 3.0 Beta 1 allows ...) TODO: check-old CVE-2007-1441 (The 4thPass browser (BlackBerry Browser) on the RIM BlackBerry 8100 ...) TODO: check-old CVE-2007-1442 (Oracle Database 10g uses a NULL pDacl parameter when calling the ...) TODO: check-old CVE-2007-1443 (Multiple cross-site scripting (XSS) vulnerabilities in register.php in ...) TODO: check-old CVE-2007-1444 (netserver in netperf 2.4.3 allows local users to overwrite arbitrary ...) TODO: check-old CVE-2007-1445 (SQL injection vulnerability in the heme preview feature for ...) TODO: check-old CVE-2007-1446 (Multiple PHP remote file inclusion vulnerabilities in Open Education ...) TODO: check-old CVE-2007-1447 (The Tape Engine in CA (formerly Computer Associates) BrightStor ...) TODO: check-old CVE-2007-1448 (The Tape Engine in CA (formerly Computer Associates) BrightStor ...) TODO: check-old CVE-2007-1449 (Directory traversal vulnerability in mainfile.php in PHP-Nuke 8.0 and ...) TODO: check-old CVE-2007-1450 (SQL injection vulnerability in mainfile.php in PHP-Nuke 8.0 and ...) TODO: check-old CVE-2007-1451 (GuppY 4.0 allows remote attackers to delete arbitrary files via a ...) TODO: check-old CVE-2007-1452 (The FDF support (ext/fdf) in PHP 5.2.0 and earlier does not implement ...) TODO: check-old CVE-2007-1453 (Buffer underflow in the PHP_FILTER_TRIM_DEFAULT macro in the filtering ...) TODO: check-old CVE-2007-1454 (ext/filter in PHP 5.2.0, when FILTER_SANITIZE_STRING is used with the ...) TODO: check-old CVE-2007-1455 (Multiple absolute path traversal vulnerabilities in Fantastico, as ...) TODO: check-old CVE-2007-1456 (** DISPUTED ** ...) TODO: check-old CVE-2007-1457 (Buffer overflow in the urarlib_get function in Christian Scheurer ...) TODO: check-old CVE-2007-1458 (Multiple PHP remote file inclusion vulnerabilities in CARE2X 1.1 allow ...) TODO: check-old CVE-2007-1459 (Multiple PHP remote file inclusion vulnerabilities in WebCreator ...) TODO: check-old CVE-2007-1460 (The zip:// URL wrapper provided by the PECL zip extension in PHP ...) TODO: check-old CVE-2007-1461 (The compress.bzip2:// URL wrapper provided by the bz2 extension in PHP ...) TODO: check-old CVE-2007-1462 (The luci server component in conga preserves the password between page ...) TODO: check-old CVE-2007-1463 (Format string vulnerability in Inkscape before 0.45.1 allows ...) BUG: 171799 CVE-2007-1464 (Format string vulnerability in the whiteboard Jabber protocol in ...) BUG: 171799 CVE-2007-1465 (Stack-based buffer overflow in dproxy.c for dproxy 0.1 through 0.5 ...) TODO: check-old CVE-2007-1466 (Integer overflow in the WP6GeneralTextPacket::_readContents function ...) BUG: 169675 CVE-2007-1467 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...) TODO: check-old CVE-2007-1468 (Cross-site scripting (XSS) vulnerability in IBM Rational ClearQuest ...) TODO: check-old CVE-2007-1469 (SQL injection vulnerability in gallery.asp in Absolute Image Gallery ...) TODO: check-old CVE-2007-1470 (Multiple buffer overflows in LIBFtp 5.0 allow user-assisted remote ...) TODO: check-old CVE-2007-1471 (admin/default.asp in Orion-Blog 2.0 allows remote attackers to bypass ...) TODO: check-old CVE-2007-1472 (Variable overwrite vulnerability in groupit/base/groupit.start.inc in ...) TODO: check-old CVE-2007-1473 (Cross-site scripting (XSS) vulnerability in framework/NLS/NLS.php in ...) TODO: check-old CVE-2007-1474 (Argument injection vulnerability in the cleanup cron script in Horde ...) TODO: check-old CVE-2007-1475 (Multiple buffer overflows in the (1) ibase_connect and (2) ...) TODO: check-old CVE-2007-1476 (The SymTDI device driver (SYMTDI.SYS) in Symantec Norton Personal ...) TODO: check-old CVE-2007-1477 (** DISPUTED ** ...) TODO: check-old CVE-2007-1478 (download.php in McGallery 0.5b allows remote attackers to read ...) TODO: check-old CVE-2007-1479 (Cross-site scripting (XSS) vulnerability in Guestbook.php in Creative ...) TODO: check-old CVE-2007-1480 (Creative Guestbook 1.0 allows remote attackers to add an ...) TODO: check-old CVE-2007-1481 (SQL injection vulnerability in index.php in WBBlog allows remote ...) TODO: check-old CVE-2007-1482 (Cross-site scripting (XSS) vulnerability in index.php in WBBlog allows ...) TODO: check-old CVE-2007-1483 (Multiple PHP remote file inclusion vulnerabilities in WebCalendar ...) TODO: check-old CVE-2007-1484 (The array_user_key_compare function in PHP 4.4.6 and earlier, and 5.x ...) BUG: 169372 CVE-2007-1485 (** DISPUTED ** ...) TODO: check-old CVE-2007-1486 (PHP remote file inclusion vulnerability in template.class.php in ...) TODO: check-old CVE-2007-1487 (Directory traversal vulnerability in index.php in Sascha Schroeder ...) TODO: check-old CVE-2007-1488 (Unspecified vulnerability in Sun Java System Web Server 6.0 and 6.1 ...) TODO: check-old CVE-2007-1489 (Unspecified vulnerability in web-app.org Web Automated Perl Portal ...) TODO: check-old CVE-2007-1490 (Unspecified maintenance web pages in Avaya S87XX, S8500, and S8300 ...) TODO: check-old CVE-2007-1491 (Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and ...) TODO: check-old CVE-2007-1492 (winmm.dll in Microsoft Windows XP allows user-assisted remote ...) TODO: check-old CVE-2007-1493 (nukesentinel.php in NukeSentinel 2.5.06 and earlier uses a permissive ...) TODO: check-old CVE-2007-1494 (Cross-site scripting (XSS) vulnerability in NukeSentinel before 2.5.06 ...) TODO: check-old CVE-2007-1495 (The \Device\SymEvent driver in Symantec Norton Personal Firewall 2006 ...) TODO: check-old CVE-2007-1496 (nfnetlink_log in netfilter in the Linux kernel before 2.6.20.3 allows ...) TODO: check-old CVE-2007-1497 (nf_conntrack in netfilter in the Linux kernel before 2.6.20.3 does not ...) TODO: check-old CVE-2007-1498 (Multiple stack-based buffer overflows in the SiteManager.SiteMgr.1 ...) TODO: check-old CVE-2007-1499 (Microsoft Internet Explorer 7.0 on Windows XP and Vista allows remote ...) TODO: check-old CVE-2007-1500 (The Linux Security Auditing Tool (LSAT) allows local users to ...) BUG: 159542 CVE-2007-1501 (Stack-based buffer overflow in Avant Browser 11.0 build 26 allows ...) TODO: check-old CVE-2007-1502 (Multiple buffer overflows in Rhapsody IRC 0.28b allow remote attackers ...) TODO: check-old CVE-2007-1503 (Multiple format string vulnerabilities in comm.c in Rhapsody IRC 0.28b ...) TODO: check-old CVE-2007-1504 (Cross-site scripting (XSS) vulnerability in the Servlet Service in ...) TODO: check-old CVE-2007-1505 (Fujistu FENCE-Pro before V5L01, and Systemwalker Desktop Encryption ...) TODO: check-old CVE-2007-1506 (Cross-site scripting (XSS) vulnerability in ...) TODO: check-old CVE-2007-1507 (The default configuration in OpenAFS 1.4.x before 1.4.4 and 1.5.x ...) BUG: 171662 CVE-2007-1508 (Cross-site scripting (XSS) vulnerability in CMD_USER_STATS in ...) TODO: check-old CVE-2007-1509 (Directory traversal vulnerability in enkrypt.php in Sascha Schroeder ...) TODO: check-old CVE-2007-1510 (SQL injection vulnerability in post.php in Particle Blogger 1.0.0 ...) TODO: check-old CVE-2007-1511 (Buffer overflow in FrontBase Relational Database Server 4.2.7 and ...) TODO: check-old CVE-2007-1512 (Stack-based buffer overflow in the AfxOleSetEditMenu function in the ...) TODO: check-old CVE-2007-1513 (PHP remote file inclusion vulnerability in comanda.php in GraFX ...) TODO: check-old CVE-2007-1514 (PHP remote file inclusion vulnerability in index.php in ViperWeb ...) TODO: check-old CVE-2007-1515 (Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP H3 ...) TODO: check-old CVE-2007-1516 (PHP remote file inclusion vulnerability in functions/update.php in ...) TODO: check-old CVE-2007-1517 (SQL injection vulnerability in comments.php in WSN Guest 1.02 and 1.21 ...) TODO: check-old CVE-2007-1518 (SQL injection vulnerability in usergroups.php in Woltlab Burning Board ...) TODO: check-old CVE-2007-1519 (Cross-site scripting (XSS) vulnerability in modules.php in PHP-Nuke ...) TODO: check-old CVE-2007-1520 (The cross-site request forgery (CSRF) protection in PHP-Nuke 8.0 and ...) TODO: check-old CVE-2007-1521 (Double free vulnerability in PHP before 4.4.7, and 5.x before 5.2.2, ...) BUG: 169372 CVE-2007-1522 (Double free vulnerability in the session extension in PHP 5.2.0 and ...) TODO: check-old CVE-2007-1523 (Heap-based buffer overflow in the kernel in NetBSD 3.0, certain ...) TODO: check-old CVE-2007-1524 (Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 ...) TODO: check-old CVE-2007-1525 (Direct static code injection vulnerability in postpost.php in Dayfox ...) TODO: check-old CVE-2007-1526 (Sun Java System Web Server 6.1 before 20070314 allows remote ...) TODO: check-old CVE-2007-1527 (The LLTD Mapper in Microsoft Windows Vista does not verify that an IP ...) TODO: check-old CVE-2007-1528 (The LLTD Mapper in Microsoft Windows Vista allows remote attackers to ...) TODO: check-old CVE-2007-1529 (The LLTD Responder in Microsoft Windows Vista does not send the Mapper ...) TODO: check-old CVE-2007-1530 (The LLTD Mapper in Microsoft Windows Vista does not properly gather ...) TODO: check-old CVE-2007-1531 (Microsoft Windows XP and Vista overwrites ARP table entries included ...) TODO: check-old CVE-2007-1532 (The neighbor discovery implementation in Microsoft Windows Vista ...) TODO: check-old CVE-2007-1533 (The Teredo implementation in Microsoft Windows Vista uses the same ...) TODO: check-old CVE-2007-1534 (DFSR.exe in Windows Meeting Space in Microsoft Windows Vista remains ...) TODO: check-old CVE-2007-1535 (Microsoft Windows Vista establishes a Teredo address without user ...) TODO: check-old CVE-2007-1536 (Integer underflow in the file_printf function in the "file" program ...) BUG: 181977 BUG: 171452 CVE-2007-1537 (\Device\NdisTapi (NDISTAPI.sys) in Microsoft Windows XP SP2 and 2003 ...) TODO: check-old CVE-2007-1538 (** DISPUTED ** ...) TODO: check-old CVE-2007-1539 (Directory traversal vulnerability in inc/map.func.php in pragmaMX ...) TODO: check-old CVE-2007-1540 (Directory traversal vulnerability in am.pl in (1) SQL-Ledger 2.6.27 ...) TODO: check-old CVE-2007-1541 (Directory traversal vulnerability in am.pl in SQL-Ledger 2.6.27 only ...) TODO: check-old CVE-2007-1542 (Unspecified vulnerability in the Cisco IP Phone 7940 and 7960 running ...) TODO: check-old CVE-2007-1543 (Stack-based buffer overflow in the accept_att_local function in ...) BUG: 171428 CVE-2007-1544 (Integer overflow in the ProcAuWriteElement function in ...) BUG: 171428 CVE-2007-1545 (The AddResource function in server/dia/resource.c in Network Audio ...) BUG: 171428 CVE-2007-1546 (Array index error in Network Audio System (NAS) before 1.8a SVN 237 ...) BUG: 171428 CVE-2007-1547 (The ReadRequestFromClient function in server/os/io.c in Network Audio ...) BUG: 171428 CVE-2007-1548 (SQL injection vulnerability in functions/functions_filters.asp in Web ...) TODO: check-old CVE-2007-1549 (Unrestricted file upload vulnerability in gallery.php in phpx 3.5.15 ...) TODO: check-old CVE-2007-1550 (Multiple SQL injection vulnerabilities in phpx 3.5.15 allow remote ...) TODO: check-old CVE-2007-1551 (Multiple cross-site scripting (XSS) vulnerabilities in phpx 3.5.15 ...) TODO: check-old CVE-2007-1552 (Unrestricted file upload vulnerability in usercp.php in MetaForum ...) TODO: check-old CVE-2007-1553 (admin/configuration.php in Guestbara 1.2 and earlier allows remote ...) TODO: check-old CVE-2007-1554 (Direct static code injection vulnerability in admin/configuration.php ...) TODO: check-old CVE-2007-1555 (SQL injection vulnerability in forum.php in the Minerva mod 2.0.21 ...) TODO: check-old CVE-2007-1556 (SQL injection vulnerability in kommentare.php in Creative Files 1.2 ...) TODO: check-old CVE-2007-1557 (Format string vulnerability in F-Secure Anti-Virus Client Security ...) TODO: check-old CVE-2007-1558 (The APOP protocol allows remote attackers to guess the first 3 ...) BUG: 180436 CVE-2007-1559 (Multiple stack-based buffer overflows in SonicDVDDashVRNav.dll in ...) TODO: check-old CVE-2007-1560 (The clientProcessRequest() function in src/client_side.c in Squid 2.6 ...) BUG: 171681 CVE-2007-1561 (The channel driver in Asterisk before 1.2.17 and 1.4.x before 1.4.2 ...) BUG: 171467 CVE-2007-1562 (The FTP protocol implementation in Mozilla Firefox before 1.5.0.11 and ...) TODO: check-old CVE-2007-1563 (The FTP protocol implementation in Opera 9.10 allows remote attackers ...) TODO: check-old CVE-2007-1564 (The FTP protocol implementation in Konqueror 3.5.5 allows remote ...) TODO: check-old CVE-2007-1565 (Konqueror 3.5.5 allows remote attackers to cause a denial of service ...) TODO: check-old CVE-2007-1566 (SQL injection vulnerability in News/page.asp in NetVIOS Portal allows ...) TODO: check-old CVE-2007-1567 (Stack-based buffer overflow in War FTP Daemon 1.65, and possibly ...) TODO: check-old CVE-2007-1568 (Stack-based buffer overflow in DaanSystems NewsReactor 20070220.21 ...) TODO: check-old CVE-2007-1569 (Stack-based buffer overflow in NewsBin Pro 4.32 allows remote ...) TODO: check-old CVE-2007-1570 REJECTED TODO: check-old CVE-2007-1571 (PHP remote file inclusion vulnerability in includes/base.php in ...) TODO: check-old CVE-2007-1572 (SQL injection vulnerability in search.asp in JGBBS 3.0 Beta 1 and ...) TODO: check-old CVE-2007-1573 (SQL injection vulnerability in admincp/attachment.php in Jelsoft ...) TODO: check-old CVE-2007-1574 (CARE2X 2.2, and possibly earlier, allows remote attackers to obtain ...) TODO: check-old CVE-2007-1575 (Multiple SQL injection vulnerabilities in PHProjekt 5.2.0, when ...) BUG: 170905 CVE-2007-1576 (Multiple cross-site scripting (XSS) vulnerabilities in PHProjekt ...) BUG: 170905 CVE-2007-1577 (Directory traversal vulnerability in index.php in GeBlog 0.1 allows ...) TODO: check-old CVE-2007-1578 (Multiple integer signedness errors in the NTLM implementation in ...) TODO: check-old CVE-2007-1579 (Stack-based buffer overflow in Atrium MERCUR IMAPD allows remote ...) TODO: check-old CVE-2007-1580 (FTPDMIN 0.96 allows remote attackers to cause a denial of service ...) TODO: check-old CVE-2007-1581 (The resource system in PHP 5.0.0 through 5.2.1 allows ...) TODO: check-old CVE-2007-1582 (The resource system in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 ...) TODO: check-old CVE-2007-1583 (The mb_parse_str function in PHP 4.0.0 through 4.4.6 and 5.0.0 through ...) BUG: 169372 CVE-2007-1584 (Buffer underflow in the header function in PHP 5.2.0 allows ...) TODO: check-old CVE-2007-1585 (The Linksys WAG200G with firmware 1.01.01, WRT54GC 2 with firmware ...) TODO: check-old CVE-2007-1586 (ZynOS 3.40 allows remote attackers to cause a denial of service (link ...) TODO: check-old CVE-2007-1587 (templates/config/mail.tpl in Tim Soderstrom StatsDawg 0.92 allows ...) TODO: check-old CVE-2007-1588 (server.cpp in MyServer 0.8.5 calls Process::setuid before calling ...) TODO: check-old CVE-2007-1589 (TrueCrypt before 4.3, when set-euid mode is used on Linux, allows ...) TODO: check-old CVE-2007-1590 (The Grandstream BudgeTone 200 IP phone, with program 1.1.1.14 and ...) TODO: check-old CVE-2007-1591 (VsapiNT.sys in the Scan Engine 8.0 for Trend Micro AntiVirus ...) TODO: check-old CVE-2007-1592 (net/ipv6/tcp_ipv6.c in Linux kernel 2.6.x up to 2.6.21-rc3 ...) TODO: check-old CVE-2007-1593 (The administrative service in Symantec Veritas Volume Replicator (VVR) ...) TODO: check-old CVE-2007-1594 (The handle_response function in chan_sip.c in Asterisk before 1.2.17 ...) BUG: 171467 CVE-2007-1595 (The Asterisk Extension Language (AEL) in pbx/pbx_ael.c in Asterisk ...) TODO: check-old CVE-2007-1596 (Multiple PHP remote file inclusion vulnerabilities in the NFN Address ...) TODO: check-old CVE-2007-1597 (Unclassified NewsBoard 1.6.3 stores sensitive information under the ...) TODO: check-old CVE-2007-1598 (Stack-based buffer overflow in InterVations FileCOPA FTP Server 1.01 ...) TODO: check-old CVE-2007-1599 (wp-login.php in WordPress allows remote attackers to redirect ...) TODO: check-old CVE-2007-1600 (PHP remote file inclusion vulnerability in module.php in Digital Eye ...) TODO: check-old CVE-2007-1601 (** DISPUTED ** ...) TODO: check-old CVE-2007-1602 (SQL injection vulnerability in check_vote.php in Weekly Drawing ...) TODO: check-old CVE-2007-1603 (admin/contest.php in Weekly Drawing Contest 0.0.1 allows remote ...) TODO: check-old CVE-2007-1604 (Multiple unrestricted file upload vulnerabilities in w-Agora ...) TODO: check-old CVE-2007-1605 (w-Agora (Web-Agora) allows remote attackers to obtain sensitive ...) TODO: check-old CVE-2007-1606 (Multiple cross-site scripting (XSS) vulnerabilities in w-Agora ...) TODO: check-old CVE-2007-1607 (search.php in w-Agora (Web-Agora) allows remote attackers to obtain ...) TODO: check-old CVE-2007-1608 (CRLF injection vulnerability in IBM WebSphere Application Server (WAS) ...) TODO: check-old CVE-2007-1609 (Cross-site scripting (XSS) vulnerability in servlet/Spy in Dynamic ...) TODO: check-old CVE-2007-1610 (Cross-site scripting (XSS) vulnerability in the RSS reader in Glue ...) TODO: check-old CVE-2007-1611 (Cross-site scripting (XSS) vulnerability in the RSS reader in a ...) TODO: check-old CVE-2007-1612 (SQL injection vulnerability in index.php in Katalog Plyt Audio 1.0 and ...) TODO: check-old CVE-2007-1613 (Directory traversal vulnerability in view.php in MPM Chat 2.5 allows ...) TODO: check-old CVE-2007-1614 (Stack-based buffer overflow in the zzip_open_shared_io function in ...) BUG: 171441 CVE-2007-1615 (SQL injection vulnerability in index.php in ScriptMagix Jokes 2.0 and ...) TODO: check-old CVE-2007-1616 (SQL injection vulnerability in index.php in ScriptMagix Lyrics 2.0 and ...) TODO: check-old CVE-2007-1617 (SQL injection vulnerability in index.php in ScriptMagix Recipes 2.0 ...) TODO: check-old CVE-2007-1618 (SQL injection vulnerability in index.php in ScriptMagix FAQ Builder ...) TODO: check-old CVE-2007-1619 (SQL injection vulnerability in viewcomments.php in ScriptMagix Photo ...) TODO: check-old CVE-2007-1620 (Multiple PHP remote file inclusion vulnerabilities in PHP DB Designer ...) TODO: check-old CVE-2007-1621 (PHP remote file inclusion vulnerability in templates/head.php in ...) TODO: check-old CVE-2007-1622 (Cross-site scripting (XSS) vulnerability in wp-admin/vars.php in ...) TODO: check-old CVE-2007-1623 (Multiple cross-site scripting (XSS) vulnerabilities in realGuestbook ...) TODO: check-old CVE-2007-1624 (Multiple SQL injection vulnerabilities in realGuestbook 5.01 allow ...) TODO: check-old CVE-2007-1625 (Cross-site scripting (XSS) vulnerability in save_entry.php in ...) TODO: check-old CVE-2007-1626 (PHP remote file inclusion vulnerability in iframe.php in the iFrame ...) TODO: check-old CVE-2007-1627 REJECTED TODO: check-old CVE-2007-1628 (Multiple PHP remote file inclusion vulnerabilities in Study planner ...) TODO: check-old CVE-2007-1629 (SQL injection vulnerability in default.asp in ActiveWebSoftwares ...) TODO: check-old CVE-2007-1630 (SQL injection vulnerability in default.asp in ActiveWebSoftwares ...) TODO: check-old CVE-2007-1631 (** DISPUTED ** ...) TODO: check-old CVE-2007-1632 (Unspecified vulnerability in TYPOlight webCMS before 2.2 Build 5 has ...) TODO: check-old CVE-2007-1633 (Directory traversal vulnerability in bbcode_ref.php in the Giorgio ...) TODO: check-old CVE-2007-1634 (Variable extraction vulnerability in grab_globals.php in Net Portal ...) TODO: check-old CVE-2007-1635 (Static code injection vulnerability in admin/settings.php in Net ...) TODO: check-old CVE-2007-1636 (Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 ...) TODO: check-old CVE-2007-1637 (Multiple buffer overflows in the IMAILAPILib ActiveX control ...) TODO: check-old CVE-2007-1638 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...) BUG: 170905 CVE-2007-1639 (Unrestricted file upload vulnerability in PHProjekt 5.2.0, when ...) BUG: 170905 CVE-2007-1640 (Multiple PHP remote file inclusion vulnerabilities in ClassWeb 2.03 ...) TODO: check-old CVE-2007-1641 (SQL injection vulnerability in index.php in PortailPHP 2.0 allows ...) TODO: check-old CVE-2007-1642 (Unspecified vulnerability in ManageEngine Firewall Analyzer allows ...) TODO: check-old CVE-2007-1643 (Multiple PHP remote file inclusion vulnerabilities in LAN Management ...) TODO: check-old CVE-2007-1644 (The dynamic DNS update mechanism in the DNS Server service on ...) TODO: check-old CVE-2007-1645 (Buffer overflow in FutureSoft TFTP Server 2000 on Microsoft Windows ...) TODO: check-old CVE-2007-1646 (Multiple cross-site scripting (XSS) vulnerabilities in SubHub 2.3.0 ...) TODO: check-old CVE-2007-1647 (Moodle 1.5.2 and earlier stores sensitive information under the web ...) TODO: check-old CVE-2007-1648 (0irc 1345 build 20060823 allows remote attackers to cause a denial of ...) TODO: check-old CVE-2007-1649 (PHP 5.2.1 allows context-dependent attackers to read portions of heap ...) TODO: check-old CVE-2007-1650 (pcapsipdump.cpp in pcapsipdump before 0.1.3 allows remote attackers to ...) TODO: check-old CVE-2007-1651 (Cross-site request forgery (CSRF) vulnerability in OpenID allows ...) TODO: check-old CVE-2007-1652 (OpenID allows remote attackers to forcibly log a user into an OpenID ...) TODO: check-old CVE-2007-1653 (GlowWorm FW before 1.5.3b4 allows remote attackers to cause a denial ...) TODO: check-old CVE-2007-1654 (Buffer overflow in the Ne7sshSftp::addOpenHandle function in ...) TODO: check-old CVE-2007-1655 (Buffer overflow in the fun_ladd function in funmath.cpp in TinyMUX ...) TODO: check-old CVE-2007-1656 (Multiple SQL injection vulnerabilities in index.php in Katalog Plyt ...) TODO: check-old CVE-2007-1657 (Stack-based buffer overflow in the file_compress function in minigzip ...) TODO: check-old CVE-2007-1658 (Windows Mail in Microsoft Windows Vista might allow user-assisted ...) TODO: check-old CVE-2007-1659 (Perl-Compatible Regular Expression (PCRE) library before 7.3 allows ...) BUG: 198198 CVE-2007-1660 (Perl-Compatible Regular Expression (PCRE) library before 7.0 does not ...) BUG: 198198 CVE-2007-1661 (Perl-Compatible Regular Expression (PCRE) library before 7.3 ...) BUG: 198198 CVE-2007-1662 (Perl-Compatible Regular Expression (PCRE) library before 7.3 reads ...) BUG: 198198 CVE-2007-1663 (Memory leak in the image message functionality in ekg before ...) TODO: check-old CVE-2007-1664 (ekg before 1:1.7~rc2-1etch1 on Debian GNU/Linux Etch allows remote ...) TODO: check-old CVE-2007-1665 (Memory leak in the token OCR functionality in ekg before ...) TODO: check-old CVE-2007-1666 (The processor_request function in the debugger server for DataRescue ...) TODO: check-old CVE-2007-1667 (Multiple integer overflows in (1) the XGetPixel function in ImUtil.c ...) BUG: 172752 CVE-2007-1668 RESERVED CVE-2007-1669 (zoo decoder 2.10 (zoo-2.10), as used in multiple products including ...) TODO: check-old CVE-2007-1670 (Panda Software Antivirus before 20070402 allows remote attackers to ...) TODO: check-old CVE-2007-1671 (avpack32.dll before 7.3.0.6 in Avira AntiVir allows remote attackers ...) TODO: check-old CVE-2007-1672 (avast! antivirus before 4.7.981 allows remote attackers to cause a ...) TODO: check-old CVE-2007-1673 (unzoo.c, as used in multiple products including AMaViS 2.4.1 and ...) TODO: check-old CVE-2007-1674 (Stack-based buffer overflow in the Alert Service (aolnsrvr.exe) in ...) TODO: check-old CVE-2007-1675 (Buffer overflow in the CRAM-MD5 authentication mechanism in the IMAP ...) TODO: check-old CVE-2007-1676 RESERVED CVE-2007-1677 (Multiple buffer overflows in the ISO network protocol support in the ...) TODO: check-old CVE-2007-1678 (Cross-site scripting (XSS) vulnerability in the Fizzle 0.5 extension ...) TODO: check-old CVE-2007-1679 (** DISPUTED ** ...) TODO: check-old CVE-2007-1680 (Stack-based buffer overflow in the createAndJoinConference function in ...) TODO: check-old CVE-2007-1681 (Format string vulnerability in libwebconsole_services.so in Sun Java ...) TODO: check-old CVE-2007-1682 (Multiple stack-based buffer overflows in the FileManager ActiveX ...) NOT-FOR-US: SoftArtisans xfile CVE-2007-1683 (Stack-based buffer overflow in the DoWebMenuAction function in the ...) TODO: check-old CVE-2007-1684 (The Run function in SolidWorks sldimdownload ActiveX control in ...) TODO: check-old CVE-2007-1685 (Buffer overflow in k9filter.exe in BlueCoat K9 Web Protection 3.2.36, ...) TODO: check-old CVE-2007-1686 RESERVED CVE-2007-1687 (Multiple buffer overflows in the Internet Pictures Corporation iPIX ...) TODO: check-old CVE-2007-1688 (Buffer overflow in the PhPInfo ActiveX control in PhPCtrl.dll in ...) TODO: check-old CVE-2007-1689 (Buffer overflow in the ISAlertDataCOM ActiveX control in ISLALERT.DLL ...) TODO: check-old CVE-2007-1690 (Multiple stack-based buffer overflows in Second Sight Software ...) TODO: check-old CVE-2007-1691 (Stack-based buffer overflow in Second Sight Software ActiveMod ActiveX ...) TODO: check-old CVE-2007-1692 (The default configuration of Microsoft Windows uses the Web Proxy ...) TODO: check-old CVE-2007-1693 (The SIP channel module in Yet Another Telephony Engine (Yate) before ...) TODO: check-old CVE-2007-1694 RESERVED CVE-2007-1695 (** DISPUTED ** ...) TODO: check-old CVE-2007-1696 (SQL injection vulnerability in ViewNewspapers.asp in Active Newsletter ...) TODO: check-old CVE-2007-1697 (PHP remote file inclusion vulnerability in header.inc.php in Philex ...) TODO: check-old CVE-2007-1698 (download.php in Philex 0.2.3 and earlier allows remote attackers to ...) TODO: check-old CVE-2007-1699 (Multiple PHP remote file inclusion vulnerabilities in the SWmenu ...) TODO: check-old CVE-2007-1700 (The session extension in PHP 4 before 4.4.5, and PHP 5 before 5.2.1, ...) BUG: 169372 CVE-2007-1701 (PHP 4 before 4.4.5, and PHP 5 before 5.2.1, when register_globals is ...) BUG: 169372 CVE-2007-1702 (PHP remote file inclusion vulnerability in mod_flatmenu.php in the ...) TODO: check-old CVE-2007-1703 (SQL injection vulnerability in index.php in the RWCards (com_rwcards) ...) TODO: check-old CVE-2007-1704 (SQL injection vulnerability in index.php in the Car Manager ...) TODO: check-old CVE-2007-1705 (SQL injection vulnerability in default.asp in Active Trade 2 allows ...) TODO: check-old CVE-2007-1706 (SQL injection vulnerability in eWebQuiz.asp in eWebQuiz 8 allows ...) TODO: check-old CVE-2007-1707 (PHP remote file inclusion vulnerability in index.php in Net Side ...) TODO: check-old CVE-2007-1708 (PHP remote file inclusion vulnerability in lib/db/ez_sql.php in ttCMS ...) TODO: check-old CVE-2007-1709 (Buffer overflow in the confirm_phpdoc_compiled function in the phpDOC ...) TODO: check-old CVE-2007-1710 (The readfile function in PHP 4.4.4, 5.1.6, and 5.2.1 allows ...) TODO: check-old CVE-2007-1711 (Double free vulnerability in the unserializer in PHP 4.4.5 and 4.4.6 ...) BUG: 169372 CVE-2007-1712 (SQL injection vulnerability in default.asp in ActiveWebSoftwares ...) TODO: check-old CVE-2007-1713 (CRLF injection vulnerability in BSMTP.DLL in B21Soft BASP21 2003.0211, ...) TODO: check-old CVE-2007-1714 (Cross-site scripting (XSS) vulnerability in index.php in CcCounter 2.0 ...) TODO: check-old CVE-2007-1715 (PHP remote file inclusion vulnerability in frontpage.php in Free Image ...) TODO: check-old CVE-2007-1716 (pam_console does not properly restore ownership for certain console ...) BUG: 193196 BUG: 199193 CVE-2007-1717 (The mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 ...) BUG: 169372 CVE-2007-1718 (CRLF injection vulnerability in the mail function in PHP 4.0.0 through ...) BUG: 169372 CVE-2007-1719 (Buffer overflow in eject.c in Jason W. Bacon mcweject 0.9 on FreeBSD, ...) TODO: check-old CVE-2007-1720 (Directory traversal vulnerability in addressbook.php in the ...) TODO: check-old CVE-2007-1721 (Multiple PHP remote file inclusion vulnerabilities in C-Arbre 0.6PR7 ...) TODO: check-old CVE-2007-1722 (Buffer overflow in the DownloadCertificateExt function in SignKorea ...) TODO: check-old CVE-2007-1723 (Multiple cross-site scripting (XSS) vulnerabilities in the ...) TODO: check-old CVE-2007-1724 (Unspecified vulnerability in ReactOS 0.3.1 has unknown impact and ...) TODO: check-old CVE-2007-1725 (SQL injection vulnerability in index.php in IceBB 1.0-rc5 allows ...) TODO: check-old CVE-2007-1726 (Unrestricted file upload vulnerability in index.php in IceBB 1.0-rc5 ...) TODO: check-old CVE-2007-1727 (Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) ...) TODO: check-old CVE-2007-1728 (The Remote Play feature in Sony Playstation 3 (PS3) 1.60 and ...) TODO: check-old CVE-2007-1729 (SQL injection vulnerability in includes/start.php in Flexbb 1.0.0 ...) TODO: check-old CVE-2007-1730 (Integer signedness error in the DCCP support in the do_dccp_getsockopt ...) TODO: check-old CVE-2007-1731 (Multiple stack-based buffer overflows in High Performance Anonymous ...) TODO: check-old CVE-2007-1732 (** DISPUTED ** ...) TODO: check-old CVE-2007-1733 (Buffer overflow in InterVations NaviCOPA HTTP Server 2.01 allows ...) TODO: check-old CVE-2007-1734 (The DCCP support in the do_dccp_getsockopt function in ...) TODO: check-old CVE-2007-1735 (Stack-based buffer overflow in Corel WordPerfect Office X3 ...) TODO: check-old CVE-2007-1736 (Mozilla Firefox 2.0.0.3 does not check URLs embedded in (1) object or ...) TODO: check-old CVE-2007-1737 (Opera 9.10 does not check URLs embedded in (1) object or (2) iframe ...) TODO: check-old CVE-2007-1738 (TrueCrypt 4.3, when installed setuid root, allows local users to cause ...) TODO: check-old CVE-2007-1739 (Heap-based buffer overflow in the LDAP server in IBM Lotus Domino ...) TODO: check-old CVE-2007-1740 REJECTED TODO: check-old CVE-2007-1741 (Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 ...) TODO: check-old CVE-2007-1742 (suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison ...) TODO: check-old CVE-2007-1743 (suexec in Apache HTTP Server (httpd) 2.2.3 does not verify ...) TODO: check-old CVE-2007-1744 (Directory traversal vulnerability in the Shared Folders feature for ...) TODO: check-old CVE-2007-1745 (The chm_decompress_stream function in libclamav/chmunpack.c in Clam ...) BUG: 174375 CVE-2007-1746 RESERVED CVE-2007-1747 (Unspecified vulnerability in MSO.dll in Microsoft Office 2000 SP3, ...) TODO: check-old CVE-2007-1748 (Stack-based buffer overflow in the RPC interface in the Domain Name ...) TODO: check-old CVE-2007-1749 (Integer underflow in the CDownloadSink class code in the Vector Markup ...) TODO: check-old CVE-2007-1750 (Unspecified vulnerability in Microsoft Internet Explorer 6 allows ...) TODO: check-old CVE-2007-1751 (Microsoft Internet Explorer 5.01, 6, and 7 allows remote attackers to ...) TODO: check-old CVE-2007-1752 REJECTED TODO: check-old CVE-2007-1753 RESERVED CVE-2007-1754 (PUBCONV.DLL in Microsoft Office Publisher 2007 does not properly clear ...) TODO: check-old CVE-2007-1755 RESERVED CVE-2007-1756 (Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and Office ...) TODO: check-old CVE-2007-1757 RESERVED CVE-2007-1758 RESERVED CVE-2007-1759 RESERVED CVE-2007-1760 RESERVED CVE-2007-1761 RESERVED CVE-2007-1762 (Mozilla Firefox 2.0.0.1 through 2.0.0.3 does not canonicalize URLs ...) TODO: check-old CVE-2007-1763 (The ATI kernel driver (atikmdag.sys) in Microsoft Windows Vista allows ...) TODO: check-old CVE-2007-1764 (Stack-based buffer overflow in FastStone Image Viewer 2.8 allows ...) TODO: check-old CVE-2007-1765 (Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista ...) TODO: check-old CVE-2007-1766 (PHP remote file inclusion vulnerability in ...) TODO: check-old CVE-2007-1767 (Unspecified vulnerability in (1) Deskbar.dll and (2) Toolbar.dll in ...) TODO: check-old CVE-2007-1768 (Cross-site scripting (XSS) vulnerability in ...) TODO: check-old CVE-2007-1769 REJECTED TODO: check-old CVE-2007-1770 (Buffer overflow in the ArcSDE service (giomgr) in Environmental ...) TODO: check-old CVE-2007-1771 (PHP remote file inclusion vulnerability in ...) TODO: check-old CVE-2007-1772 (The FTP service in HP JetDirect print servers allows remote attackers ...) TODO: check-old CVE-2007-1773 (Multiple directory traversal vulnerabilities in aBitWhizzy allow ...) TODO: check-old CVE-2007-1774 (Multiple cross-site scripting (XSS) vulnerabilities in aBitWhizzy ...) TODO: check-old CVE-2007-1775 (Unrestricted file upload vulnerability in upload.php3 in JBrowser 2.4 ...) TODO: check-old CVE-2007-1776 (SQL injection vulnerability in index.php in the DesignForJoomla.com ...) TODO: check-old CVE-2007-1777 (Integer overflow in the zip_read_entry function in PHP 4 before 4.4.5 ...) TODO: check-old CVE-2007-1778 (PHP remote file inclusion vulnerability in db/mysql.php in the ...) TODO: check-old CVE-2007-1779 (Multiple SQL injection vulnerabilities in the MySQL back-end in ...) TODO: check-old CVE-2007-1780 (Cross-site scripting (XSS) vulnerability in the DHT shell (owdhtshell) ...) TODO: check-old CVE-2007-1781 (Minna De Office 1.x and 2.x does not properly restrict user access to ...) TODO: check-old CVE-2007-1782 (CruiseWorks 1.09e and earlier does not properly restrict user access ...) TODO: check-old CVE-2007-1783 RESERVED CVE-2007-1784 (The JNILoader ActiveX control (STJNILoader.ocx) 3.1.0.26 in IBM Lotus ...) TODO: check-old CVE-2007-1785 (The RPC service in mediasvr.exe in CA BrightStor ARCserve Backup 11.5 ...) TODO: check-old CVE-2007-1786 (SQL injection vulnerability in Hitachi Collaboration - Online ...) TODO: check-old CVE-2007-1787 (Multiple PHP remote file inclusion vulnerabilities in ...) TODO: check-old CVE-2007-1788 (Flyspray 0.9.9, when output_buffering is disabled or "set to a low ...) TODO: check-old CVE-2007-1789 (Flyspray 0.9.9 allows remote attackers to obtain sensitive information ...) TODO: check-old CVE-2007-1790 (Multiple PHP remote file inclusion vulnerabilities in Kaqoo Auction ...) TODO: check-old CVE-2007-1791 (SQL injection vulnerability in wall.php in Picture-Engine 1.2.0 and ...) TODO: check-old CVE-2007-1792 (libdayzero.dll in the Filter Hub Service (filter-hub.exe) in Symantec ...) TODO: check-old CVE-2007-1793 (SPBBCDrv.sys in Symantec Norton Personal Firewall 2006 9.1.0.33 and ...) TODO: check-old CVE-2007-1794 (The Javascript engine in Mozilla 1.7 and earlier on Sun Solaris 8, 9, ...) TODO: check-old CVE-2007-1795 (JCcorp URLshrink 1.3.1 allows remote attackers to execute arbitrary ...) TODO: check-old CVE-2007-1796 (Multiple unspecified vulnerabilities in JCcorp URLshrink before 1.3.2 ...) TODO: check-old CVE-2007-1797 (Multiple integer overflows in ImageMagick before 6.3.3-5 allow remote ...) BUG: 173186 BUG: 159567 BUG: 152672 CVE-2007-1798 (Buffer overflow in the drmgr command in IBM AIX 5.2 and 5.3 allows ...) TODO: check-old CVE-2007-1799 (Directory traversal vulnerability in torrent.cpp in KTorrent before ...) BUG: 170303 CVE-2007-1800 (Cisco Secure ACS does not require authentication when Cisco Trust ...) TODO: check-old CVE-2007-1801 (Directory traversal vulnerability in inc/lang.php in sBLOG 0.7.3 Beta ...) TODO: check-old CVE-2007-1802 (Cross-site scripting (XSS) vulnerability in MailDwarf 3.01 and earlier ...) TODO: check-old CVE-2007-1803 (Unspecified vulnerability in MailDwarf 3.01 and earlier allows remote ...) TODO: check-old CVE-2007-1804 (PulseAudio 0.9.5 allows remote attackers to cause a denial of service ...) TODO: check-old CVE-2007-1805 (SQL injection vulnerability in genre.php in the debaser 0.92 and ...) TODO: check-old CVE-2007-1806 (SQL injection vulnerability in categos.php in the RM+Soft Gallery ...) TODO: check-old CVE-2007-1807 (SQL injection vulnerability in modules/myalbum/viewcat.php in the ...) TODO: check-old CVE-2007-1808 (SQL injection vulnerability in show.php in the Camportail 1.1 and ...) TODO: check-old CVE-2007-1809 (Multiple PHP remote file inclusion vulnerabilities in GraFX Company ...) TODO: check-old CVE-2007-1810 (SQL injection vulnerability in product_details.php in the Kshop 1.17 ...) TODO: check-old CVE-2007-1811 (SQL injection vulnerability in index.php in the Tiny Event (tinyevent) ...) TODO: check-old CVE-2007-1812 (PHP remote file inclusion vulnerability in ...) TODO: check-old CVE-2007-1813 (SQL injection vulnerability in display.php in the eCal 2.24 and ...) TODO: check-old CVE-2007-1814 (SQL injection vulnerability in viewcat.php in the Core module for ...) TODO: check-old CVE-2007-1815 (SQL injection vulnerability in viewcat.php in the Library module for ...) TODO: check-old CVE-2007-1816 (SQL injection vulnerability in viewcat.php in the Tutoriais module for ...) TODO: check-old CVE-2007-1817 (SQL injection vulnerability in index.php in the Lykos Reviews ...) TODO: check-old CVE-2007-1818 (PHP remote file inclusion vulnerability in MOD_forum_fields_parse.php ...) TODO: check-old CVE-2007-1819 (Stack-based buffer overflow in the SPIDERLib.Loader ActiveX control ...) TODO: check-old CVE-2007-1820 (Nortel Networks CallPilot and Meridian Mail voicemail systems, when a ...) TODO: check-old CVE-2007-1821 (Sprint Nextel Sprint voice mail systems allow remote attackers to ...) TODO: check-old CVE-2007-1822 (Alcatel-Lucent Lucent Technologies voice mail systems allow remote ...) TODO: check-old CVE-2007-1823 (T-Mobile voice mail systems allow remote attackers to retrieve or ...) TODO: check-old CVE-2007-1824 (Buffer overflow in the php_stream_filter_create function in PHP 5 ...) TODO: check-old CVE-2007-1825 (Buffer overflow in the imap_mail_compose function in PHP 5 before ...) TODO: check-old CVE-2007-1826 (Unspecified vulnerability in the IPSec Manager Service for Cisco ...) TODO: check-old CVE-2007-1827 (Multiple unspecified vulnerabilities in form input validation in ...) TODO: check-old CVE-2007-1828 (Multiple cross-site scripting (XSS) vulnerabilities in web-app.org ...) TODO: check-old CVE-2007-1829 (Multiple unspecified vulnerabilities in web-app.net WebAPP have ...) TODO: check-old CVE-2007-1830 (Unspecified vulnerability in the Username Hijacking Patch 20070312 for ...) TODO: check-old CVE-2007-1831 (web-app.org WebAPP before 0.9.9.6 allows remote authenticated users to ...) TODO: check-old CVE-2007-1832 (web-app.org WebAPP before 0.9.9.6 allows remote authenticated users to ...) TODO: check-old CVE-2007-1833 (The Skinny Call Control Protocol (SCCP) implementation in Cisco ...) TODO: check-old CVE-2007-1834 (Cisco Unified CallManager (CUCM) 5.0 before 5.0(4a)SU1 and Cisco ...) TODO: check-old CVE-2007-1835 (PHP 4 before 4.4.5 and PHP 5 before 5.2.1, when using an empty session ...) TODO: check-old CVE-2007-1836 (The command line administration interface in Data Domain OS before ...) TODO: check-old CVE-2007-1837 (Multiple PHP remote file inclusion vulnerabilities in MangoBery CMS ...) TODO: check-old CVE-2007-1838 (SQL injection vulnerability in view.php in the Friendfinder 3.3 and ...) TODO: check-old CVE-2007-1839 (Multiple PHP remote file inclusion vulnerabilities in CodeBB 1.1b3 and ...) TODO: check-old CVE-2007-1840 (lib/modules.inc in LDAP Account Manager (LAM) before 1.3.0 does not ...) TODO: check-old CVE-2007-1841 (The isakmp_info_recv function in src/racoon/isakmp_inf.c in racoon in ...) BUG: 173219 CVE-2007-1842 (Directory traversal vulnerability in login.php in JSBoard before ...) TODO: check-old CVE-2007-1843 (PHP remote file inclusion vulnerability in gmapfactory/params.php in ...) TODO: check-old CVE-2007-1844 (Multiple PHP remote file inclusion vulnerabilities in Aardvark ...) TODO: check-old CVE-2007-1845 (SQL injection vulnerability in show_event.php in the Expanded Calendar ...) TODO: check-old CVE-2007-1846 (SQL injection vulnerability in index.php in the MyAds 2.04jp and ...) TODO: check-old CVE-2007-1847 (SQL injection vulnerability in viewcat.php in the Repository module ...) TODO: check-old CVE-2007-1848 (Cross-site scripting (XSS) vulnerability in admin/classes/ui.dta.php ...) TODO: check-old CVE-2007-1849 (Directory traversal vulnerability in 404.php in Drake CMS allows ...) TODO: check-old CVE-2007-1850 (Directory traversal vulnerability in classes/captcha/captcha.jpg.php ...) TODO: check-old CVE-2007-1851 (Multiple directory traversal vulnerabilities in Really Simple PHP and ...) TODO: check-old CVE-2007-1852 (** DISPUTED ** ...) TODO: check-old CVE-2007-1853 (Unspecified vulnerability in Hitachi JP1/HiCommand DeviceManager, ...) TODO: check-old CVE-2007-1854 (Unspecified vulnerability in Hitachi Cosminexus Component Container ...) TODO: check-old CVE-2007-1855 (Multiple PHP remote file inclusion vulnerabilities in ...) TODO: check-old CVE-2007-1856 (Vixie Cron before 4.1-r10 on Gentoo Linux is installed with insecure ...) BUG: 164466 CVE-2007-1857 RESERVED CVE-2007-1858 (The default SSL cipher configuration in Apache Tomcat 4.1.28 through ...) TODO: check-old CVE-2007-1859 (XScreenSaver 4.10, when using a remote directory service for ...) BUG: 176584 CVE-2007-1860 (mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 ...) BUG: 186218 CVE-2007-1861 (The nl_fib_lookup function in net/ipv4/fib_frontend.c in Linux Kernel ...) TODO: check-old CVE-2007-1862 (The recall_headers function in mod_mem_cache in Apache 2.2.4 does not ...) BUG: 186219 CVE-2007-1863 (cache_util.c in the mod_cache module in Apache HTTP Server (httpd), ...) BUG: 186219 CVE-2007-1864 (Buffer overflow in the bundled libxmlrpc library in PHP before 4.4.7, ...) BUG: 169372 CVE-2007-1865 (** DISPUTED ** ...) TODO: check-old CVE-2007-1866 (Stack-based buffer overflow in the dns_decode_reverse_name function in ...) TODO: check-old CVE-2007-1867 (Buffer overflow in IrfanView 3.99 allows remote attackers to execute ...) TODO: check-old CVE-2007-1868 (The management service in IBM Tivoli Provisioning Manager for OS ...) TODO: check-old CVE-2007-1869 (lighttpd 1.4.12 and 1.4.13 allows remote attackers to cause a denial ...) BUG: 174043 CVE-2007-1870 (lighttpd before 1.4.14 allows attackers to cause a denial of service ...) BUG: 174043 CVE-2007-1871 (Cross-site scripting (XSS) vulnerability in chcounter 3.1.3 allows ...) TODO: check-old CVE-2007-1872 (Cross-site scripting (XSS) vulnerability in toendaCMS 1.5.3 allows ...) TODO: check-old CVE-2007-1873 (Cross-site scripting (XSS) vulnerability in Mephisto 0.7.3 allows ...) TODO: check-old CVE-2007-1874 (Adobe ColdFusion MX 7 for Linux and Solaris uses insecure permissions ...) TODO: check-old CVE-2007-1875 RESERVED CVE-2007-1876 (VMware Workstation before 5.5.4, when running a 64-bit Windows guest ...) TODO: check-old CVE-2007-1877 (VMware Workstation before 5.5.4 allows attackers to cause a denial of ...) TODO: check-old CVE-2007-1878 (Cross-zone scripting vulnerability in the DOM templates (domplates) ...) TODO: check-old CVE-2007-1879 (The StartUploading function in KL.SysInfo ActiveX control ...) TODO: check-old CVE-2007-1880 (Integer overflow in the _NtSetValueKey function in klif.sys in ...) TODO: check-old CVE-2007-1881 (Unspecified vulnerability in KLIF (klif.sys) in Kaspersky Anti-Virus, ...) TODO: check-old CVE-2007-1882 (qcbin/servlet/tdservlet/TDAPI_GeneralWebTreatment in HP Mercury ...) TODO: check-old CVE-2007-1883 (PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows ...) BUG: 179158 CVE-2007-1884 (Multiple integer signedness errors in the printf function family in ...) NOTE: Fixed in 5.2.1 CVE-2007-1885 (Integer overflow in the str_replace function in PHP 4 before 4.4.5 and ...) NOTE: Fixed in 5.2.1 CVE-2007-1886 (Integer overflow in the str_replace function in PHP 4.4.5 and PHP ...) NOTE: Fixed in 5.2.1 CVE-2007-1887 (Buffer overflow in the sqlite_decode_binary function in the bundled ...) BUG: 179158 CVE-2007-1888 (Buffer overflow in the sqlite_decode_binary function in src/encode.c ...) NOTE: Fixed in 5.2.1 CVE-2007-1889 (Integer signedness error in the _zend_mm_alloc_int function in the ...) NOTE: Fixed in 5.2.1 CVE-2007-1890 (Integer overflow in the msg_receive function in PHP 4 before 4.4.5 and ...) NOTE: Fixed in 5.2.1 CVE-2007-1891 (Stack-based buffer overflow in the GetPrivateProfileSectionW function ...) TODO: check-old CVE-2007-1892 (Stack-based buffer overflow in Akamai Technologies Download Manager ...) TODO: check-old CVE-2007-1893 (xmlrpc (xmlrpc.php) in WordPress 2.1.2, and probably earlier, allows ...) TODO: check-old CVE-2007-1894 (Cross-site scripting (XSS) vulnerability in ...) TODO: check-old CVE-2007-1895 (PHP remote file inclusion vulnerability in chat.php in Sky GUNNING ...) TODO: check-old CVE-2007-1896 (Directory traversal vulnerability in chat.php in Sky GUNNING MySpeach ...) TODO: check-old CVE-2007-1897 (SQL injection vulnerability in xmlrpc (xmlrpc.php) in WordPress 2.1.2, ...) TODO: check-old CVE-2007-1898 (formmail.php in Jetbox CMS 2.1 allows remote attackers to send ...) TODO: check-old CVE-2007-1899 (Multiple SQL injection vulnerabilities in myWebland myBloggie 2.1.6 ...) NOT-FOR-US: myWebland myBloggie CVE-2007-1900 (CRLF injection vulnerability in the FILTER_VALIDATE_EMAIL filter in ...) BUG: 179158 BUG: 169372 CVE-2007-1901 (SonicBB 1.0 allows remote attackers to obtain sensitive information ...) TODO: check-old CVE-2007-1902 (Multiple SQL injection vulnerabilities in SonicBB 1.0 allow remote ...) TODO: check-old CVE-2007-1903 (Cross-site scripting (XSS) vulnerability in search.php in SonicBB 1.0 ...) TODO: check-old CVE-2007-1904 (Directory traversal vulnerability in AOL Instant Messenger (AIM) 5.9 ...) TODO: check-old CVE-2007-1905 (Cross-site scripting (XSS) vulnerability in auth.php in Pineapple ...) TODO: check-old CVE-2007-1906 (Directory traversal vulnerability in richedit/keyboard.php in eCardMAX ...) TODO: check-old CVE-2007-1907 (PHP remote file inclusion vulnerability in warn.php in Pathos Content ...) TODO: check-old CVE-2007-1908 (PHP file inclusion vulnerability in php121db.php in PHP121 Instant ...) TODO: check-old CVE-2007-1909 (SQL injection vulnerability in login.php in Ryan Haudenschilt ...) TODO: check-old CVE-2007-1910 (Buffer overflow in wwlib.dll in Microsoft Word 2007 allows remote ...) TODO: check-old CVE-2007-1911 (Multiple unspecified vulnerabilities in Microsoft Word 2007 allow ...) TODO: check-old CVE-2007-1912 (Heap-based buffer overflow in Microsoft Windows allows user-assisted ...) TODO: check-old CVE-2007-1913 (The TRUSTED_SYSTEM_SECURITY function in the SAP RFC Library 6.40 and ...) TODO: check-old CVE-2007-1914 (The RFC_START_PROGRAM function in the SAP RFC Library 6.40 and 7.00 ...) TODO: check-old CVE-2007-1915 (Buffer overflow in the RFC_START_PROGRAM function in the SAP RFC ...) TODO: check-old CVE-2007-1916 (Buffer overflow in the RFC_START_GUI function in the SAP RFC Library ...) TODO: check-old CVE-2007-1917 (Buffer overflow in the SYSTEM_CREATE_INSTANCE function in the SAP RFC ...) TODO: check-old CVE-2007-1918 (The RFC_SET_REG_SERVER_PROPERTY function in the SAP RFC Library 6.40 ...) TODO: check-old CVE-2007-1919 (Cross-site scripting (XSS) vulnerability in index.php in Arizona Dream ...) TODO: check-old CVE-2007-1920 (SQL injection vulnerability in index.php in the aktualnosci module in ...) TODO: check-old CVE-2007-1921 (LIBSNDFILE.DLL, as used by AOL Nullsoft Winamp 5.33 and possibly other ...) TODO: check-old CVE-2007-1922 (The Impulse Tracker (IT) and ScreamTracker 3 (S3M) modules in ...) TODO: check-old CVE-2007-1923 ((1) LedgerSMB and (2) DWS Systems SQL-Ledger implement access control ...) TODO: check-old CVE-2007-1924 (** DISPUTED ** ...) TODO: check-old CVE-2007-1925 (The borrado function in modules/Your_Account/index.php in Tru-Zone ...) TODO: check-old CVE-2007-1926 (Cross-site scripting (XSS) vulnerability in JBMC Software DirectAdmin ...) TODO: check-old CVE-2007-1927 (Cross-site scripting (XSS) vulnerability in signup.asp in CmailServer ...) TODO: check-old CVE-2007-1928 (Directory traversal vulnerability in index.php in witshare 0.9 allows ...) TODO: check-old CVE-2007-1929 (Directory traversal vulnerability in downloadpic.php in Beryo 2.0, and ...) TODO: check-old CVE-2007-1930 (Directory traversal vulnerability in download2.php in cattaDoc 2.21, ...) TODO: check-old CVE-2007-1931 (SQL injection vulnerability in index.php in the slownik module in ...) TODO: check-old CVE-2007-1932 (Directory traversal vulnerability in scarnews.inc.php in ScarNews ...) TODO: check-old CVE-2007-1933 (Multiple directory traversal vulnerabilities in PcP-Guestbook ...) TODO: check-old CVE-2007-1934 (Directory traversal vulnerability in member.php in the eBoard 1.0.7 ...) TODO: check-old CVE-2007-1935 (PHP file inclusion vulnerability in admin/index.php in ScarAdControl ...) TODO: check-old CVE-2007-1936 (PHP remote file inclusion vulnerability in scaradcontrol.php in ...) TODO: check-old CVE-2007-1937 (PHP remote file inclusion vulnerability in smilies.php in Scorp Book ...) TODO: check-old CVE-2007-1938 (Ichitaro 2005 through 2007, and possibly related products, allows ...) TODO: check-old CVE-2007-1939 (Cross-site scripting (XSS) vulnerability in the embedded webserver in ...) TODO: check-old CVE-2007-1940 (IBM Tivoli Business Service Manager (TBSM) 4.1 before Interim Fix 1 ...) TODO: check-old CVE-2007-1941 (Cross-site scripting (XSS) vulnerability in the Active Content Filter ...) TODO: check-old CVE-2007-1942 (Integer overflow in FastStone Image Viewer 2.9 allows ...) TODO: check-old CVE-2007-1943 (Integer overflow in ACDSee Photo Manager 9.0 allows context-dependent ...) TODO: check-old CVE-2007-1944 (The Java Message Service (JMS) in IBM WebSphere Application Server ...) TODO: check-old CVE-2007-1945 (Unspecified vulnerability in the Servlet Engine/Web Container in IBM ...) TODO: check-old CVE-2007-1946 (Integer overflow in Windows Explorer in Microsoft Windows XP SP1 might ...) TODO: check-old CVE-2007-1947 (Cross-zone scripting vulnerability in the DOM templates (domplates) ...) TODO: check-old CVE-2007-1948 (Buffer overflow in IrfanView 3.99 allows context-dependent attackers ...) TODO: check-old CVE-2007-1949 (Session fixation vulnerability in WebBlizzard CMS allows remote ...) TODO: check-old CVE-2007-1950 (Cross-site scripting (XSS) vulnerability in index_cms.php in ...) TODO: check-old CVE-2007-1951 (Session fixation vulnerability in onelook obo Shop allows remote ...) TODO: check-old CVE-2007-1952 (Session fixation vulnerability in onelook onebyone CMS allows remote ...) TODO: check-old CVE-2007-1953 (Session fixation vulnerability in onelook courts on-line allows remote ...) TODO: check-old CVE-2007-1954 (Multiple directory traversal vulnerabilities in ArchiveXpert 2.02 ...) TODO: check-old CVE-2007-1955 (Multiple stack-based buffer overflows in the SignKorea SKCrypAX ...) TODO: check-old CVE-2007-1956 (SQL injection vulnerability in ubbthreads.php in Groupee UBB.threads ...) TODO: check-old CVE-2007-1957 (Multiple PHP remote file inclusion vulnerabilities in Guernion Sylvain ...) TODO: check-old CVE-2007-1958 (Buffer overflow in TinyMUX before 2.4 allows attackers to cause a ...) TODO: check-old CVE-2007-1959 (Unspecified vulnerability in the process_cmdent function in ...) TODO: check-old CVE-2007-1960 (SQL injection vulnerability in visit.php in the Rha7 Downloads ...) TODO: check-old CVE-2007-1961 (PHP remote file inclusion vulnerability in mutant_functions.php in the ...) TODO: check-old CVE-2007-1962 (SQL injection vulnerability in index.php in the WF-Snippets 1.02 and ...) TODO: check-old CVE-2007-1963 (SQL injection vulnerability in the create_session function in ...) TODO: check-old CVE-2007-1964 (member.php in MyBB (aka MyBulletinBoard), when debug mode is ...) TODO: check-old CVE-2007-1965 (Multiple cross-site scripting (XSS) vulnerabilities in eXV2 CMS ...) TODO: check-old CVE-2007-1966 (Session fixation vulnerability in eXV2 CMS 2.0.4.3 and earlier allows ...) TODO: check-old CVE-2007-1967 (** DISPUTED ** ...) TODO: check-old CVE-2007-1968 (PHP remote file inclusion vulnerability in games.php in Sam Crew ...) TODO: check-old CVE-2007-1969 (Cross-site scripting (XSS) vulnerability in admin/modify.php in Sam ...) TODO: check-old CVE-2007-1970 (Mozilla Firefox does not warn the user about HTTP elements on an HTTPS ...) TODO: check-old CVE-2007-1971 (SQL injection vulnerability in fotokategori.asp in Gazi Okul Sitesi ...) TODO: check-old CVE-2007-1972 (** DISPUTED ** ...) TODO: check-old CVE-2007-1973 (Race condition in the Virtual DOS Machine (VDM) in the Windows Kernel ...) TODO: check-old CVE-2007-1974 (SQL injection vulnerability in the getArticle function in ...) TODO: check-old CVE-2007-1975 (Multiple PHP remote file inclusion vulnerabilities in SLAED CMS 2 ...) TODO: check-old CVE-2007-1976 (** DISPUTED ** ...) TODO: check-old CVE-2007-1977 (Cross-site scripting (XSS) vulnerability in index_cms.php in holaCMS ...) TODO: check-old CVE-2007-1978 (SQL injection vulnerability in index.php in the Arcade 1.00 module for ...) TODO: check-old CVE-2007-1979 (SQL injection vulnerability in index.php in the PopnupBlog 2.52 and ...) TODO: check-old CVE-2007-1980 (SQL injection vulnerability in index.php in the Topliste 1.0 module ...) TODO: check-old CVE-2007-1981 (The safevoid_vsnprintf function in Metamod-P 1.19p29 and earlier on ...) TODO: check-old CVE-2007-1982 (Multiple PHP remote file inclusion vulnerabilities in Really Simple ...) TODO: check-old CVE-2007-1983 (PHP remote file inclusion vulnerability in include/default_header.php ...) TODO: check-old CVE-2007-1984 (PHP remote file inclusion vulnerability in index.php in lite-cms 0.2.1 ...) TODO: check-old CVE-2007-1985 (Multiple PHP remote file inclusion vulnerabilities in ...) TODO: check-old CVE-2007-1986 (Multiple PHP remote file inclusion vulnerabilities in barnraiser ...) TODO: check-old CVE-2007-1987 (** DISPUTED ** ...) TODO: check-old CVE-2007-1988 (Cross-site scripting (XSS) vulnerability in kernel/filters.inc.php in ...) TODO: check-old CVE-2007-1989 (Multiple cross-site scripting (XSS) vulnerabilities in DotClear before ...) TODO: check-old CVE-2007-1990 (PHP remote file inclusion vulnerability in games.php in Sam Crew ...) TODO: check-old CVE-2007-1991 (Cross-site scripting (XSS) vulnerability in mail/signup.asp in ...) TODO: check-old CVE-2007-1992 (Multiple PHP remote file inclusion vulnerabilities in the com_zoom 2.5 ...) TODO: check-old CVE-2007-1993 (Buffer overflow in the pfs_mountd.rpc RPC daemon in the Portable File ...) TODO: check-old CVE-2007-1994 (Unspecified vulnerability in the Address and Routing Parameter Area ...) TODO: check-old CVE-2007-1995 (bgpd/bgp_attr.c in Quagga 0.98.6 and earlier, and 0.99.6 and earlier ...) BUG: 174206 CVE-2007-1996 (PHP remote file inclusion vulnerability in codebreak.php in CodeBreak, ...) TODO: check-old CVE-2007-1997 (Integer signedness error in the (1) cab_unstore and (2) cab_extract ...) BUG: 174375 CVE-2007-1998 (Direct static code injection vulnerability in HIOX Guest Book (HGB) ...) TODO: check-old CVE-2007-1999 (PHP remote file inclusion vulnerability in index.php in Weatimages ...) TODO: check-old CVE-2007-2000 (Multiple SQL injection vulnerabilities in admin/admin.php in Crea-Book ...) TODO: check-old CVE-2007-2001 (Multiple direct static code injection vulnerabilities in ...) TODO: check-old CVE-2007-2002 (InoutMailingListManager 3.1 and earlier allows remote attackers to ...) TODO: check-old CVE-2007-2003 (InoutMailingListManager 3.1 and earlier sends a Location redirect ...) TODO: check-old CVE-2007-2004 (Multiple SQL injection vulnerabilities in InoutMailingListManager 3.1 ...) TODO: check-old CVE-2007-2005 (Multiple PHP remote file inclusion vulnerabilities in the Taskhopper ...) TODO: check-old CVE-2007-2006 (Multiple SQL injection vulnerabilities in login.php in pL-PHP beta 0.9 ...) TODO: check-old CVE-2007-2007 (admin.php in pL-PHP beta 0.9 allows remote attackers to bypass ...) TODO: check-old CVE-2007-2008 (Directory traversal vulnerability in admin.php in pL-PHP beta 0.9 ...) TODO: check-old CVE-2007-2009 (PHP remote file inclusion vulnerability in index.php in SimpCMS Light ...) TODO: check-old CVE-2007-2010 (Double free vulnerability in bftpd before 1.8 allows remote ...) TODO: check-old CVE-2007-2011 (Cross-site scripting (XSS) vulnerability in login.php in DeskPro 2.0.1 ...) TODO: check-old CVE-2007-2012 (Multiple directory traversal vulnerabilities in MimarSinan CompreXX ...) TODO: check-old CVE-2007-2013 (Cross-site scripting (XSS) vulnerability in index.php in JEx-Treme ...) TODO: check-old CVE-2007-2014 (PHP remote file inclusion vulnerability in ...) TODO: check-old CVE-2007-2015 (PHP remote file inclusion vulnerability in index.php in Request It ...) TODO: check-old CVE-2007-2016 (Cross-site scripting (XSS) vulnerability in mysql/phpinfo.php in ...) TODO: check-old CVE-2007-2017 (siteadmin/useredit.php in AlstraSoft Video Share Enterprise does not ...) TODO: check-old CVE-2007-2018 (SQL injection vulnerability in msg.php in AlstraSoft Video Share ...) TODO: check-old CVE-2007-2019 (PHP remote file inclusion vulnerability in init.gallery.php in ...) TODO: check-old CVE-2007-2020 (** DISPUTED ** ...) TODO: check-old CVE-2007-2021 (Multiple PHP remote file inclusion vulnerabilities in Pineapple ...) TODO: check-old CVE-2007-2022 (Adobe Macromedia Flash Player 7 and 9, when used with Opera before ...) BUG: 185141 CVE-2007-2023 (USB20.dll in Secustick USB flash drive decouples the authorization and ...) TODO: check-old CVE-2007-2024 (Unrestricted file upload vulnerability in the UpLoad feature ...) BUG: 174451 CVE-2007-2025 (Unrestricted file upload vulnerability in the UpLoad feature ...) BUG: 174451 CVE-2007-2026 (The gnu regular expression code in file 4.20 allows context-dependent ...) BUG: 174217 CVE-2007-2027 (Untrusted search path vulnerability in the add_filename_to_string ...) BUG: 177512 CVE-2007-2028 (Memory leak in freeRADIUS 1.1.5 and earlier allows remote attackers to ...) BUG: 174292 CVE-2007-2029 (File descriptor leak in the PDF handler in Clam AntiVirus (ClamAV) ...) TODO: check-old CVE-2007-2030 (lharc.c in lha does not securely create temporary files, which might ...) TODO: check-old CVE-2007-2031 (Buffer overflow in the HTTP proxy service for 3proxy 0.5 to 0.5.3g, ...) BUG: 174429 CVE-2007-2032 (Cisco Wireless Control System (WCS) before 4.0.96.0 has a hard-coded ...) TODO: check-old CVE-2007-2033 (Unspecified vulnerability in Cisco Wireless Control System (WCS) ...) TODO: check-old CVE-2007-2034 (Unspecified vulnerability in Cisco Wireless Control System (WCS) ...) TODO: check-old CVE-2007-2035 (Cisco Wireless Control System (WCS) before 4.0.66.0 stores sensitive ...) TODO: check-old CVE-2007-2036 (The SNMP implementation in the Cisco Wireless LAN Controller (WLC) ...) TODO: check-old CVE-2007-2037 (Cisco Wireless LAN Controller (WLC) before 3.2.116.21, and 4.0.x ...) TODO: check-old CVE-2007-2038 (The Network Processing Unit (NPU) in the Cisco Wireless LAN Controller ...) TODO: check-old CVE-2007-2039 (The Network Processing Unit (NPU) in the Cisco Wireless LAN Controller ...) TODO: check-old CVE-2007-2040 (Cisco Aironet 1000 Series and 1500 Series Lightweight Access Points ...) TODO: check-old CVE-2007-2041 (Cisco Wireless LAN Controller (WLC) before 4.0.206.0 saves the WLAN ...) TODO: check-old CVE-2007-2042 (Multiple PHP remote file inclusion vulnerabilities in the Avant-Garde ...) TODO: check-old CVE-2007-2043 (Multiple PHP remote file inclusion vulnerabilities in the Avant-Garde ...) TODO: check-old CVE-2007-2044 (PHP remote file inclusion vulnerability in mod_weather.php in the ...) TODO: check-old CVE-2007-2045 (Unspecified vulnerability in the IP implementation in Sun Solaris 8 ...) TODO: check-old CVE-2007-2046 (Multiple CRLF injection vulnerabilities in adclick.php in (a) Openads ...) TODO: check-old CVE-2007-2047 (CRLF injection vulnerability in www/delivery/ck.php in Openads 2.3 ...) TODO: check-old CVE-2007-2048 (Directory traversal vulnerability in /console in the Management ...) TODO: check-old CVE-2007-2049 (Multiple PHP remote file inclusion vulnerabilities in the Calendar ...) TODO: check-old CVE-2007-2050 (Multiple directory traversal vulnerabilities in header.php in ...) TODO: check-old CVE-2007-2051 (Buffer overflow in the parsecmd function in bftpd before 1.8 has ...) TODO: check-old CVE-2007-2052 (Off-by-one error in the PyLocale_strxfrm function in ...) TODO: check-old CVE-2007-2053 (Multiple stack-based buffer overflows in AFFLIB before 2.2.6 allow ...) TODO: check-old CVE-2007-2054 (Multiple format string vulnerabilities in AFFLIB before 2.2.6 allow ...) TODO: check-old CVE-2007-2055 (AFFLIB 2.2.8 and earlier allows attackers to execute arbitrary ...) TODO: check-old CVE-2007-2056 REJECTED TODO: check-old CVE-2007-2057 (Stack-based buffer overflow in aircrack-ng airodump-ng 0.7 allows ...) BUG: 174340 CVE-2007-2058 (Directory traversal vulnerability in Acubix PicoZip 4.02 allows ...) TODO: check-old CVE-2007-2059 (Multiple buffer overflows in the ESA protocol implementation in ...) TODO: check-old CVE-2007-2060 (Cross-zone scripting vulnerability in the Wizz RSS Reader before 2.1.9 ...) TODO: check-old CVE-2007-2061 (Cross-site scripting (XSS) vulnerability in check_login.asp in ...) TODO: check-old CVE-2007-2062 (Stack-based buffer overflow in VCDGear 3.55 and 3.56 BETA allows ...) TODO: check-old CVE-2007-2063 (SSH Tectia Server for IBM z/OS before 5.4.0 uses insecure ...) TODO: check-old CVE-2007-2064 (Multiple PHP remote file inclusion vulnerabilities in Robert ...) TODO: check-old CVE-2007-2065 (PHP remote file inclusion vulnerability in db/PollDB.php in Robert ...) TODO: check-old CVE-2007-2066 (UseBB before 1.0.6 allows remote attackers to obtain sensitive ...) TODO: check-old CVE-2007-2067 (Multiple PHP remote file inclusion vulnerabilities in Marco Antonio ...) TODO: check-old CVE-2007-2068 (Multiple PHP remote file inclusion vulnerabilities in the StoreFront ...) TODO: check-old CVE-2007-2069 (Directory traversal vulnerability in scr/soustab.php in openMairie ...) TODO: check-old CVE-2007-2070 (Multiple PHP remote file inclusion vulnerabilities in Turnkey Web ...) TODO: check-old CVE-2007-2071 (Multiple cross-site scripting (XSS) vulnerabilities in Open-gorotto ...) TODO: check-old CVE-2007-2072 (** DISPUTED ** ...) TODO: check-old CVE-2007-2073 (PHP remote file inclusion vulnerability in index.php in Ivan Gallery ...) TODO: check-old CVE-2007-2074 (Certain programs in containers in ScramDisk 4 Linux before 1.0-1 ...) TODO: check-old CVE-2007-2075 (ScramDisk 4 Linux before 1.0-1 does not perform permission checks on ...) TODO: check-old CVE-2007-2076 (PHP remote file inclusion vulnerability in index.php in Maian Gallery ...) TODO: check-old CVE-2007-2077 (PHP remote file inclusion vulnerability in search.php in Maian Search ...) TODO: check-old CVE-2007-2078 (** DISPUTED ** ...) TODO: check-old CVE-2007-2079 (The ADONewConnection Connect function in adodb.php in XAMPP 1.6.0a and ...) TODO: check-old CVE-2007-2080 (Multiple SQL injection vulnerabilities in XAMPP 1.6.0a for Windows ...) TODO: check-old CVE-2007-2081 (MyBlog 0.9.8 and earlier allows remote attackers to bypass ...) TODO: check-old CVE-2007-2082 (Direct static code injection vulnerability in admin/settings.php in ...) TODO: check-old CVE-2007-2083 (vsdatant.sys in Check Point Zone Labs ZoneAlarm Pro before 7.0.302.000 ...) TODO: check-old CVE-2007-2084 (** DISPUTED ** ...) TODO: check-old CVE-2007-2085 (Cross-site scripting (XSS) vulnerability in oe2edit.cgi in oe2edit CMS ...) TODO: check-old CVE-2007-2086 (Multiple PHP remote file inclusion vulnerabilities in CNStats 2.9 ...) TODO: check-old CVE-2007-2087 (Multiple PHP remote file inclusion vulnerabilities in CNStats 2.12, ...) TODO: check-old CVE-2007-2088 (Multiple PHP remote file inclusion vulnerabilities in Sitebar 3.3.5 ...) TODO: check-old CVE-2007-2089 (Multiple PHP remote file inclusion vulnerabilities in the Jx ...) TODO: check-old CVE-2007-2090 (Cross-site scripting (XSS) vulnerability in index.php in TuMusika ...) TODO: check-old CVE-2007-2091 (PHP remote file inclusion vulnerability in ...) TODO: check-old CVE-2007-2092 (Direct static code injection vulnerability in index.php in Limesoft ...) TODO: check-old CVE-2007-2093 (Direct static code injection vulnerability in index.php in Limesoft ...) TODO: check-old CVE-2007-2094 (PHP remote file inclusion vulnerability in index.php in Anthologia ...) TODO: check-old CVE-2007-2095 (PHP remote file inclusion vulnerability in chat.php in MySpeach 1.9 ...) TODO: check-old CVE-2007-2096 (PHP remote file inclusion vulnerability in common.php in Hinton Design ...) TODO: check-old CVE-2007-2097 (** DISPUTED ** ...) TODO: check-old CVE-2007-2098 (Multiple cross-site scripting (XSS) vulnerabilities in showpic.php in ...) TODO: check-old CVE-2007-2099 (Cross-site scripting (XSS) vulnerability in htdocs/php.php in ...) TODO: check-old CVE-2007-2100 (FAC Guestbook 2.0 stores sensitive information under the web root with ...) TODO: check-old CVE-2007-2101 (FAC Guestbook 3.01 stores sensitive information under the web root ...) TODO: check-old CVE-2007-2102 (Cross-site scripting (XSS) vulnerability in weblog.php in my little ...) TODO: check-old CVE-2007-2103 (Multiple PHP remote file inclusion vulnerabilities in my little forum ...) TODO: check-old CVE-2007-2104 (Multiple directory traversal vulnerabilities in iXon CMS 0.30 allow ...) TODO: check-old CVE-2007-2105 (Directory traversal vulnerability in admin/index.php in Monkey CMS ...) TODO: check-old CVE-2007-2106 (Directory traversal vulnerability in index.php in Kai Content ...) TODO: check-old CVE-2007-2107 (SQL injection vulnerability in visit.php in the Rha7 Downloads ...) TODO: check-old CVE-2007-2108 (Unspecified vulnerability in the Core RDBMS component in Oracle ...) TODO: check-old CVE-2007-2109 (Multiple unspecified vulnerabilities in Oracle Database 10.2.0.3 have ...) TODO: check-old CVE-2007-2110 (Unspecified vulnerability in the Core RDBMS component for Oracle ...) TODO: check-old CVE-2007-2111 (SQL injection vulnerability in the SYS.DBMS_AQADM_SYS package in ...) TODO: check-old CVE-2007-2112 (Unspecified vulnerability in the Authentication component for Oracle ...) TODO: check-old CVE-2007-2113 (SQL injection vulnerability in the Upgrade/Downgrade component ...) TODO: check-old CVE-2007-2114 (Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 and ...) TODO: check-old CVE-2007-2115 (Unspecified vulnerability in the Change Data Capture (CDC) component ...) TODO: check-old CVE-2007-2116 (Unspecified vulnerability in the Advanced Replication component in ...) TODO: check-old CVE-2007-2117 (Unspecified vulnerability in the Oracle Text component in Oracle ...) TODO: check-old CVE-2007-2118 (Unspecified vulnerability in the Upgrade/Downgrade component of Oracle ...) TODO: check-old CVE-2007-2119 (Cross-site scripting (XSS) vulnerability in boundary_rules.jsp in the ...) TODO: check-old CVE-2007-2120 (The Oracle Discoverer servlet in Oracle Application Server 9.0.4.3, ...) TODO: check-old CVE-2007-2121 (Unspecified vulnerability in the COREid Access component in Oracle ...) TODO: check-old CVE-2007-2122 (Unspecified vulnerability in the Wireless component in Oracle ...) TODO: check-old CVE-2007-2123 (Unspecified vulnerability in the Portal component in Oracle ...) TODO: check-old CVE-2007-2124 (Unspecified vulnerability in the Portal component in Oracle ...) TODO: check-old CVE-2007-2125 (Unspecified vulnerability in Collaborative Workspace in Oracle ...) TODO: check-old CVE-2007-2126 (Unspecified vulnerability in Oracle E-Business Suite 11.5.10CU2 has ...) TODO: check-old CVE-2007-2127 (Multiple unspecified vulnerabilities in Oracle E-Business Suite 12.0.0 ...) TODO: check-old CVE-2007-2128 (Unspecified vulnerability in the Sales Online component for Oracle ...) TODO: check-old CVE-2007-2129 (Unspecified vulnerability in the Agent component in Oracle Enterprise ...) TODO: check-old CVE-2007-2130 (Unspecified vulnerability in Workflow Cartridge, as used in Oracle ...) TODO: check-old CVE-2007-2131 (Unspecified vulnerability in PeopleTools in Oracle PeopleSoft ...) TODO: check-old CVE-2007-2132 (Unspecified vulnerability in the PeopleTools component in Oracle ...) TODO: check-old CVE-2007-2133 (Unspecified vulnerability in the PeopleSoft Enterprise Human Capital ...) TODO: check-old CVE-2007-2134 (Unspecified vulnerability in the HTML Server in Oracle JD Edwards ...) TODO: check-old CVE-2007-2135 (The ADI_BINARY component in the Oracle E-Business Suite allows remote ...) TODO: check-old CVE-2007-2136 (Stack-based buffer overflow in bgs_sdservice.exe in BMC Patrol ...) TODO: check-old CVE-2007-2137 (Heap-based buffer overflow in kde.dll in IBM Tivoli Monitoring Express ...) TODO: check-old CVE-2007-2138 (Untrusted search path vulnerability in PostgreSQL before 7.3.19, 7.4.x ...) BUG: 175791 CVE-2007-2139 (Multiple stack-based buffer overflows in the SUN RPC service in CA ...) TODO: check-old CVE-2007-2140 (PHP remote file inclusion vulnerability in everything.php in Franklin ...) TODO: check-old CVE-2007-2141 (Direct static code injection vulnerability in shoutbox.php in ShoutPro ...) TODO: check-old CVE-2007-2142 (Multiple PHP remote file inclusion vulnerabilities in AjPortal2Php ...) TODO: check-old CVE-2007-2143 (PHP remote file inclusion vulnerability in index.php in the Be2004-2 ...) TODO: check-old CVE-2007-2144 (PHP remote file inclusion vulnerability in includes/CAltInstaller.php ...) TODO: check-old CVE-2007-2145 (The imagecomments function in classes.php in MiniGal b13 allows remote ...) TODO: check-old CVE-2007-2146 (The imagecomments function in classes.php in MiniGal b13 allow remote ...) TODO: check-old CVE-2007-2147 (admin/options.php in Stephen Craton (aka WiredPHP) Chatness 2.5.3 and ...) TODO: check-old CVE-2007-2148 (Direct static code injection vulnerability in admin/save.php in ...) TODO: check-old CVE-2007-2149 (Stephen Craton (aka WiredPHP) Chatness 2.5.3 and earlier stores ...) TODO: check-old CVE-2007-2150 (BlueArc-FTPD in BlueArc Titan 2x00 devices with firmware 4.2.944b ...) TODO: check-old CVE-2007-2151 (The administration server in McAfee e-Business Server before 8.1.1 and ...) TODO: check-old CVE-2007-2152 (Buffer overflow in the On-Access Scanner in McAfee VirusScan ...) TODO: check-old CVE-2007-2153 (Cross-site scripting (XSS) vulnerability in atmail.php in @Mail 5.0 ...) TODO: check-old CVE-2007-2154 (PHP remote file inclusion vulnerability in ...) TODO: check-old CVE-2007-2155 (Directory traversal vulnerability in template.php in in phpFaber ...) TODO: check-old CVE-2007-2156 (Multiple PHP remote file inclusion vulnerabilities in Rezervi Generic ...) TODO: check-old CVE-2007-2157 (Directory traversal vulnerability in upload/force_download.php in ...) TODO: check-old CVE-2007-2158 (PHP remote file inclusion vulnerability in index.php in jGallery 1.3 ...) TODO: check-old CVE-2007-2159 (Multiple cross-site scripting (XSS) vulnerabilities in the Database ...) TODO: check-old CVE-2007-2160 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...) TODO: check-old CVE-2007-2161 (Microsoft Internet Explorer 7 allows remote attackers to cause a ...) TODO: check-old CVE-2007-2162 ((1) Mozilla Firefox 2.0.0.3 and (2) GNU IceWeasel 2.0.0.3 allow remote ...) TODO: check-old CVE-2007-2163 (Apple Safari allows remote attackers to cause a denial of service ...) TODO: check-old CVE-2007-2164 (Konqueror 3.5.5 release 45.4 allows remote attackers to cause a denial ...) TODO: check-old CVE-2007-2165 (The Auth API in ProFTPD before 20070417, when multiple simultaneous ...) TODO: check-old CVE-2007-2166 (PHP remote file inclusion vulnerability in ...) TODO: check-old CVE-2007-2167 (Static code injection vulnerability in process.php in AimStats 3.2 ...) TODO: check-old CVE-2007-2168 (Static code injection vulnerability in process.php in AimStats 3.2 and ...) TODO: check-old CVE-2007-2169 (Static code injection vulnerability in add.php in Mozzers SubSystem ...) TODO: check-old CVE-2007-2170 (The APPLSYS.FND_DM_NODES package in Oracle E-Business Suite does not ...) TODO: check-old CVE-2007-2171 (Stack-based buffer overflow in the base64_decode function in ...) TODO: check-old CVE-2007-2172 (A typo in Linux kernel 2.6 before 2.6.21-rc6 and 2.4 before 2.4.35 ...) TODO: check-old CVE-2007-2173 (Eval injection vulnerability in (1) courier-imapd.indirect and (2) ...) TODO: check-old CVE-2007-2174 (The IOCTL handling in srescan.sys in the ZoneAlarm Spyware Removal ...) TODO: check-old CVE-2007-2175 (Apple QuickTime Java extensions (QTJava.dll), as used in Safari and ...) TODO: check-old CVE-2007-2176 (Unspecified vulnerability in Mozilla Firefox allows remote attackers ...) TODO: check-old CVE-2007-2177 (Stack-based buffer overflow in the Microgaming Download Helper ActiveX ...) TODO: check-old CVE-2007-2178 (Multiple unspecified vulnerabilities in Objective Development Sharity ...) TODO: check-old CVE-2007-2179 (Multiple unspecified vulnerabilities in IXceedCompression in ...) TODO: check-old CVE-2007-2180 (Buffer overflow in Nullsoft Winamp 5.3 allows user-assisted remote ...) TODO: check-old CVE-2007-2181 (PHP remote file inclusion vulnerability in admin/login.php in Webinsta ...) TODO: check-old CVE-2007-2182 (Unrestricted file upload vulnerability in forum_write.php in Maran PHP ...) TODO: check-old CVE-2007-2183 (SQL injection vulnerability in index.php in PHP-Ring Webring System ...) TODO: check-old CVE-2007-2184 (Directory traversal vulnerability in imgsrv.php in jchit counter 1.0.0 ...) TODO: check-old CVE-2007-2185 (Multiple PHP remote file inclusion vulnerabilities in Supasite 1.23b ...) TODO: check-old CVE-2007-2186 (Foxit Reader 2.0 allows remote attackers to cause a denial of service ...) TODO: check-old CVE-2007-2187 (Stack-based buffer overflow in eXtremail 2.1.1 and earlier allows ...) TODO: check-old CVE-2007-2188 (eXtremail 2.1.1 and earlier does not verify the ID field (aka ...) TODO: check-old CVE-2007-2189 (PHP remote file inclusion vulnerability in admin/admin_album_otf.php ...) TODO: check-old CVE-2007-2190 (PHP remote file inclusion vulnerability in admin/public/webpages.php ...) TODO: check-old CVE-2007-2191 (Multiple cross-site scripting (XSS) vulnerabilities in freePBX 2.2.x ...) TODO: check-old CVE-2007-2192 (Buffer overflow in Photofiltre Studio 8.1.1 allows user-assisted ...) TODO: check-old CVE-2007-2193 (Stack-based buffer overflow in the ID_X.apl plugin in ACDSee 9.0 Build ...) TODO: check-old CVE-2007-2194 (Stack-based buffer overflow in XnView 1.90.3 allows user-assisted ...) BUG: 175670 CVE-2007-2195 (aMSN (aka Alvaro's Messenger) 0.96 and earlier allows remote attackers ...) TODO: check-old CVE-2007-2196 (** DISPUTED ** ...) TODO: check-old CVE-2007-2197 (Race condition in the NeatUpload ASP.NET component 1.2.11 through ...) TODO: check-old CVE-2007-2198 (Cross-site scripting (XSS) vulnerability in LAN Management System ...) TODO: check-old CVE-2007-2199 (PHP remote file inclusion vulnerability in lib/pcltar.lib.php (aka ...) TODO: check-old CVE-2007-2200 (Directory traversal vulnerability in navigator/navigator_ok.php in ...) TODO: check-old CVE-2007-2201 (Multiple PHP remote file inclusion vulnerabilities in Post Revolution ...) TODO: check-old CVE-2007-2202 (PHP remote file inclusion vulnerability in inc_ACVS/SOAP/Transport.php ...) TODO: check-old CVE-2007-2203 (Cross-site scripting (XSS) vulnerability in Big Blue Guestbook allows ...) TODO: check-old CVE-2007-2204 (Multiple PHP remote file inclusion vulnerabilities in GPL PHP Board ...) TODO: check-old CVE-2007-2205 (PHP remote file inclusion vulnerability in modules/rtmessageadd.php in ...) TODO: check-old CVE-2007-2206 (Cross-site scripting (XSS) vulnerability in contact/index.php in Ripe ...) TODO: check-old CVE-2007-2207 (SQL injection vulnerability in contact/index.php in Ripe Website ...) TODO: check-old CVE-2007-2208 (Multiple PHP remote file inclusion vulnerabilities in Extreme PHPBB2 ...) TODO: check-old CVE-2007-2209 (Buffer overflow in igcore15d.dll 15.1.2.0 and 15.2.0.0 for AccuSoft ...) TODO: check-old CVE-2007-2210 (A certain ActiveX control in askPopStp.dll in Netsprint Ask IE Toolbar ...) TODO: check-old CVE-2007-2211 (SQL injection vulnerability in calendar.php in MyBB (aka ...) TODO: check-old CVE-2007-2212 (Multiple SQL injection vulnerabilities in calendar.php in MyBB (aka ...) TODO: check-old CVE-2007-2213 (Unspecified vulnerability in the Initialize function in ...) TODO: check-old CVE-2007-2214 (Unrestricted file upload vulnerability in includes/upload_file.php in ...) TODO: check-old CVE-2007-2215 RESERVED CVE-2007-2216 (The tblinf32.dll (aka vstlbinf.dll) ActiveX control for Internet ...) TODO: check-old CVE-2007-2217 (Kodak Image Viewer in Microsoft Windows 2000 SP4, and in some cases XP ...) NOT-FOR-US: Kodak Image Viewer CVE-2007-2218 (Unspecified vulnerability in the Windows Schannel Security Package for ...) TODO: check-old CVE-2007-2219 (Unspecified vulnerability in the Win32 API on Microsoft Windows 2000, ...) TODO: check-old CVE-2007-2220 RESERVED CVE-2007-2221 (Unspecified vulnerability in the mdsauth.dll COM object in Microsoft ...) TODO: check-old CVE-2007-2222 (Multiple buffer overflows in the (1) ActiveListen (Xlisten.dll) and ...) TODO: check-old CVE-2007-2223 (Microsoft XML Core Services (MSXML) 3.0 through 6.0 allows remote ...) TODO: check-old CVE-2007-2224 (Object linking and embedding (OLE) Automation, as used in Microsoft ...) TODO: check-old CVE-2007-2225 (A component in Microsoft Outlook Express 6 and Windows Mail in Windows ...) TODO: check-old CVE-2007-2226 RESERVED CVE-2007-2227 (The MHTML protocol handler in Microsoft Outlook Express 6 and Windows ...) TODO: check-old CVE-2007-2228 (rpcrt4.dll (aka the RPC runtime library) in Microsoft Windows XP SP2, ...) NOT-FOR-US: Microsoft windows CVE-2007-2229 (Microsoft Windows Vista uses insecure default permissions for ...) TODO: check-old CVE-2007-2230 (SQL injection vulnerability in CA Clever Path Portal allows remote ...) TODO: check-old CVE-2007-2231 (Directory traversal vulnerability in index/mbox/mbox-storage.c in ...) TODO: check-old CVE-2007-2232 (The CHECK command in Cosign 2.0.1 and earlier allows remote attackers ...) TODO: check-old CVE-2007-2233 (cosign-bin/cosign.cgi in Cosign 2.0.2 and earlier allows remote ...) TODO: check-old CVE-2007-2234 (include/common.php in PunBB 1.2.14 and earlier does not properly ...) TODO: check-old CVE-2007-2235 (Multiple cross-site scripting (XSS) vulnerabilities in PunBB 1.2.14 ...) TODO: check-old CVE-2007-2236 (footer.php in PunBB 1.2.14 and earlier allows remote attackers to ...) TODO: check-old CVE-2007-2237 (Microsoft Windows Graphics Device Interface (GDI+, GdiPlus.dll) allows ...) TODO: check-old CVE-2007-2238 (Multiple stack-based buffer overflows in the Whale Client Components ...) NOT-FOR-US: microsoft intelligent_application_gateway_2007 CVE-2007-2239 (Stack-based buffer overflow in the SaveBMP method in the AXIS Camera ...) TODO: check-old CVE-2007-2240 (The IBM Lenovo Access Support acpRunner ActiveX control, as ...) TODO: check-old CVE-2007-2241 (Unspecified vulnerability in query.c in ISC BIND 9.4.0, and 9.5.0a1 ...) TODO: check-old CVE-2007-2242 (The IPv6 protocol allows remote attackers to cause a denial of service ...) TODO: check-old CVE-2007-2243 (OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is ...) TODO: check-old CVE-2007-2244 (Multiple buffer overflows in Adobe Photoshop CS2 and CS3, Illustrator ...) TODO: check-old CVE-2007-2245 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...) TODO: check-old CVE-2007-2246 (Unspecified vulnerability in HP-UX B.11.00 and B.11.11, when running ...) TODO: check-old CVE-2007-2247 (SQL injection vulnerability in modules/news/article.php in phpMySpace ...) TODO: check-old CVE-2007-2248 (Multiple cross-site scripting (XSS) vulnerabilities in admin.php in ...) TODO: check-old CVE-2007-2249 (include/controlcenter/users.php in Phorum before 5.1.22 allows remote ...) TODO: check-old CVE-2007-2250 (admin.php in Phorum before 5.1.22 allows remote attackers to obtain ...) TODO: check-old CVE-2007-2251 (Unspecified vulnerability in the Roles module in Xaraya 1.1.2 and ...) TODO: check-old CVE-2007-2252 (Directory traversal vulnerability in iconspopup.php in Exponent CMS ...) TODO: check-old CVE-2007-2253 (Exponent CMS 0.96.6 Alpha and earlier allows remote attackers to ...) TODO: check-old CVE-2007-2254 (PHP remote file inclusion vulnerability in admin/setup/level2.php in ...) TODO: check-old CVE-2007-2255 (Multiple PHP remote file inclusion vulnerabilities in Download-Engine ...) TODO: check-old CVE-2007-2256 (Cross-site scripting (XSS) vulnerability in you.php in TJSChat 0.95 ...) TODO: check-old CVE-2007-2257 (PHP remote file inclusion vulnerability in subscp.php in Fully Modded ...) TODO: check-old CVE-2007-2258 (PHP remote file inclusion vulnerability in includes/init.inc.php in ...) TODO: check-old CVE-2007-2259 (SQL injection vulnerability in forum.php in EsForum 3.0 allows remote ...) TODO: check-old CVE-2007-2260 (Multiple PHP remote file inclusion vulnerabilities in bibtex mase beta ...) TODO: check-old CVE-2007-2261 (PHP remote file inclusion vulnerability in ...) TODO: check-old CVE-2007-2262 (Multiple PHP remote file inclusion vulnerabilities in ...) TODO: check-old CVE-2007-2263 (Heap-based buffer overflow in RealNetworks RealPlayer 10.0, 10.1, and ...) NOTE: 10.0.9 already stable CVE-2007-2264 (Heap-based buffer overflow in RealNetworks RealPlayer 8, 10, 10.1, and ...) NOTE: 10.0.9 already stable CVE-2007-2265 (Cross-site scripting (XSS) vulnerability in YA Book 0.98-alpha allows ...) TODO: check-old CVE-2007-2266 (Progress Webspeed Messenger allows remote attackers to read, create, ...) TODO: check-old CVE-2007-2267 (Unspecified vulnerability in Sun Cluster 3.1 and Solaris Cluster 3.2 ...) TODO: check-old CVE-2007-2268 (Multiple directory traversal vulnerabilities in SWsoft Plesk for ...) TODO: check-old CVE-2007-2269 (Directory traversal vulnerability in top.php3 in SWsoft Plesk for ...) TODO: check-old CVE-2007-2270 (The Linksys SPA941 VoIP Phone allows remote attackers to cause a ...) TODO: check-old CVE-2007-2271 (Directory traversal vulnerability in Rajneel Lal TotaRam USP FOSS ...) TODO: check-old CVE-2007-2272 (PHP remote file inclusion vulnerability in ...) TODO: check-old CVE-2007-2273 (PHP remote file inclusion vulnerability in include/loading.php in ...) TODO: check-old CVE-2007-2274 (The BitTorrent implementation in Opera 9.2 allows remote attackers to ...) TODO: check-old CVE-2007-2275 (Unspecified vulnerability in HP StorageWorks Command View Advanced ...) TODO: check-old CVE-2007-2276 (** DISPUTED ** ...) TODO: check-old CVE-2007-2277 (Session fixation vulnerability in Plogger allows remote attackers to ...) TODO: check-old CVE-2007-2278 (Multiple PHP remote file inclusion vulnerabilities in DCP-Portal 6.1.1 ...) TODO: check-old CVE-2007-2279 (The Scheduler Service (VxSchedService.exe) in Symantec Storage ...) TODO: check-old CVE-2007-2280 (Stack-based buffer overflow in OmniInet.exe (aka the backup client ...) NOT-FOR-US: OmniInet exe aka the backup client service daemon in the Application Recovery Manager component in HP OpenView Storage Data Protector CVE-2007-2281 (Integer overflow in the _ncp32._NtrpTCPReceiveMsg function in rds.exe ...) NOT-FOR-US: Cell Manager Database Service in the Application Recovery Manager component in HP OpenView Storage Data Protector CVE-2007-2282 (Cisco Network Services (CNS) NetFlow Collection Engine (NFC) before ...) TODO: check-old CVE-2007-2283 (Buffer overflow in Fresh View 7.15 allows user-assisted remote ...) TODO: check-old CVE-2007-2284 (Buffer overflow in ABC-View Manager 1.42 allows user-assisted remote ...) TODO: check-old CVE-2007-2285 (Directory traversal vulnerability in examples/layout/feed-proxy.php in ...) TODO: check-old CVE-2007-2286 (PHP remote file inclusion vulnerability in config.php in Built2Go PHP ...) TODO: check-old CVE-2007-2287 (PHP remote file inclusion vulnerability in accept.php in comus 2.0 ...) TODO: check-old CVE-2007-2288 (PHP remote file inclusion vulnerability in info.php in Doruk100.net ...) TODO: check-old CVE-2007-2289 (PHP remote file inclusion vulnerability in ...) TODO: check-old CVE-2007-2290 (Multiple PHP remote file inclusion vulnerabilities in B2 Weblog and ...) TODO: check-old CVE-2007-2291 (CRLF injection vulnerability in the Digest Authentication support for ...) TODO: check-old CVE-2007-2292 (CRLF injection vulnerability in the Digest Authentication support for ...) BUG: 196480 CVE-2007-2293 (Multiple stack-based buffer overflows in the process_sdp function in ...) TODO: check-old CVE-2007-2294 (The Manager Interface in Asterisk before 1.2.18 and 1.4.x before 1.4.3 ...) TODO: check-old CVE-2007-2295 (Heap-based buffer overflow in the JVTCompEncodeFrame function in Apple ...) TODO: check-old CVE-2007-2296 (Integer overflow in the FlipFileTypeAtom_BtoN function in Apple ...) TODO: check-old CVE-2007-2297 (The SIP channel driver (chan_sip) in Asterisk before 1.2.18 and 1.4.x ...) TODO: check-old CVE-2007-2298 (Multiple PHP remote file inclusion vulnerabilities in Garennes 0.6.1 ...) TODO: check-old CVE-2007-2299 (Multiple SQL injection vulnerabilities in Frogss CMS 0.7 and earlier ...) TODO: check-old CVE-2007-2300 (Multiple cross-site scripting (XSS) vulnerabilities in Endy Kristanto ...) TODO: check-old CVE-2007-2301 (Multiple PHP remote file inclusion vulnerabilities in audioCMS arash ...) TODO: check-old CVE-2007-2302 (PHP remote file inclusion vulnerability in autoindex.php in Expow 0.8 ...) TODO: check-old CVE-2007-2303 (Directory traversal vulnerability in includes/footer.php in News ...) TODO: check-old CVE-2007-2304 (Multiple directory traversal vulnerabilities in Quick and Dirty Blog ...) TODO: check-old CVE-2007-2305 (Multiple SQL injection vulnerabilities in authenticate.php in Quick ...) TODO: check-old CVE-2007-2306 (Multiple cross-site scripting (XSS) vulnerabilities in the Virtual War ...) TODO: check-old CVE-2007-2307 (PHP remote file inclusion vulnerability in engine/engine.inc.php in ...) TODO: check-old CVE-2007-2308 (Cross-site scripting (XSS) vulnerability in cas.php in FloweRS 2.0 ...) TODO: check-old CVE-2007-2309 (Cross-site scripting (XSS) vulnerability in cas.php in FloweRS 2.0 ...) TODO: check-old CVE-2007-2310 (Cross-site scripting (XSS) vulnerability in plugins/spaw/img_popup.php ...) TODO: check-old CVE-2007-2311 (** DISPUTED ** ...) TODO: check-old CVE-2007-2312 (Multiple SQL injection vulnerabilities in the Virtual War (VWar) 1.5.0 ...) TODO: check-old CVE-2007-2313 (PHP remote file inclusion vulnerability in getinfo1.php in the ...) TODO: check-old CVE-2007-2314 (Multiple SQL injection vulnerabilities in Crea-Book 1.0, and possibly ...) TODO: check-old CVE-2007-2315 (MiniShare 1.5.4, and possibly earlier, allows remote attackers to ...) TODO: check-old CVE-2007-2316 (Unspecified vulnerability in the admin script in Open Business ...) TODO: check-old CVE-2007-2317 (Multiple PHP remote file inclusion vulnerabilities in MiniBB Forum ...) TODO: check-old CVE-2007-2318 (Multiple format string vulnerabilities in FileZilla before 2.2.32 ...) TODO: check-old CVE-2007-2319 (PHP remote file inclusion vulnerability in the AutoStand 1.1 and ...) TODO: check-old CVE-2007-2320 (SQL injection vulnerability in kontakt.php in Papoo 3.02 and earlier ...) TODO: check-old CVE-2007-2321 (Unspecified vulnerability in the search functionality in SilverStripe ...) TODO: check-old CVE-2007-2322 (NMMediaServer.exe in Nero MediaHome 2.5.5.0 and CE 1.3.0.4 allows ...) TODO: check-old CVE-2007-2323 (Multiple buffer overflows in the WinDVDX ActiveX control in InterVideo ...) TODO: check-old CVE-2007-2324 (Directory traversal vulnerability in file.php in JulmaCMS 1.4 allows ...) TODO: check-old CVE-2007-2325 (PHP remote file inclusion vulnerability in include.php in MyNewsGroups :) ...) TODO: check-old CVE-2007-2326 (Multiple PHP remote file inclusion vulnerabilities in HYIP Manager Pro ...) TODO: check-old CVE-2007-2327 (PHP remote file inclusion vulnerability in _editor.php in HTMLeditbox ...) TODO: check-old CVE-2007-2328 (PHP remote file inclusion vulnerability in addvip.php in phpMYTGP 1.4b ...) TODO: check-old CVE-2007-2329 (PHP remote file inclusion vulnerability in searchbot.php in ...) TODO: check-old CVE-2007-2330 (PHP remote file inclusion vulnerability in includes_handler.php in ...) TODO: check-old CVE-2007-2331 (PHP remote file inclusion vulnerability in cart.php in Shop-Script 2.0 ...) TODO: check-old CVE-2007-2332 (Nortel VPN Router (aka Contivity) 1000, 2000, 4000, and 5000 before ...) TODO: check-old CVE-2007-2333 (Nortel VPN Router (aka Contivity) 1000, 2000, 4000, and 5000 before ...) TODO: check-old CVE-2007-2334 (Nortel VPN Router (aka Contivity) 1000, 2000, 4000, and 5000 before ...) TODO: check-old CVE-2007-2335 (Cross-site scripting (XSS) vulnerability in the RSS feed reader ...) TODO: check-old CVE-2007-2336 (Unspecified vulnerability in InterVations NaviCOPA Web Server 2.01 ...) TODO: check-old CVE-2007-2337 (Multiple cross-site scripting (XSS) vulnerabilities in Exponent CMS ...) TODO: check-old CVE-2007-2338 (Cross-site request forgery (CSRF) vulnerability in ...) TODO: check-old CVE-2007-2339 (Multiple SQL injection vulnerabilities in Phorum before 5.1.22 allow ...) TODO: check-old CVE-2007-2340 (Multiple PHP remote file inclusion vulnerabilities in ...) TODO: check-old CVE-2007-2341 (PHP remote file inclusion vulnerability in suite/index.php in ...) TODO: check-old CVE-2007-2342 (SQL injection vulnerability in error.asp in CreaScripts CreaDirectory ...) TODO: check-old CVE-2007-2343 (Stack-based buffer overflow in the TFTPD component in Enterasys ...) TODO: check-old CVE-2007-2344 (The BOOTPD component in Enterasys NetSight Console 2.1 and NetSight ...) TODO: check-old CVE-2007-2345 (PHP remote file inclusion vulnerability in ...) TODO: check-old CVE-2007-2346 (Multiple PHP remote file inclusion vulnerabilities in PHP-Generics 1.0 ...) TODO: check-old CVE-2007-2347 (PHP remote file inclusion vulnerability in main/forum/komentar.php in ...) TODO: check-old CVE-2007-2348 (mirror --script in lftp before 3.5.9 does not properly quote shell ...) TODO: check-old CVE-2007-2349 (Cross-site scripting (XSS) vulnerability in Invision Power Board ...) TODO: check-old CVE-2007-2350 (admin/config.php in the music-on-hold module in freePBX 2.2.x allows ...) TODO: check-old CVE-2007-2351 (Unspecified vulnerability in the HP Power Manager Remote Agent (RA) ...) TODO: check-old CVE-2007-2352 (Multiple format string vulnerabilities in AFFLIB 2.2.6 allow remote ...) TODO: check-old CVE-2007-2353 (Apache Axis 1.0 allows remote attackers to obtain sensitive ...) TODO: check-old CVE-2007-2354 (Progress Webspeed Messenger allows remote attackers to obtain ...) TODO: check-old CVE-2007-2355 (The get_url function in DODS_Dispatch.pm for the CGI_server in OPeNDAP ...) TODO: check-old CVE-2007-2356 (Stack-based buffer overflow in the set_color_table function in ...) BUG: 176226 CVE-2007-2357 (Cross-site scripting (XSS) vulnerability in mods/Core/result.php in ...) TODO: check-old CVE-2007-2358 (** DISPUTED ** ...) TODO: check-old CVE-2007-2359 (Buffer overflow in Ghost Service Manager, as used in Symantec Norton ...) TODO: check-old CVE-2007-2360 (Symantec Norton Ghost, Norton Save & Recovery, LiveState Recovery, and ...) TODO: check-old CVE-2007-2361 (Symantec Norton Ghost, Norton Save & Recovery, LiveState Recovery, and ...) TODO: check-old CVE-2007-2362 (Multiple buffer overflows in MyDNS 1.1.0 allow remote attackers to (1) ...) TODO: check-old CVE-2007-2363 (Buffer overflow in IrfanView 4.00 and earlier allows user-assisted ...) TODO: check-old CVE-2007-2364 (Multiple PHP remote file inclusion vulnerabilities in burnCMS 0.2 and ...) TODO: check-old CVE-2007-2365 (Buffer overflow in Adobe Photoshop CS2 and CS3, Photoshop Elements ...) TODO: check-old CVE-2007-2366 (Buffer overflow in Corel Paint Shop Pro 11.20 allows user-assisted ...) TODO: check-old CVE-2007-2367 (Buffer overflow in wserve_console.exe in Wserve HTTP Server (whttp) ...) TODO: check-old CVE-2007-2368 (picture.php in WebSPELL 4.01.02 and earlier allows remote attackers to ...) TODO: check-old CVE-2007-2369 (Directory traversal vulnerability in picture.php in WebSPELL 4.01.02 ...) TODO: check-old CVE-2007-2370 (SQL injection vulnerability in index.php in the John Mordo Jobs 2.4 ...) TODO: check-old CVE-2007-2371 (admin/index.php in Gregory Kokanosky phpMyNewsletter 0.8 beta5 and ...) TODO: check-old CVE-2007-2372 (admin/send_mod.php in Gregory Kokanosky phpMyNewsletter 0.8 beta5 and ...) TODO: check-old CVE-2007-2373 (SQL injection vulnerability in viewcat.php in the WF-Links (wflinks) ...) TODO: check-old CVE-2007-2374 (Unspecified vulnerability in Microsoft Windows 2000, XP, and Server ...) TODO: check-old CVE-2007-2375 (The agent remote upgrade interface in Symantec Enterprise Security ...) TODO: check-old CVE-2007-2376 (The Dojo framework exchanges data using JavaScript Object Notation ...) TODO: check-old CVE-2007-2377 (The Getahead Direct Web Remoting (DWR) framework 1.1.4 exchanges data ...) TODO: check-old CVE-2007-2378 (The Google Web Toolkit (GWT) framework exchanges data using JavaScript ...) TODO: check-old CVE-2007-2379 (The jQuery framework exchanges data using JavaScript Object Notation ...) TODO: check-old CVE-2007-2380 (The Microsoft Atlas framework exchanges data using JavaScript Object ...) TODO: check-old CVE-2007-2381 (The MochiKit framework exchanges data using JavaScript Object Notation ...) TODO: check-old CVE-2007-2382 (The Moo.fx framework exchanges data using JavaScript Object Notation ...) TODO: check-old CVE-2007-2383 (The Prototype (prototypejs) framework before 1.5.1 RC3 exchanges data ...) TODO: check-old CVE-2007-2384 (The Script.aculo.us framework exchanges data using JavaScript Object ...) TODO: check-old CVE-2007-2385 (The Yahoo! UI framework exchanges data using JavaScript Object ...) TODO: check-old CVE-2007-2386 (Buffer overflow in mDNSResponder in Apple Mac OS X 10.4 up to 10.4.9 ...) TODO: check-old CVE-2007-2387 (Apple Xserve Lights-Out Management before Firmware Update 1.0 on Intel ...) TODO: check-old CVE-2007-2388 (Apple QuickTime for Java 7.1.6 on Mac OS X and Windows does not ...) TODO: check-old CVE-2007-2389 (Apple QuickTime for Java 7.1.6 on Mac OS X and Windows does not clear ...) TODO: check-old CVE-2007-2390 (Buffer overflow in iChat in Apple Mac OS X 10.3.9 and 10.4.9 allows ...) TODO: check-old CVE-2007-2391 (Cross-site scripting (XSS) vulnerability in Apple Safari Beta 3.0.1 ...) TODO: check-old CVE-2007-2392 (Apple Quicktime before 7.2 on Mac OS X 10.3.9 and 10.4.9 allows ...) TODO: check-old CVE-2007-2393 (The design of QuickTime for Java in Apple Quicktime before 7.2 allows ...) TODO: check-old CVE-2007-2394 (Integer overflow in Apple Quicktime before 7.2 on Mac OS X 10.3.9 and ...) TODO: check-old CVE-2007-2395 (Unspecified vulnerability in Apple QuickTime before 7.3 allows remote ...) BUG: 150288 CVE-2007-2396 (The JDirect support in QuickTime for Java in Apple Quicktime before ...) TODO: check-old CVE-2007-2397 (QuickTime for Java in Apple Quicktime before 7.2 does not properly ...) TODO: check-old CVE-2007-2398 (Apple Safari 3.0.1 beta (522.12.12) on Windows allows remote attackers ...) TODO: check-old CVE-2007-2399 (WebKit in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before ...) TODO: check-old CVE-2007-2400 (Race condition in Apple Safari 3 Beta before 3.0.2 on Mac OS X, ...) TODO: check-old CVE-2007-2401 (CRLF injection vulnerability in WebCore in Apple Mac OS X 10.3.9, ...) TODO: check-old CVE-2007-2402 (QuickTime for Java in Apple Quicktime before 7.2 does not perform ...) TODO: check-old CVE-2007-2403 (CFNetwork on Apple Mac OS X 10.3.9 and 10.4.10 does not properly ...) TODO: check-old CVE-2007-2404 (CRLF injection vulnerability in CFNetwork on Apple Mac OS X 10.3.9 and ...) TODO: check-old CVE-2007-2405 (Integer underflow in Preview in PDFKit on Apple Mac OS X 10.4.10 ...) TODO: check-old CVE-2007-2406 (Quartz Composer on Apple Mac OS X 10.4.10 does not initialize a ...) TODO: check-old CVE-2007-2407 (The Samba server on Apple Mac OS X 10.3.9 and 10.4.10, when Windows ...) TODO: check-old CVE-2007-2408 (WebKit in Apple Safari 3 Beta before Update 3.0.3 does not properly ...) TODO: check-old CVE-2007-2409 (Cross-domain vulnerability in WebCore on Apple Mac OS X 10.3.9 and ...) TODO: check-old CVE-2007-2410 (WebCore on Apple Mac OS X 10.3.9 and 10.4.10 retains properties of ...) TODO: check-old CVE-2007-2411 (** DISPUTED ** ...) TODO: check-old CVE-2007-2412 (** DISPUTED ** ...) TODO: check-old CVE-2007-2413 REJECTED TODO: check-old CVE-2007-2414 (MyServer before 0.8.8 allows remote attackers to cause a denial of ...) TODO: check-old CVE-2007-2415 (Pi3Web Web Server 2.0.3 PL1 allows remote attackers to cause a denial ...) TODO: check-old CVE-2007-2416 (SQL injection vulnerability in home.php in E-Annu allows remote ...) TODO: check-old CVE-2007-2417 (Heap-based buffer overflow in _mprosrv.exe in Progress Software ...) TODO: check-old CVE-2007-2418 (Heap-based buffer overflow in the Rendezvous / Extensible Messaging ...) TODO: check-old CVE-2007-2419 (Multiple buffer overflows in an ActiveX control (boisweb.dll) in ...) TODO: check-old CVE-2007-2420 (SQL injection vulnerability in bry.asp in Burak Yilmaz Blog 1.0 allows ...) TODO: check-old CVE-2007-2421 (Buffer overflow in Hitachi Groupmax Mobile Option for Mobile-Phone ...) TODO: check-old CVE-2007-2422 (** DISPUTED ** ...) TODO: check-old CVE-2007-2423 (Cross-site scripting (XSS) vulnerability in index.php in MoinMoin ...) TODO: check-old CVE-2007-2424 (PHP remote file inclusion vulnerability in help/index.php in The ...) TODO: check-old CVE-2007-2425 (Directory traversal vulnerability in fileview.php in Imageview 5.3 ...) TODO: check-old CVE-2007-2426 (PHP remote file inclusion vulnerability in ...) TODO: check-old CVE-2007-2427 (SQL injection vulnerability in index.php in the pnFlashGames 1.5 ...) TODO: check-old CVE-2007-2428 (Multiple PHP remote file inclusion vulnerabilities in page.php in ...) TODO: check-old CVE-2007-2429 (ManageEngine PasswordManager Pro (PMP) allows remote attackers to ...) TODO: check-old CVE-2007-2430 (shared/code/tce_tmx.php in TCExam 4.0.011 and earlier allows remote ...) TODO: check-old CVE-2007-2431 (Dynamic variable evaluation vulnerability in ...) TODO: check-old CVE-2007-2432 (Cross-site scripting (XSS) vulnerability in utilities/search.asp in ...) TODO: check-old CVE-2007-2433 (Cross-site scripting (XSS) vulnerability in index.php in Ariadne 2.4.1 ...) TODO: check-old CVE-2007-2434 (Buffer overflow in asnsp.dll in Aventail Connect 4.1.2.13 allows ...) TODO: check-old CVE-2007-2435 (Sun Java Web Start in JDK and JRE 5.0 Update 10 and earlier, and Java ...) BUG: 176675 BUG: 178962 CVE-2007-2436 REJECTED TODO: check-old CVE-2007-2437 (The X render (Xrender) extension in X.org X Window System 7.0, 7.1, ...) TODO: check-old CVE-2007-2438 (The sandbox for vim allows dangerous functions such as (1) writefile, ...) TODO: check-old CVE-2007-2439 (Caucho Resin Professional 3.1.0 and Caucho Resin 3.1.0 and earlier for ...) TODO: check-old CVE-2007-2440 (Directory traversal vulnerability in Caucho Resin Professional 3.1.0 ...) TODO: check-old CVE-2007-2441 (Caucho Resin Professional 3.1.0 and Caucho Resin 3.1.0 and earlier for ...) TODO: check-old CVE-2007-2442 (The gssrpc__svcauth_gssapi function in the RPC library in MIT Kerberos ...) BUG: 183338 CVE-2007-2443 (Integer signedness error in the gssrpc__svcauth_unix function in ...) BUG: 183338 CVE-2007-2444 (Logic error in the SID/Name translation functionality in smbd in Samba ...) BUG: 177029 CVE-2007-2445 (The png_handle_tRNS function in pngrutil.c in libpng before 1.0.25 and ...) BUG: 178004 CVE-2007-2446 (Multiple heap-based buffer overflows in the NDR parsing in smbd in ...) BUG: 177029 CVE-2007-2447 (The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 ...) BUG: 177029 CVE-2007-2448 (Subversion 1.4.3 and earlier does not properly implement the "partial ...) TODO: check-old CVE-2007-2449 (Multiple cross-site scripting (XSS) vulnerabilities in certain JSP ...) TODO: check-old CVE-2007-2450 (Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager ...) TODO: check-old CVE-2007-2451 (Unspecified vulnerability in drivers/crypto/geode-aes.c in GEODE-AES ...) TODO: check-old CVE-2007-2452 (Heap-based buffer overflow in the visit_old_format function in ...) TODO: check-old CVE-2007-2453 (The random number feature in Linux kernel 2.6 before 2.6.20.13, and ...) TODO: check-old CVE-2007-2454 (Heap-based buffer overflow in the VGA device in Parallels allows local ...) TODO: check-old CVE-2007-2455 (Parallels allows local users to cause a denial of service (virtual ...) TODO: check-old CVE-2007-2456 (Multiple PHP remote file inclusion vulnerabilities in FireFly 1.1.01 ...) TODO: check-old CVE-2007-2457 (PHP remote file inclusion vulnerability in ...) TODO: check-old CVE-2007-2458 (Multiple PHP remote file inclusion vulnerabilities in Pixaria Gallery ...) TODO: check-old CVE-2007-2459 (Heap-based buffer overflow in the BMP reader (bmp.c) in Imager perl ...) TODO: check-old CVE-2007-2460 (PHP remote file inclusion vulnerability in ...) TODO: check-old CVE-2007-2461 (The DHCP relay agent in Cisco Adaptive Security Appliance (ASA) and ...) TODO: check-old CVE-2007-2462 (Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) ...) TODO: check-old CVE-2007-2463 (Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) ...) TODO: check-old CVE-2007-2464 (Race condition in Cisco Adaptive Security Appliance (ASA) and PIX 7.1 ...) TODO: check-old CVE-2007-2465 (Unspecified vulnerability in Sun Solaris 9, when Solaris Auditing ...) TODO: check-old CVE-2007-2466 (Unspecified vulnerability in the LDAP Software Development Kit (SDK) ...) TODO: check-old CVE-2007-2467 (ZoneAlarm Pro 6.5.737.000, 6.1.744.001, and possibly earlier versions ...) TODO: check-old CVE-2007-2468 (Unspecified vulnerability in HP OpenVMS for Integrity Servers 8.2-1 ...) TODO: check-old CVE-2007-2469 (SQL injection vulnerability in index.php in FileRun 1.0 and earlier ...) TODO: check-old CVE-2007-2470 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) TODO: check-old CVE-2007-2471 (Directory traversal vulnerability in sendcard.php in Sendcard 3.4.1 ...) TODO: check-old CVE-2007-2472 (Cross-site scripting (XSS) vulnerability in sendcard.php in Sendcard ...) TODO: check-old CVE-2007-2473 (SQL injection vulnerability in stylesheet.php in CMS Made Simple 1.0.5 ...) TODO: check-old CVE-2007-2474 (Multiple PHP remote file inclusion vulnerabilities in Turnkey Web ...) TODO: check-old CVE-2007-2475 (Unspecified vulnerability in the ADSCHEMA utility in Novell ...) TODO: check-old CVE-2007-2476 (Unspecified vulnerability in Novell SecureLogin (NSL) 6 SP1 before ...) TODO: check-old CVE-2007-2477 (** DISPUTED ** ...) TODO: check-old CVE-2007-2478 (Multiple heap-based buffer overflows in the IRC component in Cerulean ...) TODO: check-old CVE-2007-2479 (Cerulean Studios Trillian Pro before 3.1.5.1 allows remote attackers ...) TODO: check-old CVE-2007-2480 (The _udp_lib_get_port function in net/ipv4/udp.c in Linux kernel ...) TODO: check-old CVE-2007-2481 (PHP remote file inclusion vulnerability in wordtube-button.php in the ...) TODO: check-old CVE-2007-2482 (Directory traversal vulnerability in wordtube-button.php in the ...) TODO: check-old CVE-2007-2483 (Directory traversal vulnerability in js/wptable-button.php in the ...) TODO: check-old CVE-2007-2484 (PHP remote file inclusion vulnerability in js/wptable-button.php in ...) TODO: check-old CVE-2007-2485 (PHP remote file inclusion vulnerability in myflash-button.php in the ...) TODO: check-old CVE-2007-2486 (Directory traversal vulnerability in download.asp in Motobit 1.3 and ...) TODO: check-old CVE-2007-2487 (Stack-based buffer overflow in AtomixMP3 allows remote attackers to ...) TODO: check-old CVE-2007-2488 (The IAX2 channel driver (chan_iax2) in Asterisk before 20070504 does ...) TODO: check-old CVE-2007-2489 (Heap-based buffer overflow in LiveData Protocol Server 5.00.045, and ...) TODO: check-old CVE-2007-2490 (Unspecified vulnerability in LiveData Server before 5.00.62 allows ...) TODO: check-old CVE-2007-2491 (The PIIX4 power management subsystem in EMC VMware Workstation ...) TODO: check-old CVE-2007-2492 (SQL injection vulnerability in index.php in the v4bJournal module for ...) TODO: check-old CVE-2007-2493 (PHP remote file inclusion vulnerability in faq.php in the FAQ & RULES ...) TODO: check-old CVE-2007-2494 (Multiple stack-based buffer overflows in the PowerPointOCX ActiveX ...) TODO: check-old CVE-2007-2495 (Multiple stack-based buffer overflows in the ExcelOCX ActiveX control ...) TODO: check-old CVE-2007-2496 (The WordOCX ActiveX control in WordViewer.ocx 3.2.0.5 allows remote ...) TODO: check-old CVE-2007-2497 (RealNetworks RealPlayer 10 Gold allows remote attackers to cause a ...) TODO: check-old CVE-2007-2498 (libmp4v2.dll in Winamp 5.02 through 5.34 allows user-assisted remote ...) TODO: check-old CVE-2007-2499 (Multiple cross-site scripting (XSS) vulnerabilities in DVDdb 0.6 and ...) TODO: check-old CVE-2007-2500 (server/parser/sprite_definition.cpp in GNU Gnash (aka GNU Flash ...) TODO: check-old CVE-2007-2501 (Eval injection vulnerability in codepress.html in CodePress before ...) TODO: check-old CVE-2007-2502 (Unspecified vulnerability in HP ProCurve 9300m Series switches with ...) TODO: check-old CVE-2007-2503 (** DISPUTED ** ...) TODO: check-old CVE-2007-2504 (** DISPUTED ** ...) TODO: check-old CVE-2007-2505 (Stack-based buffer overflow in InterVations MailCOPA 8.01 20070323 ...) TODO: check-old CVE-2007-2506 (WebSpeed 3.x in OpenEdge 10.x in Progress Software Progress 9.1e, and ...) TODO: check-old CVE-2007-2507 (Directory traversal vulnerability in includes/download.php in Treble ...) TODO: check-old CVE-2007-2508 (Multiple stack-based buffer overflows in Trend Micro ServerProtect ...) TODO: check-old CVE-2007-2509 (CRLF injection vulnerability in the ftp_putcmd function in PHP before ...) BUG: 169372 NOTE: Fixed in 5.2.2 CVE-2007-2510 (Buffer overflow in the make_http_soap_request function in PHP before ...) BUG: 169372 NOTE: Fixed in 5.2.2 CVE-2007-2511 (Buffer overflow in the user_filter_factory_create function in PHP ...) BUG: 169372 NOTE: Fixed in 5.2.2 CVE-2007-2512 (Alcatel-Lucent IP-Touch Telephone running OmniPCX Enterprise 7.0 and ...) TODO: check-old CVE-2007-2513 (Novell GroupWise 7 before SP2 20070524, and GroupWise 6 before 6.5 ...) TODO: check-old CVE-2007-2514 (Stack-based buffer overflow in XferWan.exe as used in multiple ...) TODO: check-old CVE-2007-2515 RESERVED CVE-2007-2516 RESERVED CVE-2007-2517 RESERVED CVE-2007-2518 REJECTED TODO: check-old CVE-2007-2519 (Directory traversal vulnerability in the installer in PEAR 1.0 through ...) TODO: check-old CVE-2007-2520 (SQL injection vulnerability in admin.php in MyNews 0.10, when ...) TODO: check-old CVE-2007-2521 (PHP remote file inclusion vulnerability in common.php in E-GADS! ...) TODO: check-old CVE-2007-2522 (Stack-based buffer overflow in the inoweb Console Server in CA ...) TODO: check-old CVE-2007-2523 (CA Anti-Virus for the Enterprise r8 and Threat Manager r8 before ...) TODO: check-old CVE-2007-2524 (Cross-site scripting (XSS) vulnerability in index.pl in Open Ticket ...) TODO: check-old CVE-2007-2525 (Memory leak in the PPP over Ethernet (PPPoE) socket implementation in ...) TODO: check-old CVE-2007-2526 (Heap-based buffer overflow in the ConnectAsyncEx function in VNC ...) TODO: check-old CVE-2007-2527 (Multiple PHP remote file inclusion vulnerabilities in DynamicPAD ...) TODO: check-old CVE-2007-2528 (Buffer overflow in AgRpcCln.dll for Trend Micro ServerProtect 5.58 for ...) TODO: check-old CVE-2007-2529 (Integer signedness error in the acl (facl) system call in Solaris 10 ...) TODO: check-old CVE-2007-2530 (Multiple PHP remote file inclusion vulnerabilities in Tropicalm ...) TODO: check-old CVE-2007-2531 (PHP remote file inclusion vulnerability in berylium-classes.php in ...) TODO: check-old CVE-2007-2532 (Multiple cross-site scripting (XSS) vulnerabilities in Minh Nguyen ...) TODO: check-old CVE-2007-2533 (Multiple buffer overflows in Trend Micro ServerProtect 5.58 before ...) TODO: check-old CVE-2007-2534 (** DISPUTED ** ...) TODO: check-old CVE-2007-2535 (WinAce allows remote attackers to cause a denial of service (infinite ...) TODO: check-old CVE-2007-2536 (PicoZip allows remote attackers to cause a denial of service (infinite ...) TODO: check-old CVE-2007-2537 (Multiple SQL injection vulnerabilities in mainfile.php in NPDS 5.10 ...) TODO: check-old CVE-2007-2538 (SQL injection vulnerability in class/debug/debug_show.php in RunCms ...) TODO: check-old CVE-2007-2539 (The show_files function in RunCms 1.5.2 and earlier allows remote ...) TODO: check-old CVE-2007-2540 (Multiple PHP remote file inclusion vulnerabilities in PMECMS 1.0 and ...) TODO: check-old CVE-2007-2541 (PHP remote file inclusion vulnerability in includes/ajax_listado.php ...) TODO: check-old CVE-2007-2542 (PHP remote file inclusion vulnerability in header.php in workbench ...) TODO: check-old CVE-2007-2543 (SQL injection vulnerability in game.php in the Flashgames 1.0.1 module ...) TODO: check-old CVE-2007-2544 (PHP remote file inclusion vulnerability in ...) TODO: check-old CVE-2007-2545 (Multiple PHP remote file inclusion vulnerabilities in Persism CMS ...) TODO: check-old CVE-2007-2546 (Session fixation vulnerability in Simple Machines Forum (SMF) 1.1.2 ...) TODO: check-old CVE-2007-2547 (Cross-site scripting (XSS) vulnerability in index.php in ...) TODO: check-old CVE-2007-2548 (Unspecified vulnerability in index.php in TurnkeyWebTools SunShop ...) TODO: check-old CVE-2007-2549 (SQL injection vulnerability in index.php in TurnkeyWebTools SunShop ...) TODO: check-old CVE-2007-2550 (Multiple CRLF injection vulnerabilities in Devellion CubeCart 3.0.15 ...) TODO: check-old CVE-2007-2551 (Cross-site scripting (XSS) vulnerability in usersettings.php in ...) TODO: check-old CVE-2007-2552 (The RecentChanges feature in WikkaWiki (Wikka Wiki) before 1.1.6.3 ...) TODO: check-old CVE-2007-2553 (Unspecified vulnerability in dop in HP Tru64 UNIX 5.1B-4, 5.1B-3, and ...) TODO: check-old CVE-2007-2554 (Associated Press (AP) Newspower 4.0.1 and earlier uses a default blank ...) TODO: check-old CVE-2007-2555 (Unspecified vulnerability in Default.aspx in Podium CMS allows remote ...) TODO: check-old CVE-2007-2556 (SQL injection vulnerability in Nuked-klaN 1.7.6 allows remote ...) TODO: check-old CVE-2007-2557 (MOStlyDB Admin in Mambo 4.6.1 does not properly check privileges, ...) TODO: check-old CVE-2007-2558 (** DISPUTED ** ...) TODO: check-old CVE-2007-2559 (Multiple PHP remote file inclusion vulnerabilities in american cart ...) TODO: check-old CVE-2007-2560 (Directory traversal vulnerability in theme/acgv.php in ACGVannu 1.3 ...) TODO: check-old CVE-2007-2561 (SQL injection vulnerability in index.asp in fipsCMS 2.1 allows remote ...) TODO: check-old CVE-2007-2562 (Cross-site scripting (XSS) vulnerability in index.php in Kayako ...) TODO: check-old CVE-2007-2563 (Buffer overflow in the AddFile function in VersalSoft HTTP File Upload ...) TODO: check-old CVE-2007-2564 (Multiple stack-based buffer overflows in the Sienzo Digital Music ...) TODO: check-old CVE-2007-2565 (Cdelia Software ImageProcessing allows user-assisted remote attackers ...) TODO: check-old CVE-2007-2566 (The SaveBarCode function in the Taltech Tal Bar Code ActiveX control ...) TODO: check-old CVE-2007-2567 (Buffer overflow in the SaveBarCode function in the Taltech Tal Bar ...) TODO: check-old CVE-2007-2568 (Multiple stack-based buffer overflows in VCDGear 3.55 allow ...) TODO: check-old CVE-2007-2569 (Multiple PHP remote file inclusion vulnerabilities in Friendly 1.0d1 ...) TODO: check-old CVE-2007-2570 (PHP remote file inclusion vulnerability in handlers/page/show.php in ...) TODO: check-old CVE-2007-2571 (SQL injection vulnerability in index.php in the wfquotes 1.0 0 module ...) TODO: check-old CVE-2007-2572 (PHP remote file inclusion vulnerability in ...) TODO: check-old CVE-2007-2573 (PHP remote file inclusion vulnerability in plugin/HP_DEV/cms2.php in ...) TODO: check-old CVE-2007-2574 (Directory traversal vulnerability in index.php in Archangel Weblog ...) TODO: check-old CVE-2007-2575 (PHP remote file inclusion vulnerability in watermark.php in the vm ...) TODO: check-old CVE-2007-2576 (Buffer overflow in the East Wind Software advdaudio.ocx 1.5.1.1 ...) TODO: check-old CVE-2007-2577 (Multiple SQL injection vulnerabilities in ACP3 4.0 beta 3 allow remote ...) TODO: check-old CVE-2007-2578 (Unspecified vulnerability in search/list/action_search/index.php in ...) TODO: check-old CVE-2007-2579 (Multiple cross-site scripting (XSS) vulnerabilities in ACP3 4.0 beta 3 ...) TODO: check-old CVE-2007-2580 (Unspecified vulnerability in Apple Safari allows local users to obtain ...) TODO: check-old CVE-2007-2581 (Multiple cross-site scripting (XSS) vulnerabilities in Microsoft ...) TODO: check-old CVE-2007-2582 (Multiple buffer overflows in the DB2 JDBC Applet Server (DB2JDS) ...) TODO: check-old CVE-2007-2583 (The in_decimal::set function in item_cmpfunc.cc in MySQL before ...) TODO: check-old CVE-2007-2584 (Buffer overflow in the IsOldAppInstalled function in the ...) TODO: check-old CVE-2007-2585 (Stack-based buffer overflow in the Verify function in the BarCodeWiz ...) TODO: check-old CVE-2007-2586 (The IOS FTP Server in Cisco IOS 11.3 through 12.4 does not properly ...) TODO: check-old CVE-2007-2587 (The IOS FTP Server in Cisco IOS 11.3 through 12.4 allows remote ...) TODO: check-old CVE-2007-2588 (Multiple buffer overflows in the Office Viewer OCX ActiveX control ...) TODO: check-old CVE-2007-2589 (Cross-site request forgery (CSRF) vulnerability in compose.php in ...) TODO: check-old CVE-2007-2590 (Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2, ...) TODO: check-old CVE-2007-2591 (usrmgr/userList.asp in Nokia Intellisync Mobile Suite 6.4.31.2, ...) TODO: check-old CVE-2007-2592 (Multiple cross-site scripting (XSS) vulnerabilities in Nokia ...) TODO: check-old CVE-2007-2593 (The Terminal Server in Microsoft Windows 2003 Server, when using TLS, ...) TODO: check-old CVE-2007-2594 (PHP remote file inclusion vulnerability in inc/articles.inc.php in ...) TODO: check-old CVE-2007-2595 (RSAuction 2.73.1.3 allows remote authenticated users to move their own ...) TODO: check-old CVE-2007-2596 (PHP remote file inclusion vulnerability in common/func.php in aForum ...) TODO: check-old CVE-2007-2597 (Multiple PHP remote file inclusion vulnerabilities in telltarget CMS ...) TODO: check-old CVE-2007-2598 (SQL injection vulnerability in print.php in SimpleNews 1.0.0 FINAL ...) TODO: check-old CVE-2007-2599 (Multiple SQL injection vulnerabilities in TutorialCMS (aka Photoshop ...) TODO: check-old CVE-2007-2600 (Multiple cross-site scripting (XSS) vulnerabilities in TutorialCMS ...) TODO: check-old CVE-2007-2601 (Buffer overflow in a certain ActiveX control in the GDivX Zenith ...) TODO: check-old CVE-2007-2602 (Buffer overflow in MIBEXTRA.EXE in Ipswitch WhatsUp Gold 11 allows ...) TODO: check-old CVE-2007-2603 (Unspecified vulnerability in the Init function in the Audio CD Ripper ...) TODO: check-old CVE-2007-2604 (Unspecified vulnerability in the FlexLabel ActiveX control allows ...) TODO: check-old CVE-2007-2605 (Unspecified vulnerability in the GetPropertyById function in ...) TODO: check-old CVE-2007-2606 (Multiple buffer overflows in Firebird 2.1 allow attackers to trigger ...) TODO: check-old CVE-2007-2607 (PHP remote file inclusion vulnerability in views/print/printbar.php in ...) TODO: check-old CVE-2007-2608 (PHP remote file inclusion vulnerability in ...) TODO: check-old CVE-2007-2609 (Multiple PHP remote file inclusion vulnerabilities in gnuedu 1.3b2 ...) TODO: check-old CVE-2007-2610 (Cross-site scripting (XSS) vulnerability in OpenLD before 1.1.9, and ...) TODO: check-old CVE-2007-2611 (Multiple PHP remote file inclusion vulnerabilities in CGX 20050314 ...) TODO: check-old CVE-2007-2612 (SQL injection vulnerability in libs/Wakka.class.php in WikkaWiki ...) TODO: check-old CVE-2007-2613 (WikkaWiki (Wikka Wiki) before 1.1.6.3 allows attackers in a shared ...) TODO: check-old CVE-2007-2614 (PHP remote file inclusion vulnerability in examples/widget8.php in ...) TODO: check-old CVE-2007-2615 (Multiple PHP remote file inclusion vulnerabilities in Crie seu ...) TODO: check-old CVE-2007-2616 (Stack-based buffer overflow in the SSL version of the NMDMC.EXE ...) TODO: check-old CVE-2007-2617 (srsexec in Sun Remote Services (SRS) Net Connect Software Proxy Core ...) TODO: check-old CVE-2007-2618 (CRLF injection vulnerability in index.php in Drake CMS 0.4.0 allows ...) TODO: check-old CVE-2007-2619 (Symantec pcAnywhere 11.5.x and 12.0.x retains unencrypted login ...) TODO: check-old CVE-2007-2620 (PHP remote file inclusion vulnerability in inc/config.inc.php in Jakub ...) TODO: check-old CVE-2007-2621 (SQL injection vulnerability in event_view.php in Thyme Calendar 1.3 ...) TODO: check-old CVE-2007-2622 (Multiple SQL injection vulnerabilities in TaskDriver 1.2 and earlier ...) TODO: check-old CVE-2007-2623 (Multiple buffer overflows in RControl.dll in Remote Display Dev kit ...) TODO: check-old CVE-2007-2624 (Dynamic variable evaluation vulnerability in ...) TODO: check-old CVE-2007-2625 (Cross-site scripting (XSS) vulnerability in ...) TODO: check-old CVE-2007-2626 (** DISPUTED ** ...) TODO: check-old CVE-2007-2627 (Cross-site scripting (XSS) vulnerability in sidebar.php in WordPress, ...) TODO: check-old CVE-2007-2628 (PHP remote file inclusion vulnerability in include/logout.php in ...) TODO: check-old CVE-2007-2629 (Bradford CampusManager Network Control Application Server 3.1(6) ...) TODO: check-old CVE-2007-2630 (Incomplete blacklist vulnerability in ...) TODO: check-old CVE-2007-2631 (Cross-site request forgery (CSRF) vulnerability in SquirrelMail ...) TODO: check-old CVE-2007-2632 (Multiple cross-site scripting (XSS) vulnerabilities in PHP Multi User ...) TODO: check-old CVE-2007-2633 (Directory traversal vulnerability in H-Sphere SiteStudio 1.6 allows ...) TODO: check-old CVE-2007-2634 (PHP remote file inclusion vulnerability in common/errormsg.php in ...) TODO: check-old CVE-2007-2635 (Unspecified vulnerability in Interchange before 5.4.2 allows remote ...) TODO: check-old CVE-2007-2636 (Unspecified vulnerability in phpTodo before 0.8.1 allows remote ...) TODO: check-old CVE-2007-2637 (MoinMoin before 20070507 does not properly enforce ACLs for calendars ...) TODO: check-old CVE-2007-2638 (eFileCabinet 3.3 allows remote attackers to bypass authentication and ...) TODO: check-old CVE-2007-2639 (Directory traversal vulnerability in TFTPdWin 0.4.2 allows remote ...) TODO: check-old CVE-2007-2640 (LibTMCG before 1.1.1 does not perform a range check to avoid "trivial ...) TODO: check-old CVE-2007-2641 (SQL injection vulnerability in W1L3D4_bolum.asp in W1L3D4 Philboard ...) TODO: check-old CVE-2007-2642 (Directory traversal vulnerability in galeria.php in R2K Gallery 1.7 ...) TODO: check-old CVE-2007-2643 (Directory traversal vulnerability in phpThumb.php in PinkCrow Designs ...) TODO: check-old CVE-2007-2644 (A certain ActiveX control in Morovia Barcode ActiveX Professional ...) TODO: check-old CVE-2007-2645 (Integer overflow in the exif_data_load_data_entry function in ...) BUG: 178081 CVE-2007-2646 (Heap-based buffer overflow in yEnc32 1.0.7.207 allows user-assisted ...) TODO: check-old CVE-2007-2647 (Static code injection vulnerability in admin/admin_configuration.php ...) TODO: check-old CVE-2007-2648 (Stack-based buffer overflow in the Clever Database Comparer 2.2 ...) TODO: check-old CVE-2007-2649 (Deutsche Telekom (T-com) Speedport W 700v uses JavaScript delays for ...) TODO: check-old CVE-2007-2650 (The OLE2 parser in Clam AntiVirus (ClamAV) allows remote attackers to ...) BUG: 178082 CVE-2007-2651 (Multiple off-by-one errors in VooDoo cIRCle before 1.1.beta27 allow ...) TODO: check-old CVE-2007-2652 (Multiple unspecified vulnerabilities in Free-SA before 1.2.2 allow ...) TODO: check-old CVE-2007-2653 REJECTED TODO: check-old CVE-2007-2654 (xfs_fsr in xfsdump creates a .fsr temporary directory with insecure ...) TODO: check-old CVE-2007-2655 (Unspecified vulnerability in NetWin Webmail 3.1s-1 in SurgeMail before ...) TODO: check-old CVE-2007-2656 (Stack-based buffer overflow in the Hewlett-Packard (HP) Magview ...) TODO: check-old CVE-2007-2657 (Unspecified vulnerability in the PrecisionID Barcode 1.3 ActiveX ...) TODO: check-old CVE-2007-2658 (Unspecified vulnerability in the ID Automation Linear Barcode 1.6.0.5 ...) TODO: check-old CVE-2007-2659 (Directory traversal vulnerability in index.php in PHP Advanced ...) TODO: check-old CVE-2007-2660 (** DISPUTED ** ...) TODO: check-old CVE-2007-2661 (SQL injection vulnerability in archshow.asp in BlogMe 3.0 allows ...) TODO: check-old CVE-2007-2662 (SQL injection vulnerability in EfesTECH Haber 5.0 allows remote ...) TODO: check-old CVE-2007-2663 (PHP remote file inclusion vulnerability in language/1/splash.lang.php ...) TODO: check-old CVE-2007-2664 (PHP remote file inclusion vulnerability in includes/common.php in Yaap ...) TODO: check-old CVE-2007-2665 (PHP remote file inclusion vulnerability in block.php in PhpFirstPost ...) TODO: check-old CVE-2007-2666 (Stack-based buffer overflow in LexRuby.cxx (SciLexer.dll) in Scintilla ...) TODO: check-old CVE-2007-2667 (Buffer overflow in the DB Software Laboratory VImpX ActiveX control in ...) TODO: check-old CVE-2007-2668 (Buffer overflow in webdesproxy 0.0.1 allows remote attackers to ...) TODO: check-old CVE-2007-2669 (Multiple cross-site scripting (XSS) vulnerabilities in PHPChain 1.0 ...) TODO: check-old CVE-2007-2670 (PHPChain 1.0 and earlier allows remote attackers to obtain the ...) TODO: check-old CVE-2007-2671 (Mozilla Firefox 2.0.0.3 allows remote attackers to cause a denial of ...) TODO: check-old CVE-2007-2672 (SQL injection vulnerability in index.php in PHP Coupon Script 3.0 ...) TODO: check-old CVE-2007-2673 (SQL injection vulnerability in includes/funcs_vendors.php in Censura ...) TODO: check-old CVE-2007-2674 (SQL injection vulnerability in detail.php in Pre Shopping Mall 1.0 ...) TODO: check-old CVE-2007-2675 (SQL injection vulnerability in search.php in Pre Classifieds Listings ...) TODO: check-old CVE-2007-2676 (PHP remote file inclusion vulnerability in skins/header.php in Open ...) TODO: check-old CVE-2007-2677 (Multiple PHP remote file inclusion vulnerabilities in phpChess ...) TODO: check-old CVE-2007-2678 (Buffer overflow in the isChecked function in toolbar.dll in Netsprint ...) TODO: check-old CVE-2007-2679 (PHP file inclusion vulnerability in index.php in Ivan Peevski gallery ...) TODO: check-old CVE-2007-2680 (Cross-site scripting (XSS) vulnerability in the management interface ...) TODO: check-old CVE-2007-2681 (Directory traversal vulnerability in blogs/index.php in b2evolution ...) TODO: check-old CVE-2007-2682 (The installer for Adobe Version Cue CS3 Server on Apple Mac OS X, as ...) TODO: check-old CVE-2007-2683 (Buffer overflow in Mutt 1.4.2 might allow local users to execute ...) TODO: check-old CVE-2007-2684 (Jetbox CMS 2.1 allows remote attackers to obtain sensitive information ...) TODO: check-old CVE-2007-2685 (Multiple SQL injection vulnerabilities in index.php in Jetbox CMS 2.1 ...) TODO: check-old CVE-2007-2686 (Cross-site scripting (XSS) vulnerability in index.php in Jetbox CMS ...) TODO: check-old CVE-2007-2687 (Stack-based buffer overflow in the MicroWorld Agent service ...) TODO: check-old CVE-2007-2688 (The Cisco Intrusion Prevention System (IPS) and IOS with Firewall/IPS ...) TODO: check-old CVE-2007-2689 (Check Point Web Intelligence does not properly handle certain ...) TODO: check-old CVE-2007-2690 (Multiple IBM ISS Proventia Series products, including the A, G, and M ...) TODO: check-old CVE-2007-2691 (MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does ...) TODO: check-old CVE-2007-2692 (The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x ...) TODO: check-old CVE-2007-2693 (MySQL before 5.1.18 allows remote authenticated users without SELECT ...) TODO: check-old CVE-2007-2694 (Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic ...) TODO: check-old CVE-2007-2695 (The HttpClusterServlet and HttpProxyServlet in BEA WebLogic Express ...) TODO: check-old CVE-2007-2696 (The JMS Server in BEA WebLogic Server 6.1 through SP7, 7.0 through ...) TODO: check-old CVE-2007-2697 (The embedded LDAP server in BEA WebLogic Express and WebLogic Server ...) TODO: check-old CVE-2007-2698 (The Administration Console in BEA WebLogic Server 9.0 may show ...) TODO: check-old CVE-2007-2699 (The Administration Console in BEA WebLogic Express and WebLogic Server ...) TODO: check-old CVE-2007-2700 (The WLST script generated by the configToScript command in BEA ...) TODO: check-old CVE-2007-2701 (The JMS Message Bridge in BEA WebLogic Server 7.0 through SP7 and 8.1 ...) TODO: check-old CVE-2007-2702 (Cross-site scripting (XSS) vulnerability in the GroupSpace application ...) TODO: check-old CVE-2007-2703 (BEA WebLogic Portal 9.2 GA can corrupt a visitor entitlements role if ...) TODO: check-old CVE-2007-2704 (BEA WebLogic Server 9.0 through 9.2 allows remote attackers to cause a ...) TODO: check-old CVE-2007-2705 (Directory traversal vulnerability in the Test View Console in BEA ...) TODO: check-old CVE-2007-2706 (PHP remote file inclusion vulnerability in maint/ftpmedia.php in Media ...) TODO: check-old CVE-2007-2707 (PHP remote file inclusion vulnerability in linksnet_linkslog_rss.php ...) TODO: check-old CVE-2007-2708 (PHP remote file inclusion vulnerability in newsadmin.php in Feindt ...) TODO: check-old CVE-2007-2709 (PHP remote file inclusion vulnerability in functions/prepend_adm.php ...) TODO: check-old CVE-2007-2710 (PHP remote file inclusion vulnerability in functions/prepend_adm.php ...) TODO: check-old CVE-2007-2711 (Stack-based buffer overflow in TinyIdentD 2.2 and earlier allows ...) TODO: check-old CVE-2007-2712 (Unspecified vulnerability in MH Software Connect Daily before 3.3.3 ...) TODO: check-old CVE-2007-2713 (ifdate 2.x sends a redirect to the web browser but does not exit when ...) TODO: check-old CVE-2007-2714 (Unspecified vulnerability in akismet.php in Matt Mullenweg Akismet ...) TODO: check-old CVE-2007-2715 (Admin/users.php in Snaps! Gallery 1.4.4 allows remote attackers to ...) TODO: check-old CVE-2007-2716 (Multiple cross-site scripting (XSS) vulnerabilities in EQdkp 1.3.2c ...) TODO: check-old CVE-2007-2717 (SQL injection vulnerability in shop/page.php in iGeneric (iG) Shop 1.4 ...) TODO: check-old CVE-2007-2718 (Cross-site scripting (XSS) vulnerability in the WebMail system in ...) TODO: check-old CVE-2007-2719 (Session fixation vulnerability in HP Systems Insight Manager (SIM) 4.2 ...) TODO: check-old CVE-2007-2720 (Group-Office before 2.16-13 does not properly validate user IDs, which ...) BUG: 235058 CVE-2007-2721 (The jpc_qcx_getcompparms function in jpc/jpc_cs.c for the JasPer ...) BUG: 196860 BUG: 179159 CVE-2007-2722 (Unspecified vulnerability in NewzCrawler 1.8 allows remote attackers ...) TODO: check-old CVE-2007-2723 (Media Player Classic 6.4.9.0 allows user-assisted remote attackers to ...) TODO: check-old CVE-2007-2724 (Cross-site scripting (XSS) vulnerability in all_photos.html in fotolog ...) TODO: check-old CVE-2007-2725 (The DB Software Laboratory DeWizardX (DEWizardAX.ocx) ActiveX control ...) TODO: check-old CVE-2007-2726 (BitsCast 0.13.0 allows remote attackers to cause a denial of service ...) TODO: check-old CVE-2007-2727 (The mcrypt_create_iv function in ext/mcrypt/mcrypt.c in PHP before ...) NOTE: Fixed in 5.2.2 CVE-2007-2728 (The soap extension in PHP calls php_rand_r with an uninitialized seed ...) NOTE: Fixed in 5.2.2 CVE-2007-2729 (Comodo Firewall Pro 2.4.18.184 and Comodo Personal Firewall 2.3.6.81, ...) TODO: check-old CVE-2007-2730 (Check Point ZoneAlarm Pro before 6.5.737.000 does not properly test ...) TODO: check-old CVE-2007-2731 (CRLF injection vulnerability in formmail.php in Jetbox CMS 2.1 might ...) TODO: check-old CVE-2007-2732 (Multiple cross-site scripting (XSS) vulnerabilities in Jetbox CMS ...) TODO: check-old CVE-2007-2733 (Unrestricted file upload vulnerability in Jetbox CMS allows remote ...) TODO: check-old CVE-2007-2734 (The 3Com TippingPoint IPS do not properly handle certain full-width ...) TODO: check-old CVE-2007-2735 (SQL injection vulnerability in edit_day.php in the ResManager 1.2.1 ...) TODO: check-old CVE-2007-2736 (PHP remote file inclusion vulnerability in index.php in Achievo 1.1.0 ...) TODO: check-old CVE-2007-2737 (SQL injection vulnerability in index.php in the MyConference 1.0 ...) TODO: check-old CVE-2007-2738 (SQL injection vulnerability in glossaire-p-f.php in the Glossaire 1.7 ...) TODO: check-old CVE-2007-2739 (Cross-site scripting (XSS) vulnerability in xajax before 0.2.5 allows ...) TODO: check-old CVE-2007-2740 (Unspecified vulnerability in xajax before 0.2.5 has unknown impact and ...) TODO: check-old CVE-2007-2741 (Stack-based buffer overflow in Little CMS (lcms) before 1.15 allows ...) TODO: check-old CVE-2007-2742 (Unrestricted file upload vulnerability in labs.beffa.org w2box 4.0.0 ...) TODO: check-old CVE-2007-2743 (PHP remote file inclusion vulnerability in custom_vars.php in ...) TODO: check-old CVE-2007-2744 (Stack-based buffer overflow in the PrecisionID Barcode 1.9 ActiveX ...) TODO: check-old CVE-2007-2745 (Cross-site scripting (XSS) vulnerability in printcal.pl in vDesk ...) TODO: check-old CVE-2007-2746 (The viewList function in lib/WebGUI/Asset/Wobject/DataForm.pm in Plain ...) TODO: check-old CVE-2007-2747 (Directory traversal vulnerability in rdw_helpers.py in rdiffWeb before ...) TODO: check-old CVE-2007-2748 (The substr_count function in PHP 5.2.1 and earlier allows ...) NOTE: Fixed in 5.2.2 CVE-2007-2749 (SQL injection vulnerability in question.php in FAQEngine 4.16.03 and ...) TODO: check-old CVE-2007-2750 (SQL injection vulnerability in print.php in SimpNews 2.40.01 and ...) TODO: check-old CVE-2007-2751 (Multiple PHP remote file inclusion vulnerabilities in PHPGlossar 0.8 ...) TODO: check-old CVE-2007-2752 (SQL injection vulnerability in devami.asp in RunawaySoft Haber portal ...) TODO: check-old CVE-2007-2753 (RunawaySoft Haber portal 1.0 stores sensitive information under the ...) TODO: check-old CVE-2007-2754 (Integer signedness error in truetype/ttgload.c in Freetype 2.3.4 and ...) BUG: 181773 BUG: 179161 CVE-2007-2755 (The PrecisionID Barcode 1.9 ActiveX control in ...) TODO: check-old CVE-2007-2756 (The gdPngReadData function in libgd 2.0.34 allows user-assisted ...) BUG: 179158 BUG: 179154 CVE-2007-2757 (Multiple cross-site scripting (XSS) vulnerabilities in Redoable 1.2 ...) TODO: check-old CVE-2007-2758 (Multiple buffer overflows in WinImage 8.0.8000 allow user-assisted ...) TODO: check-old CVE-2007-2759 (Multiple SQL injection vulnerabilities in the insert function in the ...) TODO: check-old CVE-2007-2760 (The canUpdate function in model/MRole.java in Adempiere before 3.1.6 ...) TODO: check-old CVE-2007-2761 (Stack-based buffer overflow in MagicISO 5.4 build 239 and earlier ...) TODO: check-old CVE-2007-2762 (Multiple PHP remote file inclusion vulnerabilities in Build it Fast ...) TODO: check-old CVE-2007-2763 (Buffer overflow in the UnlockSupport function in the LockModules ...) TODO: check-old CVE-2007-2764 (The embedded Linux kernel in certain Sun-Brocade SilkWorm switches ...) TODO: check-old CVE-2007-2765 (blockhosts.py in BlockHosts before 2.0.3 does not properly parse ...) TODO: check-old CVE-2007-2766 (lib/backup-methods.sh in Backup Manager before 0.7.6 provides the ...) TODO: check-old CVE-2007-2767 (Unspecified vulnerability in BES before 3.5.0 in OPeNDAP 4 (Hydrax) ...) TODO: check-old CVE-2007-2768 (OpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, ...) TODO: check-old CVE-2007-2769 (BES before 3.5.0 in OPeNDAP 4 (Hydrax) before 1.2.1 does not properly ...) TODO: check-old CVE-2007-2770 (Stack-based buffer overflow in Eudora 7.1 allows user-assisted, remote ...) TODO: check-old CVE-2007-2771 (Stack-based buffer overflow in the LEAD Technologies LeadTools JPEG ...) TODO: check-old CVE-2007-2772 ((1) caloggerd.exe (camt70.dll) and (2) mediasvr.exe (catirpc.dll and ...) TODO: check-old CVE-2007-2773 (SQL injection vulnerability in plugins/mp3playlist/mp3playlist.php in ...) TODO: check-old CVE-2007-2774 (Multiple PHP remote file inclusion vulnerabilities in SunLight CMS 5.3 ...) TODO: check-old CVE-2007-2775 (AlstraSoft Live Support 1.21 sends a redirect to the web browser but ...) TODO: check-old CVE-2007-2776 (AlstraSoft Template Seller Pro 3.25 and earlier sends a redirect to ...) TODO: check-old CVE-2007-2777 (Unrestricted file upload vulnerability in admin/addsptemplate.php in ...) TODO: check-old CVE-2007-2778 (Multiple directory traversal vulnerabilities in MolyX BOARD 2.5.0 ...) TODO: check-old CVE-2007-2779 (PHP remote file inclusion vulnerability in template_csv.php in ...) TODO: check-old CVE-2007-2780 (PsychoStats 3.0.6b and earlier allows remote attackers to obtain ...) TODO: check-old CVE-2007-2781 (Cross-site scripting (XSS) vulnerability in ...) TODO: check-old CVE-2007-2782 (Packeteer PacketShaper uses fixed increments in TCP initial sequence ...) TODO: check-old CVE-2007-2783 (Unspecified vulnerability in Rational Soft Hidden Administrator 1.7 ...) TODO: check-old CVE-2007-2784 (Unspecified vulnerability in globus-job-manager in Globus Toolkit ...) TODO: check-old CVE-2007-2785 (manage-admins.php in eSyndiCat Pro 1.x allows remote attackers to ...) TODO: check-old CVE-2007-2786 (Ratbox IRC Daemon (aka ircd-ratbox) 2.2.5 and earlier allows remote ...) TODO: check-old CVE-2007-2787 (Stack-based buffer overflow in the BrowseDir function in the (1) ...) TODO: check-old CVE-2007-2788 (Integer overflow in the embedded ICC profile image parser in Sun Java ...) BUG: 178851 BUG: 176675 BUG: 190686 BUG: 178962 CVE-2007-2789 (The BMP image parser in Sun Java Development Kit (JDK) before ...) BUG: 178851 BUG: 176675 BUG: 190686 BUG: 178962 CVE-2007-2790 (Cross-site scripting (XSS) vulnerability in shopcontent.asp in VP-ASP ...) TODO: check-old CVE-2007-2791 (Unspecified vulnerability in the Secure Shell (SSH) in HP Tru64 UNIX ...) TODO: check-old CVE-2007-2792 (SQL injection vulnerability in the Yet another Newsletter Component ...) TODO: check-old CVE-2007-2793 (PHP remote file inclusion vulnerability in ImageImageMagick.php in ...) TODO: check-old CVE-2007-2794 RESERVED CVE-2007-2795 (Multiple buffer overflows in Ipswitch IMail before 2006.21 allow ...) NOT-FOR-US: Ipswitch IMail CVE-2007-2796 (Arris Cadant C3 CMTS allows remote attackers to cause a denial of ...) TODO: check-old CVE-2007-2797 (xterm, including 192-7.el4 in Red Hat Enterprise Linux and 208-3.1 in ...) TODO: check-old CVE-2007-2798 (Stack-based buffer overflow in the rename_principal_2_svc function in ...) BUG: 183338 CVE-2007-2799 (Integer overflow in the "file" program 4.20, when running on 32-bit ...) BUG: 181977 BUG: 179583 CVE-2007-2800 (index.php in eTicket 1.5.5.1 and earlier allows remote attackers to ...) TODO: check-old CVE-2007-2801 (Multiple cross-site scripting (XSS) vulnerabilities in open.php in ...) TODO: check-old CVE-2007-2802 (Cross-site scripting (XSS) vulnerability in cp/ps/Main/login/Login in ...) TODO: check-old CVE-2007-2803 (SQL injection vulnerability in default.asp in Vizayn Urun Tanitim ...) TODO: check-old CVE-2007-2804 (Multiple cross-site scripting (XSS) vulnerabilities in ...) TODO: check-old CVE-2007-2805 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) TODO: check-old CVE-2007-2806 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) TODO: check-old CVE-2007-2807 (Stack-based buffer overflow in mod/server.mod/servrmsg.c in Eggdrop ...) BUG: 179354 CVE-2007-2808 (Cross-site scripting (XSS) vulnerability in gnatsweb.pl in Gnatsweb ...) TODO: check-old CVE-2007-2809 (Buffer overflow in the transfer manager in Opera before 9.21 for ...) TODO: check-old CVE-2007-2810 (SQL injection vulnerability in down_indir.asp in Gazi Download Portal ...) TODO: check-old CVE-2007-2811 (Cross-site scripting (XSS) vulnerability in OSK Advance-Flow 4.41 and ...) TODO: check-old CVE-2007-2812 (Cross-site scripting (XSS) vulnerability in hlstats.php in HLstats ...) TODO: check-old CVE-2007-2813 (Cisco IOS 12.4 and earlier, when using the crypto packages and SSL ...) TODO: check-old CVE-2007-2814 (Multiple stack-based buffer overflows in the Pegasus ImagN' ActiveX ...) TODO: check-old CVE-2007-2815 (The "hit-highlighting" functionality in webhits.dll in Microsoft ...) TODO: check-old CVE-2007-2816 (Multiple PHP remote file inclusion vulnerabilities in ol'bookmarks ...) TODO: check-old CVE-2007-2817 (SQL injection vulnerability in read/index.php in ol'bookmarks 0.7.4 ...) TODO: check-old CVE-2007-2818 (Cross-site scripting (XSS) vulnerability in cand_login.asp in ...) TODO: check-old CVE-2007-2819 (Cross-site scripting (XSS) vulnerability in reportItem.do in Track+ ...) TODO: check-old CVE-2007-2820 (Multiple stack-based buffer overflows in the KSign KSignSWAT ActiveX ...) TODO: check-old CVE-2007-2821 (SQL injection vulnerability in wp-admin/admin-ajax.php in WordPress ...) TODO: check-old CVE-2007-2822 (TutorialCMS 1.01 and earlier, when register_globals is enabled, allows ...) TODO: check-old CVE-2007-2823 (Multiple buffer overflows in HT Editor before 2.0.6 might allow remote ...) TODO: check-old CVE-2007-2824 (SQL injection vulnerability in paypal.php in AlstraSoft E-Friends 4.21 ...) TODO: check-old CVE-2007-2825 (Multiple cross-site scripting (XSS) vulnerabilities in ReadMsg.php in ...) TODO: check-old CVE-2007-2826 (PHP remote file inclusion vulnerability in lib/addressbook.php in ...) TODO: check-old CVE-2007-2827 (Heap-based buffer overflow in LEAD Technologies LEADTOOLS ISIS ActiveX ...) TODO: check-old CVE-2007-2828 (Cross-site request forgery (CSRF) vulnerability in adsense-deluxe.php ...) TODO: check-old CVE-2007-2829 (The 802.11 network stack in net80211/ieee80211_input.c in MadWifi ...) BUG: 179532 CVE-2007-2830 (The ath_beacon_config function in if_ath.c in MadWifi before 0.9.3.1 ...) BUG: 179532 CVE-2007-2831 (Array index error in the (1) ieee80211_ioctl_getwmmparams and (2) ...) BUG: 179532 CVE-2007-2832 (Cross-site scripting (XSS) vulnerability in the web application ...) TODO: check-old CVE-2007-2833 (Emacs 21 allows user-assisted attackers to cause a denial of service ...) TODO: check-old CVE-2007-2834 (Integer overflow in the TIFF parser in OpenOffice.org (OOo) before ...) BUG: 192818 CVE-2007-2835 (Multiple stack-based buffer overflows in (1) CCE_pinyin.c and (2) ...) TODO: check-old CVE-2007-2836 (Directory traversal vulnerability in session.rb in Hiki 0.8.0 through ...) TODO: check-old CVE-2007-2837 (The (1) getRule and (2) getChains functions in server/rules.cpp in ...) TODO: check-old CVE-2007-2838 (The populate_conns function in src/populate_conns.c in GSAMBAD 0.1.4 ...) TODO: check-old CVE-2007-2839 (gfax 0.4.2 and probably other versions creates temporary files ...) TODO: check-old CVE-2007-2840 RESERVED CVE-2007-2841 RESERVED CVE-2007-2842 RESERVED CVE-2007-2843 (Cross-domain vulnerability in Apple Safari 2.0.4 allows remote ...) TODO: check-old CVE-2007-2844 (PHP 4.x and 5.x before 5.2.1, when running on multi-threaded systems, ...) NOTE: Fixed in 5.2.1 CVE-2007-2845 (Heap-based buffer overflow in the CAB unpacker in avast! Anti-Virus ...) TODO: check-old CVE-2007-2846 (Heap-based buffer overflow in the SIS unpacker in avast! Anti-Virus ...) TODO: check-old CVE-2007-2847 (Multiple cross-site scripting (XSS) vulnerabilities in hlstats.php in ...) TODO: check-old CVE-2007-2848 (Stack-based buffer overflow in the SetPath function in the shComboBox ...) TODO: check-old CVE-2007-2849 (KnowledgeTree Document Management (aka KnowledgeTree Open Source) ...) TODO: check-old CVE-2007-2850 (The Session Reliability Service (XTE) in Citrix MetaFrame Presentation ...) TODO: check-old CVE-2007-2851 (A certain ActiveX control in LeadTools Raster Variant Object Library ...) TODO: check-old CVE-2007-2852 (Multiple stack-based buffer overflows in ESET NOD32 Antivirus before ...) TODO: check-old CVE-2007-2853 (The VCDAPILibApi ActiveX control in vc9api.DLL 9.0.0.57 in Virtual CD ...) TODO: check-old CVE-2007-2854 (Multiple SQL injection vulnerabilities in account_change.php in ...) TODO: check-old CVE-2007-2855 (Buffer overflow in a certain ActiveX control in DartZipLite.dll ...) TODO: check-old CVE-2007-2856 (Buffer overflow in the Dart Communications PowerTCP ZIP Compression ...) TODO: check-old CVE-2007-2857 (PHP remote file inclusion vulnerability in sample/xls2mysql in ABC ...) TODO: check-old CVE-2007-2858 (SQL injection vulnerability in the IP-Search functionality in the ...) TODO: check-old CVE-2007-2859 (Multiple PHP remote file inclusion vulnerabilities in SimpGB 1.46.0 ...) TODO: check-old CVE-2007-2860 (user.php in BoastMachine 3.0 platinum allows remote authenticated ...) TODO: check-old CVE-2007-2861 (Multiple PHP remote file inclusion vulnerabilities in Simple ...) TODO: check-old CVE-2007-2862 (Multiple SQL injection vulnerabilities in CubeCart 3.0.16 might allow ...) TODO: check-old CVE-2007-2863 (Stack-based buffer overflow in the Anti-Virus engine before content ...) TODO: check-old CVE-2007-2864 (Stack-based buffer overflow in the Anti-Virus engine before content ...) TODO: check-old CVE-2007-2865 (Cross-site scripting (XSS) vulnerability in sqledit.php in phpPgAdmin ...) TODO: check-old CVE-2007-2866 (Multiple SQL injection vulnerabilities in ...) TODO: check-old CVE-2007-2867 (Multiple vulnerabilities in the layout engine for Mozilla Firefox ...) BUG: 180436 CVE-2007-2868 (Multiple vulnerabilities in the JavaScript engine for Mozilla Firefox ...) BUG: 180436 CVE-2007-2869 (The form autocomplete feature in Mozilla Firefox 1.5.x before ...) BUG: 180436 CVE-2007-2870 (Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and ...) BUG: 180436 CVE-2007-2871 (Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and ...) BUG: 180436 CVE-2007-2872 (Multiple integer overflows in the chunk_split function in PHP 5 before ...) BUG: 179158 CVE-2007-2873 (SpamAssassin 3.1.x, 3.2.0, and 3.2.1 before 20070611, when running as ...) TODO: check-old CVE-2007-2874 (Buffer overflow in the wpa_printf function in the debugging code in ...) TODO: check-old CVE-2007-2875 (Integer underflow in the cpuset_tasks_read function in the Linux ...) TODO: check-old CVE-2007-2876 (The sctp_new function in (1) ip_conntrack_proto_sctp.c and (2) ...) TODO: check-old CVE-2007-2877 (Buffer overflow in tcl/win/tclWinReg.c in Tcl (Tcl/Tk) before 8.5a6 ...) TODO: check-old CVE-2007-2878 (The VFAT compat ioctls in the Linux kernel before 2.6.21.2, when run ...) TODO: check-old CVE-2007-2879 (Cross-site scripting (XSS) vulnerability in mods.php in GTP GNUTurk ...) TODO: check-old CVE-2007-2880 (Multiple cross-site scripting (XSS) vulnerabilities in Digirez 3.4 ...) TODO: check-old CVE-2007-2881 (Multiple stack-based buffer overflows in the SOCKS proxy support ...) TODO: check-old CVE-2007-2882 (Unspecified vulnerability in the NFS client module in Sun Solaris 8 ...) TODO: check-old CVE-2007-2883 (Credant Mobile Guardian Shield for Windows 5.2.1.105 and earlier ...) TODO: check-old CVE-2007-2884 (Multiple stack-based buffer overflows in Microsoft Visual Basic 6 ...) TODO: check-old CVE-2007-2885 (The NotSafe function in the MSVDTDatabaseDesigner7 ActiveX control in ...) TODO: check-old CVE-2007-2886 (Unspecified vulnerability in the Nortel CS 1000 M media card in ...) TODO: check-old CVE-2007-2887 (Cross-site scripting (XSS) vulnerability in index.php in Web Icerik ...) TODO: check-old CVE-2007-2888 (Stack-based buffer overflow in UltraISO 8.6.2.2011 and earlier allows ...) TODO: check-old CVE-2007-2889 (SQL injection vulnerability in tracking/courseLog.php in Dokeos 1.6.5 ...) TODO: check-old CVE-2007-2890 (SQL injection vulnerability in category.php in cpCommerce 1.1.0 and ...) TODO: check-old CVE-2007-2891 (Multiple PHP remote file inclusion vulnerabilities in FirmWorX 0.1.2 ...) TODO: check-old CVE-2007-2892 (Cross-site scripting (XSS) vulnerability in news.asp in ASP-Nuke 2.0.7 ...) TODO: check-old CVE-2007-2893 (Heap-based buffer overflow in the bx_ne2k_c::rx_frame function in ...) BUG: 188148 CVE-2007-2894 (The emulated floppy disk controller in Bochs 2.3 allows local users of ...) BUG: 188148 CVE-2007-2895 (Buffer overflow in a certain ActiveX control in LTRDF14e.DLL 14.5.0.44 ...) TODO: check-old CVE-2007-2896 (Race condition in the Symantec Enterprise Security Manager (ESM) 6.5.3 ...) TODO: check-old CVE-2007-2897 (Microsoft Internet Information Services (IIS) 6.0 allows remote ...) TODO: check-old CVE-2007-2898 (SQL injection vulnerability in includes/rating.php in 2z Project 0.9.5 ...) TODO: check-old CVE-2007-2899 (Direct static code injection vulnerability in admin_config.php in ...) TODO: check-old CVE-2007-2900 (Multiple PHP remote file inclusion vulnerabilities in Scallywag ...) TODO: check-old CVE-2007-2901 (Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.0 ...) TODO: check-old CVE-2007-2902 (SQL injection vulnerability in main/auth/my_progress.php in Dokeos ...) TODO: check-old CVE-2007-2903 (Buffer overflow in the HelpPopup method in the Microsoft Office 2000 ...) TODO: check-old CVE-2007-2904 (Cross-site scripting (XSS) vulnerability in Sun Java System Messaging ...) TODO: check-old CVE-2007-2905 (SQL injection vulnerability in includes/rating.php in 2z Project 0.9.5 ...) TODO: check-old CVE-2007-2906 (Java Embedding Plugin 0.9.6.1 allows remote attackers to cause a ...) TODO: check-old CVE-2007-2907 (Unspecified vulnerability in SSL-Explorer before 0.2.13 allows remote ...) TODO: check-old CVE-2007-2908 (Cross-site scripting (XSS) vulnerability in calendar.php in Jelsoft ...) TODO: check-old CVE-2007-2909 (Cross-site scripting (XSS) vulnerability in calendar.php in Jelsoft ...) TODO: check-old CVE-2007-2910 (Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin before ...) TODO: check-old CVE-2007-2911 (SQL injection vulnerability in admincp/attachment.php in Jelsoft ...) TODO: check-old CVE-2007-2912 (Unspecified vulnerability in Jelsoft vBulletin before 3.6.6, when ...) TODO: check-old CVE-2007-2913 (Cross-site scripting (XSS) vulnerability in index.php in ClonusWiki .5 ...) TODO: check-old CVE-2007-2914 (Multiple cross-site scripting (XSS) vulnerabilities in PsychoStats ...) TODO: check-old CVE-2007-2915 (Cross-site scripting (XSS) vulnerability in RM EasyMail Plus allows ...) TODO: check-old CVE-2007-2916 (Cross-site scripting (XSS) vulnerability in showown.php in GMTT Music ...) TODO: check-old CVE-2007-2917 (Multiple buffer overflows in a certain ActiveX control in odapi.dll in ...) TODO: check-old CVE-2007-2918 (Multiple stack-based buffer overflows in ActiveX controls (1) VibeC in ...) TODO: check-old CVE-2007-2919 (Multiple stack-based buffer overflows in the FViewerLoading ActiveX ...) TODO: check-old CVE-2007-2920 (Multiple stack-based buffer overflows in the Zoomify Viewer ActiveX ...) TODO: check-old CVE-2007-2921 (Multiple buffer overflows in acgm.dll in the Corel / Micrografx ...) TODO: check-old CVE-2007-2922 RESERVED CVE-2007-2923 (The launch method in the LocalExec ActiveX control (LocalExec.ocx) in ...) TODO: check-old CVE-2007-2924 (Multiple buffer overflows in RealNetworks GameHouse dldisplay ActiveX ...) TODO: check-old CVE-2007-2925 (The default access control lists (ACL) in ISC BIND 9.4.0, 9.4.1, and ...) BUG: 186556 CVE-2007-2926 (ISC BIND 9 through 9.5.0a5 uses a weak random number generator during ...) BUG: 186556 CVE-2007-2927 (Unspecified vulnerability in Atheros 802.11 a/b/g wireless adapter ...) TODO: check-old CVE-2007-2928 (Format string vulnerability in the IBM Lenovo Access Support acpRunner ...) TODO: check-old CVE-2007-2929 (The IBM Lenovo Access Support acpRunner ActiveX control, as ...) TODO: check-old CVE-2007-2930 (The (1) NSID_SHUFFLE_ONLY and (2) NSID_USE_POOL PRNG algorithms in ISC ...) TODO: check-old CVE-2007-2931 (Heap-based buffer overflow in Microsoft MSN Messenger 6.2, 7.0, and ...) TODO: check-old CVE-2007-2932 (Cross-site scripting (XSS) vulnerability in index.php in BoastMachine ...) TODO: check-old CVE-2007-2933 (SQL injection vulnerability in index.php in the Phil-a-Form ...) TODO: check-old CVE-2007-2934 (Directory traversal vulnerability in skins/common.css.php in Vistered ...) TODO: check-old CVE-2007-2935 (core/spellcheck/spellcheck.php in Fundanemt before 2.2.0.1 allows ...) TODO: check-old CVE-2007-2936 (Multiple PHP remote file inclusion vulnerabilities in Frequency Clock ...) TODO: check-old CVE-2007-2937 (PHP remote file inclusion vulnerability in admin/admin.php in TROforum ...) TODO: check-old CVE-2007-2938 (Buffer overflow in the BaseRunner ActiveX control in the Ademco ...) TODO: check-old CVE-2007-2939 (Multiple PHP remote file inclusion vulnerabilities in Mazen's PHP Chat ...) TODO: check-old CVE-2007-2940 (Multiple PHP remote file inclusion vulnerabilities in FlaP 1.0b (1.0 ...) TODO: check-old CVE-2007-2941 (Multiple PHP remote file inclusion vulnerabilities in the creator in ...) TODO: check-old CVE-2007-2942 (SQL injection vulnerability in user.php in My Little Forum 1.7 and ...) TODO: check-old CVE-2007-2943 (PHP remote file inclusion vulnerability in class/class.php in Webavis ...) TODO: check-old CVE-2007-2944 (WabCMS 1.0 stores sensitive information under the web root with ...) TODO: check-old CVE-2007-2945 (RMForum stores sensitive information under the web root with ...) TODO: check-old CVE-2007-2946 (Buffer overflow in a certain ActiveX control in LeadTools Raster ...) TODO: check-old CVE-2007-2947 (Multiple PHP remote file inclusion vulnerabilities in OpenBASE Alpha ...) TODO: check-old CVE-2007-2948 (Multiple stack-based buffer overflows in stream/stream_cddb.c in ...) BUG: 181097 CVE-2007-2949 (Integer overflow in the seek_to_and_unpack_pixeldata function in the ...) BUG: 182047 CVE-2007-2950 (Centennial Discovery 2006 Feature Pack 1, which is used by (1) Numara ...) TODO: check-old CVE-2007-2951 (The parseIrcUrl function in src/kvirc/kernel/kvi_ircurl.cpp in KVIrc ...) BUG: 183174 CVE-2007-2952 (Multiple stack-based buffer overflows in the filter service (aka ...) NOT-FOR-US: Blue Coat K9 Web Protection CVE-2007-2953 (Format string vulnerability in the helptags_one function in ...) TODO: check-old CVE-2007-2954 (Multiple stack-based buffer overflows in the Spooler service ...) TODO: check-old CVE-2007-2955 (Multiple unspecified "input validation error" vulnerabilities in ...) TODO: check-old CVE-2007-2956 (Stack-based buffer overflow in the readRadianceHeader function in (1) ...) TODO: check-old CVE-2007-2957 (Integer overflow in McAfee E-Business Server before 8.5.3 for Solaris, ...) NOT-FOR-US: McAfee E-Business Server CVE-2007-2958 (Format string vulnerability in the inc_put_error function in src/inc.c ...) BUG: 190104 CVE-2007-2959 (SQL injection vulnerability in manufacturer.php in cpCommerce before ...) TODO: check-old CVE-2007-2960 (Multiple directory traversal vulnerabilities in Scallywag 2005-04-25 ...) TODO: check-old CVE-2007-2961 (Unrestricted file upload vulnerability in FileCloset before 1.1.5 ...) TODO: check-old CVE-2007-2962 (Cross-site scripting (XSS) vulnerability in search.php in Particle ...) TODO: check-old CVE-2007-2963 (Multiple cross-site scripting (XSS) vulnerabilities in Invision Power ...) TODO: check-old CVE-2007-2964 (The fsmsh.dll host module in F-Secure Policy Manager Server 7.00 and ...) TODO: check-old CVE-2007-2965 (Unspecified vulnerability in the Real-time Scanning component in ...) TODO: check-old CVE-2007-2966 (Buffer overflow in the LHA decompresion component in F-Secure ...) TODO: check-old CVE-2007-2967 (Multiple F-Secure anti-virus products for Microsoft Windows and Linux ...) TODO: check-old CVE-2007-2968 (Cross-site scripting (XSS) vulnerability in register.php in cpCommerce ...) TODO: check-old CVE-2007-2969 (PHP remote file inclusion vulnerability in newsletter.php in ...) TODO: check-old CVE-2007-2970 (Multiple cross-site scripting (XSS) vulnerabilities in cgi/block.cgi ...) TODO: check-old CVE-2007-2971 (SQL injection vulnerability in getnewsitem.php in gCards 1.46 and ...) TODO: check-old CVE-2007-2972 (The file parsing engine in Avira Antivir Antivirus before 7.04.00.24 ...) TODO: check-old CVE-2007-2973 (Avira Antivir Antivirus before 7.03.00.09 allows remote attackers to ...) TODO: check-old CVE-2007-2974 (Buffer overflow in the file parsing engine in Avira Antivir Antivirus ...) TODO: check-old CVE-2007-2975 (The admin console in Ignite Realtime Openfire 3.3.0 and earlier ...) TODO: check-old CVE-2007-2976 (Centrinity FirstClass 8.3 and earlier, and Server and Internet ...) TODO: check-old CVE-2007-2977 (Buffer overflow in the receive function in submit/submitcommon.c in ...) TODO: check-old CVE-2007-2978 (Session fixation vulnerability in eggblog 3.1.0 and earlier allows ...) TODO: check-old CVE-2007-2979 (Techno Dreams Web Directory / Search Engine 2.0 stores sensitive ...) TODO: check-old CVE-2007-2980 (Heap-based buffer overflow in a certain ActiveX control in LEADTOOLS ...) TODO: check-old CVE-2007-2981 (Buffer overflow in a certain ActiveX control in LEAD Technologies ...) TODO: check-old CVE-2007-2982 (Multiple buffer overflows in the British Telecommunications Business ...) TODO: check-old CVE-2007-2983 (Multiple buffer overflows in the British Telecommunications Consumer ...) NOT-FOR-US: btglobalservices BT Consumer webhelper CVE-2007-2984 (Multiple stack-based buffer overflows in the Media Technology Group ...) TODO: check-old CVE-2007-2985 (Pheap 2.0 allows remote attackers to bypass authentication by setting ...) TODO: check-old CVE-2007-2986 (PHP remote file inclusion vulnerability in lib/live_status.lib.php in ...) TODO: check-old CVE-2007-2987 (Multiple buffer overflows in certain ActiveX controls in sasatl.dll in ...) TODO: check-old CVE-2007-2988 (A certain admin script in Inout Meta Search Engine sends a redirect to ...) TODO: check-old CVE-2007-2989 (The libike library in Sun Solaris 9 before 20070529 contains a logic ...) TODO: check-old CVE-2007-2990 (Unspecified vulnerability in inetd in Sun Solaris 10 before 20070529 ...) TODO: check-old CVE-2007-2991 (Cross-site scripting (XSS) vulnerability in includes/send.inc.php in ...) TODO: check-old CVE-2007-2992 (Multiple SQL injection vulnerabilities in OmegaMw7.asp in OMEGA (aka ...) TODO: check-old CVE-2007-2993 (Multiple cross-site scripting (XSS) vulnerabilities in OmegaMw7.asp in ...) TODO: check-old CVE-2007-2994 (SQL injection vulnerability in news.php in DGNews 2.1 allows remote ...) TODO: check-old CVE-2007-2995 (Unspecified vulnerability in sysmgt.websm.rte in IBM AIX 5.2.0 and ...) TODO: check-old CVE-2007-2996 (Unspecified vulnerability in perl.rte 5.8.0.10 through 5.8.0.95 on IBM ...) TODO: check-old CVE-2007-2997 (** DISPUTED ** ...) TODO: check-old CVE-2007-2998 (The Pascal run-time library (PAS$RTL.EXE) before 20070418 on OpenVMS ...) TODO: check-old CVE-2007-2999 (Microsoft Windows Server 2003, when time restrictions are in effect ...) TODO: check-old CVE-2007-3000 (Multiple SQL injection vulnerabilities in PHP JackKnife (PHPJK) allow ...) TODO: check-old CVE-2007-3001 (Multiple cross-site scripting (XSS) vulnerabilities in PHP JackKnife ...) TODO: check-old CVE-2007-3002 (PHP JackKnife (PHPJK) allows remote attackers to obtain sensitive ...) TODO: check-old CVE-2007-3003 (Multiple SQL injection vulnerabilities in myBloggie 2.1.6 and earlier ...) TODO: check-old CVE-2007-3004 REJECTED CVE-2007-3005 REJECTED CVE-2007-3006 (Buffer overflow in Acoustica MP3 CD Burner 4.32 allows user-assisted ...) TODO: check-old CVE-2007-3007 (PHP 5 before 5.2.3 does not enforce the open_basedir or safe_mode ...) BUG: 191034 CVE-2007-3008 (Mbedthis AppWeb before 2.2.2 enables the HTTP TRACE method, which has ...) TODO: check-old CVE-2007-3009 (Format string vulnerability in the MprLogToFile::logEvent function in ...) TODO: check-old CVE-2007-3010 (masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX ...) TODO: check-old CVE-2007-3011 (The DBAsciiAccess CGI Script in the web interface in Fujitsu-Siemens ...) TODO: check-old CVE-2007-3012 (The web interface in Fujitsu-Siemens Computers PRIMERGY BX300 Switch ...) TODO: check-old CVE-2007-3013 (SQL injection vulnerability in activeWeb contentserver before 5.6.2964 ...) TODO: check-old CVE-2007-3014 (Multiple cross-site scripting (XSS) vulnerabilities in activeWeb ...) TODO: check-old CVE-2007-3015 RESERVED CVE-2007-3016 RESERVED CVE-2007-3017 (The WYSIWYG editor applet in activeWeb contentserver CMS before ...) TODO: check-old CVE-2007-3018 (activeWeb contentserver CMS before 5.6.2964 does not limit the ...) TODO: check-old CVE-2007-3019 RESERVED CVE-2007-3020 RESERVED CVE-2007-3021 (Symantec Reporting Server 1.0.197.0, and other versions before ...) TODO: check-old CVE-2007-3022 (Symantec Reporting Server 1.0.197.0, and other versions before ...) TODO: check-old CVE-2007-3023 (unsp.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 does not ...) BUG: 178082 CVE-2007-3024 (libclamav/others.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 ...) BUG: 178082 CVE-2007-3025 (Unspecified vulnerability in libclamav/phishcheck.c in ClamAV before ...) TODO: check-old CVE-2007-3026 (Integer overflow in Panda Software AdminSecure allows remote attackers ...) TODO: check-old CVE-2007-3027 (Race condition in Microsoft Internet Explorer 5.01, 6, and 7 allows ...) TODO: check-old CVE-2007-3028 (The LDAP service in Windows Active Directory in Microsoft Windows 2000 ...) TODO: check-old CVE-2007-3029 (Unspecified vulnerability in Microsoft Excel 2002 SP3 and 2003 SP2 ...) TODO: check-old CVE-2007-3030 (Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, and 2003 Viewer allows ...) TODO: check-old CVE-2007-3031 RESERVED CVE-2007-3032 (Unspecified vulnerability in Windows Vista Contacts Gadget in Windows ...) TODO: check-old CVE-2007-3033 (Cross-site scripting (XSS) vulnerability in Windows Vista Feed ...) TODO: check-old CVE-2007-3034 (Integer overflow in the AttemptWrite function in Graphics Rendering ...) TODO: check-old CVE-2007-3035 (Unspecified vulnerability in Microsoft Windows Media Player 7.1, 9, ...) TODO: check-old CVE-2007-3036 (Unspecified vulnerability in the (1) Windows Services for UNIX 3.0 and ...) TODO: check-old CVE-2007-3037 (Microsoft Windows Media Player 7.1, 9, 10, and 11 allows remote ...) TODO: check-old CVE-2007-3038 (The Teredo interface in Microsoft Windows Vista and Vista x64 Edition ...) TODO: check-old CVE-2007-3039 (Stack-based buffer overflow in the Microsoft Message Queuing (MSMQ) ...) NOT-FOR-US: Windows Microsoft Messagin Queuing CVE-2007-3040 (Stack-based buffer overflow in agentdpv.dll 2.0.0.3425 in Microsoft ...) TODO: check-old CVE-2007-3041 (Unspecified vulnerability in the pdwizard.ocx ActiveX object for ...) TODO: check-old CVE-2007-3042 (Cross-site scripting (XSS) vulnerability in Meneame before 2 allows ...) TODO: check-old CVE-2007-3043 (Cross-site scripting (XSS) vulnerability in Collaboration - File ...) TODO: check-old CVE-2007-3044 (Unspecified vulnerability in the Map I/O Service (xpwmap) in Hitachi ...) TODO: check-old CVE-2007-3045 (Unspecified vulnerability in Hitachi TP1/NET/OSI-TP-Extended on ...) TODO: check-old CVE-2007-3046 (Buffer overflow in Advanced Software Production Line Vortex Library ...) TODO: check-old CVE-2007-3047 (The Vonage VoIP Telephone Adapter has a default administrator username ...) TODO: check-old CVE-2007-3048 (** DISPUTED ** ...) TODO: check-old CVE-2007-3049 (Cross-site scripting (XSS) vulnerability in index.php in Buttercup web ...) TODO: check-old CVE-2007-3050 (Session fixation vulnerability in chameleon cms 3.0 and earlier allows ...) TODO: check-old CVE-2007-3051 (SQL injection vulnerability in inc/class_users.php in RevokeSoft ...) TODO: check-old CVE-2007-3052 (SQL injection vulnerability in index.php in the PNphpBB2 1.2i and ...) TODO: check-old CVE-2007-3053 (Session fixation vulnerability in Calimero.CMS 3.3.1232 and earlier ...) TODO: check-old CVE-2007-3054 (Cross-site scripting (XSS) vulnerability in search.php in Codelib ...) TODO: check-old CVE-2007-3055 (Cross-site scripting (XSS) vulnerability in index.php in Codelib ...) TODO: check-old CVE-2007-3056 (Cross-site scripting (XSS) vulnerability in filedetails.php in WebSVN ...) TODO: check-old CVE-2007-3057 (PHP remote file inclusion vulnerability in ...) TODO: check-old CVE-2007-3058 (Multiple PHP remote file inclusion vulnerabilities in Madirish Webmail ...) TODO: check-old CVE-2007-3059 (SendCard 3.3.0 allows remote attackers to obtain sensitive information ...) TODO: check-old CVE-2007-3060 (Multiple cross-site scripting (XSS) vulnerabilities in PHP Live! 3.2.2 ...) TODO: check-old CVE-2007-3061 (Cactushop 6 and earlier stores sensitive information under the web ...) TODO: check-old CVE-2007-3062 (Cross-site scripting (XSS) vulnerability in HP System Management ...) TODO: check-old CVE-2007-3063 (SQL injection vulnerability in diary.php in My Databook allows remote ...) TODO: check-old CVE-2007-3064 (Cross-site scripting (XSS) vulnerability in diary.php in My Databook ...) TODO: check-old CVE-2007-3065 (SQL injection vulnerability in viewimage.php in Particle Soft Particle ...) TODO: check-old CVE-2007-3066 (Multiple PHP remote file inclusion vulnerabilities in php(Reactor) ...) TODO: check-old CVE-2007-3067 (Cross-site scripting (XSS) vulnerability in the Attunement and Key ...) TODO: check-old CVE-2007-3068 (Stack-based buffer overflow in DVD X Player 4.1 Professional allows ...) TODO: check-old CVE-2007-3069 (xscreensaver in Sun Solaris 10 before 20070604, when a GNOME session ...) TODO: check-old CVE-2007-3070 (Cross-site scripting (XSS) vulnerability in index.php in BDigital Web ...) TODO: check-old CVE-2007-3071 (Buffer overflow in the GetWebStoreURL function in a certain ActiveX ...) TODO: check-old CVE-2007-3072 (Directory traversal vulnerability in Mozilla Firefox before 2.0.0.4 on ...) TODO: check-old CVE-2007-3073 (Directory traversal vulnerability in Mozilla Firefox 2.0.0.4 and ...) TODO: check-old CVE-2007-3074 (Mozilla Firefox 2.0.0.4 and earlier allows remote attackers to read ...) TODO: check-old CVE-2007-3075 (Directory traversal vulnerability in Microsoft Internet Explorer ...) TODO: check-old CVE-2007-3076 (A certain ActiveX control in sasatl.dll in Zenturi ProgramChecker ...) TODO: check-old CVE-2007-3077 (SQL injection vulnerability in listmembers.php in EQdkp 1.3.2 and ...) TODO: check-old CVE-2007-3078 (Multiple cross-site scripting (XSS) vulnerabilities in Aigaion before ...) TODO: check-old CVE-2007-3079 (listmembers.php in EQdkp 1.3.2c and earlier allows remote attackers to ...) TODO: check-old CVE-2007-3080 (SQL injection vulnerability in haberoku.asp in Hunkaray Okul Portaly ...) TODO: check-old CVE-2007-3081 (PHP remote file inclusion vulnerability in sampleecommerce.php in ...) TODO: check-old CVE-2007-3082 (Directory traversal vulnerability in sendcard.php in Sendcard 3.4.1 ...) TODO: check-old CVE-2007-3083 (Z-Blog 1.7 stores sensitive information under the web root with ...) TODO: check-old CVE-2007-3084 (PHP remote file inclusion vulnerability in sampleblogger.php in Comdev ...) TODO: check-old CVE-2007-3085 (Multiple PHP remote file inclusion vulnerabilities in PBSite allow ...) TODO: check-old CVE-2007-3086 (Unrestricted critical resource lock in Agnitum Outpost Firewall PRO ...) TODO: check-old CVE-2007-3087 (Peercast places a cleartext password in a query string, which might ...) TODO: check-old CVE-2007-3088 (SQL injection vulnerability in index.php in Comicsense allows remote ...) TODO: check-old CVE-2007-3089 (Mozilla Firefox before 2.0.0.5 does not prevent use of document.write ...) BUG: 187205 BUG: 185737 CVE-2007-3090 REJECTED TODO: check-old CVE-2007-3091 (Race condition in Microsoft Internet Explorer 6 SP1; 6 and 7 for ...) TODO: check-old CVE-2007-3092 (Microsoft Internet Explorer 6 allows remote attackers to spoof the URL ...) TODO: check-old CVE-2007-3093 (Unspecified vulnerability in the logging mechanism in Solaris ...) TODO: check-old CVE-2007-3094 (Unspecified vulnerability in the authentication mechanism in Solaris ...) TODO: check-old CVE-2007-3095 (Unspecified vulnerability in Symantec Reporting Server 1.0.197.0, and ...) TODO: check-old CVE-2007-3096 (Directory traversal vulnerability in login.php in PBLang (PBL) ...) TODO: check-old CVE-2007-3097 (my.activation.php3 in F5 FirePass 4100 SSL VPN allows remote attackers ...) TODO: check-old CVE-2007-3098 (The SNMPc Server (crserv.exe) process in Castle Rock Computing SNMPc ...) TODO: check-old CVE-2007-3099 (usr/mgmt_ipc.c in iscsid in open-iscsi (iscsi-initiator-utils) before ...) TODO: check-old CVE-2007-3100 (usr/log.c in iscsid in open-iscsi (iscsi-initiator-utils) before ...) TODO: check-old CVE-2007-3101 (Multiple cross-site scripting (XSS) vulnerabilities in certain JSF ...) TODO: check-old CVE-2007-3102 (Unspecified vulnerability in the linux_audit_record_event function in ...) NOTE: Does not affect Gentoo as we do not ship RedHat's audit patches CVE-2007-3103 (The init.d script for the X.Org X11 xfs font server on various Linux ...) BUG: 185660 CVE-2007-3104 (The sysfs_readdir function in the Linux kernel 2.6, as used in Red Hat ...) TODO: check-old CVE-2007-3105 (Stack-based buffer overflow in the random number generator (RNG) ...) TODO: check-old CVE-2007-3106 (lib/info.c in libvorbis 1.1.2, and possibly other versions before ...) BUG: 186716 CVE-2007-3107 (The signal handling in the Linux kernel before 2.6.22, including ...) BUG: 209893 CVE-2007-3108 (The BN_from_montgomery function in crypto/bn/bn_mont.c in OpenSSL ...) BUG: 194039 BUG: 188799 CVE-2007-3109 (The CERN Image Map Dispatcher (htimage.exe) in Microsoft FrontPage ...) TODO: check-old CVE-2007-3110 (Cross-site scripting (XSS) vulnerability in the Andy Frank Beatnik 1.0 ...) TODO: check-old CVE-2007-3111 (Buffer overflow in the Provideo Camimage ActiveX control in ...) TODO: check-old CVE-2007-3112 (Cacti 0.8.6i, and possibly other versions, allows remote authenticated ...) TODO: check-old CVE-2007-3113 (Cacti 0.8.6i, and possibly other versions, allows remote authenticated ...) TODO: check-old CVE-2007-3114 (Memory leak in server/MaraDNS.c in MaraDNS before 1.2.12.05, and 1.3.x ...) TODO: check-old CVE-2007-3115 (Multiple memory leaks in server/MaraDNS.c in MaraDNS before 1.2.12.06, ...) TODO: check-old CVE-2007-3116 (Memory leak in server/MaraDNS.c in MaraDNS 1.2.12.06 and 1.3.05 allows ...) TODO: check-old CVE-2007-3117 (Cross-site scripting (XSS) vulnerability in the SEO module in ADPLAN 3 ...) TODO: check-old CVE-2007-3118 (Multiple PHP remote file inclusion vulnerabilities in Kravchuk letter ...) TODO: check-old CVE-2007-3119 (SQL injection vulnerability in news.asp in Kartli Alisveris Sistemi ...) TODO: check-old CVE-2007-3120 (Cross-site scripting (XSS) vulnerability in public/code/cp_dpage.php ...) TODO: check-old CVE-2007-3121 (Buffer overflow in the CCdecode function in contrib/ntsc-cc.c in the ...) TODO: check-old CVE-2007-3122 (The parsing engine in ClamAV before 0.90.3 and 0.91 before 0.91rc1 ...) BUG: 178082 CVE-2007-3123 (unrar.c in libclamav in ClamAV before 0.90.3 and 0.91 before 0.91rc1 ...) BUG: 178082 CVE-2007-3124 (Buffer overflow in backup/src/vmsbackup.c (aka the backup utility) in ...) TODO: check-old CVE-2007-3125 REJECTED TODO: check-old CVE-2007-3126 (Gimp 2.3.14 allows context-dependent attackers to cause a denial of ...) TODO: check-old CVE-2007-3127 (content.php in WSPortal 1.0, when magic_quotes_gpc is disabled, allows ...) TODO: check-old CVE-2007-3128 (SQL injection vulnerability in content.php in WSPortal 1.0, when ...) TODO: check-old CVE-2007-3129 (Cross-site scripting (XSS) vulnerability in login.php in Utopia News ...) TODO: check-old CVE-2007-3130 (Multiple PHP remote file inclusion vulnerabilities in the OpenWiki ...) TODO: check-old CVE-2007-3131 (Cross-site scripting (XSS) vulnerability in add_comment.php in Light ...) TODO: check-old CVE-2007-3132 (Multiple vulnerabilities in Symantec Ghost Solution Suite 2.0.0 and ...) TODO: check-old CVE-2007-3133 (SQL injection vulnerability in urunbak.asp in W1L3D4 WEBmarket 0.1 ...) TODO: check-old CVE-2007-3134 (Multiple cross-site scripting (XSS) vulnerabilities in ...) TODO: check-old CVE-2007-3135 (Cross-site scripting (XSS) vulnerability in atomPhotoBlog.php in Atom ...) TODO: check-old CVE-2007-3136 (PHP remote file inclusion vulnerability in inc/nuke_include.php in ...) TODO: check-old CVE-2007-3137 (Multiple cross-site scripting (XSS) vulnerabilities in 4print.asp in ...) TODO: check-old CVE-2007-3138 (Directory traversal vulnerability in index.php in Open Solution ...) TODO: check-old CVE-2007-3139 (config/general.php in Quick.Cart 2.2 and earlier uses a default ...) TODO: check-old CVE-2007-3140 (SQL injection vulnerability in xmlrpc.php in WordPress 2.2 allows ...) TODO: check-old CVE-2007-3141 (PHP remote file inclusion vulnerability in core/editor.php in ...) TODO: check-old CVE-2007-3142 (Visual truncation vulnerability in Opera 9.21 allows remote attackers ...) BUG: 188987 BUG: 185497 CVE-2007-3143 (Visual truncation vulnerability in Konqueror 3.5.5 allows remote ...) TODO: check-old CVE-2007-3144 (Visual truncation vulnerability in Mozilla 1.7.12 allows remote ...) TODO: check-old CVE-2007-3145 (Visual truncation vulnerability in Galeon 2.0.1 allows remote ...) TODO: check-old CVE-2007-3146 (Zen Help Desk 2.1 stores sensitive information under the web root with ...) TODO: check-old CVE-2007-3147 (Buffer overflow in the Yahoo! Webcam Upload ActiveX control in ...) TODO: check-old CVE-2007-3148 (Buffer overflow in the Yahoo! Webcam Viewer ActiveX control in ...) TODO: check-old CVE-2007-3149 (sudo, when linked with MIT Kerberos 5 (krb5), does not properly check ...) TODO: check-old CVE-2007-3150 (Google Desktop allows user-assisted remote attackers to execute ...) TODO: check-old CVE-2007-3151 (rpttop.htm in the web management interface in Packeteer PacketShaper ...) TODO: check-old CVE-2007-3152 (c-ares before 1.4.0 uses a predictable seed for the random number ...) TODO: check-old CVE-2007-3153 (The ares_init:randomize_key function in c-ares, on platforms other ...) TODO: check-old CVE-2007-3154 (Unspecified vulnerability in Walter Zorn wz_tooltip.js (aka ...) TODO: check-old CVE-2007-3155 (Unspecified vulnerability in eGroupWare before 1.2.107-2 has unknown ...) TODO: check-old CVE-2007-3156 (Multiple cross-site scripting (XSS) vulnerabilities in pam_login.cgi ...) BUG: 181385 CVE-2007-3157 (IPSecDrv.sys 10.4.0.12 in SafeNET High Assurance Remote 1.4.0 Build ...) TODO: check-old CVE-2007-3158 (download_script.asp in ASP Folder Gallery allows remote attackers to ...) TODO: check-old CVE-2007-3159 (http.c in MiniWeb Http Server 0.8.x allows remote attackers to cause a ...) TODO: check-old CVE-2007-3160 (PHP remote file inclusion vulnerability in admin/header.php in PHP ...) TODO: check-old CVE-2007-3161 (Buffer overflow in Ace-FTP Client 1.24a allows user-assisted, remote ...) TODO: check-old CVE-2007-3162 (Buffer overflow in the NotSafe function in the idaiehlp ActiveX ...) TODO: check-old CVE-2007-3163 (Incomplete blacklist vulnerability in the filemanager in Frederico ...) TODO: check-old CVE-2007-3164 (Microsoft Internet Explorer 7, when prompting for HTTP Basic ...) TODO: check-old CVE-2007-3165 (Tor before 0.1.2.14 can construct circuits in which an entry guard is ...) TODO: check-old CVE-2007-3166 (Buffer overflow in Qualcomm Eudora 7.1.0.9 allows user-assisted, ...) TODO: check-old CVE-2007-3167 (Stack-based buffer overflow in the Vivotek Motion Jpeg ActiveX control ...) TODO: check-old CVE-2007-3168 (A certain ActiveX control in the EDraw Office Viewer Component ...) TODO: check-old CVE-2007-3169 (Buffer overflow in a certain ActiveX control in the EDraw Office ...) TODO: check-old CVE-2007-3170 (Multiple cross-site scripting (XSS) vulnerabilities in Uebimiau ...) TODO: check-old CVE-2007-3171 (Uebimiau Webmail allows remote attackers to obtain sensitive ...) TODO: check-old CVE-2007-3172 (Directory traversal vulnerability in demo/pop3/error.php in Uebimiau ...) TODO: check-old CVE-2007-3173 (Almnzm allows remote attackers to obtain sensitive information via an ...) TODO: check-old CVE-2007-3174 (Cross-site scripting (XSS) vulnerability in auth.w2b in W2B Online ...) TODO: check-old CVE-2007-3175 (Multiple SQL injection vulnerabilities in W2B Online Banking allow ...) TODO: check-old CVE-2007-3176 (Unspecified vulnerability in Ingate Firewall and SIParator before ...) TODO: check-old CVE-2007-3177 (Ingate Firewall and SIParator before 4.5.2 allow remote attackers to ...) TODO: check-old CVE-2007-3178 (Multiple SQL injection vulnerabilities in Zindizayn Okul Web Sistemi ...) TODO: check-old CVE-2007-3179 (Multiple SQL injection vulnerabilities in archives.php in Particle ...) TODO: check-old CVE-2007-3180 (Buffer overflow in Help and Support Center before 4.4 C on HP Windows ...) TODO: check-old CVE-2007-3181 (Buffer overflow in fbserver.exe in Firebird SQL 2 before 2.0.1 allows ...) BUG: 181811 CVE-2007-3182 (Multiple cross-site scripting (XSS) vulnerabilities in Calendarix ...) TODO: check-old CVE-2007-3183 (Multiple SQL injection vulnerabilities in Calendarix 0.7.20070307, ...) TODO: check-old CVE-2007-3184 (Cisco Trust Agent (CTA) before 2.1.104.0, when running on MacOS X, ...) TODO: check-old CVE-2007-3185 (Apple Safari Beta 3.0.1 for Windows public beta allows remote ...) TODO: check-old CVE-2007-3186 (Apple Safari Beta 3.0.1 for Windows allows remote attackers to execute ...) TODO: check-old CVE-2007-3187 (Multiple unspecified vulnerabilities in Apple Safari for Windows allow ...) TODO: check-old CVE-2007-3188 (SQL injection vulnerability in down_indir.asp in Fullaspsite GeometriX ...) TODO: check-old CVE-2007-3189 (Cross-site scripting (XSS) vulnerability in auth.php in Just For Fun ...) TODO: check-old CVE-2007-3190 (Multiple SQL injection vulnerabilities in auth.php in Just For Fun ...) TODO: check-old CVE-2007-3191 (Just For Fun Network Management System (JFFNMS) 0.8.3 allows remote ...) TODO: check-old CVE-2007-3192 (admin/setup.php in Just For Fun Network Management System (JFFNMS) ...) TODO: check-old CVE-2007-3193 (lib/WikiUser/LDAP.php in PhpWiki before 1.3.13p1, when the ...) BUG: 181692 CVE-2007-3194 (** DISPUTED ** ...) TODO: check-old CVE-2007-3195 (Cross-site scripting (XSS) vulnerability in index.php in ERFAN WIKI ...) TODO: check-old CVE-2007-3196 (SQL injection vulnerability in vBSupport.php in vSupport Integrated ...) TODO: check-old CVE-2007-3197 (SQL injection vulnerability in vBSupport.php in vBSupport 1.1 before ...) TODO: check-old CVE-2007-3198 (Cross-site scripting (XSS) vulnerability in comments.php in Maran PHP ...) TODO: check-old CVE-2007-3199 (Unrestricted file upload vulnerability in Link Request Contact Form ...) TODO: check-old CVE-2007-3200 (NMASINST in Novell Modular Authentication Service (NMAS) 3.1.2 and ...) TODO: check-old CVE-2007-3201 (Visual truncation vulnerability in Windows Privacy Tray (WinPT) 1.2.0 ...) TODO: check-old CVE-2007-3202 (Cross-site scripting (XSS) vulnerability in the rich text editor in ...) TODO: check-old CVE-2007-3203 (Stack-based buffer overflow in smtpdll.dll in the SMTP service in ...) TODO: check-old CVE-2007-3204 (SQL injection vulnerability in auth.php in Just For Fun Network ...) TODO: check-old CVE-2007-3205 (The parse_str function in (1) PHP, (2) Hardened-PHP, and (3) Subhosin, ...) TODO: check-old CVE-2007-3206 RESERVED CVE-2007-3207 (Buffer overflow in the NFS mount daemon (XNFS.NLM) in Novell NetWare ...) TODO: check-old CVE-2007-3208 (CRLF injection vulnerability in Yet another Bulletin Board (YaBB) 2.1 ...) TODO: check-old CVE-2007-3209 (Mail Notification 4.0, when WITH_SSL is set to 0 at compile time, uses ...) TODO: check-old CVE-2007-3210 (Stack-based buffer overflow in nptoken.mox in the Cellosoft Tokens ...) TODO: check-old CVE-2007-3211 (Cross-site scripting (XSS) vulnerability in 404.php in Domain ...) TODO: check-old CVE-2007-3212 (Multiple cross-site scripting (XSS) vulnerabilities in links.php in ...) TODO: check-old CVE-2007-3213 (Multiple cross-site scripting (XSS) vulnerabilities in comments.cgi in ...) TODO: check-old CVE-2007-3214 (SQL injection vulnerability in style.php in e-Vision CMS 2.02 and ...) TODO: check-old CVE-2007-3215 (PHPMailer 1.7, when configured to use sendmail, allows remote ...) TODO: check-old CVE-2007-3216 (Multiple buffer overflows in the LGServer component of CA (Computer ...) TODO: check-old CVE-2007-3217 (Multiple PHP remote file inclusion vulnerabilities in Prototype of an ...) TODO: check-old CVE-2007-3218 (Cross-site scripting (XSS) vulnerability in request.php in PHP Live! ...) TODO: check-old CVE-2007-3219 (Unspecified vulnerability in sources/action_public/xmlout.php in ...) TODO: check-old CVE-2007-3220 (PHP remote file inclusion vulnerability in ...) TODO: check-old CVE-2007-3221 (PHP remote file inclusion vulnerability in ...) TODO: check-old CVE-2007-3222 (PHP remote file inclusion vulnerability in modify.php in the XFsection ...) TODO: check-old CVE-2007-3223 (Unspecified vulnerability in the NFS server in Sun Solaris 10 before ...) TODO: check-old CVE-2007-3224 (Unspecified vulnerability in Sun ONE/Java System Directory Server ...) TODO: check-old CVE-2007-3225 (Unspecified vulnerability in Sun Java System Directory Server (slapd) ...) TODO: check-old CVE-2007-3226 (Cross-site scripting (XSS) vulnerability in dotProject before 2.1 RC2 ...) TODO: check-old CVE-2007-3227 (Cross-site scripting (XSS) vulnerability in the to_json ...) BUG: 182223 CVE-2007-3228 (PHP remote file inclusion vulnerability in ...) TODO: check-old CVE-2007-3229 (index.php in Singapore Gallery allows remote attackers to obtain ...) TODO: check-old CVE-2007-3230 (PHP remote file inclusion vulnerability in phphtml.php in Idan Sofer ...) TODO: check-old CVE-2007-3231 (Buffer overflow in MeCab before 0.96 has unknown impact and attack ...) TODO: check-old CVE-2007-3232 (The IBM TotalStorage DS400 with firmware 4.15 uses a blank password ...) TODO: check-old CVE-2007-3233 (The TEC-IT TBarCode OCX ActiveX control (TBarCode7.ocx) 7.0.2.3524 ...) TODO: check-old CVE-2007-3234 (SQL injection vulnerability in low.php in Fuzzylime Forum 1.0 allows ...) TODO: check-old CVE-2007-3235 (Cross-site scripting (XSS) vulnerability in low.php in Fuzzylime Forum ...) TODO: check-old CVE-2007-3236 (PHP remote file inclusion vulnerability in footer.php in the Horoscope ...) TODO: check-old CVE-2007-3237 (PHP remote file inclusion vulnerability in ...) TODO: check-old CVE-2007-3238 (Cross-site scripting (XSS) vulnerability in functions.php in the ...) TODO: check-old CVE-2007-3239 (Cross-site scripting (XSS) vulnerability in searchform.php in the ...) TODO: check-old CVE-2007-3240 (Cross-site scripting (XSS) vulnerability in 404.php in the ...) TODO: check-old CVE-2007-3241 (Cross-site scripting (XSS) vulnerability in blogroll.php in the ...) TODO: check-old CVE-2007-3242 (The Menu Manager Mod for (1) web-app.net WebAPP (aka WebAPP NE) ...) TODO: check-old CVE-2007-3243 (Cross-site scripting (XSS) vulnerability in bb-login.php in bbPress ...) TODO: check-old CVE-2007-3244 (SQL injection vulnerability in bb-includes/formatting-functions.php in ...) TODO: check-old CVE-2007-3245 (IRC Services before 5.0.62, and 5.1 before 5.1pre3, allows remote ...) TODO: check-old CVE-2007-3246 (The do_set_password function in modules/chanserv/set.c in IRC Services ...) TODO: check-old CVE-2007-3247 (SQL injection vulnerability in VirtueMart before 1.0.11 allows remote ...) TODO: check-old CVE-2007-3248 (Unspecified vulnerability in Sun Solaris 10 before 20070614, when IPv6 ...) TODO: check-old CVE-2007-3249 (Cross-site scripting (XSS) vulnerability in mod_lettermansubscribe.php ...) TODO: check-old CVE-2007-3250 (SQL injection vulnerability in mod_banners.php in Elxis CMS before ...) TODO: check-old CVE-2007-3251 (Multiple directory traversal vulnerabilities in e-Vision CMS 2.02 and ...) TODO: check-old CVE-2007-3252 (PortalApp stores sensitive information under the web root with ...) TODO: check-old CVE-2007-3253 (Multiple unspecified vulnerabilities in Astaro Security Gateway (ASG) ...) TODO: check-old CVE-2007-3254 (Multiple cross-site scripting (XSS) vulnerabilities in Xythos ...) TODO: check-old CVE-2007-3255 (Multiple cross-site request forgery (CSRF) vulnerabilities in Xythos ...) TODO: check-old CVE-2007-3256 (Xythos Enterprise Document Manager (XEDM), Digital Locker (XDL), and ...) TODO: check-old CVE-2007-3257 (Camel (camel-imap-folder.c) in the mailer component for Evolution Data ...) BUG: 190861 BUG: 182011 CVE-2007-3258 (calendar.php in Calendarix 0.7.20070307 allows remote attackers to ...) TODO: check-old CVE-2007-3259 (Calendarix 0.7.20070307 allows remote attackers to obtain sensitive ...) TODO: check-old CVE-2007-3260 (HP System Management Homepage (SMH) before 2.1.9 for Linux, when used ...) TODO: check-old CVE-2007-3261 (Cross-site scripting (XSS) vulnerability in widgets/widget_search.php ...) TODO: check-old CVE-2007-3262 (Unspecified vulnerability in the Default Messaging Component in IBM ...) TODO: check-old CVE-2007-3263 (Unspecified vulnerability in the Default Messaging Component in IBM ...) TODO: check-old CVE-2007-3264 (Unspecified vulnerability in the PD tools component in IBM WebSphere ...) TODO: check-old CVE-2007-3265 (Cross-site scripting (XSS) vulnerability in the Samples component in ...) TODO: check-old CVE-2007-3266 (Directory traversal vulnerability in webif.cgi in ifnet WEBIF allows ...) TODO: check-old CVE-2007-3267 (Cross-site scripting (XSS) vulnerability in low.php in Fuzzylime Forum ...) TODO: check-old CVE-2007-3268 (The TFTP implementation in IBM Tivoli Provisioning Manager for OS ...) TODO: check-old CVE-2007-3269 (Multiple cross-site scripting (XSS) vulnerabilities in Papoo Light 3.6 ...) TODO: check-old CVE-2007-3270 (PHP remote file inclusion vulnerability in Includes/global.inc.php in ...) TODO: check-old CVE-2007-3271 (PHP remote file inclusion vulnerability in ...) TODO: check-old CVE-2007-3272 (Directory traversal vulnerability in index.php in MiniBB 2.0.5 allows ...) TODO: check-old CVE-2007-3273 (SQL injection vulnerability in index.cfm in FuseTalk 2.0 allows remote ...) TODO: check-old CVE-2007-3274 (Apple Safari 3.0 and 3.0.1 on Windows XP SP2 allows attackers to cause ...) TODO: check-old CVE-2007-3275 (MailWasher Server before 2.2.1, when used with LDAP or Active ...) TODO: check-old CVE-2007-3276 (Cross-site scripting (XSS) vulnerability in index.php in Site@School ...) TODO: check-old CVE-2007-3277 (Unspecified vulnerability in the localization before 1.2 module for ...) TODO: check-old CVE-2007-3278 (PostgreSQL 8.1 and probably later versions, when local trust ...) BUG: 204760 CVE-2007-3279 (PostgreSQL 8.1 and probably later versions, when the PL/pgSQL ...) TODO: check-old CVE-2007-3280 (The Database Link library (dblink) in PostgreSQL 8.1 implements ...) TODO: check-old CVE-2007-3281 (Cross-site scripting (XSS) vulnerability in index.php in Php Hosting ...) TODO: check-old CVE-2007-3282 (Buffer overflow in the Microsoft Office MSODataSourceControl ActiveX ...) TODO: check-old CVE-2007-3283 (GNOME XScreenSaver in Sun Solaris 8 and 9 before 20070417, when root ...) TODO: check-old CVE-2007-3284 (corefoundation.dll in Apple Safari 3.0.1 (552.12.2) for Windows allows ...) TODO: check-old CVE-2007-3285 (Mozilla Firefox before 2.0.0.5, when run on Windows, allows remote ...) TODO: check-old CVE-2007-3286 (Multiple buffer overflows in unspecified ActiveX controls in COM ...) TODO: check-old CVE-2007-3287 RESERVED CVE-2007-3288 (Cross-site scripting (XSS) vulnerability in the skeltoac stats ...) TODO: check-old CVE-2007-3289 (PHP remote file inclusion vulnerability in spaw/spaw_control.class.php ...) TODO: check-old CVE-2007-3290 (categoria.php in LiveCMS 3.4 and earlier allows remote attackers to ...) TODO: check-old CVE-2007-3291 (Cross-site scripting (XSS) vulnerability in LiveCMS 3.4 and earlier ...) TODO: check-old CVE-2007-3292 (Unrestricted file upload vulnerability in LiveCMS 3.4 and earlier ...) TODO: check-old CVE-2007-3293 (SQL injection vulnerability in categoria.php in LiveCMS 3.4 and ...) TODO: check-old CVE-2007-3294 (Multiple buffer overflows in libtidy, as used in the Tidy extension ...) BUG: 193799 CVE-2007-3295 (Directory traversal vulnerability in Yet another Bulletin Board (YaBB) ...) TODO: check-old CVE-2007-3296 (The ThunderServer.webThunder.1 ActiveX control in xunlei Web ...) TODO: check-old CVE-2007-3297 (Multiple PHP remote file inclusion vulnerabilities in Musoo 0.21 allow ...) TODO: check-old CVE-2007-3298 (SQL injection vulnerability in Spey before 0.4.1 allows remote ...) TODO: check-old CVE-2007-3299 (Cross-site scripting (XSS) vulnerability in AWFFull before 3.7.4, when ...) TODO: check-old CVE-2007-3300 (Multiple F-Secure anti-virus products for Microsoft Windows and Linux ...) TODO: check-old CVE-2007-3301 (SQL injection vulnerability in forum/include/error/autherror.cfm in ...) TODO: check-old CVE-2007-3302 (The CallCode ActiveX control in caller.dll 3.0 before 20070713, and ...) TODO: check-old CVE-2007-3303 (Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows ...) TODO: check-old CVE-2007-3304 (Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, ...) BUG: 186219 CVE-2007-3305 (Heap-based buffer overflow in Cerulean Studios Trillian 3.x before ...) TODO: check-old CVE-2007-3306 (PHP remote file inclusion vulnerability in crontab/run_billing.php in ...) TODO: check-old CVE-2007-3307 (SQL injection vulnerability in game_listing.php in Solar Empire ...) TODO: check-old CVE-2007-3308 (Simple Machines Forum (SMF) 1.1.2 uses a concatenation method with ...) TODO: check-old CVE-2007-3309 (Unspecified vulnerability in Simple Machines Forum (SMF) 1.1.2 allows ...) TODO: check-old CVE-2007-3310 (Cross-site scripting (XSS) vulnerability in arama.asp in TDizin allows ...) TODO: check-old CVE-2007-3311 (SQL injection vulnerability in print.php in the Articles 1.02 and ...) TODO: check-old CVE-2007-3312 (Directory traversal vulnerability in admin/plugin_manager.php in ...) TODO: check-old CVE-2007-3313 (Multiple SQL injection vulnerabilities in Jasmine CMS 1.0 allow remote ...) TODO: check-old CVE-2007-3314 (Stack-based buffer overflow in peviewer.spl in Altap Servant ...) TODO: check-old CVE-2007-3315 (Multiple PHP remote file inclusion vulnerabilities in YourFreeScreamer ...) TODO: check-old CVE-2007-3316 (Multiple format string vulnerabilities in plugins in VideoLAN VLC ...) BUG: 182389 CVE-2007-3317 (The Session Initiation Protocol (SIP) User Access Client (UAC) message ...) TODO: check-old CVE-2007-3318 (Buffer overflow in the Session Initiation Protocol (SIP) User Access ...) TODO: check-old CVE-2007-3319 (The Avaya 4602SW IP Phone (Model 4602D02A) with 2.2.2 and earlier SIP ...) TODO: check-old CVE-2007-3320 (The Avaya 4602SW IP Phone (Model 4602D02A) with 2.2.2 and earlier SIP ...) TODO: check-old CVE-2007-3321 (The Avaya 4602 SW IP Phone (Model 4602D02A) with 2.2.2 and earlier SIP ...) TODO: check-old CVE-2007-3322 (The Avaya 4602 SW IP Phone (Model 4602D02A) with 2.2.2 and earlier SIP ...) TODO: check-old CVE-2007-3323 (SQL injection vulnerability in comersus_optReviewReadExec.asp in ...) TODO: check-old CVE-2007-3324 (Multiple cross-site scripting (XSS) vulnerabilities in Comersus Cart ...) TODO: check-old CVE-2007-3325 (PHP remote file inclusion vulnerability in lib/language.php in LAN ...) TODO: check-old CVE-2007-3326 (Multiple directory traversal vulnerabilities in vBulletin 3.x.x allow ...) TODO: check-old CVE-2007-3327 (httpsv.exe in HTTP Server 1.6.2 allows remote attackers to obtain ...) TODO: check-old CVE-2007-3328 (Multiple cross-site scripting (XSS) vulnerabilities in Interact 2.4 ...) TODO: check-old CVE-2007-3329 (Multiple array index errors in the (1) get_intra_block, (2) ...) BUG: 183145 CVE-2007-3330 (Cross-site scripting (XSS) vulnerability in STphp EasyNews PRO 4.0 ...) TODO: check-old CVE-2007-3331 (Cross-site request forgery (CSRF) vulnerability in STphp EasyNews PRO ...) TODO: check-old CVE-2007-3332 (Directory traversal vulnerability in Satellite.php in Satel Lite for ...) TODO: check-old CVE-2007-3333 (Stack-based buffer overflow in capture in IBM AIX 5.3 SP6 and 5.2.0 ...) TODO: check-old CVE-2007-3334 (Multiple heap-based buffer overflows in the (1) Communications Server ...) TODO: check-old CVE-2007-3335 (Multiple SQL injection vulnerabilities in the admin panel in PHPEcho ...) TODO: check-old CVE-2007-3336 (Multiple "pointer overwrite" vulnerabilities in Ingres database server ...) TODO: check-old CVE-2007-3337 (wakeup in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used ...) TODO: check-old CVE-2007-3338 (Multiple stack-based buffer overflows in Ingres database server 2006 ...) TODO: check-old CVE-2007-3339 (Multiple cross-site scripting (XSS) vulnerabilities in ...) TODO: check-old CVE-2007-3340 (BugHunter HTTP SERVER (httpsv.exe) 1.6.2 allows remote attackers to ...) TODO: check-old CVE-2007-3341 (Unspecified vulnerability in the FTP implementation in Microsoft ...) TODO: check-old CVE-2007-3342 (Multiple cross-site scripting (XSS) vulnerabilities in Movable Type ...) TODO: check-old CVE-2007-3343 (Cross-site scripting (XSS) vulnerability in RaidenHTTPD before 2.0.14 ...) TODO: check-old CVE-2007-3344 (Multiple cross-site scripting (XSS) vulnerabilities in netjukebox ...) TODO: check-old CVE-2007-3345 (Multiple SQL injection vulnerabilities in index.php in PHPAccounts 0.5 ...) TODO: check-old CVE-2007-3346 (Directory traversal vulnerability in index.php in PHPAccounts 0.5 ...) TODO: check-old CVE-2007-3347 (The D-Link DPH-540/DPH-541 phone accepts SIP INVITE messages that are ...) TODO: check-old CVE-2007-3348 (The D-Link DPH-540/DPH-541 phone allows remote attackers to cause a ...) TODO: check-old CVE-2007-3349 (The Aastra 9112i SIP Phone with firmware 1.4.0.1048 and boot version ...) TODO: check-old CVE-2007-3350 (AOL Instant Messenger (AIM) 6.1.32.1 on Windows XP allows remote ...) TODO: check-old CVE-2007-3351 (The SJPhone SIP soft phone 1.60.303c, when installed on the Dell Axim ...) TODO: check-old CVE-2007-3352 (Cross-site scripting (XSS) vulnerability in the preview form in ...) TODO: check-old CVE-2007-3353 (** DISPUTED ** ...) TODO: check-old CVE-2007-3354 (Multiple SQL injection vulnerabilities in NetClassifieds Premium ...) TODO: check-old CVE-2007-3355 (Multiple cross-site scripting (XSS) vulnerabilities in NetClassifieds ...) TODO: check-old CVE-2007-3356 (NetClassifieds Premium Edition allows remote attackers to obtain ...) TODO: check-old CVE-2007-3357 (NetClassifieds Premium Edition does not use encryption for (1) stored ...) TODO: check-old CVE-2007-3358 (PHP remote file inclusion vulnerability in html/load_lang.php in ...) TODO: check-old CVE-2007-3359 (Multiple PHP remote file inclusion vulnerabilities in SerWeb 0.9.6 and ...) TODO: check-old CVE-2007-3360 (hook.c in BitchX 1.1-final allows remote IRC servers to execute ...) TODO: check-old CVE-2007-3361 (The Nortel PC Client SIP Soft Phone 4.1 3.5.208[20051015] allows ...) TODO: check-old CVE-2007-3362 (ageet AGEphone before 1.6.2, running on Windows Mobile 5 on the HTC ...) TODO: check-old CVE-2007-3363 (Multiple unspecified vulnerabilities in ageet AGEphone before 1.6.3 ...) TODO: check-old CVE-2007-3364 (Cross-site scripting (XSS) vulnerability in the cgi-bin/post.mscgi ...) TODO: check-old CVE-2007-3365 (MyServer 0.8.9 and earlier does not properly handle uppercase ...) TODO: check-old CVE-2007-3366 (Cross-site scripting (XSS) vulnerability in Simple CGI Wrapper ...) TODO: check-old CVE-2007-3367 (Simple CGI Wrapper (scgiwrap) in cPanel before 10.9.1, and 11.x before ...) TODO: check-old CVE-2007-3368 (Buffer overflow in the HTTP server on the Polycom SoundPoint IP 601 ...) TODO: check-old CVE-2007-3369 (Buffer overflow in the Polycom SoundPoint IP 601 SIP phone with ...) TODO: check-old CVE-2007-3370 (Multiple PHP remote file inclusion vulnerabilities in Sun Board ...) TODO: check-old CVE-2007-3371 (PHP remote file inclusion vulnerability in ...) TODO: check-old CVE-2007-3372 (The Avahi daemon in Avahi before 0.6.20 allows attackers to cause a ...) TODO: check-old CVE-2007-3373 (daemon.c in cman (redhat-cluster-suite) before 20070622 does not clear ...) TODO: check-old CVE-2007-3374 (Buffer overflow in cluster/cman/daemon/daemon.c in cman ...) TODO: check-old CVE-2007-3375 (Stack-based buffer overflow in Lhaca File Archiver before 1.21 allows ...) TODO: check-old CVE-2007-3376 (Buffer overflow in Apple Safari 3.0.2 on Windows XP SP2 allows ...) TODO: check-old CVE-2007-3377 (Header.pm in Net::DNS before 0.60, a Perl module, (1) generates ...) BUG: 184029 CVE-2007-3378 (The (1) session_save_path, (2) ini_set, and (3) error_log functions in ...) BUG: 191034 NOTE: Fixed in 5.2.4 release CVE-2007-3379 (Unspecified vulnerability in the kernel in Red Hat Enterprise Linux ...) TODO: check-old CVE-2007-3380 (The Distributed Lock Manager (DLM) in the cluster manager for Linux ...) TODO: check-old CVE-2007-3381 (The GDM daemon in GNOME Display Manager (GDM) before 2.14.13, 2.16.x ...) BUG: 187919 CVE-2007-3382 (Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 ...) BUG: 195571 CVE-2007-3383 (Cross-site scripting (XSS) vulnerability in SendMailServlet in the ...) TODO: check-old CVE-2007-3384 (Multiple cross-site scripting (XSS) vulnerabilities in ...) TODO: check-old CVE-2007-3385 (Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 ...) BUG: 195571 CVE-2007-3386 (Cross-site scripting (XSS) vulnerability in the Host Manager Servlet ...) TODO: check-old CVE-2007-3387 (Integer overflow in the StreamPredictor::StreamPredictor function in ...) BUG: 188172 BUG: 182055 BUG: 170861 BUG: 188185 BUG: 187139 BUG: 188863 CVE-2007-3388 (Multiple format string vulnerabilities in (1) qtextedit.cpp, (2) ...) BUG: 185446 CVE-2007-3389 (Wireshark before 0.99.6 allows remote attackers to cause a denial of ...) BUG: 183520 CVE-2007-3390 (Wireshark 0.99.5 and 0.10.x up to 0.10.14, when running on certain ...) BUG: 183520 NOTE: 0.99.6 stable for some time. CVE-2007-3391 (Wireshark 0.99.5 allows remote attackers to cause a denial of service ...) BUG: 183520 NOTE: 0.99.6 stable for some time. CVE-2007-3392 (Wireshark before 0.99.6 allows remote attackers to cause a denial of ...) BUG: 183520 NOTE: 0.99.6 stable for some time. CVE-2007-3393 (Off-by-one error in the DHCP/BOOTP dissector in Wireshark before ...) BUG: 183520 NOTE: 0.99.6 stable for some time. CVE-2007-3394 (Multiple SQL injection vulnerabilities in eNdonesia 8.4 allow remote ...) TODO: check-old CVE-2007-3395 REJECTED TODO: check-old CVE-2007-3396 (Cross-site scripting (XSS) vulnerability in index.wkf in KeyFocus (KF) ...) TODO: check-old CVE-2007-3397 (The web container in IBM WebSphere Application Server (WAS) before ...) TODO: check-old CVE-2007-3398 (LiteWEB 2.7 allows remote attackers to cause a denial of service ...) TODO: check-old CVE-2007-3399 (SQL injection vulnerability in include/get_userdata.php in Power ...) TODO: check-old CVE-2007-3400 (The NCTAudioEditor2 ActiveX control in NCTWMAFile2.dll 2.6.2.157, as ...) TODO: check-old CVE-2007-3401 (PHP remote file inclusion vulnerability in footer.inc.php in B1G b1gBB ...) TODO: check-old CVE-2007-3402 (SQL injection vulnerability in index.php in pagetool 1.07 allows ...) TODO: check-old CVE-2007-3403 (Unrestricted file upload vulnerability in upload.php in dreamLog (aka ...) TODO: check-old CVE-2007-3404 (Directory traversal vulnerability in ShowImage.php in SiteDepth CMS ...) TODO: check-old CVE-2007-3405 (Multiple cross-site scripting (XSS) vulnerabilities in defter_yaz.asp ...) TODO: check-old CVE-2007-3406 (Multiple absolute path traversal vulnerabilities in Microsoft Internet ...) TODO: check-old CVE-2007-3407 (Sergey Lyubka Simple HTTPD (shttpd) 1.38 allows remote attackers to ...) TODO: check-old CVE-2007-3408 (Multiple unspecified vulnerabilities in Dia before 0.96.1-6 have ...) TODO: check-old CVE-2007-3409 (Net::DNS before 0.60, a Perl module, allows remote attackers to cause ...) BUG: 184029 CVE-2007-3410 (Stack-based buffer overflow in the SmilTimeValue::parseWallClockValue ...) BUG: 183421 NOTE: 10.0.9 already stable CVE-2007-3411 (SQL injection vulnerability in edit_image.asp in ClickGallery Server ...) TODO: check-old CVE-2007-3412 (Cross-site scripting (XSS) vulnerability in edit_image.asp in ...) TODO: check-old CVE-2007-3413 (Multiple cross-site scripting (XSS) vulnerabilities in bosDataGrid ...) TODO: check-old CVE-2007-3414 (Multiple cross-site scripting (XSS) vulnerabilities in access2asp 4.5 ...) TODO: check-old CVE-2007-3415 (Multiple SQL injection vulnerabilities in index.php in phpRaider 1.0.0 ...) TODO: check-old CVE-2007-3416 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...) TODO: check-old CVE-2007-3417 (Multiple cross-site scripting (XSS) vulnerabilities in ...) TODO: check-old CVE-2007-3418 (The displaypost function in cgi-bin/cgi-lib/forum_display.pl in ...) TODO: check-old CVE-2007-3419 (The editprofile3 function in cgi-bin/cgi-lib/user.pl in web-app.org ...) TODO: check-old CVE-2007-3420 (The Random Cookie Password functionality in the loaduser function in ...) TODO: check-old CVE-2007-3421 (The (1) login, (2) admin profile edit, (3) reminder, (4) edit profile, ...) TODO: check-old CVE-2007-3422 (The getcgi function in cgi-bin/cgi-lib/subs.pl in web-app.org WebAPP ...) TODO: check-old CVE-2007-3423 (cgi-bin/cgi-lib/instantmessage.pl in web-app.org WebAPP before 0.9.9.7 ...) TODO: check-old CVE-2007-3424 (The moveim function in cgi-bin/cgi-lib/instantmessage.pl in ...) TODO: check-old CVE-2007-3425 (Directory traversal vulnerability in index.php in phpTrafficA 1.4.2 ...) TODO: check-old CVE-2007-3426 (Cross-site scripting (XSS) vulnerability in index.php in phpTrafficA ...) TODO: check-old CVE-2007-3427 (SQL injection vulnerability in index.php in phpTrafficA 1.4.2 and ...) TODO: check-old CVE-2007-3428 (Multiple unspecified vulnerabilities in phpTrafficA before 1.4.2 allow ...) TODO: check-old CVE-2007-3429 (Unrestricted file upload vulnerability in signup.php in e107 0.7.8 and ...) TODO: check-old CVE-2007-3430 (SQL injection vulnerability in index.php in Simple Invoices 2007 05 25 ...) TODO: check-old CVE-2007-3431 (PHP remote file inclusion vulnerability in cal.func.php in Valerio ...) TODO: check-old CVE-2007-3432 (Unrestricted file upload vulnerability in admin/images.php in Pluxml ...) TODO: check-old CVE-2007-3433 (SQL injection vulnerability in index.php in Pharmacy System 2 and ...) TODO: check-old CVE-2007-3434 (index.php in Pharmacy System 2 and earlier allows remote attackers to ...) TODO: check-old CVE-2007-3435 (Stack-based buffer overflow in the BeginPrint method in a certain ...) TODO: check-old CVE-2007-3436 (Microsoft MSN Messenger 4.7 on Windows XP allows remote attackers to ...) TODO: check-old CVE-2007-3437 (AOL Instant Messenger (AIM) 6.1.32.1 on Windows XP allows remote ...) TODO: check-old CVE-2007-3438 (Buffer overflow in the SIP header parsing module in the Nortel PC ...) TODO: check-old CVE-2007-3439 (The Snom 320 SIP Phone, running snom320 linux 3.25, snom320-SIP 6.2.3, ...) TODO: check-old CVE-2007-3440 (The Snom 320 SIP Phone, running snom320 linux 3.25, snom320-SIP 6.2.3, ...) TODO: check-old CVE-2007-3441 (Format string vulnerability in the Aastra 9112i SIP Phone with ...) TODO: check-old CVE-2007-3442 (Format string vulnerability on the Research in Motion BlackBerry 7270 ...) TODO: check-old CVE-2007-3443 (The Research in Motion BlackBerry 7270 before 4.0 SP1 Bundle 108 does ...) TODO: check-old CVE-2007-3444 (The Research in Motion BlackBerry 7270 with 4.0 SP1 Bundle 83 allows ...) TODO: check-old CVE-2007-3445 (Buffer overflow in SJ Labs SJphone 1.60.303c, running under Windows ...) TODO: check-old CVE-2007-3446 (BugMall Shopping Cart 2.5 and earlier has a default username "demo" ...) TODO: check-old CVE-2007-3447 (SQL injection vulnerability in BugMall Shopping Cart 2.5 and earlier ...) TODO: check-old CVE-2007-3448 (Cross-site scripting (XSS) vulnerability in index.php in BugMall ...) TODO: check-old CVE-2007-3449 (SQL injection vulnerability in member.php in 6ALBlog allows remote ...) TODO: check-old CVE-2007-3450 (SQL injection vulnerability in member.php in 6ALBlog allows remote ...) TODO: check-old CVE-2007-3451 (PHP remote file inclusion vulnerability in admin/index.php in 6ALBlog ...) TODO: check-old CVE-2007-3452 (SQL injection vulnerability in essentials/minutes/doc.php in eDocStore ...) TODO: check-old CVE-2007-3453 (SQL injection vulnerability in Papoo 3.6, and possibly earlier, allows ...) TODO: check-old CVE-2007-3454 (Stack-based buffer overflow in CGIOCommon.dll before 8.0.0.1042 in ...) TODO: check-old CVE-2007-3455 (cgiChkMasterPwd.exe before 8.0.0.142 in Trend Micro OfficeScan ...) TODO: check-old CVE-2007-3456 (Integer overflow in Adobe Flash Player 9.0.45.0 and earlier might ...) BUG: 185141 CVE-2007-3457 (Adobe Flash Player 8.0.34.0 and earlier insufficiently validates HTTP ...) BUG: 185141 CVE-2007-3458 (The libsldap library in Sun Solaris 8, 9, and 10 allows local users to ...) TODO: check-old CVE-2007-3459 (A certain ActiveX control in Avaxswf.dll 1.0.0.1 in Civitech Avax ...) TODO: check-old CVE-2007-3460 (Multiple PHP remote file inclusion vulnerabilities in index.php3 in ...) TODO: check-old CVE-2007-3461 (SQL injection vulnerability in property.php in elkagroup Image Gallery ...) TODO: check-old CVE-2007-3462 (Cross-site request forgery (CSRF) vulnerability in Check Point ...) TODO: check-old CVE-2007-3463 (** DISPUTED ** ...) TODO: check-old CVE-2007-3464 (Check Point SofaWare Safe@Office, with firmware before Embedded NGX ...) TODO: check-old CVE-2007-3465 (Check Point SofaWare Safe@Office, with firmware before Embedded NGX ...) TODO: check-old CVE-2007-3466 RESERVED CVE-2007-3467 (Integer overflow in the __status_Update function in stats.c VideoLAN ...) TODO: check-old CVE-2007-3468 (input.c in VideoLAN VLC Media Player before 0.8.6c allows remote ...) TODO: check-old CVE-2007-3469 (Unspecified vulnerability in the TCP Loopback/Fusion implementation in ...) TODO: check-old CVE-2007-3470 (Multiple unspecified vulnerabilities in the KSSL kernel module in Sun ...) TODO: check-old CVE-2007-3471 (Buffer overflow in the dtsession Common Desktop Environment (CDE) ...) TODO: check-old CVE-2007-3472 (Integer overflow in gdImageCreateTrueColor function in the GD Graphics ...) BUG: 179154 CVE-2007-3473 (The gdImageCreateXbm function in the GD Graphics Library (libgd) ...) BUG: 179154 CVE-2007-3474 (Multiple unspecified vulnerabilities in the GIF reader in the GD ...) BUG: 179154 CVE-2007-3475 (The GD Graphics Library (libgd) before 2.0.35 allows user-assisted ...) BUG: 179154 CVE-2007-3476 (Array index error in gd_gif_in.c in the GD Graphics Library (libgd) ...) BUG: 179154 CVE-2007-3477 (The (a) imagearc and (b) imagefilledarc functions in GD Graphics ...) BUG: 179154 CVE-2007-3478 (Race condition in gdImageStringFTEx (gdft_draw_bitmap) in gdft.c in ...) BUG: 179154 CVE-2007-3479 (Stack-based buffer overflow in PCSoft WinDEV 11 (01F110053p) allows ...) TODO: check-old CVE-2007-3480 (PCSoft WinDEV 11 (01F110053p) allows user-assisted remote attackers to ...) TODO: check-old CVE-2007-3481 (** DISPUTED ** ...) TODO: check-old CVE-2007-3482 (Cross-domain vulnerability in Apple Safari for Windows 3.0.1 allows ...) TODO: check-old CVE-2007-3483 (Research in Motion BlackBerry Enterprise Server 4.0 through 4.1 has a ...) TODO: check-old CVE-2007-3484 (** DISPUTED ** ...) TODO: check-old CVE-2007-3485 (Multiple cross-site scripting (XSS) vulnerabilities in Yandex.Server ...) TODO: check-old CVE-2007-3486 (Cross-site scripting (XSS) vulnerability in AltaVista search engine ...) TODO: check-old CVE-2007-3487 (Absolute path traversal in a certain ActiveX control in hpqxml.dll ...) TODO: check-old CVE-2007-3488 (Heap-based buffer overflow in the viewer ActiveX control in Sony ...) TODO: check-old CVE-2007-3489 (Cross-site request forgery (CSRF) vulnerability in pop/WizU.html in ...) TODO: check-old CVE-2007-3490 (Unspecified vulnerability in Microsoft Excel 2003 SP2 allows remote ...) TODO: check-old CVE-2007-3491 (Buffer overflow in _mprosrv in Progress Software OpenEdge before ...) TODO: check-old CVE-2007-3492 (Conti FtpServer 1.0 allows remote authenticated users to cause a ...) TODO: check-old CVE-2007-3493 (A certain ActiveX control in NCTWavChunksEditor2.dll 2.6.1.148 in ...) TODO: check-old CVE-2007-3494 (Papoo CMS 3.6, and possibly earlier, does not verify user privileges ...) TODO: check-old CVE-2007-3495 (Multiple cross-site scripting (XSS) vulnerabilities in the SAP ...) TODO: check-old CVE-2007-3496 (Cross-site scripting (XSS) vulnerability in SAP Web Dynpro Java ...) TODO: check-old CVE-2007-3497 (Microsoft Internet Explorer 7 allows remote attackers to determine the ...) TODO: check-old CVE-2007-3498 (Cross-site scripting (XSS) vulnerability in smoketests/configForm.php ...) TODO: check-old CVE-2007-3499 (SlackRoll before 8 accepts gpg exit codes other than 0 and 1 as ...) TODO: check-old CVE-2007-3500 (Xeweb XEForum allows remote attackers to gain privileges via a ...) TODO: check-old CVE-2007-3501 (Cross-site scripting (XSS) vulnerability in CMD_USER_STATS in ...) TODO: check-old CVE-2007-3502 (Unspecified vulnerability in the web-based product configuration ...) TODO: check-old CVE-2007-3503 (The Javadoc tool in Sun JDK 6 and JDK 5.0 Update 11 can generate HTML ...) BUG: 190686 CVE-2007-3504 (Directory traversal vulnerability in the PersistenceService in Sun ...) TODO: check-old CVE-2007-3505 (Multiple directory traversal vulnerabilities in QuickTalk forum 1.3 ...) TODO: check-old CVE-2007-3506 (The ft_bitmap_assure_buffer function in src/base/ftbimap.c in FreeType ...) TODO: check-old CVE-2007-3507 (Stack-based buffer overflow in the local__vcentry_parse_value function ...) BUG: 186220 CVE-2007-3508 (** DISPUTED ** ...) BUG: 183844 CVE-2007-3509 (Heap-based buffer overflow in the RPC subsystem in Symantec Backup ...) TODO: check-old CVE-2007-3510 (Buffer overflow in the IMAP service in IBM Lotus Domino before 6.5.6 ...) NOT-FOR-US: IBM Lotus Domino CVE-2007-3511 (The focus handling for the onkeydown event in Mozilla Firefox ...) TODO: check-old CVE-2007-3512 (Stack-based buffer overflow in Lhaca File Archiver before 1.22 allows ...) TODO: check-old CVE-2007-3513 (The lcd_write function in drivers/usb/misc/usblcd.c in the Linux ...) TODO: check-old CVE-2007-3514 (Cross-domain vulnerability in Apple Safari for Windows 3.0.2 allows ...) TODO: check-old CVE-2007-3515 (SQL injection vulnerability in view_event.php in TotalCalendar 2.402 ...) TODO: check-old CVE-2007-3516 (Multiple cross-site scripting (XSS) vulnerabilities in kayit.asp in ...) TODO: check-old CVE-2007-3517 (Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.8.3 ...) TODO: check-old CVE-2007-3518 (SQL injection vulnerability in msg.php in HispaH YouTube Clone Script ...) TODO: check-old CVE-2007-3519 (SQL injection vulnerability in eventdisplay.php in phpEventCalendar ...) TODO: check-old CVE-2007-3520 (SQL injection vulnerability in process.php in Easybe 1-2-3 Music Store ...) TODO: check-old CVE-2007-3521 (SQL injection vulnerability in ArcadeBuilder Game Portal Manager 1.7 ...) TODO: check-old CVE-2007-3522 (Multiple PHP remote file inclusion vulnerabilities in sPHPell 1.01 ...) TODO: check-old CVE-2007-3523 (Multiple directory traversal vulnerabilities in Module/Galerie.php in ...) TODO: check-old CVE-2007-3524 (Multiple PHP remote file inclusion vulnerabilities in Ripe Website ...) TODO: check-old CVE-2007-3525 (Ripe Website Manager 0.8.9 and earlier allows remote attackers to ...) TODO: check-old CVE-2007-3526 (Multiple SQL injection vulnerabilities in Buddy Zone 1.5 and earlier ...) TODO: check-old CVE-2007-3527 (Integer overflow in Firebird 2.0.0 allows remote authenticated users ...) TODO: check-old CVE-2007-3528 (The blowfish mode in DAR before 2.3.4 uses weak Blowfish-CBC ...) TODO: check-old CVE-2007-3529 (videos.php in PHPDirector 0.21 and earlier allows remote attackers to ...) TODO: check-old CVE-2007-3530 (PHPDirector 0.21 and earlier stores the admin account name and ...) TODO: check-old CVE-2007-3531 (The set_default_speeds function in backend/backend.c in NVidia NVClock ...) BUG: 184071 CVE-2007-3532 (NVIDIA drivers (nvidia-drivers) before 1.0.7185, 1.0.9639, and ...) BUG: 183567 CVE-2007-3533 (The 3Com IntelliJack Switch NJ220 before 2.0.23 allows remote ...) TODO: check-old CVE-2007-3534 (SQL injection vulnerability in login.php in WebChat 0.78 allows remote ...) TODO: check-old CVE-2007-3535 (Multiple directory traversal vulnerabilities in GL-SH Deaf Forum 6.4.4 ...) TODO: check-old CVE-2007-3536 (Multiple buffer overflows in the AMX NetLinx VNC (AmxVnc) ActiveX ...) TODO: check-old CVE-2007-3537 (IBM OS/400 (aka i5/OS) V4R2M0 through V5R3M0 on iSeries machines sends ...) TODO: check-old CVE-2007-3538 (SQL injection vulnerability in qtg_msg_view.php in QuickTalk guestbook ...) TODO: check-old CVE-2007-3539 (Multiple SQL injection vulnerabilities in QuickTicket 1.2 ...) TODO: check-old CVE-2007-3540 (Multiple cross-site scripting (XSS) vulnerabilities in search.asp in ...) TODO: check-old CVE-2007-3541 (Cross-site scripting (XSS) vulnerability in Kurinton sHTTPd 20070408 ...) TODO: check-old CVE-2007-3542 (Cross-site scripting (XSS) vulnerability in admin/auth.php in Pluxml ...) TODO: check-old CVE-2007-3543 (Unrestricted file upload vulnerability in WordPress before 2.2.1 and ...) TODO: check-old CVE-2007-3544 (Unrestricted file upload vulnerability in (1) wp-app.php and (2) ...) TODO: check-old CVE-2007-3545 (Buffer overflow in Warzone 2100 Resurrection before 2.0.7 allows ...) TODO: check-old CVE-2007-3546 (Cross-site scripting (XSS) vulnerability in the Windows GUI in Nessus ...) TODO: check-old CVE-2007-3547 (Directory traversal vulnerability in qti_checkname.php in QuickTicket ...) TODO: check-old CVE-2007-3548 (Stack-based buffer overflow in W3Filer 2.1.3 allows remote FTP servers ...) TODO: check-old CVE-2007-3549 (SQL injection vulnerability in view_sub_cat.php in Buddy Zone 1.5 ...) TODO: check-old CVE-2007-3550 (** DISPUTED ** ...) TODO: check-old CVE-2007-3551 (Buffer overflow in bbs100 before 3.2 allows remote attackers to cause ...) TODO: check-old CVE-2007-3552 (Multiple unspecified vulnerabilities in bbs100 before 3.2 allow remote ...) TODO: check-old CVE-2007-3553 (Cross-site scripting (XSS) vulnerability in Rapid Install Web Server ...) TODO: check-old CVE-2007-3554 (Stack-based buffer overflow in the HPSDDX Class (SDD) ActiveX control ...) TODO: check-old CVE-2007-3555 (Cross-site scripting (XSS) vulnerability in index.php in Moodle 1.7.1 ...) TODO: check-old CVE-2007-3556 (Liesbeth base CMS stores sensitive information under the web root with ...) TODO: check-old CVE-2007-3557 (SQL injection vulnerability in admin/login.php in Wheatblog (wB) 1.1, ...) TODO: check-old CVE-2007-3558 (SQL injection vulnerability in Coppermine Photo Gallery (CPG) before ...) TODO: check-old CVE-2007-3559 (Cross-site scripting (XSS) vulnerability in ...) TODO: check-old CVE-2007-3560 (Multiple unspecified vulnerabilities in Esqlanelapse before 2.6 have ...) TODO: check-old CVE-2007-3561 (Cross-site scripting (XSS) vulnerability in ara.asp in Efendy Blog 1.0 ...) TODO: check-old CVE-2007-3562 (SQL injection vulnerability in videos.php in PHP Director 0.21 and ...) TODO: check-old CVE-2007-3563 (SQL injection vulnerability in includes/view_page.php in AV Arcade ...) TODO: check-old CVE-2007-3564 (libcurl 7.14.0 through 7.16.3, when built with GnuTLS support, does ...) TODO: check-old CVE-2007-3565 RESERVED CVE-2007-3566 (Stack-based buffer overflow in the database service (ibserver.exe) in ...) TODO: check-old CVE-2007-3567 (MySQLDumper 1.21b through 1.23 REV227 uses a "Limit GET" statement in ...) TODO: check-old CVE-2007-3568 (The _LoadBMP function in imlib 1.9.15 and earlier allows ...) TODO: check-old CVE-2007-3569 (Multiple cross-site scripting (XSS) vulnerabilities in Oliver Library ...) TODO: check-old CVE-2007-3570 (The Linux Access Gateway in Novell Access Manager before 3.0 SP1 ...) TODO: check-old CVE-2007-3571 (The Apache Web Server as used in Novell NetWare 6.5 and GroupWise ...) TODO: check-old CVE-2007-3572 (Incomplete blacklist vulnerability in cgi-bin/runDiagnostics.cgi in ...) TODO: check-old CVE-2007-3573 (Multiple SQL injection vulnerabilities in akocomment allow remote ...) TODO: check-old CVE-2007-3574 (Multiple cross-site scripting (XSS) vulnerabilities in setup.cgi on ...) TODO: check-old CVE-2007-3575 (SQL injection vulnerability in includes/functions in FreeDomain.co.nr ...) TODO: check-old CVE-2007-3576 (** DISPUTED ** ...) TODO: check-old CVE-2007-3577 (PHPIDS before 20070703 does not properly handle use of the substr ...) TODO: check-old CVE-2007-3578 (PHPIDS before 20070703 does not properly handle (1) arithmetic ...) TODO: check-old CVE-2007-3579 (PHPIDS before 20070703 does not properly handle setting the .text ...) TODO: check-old CVE-2007-3580 (PHPIDS does not properly handle certain code containing newlines, as ...) TODO: check-old CVE-2007-3581 (The Jedox Palo 1.5 client transmits the password in cleartext, which ...) TODO: check-old CVE-2007-3582 (SQL injection vulnerability in index.php in SuperCali PHP Event ...) TODO: check-old CVE-2007-3583 (SQL injection vulnerability in details_news.php in Girlserv ads 1.5 ...) TODO: check-old CVE-2007-3584 (SQL injection vulnerability in viewforum.php in PNphpBB2 1.2i and ...) TODO: check-old CVE-2007-3585 (PHP remote file inclusion vulnerability in games.php in MyCMS 0.9.8 ...) TODO: check-old CVE-2007-3586 (Multiple direct static code injection vulnerabilities in MyCMS 0.9.8 ...) TODO: check-old CVE-2007-3587 (MyCMS 0.9.8 and earlier allows remote attackers to gain privileges via ...) TODO: check-old CVE-2007-3588 (SQL injection vulnerability in reply.php in VBZooM 1.12 allows remote ...) TODO: check-old CVE-2007-3589 (Multiple SQL injection vulnerabilities in b1gbb 2.24.0 allow remote ...) TODO: check-old CVE-2007-3590 (Cross-site scripting (XSS) vulnerability in visitenkarte.php in b1gBB ...) TODO: check-old CVE-2007-3591 (Unspecified vulnerability in Profile.php in Elite Bulletin Board ...) TODO: check-old CVE-2007-3592 (PM.php in Elite Bulletin Board before 1.0.10 allows remote ...) TODO: check-old CVE-2007-3593 (Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine ...) TODO: check-old CVE-2007-3594 (Multiple cross-site scripting (XSS) vulnerabilities in AdventNet ...) TODO: check-old CVE-2007-3595 REJECTED TODO: check-old CVE-2007-3596 (inc/vul_check.inc in phpVideoPro before 0.8.8 permits non-alphanumeric ...) TODO: check-old CVE-2007-3597 (Session fixation vulnerability in Zen Cart 1.3.7 and earlier allows ...) TODO: check-old CVE-2007-3598 (index.php in vtiger CRM before 5.0.3 allows remote authenticated users ...) TODO: check-old CVE-2007-3599 (vtiger CRM before 5.0.3 allows remote authenticated users to import ...) TODO: check-old CVE-2007-3600 (WordPlugin in the wordintegration component in vtiger CRM before 5.0.3 ...) TODO: check-old CVE-2007-3601 (vtiger CRM before 5.0.3, when a migrated build is used, allows remote ...) TODO: check-old CVE-2007-3602 (The SOAP webservice in vtiger CRM before 5.0.3 does not ensure that ...) TODO: check-old CVE-2007-3603 (SQL injection vulnerability in the dashboard ...) TODO: check-old CVE-2007-3604 (vtiger CRM before 5.0.3 allows remote authenticated users with access ...) TODO: check-old CVE-2007-3605 (Stack-based buffer overflow in the kweditcontrol.kwedit.1 ActiveX ...) TODO: check-old CVE-2007-3606 (Heap-based buffer overflow in the rfcguisink.rfcguisink.1 ActiveX ...) TODO: check-old CVE-2007-3607 (Multiple unspecified vulnerabilities in ActiveX controls in the ...) TODO: check-old CVE-2007-3608 (Multiple unspecified vulnerabilities in ActiveX controls in the ...) TODO: check-old CVE-2007-3609 (Multiple SQL injection vulnerabilities in eMeeting Online Dating ...) TODO: check-old CVE-2007-3610 (SQL injection vulnerability in categories_type.php in phpVID 0.9.9 ...) TODO: check-old CVE-2007-3611 (admin.php in VRNews 1.1.1, and possibly other 1.x versions, does not ...) TODO: check-old CVE-2007-3612 (Stack-based buffer overflow in Visual IRC (ViRC) 2.0 allows remote IRC ...) TODO: check-old CVE-2007-3613 (Cross-site scripting (XSS) vulnerability in ADM:GETLOGFILE in SAP ...) TODO: check-old CVE-2007-3614 (Multiple stack-based buffer overflows in waHTTP.exe (aka the SAP DB ...) TODO: check-old CVE-2007-3615 (Internet Communication Manager (aka ICMAN.exe or ICM) in SAP NetWeaver ...) TODO: check-old CVE-2007-3616 (index.php in vtiger CRM before 5.0.3 allows remote authenticated users ...) TODO: check-old CVE-2007-3617 (The report module in vtiger CRM before 5.0.3 does not properly apply ...) TODO: check-old CVE-2007-3618 (Stack-based buffer overflow in the NetWorker Remote Exec Service ...) TODO: check-old CVE-2007-3619 (Directory traversal vulnerability in login.php in Maia Mailguard 1.0.2 ...) TODO: check-old CVE-2007-3620 (Multiple directory traversal vulnerabilities in Maia Mailguard 1.0.2 ...) TODO: check-old CVE-2007-3621 (Multiple CRLF injection vulnerabilities in callboth.php in AsteriDex ...) TODO: check-old CVE-2007-3622 (Unspecified vulnerability in DomainPOP in Alt-N Technologies MDaemon ...) TODO: check-old CVE-2007-3623 (Cross-site scripting (XSS) vulnerability in the Hitachi JP1/HiCommand ...) TODO: check-old CVE-2007-3624 (Heap-based buffer overflow in the Message HTTP Server in SAP Message ...) TODO: check-old CVE-2007-3625 (The Program Neighborhood Agent in Citrix Presentation Server Clients ...) TODO: check-old CVE-2007-3626 (Unspecified vulnerability in the ADM daemon in Hitachi TPBroker before ...) TODO: check-old CVE-2007-3627 (Multiple SQL injection vulnerabilities in PHP Lite Calendar Express ...) TODO: check-old CVE-2007-3628 (Unspecified vulnerability in the fetch function in MDB2.php in PEAR ...) TODO: check-old CVE-2007-3629 (SQL injection vulnerability in oku.asp in Levent Veysi Portal 1.0 ...) TODO: check-old CVE-2007-3630 (changePW.php in AV Tutorial Script (avtutorial) 1.0 does not require ...) TODO: check-old CVE-2007-3631 (SQL injection vulnerability in index.php in GameSiteScript (gss) 3.1 ...) TODO: check-old CVE-2007-3632 (Multiple PHP remote file inclusion vulnerabilities in LimeSurvey (aka ...) TODO: check-old CVE-2007-3633 (Absolute path traversal vulnerability in the Chilkat Software Chilkat ...) TODO: check-old CVE-2007-3634 (Unspecified vulnerability in the G/PGP (GPG) Plugin 2.0 for ...) TODO: check-old CVE-2007-3635 (Multiple unspecified vulnerabilities in the G/PGP (GPG) Plugin before ...) TODO: check-old CVE-2007-3636 (Multiple unspecified vulnerabilities in the G/PGP (GPG) Plugin 2.1 for ...) TODO: check-old CVE-2007-3637 (SQL injection vulnerability in MKPortal 1.1.1 allows remote attackers ...) TODO: check-old CVE-2007-3638 (Buffer overflow in Yahoo! Messenger 8.1 allows user-assisted remote ...) TODO: check-old CVE-2007-3639 (WordPress before 2.2.2 allows remote attackers to redirect visitors to ...) TODO: check-old CVE-2007-3640 (Adobe Integrated Runtime (AIR, aka Apollo) allows context-dependent ...) TODO: check-old CVE-2007-3641 (archive_read_support_format_tar.c in libarchive before 2.2.4 does not ...) BUG: 184984 CVE-2007-3642 (The decode_choice function in net/netfilter/nf_conntrack_h323_asn1.c ...) TODO: check-old CVE-2007-3643 (admin/index.php in AV Arcade 2.1b grants administrative privileges ...) TODO: check-old CVE-2007-3644 (archive_read_support_format_tar.c in libarchive before 2.2.4 allows ...) BUG: 184984 CVE-2007-3645 (archive_read_support_format_tar.c in libarchive before 2.2.4 allows ...) BUG: 184984 CVE-2007-3646 (SQL injection vulnerability in index.php in FlashGameScript 1.7 and ...) TODO: check-old CVE-2007-3647 (The isloggedin function in Php/login.inc.php in phpTrafficA 1.4.3 and ...) TODO: check-old CVE-2007-3648 (SQL injection vulnerability in Webmatic before 2.6.2, and possibly ...) TODO: check-old CVE-2007-3649 (Absolute path traversal vulnerability in a certain ActiveX control in ...) TODO: check-old CVE-2007-3650 (myWebland myBloggie 2.1.6 allow remote attackers to obtain sensitive ...) NOT-FOR-US: myWebland myBloggie CVE-2007-3651 (class/page.php in Farsi Script (aka FaScript) FaName 1.0 allows remote ...) NOT-FOR-US: FaScript FaName CVE-2007-3652 (SQL injection vulnerability in class/page.php in Farsi Script (aka ...) NOT-FOR-US: FaScript FaName CVE-2007-3653 (Multiple cross-site scripting (XSS) vulnerabilities in Farsi Script ...) NOT-FOR-US: FaScript FaName CVE-2007-3654 (The display driver allocattr functions in NetBSD 3.0 through ...) TODO: check-old CVE-2007-3655 (Stack-based buffer overflow in javaws.exe in Sun Java Web Start in JRE ...) TODO: check-old CVE-2007-3656 (Mozilla Firefox before 1.8.0.13 and 1.8.1.x before 1.8.1.5 does not ...) BUG: 187205 BUG: 185737 CVE-2007-3657 (** DISPUTED ** ...) TODO: check-old CVE-2007-3658 (Unspecified vulnerability in Microsoft Register Server (REGSVR) allows ...) TODO: check-old CVE-2007-3659 (Buffer overflow in the doBrowserAction function in FreeWRL 1.19.3 ...) TODO: check-old CVE-2007-3660 (The Nonnoi ASP/Barcode ActiveX control (nonnoi_ASPBarcode.dll) allows ...) TODO: check-old CVE-2007-3661 (Eltima Software Virtual Serial Port (VSPAX) ActiveX control ...) TODO: check-old CVE-2007-3662 (Media Player Classic (MPC) 6.4.9.0 allows user-assisted remote ...) TODO: check-old CVE-2007-3663 (Divide-by-zero error in Media Player Classic (MPC) 6.4.9.0 allows ...) TODO: check-old CVE-2007-3664 (Multiple unspecified vulnerabilities in Eltima Software RunService ...) TODO: check-old CVE-2007-3665 (Multiple unspecified vulnerabilities in FileBackup.DLL in Symantec ...) TODO: check-old CVE-2007-3666 (Buffer overflow in RemoteCommand.DLL in Symantec Norton Ghost 12.0 ...) TODO: check-old CVE-2007-3667 (Unspecified vulnerability in EXCLEXPT.DLL in ActiveReportsExcelReport ...) TODO: check-old CVE-2007-3668 (Multiple unspecified vulnerabilities in NMSDVDXU.DLL in NuMedia ...) TODO: check-old CVE-2007-3669 (Multiple unspecified vulnerabilities in the Innovasys DockStudioXP ...) TODO: check-old CVE-2007-3670 (Argument injection vulnerability in Microsoft Internet Explorer, when ...) TODO: check-old CVE-2007-3671 (Unspecified vulnerability in the kernel in Microsoft Windows Vista has ...) TODO: check-old CVE-2007-3672 (Cross-site scripting (XSS) vulnerability in ecrire/tools.php in ...) TODO: check-old CVE-2007-3673 (Symantec symtdi.sys before 7.0.0, as distributed in Symantec AntiVirus ...) TODO: check-old CVE-2007-3674 RESERVED CVE-2007-3675 (Multiple format string vulnerabilities in the kavwebscan.CKAVWebScan ...) NOT-FOR-US: Kaspersky Lab Online Scanner CVE-2007-3676 (IBM DB2 Universal Database (UDB) Administration Server (DAS) 8 before ...) NOT-FOR-US: IBM DB2 CVE-2007-3677 (Multiple SQL injection vulnerabilities in Maxsi eVisit Analyst allow ...) TODO: check-old CVE-2007-3678 (Stack-based buffer overflow in the MSWord text-import extension (Word ...) TODO: check-old CVE-2007-3679 (The Citrix EPA ActiveX control (aka the "endpoint checking control" or ...) TODO: check-old CVE-2007-3680 (Stack-based buffer overflow in the odm_searchpath function in libodm ...) TODO: check-old CVE-2007-3681 (The IOCTL 9031 (BIOCGSTATS) handler in the NPF.SYS device driver in ...) TODO: check-old CVE-2007-3682 (SQL injection vulnerability in index.php in OpenLD 1.2.2 and earlier ...) TODO: check-old CVE-2007-3683 (SQL injection vulnerability in pagetopic.php in Aigaion 1.3.3 and ...) TODO: check-old CVE-2007-3684 (Multiple SQL injection vulnerabilities in Unobtrusive Ajax Star Rating ...) TODO: check-old CVE-2007-3685 (Cross-site scripting (XSS) vulnerability in rpc.php in Unobtrusive ...) TODO: check-old CVE-2007-3686 (CRLF injection vulnerability in db.php in Unobtrusive Ajax Star Rating ...) TODO: check-old CVE-2007-3687 (SQL injection vulnerability in inferno.php in the Inferno Technologies ...) TODO: check-old CVE-2007-3688 (Multiple cross-site request forgery (CSRF) vulnerabilities in DotClear ...) TODO: check-old CVE-2007-3689 (The Print module before 4.7-1.0 and 5.x before 5.x-1.2 for Drupal ...) TODO: check-old CVE-2007-3690 (The Forward module before 4.7-1.1 and 5.x before 5.x-1.0 for Drupal ...) TODO: check-old CVE-2007-3691 (Multiple SQL injection vulnerabilities in changePW.php in AV Tutorial ...) TODO: check-old CVE-2007-3692 (Directory traversal vulnerability in download.cgi in EZFactory KDDI ...) TODO: check-old CVE-2007-3693 (Cross-site scripting (XSS) vulnerability in Gobi as of 20070711, built ...) TODO: check-old CVE-2007-3694 (Cross-site scripting (XSS) vulnerability in login.php in Miro Project ...) NOT-FOR-US: getmiro Broadcast Machine CVE-2007-3695 (Buffer overflow in LICRCMD.EXE in CA ERwin Process Modeler (formerly ...) TODO: check-old CVE-2007-3696 (CA ERwin Data Model Validator (formerly AllFusion Data Model ...) TODO: check-old CVE-2007-3697 (PHP remote file inclusion vulnerability in phpbb/sendmsg.php in ...) TODO: check-old CVE-2007-3698 (The Java Secure Socket Extension (JSSE) in Sun JDK and JRE 6 Update 1 ...) BUG: 190686 CVE-2007-3699 (The Decomposer component in multiple Symantec products allows remote ...) NOT-FOR-US: multiple CVE-2007-3700 (Sun Java System Access Manager (formerly Java System Identity Server) ...) TODO: check-old CVE-2007-3701 (TippingPoint IPS before 20070710 does not properly handle a ...) TODO: check-old CVE-2007-3702 (Directory traversal vulnerability in the load function in ...) TODO: check-old CVE-2007-3703 (Stack-based buffer overflow in a certain ActiveX control in sasatl.dll ...) TODO: check-old CVE-2007-3704 (Entertainment CMS allows remote attackers to bypass authentication and ...) TODO: check-old CVE-2007-3705 (SQL injection vulnerability in FuseTalk 2.0 allows remote attackers to ...) TODO: check-old CVE-2007-3706 (The _sanitize_globals function in CodeIgniter 1.5.3 before 20070628 ...) TODO: check-old CVE-2007-3707 (Directory traversal vulnerability in index.php in CodeIgniter 1.5.3 ...) TODO: check-old CVE-2007-3708 (Cross-site scripting (XSS) vulnerability in CodeIgniter 1.5.3 before ...) TODO: check-old CVE-2007-3709 (CRLF injection vulnerability in the redirect function in ...) TODO: check-old CVE-2007-3710 (PHP remote file inclusion vulnerability in ...) TODO: check-old CVE-2007-3711 (Unspecified vulnerability in TOS 2.1.x, 2.2.x before 2.2.5, and 2.5.x ...) TODO: check-old CVE-2007-3712 (Multiple cross-site scripting (XSS) vulnerabilities in HiddenChest "is ...) TODO: check-old CVE-2007-3713 (Multiple buffer overflows in Konst CenterICQ 4.9.11 through 4.21 allow ...) TODO: check-old CVE-2007-3714 (Directory traversal vulnerability in Ada Image Server (ImgSvr) 0.6.5 ...) TODO: check-old CVE-2007-3715 (Sun Java System Application Server and Web Server 7.0 through 9.0 ...) TODO: check-old CVE-2007-3716 (The Java XML Digital Signature implementation in Sun JDK and JRE 6 ...) BUG: 190686 CVE-2007-3717 (rcp on Sun Solaris 8, 9, and 10 before 20070710 does not properly call ...) TODO: check-old CVE-2007-3718 (Multiple unspecified vulnerabilities in the SVG parsing engine in ...) TODO: check-old CVE-2007-3719 (The process scheduler in the Linux kernel 2.6.16 gives preference to ...) TODO: check-old CVE-2007-3720 (The process scheduler in the Linux kernel 2.4 performs scheduling ...) TODO: check-old CVE-2007-3721 (The ULE process scheduler in the FreeBSD kernel gives preference to ...) TODO: check-old CVE-2007-3722 (The 4BSD process scheduler in the FreeBSD kernel performs scheduling ...) TODO: check-old CVE-2007-3723 (The process scheduler in the Sun Solaris kernel does not make use of ...) TODO: check-old CVE-2007-3724 (The process scheduler in the Microsoft Windows XP kernel does not make ...) TODO: check-old CVE-2007-3725 (The RAR VM (unrarvm.c) in Clam Antivirus (ClamAV) before 0.91 allows ...) BUG: 185013 CVE-2007-3726 (Integer signedness error in the SET_VALUE function in rarvm.cpp in ...) TODO: check-old CVE-2007-3727 (Multiple unspecified vulnerabilities in Webmatic before 2.7 have ...) TODO: check-old CVE-2007-3728 (Buffer overflow in lib/silcclient/client_notify.c of SILC Client and ...) TODO: check-old CVE-2007-3729 (The default configuration of the POP server in TCP/IP Services 5.6 for ...) TODO: check-old CVE-2007-3730 (The default configuration of the POP server in TCP/IP Services 5.6 for ...) TODO: check-old CVE-2007-3731 (The Linux kernel 2.6.20 and 2.6.21 does not properly handle an invalid ...) TODO: check-old CVE-2007-3732 RESERVED CVE-2007-3733 RESERVED CVE-2007-3734 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) BUG: 187205 BUG: 185737 CVE-2007-3735 (Multiple unspecified vulnerabilities in the JavaScript engine in ...) BUG: 187205 BUG: 185737 CVE-2007-3736 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox before ...) BUG: 187205 BUG: 185737 CVE-2007-3737 (Mozilla Firefox before 2.0.0.5 allows remote attackers to execute ...) BUG: 187205 BUG: 185737 CVE-2007-3738 (Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.5 ...) BUG: 187205 BUG: 185737 CVE-2007-3739 (mm/mmap.c in the hugetlb kernel, when run on PowerPC systems, does not ...) TODO: check-old CVE-2007-3740 (The CIFS filesystem in the Linux kernel before 2.6.22, when Unix ...) TODO: check-old CVE-2007-3741 (The (1) psp (aka .tub), (2) bmp, (3) pcx, and (4) psd plugins in gimp ...) TODO: check-old CVE-2007-3742 (WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before ...) TODO: check-old CVE-2007-3743 (Stack-based buffer overflow in bookmark handling in Apple Safari 3 ...) TODO: check-old CVE-2007-3744 (Heap-based buffer overflow in the UPnP IGD (Internet Gateway Device ...) TODO: check-old CVE-2007-3745 (The Java interface to CoreAudio on Apple Mac OS X 10.3.9 and 10.4.10 ...) TODO: check-old CVE-2007-3746 (The Java interface to CoreAudio on Apple Mac OS X 10.3.9 and 10.4.10 ...) TODO: check-old CVE-2007-3747 (The Java interface to CoreAudio on Apple Mac OS X 10.3.9 and 10.4.10 ...) TODO: check-old CVE-2007-3748 (Buffer overflow in the UPnP IGD (Internet Gateway Device Standardized ...) TODO: check-old CVE-2007-3749 (The kernel in Apple Mac OS X 10.4 through 10.4.10 does not reset the ...) NOT-FOR-US: Apple CVE-2007-3750 (Heap-based buffer overflow in Apple QuickTime before 7.3 allows remote ...) BUG: 150288 CVE-2007-3751 (Unspecified vulnerability in QuickTime for Java in Apple QuickTime ...) BUG: 150288 CVE-2007-3752 (Heap-based buffer overflow in Apple iTunes before 7.4 allows remote ...) TODO: check-old CVE-2007-3753 (Apple iPhone 1.1.1, with Bluetooth enabled, allows physically ...) TODO: check-old CVE-2007-3754 (Mail in Apple iPhone 1.1.1, when using SSL, does not warn the user ...) TODO: check-old CVE-2007-3755 (Mail in Apple iPhone 1.1.1 allows remote user-assisted attackers to ...) TODO: check-old CVE-2007-3756 (Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on ...) TODO: check-old CVE-2007-3757 (Safari in Apple iPhone 1.1.1 allows remote user-assisted attackers to ...) TODO: check-old CVE-2007-3758 (Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on ...) TODO: check-old CVE-2007-3759 (Safari in Apple iPhone 1.1.1, when requested to disable Javascript, ...) TODO: check-old CVE-2007-3760 (Cross-site scripting (XSS) vulnerability in Safari in Apple iPhone ...) TODO: check-old CVE-2007-3761 (Cross-site scripting (XSS) vulnerability in Safari in Apple iPhone ...) TODO: check-old CVE-2007-3762 (Stack-based buffer overflow in the IAX2 channel driver (chan_iax2) in ...) BUG: 185713 CVE-2007-3763 (The IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and ...) BUG: 185713 CVE-2007-3764 (The Skinny channel driver (chan_skinny) in Asterisk before 1.2.22 and ...) BUG: 185713 CVE-2007-3765 (The STUN implementation in Asterisk 1.4.x before 1.4.8, AsteriskNOW ...) TODO: check-old CVE-2007-3766 RESERVED CVE-2007-3767 RESERVED CVE-2007-3768 (The mirror mechanism in SurgeFTP 2.3a1 allows user-assisted, remote ...) TODO: check-old CVE-2007-3769 (Cross-site scripting (XSS) vulnerability in the mirrored server ...) TODO: check-old CVE-2007-3770 (The terminal_helper_execute function in terminal/terminal.c in Xfce ...) BUG: 184886 CVE-2007-3771 (Stack-based buffer overflow in the Internet E-mail Auto-Protect ...) TODO: check-old CVE-2007-3772 (Directory traversal vulnerability in news/show.php in PsNews 1.1 ...) TODO: check-old CVE-2007-3773 (Cross-site request forgery (CSRF) vulnerability in the Email-Template ...) TODO: check-old CVE-2007-3774 (Dvbbs 7.1.0 SP1 stores sensitive information under the web root with ...) TODO: check-old CVE-2007-3775 (Unspecified vulnerability in Cisco Unified Communications Manager ...) TODO: check-old CVE-2007-3776 (Cisco Unified Communications Manager (CUCM, formerly CallManager) and ...) TODO: check-old CVE-2007-3777 (avg7core.sys 7.5.0.444 in Grisoft AVG Anti-Virus 7.5.448 and Free ...) TODO: check-old CVE-2007-3778 (The G/PGP (GPG) Plugin 2.0, and 2.1dev before 20060912, for ...) TODO: check-old CVE-2007-3779 (PHP local file inclusion vulnerability in gpg_pop_init.php in the ...) TODO: check-old CVE-2007-3780 (MySQL Community Server before 5.0.45 allows remote attackers to cause ...) BUG: 185333 CVE-2007-3781 (MySQL Community Server before 5.0.45 does not require privileges such ...) BUG: 185333 CVE-2007-3782 (MySQL Community Server before 5.0.45 allows remote authenticated users ...) TODO: check-old CVE-2007-3783 (SQL injection vulnerability in default.asp in enVivo!CMS allows remote ...) TODO: check-old CVE-2007-3784 (Cross-site scripting (XSS) vulnerability in the Belkin G Plus Router ...) TODO: check-old CVE-2007-3785 (Absolute path traversal vulnerability in a certain ActiveX control in ...) TODO: check-old CVE-2007-3786 (** DISPUTED ** ...) TODO: check-old CVE-2007-3787 (The eSoft InstaGate EX2 UTM device does not require entry of the old ...) TODO: check-old CVE-2007-3788 (The eSoft InstaGate EX2 UTM device stores the admin password within ...) TODO: check-old CVE-2007-3789 (SQL injection vulnerability in admin/index.php in Inmostore 4.0 allows ...) TODO: check-old CVE-2007-3790 (The com_print_typeinfo function in the bz2 extension in PHP 5.2.3 ...) NOT-FOR-US: We don't ship this extension. CVE-2007-3791 (Buffer overflow in the w_read function in sockets.c in Cami Sardinha ...) TODO: check-old CVE-2007-3792 (Multiple PHP remote file inclusion vulnerabilities in AzDG Dating Gold ...) TODO: check-old CVE-2007-3793 (SQL injection vulnerability in Job Management Partner 1/NETM/DM ...) TODO: check-old CVE-2007-3794 (Buffer overflow in Hitachi Cosminexus V4 through V7, Processing Kit ...) TODO: check-old CVE-2007-3795 (Unspecified vulnerability in Hitachi TP1/Server Base before 03-05-/P, ...) TODO: check-old CVE-2007-3796 (The password reset feature in the Spam Quarantine HTTP interface for ...) TODO: check-old CVE-2007-3797 RESERVED CVE-2007-3798 (Integer overflow in print-bgp.c in the BGP dissector in tcpdump 3.9.6 ...) BUG: 184815 CVE-2007-3799 (The session_start function in ext/session in PHP 4.x up to 4.4.7 and ...) TODO: check-old CVE-2007-3800 (Unspecified vulnerability in the Real-time scanner (RTVScan) component ...) TODO: check-old CVE-2007-3801 REJECTED TODO: check-old CVE-2007-3802 REJECTED TODO: check-old CVE-2007-3803 (The SMTP ALG in Clavister CorePlus before 8.80.04, and 8.81.00, does ...) TODO: check-old CVE-2007-3804 (The AntiVirus engine in the HTTP-ALG in Clavister CorePlus before ...) TODO: check-old CVE-2007-3805 (The IKE implementation in Clavister CorePlus before 8.80.03, and ...) TODO: check-old CVE-2007-3806 (The glob function in PHP 5.2.3 allows context-dependent attackers to ...) BUG: 191034 NOTE: Fixed in 5.2.4 release CVE-2007-3807 (Multiple cross-site scripting (XSS) vulnerabilities in SiteScape Forum ...) TODO: check-old CVE-2007-3808 (SQL injection vulnerability in includes/search.php in paFileDB 3.6 ...) TODO: check-old CVE-2007-3809 (Multiple SQL injection vulnerabilities in Prozilla Directory Script ...) TODO: check-old CVE-2007-3810 (SQL injection vulnerability in index.php in Realtor 747 allows remote ...) TODO: check-old CVE-2007-3811 (Multiple SQL injection vulnerabilities in eSyndiCat allow remote ...) TODO: check-old CVE-2007-3812 (SQL injection vulnerability in forums.php in CMScout 1.23 and earlier ...) TODO: check-old CVE-2007-3813 (PHP remote file inclusion vulnerability in include/user.php in the ...) TODO: check-old CVE-2007-3814 (Multiple SQL injection vulnerabilities in MKPortal 1.1.1 allow remote ...) TODO: check-old CVE-2007-3815 (Buffer overflow in pirs32.exe in Poslovni informator Republike ...) TODO: check-old CVE-2007-3816 (** DISPUTED ** ...) TODO: check-old CVE-2007-3817 (Cross-site scripting (XSS) vulnerability in the LoginToboggan module ...) TODO: check-old CVE-2007-3818 (Cross-site scripting (XSS) vulnerability in the LoginToboggan module ...) TODO: check-old CVE-2007-3819 (Opera 9.21 allows remote attackers to spoof the data: URI scheme in ...) BUG: 188987 BUG: 185497 CVE-2007-3820 (konqueror/konq_combo.cc in Konqueror 3.5.7 allows remote attackers to ...) TODO: check-old CVE-2007-3821 (Cross-site request forgery (CSRF) vulnerability in Webcit before 7.11 ...) TODO: check-old CVE-2007-3822 (Multiple cross-site scripting (XSS) vulnerabilities in Webcit before ...) TODO: check-old CVE-2007-3823 (The Logging Server (Logsrv.exe) in IPSwitch WS_FTP 7.5.29.0 allows ...) TODO: check-old CVE-2007-3824 (SQL injection vulnerability in katgoster.asp in MzK Blog (tr) allows ...) TODO: check-old CVE-2007-3825 (Multiple stack-based buffer overflows in the RPC implementation in ...) TODO: check-old CVE-2007-3826 (Microsoft Internet Explorer 7 on Windows XP SP2 allows remote ...) TODO: check-old CVE-2007-3827 (Mozilla Firefox allows for cookies to be set with a null domain (aka ...) TODO: check-old CVE-2007-3828 (Unspecified vulnerability in mDNSResponder in Apple Mac OS X allows ...) TODO: check-old CVE-2007-3829 (Multiple stack-based buffer overflows in (a) InterActual Player ...) TODO: check-old CVE-2007-3830 (Cross-site scripting (XSS) vulnerability in alert.php in ISS Proventia ...) TODO: check-old CVE-2007-3831 (PHP remote file inclusion in main.php in ISS Proventia Network IPS ...) TODO: check-old CVE-2007-3832 (Buffer overflow in the AOL Instant Messenger (AIM) protocol handler in ...) TODO: check-old CVE-2007-3833 (The AOL Instant Messenger (AIM) protocol handler in Cerulean Studios ...) TODO: check-old CVE-2007-3834 (Multiple cross-site scripting (XSS) vulnerabilities in Ex Libris ALEPH ...) TODO: check-old CVE-2007-3835 (Cross-site scripting (XSS) vulnerability in Ex Libris MetaLib 3.13 and ...) TODO: check-old CVE-2007-3836 (Format string vulnerability in HydraIRC 0.3.151 allows remote ...) TODO: check-old CVE-2007-3837 (Heap-based buffer overflow in HydraIRC 0.3.151 allows remote IRC ...) TODO: check-old CVE-2007-3838 (Cross-site scripting (XSS) vulnerability in takeprofedit.php in ...) TODO: check-old CVE-2007-3839 (Cross-site scripting (XSS) vulnerability in takeprofedit.php in ...) TODO: check-old CVE-2007-3840 (SQL injection vulnerability in referralUrl.php in Traffic Stats allows ...) TODO: check-old CVE-2007-3841 (Unspecified vulnerability in Pidgin (formerly Gaim) 2.0.2 for Linux ...) TODO: check-old CVE-2007-3842 (Cross-site scripting (XSS) vulnerability in the 8e6 R3000 Enterprise ...) TODO: check-old CVE-2007-3843 (The Linux kernel before 2.6.23-rc1 checks the wrong global variable ...) TODO: check-old CVE-2007-3844 (Mozilla Firefox 2.0.0.5, Thunderbird 2.0.0.5 and before 1.5.0.13, and ...) BUG: 187205 BUG: 185737 CVE-2007-3845 (Mozilla Firefox before 2.0.0.6, Thunderbird before 1.5.0.13 and 2.x ...) TODO: check-old CVE-2007-3846 (Directory traversal vulnerability in Subversion before 1.4.5, as used ...) TODO: check-old CVE-2007-3847 (The date handling code in modules/proxy/proxy_util.c (mod_proxy) in ...) BUG: 186219 CVE-2007-3848 (Linux kernel 2.4.35 and other versions allows local users to send ...) TODO: check-old CVE-2007-3849 (Red Hat Enterprise Linux (RHEL) 5 ships the rpm for the Advanced ...) TODO: check-old CVE-2007-3850 (The eHCA driver in Linux kernel 2.6 before 2.6.22, when running on ...) BUG: 196830 CVE-2007-3851 (The drm/i915 component in the Linux kernel before 2.6.22.2, when used ...) TODO: check-old CVE-2007-3852 (The init script (sysstat.in) in sysstat 5.1.2 up to 7.1.6 creates ...) TODO: check-old CVE-2007-3853 (Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 and ...) TODO: check-old CVE-2007-3854 (Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+, ...) TODO: check-old CVE-2007-3855 (Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+, ...) TODO: check-old CVE-2007-3856 (Unspecified vulnerability in the Oracle Data Mining component for ...) TODO: check-old CVE-2007-3857 (Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 allow ...) TODO: check-old CVE-2007-3858 (Multiple unspecified vulnerabilities in Oracle Database 10.2.0.3 allow ...) TODO: check-old CVE-2007-3859 (Unspecified vulnerability in the Oracle Internet Directory component ...) TODO: check-old CVE-2007-3860 (Unspecified vulnerability in Oracle Application Express (formerly ...) TODO: check-old CVE-2007-3861 (Unspecified vulnerability in Oracle Jdeveloper in Oracle Application ...) TODO: check-old CVE-2007-3862 (Unspecified vulnerability in Oracle Application Server 9.0.4.3 and ...) TODO: check-old CVE-2007-3863 (Unspecified vulnerability in Oracle JDeveloper for Application Server ...) TODO: check-old CVE-2007-3864 (Multiple unspecified vulnerabilities in Oracle Collaboration Suite ...) TODO: check-old CVE-2007-3865 (Unspecified vulnerability in the Oracle Customer Intelligence ...) TODO: check-old CVE-2007-3866 (Multiple unspecified vulnerabilities in Oracle E-Business Suite ...) TODO: check-old CVE-2007-3867 (Multiple unspecified vulnerabilities in Oracle E-Business Suite ...) TODO: check-old CVE-2007-3868 (Multiple unspecified vulnerabilities in PeopleTools in Oracle ...) TODO: check-old CVE-2007-3869 (Multiple unspecified vulnerabilities in the Customer Relationship ...) TODO: check-old CVE-2007-3870 (Multiple unspecified vulnerabilities in the Human Capital Management ...) TODO: check-old CVE-2007-3871 (Stampit Web uses guessable id values for online stamp purchases, which ...) TODO: check-old CVE-2007-3872 (Multiple stack-based buffer overflows in the Shared Trace Service ...) TODO: check-old CVE-2007-3873 (Stack-based buffer overflow in vstlib32.dll 1.2.0.1012 in the SSAPI ...) TODO: check-old CVE-2007-3874 (Directory traversal vulnerability in the tftp/mftp daemon in the PXE ...) NOT-FOR-US: Altiris Deployment Solution CVE-2007-3875 (arclib.dll before 7.3.0.9 in CA Anti-Virus (formerly eTrust Antivirus) ...) TODO: check-old CVE-2007-3876 (Stack-based buffer overflow in SMB in Apple Mac OS X 10.4.11 allows ...) NOT-FOR-US: Apple Mac OS X CVE-2007-3877 RESERVED CVE-2007-3878 RESERVED CVE-2007-3879 RESERVED CVE-2007-3880 (Format string vulnerability in srsexec in Sun Remote Services (SRS) ...) NOT-FOR-US: Sun Net Connect Software CVE-2007-3881 (SQL injection vulnerability in index.php in Pictures Rating (Picture ...) TODO: check-old CVE-2007-3882 (SQL injection vulnerability in index.php in Expert Advisor allows ...) TODO: check-old CVE-2007-3883 (The Data Dynamics ActiveBar ActiveX control (actbar3.ocx) 3.2 and ...) TODO: check-old CVE-2007-3884 (SQL injection vulnerability in philboard_forum.asp in husrevforum ...) TODO: check-old CVE-2007-3885 (Cross-site scripting (XSS) vulnerability in philboard_search.asp in ...) TODO: check-old CVE-2007-3886 (Cross-site scripting (XSS) vulnerability in default.asp in Element CMS ...) TODO: check-old CVE-2007-3887 (Multiple cross-site scripting (XSS) vulnerabilities in mesaj_formu.asp ...) TODO: check-old CVE-2007-3888 (Multiple cross-site scripting (XSS) vulnerabilities in Insanely Simple ...) TODO: check-old CVE-2007-3889 (Multiple SQL injection vulnerabilities in Insanely Simple Blog 0.5 and ...) TODO: check-old CVE-2007-3890 (Microsoft Excel in Office 2000 SP3, Office XP SP3, Office 2003 SP2, ...) TODO: check-old CVE-2007-3891 (Unspecified vulnerability in Windows Vista Weather Gadgets in Windows ...) TODO: check-old CVE-2007-3892 (Microsoft Internet Explorer 5.01 through 7 allows remote attackers to ...) NOT-FOR-US: Microsoft ie CVE-2007-3893 (Unspecified vulnerability in Microsoft Internet Explorer 5.01 through ...) NOT-FOR-US: Microsoft ie CVE-2007-3894 RESERVED CVE-2007-3895 (Buffer overflow in Microsoft DirectShow in Microsoft DirectX 7.0 ...) NOT-FOR-US: Microsoft DirectX CVE-2007-3896 (The URL handling in Shell32.dll in the Windows shell in Microsoft ...) NOT-FOR-US: Microsoft ie CVE-2007-3897 (Heap-based buffer overflow in Microsoft Outlook Express 6 and earlier, ...) NOT-FOR-US: Microsoft Windows Mail CVE-2007-3898 (The DNS server in Microsoft Windows 2000 Server SP4, and Server 2003 ...) NOT-FOR-US: DNS server in Microsoft Windows 2000 CVE-2007-3899 (Unspecified vulnerability in Microsoft Word 2000 SP3, Word 2002 SP3, ...) NOT-FOR-US: Microsoft Word CVE-2007-3900 RESERVED CVE-2007-3901 (Stack-based buffer overflow in the DirectShow Synchronized Accessible ...) NOT-FOR-US: Microsoft CVE-2007-3902 (Use-after-free vulnerability in the CRecalcProperty function in ...) NOT-FOR-US: Microsoft CVE-2007-3903 (Microsoft Internet Explorer 6 and 7 allows remote attackers to execute ...) NOT-FOR-US: Microsoft CVE-2007-3904 RESERVED CVE-2007-3905 (SQL injection vulnerability in Zoph before 0.7.0.1 might allow remote ...) TODO: check-old CVE-2007-3906 (Unspecified vulnerability in Kaspersky Anti-Virus for Check Point ...) TODO: check-old CVE-2007-3907 (Unspecified vulnerability in login.pl in LedgerSMB 1.2.0 through 1.2.6 ...) TODO: check-old CVE-2007-3908 (Unspecified vulnerability in HP ServiceGuard for Linux for Red Hat ...) TODO: check-old CVE-2007-3909 (Multiple SQL injection vulnerabilities in Bandersnatch 0.4 allow ...) TODO: check-old CVE-2007-3910 (Cross-site scripting (XSS) vulnerability in Bandersnatch 0.4 allows ...) TODO: check-old CVE-2007-3911 (Multiple heap-based buffer overflows in (1) clsscheduler.exe (aka ...) TODO: check-old CVE-2007-3912 (checkrestart in debian-goodies before 0.34 allows local users to gain ...) TODO: check-old CVE-2007-3913 (SQL injection vulnerability in Gforge before 3.1 allows remote ...) TODO: check-old CVE-2007-3914 RESERVED CVE-2007-3915 RESERVED CVE-2007-3916 (The main function in skkdic-expr.c in SKK Tools 1.2 allows local users ...) BUG: 193121 CVE-2007-3917 (The multiplayer engine in Wesnoth 1.2.x before 1.2.7 and 1.3.x before ...) BUG: 195520 CVE-2007-3918 (Cross-site scripting (XSS) vulnerability in account/verify.php in ...) NOT-FOR-US: GForge CVE-2007-3919 ((1) xenbaked and (2) xenmon.py in Xen 3.1 and earlier allow local ...) BUG: 196824 CVE-2007-3920 (GNOME screensaver 2.20 in Ubuntu 7.10, when used with Compiz, does not ...) BUG: 196878 CVE-2007-3921 (gforge 3.1 and 4.5.14 allows local users to truncate arbitrary files ...) NOT-FOR-US: GForge CVE-2007-3922 (Unspecified vulnerability in the Java Runtime Environment (JRE) Applet ...) BUG: 190686 CVE-2007-3923 (The Common Internet File System (CIFS) optimization in Cisco Wide Area ...) TODO: check-old CVE-2007-3924 (Argument injection vulnerability in Microsoft Internet Explorer, when ...) TODO: check-old CVE-2007-3925 (Multiple buffer overflows in the IMAP service (imapd32.exe) in ...) TODO: check-old CVE-2007-3926 (Ipswitch IMail Server 2006 before 2006.21 allows remote attackers to ...) TODO: check-old CVE-2007-3927 (Multiple buffer overflows in Ipswitch IMail Server 2006 before 2006.21 ...) TODO: check-old CVE-2007-3928 (Buffer overflow in Yahoo! Messenger 8.1 allows user-assisted remote ...) TODO: check-old CVE-2007-3929 (Use-after-free vulnerability in the BitTorrent support in Opera before ...) BUG: 188987 BUG: 185497 CVE-2007-3930 (Interpretation conflict between Microsoft Internet Explorer and ...) TODO: check-old CVE-2007-3931 (The wrap_setuid_third_party_application function in the installation ...) TODO: check-old CVE-2007-3932 (uploadimg.php in the Expose RC35 and earlier (com_expose) component ...) TODO: check-old CVE-2007-3933 (SQL injection vulnerability in insertorder.cfm in QuickEStore 8.2 and ...) TODO: check-old CVE-2007-3934 (PHP remote file inclusion vulnerability in postscript/postscript.php ...) TODO: check-old CVE-2007-3935 (PHP remote file inclusion vulnerability in link_main.php in the ...) TODO: check-old CVE-2007-3936 (Directory traversal vulnerability in admin/filebrowser.asp in A-shop ...) TODO: check-old CVE-2007-3937 (Multiple SQL injection vulnerabilities in A-shop 0.70 and earlier ...) TODO: check-old CVE-2007-3938 (SQL injection vulnerability in index.php in MAXdev MDPro (MD-Pro) ...) TODO: check-old CVE-2007-3939 (SQL injection vulnerability in index.php in SpoonLabs Vivvo Article ...) TODO: check-old CVE-2007-3940 (Cross-site scripting (XSS) vulnerability in default.asp in QuickerSite ...) TODO: check-old CVE-2007-3941 (Cross-site scripting (XSS) vulnerability in profile.php in Jasmine CMS ...) TODO: check-old CVE-2007-3942 (** DISPUTED ** ...) TODO: check-old CVE-2007-3943 (SQL injection vulnerability in Infinite Responder before 1.48 allows ...) TODO: check-old CVE-2007-3944 (Multiple heap-based buffer overflows in the Perl Compatible Regular ...) TODO: check-old CVE-2007-3945 (Rule Set Based Access Control (RSBAC) before 1.3.5 does not properly ...) TODO: check-old CVE-2007-3946 (mod_auth (http_auth.c) in lighttpd before 1.4.16 allows remote ...) BUG: 185442 CVE-2007-3947 (request.c in lighttpd 1.4.15 allows remote attackers to cause a denial ...) BUG: 185442 CVE-2007-3948 (connections.c in lighttpd before 1.4.16 might accept more connections ...) BUG: 185442 CVE-2007-3949 (mod_access.c in lighttpd 1.4.15 ignores trailing / (slash) characters ...) BUG: 185442 CVE-2007-3950 (lighttpd 1.4.15, when run on 32 bit platforms, allows remote attackers ...) BUG: 185442 CVE-2007-3951 (Multiple buffer overflows in Norman Antivirus 5.90 allow remote ...) TODO: check-old CVE-2007-3952 (The OLE2 parsing in Norman Antivirus before 5.91.02 allows remote ...) TODO: check-old CVE-2007-3953 (The OLE2 parsing in Norman Antivirus before 5.91.02 allows remote ...) TODO: check-old CVE-2007-3954 (Argument injection vulnerability in Microsoft Internet Explorer, when ...) TODO: check-old CVE-2007-3955 (Buffer overflow in the IEToolbar.IEContextMenu.1 ActiveX control in ...) TODO: check-old CVE-2007-3956 (TeamSpeak WebServer 2.0 for Windows does not validate parameter value ...) TODO: check-old CVE-2007-3957 (Buffer overflow in Nipun Jain xserver 0.1 alpha allows remote ...) TODO: check-old CVE-2007-3958 (Microsoft Windows Explorer (explorer.exe) allows user-assisted remote ...) TODO: check-old CVE-2007-3959 (The IM Server (aka IMserve or IMserver) 2.0.5.30 and probably earlier ...) TODO: check-old CVE-2007-3960 (Multiple unspecified vulnerabilities in IBM WebSphere Application ...) TODO: check-old CVE-2007-3961 (Off-by-one error in the fsp_readdir_r function in fsplib.c in fsplib ...) BUG: 188252 CVE-2007-3962 (Multiple stack-based buffer overflows in fsplib.c in fsplib before 0.9 ...) BUG: 188252 CVE-2007-3963 (Multiple cross-site scripting (XSS) vulnerabilities in UseBB 1.0.7, ...) TODO: check-old CVE-2007-3964 (Itaka before 0.2.1, when using Authentication mode, allows remote ...) TODO: check-old CVE-2007-3965 (Unspecified vulnerability in uFMOD before 1.2.5 has unknown impact and ...) TODO: check-old CVE-2007-3966 (SQL injection vulnerability in Munch Pro allows remote attackers to ...) TODO: check-old CVE-2007-3967 (Directory traversal vulnerability in index.php in PHP Directory Lister ...) TODO: check-old CVE-2007-3968 (index.php in dirLIST before 0.1.1 allows remote attackers to list the ...) TODO: check-old CVE-2007-3969 (Buffer overflow in Panda Antivirus before 20070720 allows remote ...) TODO: check-old CVE-2007-3970 (Race condition in ESET NOD32 Antivirus before 2.2289 allows remote ...) TODO: check-old CVE-2007-3971 (Integer overflow in ESET NOD32 Antivirus before 2.2289 allows remote ...) TODO: check-old CVE-2007-3972 (ESET NOD32 Antivirus before 2.2289 allows remote attackers to cause a ...) TODO: check-old CVE-2007-3973 (Multiple cross-site scripting (XSS) vulnerabilities in JBlog 1.0 allow ...) TODO: check-old CVE-2007-3974 (admin/ajoutaut.php in JBlog 1.0 does not require authentication, which ...) TODO: check-old CVE-2007-3975 (Cross-site scripting (XSS) vulnerability in index.php in Elite Forum ...) TODO: check-old CVE-2007-3976 (SQL injection vulnerability in index.php in bwired allows remote ...) TODO: check-old CVE-2007-3977 (Cross-site scripting (XSS) vulnerability in bwired allows remote ...) TODO: check-old CVE-2007-3978 (Session fixation vulnerability in bwired allows remote attackers to ...) TODO: check-old CVE-2007-3979 (SQL injection vulnerability in index.php in BlogSite Professional (aka ...) TODO: check-old CVE-2007-3980 (PHP remote file inclusion vulnerability in page.php in RCMS Pro ...) TODO: check-old CVE-2007-3981 (SQL injection vulnerability in index.php in WSN Links Basic Edition ...) TODO: check-old CVE-2007-3982 (Absolute path traversal vulnerability in the Data Dynamics ...) TODO: check-old CVE-2007-3983 (Absolute path traversal vulnerability in the Data Dynamics ...) TODO: check-old CVE-2007-3984 (Buffer overflow in a certain ActiveX control in the NixonMyPrograms ...) TODO: check-old CVE-2007-3985 (Directory traversal vulnerability in file.cgi in Secure Computing ...) TODO: check-old CVE-2007-3986 (file.cgi in Secure Computing SecurityReporter (aka Network Security ...) TODO: check-old CVE-2007-3987 (SQL injection vulnerability in SearchResults.asp in ImageRacer 1.0, ...) TODO: check-old CVE-2007-3988 (Session fixation vulnerability in Virtual Hosting Control System ...) TODO: check-old CVE-2007-3989 (Multiple cross-site scripting (XSS) vulnerabilities in default.asp in ...) TODO: check-old CVE-2007-3990 (SQL injection vulnerability in default.asp in Dora Emlak 1.0, when the ...) TODO: check-old CVE-2007-3991 (Multiple cross-site scripting (XSS) vulnerabilities in cv.asp in Asp ...) TODO: check-old CVE-2007-3992 (SQL injection vulnerability in vir_login.asp in iExpress Property Pro ...) TODO: check-old CVE-2007-3993 (Unspecified vulnerability in the attachment filter in Kerio MailServer ...) TODO: check-old CVE-2007-3994 RESERVED CVE-2007-3995 RESERVED CVE-2007-3996 (Multiple integer overflows in libgd in PHP before 5.2.4 allow remote ...) BUG: 191034 NOTE: Fixed in 5.2.4 release CVE-2007-3997 (The (1) MySQL and (2) MySQLi extensions in PHP 4 before 4.4.8, and PHP ...) BUG: 191034 CVE-2007-3998 (The wordwrap function in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, ...) BUG: 191034 NOTE: Fixed in 5.2.4 release CVE-2007-3999 (Stack-based buffer overflow in the svcauth_gss_validate function in ...) BUG: 191479 BUG: 191301 BUG: 214208 CVE-2007-4000 (The kadm5_modify_policy_internal function in ...) BUG: 191301 CVE-2007-4001 RESERVED CVE-2007-4002 RESERVED CVE-2007-4003 (pioout in IBM AIX 5.3 SP6 allows local users to execute arbitrary code ...) TODO: check-old CVE-2007-4004 (Buffer overflow in the ftp client in IBM AIX 5.3 SP6 and 5.2.0 allows ...) TODO: check-old CVE-2007-4005 (Stack-based buffer overflow in Mike Dubman Windows RSH daemon (rshd) ...) TODO: check-old CVE-2007-4006 (Buffer overflow in Mike Dubman Windows RSH daemon (rshd) 1.7 has ...) TODO: check-old CVE-2007-4007 (PHP remote file inclusion vulnerability in index.php in Article ...) TODO: check-old CVE-2007-4008 (Directory traversal vulnerability in custom.php in Entertainment Media ...) TODO: check-old CVE-2007-4009 (PHP remote file inclusion vulnerability in ...) TODO: check-old CVE-2007-4010 (The win32std extension in PHP 5.2.3 does not follow safe_mode and ...) NOT-FOR-US: We don't ship this extension. CVE-2007-4011 (Cisco 4100 and 4400, Airespace 4000, and Catalyst 6500 and 3750 ...) TODO: check-old CVE-2007-4012 (Cisco 4100 and 4400, Airespace 4000, and Catalyst 6500 and 3750 ...) TODO: check-old CVE-2007-4013 (Multiple unspecified vulnerabilities in (1) Net6Helper.DLL (aka ...) TODO: check-old CVE-2007-4014 (Cross-site scripting (XSS) vulnerability in a certain index.php ...) TODO: check-old CVE-2007-4015 REJECTED TODO: check-old CVE-2007-4016 (Unspecified vulnerability in the client components in Citrix Access ...) TODO: check-old CVE-2007-4017 (Cross-site request forgery (CSRF) vulnerability in the web-based ...) TODO: check-old CVE-2007-4018 (Citrix Access Gateway Advanced Edition before firmware 4.5.5 allows ...) TODO: check-old CVE-2007-4019 REJECTED TODO: check-old CVE-2007-4020 (Multiple cross-site scripting (XSS) vulnerabilities in login.php in ...) TODO: check-old CVE-2007-4021 (Multiple cross-site scripting (XSS) vulnerabilities in login.php in ...) TODO: check-old CVE-2007-4022 (Cross-site scripting (XSS) vulnerability in ...) TODO: check-old CVE-2007-4023 (Cross-site scripting (XSS) vulnerability in the login CGI program in ...) TODO: check-old CVE-2007-4024 (Cross-site scripting (XSS) vulnerability in W1L3D4_aramasonuc.asp in ...) TODO: check-old CVE-2007-4025 (Unspecified vulnerability in Sun Java System (SJS) Application Server ...) TODO: check-old CVE-2007-4026 (epesi framework before 0.8.6 does not properly verify file extensions, ...) TODO: check-old CVE-2007-4027 (Buffer overflow in cli32 in Areca CLI 1.72.250 and earlier might allow ...) TODO: check-old CVE-2007-4028 (Absolute path traversal vulnerability in index.php in Webspell 4.01.02 ...) TODO: check-old CVE-2007-4029 (libvorbis 1.1.2, and possibly other versions before 1.2.0, allows ...) BUG: 186716 CVE-2007-4030 RESERVED CVE-2007-4031 (Directory traversal vulnerability in a certain ActiveX control in ...) TODO: check-old CVE-2007-4032 (Buffer overflow in CrystalPlayer Pro 1.98 allows user-assisted remote ...) TODO: check-old CVE-2007-4033 (Buffer overflow in the intT1_EnvGetCompletePath function in ...) BUG: 193437 CVE-2007-4034 (Stack-based buffer overflow in the YDPCTL.YDPControl.1 (aka Yahoo! ...) TODO: check-old CVE-2007-4035 (** DISPUTED ** ...) TODO: check-old CVE-2007-4036 (** DISPUTED ** ...) TODO: check-old CVE-2007-4037 (** DISPUTED ** ...) TODO: check-old CVE-2007-4038 (Argument injection vulnerability in Mozilla Firefox before 2.0.0.5, ...) TODO: check-old CVE-2007-4039 (Argument injection vulnerability involving Mozilla, when certain URIs ...) TODO: check-old CVE-2007-4040 (Argument injection vulnerability involving Microsoft Outlook and ...) TODO: check-old CVE-2007-4041 (Multiple argument injection vulnerabilities in Mozilla Firefox 2.0.0.5 ...) TODO: check-old CVE-2007-4042 (Multiple argument injection vulnerabilities in Netscape Navigator 9 ...) TODO: check-old CVE-2007-4043 (file.cgi in Secure Computing SecurityReporter (aka Network Security ...) TODO: check-old CVE-2007-4044 REJECTED TODO: check-old CVE-2007-4045 (The CUPS service, as used in SUSE Linux before 20070720 and other ...) BUG: 199195 CVE-2007-4046 (SQL injection vulnerability in index.php in the Pony Gallery ...) TODO: check-old CVE-2007-4047 (geoBlog (aka BitDamaged) 1 does not require authentication for (1) ...) TODO: check-old CVE-2007-4048 (Cross-site scripting (XSS) vulnerability in index.php in phpSysInfo ...) TODO: check-old CVE-2007-4049 REJECTED TODO: check-old CVE-2007-4050 (Unspecified vulnerability in WebUI in ADempiere Bazaar before 3.3 beta ...) TODO: check-old CVE-2007-4051 (Heap-based buffer overflow in the FindFiles function in UltraDefrag ...) TODO: check-old CVE-2007-4052 (Cross-site scripting (XSS) vulnerability in utilities/login.asp in ...) TODO: check-old CVE-2007-4053 (SQL injection vulnerability in include/img_view.class.php in LinPHA ...) TODO: check-old CVE-2007-4054 (SQL injection vulnerability in category.php in PHP123 Top Sites allows ...) TODO: check-old CVE-2007-4055 (SQL injection vulnerability in comments_get.asp in SimpleBlog 3.0 ...) TODO: check-old CVE-2007-4056 (SQL injection vulnerability in directory.php in Prozilla Adult ...) TODO: check-old CVE-2007-4057 (Unrestricted file upload vulnerability in pfs.php in Neocrome Seditio ...) TODO: check-old CVE-2007-4058 (Absolute path traversal vulnerability in a certain ActiveX control in ...) TODO: check-old CVE-2007-4059 (Absolute path traversal vulnerability in a certain ActiveX control in ...) TODO: check-old CVE-2007-4060 (Multiple buffer overflows in the HttpSprockMake function in http.c in ...) TODO: check-old CVE-2007-4061 (Directory traversal vulnerability in a certain ActiveX control in ...) TODO: check-old CVE-2007-4062 (The SCANCTRL.ScanCtrlCtrl.1 ActiveX control in scan.dll in Nessus ...) TODO: check-old CVE-2007-4063 (Multiple cross-site request forgery (CSRF) vulnerabilities in Drupal ...) TODO: check-old CVE-2007-4064 (Multiple cross-site scripting (XSS) vulnerabilities in Drupal 5.x ...) TODO: check-old CVE-2007-4065 (lib/vorbisfile.c in libvorbisfile in Xiph.Org libvorbis before 1.2.0 ...) BUG: 186716 CVE-2007-4066 (Multiple buffer overflows in Xiph.Org libvorbis before 1.2.0 allow ...) BUG: 186716 CVE-2007-4067 (Absolute path traversal vulnerability in the clInetSuiteX6.clWebDav ...) TODO: check-old CVE-2007-4068 (Multiple SQL injection vulnerabilities in Webyapar 2.0 allow remote ...) TODO: check-old CVE-2007-4069 (SQL injection vulnerability in show_cat.php in IndexScript 2.8 and ...) TODO: check-old CVE-2007-4070 (Unspecified vulnerability in Low Bandwidth X proxy (lbxproxy) on Sun ...) TODO: check-old CVE-2007-4071 (Multiple cross-site scripting (XSS) vulnerabilities in ...) TODO: check-old CVE-2007-4072 (Webbler CMS before 3.1.6 provides the full installation path within ...) TODO: check-old CVE-2007-4073 (Webbler CMS before 3.1.6 does not properly restrict use of "mail a ...) TODO: check-old CVE-2007-4074 (The default configuration of Centre for Speech Technology Research ...) TODO: check-old CVE-2007-4075 (Cross-site scripting (XSS) vulnerability in index.asp in Alisveris ...) TODO: check-old CVE-2007-4076 (Multiple SQL injection vulnerabilities in index.asp in Alisveris ...) TODO: check-old CVE-2007-4077 (Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft ...) TODO: check-old CVE-2007-4078 (Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft Text ...) TODO: check-old CVE-2007-4079 (Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft SMS ...) TODO: check-old CVE-2007-4080 (Cross-site scripting (XSS) vulnerability in index.php AlstraSoft ...) TODO: check-old CVE-2007-4081 (Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft ...) TODO: check-old CVE-2007-4082 (Cross-site scripting (XSS) vulnerability in contact_author.php ...) TODO: check-old CVE-2007-4083 (Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft ...) TODO: check-old CVE-2007-4084 (Multiple SQL injection vulnerabilities in AlstraSoft Affiliate Network ...) TODO: check-old CVE-2007-4085 (Multiple SQL injection vulnerabilities in AlstraSoft AskMe Pro allow ...) TODO: check-old CVE-2007-4086 (Multiple SQL injection vulnerabilities in AlstraSoft Video Share ...) TODO: check-old CVE-2007-4087 (AlstraSoft Video Share Enterprise allows remote attackers to obtain ...) TODO: check-old CVE-2007-4088 (Multiple cross-site scripting (XSS) vulnerabilities in Vikingboard ...) TODO: check-old CVE-2007-4089 (Vikingboard 0.1.2 allows remote attackers to obtain sensitive ...) TODO: check-old CVE-2007-4090 (Multiple cross-site scripting (XSS) vulnerabilities in Vikingboard ...) TODO: check-old CVE-2007-4091 (Multiple off-by-one errors in the sender.c in rsync 2.6.9 might allow ...) BUG: 189132 CVE-2007-4092 (Directory traversal vulnerability in index.php in iFoto 1.0.1 and ...) TODO: check-old CVE-2007-4093 (Minb Is Not a Blog (minb) stores sensitive information under the web ...) TODO: check-old CVE-2007-4094 (PHP remote file inclusion vulnerability in library/authorize.php in ...) TODO: check-old CVE-2007-4095 (SQL injection vulnerability in BSM Store Dependent Forums 1.02 allows ...) TODO: check-old CVE-2007-4096 (Buffer overflow in Tor before 0.1.2.15, when using BSD natd support, ...) TODO: check-old CVE-2007-4097 (Tor before 0.1.2.15 sends "destroy cells" containing the reason for ...) TODO: check-old CVE-2007-4098 (Tor before 0.1.2.15 does not properly distinguish "streamids from ...) TODO: check-old CVE-2007-4099 (Tor before 0.1.2.15 can select a guard node beyond the first listed ...) TODO: check-old CVE-2007-4100 (MLDonkey before 2.9.0 does not load certain code from ...) TODO: check-old CVE-2007-4101 (Multiple PHP remote file inclusion vulnerabilities in Madoa Poll 1.1 ...) TODO: check-old CVE-2007-4102 (Cross-site scripting (XSS) vulnerability in search.php for sBlog 0.7.3 ...) TODO: check-old CVE-2007-4103 (The IAX2 channel driver (chan_iax2) in Asterisk Open 1.2.x before ...) BUG: 185713 CVE-2007-4104 (Multiple cross-site scripting (XSS) vulnerabilities in the ...) TODO: check-old CVE-2007-4105 (A certain ActiveX control in BaiduBar.dll in Baidu Soba Search Bar 5.4 ...) TODO: check-old CVE-2007-4106 (SQL injection vulnerability in login.asp in CodeWidgets Pay Roll - ...) TODO: check-old CVE-2007-4107 (SQL injection vulnerability in editpost.php in phpMyForum before 4.1.4 ...) TODO: check-old CVE-2007-4108 (SQL injection vulnerability in sign_in.aspx in WebEvents (Online Event ...) TODO: check-old CVE-2007-4109 (SQL injection vulnerability in sign_in.aspx in WebStore (Online Store ...) TODO: check-old CVE-2007-4110 (SQL injection vulnerability in sign_in.aspx in Message Board / ...) TODO: check-old CVE-2007-4111 (SQL injection vulnerability in the login script in Real Estate listing ...) TODO: check-old CVE-2007-4112 (Multiple SQL injection vulnerabilities in Advanced Webhost Billing ...) TODO: check-old CVE-2007-4113 (Unspecified vulnerability in Advanced Webhost Billing System (AWBS) ...) TODO: check-old CVE-2007-4114 (Multiple SQL injection vulnerabilities in unuttum.asp in ...) TODO: check-old CVE-2007-4115 (Multiple cross-site scripting (XSS) vulnerabilities in IT!CMS (itcms) ...) TODO: check-old CVE-2007-4116 (SQL injection vulnerability in philboard_forum.asp in Metyus Forum ...) TODO: check-old CVE-2007-4117 (** DISPUTED ** ...) TODO: check-old CVE-2007-4118 (PHP remote file inclusion vulnerability in includes/functions.inc.php ...) TODO: check-old CVE-2007-4119 (Multiple SQL injection vulnerabilities in yonetici.asp in Berthanas ...) TODO: check-old CVE-2007-4120 (** DISPUTED ** ...) TODO: check-old CVE-2007-4121 (Multiple SQL injection vulnerabilities in admin.aspx in E-Commerce ...) TODO: check-old CVE-2007-4122 (Unspecified vulnerability in Hitachi JP1/Cm2/Hierarchical Viewer (HV) ...) TODO: check-old CVE-2007-4123 (The Groupmax Scheduler_Facilities management tool in Hitachi Groupmax ...) TODO: check-old CVE-2007-4124 (The session failover function in Cosminexus Component Container in ...) TODO: check-old CVE-2007-4125 (Unspecified vulnerability in the Address and Routing Parameter Area ...) TODO: check-old CVE-2007-4126 (Unspecified vulnerability in the dynamic tracing framework (DTrace) on ...) TODO: check-old CVE-2007-4127 (** DISPUTED ** ...) TODO: check-old CVE-2007-4128 (SQL injection vulnerability in index.php in the Firestorm Technologies ...) TODO: check-old CVE-2007-4129 (CoolKey 1.1.0 allows local users to overwrite arbitrary files via a ...) BUG: 191643 CVE-2007-4130 (The Linux kernel 2.6.9 before 2.6.9-67 in Red Hat Enterprise Linux ...) NOT-FOR-US: we dont ship such old kernels CVE-2007-4131 (Directory traversal vulnerability in the contains_dot_dot function in ...) BUG: 189682 CVE-2007-4132 (Unspecified vulnerability in Red Hat Network Satellite Server 5.0.0 ...) TODO: check-old CVE-2007-4133 (The (1) hugetlb_vmtruncate_list and (2) hugetlb_vmtruncate functions ...) BUG: 196120 CVE-2007-4134 (Directory traversal vulnerability in extract.c in star before 1.5a84 ...) BUG: 189690 CVE-2007-4135 (The NFSv4 ID mapper (nfsidmap) before 0.17 does not properly handle ...) NOTE: only <0.16 is affected NOTE: https://issues.rpath.com/browse/RPL-1731 CVE-2007-4136 (The ricci daemon in Red Hat Conga 0.10.0 allows remote attackers to ...) NOT-FOR-US: redhat Conga CVE-2007-4137 (Off-by-one error in the QUtf8Decoder::toUnicode function in Trolltech ...) BUG: 192472 CVE-2007-4138 (The Winbind nss_info extension (nsswitch/idmap_ad.c) in idmap_ad.so in ...) TODO: check-old CVE-2007-4139 (Cross-site scripting (XSS) vulnerability in the Temporary Uploads ...) TODO: check-old CVE-2007-4140 (Buffer overflow in Live for Speed (LFS) S2 ALPHA PATCH 0.5x allows ...) TODO: check-old CVE-2007-4141 (OpenRat CMS 0.8-beta1 and earlier allows remote attackers to obtain ...) TODO: check-old CVE-2007-4142 (Cross-site scripting (XSS) vulnerability in IBM Lotus Sametime Server ...) TODO: check-old CVE-2007-4143 (user.php in the Billing Control Panel in phpCoupon allows remote ...) TODO: check-old CVE-2007-4144 (Cross-site scripting (XSS) vulnerability in ...) TODO: check-old CVE-2007-4145 (Heap-based buffer overflow in the BlueSkychat (BlueSkyCat) ActiveX ...) TODO: check-old CVE-2007-4146 (Cross-site scripting (XSS) vulnerability in webevent.cgi in WebEvent ...) TODO: check-old CVE-2007-4147 (Multiple unspecified vulnerabilities in Interspire ArticleLive NX ...) TODO: check-old CVE-2007-4148 (Heap-based buffer overflow in the Visionsoft Audit on Demand Service ...) TODO: check-old CVE-2007-4149 (The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit ...) TODO: check-old CVE-2007-4150 (The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit ...) TODO: check-old CVE-2007-4151 (The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit ...) TODO: check-old CVE-2007-4152 (The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit ...) TODO: check-old CVE-2007-4153 (Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.2.1 ...) TODO: check-old CVE-2007-4154 (SQL injection vulnerability in options.php in WordPress 2.2.1 allows ...) TODO: check-old CVE-2007-4155 (Absolute path traversal vulnerability in a certain ActiveX control in ...) TODO: check-old CVE-2007-4156 (Multiple SQL injection vulnerabilities in wolioCMS allow remote ...) TODO: check-old CVE-2007-4157 (PHPBlogger stores sensitive information under the web root with ...) TODO: check-old CVE-2007-4158 (Memory leak in TIBCO Rendezvous (RV) daemon (rvd) 7.5.2, 7.5.3 and ...) TODO: check-old CVE-2007-4159 (index.html in the HTTP administration interface in certain daemons in ...) TODO: check-old CVE-2007-4160 (The default configuration of TIBCO Rendezvous (RV) 7.5.2 clients, when ...) TODO: check-old CVE-2007-4161 (rvd in TIBCO Rendezvous (RV) 7.5.2, when -no-lead-wc is omitted, might ...) TODO: check-old CVE-2007-4162 (TIBCO Rendezvous (RV) 7.5.2 does not protect confidentiality or ...) TODO: check-old CVE-2007-4163 (Multiple SQL injection vulnerabilities in IndexScript 2.7 and 2.8 ...) TODO: check-old CVE-2007-4164 (CRLF injection vulnerability in the redirect feature in Sun Java ...) TODO: check-old CVE-2007-4165 (Cross-site scripting (XSS) vulnerability in index.php in the Blue ...) TODO: check-old CVE-2007-4166 (Cross-site scripting (XSS) vulnerability in index.php in the Unnamed ...) TODO: check-old CVE-2007-4167 (PHP remote file inclusion vulnerability in cat_viewed.php in ...) TODO: check-old CVE-2007-4168 REJECTED TODO: check-old CVE-2007-4169 (** DISPUTED ** ...) TODO: check-old CVE-2007-4170 (Multiple PHP remote file inclusion vulnerabilities in AL-Athkar 2.0 ...) TODO: check-old CVE-2007-4171 (SQL injection vulnerability in komentar.php in the Forum Module for ...) TODO: check-old CVE-2007-4172 (Multiple cross-site scripting (XSS) vulnerabilities in Open Webmail ...) TODO: check-old CVE-2007-4173 (SQL injection vulnerability in duyuruoku.asp in Hunkaray Okul Portali ...) TODO: check-old CVE-2007-4174 (Tor before 0.1.2.16, when ControlPort is enabled, does not properly ...) TODO: check-old CVE-2007-4175 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) TODO: check-old CVE-2007-4176 (Multiple unspecified vulnerabilities in EQDKP Plus before 0.4.4.5 have ...) TODO: check-old CVE-2007-4177 (Multiple cross-site scripting (XSS) vulnerabilities in Interact before ...) TODO: check-old CVE-2007-4178 (Cross-site scripting (XSS) vulnerability in index.php in WebDirector ...) TODO: check-old CVE-2007-4179 (Unspecified vulnerability in the Address and Routing Parameter Area ...) TODO: check-old CVE-2007-4180 (** DISPUTED ** ...) TODO: check-old CVE-2007-4181 (** DISPUTED ** ...) TODO: check-old CVE-2007-4182 (Unrestricted file upload vulnerability in index.php in WikiWebWeaver ...) TODO: check-old CVE-2007-4183 (SQL injection vulnerability in main.php in paBugs 2.0 Beta 3 and ...) TODO: check-old CVE-2007-4184 (SQL injection vulnerability in administrator/popups/pollwindow.php in ...) TODO: check-old CVE-2007-4185 (Joomla! 1.0.12 allows remote attackers to obtain sensitive information ...) TODO: check-old CVE-2007-4186 (PHP remote file inclusion vulnerability in admin.tour_toto.php in the ...) TODO: check-old CVE-2007-4187 (Multiple eval injection vulnerabilities in the com_search component in ...) TODO: check-old CVE-2007-4188 (Session fixation vulnerability in Joomla! before 1.0.13 (aka Sunglow) ...) TODO: check-old CVE-2007-4189 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before ...) TODO: check-old CVE-2007-4190 (CRLF injection vulnerability in Joomla! before 1.0.13 (aka Sunglow) ...) TODO: check-old CVE-2007-4191 (Panda Antivirus 2008 stores service executables under the product's ...) TODO: check-old CVE-2007-4192 (Multiple cross-site scripting (XSS) vulnerabilities in IDE Group DVD ...) TODO: check-old CVE-2007-4193 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...) TODO: check-old CVE-2007-4194 (Guidance Software EnCase 5.0 allows user-assisted remote attackers to ...) TODO: check-old CVE-2007-4195 (Use-after-free vulnerability in ext2fs.c in Brian Carrier The Sleuth ...) TODO: check-old CVE-2007-4196 (icat in Brian Carrier The Sleuth Kit (TSK) before 2.09 misinterprets a ...) TODO: check-old CVE-2007-4197 (icat in Brian Carrier The Sleuth Kit (TSK) before 2.09 omits NULL ...) TODO: check-old CVE-2007-4198 (The fs_data_put_str function in ntfs.c in fls in Brian Carrier The ...) TODO: check-old CVE-2007-4199 (Brian Carrier The Sleuth Kit (TSK) before 2.09 allows user-assisted ...) TODO: check-old CVE-2007-4200 (ntfs.c in fsstat in Brian Carrier The Sleuth Kit (TSK) before 2.09 ...) TODO: check-old CVE-2007-4201 (Guidance Software EnCase 6.2 and 6.5 does not properly handle a volume ...) TODO: check-old CVE-2007-4202 (Guidance Software EnCase Enterprise Edition (EEE) 6 does not properly ...) TODO: check-old CVE-2007-4203 (Session fixation vulnerability in Mambo 4.6.2 CMS allows remote ...) TODO: check-old CVE-2007-4204 (Hitachi Groupmax Collaboration - Schedule, as used in Groupmax ...) TODO: check-old CVE-2007-4205 (XHA (Linux-HA) on the BlueCat Networks Adonis DNS/DHCP Appliance ...) TODO: check-old CVE-2007-4206 (Kaspersky Anti-Spam 3.0 MP1 before Critical Fix 2 (3.0.278.4) sets ...) TODO: check-old CVE-2007-4207 (SQL injection vulnerability in admin_console/index.asp in Gallery In A ...) TODO: check-old CVE-2007-4208 (SQL injection vulnerability in default.asp in Next Gen Portfolio ...) TODO: check-old CVE-2007-4209 (SQL injection vulnerability in Recherche.php in Aceboard forum allows ...) TODO: check-old CVE-2007-4210 (Multiple SQL injection vulnerabilities in module.php in LANAI (la-nai) ...) TODO: check-old CVE-2007-4211 (The ACL plugin in Dovecot before 1.0.3 allows remote authenticated ...) BUG: 187512 CVE-2007-4212 (Multiple cross-site scripting (XSS) vulnerabilities in the Search ...) NOT-FOR-US: PHP Nuke CVE-2007-4213 (Palm OS on Treo 650, 680, 700p, and 755p Smart phones allows remote ...) NOT-FOR-US: Palm OS CVE-2007-4214 RESERVED CVE-2007-4215 RESERVED CVE-2007-4216 (vsdatant.sys 6.5.737.0 in Check Point Zone Labs ZoneAlarm before ...) NOT-FOR-US: Checkpoint ZoneAlarm CVE-2007-4217 (Stack-based buffer overflow in the domacro function in ftp in IBM AIX ...) NOT-FOR-US: IBM AIX CVE-2007-4218 (Multiple buffer overflows in the ServerProtect service (SpntSvc.exe) ...) NOT-FOR-US: Trend Micro ServerProtect CVE-2007-4219 (Integer overflow in the RPCFN_SYNC_TASK function in StRpcSrv.dll, as ...) NOT-FOR-US: Trend Micro ServerProtect CVE-2007-4220 (Directory traversal vulnerability in Motorola Timbuktu Pro before ...) NOT-FOR-US: Motorola Timbuktu CVE-2007-4221 (Multiple buffer overflows in Motorola Timbuktu Pro before 8.6.5 for ...) NOT-FOR-US: Motorola Timbuktu CVE-2007-4222 (Buffer overflow in the TagAttributeListCopy function in nnotes.dll in ...) NOT-FOR-US: Lotus Notes CVE-2007-4223 (Dbgv.sys in Microsoft Sysinternals DebugView before 4.72 provides an ...) NOT-FOR-US: Microsoft Sysinternals DebugView CVE-2007-4224 (KDE Konqueror 3.5.7 allows remote attackers to spoof the URL address ...) BUG: 185603 CVE-2007-4225 (Visual truncation vulnerability in KDE Konqueror 3.5.7 allows remote ...) BUG: 185603 CVE-2007-4226 (Directory traversal vulnerability in the BlueCat Networks Proteus IPAM ...) NOT-FOR-US: BlueCat Networks Adonis CVE-2007-4227 (Microsoft Windows Explorer (explorer.exe) allows user-assisted remote ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2007-4228 (rmpvc on IBM AIX 4.3 allows local users to cause a denial of service ...) NOT-FOR-US: IBM AIX CVE-2007-4229 (Unspecified vulnerability in KDE Konqueror 3.5.7 and earlier allows ...) NOTE: Local DoS CVE-2007-4230 (** DISPUTED ** ...) NOT-FOR-US: Jem s Scripts BellaBiblio CVE-2007-4231 (PHP remote file inclusion vulnerability in order/login.php in IDevSpot ...) NOT-FOR-US: iDevspot PHPHostBot CVE-2007-4232 (PHP remote file inclusion vulnerability in admin/inc/change_action.php ...) NOT-FOR-US: Andreas Robertz PHPNews CVE-2007-4233 (Multiple unspecified vulnerabilities in Camera Life before 2.6 allow ...) NOT-FOR-US: Camera Life CVE-2007-4234 (Unspecified vulnerability in Camera Life before 2.6 allows remote ...) NOT-FOR-US: Camera Life CVE-2007-4235 (Multiple PHP remote file inclusion vulnerabilities in VietPHP allow ...) NOT-FOR-US: VietPHP CVE-2007-4236 (Buffer overflow in lpd in bos.rte.printers in AIX 5.2 and 5.3 allows ...) NOT-FOR-US: IBM AIX CVE-2007-4237 (Buffer overflow in the atm subset in arp in devices.common.IBM.atm.rte ...) NOT-FOR-US: IBM AIX CVE-2007-4238 (AIX 5.2 and 5.3 install pioinit with user and group ownership of bin, ...) NOT-FOR-US: IBM AIX CVE-2007-4239 (Cross-site scripting (XSS) vulnerability in user/forgotPassStep2.jsp ...) NOT-FOR-US: C SAM OneWallet CVE-2007-4240 (The check_logout function in class/auth.php in Help Center Live (hcl) ...) NOT-FOR-US: Help Center Live CVE-2007-4241 (Buffer overflow in ldcconn in Hewlett-Packard (HP) Controller for ...) NOT-FOR-US: HP UX CVE-2007-4242 (The pop3 Proxy in Astaro Security Gateway (ASG) 7 does not perform ...) NOT-FOR-US: Astaro Security Gateway CVE-2007-4243 (Unspecified vulnerability in pfilter-reporter.pl in Astaro Security ...) NOT-FOR-US: Astaro Security_Gateway CVE-2007-4244 (PHP remote file inclusion vulnerability in langset.php in J! ...) NOT-FOR-US: Joomla J_Reactions CVE-2007-4245 (Cross-site scripting (XSS) vulnerability in Search.php in DiMeMa ...) NOT-FOR-US: DiMeMa CONTENTdm CVE-2007-4246 (Unspecified vulnerability, possibly a buffer overflow, in Justsystem ...) NOT-FOR-US: Justsystem Ichitaro CVE-2007-4247 (Windows Calendar on Microsoft Windows Vista allows remote attackers to ...) NOT-FOR-US: Microsoft windows CVE-2007-4248 (The CallCmd function in toolbar_gaming.dll in the Toolbar Gaming ...) NOT-FOR-US: Toolbar Gaming CVE-2007-4249 (The isChecked function in Toolbar.DLL in the ExportNation toolbar for ...) NOT-FOR-US: ExportNation Toolbar CVE-2007-4250 (The isChecked function in Toolbar.DLL in Advanced Searchbar before ...) NOT-FOR-US: Advanced Searchbar CVE-2007-4251 (OpenOffice.org (OOo) 2.2 does not properly handle files with multiple ...) NOTE: Local denial of service. CVE-2007-4252 (Absolute path traversal vulnerability in a certain ActiveX control in ...) NOT-FOR-US: Chilkat Software ASP String CVE-2007-4253 (SQL injection vulnerability in the News module in modules.php in ...) NOT-FOR-US: Envolution CVE-2007-4254 (Stack-based buffer overflow in a certain ActiveX control in VDT70.DLL ...) NOT-FOR-US: Microsoft Visual Studio CVE-2007-4255 (Buffer overflow in the mSQL extension in PHP 5.2.3 allows ...) NOT-FOR-US: We don't ship this extension. CVE-2007-4256 (Directory traversal vulnerability in showpage.cgi in YNP Portal System ...) NOT-FOR-US: ynp Portal Systems CVE-2007-4257 (Multiple buffer overflows in Live for Speed (LFS) S1 and S2 allow ...) NOT-FOR-US: LFS Live for speed CVE-2007-4258 (SQL injection vulnerability in directory.php in Prozilla Pub Site ...) NOT-FOR-US: ProZilla Pub site CVE-2007-4259 (EZPhotoSales 1.9.3 and earlier allows remote attackers to download ...) NOT-FOR-US: EZ photo sales CVE-2007-4260 (EZPhotoSales 1.9.3 and earlier has a default "admin" account for ...) NOT-FOR-US: EZ photo sales CVE-2007-4261 (EZPhotoSales 1.9.3 and earlier stores sensitive information under the ...) NOT-FOR-US: EZ photo sales CVE-2007-4262 (Unrestricted file upload vulnerability in EZPhotoSales 1.9.3 and ...) NOT-FOR-US: EZ photo sales CVE-2007-4263 (Unspecified vulnerability in the server side of the Secure Copy (SCP) ...) NOT-FOR-US: Cisco IOS CVE-2007-4264 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) NOT-FOR-US: Kai Blankenhorn Bitfolge Simple and Nice Index File CVE-2007-4265 (Multiple cross-site scripting (XSS) vulnerabilities in VisionProject ...) NOT-FOR-US: Visionera AB VisionProject CVE-2007-4266 RESERVED CVE-2007-4267 (Stack-based buffer overflow in the Networking component in Apple Mac ...) NOT-FOR-US: Apple CVE-2007-4268 (Integer signedness error in the Networking component in Apple Mac OS X ...) NOT-FOR-US: Apple CVE-2007-4269 (Integer overflow in the Networking component in Apple Mac OS X 10.4 ...) NOT-FOR-US: Apple CVE-2007-4270 (Multiple race conditions in IBM DB2 UDB 8 before Fixpak 15 and 9.1 ...) NOT-FOR-US: IBM DB2 Universal Database CVE-2007-4271 (Directory traversal vulnerability in IBM DB2 UDB 8 before Fixpak 15 ...) NOT-FOR-US: IBM DB2 Universal Database CVE-2007-4272 (Multiple vulnerabilities in IBM DB2 UDB 8 before Fixpak 15 and 9.1 ...) NOT-FOR-US: IBM DB2 Universal Database CVE-2007-4273 (IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allows local ...) NOT-FOR-US: IBM DB2 Universal Database CVE-2007-4274 REJECTED CVE-2007-4275 (Multiple untrusted search path vulnerabilities in IBM DB2 UDB 8 before ...) NOT-FOR-US: IBM DB2 Universal Database CVE-2007-4276 (Stack-based buffer overflow in IBM DB2 UDB 8 before Fixpak 15 and 9.1 ...) NOT-FOR-US: IBM DB2 Universal Database CVE-2007-4277 (The Trend Micro AntiVirus scan engine before 8.550-1001, as used in ...) NOT-FOR-US: PC-Cillin Internet Security CVE-2007-4278 (Stack-based buffer overflow in the giomgr process in ESRI ArcSDE ...) NOT-FOR-US: ESRI ArcGIS CVE-2007-4279 (PHP remote file inclusion vulnerability in config.php in ...) NOT-FOR-US: FrontAccounting CVE-2007-4280 (The Skinny channel driver (chan_skinny) in Asterisk Open Source before ...) NOTE: Asterisk 1.4 CVE-2007-4281 (Cross-site scripting (XSS) vulnerability in KnowledgeTree Open Source ...) BUG: 188257 CVE-2007-4282 (The "Extended properties for entries" (entryproperties) plugin in ...) NOT-FOR-US: Serendipity CVE-2007-4283 (PHP remote file inclusion vulnerability in bridge/yabbse.inc.php in ...) NOTE: Too old. CVE-2007-4284 (Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified ...) NOT-FOR-US: Cisco MeetingPlace Web Confrencing CVE-2007-4285 (Unspecified vulnerability in Cisco IOS and Cisco IOS XR 12.x up to ...) NOT-FOR-US: Cisco IOS CVE-2007-4286 (Buffer overflow in the Next Hop Resolution Protocol (NHRP) ...) NOT-FOR-US: Cisco IOS CVE-2007-4287 (PHP remote file inclusion vulnerability in fc_functions/fc_example.php ...) NOT-FOR-US: FishCart CVE-2007-4288 (Microsoft Windows Media Player 11 (wmplayer.exe) allows user-assisted ...) NOT-FOR-US: Microsoft Windows Media Player CVE-2007-4289 (Sun Java System Portal Server 7.0 does not properly process XSLT ...) NOT-FOR-US: Sun Java System Portal Server CVE-2007-4290 (** DISPUTED ** ...) NOT-FOR-US: STADTAUS Guestbook Script CVE-2007-4291 (Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial ...) NOT-FOR-US: Cisco IOS CVE-2007-4292 (Multiple memory leaks in Cisco IOS 12.0 through 12.4 allow remote ...) NOT-FOR-US: Cisco IOS CVE-2007-4293 (Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial ...) NOT-FOR-US: Cisco IOS CVE-2007-4294 (Unspecified vulnerability in Cisco Unified Communications Manager ...) NOT-FOR-US: Cisco Unified Communications Manager CVE-2007-4295 (Unspecified vulnerability in Cisco IOS 12.0 through 12.4 allows remote ...) NOT-FOR-US: Cisco IOS CVE-2007-4296 (Unspecified vulnerability in assp.pl in Anti-Spam SMTP Proxy Server ...) NOT-FOR-US: Anti Spam SMTP Proxy Server CVE-2007-4297 (Multiple cross-site scripting (XSS) vulnerabilities in yorumkaydet.asp ...) NOT-FOR-US: Aspindir Dersimiz Haber Ekleme Modulu CVE-2007-4298 RESERVED CVE-2007-4299 RESERVED CVE-2007-4300 RESERVED CVE-2007-4301 (Multiple cross-site scripting (XSS) vulnerabilities in the management ...) NOT-FOR-US: WebCart CVE-2007-4302 (Multiple race conditions in certain system call wrappers in Generic ...) NOT-FOR-US: GSWTK CVE-2007-4303 (Multiple race conditions in (1) certain rules and (2) argument copying ...) NOT-FOR-US: CerbNG CVE-2007-4304 (CerbNG for FreeBSD 4.8 does not properly implement VM protection when ...) NOT-FOR-US: CerbNG CVE-2007-4305 (Multiple race conditions in the (1) Sudo monitor mode and (2) Sysjail ...) NOTE: NetBSD and OpenBSD only CVE-2007-4306 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...) NOTE: Not exploitable according to http://www.securityfocus.com/bid/25268/ CVE-2007-4307 (Multiple cross-site scripting (XSS) vulnerabilities in Storesprite 7 ...) NOT-FOR-US: Storesprite CVE-2007-4308 (The (1) aac_cfg_open and (2) aac_compat_ioctl functions in the SCSI ...) NOT-FOR-US: Adaptec AACRAID controller CVE-2007-4309 (IBM Lotus Notes 5.x through 7.0.2 allows user-assisted remote ...) NOT-FOR-US: IBM Lotus Notes CVE-2007-4310 (The finger daemon (in.fingerd) in Sun Solaris 7 through 9 allows ...) NOT-FOR-US: Sun Solaris CVE-2007-4311 (The xfer_secondary_pool function in drivers/char/random.c in the Linux ...) NOTE: Kernel 2.4 CVE-2007-4312 (SQL injection vulnerability in index.php in Php Blue Dragon CMS 3.0.0 ...) NOT-FOR-US: Php Blue Dragon CMS CVE-2007-4313 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Php Blue Dragon CMS CVE-2007-4314 (pixlie.php in Pixlie 1.7 allows remote attackers to trigger the ...) NOT-FOR-US: Pixlie CVE-2007-4315 (The AMD ATI atidsmxx.sys 3.0.502.0 driver on Windows Vista allows ...) NOT-FOR-US: ATI Technologies Display Driver CVE-2007-4316 (The management interface in ZyNOS firmware 3.62(WK.6) on the Zyxel ...) NOT-FOR-US: ZyXEL ZyNOS CVE-2007-4317 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...) NOT-FOR-US: ZyXEL ZyNOS CVE-2007-4318 (Cross-site scripting (XSS) vulnerability in Forms/General_1 in the ...) NOT-FOR-US: ZyXEL ZyNOS CVE-2007-4319 (The management interface in ZyNOS firmware 3.62(WK.6) on the Zyxel ...) NOT-FOR-US: ZyXEL ZyNOS CVE-2007-4320 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Ncaster CVE-2007-4321 (fail2ban 0.8 and earlier does not properly parse sshd log files, which ...) BUG: 181214 CVE-2007-4322 (BlockHosts before 2.0.4 does not properly parse (1) sshd and (2) ...) NOT-FOR-US: AC Zoom BlockHosts CVE-2007-4323 (DenyHosts 2.6 does not properly parse sshd log files, which allows ...) BUG: 181213 CVE-2007-4324 (ActionScript 3 (AS3) in Adobe Flash Player 9.0.47.0, and other ...) BUG: 193519 CVE-2007-4325 (PHP remote file inclusion vulnerability in index.php in Gaestebuch 1.5 ...) NOT-FOR-US: Mapos Scripts Gaestebuch CVE-2007-4326 (Multiple PHP remote file inclusion vulnerabilities in Bilder Uploader ...) NOT-FOR-US: Mapos Scripts Bilder Uploader CVE-2007-4327 (Multiple PHP remote file inclusion vulnerabilities in File Uploader ...) NOT-FOR-US: Mapos Scripts File Uploader CVE-2007-4328 (Multiple PHP remote file inclusion vulnerabilities in Mapos Bilder ...) NOT-FOR-US: Mapos Scripts Bilder Galerie CVE-2007-4329 (Multiple PHP remote file inclusion vulnerabilities in Web News 1.1 ...) NOT-FOR-US: Mapos Scripts Web News CVE-2007-4330 (PHP remote file inclusion vulnerability in shoutbox.php in Shoutbox ...) NOT-FOR-US: Mapos Scripts Shoutbox CVE-2007-4331 (PHP remote file inclusion vulnerability in index.php in FindNix allows ...) NOT-FOR-US: CTW Design FindNix CVE-2007-4332 (SQL injection vulnerability in article.php in Article Dashboard, when ...) NOT-FOR-US: Article Dashboard CVE-2007-4333 (Multiple cross-site scripting (XSS) vulnerabilities in signup.php in ...) NOT-FOR-US: Article Dashboard CVE-2007-4334 (Cross-site scripting (XSS) vulnerability in whois.php in Php-stats ...) NOT-FOR-US: PHP Stats CVE-2007-4335 (Format string vulnerability in the SMTP server component in Qbik ...) NOT-FOR-US: Qbik WinGate CVE-2007-4336 (Buffer overflow in the Live Picture Corporation ...) NOT-FOR-US: Microsoft DirectX Media CVE-2007-4337 (Multiple buffer overflows in the httplib_parse_sc_header function in ...) BUG: 188698 CVE-2007-4338 (index.php in Ryan Haudenschilt Family Connections (FCMS) before 0.9 ...) NOT-FOR-US: Haudenschilt Family Connections CVE-2007-4339 (Multiple PHP remote file inclusion vulnerabilities in PHPCentral Poll ...) NOT-FOR-US: PHPCentral Poll Script CVE-2007-4340 (PHP remote file inclusion vulnerability in index.php in phpDVD 1.0.4 ...) NOT-FOR-US: phpDVD CVE-2007-4341 (PHP remote file inclusion vulnerability in adm/my_statistics.php in ...) NOT-FOR-US: Omnistar Lib2 PHP Library CVE-2007-4342 (PHP remote file inclusion vulnerability in include.php in PHPCentral ...) NOT-FOR-US: PHPCentral Login CVE-2007-4343 (Stack-based buffer overflow in IrfanView 3.99 and 4.00 allows ...) NOT-FOR-US: IrfanView CVE-2007-4344 (Multiple input validation errors in ACD ACDSee Photo Manager 9.0 build ...) NOT-FOR-US: ACDsee Photo Manager CVE-2007-4345 (Buffer overflow in IMail Client 9.22, as shipped with IPSwitch IMail ...) NOT-FOR-US: IPSwitch CVE-2007-4346 (The Job Engine (bengine.exe) service in Symantec Backup Exec for ...) NOT-FOR-US: Symantec BackupExec System Recovery CVE-2007-4347 (Multiple integer overflows in the Job Engine (bengine.exe) service in ...) NOT-FOR-US: Symantec BackupExec System Recovery CVE-2007-4348 (Cross-site scripting (XSS) vulnerability in the CAD service in IBM ...) NOT-FOR-US: Tivoli Storage Manager CVE-2007-4349 (The Shared Trace Service (aka OVTrace) in HP Performance Agent C.04.70 ...) NOT-FOR-US: HP OpenView Report CVE-2007-4350 (Cross-site scripting (XSS) vulnerability in the management interface ...) NOT-FOR-US: hp sitescope CVE-2007-4351 (Off-by-one error in the ippReadIO function in cups/ipp.c in CUPS 1.3.3 ...) BUG: 196736 CVE-2007-4352 (Array index error in the DCTStream::readProgressiveDataUnit method in ...) BUG: 196735 CVE-2007-4353 (Multiple buffer overflows in IBM AIX 5.2 and 5.3 allow local users in ...) NOT-FOR-US: IBM AIX CVE-2007-4354 (Buffer overflow in fileplace in bos.perf.tools in IBM AIX 5.2 and 5.3 ...) NOT-FOR-US: IBM AIX CVE-2007-4355 (Buffer overflow in the at program on IBM AIX 5.3 allows local users to ...) NOT-FOR-US: IBM AIX CVE-2007-4356 (Microsoft Internet Explorer 6 and 7 embeds FTP credentials in HTML ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2007-4357 (Mozilla Firefox 2.0.0.6 and earlier allows remote attackers to spoof ...) NOTE: Not a bug. CVE-2007-4358 (Zoidcom 0.6.7 and earlier allows remote attackers to cause a denial of ...) NOT-FOR-US: Zoidcom CVE-2007-4359 (Multiple SQL injection vulnerabilities in SkilMatch Staffing Systems ...) NOT-FOR-US: SkilMatch Staffing Systems JobLister3 CVE-2007-4360 (Unspecified vulnerability in Dell Remote Access Card 4 (DRAC4) with ...) NOT-FOR-US: Dell Remote Access Card CVE-2007-4361 (NETGEAR (formerly Infrant) ReadyNAS RAIDiator before 4.00b2-p2-T1 beta ...) NOT-FOR-US: Netgear ReadyNAS RAIDiator CVE-2007-4362 (SQL injection vulnerability in category.php in Prozilla Webring allows ...) NOT-FOR-US: ProZIlla Webring CVE-2007-4363 (Multiple cross-site scripting (XSS) vulnerabilities in the ...) NOT-FOR-US: Drupal Content Construction Kit CVE-2007-4364 (Fedora Commons before 2.2.1 does not properly handle certain ...) NOT-FOR-US: fedoraproject Commons CVE-2007-4365 (Cross-site scripting (XSS) vulnerability in eXV2 CMS 2.0.5 and earlier ...) NOT-FOR-US: exV2 Content Management System CVE-2007-4366 (WengoPhone 2.1 allows remote attackers to cause a denial of service ...) BUG: 188748 CVE-2007-4367 (Opera before 9.23 allows remote attackers to execute arbitrary code ...) BUG: 188987 BUG: 185497 CVE-2007-4368 (SQL injection vulnerability in /main in IBM Rational ClearQuest (CQ) ...) NOT-FOR-US: IBM Rational ClearQuest CVE-2007-4369 (Directory traversal vulnerability in go/_files in SOTEeSKLEP before ...) NOT-FOR-US: SOTEeSKLEP CVE-2007-4370 (Multiple buffer overflows in the (1) client and (2) server in Racer ...) BUG: 194151 CVE-2007-4371 (Unrestricted file upload vulnerability in admin/pages/blog-add.php in ...) NOT-FOR-US: Hotscripts Neuron Blog CVE-2007-4372 (Unspecified vulnerability in NetWin SurgeMail 38k on Windows Server ...) NOT-FOR-US: NetWin SurgeMail CVE-2007-4373 (The server in Babo Violent 2 2.08.00 and earlier does not properly ...) NOT-FOR-US: RndLabs Babo Violent CVE-2007-4374 (Babo Violent 2 2.08.00 does not validate the sender field of a chat ...) NOT-FOR-US: RndLabs Babo Violent CVE-2007-4375 (The administrative interface (aka DkService.exe) in Diskeeper 9 ...) NOT-FOR-US: Diskeeper CVE-2007-4376 (Unrestricted file upload vulnerability in banner-upload.php in Szymon ...) NOT-FOR-US: Szymon Kosok Best Top List CVE-2007-4377 (Stack-based buffer overflow in the IMAP service in SurgeMail 38k ...) NOT-FOR-US: NetWin SurgeMail CVE-2007-4378 (Multiple format string vulnerabilities in Babo Violent 2 2.08.00 and ...) NOT-FOR-US: RndLabs Babo Violent CVE-2007-4379 (Babo Violent 2 2.08.00 and earlier allows remote attackers to cause a ...) NOT-FOR-US: RndLabs Babo Violent CVE-2007-4380 (Aclient in Symantec Altiris Deployment Solution 6 before 6.8 SP2 ...) NOT-FOR-US: Symantec Altiris Deployment Solution 6 CVE-2007-4381 (Unspecified vulnerability in the font parsing implementation in Sun ...) BUG: 190686 NOTE: Too old. CVE-2007-4382 (CounterPath X-Lite 3.0 34025, and possibly eyeBeam, allows remote ...) NOTE: Only 3.X is affected CVE-2007-4383 (** DISPUTED ** ...) NOT-FOR-US: Trackeur CVE-2007-4384 (Multiple PHP remote file inclusion vulnerabilities in depouilg.php3 in ...) NOT-FOR-US: Stephane Pineau VOTE CVE-2007-4385 (OWASP Stinger before 2.5 allows remote attackers to bypass input ...) NOT-FOR-US: OWASP Stinger CVE-2007-4386 (SQL injection vulnerability in search.php in GetMyOwnArcade allows ...) NOT-FOR-US: GetMyOwnArcade CVE-2007-4387 (Cross-site request forgery (CSRF) vulnerability in /xslt in 2wire ...) NOT-FOR-US: 2wire 2071 Router CVE-2007-4388 (2wire 1701HG and 2071 Gateway routers, with 5.29.51 and possibly ...) NOT-FOR-US: 2wire 2071 Router CVE-2007-4389 (Cross-site request forgery (CSRF) vulnerability in /xslt in 2wire ...) NOT-FOR-US: 2wire 2071 Router CVE-2007-4390 (The Command Line Interface (CLI), aka Adonis Administration Console, ...) NOT-FOR-US: BlueCat Networks Adonis CVE-2007-4391 (Heap-based buffer overflow in Kakadu kdu_v32m.dll in Yahoo! Messenger ...) NOT-FOR-US: Yahoo Messenger CVE-2007-4392 (Winamp 5.35 allows remote attackers to cause a denial of service ...) NOT-FOR-US: Nullsoft Winamp CVE-2007-4393 (The installation script for orarun on SUSE Linux before 20070810 ...) NOT-FOR-US: SuSE Linux CVE-2007-4394 (Unspecified vulnerability in a "core clean" cron job created by the ...) NOT-FOR-US: SuSE Linux CVE-2007-4395 (Multiple unspecified vulnerabilities in the Role Based Access Control ...) NOT-FOR-US: Sun Solaris CVE-2007-4396 (Multiple CRLF injection vulnerabilities in (1) ixmmsa.pl 0.3, (2) ...) NOT-FOR-US: irssi external scripts CVE-2007-4397 (Multiple CRLF injection vulnerabilities in (1) xmms-thing 1.0, (2) ...) NOT-FOR-US: Mikachu l33t xmms music showing script CVE-2007-4398 (Multiple CRLF injection vulnerabilities in the (1) now-playing.rb and ...) NOT-FOR-US: now-playing.rb xmms.pl for weechat CVE-2007-4399 (CRLF injection vulnerability in the xmms.bx 1.0 script for BitchX ...) NOT-FOR-US: xmms.bx 1.0 script for BitchX CVE-2007-4400 (CRLF injection vulnerability in the included media script in ...) BUG: 189255 CVE-2007-4401 (Multiple CRLF injection vulnerabilities in the Advanced mIRC ...) NOT-FOR-US: mIRC Advanced Integration Plugin CVE-2007-4402 (Multiple unspecified scripts in mIRC allow user-assisted remote ...) NOT-FOR-US: mIRC CVE-2007-4403 (The mIRC Control Plug-in for Winamp allows user-assisted remote ...) NOT-FOR-US: mIRC Plug in for Winamp CVE-2007-4404 (ircu 2.10.12.01 allows remote attackers to (1) cause a denial of ...) NOT-FOR-US: Universal ircd ircu CVE-2007-4405 (ircu 2.10.12.02 through 2.10.12.04 allows remote attackers to cause a ...) NOT-FOR-US: Universal ircd ircu CVE-2007-4406 (ircu 2.10.12.01 through 2.10.12.04 does not remove ops privilege after ...) NOT-FOR-US: Universal ircd ircu CVE-2007-4407 (ircu 2.10.12.03 and 2.10.12.04 does not associate a timestamp with ops ...) NOT-FOR-US: Universal ircd ircu CVE-2007-4408 (ircu 2.10.12.05 and earlier ignores timestamps in bounces, which ...) NOT-FOR-US: Universal ircd ircu CVE-2007-4409 (Race condition in ircu 2.10.12.01 through 2.10.12.05 allows remote ...) NOT-FOR-US: Universal ircd ircu CVE-2007-4410 (ircu 2.10.12.05 and earlier does not properly synchronize a kick ...) NOT-FOR-US: ircu CVE-2007-4411 (ircu 2.10.12.05 and earlier allows remote attackers to discover the ...) NOT-FOR-US: ircu CVE-2007-4412 (Multiple cross-site scripting (XSS) vulnerabilities in Headstart ...) NOT-FOR-US: Headstart Solutions DeskPRO CVE-2007-4413 (Direct static code injection vulnerability in admincp/user_help.php in ...) NOT-FOR-US: Headstart Solutions DeskPRO CVE-2007-4414 (Cisco VPN Client on Windows before 4.8.02.0010 allows local users to ...) NOTE: Windows only CVE-2007-4415 (Cisco VPN Client on Windows before 5.0.01.0600, and the 5.0.01.0600 ...) NOTE: Windows only CVE-2007-4416 (** DISPUTED ** ...) NOT-FOR-US: Jemjabella Bellabook CVE-2007-4417 (IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 does not ...) NOT-FOR-US: IBM DB2 Universal Database CVE-2007-4418 (IBM DB2 UDB 8 before Fixpak 15 does not properly check authorization, ...) NOT-FOR-US: IBM DB2 Universal Database CVE-2007-4419 (Admin.php in Olate Download (od) 3.4.1 uses an MD5 hash of the admin ...) NOT-FOR-US: OlateDownload CVE-2007-4420 (Absolute path traversal vulnerability in a certain ActiveX control in ...) NOT-FOR-US: EDraw Office Viewer Component CVE-2007-4421 (SQL injection vulnerability in Admin.php in Olate Download (od) 3.4.1 ...) NOT-FOR-US: OlateDownload CVE-2007-4422 (The login interface in Symantec Enterprise Firewall 6.x, when a VPN ...) NOT-FOR-US: Symantec Enterprise Firewall CVE-2007-4423 (Stack-based buffer overflow in the AUTH_LIST_GROUPS_FOR_AUTHID ...) NOT-FOR-US: IBM DB2 Universal Database CVE-2007-4424 (Apple Safari for Windows 3.0.3 and earlier does not prompt the user ...) NOT-FOR-US: Apple Safari CVE-2007-4425 (Multiple buffer overflows in Live for Speed (LFS) demo, S1, and S2 ...) NOT-FOR-US: Live for Speed CVE-2007-4426 (Live for Speed (LFS) S1 and S2 allows remote attackers to cause a ...) NOT-FOR-US: Live for Speed CVE-2007-4427 (Unspecified vulnerability in the login page redirection logic in the ...) NOT-FOR-US: InterSystems Cache Database CVE-2007-4428 (Lhaz 1.33 allows remote attackers to execute arbitrary code via ...) NOT-FOR-US: Lhaz CVE-2007-4429 (Unspecified vulnerability in Skype allows remote attackers to cause a ...) NOTE: Not an issue. CVE-2007-4430 (Unspecified vulnerability in Cisco IOS 12.0 through 12.4 allows ...) NOT-FOR-US: Cisco IOS_XR CVE-2007-4431 (Cross-domain vulnerability in Apple Safari for Windows 3.0.3 and ...) NOT-FOR-US: Apple Safari CVE-2007-4432 (Untrusted search path vulnerability in the wrapper scripts for the (1) ...) NOT-FOR-US: SuSE Linux CVE-2007-4433 (Cross-site scripting (XSS) vulnerability in textfilesearch.aspx in the ...) NOT-FOR-US: Aspindir Text File Search CVE-2007-4434 (Cross-site scripting (XSS) vulnerability in textfilesearch.asp in the ...) NOT-FOR-US: Aspindir Text File Search CVE-2007-4435 (Multiple SQL injection vulnerabilities in TorrentTrader before 1.07 ...) NOT-FOR-US: TorrentTrader CVE-2007-4436 (The Drupal Project module before 5.x-1.0, 4.7.x-2.3, and 4.7.x-1.3 and ...) NOT-FOR-US: Drupal Project CVE-2007-4437 (SQL injection vulnerability in albums.php in Ampache before 3.3.3.5 ...) BUG: 189607 CVE-2007-4438 (Session fixation vulnerability in Ampache before 3.3.3.5 allows remote ...) BUG: 189607 CVE-2007-4439 (PHP remote file inclusion vulnerability in popup_window.php in ...) NOT-FOR-US: Lighthouse Development Squirrelcart CVE-2007-4440 (Stack-based buffer overflow in the MercuryS SMTP server in Mercury ...) NOT-FOR-US: Mercury Mail Transport System CVE-2007-4441 (Buffer overflow in php_win32std.dll in the win32std extension for PHP ...) NOTE: We don't ship this extension. CVE-2007-4442 (Stack-based buffer overflow in the logging function in the Unreal ...) BUG: 44351 NOTE: Masked CVE-2007-4443 (The UCC dedicated server for the Unreal engine, possibly 2003 and ...) BUG: 44351 NOTE: Masked CVE-2007-4444 (Multiple buffer overflows in Image Space rFactor 1.250 and earlier ...) NOT-FOR-US: rFactor CVE-2007-4445 (Image Space rFactor 1.250 and earlier allows remote attackers to cause ...) NOT-FOR-US: rFactor CVE-2007-4446 (Format string vulnerability in the server in Toribash 2.71 and earlier ...) NOT-FOR-US: Toribash CVE-2007-4447 (Multiple buffer overflows in the client in Toribash 2.71 and earlier ...) NOT-FOR-US: Toribash CVE-2007-4448 (The server in Toribash 2.71 and earlier does not properly handle ...) NOT-FOR-US: Toribash CVE-2007-4449 (The client in Toribash 2.71 and earlier allows remote attackers to ...) NOT-FOR-US: Toribash Toribash CVE-2007-4450 (The server in Toribash 2.71 and earlier does not properly handle long ...) NOT-FOR-US: Toribash Toribash CVE-2007-4451 (The server in Toribash 2.71 and earlier on Windows allows remote ...) NOT-FOR-US: Toribash Toribash CVE-2007-4452 (The client in Toribash 2.71 and earlier allows remote attackers to ...) NOT-FOR-US: Toribash Toribash CVE-2007-4453 (** DISPUTED ** ...) NOT-FOR-US: Jelsoft vBulletin CVE-2007-4454 (Eval injection vulnerability in environment.php in Olate Download (od) ...) NOT-FOR-US: Olate Download CVE-2007-4455 (The SIP channel driver (chan_sip) in Asterisk Open Source 1.4.x before ...) NOTE: Asterisk 1.4 not in tree CVE-2007-4456 (SQL injection vulnerability in index.php in the SimpleFAQ ...) NOT-FOR-US: Mambo SimpleFAQ CVE-2007-4457 (Directory traversal vulnerability in forumreply.php in Dalai Forum 1.1 ...) NOT-FOR-US: Florian Mahieu Dalai Forum CVE-2007-4458 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Firesoft Firesoft CVE-2007-4459 (Cisco IP Phone 7940 and 7960 with P0S3-08-6-00 firmware, and other SIP ...) NOT-FOR-US: Cisco VoIP Phone CP 7940 CVE-2007-4460 (The RenderV2ToFile function in tag_file.cpp in id3lib (aka libid3) ...) BUG: 189610 CVE-2007-4461 (NuFW 2.2.3, and certain other versions after 2.0, allows remote ...) BUG: 190030 CVE-2007-4462 (lib/Locale/Po4a/Po.pm in po4a before 0.32 allows local users to ...) BUG: 189440 CVE-2007-4463 (The Fileinfo 2.0.9 plugin for Total Commander allows user-assisted ...) NOT-FOR-US: Total Commander CVE-2007-4464 (CRLF injection vulnerability in the Fileinfo 2.0.9 plugin for Total ...) NOT-FOR-US: Total Commander CVE-2007-4465 (Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the ...) BUG: 186219 CVE-2007-4466 (Multiple stack-based buffer overflows in Electronic Arts (EA) ...) NOT-FOR-US: Electronic Arts SnoopyCtrl CVE-2007-4467 (Multiple stack-based buffer overflows in the Oracle JInitiator ActiveX ...) NOT-FOR-US: Oracle JInitiator CVE-2007-4468 RESERVED CVE-2007-4469 RESERVED CVE-2007-4470 (Multiple stack-based buffer overflows in the Earth Resource Mapping ...) NOT-FOR-US: ER Mapper Image Web Server ECW JPEG 2000 plug in CVE-2007-4471 (Multiple unspecified vulnerabilities in the Intuit QuickBooks Online ...) NOT-FOR-US: Intuit Quickbooks CVE-2007-4472 (Multiple buffer overflows in the Broderbund Expressit 3DGreetings ...) NOT-FOR-US: Expressit 3DGreetings Player CVE-2007-4473 (Gesytec Easylon OPC Server before 2.3.44 does not properly validate ...) NOT-FOR-US: Gesytec Easylon OPC Server CVE-2007-4474 (Multiple stack-based buffer overflows in the IBM Lotus Domino Web ...) NOT-FOR-US: IBM Lotus Domino Web Access CVE-2007-4475 (Stack-based buffer overflow in EAI WebViewer3D ActiveX control ...) NOT-FOR-US: sapgui CVE-2007-4476 (Buffer overflow in the safer_name_suffix function in GNU tar has ...) BUG: 196978 NOTE: This bug only affects tar<=1.16, 1.18 is currently stable. NOTE: See Debian #441444 for details. NOTE: still affects cpio. BUG: 196978 CVE-2007-4477 (The administration interface in the Planet VC-200M VDSL2 router allows ...) NOT-FOR-US: VC-200M VDSL2 CVE-2007-4478 (Cross-site scripting (XSS) vulnerability in Microsoft Internet ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2007-4479 (Cross-site scripting (XSS) vulnerability in search.html in Search ...) NOT-FOR-US: ALeadSoft.com Search Engine Builder CVE-2007-4480 (Cross-site scripting (XSS) vulnerability in index.php in the Sirius ...) NOT-FOR-US: WordPress Sirius CVE-2007-4481 (Cross-site scripting (XSS) vulnerability in index.php in the (1) Blix ...) NOT-FOR-US: WordPress Blix CVE-2007-4482 (Cross-site scripting (XSS) vulnerability in index.php in the Pool ...) NOT-FOR-US: WordPress Pool CVE-2007-4483 (Cross-site scripting (XSS) vulnerability in index.php in the WordPress ...) NOTE: Too old. CVE-2007-4484 (PHP remote file inclusion vulnerability in login.php in My_REFERER ...) NOT-FOR-US: My_REFERER CVE-2007-4485 (PHP remote file inclusion vulnerability in visitor.php in Butterfly ...) NOT-FOR-US: Butterfly CVE-2007-4486 (Multiple PHP remote file inclusion vulnerabilities in index.php in ...) NOT-FOR-US: Linkliste CVE-2007-4487 (Cross-site scripting (XSS) vulnerability in D22-Shoutbox for Invision ...) NOT-FOR-US: Invision Power Board CVE-2007-4488 (Multiple cross-site scripting (XSS) vulnerabilities in the Siemens ...) NOT-FOR-US: Siemens Gigaset CVE-2007-4489 (Buffer overflow in the IUAComFormX ActiveX control in uacomx.ocx 2.0.1 ...) NOT-FOR-US: IUAComFormX ActiveX CVE-2007-4490 (Multiple buffer overflows in EarthAgent.exe in Trend Micro ...) NOT-FOR-US: ServerProtect CVE-2007-4491 (SQL injection vulnerability in uyeler2.php in Gurur haber 2.0 allows ...) NOT-FOR-US: Gurer haber CVE-2007-4492 (Multiple unspecified vulnerabilities in the ata disk driver in Sun ...) NOT-FOR-US: Sun Solaris CVE-2007-4493 (eZ publish before 3.8.9, and 3.9 before 3.9.3, does not properly check ...) NOT-FOR-US: eZ publish CVE-2007-4494 (The tipafriend function in eZ publish before 3.8.9, and 3.9 before ...) NOT-FOR-US: eZ publish CVE-2007-4495 (Unspecified vulnerability in the ata disk driver in Sun Solaris 10 on ...) NOT-FOR-US: Sun Solaris CVE-2007-4496 (Unspecified vulnerability in EMC VMware Workstation before 5.5.5 Build ...) BUG: 193196 CVE-2007-4497 (Unspecified vulnerability in EMC VMware Workstation before 5.5.5 Build ...) BUG: 193196 CVE-2007-4498 (The Grandstream SIP Phone GXV-3000 with firmware 1.0.1.7, Loader ...) NOT-FOR-US: Grandstream SIP Phone CVE-2007-4499 (Unrestricted file upload vulnerability in output.php in American ...) NOT-FOR-US: American Financing CVE-2007-4500 (Unspecified vulnerability in TunnelRunner in SSHKeychain before 0.8.2 ...) NOT-FOR-US: SSHKeychain CVE-2007-4501 (Unspecified vulnerability in PassphraseRequester in SSHKeychain before ...) NOT-FOR-US: SSHKeychain CVE-2007-4502 (SQL injection vulnerability in index.php in the BibTeX component ...) NOT-FOR-US: Joomla BibTex CVE-2007-4503 (SQL injection vulnerability in index.php in the Nice Talk component ...) NOT-FOR-US: Joomla Nice Talk CVE-2007-4504 (Directory traversal vulnerability in index.php in the RSfiles ...) NOT-FOR-US: Joomla RSfiles CVE-2007-4505 (SQL injection vulnerability in index.php in the RemoSitory component ...) NOT-FOR-US: Mambo RemoSitory CVE-2007-4506 (SQL injection vulnerability in index.php in the NeoRecruit component ...) NOT-FOR-US: Joomla NeoRecruit CVE-2007-4507 (Multiple buffer overflows in the php_ntuser component for PHP 5.2.3 ...) NOT-FOR-US: We don't ship this extension. CVE-2007-4508 (Stack-based buffer overflow in Rebellion Asura engine, as used for the ...) NOT-FOR-US: Rogue Trooper CVE-2007-4509 (SQL injection vulnerability in index.php in the EventList component ...) NOT-FOR-US: Joomla EventList CVE-2007-4510 (ClamAV before 0.91.2, as used in Kolab Server 2.0 through 2.2beta1 and ...) BUG: 189912 NOTE: Kolab 2.X is not in the tree, left a Note at bug 96732. BUG: 96732 CVE-2007-4511 (The Sun Admin Console in Sun Application Server 9.0_0.1 does not apply ...) NOT-FOR-US: Java System Application Server CVE-2007-4512 (Cross-site scripting (XSS) vulnerability in Sophos Anti-Virus for ...) NOT-FOR-US: Sophos Anti-Virus CVE-2007-4513 (Multiple stack-based buffer overflows in IBM AIX 5.2 and 5.3 allow ...) NOT-FOR-US: IBM AIX CVE-2007-4514 (Unspecified vulnerability in HP ProCurve Manager and HP ProCurve ...) NOT-FOR-US: hp procurve_manager CVE-2007-4515 (Buffer overflow in a certain ActiveX control in YVerInfo.dll before ...) NOT-FOR-US: Yahoo Messenger CVE-2007-4516 (The Volume Manager Scheduler Service (aka VxSchedService.exe) in ...) NOT-FOR-US: Symantec Veritas Storage Foundation CVE-2007-4517 (Buffer overflow in the XDB.XDB_PITRIG_PKG.PITRIG_DROPMETADATA ...) NOT-FOR-US: Oracle 10g R2 CVE-2007-4518 RESERVED CVE-2007-4519 RESERVED CVE-2007-4520 RESERVED CVE-2007-4521 (Asterisk Open Source 1.4.5 through 1.4.11, when configured to use an ...) NOTE: Asterisk 1.4 not in our tree. CVE-2007-4522 (Multiple SQL injection vulnerabilities in Ripe Website Manager 0.8.9 ...) NOT-FOR-US: Ripe Website Manager CVE-2007-4523 (Multiple cross-site scripting (XSS) vulnerabilities in Ripe Website ...) NOT-FOR-US: Ripe Website Manager CVE-2007-4524 (PHP remote file inclusion vulnerability in adisplay.php in PhPress ...) NOT-FOR-US: PhPress CVE-2007-4525 (** DISPUTED ** ...) NOT-FOR-US: SPIP CVE-2007-4526 (The Client Login Extension (CLE) in Novell Identity Manager before ...) NOT-FOR-US: Novell Identity Manager CVE-2007-4527 (Unrestricted file upload vulnerability in phUploader.php in phphq.Net ...) NOT-FOR-US: phUploader CVE-2007-4528 (The Foreign Function Interface (ffi) extension in PHP 5.0.5 does not ...) NOTE: Too old. CVE-2007-4529 (The WebAdmin interface in TeamSpeak Server 2.0.20.1 allows remote ...) NOTE: Not relevant. CVE-2007-4530 (Multiple cross-site scripting (XSS) vulnerabilities in TeamSpeak ...) NOTE: Not relevant CVE-2007-4531 (Soldat game server 1.4.2 and earlier, and dedicated server 2.6.2 and ...) NOT-FOR-US: Soldat CVE-2007-4532 (Soldat game server 1.4.2 and earlier, and dedicated server 2.6.2 and ...) NOT-FOR-US: Soldat CVE-2007-4533 (Format string vulnerability in the Say command in sv_main.cpp in ...) NOTE: In Sunrise overlay, not in the tree. BUG: 132055 CVE-2007-4534 (Buffer overflow in the VThinker::BroadcastPrintf function in ...) NOTE: In Sunrise overlay, not in the tree. BUG: 132055 CVE-2007-4535 (The VStr::Resize function in str.cpp in Vavoom 1.24 and earlier allows ...) NOTE: In Sunrise overlay, not in the tree. BUG: 132055 CVE-2007-4536 (TorrentTrader 1.07 and earlier sets insecure permissions for files in ...) NOT-FOR-US: TorrentTrader CVE-2007-4537 (Heap-based buffer overflow in the Huffman decompression algorithm ...) NOT-FOR-US: Skulltag CVE-2007-4538 (email_in.pl in Bugzilla 2.23.4 through 3.0.0 allows remote attackers ...) BUG: 190112 CVE-2007-4539 (The WebService (XML-RPC) interface in Bugzilla 2.23.3 through 3.0.0 ...) BUG: 190112 CVE-2007-4540 (Multiple SQL injection vulnerabilities in download.php in Olate ...) NOT-FOR-US: OlateDownload CVE-2007-4541 (Multiple cross-site scripting (XSS) vulnerabilities in Olate Download ...) NOT-FOR-US: OlateDownload CVE-2007-4542 (Multiple cross-site scripting (XSS) vulnerabilities in MapServer ...) BUG: 190108 CVE-2007-4543 (Cross-site scripting (XSS) vulnerability in enter_bug.cgi in Bugzilla ...) BUG: 190112 CVE-2007-4544 (Cross-site scripting (XSS) vulnerability in wp-newblog.php in ...) NOTE: Wordpress 1.x CVE-2007-4545 (Multiple directory traversal vulnerabilities in Unreal Commander 0.92 ...) NOT-FOR-US: X Diesel Unreal Commander CVE-2007-4546 (Unreal Commander 0.92 build 565 and 573 lists the filenames from the ...) NOT-FOR-US: X Diesel Unreal Commander CVE-2007-4547 (Unreal Commander 0.92 build 565 and 573 writes portions of heap memory ...) NOT-FOR-US: Unreal Commander CVE-2007-4548 (The login method in LoginModule implementations in Apache Geronimo 2.0 ...) NOT-FOR-US: Apache Geronimo CVE-2007-4549 (Multiple buffer overflows in ALPass 2.7 English and 3.02 Korean allow ...) NOT-FOR-US: ALPass CVE-2007-4550 (Format string vulnerability in ALPass 2.7 English and 3.02 Korean ...) NOT-FOR-US: ALPass CVE-2007-4551 (PHP remote file inclusion vulnerability in index.php in Agares Media ...) NOT-FOR-US: Agares Media Arcadem CVE-2007-4552 (SQL injection vulnerability in index.php in Agares Media Arcadem 2.01 ...) NOT-FOR-US: Agares Media Arcadem CVE-2007-4553 (The Thomson ST 2030 SIP phone with software 1.52.1 allows remote ...) NOT-FOR-US: Thomson ST 2030 SIP phone CVE-2007-4554 (Cross-site scripting (XSS) vulnerability in tiki-remind_password.php ...) BUG: 190680 CVE-2007-4555 (Cross-site scripting (XSS) vulnerability in Ipswitch WS_FTP allows ...) NOT-FOR-US: WS_FTP CVE-2007-4556 (Struts support in OpenSymphony XWork before 1.2.3, and 2.x before ...) NOTE: We only have dev-java/struts-1* in the tree which is not vulnerable. CVE-2007-4557 (Cross-site scripting (XSS) vulnerability in the webacc servlet in ...) NOT-FOR-US: Novell GroupWise CVE-2007-4558 REJECTED NOTE: star, we have the bug for CVE-2007-4134 BUG: 189690 CVE-2007-4559 (Directory traversal vulnerability in the (1) extract and (2) ...) BUG: 191042 CVE-2007-4560 (clamav-milter in ClamAV before 0.91.2, when run in black hole mode, ...) BUG: 189912 CVE-2007-4561 (Heap-based buffer overflow in the RTSP service in Helix DNA Server ...) NOT-FOR-US: Helix DNA Server CVE-2007-4562 (Unspecified vulnerability in Hitachi DABroker before 03-02-/D and ...) NOT-FOR-US: Hitachi DABroker CVE-2007-4563 (Cosminexus Manager in Cosminexus Application Server 06-50 and later ...) NOT-FOR-US: Cosminexus Application Server CVE-2007-4564 (Cosminexus Manager in Cosminexus Application Server 07-00 and later ...) NOT-FOR-US: Cosminexus Application Server CVE-2007-4565 (sink.c in fetchmail before 6.3.9 allows context-dependent attackers to ...) BUG: 191154 NOTE: Client-side DoS, no security impact CVE-2007-4566 (Multiple buffer overflows in the login mechanism in sidvault in Alpha ...) NOT-FOR-US: SIDVault CVE-2007-4567 (The ipv6_hop_jumbo function in net/ipv6/exthdrs.c in the Linux kernel ...) BUG: 203073 CVE-2007-4568 (Integer overflow in the build_range function in X.Org X Font Server ...) BUG: 194606 CVE-2007-4569 (backend/session.c in KDM in KDE 3.3.0 through 3.5.7, when autologin is ...) BUG: 192373 CVE-2007-4570 (Algorithmic complexity vulnerability in the MCS translation daemon in ...) NOT-FOR-US: Red Hat msctrans CVE-2007-4571 (The snd_mem_proc_read function in sound/core/memalloc.c in the ...) BUG: 193797 BUG: 193796 CVE-2007-4572 (Stack-based buffer overflow in nmbd in Samba 3.0.0 through 3.0.26a, ...) BUG: 197519 CVE-2007-4573 (The IA32 system call emulation functionality in Linux kernel 2.4.x and ...) NOTE: kernel CVE-2007-4574 (Unspecified vulnerability in the "stack unwinder fixes" in kernel in ...) NOTE: RedHat backport CVE-2007-4575 (HSQLDB before 1.8.0.9, as used in OpenOffice.org (OOo) 2 before 2.3.1, ...) BUG: 201799 BUG: 200771 BUG: 201799 CVE-2007-4576 REJECTED NOT-FOR-US: already fixed in #201799 CVE-2007-4577 (Sophos Anti-Virus for Unix/Linux before 2.48.0 allows remote attackers ...) NOT-FOR-US: Sophos Anti-Virus CVE-2007-4578 (Sophos Anti-Virus for Windows and for Unix/Linux before 2.48.0 allows ...) NOT-FOR-US: Sophos Anti-Virus CVE-2007-4579 REJECTED NOT-FOR-US: Microsoft MSN Messenger CVE-2007-4580 (Buffer underflow in redlight.sys in BufferZone 2.1 and 2.5 allows ...) NOT-FOR-US: BufferZone CVE-2007-4581 (SQL injection vulnerability in acrotxt.php in WBB2-Addon: Acrotxt 1 ...) NOT-FOR-US: WBB2-Addon Acrotxt CVE-2007-4582 (Buffer overflow in the nvUnifiedControl.AUnifiedControl.1 ActiveX ...) NOT-FOR-US: Network Video Recorder CVE-2007-4583 (Multiple absolute path traversal vulnerabilities in the ...) NOT-FOR-US: Network Video Recorder CVE-2007-4584 (Stack-based buffer overflow in BitchX 1.1 Final allows remote IRC ...) BUG: 190667 CVE-2007-4585 (Directory traversal vulnerability in activateuser.php in 2532|Gigs ...) NOT-FOR-US: 2532|Gigs CVE-2007-4586 (Multiple buffer overflows in php_iisfunc.dll in the iisfunc extension ...) NOT-FOR-US: We don't ship this extension. CVE-2007-4587 (Cross-site scripting (XSS) vulnerability in Easy Software Cafeteria ...) NOT-FOR-US: escafeWeb (aka Tuigwaa) CVE-2007-4588 (Multiple cross-site scripting (XSS) vulnerabilities in InterWorx ...) NOT-FOR-US: InterWorx Hosting Control Panel CVE-2007-4589 (Multiple cross-site scripting (XSS) vulnerabilities in InterWorx ...) NOT-FOR-US: InterWorx Hosting Control Panel CVE-2007-4590 (The get_system_info command in Ignite-UX C.7.0 through C.7.3, and ...) NOT-FOR-US: Ignite-UX CVE-2007-4591 (vstor-ws60.sys in VMWare Workstation 6.0 allows local users to cause a ...) BUG: 193196 CVE-2007-4592 (Multiple cross-site scripting (XSS) vulnerabilities in the web ...) NOT-FOR-US: IBM Rational ClearQuest CVE-2007-4593 (Unspecified vulnerability in vstor2-ws60.sys in VMWare Workstation 6.0 ...) BUG: 193196 CVE-2007-4594 (Entrust Entelligence Security Provider (ESP) 8 does not properly ...) NOT-FOR-US: Entrust Entelligence Security Provider CVE-2007-4595 (Cross-site scripting (XSS) vulnerability in Mayaa before 1.1.12 allows ...) NOT-FOR-US: Mayaa CVE-2007-4596 (The perl extension in PHP does not follow safe_mode restrictions, ...) NOT-FOR-US: We don't ship this extension. CVE-2007-4597 (SQL injection vulnerability in index.php in TurnkeyWebTools SunShop ...) NOT-FOR-US: TurnkeyWebTools CVE-2007-4598 (IBM SurePOS 500 has (1) a default password of "12345" for the manager ...) NOT-FOR-US: IBM SurePOS 500 CVE-2007-4599 (Stack-based buffer overflow in RealNetworks RealPlayer 10 and possibly ...) NOTE: Linux not affected. CVE-2007-4600 (The "Protect Worksheet" functionality in Mathsoft Mathcad 12 through ...) NOT-FOR-US: PTC Mathcad CVE-2007-4601 (A regression error in tcp-wrappers 7.6.dbs-10 and 7.6.dbs-11 might ...) NOTE: this affects only debian systems as we don't ship this patch CVE-2007-4602 (SQL injection vulnerability in cms/revert-content.php in Implied by ...) NOT-FOR-US: Design Micro CMS CVE-2007-4603 (Multiple SQL injection vulnerabilities in index.php in ACG News 1.0 ...) NOT-FOR-US: ACG News CVE-2007-4604 (SQL injection vulnerability in viewitem.php in DL PayCart 1.01 allows ...) NOT-FOR-US: .q PayCart CVE-2007-4605 (PHP remote file inclusion vulnerability in convert/mvcw.php in Virtual ...) NOT-FOR-US: PHPNuke-Clan CVE-2007-4606 (PHP remote file inclusion vulnerability in convert/mvcw_conver.php in ...) NOT-FOR-US: PHPNuke-Clan CVE-2007-4607 (Buffer overflow in the EasyMailSMTPObj ActiveX control in emsmtp.dll ...) NOT-FOR-US: Quiksoft EasyMail CVE-2007-4608 (PHP remote file inclusion vulnerability in protection.php in ...) NOT-FOR-US: ePersonnel CVE-2007-4609 (eyeOS uses predictable checksum values in the checknum parameter for ...) NOT-FOR-US: eyeOS CVE-2007-4610 (Unrestricted file upload vulnerability in config/upload.php in ...) NOT-FOR-US: Moonware CVE-2007-4611 (SQL injection vulnerability in viewevent.php in Moonware (aka Dale ...) NOT-FOR-US: Moonware CVE-2007-4612 (CRLF injection vulnerability in contact.php in Moonware (aka Dale ...) NOT-FOR-US: Moonware CVE-2007-4613 (SSL libraries in BEA WebLogic Server 6.1 Gold through SP7, 7.0 Gold ...) NOT-FOR-US: BEA WebLogic Server CVE-2007-4614 (BEA WebLogic Server 9.1 does not properly handle propagation of an ...) NOT-FOR-US: BEA WebLogic Server CVE-2007-4615 (The SSL client implementation in BEA WebLogic Server 7.0 SP7, 8.1 SP2 ...) NOT-FOR-US: BEA WebLogic Server CVE-2007-4616 (The SSL server implementation in BEA WebLogic Server 7.0 Gold through ...) NOT-FOR-US: BEA WebLogic Server CVE-2007-4617 (Unspecified vulnerability in BEA WebLogic Server 6.1 Gold through SP7, ...) NOT-FOR-US: BEA WebLogic Server CVE-2007-4618 (Unspecified vulnerability in BEA WebLogic Server 6.1 Gold through SP7 ...) NOT-FOR-US: BEA WebLogic Server CVE-2007-4619 (Multiple integer overflows in Free Lossless Audio Codec (FLAC) libFLAC ...) BUG: 195700 CVE-2007-4620 (Multiple stack-based buffer overflows in Computer Associates (CA) ...) NOT-FOR-US: Computer Associates CA Alert Notification Service Alert exe CVE-2007-4621 (Buffer overflow in crontab in IBM AIX 5.2 allows local users to gain ...) NOT-FOR-US: IBM AIX CVE-2007-4622 (Integer underflow in the dns_name_fromtext function in (1) ...) NOT-FOR-US: IBM AIX CVE-2007-4623 (Stack-based buffer overflow in the sendrmt function in bellmail in IBM ...) NOT-FOR-US: IBM AIX CVE-2007-4624 (Cross-site scripting (XSS) vulnerability in pframe.php in AbleDesign ...) NOT-FOR-US: AbleDesign CVE-2007-4625 (Polipo before 1.0.2 allows remote HTTP servers to cause a denial of ...) BUG: 190617 CVE-2007-4626 (Unspecified vulnerability in Polipo before 1.0.2 allows remote ...) BUG: 190617 CVE-2007-4627 (SQL injection vulnerability in index.php in ABC eStore 3.0 allows ...) NOT-FOR-US: ABC eStore CVE-2007-4628 (SQL injection vulnerability in shownews.php in phpns 1.1 allows remote ...) NOT-FOR-US: phpns CVE-2007-4629 (Buffer overflow in the processLine funtion in maptemplate.c in ...) BUG: 190108 CVE-2007-4630 (Cross-site scripting (XSS) vulnerability in xlaapmview.asp in Absolute ...) NOT-FOR-US: Absolute Poll Manager CVE-2007-4631 (The DataLoader::doStart function in dataloader.cpp in QGit 1.5.6 and ...) BUG: 190697 CVE-2007-4632 (Cisco IOS 12.2E, 12.2F, and 12.2S places a "no login" line into the ...) NOT-FOR-US: Cisco IOS CVE-2007-4633 (Multiple cross-site scripting (XSS) vulnerabilities in Cisco ...) NOT-FOR-US: Cisco CallManager CVE-2007-4634 (Multiple SQL injection vulnerabilities in Cisco CallManager and ...) NOT-FOR-US: Cisco CallManager CVE-2007-4635 (Yahoo! Messenger 8.1.0.209 and 8.1.0.402 allows remote attackers to ...) NOT-FOR-US: Yahoo! Messenger CVE-2007-4636 (Multiple PHP remote file inclusion vulnerabilities in phpBG 0.9.1 ...) NOT-FOR-US: phpBG CVE-2007-4637 (xGB.php in xGB 2.0 does not require authentication for an admin edit ...) NOT-FOR-US: xGB CVE-2007-4638 (Blizzard Entertainment StarCraft Brood War 1.15.1 and earlier allows ...) NOT-FOR-US: Blizzard Entertainment StarCraft Brood War CVE-2007-4639 (EnterpriseDB Advanced Server 8.2 does not properly handle certain ...) NOT-FOR-US: EnterpriseDB Advanced Server CVE-2007-4640 (Unrestricted file upload vulnerability in index.php in Pakupaku CMS ...) NOT-FOR-US: Pakupaku CMS CVE-2007-4641 (Directory traversal vulnerability in index.php in Pakupaku CMS 0.4 and ...) NOT-FOR-US: Pakupaku CMS CVE-2007-4642 (Multiple buffer overflows in Doomsday (aka deng) 1.9.0-beta5.1 and ...) BUG: 190835 CVE-2007-4643 (Integer underflow in Doomsday (aka deng) 1.9.0-beta5.1 and earlier ...) BUG: 190835 CVE-2007-4644 (Format string vulnerability in the Cl_GetPackets function in cl_main.c ...) BUG: 190835 CVE-2007-4645 (SQL injection vulnerability in index.php in NMDeluxe 2.0.0 allows ...) NOT-FOR-US: NMDeluxe CVE-2007-4646 (Buffer overflow in the pop3 service in Hexamail Server 3.0.0.001 Lite ...) NOT-FOR-US: Hexamail Server CVE-2007-4647 (newswire/uploadmedia.cgi in 2coolcode Our Space (Ourspace) 2.0.9 ...) NOT-FOR-US: Ourspace CVE-2007-4648 (The nvcoaft51 driver in Norman Virus Control (NVC) 5.82 uses weak ...) NOT-FOR-US: Norman Virus Control CVE-2007-4649 (MicroWorld eScan Virus Control 9.0.722.1, Anti-Virus 9.0.722.1, and ...) NOT-FOR-US: MicroWorld eScan Virus Control CVE-2007-4650 (Multiple unspecified vulnerabilities in Gallery before 2.2.3 allow ...) BUG: 191587 CVE-2007-4651 (Unspecified vulnerability in Adobe Connect Enterprise Server 6 allows ...) NOT-FOR-US: Adobe Connect Enterprise Server CVE-2007-4652 (The session extension in PHP before 5.2.4 might allow local users to ...) BUG: 191034 NOTE: Fixed in 5.2.4 release CVE-2007-4653 (SQL injection vulnerability in links.php in the Links MOD 1.2.2 and ...) NOTE: phpbb not supported CVE-2007-4654 (Unspecified vulnerability in SSHield 1.6.1 with OpenSSH 3.0.2p1 on ...) NOT-FOR-US: Cisco Content Services Switch CVE-2007-4655 (Multiple directory traversal vulnerabilities in CGI RESCUE Shopping ...) NOT-FOR-US: Shopping Basket Professional CVE-2007-4656 (backup-manager-upload in Backup Manager before 0.6.3 provides the FTP ...) NOT-FOR-US: Backup Manager CVE-2007-4657 (Multiple integer overflows in PHP 4 before 4.4.8, and PHP 5 before ...) BUG: 191034 NOTE: Fixed in 5.2.4 release CVE-2007-4658 (The money_format function in PHP 5 before 5.2.4, and PHP 4 before ...) BUG: 191034 NOTE: Fixed in 5.2.4 release CVE-2007-4659 (The zend_alter_ini_entry function in PHP before 5.2.4 does not ...) BUG: 191034 NOTE: Fixed in 5.2.4 release CVE-2007-4660 (Unspecified vulnerability in the chunk_split function in PHP before ...) BUG: 191034 NOTE: Fixed in 5.2.4 release CVE-2007-4661 (The chunk_split function in string.c in PHP 5.2.3 does not properly ...) BUG: 191034 NOTE: Fixed in 5.2.4 release CVE-2007-4662 (Buffer overflow in the php_openssl_make_REQ function in PHP before ...) BUG: 191034 NOTE: Fixed in 5.2.4 release CVE-2007-4663 (Directory traversal vulnerability in PHP before 5.2.4 allows attackers ...) BUG: 191034 NOTE: Fixed in 5.2.4 release CVE-2007-4664 (Unspecified vulnerability in the (1) attach database and (2) create ...) BUG: 190833 CVE-2007-4665 (Unspecified vulnerability in the server in Firebird before 2.0.2 ...) BUG: 190833 CVE-2007-4666 (Unspecified vulnerability in the server in Firebird before 2.0.2, when ...) BUG: 190833 CVE-2007-4667 (Unspecified vulnerability in the Services API in Firebird before 2.0.2 ...) BUG: 190833 CVE-2007-4668 (Unspecified vulnerability in the server in Firebird before 2.0.2 ...) BUG: 190833 CVE-2007-4669 (The Services API in Firebird before 2.0.2 allows remote authenticated ...) BUG: 190833 CVE-2007-4670 (Unspecified vulnerability in PHP before 5.2.4 has unknown impact and ...) BUG: 191034 NOTE: Fixed in 5.2.4 release CVE-2007-4671 (Unspecified vulnerability in Safari in Apple iPhone 1.1.1, and Safari ...) NOT-FOR-US: Safari CVE-2007-4672 (Stack-based buffer overflow in Apple QuickTime before 7.3 allows ...) BUG: 150288 CVE-2007-4673 (Argument injection vulnerability in Apple QuickTime 7.2 for Windows XP ...) NOT-FOR-US: Apple CVE-2007-4674 (An "integer arithmetic" error in Apple QuickTime 7.2 allows remote ...) BUG: 150288 CVE-2007-4675 (Heap-based buffer overflow in the QuickTime VR extension 7.2.0.240 in ...) BUG: 150288 CVE-2007-4676 (Heap-based buffer overflow in Apple QuickTime before 7.3 allows remote ...) BUG: 150288 CVE-2007-4677 (Heap-based buffer overflow in Apple QuickTime before 7.3 allows remote ...) BUG: 150288 CVE-2007-4678 (AppleRAID in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 allows ...) NOT-FOR-US: Apple CVE-2007-4679 (CFFTP in CFNetwork for Apple Mac OS X 10.4 through 10.4.10 allows ...) NOT-FOR-US: Apple CVE-2007-4680 (CFNetwork in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 does not ...) NOT-FOR-US: Apple CVE-2007-4681 (Buffer overflow in CoreFoundation in Apple Mac OS X 10.3.9 and 10.4 ...) NOT-FOR-US: Apple CVE-2007-4682 (CoreText in Apple Mac OS X 10.4 through 10.4.10 allows attackers to ...) NOT-FOR-US: Apple CVE-2007-4683 (Directory traversal vulnerability in the kernel in Apple Mac OS X 10.4 ...) NOT-FOR-US: Apple CVE-2007-4684 (Integer overflow in the kernel in Apple Mac OS X 10.4 through 10.4.10 ...) NOT-FOR-US: Apple CVE-2007-4685 (The kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users ...) NOT-FOR-US: Apple CVE-2007-4686 (Integer signedness error in the ttioctl function in bsd/kern/tty.c in ...) NOT-FOR-US: Apple CVE-2007-4687 (The remote_cmds component in Apple Mac OS X 10.4 through 10.4.10 ...) NOT-FOR-US: Apple CVE-2007-4688 (The Networking component in Apple Mac OS X 10.4 through 10.4.10 allows ...) NOT-FOR-US: Apple CVE-2007-4689 (Double free vulnerability in the Networking component in Apple Mac OS ...) NOT-FOR-US: Apple CVE-2007-4690 (Double free vulnerability in the NFS component in Apple Mac OS X 10.4 ...) NOT-FOR-US: Apple CVE-2007-4691 (The NSURL component in Apple Mac OS X 10.4 through 10.4.10 performs ...) NOT-FOR-US: Apple CVE-2007-4692 (The tabbed browsing feature in Apple Safari 3 before Beta Update 3.0.4 ...) NOT-FOR-US: Apple Safari CVE-2007-4693 (The SecurityAgent component in Mac OS X 10.4 through 10.4.10 allows ...) NOT-FOR-US: Mac CVE-2007-4694 (Safari in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers ...) NOT-FOR-US: Apple CVE-2007-4695 (Unspecified "input validation" vulnerability in WebCore in Apple Mac ...) NOT-FOR-US: WebCore CVE-2007-4696 (Race condition in WebCore in Apple Mac OS X 10.4 through 10.4.10 ...) NOT-FOR-US: WebCore CVE-2007-4697 (Unspecified vulnerability in WebCore in Apple Mac OS X 10.4 through ...) NOT-FOR-US: WebCore CVE-2007-4698 (Apple Safari 3 before Beta Update 3.0.4 on Windows, and Mac OS X 10.4 ...) NOT-FOR-US: Apple Safari CVE-2007-4699 (The default configuration of Safari in Apple Mac OS X 10.4 through ...) NOT-FOR-US: Apple CVE-2007-4700 (Unspecified vulnerability in WebKit on Apple Mac OS X 10.4 through ...) NOT-FOR-US: WebKit CVE-2007-4701 (WebKit on Apple Mac OS X 10.4 through 10.4.10 does not create ...) NOT-FOR-US: WebKit CVE-2007-4702 (The Application Firewall in Apple Mac OS X 10.5, when "Block all ...) NOT-FOR-US: Apple CVE-2007-4703 (The Application Firewall in Apple Mac OS X 10.5 does not prevent a ...) NOT-FOR-US: Apple CVE-2007-4704 (The Application Firewall in Apple Mac OS X 10.5 does not apply changed ...) NOT-FOR-US: Apple CVE-2007-4705 RESERVED CVE-2007-4706 (Heap-based buffer overflow in Apple QuickTime before 7.3.1 allows ...) NOT-FOR-US: Apple CVE-2007-4707 (Multiple unspecified vulnerabilities in the Flash media handler in ...) NOT-FOR-US: Apple CVE-2007-4708 (Format string vulnerability in Address Book in Apple Mac OS X 10.4.11 ...) NOT-FOR-US: Apple Mac OS X CVE-2007-4709 (Directory traversal vulnerability in CFNetwork in Apple Mac OS X ...) NOT-FOR-US: Apple Mac OS X CVE-2007-4710 (Unspecified vulnerability in ColorSync in Apple Mac OS X 10.4.11 ...) NOT-FOR-US: Apple Mac OS X CVE-2007-4711 (Multiple cross-site scripting (XSS) vulnerabilities in Toms Gaestebuch ...) NOT-FOR-US: Toms Gaestebuch CVE-2007-4712 (PHP remote file inclusion vulnerability in index.php in eNetman 1 ...) NOT-FOR-US: eNetman CVE-2007-4713 (Multiple cross-site scripting (XSS) vulnerabilities in urchin.cgi in ...) NOT-FOR-US: Urchin CVE-2007-4714 (SQL injection vulnerability in error_view.php in Yvora 1.0 allows ...) NOT-FOR-US: Yvora CVE-2007-4715 (Multiple PHP remote file inclusion vulnerabilities in Weblogicnet ...) NOT-FOR-US: Weblogicnet CVE-2007-4716 (Multiple SQL injection vulnerabilities in PHD Help Desk before 1.31 ...) NOT-FOR-US: PHD Help Desk CVE-2007-4717 (Multiple cross-site scripting (XSS) vulnerabilities in Claroline ...) NOT-FOR-US: Claroline CVE-2007-4718 (Directory traversal vulnerability in inc/lib/language.lib.php in ...) NOT-FOR-US: Claroline CVE-2007-4719 (SQL injection vulnerability in read.php in 212cafeBoard 6.30 Beta ...) NOT-FOR-US: 212cafeBoard CVE-2007-4720 (Unspecified vulnerability in the Shared Trace Service in Hitachi ...) NOT-FOR-US: Hitachi Network Node Manager CVE-2007-4721 REJECTED NOTE: Wireshark 0.99.6 is not affected and was stabled before BUG: 183520 CVE-2007-4722 (Multiple stack-based buffer overflows in the Quantum Streaming ...) NOT-FOR-US: Quantum Streaming CVE-2007-4723 (Directory traversal vulnerability in Ragnarok Online Control Panel ...) NOT-FOR-US: Ragnarok Online Control Panel CVE-2007-4724 (Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the ...) TODO: file bug CVE-2007-4725 (Stack consumption vulnerability in AkkyWareHOUSE 7-zip32.dll before ...) NOT-FOR-US: AkkyWareHOUSE CVE-2007-4726 (Directory traversal vulnerability in Web Oddity 0.09b allows remote ...) NOT-FOR-US: Web Oddity CVE-2007-4727 (Buffer overflow in the fcgi_env_add function in ...) BUG: 191912 BUG: 191034 NOTE: Fixed post-5.2.4 snapshot CVE-2007-4728 RESERVED CVE-2007-4729 RESERVED CVE-2007-4730 (Buffer overflow in the compNewPixmap function in compalloc.c in the ...) BUG: 191964 CVE-2007-4731 (Stack-based buffer overflow in the TMregChange function in TMReg.dll ...) NOT-FOR-US: Trend Micro ServerProtect CVE-2007-4732 (Unspecified vulnerability in the strfreectty function in the Special ...) NOT-FOR-US: Sun Solaris CVE-2007-4733 (The Aztech DSL600EU router, when WAN access to the web interface is ...) NOT-FOR-US: Aztech DSL600EU CVE-2007-4734 (Buffer overflow in Ots Labs OTSTurntables 1.00 allows user-assisted ...) NOT-FOR-US: OTSTurntables CVE-2007-4735 (Buffer overflow in Next Generation Software Virtual DJ (VDJ) 5.0 ...) NOT-FOR-US: Next Generation Software Virtual DJ CVE-2007-4736 (SQL injection vulnerability in category.php in CartKeeper CKGold ...) NOT-FOR-US: CartKeeper CKGold Shopping Cart CVE-2007-4737 (Multiple PHP remote file inclusion vulnerabilities in SpeedTech PHP ...) NOT-FOR-US: STPHPLibrary CVE-2007-4738 (Multiple PHP remote file inclusion vulnerabilities in SpeedTech PHP ...) NOT-FOR-US: STPHPLibrary CVE-2007-4739 (reprepro 1.3.0 through 2.2.3 does not properly verify signatures when ...) NOT-FOR-US: reprepro CVE-2007-4740 (The HPRevolutionRegistryManager ActiveX control in ...) NOT-FOR-US: HPRevolutionRegistryManager CVE-2007-4741 (Cross-site scripting (XSS) vulnerability in admin/adminusers.php in ...) NOT-FOR-US: Claroline CVE-2007-4742 (Claroline before 1.8.6 allows remote authenticated administrators to ...) NOT-FOR-US: Claroline CVE-2007-4743 (The original patch for CVE-2007-3999 in svc_auth_gss.c in the ...) BUG: 191479 BUG: 191301 NOTE: We did not commit this patch, but the revised one. CVE-2007-4744 (PHP remote file inclusion vulnerability in environment.php in ...) NOT-FOR-US: AnyInventory CVE-2007-4745 (Multiple cross-site scripting (XSS) vulnerabilities in the AkoBook ...) NOT-FOR-US: AkoBook CVE-2007-4746 (The Cisco Video Surveillance IP Gateway Encoder/Decoder (Standalone ...) NOT-FOR-US: Cisco Video Surveillance IP Gateway CVE-2007-4747 (The telnet service in Cisco Video Surveillance IP Gateway ...) NOT-FOR-US: Cisco Video Surveillance IP Gateway CVE-2007-4748 (Buffer overflow in the PowerPlayer.dll ActiveX control in PPStream ...) NOT-FOR-US: PPStream CVE-2007-4749 (The cmdjob utility in Autodesk Backburner 3.0.2 allows remote ...) NOT-FOR-US: Autodesk Backburner CVE-2007-4750 (Unspecified vulnerability in RemoteDocs R-Viewer before 1.6.3768 ...) NOT-FOR-US: RemoteDocs R-Viewer CVE-2007-4751 (RemoteDocs R-Viewer before 1.6.3768 stores encrypted RDZ file data in ...) NOT-FOR-US: RemoteDocs R-Viewer CVE-2007-4752 (ssh in OpenSSH before 4.7 does not properly handle when an untrusted ...) BUG: 191321 CVE-2007-4753 (The Thomson ST 2030 SIP phone with software 1.52.1 allows remote ...) NOT-FOR-US: Thomson ST 2030 SIP phone CVE-2007-4754 (Format string vulnerability in the safe_bprintf function in ...) BUG: 191484 CVE-2007-4755 (Alien Arena 2007 6.10 and earlier allows remote attackers to cause a ...) BUG: 191484 CVE-2007-4756 (Directory traversal vulnerability in the FTP client in Total Commander ...) NOT-FOR-US: Total Commander CVE-2007-4757 (PHP remote file inclusion vulnerability in menu.php in phpMytourney ...) NOT-FOR-US: phpMytourney CVE-2007-4758 (Multiple buffer overflows in the image-processing APIs in Cosminexus ...) NOT-FOR-US: Cosminexus CVE-2007-4759 (Multiple unspecified vulnerabilities in the image-processing APIs in ...) NOT-FOR-US: Cosminexus CVE-2007-4760 (The javadoc tool in Cosminexus Developer's Kit for Java in Cosminexus ...) NOT-FOR-US: Cosminexus CVE-2007-4761 (Unrestricted file upload vulnerability in upload.php in Barbo91 1.1 ...) NOT-FOR-US: Barbo91 CVE-2007-4762 (Multiple SQL injection vulnerabilities in embadmin/login.asp in ...) NOT-FOR-US: E-SMARTCART CVE-2007-4763 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: PHPOF CVE-2007-4764 (Directory traversal vulnerability in pawfaliki.php in Pawfaliki 0.5.1 ...) NOT-FOR-US: Pawfaliki CVE-2007-4765 RESERVED CVE-2007-4766 (Multiple integer overflows in Perl-Compatible Regular Expression ...) BUG: 198198 CVE-2007-4767 (Perl-Compatible Regular Expression (PCRE) library before 7.3 does not ...) BUG: 198198 CVE-2007-4768 (Heap-based buffer overflow in Perl-Compatible Regular Expression ...) BUG: 193519 BUG: 198198 CVE-2007-4769 (The regular expression parser in TCL before 8.4.17, as used in ...) BUG: 204760 CVE-2007-4770 (libicu in International Components for Unicode (ICU) 3.8.1 and earlier ...) BUG: 208001 BUG: 218080 CVE-2007-4771 (Heap-based buffer overflow in the doInterval function in regexcmp.cpp ...) BUG: 208001 BUG: 218080 CVE-2007-4772 (The regular expression parser in TCL before 8.4.17, as used in ...) BUG: 204760 CVE-2007-4773 RESERVED CVE-2007-4774 RESERVED CVE-2007-4775 RESERVED CVE-2007-4776 (Buffer overflow in Microsoft Visual Basic 6.0 and Enterprise Edition ...) NOT-FOR-US: Microsoft Visual Basic CVE-2007-4777 (SQL injection vulnerability in Joomla! 1.5 before RC2 (aka Endeleo) ...) NOT-FOR-US: Joomla! 1.5 before RC2 CVE-2007-4778 (Multiple SQL injection vulnerabilities in the content component ...) NOT-FOR-US: Joomla! 1.5 Beta1, Beta2, and RC1 CVE-2007-4779 (Cross-site scripting (XSS) vulnerability in Joomla! 1.5 before RC2 ...) NOT-FOR-US: Joomla! 1.5 before RC2 CVE-2007-4780 (Joomla! 1.5 before RC2 (aka Endeleo) allows remote attackers to obtain ...) NOT-FOR-US: Joomla! 1.5 before RC2 CVE-2007-4781 (administrator/index.php in the installer component (com_installer) in ...) NOT-FOR-US: Joomla! 1.5 Beta1, Beta2, and RC1 CVE-2007-4782 (PHP before 5.2.3 allows context-dependent attackers to cause a denial ...) BUG: 191034 NOTE: Fixed in 5.2.4 release CVE-2007-4783 (The iconv_substr function in PHP 5.2.4 and earlier allows ...) BUG: 191034 NOTE: Workaround in post-5.2.4 snapshot, actually a GLIBC bug. CVE-2007-4784 (The setlocale function in PHP before 5.2.4 allows context-dependent ...) BUG: 191034 NOTE: Fixed in 5.2.4 release CVE-2007-4785 (Sony Micro Vault Fingerprint Access Software, as distributed with Sony ...) NOT-FOR-US: Sony Micro Vault Fingerprint Access Software CVE-2007-4786 (Cisco Adaptive Security Appliance (ASA) running PIX 7.0 before ...) NOT-FOR-US: Cisco Adaptive Security Appliance CVE-2007-4787 (The virus detection engine in Sophos Anti-Virus before 2.49.0 does not ...) NOT-FOR-US: Sophos Anti-Virus CVE-2007-4788 (Cisco Content Switching Modules (CSM) 4.2 before 4.2.3a, and Cisco ...) NOT-FOR-US: Cisco Content Switching Modules CVE-2007-4789 (Cisco Content Switching Modules (CSM) 4.2 before 4.2.7, and Cisco ...) NOT-FOR-US: Cisco Content Switching Modules CVE-2007-4790 (Stack-based buffer overflow in certain ActiveX controls in (1) ...) NOT-FOR-US: Microsoft Visual FoxPro CVE-2007-4791 (Buffer overflow in the swcons command in bos.rte.console in IBM AIX ...) NOT-FOR-US: AIX CVE-2007-4792 (Buffer overflow in ibstat in devices.common.IBM.ib.rte in IBM AIX 5.3 ...) NOT-FOR-US: AIX CVE-2007-4793 (Buffer overflow in xlplm in plm.server.rte in IBM AIX 5.2 and 5.3 ...) NOT-FOR-US: AIX CVE-2007-4794 (Buffer overflow in fcstat in devices.common.IBM.fc.rte in IBM AIX 5.2 ...) NOT-FOR-US: AIX CVE-2007-4795 (Buffer overflow in mkpath in bos.rte.methods in IBM AIX 5.2 and 5.3 ...) NOT-FOR-US: AIX CVE-2007-4796 (Buffer overflow in uucp in bos.net.uucp in IBM AIX 5.2 and 5.3 allows ...) NOT-FOR-US: AIX CVE-2007-4797 (Multiple buffer overflows in unspecified svprint (System V print) ...) NOT-FOR-US: AIX CVE-2007-4798 (Unspecified vulnerability in invscout in Inventory Scout in ...) NOT-FOR-US: AIX CVE-2007-4799 (The perfstat kernel extension in bos.perf.perfstat in AIX 5.3 does not ...) NOT-FOR-US: AIX CVE-2007-4800 RESERVED CVE-2007-4801 RESERVED CVE-2007-4802 (Multiple heap-based buffer overflows in GlobalLink 2.7.0.8 allow ...) NOT-FOR-US: GlobalLink CVE-2007-4803 (Buffer overflow in AtomixMP3 2.3 allows user-assisted remote attackers ...) NOT-FOR-US: AtomixMP3 CVE-2007-4804 (Multiple SQL injection vulnerabilities in AuraCMS 1.5rc allow remote ...) NOT-FOR-US: AuraCMS CVE-2007-4805 (Directory traversal vulnerability in getgalldata.php in fuzzylime ...) NOT-FOR-US: fuzzylime CVE-2007-4806 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Focus/SIS CVE-2007-4807 (Multiple PHP remote file inclusion vulnerabilities in Focus/SIS 2.2 ...) NOT-FOR-US: Focus/SIS CVE-2007-4808 (Multiple SQL injection vulnerabilities in TLM CMS 3.2 allow remote ...) NOT-FOR-US: TLM CMS CVE-2007-4809 (Multiple PHP remote file inclusion vulnerabilities in Online Fantasy ...) NOT-FOR-US: Online Fantasy Football League CVE-2007-4810 (Multiple SQL injection vulnerabilities in Netjuke 1.0-rc2 allow remote ...) NOT-FOR-US: Netjuke CVE-2007-4811 (Multiple cross-site scripting (XSS) vulnerabilities in Netjuke 1.0-rc2 ...) NOT-FOR-US: Netjuke CVE-2007-4812 (Buffer overflow in Apple Safari 3.0.3 522.15.5, and other versions ...) NOT-FOR-US: Apple Safari CVE-2007-4813 (Cross-site scripting (XSS) vulnerability in Domino Blogsphere 3.01 ...) NOT-FOR-US: Domino Blogsphere CVE-2007-4814 (Buffer overflow in the SQLServer ActiveX control in the Distributed ...) NOT-FOR-US: Microsoft SQL Server Enterprise Manager CVE-2007-4815 (Multiple PHP remote file inclusion vulnerabilities in WebED in Markus ...) NOT-FOR-US: WebED CVE-2007-4816 (Multiple buffer overflows in the BaoFeng2 storm ActiveX control in ...) NOT-FOR-US: BaoFeng2 CVE-2007-4817 (Unrestricted file upload vulnerability in the Restaurante ...) NOT-FOR-US: Joomla Restaurante CVE-2007-4818 (Multiple PHP remote file inclusion vulnerabilities in Txx CMS 0.2 ...) NOT-FOR-US: Txx CMS CVE-2007-4819 (Multiple cross-site scripting (XSS) vulnerabilities in Txx CMS 0.2 ...) NOT-FOR-US: Txx CMS CVE-2007-4820 (Absolute path traversal vulnerability in blanko.preview.php in Sisfo ...) NOT-FOR-US: Sisfo Kampus CVE-2007-4821 (Buffer overflow in a certain ActiveX control in officeviewer.ocx ...) NOT-FOR-US: EDraw Office Viewer CVE-2007-4822 (Cross-site request forgery (CSRF) vulnerability in the device ...) NOT-FOR-US: Buffalo AirStation WHR-G54S CVE-2007-4823 (Multiple buffer overflows in Google Picasa have unspecified attack ...) TODO: moreinfo CVE-2007-4824 (Multiple cross-application scripting (XAS) vulnerabilities in Google ...) TODO: moreinfo CVE-2007-4825 (Directory traversal vulnerability in PHP 5.2.4 and earlier allows ...) BUG: 191034 NOTE: Fixed in post-5.2.4 snapshot CVE-2007-4826 (bgpd in Quagga before 0.99.9 allows explicitly configured BGP peers to ...) BUG: 192096 CVE-2007-4827 (Unspecified vulnerability in the Modbus/TCP Diagnostic function in ...) NOT-FOR-US: MiniHMI.exe CVE-2007-4828 (Cross-site scripting (XSS) vulnerability in the API pretty-printing ...) BUG: 192197 CVE-2007-4829 (Directory traversal vulnerability in the Archive::Tar Perl module 1.36 ...) BUG: 192989 CVE-2007-4830 (Cross-site scripting (XSS) vulnerability in CMD_BANDWIDTH_BREAKDOWN in ...) NOT-FOR-US: DirectAdmin CVE-2007-4831 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: TorrentTrader CVE-2007-4832 (Format string vulnerability in CellFactor Revolution 1.03 and earlier ...) NOT-FOR-US: CellFactor Revolution CVE-2007-4833 (Unspecified vulnerability in the Edge Component in IBM WebSphere ...) NOT-FOR-US: IBM WebSphere CVE-2007-4834 (Multiple PHP remote file inclusion vulnerabilities in phpRealty 0.02 ...) NOT-FOR-US: phpRealty CVE-2007-4835 (SQL injection vulnerability in index.php in phpMyQuote 0.20 allows ...) NOT-FOR-US: phpMyQuote CVE-2007-4836 (Cross-site scripting (XSS) vulnerability in index.php in phpMyQuote ...) NOT-FOR-US: phpMyQuote CVE-2007-4837 (SQL injection vulnerability in anket.asp in Proxy Anket 3.0.1 allows ...) NOT-FOR-US: Proxy Anket CVE-2007-4838 (Multiple buffer overflows in CellFactor Revolution 1.03 and earlier ...) NOT-FOR-US: CellFactor Revolution CVE-2007-4839 (Unspecified vulnerability in the PD tools component in IBM WebSphere ...) NOT-FOR-US: IBM WebSphere CVE-2007-4840 (PHP 5.2.4 and earlier allows context-dependent attackers to cause a ...) BUG: 191034 NOTE: Workaround in a post-5.2.4 snapshot. Actually a glibc bug. NOTE: the cve is not listing all vulnerable functions. NOTE: xmlrpc* stuff also seems to use iconv internally and the output NOTE: handler of ext/iconv wasn't mentioned in the cve either CVE-2007-4841 (Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and ...) BUG: 196480 CVE-2007-4842 (Directory traversal vulnerability in Enriva Development Magellan ...) NOT-FOR-US: Magellan Explorer CVE-2007-4843 (Directory traversal vulnerability in X-Diesel Unreal Commander 0.92 ...) NOT-FOR-US: Unreal Commander CVE-2007-4844 (X-Diesel Unreal Commander 0.92 build 565 and 573 does not properly ...) NOT-FOR-US: Unreal Commander CVE-2007-4845 (Multiple SQL injection vulnerabilities in UPLOAD/index.php in ...) NOT-FOR-US: RW::Download CVE-2007-4846 (SQL injection vulnerability in start.php in Webace-Linkscript (wls) ...) NOT-FOR-US: Webace-Linkscript CVE-2007-4847 (Google Picasa allows remote attackers to read image files stored by ...) TODO: moreinfo CVE-2007-4848 (Microsoft Internet Explorer 4.0 through 7 allows remote attackers to ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2007-4849 (JFFS2, as used on One Laptop Per Child (OLPC) build 542 and possibly ...) NOTE: linux CVE-2007-4850 (curl/interface.c in the cURL library (aka libcurl) in PHP 5.2.4 and ...) BUG: 207752 CVE-2007-4851 REJECTED CVE-2007-4852 RESERVED CVE-2007-4853 RESERVED CVE-2007-4854 RESERVED CVE-2007-4855 RESERVED CVE-2007-4856 RESERVED CVE-2007-4857 RESERVED CVE-2007-4858 RESERVED CVE-2007-4859 RESERVED CVE-2007-4860 RESERVED CVE-2007-4861 (SAXON 5.4, with display_errors enabled, allows remote attackers to ...) NOT-FOR-US: SAXON CVE-2007-4862 (Cross-site scripting (XSS) vulnerability in admin/menu.php in SAXON ...) NOT-FOR-US: SAXON CVE-2007-4863 (SQL injection vulnerability in example.php in SAXON 5.4 allows remote ...) NOT-FOR-US: SAXON NOTE: Not dev-java/saxon CVE-2007-4864 RESERVED CVE-2007-4865 RESERVED CVE-2007-4866 RESERVED CVE-2007-4867 RESERVED CVE-2007-4868 RESERVED CVE-2007-4869 RESERVED CVE-2007-4870 RESERVED CVE-2007-4871 RESERVED CVE-2007-4872 (SimpNews 2.41.03 allows remote attackers to obtain sensitive ...) NOT-FOR-US: SimpleNews SimpleNews CVE-2007-4873 (SimpNews 2.41.03 stores sensitive information under the web root with ...) NOT-FOR-US: SimpleNews SimpleNews CVE-2007-4874 (Multiple cross-site scripting (XSS) vulnerabilities in SimpNews ...) NOT-FOR-US: boesch it SimpNews CVE-2007-4875 RESERVED CVE-2007-4876 RESERVED CVE-2007-4877 RESERVED CVE-2007-4878 RESERVED CVE-2007-4879 (Mozilla Firefox before Firefox 2.0.0.13, and SeaMonkey before 1.1.9, ...) BUG: 214816 CVE-2007-4880 (Buffer overflow in the Client Acceptor Daemon (CAD), dsmcad.exe, in ...) NOT-FOR-US: IBM Tivoli CVE-2007-4881 (SQL injection vulnerability in profile/myprofile.php in psi-labs.com ...) NOT-FOR-US: psisns CVE-2007-4882 (Multiple cross-site scripting (XSS) vulnerabilities in TechExcel ...) NOT-FOR-US: TechExcel CVE-2007-4883 (Cross-site scripting (XSS) vulnerability in the BotQuery extension in ...) NOT-FOR-US: BotQuery CVE-2007-4884 (Media Player Classic (MPC) allows user-assisted remote attackers to ...) NOT-FOR-US: Media Player Classic CVE-2007-4885 (Avnex AV MP3 Player allows user-assisted remote attackers to cause a ...) NOT-FOR-US: Avnex AV MP3 Player CVE-2007-4886 (Incomplete blacklist vulnerability in index.php in AuraCMS 1.x and ...) NOT-FOR-US: AuraCMS CVE-2007-4887 (The dl function in PHP 5.2.4 and earlier allows context-dependent ...) BUG: 191034 NOTE: Fixed in post-5.2.4 snapshot CVE-2007-4888 (The "You are not allowed..." error handler in XWiki 1.0 B1 and 1.0 B2 ...) NOT-FOR-US: XWiki CVE-2007-4889 (The MySQL extension in PHP 5.2.4 and earlier allows remote attackers ...) BUG: 191034 NOTE: UNFIXED. This is a mySQL configuration issue CVE-2007-4890 (Absolute directory traversal vulnerability in a certain ActiveX ...) NOT-FOR-US: VB To VSI Support Library CVE-2007-4891 (A certain ActiveX control in PDWizard.ocx 6.0.0.9782 and earlier in ...) NOT-FOR-US: PDWizard.ocx CVE-2007-4892 (Multiple SQL injection vulnerabilities in SWSoft Plesk 7.6.1, 8.1.0, ...) NOT-FOR-US: SWSoft Plesk CVE-2007-4893 (wp-admin/admin-functions.php in Wordpress before 2.2.3 and Wordpress ...) BUG: 192347 CVE-2007-4894 (Multiple SQL injection vulnerabilities in Wordpress before 2.2.3 and ...) BUG: 192347 CVE-2007-4895 (Directory traversal vulnerability in dwoprn.php in Sisfo Kampus 2006 ...) NOT-FOR-US: Sisfo Kampus CVE-2007-4896 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: Toms Gaestebuch CVE-2007-4897 (pwlib, as used by Ekiga 2.0.5 and possibly other products, allows ...) BUG: 193095 CVE-2007-4898 (Unspecified vulnerability in the Multiwiki plugin in XWiki before 1.1 ...) NOT-FOR-US: XWiki CVE-2007-4899 (Multiple cross-site scripting (XSS) vulnerabilities in Boinc Forum ...) NOT-FOR-US: Boinc Forum CVE-2007-4900 (Cross-site scripting (XSS) vulnerability in the logon page in RSA ...) NOT-FOR-US: RSA EnVision CVE-2007-4901 (The embedded Internet Explorer server control in AOL Instant Messenger ...) NOT-FOR-US: AOL Instant Messenger CVE-2007-4902 (Absolute path traversal vulnerability in a certain ActiveX control in ...) NOT-FOR-US: Ultra Crypto Component CVE-2007-4903 (Multiple buffer overflows in a certain ActiveX control in CryptoX.dll ...) NOT-FOR-US: Ultra Crypto Component CVE-2007-4904 (RealNetworks RealPlayer 10.1.0.3114 and earlier, and Helix Player ...) BUG: 192170 CVE-2007-4905 (Unrestricted file upload vulnerability in mod/contak.php in AuraCMS ...) NOT-FOR-US: AuraCMS CVE-2007-4906 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: NuclearBB CVE-2007-4907 (Multiple PHP remote file inclusion vulnerabilities in X-Cart allow ...) NOT-FOR-US: X-Cart CVE-2007-4908 (Directory traversal vulnerability in index.php in AuraCMS 2.1 and ...) NOT-FOR-US: AuraCMS CVE-2007-4909 (Interpretation conflict in WinSCP before 4.0.4 allows remote attackers ...) NOT-FOR-US: WinSCP CVE-2007-4910 (Unspecified vulnerability in netInvoicing before 2.7.3 has unknown ...) NOT-FOR-US: netInvoicing CVE-2007-4911 (JSMP3OGGWt.dll in JetCast Server 2.0.0.4308 allows remote attackers to ...) NOT-FOR-US: JetCast CVE-2007-4912 (Cross-site scripting (XSS) vulnerability in ips_kernel/class_ajax.php ...) NOT-FOR-US: Invision Power Board CVE-2007-4913 (ips_kernel/class_upload.php in Invision Power Board (IPB or IP.Board) ...) NOT-FOR-US: Invision Power Board CVE-2007-4914 (Unspecified vulnerability in the subscriptions manager in Invision ...) NOT-FOR-US: Invision Power Board CVE-2007-4915 (The Intersil isl3893 extensions for Boa 0.93.15, as used on the ...) NOT-FOR-US: Intersil isl3893 extensions for Boa CVE-2007-4916 (Heap-based buffer overflow in the FileFind::FindFile method in (1) ...) NOT-FOR-US: Microsoft Foundation Class (MFC) Library 8.0 CVE-2007-4917 (Cross-site scripting (XSS) vulnerability in tracking.php in PHP-Stats ...) NOT-FOR-US: PHP-Stats CVE-2007-4918 (SQL injection vulnerability in classes/gelato.class.php in Gelato ...) NOT-FOR-US: Gelato CVE-2007-4919 (Multiple SQL injection vulnerabilities in JBlog 1.0 allow (1) remote ...) NOT-FOR-US: JBlog CVE-2007-4920 (SQL injection vulnerability in soporte_derecha_w.php in PHP Webquest ...) NOT-FOR-US: Webquest CVE-2007-4921 (PHP remote file inclusion vulnerability in _includes/settings.inc.php ...) NOT-FOR-US: Ajax File Browser CVE-2007-4922 (SQL injection vulnerability in play.php in the jeuxflash 1.0 module ...) NOT-FOR-US: KwsPHP CVE-2007-4923 (PHP remote file inclusion vulnerability in admin.joomlaradiov5.php in ...) NOT-FOR-US: Joomla Radio 5 CVE-2007-4924 (The Open Phone Abstraction Library (opal), as used by (1) Ekiga before ...) BUG: 193095 CVE-2007-4925 (The ewirePC_Decrypt function in ewirepcfunctions.php in eWire Payment ...) NOT-FOR-US: eWire Payment CVE-2007-4926 (The AXIS 207W camera uses a base64-encoded cleartext username and ...) NOT-FOR-US: AXIS 207W camera CVE-2007-4927 (axis-cgi/buffer/command.cgi on the AXIS 207W camera allows remote ...) NOT-FOR-US: AXIS 207W camera CVE-2007-4928 (The AXIS 207W camera stores a WEP or WPA key in cleartext in the ...) NOT-FOR-US: AXIS 207W camera CVE-2007-4929 (Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 207W ...) NOT-FOR-US: AXIS 207W camera CVE-2007-4930 (Multiple cross-site request forgery (CSRF) vulnerabilities in the AXIS ...) NOT-FOR-US: AXIS 207W camera CVE-2007-4931 (HP System Management Homepage (SMH) for Windows, when used in ...) NOT-FOR-US: HP System Management Homepage CVE-2007-4932 (admin.php in Shop-Script FREE 2.0 and earlier sends a redirect to the ...) NOT-FOR-US: Shop-Script FREE CVE-2007-4933 (Direct static code injection vulnerability in ...) NOT-FOR-US: Shop-Script CVE-2007-4934 (Multiple PHP remote file inclusion vulnerabilities in phpFFL 1.24 ...) NOT-FOR-US: phpFFL CVE-2007-4935 (Multiple PHP remote file inclusion vulnerabilities in phpFFL 1.24 ...) NOT-FOR-US: phpFFL CVE-2007-4936 (Unspecified vulnerability in Office Efficiencies SafeSquid 4.1.x has ...) NOT-FOR-US: Office Efficiencies SafeSquid CVE-2007-4937 (CS Guestbook stores sensitive information under the web root with ...) NOT-FOR-US: CS Guestbook CVE-2007-4938 (Heap-based buffer overflow in libmpdemux/aviheader.c in MPlayer 1.0rc1 ...) BUG: 192359 CVE-2007-4939 (Heap-based buffer overflow in mplayerc.exe in Media Player Classic ...) NOT-FOR-US: Media Player Classic CVE-2007-4940 (Multiple integer overflows in Media Player Classic (MPC) 6.4.9.0 and ...) NOT-FOR-US: Media Player Classic CVE-2007-4941 (KMPlayer 2.9.3.1210 and earlier allows remote attackers to cause a ...) NOT-FOR-US: KMPlayer for Windows CVE-2007-4942 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Focus/SIS CVE-2007-4943 (Multiple buffer overflows in a certain ActiveX control in sparser.dll ...) NOT-FOR-US: Baofeng CVE-2007-4944 (The canvas.createPattern function in Opera 9.x before 9.22 for Linux, ...) BUG: 185497 CVE-2007-4945 (Multiple cross-site scripting (XSS) vulnerabilities in LetterGrade ...) NOT-FOR-US: LetterGrade CVE-2007-4946 (LetterGrade allows remote attackers to obtain sensitive information ...) NOT-FOR-US: LetterGrade CVE-2007-4947 (Multiple PHP remote file inclusion vulnerabilities in myphpPagetool ...) NOT-FOR-US: myphpPagetool CVE-2007-4948 (Multiple PHP remote file inclusion vulnerabilities in Webmedia ...) NOT-FOR-US: webmex CVE-2007-4949 (** DISPUTED ** ...) NOT-FOR-US: php(Reactor) CVE-2007-4950 (** DISPUTED ** ...) NOT-FOR-US: PHPortal CVE-2007-4951 (** DISPUTED ** ...) NOT-FOR-US: YaPiG CVE-2007-4952 (SQL injection vulnerability in article.php in OmniStar Article Manager ...) NOT-FOR-US: OmniStar CVE-2007-4953 (SQL injection vulnerability in index.php in SimpCMS allows remote ...) NOT-FOR-US: SimpCMS CVE-2007-4954 (PHP remote file inclusion vulnerability in admin.joom12pic.php in the ...) NOT-FOR-US: joom12Pic CVE-2007-4955 (PHP remote file inclusion vulnerability in admin.joomlaflashfun.php in ...) NOT-FOR-US: Joomla Flash Fun! CVE-2007-4956 (Multiple SQL injection vulnerabilities in KwsPHP 1.0 allow remote ...) NOT-FOR-US: KwsPHP CVE-2007-4957 (Multiple directory traversal vulnerabilities in download.php in Chupix ...) NOT-FOR-US: Chupix CVE-2007-4958 (Multiple cross-site scripting (XSS) vulnerabilities in TinyWebGallery ...) NOT-FOR-US: TinyWebGallery CVE-2007-4959 (Cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: osCMax CVE-2007-4960 (Argument injection vulnerability in the Linden Lab Second Life ...) BUG: 249481 CVE-2007-4961 (The login_to_simulator method in Linden Lab Second Life, as used by ...) BUG: 249481 CVE-2007-4962 (Directory traversal vulnerability in WinImage 8.10 and earlier allows ...) NOT-FOR-US: WinImage CVE-2007-4963 (Visual truncation vulnerability in WinImage 8.10 and earlier allows ...) NOT-FOR-US: WinImage CVE-2007-4964 (WinImage 8.10 and earlier allows remote attackers to cause a denial of ...) NOT-FOR-US: WinImage CVE-2007-4965 (Multiple integer overflows in the imageop module in Python 2.5.1 and ...) BUG: 192876 CVE-2007-4966 (SQL injection vulnerability in www/people/editprofile.php in GForge ...) NOT-FOR-US: GForge CVE-2007-4967 (Online Armor Personal Firewall 2.0.1.215 does not properly validate ...) NOT-FOR-US: Online Armor Personal Firewall CVE-2007-4968 (Privatefirewall 5.0.14.2 does not properly validate certain parameters ...) NOT-FOR-US: Privatefirewall CVE-2007-4969 (Process Monitor 1.22 does not properly validate certain parameters to ...) NOT-FOR-US: Process Monitor CVE-2007-4970 (ProcessGuard 3.410 does not properly validate certain parameters to ...) NOT-FOR-US: ProcessGuard CVE-2007-4971 (ProSecurity 1.40 Beta 2 does not properly validate certain parameters ...) NOT-FOR-US: h CVE-2007-4972 (RegMon 7.04 does not properly validate certain parameters to System ...) NOT-FOR-US: RegMon CVE-2007-4973 RESERVED CVE-2007-4974 (Heap-based buffer overflow in the flac_buffer_copy function in ...) BUG: 192834 CVE-2007-4975 (Cross-site scripting (XSS) vulnerability in hilfe.php in b1gMail 6.3.1 ...) NOT-FOR-US: b1gMail CVE-2007-4976 (Directory traversal vulnerability in viewlog.php in Coppermine Photo ...) BUG: 192869 CVE-2007-4977 (Cross-site scripting (XSS) vulnerability in mode.php in Coppermine ...) BUG: 192869 CVE-2007-4978 (Multiple PHP remote file inclusion vulnerabilities in phpSyncML 0.1.2 ...) NOT-FOR-US: phpSyncML CVE-2007-4979 (SQL injection vulnerability in index.php in the sondages module in ...) NOT-FOR-US: KwsPHP CVE-2007-4980 (The readRequest method in org/gcaldaemon/core/http/HTTPListener.java ...) NOT-FOR-US: GCALDaemon CVE-2007-4981 (Cross-site scripting (XSS) vulnerability in the save function in ...) NOT-FOR-US: Obedit CVE-2007-4982 (Multiple absolute path traversal vulnerabilities in the ...) NOT-FOR-US: QRCode CVE-2007-4983 (Directory traversal vulnerability in the JetAudio.Interface.1 ActiveX ...) NOT-FOR-US: jetAudio CVE-2007-4984 (SQL injection vulnerability in index.php in the Ktauber.com StylesDemo ...) NOT-FOR-US: Ktauber.com StylesDemo CVE-2007-4985 (ImageMagick before 6.3.5-9 allows context-dependent attackers to cause ...) BUG: 186030 CVE-2007-4986 (Multiple integer overflows in ImageMagick before 6.3.5-9 allow ...) BUG: 186030 CVE-2007-4987 (Off-by-one error in the ReadBlobString function in blob.c in ...) BUG: 186030 CVE-2007-4988 (Sign extension error in the ReadDIBImage function in ImageMagick ...) BUG: 186030 CVE-2007-4989 REJECTED CVE-2007-4990 (The swap_char2b function in X.Org X Font Server (xfs) before 1.0.5 ...) BUG: 194606 CVE-2007-4991 (The SOCKS4 Proxy in Microsoft Internet Security and Acceleration (ISA) ...) NOT-FOR-US: Microsoft Internet Security and Acceleration CVE-2007-4992 (Stack-based buffer overflow in the process_packet function in ...) BUG: 195569 CVE-2007-4993 (pygrub (tools/pygrub/src/GrubConf.py) in Xen 3.0.3, when booting a ...) BUG: 193808 CVE-2007-4994 (Certificate Server 7.2 in Red Hat Certificate System (RHCS) does not ...) NOT-FOR-US: RHCS CVE-2007-4995 (Off-by-one error in the DTLS implementation in OpenSSL 0.9.8 before ...) BUG: 195634 CVE-2007-4996 (libpurple in Pidgin before 2.2.1 does not properly handle MSN nudge ...) BUG: 194278 CVE-2007-4997 (Integer underflow in the ieee80211_rx function in ...) BUG: 196862 CVE-2007-4998 (cp, when running with an option to preserve symlinks on multiple OSes, ...) NOT-FOR-US: No current implementations (coreutils, busybox) are affected CVE-2007-4999 (libpurple in Pidgin 2.1.0 through 2.2.1, when using HTML logging, ...) BUG: 197580 CVE-2007-5000 (Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in ...) BUG: 202327 CVE-2007-5001 (Linux kernel before 2.4.21 allows local users to cause a denial of ...) NOTE: Linux 2.4 only CVE-2007-5002 RESERVED CVE-2007-5003 (Multiple stack-based buffer overflows in CA (Computer Associates) ...) NOT-FOR-US: Computer Associates BrightStor ARCserve Backup Laptops_Desktops CVE-2007-5004 (Integer overflow in CA (Computer Associates) BrightStor ARCserve ...) NOT-FOR-US: Computer Associates BrightStor ARCserve Backup Laptops_Desktops CVE-2007-5005 (Directory traversal vulnerability in rxRPC.dll in CA (Computer ...) NOT-FOR-US: Computer Associates BrightStor ARCserve Backup Laptops_Desktops CVE-2007-5006 (Multiple command handlers in CA (Computer Associates) BrightStor ...) NOT-FOR-US: Computer Associates BrightStor ARCserve Backup Laptops_Desktops CVE-2007-5007 (Stack-based buffer overflow in the ir_fetch_seq function in balsa ...) BUG: 193179 CVE-2007-5008 (The logins command in HP-UX B.11.31, B.11.23, and B.11.11 does not ...) NOT-FOR-US: HP-UX CVE-2007-5009 (PHP remote file inclusion vulnerability in ...) NOTE: phpbb plus only CVE-2007-5010 (Cross-site scripting (XSS) vulnerability in WebBatch allows remote ...) NOT-FOR-US: WebBatch CVE-2007-5011 (webbatch.exe in WebBatch allows remote attackers to obtain sensitive ...) NOT-FOR-US: WebBatch CVE-2007-5012 (Cross-site scripting (XSS) vulnerability in picture.php in ...) NOT-FOR-US: PhpWebGallery CVE-2007-5013 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) NOT-FOR-US: Phormer CVE-2007-5014 (Multiple PHP remote file inclusion vulnerabilities in pSlash 0.70 ...) NOT-FOR-US: pSlash CVE-2007-5015 (Multiple PHP remote file inclusion vulnerabilities in Streamline PHP ...) NOT-FOR-US: Streamline PHP CVE-2007-5016 (SQL injection vulnerability in userreviews.php in OneCMS 2.4 allows ...) NOT-FOR-US: OneCMS CVE-2007-5017 (Absolute path traversal vulnerability in a certain ActiveX control in ...) NOT-FOR-US: Yahoo! ActiveX CVE-2007-5018 (Stack-based buffer overflow in IMAPD in Mercury/32 4.52 allows remote ...) NOT-FOR-US: Mercury/32 CVE-2007-5019 (Buffer overflow in the Sun Java Web Start ActiveX control in Java ...) NOT-FOR-US: Sun Java Web Start CVE-2007-5020 (Unspecified vulnerability in Adobe Acrobat and Reader 8.1 on Windows ...) NOT-FOR-US: Adobe Acrobat Windows only CVE-2007-5021 REJECTED NOT-FOR-US: IBM Tivoli Storage Manager CVE-2007-5022 (Unspecified vulnerability in certain IBM Tivoli Storage Manager (TSM) ...) NOT-FOR-US: IBM Tivoli Storage Manager CVE-2007-5023 (Unquoted Windows search path vulnerability in EMC VMware Workstation ...) BUG: 193196 CVE-2007-5024 (EMC VMware Server before 1.0.4 Build 56528 writes passwords in ...) BUG: 193196 CVE-2007-5025 (Unspecified vulnerability in EMC VMware ACE before 1.0.3 Build 54075 ...) NOT-FOR-US: VMware ACE CVE-2007-5026 (dBlog CMS, probably 2.0, stores sensitive information under the web ...) NOT-FOR-US: dBlog CMS CVE-2007-5027 (Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/ddns in ...) NOT-FOR-US: WBR3404TX broadband router CVE-2007-5028 (Dibbler 0.6.0 on Linux uses weak world-writable permissions for ...) BUG: 166013 CVE-2007-5029 (Dibbler 0.6.0 does not verify that certain length parameters are ...) BUG: 166013 CVE-2007-5030 (Multiple integer overflows in Dibbler 0.6.0 allow remote attackers to ...) BUG: 166013 CVE-2007-5031 (The TSrvOptIA_NA::rebind method in SrvOptions/SrvOptIA_NA.cpp in ...) BUG: 166013 CVE-2007-5032 (Cross-site request forgery (CSRF) vulnerability in admin.php in ...) NOT-FOR-US: PHP-Nuke CVE-2007-5033 (Cross-site scripting (XSS) vulnerability in profile.php in phpBB XS 2 ...) NOTE: phpbb not supported CVE-2007-5034 (ELinks before 0.11.3, when sending a POST request for an https URL, ...) BUG: 189954 CVE-2007-5035 (** DISPUTED ** ...) NOT-FOR-US: openEngine CVE-2007-5036 (Multiple buffer overflows in the AirDefense Airsensor M520 with ...) NOT-FOR-US: AirDefense Airsensor M520 CVE-2007-5037 (Buffer overflow in the inotifytools_snprintf function in ...) BUG: 193173 CVE-2007-5038 (The offer_account_by_email function in User.pm in the WebService for ...) BUG: 193062 CVE-2007-5039 (Ghost Security Suite beta 1.110 does not properly validate certain ...) NOT-FOR-US: Ghost Security Suite CVE-2007-5040 (Ghost Security Suite alpha 1.200 does not properly validate certain ...) NOT-FOR-US: Ghost Security Suite CVE-2007-5041 (G DATA InternetSecurity 2007 does not properly validate certain ...) NOT-FOR-US: G DATA InternetSecurity CVE-2007-5042 (Outpost Firewall Pro 4.0.1025.7828 does not properly validate certain ...) NOT-FOR-US: Outpost Firewall Pro CVE-2007-5043 (Kaspersky Internet Security 7.0.0.125 does not properly validate ...) NOT-FOR-US: Kaspersky Internet Security CVE-2007-5044 (ZoneAlarm Pro 7.0.362.000 does not properly validate certain ...) NOT-FOR-US: ZoneAlarm Pro CVE-2007-5045 (Argument injection vulnerability in Apple QuickTime 7.1.5 and earlier, ...) NOT-FOR-US: Apple QuickTime + Mozilla Firefox CVE-2007-5046 (Cross-site scripting (XSS) vulnerability in the Webmail interface for ...) NOT-FOR-US: IceWarp Merak Mail Server CVE-2007-5047 (Norton Internet Security 2008 15.0.0.60 does not properly validate ...) NOT-FOR-US: Norton Internet Security CVE-2007-5048 (Heap-based buffer overflow in Lhaplus before 1.55 allows remote ...) NOT-FOR-US: Lhaplus CVE-2007-5049 REJECTED CVE-2007-5050 (Directory traversal vulnerability in index.php in Neuron News 1.0 ...) NOT-FOR-US: Neuron News CVE-2007-5051 (Multiple cross-site scripting (XSS) vulnerabilities in PhpGedView ...) NOT-FOR-US: PhpGedView CVE-2007-5052 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) NOT-FOR-US: Vigile CMS CVE-2007-5053 (Multiple incomplete blacklist vulnerabilities in iziContents 1 RC6 and ...) NOT-FOR-US: iziContents CVE-2007-5054 (Multiple PHP remote file inclusion vulnerabilities in iziContents 1 ...) NOT-FOR-US: iziContents CVE-2007-5055 (Multiple directory traversal vulnerabilities in iziContents 1 RC6 and ...) NOT-FOR-US: iziContents CVE-2007-5056 (Eval injection vulnerability in adodb-perf-module.inc.php in ADOdb ...) NOT-FOR-US: CMS Made SimpleCMS Made Simple CVE-2007-5057 (NetSupport Manager Client before 10.20.0004 allows remote attackers to ...) NOT-FOR-US: NetSupport Manager Client CVE-2007-5058 (Cross-site scripting (XSS) vulnerability in the Web administration ...) NOT-FOR-US: Barracuda Spam Firewall CVE-2007-5059 (Multiple cross-site scripting (XSS) vulnerabilities in GreenSQL allow ...) NOT-FOR-US: GreenSQL CVE-2007-5060 (Cross-site request forgery (CSRF) vulnerability in the cpass ...) NOT-FOR-US: XCMS CVE-2007-5061 (SQL injection vulnerability in mods/banners/navlist.php in Clansphere ...) NOT-FOR-US: Clansphere CVE-2007-5062 (account.php in Adam Scheinberg Flip 3.0 and earlier allows remote ...) NOT-FOR-US: Flip CVE-2007-5063 (Adam Scheinberg Flip 3.0 and earlier stores sensitive information ...) NOT-FOR-US: Flip CVE-2007-5064 (Buffer overflow in a certain ActiveX control in Xunlei Web Thunder ...) NOT-FOR-US: Xunlei Web Thunder CVE-2007-5065 (PHP remote file inclusion vulnerability in admin.slideshow1.php in the ...) NOT-FOR-US: Joomla Flash Slide Show CVE-2007-5066 (Unspecified vulnerability in Webmin before 1.370 on Windows allows ...) NOT-FOR-US: Webmin on Windows CVE-2007-5067 (Multiple buffer overflows in iMatix Xitami Web Server 2.5c2 allow ...) NOT-FOR-US: iMatix Xitami Web Server CVE-2007-5068 (SQL injection vulnerability in index.php in phpFullAnnu (PFA) 6.0 ...) NOT-FOR-US: phpFullAnnu CVE-2007-5069 (Directory traversal vulnerability in data/compatible.php in the Nuke ...) NOT-FOR-US: PHP-Nuke CVE-2007-5070 (Heap-based buffer overflow in the EasyMailMessagePrinter ActiveX ...) NOT-FOR-US: EasyMailMessagePrinter CVE-2007-5071 (Incomplete blacklist vulnerability in upload_img_cgi.php in Simple PHP ...) NOT-FOR-US: Simple PHP Blog CVE-2007-5072 (Multiple cross-site scripting (XSS) vulnerabilities in Simple PHP Blog ...) NOT-FOR-US: Simple PHP Blog CVE-2007-5073 RESERVED CVE-2007-5074 RESERVED CVE-2007-5075 RESERVED CVE-2007-5076 RESERVED CVE-2007-5077 RESERVED CVE-2007-5078 (Multiple cross-site scripting (XSS) vulnerabilities in eGov Manager ...) NOT-FOR-US: eGov CVE-2007-5079 (Red Hat Enterprise Linux 4 does not properly compile and link gdm with ...) NOTE: We link this correctly. CVE-2007-5080 (Integer overflow in RealNetworks RealPlayer 10 and 10.5, RealOne ...) NOTE: Linux not affected. CVE-2007-5081 (Heap-based buffer overflow in RealNetworks RealPlayer 8, 10, 10.1, and ...) NOTE: 10.0.9 already stable CVE-2007-5082 (Multiple stack-based buffer overflows in Computer Associates (CA) ...) NOT-FOR-US: Computer Associates BrightStor Hierarchical Storage Manager CVE-2007-5083 (Multiple integer overflows in Computer Associates (CA) BrightStor ...) NOT-FOR-US: Computer Associates BrightStor Hierarchical Storage Manager CVE-2007-5084 (Multiple SQL injection vulnerabilities in Computer Associates (CA) ...) NOT-FOR-US: Computer Associates BrightStor Hierarchical Storage Manager CVE-2007-5085 (Unspecified vulnerability in the management EJB (MEJB) in Apache ...) NOT-FOR-US: Apache Software Foundation Geronimo CVE-2007-5086 (Kaspersky Anti-Virus (KAV) and Internet Security 7.0 build 125 do not ...) NOT-FOR-US: Kaspersky Anti-Virus CVE-2007-5087 (The ATM module in the Linux kernel before 2.4.35.3, when CLIP support ...) NOTE: Kernel 2.4 CVE-2007-5088 (Cross-site scripting (XSS) vulnerability in search/cust_bill_event.cgi ...) NOT-FOR-US: sisd Freeside CVE-2007-5089 (PHP remote file inclusion vulnerability in php-inc/log.inc.php in ...) NOT-FOR-US: sk.log CVE-2007-5090 (Unspecified vulnerability in IBM Rational ClearQuest (CQ), when a ...) NOT-FOR-US: IBM Rational CVE-2007-5091 (Multiple cross-site scripting (XSS) vulnerabilities in eGroupWare ...) BUG: 193960 CVE-2007-5092 (Directory traversal vulnerability in index.php in the Dance Music ...) NOT-FOR-US: phpNuke CVE-2007-5093 (The disconnect method in the Philips USB Webcam (pwc) driver in Linux ...) NOTE: Newer kernel going stable already CVE-2007-5094 (Heap-based buffer overflow in iaspam.dll in the SMTP Server in ...) NOT-FOR-US: Ipswitch IMail CVE-2007-5095 (Microsoft Windows Media Player (WMP) 9 on Windows XP SP2 invokes ...) NOT-FOR-US: Windows Media Player CVE-2007-5096 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: guanxiCRM Business Solution CVE-2007-5097 (** DISPUTED ** ...) NOT-FOR-US: Online Fantasy Football League CVE-2007-5098 (Multiple PHP remote file inclusion vulnerabilities in DFD Cart 1.1.4 ...) NOT-FOR-US: DFD Cart CVE-2007-5099 (PHP remote file inclusion vulnerability in show.php in David Watters ...) NOT-FOR-US: Helplink CVE-2007-5100 (Multiple PHP remote file inclusion vulnerabilities in phpBB Plus 1.53, ...) NOT-FOR-US: phpBB Plus CVE-2007-5101 (ChironFS before 1.0 RC7 sets user/group ownership to the mounter ...) NOT-FOR-US: ChironFS CVE-2007-5102 (PHP remote file inclusion vulnerability in config.inc.php in Wordsmith ...) NOT-FOR-US: Wordsmith CVE-2007-5103 (Directory traversal vulnerability in config.inc.php in Wordsmith 1.0 ...) NOT-FOR-US: Wordsmith CVE-2007-5104 (SQL injection vulnerability in index.php in the Arcade module in bcoos ...) NOT-FOR-US: bcoos CVE-2007-5105 (Cross-site scripting (XSS) vulnerability in wp-register.php in ...) NOTE: WordPress 2.0 not in the tree anymore CVE-2007-5106 (Cross-site scripting (XSS) vulnerability in wp-register.php in ...) NOTE: WordPress 2.0 not in the tree anymore CVE-2007-5107 (Stack-based buffer overflow in the AskJeevesToolBar.SettingsPlugin.1 ...) NOT-FOR-US: Ask Toolbar CVE-2007-5108 (Unspecified vulnerability in IAC Search & Media ask.com toolbar has ...) NOT-FOR-US: ask.com toolbar CVE-2007-5109 (Cross-site request forgery (CSRF) vulnerability in index.php in ...) NOT-FOR-US: FlatNuke CVE-2007-5110 (Absolute path traversal vulnerability in the ...) NOT-FOR-US: ebCrypt CVE-2007-5111 (A certain ActiveX control in EBCRYPT.DLL 2.0 in EB Design ebCrypt ...) NOT-FOR-US: ebCrypt CVE-2007-5112 (Cross-site scripting (XSS) vulnerability in session.cgi (aka the login ...) NOT-FOR-US: Google Urchin CVE-2007-5113 (report.cgi in Google Urchin allows remote attackers to bypass ...) NOT-FOR-US: Google Urchin CVE-2007-5114 (** DISPUTED ** ...) NOT-FOR-US: phpMyProfiler CVE-2007-5115 (Multiple PHP remote file inclusion vulnerabilities in Ekke Doerre ...) NOT-FOR-US: Mods 4 Xoops Contenido eZ publish CVE-2007-5116 (Buffer overflow in the polymorphic opcode support in the Regular ...) BUG: 198196 CVE-2007-5117 (Multiple PHP remote file inclusion vulnerabilities in FrontAccounting ...) NOT-FOR-US: FrontAccounting CVE-2007-5118 (Unspecified vulnerability in the HID (Human Interface Device) class ...) NOT-FOR-US: Sun Solaris CVE-2007-5119 (JSPWiki 2.4.103 and 2.5.139-beta allows remote attackers to obtain ...) NOT-FOR-US: JSPWiki CVE-2007-5120 (Multiple cross-site scripting (XSS) vulnerabilities in JSPWiki 2.4.103 ...) NOT-FOR-US: JSPWiki CVE-2007-5121 (Cross-site scripting (XSS) vulnerability in JSPWiki 2.5.139-beta ...) NOT-FOR-US: JSPWiki CVE-2007-5122 (SQL injection vulnerability in store_info.php in SoftBiz Classifieds ...) NOT-FOR-US: SoftBiz Classifieds PLUS CVE-2007-5123 (SQL injection vulnerability in notas.asp in Novus 1.0 allows remote ...) NOT-FOR-US: Novus CVE-2007-5124 (The embedded Internet Explorer server control in AOL Instant Messenger ...) NOT-FOR-US: AOL Instant Messenger CVE-2007-5125 REJECTED NOT-FOR-US: NukeSentinel CVE-2007-5126 (Unspecified vulnerability in the client in Symantec Veritas Backup ...) NOT-FOR-US: Symantec Veritas Backup Exec CVE-2007-5127 (Multiple cross-site scripting (XSS) vulnerabilities in SimpGB 1.46.02 ...) NOT-FOR-US: SimpGB CVE-2007-5128 (SimpNews 2.41.03 on Windows, when PHP before 5.0.0 is used, allows ...) NOT-FOR-US: SimpNews CVE-2007-5129 (SimpGB 1.46.02 stores sensitive information under the web root with ...) NOT-FOR-US: SimpGB CVE-2007-5130 (SimpGB 1.46.02 allows remote attackers to obtain sensitive information ...) NOT-FOR-US: SimpGB CVE-2007-5131 (SQL injection vulnerability in index.php in Interspire ActiveKB NX 2.x ...) NOT-FOR-US: Interspire ActiveKB CVE-2007-5132 (Race condition in the kernel in Sun Solaris 8 through 10 allows local ...) NOT-FOR-US: Sun Solaris CVE-2007-5133 (Microsoft Windows Explorer (explorer.exe) allows user-assisted remote ...) NOT-FOR-US: Microsoft Windows Explorer CVE-2007-5134 (Cisco Catalyst 6500 and Cisco 7600 series devices use 127/8 IP ...) NOT-FOR-US: Cisco Catalyst 6500 CVE-2007-5135 (Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL ...) BUG: 194039 BUG: 188799 BUG: 194039 CVE-2007-5136 (Cross-site scripting (XSS) vulnerability in DFD Cart 1.1.4 and earlier ...) NOT-FOR-US: DFD Cart CVE-2007-5137 (Buffer overflow in the ReadImage function in generic/tkImgGIF.c in Tcl ...) BUG: 192539 CVE-2007-5138 (PHP remote file inclusion vulnerability in forum/forum.php in ...) NOT-FOR-US: lustig cms CVE-2007-5139 (PHP remote file inclusion vulnerability in admin/include/header.php in ...) NOT-FOR-US: chupix CVE-2007-5140 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: IntegraMOD CVE-2007-5141 (SQL injection vulnerability in search.php in SiteX CMS 0.7.3 Beta ...) NOT-FOR-US: SiteX CVE-2007-5142 (Cross-site scripting (XSS) vulnerability in buscar.asp in Solidweb ...) NOT-FOR-US: Novus CVE-2007-5143 (F-Secure Anti-Virus for Windows Servers 7.0 64-bit edition allows ...) NOT-FOR-US: F Secure Anti Virus CVE-2007-5144 (Buffer overflow in the GDI engine in Windows Live Messenger, as used ...) NOT-FOR-US: Microsoft Windows Live Messenger CVE-2007-5145 (Multiple buffer overflows in system DLL files in Microsoft Windows XP, ...) NOT-FOR-US: Microsoft windows nt CVE-2007-5146 (Multiple PHP remote file inclusion vulnerabilities in dedi-group Der ...) NOT-FOR-US: Der Dirigent CVE-2007-5147 (Multiple PHP remote file inclusion vulnerabilities in Puzzle Apps CMS ...) NOT-FOR-US: Puzzle Apps CMS CVE-2007-5148 (** DISPUTED ** ...) NOT-FOR-US: FrontAccounting CVE-2007-5149 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: North Country Public Radio Public Media Manager CVE-2007-5150 (SQL injection vulnerability in the is_god function in ...) NOT-FOR-US: NukeScripts NukeSentinel CVE-2007-5151 (SQL injection vulnerability in the abget_admin function in ...) NOT-FOR-US: NukeScripts NukeSentinel CVE-2007-5152 (Sun Java System Access Manager 7.1, when installed in a Sun Java ...) NOT-FOR-US: Sun Java System Access Manager CVE-2007-5153 (Unspecified vulnerability in Sun Java System Access Manager 7.1, when ...) NOT-FOR-US: Sun Java System Access Manager CVE-2007-5154 (Session fixation vulnerability in Aipo and Aipo ASP 3.0.1.0 and ...) NOT-FOR-US: aimluck Aipo CVE-2007-5155 (IceGUI.DLL in ICEOWS 4.20b invokes a function with incorrect ...) NOT-FOR-US: iceows CVE-2007-5156 (Incomplete blacklist vulnerability in ...) NOT-FOR-US: FCKeditor CVE-2007-5157 (PHP remote file inclusion vulnerability in phfito-post.php in Alex ...) NOT-FOR-US: phpFidoNode CVE-2007-5158 (The focus handling for the onkeydown event in Microsoft Internet ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2007-5159 (The ntfs-3g package before 1.913-2.fc7 in Fedora 7, and an ntfs-3g ...) BUG: 194783 CVE-2007-5160 (Multiple PHP remote file inclusion vulnerabilities in Thierry Leriche ...) NOT-FOR-US: Restaurant Management System CVE-2007-5161 (Cross-zone scripting vulnerability in the internal browser in ...) NOT-FOR-US: i Systems Inc Feedreader CVE-2007-5162 (The connect method in lib/net/http.rb in the (1) Net::HTTP and (2) ...) BUG: 194236 CVE-2007-5163 (** DISPUTED ** ...) NOT-FOR-US: Nexty CVE-2007-5164 (** DISPUTED ** ...) NOT-FOR-US: UniversiBO CVE-2007-5165 (** DISPUTED ** ...) NOT-FOR-US: myIpacNG stats CVE-2007-5166 (Multiple PHP remote file inclusion vulnerabilities in SiteSys 1.0a ...) NOT-FOR-US: SiteSys CVE-2007-5167 (PHP remote file inclusion vulnerability in .systeme/fonctions.php in ...) NOT-FOR-US: phpLister CVE-2007-5168 (Multiple PHP remote file inclusion vulnerabilities in ClanLite ...) NOT-FOR-US: clanlite CVE-2007-5169 (Stack-based buffer overflow in MAIPM6.dll in Adobe PageMaker 7.0.1 and ...) NOT-FOR-US: Adobe Pagemaker CVE-2007-5170 (Unspecified vulnerability in the embedded service processor (SP) ...) NOT-FOR-US: Sun Embedded Lights Out Manager CVE-2007-5171 (Unspecified vulnerability in Quicksilver Forums before 1.4.1 allows ...) NOT-FOR-US: Quicksilver Forums CVE-2007-5172 (Quicksilver Forums before 1.4.1 allows remote attackers to obtain ...) NOT-FOR-US: Quicksilver Forums CVE-2007-5173 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Openid is not included by default CVE-2007-5174 (Directory traversal vulnerability in phpinc/news.php in actSite 1.56 ...) NOT-FOR-US: actSite CVE-2007-5175 (PHP remote file inclusion vulnerability lib/base.php in actSite 1.991 ...) NOT-FOR-US: actSite CVE-2007-5176 (Multiple cross-site scripting (XSS) vulnerabilities in GroupLink ...) NOT-FOR-US: grouplink eHelpDesk CVE-2007-5177 (SQL injection vulnerability in index.php in the MambAds (com_mambads) ...) BUG: 194727 CVE-2007-5178 (contrib/mx_glance_sdesc.php in the mx_glance 2.3.3 module for mxBB ...) NOT-FOR-US: mxBB MX Glance CVE-2007-5179 (Multiple cross-site scripting (XSS) vulnerabilities in iletisim.asp in ...) NOT-FOR-US: Y K Iletisim Formu CVE-2007-5180 (Multiple SQL injection vulnerabilities in Ohesa Emlak Portali allow ...) NOT-FOR-US: Ohesa Emlak Portali CVE-2007-5181 (SQL injection vulnerability in detay.asp in Netkamp Emlak Scripti ...) NOT-FOR-US: Netkamp Emlak Scripti CVE-2007-5182 (Cross-site scripting (XSS) vulnerability in mail.asp in Netkamp Emlak ...) NOT-FOR-US: Netkamp Emlak Scripti CVE-2007-5183 (Cross-site scripting (XSS) vulnerability in Mailbox.mws in ...) NOT-FOR-US: megasol OdysseySuite CVE-2007-5184 (Format string vulnerability in the SMBDirList function in dirlist.c in ...) NOT-FOR-US: SmbFTPD CVE-2007-5185 (Multiple PHP remote file inclusion vulnerabilities in phpWCMS XT 0.0.7 ...) NOT-FOR-US: phpwcms xt CVE-2007-5186 (PHP remote file inclusion vulnerability in index.php in Segue CMS ...) NOT-FOR-US: Segue CMS CVE-2007-5187 (SQL injection vulnerability in ...) NOT-FOR-US: PHP Fusion CVE-2007-5188 (Unspecified vulnerability in the XOOPS uploader class in Xoops ...) BUG: 194724 CVE-2007-5189 (Multiple SQL injection vulnerabilities in mes_add.php in x-script ...) NOT-FOR-US: x script GuestBook CVE-2007-5190 (Multiple cross-site scripting (XSS) vulnerabilities in Alcatel ...) NOT-FOR-US: Alcatel OmniVista CVE-2007-5191 (mount and umount in util-linux and loop-aes-utils call the setuid and ...) BUG: 195390 CVE-2007-5192 RESERVED CVE-2007-5193 (The default configuration for twiki 4.1.2 on Debian GNU/Linux, and ...) BUG: 194718 CVE-2007-5194 (The Chroot server in rMake 1.0.11 creates a /dev/zero device file with ...) BUG: 194550 CVE-2007-5195 (Unspecified vulnerability in the SSL implementation in Groupwise ...) NOT-FOR-US: SSL CVE-2007-5196 (Unspecified vulnerability in the SSL implementation in Groupwise ...) NOT-FOR-US: SSL CVE-2007-5197 (Buffer overflow in the Mono.Math.BigInteger class in Mono 1.2.5.1 and ...) BUG: 197067 CVE-2007-5198 (Buffer overflow in the redir function in check_http.c in Nagios ...) BUG: 194178 CVE-2007-5199 RESERVED CVE-2007-5200 (hugin, as used on various operating systems including SUSE openSUSE ...) BUG: 195996 CVE-2007-5201 (The FTP backend for Duplicity before 0.4.9 sends the password as a ...) NOTE: We don't use ncftp as the backend, so we're not affected. NOTE: ncftp 3.2.0 (current stable) also deletes argv[] password and user, so NOTE: it doesn't appear in `ps' CVE-2007-5202 RESERVED CVE-2007-5203 RESERVED CVE-2007-5204 RESERVED CVE-2007-5205 RESERVED CVE-2007-5206 RESERVED CVE-2007-5207 (guilt 0.27 allows local users to overwrite arbitrary files via a ...) NOT-FOR-US: guilt CVE-2007-5208 (hpssd in Hewlett-Packard Linux Imaging and Printing Project (hplip) ...) BUG: 195565 CVE-2007-5209 (Stack-based buffer overflow in DriveLock.exe in CenterTools DriveLock ...) NOT-FOR-US: CenterTools CVE-2007-5210 (Arbor Networks Peakflow SP before 3.5.1 patch 14, and 3.6.x before ...) NOT-FOR-US: Arbor CVE-2007-5211 (Multiple cross-site scripting (XSS) vulnerabilities in Arbor Networks ...) NOT-FOR-US: Arbor CVE-2007-5212 (Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 2100 ...) NOT-FOR-US: AXIS CVE-2007-5213 (Multiple cross-site request forgery (CSRF) vulnerabilities in the AXIS ...) NOT-FOR-US: AXIS CVE-2007-5214 (Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 2100 ...) NOT-FOR-US: AXIS CVE-2007-5215 (Multiple PHP remote file inclusion vulnerabilities in Jacob Hinkle ...) NOT-FOR-US: Jacob CVE-2007-5216 (Multiple PHP remote file inclusion vulnerabilities in eArk (e-Ark) 1.0 ...) NOT-FOR-US: eArk CVE-2007-5217 (Stack-based buffer overflow in the ADM4 ActiveX control in adm4.dll in ...) NOT-FOR-US: Altnet CVE-2007-5218 (Cross-site scripting (XSS) vulnerability in index.php in Don Barnes ...) NOT-FOR-US: Don CVE-2007-5219 (Directory traversal vulnerability in the CLAVSetting.CLSetting.1 ...) NOT-FOR-US: CLAVSetting CLSetting 1 CVE-2007-5220 (SQL injection vulnerability in catalog.asp in ASP Product Catalog ...) NOT-FOR-US: ASP Product Catalog CVE-2007-5221 (PHP remote file inclusion vulnerability in mail/childwindow.inc.php in ...) NOT-FOR-US: Poppawid CVE-2007-5222 (SQL injection vulnerability in index.php in MAXdev MDPro (MD-Pro) ...) NOT-FOR-US: MAXdev CVE-2007-5223 (Multiple unspecified vulnerabilities in AlstraSoft Affiliate Network ...) NOT-FOR-US: AlstraSoft CVE-2007-5224 (inc/exif.inc.php in Original Photo Gallery 0.11.2 and earlier allows ...) NOT-FOR-US: Original CVE-2007-5225 (Integer signedness error in FIFO filesystems (named pipes) on Sun ...) NOT-FOR-US: Named CVE-2007-5226 (irc_server.c in dircproxy 1.2.0 and earlier allows remote attackers to ...) BUG: 194923 CVE-2007-5227 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: BlackBoard CVE-2007-5228 (Cross-site scripting (XSS) vulnerability in the subscription ...) NOT-FOR-US: Drupal Project Issue Tracking CVE-2007-5229 (Cross-site request forgery (CSRF) vulnerability in the FeedBurner ...) NOT-FOR-US: FeedBurner CVE-2007-5230 (admin/upload_files.php in Zomplog 3.8.1 and earlier does not check for ...) NOT-FOR-US: Zomplog CVE-2007-5231 (Unrestricted file upload vulnerability in admin/upload_files.php in ...) NOT-FOR-US: Zomplog CVE-2007-5232 (Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and ...) BUG: 194711 CVE-2007-5233 (SQL injection vulnerability in index.php in Web Template Management ...) NOT-FOR-US: Web CVE-2007-5234 (PHP remote file inclusion vulnerability in upload/common/footer.php in ...) NOT-FOR-US: Ossigeno CVE-2007-5235 (Cross-site scripting (XSS) vulnerability in index.php in Uebimiau ...) NOT-FOR-US: Uebimiau CVE-2007-5236 (Java Web Start in Sun JDK and JRE 5.0 Update 12 and earlier, and SDK ...) NOTE: Windows only CVE-2007-5237 (Java Web Start in Sun JDK and JRE 6 Update 2 and earlier does not ...) BUG: 194711 CVE-2007-5238 (Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE ...) BUG: 194711 CVE-2007-5239 (Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE ...) BUG: 194711 CVE-2007-5240 (Visual truncation vulnerability in the Java Runtime Environment in Sun ...) BUG: 194711 CVE-2007-5241 (Buffer overflow in NET$CSMACD.EXE in HP OpenVMS 8.3 and earlier allows ...) NOT-FOR-US: HP CVE-2007-5242 (Unspecified vulnerability in (1) SYS$EI1000.EXE and (2) ...) NOT-FOR-US: 1 CVE-2007-5243 (Multiple stack-based buffer overflows in Borland InterBase LI 8.0.0.53 ...) NOT-FOR-US: Borland CVE-2007-5244 (Stack-based buffer overflow in Borland InterBase LI 8.0.0.53 through ...) NOT-FOR-US: Borland CVE-2007-5245 (Multiple stack-based buffer overflows in Firebird LI 1.5.3.4870 and ...) BUG: 195569 CVE-2007-5246 (Multiple stack-based buffer overflows in Firebird LI 2.0.0.12748 and ...) BUG: 195569 BUG: 190833 CVE-2007-5247 (Multiple format string vulnerabilities in the Monolith Lithtech ...) NOT-FOR-US: Monolith CVE-2007-5248 (Multiple format string vulnerabilities in the ID Software Doom 3 ...) BUG: 194607 CVE-2007-5249 (Multiple buffer overflows in the logging function in the Unreal ...) BUG: 194609 CVE-2007-5250 (The Windows dedicated server for the Unreal engine, as used by ...) BUG: 194609 CVE-2007-5251 (Multiple cross-site scripting (XSS) vulnerabilities in Helm 3.2.16 ...) NOT-FOR-US: Helm CVE-2007-5252 (Buffer overflow in NetSupport Manager (NSM) Client 10.00 and 10.20, ...) NOT-FOR-US: NetSupport Manager CVE-2007-5253 (c32web.exe in McMurtrey/Whitaker Cart32 before 6.4 allows remote ...) NOT-FOR-US: McMurtrey/Whitaker Cart32 CVE-2007-5254 (VirusBlokAda Vba32 AntiVirus 3.12.2 uses weak permissions ...) NOT-FOR-US: VirusBlokAda CVE-2007-5255 (Cross-site scripting (XSS) vulnerability in Google Mini Search ...) NOT-FOR-US: Google Mini Search Appliance CVE-2007-5256 (Multiple stack-based buffer overflows in FSD 2.052 d9 and earlier, and ...) NOT-FOR-US: FSD CVE-2007-5257 (Stack-based buffer overflow in the EDraw.OfficeViewer ActiveX control ...) NOT-FOR-US: EDraw CVE-2007-5258 (PHP remote file inclusion vulnerability in log.php in phpFreeLog alpha ...) NOT-FOR-US: phpFreeLog CVE-2007-5259 (Cross-site request forgery (CSRF) vulnerability in Ilient SysAid ...) NOT-FOR-US: SysAid CVE-2007-5260 (ASP-CMS 1.0 stores sensitive information under the web root with ...) NOT-FOR-US: ASP CMS CVE-2007-5261 (Multiple SQL injection vulnerabilities in MultiCart 1.0 allow remote ...) NOT-FOR-US: MultiCart CVE-2007-5262 (Multiple format string vulnerabilities in Battlefront Dropteam 1.3.3 ...) NOT-FOR-US: Battlefront Dropteam CVE-2007-5263 (Multiple buffer overflows in Battlefront Dropteam 1.3.3 and earlier ...) NOT-FOR-US: Battlefront Dropteam CVE-2007-5264 (Battlefront Dropteam 1.3.3 and earlier sends the client's online ...) NOT-FOR-US: Battlefront Dropteam CVE-2007-5265 (Multiple format string vulnerabilities in websrv.cpp in Dawn of Time ...) NOT-FOR-US: dawnoftime Dawn of Time CVE-2007-5266 (Off-by-one error in ICC profile chunk handling in the png_set_iCCP ...) BUG: 195261 CVE-2007-5267 (Off-by-one error in ICC profile chunk handling in the png_set_iCCP ...) BUG: 195147 CVE-2007-5268 (pngrtran.c in libpng before 1.0.29 and 1.2.x before 1.2.21 use (1) ...) BUG: 195261 CVE-2007-5269 (Certain chunk handlers in libpng before 1.0.29 and 1.2.x before 1.2.21 ...) BUG: 195261 CVE-2007-5270 (Unspecified vulnerability in the Boost module before 4.7.x-1.0, and ...) NOT-FOR-US: bendiken Boost module for Drupal CVE-2007-5271 (Multiple PHP remote file inclusion vulnerabilities in Trionic Cite CMS ...) NOT-FOR-US: Trionic Cite CMS CVE-2007-5272 (SQL injection vulnerability in kategori.asp in Furkan Tastan Blog ...) NOT-FOR-US: Furkan Tastan Blog CVE-2007-5273 (Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and ...) BUG: 194711 CVE-2007-5274 (Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and ...) BUG: 194711 CVE-2007-5275 (The Adobe Macromedia Flash 9 plug-in allows remote attackers to cause ...) BUG: 193519 BUG: 204344 CVE-2007-5276 (Opera 9 drops DNS pins based on failed connections to irrelevant TCP ...) BUG: 195386 CVE-2007-5277 (Microsoft Internet Explorer 6 drops DNS pins based on failed ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2007-5278 (Zomplog 3.8.1 and earlier stores potentially sensitive information ...) NOT-FOR-US: Zomplog CVE-2007-5279 (Heap-based buffer overflow in ConeXware PowerArchiver before 10.20.21 ...) NOT-FOR-US: ConeXware PowerArchiver CVE-2007-5280 (Multiple cross-site scripting (XSS) vulnerabilities in messages.jsp in ...) NOT-FOR-US: AppFuse CVE-2007-5281 (The Java Secure Socket Extension (JSSE) in the Hitachi Cosminexus ...) NOT-FOR-US: Hitachi uCosminexus Service Platform CVE-2007-5282 (Hitachi Cosminexus Agent 03-00 through 03-05, and Cosminexus Library ...) NOT-FOR-US: Hitachi Cosminexus Library Web CVE-2007-5283 (The TSC Domain Manager in Hitachi TPBroker Object Transaction Monitor ...) NOT-FOR-US: Hitachi TPBroker Object Transaction Monitor CVE-2007-5284 REJECTED NOT-FOR-US: ConeXware PowerArchiver CVE-2007-5285 REJECTED NOT-FOR-US: AppFuse CVE-2007-5286 REJECTED NOT-FOR-US: Hitachi uCosminexus Service Platform CVE-2007-5287 REJECTED NOT-FOR-US: Hitachi Cosminexus Library Web CVE-2007-5288 REJECTED NOT-FOR-US: Hitachi TPBroker Object Transaction Monitor CVE-2007-5289 (HP Mercury Quality Center (QC) 9.2 and earlier, and possibly ...) NOT-FOR-US: hp testdirector CVE-2007-5290 (Multiple cross-site scripting (XSS) vulnerabilities in MailBee WebMail ...) NOT-FOR-US: AfterLogic MailBee WebMail CVE-2007-5291 (Cross-site scripting (XSS) vulnerability in Edit.asp in DB Manager 2.0 ...) NOT-FOR-US: Daniel Broadbent DB Manager CVE-2007-5292 (Cross-site scripting (XSS) vulnerability in photos.cfm in Directory ...) NOT-FOR-US: splitside Directory Image Gallery CVE-2007-5293 (Multiple cross-site scripting (XSS) vulnerabilities in IDMOS 1.0-beta ...) NOT-FOR-US: IDMOS CVE-2007-5294 (PHP remote file inclusion vulnerability in core/aural.php in IDMOS ...) NOT-FOR-US: IDMOS CVE-2007-5295 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) NOT-FOR-US: WikePage Opus CVE-2007-5296 (Multiple cross-site scripting (XSS) vulnerabilities in dblisttest.asp ...) NOT-FOR-US: Livio Siri dbList CVE-2007-5297 (Cross-site scripting (XSS) vulnerability in index.php in Minki 1.30 ...) NOT-FOR-US: Minki CVE-2007-5298 (Multiple PHP remote file inclusion vulnerabilities in CMS Creamotion ...) NOT-FOR-US: Creamotion CVE-2007-5299 (Multiple directory traversal vulnerabilities in SkaDate 5.0 and 6.0, ...) NOT-FOR-US: SkaDate Online Dating Software CVE-2007-5300 (Off-by-one error in the do_login_loop function in ...) NOT-FOR-US: wzdftpd CVE-2007-5301 (Buffer overflow in the vorbis_stream_info function in ...) BUG: 195308 CVE-2007-5302 (Multiple cross-site scripting (XSS) vulnerabilities in HP System ...) NOT-FOR-US: HP UX CVE-2007-5303 (Cross-site scripting (XSS) vulnerability in news_page.php in SnewsCMS ...) NOT-FOR-US: SnewsCMS Rus CVE-2007-5304 (Multiple cross-site scripting (XSS) vulnerabilities in ELSEIF CMS Beta ...) NOT-FOR-US: Yannick Tanguy Else If CMS CVE-2007-5305 (Multiple PHP remote file inclusion vulnerabilities in ELSEIF CMS Beta ...) NOT-FOR-US: Yannick Tanguy Else If CMS CVE-2007-5306 (ELSEIF CMS Beta 0.6 allows remote attackers to obtain sensitive ...) NOT-FOR-US: Yannick Tanguy Else If CMS CVE-2007-5307 (ELSEIF CMS Beta 0.6 does not properly unset variables when the input ...) NOT-FOR-US: Yannick Tanguy Else If CMS CVE-2007-5308 (SQL injection vulnerability in galerie.php in PHP Homepage M (phpHPm) ...) NOT-FOR-US: PHP Homepage M CVE-2007-5309 (PHP remote file inclusion vulnerability in admin.wmtgallery.php in the ...) NOT-FOR-US: webmaster tips net Flash Image Gallery CVE-2007-5310 (PHP remote file inclusion vulnerability in admin.wmtportfolio.php in ...) NOT-FOR-US: webmaster tips net Flash Image Gallery CVE-2007-5311 (Directory traversal vulnerability in backend/admin-functions.php in ...) NOT-FOR-US: TorrentTrader CVE-2007-5312 (Cross-site scripting (XSS) vulnerability in TorrentTrader Classic 1.07 ...) NOT-FOR-US: TorrentTrader CVE-2007-5313 (PHP remote file inclusion vulnerability in install/config.php in ...) NOT-FOR-US: Script solution de Picturesolution CVE-2007-5314 (PHP remote file inclusion vulnerability in system/funcs/xkurl.php in ...) NOT-FOR-US: xKiosk WEB CVE-2007-5315 (PHP remote file inclusion vulnerability in common.php in LiveAlbum ...) NOT-FOR-US: Softpedia LiveAlbum CVE-2007-5316 (SQL injection vulnerability in browsecats.php in Softbiz Jobs and ...) NOT-FOR-US: softbizscripts Softbiz Jobs and Recruitment Script CVE-2007-5317 REJECTED NOT-FOR-US: splitside Directory Image Gallery CVE-2007-5318 (Unspecified vulnerability in preview.php in TYPOlight webCMS 2.4.6 ...) NOT-FOR-US: TYPOlight webCMS CVE-2007-5319 (Unspecified vulnerability in the vuidmice STREAMS modules in Sun ...) NOT-FOR-US: Sun Solaris CVE-2007-5320 (Multiple absolute path traversal vulnerabilities in Pegasus Imaging ...) NOT-FOR-US: Pegasus Imaging ImagXpress CVE-2007-5321 (Directory traversal vulnerability in index.php in Verlihub Control ...) NOT-FOR-US: Verlihub Project Verlihub Control Panel CVE-2007-5322 (Insecure method vulnerability in the FPOLE.OCX 6.0.8450.0 ActiveX ...) NOT-FOR-US: Microsoft Visual Fox Pro CVE-2007-5323 (The RepliStor Server Service in EMC Replistor 6.1.3 allows remote ...) NOT-FOR-US: EMC Replistor CVE-2007-5324 REJECTED CVE-2007-5325 (Multiple buffer overflows in (1) the Message Engine and (2) AScore.dll ...) NOT-FOR-US: Computer Associates BrightStor Enterprise Backup CVE-2007-5326 (Multiple buffer overflows in (1) RPC and (2) rpcx.dll in CA BrightStor ...) NOT-FOR-US: CA BrightStor ARCserve Backup CVE-2007-5327 (Stack-based buffer overflow in the RPC interface for the Message ...) NOT-FOR-US: Computer Associates BrightStor Enterprise Backup CVE-2007-5328 (The Message Engine RPC service in CA BrightStor ARCServe BackUp v9.01 ...) NOT-FOR-US: Computer Associates BrightStor Enterprise Backup CVE-2007-5329 (Unspecified vulnerability in dbasvr in CA BrightStor ARCServe BackUp ...) NOT-FOR-US: CA BrightStor ARCserve Backup CVE-2007-5330 (The cadbd RPC service in CA BrightStor ARCServe BackUp v9.01 through ...) NOT-FOR-US: Computer Associates BrightStor Enterprise Backup CVE-2007-5331 (Queue.dll for the message queuing service (LQserver.exe) in CA ...) NOT-FOR-US: CA BrightStor ARCserve Backup CVE-2007-5332 (Multiple unspecified vulnerabilities in (1) mediasvr and (2) caloggerd ...) NOT-FOR-US: Computer Associates BrightStor Enterprise Backup CVE-2007-5333 (Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 ...) BUG: 209410 CVE-2007-5334 (Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 can hide the ...) BUG: 196480 CVE-2007-5335 (Mozilla Firefox 2.0 before 2.0.0.8 allows remote attackers to obtain ...) BUG: 196480 CVE-2007-5336 REJECTED CVE-2007-5337 (Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5, when ...) BUG: 196480 CVE-2007-5338 (Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allow remote ...) BUG: 196480 CVE-2007-5339 (Multiple vulnerabilities in Mozilla Firefox before 2.0.0.8, ...) BUG: 196481 BUG: 196480 CVE-2007-5340 (Multiple vulnerabilities in the Javascript engine in Mozilla Firefox ...) BUG: 196481 BUG: 196480 CVE-2007-5341 RESERVED CVE-2007-5342 (The default catalina.policy in the JULI logging component in Apache ...) BUG: 203169 CVE-2007-5343 RESERVED CVE-2007-5344 (Microsoft Internet Explorer 5.01 through 7 allows remote attackers to ...) NOT-FOR-US: Microsoft CVE-2007-5345 RESERVED CVE-2007-5346 RESERVED CVE-2007-5347 (Microsoft Internet Explorer 5.01 through 7 allows remote attackers to ...) NOT-FOR-US: Microsoft CVE-2007-5348 (Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows ...) NOT-FOR-US: microsoft windows nt CVE-2007-5349 RESERVED CVE-2007-5350 (Unspecified vulnerability in the Windows Advanced Local Procedure Call ...) NOT-FOR-US: Windows CVE-2007-5351 (Unspecified vulnerability in Server Message Block Version 2 (SMBv2) ...) NOT-FOR-US: Microsoft Vista CVE-2007-5352 (Unspecified vulnerability in Local Security Authority Subsystem ...) NOT-FOR-US: WindoZe CVE-2007-5353 RESERVED CVE-2007-5354 RESERVED CVE-2007-5355 (The Web Proxy Auto-Discovery (WPAD) feature in Microsoft Internet ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2007-5356 RESERVED CVE-2007-5357 RESERVED CVE-2007-5358 (Multiple buffer overflows in the voicemail functionality in Asterisk ...) NOTE: Asterisk 1.4.x is affected, we only have 1.2.x in the tree. CVE-2007-5359 RESERVED CVE-2007-5360 (Buffer overflow in OpenPegasus Management server, when compiled to use ...) NOT-FOR-US: OpenPegasus Management Server CVE-2007-5361 (The Communication Server in Alcatel-Lucent OmniPCX Enterprise 7.1 and ...) NOT-FOR-US: Alcatel Lucent OmniPCX CVE-2007-5362 (Multiple PHP remote file inclusion vulnerabilities in the Avant-Garde ...) NOT-FOR-US: ag solutions MOSMedia Lite CVE-2007-5363 (PHP remote file inclusion vulnerability in admin.panoramic.php in the ...) NOT-FOR-US: webmaster tips Panoramic Picture Viewer CVE-2007-5364 (** DISPUTED ** ...) NOT-FOR-US: ViArt Shopping Cart CVE-2007-5365 (Stack-based buffer overflow in the cons_options function in options.c ...) NOTE: The net-misc/dhcp 3.X branch is not affected (2.X is) CVE-2007-5366 (The Tomcat 4.1-based Servlet Service in Fujitsu Interstage Application ...) NOT-FOR-US: Fujitsu Interstage Application Server CVE-2007-5367 (Unspecified vulnerability in the Virtual File System (VFS) in Sun ...) NOT-FOR-US: Virtual CVE-2007-5368 (Multiple unspecified vulnerabilities in labeld in Trusted Extensions ...) NOT-FOR-US: labeld CVE-2007-5369 (The GetMagicNumberString function in Massive Entertainment World in ...) NOT-FOR-US: Massive CVE-2007-5370 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: NetWin CVE-2007-5371 (Multiple SQL injection vulnerabilities in mutate_content.dynamic.php ...) NOT-FOR-US: MODx CVE-2007-5372 (Multiple SQL injection vulnerabilities in (a) LedgerSMB 1.0.0 through ...) NOT-FOR-US: LedgerSMB CVE-2007-5373 (ldapscripts 1.4 and 1.7 sends a password as a command line argument ...) NOT-FOR-US: _changepassword CVE-2007-5374 (cp_memberedit.php in LightBlog 8.4.1.1 does not check for ...) NOT-FOR-US: LightBlog CVE-2007-5375 (Interpretation conflict in the Sun Java Virtual Machine (JVM) allows ...) NOTE: bug 224633 was only a test bug BUG: 246010 CVE-2007-5376 RESERVED CVE-2007-5377 (The (1) tramp-make-temp-file and (2) tramp-make-tramp-temp-file ...) BUG: 194713 CVE-2007-5378 (Buffer overflow in the FileReadGIF function in tkImgGIF.c for Tk ...) BUG: 195612 CVE-2007-5379 (Rails before 1.2.4, as used for Ruby on Rails, allows remote attackers ...) BUG: 195315 CVE-2007-5380 (Session fixation vulnerability in Rails before 1.2.4, as used for Ruby ...) BUG: 195315 CVE-2007-5381 (Stack-based buffer overflow in the Line Printer Daemon (LPD) in Cisco ...) NOT-FOR-US: Line CVE-2007-5382 (The conversion utility for converting CiscoWorks Wireless LAN Solution ...) NOT-FOR-US: conversion CVE-2007-5383 (The Thomson/Alcatel SpeedTouch 7G router, as used for the BT Home Hub ...) NOTE: Does not affect the GPL driver in the tree. CVE-2007-5384 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...) NOTE: Does not affect the GPL driver in the tree. CVE-2007-5385 (Multiple cross-site scripting (XSS) vulnerabilities in the ...) NOTE: Does not affect the GPL driver in the tree. CVE-2007-5386 (Cross-site scripting (XSS) vulnerability in scripts/setup.php in ...) BUG: 195707 CVE-2007-5387 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Pindorama CVE-2007-5388 (Multiple PHP remote file inclusion vulnerabilities in WebDesktop 0.1 ...) NOT-FOR-US: WebDesktop CVE-2007-5389 (** DISPUTED ** ...) NOT-FOR-US: Joomla CVE-2007-5390 (PHP remote file inclusion vulnerability in index.php in PicoFlat CMS ...) NOT-FOR-US: PicoFlat CMS CVE-2007-5391 (Unspecified vulnerability in HP Select Identity 4.01 through 4.01.010 ...) NOT-FOR-US: HP Select Identity CVE-2007-5392 (Integer overflow in the DCTStream::reset method in xpdf/Stream.cc in ...) BUG: 196735 CVE-2007-5393 (Heap-based buffer overflow in the CCITTFaxStream::lookChar method in ...) BUG: 196735 CVE-2007-5394 (Stack-based buffer overflow in AldFs32.dll in Adobe PageMaker 7.0.1 ...) NOT-FOR-US: Adobe PageMaker CVE-2007-5395 (Stack-based buffer overflow in the separate_word function in ...) BUG: 196803 CVE-2007-5396 (Format string vulnerability in the ext_yahoo_contact_added function in ...) NOT-FOR-US: Miranda Im Miranda IM CVE-2007-5397 (Heap-based buffer overflow in the activePDF Server service (aka ...) NOT-FOR-US: activepdf Server CVE-2007-5398 (Stack-based buffer overflow in the reply_netbios_packet function in ...) BUG: 197519 CVE-2007-5399 (Multiple heap-based buffer overflows in emlsr.dll in the EML reader in ...) NOT-FOR-US: Autonomy KeyView CVE-2007-5400 (Heap-based buffer overflow in the Shockwave Flash (SWF) frame handling ...) BUG: 232997 BUG: 232999 CVE-2007-5401 (Unrestricted file upload vulnerability in uploadrequest.asp in Layton ...) NOT-FOR-US: Layton CVE-2007-5402 (Multiple SQL injection vulnerabilities in Layton HelpBox 3.7.1 allow ...) NOT-FOR-US: Layton CVE-2007-5403 (Multiple cross-site scripting (XSS) vulnerabilities in Layton HelpBox ...) NOT-FOR-US: Layton CVE-2007-5404 (Layton HelpBox 3.7.1 generates different responses depending on ...) NOT-FOR-US: Layton CVE-2007-5405 (Multiple buffer overflows in kpagrdr.dll 2.0.0.2 and 10.3.0.0 in the ...) NOT-FOR-US: Symantec Mail Security CVE-2007-5406 (kpagrdr.dll 2.0.0.2 and 10.3.0.0 in the Applix Presents reader in ...) NOT-FOR-US: Symantec Mail Security CVE-2007-5407 (Multiple PHP remote file inclusion vulnerabilities in the ...) NOTE: This is an extension. CVE-2007-5408 (SQL injection vulnerability in category.php in cpDynaLinks 1.02 allows ...) NOT-FOR-US: cplinks cpDynaLinks CVE-2007-5409 (PHP remote file inclusion vulnerability in admin/nuseo_admin_d.php in ...) NOT-FOR-US: nuhit NuSEO PHP Enterprise CVE-2007-5410 (PHP remote file inclusion vulnerability in admin.wmtrssreader.php in ...) NOTE: This is an extension. CVE-2007-5411 (Cross-site scripting (XSS) vulnerability in the Linksys SPA941 VoIP ...) NOT-FOR-US: Linksys SPA941 CVE-2007-5412 (Multiple PHP remote file inclusion vulnerabilities in the Quoc-Huy MP3 ...) NOTE: This is an extension. CVE-2007-5413 (httpd.tkd in Radia Integration Server in Hewlett-Packard (HP) OpenView ...) NOT-FOR-US: HP OpenView Configuration Management CVE-2007-5414 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox before ...) BUG: 195978 CVE-2007-5415 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox 2.0, when ...) BUG: 195978 CVE-2007-5416 (Drupal 5.2 and earlier does not properly unset variables when the ...) BUG: 196116 CVE-2007-5417 (Directory traversal vulnerability in index.php in boastMachine (aka ...) NOT-FOR-US: BoastMachine CVE-2007-5418 (Multiple PHP remote file inclusion vulnerabilities in CARE2X 2G 2.2 ...) NOT-FOR-US: CARE2X 2G CVE-2007-5419 (The 3Com 3CRWER100-75 router with 1.2.10ww software, when enabling an ...) NOT-FOR-US: 3Com OfficeConnect Wireless 11g Cable_DSL Router CVE-2007-5420 (The 3Com 3CRWER100-75 router with 1.2.10ww software, when remote ...) NOT-FOR-US: 3Com OfficeConnect Wireless 11g Cable_DSL Router CVE-2007-5421 REJECTED NOT-FOR-US: Cisco CVE-2007-5422 (Unspecified vulnerability in "Solaris Auditing" in the Basic Security ...) NOT-FOR-US: Sun Solaris CVE-2007-5423 (tiki-graph_formula.php in TikiWiki 1.9.8 allows remote attackers to ...) BUG: 195503 CVE-2007-5424 (The disable_functions feature in PHP 4 and 5 allows attackers to ...) NOT-FOR-US: This is not a security issue. If one function has two names, you have to disable both. CVE-2007-5425 (SQL injection vulnerability in admin/index.php in Interspire ActiveKB ...) NOT-FOR-US: Interspire ActiveKB CVE-2007-5426 (Multiple cross-site scripting (XSS) vulnerabilities in ActiveKB NX ...) NOT-FOR-US: Interspire ActiveKB NX CVE-2007-5427 (Cross-site scripting (XSS) vulnerability in the com_search component ...) BUG: 195710 CVE-2007-5428 (Cross-site scripting (XSS) vulnerability in UMI CMS allows remote ...) NOT-FOR-US: umi cms UMI CMS CVE-2007-5429 (Cross-site scripting (XSS) vulnerability in index.php in Nucleus 3.01 ...) NOT-FOR-US: Nucleus CMS CVE-2007-5430 (Multiple SQL injection vulnerabilities in Stride 1.0 allow remote ...) NOT-FOR-US: scottmanktelow Stride CMS CVE-2007-5431 (include/imageupload.js in the MyFTPUploader module in Stride 1.0 ...) NOT-FOR-US: scottmanktelow Stride CVE-2007-5432 (Stride 1.0 has a default administrator username of "scott" with the ...) NOT-FOR-US: scottmanktelow Stride CMS CVE-2007-5433 (Multiple cross-site scripting (XSS) vulnerabilities in index.cgi in ...) NOT-FOR-US: siteup CVE-2007-5434 (Cross-site scripting (XSS) vulnerability in PRO-search 0.17.1 and ...) NOT-FOR-US: pro setun PRO search CVE-2007-5435 (Unspecified vulnerability in CA ERwin Process Modeler (formerly ...) NOT-FOR-US: Computer Associates ERwin Process Modeler CVE-2007-5436 (Buffer overflow in a certain ActiveX control in ScanObjectBrowser.DLL ...) NOT-FOR-US: gdata antivirus CVE-2007-5437 (The web console in CA (formerly Computer Associates) eTrust ITM ...) NOT-FOR-US: CA CVE-2007-5438 (Unspecified vulnerability in a certain ActiveX control in Reconfig.DLL ...) NOTE: .dll seems to be Windows-only. CVE-2007-5439 (CA (formerly Computer Associates) eTrust ITM (Threat Manager) 8.1 ...) NOT-FOR-US: log CVE-2007-5440 (** DISPUTED ** ...) NOT-FOR-US: CRS CVE-2007-5441 (CMS Made Simple 1.1.3.1 does not check the permissions assigned to ...) NOT-FOR-US: some CVE-2007-5442 (CMS Made Simple 1.1.3.1 does not check the permissions assigned to ...) NOT-FOR-US: CMS CVE-2007-5443 (Multiple cross-site scripting (XSS) vulnerabilities in CMS Made Simple ...) NOT-FOR-US: CMS CVE-2007-5444 (CMS Made Simple 1.1.3.1 allows remote attackers to obtain the full ...) NOT-FOR-US: CMS CVE-2007-5445 (Buffer overflow in the DB Software Laboratory VImpX (VImpAX1) ActiveX ...) NOT-FOR-US: DB CVE-2007-5446 (Absolute path traversal vulnerability in a certain ActiveX control in ...) NOT-FOR-US: PBEmail CVE-2007-5447 (ioncube_loader_win_5.2.dll in the ionCube Loader 6.5 extension for PHP ...) NOTE: .dll seems to be Windows-only. CVE-2007-5448 (Madwifi 0.9.3.2 and earlier allows remote attackers to cause a denial ...) BUG: 195705 CVE-2007-5449 (SQL injection vulnerability in searchresult.php in Softbiz Recipes ...) NOT-FOR-US: Softbiz CVE-2007-5450 (Unspecified vulnerability in Safari on the Apple iPod touch (aka ...) NOT-FOR-US: Safari CVE-2007-5451 (PHP remote file inclusion vulnerability in admin.color.php in the ...) NOTE: This is an extension. CVE-2007-5452 (Multiple SQL injection vulnerabilities in php-stats.recjs.php in ...) NOT-FOR-US: Php Stats CVE-2007-5453 (Multiple eval injection vulnerabilities in Php-Stats 0.1.9.2 allow ...) NOT-FOR-US: Php Stats CVE-2007-5454 (Directory traversal vulnerability in index.php in PHP File Sharing ...) NOT-FOR-US: PHP CVE-2007-5455 (Cross-site scripting (XSS) vulnerability in wxis.exe in WWWISIS 7.1 ...) NOT-FOR-US: WWWIsis CVE-2007-5456 (Microsoft Internet Explorer 7 and earlier allows remote attackers to ...) NOT-FOR-US: Microsoft CVE-2007-5457 (Multiple PHP remote file inclusion vulnerabilities in Michael Dempfle ...) NOTE: This is an extension. CVE-2007-5458 (SQL injection vulnerability in index.php in the newsletter module 1.0 ...) NOT-FOR-US: newsletter CVE-2007-5459 (Cross-site scripting (XSS) vulnerability in the sidebar HTML page in ...) NOTE: This is an extension. CVE-2007-5460 (Microsoft ActiveSync 4.1, as used in Windows Mobile 5.0, uses weak ...) NOT-FOR-US: Microsoft ActiveSync CVE-2007-5461 (Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through ...) BUG: 196066 CVE-2007-5462 (Unspecified vulnerability in the Sun Solaris RPC services library ...) NOT-FOR-US: Sun Solaris RPC services library (librpcsvc) CVE-2007-5463 (ideal_process.php in the iDEAL payment module in ViArt Shop 3.3 beta ...) NOT-FOR-US: ViArt Shop CVE-2007-5464 (Stack-based buffer overflow in Live for Speed 0.5X10 and earlier ...) NOT-FOR-US: LFS Live for speed CVE-2007-5465 (Directory traversal vulnerability in doop CMS 1.3.7 and earlier allows ...) NOT-FOR-US: mydoop doop CMS CVE-2007-5466 (Multiple buffer overflows in eXtremail 2.1.1 and earlier allow remote ...) NOT-FOR-US: eXtremail CVE-2007-5467 (Integer overflow in eXtremail 2.1.1 and earlier allows remote ...) NOT-FOR-US: eXtremail CVE-2007-5468 (Cisco CallManager 5.1.1.3000-5 does not verify the Digest ...) NOT-FOR-US: SIP CVE-2007-5469 (** DISPUTED ** ...) NOT-FOR-US: SIP CVE-2007-5470 (Microsoft Expression Media stores the catalog password in cleartext in ...) NOT-FOR-US: cleartext CVE-2007-5471 (libgssapi before 0.6-13.7, as used by the ISC BIND named daemon in ...) NOT-FOR-US: SUSE CVE-2007-5472 (Cross-site scripting (XSS) vulnerability in the Server component in CA ...) NOT-FOR-US: HIPS CVE-2007-5473 (StaticFileHandler.cs in System.Web in Mono before 1.2.5.2, when ...) NOTE: Windows-only CVE-2007-5474 (The driver for the Linksys WRT350N Wi-Fi access point with firmware ...) NOT-FOR-US: linksys wrt350n CVE-2007-5475 (Multiple buffer overflows in the Marvell wireless driver, as used in ...) NOT-FOR-US: marvell 88w8361p bem_chipset CVE-2007-5476 (Unspecified vulnerability in Adobe Flash Player 9.0.47.0 and earlier, ...) NOT-FOR-US: Opera on Mac OS X CVE-2007-5477 (Cross-site scripting (XSS) vulnerability in auth.w in djeyl.net WebMod ...) NOT-FOR-US: WebMod CVE-2007-5478 (Cross-site scripting (XSS) vulnerability in projects in Nabh ...) NOT-FOR-US: Stringbeans CVE-2007-5479 (Cross-site scripting (XSS) vulnerability in Search.asp in Xcomputer ...) NOT-FOR-US: Xcomputer CVE-2007-5480 (Multiple cross-site scripting (XSS) vulnerabilities in InnovaAge ...) NOT-FOR-US: InnovaShop CVE-2007-5481 (Distributed Checksum Clearinghouse (DCC) 1.3.65 allows remote ...) NOTE: We never had 1.3.65 in the tree, prior versions were not affected. CVE-2007-5482 (Unspecified vulnerability in the FTP service in Sun ...) NOT-FOR-US: Sun StorEdge/StorageTek CVE-2007-5483 (Unspecified vulnerability in the Administrative Scripting Tools (such ...) NOT-FOR-US: IBM WebSphere CVE-2007-5484 (Directory traversal vulnerability in wxis.exe in WWWISIS 7.1 allows ...) NOT-FOR-US: WWWISIS CVE-2007-5485 (SQL injection vulnerability in index.php in the mg2 1.0 module for ...) NOT-FOR-US: KwsPHP CVE-2007-5486 (dotProject before 2.1 does not properly check privileges when invoking ...) BUG: 196065 CVE-2007-5487 (Stack-based buffer overflow in COWON America jetAudio Basic 7.0.3 ...) NOT-FOR-US: jetAudio CVE-2007-5488 (Multiple SQL injection vulnerabilities in cdr_addon_mysql in ...) BUG: 196122 CVE-2007-5489 (Directory traversal vulnerability in index.php in Artmedic CMS 3.4 and ...) NOT-FOR-US: Artmedic CMS CVE-2007-5490 (SQL injection vulnerability in default.asp in Okul Otomasyon Portal ...) NOT-FOR-US: Okul Otomasyon Portal CVE-2007-5491 (Directory traversal vulnerability in the translation module ...) BUG: 195810 CVE-2007-5492 (Static code injection vulnerability in the translation module ...) BUG: 195810 CVE-2007-5493 (The SMS handler for Windows Mobile 2005 Pocket PC Phone edition allows ...) NOT-FOR-US: Microsoft Windows Mobile CVE-2007-5494 (Memory leak in the Red Hat Content Accelerator kernel patch in Red Hat ...) NOT-FOR-US: redhat enterprise_linux CVE-2007-5495 (sealert in setroubleshoot 2.0.5 allows local users to overwrite ...) NOT-FOR-US: setroubleshoot CVE-2007-5496 (Cross-site scripting (XSS) vulnerability in setroubleshoot 2.0.5 ...) NOT-FOR-US: setroubleshoot CVE-2007-5497 (Multiple integer overflows in libext2fs in e2fsprogs before 1.40.3 ...) BUG: 201546 CVE-2007-5498 (The Xen hypervisor block backend driver for Linux kernel 2.6.18, when ...) BUG: 220973 CVE-2007-5499 REJECTED CVE-2007-5500 (The wait_task_stopped function in the Linux kernel before 2.6.23.8 ...) BUG: 199691 CVE-2007-5501 (The tcp_sacktag_write_queue function in net/ipv4/tcp_input.c in Linux ...) BUG: 199312 CVE-2007-5502 (The PRNG implementation for the OpenSSL FIPS Object Module 1.1.1 does ...) NOT-FOR-US: OpenSSL Project FIPS Object Module CVE-2007-5503 (Multiple integer overflows in Cairo before 1.4.12 might allow remote ...) BUG: 200350 CVE-2007-5504 (Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+ and ...) NOT-FOR-US: Oracle Database CVE-2007-5505 (Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+, ...) NOT-FOR-US: Oracle Database CVE-2007-5506 (The Core RDBMS component in Oracle Database 9.0.1.5+, 9.2.0.8, ...) NOT-FOR-US: Oracle Database CVE-2007-5507 (The GIOP service in TNS Listener in the Oracle Net Services component ...) NOT-FOR-US: Oracle Database CVE-2007-5508 (Multiple SQL injection vulnerabilities in the CTXSYS Intermedia ...) NOT-FOR-US: Oracle Database CVE-2007-5509 (Unspecified vulnerability in the Spatial component in Oracle Database ...) NOT-FOR-US: Oracle Database CVE-2007-5510 (Multiple unspecified vulnerabilities in the Workspace Manager ...) NOT-FOR-US: Oracle 9i Database Release 2 CVE-2007-5511 (SQL injection vulnerability in Workspace Manager for Oracle Database ...) NOT-FOR-US: Oracle 9i Database Release 2 CVE-2007-5512 (Unspecified vulnerability in the Oracle Database Vault component in ...) NOT-FOR-US: Oracle Database CVE-2007-5513 (The XML DB (XMLDB) component in Oracle Database 9.2.0.8, 9.2.0.8DV, ...) NOT-FOR-US: Oracle Database CVE-2007-5514 (Multiple unspecified vulnerabilities in Oracle Database 10.2.0.3 have ...) NOT-FOR-US: Oracle Database CVE-2007-5515 (Unspecified vulnerability in the Spatial component in Oracle Database ...) NOT-FOR-US: Oracle Database CVE-2007-5516 (Unspecified vulnerability in the Oracle Process Mgmt & Notification ...) NOT-FOR-US: Oracle Application Server CVE-2007-5517 (Unspecified vulnerability in the Oracle Portal component in Oracle ...) NOT-FOR-US: Oracle Application Server CVE-2007-5518 (Unspecified vulnerability in the Oracle HTTP Server component in ...) NOT-FOR-US: Oracle Application Server CVE-2007-5519 (Unspecified vulnerability in the Oracle Portal component in Oracle ...) NOT-FOR-US: Oracle Application Server CVE-2007-5520 (Unspecified vulnerability in the Oracle Internet Directory component ...) NOT-FOR-US: Oracle Database CVE-2007-5521 (Unspecified vulnerability in the Oracle Containers for J2EE component ...) NOT-FOR-US: Oracle Application Server CVE-2007-5522 (Unspecified vulnerability in the Oracle Portal component in Oracle ...) NOT-FOR-US: Oracle Application Server CVE-2007-5523 (Unspecified vulnerability in the Oracle Internet Directory component ...) NOT-FOR-US: Oracle Application Server CVE-2007-5524 (Unspecified vulnerability in the Oracle Single Sign-On component in ...) NOT-FOR-US: Oracle Application Server CVE-2007-5525 (Unspecified vulnerability in the Oracle Single Sign-On component in ...) NOT-FOR-US: Oracle Application Server CVE-2007-5526 (Unspecified vulnerability in the Oracle Portal component in Oracle ...) NOT-FOR-US: Oracle Application Server CVE-2007-5527 (Multiple unspecified vulnerabilities in Oracle E-Business Suite ...) NOT-FOR-US: Oracle E Business Suite and Applications CVE-2007-5528 (Multiple unspecified vulnerabilities in Oracle E-Business Suite 12.0.2 ...) NOT-FOR-US: Oracle E Business Suite and Applications CVE-2007-5529 (Unspecified vulnerability in the Oracle Self-Service Web Applications ...) NOT-FOR-US: Oracle E Business Suite and Applications CVE-2007-5530 (Unspecified vulnerability in the Database Control component in Oracle ...) NOT-FOR-US: Oracle Database CVE-2007-5531 (Unspecified vulnerability in Oracle Help for Web, as used in Oracle ...) NOT-FOR-US: Oracle Database CVE-2007-5532 (Unspecified vulnerability in the People Tools component in Oracle ...) NOT-FOR-US: Oracle PeopleSoft Enterprise CVE-2007-5533 (Unspecified vulnerability in the People Tools component in Oracle ...) NOT-FOR-US: Oracle PeopleSoft Enterprise CVE-2007-5534 (Unspecified vulnerability in the HCM component in Oracle PeopleSoft ...) NOT-FOR-US: Oracle PeopleSoft Enterprise CVE-2007-5535 (Unspecified vulnerability in newbb_plus in RunCms 1.5.2 has unknown ...) NOT-FOR-US: RunCMS CVE-2007-5536 (Unspecified vulnerability in OpenSSL before A.00.09.07l on HP-UX ...) NOT-FOR-US: HP-UX CVE-2007-5537 (Cisco Unified Communications Manager (CUCM, formerly CallManager) 5.1 ...) NOT-FOR-US: Cisco Unified Communications Manager CVE-2007-5538 (Buffer overflow in the Centralized TFTP File Locator Service in Cisco ...) NOT-FOR-US: Cisco Unified Communications Manager CVE-2007-5539 (Unspecified vulnerability in Cisco Unified Intelligent Contact ...) NOT-FOR-US: Cisco System Unified Contact Center Enterprise CVE-2007-5540 (Unspecified vulnerability in Opera before 9.24 allows remote attackers ...) BUG: 196164 CVE-2007-5541 (Unspecified vulnerability in Opera before 9.24, when using an ...) BUG: 196164 CVE-2007-5542 (Stack-based buffer overflow in Miranda IM 0.6.8 allows remote ...) NOT-FOR-US: miranda im miranda_im CVE-2007-5543 (Stack-based buffer overflow in Miranda IM 0.6.8 and 0.7.0 allows ...) NOT-FOR-US: miranda im miranda_im CVE-2007-5544 (IBM Lotus Notes before 6.5.6, and 7.x before 7.0.3; and Domino before ...) NOT-FOR-US: Lotus Notes CVE-2007-5545 (Format string vulnerability in TIBCO SmartPGM FX allows remote ...) NOT-FOR-US: Tibco Smart PGM FX CVE-2007-5546 (Multiple stack-based buffer overflows in TIBCO SmartPGM FX allow ...) NOT-FOR-US: Tibco Smart PGM FX CVE-2007-5547 (Cross-site scripting (XSS) vulnerability in Cisco IOS allows remote ...) NOT-FOR-US: Cisco IOS CVE-2007-5548 (Multiple stack-based buffer overflows in Command EXEC in Cisco IOS ...) NOT-FOR-US: Cisco IOS CVE-2007-5549 (Unspecified vulnerability in Command EXEC in Cisco IOS allows local ...) NOT-FOR-US: Cisco IOS CVE-2007-5550 (Unspecified vulnerability in Cisco IOS allows remote attackers to ...) NOT-FOR-US: Cisco IOS CVE-2007-5551 (Off-by-one error in Cisco IOS allows remote attackers to execute ...) NOT-FOR-US: Cisco IOS CVE-2007-5552 (Integer overflow in Cisco IOS allows remote attackers to execute ...) NOT-FOR-US: Cisco IOS CVE-2007-5553 REJECTED NOT-FOR-US: Tibco Rendezvous CVE-2007-5554 (Oracle allows remote attackers to obtain server memory contents via ...) NOT-FOR-US: Oracle CVE-2007-5555 (Unspecified vulnerability in Symantec Altiris Deployment Solution ...) NOT-FOR-US: Symantec Altiris Deployment Solution CVE-2007-5556 (Unspecified vulnerability in the Avaya VoIP Handset allows remote ...) NOT-FOR-US: Avaya VoIP Handset CVE-2007-5557 (Unspecified vulnerability in the NEC mobile handset allows remote ...) NOT-FOR-US: NEC Mobile Handset CVE-2007-5558 (Integer overflow in the LG Mobile handset allows remote attackers to ...) NOT-FOR-US: LG Electronics LG mobile handset CVE-2007-5559 (Heap-based buffer overflow in the IBM ThinkVantage TPM Service allows ...) NOT-FOR-US: IBM ThinkVantage TPM CVE-2007-5560 (Heap-based buffer overflow in the Juniper HTTP Service allows remote ...) NOT-FOR-US: Juniper HTTP Service CVE-2007-5561 (Format string vulnerability in the logging function in the Oracle OPMN ...) NOT-FOR-US: Oracle Enterprise Grid Console Server CVE-2007-5562 (Cross-site scripting (XSS) vulnerability in cgi-bin/welcome (aka the ...) NOT-FOR-US: NetGear SSL312 CVE-2007-5563 (Unspecified vulnerability in VirtueMart before 1.0.13 allows remote ...) NOT-FOR-US: VirtueMart Virtuemart CVE-2007-5564 (Multiple cross-site scripting (XSS) vulnerabilities in NSSboard ...) NOT-FOR-US: Simple PHP Forum CVE-2007-5565 (** DISPUTED ** ...) NOT-FOR-US: phpSCMS CVE-2007-5566 (** DISPUTED ** ...) NOT-FOR-US: PHPBlog CVE-2007-5567 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: galmeta post CVE-2007-5568 (Cisco PIX and ASA appliances with 7.0 through 8.0 software, and Cisco ...) NOT-FOR-US: Cisco PIX_ASA CVE-2007-5569 (Cisco PIX and ASA appliances with 7.1 and 7.2 software, when ...) NOT-FOR-US: Cisco PIX_ASA CVE-2007-5570 (Cisco Firewall Services Module (FWSM) 3.2(1), and 3.1(5) and earlier, ...) NOT-FOR-US: Cisco FWSM CVE-2007-5571 (Cisco Firewall Services Module (FWSM) 3.1(6), and 3.2(2) and earlier, ...) NOT-FOR-US: Cisco FWSM CVE-2007-5572 (Multiple cross-site request forgery (CSRF) vulnerabilities in Simple ...) NOT-FOR-US: SPHPBlog sphpBlog CVE-2007-5573 (PHP remote file inclusion vulnerability in classes/core/language.php ...) NOT-FOR-US: LimeSurvey CVE-2007-5574 (PHP remote file inclusion vulnerability in djpage.php in PHPDJ 0.5 ...) NOT-FOR-US: PHPDJ CVE-2007-5575 (Cross-site request forgery (CSRF) vulnerability in 1024 CMS 1.2.5 ...) NOT-FOR-US: Treble Designs 1024 CMS CVE-2007-5576 (BEA Tuxedo 8.0 before RP392 and 8.1 before RP293, and WebLogic ...) NOT-FOR-US: BEA Systems WebLogic Workshop CVE-2007-5577 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before ...) NOTE: Fixed in 1.0.13, which is in the tree. CVE-2007-5578 (Basic Analysis and Security Engine (BASE) before 1.3.8 sends a ...) NOT-FOR-US: secureideas Basic Analysis and Security Engine CVE-2007-5579 (login.php in Pligg CMS 9.5 uses a guessable confirmation code when ...) NOT-FOR-US: Pligg CVE-2007-5580 (Buffer overflow in a certain driver in Cisco Security Agent 4.5.1 ...) NOT-FOR-US: Cisco CVE-2007-5581 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: Cisco Unified MeetingPlace CVE-2007-5582 (Cross-site scripting (XSS) vulnerability in the login page in Cisco ...) NOT-FOR-US: Cisco CVE-2007-5583 (Cisco IP Phone 7940 with firmware P0S3-08-7-00 allows remote attackers ...) NOT-FOR-US: Cisco CVE-2007-5584 (Unspecified vulnerability in Cisco Firewall Services Module (FWSM) ...) NOT-FOR-US: Cisco FWSM CVE-2007-5585 (xscreensaver 5.03 and earlier, when running without ...) NOTE: USE=opengl installs this file. BUG: 196980 CVE-2007-5586 REJECTED NOT-FOR-US: Microsoft Windows CVE-2007-5587 (Buffer overflow in Macrovision SafeDisc secdrv.sys before 4.3.86.0, as ...) NOT-FOR-US: Macrovision SafeDisc CVE-2007-5588 (Cross-site scripting (XSS) vulnerability in mnoGoSearch before 3.2.43 ...) NOT-FOR-US: mnoGoSearch CVE-2007-5589 (Muliple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...) BUG: 196237 CVE-2007-5590 (Multiple buffer overflows in Miranda before 0.7.1 allow remote ...) NOT-FOR-US: Miranda CVE-2007-5591 (The CS1000 signaling server in Nortel Enterprise VoIP-Core-CS 1000M ...) NOT-FOR-US: Nortel VoIP-Core-CS 1000M CVE-2007-5592 (Multiple PHP remote file inclusion vulnerabilities in awzMB 4.2 beta 1 ...) NOT-FOR-US: awzMB CVE-2007-5593 (install.php in Drupal 5.x before 5.3, when the configured database ...) BUG: 196116 CVE-2007-5594 (Drupal 5.x before 5.3 does not apply its Drupal Forms API protection ...) BUG: 196116 CVE-2007-5595 (CRLF injection vulnerability in the drupal_goto function in ...) BUG: 196116 CVE-2007-5596 (The core Upload module in Drupal 4.7.x before 4.7.8 and 5.x before 5.3 ...) BUG: 196116 CVE-2007-5597 (The hook_comments API in Drupal 4.7.x before 4.7.8 and 5.x before 5.3 ...) BUG: 196116 CVE-2007-5598 (Cross-site scripting (XSS) vulnerability in Weblinks for Drupal 4.7.x ...) NOTE: Third-party module. CVE-2007-5599 (Multiple PHP remote file inclusion vulnerabilities in awrate 1.0 allow ...) NOT-FOR-US: awrate CVE-2007-5600 (Incomplete blacklist vulnerability in index.php in Artmedic CMS 3.4 ...) NOT-FOR-US: Artmedic CVE-2007-5601 (Stack-based buffer overflow in the Database Component in MPAMedia.dll ...) NOTE: Only affects Windows versions of RealPlayer CVE-2007-5602 (Multiple stack-based buffer overflows in SwiftView Viewer before ...) NOT-FOR-US: SwiftView Viewer CVE-2007-5603 (Stack-based buffer overflow in the SonicWall SSL-VPN NetExtender ...) NOT-FOR-US: SonicWall SSL VPN CVE-2007-5604 (Buffer overflow in the ExtractCab function in the ...) NOT-FOR-US: HP Instant Support CVE-2007-5605 (Buffer overflow in the GetFileTime function in the ...) NOT-FOR-US: HP Instant Support CVE-2007-5606 (Buffer overflow in the MoveFile function in the ...) NOT-FOR-US: HP Instant Support CVE-2007-5607 (Buffer overflow in the RegistryString function in the ...) NOT-FOR-US: HP Instant Support CVE-2007-5608 (The DownloadFile function in the HPISDataManagerLib.Datamgr ActiveX ...) NOT-FOR-US: HP Instant Support CVE-2007-5609 RESERVED CVE-2007-5610 (The DeleteSingleFile function in the HPISDataManagerLib.Datamgr ...) NOT-FOR-US: HP Instant Support CVE-2007-5611 RESERVED CVE-2007-5612 (CIM Server in IBM Director 5.20.1 and earlier allows remote attackers ...) NOT-FOR-US: IBM Director CVE-2007-5613 (Cross-site scripting (XSS) vulnerability in Dump Servlet in Mortbay ...) BUG: 201437 CVE-2007-5614 (Mortbay Jetty before 6.1.6rc1 does not properly handle "certain quote ...) BUG: 201437 CVE-2007-5615 (CRLF injection vulnerability in Mortbay Jetty before 6.1.6rc0 allows ...) BUG: 201437 CVE-2007-5616 (ssh-signer in SSH Tectia Client and Server 5.x before 5.2.4, and 5.3.x ...) NOT-FOR-US: SSH Tectia Client and Server CVE-2007-5617 (Unspecified vulnerability in VMware Player 1.0.x before 1.0.5 and 2.0 ...) BUG: 193196 CVE-2007-5618 (Unquoted Windows search path in the Authorization and other services ...) BUG: 193196 CVE-2007-5619 (Unspecified vulnerability in VMware Server before 1.0.4 causes user ...) BUG: 193196 CVE-2007-5620 (Directory traversal vulnerability in admin/inc/help.php in ...) NOT-FOR-US: zehnet ZZ FlashChat CVE-2007-5621 (Multiple cross-site scripting (XSS) vulnerabilities in the Token ...) NOTE: We don't ship this module. CVE-2007-5622 (Double free vulnerability in the ftpprchild function in ftppr in ...) BUG: 196772 CVE-2007-5623 (Buffer overflow in the check_snmp function in Nagios Plugins ...) BUG: 196308 CVE-2007-5624 (Cross-site scripting (XSS) vulnerability in Nagios 2.x before 2.10 ...) BUG: 196732 CVE-2007-5625 (Cross-site scripting (XSS) vulnerability in filename.asp in ASP Site ...) NOT-FOR-US: SearchSimon CVE-2007-5626 (make_catalog_backup in Bacula 2.2.5, and probably earlier, sends a ...) BUG: 196834 CVE-2007-5627 (PHP remote file inclusion vulnerability in content/fnc-readmail3.php ...) NOT-FOR-US: SocketMail CVE-2007-5628 (PHP remote file inclusion vulnerability in src/scripture.php in The ...) NOT-FOR-US: TOWeLS CVE-2007-5629 (Cross-site scripting (XSS) vulnerability in admin/logon.asp in ...) NOT-FOR-US: ShoppingTree CVE-2007-5630 (SQL injection vulnerability in tnews.php in BBsProcesS BBPortalS ...) NOT-FOR-US: BBsProcesS CVE-2007-5631 (Multiple PHP remote file inclusion vulnerabilities in PeopleAggregator ...) NOT-FOR-US: PeopleAggregator CVE-2007-5632 (Multiple unspecified vulnerabilities in the kernel in Sun Solaris 8 ...) NOT-FOR-US: Sun Solaris CVE-2007-5633 (Speedfan.sys in Alfredo Milani Comparetti SpeedFan 4.33, when used on ...) NOT-FOR-US: SpeedFan CVE-2007-5634 (Speedfan.sys in Alfredo Milani Comparetti SpeedFan 4.33, when used on ...) NOT-FOR-US: SpeedFan CVE-2007-5635 (Multiple unspecified vulnerabilities in Salford Software Support ...) NOT-FOR-US: Salford Software Support Incident CVE-2007-5636 (Buffer overflow in the Nortel UNIStim IP Softphone 2050 allows remote ...) NOT-FOR-US: Nortel UNIStim IP Softphone CVE-2007-5637 (The Nortel UNIStim IP Softphone 2050, IP Phone 1140E, and additional ...) NOT-FOR-US: Nortel UNIStim IP Softphone CVE-2007-5638 (The Nortel UNIStim IP Softphone 2050, IP Phone 1140E, and additional ...) NOT-FOR-US: Nortel UNIStim IP Softphone CVE-2007-5639 (The Nortel UNIStim IP Softphone 2050, IP Phone 1140E, and other Nortel ...) NOT-FOR-US: Nortel UNIStim IP Softphone CVE-2007-5640 (The Nortel UNIStim IP Softphone 2050, IP Phone 1140E, and additional ...) NOT-FOR-US: Nortel UNIStim IP Softphone CVE-2007-5641 (Multiple PHP remote file inclusion vulnerabilities in PHP Project ...) NOT-FOR-US: PHP Project Management CVE-2007-5642 (Multiple directory traversal vulnerabilities in PHP Project Management ...) NOT-FOR-US: PHP Project Management CVE-2007-5643 (Multiple SQL injection vulnerabilities in Lussumo Vanilla 1.1.3 and ...) NOT-FOR-US: Vanilla CVE-2007-5644 (Lussumo Vanilla 1.1.3 and earlier does not require admin privileges ...) NOT-FOR-US: Vanilla CVE-2007-5645 REJECTED NOT-FOR-US: dup CVE-2006-5645 CVE-2007-5646 (SQL injection vulnerability in Sources/Search.php in Simple Machines ...) NOT-FOR-US: SMF CVE-2007-5647 (Multiple cross-site scripting (XSS) vulnerabilities in SocketKB 1.1.5 ...) NOT-FOR-US: SocketKB CVE-2007-5648 (Multiple cross-site scripting (XSS) vulnerabilities in rnote.php in ...) NOT-FOR-US: rNote CVE-2007-5649 (Cross-site scripting (XSS) vulnerability in lostpwd.php in Creative ...) NOT-FOR-US: SocketMail CVE-2007-5650 (Directory traversal vulnerability in system.php in ReloadCMS 1.2.7 ...) NOT-FOR-US: ReloadCMS CVE-2007-5651 (Unspecified vulnerability in the Extensible Authentication Protocol ...) NOT-FOR-US: Cisco IOS CVE-2007-5652 (IBM DB2 UDB 9.1 before Fixpak 4 does not properly manage storage of a ...) NOT-FOR-US: IBM DB2 CVE-2007-5653 (The Component Object Model (COM) functions in PHP 5.x on Windows do ...) NOTE: Only affects PHP on Windows CVE-2007-5654 (LiteSpeed Web Server before 3.2.4 allows remote attackers to trigger ...) NOT-FOR-US: LiteSpeed CVE-2007-5655 (TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, ...) NOT-FOR-US: TIBCO CVE-2007-5656 (TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, ...) NOT-FOR-US: TIBCO CVE-2007-5657 (TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, ...) NOT-FOR-US: TIBCO CVE-2007-5658 (Heap-based buffer overflow in TIBCO SmartSockets RTserver 6.8.0 and ...) NOT-FOR-US: TIBCO CVE-2007-5659 (Multiple buffer overflows in Adobe Reader and Acrobat 8.1.1 and ...) BUG: 170177 CVE-2007-5660 (Unspecified vulnerability in the Update Service ActiveX control in ...) NOT-FOR-US: MacroVision FLEXnet Connect CVE-2007-5661 (The Macrovision InstallShield InstallScript One-Click Install (OCI) ...) NOT-FOR-US: Macrovision InstallShield CVE-2007-5662 RESERVED CVE-2007-5663 (Adobe Reader and Acrobat 8.1.1 and earlier allows remote attackers to ...) BUG: 170177 CVE-2007-5664 (db2dasrrm in the DB2 Administration Server (DAS) in IBM DB2 Universal ...) NOT-FOR-US: IBM DB2 Universal Database CVE-2007-5665 (STEngine.exe 3.5.0.20 in Novell ZENworks Endpoint Security Management ...) NOT-FOR-US: Novell ZENworks Endpoint Security Management CVE-2007-5666 (Untrusted search path vulnerability in Adobe Reader and Acrobat 8.1.1 ...) BUG: 170177 CVE-2007-5667 (NWFILTER.SYS in Novell Client 4.91 SP 1 through SP 4 for Windows 2000, ...) NOT-FOR-US: Novell Client CVE-2007-5668 RESERVED CVE-2007-5669 RESERVED CVE-2007-5670 REJECTED CVE-2007-5671 (HGFS.sys in the VMware Tools package in VMware Workstation 5.x before ...) BUG: 224637 CVE-2007-5672 RESERVED CVE-2007-5673 (Cross-site scripting (XSS) vulnerability in cgi-bin/webif.exe in ifnet ...) NOT-FOR-US: ifnet Webif CVE-2007-5674 (Directory traversal vulnerability in index.php in InstaGuide Weather ...) NOT-FOR-US: instaguide weather CVE-2007-5675 (Stack-based buffer overflow in the DebugPrint function in MultiXTpm ...) NOT-FOR-US: MultiXTpm Application Server CVE-2007-5676 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: PHP Nuke Platinum CVE-2007-5677 (Cross-site scripting (XSS) vulnerability in shoutbox/blocco.php in ...) NOT-FOR-US: Hackish CVE-2007-5678 (SQL injection vulnerability in the Music module in phpBasic allows ...) NOT-FOR-US: phpBasic CVE-2007-5679 (SQL injection vulnerability in index.php in DeeEmm.com DM CMS ...) NOT-FOR-US: deeemm DMCMS CVE-2007-5680 RESERVED CVE-2007-5681 RESERVED CVE-2007-5682 (Incomplete blacklist vulnerability in tiki-graph_formula.php in ...) BUG: 195503 CVE-2007-5683 (Multiple cross-site scripting (XSS) vulnerabilities in TikiWiki ...) BUG: 195503 CVE-2007-5684 (Multiple directory traversal vulnerabilities in TikiWiki 1.9.8.1 and ...) BUG: 195503 CVE-2007-5685 (The safe_path function in shttp before 0.0.5 allows remote attackers ...) NOT-FOR-US: shttp CVE-2007-5686 (initscripts in rPath Linux 1 sets insecure permissions for the ...) NOT-FOR-US: rPath CVE-2007-5687 (Multiple buffer overflows in the rich text processing functionality in ...) NOT-FOR-US: rich CVE-2007-5688 (Multiple SQL injection vulnerabilities in directory.php in the ...) NOT-FOR-US: Multi Host Forum Pro CVE-2007-5689 (The Java Virtual Machine (JVM) in Sun Java Runtime Environment (JRE) ...) BUG: 194711 CVE-2007-5690 (** DISPUTED ** ...) NOTE: Asterisk 1.4 CVE-2007-5691 (ParseFTPList.cpp in Mozilla Firefox 2.0.0.7 allows remote FTP servers ...) NOTE: Client-side crash is not a security issue. CVE-2007-5692 (Multiple cross-site scripting (XSS) vulnerabilities in SiteBar 3.3.8 ...) BUG: 195810 CVE-2007-5693 (Eval injection vulnerability in the translation module ...) BUG: 195810 CVE-2007-5694 (Absolute path traversal vulnerability in the translation module ...) BUG: 195810 CVE-2007-5695 (Open redirect vulnerability in command.php in SiteBar 3.3.8 allows ...) BUG: 195810 CVE-2007-5696 (PHP remote file inclusion vulnerability in includes.php in phpBasic ...) NOT-FOR-US: phpBasic CVE-2007-5697 (Multiple PHP remote file inclusion vulnerabilities in PHP Image 1.2 ...) NOT-FOR-US: PHP Image CVE-2007-5698 (Cross-site scripting (XSS) vulnerability in default.asp in CREApark ...) NOT-FOR-US: CREApark GOLD KOY PORTALI CVE-2007-5699 (Stack-based buffer overflow in eIQNetworks Enterprise Security ...) NOT-FOR-US: eIQNetworks Enterprise Security Analyzer CVE-2007-5700 (The Evaluate LotusScript method in IBM Lotus Domino before 7.0.3 uses ...) NOT-FOR-US: Lotus Domino CVE-2007-5701 (Incomplete blacklist vulnerability in the Certificate Authority (CA) ...) NOT-FOR-US: Lotus Domino CVE-2007-5702 (Cross-site scripting (XSS) vulnerability in swamp/action/LoginActions ...) NOT-FOR-US: SWAMP CVE-2007-5703 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...) NOT-FOR-US: RSA KEON Registration CVE-2007-5704 (Multiple SQL injection vulnerabilities in CodeWidgets.com Online Event ...) NOT-FOR-US: Online Event Registration Template CVE-2007-5705 (Unspecified vulnerability in the Settings component in the ...) NOT-FOR-US: Jeebles Directory CVE-2007-5706 (Absolute path traversal vulnerability in download.php in Jeebles ...) NOT-FOR-US: Jeebles Directory CVE-2007-5707 (OpenLDAP before 2.3.39 allows remote attackers to cause a denial of ...) BUG: 197446 CVE-2007-5708 (slapo-pcache (overlays/pcache.c) in slapd in OpenLDAP before 2.3.39, ...) BUG: 197446 CVE-2007-5709 (Stack-based buffer overflow in Sony SonicStage CONNECT Player (CP) 4.3 ...) NOT-FOR-US: Sony SonicStage CONNECT Player CVE-2007-5710 (Cross-site scripting (XSS) vulnerability in ...) BUG: 197356 CVE-2007-5711 (Massive Entertainment World in Conflict 1.001 and earlier allows ...) NOT-FOR-US: Massive Entertainment World in Conflict CVE-2007-5712 (The internationalization (i18n) framework in Django 0.91, 0.95, ...) BUG: 197188 CVE-2007-5713 (Off-by-one error in the GeoIP module in the AMX Mod X 1.76d plugin for ...) NOT-FOR-US: Half-Life Server CVE-2007-5714 (The Gentoo ebuild of MLDonkey before 2.9.0-r3 has a p2p user account ...) BUG: 189412 CVE-2007-5715 (DenyHosts 2.6 processes OpenSSH sshd "not listed in AllowUsers" log ...) BUG: 181213 CVE-2007-5716 (Unspecified vulnerability in the Internet Protocol (IP) functionality ...) NOT-FOR-US: Solaris CVE-2007-5717 (Unspecified vulnerability in Sun Fire X2100 M2 and X2200 M2 Embedded ...) NOT-FOR-US: Sun Fire CVE-2007-5718 (vobcopy 0.5.14 allows local users to append data to an arbitrary file, ...) BUG: 197578 CVE-2007-5719 (SQL injection vulnerability in bb_func_search.php in miniBB 2.1 allows ...) NOT-FOR-US: miniBB CVE-2007-5720 (Unrestricted file upload vulnerability in the profiles script in ...) NOT-FOR-US: ProfileCMS CVE-2007-5721 (PHP remote file inclusion vulnerability in _theme/breadcrumb.php in ...) NOT-FOR-US: MySpacePros CVE-2007-5722 (Stack-based buffer overflow in a certain ActiveX control in GLChat.ocx ...) NOT-FOR-US: GlobalLink CVE-2007-5723 (Heap-based buffer overflow in the samp_send function in nuauth/sasl.c ...) BUG: 197576 CVE-2007-5724 (Multiple cross-site scripting (XSS) vulnerabilities in Omnistar Live ...) NOT-FOR-US: Omnistar CVE-2007-5725 (Multiple cross-site scripting (XSS) vulnerabilities in Smart-Shop ...) NOT-FOR-US: Smart-Shop CVE-2007-5726 (Unspecified vulnerability in the Stream Control Transmission Protocol ...) NOT-FOR-US: Sun Solaris 10 CVE-2007-5727 (Incomplete blacklist vulnerability in the stripScripts function in ...) NOT-FOR-US: Helpdesk CVE-2007-5728 (Cross-site scripting (XSS) vulnerability in phpPgAdmin 3.5 to 4.1.1, ...) BUG: 197575 CVE-2007-5729 (The NE2000 emulator in QEMU 0.8.2 allows local users to execute ...) BUG: 176674 NOTE: fixed before. CVE-2007-5730 (Heap-based buffer overflow in QEMU 0.8.2, as used in Xen and possibly ...) BUG: 176674 NOTE: fixed before CVE-2007-5731 (Absolute path traversal vulnerability in Apache Jakarta Slide 2.1 and ...) BUG: 197574 CVE-2007-5732 (Directory traversal vulnerability in downloadfile.php in eLouai's ...) NOT-FOR-US: Force Download CVE-2007-5733 (Unrestricted file upload vulnerability in upload/upload.php in ...) NOT-FOR-US: PHP Gallery Hosting CVE-2007-5734 (Unrestricted file upload vulnerability in eFileMan 7.1.0.87-88 allows ...) NOT-FOR-US: eFileMan CVE-2007-5735 (eFileMan 7.1.0.87-88 stores sensitive information under the web root ...) NOT-FOR-US: eFileMan CVE-2007-5736 (Unrestricted file upload vulnerability in upload.php in SeeBlick 1.0 ...) NOT-FOR-US: SeeBlick CVE-2007-5737 (Unrestricted file upload vulnerability in component/upload.jsp in ...) NOT-FOR-US: GHBoard CVE-2007-5738 (The FlashUpload component in Korean GHBoard uses a client-side ...) NOT-FOR-US: GHBoard CVE-2007-5739 (Directory traversal vulnerability in ...) NOT-FOR-US: FlashUpload CVE-2007-5740 (The format string protection mechanism in IMAPD for Perdition Mail ...) BUG: 197679 CVE-2007-5741 (Plone 2.5 through 2.5.4 and 3.0 through 3.0.2 allows remote attackers ...) BUG: 198357 CVE-2007-5742 (Directory traversal vulnerability in the WML engine preprocessor for ...) BUG: 200789 CVE-2007-5743 RESERVED CVE-2007-5744 RESERVED CVE-2007-5745 (Multiple heap-based buffer overflows in OpenOffice.org before 2.4 ...) BUG: 218080 CVE-2007-5746 (Integer overflow in OpenOffice.org before 2.4 allows remote attackers ...) BUG: 218080 CVE-2007-5747 (Integer underflow in OpenOffice.org before 2.4 allows remote attackers ...) BUG: 218080 CVE-2007-5748 RESERVED CVE-2007-5749 RESERVED CVE-2007-5750 RESERVED CVE-2007-5751 (Liferea before 1.4.6 uses weak permissions (0644) for the ...) BUG: 197701 CVE-2007-5752 (adduser.php in PHP-AGTC Membership (AGTC-Membership) System 1.1a does ...) NOT-FOR-US: PHP AGTC CVE-2007-5753 (Unspecified vulnerability in Light FMan PHP (lfman or lightfman) ...) NOT-FOR-US: lfman CVE-2007-5754 (PHP remote file inclusion vulnerability in urlinn_includes/config.php ...) NOT-FOR-US: phpFaber CVE-2007-5755 (Multiple stack-based buffer overflows in the AOL AmpX ActiveX control ...) NOT-FOR-US: AOL Radio CVE-2007-5756 (Multiple array index errors in the bpf_filter_init function in NPF.SYS ...) NOT-FOR-US: WinPcap CVE-2007-5757 (Untrusted search path vulnerability in db2pd in IBM DB2 Universal ...) NOT-FOR-US: IBM DB2 Universal Database CVE-2007-5758 (Stack-based buffer overflow in db2dasrrm in the DB2 Administration ...) NOT-FOR-US: IBM DB2 Universal Database CVE-2007-5759 REJECTED CVE-2007-5760 (Array index error in the XFree86-Misc extension in X.Org Xserver ...) BUG: 206633 CVE-2007-5761 (The NantSys device 5.0.0.115 in Motorola netOctopus 5.1.2 build 1011 ...) NOT-FOR-US: Motorola netOctopus CVE-2007-5762 (NICM.SYS driver 3.0.0.4, as used in Novell NetWare Client 4.91 SP4, ...) NOT-FOR-US: Novell CVE-2007-5763 REJECTED CVE-2007-5764 (Buffer overflow in the pioout program in printers.rte in IBM AIX 5.2, ...) NOT-FOR-US: IBM AIX CVE-2007-5765 RESERVED CVE-2007-5766 (SQL injection vulnerability in okxLOV.jsp in Oracle E-Business Suite ...) NOT-FOR-US: Oracle CVE-2007-5767 (Heap-based buffer overflow in the Client Trust application ...) NOT-FOR-US: Novell BorderManager CVE-2007-5768 (The Globe7 soft phone client 7.3 sends username and password ...) NOT-FOR-US: Globe7 soft phone CVE-2007-5769 (Double free vulnerability in the getreply function in ftp.c in netkit ...) BUG: 199206 CVE-2007-5770 (The (1) Net::ftptls, (2) Net::telnets, (3) Net::imap, (4) Net::pop, ...) BUG: 199191 CVE-2007-5771 (Flatnuke 3 (aka FlatnuX) allows remote attackers to obtain ...) NOT-FOR-US: Flatnuke CVE-2007-5772 (Direct static code injection vulnerability in the download module in ...) NOT-FOR-US: Flatnuke CVE-2007-5773 (Cross-site request forgery (CSRF) vulnerability in index.php in the ...) NOT-FOR-US: Flatnuke CVE-2007-5774 (index.php in the File Manager module in Flatnuke 3 allows remote ...) NOT-FOR-US: Flatnuke CVE-2007-5775 (Unspecified vulnerability in BitDefender allows attackers to execute ...) NOTE: Windows only according to advisory. CVE-2007-5776 (Directory traversal vulnerability in igallery.asp in Blue-Collar ...) NOT-FOR-US: i-Gallery CVE-2007-5777 (Blue-Collar Productions i-Gallery 3.4 stores sensitive information ...) NOT-FOR-US: i-Gallery CVE-2007-5778 (Mobile Spy (1) stores login credentials in cleartext under the ...) NOT-FOR-US: Mobile Spy CVE-2007-5779 (Buffer overflow in the GomManager (GomWeb Control) ActiveX control in ...) NOT-FOR-US: GomManager CVE-2007-5780 (PHP remote file inclusion vulnerability in pub/pub08_comments.php in ...) NOT-FOR-US: teatro CVE-2007-5781 (PHP remote file inclusion vulnerability in inc/sige_init.php in Sige ...) NOT-FOR-US: Sige CVE-2007-5782 (Directory traversal vulnerability in dl.php in FireConfig 0.5 allows ...) NOT-FOR-US: FireConfig CVE-2007-5783 (SQL injection vulnerability in emc.asp in emagiC CMS.Net 4.0 allows ...) NOT-FOR-US: emagiC CVE-2007-5784 (PHP remote file inclusion vulnerability in index.php in CaupoShop Pro ...) NOT-FOR-US: CaupoShop CVE-2007-5785 (SQL injection vulnerability in file.php in JobSite Professional 2.0 ...) NOT-FOR-US: JobSite CVE-2007-5786 (Multiple PHP remote file inclusion vulnerabilities in GoSamba 1.0.1 ...) NOT-FOR-US: GoSamba CVE-2007-5787 (Micro Login System 1.0 stores sensitive information under the web root ...) NOT-FOR-US: Micro Login System CVE-2007-5788 (Buffer overflow in the SIP parser on the Grandstream HT-488 0.1 allows ...) NOT-FOR-US: Grandstream HT-488 CVE-2007-5789 (The Grandstream HT-488 0.1 allows remote attackers to cause a denial ...) NOT-FOR-US: Grandstream HT-488 CVE-2007-5790 (The Globe7 soft phone client 7.3 uses weak cryptography (reversed ...) NOT-FOR-US: Globe7 soft phone client CVE-2007-5791 (The Vonage Motorola Phone Adapter VT 2142-VD does not properly verify ...) NOT-FOR-US: Motorola Phone Adapter CVE-2007-5792 (The Vonage Motorola Phone Adapter VT 2142-VD does not encrypt RTP ...) NOT-FOR-US: Motorola Phone Adapter CVE-2007-5793 (Stonesoft StoneGate IPS before 4.0 does not properly decode ...) NOT-FOR-US: StoneGate CVE-2007-5794 (Race condition in nss_ldap, when used in applications that are linked ...) BUG: 198390 CVE-2007-5795 (The hack-local-variables function in Emacs before 22.2, when ...) BUG: 197958 CVE-2007-5796 (Cross-site scripting (XSS) vulnerability in the management console in ...) NOT-FOR-US: ProxySG CVE-2007-5797 (SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an ...) NOT-FOR-US: Apache Geronimo CVE-2007-5798 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: UDDI user console in IBM WebSphere CVE-2007-5799 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...) NOT-FOR-US: UDDI user console in IBM WebSphere CVE-2007-5800 (Multiple PHP remote file inclusion vulnerabilities in the ...) NOT-FOR-US: BackUpWordPress CVE-2007-5801 (Unspecified vulnerability in WORK system e-commerce before 4.0.2 has ...) NOT-FOR-US: WORK CVE-2007-5802 (Directory traversal vulnerability in index.php in Firewolf ...) NOT-FOR-US: Synergiser CVE-2007-5803 (Multiple cross-site scripting (XSS) vulnerabilities in CGI programs in ...) BUG: 208398 CVE-2007-5804 (cfgcon in IBM AIX 5.2 and 5.3 does not properly validate the argument ...) NOT-FOR-US: IBM AIX CVE-2007-5805 (cfgcon in IBM AIX 5.2 and 5.3 does not properly validate the argument ...) NOT-FOR-US: IBM AIX CVE-2007-5806 (Cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: ILIAS CVE-2007-5807 (Buffer overflow in the register function in Ultra Star Reader ActiveX ...) NOT-FOR-US: ssreader Ultra Star Reader CVE-2007-5808 (Unspecified vulnerability in the Groupmax Collaboration - Schedule ...) NOT-FOR-US: Hitachi uCosminexus Collaboration Portal CVE-2007-5809 (Cross-site scripting (XSS) vulnerability in Hitachi Web Server 01-00 ...) NOT-FOR-US: Hitachi CVE-2007-5810 (Hitachi Web Server 01-00 through 03-00-01, as used by certain ...) NOT-FOR-US: Hitachi Web Server CVE-2007-5811 (** DISPUTED ** ...) NOT-FOR-US: phpMyConferences CVE-2007-5812 (Directory traversal vulnerability in ...) NOT-FOR-US: ModuleBuilder CVE-2007-5813 (Multiple directory traversal vulnerabilities in download.php in ...) NOT-FOR-US: ISPworker CVE-2007-5814 (Multiple buffer overflows in the SonicWall SSL-VPN NetExtender ...) NOT-FOR-US: SonicWall SSL VPN CVE-2007-5815 (Absolute path traversal vulnerability in the WebCacheCleaner ActiveX ...) NOT-FOR-US: SonicWall SSL VPN CVE-2007-5816 (dialog.php in CONTENTCustomizer 3.1mp and earlier allows remote ...) NOT-FOR-US: CONTENTCustomizer CVE-2007-5817 (dialog.php in CONTENTCustomizer 3.1mp and earlier allows remote ...) NOT-FOR-US: CONTENTCustomizer CVE-2007-5818 (Cross-site request forgery (CSRF) vulnerability in blocks_edit_do.php ...) NOT-FOR-US: sBLOG sBlog CVE-2007-5819 (IBM Tivoli Continuous Data Protection for Files (CDP) 3.1.0 uses weak ...) NOT-FOR-US: IBM Tivoli Continuous Data Protection for Files CVE-2007-5820 (Directory traversal vulnerability in index.php in Ax Developer CMS ...) NOT-FOR-US: Ax Developer CMS CVE-2007-5821 (Multiple directory traversal vulnerabilities in DM Guestbook 0.4.1 and ...) NOT-FOR-US: DM Guestbook CVE-2007-5822 (Direct static code injection vulnerability in forum.php in Ben Ng ...) NOT-FOR-US: Scribe CVE-2007-5823 (Directory traversal vulnerability in forum.php in Ben Ng Scribe 0.2 ...) NOT-FOR-US: Scribe CVE-2007-5824 (webserver.c in mt-dappd in Firefly Media Server 0.2.4 and earlier ...) BUG: 200110 CVE-2007-5825 (Format string vulnerability in the ws_addarg function in webserver.c ...) BUG: 200110 CVE-2007-5826 (Absolute path traversal vulnerability in the EDraw Flowchart ActiveX ...) NOT-FOR-US: EDraw Flowchart ActiveX CVE-2007-5827 (iSCSI Enterprise Target (iscsitarget) 0.4.15 uses weak permissions for ...) BUG: 198209 CVE-2007-5828 (** DISPUTED ** ...) BUG: 198347 CVE-2007-5829 (The Disk Mount scanner in Symantec AntiVirus for Macintosh 9.x and ...) NOT-FOR-US: Symantec Norton Internet Security CVE-2007-5830 (Unspecified vulnerability in the administrative interface in Avaya ...) NOT-FOR-US: Avaya Messaging Storage Server CVE-2007-5831 (Directory traversal vulnerability in fileSystem.do in SSL-Explorer ...) NOT-FOR-US: SSL Explorer CVE-2007-5832 (Unspecified vulnerability in selectLanguage.do in SSL-Explorer before ...) NOT-FOR-US: SSL Explorer CVE-2007-5833 (Multiple cross-site scripting (XSS) vulnerabilities in BosDev ...) NOT-FOR-US: BosDev BosMarket Business Directory System CVE-2007-5834 (Cross-site scripting (XSS) vulnerability in BosDev BosNews 4 allows ...) NOT-FOR-US: BosDev BosNews CVE-2007-5835 (Install.php in BosDev BosNews 4 and 5 does not require authentication ...) NOT-FOR-US: BosDev BosNews CVE-2007-5836 (SQL injection vulnerability in Amazing Flash AFCommerce allows remote ...) NOT-FOR-US: afcommerce AFCommerce CVE-2007-5837 (GUI.pm in yarssr 0.2.2, when Gnome default URL handling is disabled, ...) BUG: 197660 CVE-2007-5838 (Aclient in Symantec Altiris Deployment Solution 6.x before 6.8.380.0 ...) NOT-FOR-US: Altiris CVE-2007-5839 (The e_hostname function in commands.c in BitchX 1.1a allows local ...) BUG: 190667 CVE-2007-5840 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: SyndeoCMS CVE-2007-5841 (PHP remote file inclusion vulnerability in admin/index.php in nuBoard ...) NOT-FOR-US: nuBoard CVE-2007-5842 (Multiple PHP remote file inclusion vulnerabilities in Vortex Portal ...) NOT-FOR-US: Vortex Portal CVE-2007-5843 (PHP remote file inclusion vulnerability in includes/common.php in ...) NOT-FOR-US: scWiki CVE-2007-5844 (Directory traversal vulnerability in inc/includes.inc in GuppY 4.6.3 ...) NOT-FOR-US: GuppY CVE-2007-5845 (Directory traversal vulnerability in error.php in GuppY 4.6.3, 4.5.16, ...) NOT-FOR-US: GuppY CVE-2007-5846 (The SNMP agent (snmp_agent.c) in net-snmp before 5.4.1 allows remote ...) BUG: 198346 CVE-2007-5847 (Race condition in the CFURLWriteDataAndPropertiesToResource API in ...) NOT-FOR-US: Apple Mac OS X CVE-2007-5848 (Buffer overflow in CUPS in Apple Mac OS X 10.4.11 allows local admin ...) NOTE: This only affects CUPS 1.1.23 and prior CVE-2007-5849 (Integer underflow in the asn1_get_string function in the SNMP back end ...) BUG: 201570 CVE-2007-5850 (Heap-based buffer overflow in Desktop Services in Apple Mac OS X ...) NOT-FOR-US: Apple Mac OS X CVE-2007-5851 (iChat in Apple Mac OS X 10.4.11 allows network-adjacent remote ...) NOT-FOR-US: Apple Mac OS X CVE-2007-5852 RESERVED CVE-2007-5853 (Unspecified vulnerability in IO Storage Family in Apple Mac OS X ...) NOT-FOR-US: Apple Mac OS X CVE-2007-5854 (Launch Services in Apple Mac OS X 10.4.11 and 10.5.1 does not treat ...) NOT-FOR-US: Apple Mac OS X CVE-2007-5855 (Mail in Apple Mac OS X 10.4.11 and 10.5.1, when an SMTP account has ...) NOT-FOR-US: Apple Mac OS X CVE-2007-5856 (Quick Look Apple Mac OS X 10.5.1, when previewing an HTML file, does ...) NOT-FOR-US: Apple Mac OS X CVE-2007-5857 (Quick Look in Apple Mac OS X 10.5.1 does not prevent a movie from ...) NOT-FOR-US: Apple Mac OS X CVE-2007-5858 (WebKit in Safari in Apple Mac OS X 10.4.11 and 10.5.1, iPhone 1.0 ...) NOT-FOR-US: Apple Safari CVE-2007-5859 (Unspecified vulnerability in Safari RSS in Apple Mac OS X 10.4.11 ...) NOT-FOR-US: Apple Safari CVE-2007-5860 (Unspecified vulnerability in Spin Tracer in Apple Mac OS X 10.5.1 ...) NOT-FOR-US: Apple Mac OS X CVE-2007-5861 (Unspecified vulnerability in Spotlight in Apple Mac OS X 10.4.11 ...) NOT-FOR-US: Apple Mac OS X CVE-2007-5862 (Java in Mac OS X 10.4 through 10.4.11 allows remote attackers to ...) NOT-FOR-US: Only on Mac OSX CVE-2007-5863 (Software Update in Apple Mac OS X 10.5.1 allows remote attackers to ...) NOT-FOR-US: Apple Mac OS X CVE-2007-5864 RESERVED CVE-2007-5865 RESERVED CVE-2007-5866 RESERVED CVE-2007-5867 RESERVED CVE-2007-5868 RESERVED CVE-2007-5869 RESERVED CVE-2007-5870 RESERVED CVE-2007-5871 RESERVED CVE-2007-5872 RESERVED CVE-2007-5873 RESERVED CVE-2007-5874 RESERVED CVE-2007-5875 RESERVED CVE-2007-5876 RESERVED CVE-2007-5877 RESERVED CVE-2007-5878 RESERVED CVE-2007-5879 RESERVED CVE-2007-5880 RESERVED CVE-2007-5881 RESERVED CVE-2007-5882 RESERVED CVE-2007-5883 RESERVED CVE-2007-5884 RESERVED CVE-2007-5885 RESERVED CVE-2007-5886 RESERVED CVE-2007-5887 (SQL injection vulnerability in boards/printer.asp in ASP Message Board ...) NOT-FOR-US: Infuseum ASP Message Board CVE-2007-5888 (Cross-site scripting (XSS) vulnerability in displayecard.php in ...) BUG: 198400 CVE-2007-5889 (Multiple PHP remote file inclusion vulnerabilities in IDMOS 1.0 Alpha ...) NOT-FOR-US: IDMOS CVE-2007-5890 (Directory traversal vulnerability in index.php in easyGB 2.1.1 allows ...) NOT-FOR-US: easyGB CVE-2007-5891 (Multiple cross-site scripting (XSS) vulnerabilities in jsp/Login.do in ...) NOT-FOR-US: ManageEngine OpManager MSP CVE-2007-5892 (Stack-based buffer overflow in the pdg2.dll ActiveX control in ...) NOT-FOR-US: ssreader Ultra Star Reader CVE-2007-5893 (HTTPSocket.cpp in the C++ Sockets Library before 2.2.5 allows remote ...) NOT-FOR-US: C++ Sockets Library CVE-2007-5894 (** DISPUTED ** ...) BUG: 199205 CVE-2007-5895 RESERVED CVE-2007-5896 (Mozilla Firefox 2.0.0.9 allows remote attackers to cause a denial of ...) NOTE: Local denial of service is a bug. CVE-2007-5897 (Buffer overflow in MDSYS.SDO_CS in Oracle Database Server 8iR3, 9iR1, ...) NOT-FOR-US: Oracle Database Server CVE-2007-5898 (The (1) htmlentities and (2) htmlspecialchars functions in PHP before ...) BUG: 198650 CVE-2007-5899 (The output_add_rewrite_var function in PHP before 5.2.5 rewrites local ...) BUG: 198650 CVE-2007-5900 (PHP before 5.2.5 allows local users to bypass protection mechanisms ...) BUG: 198650 CVE-2007-5901 (Use-after-free vulnerability in the gss_indicate_mechs function in ...) BUG: 199205 CVE-2007-5902 (Integer overflow in the svcauth_gss_get_principal function in ...) BUG: 199205 CVE-2007-5903 RESERVED CVE-2007-5904 (Multiple buffer overflows in CIFS VFS in Linux kernel 2.6.23 and ...) BUG: 198997 CVE-2007-5905 (Adobe ColdFusion 8 and MX 7 allows remote attackers to hijack sessions ...) NOT-FOR-US: which CVE-2007-5906 (Xen 3.1.1 allows virtual guest system users to cause a denial of ...) BUG: 198995 CVE-2007-5907 (Xen 3.1.1 does not prevent modification of the CR4 TSC from ...) BUG: 198995 CVE-2007-5908 REJECTED CVE-2007-5909 (Multiple stack-based buffer overflows in Autonomy (formerly Verity) ...) NOT-FOR-US: Autonomy KeyView Viewer SDK CVE-2007-5910 (Stack-based buffer overflow in Autonomy (formerly Verity) KeyView ...) NOT-FOR-US: Autonomy KeyView Viewer SDK CVE-2007-5911 (Multiple stack-based buffer overflows in the AxMetaStream ActiveX ...) NOT-FOR-US: Viewpoint Media Player CVE-2007-5912 (SQL injection vulnerability in mailer.php in jPORTAL 2 allows remote ...) NOT-FOR-US: JPortal Web Portal CVE-2007-5913 (dirsys/modules/auth.php in JBC Explorer 7.20 RC1 and earlier does not ...) NOT-FOR-US: Jean Charles JBC Explorer CVE-2007-5914 (Direct static code injection vulnerability in ...) NOT-FOR-US: Jean Charles JBC Explorer CVE-2007-5915 (Directory traversal vulnerability in index.php in phphelpdesk 0.6.16 ...) NOT-FOR-US: PHPHelpdesk CVE-2007-5916 (SQL injection vulnerability in the login page in phphelpdesk 0.6.16 ...) NOT-FOR-US: PHPHelpdesk CVE-2007-5917 (Cross-site request forgery (CSRF) vulnerability in ...) NOT-FOR-US: skalinks CVE-2007-5918 (Cross-site request forgery (CSRF) vulnerability in edit.php in the MS ...) NOT-FOR-US: MS Topsites CVE-2007-5919 (MyWebFTP, possibly 5.3.2, stores sensitive information under the web ...) NOT-FOR-US: MyWebFTP CVE-2007-5920 (index.php in Domenico Mancini PicoFlat CMS before 0.4.18 allows remote ...) NOT-FOR-US: PicoFlat CMS CVE-2007-5921 (Unspecified vulnerability in the ioctl interface in the Solaris Volume ...) NOT-FOR-US: Sun Solaris CVE-2007-5922 (The modules/mdop.m in the Cypress 1.0k script for BitchX, as ...) NOT-FOR-US: Cypress CVE-2007-5923 (Cross-site scripting (XSS) vulnerability in forms/smpwservices.fcc in ...) NOT-FOR-US: Computer Associates eTrust SiteMinder CVE-2007-5924 (Cross-site scripting (XSS) vulnerability in the Web Server (HTTP) task ...) NOT-FOR-US: IBM Lotus Domino CVE-2007-5925 (The convert_search_mode_to_innobase function in ha_innodb.cc in the ...) BUG: 198988 CVE-2007-5926 (OpenBase 10.0.5 and earlier allows remote authenticated users to ...) NOT-FOR-US: Openbase International Ltd OpenBase CVE-2007-5927 (Directory traversal vulnerability in OpenBase 10.0.5 and earlier ...) NOT-FOR-US: Openbase International Ltd OpenBase CVE-2007-5928 (OpenBase 10.0.5 and earlier allows remote authenticated users to ...) NOT-FOR-US: Openbase International Ltd OpenBase CVE-2007-5929 (Buffer overflow in OpenBase 10.0.5 and earlier might allow remote ...) NOT-FOR-US: openbase CVE-2007-5930 (Cross-site scripting (XSS) vulnerability in the web interface in ...) NOT-FOR-US: Cerberus FTP Server CVE-2007-5931 (The reDirect function in lib/controllers/RepViewController.php in ...) NOT-FOR-US: OrangeHRM CVE-2007-5932 (Multiple cross-site scripting (XSS) vulnerabilities in Fatwire Content ...) NOT-FOR-US: Fatwire CVE-2007-5933 (Pioneers (formerly gnocatan) before 0.11.3 allows remote attackers to ...) BUG: 198807 CVE-2007-5934 (The LOB functionality in PEAR MDB2 before 2.5.0a1 interprets a request ...) BUG: 198446 CVE-2007-5935 (Stack-based buffer overflow in hpc.c in dvips in teTeX and TeXlive ...) BUG: 198238 CVE-2007-5936 (dvips in teTeX and TeXlive 2007 and earlier allows local users to ...) BUG: 198238 CVE-2007-5937 (Multiple buffer overflows in dvi2xx.c in dviljk in teTeX and TeXlive ...) BUG: 198238 CVE-2007-5938 (The iwl_set_rate function in compatible/iwl3945-base.c in iwlwifi ...) BUG: 199209 CVE-2007-5939 (The gss_userok function in appl/ftp/ftpd/gss_userok.c in Heimdal 0.7.2 ...) BUG: 199207 CVE-2007-5940 (feynmf.pl in feynmf 1.08, as used in TeXLive 2007, allows local users ...) BUG: 198231 CVE-2007-5941 (Stack-based buffer overflow in the SWCtl.SWCtl ActiveX control in ...) NOT-FOR-US: Shockwave CVE-2007-5942 (Bandersnatch 0.4 allows remote attackers to obtain sensitive ...) NOT-FOR-US: Bandersnatch CVE-2007-5943 (Simple Machines Forum (SMF) 1.1.4 allows remote attackers to read a ...) NOT-FOR-US: Simple Machines Forum CVE-2007-5944 (Cross-site scripting (XSS) vulnerability in Servlet Engine / Web ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2007-5945 (USVN before 0.6.5 allows remote attackers to obtain a list of ...) NOT-FOR-US: USVN CVE-2007-5946 (Unspecified vulnerability in the Aries PA-RISC emulator on HP-UX ...) NOT-FOR-US: HP-UX CVE-2007-5947 (The jar protocol handler in Mozilla Firefox before 2.0.0.10 and ...) BUG: 198965 CVE-2007-5948 (Multiple cross-site scripting (XSS) vulnerabilities in main.php in ...) NOT-FOR-US: SF Shoutbox CVE-2007-5949 (Cross-site scripting (XSS) vulnerability in IBM Tivoli Service Desk ...) NOT-FOR-US: IBM Tivoli Service Desk CVE-2007-5950 (Cross-site scripting (XSS) vulnerability in NetCommons before 1.0.11, ...) NOT-FOR-US: NetCommons CVE-2007-5951 (SQL injection vulnerability in articles.php in E-Vendejo 0.2 allows ...) NOT-FOR-US: E Vendejo CVE-2007-5952 (Cross-site scripting (XSS) vulnerability in admin/index.php in Helios ...) NOT-FOR-US: Helios CVE-2007-5953 (Unspecified vulnerability in Really Simple CalDAV Store (RSCDS) before ...) NOT-FOR-US: RSCDS CVE-2007-5954 (Cross-site scripting (XSS) vulnerability in buscador.php in JLMForo ...) NOT-FOR-US: JLMForo CVE-2007-5955 (Cross-site scripting (XSS) vulnerability in updir.php in UPDIR.NET ...) NOT-FOR-US: UPDIR NET CVE-2007-5956 (Directory traversal vulnerability in IBM Informix Dynamic Server (IDS) ...) NOT-FOR-US: IBM CVE-2007-5957 (Unspecified vulnerability in IBM Informix Dynamic Server (IDS) ...) NOT-FOR-US: IBM Informix Dynamic Server CVE-2007-5958 (X.Org Xserver before 1.4.1 allows local users to determine the ...) BUG: 206633 CVE-2007-5959 (Multiple unspecified vulnerabilities in Mozilla Firefox before ...) BUG: 198965 CVE-2007-5960 (Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 sets the ...) BUG: 198965 CVE-2007-5961 (Cross-site scripting (XSS) vulnerability in the Red Hat Network ...) NOT-FOR-US: Red Hat Network CVE-2007-5962 (Memory leak in a certain Red Hat patch, applied to vsftpd 2.0.5 on Red ...) NOTE: Gentoo does not apply this patch. CVE-2007-5963 (Unspecified vulnerability in kdebase allows local users to cause a ...) BUG: 200856 CVE-2007-5964 (The default configuration of autofs 5 in some Linux distributions, ...) NOTE: We're not affected as we do not ship autofs 5 CVE-2007-5965 (QSslSocket in Trolltech Qt 4.3.0 through 4.3.2 does not properly ...) BUG: 201296 CVE-2007-5966 (Integer overflow in the hrtimer_start function in kernel/hrtimer.c in ...) BUG: 202235 CVE-2007-5967 RESERVED CVE-2007-5968 REJECTED CVE-2007-5969 (MySQL Community Server 5.0.x before 5.0.51, Enterprise Server 5.0.x ...) BUG: 201669 CVE-2007-5970 (MySQL 5.1.x before 5.1.23 and 6.0.x before 6.0.4 allows remote ...) NOTE: 5.1* is currently under p.mask CVE-2007-5971 (Double free vulnerability in the gss_krb5int_make_seal_token_v3 ...) BUG: 199205 CVE-2007-5972 (Double free vulnerability in the krb5_def_store_mkey function in ...) BUG: 199205 CVE-2007-5973 (SQL injection vulnerability in articles.php in JPortal 2.3.1 and ...) NOT-FOR-US: JPortal Web Portal CVE-2007-5974 (SQL injection vulnerability in mailer.php in JPortal 2 allows remote ...) NOT-FOR-US: JPortal Web Portal CVE-2007-5975 (SQL injection vulnerability in index.php in TBSource, as used in (1) ...) NOT-FOR-US: TorrentStrike CVE-2007-5976 (SQL injection vulnerability in db_create.php in phpMyAdmin before ...) BUG: 198801 CVE-2007-5977 (Cross-site scripting (XSS) vulnerability in db_create.php in ...) BUG: 198801 CVE-2007-5978 (SQL injection vulnerability in brokenlink.php in the mylinks module ...) NOTE: external module CVE-2007-5979 (Cross-site scripting (XSS) vulnerability in download_plugin.php3 in F5 ...) NOT-FOR-US: F5 Firepass 4100 CVE-2007-5980 (Cross-site scripting (XSS) vulnerability in home/rss.php in eggblog ...) NOT-FOR-US: eggblog CVE-2007-5981 (Lantronix SCS3200 does not properly handle public-key requests, which ...) NOT-FOR-US: Lantronix SCS3200 CVE-2007-5982 (Multiple cross-site scripting (XSS) vulnerabilities in X7 Chat 2.0.4, ...) NOT-FOR-US: X7 Group X7 Chat CVE-2007-5983 (Cross-site scripting (XSS) vulnerability in index.php in Justin ...) NOT-FOR-US: Justin Hagstrom AutoIndex PHP Script CVE-2007-5984 (classes/Url.php in Justin Hagstrom AutoIndex PHP Script before 2.2.4 ...) NOT-FOR-US: Justin Hagstrom AutoIndex PHP Script CVE-2007-5985 (Multiple cross-site scripting (XSS) vulnerabilities in BtiTracker ...) NOT-FOR-US: BTI Tracker CVE-2007-5986 (SQL injection vulnerability in include/functions.php in BtiTracker ...) NOT-FOR-US: BtiTracker CVE-2007-5987 (details.php in BtiTracker before 1.4.5, when torrent viewing is ...) NOT-FOR-US: BtiTracker CVE-2007-5988 (blocks/shoutbox_block.php in BtiTracker 1.4.4 does not verify user ...) NOT-FOR-US: BtiTracker CVE-2007-5989 (Unspecified vulnerability in the skype4com URI handler in Skype before ...) NOT-FOR-US: skype4com CVE-2007-5990 (Cross-site scripting (XSS) vulnerability in ExoPHPdesk allows remote ...) NOT-FOR-US: ExoPHPDesk CVE-2007-5991 (SQL injection vulnerability in index.php in ExoPHPdesk allows remote ...) NOT-FOR-US: ExoPHPDesk CVE-2007-5992 (SQL injection vulnerability in index.php in datecomm Social Networking ...) NOT-FOR-US: datecomm Social Networking Script CVE-2007-5993 (Cross-site scripting (XSS) vulnerability in Visionary Technology in ...) NOT-FOR-US: vtls web gateway CVE-2007-5994 (PHP remote file inclusion vulnerability in check_noimage.php in Fritz ...) NOT-FOR-US: yappa ng CVE-2007-5995 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: php tools patBBcode CVE-2007-5996 (SQL injection vulnerability in searchresult.php in Softbiz Link ...) NOT-FOR-US: softbizscripts Link Directory Script CVE-2007-5997 (SQL injection vulnerability in campaign_stats.php in Softbiz Banner ...) NOT-FOR-US: softbizscripts Banner Exchange Network Script CVE-2007-5998 (SQL injection vulnerability in ads.php in Softbiz Ad Management plus ...) NOT-FOR-US: softbizscripts Ad Management plus Script CVE-2007-5999 (SQL injection vulnerability in product_desc.php in Softbiz Auctions ...) NOT-FOR-US: softbizscripts Softbiz Auctions Script CVE-2007-6000 (KDE Konqueror 3.5.6 and earlier allows remote attackers to cause a ...) NOTE: Client-side crash by enticing a user to visit a malicious website is not a security issue. CVE-2007-6001 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) NOT-FOR-US: Bandersnatch CVE-2007-6002 (Cross-site scripting (XSS) vulnerability in Fenriru (1) Sleipnir ...) NOT-FOR-US: Fenrir Sleipnir CVE-2007-6003 (Cross-site scripting (XSS) vulnerability in cgi/b/ic/connect in the ...) NOT-FOR-US: Thomson SpeedTouch CVE-2007-6004 (Multiple SQL injection vulnerabilities in index.php in Toko Instan 7.6 ...) NOT-FOR-US: toko instan CVE-2007-6005 (Unspecified vulnerability in the GpcContainer.GpcContainer.1 ActiveX ...) NOT-FOR-US: WebEx Communications WebEx GPCContainer ActiveX Control CVE-2007-6006 (TestLink before 1.7.1 does not enforce an unspecified authorization ...) NOT-FOR-US: testlink CVE-2007-6007 (Integer overflow in the ID_PSP.apl plug-in for ACD ACDSee Photo ...) NOT-FOR-US: ACDsee Photo Manager CVE-2007-6008 (Heap-based buffer overflow in emlsr.dll before 2.0.0.4 in Autonomy ...) NOT-FOR-US: Autonomy KeyView Filter SDK CVE-2007-6009 (Multiple buffer overflows in ACD products allow user-assisted remote ...) NOT-FOR-US: ACDsee Photo Manager CVE-2007-6010 (Unspecified vulnerability in pioneers (formerly gnocatan) 0.11.3 ...) BUG: 198807 CVE-2007-6011 (Unspecified vulnerability in main.php of BugHotel Reservation System ...) NOT-FOR-US: bug software bughotel reservation system CVE-2007-6012 (SQL injection vulnerability in SearchR.asp in DocuSafe 4.1.0 allows ...) NOT-FOR-US: DocuSafe CVE-2007-6013 (Wordpress 1.5 through 2.3.1 uses cookie values based on the MD5 hash ...) BUG: 199833 CVE-2007-6014 (SQL injection vulnerability in post.php in Beehive Forum 0.7.1 and ...) NOT-FOR-US: Beehive Forum CVE-2007-6015 (Stack-based buffer overflow in the send_mailslot function in nmbd in ...) BUG: 200773 CVE-2007-6016 (Multiple stack-based buffer overflows in the ...) NOT-FOR-US: Symantec Backup Exec for Windows Server CVE-2007-6017 (The PVATLCalendar.PVCalendar.1 ActiveX control in pvcalendar.ocx in ...) NOT-FOR-US: Symantec Backup Exec for Windows Server CVE-2007-6018 (IMP Webmail Client 4.1.5, Horde Application Framework 3.1.5, and Horde ...) BUG: 205377 CVE-2007-6019 (Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, ...) BUG: 204344 CVE-2007-6020 (Multiple stack-based buffer overflows in foliosr.dll in the Folio Flat ...) NOT-FOR-US: Symantec Mail Security CVE-2007-6021 (Heap-based buffer overflow in Adobe PageMaker 7.0.1 and 7.0.2 allows ...) NOT-FOR-US: Adobe PageMaker CVE-2007-6022 RESERVED CVE-2007-6023 RESERVED CVE-2007-6024 RESERVED CVE-2007-6025 (Stack-based buffer overflow in driver_wext.c in wpa_supplicant 0.6.0 ...) BUG: 199828 CVE-2007-6026 (Stack-based buffer overflow in Microsoft msjet40.dll 4.0.8618.0 (aka ...) NOT-FOR-US: Microsoft Jet CVE-2007-6027 (PHP remote file inclusion vulnerability in admin.jjgallery.php in the ...) NOT-FOR-US: justjoomla Carousel Flash Image Gallery CVE-2007-6028 (Multiple stack-based buffer overflows in the VSFlexGrid.VSFlexGridL ...) NOT-FOR-US: ComponentOne FlexGrid CVE-2007-6029 (Unspecified vulnerability in ClamAV 0.91.1 and 0.91.2 allows remote ...) BUG: 199823 CVE-2007-6030 (Unspecified vulnerability in Weird Solutions BOOTPTurbo 1.2 has ...) NOT-FOR-US: Weird Solutions BOOTPTurbo CVE-2007-6031 (Unspecified vulnerability in VanDyke VShell 3.0.1 allows remote ...) NOT-FOR-US: Van Dyke Technologies Vshell CVE-2007-6032 (SQL injection vulnerability in calendar/page.asp in Aleris Web ...) NOT-FOR-US: Aleris Web Publishing Server CVE-2007-6033 (Invensys Wonderware InTouch 8.0 creates a NetDDE share with insecure ...) NOT-FOR-US: Wonderware InTouch CVE-2007-6034 REJECTED NOTE: Stable since September, no need for a bug. CVE-2007-6035 (SQL injection vulnerability in graph.php in Cacti before 0.8.7a allows ...) BUG: 199509 CVE-2007-6036 (The parseRTSPRequestString function in LIVE555 Media Server 2007.11.01 ...) BUG: 204065 CVE-2007-6037 (Cross-site scripting (XSS) vulnerability in ws/generic_api_call.pl in ...) NOT-FOR-US: Citrix NetScaler CVE-2007-6038 (PHP remote file inclusion vulnerability in xajax_functions.php in the ...) NOT-FOR-US: joomlaequipment juser CVE-2007-6039 (PHP 5.2.5 and earlier allows context-dependent attackers to cause a ...) BUG: 199156 CVE-2007-6040 (The Belkin F5D7230-4 Wireless G Router allows remote attackers to ...) NOT-FOR-US: Belkin CVE-2007-6041 (Buffer overflow in the Sequencer::queueMessage function in ...) NOT-FOR-US: Rigs of Rods (RoR) CVE-2007-6042 (PHP remote file inclusion vulnerability in fehler.inc.php in SWSoft ...) NOT-FOR-US: confixx CVE-2007-6043 (The CryptGenRandom function in Microsoft Windows 2000 generates ...) NOT-FOR-US: Microsoft CVE-2007-6044 (Multiple unspecified vulnerabilities in IBM WebSphere MQ 6.0 have ...) NOT-FOR-US: IBM WebSphere MQ CVE-2007-6045 (Unspecified vulnerability in (1) DB2WATCH and (2) DB2FREEZE in IBM DB2 ...) NOT-FOR-US: IBM DB2 Universal Database CVE-2007-6046 (Unspecified vulnerability in unspecified setuid programs in IBM DB2 ...) NOT-FOR-US: IBM DB2 Universal Database CVE-2007-6047 (Unspecified vulnerability in the DB2DART tool in IBM DB2 UDB 9.1 ...) NOT-FOR-US: IBM DB2 Universal Database CVE-2007-6048 (IBM DB2 UDB 9.1 before Fixpak 4 uses incorrect permissions on ACLs for ...) NOT-FOR-US: IBM DB2 Universal Database CVE-2007-6049 (Unspecified vulnerability in the SSL LOAD GSKIT action in IBM DB2 UDB ...) NOT-FOR-US: IBM DB2 Universal Database CVE-2007-6050 (Unspecified vulnerability in DB2LICD in IBM DB2 UDB 9.1 before Fixpak ...) NOT-FOR-US: IBM DB2 Universal Database CVE-2007-6051 (IBM DB2 UDB 9.1 before Fixpak 4 assigns incorrect privileges to the ...) NOT-FOR-US: IBM DB2 Universal Database CVE-2007-6052 (IBM DB2 UDB 9.1 before Fixpak 4 does not properly perform vector ...) NOT-FOR-US: IBM DB2 Universal Database CVE-2007-6053 (IBM DB2 UDB 9.1 before Fixpak 4 does not properly handle use of large ...) NOT-FOR-US: IBM DB2 Universal Database CVE-2007-6054 (Cross-site scripting (XSS) vulnerability in the login page in the ...) NOT-FOR-US: aruba_networks mc 800 CVE-2007-6055 (Cross-site scripting (XSS) vulnerability in c/portal/login in Liferay ...) NOT-FOR-US: Liferay portal CVE-2007-6056 (frame.html in Aida-Web (Aida Web) allows remote attackers to bypass a ...) NOT-FOR-US: aida orga aida web CVE-2007-6057 (PHP remote file inclusion vulnerability in index.php in datecomm ...) NOT-FOR-US: datecomm Social Networking Script CVE-2007-6058 (Multiple SQL injection vulnerabilities in index.php in ProfileCMS 1.0 ...) NOT-FOR-US: ProfileCMS CVE-2007-6059 (** DISPUTED ** ...) BUG: 200289 CVE-2007-6060 (AhnLab Antivirus 3 Internet Security 2008 Platinum appends data to a ...) NOT-FOR-US: AhnLab v3_internet_security CVE-2007-6061 (Audacity 1.3.2 creates a temporary directory with a predictable name ...) BUG: 199751 CVE-2007-6062 (irc-channel.c in ngIRCd before 0.10.3 allows remote attackers to cause ...) NOTE: Stable since September, no need for a bug. CVE-2007-6063 (Buffer overflow in the isdn_net_setcfg function in isdn_net.c in Linux ...) BUG: 199845 CVE-2007-6064 RESERVED CVE-2007-6065 RESERVED CVE-2007-6066 RESERVED CVE-2007-6067 (Algorithmic complexity vulnerability in the regular expression parser ...) BUG: 204760 CVE-2007-6068 RESERVED CVE-2007-6069 RESERVED CVE-2007-6070 RESERVED BUG: 217047 CVE-2007-6071 RESERVED CVE-2007-6072 RESERVED CVE-2007-6073 RESERVED CVE-2007-6074 RESERVED CVE-2007-6075 RESERVED CVE-2007-6076 RESERVED CVE-2007-6077 (The session fixation protection mechanism in cgi_process.rb in Rails ...) BUG: 200159 CVE-2007-6078 (Multiple SQL injection vulnerabilities in SkyPortal RC6 allow remote ...) NOT-FOR-US: SkyPortal CVE-2007-6079 (Directory traversal vulnerability in include/common.php in bcoos ...) NOT-FOR-US: bcoos CVE-2007-6080 (SQL injection vulnerability in modules/banners/click.php in the ...) NOT-FOR-US: bcoos CVE-2007-6081 (AdventNet EventLog Analyzer build 4030 for Windows, and possibly other ...) NOT-FOR-US: AdventNet eventlog_analyzer CVE-2007-6082 (Direct static code injection vulnerability in acp/savenews.php in ...) NOT-FOR-US: sciurus_hosting_panel CVE-2007-6083 (SQL injection vulnerability in admin/index.php in IceBB 1.0-rc6 allows ...) NOT-FOR-US: IceBB CVE-2007-6084 (SQL injection vulnerability in software-description.php in HotScripts ...) NOT-FOR-US: Hotscripts clone_script CVE-2007-6085 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) NOT-FOR-US: vigilecms CVE-2007-6086 (Directory traversal vulnerability in index.php in VigileCMS 1.4 allows ...) NOT-FOR-US: vigilecms CVE-2007-6087 (Cross-site request forgery (CSRF) vulnerability in index.php in ...) NOT-FOR-US: vigilecms CVE-2007-6088 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: phpbbviet CVE-2007-6089 (PHP remote file inclusion vulnerability in index.php in meBiblio 0.4.5 ...) NOT-FOR-US: mebiblio CVE-2007-6090 (Cross-site scripting (XSS) vulnerability in index.php in Nuked-Klan ...) NOT-FOR-US: Nuked Klan CVE-2007-6091 (Multiple SQL injection vulnerabilities in files/login.asp in JiRo's ...) NOT-FOR-US: JiRO Banner System CVE-2007-6092 (Buffer overflow in libsrtp in Ingate Firewall before 4.6.0 and ...) NOT-FOR-US: Ingate SIParator CVE-2007-6093 (The SRTP implementation in Ingate Firewall before 4.6.0 and SIParator ...) NOT-FOR-US: Ingate SIParator CVE-2007-6094 (The IPsec module in the VPN component in Ingate Firewall before 4.6.0 ...) NOT-FOR-US: Ingate SIParator CVE-2007-6095 (The SIP component in Ingate Firewall before 4.6.0 and SIParator before ...) NOT-FOR-US: Ingate SIParator CVE-2007-6096 (Ingate Firewall before 4.6.0 and SIParator before 4.6.0 use cleartext ...) NOT-FOR-US: Ingate SIParator CVE-2007-6097 (Unspecified vulnerability in the ICMP implementation in Ingate ...) NOT-FOR-US: Ingate SIParator CVE-2007-6098 (Ingate Firewall before 4.6.0 and SIParator before 4.6.0 do not log ...) NOT-FOR-US: Ingate SIParator CVE-2007-6099 (Unspecified vulnerability in Ingate Firewall before 4.6.0 and ...) NOT-FOR-US: Ingate SIParator CVE-2007-6100 (Cross-site scripting (XSS) vulnerability in ...) BUG: 198801 CVE-2007-6101 (Ability Mail Server before 2.61 allows remote authenticated users to ...) NOT-FOR-US: Ability Mail Server CVE-2007-6102 (Cross-site scripting (XSS) vulnerability in Feed to JavaScript ...) NOT-FOR-US: Feed2JS CVE-2007-6103 (I Hear U (IHU) 0.5.6 and earlier allows remote attackers to cause (1) ...) NOT-FOR-US: I Hear U (IHU) CVE-2007-6104 (Cross-site scripting (XSS) vulnerability in the Instant Web Publishing ...) NOT-FOR-US: FileMaker Pro CVE-2007-6105 (Multiple PHP remote file inclusion vulnerabilities in TalkBack 2.2.7 ...) NOT-FOR-US: TalkBack CVE-2007-6106 (SQL injection vulnerability in index.php in AlstraSoft E-Friends 4.98 ...) NOT-FOR-US: AlstraSoft CVE-2007-6107 RESERVED CVE-2007-6108 RESERVED CVE-2007-6109 (Stack-based buffer overflow in emacs allows user-assisted attackers to ...) BUG: 200297 CVE-2007-6110 (Cross-site scripting (XSS) vulnerability in htsearch in htdig 3.2.0b6 ...) BUG: 200285 CVE-2007-6111 (Multiple unspecified vulnerabilities in Wireshark (formerly Ethereal) ...) BUG: 199958 CVE-2007-6112 (Buffer overflow in the PPP dissector Wireshark (formerly Ethereal) ...) BUG: 199958 CVE-2007-6113 (Integer signedness error in the DNP3 dissector in Wireshark (formerly ...) BUG: 199958 CVE-2007-6114 (Multiple buffer overflows in Wireshark (formerly Ethereal) 0.99.0 ...) BUG: 199958 CVE-2007-6115 (Buffer overflow in the ANSI MAP dissector for Wireshark (formerly ...) BUG: 199958 CVE-2007-6116 (The Firebird/Interbase dissector in Wireshark (formerly Ethereal) ...) BUG: 199958 CVE-2007-6117 (Unspecified vulnerability in the HTTP dissector for Wireshark ...) BUG: 199958 CVE-2007-6118 (The MEGACO dissector in Wireshark (formerly Ethereal) 0.9.14 to 0.99.6 ...) BUG: 199958 CVE-2007-6119 (The DCP ETSI dissector in Wireshark (formerly Ethereal) 0.99.6 allows ...) BUG: 199958 CVE-2007-6120 (The Bluetooth SDP dissector Wireshark (formerly Ethereal) 0.99.2 to ...) BUG: 199958 CVE-2007-6121 (Wireshark (formerly Ethereal) 0.8.16 to 0.99.6 allows remote attackers ...) BUG: 199958 CVE-2007-6122 (The default_encrypt function in encrypt.c in IRC Services before ...) BUG: 199897 BUG: 200467 CVE-2007-6123 (Unspecified vulnerability in IRC Services 5.1.8 has unknown impact and ...) NOTE: We don't ship 5.1.8 CVE-2007-6124 (Cross-site scripting (XSS) vulnerability in signin.php in Softbiz ...) NOT-FOR-US: Softbiz Freelancers Script CVE-2007-6125 (SQL injection vulnerability in search_form.php in Softbiz Freelancers ...) NOT-FOR-US: Softbiz Freelancers Script CVE-2007-6126 (Multiple cross-site scripting (XSS) vulnerabilities in project alumni ...) NOT-FOR-US: project alumni CVE-2007-6127 (Multiple SQL injection vulnerabilities in project alumni 1.0.9 and ...) NOT-FOR-US: project alumni CVE-2007-6128 (SQL injection vulnerability in events.php in WorkingOnWeb 2.0.1400 ...) NOT-FOR-US: WorkingOnWeb CVE-2007-6129 (Directory traversal vulnerability in scripts/include/show_content.php ...) NOT-FOR-US: Amber Script CVE-2007-6130 (gnump3d 2.9final does not apply password protection to its plugins, ...) BUG: 193132 CVE-2007-6131 (buttonpressed.sh in scanbuttond 0.2.3 allows local users to overwrite ...) NOT-FOR-US: scanbuttond CVE-2007-6132 REJECTED CVE-2007-6133 (PHP remote file inclusion vulnerability in admin/kfm/initialise.php in ...) NOT-FOR-US: DevMass Cart CVE-2007-6134 (SQL injection vulnerability in pkinc/public/article.php in PHPKIT ...) NOT-FOR-US: PHPKIT CVE-2007-6135 (Cross-site scripting (XSS) vulnerability in phpslideshow.php in ...) NOT-FOR-US: PHPSlideShow CVE-2007-6136 (Multiplce cross-site scripting (XSS) vulnerabilities in index.php in ...) NOT-FOR-US: M2Scripts My Space Scripts Poll Creator CVE-2007-6137 (SQL injection vulnerability in news.php in Content Injector 1.52 ...) NOT-FOR-US: p3mbo Content Injector CVE-2007-6138 (SQL injection vulnerability in redir.asp in VU Mass Mailer allows ...) NOT-FOR-US: VU Mass Mailer CVE-2007-6139 (PHP remote file inclusion vulnerability in index.php in Mp3 ToolBox ...) NOT-FOR-US: Mp3 Toolbox CVE-2007-6140 (Multiple SQL injection vulnerabilities in Dora Emlak 2.0 allow remote ...) NOT-FOR-US: Dora Emlak CVE-2007-6141 (Cross-site scripting (XSS) vulnerability in vBTube.php in vBTube 1.1 ...) NOT-FOR-US: VBTube CVE-2007-6142 (Multiple cross-site scripting (XSS) vulnerabilities in ph03y3nk just ...) NOT-FOR-US: Salims Softhouse JAF CMS CVE-2007-6143 (SQL injection vulnerability in default.asp (aka the Login Page) in VU ...) NOT-FOR-US: VU Case Manager CVE-2007-6144 (Heap-based buffer overflow in the PPlayer.XPPlayer.1 ActiveX control ...) NOT-FOR-US: Xunlei Web Thunder CVE-2007-6145 (Unspecified vulnerability in Hitachi JP1/File Transmission Server/FTP ...) NOT-FOR-US: Hitachi JP1 File Transmission Server CVE-2007-6146 (Hitachi JP1/File Transmission Server/FTP 01-00 through 08-10-02 on ...) NOT-FOR-US: Hitachi JP1 File Transmission Server CVE-2007-6147 (Multiple PHP remote file inclusion vulnerabilities in IAPR COMMENCE ...) NOT-FOR-US: iaprcommence IAPR COMMENCE CVE-2007-6148 (Use-after-free vulnerability in the Edge server in Adobe Flash Media ...) NOT-FOR-US: Edge server in Adobe Flash Media Server CVE-2007-6149 (Multiple integer overflows in the Edge server in Adobe Flash Media ...) NOT-FOR-US: Edge server in Adobe Flash Media Server CVE-2007-6150 (The "internal state tracking" code for the random and urandom devices ...) BUG: 200959 CVE-2007-6151 (The isdn_ioctl function in isdn_common.c in Linux kernel 2.6.23 allows ...) BUG: 202290 CVE-2007-6152 RESERVED CVE-2007-6153 RESERVED CVE-2007-6154 RESERVED CVE-2007-6155 RESERVED CVE-2007-6156 (Multiple cross-site scripting (XSS) vulnerabilities in ...) BUG: 202750 CVE-2007-6157 (Cross-site scripting (XSS) vulnerability in index.php in SimpleGallery ...) NOT-FOR-US: SimpleGallery CVE-2007-6158 (Multiple SQL injection vulnerabilities in caladmin.inc.php in Proverbs ...) NOT-FOR-US: Proverbs Web Calendar CVE-2007-6159 (SQL injection vulnerability in index.php in Tilde CMS 4.x and earlier ...) NOT-FOR-US: Tilde CMS CVE-2007-6160 (Cross-site scripting (XSS) vulnerability in index.php in Tilde CMS 4.x ...) NOT-FOR-US: Tilde CMS CVE-2007-6161 (index.php in Tilde CMS 4.x and earlier allows remote attackers to ...) NOT-FOR-US: Tilde CMS CVE-2007-6162 (Cross-site scripting (XSS) vulnerability in index.php in FMDeluxe ...) NOT-FOR-US: WSDeluxe FMDeluxe CVE-2007-6163 (SQL injection vulnerability in admin/index2.asp in GOUAE DWD Realty ...) NOT-FOR-US: GOUAE DWD Realty CVE-2007-6164 (Multiple SQL injection vulnerabilities in Eurologon CMS allow remote ...) NOT-FOR-US: Eurologon CMS CVE-2007-6165 (Mail in Apple Mac OS X Leopard (10.5.1) allows user-assisted remote ...) NOT-FOR-US: Apple Mac OS X CVE-2007-6166 (Stack-based buffer overflow in Apple QuickTime before 7.3.1, as used ...) BUG: 150288 CVE-2007-6167 (Untrusted search path vulnerability in yast2-core in SUSE Linux might ...) NOT-FOR-US: SuSE yast CVE-2007-6168 (SQL injection vulnerability in default.asp in VU Case Manager allows ...) NOT-FOR-US: VU Case Manager CVE-2007-6169 (SQL injection vulnerability in admin/index2.asp in GOUAE DWD Realty ...) NOT-FOR-US: GOUAE DWD Realty CVE-2007-6170 (SQL injection vulnerability in the Call Detail Record Postgres logging ...) BUG: 200792 CVE-2007-6171 (SQL injection vulnerability in the Postgres Realtime Engine ...) NOTE: Asterisk 1.4 CVE-2007-6172 (Multiple SQL injection vulnerabilities in wpQuiz 2.7 allow remote ...) NOT-FOR-US: Wire Plastic Design WpQuiz CVE-2007-6173 (Cross-site scripting (XSS) vulnerability in c/portal/login in Liferay ...) NOT-FOR-US: Liferay Enterprise Portal CVE-2007-6174 (PHPDevShell before 0.7.0 allows remote authenticated users to gain ...) NOT-FOR-US: PHPDevShell CVE-2007-6175 (Buffer overflow in Lhaplus 1.55 and earlier allows remote attackers to ...) NOT-FOR-US: Lhaplus CVE-2007-6176 (kb_whois.cgi in K+B-Bestellsystem (aka KB-Bestellsystem) allows remote ...) NOT-FOR-US: Amensa Soft K B Bestellsystem CVE-2007-6177 (PHP remote file inclusion vulnerability in Exchange/include.php in ...) NOT-FOR-US: PHP Con CVE-2007-6178 (Multiple PHP remote file inclusion vulnerabilities in Easy Hosting ...) NOT-FOR-US: Easy Hosting Control Panel CVE-2007-6179 (Multiple PHP remote file inclusion vulnerabilities in Charray's CMS ...) NOT-FOR-US: Kinson Chan Charray CMS CVE-2007-6180 (Race condition in the Remote Procedure Call kernel module (rpcmod) in ...) NOT-FOR-US: Sun Solaris CVE-2007-6181 (Heap-based buffer overflow in cygwin1.dll in Cygwin 1.5.7 and earlier ...) NOT-FOR-US: Red Hat Cygwin_dll CVE-2007-6182 (The responder program in ISPsystem ISPmanager (aka ISPmgr) 4.2.15.1 ...) NOT-FOR-US: Growth ISPManager CVE-2007-6183 (Format string vulnerability in the mdiag_initialize function in ...) BUG: 200623 CVE-2007-6184 (Directory traversal vulnerability in index.php in Project Alumni 1.0.9 ...) NOT-FOR-US: Project Alumni CVE-2007-6185 (Directory traversal vulnerability in users/files.php in Eurologon CMS ...) NOT-FOR-US: Eurologon CMS CVE-2007-6186 (Unspecified vulnerability in PHPDevShell before 0.7.0 has unknown ...) NOT-FOR-US: PHPDevShell CVE-2007-6187 (Multiple directory traversal vulnerabilities in PHP Content Architect ...) NOT-FOR-US: PHP Content Architect CVE-2007-6188 (Multiple directory traversal vulnerabilities in TuMusika Evolution ...) NOT-FOR-US: TuMusika Evolution CVE-2007-6189 (A certain ActiveX control in (1) OScan8.ocx and (2) Oscan81.ocx in ...) NOT-FOR-US: BitDefender Online Anti Virus Scanner CVE-2007-6190 (The HTTP daemon in the Cisco Unified IP Phone, when the Extension ...) NOT-FOR-US: Cisco Unified IP Phone CVE-2007-6191 (Multiple PHP remote file inclusion vulnerabilities in Armin Burger ...) NOT-FOR-US: pmapper p mapper CVE-2007-6192 (The web management interface in Citrix NetScaler 8.0 build 47.8 uses ...) NOT-FOR-US: Citrix NetScaler CVE-2007-6193 (The web management interface in Citrix NetScaler 8.0 build 47.8 stores ...) NOT-FOR-US: Citrix NetScaler CVE-2007-6194 (Unspecified vulnerability in HP Select Identity 4.01 before 4.01.012 ...) NOT-FOR-US: HP Select Identity CVE-2007-6195 (Buffer overflow in the sw_rpc_agent_init function in swagentd in ...) NOT-FOR-US: HP-UX CVE-2007-6196 (Cross-site scripting (XSS) vulnerability in util.php in Calacode @Mail ...) NOT-FOR-US: Calacode @Mail CVE-2007-6197 (The Plumtree portal in BEA AquaLogic Interaction 5.0.2 through 5.0.4 ...) NOT-FOR-US: BEA AquaLogic Interaction CVE-2007-6198 (portal/server.pt in the Plumtree portal in BEA AquaLogic Interaction ...) NOT-FOR-US: AquaLogic Interaction CVE-2007-6199 (rsync before 3.0.0pre6, when running a writable rsync daemon that is ...) BUG: 200821 CVE-2007-6200 (Unspecified vulnerability in rsync before 3.0.0pre6, when running a ...) BUG: 200821 CVE-2007-6201 (Unspecified vulnerability in Wesnoth 1.2.x before 1.2.8, and 1.3.x ...) BUG: 200789 CVE-2007-6202 (SQL injection vulnerability in plugins/search/search.php in Neocrome ...) NOT-FOR-US: Seditio CMS CVE-2007-6203 (Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method ...) BUG: 201163 CVE-2007-6204 (Multiple stack-based buffer overflows in HP OpenView Network Node ...) NOT-FOR-US: HP CVE-2007-6205 (Cross-site scripting (XSS) vulnerability in the remote RSS sidebar ...) NOT-FOR-US: Serendipity CVE-2007-6206 (The do_coredump function in fs/exec.c in Linux kernel 2.4.x and 2.6.x ...) BUG: 200777 CVE-2007-6207 (Xen 3.x, possibly before 3.1.2, when running on IA64 systems, does not ...) NOTE: Xen 3.1.2 is already in the tree and in ~arch. CVE-2007-6208 (sylprint.pl in claws mail tools (claws-mail-tools) allows local users ...) BUG: 201244 CVE-2007-6209 (Util/difflog.pl in zsh 4.3.4 allows local users to overwrite arbitrary ...) BUG: 201022 CVE-2007-6210 (zabbix_agentd 1.1.4 in ZABBIX before 1.4.3 runs "UserParameter" ...) BUG: 201242 CVE-2007-6211 (Send ICMP Nasty Garbage (sing) on Debian GNU/Linux allows local users ...) NOT-FOR-US: sing CVE-2007-6212 (Directory traversal vulnerability in region.php in KML share 1.1 ...) NOT-FOR-US: Google KML CVE-2007-6213 (Multiple directory traversal vulnerabilities in mod/chat/index.php in ...) NOT-FOR-US: WebED CVE-2007-6214 (Directory traversal vulnerability in include/file_download.php in ...) NOT-FOR-US: LearnLoop CVE-2007-6215 (Multiple directory traversal vulnerabilities in play.php in Web-MeetMe ...) NOT-FOR-US: Web MeetMe CVE-2007-6216 (Race condition in the Fibre Channel protocol (fcp) driver and Devices ...) NOT-FOR-US: Sun Solaris CVE-2007-6217 (Multiple SQL injection vulnerabilities in login.asp in Irola My-Time ...) NOT-FOR-US: Irola My Time CVE-2007-6218 (Multiple PHP remote file inclusion vulnerabilities in Ossigeno CMS 2.2 ...) NOT-FOR-US: Ossigeno CMS CVE-2007-6219 (Cross-site scripting (XSS) vulnerability in IBM Tivoli Netcool ...) NOT-FOR-US: IBM Tivoli Netcool Security Manager CVE-2007-6220 (typespeed before 0.6.4 allows remote attackers to cause a denial of ...) BUG: 201435 CVE-2007-6221 (TuMusika Evolution 1.7R5 allows remote attackers to obtain ...) NOT-FOR-US: TuMusika Evolution CVE-2007-6222 (The CheckCustomerAccess function in functions.php in CRM-CTT ...) NOT-FOR-US: CRM_CTT Interleave CVE-2007-6223 (SQL injection vulnerability in garage.php in phpBB Garage 1.2.0 Beta3 ...) NOT-FOR-US: phpBB Garage CVE-2007-6224 (The RealNetworks RealAudioObjects.RealAudio ActiveX control in ...) NOT-FOR-US: RealPlayer ActiveX CVE-2007-6225 (Unspecified vulnerability in Sun Solaris 10, when 64bit mode is used ...) NOT-FOR-US: Sun Solaris CVE-2007-6226 (The American Power Conversion (APC) AP7932 0u 30amp Switched Rack ...) NOT-FOR-US: APC OAS CVE-2007-6227 (QEMU 0.9.0 allows local users of a Windows XP SP2 guest operating ...) BUG: 201434 CVE-2007-6228 (Stack-based buffer overflow in the Helper class in the yt.ythelper.2 ...) NOT-FOR-US: Yahoo Toolbar CVE-2007-6229 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Rayzz Script CVE-2007-6230 (Directory traversal vulnerability in ...) NOT-FOR-US: Rayzz Script CVE-2007-6231 (Multiple PHP remote file inclusion vulnerabilities in tellmatic 1.0.7 ...) NOT-FOR-US: Tellmatic CVE-2007-6232 (Cross-site scripting (XSS) vulnerability in index.php in FTP Admin ...) NOT-FOR-US: FTP Admin CVE-2007-6233 (Directory traversal vulnerability in index.php in FTP Admin 0.1.0 ...) NOT-FOR-US: FTP Admin CVE-2007-6234 (index.php in FTP Admin 0.1.0 allows remote attackers to bypass ...) NOT-FOR-US: FTP Admin CVE-2007-6235 (A certain ActiveX control in RealNetworks RealPlayer 11 allows remote ...) NOT-FOR-US: RealPlayer ActiveX CVE-2007-6236 (Microsoft Windows Media Player (WMP) allows remote attackers to cause ...) NOT-FOR-US: Microsoft Windows Media Player CVE-2007-6237 (cp.php in DeluxeBB 1.09 does not verify that the membercookie ...) NOT-FOR-US: DeluxeBB CVE-2007-6238 (Unspecified vulnerability in Apple QuickTime 7.2 on Windows XP allows ...) NOT-FOR-US: Apple Quicktime NOTE: Unspecified CVE-2007-6239 (The "cache update reply processing" functionality in Squid 2.x before ...) BUG: 201209 CVE-2007-6240 (SQL injection vulnerability in active.asp in Snitz Forums 2000 3.4.06 ...) NOT-FOR-US: Snitz Forums 2000 Snitz Forums CVE-2007-6241 (Multiple unspecified vulnerabilities in Beehive Forum 0.7.1 have ...) NOT-FOR-US: Beehive Forum CVE-2007-6242 (Unspecified vulnerability in Adobe Flash Player 9.0.48.0 and earlier ...) BUG: 193519 CVE-2007-6243 (Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up ...) BUG: 193519 BUG: 204344 CVE-2007-6244 (Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash ...) BUG: 193519 CVE-2007-6245 (Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up ...) BUG: 193519 CVE-2007-6246 (Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up ...) BUG: 193519 CVE-2007-6247 RESERVED CVE-2007-6248 RESERVED CVE-2007-6249 (etc-update in Portage before 2.1.3.11 on Gentoo Linux relies on the ...) BUG: 193589 CVE-2007-6250 (Stack-based buffer overflow in AOL AOLMediaPlaybackControl ...) NOT-FOR-US: AOL CVE-2007-6251 RESERVED CVE-2007-6252 (Multiple stack-based buffer overflows in the Learn2 Corporation ...) NOT-FOR-US: Learn2 STRunner CVE-2007-6253 (Multiple buffer overflows in Adobe Form Designer 5.0 and Form Client ...) NOT-FOR-US: Adobe Form Designer CVE-2007-6254 (Stack-based buffer overflow in the SAP Business Objects ...) NOT-FOR-US: businessobjects Business Objects CVE-2007-6255 (Buffer overflow in the Microsoft HeartbeatCtl ActiveX control in ...) NOT-FOR-US: Microsoft ie CVE-2007-6256 RESERVED CVE-2007-6257 RESERVED CVE-2007-6258 (Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV ...) NOT-FOR-US: F5 BIG IP CVE-2007-6259 RESERVED CVE-2007-6260 (The installation process for Oracle 10g and llg uses accounts with ...) NOT-FOR-US: Oracle Database 10g CVE-2007-6261 (Integer overflow in the load_threadstack function in the Mach-O loader ...) NOT-FOR-US: Apple Mac OS X CVE-2007-6262 (A certain ActiveX control in axvlc.dll in VideoLAN VLC 0.8.6 before ...) NOTE: Windows only. CVE-2007-6263 (The dataconn function in ftpd.c in netkit ftpd (netkit-ftpd) 0.17, ...) BUG: 199206 CVE-2007-6264 RESERVED CVE-2007-6265 (Unspecified vulnerability in avast! 4 Home and Professional Editions ...) NOT-FOR-US: Avast Antivirus Home CVE-2007-6266 (Multiple SQL injection vulnerabilities in bcoos 1.0.10 and earlier ...) NOT-FOR-US: bcoos CVE-2007-6267 (Citrix EdgeSight 4.2 and 4.5 for Presentation Server, EdgeSight 4.2 ...) NOT-FOR-US: Citrix EdgeSight for NetScaler CVE-2007-6268 (Directory traversal vulnerability in pages/default.aspx in Absolute ...) NOT-FOR-US: XIGLA Absolute News Manager NET CVE-2007-6269 (Multiple SQL injection vulnerabilities in xlaabsolutenm.aspx in ...) NOT-FOR-US: XIGLA Absolute News Manager NET CVE-2007-6270 (Multiple cross-site scripting (XSS) vulnerabilities in Absolute News ...) NOT-FOR-US: XIGLA Absolute News Manager NET CVE-2007-6271 (Absolute News Manager.NET 5.1 allows remote attackers to obtain ...) NOT-FOR-US: XIGLA Absolute News Manager NET CVE-2007-6272 (Multiple SQL injection vulnerabilities in index.php in Joomla! 1.5 RC3 ...) NOTE: Issues affecting Joomla! 1.5 RC3 only. CVE-2007-6273 (Multiple format string vulnerabilities in the configuration file in ...) NOT-FOR-US: SonicWall Global VPN Client CVE-2007-6274 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: bcoos CVE-2007-6275 (SQL injection vulnerability in modules/adresses/ratefile.php in bcoos ...) NOT-FOR-US: bcoos CVE-2007-6276 (The accept_connections function in the virtual private network daemon ...) NOT-FOR-US: Apple Mac OS X CVE-2007-6277 (Multiple buffer overflows in Free Lossless Audio Codec (FLAC) libFLAC ...) BUG: 195700 NOTE: We handled stabling of a fixed version before. CVE-2007-6278 (Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allows ...) BUG: 195700 NOTE: We handled stabling of a fixed version before. CVE-2007-6279 (Multiple double free vulnerabilities in Free Lossless Audio Codec ...) BUG: 195700 NOTE: We handled stabling of a fixed version before. CVE-2007-6280 RESERVED CVE-2007-6281 (Heap-based buffer overflow in Open File Manager service (ofmnt.exe) in ...) NOT-FOR-US: St Bernard Open File Manager CVE-2007-6282 (The IPsec implementation in Linux kernel before 2.6.25 allows remote ...) BUG: 220975 CVE-2007-6283 (Red Hat Enterprise Linux 5 and Fedora install the Bind /etc/rndc.key ...) NOT-FOR-US: /etc/bind/rndc.key is only read/writeable by user named CVE-2007-6284 (The xmlCurrentChar function in libxml2 before 2.6.31 allows ...) BUG: 202628 CVE-2007-6285 (The default configuration for autofs 5 (autofs5) in some Linux ...) NOTE: We do not ship autofs 5 CVE-2007-6286 (Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the ...) BUG: 209410 CVE-2007-6287 (Cross-site scripting (XSS) vulnerability in the login page in Lxlabs ...) NOT-FOR-US: LxLabs HyperVM CVE-2007-6288 (Multiple SQL injection vulnerabilities in TCExam before 5.1.000 allow ...) NOT-FOR-US: Tecnick com TCExam CVE-2007-6289 (Multiple PHP remote file inclusion vulnerabilities in SerWeb 2.0.0 ...) NOT-FOR-US: IPTel SERWeb CVE-2007-6290 (Multiple directory traversal vulnerabilities in js/get_js.php in ...) NOT-FOR-US: IPTel SERWeb CVE-2007-6291 (SQL injection vulnerability in abm.aspx in Xigla Absolute Banner ...) NOT-FOR-US: XIGLA Absolute Banner Manager NET CVE-2007-6292 (SQL injection vulnerability in leggi_commenti.asp in MWOpen 1.4 and ...) NOT-FOR-US: MWOpen E commerce CVE-2007-6293 (Multiple unspecified vulnerabilities in IBM Hardware Management ...) NOT-FOR-US: IBM Hardware Management Console CVE-2007-6294 (Multiple unspecified vulnerabilities in IBM Hardware Management ...) NOT-FOR-US: IBM Hardware Management Console CVE-2007-6295 (Cross-site scripting (XSS) vulnerability in the WebRunMenuFrame page ...) NOT-FOR-US: IBM Lotus Sametime CVE-2007-6296 (PHP remote file inclusion vulnerability in users_popupL.php3 in ...) NOT-FOR-US: phpMyChat CVE-2007-6297 (Multiple cross-site scripting (XSS) vulnerabilities in PHPMyChat ...) NOT-FOR-US: PHP Heaven PHPMyChat CVE-2007-6298 (Cross-site scripting (XSS) vulnerability in the Shoutbox module for ...) NOT-FOR-US: Drupal Shoutbox CVE-2007-6299 (Multiple SQL injection vulnerabilities in Drupal and vbDrupal 4.7.x ...) BUG: 201550 CVE-2007-6300 (Cross-site request forgery (CSRF) vulnerability in Fusion News 3.9.0 ...) NOT-FOR-US: Fusion News CVE-2007-6301 (Cross-site scripting (XSS) vulnerability in compose.php in ...) NOT-FOR-US: Open Newsletter CVE-2007-6302 (Multiple heap-based buffer overflows in avirus.exe in Novell NetMail ...) NOT-FOR-US: Novell NetMail CVE-2007-6303 (MySQL 5.0.x before 5.0.51a, 5.1.x before 5.1.23, and 6.0.x before 6.0.4 ...) BUG: 201669 CVE-2007-6304 (The federated engine in MySQL 5.0.x before 5.0.51a, 5.1.x before ...) BUG: 201669 CVE-2007-6305 (Multiple unspecified vulnerabilities in IBM Hardware Management ...) NOT-FOR-US: IBM Hardware Management Console CVE-2007-6306 (Multiple cross-site scripting (XSS) vulnerabilities in the image map ...) BUG: 203193 CVE-2007-6307 (Multiple cross-site scripting (XSS) vulnerabilities in clickstats.php ...) NOT-FOR-US: wwwstats CVE-2007-6308 (Cross-site scripting (XSS) vulnerability in HttpLogger 0.8.1 allows ...) NOT-FOR-US: HttpLogger CVE-2007-6309 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) NOT-FOR-US: webSPELL CVE-2007-6310 (Multiple cross-site scripting (XSS) vulnerabilities in Falt4Extreme ...) NOT-FOR-US: Falt4Extreme CVE-2007-6311 (SQL injection vulnerability in (1) index.php, and possibly (2) ...) NOT-FOR-US: Falt4Extreme CVE-2007-6312 (Cross-site scripting (XSS) vulnerability in the logon page in Web ...) NOT-FOR-US: Websense Enterprise CVE-2007-6313 (MySQL Server 5.1.x before 5.1.23 and 6.0.x before 6.0.4 does not check ...) NOT-FOR-US: we ship 5.0 so this one does not interest CVE-2007-6314 (BarracudaDrive Web Server before 3.8 allows remote attackers to read ...) NOT-FOR-US: BarracudaDrive Web Server CVE-2007-6315 (Group Chat in BarracudaDrive Web Server before 3.8 allows remote ...) NOT-FOR-US: BarracudaDrive Web Server CVE-2007-6316 (Cross-site scripting (XSS) vulnerability in BarracudaDrive Web Server ...) NOT-FOR-US: BarracudaDrive Web Server CVE-2007-6317 (Multiple directory traversal vulnerabilities in BarracudaDrive Web ...) NOT-FOR-US: BarracudaDrive Web Server CVE-2007-6318 (SQL injection vulnerability in wp-includes/query.php in WordPress ...) BUG: 202071 CVE-2007-6319 (Multiple unspecified vulnerabilities in Lyris ListManager 8.x before ...) NOT-FOR-US: Lyris List Manager CVE-2007-6320 (Feature 4.7.x-dev and 5.x-dev before 20071206, a Drupal module, does ...) NOT-FOR-US: Drupal module CVE-2007-6321 (Cross-site scripting (XSS) vulnerability in RoundCube webmail 0.1rc2, ...) NOT-FOR-US: RoundCube CVE-2007-6322 (Directory traversal vulnerability in filedownload.php in xml2owl 0.1.1 ...) NOT-FOR-US: xml2owl CVE-2007-6323 (Multiple directory traversal vulnerabilities in MMS Gallery PHP 1.0 ...) NOT-FOR-US: MMS Gallery PHP CVE-2007-6324 (PHP remote file inclusion vulnerability in head.php in CityWriter ...) NOT-FOR-US: CityWriter CVE-2007-6325 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Fastpublish CVE-2007-6326 (Sergey Lyubka Simple HTTPD (shttpd) 1.3 on Windows allows remote ...) NOT-FOR-US: This only affects the Windows Version CVE-2007-6327 (Buffer overflow in a certain ActiveX control in Online Media ...) NOT-FOR-US: Windows... CVE-2007-6328 (** DISPUTED ** ...) NOTE: DOSBox emulation is not a security feature and this CVE describes NOTE: a design decision. CVE-2007-6329 (Microsoft Office 2007 12.0.6015.5000 and MSO 12.0.6017.5000 do not ...) NOT-FOR-US: Microsoft Office... CVE-2007-6330 (Meridian Prolog Manager 2007, and 7.5 and earlier, sends all usernames ...) NOT-FOR-US: 1 CVE-2007-6331 (Absolute path traversal vulnerability in the HPInfoDLL.HPInfo.1 ...) NOT-FOR-US: HPInfoDLL HPInfo 1 CVE-2007-6332 (The HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as ...) NOT-FOR-US: HPInfoDLL dll CVE-2007-6333 (The HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as ...) NOT-FOR-US: HPInfoDLL dll CVE-2007-6334 (Ingres 2.5 and 2.6 on Windows, as used in multiple CA products and ...) NOT-FOR-US: Ingres CVE-2007-6335 (Integer overflow in libclamav in ClamAV before 0.92 allows remote ...) BUG: 202762 CVE-2007-6336 (Off-by-one error in ClamAV before 0.92 allows remote attackers to ...) BUG: 202762 CVE-2007-6337 (Unspecified vulnerability in the bzip2 decompression algorithm in ...) BUG: 202762 CVE-2007-6338 (SQL injection vulnerability in userlogin.jsp in Trivantis CourseMill ...) NOT-FOR-US: Trivantis CourseMill Enterprise CVE-2007-6339 (The Akamai Download Manager (aka DLM or dlmanager) ActiveX control ...) NOT-FOR-US: Akamai Technologies Download Manager CVE-2007-6340 (Geert Moernaut LSrunasE 1.0 and Supercrypt 1.0 use the RC4 stream ...) NOT-FOR-US: Geert CVE-2007-6341 (Net/DNS/RR/A.pm in Net::DNS 0.60 build 654, as used in packages such ...) BUG: 203074 CVE-2007-6342 (SQL injection vulnerability in the David Castro AuthCAS module ...) NOT-FOR-US: David CVE-2007-6343 (Cross-site scripting (XSS) vulnerability in HP OpenView Network Node ...) NOT-FOR-US: HP CVE-2007-6344 (Directory traversal vulnerability in modules/cms/index.php in Mcms ...) NOT-FOR-US: Mcms CVE-2007-6345 (SQL injection vulnerability in aurora framework before 20071208 allows ...) NOT-FOR-US: aurora CVE-2007-6346 (Cross-site scripting (XSS) vulnerability in Rainboard before 2.10 ...) NOT-FOR-US: Rainboard CVE-2007-6347 (PHP remote file inclusion vulnerability in blocks/block_site_map.php ...) NOT-FOR-US: ViArt CVE-2007-6348 (SquirrelMail 1.4.11 and 1.4.12, as distributed on sourceforge.net ...) NOT-FOR-US: does not affect the Source Tarballs on our mirrors CVE-2007-6349 (P4Webs.exe in Perforce P4Web 2006.2 and earlier, when running on ...) NOT-FOR-US: Perforce P4Web CVE-2007-6350 (scponly 4.6 and earlier allows remote authenticated users to bypass ...) BUG: 201726 CVE-2007-6351 (libexif 0.6.16 and earlier allows context-dependent attackers to cause ...) BUG: 202350 CVE-2007-6352 (Integer overflow in libexif 0.6.16 and earlier allows ...) BUG: 202350 CVE-2007-6353 (Integer overflow in exif.cpp in exiv2 library allows context-dependent ...) BUG: 202351 CVE-2007-6354 (Unspecified vulnerability in exiftags before 1.01 has unknown impact ...) BUG: 202354 CVE-2007-6355 (Integer overflow in exiftags before 1.01 has unknown impact and attack ...) BUG: 202354 CVE-2007-6356 (exiftags before 1.01 allows attackers to cause a denial of service ...) BUG: 202354 CVE-2007-6357 (Stack-based buffer overflow in Microsoft Office Access allows remote, ...) NOT-FOR-US: Micro$oft CVE-2007-6358 (pdftops.pl before 1.20 in alternate pdftops filter allows local users ...) BUG: 201042 CVE-2007-6359 (The cs_validate_page function in bsd/kern/ubc_subr.c in the xnu kernel ...) NOT-FOR-US: Apple CVE-2007-6360 (Unspecified vulnerability in the Sun eXtended System Control Facility ...) NOT-FOR-US: Sun CVE-2007-6361 (Gekko 0.8.2 and earlier stores sensitive information under the web ...) NOT-FOR-US: Gekko CVE-2007-6362 (SQL injection vulnerability in index.php in the RSGallery ...) NOT-FOR-US: RSGallery CVE-2007-6363 (IBM Tivoli Netcool Security Manager 1.3.0 before Interim Fix 1, when ...) NOT-FOR-US: IBM CVE-2007-6364 (Cross-site scripting (XSS) vulnerability in modificarPerfil.php in ...) NOT-FOR-US: JLMForo CVE-2007-6365 (Cross-site scripting (XSS) vulnerability in modules/ecal/display.php ...) NOT-FOR-US: Bcoos CVE-2007-6366 (Multiple SQL injection vulnerabilities in SineCMS 2.3.4 and earlier ...) NOT-FOR-US: SineCMS CVE-2007-6367 (Multiple cross-site scripting (XSS) vulnerabilities in the guestbook ...) NOT-FOR-US: SineCMS CVE-2007-6368 (Directory traversal vulnerability in index.php in ezContents 1.4.5 ...) NOT-FOR-US: ezContents CVE-2007-6369 (Multiple directory traversal vulnerabilities in resize.php in the ...) NOT-FOR-US: PictPress(Wordpress Plugin which we dont ship) CVE-2007-6370 REJECTED NOT-FOR-US: Cisco CVE-2007-6371 (Nokia N95 cell phone with RM-159 12.0.013 firmware allows remote ...) NOT-FOR-US: Nokia CVE-2007-6372 (Unspecified vulnerability in Juniper JUNOS 7.3 through 8.4 allows ...) NOT-FOR-US: Juniper CVE-2007-6373 (Multiple SQL injection vulnerabilities in GestDown 1.00 Beta allow ...) NOT-FOR-US: GestDown CVE-2007-6374 (Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 2.0.0 ...) NOT-FOR-US: Bitweaver CVE-2007-6375 (Multiple SQL injection vulnerabilities in Bitweaver 2.0.0 and earlier ...) NOT-FOR-US: Bitweaver CVE-2007-6376 (Directory traversal vulnerability in autohtml.php in Francisco Burzi ...) NOT-FOR-US: PHP-Nuke CVE-2007-6377 (Stack-based buffer overflow in the PassThru functionality in ext.dll ...) NOT-FOR-US: BadBlue CVE-2007-6378 (Directory traversal vulnerability in upload.dll in BadBlue 2.72b and ...) NOT-FOR-US: BadBlue CVE-2007-6379 (BadBlue 2.72b and earlier allows remote attackers to obtain sensitive ...) NOT-FOR-US: BadBlue CVE-2007-6380 (Multiple SQL injection vulnerabilities in e-Xoops (exoops) 1.08, and ...) NOT-FOR-US: e Xoops CVE-2007-6381 (SQL injection vulnerability in the indexed_search system extension in ...) NOT-FOR-US: Typo3 CVE-2007-6382 (The Event Dispatch Thread in Robocode before 1.5.1 allows remote ...) NOT-FOR-US: Robocode CVE-2007-6383 (The DAV component in Chandler Server (Cosmo) before 0.10.1 does not ...) NOT-FOR-US: Cosmo CVE-2007-6384 (Unspecified vulnerability in the Image Converter functionality in BEA ...) NOT-FOR-US: BEA Weblogic Mobility Server CVE-2007-6385 (The proxy server in Kerio WinRoute Firewall before 6.4.1 does not ...) NOT-FOR-US: Kerio WinRoute Firewall... CVE-2007-6386 (Stack-based buffer overflow in PccScan.dll before build 1451 in Trend ...) NOT-FOR-US: Windows.. CVE-2007-6387 (Multiple stack-based buffer overflows in the awApi4.AnswerWorks.1 ...) NOT-FOR-US: Windows.. CVE-2007-6388 (Cross-site scripting (XSS) vulnerability in mod_status in the Apache ...) BUG: 204408 CVE-2007-6389 (The notify feature in GNOME screensaver (gnome-screensaver) 2.20.0 ...) BUG: 202649 CVE-2007-6390 (Cross-site request forgery (CSRF) vulnerability in the mycalendar ...) NOT-FOR-US: Serendipity CVE-2007-6391 (SQL injection vulnerability in patch/comments.php in SH-News 3.0 ...) NOT-FOR-US: SH News CVE-2007-6392 (SQL injection vulnerability in DWdirectory 2.1 and earlier allows ...) NOT-FOR-US: Dominion Web DWdirectory CVE-2007-6393 (SQL injection vulnerability in albums.php in Ace Image Hosting Script ...) NOT-FOR-US: ACE Image Hosting Script CVE-2007-6394 (SQL injection vulnerability in index.php in Content Injector 1.53 ...) NOT-FOR-US: p3mbo Content Injector CVE-2007-6395 (Flat PHP Board 1.2 and earlier stores sensitive information under the ...) NOT-FOR-US: Flat PHP Board CVE-2007-6396 (Direct static code injection vulnerability in index.php in Flat PHP ...) NOT-FOR-US: MyUPB Flat PHP Board CVE-2007-6397 (Multiple directory traversal vulnerabilities in index.php in Flat PHP ...) NOT-FOR-US: Flat PHP Board CVE-2007-6398 (Flat PHP Board 1.2 and earlier allows remote attackers to bypass ...) NOT-FOR-US: Flat PHP Board CVE-2007-6399 (index.php in Flat PHP Board 1.2 and earlier allows remote ...) NOT-FOR-US: we dont ship Flat PHP Board in portage main tree CVE-2007-6400 (Directory traversal vulnerability in download_file.php in PolDoc CMS ...) NOT-FOR-US: PolDoc Document Management System CVE-2007-6401 (Stack-based buffer overflow in mplayer2.exe in Microsoft Windows Media ...) NOT-FOR-US: Microsoft Windows Media Player CVE-2007-6402 (Stack-based buffer overflow in mplayerc.exe in Media Player Classic ...) NOT-FOR-US: guliverkli Media Player Classic CVE-2007-6403 (Stack-based buffer overflow in Nullsoft Winamp 5.32 allows ...) NOT-FOR-US: Nullsoft Winamp CVE-2007-6404 (Directory traversal vulnerability in Sergey Lyubka Simple HTTPD ...) NOT-FOR-US: On Windows CVE-2007-6405 (Sergey Lyubka Simple HTTPD (shttpd) 1.38 and earlier on Windows allows ...) NOT-FOR-US: On Windows CVE-2007-6406 (Multiple cross-site scripting (XSS) vulnerabilities in CA (formerly ...) NOT-FOR-US: CA eTrust Threat Management Console CVE-2007-6407 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Tivoli ...) NOT-FOR-US: IBM Tivoli Provisioning Manager Express CVE-2007-6408 (IBM Tivoli Provisioning Manager Express provides unspecified ...) NOT-FOR-US: IBM Tivoli Provisioning Manager Express CVE-2007-6409 (The gg protocol handler in Gadu-Gadu, when this product is installed ...) NOT-FOR-US: Gadu Gadu Instant Messenger CVE-2007-6410 (Gadu-Gadu does not properly perform protocol handling, which allows ...) NOT-FOR-US: Gadu Gadu Instant Messenger CVE-2007-6411 (Multiple buffer overflows in the HandleEmotsConfig function in the GG ...) NOT-FOR-US: Gadu Gadu Instant Messenger CVE-2007-6412 (Direct static code injection vulnerability in wiki/index.php in ...) NOT-FOR-US: Bitweaver CVE-2007-6413 (Sun Solaris 10 with the 120011-04 and 120012-04 patches, and later ...) NOT-FOR-US: Sun Solaris CVE-2007-6414 (admin/administrator.php in Adult Script 1.6 and earlier sends a ...) NOT-FOR-US: AdultScript CVE-2007-6415 (scponly 4.6 and earlier allows remote authenticated users to bypass ...) BUG: 203099 CVE-2007-6416 (The copy_to_user function in the PAL emulation functionality for Xen ...) BUG: 202653 CVE-2007-6417 (The shmem_getpage function (mm/shmem.c) in Linux kernel 2.6.11 through ...) BUG: 202755 CVE-2007-6418 (The libdspam7-drv-mysql cron job in Debian GNU/Linux includes the ...) NOT-FOR-US: The dspam.cron script which is shipped by the gentoo package does not contain the password, instead it reads it out of the dspam.conf file CVE-2007-6419 (Unspecified vulnerability in rpc.yppasswdd in HP HP-UX B.11.11, ...) NOT-FOR-US: HP UX CVE-2007-6420 (Cross-site request forgery (CSRF) vulnerability in the ...) BUG: 227111 CVE-2007-6421 (Cross-site scripting (XSS) vulnerability in balancer-manager in ...) BUG: 204409 CVE-2007-6422 (The balancer_handler function in mod_proxy_balancer in the Apache HTTP ...) BUG: 204410 CVE-2007-6423 (** DISPUTED ** ...) NOTE: Apache Team could not reproduce and Windows only. CVE-2007-6424 (registry.pl in Fonality Trixbox 2.0 PBX products, when running in ...) NOT-FOR-US: as this Product is Windows Software, it wont affect us CVE-2007-6425 (Unspecified vulnerability in HP-UX B.11.31, when running ARPA ...) NOT-FOR-US: HP UX CVE-2007-6426 (Multiple heap-based buffer overflows in EMC RepliStor 6.2 SP2, and ...) NOT-FOR-US: EMC Replistor CVE-2007-6427 (The XInput extension in X.Org Xserver before 1.4.1 allows ...) BUG: 206633 CVE-2007-6428 (The ProcGetReservedColormapEntries function in the TOG-CUP extension ...) BUG: 206633 CVE-2007-6429 (Multiple integer overflows in X.Org Xserver before 1.4.1 allow ...) BUG: 206633 CVE-2007-6430 (Asterisk Open Source 1.2.x before 1.2.26 and 1.4.x before 1.4.16, and ...) BUG: 202733 CVE-2007-6431 (Unspecified vulnerability in Adobe Flash Media Server 2 before 2.0.5, ...) NOT-FOR-US: Adobe Flash Media Server CVE-2007-6432 (Stack-based buffer overflow in AldFs32.dll in Adobe PageMaker 7.0.1 ...) NOT-FOR-US: Adobe PageMaker CVE-2007-6433 (The getRenderedEjbql method in the org.jboss.seam.framework.Query ...) NOT-FOR-US: org jboss seam framework Query CVE-2007-6434 (Linux kernel 2.6.23 allows local users to create low pages in virtual ...) BUG: 202778 CVE-2007-6435 (Stack-based buffer overflow in Novell GroupWise before 6.5.7, when ...) NOT-FOR-US: We dont ship GroupWise CVE-2007-6436 (Stack-based buffer overflow in JSGCI.DLL in JustSystems Ichitaro 2005, ...) NOT-FOR-US: JustSystems CVE-2007-6437 (Balabit syslog-ng 2.0.x before 2.0.6 and 2.1.x before 2.1.8 allows ...) BUG: 202718 CVE-2007-6438 (Unspecified vulnerability in the SMB dissector in Wireshark (formerly ...) BUG: 199958 CVE-2007-6439 (Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause ...) BUG: 199958 CVE-2007-6440 REJECTED CVE-2007-6441 (The WiMAX dissector in Wireshark (formerly Ethereal) 0.99.6 allows ...) BUG: 199958 CVE-2007-6442 REJECTED CVE-2007-6443 REJECTED CVE-2007-6444 REJECTED CVE-2007-6445 REJECTED CVE-2007-6446 REJECTED CVE-2007-6447 REJECTED CVE-2007-6448 REJECTED CVE-2007-6449 REJECTED CVE-2007-6450 (The RPL dissector in Wireshark (formerly Ethereal) 0.9.8 to 0.99.6 ...) BUG: 199958 CVE-2007-6451 (Unspecified vulnerability in the CIP dissector in Wireshark (formerly ...) BUG: 199958 CVE-2007-6452 (Unspecified vulnerability in the benchmark reporting system in Google ...) NOT-FOR-US: Google Web Toolkit CVE-2007-6453 (Directory traversal vulnerability in raidenhttpd-admin/workspace.php ...) NOT-FOR-US: Raiden Professional Servers RaidenHTTPD CVE-2007-6454 (Heap-based buffer overflow in the handshakeHTTP function in servhs.cpp ...) BUG: 202747 BUG: 203083 CVE-2007-6455 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) BUG: 203084 CVE-2007-6456 (Unspecified vulnerability in OpenOffice.org code in Planamesa ...) NOT-FOR-US: Planamesa NeoOffice CVE-2007-6457 (Stack-based buffer overflow in the webmail feature in SurgeMail 38k4 ...) NOT-FOR-US: NetWin SurgeMail CVE-2007-6458 (SQL injection vulnerability in shop/mainfile.php in 123tkShop 0.9.1 ...) NOT-FOR-US: my123tkShop e Commerce Suite CVE-2007-6459 (Anon Proxy Server 0.100, and probably 0.101, allows remote attackers ...) NOT-FOR-US: Anon Proxy Server CVE-2007-6460 (Multiple cross-site scripting (XSS) vulnerabilities in Anon Proxy ...) NOT-FOR-US: Anon Proxy Server CVE-2007-6461 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) NOT-FOR-US: Flyspray CVE-2007-6462 (SQL injection vulnerability in fullnews.php in PHP Real Estate ...) NOT-FOR-US: PHP Real Estate Classifieds Premium Plus CVE-2007-6463 (Multiple cross-site scripting (XSS) vulnerabilities in the admin panel ...) NOT-FOR-US: PHP Real Estate Script Classifieds CVE-2007-6464 (Multiple PHP remote file inclusion vulnerabilities in Form tools ...) NOT-FOR-US: Form Tools CVE-2007-6465 (Multiple cross-site scripting (XSS) vulnerabilities in ganglia-web in ...) BUG: 203085 CVE-2007-6466 (Multiple SQL injection vulnerabilities in index.php in FreeWebshop ...) NOT-FOR-US: FreeWebShop CVE-2007-6467 (SQL injection vulnerability in index.php in MKPortal 1.1 RC1 allows ...) NOT-FOR-US: MKPortal CVE-2007-6468 (Buffer overflow in the HuffDecode function in ...) NOTE: Not yet in the tree, notification in bug 105780 CVE-2007-6469 (SQL injection vulnerability in index.php in phpRPG 0.8, when ...) NOT-FOR-US: phpRPG CVE-2007-6470 (phpRPG 0.8 stores sensitive information under the web root with ...) NOT-FOR-US: phpRPG CVE-2007-6471 (Incomplete blacklist vulnerability in main.php in phPay 2.02.01 on ...) NOT-FOR-US: phPay CVE-2007-6472 (Multiple SQL injection vulnerabilities in phpMyRealty (PMR) 1.0.9 ...) NOT-FOR-US: phpMyRealty CVE-2007-6473 (Heap-based buffer overflow in Texas Imperial Software WFTPD Pro ...) NOT-FOR-US: Texas Imperial Software WFTPD Pro Explorer CVE-2007-6474 (Multiple cross-site scripting (XSS) vulnerabilities in GF-3XPLORER 2.4 ...) NOT-FOR-US: GF_3Xplorer CVE-2007-6475 (Multiple directory traversal vulnerabilities in GF-3XPLORER 2.4 allow ...) NOT-FOR-US: GF_3Xplorer CVE-2007-6476 (GF-3XPLORER 2.4 allows remote attackers to obtain configuration ...) NOT-FOR-US: GF_3Xplorer CVE-2007-6477 (Cross-site scripting (XSS) vulnerability in the on-line help feature ...) NOT-FOR-US: Citrix Web Interface CVE-2007-6478 (Stack-based buffer overflow in Rosoft Media Player 4.1.7, 4.1.8, and ...) NOT-FOR-US: Rosoft Engineering Rosoft Media Player CVE-2007-6479 (Unrestricted file upload vulnerability in the "My productions" ...) NOT-FOR-US: Dokeos CVE-2007-6480 (The Oracle database component in Sun Management Center (Sun MC) 3.6.1, ...) NOT-FOR-US: Sun Management Center CVE-2007-6481 (Unspecified vulnerability in the Device Manager daemon (utdevmgrd) in ...) NOT-FOR-US: Sun Ray Server Software CVE-2007-6482 (Unspecified vulnerability in the Device Manager daemon (utdevmgrd) in ...) NOT-FOR-US: Sun Ray Server Software CVE-2007-6483 (Directory traversal vulnerability in SafeNet Sentinel Protection ...) NOT-FOR-US: SafeNet Sentinel Keys Server CVE-2007-6484 (SQL injection vulnerability in index.php in phpRPG 0.8 allows remote ...) NOT-FOR-US: phpRPG CVE-2007-6485 (Multiple PHP remote file inclusion vulnerabilities in Centreon 1.4.1 ...) NOT-FOR-US: Centreon CVE-2007-6486 (Multiple cross-site scripting (XSS) vulnerabilities in shout.php (aka ...) NOT-FOR-US: Geek Palace com LineShout CVE-2007-6487 (Unspecified vulnerability in Plain Black WebGUI 7.4.0 through 7.4.17 ...) NOT-FOR-US: Plain Black WebGUI CVE-2007-6488 (Multiple PHP remote file inclusion vulnerabilities in Falcon Series ...) NOT-FOR-US: Falcon Series One CMS CVE-2007-6489 (Multiple cross-site scripting (XSS) vulnerabilities in Falcon Series ...) NOT-FOR-US: Falcon Series One CMS CVE-2007-6490 (Cross-site request forgery (CSRF) vulnerability in Falcon Series One ...) NOT-FOR-US: Falcon Series One CMS CVE-2007-6491 (Multiple SQL injection vulnerabilities in Kvaliitti WebDoc 3.0 CMS ...) NOT-FOR-US: Kvaliitti WebDoc CMS CVE-2007-6492 (The IMWeb.IMWebControl.1 ActiveX control in IMWeb.dll 7.0.0.x, and ...) NOT-FOR-US: iMesh com iMesh CVE-2007-6493 (The IMWeb.IMWebControl.1 ActiveX control in IMWeb.dll 7.0.0.x, and ...) NOT-FOR-US: iMesh com iMesh CVE-2007-6494 (Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote attackers ...) NOT-FOR-US: Hosting Controller CVE-2007-6495 (inc_newuser.asp in Hosting Controller 6.1 Hot fix 3.3 and earlier ...) NOT-FOR-US: Hosting Controller CVE-2007-6496 (Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote attackers ...) NOT-FOR-US: Hosting Controller CVE-2007-6497 (Hosting Controller 6.1 Hot fix 3.3 and earlier (1) allows remote ...) NOT-FOR-US: Hosting Controller CVE-2007-6498 (Multiple SQL injection vulnerabilities in Hosting Controller 6.1 Hot ...) NOT-FOR-US: Hosting Controller CVE-2007-6499 (Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and ...) NOT-FOR-US: Hosting Controller CVE-2007-6500 (Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and ...) NOT-FOR-US: Hosting Controller CVE-2007-6501 (Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and ...) NOT-FOR-US: Hosting Controller CVE-2007-6502 (Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote ...) NOT-FOR-US: Hosting Controller CVE-2007-6503 (Multiple unspecified vulnerabilities in Hosting Controller 6.1 Hot fix ...) NOT-FOR-US: Hosting Controller CVE-2007-6504 (Unspecified vulnerability in IIS/iibind.asp in Hosting Controller 6.1 ...) NOT-FOR-US: Hosting Controller CVE-2007-6505 (Solaris 9, with Solaris Auditing enabled and certain patches for sshd ...) NOT-FOR-US: Sun Solaris CVE-2007-6506 (The HPRulesEngine.ContentCollection.1 ActiveX Control in ...) NOT-FOR-US: HP Software Update CVE-2007-6507 (SpntSvc.exe daemon in Trend Micro ServerProtect 5.58 for Windows, ...) NOT-FOR-US: Trend Micro ServerProtect CVE-2007-6508 (Directory traversal vulnerability in view.php in xeCMS 1.0 allows ...) NOT-FOR-US: xeCMS CVE-2007-6509 (Unspecified vulnerability in Appian Enterprise Business Process ...) NOT-FOR-US: Appian CVE-2007-6510 (Multiple stack-based buffer overflows in ProWizard 4 PC (prowiz) 1.62 ...) NOT-FOR-US: ProWizard CVE-2007-6511 (Websense Enterprise 6.3.1 allows remote attackers to bypass content ...) NOT-FOR-US: Websense CVE-2007-6512 (PHP MySQL Banner Exchange 2.2.1 stores sensitive information under the ...) NOT-FOR-US: MySQL Banner Exchange CVE-2007-6513 (HP eSupportDiagnostics ActiveX control (hpediag.dll) 1.0.11.0 exports ...) NOT-FOR-US: HP eSupportDiagnostics CVE-2007-6514 (Apache HTTP Server, when running on Linux with a document root on a ...) BUG: 203088 CVE-2007-6515 (support/dispatch.cgi in SiteScape Forum allows remote attackers to ...) NOT-FOR-US: SiteScape CVE-2007-6516 (Buffer overflow in RavWare Software MAS Flic ActiveX Control ...) NOT-FOR-US: RavWare CVE-2007-6517 (SQL injection vulnerability in the forget password section ...) NOT-FOR-US: AERIES CVE-2007-6518 (Multiple SQL injection vulnerabilities in search.php in WoltLab ...) NOT-FOR-US: WoltLab Burning Board Lite CVE-2007-6519 (Unspecified vulnerability in the File-on-File Mounting File System ...) NOT-FOR-US: HP Tru64 UNIX CVE-2007-6520 (Opera before 9.25 allows remote attackers to conduct cross-domain ...) BUG: 202770 CVE-2007-6521 (Unspecified vulnerability in Opera before 9.25 allows remote attackers ...) BUG: 202770 CVE-2007-6522 (The rich text editing functionality in Opera before 9.25 allows remote ...) BUG: 202770 CVE-2007-6523 (Algorithmic complexity vulnerability in Opera 9.50 beta and 9.x before ...) BUG: 202770 CVE-2007-6524 (Opera before 9.25 allows remote attackers to obtain potentially ...) BUG: 202770 CVE-2007-6525 (Unspecified vulnerability in eClient in IBM DB2 Content Manager (CM) ...) NOT-FOR-US: we dont ship DB2 Content Manager Toolkit CVE-2007-6526 (Cross-site scripting (XSS) vulnerability in tiki-special_chars.php in ...) BUG: 203265 CVE-2007-6527 (uploadimg.php in the Automatic Image Upload with Thumbnails ...) NOT-FOR-US: Rickard Andersson PunBB CVE-2007-6528 (Directory traversal vulnerability in tiki-listmovies.php in TikiWiki ...) BUG: 203265 CVE-2007-6529 (Multiple unspecified vulnerabilities in TikiWiki before 1.9.9 have ...) BUG: 203265 CVE-2007-6530 (Buffer overflow in the XUpload.ocx ActiveX control in Persits Software ...) NOT-FOR-US: Persits Software XUpload CVE-2007-6531 (Stack-based buffer overflow in the Panel (xfce4-panel) component in ...) BUG: 201293 CVE-2007-6532 (Double free vulnerability in the Widget Library (libxfcegui4) in Xfce ...) BUG: 201292 CVE-2007-6533 (Buffer overflow in Zoom Player 6.00 beta 2 and earlier allows ...) NOT-FOR-US: Inmatrix Zoom Player CVE-2007-6534 (Multiple unspecified vulnerabilities in Microsoft Office Publisher ...) NOT-FOR-US: Microsoft Publisher CVE-2007-6535 (Buffer overflow in the YShortcut ActiveX control in YShortcut.dll ...) NOT-FOR-US: Yahoo Toolbar CVE-2007-6536 (The Custom Button Installer dialog in Google Toolbar 4 and 5 beta ...) NOT-FOR-US: Google Toolbar CVE-2007-6537 (Stack-based buffer overflow in the zfile_gunzip function in zfile.c in ...) NOT-FOR-US: WinUAE CVE-2007-6538 (SQL injection vulnerability in ing/blocks/mrbs/code/web/view_entry.php ...) NOT-FOR-US: Meeting Room Booking Software MRBS CVE-2007-6539 (PHP local file inclusion vulnerability in index.php in IDevspot ...) NOT-FOR-US: iDevspot iSupport CVE-2007-6540 (SQL injection vulnerability in neuron news 1.0 allows remote attackers ...) NOT-FOR-US: Neuron News CVE-2007-6541 (Multiple cross-site scripting (XSS) vulnerabilities in neuron news 1.0 ...) NOT-FOR-US: Neuron News CVE-2007-6542 (PHP remote file inclusion vulnerability in admin/frontpage_right.php ...) NOT-FOR-US: Agares Media Arcadem CVE-2007-6543 (SQL injection vulnerability in suggest-link.php in eSyndiCat Link ...) NOT-FOR-US: eSyndicat Link Exchange CVE-2007-6544 (Multiple SQL injection vulnerabilities in RunCMS before 1.6.1 allow ...) NOT-FOR-US: RunCMS CVE-2007-6545 (Multiple cross-site scripting (XSS) vulnerabilities in RunCMS before ...) NOT-FOR-US: RunCMS CVE-2007-6546 (RunCMS before 1.6.1 uses a predictable session id, which makes it ...) NOT-FOR-US: RunCMS CVE-2007-6547 (RunCMS before 1.6.1 does not require entry of the old password during ...) NOT-FOR-US: RunCMS CVE-2007-6548 (Multiple direct static code injection vulnerabilities in RunCMS before ...) NOT-FOR-US: RunCMS CVE-2007-6549 (Unspecified vulnerability in RunCMS before 1.6.1 has unknown impact ...) NOT-FOR-US: RunCMS CVE-2007-6550 (form.php in PMOS Help Desk 2.4 and earlier sends a redirect to the web ...) NOT-FOR-US: PMOS Helpdesk CVE-2007-6551 (SQL injection vulnerability in showMsg.php in MailMachine Pro 2.2.4, ...) NOT-FOR-US: Mail Machine MailMachine_PRO CVE-2007-6552 (Directory traversal vulnerability in index.php in AuraCMS 2.2 allows ...) NOT-FOR-US: AuraCMS CVE-2007-6553 (Multiple PHP remote file inclusion vulnerabilities in TeamCal Pro ...) NOT-FOR-US: George Lewe TeamCal Pro CVE-2007-6554 (Multiple directory traversal vulnerabilities in TeamCal Pro 3.1.000 ...) NOT-FOR-US: George Lewe TeamCal Pro CVE-2007-6555 (PHP remote file inclusion vulnerability in modules/mod_pxt_latest.php ...) NOT-FOR-US: Phil Taylor mosDirectory CVE-2007-6556 (Multiple SQL injection vulnerabilities in websihirbazi 5.1.1 allow ...) NOT-FOR-US: websihirbazi CVE-2007-6557 (Multiple SQL injection vulnerabilities in MeGaCheatZ 1.1 allow remote ...) NOT-FOR-US: MeGaCheatZ CVE-2007-6558 (TotalPlayer 3.0 allows user-assisted remote attackers to cause a ...) NOT-FOR-US: TotalPlayer CVE-2007-6559 (Multiple SQL injection vulnerabilities in Logaholic before 2.0 RC8 ...) NOT-FOR-US: Logaholic CVE-2007-6560 (Multiple cross-site scripting (XSS) vulnerabilities in Logaholic ...) NOT-FOR-US: Logaholic CVE-2007-6561 (Multiple stack-based buffer overflows in PDFLib allow user-assisted ...) BUG: 203287 CVE-2007-6562 (Multiple stack-based buffer overflows in the use of FD_SET in TCPreen ...) BUG: 203328 CVE-2007-6563 (Heap-based buffer overflow in WinAce 2.65 and earlier, and possibly ...) BUG: 81958 CVE-2007-6564 (Cross-site scripting (XSS) vulnerability in admin.php in Limbo CMS ...) NOT-FOR-US: Limbo CMS CVE-2007-6565 (Multiple SQL injection vulnerabilities in Blakord Portal 1.3.A Beta ...) NOT-FOR-US: Blakord Portal CVE-2007-6566 (SQL injection vulnerability in post.php in XZero Community Classifieds ...) NOT-FOR-US: XZero Scripts XZero Community Classifieds CVE-2007-6567 (Directory traversal vulnerability in index.php in XZero Community ...) NOT-FOR-US: XZero Scripts XZero Community Classifieds CVE-2007-6568 (PHP remote file inclusion vulnerability in config.inc.php in XZero ...) NOT-FOR-US: XZero Scripts XZero Community Classifieds CVE-2007-6569 (Cross-site scripting (XSS) vulnerability in the View Error Log ...) NOT-FOR-US: Sun Java System Web Server CVE-2007-6570 (Cross-site scripting (XSS) vulnerability in the View URL Database ...) NOT-FOR-US: Sun Java System Web Server CVE-2007-6571 (Cross-site scripting (XSS) vulnerability in Sun Java System Web Proxy ...) NOT-FOR-US: Sun Java System Web Server CVE-2007-6572 (Cross-site scripting (XSS) vulnerability in Sun Java System Web Server ...) NOT-FOR-US: Sun Java System Web Server CVE-2007-6573 (QK SMTP Server 3 allows remote attackers to cause a denial of service ...) NOT-FOR-US: QKSoft QK SMTP Server 3 CVE-2007-6574 (Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.4 ...) NOT-FOR-US: Dokeos Open Source Learning and Knowledge Management CVE-2007-6575 (SQL injection vulnerability in default.php in MMSLamp allows remote ...) NOT-FOR-US: Brand039 mmsLamp CVE-2007-6576 (Multiple SQL injection vulnerabilities in Adult Script 1.6.5 and ...) NOT-FOR-US: AdultScript CVE-2007-6577 (Multiple SQL injection vulnerabilities in index.php in zBlog 1.2 allow ...) NOT-FOR-US: zSuite zBlog CVE-2007-6578 (SQL injection vulnerability in go.php in PHP ZLink 0.3 allows remote ...) NOT-FOR-US: Zeak net PHP_ZLink CVE-2007-6579 (Multiple SQL injection vulnerabilities in Ip Reg 0.3 allow remote ...) NOT-FOR-US: IP_Reg CVE-2007-6580 (Multiple SQL injection vulnerabilities in Wallpaper Site 1.0.09 allow ...) NOT-FOR-US: Wallpaper Complete Website CVE-2007-6581 (Multiple directory traversal vulnerabilities in Social Engine 2.0 ...) NOT-FOR-US: Social Engine CVE-2007-6582 (Directory traversal vulnerability in index.php in mBlog 1.2 allows ...) NOT-FOR-US: C97net mBlog CVE-2007-6583 (SQL injection vulnerability in admin/ops/findip/ajax/search.php in ...) NOT-FOR-US: 1024 CMS CVE-2007-6584 (Multiple directory traversal vulnerabilities in 1024 CMS 1.3.1 allow ...) NOT-FOR-US: 1024 CMS CVE-2007-6585 (PHP remote file inclusion vulnerability in confirmUnsubscription.php ...) NOT-FOR-US: NmnNewsletter CVE-2007-6586 (SQL injection vulnerability in sezione_news.php in nicLOR-CMS allows ...) NOT-FOR-US: nicLor CVE-2007-6587 (SQL injection vulnerability in plog-rss.php in Plogger 1.0 Beta 3.0 ...) NOT-FOR-US: Plogger CVE-2007-6588 (Cross-site scripting (XSS) vulnerability in PHCDownload 1.10 allows ...) NOT-FOR-US: PHPCredo PHCDownload CVE-2007-6589 (The jar protocol handler in Mozilla Firefox before 2.0.0.10 and ...) NOT-FOR-US: we ship 2.0.0.11 so we are not affected CVE-2007-6590 REJECTED CVE-2007-6591 (KDE Konqueror 3.5.5 and 3.95.00, when a user accepts an SSL server ...) BUG: 204339 CVE-2007-6592 (Apple Safari 2, when a user accepts an SSL server certificate on the ...) NOT-FOR-US: Apple Safari CVE-2007-6593 (Multiple stack-based buffer overflows in l123sr.dll in Autonomy ...) NOT-FOR-US: IBM Lotus Notes CVE-2007-6594 (IBM Lotus Notes 8 for Linux before 8.0.1 uses (1) unspecified weak ...) NOT-FOR-US: IBM Lotus Notes CVE-2007-6595 (ClamAV 0.92 allows local users to overwrite arbitrary files via a ...) BUG: 204340 CVE-2007-6596 (ClamAV 0.92 does not recognize Base64 UUEncoded archives, which allows ...) NOTE: This is not a security issue, but a missing scanner feature. CVE-2007-6597 (Multiple cross-site scripting (XSS) vulnerabilities in IPortalX before ...) NOT-FOR-US: iPortalX CVE-2007-6598 (Dovecot before 1.0.10, with certain configuration options including ...) BUG: 203731 CVE-2007-6599 (Race condition in fileserver in OpenAFS 1.3.50 through 1.4.5 and 1.5.0 ...) BUG: 203573 CVE-2007-6600 (PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 ...) BUG: 204760 CVE-2007-6601 (The DBLink module in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, ...) BUG: 204760 CVE-2007-6602 (SQL injection vulnerability in app/models/identity.php in NoseRub ...) NOT-FOR-US: NoseRub CVE-2007-6603 (Hot or Not Clone has insufficient access control for producing and ...) NOT-FOR-US: Hotscripts Hot_or_Not_Clone CVE-2007-6604 (Multiple directory traversal vulnerabilities in index.php in XCMS 1.82 ...) NOT-FOR-US: xcms CVE-2007-6605 (Buffer overflow in a certain ActiveX control in SkyFexClient.ocx ...) NOT-FOR-US: SkyFex_Client CVE-2007-6606 (OpenBiblio 0.5.2-pre4 and earlier allows remote attackers to obtain ...) NOT-FOR-US: OpenBiblio CVE-2007-6607 (OpenBiblio 0.5.2-pre4 and earlier allows remote attackers to obtain ...) NOT-FOR-US: OpenBiblio CVE-2007-6608 (Multiple cross-site scripting (XSS) vulnerabilities in OpenBiblio ...) NOT-FOR-US: OpenBiblio CVE-2007-6609 (Multiple stack-based buffer overflows in the CPLI_ReadTag_OGG function ...) NOT-FOR-US: CoolPlayer CVE-2007-6610 (unp 1.0.12, and other versions before 1.0.14, does not properly escape ...) BUG: 203106 CVE-2007-6611 (Cross-site scripting (XSS) vulnerability in view.php in Mantis before ...) BUG: 203791 BUG: 204331 CVE-2007-6612 (Directory traversal vulnerability in DirHandler ...) BUG: 204321 CVE-2007-6613 (Stack-based buffer overflow in the print_iso9660_recurse function in ...) BUG: 203777 BUG: 204333 CVE-2007-6614 (PHP remote file inclusion vulnerability in admin/frontpage_right.php ...) NOT-FOR-US: Agares Media phpAutoVideo CVE-2007-6615 (Directory traversal vulnerability in includes/block.php in Agares ...) NOT-FOR-US: Agares Media phpAutoVideo CVE-2007-6616 (Cross-site scripting (XSS) vulnerability in simpleforum.cgi in ...) NOT-FOR-US: SimpleForum CVE-2007-6617 (Cross-site scripting (XSS) vulnerability in 500page.jsp in JIRA ...) NOT-FOR-US: Atlassian JIRA CVE-2007-6618 (JIRA Enterprise Edition before 3.12.1 allows remote attackers to ...) NOT-FOR-US: Atlassian JIRA CVE-2007-6619 (The Setup Wizard in Atlassian JIRA Enterprise Edition before 3.12.1 ...) NOT-FOR-US: Atlassian JIRA CVE-2007-6620 (Directory traversal vulnerability in include/images.inc.php in Joovili ...) NOT-FOR-US: Joovili CVE-2007-6621 (Directory traversal vulnerability in joovili.images.php in Joovili ...) NOT-FOR-US: Joovili CVE-2007-6622 (SQL injection vulnerability in security.php in ZeusCMS 0.3 and earlier ...) NOT-FOR-US: ZeusCMS CVE-2007-6623 (Absolute path traversal vulnerability in ZeusCMS 0.3 and earlier might ...) NOT-FOR-US: ZeusCMS CVE-2007-6624 (Directory traversal vulnerability in printview.php in PNphpBB2 1.2i ...) NOT-FOR-US: PNphpBB CVE-2007-6625 (The Platform Service Process (asampsp) in Fan-Out Driver Platform ...) NOT-FOR-US: Novell Identity Manager CVE-2007-6626 (Multiple buffer overflows in the RTSP_valid_response_msg function in ...) BUG: 203536 CVE-2007-6627 (Integer overflow in the RTSP_remove_msg function in RTSP_lowlevel.c in ...) BUG: 203536 CVE-2007-6628 (LScube Feng 0.1.15 and earlier allows remote attackers to cause a ...) BUG: 203536 CVE-2007-6629 (Interpretation conflict in LScube Feng 0.1.15 and earlier allows ...) BUG: 203536 CVE-2007-6630 (The Url_init function in utils/url.c in Netembryo 0.0.4, when used by ...) BUG: 203536 CVE-2007-6631 (Multiple buffer overflows in LScube libnemesi 0.6.4-rc1 and earlier ...) NOT-FOR-US: LScube libnemesi CVE-2007-6632 (showCode.php in xml2owl 0.1.1 allows remote attackers to execute ...) NOT-FOR-US: xml2owl CVE-2007-6633 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: NetBizCity FAQMasterFlexPlus CVE-2007-6634 (Multiple SQL injection vulnerabilities in FAQMasterFlexPlus, possibly ...) NOT-FOR-US: NetBizCity FAQMasterFlexPlus CVE-2007-6635 (FAQMasterFlexPlus, possibly 1.5 or 1.52, stores the admin password in ...) NOT-FOR-US: NetBizCity FAQMasterFlexPlus CVE-2007-6636 (Unspecified vulnerability in the StorageFarabDb module in Bitflu ...) NOT-FOR-US: Bitflu CVE-2007-6637 (Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash ...) BUG: 204344 CVE-2007-6638 (March Networks DVR 3204 stores sensitive information under the web ...) NOT-FOR-US: March Networks 3204 DVR CVE-2007-6639 (SQL injection vulnerability in index.php in IPTBB 0.5.4 and earlier ...) NOT-FOR-US: IPTBB Team IPTBB CVE-2007-6640 (Creammonkey 0.9 through 1.1 and GreaseKit 1.2 through 1.3 does not ...) NOT-FOR-US: SourceForge Creammonkey CVE-2007-6641 (Cross-site scripting (XSS) vulnerability in dir.php in milliscripts ...) NOT-FOR-US: MilliScripts CVE-2007-6642 (Multiple cross-site request forgery (CSRF) vulnerabilities in Joomla! ...) BUG: 204335 CVE-2007-6643 (Cross-site scripting (XSS) vulnerability in the com_poll component in ...) BUG: 204335 CVE-2007-6644 (Joomla! before 1.5 RC4 allows remote authenticated administrators to ...) BUG: 204335 CVE-2007-6645 (Unspecified vulnerability in Joomla! before 1.5 RC4 allows remote ...) BUG: 204335 CVE-2007-6646 (Multiple cross-site scripting (XSS) vulnerabilities in LiveCart 1.0.1, ...) NOT-FOR-US: Integry Systems LiveCart CVE-2007-6647 (SQL injection vulnerability in index.php in w-Agora 4.2.1 and earlier ...) NOT-FOR-US: w Agora CVE-2007-6648 (Directory traversal vulnerability in index.php in SanyBee Gallery ...) NOT-FOR-US: SanyBee CVE-2007-6649 (PHP remote file inclusion vulnerability in includes/tumbnail.php in ...) NOT-FOR-US: MatPo CVE-2007-6650 (Unrestricted file upload vulnerability in fisheye/upload.php in ...) NOT-FOR-US: Bitweaver CVE-2007-6651 (Directory traversal vulnerability in wiki/edit.php in Bitweaver R2 CMS ...) NOT-FOR-US: Bitweaver CVE-2007-6652 (cpie.php in XCMS 1.83 and earlier sends a redirect to the web browser ...) NOT-FOR-US: XCMS CVE-2007-6653 (Directory traversal vulnerability in download.php in Mihalism Multi ...) NOT-FOR-US: Mihalism CVE-2007-6654 (Buffer overflow in a certain ActiveX control in Macrovision ...) NOT-FOR-US: activeX stuff.. CVE-2007-6655 (PHP remote file inclusion vulnerability in includes/function.php in ...) NOT-FOR-US: Kontakt Formular CVE-2007-6656 (SQL injection vulnerability in content_css.php in the TinyMCE module ...) NOT-FOR-US: TinyMCE CVE-2007-6657 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Mihalism CVE-2007-6658 (SQL injection vulnerability in admin.php/vars.php in CustomCMS (CCMS) ...) NOT-FOR-US: CCMS CVE-2007-6659 (Multiple cross-site scripting (XSS) vulnerabilities in 2z project ...) NOT-FOR-US: 2z CVE-2007-6660 (2z project 0.9.6.1 allows remote attackers to obtain sensitive ...) NOT-FOR-US: various CVE-2007-6661 (2z project 0.9.6.1 allows attackers to change the password without ...) NOT-FOR-US: 2z project CVE-2007-6662 (Directory traversal vulnerability in file.php in CuteNews 2.6 allows ...) NOT-FOR-US: CuteNews CVE-2007-6663 (SQL injection vulnerability in (1) Puarcade.php and (2) ...) NOT-FOR-US: Pragmatic Utopia PU Arcade CVE-2007-6664 (SQL injection vulnerability in index.php in WebPortal CMS 0.6.0 and ...) NOT-FOR-US: WebPortal CVE-2007-6665 (SQL injection vulnerability in admin/login.asp in Netchemia oneSCHOOL ...) NOT-FOR-US: Netchemia CVE-2007-6666 (SQL injection vulnerability in rss.php in Zenphoto 1.1 through 1.1.3 ...) NOT-FOR-US: Zenphoto CVE-2007-6667 (SQL injection vulnerability in faq.php in MyPHP Forum 3.0 and earlier ...) NOT-FOR-US: MyPHP CVE-2007-6668 (admin/uploadgames.php in MySpace Content Zone (MCZ) 3.x does not ...) NOT-FOR-US: peergoal MySpace_Content_Zone CVE-2007-6669 (Cross-site scripting (XSS) vulnerability in search.php in PHCDownload ...) NOT-FOR-US: PHPCredo PHCDownload CVE-2007-6670 (SQL injection vulnerability in search.php in PHCDownload 1.1.0 allows ...) NOT-FOR-US: PHPCredo PHCDownload CVE-2007-6671 (SQL injection vulnerability in login_form.asp in Instant Softwares ...) NOT-FOR-US: InstantSoftwares Dating_Site CVE-2007-6672 (Mortbay Jetty 6.1.5 and 6.1.6 allows remote attackers to bypass ...) BUG: 201437 CVE-2007-6673 (Cross-site scripting (XSS) vulnerability in Makale Scripti allows ...) NOT-FOR-US: Makale Scripti CVE-2007-6674 (Cross-site scripting (XSS) vulnerability in Default.asp in RapidShare ...) NOT-FOR-US: RapidShare Database CVE-2007-6675 (The b_system_comments_show function in ...) NOT-FOR-US: xoops is pmasked CVE-2007-6676 (The default configuration of Uber Uploader (UU) 5.3.6 and earlier does ...) NOT-FOR-US: Uber Uploader CVE-2007-6677 (Cross-site scripting (XSS) vulnerability in Peter's Random Anti-Spam ...) NOT-FOR-US: Peter s CVE-2007-6678 REJECTED NOT-FOR-US: yast2 core CVE-2007-6679 (Unspecified vulnerability in the Administrative Console in IBM ...) NOT-FOR-US: IBM WebSphere CVE-2007-6680 (Trusted Execution in IBM AIX 6.1 uses an incorrect pathname argument ...) NOT-FOR-US: IBM AIX CVE-2007-6681 (Stack-based buffer overflow in modules/demux/subtitle.c in VideoLAN ...) BUG: 205299 CVE-2007-6682 (Format string vulnerability in the httpd_FileCallBack function ...) BUG: 205299 CVE-2007-6683 (The browser plugin in VideoLAN VLC 0.8.6d allows remote attackers to ...) BUG: 205299 CVE-2007-6684 (The RTSP module in VideoLAN VLC 0.8.6d allows remote attackers to ...) BUG: 205299 CVE-2007-6685 (Unspecified vulnerability in the Publish XP module Menalto Gallery ...) BUG: 203217 CVE-2007-6686 (The URL rewrite module in Menalto Gallery before 2.2.4 allows ...) BUG: 203217 CVE-2007-6687 (Multiple cross-site scripting (XSS) vulnerabilities in Menalto Gallery ...) BUG: 203217 CVE-2007-6688 (Unspecified vulnerability in the Installation application in Menalto ...) BUG: 203217 CVE-2007-6689 (Menalto Gallery before 2.2.4 does not properly check for malicious ...) BUG: 203217 CVE-2007-6690 (The Gallery Remote module in Menalto Gallery before 2.2.4 does not ...) BUG: 203217 CVE-2007-6691 (Multiple unspecified vulnerabilities in Menalto Gallery before 2.2.4 ...) BUG: 203217 CVE-2007-6692 (Open redirect vulnerability in Menalto Gallery before 2.2.4 allows ...) BUG: 203217 CVE-2007-6693 (Unspecified vulnerability in the WebCam module in Menalto Gallery ...) BUG: 203217 CVE-2007-6694 (The chrp_show_cpuinfo function (chrp/setup.c) in Linux kernel 2.4.21 ...) BUG: 212136 CVE-2007-6695 (Cross-site scripting (XSS) vulnerability in index.php in Drake CMS ...) NOT-FOR-US: Drake Team Drake CMS CVE-2007-6696 (Multiple cross-site scripting (XSS) vulnerabilities in WebCalendar ...) NOT-FOR-US: WebCalendar CVE-2007-6697 (Buffer overflow in the LWZReadByte function in IMG_gif.c in SDL_image ...) BUG: 207933 CVE-2007-6698 (The BDB backend for slapd in OpenLDAP before 2.3.36 allows remote ...) NOT-FOR-US: we ship 2.3.39 which is not affected CVE-2007-6699 (Multiple buffer overflows in the AIM PicEditor 9.5.1.8 ActiveX control ...) NOT-FOR-US: AOL CVE-2007-6700 (Cross-site scripting (XSS) vulnerability in cgi-bin/bgplg in the web ...) NOT-FOR-US: openbsd CVE-2007-6701 (Multiple stack-based buffer overflows in the Spooler service ...) NOT-FOR-US: Novell Client CVE-2007-6702 (goform/QuickStart_c0 on the GoAhead Web Server on the FS4104-AW (aka ...) NOT-FOR-US: GoAhead Software FS4104 AW Device CVE-2007-6703 (Unspecified vulnerability in vdccm before 0.10.1 in SynCE (SynCE-dccm) ...) BUG: 213770 CVE-2007-6704 (Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass ...) NOT-FOR-US: F5 Firepass 4100 CVE-2007-6705 (The WebSphere MQ XA 5.3 before FP13 and 6.0.x before 6.0.2.1 client ...) NOT-FOR-US: WebSphere MQ XA CVE-2007-6706 (Unspecified vulnerability in nlnotes.dll in the client in IBM Lotus ...) NOT-FOR-US: IBM Lotus Notes CVE-2007-6707 (Multiple cross-site scripting (XSS) vulnerabilities on the Cisco ...) NOT-FOR-US: Linksys WAG54GS CVE-2007-6708 (Multiple cross-site request forgery (CSRF) vulnerabilities on the ...) NOT-FOR-US: Linksys WAG54GS CVE-2007-6709 (The Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and ...) NOT-FOR-US: Linksys WAG54GS CVE-2007-6710 RESERVED CVE-2007-6711 (Unspecified vulnerability in customer.php in FreeWebshop.org 2.2.5, ...) NOT-FOR-US: FreeWebshop org CVE-2007-6712 (Integer overflow in the hrtimer_forward function (hrtimer.c) in Linux ...) BUG: 217749 CVE-2007-6713 (Unspecified vulnerability in Flip4Mac WMV before 2.2.0.49 has unknown ...) NOT-FOR-US: flip4mac_wmv CVE-2007-6714 (DBMail before 2.2.9, when using authldap with an LDAP server that ...) BUG: 218154 CVE-2007-6715 (Mozilla Firefox allows remote attackers to cause a denial of service ...) BUG: 231616 CVE-2007-6716 (fs/direct-io.c in the dio subsystem in the Linux kernel before 2.6.23 ...) BUG: 237408 CVE-2007-6717 (Buffer overflow in tftp in bos.net.tcp.client in IBM AIX 5.2.0 and ...) NOT-FOR-US: ibm aix CVE-2007-6718 (MPlayer, possibly 1.0rc1, allows remote attackers to cause a denial of ...) NOTE: if this only causes a crash, it is not an issue. NOTE: what do other distros have to say? (rbu) BUG: 253649 CVE-2007-6719 (SQL injection vulnerability in Wiz-Ad 1.3 allows remote attackers to ...) NOT-FOR-US: inspector_it wiz ad CVE-2007-6720 (libmikmod 3.1.9 through 3.2.0, as used by MikMod, SDL-mixer, and ...) BUG: 255363 CVE-2007-6721 (The Legion of the Bouncy Castle Java Cryptography API before release ...) NOTE: obsolete CVE-2007-6722 (Vidalia bundle before 0.1.2.18, when running on Windows and Mac OS X, ...) NOT-FOR-US: Vidalia CVE-2007-6723 (TorK before 0.22, when running on Windows and Mac OS X, installs ...) NOT-FOR-US: That version is ancient, we're shipping 0.23 CVE-2007-6724 (Vidalia bundle before 0.1.2.18, when running on Windows, installs ...) NOT-FOR-US: Vidalia CVE-2007-6725 (The CCITTFax decoding filter in Ghostscript 8.60, 8.61, and possibly ...) BUG: 264614 CVE-2007-6726 (Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and ...) NOT-FOR-US: dojotoolkit dojo CVE-2007-6727 (SQL injection vulnerability in topic.php in KerviNet Forum 1.1 allows ...) NOT-FOR-US: KerviNet Forum CVE-2007-6728 (Cross-site scripting (XSS) vulnerability in XMB 1.5 allows remote ...) NOT-FOR-US: XMB CVE-2007-6729 (Cross-site scripting (XSS) vulnerability in the web management ...) NOT-FOR-US: zyxel p 330w_router CVE-2007-6730 (Multiple cross-site request forgery (CSRF) vulnerabilities in the web ...) NOT-FOR-US: zyxel p 330w_router CVE-2007-6731 (Extended Module Player (XMP) 2.5.1 and earlier allow remote attackers ...) NOT-FOR-US: Not yet in-tree, notified in bug 236825 CVE-2007-6732 (Multiple buffer overflows in the dtt_load function in ...) NOT-FOR-US: Not yet in-tree, notified in bug 236825. CVE-2007-6733 (The nfs_lock function in fs/nfs/file.c in the Linux kernel 2.6.9 does ...) BUG: 313327 CVE-2007-6734 (NWFTPD.nlm before 5.08.07 in the FTP server in Novell NetWare 6.5 SP7 ...) NOT-FOR-US: novell netware CVE-2007-6735 (NWFTPD.nlm before 5.08.06 in the FTP server in Novell NetWare does not ...) NOT-FOR-US: novell netware CVE-2007-6736 (Multiple directory traversal vulnerabilities in FTPServer.py in ...) NOT-FOR-US: g rodola pyftpdlib CVE-2007-6737 (FTPServer.py in pyftpdlib before 0.2.0 does not increment the ...) NOT-FOR-US: g rodola pyftpdlib CVE-2007-6738 (pyftpdlib before 0.1.1 does not choose a random value for the port ...) NOT-FOR-US: g rodola pyftpdlib CVE-2007-6739 (FTPServer.py in pyftpdlib before 0.2.0 allows remote attackers to ...) NOT-FOR-US: g rodola pyftpdlib CVE-2007-6740 (The ftp_STOU function in FTPServer.py in pyftpdlib before 0.2.0 does ...) NOT-FOR-US: g rodola pyftpdlib CVE-2007-6741 (The ftp_PORT function in FTPServer.py in pyftpdlib before 0.2.0 does ...) NOT-FOR-US: g rodola pyftpdlib CVE-2008-0001 (VFS in the Linux kernel before 2.6.22.16, and 2.6.23.x before ...) BUG: 205980 CVE-2008-0002 (Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context ...) BUG: 209410 CVE-2008-0003 (Stack-based buffer overflow in the PAMBasicAuthenticator::PAMCallback ...) NOT-FOR-US: OpenPegasus Management Server CVE-2008-0004 REJECTED CVE-2008-0005 (mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before ...) BUG: 205195 CVE-2008-0006 (Buffer overflow in (1) X.Org Xserver before 1.4.1, and (2) the libfont ...) BUG: 206633 CVE-2008-0007 (Linux kernel before 2.6.22.17, when using certain drivers that ...) BUG: 212137 CVE-2008-0008 (The pa_drop_root function in PulseAudio 0.9.8, and a certain 0.9.9 ...) BUG: 207214 CVE-2008-0009 (The vmsplice_to_user function in fs/splice.c in the Linux kernel ...) BUG: 209460 CVE-2008-0010 (The copy_from_user_mmap_sem function in fs/splice.c in the Linux ...) BUG: 209460 CVE-2008-0011 (Microsoft DirectX 8.1 through 9.0c, and DirectX on Microsoft XP SP2 ...) NOT-FOR-US: Microsoft DirectX CVE-2008-0012 (Heap-based buffer overflow in an unspecified procedure in Trend Micro ...) NOT-FOR-US: an unspecified procedure in Trend Micro ServerProtect CVE-2008-0013 (Heap-based buffer overflow in an unspecified procedure in Trend Micro ...) NOT-FOR-US: an unspecified procedure in Trend Micro ServerProtect CVE-2008-0014 (Heap-based buffer overflow in an unspecified procedure in Trend Micro ...) NOT-FOR-US: an unspecified procedure in Trend Micro ServerProtect CVE-2008-0015 (Stack-based buffer overflow in the CComVariant::ReadFromStream ...) NOT-FOR-US: microsoft windows_xp CVE-2008-0016 (Stack-based buffer overflow in the URL parsing implementation in ...) BUG: 238535 CVE-2008-0017 (The http-index-format MIME type parser (nsDirIndexParser) in Firefox ...) BUG: 246602 CVE-2008-0018 RESERVED CVE-2008-0019 RESERVED CVE-2008-0020 (Unspecified vulnerability in the Load method in the IPersistStreamInit ...) NOT-FOR-US: microsoft windows_xp CVE-2008-0021 RESERVED CVE-2008-0022 RESERVED CVE-2008-0023 RESERVED CVE-2008-0024 RESERVED CVE-2008-0025 RESERVED CVE-2008-0026 (SQL injection vulnerability in Cisco Unified ...) NOT-FOR-US: Cisco Unified CallManager Communications Manager CUCM CVE-2008-0027 (Heap-based buffer overflow in the Certificate Trust List (CTL) ...) NOT-FOR-US: Cisco Certificate Trust List CVE-2008-0028 (Unspecified vulnerability in Cisco PIX 500 Series Security Appliance ...) NOT-FOR-US: Cisco PIX 500 Series Security Appliance CVE-2008-0029 (Cisco Application Velocity System (AVS) before 5.1.0 is installed with ...) NOT-FOR-US: Cisco AVS CVE-2008-0030 RESERVED CVE-2008-0031 (Unspecified vulnerability in Apple QuickTime before 7.4 allows remote ...) NOT-FOR-US: Apple Quicktime CVE-2008-0032 (Apple QuickTime before 7.4 allows remote attackers to execute ...) NOT-FOR-US: Apple QuickTIme CVE-2008-0033 (Unspecified vulnerability in Apple QuickTime before 7.4 allows remote ...) NOT-FOR-US: Apple QuickTime CVE-2008-0034 (Unspecified vulnerability in Passcode Lock in Apple iPhone 1.0 through ...) NOT-FOR-US: Apple iPhone CVE-2008-0035 (Unspecified vulnerability in Foundation, as used in Apple iPhone 1.0 ...) NOT-FOR-US: Apple iPhone CVE-2008-0036 (Buffer overflow in Apple QuickTime before 7.4 allows remote attackers ...) NOT-FOR-US: Apple QuickTime CVE-2008-0037 (X11 in Apple Mac OS X 10.5 through 10.5.1 does not properly handle ...) NOT-FOR-US: Apple Mac OS X 10.5 CVE-2008-0038 (Launch Services in Apple Mac OS X 10.5 through 10.5.1 allows an ...) NOT-FOR-US: Apple Mac OS X 10.5 CVE-2008-0039 (Unspecified vulnerability in Mail in Apple Mac OS X 10.4.11 allows ...) NOT-FOR-US: Apple Mac OS X 10.4.11 CVE-2008-0040 (Unspecified vulnerability in NFS in Apple Mac OS X 10.5 through 10.5.1 ...) NOT-FOR-US: Apple Mac OS X 10.5 CVE-2008-0041 (Parental Controls in Apple Mac OS X 10.5 through 10.5.1 contacts ...) NOT-FOR-US: Apple Mac OS X 10.5 CVE-2008-0042 (Argument injection vulnerability in Terminal.app in Terminal in Apple ...) NOT-FOR-US: Apple Mac OS X 11.4.11 CVE-2008-0043 (Format string vulnerability in Apple iPhoto before 7.1.2 allows remote ...) NOT-FOR-US: Apple CVE-2008-0044 (Multiple buffer overflows in AFP Client in Apple Mac OS X 10.4.11 and ...) NOT-FOR-US: AFP Client in Apple Mac OS X CVE-2008-0045 (Unspecified vulnerability in AFP Server in Apple Mac OS X 10.4.11 ...) NOT-FOR-US: AFP Server in Apple Mac OS X CVE-2008-0046 (The Application Firewall in Apple Mac OS X 10.5.2 has an incorrect ...) NOT-FOR-US: Apple Mac OS X CVE-2008-0047 (Heap-based buffer overflow in the cgiCompileSearch function in CUPS ...) BUG: 212364 CVE-2008-0048 (Stack-based buffer overflow in AppKit in Apple Mac OS X 10.4.11 allows ...) NOT-FOR-US: AppKit in Apple Mac OS X CVE-2008-0049 (AppKit in Apple Mac OS X 10.4.11 inadvertently makes an NSApplication ...) NOT-FOR-US: Apple Mac OS X CVE-2008-0050 (CFNetwork in Apple Mac OS X 10.4.11 allows remote HTTPS proxy servers ...) NOT-FOR-US: Apple Mac OS X CVE-2008-0051 (Integer overflow in CoreFoundation in Apple Mac OS X 10.4.11 might ...) NOT-FOR-US: CoreFoundation in Apple Mac OS X CVE-2008-0052 (CoreServices in Apple Mac OS X 10.4.11 treats .ief as a safe file ...) NOT-FOR-US: Apple Mac OS X CVE-2008-0053 (Multiple buffer overflows in the HP-GL/2-to-PostScript filter in CUPS ...) BUG: 214068 CVE-2008-0054 (Foundation in Apple Mac OS X 10.4.11 might allow context-dependent ...) NOT-FOR-US: Apple Mac OS X CVE-2008-0055 (Foundation in Apple Mac OS X 10.4.11 creates world-writable ...) NOT-FOR-US: Apple Mac OS X CVE-2008-0056 (Stack-based buffer overflow in Foundation in Apple Mac OS X 10.4.11 ...) NOT-FOR-US: Foundation in Apple Mac OS X CVE-2008-0057 (Multiple integer overflows in a "legacy serialization format" parser ...) NOT-FOR-US: Mac OS X CVE-2008-0058 (Race condition in the NSURLConnection cache management functionality ...) NOT-FOR-US: Apple Mac OS X CVE-2008-0059 (Race condition in NSXML in Foundation for Apple Mac OS X 10.4.11 ...) NOT-FOR-US: NSXML in Foundation for Apple Mac OS X CVE-2008-0060 (Help Viewer in Apple Mac OS X 10.4.11 and 10.5.2 allows remote ...) NOT-FOR-US: Apple Mac OS X CVE-2008-0061 (MaraDNS 1.0 before 1.0.41, 1.2 before 1.2.12.08, and 1.3 before ...) BUG: 204351 CVE-2008-0062 (KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for ...) BUG: 212363 CVE-2008-0063 (The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not ...) BUG: 212363 CVE-2008-0064 (Stack-based buffer overflow in Pierre-emmanuel Gougelet (1) XnView ...) BUG: 175670 CVE-2008-0065 (Multiple stack-based buffer overflows in in_mp3.dll in Winamp 5.21, ...) NOT-FOR-US: Winamp CVE-2008-0066 (Multiple buffer overflows in htmsr.dll in the HTML speed reader in ...) NOT-FOR-US: Autonomy KeyView CVE-2008-0067 (Multiple stack-based buffer overflows in HP OpenView Network Node ...) NOT-FOR-US: hp openview_network_node_manager CVE-2008-0068 (Directory traversal vulnerability in OpenView5.exe in HP OpenView ...) NOT-FOR-US: HP openview_network_node_manager CVE-2008-0069 (Stack-based buffer overflow in XnView 1.92 and 1.92.1 allows ...) BUG: 175670 CVE-2008-0070 (Integer overflow in Orb Networks Orb 2.00.1014 and Winamp Remote BETA ...) NOT-FOR-US: Orb Networks Orb CVE-2008-0071 (The Web UI interface in (1) BitTorrent before 6.0.3 build 8642 and (2) ...) BUG: 239824 CVE-2008-0072 (Format string vulnerability in the emf_multipart_encrypted function in ...) BUG: 212272 CVE-2008-0073 (Array index error in the sdpplin_parse function in ...) BUG: 213039 CVE-2008-0074 (Unspecified vulnerability in Microsoft Internet Information Services ...) NOT-FOR-US: Microsoft IIS CVE-2008-0075 (Unspecified vulnerability in Microsoft Internet Information Services ...) NOT-FOR-US: Microsoft IIS CVE-2008-0076 (Unspecified vulnerability in Microsoft Internet Explorer 5.01, 6 SP1 ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2008-0077 (Use-after-free vulnerability in Microsoft Internet Explorer 6 SP1, 6 ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2008-0078 (Unspecified vulnerability in an ActiveX control (dxtmsft.dll) in ...) NOT-FOR-US: Microsoft ActiveX CVE-2008-0079 RESERVED CVE-2008-0080 (Heap-based buffer overflow in the WebDAV Mini-Redirector in Microsoft ...) NOT-FOR-US: Microsoft WebDAV Mini Redirector CVE-2008-0081 (Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 ...) NOT-FOR-US: Microsoft CVE-2008-0082 (An ActiveX control (Messenger.UIAutomation.1) in Windows Messenger 4.7 ...) NOT-FOR-US: Microsoft Windows Messenger CVE-2008-0083 (The (1) VBScript (VBScript.dll) and (2) JScript (JScript.dll) ...) NOT-FOR-US: Microsoft Windows CVE-2008-0084 (Unspecified vulnerability in the TCP/IP support in Microsoft Windows ...) NOT-FOR-US: Microsoft windows nt CVE-2008-0085 (SQL Server 7.0 SP4, 2000 SP4, 2005 SP1 and SP2, 2000 Desktop Engine ...) NOT-FOR-US: Microsoft sql_server CVE-2008-0086 (Buffer overflow in the convert function in Microsoft SQL Server 2000 ...) NOT-FOR-US: Microsoft sql_server CVE-2008-0087 (The DNS client in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 ...) NOT-FOR-US: Microsoft Windows CVE-2008-0088 (Unspecified vulnerability in Active Directory on Microsoft Windows ...) NOT-FOR-US: Microsoft windows nt CVE-2008-0089 (SQL injection vulnerability in uprofile.php in ClipShare allows remote ...) NOT-FOR-US: Clip Share ClipShare CVE-2008-0090 (A certain ActiveX control in npUpload.dll in DivX Player 6.6.0 allows ...) NOT-FOR-US: DivX Player CVE-2008-0091 (Directory traversal vulnerability in download2.php in AGENCY4NET ...) NOT-FOR-US: AGENCY4NET WEBFTP CVE-2008-0092 (Cross-site scripting (XSS) vulnerability in index.php in the search ...) BUG: 260274 CVE-2008-0093 (Multiple cross-site scripting (XSS) vulnerabilities in newticket.php ...) NOT-FOR-US: eTicket CVE-2008-0094 (Multiple directory traversal vulnerabilities in MODx Content ...) NOT-FOR-US: MODxCMS CVE-2008-0095 (The SIP channel driver in Asterisk Open Source 1.4.x before 1.4.17, ...) NOT-FOR-US: we do ship 1.2 so we are not affected CVE-2008-0096 (Multiple buffer overflows in Georgia SoftWorks SSH2 Server (GSW_SSHD) ...) NOT-FOR-US: Georgia SoftWorks SSH2 Server CVE-2008-0097 (Format string vulnerability in the log function in Georgia SoftWorks ...) NOT-FOR-US: Georgia SoftWorks SSH2 Server CVE-2008-0098 (Buffer overflow in RealPlayer 11 build 6.0.14.748 allows remote ...) NOTE: No details as of 2008-03-01, no bug. CVE-2008-0099 (Multiple SQL injection vulnerabilities in MyPHP Forum 3.0 and earlier ...) NOT-FOR-US: MyPHP Forum CVE-2008-0100 (Stack-based buffer overflow in the Scene::errorf function in Scene.cpp ...) NOT-FOR-US: White_Dune CVE-2008-0101 (Format string vulnerability in the swDebugf function in DuneApp.cpp in ...) NOT-FOR-US: White_Dune CVE-2008-0102 (Unspecified vulnerability in Microsoft Office Publisher 2000, 2002, ...) NOT-FOR-US: Microsoft Publisher CVE-2008-0103 (Unspecified vulnerability in Microsoft Office 2000 SP3, Office XP SP3, ...) NOT-FOR-US: Microsoft Office CVE-2008-0104 (Unspecified vulnerability in Microsoft Office Publisher 2000, 2002, ...) NOT-FOR-US: Microsoft Office CVE-2008-0105 (Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, ...) NOT-FOR-US: Office 2003 SP2 CVE-2008-0106 (Buffer overflow in Microsoft SQL Server 2005 SP1 and SP2, and 2005 ...) NOT-FOR-US: Microsoft sql_server CVE-2008-0107 (Integer underflow in SQL Server 7.0 SP4, 2000 SP4, 2005 SP1 and SP2, ...) NOT-FOR-US: Microsoft sql_server CVE-2008-0108 (Stack-based buffer overflow in wkcvqd01.dll in Microsoft Works 6 File ...) NOT-FOR-US: Microsoft Works Suite CVE-2008-0109 (Word in Microsoft Office 2000 SP3, XP SP3, Office 2003 SP2, and Office ...) NOT-FOR-US: Microsoft Word CVE-2008-0110 (Unspecified vulnerability in Microsoft Outlook in Office 2000 SP3, XP ...) NOT-FOR-US: Microsoft Office CVE-2008-0111 (Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, ...) NOT-FOR-US: Microsoft Office_compatibility_pack_for_word_excel_ppt_2007 CVE-2008-0112 (Unspecified vulnerability in Microsoft Excel 2000 SP3, and Office for ...) NOT-FOR-US: Microsoft Excel CVE-2008-0113 (Unspecified vulnerability in Microsoft Office Excel Viewer 2003 up to ...) NOT-FOR-US: Microsoft excel_viewer CVE-2008-0114 (Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 ...) NOT-FOR-US: Microsoft excel_viewer CVE-2008-0115 (Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, ...) NOT-FOR-US: Microsoft Office_compatibility_pack_for_word_excel_ppt_2007 CVE-2008-0116 (Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, Compatibility ...) NOT-FOR-US: Microsoft Office_compatibility_pack_for_word_excel_ppt_2007 CVE-2008-0117 (Unspecified vulnerability in Microsoft Excel 2000 SP3 and 2002 SP2, ...) NOT-FOR-US: Microsoft Office CVE-2008-0118 (Unspecified vulnerability in Microsoft Office 2000 SP3, XP SP3, 2003 ...) NOT-FOR-US: Microsoft Office CVE-2008-0119 (Unspecified vulnerability in Microsoft Publisher in Office 2000 and XP ...) NOT-FOR-US: Microsoft Office CVE-2008-0120 (Integer overflow in Microsoft PowerPoint Viewer 2003 allows remote ...) NOT-FOR-US: Microsoft office_powerpoint_viewer CVE-2008-0121 (A "memory calculation error" in Microsoft PowerPoint Viewer 2003 ...) NOT-FOR-US: Microsoft office_powerpoint_viewer CVE-2008-0122 (Off-by-one error in the inet_network function in libbind in ISC BIND ...) BUG: 206847 CVE-2008-0123 (Cross-site scripting (XSS) vulnerability in install.php for Moodle ...) NOT-FOR-US: we dont ship moodle CVE-2008-0124 (Cross-site scripting (XSS) vulnerability in Serendipity (S9Y) before ...) NOT-FOR-US: S9Y Serendipity CVE-2008-0125 (Cross-site scripting (XSS) vulnerability in phpstats.php in Michael ...) NOT-FOR-US: Michael Wagner phpstats CVE-2008-0126 RESERVED CVE-2008-0127 (The administration interface in McAfee E-Business Server 8.5.2 and ...) NOT-FOR-US: McAfee CVE-2008-0128 (The SingleSignOn Valve ...) NOT-FOR-US: we ship 5.5.25 CVE-2008-0129 (SQL injection vulnerability in starnet/addons/slideshow_full.php in ...) NOT-FOR-US: SiteAtSchool CVE-2008-0130 (SQL injection vulnerability in login_form.asp in Instant Softwares ...) NOT-FOR-US: InstantSoftwares Dating_Site CVE-2008-0131 (Cross-site scripting (XSS) vulnerability in login_form.asp in Instant ...) NOT-FOR-US: InstantSoftwares Dating_Site CVE-2008-0132 (Pragma FortressSSH 5.0 Build 4 Revision 293 and earlier handles long ...) NOT-FOR-US: Pragma Systems FortressSSH CVE-2008-0133 (Multiple SQL injection vulnerabilities in Tribisur 2.1 and earlier ...) NOT-FOR-US: Thomas Perez Tribisur CVE-2008-0134 (Cross-site scripting (XSS) vulnerability in Forums/setup.asp in Snitz ...) NOT-FOR-US: Snitz Forums 2000 Snitz Forums CVE-2008-0135 (Snitz Forums 2000 3.4.06 and earlier stores sensitive information ...) NOT-FOR-US: Snitz Forums 2000 Snitz Forums CVE-2008-0136 (Snitz Forums 2000 3.4.05 allows remote attackers to obtain sensitive ...) NOT-FOR-US: Snitz Forums 2000 Snitz Forums CVE-2008-0137 (PHP remote file inclusion vulnerability in config.inc.php in SNETWORKS ...) NOT-FOR-US: SNETWORKS PHP CLASSIFIEDS CVE-2008-0138 (PHP remote file inclusion vulnerability in xoopsgallery/init_basic.php ...) NOT-FOR-US: XoopsGallery Module CVE-2008-0139 (Eval injection vulnerability in loudblog/inc/parse_old.php in Loudblog ...) NOT-FOR-US: LoudBlog CVE-2008-0140 (Directory traversal vulnerability in error.php in Uebimiau Webmail ...) NOT-FOR-US: UebiMiau Webmail CVE-2008-0141 (actions.php in WebPortal CMS 0.6-beta generates predictable passwords ...) NOT-FOR-US: WebPortal CMS CVE-2008-0142 (Multiple SQL injection vulnerabilities in WebPortal CMS 0.6-beta allow ...) NOT-FOR-US: WebPortal CMS CVE-2008-0143 (PHP remote file inclusion vulnerability in common/db.php in samPHPweb, ...) NOT-FOR-US: Spacial Audio Solutions samPHPweb CVE-2008-0144 (PHP remote file inclusion vulnerability in index.php in NetRisk 1.9.7 ...) NOT-FOR-US: phpRisk NetRisk CVE-2008-0145 (Unspecified vulnerability in glob in PHP before 4.4.8, when ...) NOT-FOR-US: we do ship 5.x CVE-2008-0146 (Cross-site scripting (XSS) vulnerability in the error page in W3-mSQL ...) NOT-FOR-US: Hughes Technologies W3 mSQL CVE-2008-0147 (SQL injection vulnerability in index.php in SmallNuke 2.0.4 and ...) NOT-FOR-US: SmallNuke CVE-2008-0148 (TUTOS 1.3 does not restrict access to php/admin/cmd.php, which allows ...) NOT-FOR-US: Tutos CVE-2008-0149 (TUTOS 1.3 allows remote attackers to read system information via a ...) NOT-FOR-US: Tutos CVE-2008-0150 (Unspecified vulnerability in the LDAP authentication feature in Aruba ...) NOT-FOR-US: aruba_networks Aruba Mobility Controllers CVE-2008-0151 (Heap-based buffer overflow in Foxit WAC Server 2.1.0.910, 2.0 Build ...) NOT-FOR-US: Foxit WAC Server CVE-2008-0152 (SLnet.exe in SeattleLab SLNet RF Telnet Server 4.1.1.3758 and earlier ...) NOT-FOR-US: Seattle Lab Software SLNet RF Telnet Server CVE-2008-0153 (telnetd.exe in Pragma TelnetServer 7.0.4.589 allows remote attackers ...) NOT-FOR-US: Pragma Systems Pragma TelnetServer CVE-2008-0154 (SQL injection vulnerability in index.php in EvilBoard 0.1a (Alpha) ...) NOT-FOR-US: EvilBoard CVE-2008-0155 (Cross-site scripting (XSS) vulnerability in index.php in EvilBoard ...) NOT-FOR-US: EvilBoard CVE-2008-0156 (Absolute path traversal vulnerability in index.php in Million Dollar ...) NOT-FOR-US: Million Dollar Script CVE-2008-0157 (SQL injection vulnerability in FlexBB 0.6.3 and earlier allows remote ...) NOT-FOR-US: FlexBB CVE-2008-0158 (Directory traversal vulnerability in index.php in Shop-Script 2.0 and ...) NOT-FOR-US: Shop Script CVE-2008-0159 (SQL injection vulnerability in index.php in eggBlog 3.1.0 and earlier ...) NOT-FOR-US: eggblog CVE-2008-0160 RESERVED CVE-2008-0161 RESERVED CVE-2008-0162 (misc.c in splitvt 1.6.6 and earlier does not drop group privileges ...) BUG: 211240 CVE-2008-0163 (Linux kernel 2.6, when using vservers, allows local users to access ...) BUG: 212141 CVE-2008-0164 (Multiple cross-site request forgery (CSRF) vulnerabilities in Plone ...) NOTE: Plone 3.X only CVE-2008-0165 (Cross-site request forgery (CSRF) vulnerability in Ikiwiki before 2.42 ...) NOT-FOR-US: Ikiwiki CVE-2008-0166 (OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based ...) NOTE: This bug does not affect Gentoo's ebuild for OpenSSL. NOTE: Inclusion of a blacklist for SSH logins is discussed in the referenced bug. BUG: 221759 CVE-2008-0167 (The write_array_file function in utils/include.pl in GForge 4.5.14 ...) NOT-FOR-US: GForge CVE-2008-0168 RESERVED CVE-2008-0169 (Plugin/passwordauth.pm (aka the passwordauth plugin) in ikiwiki 1.34 ...) NOT-FOR-US: ikiwiki CVE-2008-0170 RESERVED CVE-2008-0171 (regex/v4/perl_matcher_non_recursive.hpp in the Boost regex library ...) BUG: 205955 CVE-2008-0172 (The get_repeat_type function in basic_regex_creator.hpp in the Boost ...) BUG: 205955 CVE-2008-0173 (SQL injection vulnerability in Gforge 4.6.99 and earlier allows remote ...) NOT-FOR-US: GForge CVE-2008-0174 (GE Fanuc Proficy Real-Time Information Portal 2.6 and earlier uses ...) NOT-FOR-US: GE Fanuc Proficy Real-Time Information Portal 2.6 CVE-2008-0175 (Unrestricted file upload vulnerability in GE Fanuc Proficy Real-Time ...) NOT-FOR-US: GE Fanuc Proficy Real-Time Information Portal CVE-2008-0176 (Heap-based buffer overflow in w32rtr.exe in GE Fanuc CIMPLICITY HMI ...) NOT-FOR-US: GE Fanuc CIMPLICITY HMI SCADA system CVE-2008-0177 (The ipcomp6_input function in sys/netinet6/ipcomp_input.c in the KAME ...) BUG: 209887 CVE-2008-0178 (Cross-site scripting (XSS) vulnerability in the Enterprise Admin ...) NOT-FOR-US: Liferay Portal CVE-2008-0179 (Cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: Liferay CVE-2008-0180 (Cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: Liferay CVE-2008-0181 (Cross-site scripting (XSS) vulnerability in the Admin portlet in ...) NOT-FOR-US: Liferay Portal CVE-2008-0182 (Cross-site request forgery (CSRF) vulnerability in the Admin portlet ...) NOT-FOR-US: Liferay Portal CVE-2008-0183 RESERVED CVE-2008-0184 (Absolute path traversal vulnerability in index.php in Sys-Hotel on ...) NOT-FOR-US: Sys Hotel CVE-2008-0185 (SQL injection vulnerability in index.php in NetRisk 1.9.7 and possibly ...) NOT-FOR-US: NetRisk CVE-2008-0186 (Cross-site scripting (XSS) vulnerability in index.php in NetRisk 1.9.7 ...) NOT-FOR-US: NetRisk CVE-2008-0187 (SQL injection vulnerability in songinfo.php in SAM Broadcaster ...) NOT-FOR-US: SAM CVE-2008-0188 REJECTED CVE-2008-0189 REJECTED CVE-2008-0190 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: AwesomeTemplateEngine CVE-2008-0191 (WordPress 2.2.x and 2.3.x allows remote attackers to obtain sensitive ...) BUG: 205967 CVE-2008-0192 (Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.0.9 ...) NOT-FOR-US: we do ship 2.0.x CVE-2008-0193 (Cross-site scripting (XSS) vulnerability in wp-db-backup.php in ...) BUG: 205967 CVE-2008-0194 (Directory traversal vulnerability in wp-db-backup.php in WordPress ...) NOT-FOR-US: we don't ship 2.0.3 or earlier CVE-2008-0195 (WordPress 2.0.11 and earlier allows remote attackers to obtain ...) BUG: 205967 CVE-2008-0196 (Multiple directory traversal vulnerabilities in WordPress 2.0.11 and ...) NOTE: Windows-only CVE-2008-0197 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: WP ContactForm CVE-2008-0198 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...) NOT-FOR-US: WP ContactForm CVE-2008-0199 (PRO-Search 0.17 and earlier allows remote attackers to cause a denial ...) NOT-FOR-US: PRO Search CVE-2008-0200 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: RotaBanner CVE-2008-0201 (Cross-site scripting (XSS) vulnerability in index.php in ...) NOT-FOR-US: ExpressionEngine CVE-2008-0202 (CRLF injection vulnerability in index.php in ExpressionEngine 1.2.1 ...) NOT-FOR-US: ExpressionEngine CVE-2008-0203 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: Cryptographp CVE-2008-0204 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: Math CVE-2008-0205 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...) NOT-FOR-US: Math CVE-2008-0206 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: Captcha CVE-2008-0207 (Multiple cross-site scripting (XSS) vulnerabilities in PRO-Search 0.17 ...) NOT-FOR-US: PRO Search CVE-2008-0208 (Cross-site scripting (XSS) vulnerability in login.asp in Snitz Forums ...) NOT-FOR-US: Snitz CVE-2008-0209 (Open redirect vulnerability in Forums/login.asp in Snitz Forums 2000 ...) NOT-FOR-US: Snitz CVE-2008-0210 (Uebimiau Webmail 2.7.10 and 2.7.2 does not protect authentication ...) NOT-FOR-US: Uebimiau CVE-2008-0211 (Unspecified vulnerability in the BIOS F.04 through F.11 for the HP ...) NOT-FOR-US: HP Compaq BIOS CVE-2008-0212 (ovtopmd in HP OpenView Network Node Manager (OV NNM) 6.41, 7.01, and ...) NOT-FOR-US: HP OpenView Network Node Manager CVE-2008-0213 (Unspecified vulnerability in a certain ActiveX control for HP Virtual ...) NOT-FOR-US: HP Virtual Rooms CVE-2008-0214 (Multiple unspecified vulnerabilities in HP Select Identity 4.00, 4.01, ...) NOT-FOR-US: HP Select Identity CVE-2008-0215 (Multiple unspecified vulnerabilities in HP Storage Essentials Storage ...) NOT-FOR-US: HP Storage Essentials Storage Resource CVE-2008-0216 (The ptsname function in FreeBSD 6.0 through 7.0-PRERELEASE does not ...) BUG: 209889 CVE-2008-0217 (The script program in FreeBSD 5.0 through 7.0-PRERELEASE invokes ...) BUG: 209889 CVE-2008-0218 (Cross-site scripting (XSS) vulnerability in admin/index.html in Merak ...) NOT-FOR-US: Merak IceWarp Mail Server CVE-2008-0219 (SQL injection vulnerability in soporte_horizontal_w.php in PHP ...) NOT-FOR-US: php webquest CVE-2008-0220 (Multiple stack-based buffer overflows in the WebLaunch.WeblaunchCtl.1 ...) NOT-FOR-US: Gateway CWebLaunchCtl ActiveX Control CVE-2008-0221 (Directory traversal vulnerability in the WebLaunch.WeblaunchCtl.1 (aka ...) NOT-FOR-US: Gateway Weblaunch CVE-2008-0222 (Unrestricted file upload vulnerability in ajaxfilemanager.php in the ...) NOT-FOR-US: WordPress FileManager CVE-2008-0223 (Buffer overflow in JustSystems JSFC.DLL, as used in multiple ...) NOT-FOR-US: Justsystem Ichitaro Lite2 CVE-2008-0224 (SQL injection vulnerability in index.php in the Newbb_plus 0.92 and ...) NOT-FOR-US: RunCMS CVE-2008-0225 (Heap-based buffer overflow in the rmff_dump_cont function in ...) BUG: 205197 CVE-2008-0226 (Multiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL ...) BUG: 205968 CVE-2008-0227 (yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, ...) BUG: 205968 CVE-2008-0228 (Cross-site request forgery (CSRF) vulnerability in apply.cgi in the ...) NOT-FOR-US: Linksys WRT54GL CVE-2008-0229 (The telnet service in LevelOne WBR-3460 4-Port ADSL 2/2+ Wireless ...) NOT-FOR-US: Level One WBR 3460A CVE-2008-0230 (PHP remote file inclusion vulnerability in php121db.php in osDate ...) NOT-FOR-US: osDate CVE-2008-0231 (Multiple directory traversal vulnerabilities in index.php in Tuned ...) NOT-FOR-US: Tuned Studios Classic Theme CVE-2008-0232 (Multiple SQL injection vulnerabilities in Zero CMS 1.0 Alpha allow ...) NOT-FOR-US: Zero CMS CVE-2008-0233 (Unrestricted file upload vulnerability in Zero CMS 1.0 Alpha and ...) NOT-FOR-US: Zero CMS CVE-2008-0234 (Buffer overflow in Apple Quicktime Player 7.3.1.70 and other versions ...) NOT-FOR-US: Apple Quicktime CVE-2008-0235 (The Microsoft VFP_OLE_Server ActiveX control allows remote attackers ...) NOT-FOR-US: Microsoft VFP_OLE_Server ActiveX Control CVE-2008-0236 (An ActiveX control for Microsoft Visual FoxPro (vfp6r.dll 6.0.8862.0) ...) NOT-FOR-US: Microsoft Visual Fox Pro CVE-2008-0237 (The Microsoft Rich Textbox ActiveX Control (RICHTX32.OCX) 6.1.97.82 ...) NOT-FOR-US: Microsoft Rich Textbox Control CVE-2008-0238 (Multiple heap-based buffer overflows in the rmff_dump_cont function in ...) BUG: 205197 CVE-2008-0239 (Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System ...) NOT-FOR-US: Sun Java System Identity CVE-2008-0240 (/idm/help/index.jsp in Sun Java System Identity Manager 6.0 SP1 ...) NOT-FOR-US: Sun Java System Identity Manager CVE-2008-0241 (Open redirect vulnerability in /idm/user/login.jsp in Sun Java System ...) NOT-FOR-US: Sun Java System Identify Manager CVE-2008-0242 (Unspecified vulnerability in libdevinfo in Sun Solaris 10 allows local ...) NOT-FOR-US: Sun Solaris.. CVE-2008-0243 (Unspecified vulnerability in Lotus Domino 7.0.2 before Fix Pack 3 ...) NOT-FOR-US: Lotus CVE-2008-0244 (SAP MaxDB 7.6.03 build 007 and earlier allows remote attackers to ...) NOT-FOR-US: SAP MaxDB CVE-2008-0245 (admin.php in UploadImage 1.0 does not check for the original password ...) NOT-FOR-US: UploadImage CVE-2008-0246 (admin.php in UploadScript 1.0 does not check for the original password ...) NOT-FOR-US: UploadScript CVE-2008-0247 (Heap-based buffer overflow in the Express Backup Server service ...) NOT-FOR-US: IBM Tivoli Storage Manager CVE-2008-0248 (Buffer overflow in an ActiveX control in ccpm_0237.dll for StreamAudio ...) NOT-FOR-US: ActiveX.. CVE-2008-0249 (PHP Webquest 2.6 allows remote attackers to retrieve database ...) NOT-FOR-US: PHP Webquest 2.6 CVE-2008-0250 (Buffer overflow in Microsoft Visual InterDev 6.0 (SP6) allows ...) NOT-FOR-US: Microsoft CVE-2008-0251 (Unrestricted file upload vulnerability in PhotoPost vBGallery before ...) NOT-FOR-US: PhotoPost vBGallery CVE-2008-0252 (Directory traversal vulnerability in the _get_file_path function in ...) BUG: 204829 CVE-2008-0253 (SQL injection vulnerability in full_text.php in Binn SBuilder allows ...) NOT-FOR-US: BinN SBuilder CVE-2008-0254 (SQL injection vulnerability in activate.php in TutorialCMS (aka ...) NOT-FOR-US: Wavelink Media TutorialCMS CVE-2008-0255 (SQL injection vulnerability in archive.php in iGaming 1.5, and 1.3.1 ...) NOT-FOR-US: iGaming CVE-2008-0256 (Multiple SQL injection vulnerabilities in Matteo Binda ASP Photo ...) NOT-FOR-US: Matteo Binda ASP Photo Gallery CVE-2008-0257 (Cross-site scripting (XSS) vulnerability in search.pl in Dansie Search ...) NOT-FOR-US: Dansie Search Engine CVE-2008-0258 (Cross-site scripting (XSS) vulnerability in index.php in PHP Running ...) NOT-FOR-US: PHP Running Management phpRunMan CVE-2008-0259 (Multiple directory traversal vulnerabilities in _mg/php/mg_thumbs.php ...) NOT-FOR-US: minimal design minimal Gallery CVE-2008-0260 (minimal Gallery 0.8 allows remote attackers to obtain configuration ...) NOT-FOR-US: minimal design minimal Gallery CVE-2008-0261 (Unspecified vulnerability in the search component and module in Mambo ...) BUG: 205346 CVE-2008-0262 (SQL injection vulnerability in includes/articleblock.php in Agares ...) NOT-FOR-US: Agares Media phpAutoVideo CVE-2008-0263 (The SIP module in Ingate Firewall before 4.6.1 and SIParator before ...) NOT-FOR-US: Ingate firewall CVE-2008-0264 (Unspecified vulnerability in the Meta Tags (aka Nodewords) 5.x-1.6 ...) NOT-FOR-US: Drupal Meta_Tags_Module CVE-2008-0265 (Multiple cross-site scripting (XSS) vulnerabilities in the Search ...) NOT-FOR-US: F5 BIG IP CVE-2008-0266 (Cross-site request forgery (CSRF) vulnerability in admin.php in ...) NOT-FOR-US: eTicket CVE-2008-0267 (Multiple SQL injection vulnerabilities in eTicket 1.5.5.2 allow remote ...) NOT-FOR-US: eTicket CVE-2008-0268 (Cross-site scripting (XSS) vulnerability in view.php in eTicket ...) NOT-FOR-US: eTicket CVE-2008-0269 (Unspecified vulnerability in the dotoprocs function in Sun Solaris 10 ...) NOT-FOR-US: Sun Solaris CVE-2008-0270 (SQL injection vulnerability in index.php in TaskFreak! 0.6.1 and ...) NOT-FOR-US: TaskFreak CVE-2008-0271 (The editor deletion form in BUEditor 4.7.x before 4.7.x-1.0 and 5.x ...) NOT-FOR-US: BUEditor CVE-2008-0272 (Cross-site request forgery (CSRF) vulnerability in the aggregator ...) NOT-FOR-US: Drupal Module which we dont ship CVE-2008-0273 (Interpretation conflict in Drupal 4.7.x before 4.7.11 and 5.x before ...) BUG: 205305 CVE-2008-0274 (Cross-site scripting (XSS) vulnerability in Drupal 4.7.x and 5.x, when ...) BUG: 205305 CVE-2008-0275 (The Atom 4.7 before 4.7.x-1.0 and 5.x before 5.x-1.0 module for Drupal ...) NOT-FOR-US: We dont ship that module CVE-2008-0276 (Cross-site scripting (XSS) vulnerability in the Devel module before ...) NOT-FOR-US: we dont ship that module CVE-2008-0277 (Unspecified vulnerability in the Fileshare module for Drupal allows ...) NOT-FOR-US: we dont ship it CVE-2008-0278 (SQL injection vulnerability in index.php in X7 Chat 2.0.5 and possibly ...) NOT-FOR-US: X7 CVE-2008-0279 (SQL injection vulnerability in liretopic.php in Xforum 1.4 and ...) NOT-FOR-US: Xforum CVE-2008-0280 (SQL injection vulnerability in index.php in MTCMS 2.0 and possibly ...) NOT-FOR-US: MTCMS CVE-2008-0281 (SQL injection vulnerability in liste.php in ID-Commerce 2.0 and ...) NOT-FOR-US: ID Commerce CVE-2008-0282 (SQL injection vulnerability in welcome/inscription.php in DomPHP 0.81 ...) NOT-FOR-US: DomPHP CVE-2008-0283 (PHP remote file inclusion vulnerability in /aides/index.php in DomPHP ...) NOT-FOR-US: DomPHP CVE-2008-0284 (Cross-site scripting (XSS) vulnerability in Simple Machines Forum ...) NOT-FOR-US: Simple Machines Forum CVE-2008-0285 (ngIRCd 0.10.x before 0.10.4 and 0.11.0 before 0.11.0-pre2 allows ...) BUG: 204834 CVE-2008-0286 (SQL injection vulnerability in admin/login.php in Article Dashboard ...) NOT-FOR-US: Article Dashboard CVE-2008-0287 (PHP remote file inclusion vulnerability in VisionBurst vcart 3.3.2 ...) NOT-FOR-US: VisionBurst CVE-2008-0288 (Multiple SQL injection vulnerabilities in ImageAlbum 2.0.0b2 allow ...) NOT-FOR-US: ImageAlbum CVE-2008-0289 (PHP remote file inclusion vulnerability in view_func.php in Member ...) NOT-FOR-US: Member Area System CVE-2008-0290 (Multiple SQL injection vulnerabilities in Digital Hive 2.0 RC2 and ...) NOT-FOR-US: Digital Hive CVE-2008-0291 (SQL injection vulnerability in showproduct.asp in RichStrong CMS ...) NOT-FOR-US: RichStrong CVE-2008-0292 (Cross-site scripting (XSS) vulnerability in photo_album.pl in Dansie ...) NOT-FOR-US: Dansie CVE-2008-0293 (Unspecified vulnerability in cron.php in FreeSeat before 1.1.5d, when ...) NOT-FOR-US: FreeSeat CVE-2008-0294 (Unspecified vulnerability in the seat-locking implementation in ...) NOT-FOR-US: FreeSeat CVE-2008-0295 (Heap-based buffer overflow in modules/access/rtsp/real_sdpplin.c in ...) BUG: 205299 CVE-2008-0296 (Heap-based buffer overflow in the libaccess_realrtsp plugin in ...) BUG: 205299 CVE-2008-0297 (PhotoKorn allows remote attackers to obtain database credentials via a ...) NOT-FOR-US: PhotoKorn CVE-2008-0298 (KHTML WebKit as used in Apple Safari 2.x allows remote attackers to ...) NOT-FOR-US: Apple WebKit CVE-2008-0299 (common.py in Paramiko 1.7.1 and earlier, when using threads or forked ...) BUG: 205777 CVE-2008-0300 (mapFiler.php in Mapbender 2.4 to 2.4.4 allows remote attackers to ...) NOT-FOR-US: mapbender CVE-2008-0301 (Multiple SQL injection vulnerabilities in Mapbender 2.4.4 allow remote ...) NOT-FOR-US: mapbender CVE-2008-0302 (Untrusted search path vulnerability in apt-listchanges.py in ...) NOT-FOR-US: apt-listchanges.py CVE-2008-0303 (The FTP print feature in multiple Canon printers, including ...) NOT-FOR-US: Canon imageRUNNER CVE-2008-0304 (Heap-based buffer overflow in Mozilla Thunderbird before 2.0.0.12 and ...) BUG: 208128 CVE-2008-0305 RESERVED CVE-2008-0306 (sdbstarter in SAP MaxDB 7.6.0.37, and possibly other versions, allows ...) NOT-FOR-US: SAP MaxDB CVE-2008-0307 (Integer signedness error in vserver in SAP MaxDB 7.6.0.37, and ...) NOT-FOR-US: SAP MaxDB CVE-2008-0308 (Symantec Decomposer, as used in certain Symantec antivirus products ...) NOT-FOR-US: Symantec AntiVirus Scan Engine CVE-2008-0309 (Stack-based buffer overflow in Symantec Decomposer, as used in certain ...) NOT-FOR-US: Symantec AntiVirus Scan Engine CVE-2008-0310 (Directory traversal vulnerability in pkgadd in SCO UnixWare 7.1.4 ...) NOT-FOR-US: pkgadd in SCO UnixWare CVE-2008-0311 (Stack-based buffer overflow in the PGMWebHandler::parse_request ...) NOT-FOR-US: Borland CaliberRM CVE-2008-0312 (Stack-based buffer overflow in the AutoFix Support Tool ActiveX ...) NOT-FOR-US: Symantec Norton Antivirus CVE-2008-0313 (The ActiveDataInfo.LaunchProcess method in the ...) NOT-FOR-US: Symantec Norton Antivirus CVE-2008-0314 (Heap-based buffer overflow in spin.c in libclamav in ClamAV 0.92.1 ...) BUG: 213762 CVE-2008-0315 RESERVED CVE-2008-0316 RESERVED CVE-2008-0317 RESERVED CVE-2008-0318 (Integer overflow in the cli_scanpe function in libclamav in ClamAV ...) BUG: 209915 CVE-2008-0319 RESERVED CVE-2008-0320 (Heap-based buffer overflow in the OLE importer in OpenOffice.org ...) BUG: 218080 CVE-2008-0321 RESERVED CVE-2008-0322 (The I2O Utility Filter driver (i2omgmt.sys) 5.1.2600.2180 for ...) NOT-FOR-US: Microsoft windows nt CVE-2008-0323 RESERVED CVE-2008-0324 (Cisco Systems VPN Client IPSec Driver (CVPNDRVA.sys) 5.0.02.0090 ...) NOT-FOR-US: Cisco Systems VPN Client IPSec Driver (CVPNDRVA.sys) CVE-2008-0325 (SQL injection vulnerability in show.php in FaScript FaPersian Petition ...) NOT-FOR-US: FaScript FaPersian Petition CVE-2008-0326 (SQL injection vulnerability in class/show.php in FaScript ...) NOT-FOR-US: FaScript FaPersianHack CVE-2008-0327 (SQL injection vulnerability in show.php in FaScript FaMp3 1.0 allows ...) NOT-FOR-US: FaScript FaMp3 CVE-2008-0328 (SQL injection vulnerability in page.php in FaScript FaName 1.0 allows ...) NOT-FOR-US: FaScript FaName CVE-2008-0329 (LulieBlog 1.0.1 and 1.0.2 does not restrict access to (1) ...) NOT-FOR-US: Julien_Plesniak LulieBlog CVE-2008-0330 (Open System Consultants (OSC) Radiator before 4.0 allows remote ...) NOT-FOR-US: Radiator RADIUS_Server CVE-2008-0331 (Unspecified vulnerability in Funkwerk System Software before 7.4.1 ...) NOT-FOR-US: Funkwerk System Software CVE-2008-0332 (Directory traversal vulnerability in arias/help/effect.php in aria ...) NOT-FOR-US: Aria CVE-2008-0333 (Directory traversal vulnerability in download_view_attachment.aspx in ...) NOT-FOR-US: Microsoft ASP NET CVE-2008-0334 (Cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: PMachine Pro CVE-2008-0335 (Cross-site scripting (XSS) vulnerability in BugTracker.NET before ...) NOT-FOR-US: Bugtracker NET CVE-2008-0336 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...) NOT-FOR-US: Bugtracker NET CVE-2008-0337 (Heap-based buffer overflow in the _mwProcessReadSocket function in ...) NOT-FOR-US: MiniWeb HTTP Server CVE-2008-0338 (Directory traversal vulnerability in the mwGetLocalFileName function ...) NOT-FOR-US: MiniWeb HTTP Server CVE-2008-0339 (Unspecified vulnerability in the XML DB component in Oracle Database ...) NOT-FOR-US: Oracle Database CVE-2008-0340 (Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5 FIPS+, ...) NOT-FOR-US: Oracle Database 10g CVE-2008-0341 (Unspecified vulnerability in the Advanced Queuing component in Oracle ...) NOT-FOR-US: Oracle Database CVE-2008-0342 (Unspecified vulnerability in the Upgrade/Downgrade component in Oracle ...) NOT-FOR-US: Oracle Database CVE-2008-0343 (Unspecified vulnerability in the Oracle Spatial component in Oracle ...) NOT-FOR-US: Oracle Database 10g CVE-2008-0344 (Unspecified vulnerability in the Oracle Spatial component in Oracle ...) NOT-FOR-US: Oracle Database 10g CVE-2008-0345 (Unspecified vulnerability in the Core RDBMS component in Oracle ...) NOT-FOR-US: Oracle Database 10g CVE-2008-0346 (Unspecified vulnerability in the Oracle Jinitiator component in Oracle ...) NOT-FOR-US: Oracle Database 10g CVE-2008-0347 (Unspecified vulnerability in the Oracle Ultra Search component in ...) NOT-FOR-US: Oracle Database 10g CVE-2008-0348 (Multiple unspecified vulnerabilities in the PeopleTools component in ...) NOT-FOR-US: Oracle Database 10g CVE-2008-0349 (Unspecified vulnerability in the PeopleTools component in Oracle ...) NOT-FOR-US: Oracle Database 10g CVE-2008-0350 (admin/index.php in Evilsentinel 1.0.9 and earlier sends a redirect to ...) NOT-FOR-US: Evilsentinel CVE-2008-0351 (admin/config.php in Evilsentinel 1.0.9 and earlier allows remote ...) NOT-FOR-US: Evilsentinel CVE-2008-0352 (The Linux kernel 2.6.20 through 2.6.21.1 allows remote attackers to ...) BUG: 212143 CVE-2008-0353 (SQL injection vulnerability in visualizza_tabelle.php in php-residence ...) NOT-FOR-US: php residence CVE-2008-0354 (Cross-site scripting (XSS) vulnerability in the chat client in IBM ...) NOT-FOR-US: IBM Lotus Sametime CVE-2008-0355 (SQL injection vulnerability in index.php in the forum module in ...) NOT-FOR-US: PHPEcho CMS, CVE-2008-0356 (Buffer overflow in the Independent Management Architecture (IMA) ...) NOT-FOR-US: Citrix Presentation Server CVE-2008-0357 (Directory traversal vulnerability in pages/upload.php in Galaxyscripts ...) NOT-FOR-US: Galaxyscripts Mini File Host CVE-2008-0358 (SQL injection vulnerability in index.php in Pixelpost 1.7 allows ...) NOT-FOR-US: Pixelpost 1.7 CVE-2008-0359 (Multiple cross-site scripting (XSS) vulnerabilities in BLOG:CMS 4.2.1b ...) NOT-FOR-US: BLOG CMS CVE-2008-0360 (Multiple SQL injection vulnerabilities in BLOG:CMS 4.2.1b allow remote ...) NOT-FOR-US: BLOG CMS CVE-2008-0361 (Directory traversal vulnerability in agregar_info.php in GradMan 0.1.3 ...) NOT-FOR-US: GradMan CVE-2008-0362 (Cross-site scripting (XSS) vulnerability in gallery.php in Clever Copy ...) NOT-FOR-US: Clever Copy 3.0 CVE-2008-0363 (Multiple SQL injection vulnerabilities in Clever Copy 3.0 and earlier ...) NOT-FOR-US: Clever Copy 3.0 CVE-2008-0364 (Buffer overflow in (1) BitTorrent 6.0 and earlier; and (2) uTorrent ...) BUG: 209892 CVE-2008-0365 (Multiple buffer overflows in CORE FORCE before 0.95.172 allow local ...) NOT-FOR-US: CORE FORCE CVE-2008-0366 (CORE FORCE before 0.95.172 does not properly validate arguments to ...) NOT-FOR-US: CORE FORCE CVE-2008-0367 (Mozilla Firefox 2.0.0.11, 3.0b2, and possibly earlier versions, when ...) BUG: 207261 CVE-2008-0368 (onedcu in IBM Informix Dynamic Server (IDS) 10.x before 10.00.xC8 ...) NOT-FOR-US: IBM Informix Dynamic Server CVE-2008-0369 (Multiple unspecified programs in IBM Informix Dynamic Server (IDS) ...) NOT-FOR-US: IBM Informix Dynamic Server CVE-2008-0370 (Cross-site scripting (XSS) vulnerability in dohtaccess.html in cPanel ...) NOT-FOR-US: cPanel CVE-2008-0371 (Multiple SQL injection vulnerabilities in aliTalk 1.9.1.1, when ...) NOT-FOR-US: aliTalk CVE-2008-0372 (8e6 R3000 Internet Filter 2.0.05.33, and other versions before 2.0.11, ...) NOT-FOR-US: 8e6 R3000 Internet Filter CVE-2008-0373 (Unrestricted file upload vulnerability in PHP F1 Max's File Uploader ...) NOT-FOR-US: PHP F1 Max's File Uploader CVE-2008-0374 (OKI C5510MFP Printer CU H2.15, PU 01.03.01, System F/W 1.01, and Web ...) NOT-FOR-US: OKI C5510MFP Printer CU H2.15, PU 01.03.01, CVE-2008-0375 (Unspecified vulnerability in OKI C5510MFP Printer CU H2.15, PU ...) NOT-FOR-US: OKI C5510MFP Printer CU H2.15, PU 01.03.01, CVE-2008-0376 (PHP remote file inclusion vulnerability in inc/linkbar.php in Small ...) NOT-FOR-US: Small Axe Weblog CVE-2008-0377 (MicroNews allows remote attackers to bypass authentication and gain ...) NOT-FOR-US: MicroNews CVE-2008-0378 (Stack-based buffer overflow in SocksCap 2.40-051231 and earlier, when ...) NOT-FOR-US: SocksCap CVE-2008-0379 (Race condition in the Enterprise Tree ActiveX control ...) NOT-FOR-US: Enterprise Tree ActiveX control CVE-2008-0380 (Buffer overflow in the Digital Data Communications RtspVaPgCtrl ...) NOT-FOR-US: Digital Data Communications RtspVaPgCtrl CVE-2008-0381 (Unspecified vulnerability in Mahara before 0.9.1 has unknown impact ...) NOT-FOR-US: Mahara CVE-2008-0382 (Multiple eval injection vulnerabilities in MyBB 1.2.10 and earlier ...) NOT-FOR-US: MyBB CVE-2008-0383 (Multiple SQL injection vulnerabilities in MyBB 1.2.10 and earlier ...) NOT-FOR-US: MyBB CVE-2008-0384 (OpenBSD 4.2 allows local users to cause a denial of service (kernel ...) NOT-FOR-US: OpenBSD Open_BSD CVE-2008-0385 (SQL injection vulnerability in server/widgetallocator.php in Urulu 2.1 ...) NOT-FOR-US: Urulu CVE-2008-0386 (Xdg-utils 1.0.2 and earlier allows user-assisted remote attackers to ...) BUG: 207331 CVE-2008-0387 (Integer overflow in Firebird SQL 1.0.3 and earlier, 1.5.x before ...) BUG: 208034 CVE-2008-0388 (SQL injection vulnerability in the WP-Forum 1.7.4 plugin for WordPress ...) NOT-FOR-US: WP-Forum CVE-2008-0389 (Unspecified vulnerability in the serveServletsByClassnameEnabled ...) NOT-FOR-US: IBM WebSphere CVE-2008-0390 (stat.php in AuraCMS 1.62, and Mod Block Statistik for AuraCMS, allows ...) NOT-FOR-US: AuraCMS CVE-2008-0391 (inc/elementz.php in aliTalk 1.9.1.1 does not properly verify ...) NOT-FOR-US: aliTalk CVE-2008-0392 (Multiple buffer overflows in Microsoft Visual Basic Enterprise Edition ...) NOT-FOR-US: Microsoft Visual Basic Enterprise Edition 6.0 SP6 CVE-2008-0393 (Directory traversal vulnerability in info.php in GradMan 0.1.3 and ...) NOT-FOR-US: GradMan CVE-2008-0394 (Buffer overflow in Citadel SMTP server 7.10 and earlier allows remote ...) NOT-FOR-US: Citadel_SMTP CVE-2008-0395 (Kayako SupportSuite 3.11.01 allows remote attackers to obtain server ...) NOT-FOR-US: Kayako SupportSuite CVE-2008-0396 (Directory traversal vulnerability in BitDefender Update Server ...) NOT-FOR-US: BitDefender Update Server CVE-2008-0397 (Multiple SQL injection vulnerabilities in aflog 1.01, and possibly ...) NOT-FOR-US: aflog org aflog CVE-2008-0398 (Cross-site scripting (XSS) vulnerability in aflog 1.01, and possibly ...) NOT-FOR-US: Aflog CVE-2008-0399 (Multiple buffer overflows in Toshiba Surveillance (Surveillix) ...) NOT-FOR-US: Toshiba Surveillix RecordSend Class CVE-2008-0400 (Cross-site scripting (XSS) vulnerability in header.tpl.php in the ...) NOT-FOR-US: singapore CVE-2008-0401 (Buffer overflow in the logging functionality of the HTTP server in IBM ...) NOT-FOR-US: IBM Tivoli Provisioning Manager OS Deployment CVE-2008-0402 (Unspecified vulnerability in IBM WebSphere Business Modeler Basic and ...) NOT-FOR-US: IBM Websphere Business Modeler Advanced CVE-2008-0403 (The web server in Belkin Wireless G Plus MIMO Router F5D9230-4 does ...) NOT-FOR-US: Belkin F5D9230 4 CVE-2008-0404 (Cross-site scripting (XSS) vulnerability in Mantis before 1.1.1 allows ...) BUG: 207260 CVE-2008-0405 (Multiple directory traversal vulnerabilities in HTTP File Server (HFS) ...) NOT-FOR-US: HTTP File Server CVE-2008-0406 (HTTP File Server (HFS) before 2.2c, when account names are used as log ...) NOT-FOR-US: HTTP File Server CVE-2008-0407 (HTTP File Server (HFS) before 2.2c tags HTTP request log entries with ...) NOT-FOR-US: HTTP File Server CVE-2008-0408 (HTTP File Server (HFS) before 2.2c allows remote attackers to append ...) NOT-FOR-US: HTTP File Server CVE-2008-0409 (Cross-site scripting (XSS) vulnerability in HTTP File Server (HFS) ...) NOT-FOR-US: HTTP File Server CVE-2008-0410 (HTTP File Server (HFS) before 2.2c allows remote attackers to obtain ...) NOT-FOR-US: HTTP File Server CVE-2008-0411 (Stack-based buffer overflow in the zseticcspace function in zicc.c in ...) BUG: 208999 CVE-2008-0412 (The browser engine in Mozilla Firefox before 2.0.0.12, Thunderbird ...) BUG: 208128 CVE-2008-0413 (The JavaScript engine in Mozilla Firefox before 2.0.0.12, Thunderbird ...) BUG: 208128 CVE-2008-0414 (Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows ...) BUG: 208128 CVE-2008-0415 (Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and ...) BUG: 208128 CVE-2008-0416 (Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox ...) BUG: 209897 CVE-2008-0417 (CRLF injection vulnerability in Mozilla Firefox before 2.0.0.12 allows ...) BUG: 208128 CVE-2008-0418 (Directory traversal vulnerability in Mozilla Firefox before 2.0.0.12, ...) BUG: 208128 CVE-2008-0419 (Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows ...) BUG: 208128 CVE-2008-0420 (modules/libpr0n/decoders/bmp/nsBMPDecoder.cpp in Mozilla Firefox ...) BUG: 209897 CVE-2008-0421 (SQL injection vulnerability in Invision Gallery 2.0.7 and earlier ...) NOT-FOR-US: Invision Power Services Invision Gallery CVE-2008-0422 (SQL injection vulnerability in mail.php in boastMachine (aka bMachine) ...) NOT-FOR-US: BoastMachine CVE-2008-0423 (Multiple PHP remote file inclusion vulnerabilities in Lama Software ...) NOT-FOR-US: Lama Software CVE-2008-0424 (SQL injection vulnerability in blog.php in Mooseguy Blog System (MGBS) ...) NOT-FOR-US: Mooseguy Blog System MGBS CVE-2008-0425 (Absolute path traversal vulnerability in explorerdir.php in Frimousse ...) NOT-FOR-US: Frimousse CVE-2008-0426 (Multiple cross-site scripting (XSS) vulnerabilities in submit.php in ...) NOT-FOR-US: PacerCMS CVE-2008-0427 (Directory traversal vulnerability in file.php in bloofoxCMS 0.3 allows ...) NOT-FOR-US: bloofoxCMS CVE-2008-0428 (Multiple SQL injection vulnerabilities in the login function in ...) NOT-FOR-US: bloofoxCMS CVE-2008-0429 (SQL injection vulnerability in index.php in AlstraSoft Forum Pay Per ...) NOT-FOR-US: AlstraSoft CVE-2008-0430 (SQL injection vulnerability in form.php in 360 Web Manager 3.0 allows ...) NOT-FOR-US: 360 Web Manager CVE-2008-0431 (Directory traversal vulnerability in administrator/download.php in ...) NOT-FOR-US: IDMOS 1.0 CVE-2008-0432 (Cross-site scripting (XSS) vulnerability in index.php in phpAutoVideo ...) NOT-FOR-US: phpAutoVideo CVE-2008-0433 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Agares CVE-2008-0434 (Format string vulnerability in the AXIMilter module in AXIGEN Mail ...) NOT-FOR-US: AXIMilter CVE-2008-0435 (Directory traversal vulnerability in index.php in OZJournals 2.1.1 ...) NOT-FOR-US: OZJournals CVE-2008-0436 (Cross-site scripting (XSS) vulnerability in profile-upload/upload.asp ...) NOT-FOR-US: PD9 CVE-2008-0437 (Multiple buffer overflows in the WebHPVCInstall.HPVirtualRooms14 ...) NOT-FOR-US: WebHPVCInstall HPVirtualRooms14 CVE-2008-0438 (Cross-site scripting (XSS) vulnerability in the font rendering ...) NOT-FOR-US: Novemberborn sIFR 2.0.2 CVE-2008-0439 (Cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: DeluxeBB CVE-2008-0440 (AlstraSoft Forum Pay Per Post Exchange 2.0 stores passwords in ...) NOT-FOR-US: AlstraSoft Forum Pay Per Post Exchange CVE-2008-0441 (IBM Tivoli Business Service Manager (TBSM) 4.1.1 stores passwords in ...) NOT-FOR-US: IBM Tivoli Business Service Manager CVE-2008-0442 (PHP remote file inclusion vulnerability in inc/linkbar.php in Small ...) NOT-FOR-US: Small Axe Solutions Weblog CVE-2008-0443 (Heap-based buffer overflow in the FileUploader.FUploadCtl.1 ActiveX ...) NOT-FOR-US: Lycos FileUploader dll CVE-2008-0444 (Cross-site scripting (XSS) vulnerability in Electronic Logbook (ELOG) ...) NOT-FOR-US: ELOG CVE-2008-0445 (The replace_inline_img function in elogd in Electronic Logbook (ELOG) ...) NOT-FOR-US: ELOG CVE-2008-0446 (SQL injection vulnerability in voircom.php in LulieBlog 1.02 allows ...) NOT-FOR-US: Julian Pawlowski LulieBlog CVE-2008-0447 (SQL injection vulnerability in index.php in Foojan WMS PHP Weblog 1.0 ...) NOT-FOR-US: Foojan PHP Weblog CVE-2008-0448 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: CyberGL Dev Team phpSearch CVE-2008-0449 (SQL injection vulnerability in paypalresult.asp in VP-ASP Shopping ...) NOT-FOR-US: Rocksalt International VP_ASP CVE-2008-0450 (Multiple PHP remote file inclusion vulnerabilities in BLOG:CMS 4.2.1.c ...) NOT-FOR-US: Blog CMS CVE-2008-0451 (Multiple SQL injection vulnerabilities in PacerCMS 0.6 allow remote ...) NOT-FOR-US: PacerCMS CVE-2008-0452 (Directory traversal vulnerability in articles.php in Siteman 1.1.9 ...) NOT-FOR-US: Siteman CVE-2008-0453 (SQL injection vulnerability in list.php in Easysitenetwork Recipe ...) NOT-FOR-US: EasySiteNetwork Recipe Website Script CVE-2008-0454 (Cross-zone scripting vulnerability in the Internet Explorer web ...) NOT-FOR-US: internet explorer web control... CVE-2008-0455 (Cross-site scripting (XSS) vulnerability in the mod_negotiation module ...) BUG: 209899 CVE-2008-0456 (CRLF injection vulnerability in the mod_negotiation module in the ...) BUG: 209899 CVE-2008-0457 (Unrestricted file upload vulnerability in the FileUpload class running ...) NOT-FOR-US: Symantec Backup Exec System CVE-2008-0458 (Directory traversal vulnerability in function/sources.php in SLAED CMS ...) NOT-FOR-US: SLAED CMS CVE-2008-0459 (Directory traversal vulnerability in update/index.php in Liquid-Silver ...) NOT-FOR-US: LiquidSilverCMS CVE-2008-0460 (Cross-site scripting (XSS) vulnerability in api.php in (1) MediaWiki ...) BUG: 207757 CVE-2008-0461 (SQL injection vulnerability in index.php in the Search module in ...) NOT-FOR-US: Francisco Burzi PHP Nuke CVE-2008-0462 (Cross-site scripting (XSS) vulnerability in the Archive 5.x before ...) NOT-FOR-US: Drupal Archive Module CVE-2008-0463 (Cross-site scripting (XSS) vulnerability in the Workflow 4.7.x before ...) NOT-FOR-US: Drupal Workflow CVE-2008-0464 (Directory traversal vulnerability in archiv.cgi in absofort aconon ...) NOT-FOR-US: aconon Mail Enterprise SQL CVE-2008-0465 (Directory traversal vulnerability in optimizer.php in Seagull 0.6.3 ...) NOT-FOR-US: Seagull PHP Framework CVE-2008-0466 (Web Wiz RTE_file_browser.asp in, as used in Web Wiz Rich Text Editor ...) NOT-FOR-US: Web Wiz Rich Text Editor CVE-2008-0467 (Stack-based buffer overflow in Firebird before 2.0.4, and 2.1.x before ...) BUG: 208034 CVE-2008-0468 (SQL injection vulnerability in category.php in Flinx 1.3 and earlier ...) NOT-FOR-US: Flinx CVE-2008-0469 (SQL injection vulnerability in index.php in Tiger Php News System ...) NOT-FOR-US: Tiger Php News System CVE-2008-0470 (A certain ActiveX control in Comodo AntiVirus 2.0 allows remote ...) NOT-FOR-US: Microsoft ActiveX CVE-2008-0471 (Cross-site request forgery (CSRF) vulnerability in privmsg.php in ...) NOT-FOR-US: already masked CVE-2008-0472 (Cross-site request forgery (CSRF) vulnerability in modcp.php in ...) NOT-FOR-US: WoltLab Burning Board CVE-2008-0473 (RTE_popup_save_file.asp in Web Wiz Rich Text Editor 4.0 allows remote ...) NOT-FOR-US: Web Wiz Rich Text Editor CVE-2008-0474 (Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine ...) NOT-FOR-US: ManageEngine Applications Manager CVE-2008-0475 (ManageEngine Applications Manager 8.1 build 8100 allows remote ...) NOT-FOR-US: ManageEngine Applications Manager CVE-2008-0476 (ManageEngine Applications Manager 8.1 build 8100 does not check ...) NOT-FOR-US: ManageEngine Applications Manager CVE-2008-0477 (Stack-based buffer overflow in the QMPUpgrade.Upgrade.1 ActiveX ...) NOT-FOR-US: Move Networks Inc Move Media Player CVE-2008-0478 (Directory traversal vulnerability in index.php in SetCMS 3.6.5 allows ...) NOT-FOR-US: SetCMS CVE-2008-0479 (Directory traversal vulnerability in RTE_file_browser.asp in Web Wiz ...) NOT-FOR-US: Web Wiz NewsPad CVE-2008-0480 (Multiple directory traversal vulnerabilities in Web Wiz Forums 9.07 ...) NOT-FOR-US: Web Wiz Forums CVE-2008-0481 (Directory traversal vulnerability in RTE_file_browser.asp in Web Wiz ...) NOT-FOR-US: Web Wiz Rich Text Editor CVE-2008-0482 RESERVED CVE-2008-0483 RESERVED CVE-2008-0484 RESERVED CVE-2008-0485 (Array index error in libmpdemux/demux_mov.c in MPlayer 1.0 rc2 and ...) BUG: 208566 BUG: 209104 CVE-2008-0486 (Array index vulnerability in libmpdemux/demux_audio.c in MPlayer ...) BUG: 208566 BUG: 209106 BUG: 209104 CVE-2008-0487 (Multiple SQL injection vulnerabilities in login.asp in ASPired2Protect ...) NOT-FOR-US: The Net Guys ASPired2Protect CVE-2008-0488 (Directory traversal vulnerability in tseekdir.cgi in VB Marketing ...) NOT-FOR-US: VB Marketing CVE-2008-0489 (Directory traversal vulnerability in install.php in Clansphere ...) NOT-FOR-US: Clansphere CVE-2008-0490 (SQL injection vulnerability in functions/editevent.php in the WP-Cal ...) NOT-FOR-US: WordPress WP_Cal Plugin CVE-2008-0491 (SQL injection vulnerability in fim_rss.php in the fGallery 2.4.1 ...) NOT-FOR-US: WordPress fGallery plugin CVE-2008-0492 (Stack-based buffer overflow in the Persits.XUpload.2 ActiveX control ...) NOT-FOR-US: Persits Software XUpload CVE-2008-0493 (fpx.dll 3.9.8.0 in the FlashPix plugin for IrfanView 4.10 allows ...) NOT-FOR-US: IrfanView CVE-2008-0494 (Cross-site scripting (XSS) vulnerability in vpnum/userslist.php in ...) NOT-FOR-US: Endian Firewall CVE-2008-0495 (Unspecified vulnerability in the Pegasus CIM Server in IBM Hardware ...) NOT-FOR-US: IBM Hardware Management Console CVE-2008-0496 (Cross-site scripting (XSS) vulnerability in index.php in AmpJuke 0.7.0 ...) NOT-FOR-US: AmpJuke CVE-2008-0497 (Cross-site scripting (XSS) vulnerability in action.php in Nucleus CMS ...) NOT-FOR-US: Nucleus CMS CVE-2008-0498 (SQL injection vulnerability in main_bigware_53.tpl.php in Bigware Shop ...) NOT-FOR-US: Bigware Shop CVE-2008-0499 (SQL injection vulnerability in Mambo LaiThai 4.5.5 allows remote ...) NOT-FOR-US: MamboXChange LaiThai CVE-2008-0500 (Multiple unspecified vulnerabilities in Mambo LaiThai 4.5.5 have ...) NOT-FOR-US: MamboXChange LaiThai CVE-2008-0501 (Directory traversal vulnerability in phpMyClub 0.0.1 allows remote ...) NOT-FOR-US: SourceForge phpMyClub CVE-2008-0502 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Connectix Boards CVE-2008-0503 (Eval injection vulnerability in admin/op/disp.php in Netwerk Smart ...) NOT-FOR-US: Netwerk Smart Publisher CVE-2008-0504 (Multiple SQL injection vulnerabilities in Coppermine Photo Gallery ...) BUG: 208349 CVE-2008-0505 (Multiple cross-site scripting (XSS) vulnerabilities in ...) BUG: 208349 CVE-2008-0506 (include/imageObjectIM.class.php in Coppermine Photo Gallery (CPG) ...) BUG: 208349 CVE-2008-0507 (SQL injection vulnerability in adclick.php in the AdServe 0.2 plugin ...) NOT-FOR-US: WordPress AdServe CVE-2008-0508 (Cross-site request forgery (CSRF) vulnerability in ...) NOT-FOR-US: Dean Permalinks Migration Plugin CVE-2008-0509 (Multiple buffer overflows in IBM AIX 4.3 allow remote attackers to ...) NOT-FOR-US: IBM AIX CVE-2008-0510 (SQL injection vulnerability in index.php in the Newsletter ...) NOT-FOR-US: mambo does not ship this component by default CVE-2008-0511 (SQL injection vulnerability in index.php in the MaMML (com_mamml) ...) NOT-FOR-US: not shipped by default CVE-2008-0512 (SQL injection vulnerability in index.php in the fq (com_fq) component ...) NOT-FOR-US: we dont ship that componnt CVE-2008-0513 (Directory traversal vulnerability in ...) NOT-FOR-US: phpCMS CVE-2008-0514 (SQL injection vulnerability in index.php in the Glossary ...) NOT-FOR-US: we dont ship that component CVE-2008-0515 (SQL injection vulnerability in index.php in the musepoes ...) NOT-FOR-US: we dont ship that component CVE-2008-0516 (PHP remote file inclusion vulnerability in spaw/dialogs/confirm.php in ...) NOT-FOR-US: SQLite Manager CVE-2008-0517 (SQL injection vulnerability in index.php in the Darko Selesi ...) NOT-FOR-US: we do not ship that component CVE-2008-0518 (SQL injection vulnerability in index.php in the Recipes (com_recipes) ...) NOT-FOR-US: we do not ship that component CVE-2008-0519 (SQL injection vulnerability in index.php in the Atapin Jokes ...) NOT-FOR-US: we do not ship that component CVE-2008-0520 (Multiple SQL injection vulnerabilities in main.php in the WassUp ...) NOT-FOR-US: WordPress WassUp Plugin CVE-2008-0521 (Multiple directory traversal vulnerabilities in Bubbling Library 1.32 ...) NOT-FOR-US: Bubbling Library CVE-2008-0522 (Cross-site scripting (XSS) vulnerability in multiple Hal Networks ...) NOT-FOR-US: Hal Networks Shop_hal_v1 CVE-2008-0523 (Multiple cross-site scripting (XSS) vulnerabilities in SoftCart.exe in ...) NOT-FOR-US: SoftCart CVE-2008-0524 (Cross-site request forgery (CSRF) vulnerability in the management ...) NOT-FOR-US: Yamaha RTW65b CVE-2008-0525 (PatchLink Update client for Unix, as used by Novell ZENworks Patch ...) NOT-FOR-US: Lumension Security PatchLink Update CVE-2008-0526 (Cisco Unified IP Phone 7940, 7940G, 7960, and 7960G running SCCP ...) NOT-FOR-US: Cisco Skinny Client Control Protocol SCCP firmware CVE-2008-0527 (The HTTP server in Cisco Unified IP Phone 7935 and 7936 running SCCP ...) NOT-FOR-US: Cisco Skinny Client Control Protocol SCCP firmware CVE-2008-0528 (Buffer overflow in Cisco Unified IP Phone 7940, 7940G, 7960, and 7960G ...) NOT-FOR-US: Cisco Skinny Client Control Protocol SCCP firmware CVE-2008-0529 (Buffer overflow in the telnet server in Cisco Unified IP Phone 7906G, ...) NOT-FOR-US: Cisco Skinny Client Control Protocol SCCP firmware CVE-2008-0530 (Buffer overflow in Cisco Unified IP Phone 7940, 7940G, 7960, and 7960G ...) NOT-FOR-US: Cisco Skinny Client Control Protocol SCCP firmware CVE-2008-0531 (Heap-based buffer overflow in Cisco Unified IP Phone 7940, 7940G, ...) NOT-FOR-US: Cisco Skinny Client Control Protocol SCCP firmware CVE-2008-0532 (Multiple buffer overflows in securecgi-bin/CSuserCGI.exe in ...) NOT-FOR-US: Cisco Secure Access Control Server CVE-2008-0533 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: Cisco Secure Access Control Server CVE-2008-0534 (The SSH server in (1) Cisco Service Control Engine (SCE) before 3.1.6, ...) NOT-FOR-US: Cisco service_control_engine CVE-2008-0535 (Unspecified vulnerability in the SSH server in (1) Cisco Service ...) NOT-FOR-US: Cisco service_control_engine CVE-2008-0536 (Unspecified vulnerability in the SSH server in (1) Cisco Service ...) NOT-FOR-US: Cisco service_control_engine CVE-2008-0537 (Unspecified vulnerability in the Supervisor Engine 32 (Sup32), ...) NOT-FOR-US: Cisco Route Switch Processor CVE-2008-0538 (Multiple SQL injection vulnerabilities in phpIP Management 4.3.2 allow ...) NOT-FOR-US: phpIP Management CVE-2008-0539 (Cross-site scripting (XSS) vulnerability in dms/policy/rep_request.php ...) NOT-FOR-US: F5 BIG IP CVE-2008-0540 (Multiple cross-site scripting (XSS) vulnerabilities in trixbox 2.4.2.0 ...) NOT-FOR-US: trixbox CVE-2008-0541 (Multiple cross-site scripting (XSS) vulnerabilities in forum.php in ...) NOT-FOR-US: Gerd Tentler Simple Forum CVE-2008-0542 (Directory traversal vulnerability in thumbnail.php in Gerd Tentler ...) NOT-FOR-US: Gerd Tentler Simple Forum CVE-2008-0543 (Multiple SQL injection vulnerabilities in Pre Dynamic Institution ...) NOT-FOR-US: Pre Projects Pre Dynamic Institution CVE-2008-0544 (Heap-based buffer overflow in the IMG_LoadLBM_RW function in IMG_lbm.c ...) BUG: 207933 CVE-2008-0545 (Multiple directory traversal vulnerabilities in Bubbling Library 1.32 ...) NOT-FOR-US: Bubbling Library CVE-2008-0546 (Multiple SQL injection vulnerabilities in CandyPress (CP) 4.1.1.26, ...) NOT-FOR-US: ShoppingTree CandyPress Store CVE-2008-0547 (Cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: ShoppingTree CandyPress Store CVE-2008-0548 (Steamcast 0.9.75 and earlier allows remote attackers to cause a denial ...) NOT-FOR-US: Radio Toolbox Steamcast CVE-2008-0549 (Integer overflow in the OggHeaderParse function in Steamcast 0.9.75 ...) NOT-FOR-US: Radio Toolbox Steamcast CVE-2008-0550 (Off-by-one error in Steamcast 0.9.75 and earlier allows remote ...) NOT-FOR-US: Radio Toolbox Steamcast CVE-2008-0551 (The NamoInstaller.NamoInstall.1 ActiveX control in NamoInstaller.dll ...) NOT-FOR-US: Microsoft ActiveX CVE-2008-0552 (Cross-site scripting (XSS) vulnerability in index.php in eTicket ...) NOT-FOR-US: eTicket CVE-2008-0553 (Stack-based buffer overflow in the ReadImage function in tkImgGIF.c in ...) BUG: 208464 CVE-2008-0554 (Buffer overflow in the readImageData function in giftopnm.c in netpbm ...) BUG: 209334 CVE-2008-0555 (The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 ...) NOT-FOR-US: Apache SSL CVE-2008-0556 (Cross-site request forgery (CSRF) vulnerability in OpenCA PKI 0.9.2.5, ...) BUG: 210322 CVE-2008-0557 (SQL injection vulnerability in index.php in the CatalogShop ...) NOT-FOR-US: we do not ship that component CVE-2008-0558 (Cross-site scripting (XSS) vulnerability in Uniwin eCart Professional ...) NOT-FOR-US: Uniwin eCart Professional CVE-2008-0559 (Multiple directory traversal vulnerabilities in Nilson's Blogger 0.11 ...) NOT-FOR-US: Nilsons Blogger CVE-2008-0560 (** DISPUTED ** ...) NOT-FOR-US: Contact Forms cForms CVE-2008-0561 (SQL injection vulnerability in index.php in the Arthur Konze ...) NOT-FOR-US: Arthur Konze WebDesign AkoGallery CVE-2008-0562 (SQL injection vulnerability in index.php in the Restaurant ...) NOT-FOR-US: we do not ship that component CVE-2008-0563 (Cross-site request forgery (CSRF) vulnerability in ...) NOT-FOR-US: Liferay Enterprise Portal CVE-2008-0564 (Multiple cross-site scripting (XSS) vulnerabilities in Mailman before ...) BUG: 208710 CVE-2008-0565 (SQL injection vulnerability in vote.php in DeltaScripts PHP Links 1.3 ...) NOT-FOR-US: DeltaScripts PHP Links CVE-2008-0566 (PHP remote file inclusion vulnerability in includes/smarty.php in ...) NOT-FOR-US: DeltaScripts PHP Links CVE-2008-0567 (Multiple PHP remote file inclusion vulnerabilities in ChronoEngine ...) NOT-FOR-US: ChronoEngine ChronoForms CVE-2008-0568 (Unspecified vulnerability in the IP-authentication feature in the ...) NOT-FOR-US: we do not ship that module CVE-2008-0569 (The Comment Upload 4.7.x before 4.7.x-0.1 and 5.x before 5.x-0.1 ...) NOT-FOR-US: Drupal Comment Upload Module CVE-2008-0570 (The OpenID 5.x-1.0 and earlier module for Drupal does not properly ...) NOT-FOR-US: Drupal OpenID CVE-2008-0571 (The point moderation form in the Userpoints 4.7.x before 4.7.x-2.3, ...) NOT-FOR-US: Drupal Userpoints Module CVE-2008-0572 (Multiple PHP remote file inclusion vulnerabilities in Mindmeld ...) NOT-FOR-US: Mindmeld CVE-2008-0573 (IPSecDrv.sys 10.4.0.12 in SafeNET HighAssurance Remote and SoftRemote ...) NOT-FOR-US: SafeNet SoftRemote VPN Client CVE-2008-0574 (Cross-site scripting (XSS) vulnerability in index.php in webSPELL ...) NOT-FOR-US: webSPELL CVE-2008-0575 (Cross-site request forgery (CSRF) vulnerability in ...) NOT-FOR-US: webSPELL CVE-2008-0576 (Cross-site scripting (XSS) vulnerability in the Project Issue Tracking ...) NOT-FOR-US: Drupal Project Issue Tracking module CVE-2008-0577 (The Project Issue Tracking module 5.x-2.x-dev before 20080130 in the ...) NOT-FOR-US: Drupal Project Issue Tracking module CVE-2008-0578 (Cross-site scripting (XSS) vulnerability in the web management login ...) NOT-FOR-US: Tripwire Enterprise CVE-2008-0579 (SQL injection vulnerability in index.php in the buslicense ...) NOT-FOR-US: Joomla com_buslicense CVE-2008-0580 (Geert Moernaut LSrunasE and Supercrypt use an encryption key composed ...) NOT-FOR-US: Geert Moernaut LSrunasE CVE-2008-0581 (Geert Moernaut LSrunasE allows local users to gain privileges by ...) NOT-FOR-US: Moernaut LSrunasE CVE-2008-0582 (Cross-zone scripting vulnerability in the Internet Explorer web ...) NOT-FOR-US: on windows CVE-2008-0583 (Cross-zone scripting vulnerability in the Internet Explorer web ...) NOT-FOR-US: internet explorer web controll CVE-2008-0584 (Multiple buffer overflows in bos.rte.control in IBM AIX 5.2 and 5.3 ...) NOT-FOR-US: IBM AIX CVE-2008-0585 (sysmgt.websm.webaccess in IBM AIX 5.2 and 5.3 has world writable ...) NOT-FOR-US: IBM AIX CVE-2008-0586 (Multiple buffer overflows in IBM AIX 5.2 and 5.3 allow local users to ...) NOT-FOR-US: IBM AIX CVE-2008-0587 (Buffer overflow in the uspchrp program in devices.chrp.base.diag in ...) NOT-FOR-US: IBM AIX CVE-2008-0588 (Buffer overflow in the utape program in devices.scsi.tape.diag in IBM ...) NOT-FOR-US: IBM AIX CVE-2008-0589 (The ps program in bos.rte.control in IBM AIX 5.2, 5.3, and 6.1 allows ...) NOT-FOR-US: IBM AIX CVE-2008-0590 (Buffer overflow in Ipswitch WS_FTP Server with SSH 6.1.0.0 allows ...) NOT-FOR-US: Ipswitch WS_FTP Server CVE-2008-0591 (Mozilla Firefox before 2.0.0.12 and Thunderbird before 2.0.0.12 does ...) BUG: 208128 CVE-2008-0592 (Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows ...) BUG: 208128 CVE-2008-0593 (Gecko-based browsers, including Mozilla Firefox before 2.0.0.12 and ...) BUG: 208128 CVE-2008-0594 (Mozilla Firefox before 2.0.0.12 does not always display a web forgery ...) BUG: 208128 CVE-2008-0595 (dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes ...) BUG: 211451 CVE-2008-0596 (Memory leak in CUPS before 1.1.22, and possibly other versions, allows ...) NOTE: Obsolete versions CVE-2008-0597 (Use-after-free vulnerability in CUPS before 1.1.22, and possibly other ...) NOTE: Obsolete versions CVE-2008-0598 (Unspecified vulnerability in the 32-bit and 64-bit emulation in the ...) BUG: 211450 CVE-2008-0599 (The init_request_info function in sapi/cgi/cgi_main.c in PHP before ...) BUG: 212211 CVE-2008-0600 (The vmsplice_to_pipe function in Linux kernel 2.6.17 through 2.6.24.1 ...) BUG: 209460 CVE-2008-0601 (SQL injection vulnerability in index.php in All Club CMS (ACCMS) ...) NOT-FOR-US: All Club CMS CVE-2008-0602 (Directory traversal vulnerability in index.php in All Club CMS (ACCMS) ...) NOT-FOR-US: All Club CMS CVE-2008-0603 (SQL injection vulnerability in index.php in the amazOOP Awesom! ...) NOT-FOR-US: Joomla com_awesom CVE-2008-0604 (The LDAP authentication feature in XLight FTP Server before 2.83, when ...) NOT-FOR-US: XLight FTP Server CVE-2008-0605 (Multiple cross-site scripting (XSS) vulnerabilities in AstroSoft ...) NOT-FOR-US: AstroSoft HelpDesk CVE-2008-0606 (SQL injection vulnerability in index.php in the Shambo2 (com_shambo2) ...) NOT-FOR-US: Joomla com_shambo2 CVE-2008-0607 (SQL injection vulnerability in index.php in the Sigsiu Online Business ...) NOT-FOR-US: Mambo com_sobi2 CVE-2008-0608 (The Logging Server (ftplogsrv.exe) 7.9.14.0 and earlier in IPSwitch ...) NOT-FOR-US: Ipswitch WS_FTP CVE-2008-0609 (Directory traversal vulnerability in index.php in DivideConcept VHD ...) NOT-FOR-US: DivideConcept VHD Web Pack CVE-2008-0610 (Stack-based buffer overflow in the ...) NOT-FOR-US: UltraVNC CVE-2008-0611 (SQL injection vulnerability in rmgs/images.php in the RMSOFT Gallery ...) NOT-FOR-US: masked in portage CVE-2008-0612 (Directory traversal vulnerability in htdocs/install/index.php in XOOPS ...) NOT-FOR-US: masked in portage CVE-2008-0613 (Open redirect vulnerability in htdocs/user.php in XOOPS 2.0.18 allows ...) NOT-FOR-US: masked in portage CVE-2008-0614 (SQL injection vulnerability in index.php in Photokorn Gallery 1.543 ...) NOT-FOR-US: photokorn Gallery CVE-2008-0615 (Directory traversal vulnerability in wp-admin/admin.php in the ...) NOT-FOR-US: DMSGuestbook CVE-2008-0616 (SQL injection vulnerability in the administration panel in the ...) NOT-FOR-US: DMSGuestbook CVE-2008-0617 (Multiple cross-site scripting (XSS) vulnerabilities in the ...) NOT-FOR-US: Wordpress DMSGuestbook plugin CVE-2008-0618 (Multiple cross-site scripting (XSS) vulnerabilities in the ...) NOT-FOR-US: Wordpress DMSGuestbook Plugin CVE-2008-0619 (Buffer overflow in NeroMediaPlayer.exe in Nero Media Player 1.4.0.35 ...) NOT-FOR-US: Nero MediaPlayer CVE-2008-0620 (SAPLPD 6.28 and earlier included in SAP GUI 7.10 and SAPSprint before ...) NOT-FOR-US: SAPSPRINT CVE-2008-0621 (Buffer overflow in SAPLPD 6.28 and earlier included in SAP GUI 7.10 ...) NOT-FOR-US: SAPgui CVE-2008-0622 (Cross-site scripting (XSS) vulnerability in RaidenHTTPD 2.0.19 and ...) NOT-FOR-US: RaidenHTTPD CVE-2008-0623 (Stack-based buffer overflow in the YMP Datagrid ActiveX control ...) NOT-FOR-US: YMP CVE-2008-0624 (Buffer overflow in the YMP Datagrid ActiveX control (datagrid.dll) in ...) NOT-FOR-US: YMP CVE-2008-0625 (Buffer overflow in the MediaGrid ActiveX control (mediagrid.dll) in ...) NOT-FOR-US: MediaGrid CVE-2008-0626 REJECTED NOT-FOR-US: rejected.. CVE-2008-0627 REJECTED NOT-FOR-US: rejected.. CVE-2008-0628 (The XML parsing code in Sun Java Runtime Environment JDK and JRE 6 ...) BUG: 212425 CVE-2008-0629 (Buffer overflow in stream_cddb.c in MPlayer 1.0rc2 and SVN before ...) BUG: 208566 CVE-2008-0630 (Buffer overflow in url.c in MPlayer 1.0rc2 and SVN before r25823 ...) BUG: 208566 CVE-2008-0631 (Multiple ActiveX controls in MailBee.dll in MailBee Objects 5.5 allow ...) NOT-FOR-US: AfterLogic MailBee Objects CVE-2008-0632 (Unrestricted file upload vulnerability in cp_upload_image.php in ...) NOT-FOR-US: LightBlog CVE-2008-0633 (Buffer overflow in Anon Proxy Server 0.102 and earlier, when user ...) NOT-FOR-US: Anon Proxy Server CVE-2008-0634 (Buffer overflow in the NamoInstaller.NamoInstall.1 ActiveX control in ...) NOT-FOR-US: Sejoong Namo ActiveSquare CVE-2008-0635 (Unspecified vulnerability in the delivery engine in Openads 2.4.0 ...) NOT-FOR-US: Openads CVE-2008-0636 (Level Platforms, Inc. (LPI) Managed Workplace Service Center 4.x, 5.x ...) NOT-FOR-US: Managed Workplace Service Center CVE-2008-0637 RESERVED CVE-2008-0638 (Heap-based buffer overflow in the Veritas Enterprise Administrator ...) NOT-FOR-US: Symantec Veritas Storage Foundation CVE-2008-0639 (Stack-based buffer overflow in the EnumPrinters function in the ...) NOT-FOR-US: Novell Client 4.91 CVE-2008-0640 (Symantec Ghost Solution Suite 1.1 before 1.1 patch 2, 2.0.0, and 2.0.1 ...) NOT-FOR-US: Symantec Ghost Solution Suite CVE-2008-0641 RESERVED CVE-2008-0642 (Cross-site scripting (XSS) vulnerability in files created by Adobe ...) NOT-FOR-US: Adobe RoboHelp CVE-2008-0643 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 7 and ...) NOT-FOR-US: Adobe ColdFusion MX CVE-2008-0644 (Adobe ColdFusion MX 7 and ColdFusion 8 allows remote attackers to ...) NOT-FOR-US: Adobe ColdFusion MX CVE-2008-0645 (Multiple PHP remote file inclusion vulnerabilities in Portail Web Php ...) NOT-FOR-US: Portail Web Php CVE-2008-0646 (The bdecode_recursive function in include/libtorrent/bencode.hpp in ...) BUG: 208854 BUG: 208162 CVE-2008-0647 (Multiple stack-based buffer overflows in the ...) NOT-FOR-US: Ourgame GLWorld CVE-2008-0648 (Multiple PHP remote file inclusion vulnerabilities in OpenSiteAdmin ...) NOT-FOR-US: OpenSiteAdmin CVE-2008-0649 (SQL injection vulnerability in detail.php in Astanda Directory Project ...) NOT-FOR-US: ADP Astanda Directory Project CVE-2008-0650 (SQL injection vulnerability in login.php in Simple OS CMS 0.1c beta ...) NOT-FOR-US: Simple OS CMS CVE-2008-0651 (SQL injection vulnerability in login.php in Pedro Santana Codice CMS ...) NOT-FOR-US: Pedro Santana Codice CMS CVE-2008-0652 (SQL injection vulnerability in index.php in the Downloads ...) NOT-FOR-US: Mambo com_downloads CVE-2008-0653 (SQL injection vulnerability in index.php in the Ynews (com_ynews) ...) NOT-FOR-US: Joomla com_ynews CVE-2008-0654 (Multiple directory traversal vulnerabilities in Azucar CMS 1.3 allow ...) NOT-FOR-US: Azucar CMS CVE-2008-0655 (Multiple unspecified vulnerabilities in Adobe Reader and Acrobat ...) BUG: 170177 CVE-2008-0656 (Unrestricted file upload vulnerability in dmclTrace.jsp in EMC ...) NOT-FOR-US: EMC Documentum WebTop CVE-2008-0657 (Multiple unspecified vulnerabilities in the Java Runtime Environment ...) BUG: 212425 CVE-2008-0658 (slapd/back-bdb/modrdn.c in the BDB backend for slapd in OpenLDAP ...) BUG: 209677 CVE-2008-0659 (Stack-based buffer overflow in Aurigma Image Uploader ActiveX control ...) NOT-FOR-US: MySpaceUploader CVE-2008-0660 (Multiple stack-based buffer overflows in Aurigma Image Uploader ...) NOT-FOR-US: FaceBook PhotoUploader CVE-2008-0661 (Buffer overflow in dBpowerAMP Audio Player Release 2 allows remote ...) NOT-FOR-US: Illustrate dBpowerAMP Audio Player CVE-2008-0662 (The Auto Local Logon feature in Check Point VPN-1 ...) NOT-FOR-US: Checkpoint VPN 1 SecureClient CVE-2008-0663 (Novell Challenge Response Client (LCM) 2.7.5 and earlier, as used with ...) NOT-FOR-US: Novell Challenge Response Client CVE-2008-0664 (The XML-RPC implementation (xmlrpc.php) in WordPress before 2.3.3, ...) BUG: 208980 CVE-2008-0665 (wml_backend/p1_ipp/ipp.src in Website META Language (WML) 2.0.11 ...) BUG: 209927 CVE-2008-0666 (Website META Language (WML) 2.0.11 allows local users to overwrite ...) BUG: 209927 CVE-2008-0667 (The DOC.print function in the Adobe JavaScript API, as used by Adobe ...) BUG: 170177 CVE-2008-0668 (The excel_read_HLINK function in plugins/excel/ms-excel-read.c in ...) BUG: 208356 CVE-2008-0669 (Cross-site scripting (XSS) vulnerability in search.cgi in Sift Unity ...) NOT-FOR-US: Sift Unity CVE-2008-0670 (SQL injection vulnerability in index.php in the Noticias ...) NOT-FOR-US: module not in portage CVE-2008-0671 (Stack-based buffer overflow in the add_line_buffer function in ...) BUG: 209903 CVE-2008-0672 (The process_chat_input function in TinTin++ 1.97.9 and WinTin++ 1.97.9 ...) BUG: 209903 CVE-2008-0673 (TinTin++ 1.97.9 and WinTin++ 1.97.9 open files on the basis of an ...) BUG: 209903 CVE-2008-0674 (Buffer overflow in PCRE before 7.6 allows remote attackers to execute ...) BUG: 209293 BUG: 209067 CVE-2008-0675 (SQL injection vulnerability in cms/index.pl in The Everything ...) NOT-FOR-US: The Everything Development Company The Everything Development Engine CVE-2008-0676 (Cross-site scripting (XSS) vulnerability in search.php in A-Blog 2 ...) NOT-FOR-US: A Blog CVE-2008-0677 (SQL injection vulnerability in blog.php in A-Blog 2 allows remote ...) NOT-FOR-US: A Blog CVE-2008-0678 (SQL injection vulnerability in index.php in BlogPHP 2.0 allows remote ...) NOT-FOR-US: BlogPHP CVE-2008-0679 (Cross-site scripting (XSS) vulnerability in index.php in BlogPHP 2.0 ...) NOT-FOR-US: BlogPHP CVE-2008-0680 (SNMPd in MicroTik RouterOS 3.2 and earlier allows remote attackers to ...) NOT-FOR-US: MicroTik RouterOS CVE-2008-0681 (SQL injection vulnerability in index.php in PHPShop 0.8.1 allows ...) NOT-FOR-US: phpShop CVE-2008-0682 (SQL injection vulnerability in wordspew-rss.php in the Wordspew plugin ...) NOT-FOR-US: WordPress Wordspew Plugin CVE-2008-0683 (SQL injection vulnerability in shiftthis-preview.php in the ShiftThis ...) NOT-FOR-US: st_newsletter CVE-2008-0684 (Cross-site scripting (XSS) vulnerability in ViewCat.php in ...) NOT-FOR-US: iTechClassifieds CVE-2008-0685 (SQL injection vulnerability in ViewCat.php in iTechClassifieds 3.0 ...) NOT-FOR-US: iTechClassifieds CVE-2008-0686 (SQL injection vulnerability in index.php in the NeoReferences ...) NOT-FOR-US: NeoReferences CVE-2008-0687 (Cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: Youtube Clone Script CVE-2008-0688 (Cross-site scripting (XSS) vulnerability in catalog.php in Smartscript ...) NOT-FOR-US: Smartscript Domain Trader CVE-2008-0689 (SQL injection vulnerability in index.php in the Marketplace ...) NOT-FOR-US: module not in portage CVE-2008-0690 (SQL injection vulnerability in index.php in the mosDirectory ...) NOT-FOR-US: module not in portage CVE-2008-0691 (Multiple cross-site scripting (XSS) vulnerabilities in admin_panel.php ...) NOT-FOR-US: WP-Footnotes 2.2 plugin for WordPress CVE-2008-0692 (SQL injection vulnerability in bidhistory.php in iTechBids 3 Gold and ...) NOT-FOR-US: iTechBids CVE-2008-0693 (Stack-based buffer overflow in PQCore.exe in Print Manager Plus 2008 ...) NOT-FOR-US: Print Manager Plus 2008 CVE-2008-0694 (Cross-site scripting (XSS) vulnerability in the HTTP Server in IBM ...) NOT-FOR-US: IBM OS/400 CVE-2008-0695 (SQL injection vulnerability in index.php in BookmarkX script 2007 ...) NOT-FOR-US: BookmarkX CVE-2008-0696 (IBM DB2 UDB before 8.2 Fixpak 16 does not properly check authorization ...) NOT-FOR-US: IBM DB2 UDB CVE-2008-0697 (Unspecified vulnerability in DB2PD in IBM DB2 UDB before 8.2 Fixpak 16 ...) NOT-FOR-US: IBM DB2 UDB CVE-2008-0698 (Buffer overflow in the DAS server in IBM DB2 UDB before 8.2 Fixpak 16 ...) NOT-FOR-US: IBM DB2 UDB CVE-2008-0699 (Unspecified vulnerability in the ADMIN_SP_C procedure ...) NOT-FOR-US: IBM DB2 UDB CVE-2008-0700 (Cross-site scripting (XSS) vulnerability in search.php in Crux ...) NOT-FOR-US: CruxCMS CVE-2008-0701 (ActivationHandler in Magnolia CE 3.5.x before 3.5.4 does not check ...) NOT-FOR-US: Magnolia CE CVE-2008-0702 (Multiple heap-based buffer overflows in Titan FTP Server 6.03 and ...) NOT-FOR-US: Titan FTP Server CVE-2008-0703 (Multiple directory traversal vulnerabilities in sflog! 0.96 allow ...) NOT-FOR-US: sflog CVE-2008-0704 (Unspecified vulnerability in the SSH server in HP OpenVMS TCP/IP ...) NOT-FOR-US: HP OpenVMS TCP/IP CVE-2008-0705 RESERVED CVE-2008-0706 (Unspecified vulnerability in the BIOS F.26 and earlier for the HP ...) NOT-FOR-US: HP Compaq BIOS CVE-2008-0707 (HP StorageWorks Library and Tape Tools (LTT) before 4.5 SR1 on HP-UX ...) NOT-FOR-US: HP StorageWorks Library and Tape Tools CVE-2008-0708 (HP USB 2.0 Floppy Drive Key product options (1) 442084-B21 and (2) ...) NOT-FOR-US: HP 442084 B21 CVE-2008-0709 (Multiple unspecified vulnerabilities in HP Select Identity 4.00, 4.01, ...) NOT-FOR-US: HP Select Identity CVE-2008-0710 RESERVED CVE-2008-0711 (Unspecified vulnerability in the embedded management console in HP ...) NOT-FOR-US: HP rx3600 CVE-2008-0712 (Unspecified vulnerability in the HP HPeDiag (aka eSupportDiagnostics) ...) NOT-FOR-US: HP HPeDiag CVE-2008-0713 (Unspecified vulnerability in the FTP server for HP-UX B.11.11, ...) NOT-FOR-US: HP UX CVE-2008-0714 (SQL injection vulnerability in users.php in Mihalism Multi Host allows ...) NOT-FOR-US: Mihalism Multi Host CVE-2008-0715 (Buffer overflow in ACDSee Photo Manager 8.1, 9.0, and 10.0 allows ...) NOT-FOR-US: ACDSee Photo Manager CVE-2008-0716 (The agent in Symantec Altiris Notification Server before 6.0 SP3 R7 ...) NOT-FOR-US: Symantec Altiris Notification Server CVE-2008-0717 (Cross-site scripting (XSS) vulnerability in Caching Proxy (CP) 5.1 ...) NOT-FOR-US: IBM WebSphere Edge Server CVE-2008-0718 (Unspecified vulnerability in the USB Mouse STREAMS module (usbms) in ...) NOT-FOR-US: USB Mouse STREAMS module usbms in Sun Solaris CVE-2008-0719 (SQL injection vulnerability in customer_testimonials.php in the ...) NOT-FOR-US: osCommerce Online Merchant Customer Testimonials CVE-2008-0720 (Cross-site scripting (XSS) vulnerability in Webmin 1.370 and 1.390 and ...) BUG: 209453 CVE-2008-0721 (SQL injection vulnerability in index.php in the Sermon (com_sermon) ...) NOT-FOR-US: module not in portage CVE-2008-0722 (Cross-site scripting (XSS) vulnerability in index.php in Pagetool ...) NOT-FOR-US: Pagetool CVE-2008-0723 (Cross-site scripting (XSS) vulnerability in mynews.inc.php in MyNews ...) NOT-FOR-US: MyNews CVE-2008-0724 (The Everything Development Engine in The Everything Development System ...) NOT-FOR-US: The Everything Development Engine CVE-2008-0725 (Multiple heap-based buffer overflows in the (1) FTP service and (2) ...) NOT-FOR-US: Titan FTP Server CVE-2008-0726 (Integer overflow in Adobe Reader and Acrobat 8.1.1 and earlier allows ...) BUG: 170177 CVE-2008-0727 (Multiple buffer overflows in oninit.exe in IBM Informix Dynamic Server ...) NOT-FOR-US: IBM Informix Dynamic Server IDS CVE-2008-0728 (The unmew11 function in libclamav/mew.c in libclamav in ClamAV before ...) BUG: 209915 CVE-2008-0729 (Mobile Safari on Apple iPhone 1.1.2 and 1.1.3 allows remote attackers ...) NOT-FOR-US: Apple Mobile Safari CVE-2008-0730 (The (1) Simplified Chinese, (2) Traditional Chinese, (3) Korean, and ...) NOT-FOR-US: Sun Solaris CVE-2008-0731 (The Linux kernel before 2.6.18.8-0.8 in SUSE openSUSE 10.2 does not ...) NOT-FOR-US: Novell AppArmor CVE-2008-0732 (The init script for Apache Geronimo on SUSE Linux follows symlinks ...) NOT-FOR-US: Apache Software Foundation Geronimo CVE-2008-0733 (SQL injection vulnerability in index.php in CS Team Counter Strike ...) NOT-FOR-US: CS Team Counter Strike Portal CVE-2008-0734 (SQL injection vulnerability in class_auth.php in Limbo CMS 1.0.4.2, ...) NOT-FOR-US: Limbo CMS CVE-2008-0735 (SQL injection vulnerability in mod/gallery/ajax/gallery_data.php in ...) NOT-FOR-US: AuraCMS CVE-2008-0736 (admin/SA_shipFedExMeter.asp in CandyPress (CP) 4.1.1.26, and possibly ...) NOT-FOR-US: ShoppingTree CandyPress Store CVE-2008-0737 (SQL injection vulnerability in admin/utilities_ConfigHelp.asp in ...) NOT-FOR-US: ShoppingTree CandyPress Store CVE-2008-0738 (Multiple SQL injection vulnerabilities in CandyPress (CP) 4.1.1.26, ...) NOT-FOR-US: ShoppingTree CandyPress Store CVE-2008-0739 (SQL injection vulnerability in admin/SA_shipFedExMeter.asp in ...) NOT-FOR-US: ShoppingTree CandyPress Store CVE-2008-0740 (IBM WebSphere Application Server (WAS) before 6.0.2 Fix Pack 25 ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2008-0741 (Unspecified vulnerability in the PropFilePasswordEncoder utility in ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2008-0742 (Multiple directory traversal vulnerabilities in PowerScripts PowerNews ...) NOT-FOR-US: PowerScripts PowerNews CVE-2008-0743 (PHP remote file inclusion vulnerability in members_help.php in Joovili ...) NOT-FOR-US: Joovili CVE-2008-0744 (SQL injection vulnerability in user_login.asp in PreProjects.com Pre ...) NOT-FOR-US: PreProjects com Pre Hotels Resorts Management System CVE-2008-0745 (Directory traversal vulnerability in aides/index.php in DomPHP 0.82 ...) NOT-FOR-US: DomPHP CVE-2008-0746 (SQL injection vulnerability in index.php in the Gallery (com_gallery) ...) NOT-FOR-US: Mambo com_gallery CVE-2008-0747 (Stack-based buffer overflow in COWON America jetAudio 7.0.5 and ...) NOT-FOR-US: COWON America jetAudio Basic CVE-2008-0748 (Buffer overflow in the Sony AxRUploadServer.AxRUploadControl.1 ActiveX ...) NOT-FOR-US: Sony ImageStation CVE-2008-0749 (Cross-site scripting (XSS) vulnerability in index.php in Calimero.CMS ...) NOT-FOR-US: Calimero CMS CVE-2008-0750 (SQL injection vulnerability in philboard_forum.asp in Husrev ...) NOT-FOR-US: Husrev Blackboard CVE-2008-0751 (Cross-site scripting (XSS) vulnerability in the Freetag before 2.96 ...) NOT-FOR-US: S9Y Serendipity Freetag plugin CVE-2008-0752 (SQL injection vulnerability in index.php in the Neogallery ...) NOT-FOR-US: Mambo com_neogallery CVE-2008-0753 (SQL injection vulnerability in calendar.php in Virtual War (VWar) 1.5 ...) NOT-FOR-US: VWar Virtual War CVE-2008-0754 (Multiple SQL injection vulnerabilities in index.php in the Rapid ...) NOT-FOR-US: Joomla com_rapidrecipe CVE-2008-0755 (Format string vulnerability in the ReportSysLogEvent function in the ...) NOT-FOR-US: cyan soft Opium OPI Server CVE-2008-0756 (The LPD server in cyan soft Opium OPI Server 4.10.1028 and earlier; ...) NOT-FOR-US: cyan soft Opium OPI Server CVE-2008-0757 (Cross-site scripting (XSS) vulnerability in index.php in MercuryBoard ...) NOT-FOR-US: MercuryBoard CVE-2008-0758 (Multiple directory traversal vulnerabilities in the Zidget/HTTP ...) NOT-FOR-US: ExtremeZ-IP File and Print Server CVE-2008-0759 (ExtremeZ-IP.exe in ExtremeZ-IP File and Print Server 5.1.2x15 and ...) NOT-FOR-US: ExtremeZ IP File and Print Server CVE-2008-0760 (Directory traversal vulnerability in SafeNet Sentinel Protection ...) NOT-FOR-US: SafeNet Sentinel Protection Server CVE-2008-0761 (SQL injection vulnerability in index.php in the Prince Clan Chess Club ...) NOT-FOR-US: Prince Clan Chess Club com_pcchess CVE-2008-0762 (SQL injection vulnerability in index.php in the com_iomezun component ...) NOT-FOR-US: com_iomezun CVE-2008-0763 (Stack-based buffer overflow in NPSpcSVR.exe in Larson Network Print ...) NOT-FOR-US: Larson Network Print Server LstNPS CVE-2008-0764 (Format string vulnerability in the logging function in Larson Network ...) NOT-FOR-US: Larson Network Print Server (LstNPS) CVE-2008-0765 (Multiple cross-site scripting (XSS) vulnerabilities in artmedic ...) NOT-FOR-US: artmedic webdesign weblog CVE-2008-0766 (Stack-based buffer overflow in RpmSrvc.exe in Brooks Remote Print ...) NOT-FOR-US: Brooks Remote Print Manager RPM CVE-2008-0767 (ExtremeZ-IP.exe in ExtremeZ-IP File and Print Server 5.1.2x15 and ...) NOT-FOR-US: ExtremeZ IP File and Print Server CVE-2008-0768 (Multiple stack-based and heap-based buffer overflows in the Windows ...) NOT-FOR-US: Windows RPC components for IBM Informix Storage Manager ISM as used in Informix Dynamic Server IDS CVE-2008-0769 (Cross-site scripting (XSS) vulnerability in Livelink ECM 9.0.0 through ...) NOT-FOR-US: OpenText Livelink ECM CVE-2008-0770 (SQL injection vulnerability in arcade.php in ibProArcade 3.3.0 and ...) NOT-FOR-US: ibProArcade CVE-2008-0771 (Multiple SQL injection vulnerabilities in default.asp in Site2Nite ...) NOT-FOR-US: Site2Nite Real Estate Web CVE-2008-0772 (SQL injection vulnerability in index.php in the com_doc component for ...) NOT-FOR-US: module not in portage CVE-2008-0773 (SQL injection vulnerability in Phil Taylor Comments (com_comments, aka ...) NOT-FOR-US: module not in portage CVE-2008-0774 (Cross-site scripting (XSS) vulnerability in search.cgi in Loris Hotel ...) NOT-FOR-US: Loris Hotel Reservation System CVE-2008-0775 (Cross-site scripting (XSS) vulnerability in sboxDB.php in Simple ...) NOT-FOR-US: Simple Machines SMF Shoutbox CVE-2008-0776 (SQL injection vulnerability in detail.php in iTechBids Gold 6.0 allows ...) NOT-FOR-US: iTechScripts iTechBids CVE-2008-0777 (The sendfile system call in FreeBSD 5.5 through 7.0 does not check the ...) BUG: 212145 CVE-2008-0778 (Multiple stack-based buffer overflows in an ActiveX control in ...) NOT-FOR-US: QTPlugin.ocx for Apple QuickTime CVE-2008-0779 (The fortimon.sys device driver in Fortinet FortiClient Host Security ...) NOT-FOR-US: Fortinet FortiClient CVE-2008-0780 (Cross-site scripting (XSS) vulnerability in MoinMoin 1.5.x through ...) BUG: 209133 CVE-2008-0781 (Multiple cross-site scripting (XSS) vulnerabilities in ...) BUG: 209133 CVE-2008-0782 (Directory traversal vulnerability in MoinMoin 1.5.8 and earlier allows ...) BUG: 209133 CVE-2008-0783 (Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.7 ...) BUG: 209918 CVE-2008-0784 (graph.php in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k allows ...) BUG: 209918 CVE-2008-0785 (Multiple SQL injection vulnerabilities in Cacti 0.8.7 before 0.8.7b ...) BUG: 209918 CVE-2008-0786 (CRLF injection vulnerability in Cacti 0.8.7 before 0.8.7b and 0.8.6 ...) BUG: 209918 CVE-2008-0787 (SQL injection vulnerability in inc/datahandlers/pm.php in MyBB before ...) NOT-FOR-US: MyBulletinBoard CVE-2008-0788 (Multiple cross-site request forgery (CSRF) vulnerabilities in MyBB ...) NOT-FOR-US: MyBB CVE-2008-0789 (SQL injection vulnerability in countdown.php in LI-Scripts ...) NOT-FOR-US: LI Scripts LI Countdown CVE-2008-0790 (Directory traversal vulnerability in ipdsserver.exe in Intermate ...) NOT-FOR-US: Intermate WinIPDS CVE-2008-0791 (ipdsserver.exe in Intermate WinIPDS 3.3 G52-33-021 allows remote ...) NOT-FOR-US: Intermate WinIPDS CVE-2008-0792 (Multiple F-Secure anti-virus products, including Internet Security ...) NOT-FOR-US: F Secure Anti Virus CVE-2008-0793 (Multiple cross-site scripting (XSS) vulnerabilities in search.asp in ...) NOT-FOR-US: Tendenci CMS CVE-2008-0794 (Directory traversal vulnerability in user/header.php in Affiliate ...) NOT-FOR-US: Affiliate Market CVE-2008-0795 (SQL injection vulnerability in index.php in the MGFi XfaQ (com_xfaq) ...) NOT-FOR-US: MGFi XfaQ com_xfaq CVE-2008-0796 (SQL injection vulnerability in threads.php in Nuboard 0.5 allows ...) NOT-FOR-US: Nuboard CVE-2008-0797 (Directory traversal vulnerability in lib/download.php in iTheora 1.0 ...) NOT-FOR-US: iTheora CVE-2008-0798 (Multiple directory traversal vulnerabilities in artmedic webdesign ...) NOT-FOR-US: artmedic webdesign weblog CVE-2008-0799 (SQL injection vulnerability in index.php in the Quiz (com_quiz) 0.81 ...) NOT-FOR-US: Quiz com_quiz CVE-2008-0800 (SQL injection vulnerability in index.php in the McQuiz (com_mcquiz) ...) NOT-FOR-US: McQuiz com_mcquiz CVE-2008-0801 (SQL injection vulnerability in index.php in the PAXXGallery ...) NOT-FOR-US: com_paxxgallery CVE-2008-0802 (SQL injection vulnerability in index.php in the MediaSlide ...) NOT-FOR-US: com_mediaslide CVE-2008-0803 (Multiple PHP remote file inclusion vulnerabilities in LookStrike Lan ...) NOT-FOR-US: LookStrike Lan Manager CVE-2008-0804 (PHP remote file inclusion vulnerability in usrgetform.html in Thecus ...) NOT-FOR-US: Thecus N5200Pro NAS Server Control Panel CVE-2008-0805 (Unrestricted file upload vulnerability in image.php in PHPizabi 0.848b ...) NOT-FOR-US: Reality Medias PHPizabi CVE-2008-0806 (wyrd 1.4.3b allows local users to overwrite arbitrary files via a ...) BUG: 210609 CVE-2008-0807 (lib/Driver/sql.php in Turba 2 (turba2) Contact Manager H3 2.1.x before ...) BUG: 209960 CVE-2008-0808 (Cross-site scripting (XSS) vulnerability in the meta plugin in Ikiwiki ...) NOT-FOR-US: Ikiwiki CVE-2008-0809 (Cross-site scripting (XSS) vulnerability in the htmlscrubber in ...) NOT-FOR-US: Ikiwiki CVE-2008-0810 (SQL injection vulnerability in the com_scheduling module for Joomla! ...) NOT-FOR-US: Mambo com_scheduling Component CVE-2008-0811 (Multiple SQL injection vulnerabilities in AuraCMS 1.62 allow remote ...) NOT-FOR-US: AuraCMS CVE-2008-0812 (Directory traversal vulnerability in DMS/index.php in BanPro DMS 1.0 ...) NOT-FOR-US: NET BanPro DMS CVE-2008-0813 (Directory traversal vulnerability in Download.php in XPWeb 3.0.1, ...) NOT-FOR-US: XPWeb CVE-2008-0814 (Directory traversal vulnerability in download.php in Tracking ...) NOT-FOR-US: TRUC CVE-2008-0815 (SQL injection vulnerability in the com_mezun component for Joomla! ...) NOT-FOR-US: Egitimhost com_mezun CVE-2008-0816 (SQL injection vulnerability in the com_sg component for Joomla! and ...) NOT-FOR-US: com_sg CVE-2008-0817 (SQL injection vulnerability in the com_filebase component for Joomla! ...) NOT-FOR-US: Joomla com_filebase Component CVE-2008-0818 (Multiple directory traversal vulnerabilities in freePHPgallery 0.6 ...) NOT-FOR-US: freePHPgallery CVE-2008-0819 (Directory traversal vulnerability in index.php in PlutoStatus Locator ...) NOT-FOR-US: PlutoStatus Locator CVE-2008-0820 (** DISPUTED ** ...) NOT-FOR-US: Etomite CVE-2008-0821 (SQL injection vulnerability in admin/traffic/knowledge_searchm.php in ...) NOT-FOR-US: OSI Codes Inc PHPLive CVE-2008-0822 (Directory traversal vulnerability in index.php in Scribe 0.2 allows ...) NOT-FOR-US: Scribe CVE-2008-0823 (Unspecified vulnerability in the Header Image Module before 5.x-1.1 ...) NOT-FOR-US: Drupal Header image CVE-2008-0824 (Unspecified vulnerability in the php2phps function in Claroline before ...) NOT-FOR-US: Caroline CVE-2008-0825 (SQL injection vulnerability in Claroline before 1.8.9 allows remote ...) NOT-FOR-US: Caroline CVE-2008-0826 (Cross-site scripting (XSS) vulnerability in Claroline before 1.8.9 ...) NOT-FOR-US: Caroline CVE-2008-0827 (SQL injection vulnerability in the Books module of PHP-Nuke allows ...) NOT-FOR-US: PHPNuke Book CVE-2008-0828 (Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.5.5 ...) NOT-FOR-US: ATutor CVE-2008-0829 (SQL injection vulnerability in jooget.php in the Joomlapixel Jooget! ...) NOT-FOR-US: Joomlapixel Jooget (com_jooget) 2.6.8 component - a component we dont ship CVE-2008-0830 (The Digital Photo Access Protocol (DPAP) server for iPhoto 4.0.3 ...) NOT-FOR-US: Apple iPhoto CVE-2008-0831 (Multiple SQL injection vulnerabilities in the Rapid Recipe ...) NOT-FOR-US: Joomla Rapid Recipe CVE-2008-0832 (SQL injection vulnerability in index.php in the Kemas Antonius ...) NOT-FOR-US: Mambo Kemas Antonius com_quran CVE-2008-0833 (SQL injection vulnerability in index.php in the com_galeria component ...) NOT-FOR-US: Joomla com_galeria CVE-2008-0834 (Cross-site scripting (XSS) vulnerability in Lotus Quickr for i5/OS ...) NOT-FOR-US: IBM Lotus Quickr CVE-2008-0835 (SQL injection vulnerability in indexen.php in Simple CMS 1.0.3 and ...) NOT-FOR-US: Simple CMS CVE-2008-0836 (Unspecified vulnerability in the vuidmice STREAMS modules in Sun ...) NOT-FOR-US: Sun Solaris CVE-2008-0837 (Cross-site scripting (XSS) vulnerability in the log feature in the ...) NOT-FOR-US: WordPress Search Unleashed plugin CVE-2008-0838 (Multiple cross-site scripting (XSS) vulnerabilities in the web ...) NOT-FOR-US: Sophos ES1000 CVE-2008-0839 (SQL injection vulnerability in refer.php in the astatsPRO ...) NOT-FOR-US: Joomla com_astatspro CVE-2008-0840 (Directory traversal vulnerability in view_member.php in Public ...) NOT-FOR-US: Public Warehouse Light Blog CVE-2008-0841 (SQL injection vulnerability in index.php in the Giorgio Nordo Ricette ...) NOT-FOR-US: Joomla com_ricette component CVE-2008-0842 (SQL injection vulnerability in index.php in the Classifier ...) NOT-FOR-US: Joomla com_clasifier CVE-2008-0843 (StatCounteX 3.0 and 3.1 allows remote attackers to obtain sensitive ...) NOT-FOR-US: StatCounteX CVE-2008-0844 (SQL injection vulnerability in index.php in the PccookBook ...) NOT-FOR-US: Joomla com_pccookbook CVE-2008-0845 (SQL injection vulnerability in wp-people-popup.php in Dean Logan ...) NOT-FOR-US: WordPress Dean Logan WP People plugin CVE-2008-0846 (SQL injection vulnerability in index.php in the com_profile component ...) NOT-FOR-US: Joomla com_profile CVE-2008-0847 (SQL injection vulnerability in print.php in the myTopics module for ...) NOT-FOR-US: XOOPS myTopics CVE-2008-0848 (Cross-site scripting (XSS) vulnerability in lostsheep.php in Crafty ...) NOT-FOR-US: Crafty Syntax Live Help CVE-2008-0849 (SQL injection vulnerability in index.php in the Downloads ...) NOT-FOR-US: Mambo com_downloads CVE-2008-0850 (Multiple SQL injection vulnerabilities in Dokeos 1.8.4 allow remote ...) NOT-FOR-US: Dokeos CVE-2008-0851 (Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.4 ...) NOT-FOR-US: Dokeos E Learning System CVE-2008-0852 (freeSSHd 1.2 and earlier allows remote attackers to cause a denial of ...) NOT-FOR-US: freeSSHd CVE-2008-0853 (SQL injection vulnerability in the com_detail component for Joomla! ...) NOT-FOR-US: Mambo com_detail CVE-2008-0854 (SQL injection vulnerability in the com_salesrep component for Joomla! ...) NOT-FOR-US: Mambo com_salesrep CVE-2008-0855 (SQL injection vulnerability in the Facile Forms (com_facileforms) ...) NOT-FOR-US: Joomla com_facileforms CVE-2008-0856 (Multiple SQL injection vulnerabilities in e-Vision CMS 2.02 allow ...) NOT-FOR-US: e Vision CMS CVE-2008-0857 (SQL injection vulnerability in index.php in WoltLab Burning Board ...) NOT-FOR-US: WoltLab Burning Board CVE-2008-0858 (Buffer overflow in the Visnetic anti-virus plugin in Kerio MailServer ...) NOT-FOR-US: VisNetic AntiVirus Plug in for Mail Server CVE-2008-0859 (Unspecified vulnerability in Kerio MailServer before 6.5.0 allows ...) NOT-FOR-US: Kerio MailServer CVE-2008-0860 (Unspecified vulnerability in the AVG plugin in Kerio MailServer before ...) NOT-FOR-US: Kerio MailServer CVE-2008-0861 (Cross-site scripting (XSS) vulnerability in leg/Main.nsf in IBM Lotus ...) NOT-FOR-US: IBM Lotus Quickplace CVE-2008-0862 (IBM Lotus Notes 6.0, 6.5, 7.0, and 8.0 signs an unsigned applet when a ...) NOT-FOR-US: IBM Lotus Notes CVE-2008-0863 (BEA WebLogic Server and WebLogic Express 9.0 and 9.1 exposes the web ...) NOT-FOR-US: BEA Systems WebLogic Express CVE-2008-0864 (Admin Tools in BEA WebLogic Portal 8.1 SP3 through SP6 can ...) NOT-FOR-US: BEA Systems WebLogic Portal CVE-2008-0865 (Unspecified vulnerability in BEA WebLogic Portal 8.1 through SP6 ...) NOT-FOR-US: BEA Systems WebLogic Portal CVE-2008-0866 (Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic ...) NOT-FOR-US: BEA Systems WebLogic Workshop CVE-2008-0867 (Cross-site scripting (XSS) vulnerability in portal/server.pt in BEA ...) NOT-FOR-US: BEA Systems Plumtree Foundation CVE-2008-0868 (Cross-site scripting (XSS) vulnerability in Groupspace in BEA WebLogic ...) NOT-FOR-US: BEA Systems WebLogic Portal CVE-2008-0869 (Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 ...) NOT-FOR-US: BEA Systems WebLogic Workshop CVE-2008-0870 (BEA WebLogic Portal 10.0 and 9.2 through Maintenance Pack 2, under ...) NOT-FOR-US: BEA Systems WebLogic Portal CVE-2008-0871 (Multiple stack-based buffer overflows in Now SMS/MMS Gateway ...) NOT-FOR-US: NOW SMS_MMS Gateway CVE-2008-0872 (Cross-site scripting (XSS) vulnerability in SmarterTools SmarterMail ...) NOT-FOR-US: SmarterTools SmarterMail CVE-2008-0873 (SQL injection vulnerability in index.php in the jlmZone Classifieds ...) NOT-FOR-US: jlmZone Classifieds CVE-2008-0874 (SQL injection vulnerability in index.php in the eEmpregos module for ...) NOT-FOR-US: XOOPS eEmpregos Module CVE-2008-0875 (Unspecified vulnerability in Hitachi EUR Print Manager, and related ...) NOT-FOR-US: Hitachi EUR Print Manager CVE-2008-0876 (Unspecified vulnerability in the SEWB3 messaging service in Hitachi ...) NOT-FOR-US: Hitachi SEWB3 MI PLATFORM CVE-2008-0877 (Multiple cross-site scripting (XSS) vulnerabilities in Jinzora Media ...) NOT-FOR-US: Jinzora CVE-2008-0878 (SQL injection vulnerability in index.php in the MyAnnonces 1.7 and ...) NOT-FOR-US: RunCMS MyAnnonces CVE-2008-0879 (SQL injection vulnerability in modules.php in the Web_Links module for ...) NOT-FOR-US: PHPNuke Web_Links Module CVE-2008-0880 (SQL injection vulnerability in modules.php in the EasyContent module ...) NOT-FOR-US: PHPNuke EasyContent Module CVE-2008-0881 (SQL injection vulnerability in modules.php in the Okul 1.0 module for ...) NOT-FOR-US: PHPNuke Okul Module CVE-2008-0882 (Double free vulnerability in the process_browse_data function in CUPS ...) BUG: 211449 CVE-2008-0883 (acroread in Adobe Acrobat Reader 8.1.2 allows local users to overwrite ...) BUG: 212367 CVE-2008-0884 (The Replace function in the capp-lspp-config script in the (1) ...) NOT-FOR-US: Red Hat capp lspp eal4 config hp CVE-2008-0885 RESERVED CVE-2008-0886 REJECTED CVE-2008-0887 (gnome-screensaver before 2.22.1, when a remote authentication server ...) BUG: 213940 CVE-2008-0888 (The NEEDBITS macro in the inflate_dynamic function in inflate.c for ...) BUG: 213761 CVE-2008-0889 (Red Hat Directory Server 8.0, when running on Red Hat Enterprise ...) NOT-FOR-US: redhat Directory Server CVE-2008-0890 (Red Hat Directory Server 7.1 before SP4 uses insecure permissions for ...) NOT-FOR-US: redhat Directory Server CVE-2008-0891 (Double free vulnerability in OpenSSL 0.9.8f and 0.9.8g, when the TLS ...) BUG: 223429 CVE-2008-0892 (The replication monitor CGI script (repl-monitor-cgi.pl) in Red Hat ...) NOT-FOR-US: redhat fedora_directory_server CVE-2008-0893 (Red Hat Administration Server, as used by Red Hat Directory Server 8.0 ...) NOT-FOR-US: redhat Directory Server CVE-2008-0894 (Apple Safari might allow remote attackers to obtain potentially ...) NOT-FOR-US: Apple Safari CVE-2008-0895 (BEA WebLogic Server and WebLogic Express 6.1 through 10.0 allows ...) NOT-FOR-US: BEA WebLogic Server and WebLogic Express CVE-2008-0896 (BEA WebLogic Portal 10.0 and 9.2 through MP1, when an administrator ...) NOT-FOR-US: BEA WebLogic Portal CVE-2008-0897 (Unspecified vulnerability in BEA WebLogic Server 9.0 through 10.0 ...) NOT-FOR-US: BEA WebLogic Server CVE-2008-0898 (The distributed queue feature in JMS in BEA WebLogic Server 9.0 ...) NOT-FOR-US: JMS in BEA WebLogic Server CVE-2008-0899 (Cross-site scripting (XSS) vulnerability in the Administration Console ...) NOT-FOR-US: Administration Console in BEA WebLogic Server and Express CVE-2008-0900 (Session fixation vulnerability in BEA WebLogic Server and Express 8.1 ...) NOT-FOR-US: BEA WebLogic Server and Express CVE-2008-0901 (BEA WebLogic Server and Express 7.0 through 10.0 allows remote ...) NOT-FOR-US: BEA WebLogic Server and Express CVE-2008-0902 (Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic ...) NOT-FOR-US: BEA WebLogic Server and Express CVE-2008-0903 (Unspecified vulnerability in the BEA WebLogic Server and Express proxy ...) NOT-FOR-US: BEA WebLogic Server and Express proxy plugin CVE-2008-0904 (Unspecified vulnerability in the download servlet in BEA Plumtree ...) NOT-FOR-US: BEA Plumtree Collaboration CVE-2008-0905 (Directory traversal vulnerability in globsy_edit.php in Globsy 1.0 ...) NOT-FOR-US: Globsy CVE-2008-0906 (SQL injection vulnerability in the Docum module in PHP-Nuke allows ...) NOT-FOR-US: Docum module in PHP-Nuke CVE-2008-0907 (SQL injection vulnerability in the Inhalt module for PHP-Nuke allows ...) NOT-FOR-US: Inhalt module for PHP-Nuke CVE-2008-0908 (SQL injection vulnerability in browse.asp in Schoolwires Academic ...) NOT-FOR-US: Schoolwires Academic Portal CVE-2008-0909 (Cross-site scripting (XSS) vulnerability in browse.asp in Schoolwires ...) NOT-FOR-US: Schoolwires Academic Portal CVE-2008-0910 (Multiple F-Secure anti-virus products, including Internet Security ...) NOT-FOR-US: F-Secure anti-virus CVE-2008-0911 (SQL injection vulnerability in productdetails.php in iScripts ...) NOT-FOR-US: iScripts MultiCart CVE-2008-0912 (Multiple heap-based buffer overflows in mlsrv10.exe in Sybase MobiLink ...) NOT-FOR-US: Sybase MobiLink CVE-2008-0913 (Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB ...) NOT-FOR-US: Invision Power Board IPB or IP Board CVE-2008-0914 (Multiple cross-site scripting (XSS) vulnerabilities in the Mediation ...) NOT-FOR-US: Mediation server in IPdiva SSL VPN Server CVE-2008-0915 (The Mediation server in IPdiva SSL VPN Server 2.2 before 2.2.8.84 and ...) NOT-FOR-US: IPdiva SSL VPN Server CVE-2008-0916 (SQL injection vulnerability in the Highwood Design hwdVideoShare ...) NOT-FOR-US: Highwood Design hwdVideoShare com_hwdvideoshare CVE-2008-0917 (Cross-site scripting (XSS) vulnerability in Tor World Tor Search 1.1 ...) NOT-FOR-US: Tor World Tor Search CVE-2008-0918 (SQL injection vulnerability in includes/count_dl_or_link.inc.php in ...) NOT-FOR-US: astatsPRO com_astatspro CVE-2008-0919 (Cross-site scripting (XSS) vulnerability in session/login.php in Open ...) NOT-FOR-US: Open Source Security Information Management OSSIM CVE-2008-0920 (SQL injection vulnerability in port/modifyportform.php in Open Source ...) NOT-FOR-US: Open Source Security Information Management OSSIM CVE-2008-0921 (SQL injection vulnerability in news.php in beContent 0.3.1 allows ...) NOT-FOR-US: beContent CVE-2008-0922 (SQL injection vulnerability in the Manuales 0.1 module for PHP-Nuke ...) NOT-FOR-US: Manuales module for PHP-Nuke CVE-2008-0923 (Directory traversal vulnerability in the Shared Folders feature for ...) BUG: 211574 CVE-2008-0924 (Stack-based buffer overflow in the DoLBURPRequest function in libnldap ...) NOT-FOR-US: Novell eDirectory CVE-2008-0925 (Cross-site scripting (XSS) vulnerability in the iMonitor interface in ...) NOT-FOR-US: Novell eDirectory CVE-2008-0926 (The SOAP interface to the eMBox module in Novell eDirectory 8.7.3.9 ...) NOT-FOR-US: Novell eDirectory CVE-2008-0927 (dhost.exe in Novell eDirectory 8.7.3 before sp10 and 8.8.2 allows ...) NOT-FOR-US: Novell eDirectory CVE-2008-0928 (Qemu 0.9.1 and earlier does not perform range checks for block device ...) BUG: 212351 CVE-2008-0929 REJECTED CVE-2008-0930 (w_editeur.c in XWine 1.0.1 for Debian GNU/Linux allows local users to ...) NOT-FOR-US: freshmeat XWine CVE-2008-0931 (w_export.c in XWine 1.0.1 on Debian GNU/Linux sets insecure ...) NOT-FOR-US: XWine CVE-2008-0932 (diatheke.pl in The SWORD Project Diatheke 1.5.9 and earlier allows ...) BUG: 210754 CVE-2008-0933 (Multiple race conditions in the CPU Performance Counters (cpc) ...) NOT-FOR-US: Sun Solaris CVE-2008-0934 (SQL injection vulnerability in modules.php in the NukeC 2.1 module for ...) NOT-FOR-US: PHP Nuke NukeC Module CVE-2008-0935 (Stack-based buffer overflow in the Novell iPrint Control ActiveX ...) NOT-FOR-US: Novell iPrint CVE-2008-0936 (SQL injection vulnerability in index.php in the Prayer List ...) NOT-FOR-US: XOOPS Prayer List Module CVE-2008-0937 (SQL injection vulnerability in index.php in the Tiny Event (tinyevent) ...) NOT-FOR-US: TinyEvent CVE-2008-0938 (Unspecified vulnerability in the dynamic tracing framework (DTrace) in ...) NOT-FOR-US: Sun Solaris CVE-2008-0939 (Multiple SQL injection vulnerabilities in wppa.php in the WP Photo ...) NOT-FOR-US: WordPress Photo Album plugin CVE-2008-0940 (Cross-site scripting (XSS) vulnerability in Plain Black WebGUI before ...) NOT-FOR-US: WebGUI CVE-2008-0941 (Cross-site scripting (XSS) vulnerability in Eagle Software Aeries ...) NOT-FOR-US: Eagle Software Aeries Student Information System CVE-2008-0942 (SQL injection vulnerability in GradebookStuScores.asp in Eagle ...) NOT-FOR-US: Eagle Software Aeries Student Information System CVE-2008-0943 (Multiple SQL injection vulnerabilities in Eagle Software Aeries ...) NOT-FOR-US: Eagle Software Aeries Student Information System CVE-2008-0944 (Ipswitch Instant Messaging (IM) 2.0.8.1 and earlier allows remote ...) NOT-FOR-US: Ipswitch Instant Messaging CVE-2008-0945 (Format string vulnerability in the logging function in the IM Server ...) NOT-FOR-US: Ipswitch IMserver CVE-2008-0946 (Directory traversal vulnerability in the IM Server (aka IMserve or ...) NOT-FOR-US: Ipswitch IMserver CVE-2008-0947 (Buffer overflow in the RPC library used by libgssrpc and kadmind in ...) BUG: 212363 CVE-2008-0948 (Buffer overflow in the RPC library (lib/rpc/rpc_dtablesize.c) used by ...) BUG: 212363 CVE-2008-0949 (Unspecified vulnerability in IBM Informix Dynamic Server (IDS) 7.x ...) NOT-FOR-US: IBM Informix Dynamic Server IDS CVE-2008-0950 RESERVED CVE-2008-0951 (Microsoft Windows Vista does not properly enforce the ...) NOT-FOR-US: Microsoft CVE-2008-0952 (The AppendStringToFile function in the HPISDataManagerLib.Datamgr ...) NOT-FOR-US: HP Instant Support CVE-2008-0953 (The StartApp function in the HPISDataManagerLib.Datamgr ActiveX ...) NOT-FOR-US: HP Instant Support CVE-2008-0954 RESERVED CVE-2008-0955 (Stack-based buffer overflow in the Creative Software AutoUpdate Engine ...) NOT-FOR-US: creative_software_autoupdate_engine CVE-2008-0956 (Multiple stack-based buffer overflows in the BackWeb Lite Install ...) NOT-FOR-US: BackWeb Lite Install Runner ActiveX control CVE-2008-0957 (Multiple stack-based buffer overflows in the PhotoStockPlus Uploader ...) NOT-FOR-US: photostockplus_uploader_tool CVE-2008-0958 (Multiple stack-based buffer overflows in the Online Media Technologies ...) NOT-FOR-US: nctsoft NCTAudioeditor_activeX_control CVE-2008-0959 (Multiple stack-based buffer overflows in the Online Media Technologies ...) NOT-FOR-US: Ussun Power Audio CD Burner CVE-2008-0960 (SNMPv3 HMAC verification in (1) Net-SNMP 5.2.x before 5.2.4.1, 5.3.x ...) BUG: 225105 CVE-2008-0961 (EMV DiskXtender 6.20.060 has a hard-coded login and password, which ...) NOT-FOR-US: EMC diskxtender CVE-2008-0962 (Stack-based buffer overflow in the File System Manager for EMC ...) NOT-FOR-US: EMC diskxtender CVE-2008-0963 (Format string vulnerability in EMC DiskXtender MediaStor 6.20.060 ...) NOT-FOR-US: EMC diskxtender CVE-2008-0964 (Multiple stack-based buffer overflows in snoop on Sun Solaris 8 ...) NOT-FOR-US: Sun Solaris CVE-2008-0965 (Multiple format string vulnerabilities in snoop on Sun Solaris 8 ...) NOT-FOR-US: Sun Solaris CVE-2008-0966 RESERVED CVE-2008-0967 (Untrusted search path vulnerability in vmware-authd in VMware ...) BUG: 224637 CVE-2008-0968 RESERVED CVE-2008-0969 RESERVED CVE-2008-0970 RESERVED CVE-2008-0971 (Multiple cross-site scripting (XSS) vulnerabilities in index.cgi in ...) NOT-FOR-US: barracuda_networks barracuda_web_filter CVE-2008-0972 RESERVED CVE-2008-0973 (Buffer overflow in Double-Take (aka HP StorageWorks Storage Mirroring) ...) NOT-FOR-US: Double Take Software Double Take CVE-2008-0974 (Double-Take 5.0.0.2865 and earlier, distributed under the HP ...) NOT-FOR-US: Double Take Software Double Take CVE-2008-0975 (Double-Take 5.0.0.2865 and earlier, distributed under the HP ...) NOT-FOR-US: Double Take Software Double Take CVE-2008-0976 (Double-Take 5.0.0.2865 and earlier, distributed under the HP ...) NOT-FOR-US: Double Take Software Double Take CVE-2008-0977 (Double-Take 5.0.0.2865 and earlier, distributed under the HP ...) NOT-FOR-US: Double Take Software Double Take CVE-2008-0978 (Double-Take 5.0.0.2865 and earlier, distributed under the HP ...) NOT-FOR-US: Double Take Software Double Take CVE-2008-0979 (Stack consumption vulnerability in Double-Take 5.0.0.2865 and earlier, ...) NOT-FOR-US: Double Take Software Double Take CVE-2008-0980 (Multiple cross-site scripting (XSS) vulnerabilities in Spyce - Python ...) NOT-FOR-US: Spyce CVE-2008-0981 (Open redirect vulnerability in spyce/examples/redirect.spy in Spyce - ...) NOT-FOR-US: Spyce CVE-2008-0982 (Spyce - Python Server Pages (PSP) 2.1.3 allows remote attackers to ...) NOT-FOR-US: Spyce CVE-2008-0983 (lighttpd 1.4.18, and possibly other versions before 1.5.0, does not ...) BUG: 211230 CVE-2008-0984 (The MP4 demuxer (mp4.c) for VLC media player 0.8.6d and earlier, as ...) BUG: 211575 CVE-2008-0985 (Heap-based buffer overflow in the GIF library in the WebKit framework ...) NOT-FOR-US: Google Android SDK CVE-2008-0986 (Integer overflow in the BMP::readFromStream method in the libsgl.so ...) NOT-FOR-US: Google Android SDK CVE-2008-0987 (Stack-based buffer overflow in Image Raw in Apple Mac OS X 10.5.2, and ...) NOT-FOR-US: Image Raw in Apple Mac OS X CVE-2008-0988 (Off-by-one error in the Libsystem strnstr API in libc on Apple Mac OS ...) NOT-FOR-US: Apple Mac OS X CVE-2008-0989 (Format string vulnerability in mDNSResponderHelper in Apple Mac OS X ...) NOTE: mDNSResponderHelper is not installed by net-misc/mDNSResponder CVE-2008-0990 (notifyd in Apple Mac OS X 10.4.11 does not verify that Mach port death ...) NOT-FOR-US: Apple Mac OS X CVE-2008-0991 RESERVED CVE-2008-0992 (Array index error in pax in Apple Mac OS X 10.5.2 allows ...) NOT-FOR-US: pax in Apple Mac OS X NOTE: Apple confirmed this only affects OSX CVE-2008-0993 (Podcast Capture in Podcast Producer for Apple Mac OS X 10.5.2 invokes ...) NOT-FOR-US: Podcast Producer for Apple Mac OS X CVE-2008-0994 (Preview in Apple Mac OS X 10.5.2 uses 40-bit RC4 when saving a PDF ...) NOT-FOR-US: Apple Mac OS X CVE-2008-0995 (The Printing component in Apple Mac OS X 10.5.2 uses 40-bit RC4 when ...) NOT-FOR-US: Apple Mac OS X CVE-2008-0996 (The Printing component in Apple Mac OS X 10.5.2 might save ...) NOT-FOR-US: Apple Mac OS X CVE-2008-0997 (Stack-based buffer overflow in AppKit in Apple Mac OS X 10.4.11 allows ...) NOT-FOR-US: AppKit in Apple Mac OS X CVE-2008-0998 (Unspecified vulnerability in NetCfgTool in the System Configuration ...) NOT-FOR-US: Apple Mac OS X CVE-2008-0999 (Apple Mac OS X 10.5.2 allows user-assisted attackers to cause a denial ...) NOT-FOR-US: Mac OS X CVE-2008-1000 (Directory traversal vulnerability in ContentServer.py in the Wiki ...) NOT-FOR-US: Wiki Server in Apple Mac OS X CVE-2008-1001 (Cross-site scripting (XSS) vulnerability in Apple Safari before 3.1, ...) NOT-FOR-US: Apple Safari CVE-2008-1002 (Cross-site scripting (XSS) vulnerability in Apple Safari before 3.1 ...) NOT-FOR-US: Apple Safari CVE-2008-1003 (Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple ...) NOT-FOR-US: Apple Safari CVE-2008-1004 (Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple ...) NOT-FOR-US: Apple Safari CVE-2008-1005 (WebCore, as used in Apple Safari before 3.1, does not properly mask ...) NOT-FOR-US: Apple Safari CVE-2008-1006 (Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple ...) NOT-FOR-US: Apple Safari CVE-2008-1007 (WebCore, as used in Apple Safari before 3.1, does not enforce the ...) NOT-FOR-US: Apple Safari CVE-2008-1008 (Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple ...) NOT-FOR-US: Apple Safari CVE-2008-1009 (Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple ...) NOT-FOR-US: Apple Safari CVE-2008-1010 (Buffer overflow in WebKit, as used in Apple Safari before 3.1, allows ...) NOT-FOR-US: Apple Safari CVE-2008-1011 (Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple ...) NOT-FOR-US: Apple Safari CVE-2008-1012 (Unspecified vulnerability in Apple AirPort Extreme Base Station ...) NOT-FOR-US: Apple AirPort Extreme Base Station Firmware CVE-2008-1013 (Apple QuickTime before 7.4.5 enables deserialization of QTJava objects ...) NOT-FOR-US: Apple Quicktime CVE-2008-1014 (Apple QuickTime before 7.4.5 does not properly handle external URLs in ...) NOT-FOR-US: Apple Quicktime CVE-2008-1015 (Buffer overflow in the data reference atom handling in Apple QuickTime ...) NOT-FOR-US: Apple Quicktime CVE-2008-1016 (Apple QuickTime before 7.4.5 does not properly handle movie media ...) NOT-FOR-US: Apple Quicktime CVE-2008-1017 (Heap-based buffer overflow in clipping region (aka crgn) atom handling ...) NOT-FOR-US: Apple Quicktime CVE-2008-1018 (Heap-based buffer overflow in Apple QuickTime before 7.4.5 allows ...) NOT-FOR-US: Apple Quicktime CVE-2008-1019 (Heap-based buffer overflow in quickTime.qts in Apple QuickTime before ...) NOT-FOR-US: Apple Quicktime CVE-2008-1020 (Heap-based buffer overflow in quickTime.qts in Apple QuickTime before ...) NOT-FOR-US: Apple Quicktime CVE-2008-1021 (Heap-based buffer overflow in Animation codec content handling in ...) NOT-FOR-US: Apple Quicktime CVE-2008-1022 (Stack-based buffer overflow in Apple QuickTime before 7.4.5 allows ...) NOT-FOR-US: Apple Quicktime CVE-2008-1023 (Heap-based buffer overflow in Clip opcode parsing in Apple QuickTime ...) NOT-FOR-US: Apple Quicktime CVE-2008-1024 (Apple Safari before 3.1.1, when running on Windows XP or Vista, allows ...) NOT-FOR-US: Apple Safari CVE-2008-1025 (Cross-site scripting (XSS) vulnerability in Apple WebKit, as used in ...) NOT-FOR-US: Apple WebKit CVE-2008-1026 (Integer overflow in the PCRE regular expression compiler ...) NOT-FOR-US: Apple Safari CVE-2008-1027 (Apple Filing Protocol (AFP) Server in Apple Mac OS X before 10.5.3 ...) NOT-FOR-US: Mac OS X CVE-2008-1028 (Unspecified vulnerability in AppKit in Apple Mac OS X before 10.5 ...) NOT-FOR-US: AppKit in Apple Mac OS X CVE-2008-1029 RESERVED CVE-2008-1030 (Integer overflow in the CFDataReplaceBytes function in the CFData API ...) NOT-FOR-US: CFDataReplaceBytes function in the CFData API in CoreFoundation in Apple Mac OS X CVE-2008-1031 (CoreGraphics in Apple Mac OS X before 10.5.3 allows remote attackers ...) NOT-FOR-US: Apple Mac OS X CVE-2008-1032 (Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X ...) NOT-FOR-US: CoreTypes in Apple Mac OS X CVE-2008-1033 (The scheduler in CUPS in Apple Mac OS X 10.5 before 10.5.3, when debug ...) NOTE: This issue only affects CUPS 1.3.6, see RedHat for details: NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=449746 CVE-2008-1034 (Integer underflow in Help Viewer in Apple Mac OS X before 10.5 allows ...) NOT-FOR-US: Help Viewer in Apple Mac OS X CVE-2008-1035 (Use-after-free vulnerability in Apple iCal 3.0.1 on Mac OS X allows ...) NOT-FOR-US: Apple iCal CVE-2008-1036 (The International Components for Unicode (ICU) library in Apple Mac OS ...) BUG: 239538 CVE-2008-1037 (Cross-site scripting (XSS) vulnerability in the file listing function ...) NOT-FOR-US: Packeteer PacketShaper CVE-2008-1038 (PHP remote file inclusion vulnerability in mod/mod.extmanager.php in ...) NOT-FOR-US: DrBenHur com DBHcms CVE-2008-1039 (SQL injection vulnerability in question.asp in PORAR WEBBOARD allows ...) NOT-FOR-US: PORAR Webboard CVE-2008-1040 (Buffer overflow in the Single Sign-On function in Fujitsu Interstage ...) NOT-FOR-US: Fujitsu Interstage Application Server CVE-2008-1041 (Cross-site scripting (XSS) vulnerability in mwhois.php in Matt Wilson ...) NOT-FOR-US: Matt's Whois CVE-2008-1042 (Directory traversal vulnerability in include/body.inc.php in Linux Web ...) NOT-FOR-US: Linux Web Shop LWS php Download Manager CVE-2008-1043 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Linux Web Shop LWS php User Base CVE-2008-1044 (Stack-based buffer overflow in the Quantum Streaming Player (Quantum ...) NOT-FOR-US: Quantum CVE-2008-1045 (Cross-site scripting (XSS) vulnerability in the file tree navigation ...) NOT-FOR-US: Alkacon OpenCMS CVE-2008-1046 (PHP remote file inclusion vulnerability in footer.php in Quinsonnas ...) NOT-FOR-US: Quinsonnas Mail Checker CVE-2008-1047 (Cross-site scripting (XSS) vulnerability in tiki-edit_article.php in ...) NOT-FOR-US: we ship 1.9.9 which isnt affected CVE-2008-1048 (Cross-site scripting (XSS) vulnerability in manager/xmedia.php in ...) NOT-FOR-US: Plume CMS CVE-2008-1049 (Unspecified vulnerability in Parallels SiteStudio before 1.7.2, and ...) NOT-FOR-US: Parallels SiteStudio CVE-2008-1050 (SQL injection vulnerability in index.php in Softbiz Jokes & Funny Pics ...) NOT-FOR-US: Softbiz CVE-2008-1051 (PHP remote file inclusion vulnerability in include/body_comm.inc.php ...) NOT-FOR-US: phpProfiles CVE-2008-1052 (The administration web interface in NetWin SurgeFTP 2.3a2 and earlier ...) NOT-FOR-US: NetWin SurgeFTP CVE-2008-1053 (Multiple SQL injection vulnerabilities in the Kose_Yazilari module for ...) NOT-FOR-US: Kose_Yazilari CVE-2008-1054 (Stack-based buffer overflow in the _lib_spawn_user_getpid function in ...) NOT-FOR-US: NetWin SurgeMail CVE-2008-1055 (Format string vulnerability in webmail.exe in NetWin SurgeMail 38k4 ...) NOT-FOR-US: NetWin SurgeMail CVE-2008-1056 (Multiple stack-based buffer overflows in Symark PowerBroker 2.8 ...) NOT-FOR-US: Symark PowerBroker CVE-2008-1057 (The ip6_check_rh0hdr function in netinet6/ip6_input.c in OpenBSD 4.2 ...) NOT-FOR-US: OpenBSD Open_BSD CVE-2008-1058 (The tcp_respond function in netinet/tcp_subr.c in OpenBSD 4.1 and 4.2 ...) NOT-FOR-US: OpenBSD Open_BSD CVE-2008-1059 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: WordPress Sniplets Plugin CVE-2008-1060 (Eval injection vulnerability in modules/execute.php in the Sniplets ...) NOT-FOR-US: WordPress Sniplets Plugin CVE-2008-1061 (Multiple cross-site scripting (XSS) vulnerabilities in the Sniplets ...) NOT-FOR-US: WordPress Sniplets Plugin CVE-2008-1062 (InterVideo IMC Server (aka IMCSvr.exe) and InterVideo Home Theater ...) NOT-FOR-US: InterVideo WinDVD Media Center CVE-2008-1063 (Cross-site scripting (XSS) vulnerability index.php in the ...) NOTE: XOOPS is pmasked CVE-2008-1064 (Cross-site scripting (XSS) vulnerability in images.php in the Red ...) NOTE: Xoops pmasked CVE-2008-1065 (Multiple SQL injection vulnerabilities in index.php in the ...) NOTE: xoops pmasked CVE-2008-1066 (The modifier.regex_replace.php plugin in Smarty before 2.6.19, as used ...) BUG: 212147 CVE-2008-1067 (Multiple PHP remote file inclusion vulnerabilities in phpQLAdmin 2.2.7 ...) NOT-FOR-US: phpQLAdmin CVE-2008-1068 (Multiple PHP remote file inclusion vulnerabilities in Portail Web Php ...) NOT-FOR-US: Portail Web Php CVE-2008-1069 (Multiple PHP remote file inclusion vulnerabilities in Quantum Game ...) NOT-FOR-US: Quantum Game Library CVE-2008-1070 (The SCTP dissector in Wireshark (formerly Ethereal) 0.99.5 through ...) BUG: 212149 CVE-2008-1071 (The SNMP dissector in Wireshark (formerly Ethereal) 0.99.6 through ...) BUG: 212149 CVE-2008-1072 (The TFTP dissector in Wireshark (formerly Ethereal) 0.6.0 through ...) BUG: 212149 CVE-2008-1073 (Cross-site scripting (XSS) vulnerability in the report interface in ...) NOT-FOR-US: Internet Security Systems Internet Scanner CVE-2008-1074 (PHP remote file inclusion vulnerability in lib/head_auth.php in ...) NOT-FOR-US: GROUP_E CVE-2008-1075 (Cross-site scripting (XSS) vulnerability in index.php in Maian Cart ...) NOT-FOR-US: Maian Cart CVE-2008-1076 (Cross-site scripting (XSS) vulnerability in search.php in Interspire ...) NOT-FOR-US: Interspire Shopping Cart CVE-2008-1077 (SQL injection vulnerability in index.php in the Simpleboard ...) NOT-FOR-US: Mamboportal com Simpleboard CVE-2008-1078 (expn in the am-utils and net-fs packages for Gentoo, rPath Linux, and ...) BUG: 210158 CVE-2008-1079 (The outboxWriteUnsent function in FTPThread.class in SendFile.jar for ...) NOT-FOR-US: Beehive Software SendFile NET CVE-2008-1080 (Opera before 9.26 allows user-assisted remote attackers to read ...) BUG: 210260 CVE-2008-1081 (Opera before 9.26 allows user-assisted remote attackers to execute ...) BUG: 210260 CVE-2008-1082 (Opera before 9.26 allows remote attackers to "bypass sanitization ...) BUG: 210260 CVE-2008-1083 (Heap-based buffer overflow in the CreateDIBPatternBrushPt function in ...) NOT-FOR-US: GDI in Microsoft Windows CVE-2008-1084 (Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, ...) NOT-FOR-US: kernel in Microsoft Windows CVE-2008-1085 (Use-after-free vulnerability in Microsoft Internet Explorer 5.01 SP4, ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2008-1086 (The HxTocCtrl ActiveX control (hxvz.dll), as used in Microsoft ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2008-1087 (Stack-based buffer overflow in GDI in Microsoft Windows 2000 SP4, XP ...) NOT-FOR-US: GDI in Microsoft Windows CVE-2008-1088 (Microsoft Project 2000 Service Release 1, 2002 SP1, and 2003 SP2 ...) NOT-FOR-US: Microsoft CVE-2008-1089 (Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and ...) NOT-FOR-US: Microsoft Visio CVE-2008-1090 (Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and ...) NOT-FOR-US: Microsoft Visio CVE-2008-1091 (Unspecified vulnerability in Microsoft Word in Office 2000 and XP SP3, ...) NOT-FOR-US: Microsoft word_viewer CVE-2008-1092 (Buffer overflow in msjet40.dll before 4.0.9505.0 in Microsoft Jet ...) NOT-FOR-US: Microsoft Word CVE-2008-1093 (Acresso InstallShield Update Agent does not properly verify the ...) NOT-FOR-US: Acresso InstallShield Update Agent CVE-2008-1094 (SQL injection vulnerability in index.cgi in the Account View page in ...) NOT-FOR-US: barracuda_networks barracuda_spam_firewall CVE-2008-1095 (Unspecified vulnerability in the Internet Protocol (IP) implementation ...) NOT-FOR-US: Sun Solaris CVE-2008-1096 (The load_tile function in the XCF coder in coders/xcf.c in (1) ...) NOT-FOR-US: we do not ship any of those versions CVE-2008-1097 (Heap-based buffer overflow in the ReadPCXImage function in the PCX ...) NOT-FOR-US: we do not ship any of those versions CVE-2008-1098 (Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.5.8 ...) BUG: 209133 CVE-2008-1099 (_macro_Getval in wikimacro.py in MoinMoin 1.5.8 and earlier does not ...) BUG: 209133 CVE-2008-1100 (Buffer overflow in the cli_scanpe function in libclamav ...) BUG: 213762 CVE-2008-1101 (Buffer overflow in kvdocve.dll in the KeyView document viewing engine ...) NOT-FOR-US: Autonomy KeyView CVE-2008-1102 (Stack-based buffer overflow in the imb_loadhdr function in Blender ...) BUG: 219008 CVE-2008-1103 (Multiple unspecified vulnerabilities in Blender have unknown impact ...) BUG: 219008 CVE-2008-1104 (Stack-based buffer overflow in Foxit Reader before 2.3 build 2912 ...) NOT-FOR-US: Foxit reader CVE-2008-1105 (Heap-based buffer overflow in the receive_smb_raw function in ...) BUG: 222299 CVE-2008-1106 (The management interface in Akamai Client (formerly Red Swoosh) 3322 ...) NOT-FOR-US: Akamai Technologies client CVE-2008-1107 (Multiple stack-based buffer overflows in the Danske Bank e-Sec Control ...) NOT-FOR-US: danskebank danskesikker ocx CVE-2008-1108 (Buffer overflow in Evolution 2.22.1, when the ITip Formatter plugin is ...) BUG: 223963 CVE-2008-1109 (Heap-based buffer overflow in Evolution 2.22.1 allows user-assisted ...) BUG: 223963 CVE-2008-1110 (Buffer overflow in demuxers/demux_asf.c (aka the ASF demuxer) in the ...) BUG: 208100 CVE-2008-1111 (mod_cgi in lighttpd 1.4.18 sends the source code of CGI scripts ...) BUG: 211956 CVE-2008-1112 REJECTED NOT-FOR-US: rejected CVE-2008-1113 (Cisco Unified Wireless IP Phone 7921, when using Protected Extensible ...) NOT-FOR-US: Vocera Communications Badge CVE-2008-1114 (Vocera Communications wireless handsets, when using Protected ...) NOT-FOR-US: Vocera CVE-2008-1115 (Unspecified vulnerability in Sun Solaris 8 directory functions allows ...) NOT-FOR-US: Sun Solaris CVE-2008-1116 (Insecure method vulnerability in the Web Scan Object ActiveX control ...) NOT-FOR-US: Rising Antivirus International Rising Web Scan Object CVE-2008-1117 (Directory traversal vulnerability in the Notes (aka Flash Notes or ...) NOT-FOR-US: Timbuktu Pro CVE-2008-1118 (Timbuktu Pro 8.6.5 for Windows, and possibly 8.7 for Mac OS X, does ...) NOT-FOR-US: Timbuktu Pro CVE-2008-1119 (Directory traversal vulnerability in include/doc/get_image.php in ...) NOT-FOR-US: Centreon CVE-2008-1120 (Format string vulnerability in the embedded Internet Explorer ...) NOT-FOR-US: Mirabilis ICQ CVE-2008-1121 (SQL injection vulnerability in index.php in eazyPortal 1.0 and earlier ...) NOT-FOR-US: eazyPortal CVE-2008-1122 (SQL injection vulnerability in the downloads module in Koobi Pro 5.7 ...) NOT-FOR-US: dream4 Koobi Pro CVE-2008-1123 (Multiple PHP remote file inclusion vulnerabilities in SiteBuilder ...) NOT-FOR-US: SiteBuilder Elite CVE-2008-1124 (Multiple PHP remote file inclusion vulnerabilities in Podcast ...) NOT-FOR-US: Podcast Generator CVE-2008-1125 (Multiple directory traversal vulnerabilities in Podcast Generator 1.0 ...) NOT-FOR-US: Podcast Generator CVE-2008-1126 (PHP remote file inclusion vulnerability in main.php in Barryvan Compo ...) NOT-FOR-US: Barryvan Compo Manager CVE-2008-1127 (Format string vulnerability in the cryactio function in Crysis ...) NOT-FOR-US: Crytek Crysis CVE-2008-1128 (PHP remote file inclusion vulnerability in tourney/index.php in ...) NOT-FOR-US: phpMytourney CVE-2008-1129 (Cross-site scripting (XSS) vulnerability in admin/users/self.php in ...) BUG: 235005 CVE-2008-1130 (Unspecified vulnerability in IBM WebSphere MQ 6.0.x before 6.0.2.2 and ...) NOT-FOR-US: IBM WebSphere MQ CVE-2008-1131 (Cross-site scripting (XSS) vulnerability in Drupal 6.0 allows remote ...) BUG: 211940 CVE-2008-1132 (Untrusted search path vulnerability in src/mainwindow.c in Net ...) NOT-FOR-US: Net Activity Viewer CVE-2008-1133 (The Drupal.checkPlain function in Drupal 6.0 only escapes the first ...) BUG: 211940 CVE-2008-1134 (OMEGA (aka Omegasoft) INterneSErvicesLosungen (INSEL) 7 supports ...) NOT-FOR-US: OMEGA CVE-2008-1135 (OMEGA (aka Omegasoft) INterneSErvicesLosungen (INSEL) 7 generates ...) NOT-FOR-US: OMEGA CVE-2008-1136 (The Utils::runScripts function in src/utils.cpp in vdccm 0.92 through ...) BUG: 213770 CVE-2008-1137 (SQL injection vulnerability in the Garys Cookbook (com_garyscookbook) ...) NOT-FOR-US: Garys Cookbook com_garyscookbook CVE-2008-1138 (DLMFENC.sys 1.0.0.26 in DESlock+ 3.2.6 and earlier allows local users ...) NOT-FOR-US: DESlock CVE-2008-1139 (DESlock+ 3.2.6 and earlier, when DLMFENC.sys 1.0.0.26 and DLMFDISK.sys ...) NOT-FOR-US: DESlock CVE-2008-1140 (DLMFDISK.sys 1.2.0.27 in DESlock+ 3.2.6 and earlier allows local users ...) NOT-FOR-US: DESlock CVE-2008-1141 (Memory leak in DLMFENC.sys 1.0.0.26 in DESlock+ 3.2.6 and earlier ...) NOT-FOR-US: DESlock CVE-2008-1142 (rxvt 2.6.4 opens a terminal window on :0 if the DISPLAY environment ...) BUG: 217819 CVE-2008-1143 RESERVED CVE-2008-1144 (The Marvell driver for the Netgear WN802T Wi-Fi access point with ...) NOT-FOR-US: netgear wn802t CVE-2008-1145 (Directory traversal vulnerability in WEBrick in Ruby 1.8 before ...) BUG: 212264 CVE-2008-1146 (A certain pseudo-random number generator (PRNG) algorithm that uses ...) NOT-FOR-US: OpenBSD CVE-2008-1147 (A certain pseudo-random number generator (PRNG) algorithm that uses ...) NOT-FOR-US: OpenBSD CVE-2008-1148 (A certain pseudo-random number generator (PRNG) algorithm that uses ...) NOT-FOR-US: OpenBSD CVE-2008-1149 (phpMyAdmin before 2.11.5 accesses $_REQUEST to obtain some parameters ...) BUG: 212000 CVE-2008-1150 (The virtual private dial-up network (VPDN) component in Cisco IOS ...) NOT-FOR-US: Cisco IOS CVE-2008-1151 (Memory leak in the virtual private dial-up network (VPDN) component in ...) NOT-FOR-US: Cisco IOS CVE-2008-1152 (The data-link switching (DLSw) component in Cisco IOS 12.0 through ...) NOT-FOR-US: Cisco IOS CVE-2008-1153 (Cisco IOS 12.1, 12.2, 12.3, and 12.4, with IPv4 UDP services and the ...) NOT-FOR-US: Cisco IOS CVE-2008-1154 (The Disaster Recovery Framework (DRF) master server in Cisco Unified ...) NOT-FOR-US: Cisco Unified Communications products CVE-2008-1155 (Cisco Network Admission Control (NAC) Appliance 3.5.x, 3.6.x before ...) NOT-FOR-US: Cisco Network Admission Control CVE-2008-1156 (Unspecified vulnerability in the Multicast Virtual Private Network ...) NOT-FOR-US: Cisco IOS CVE-2008-1157 (Cisco CiscoWorks Internetwork Performance Monitor (IPM) 2.6 creates a ...) NOT-FOR-US: Cisco CiscoWorks Internetwork Performance Monitor CVE-2008-1158 (The Presence Engine (PE) service in Cisco Unified Presence before ...) NOT-FOR-US: Cisco Unified Presence Server CVE-2008-1159 (Multiple unspecified vulnerabilities in the SSH server in Cisco IOS ...) NOT-FOR-US: Cisco IOS XR CVE-2008-1160 (ZyXEL ZyWALL 1050 has a hard-coded password for the Quagga and Zebra ...) NOT-FOR-US: ZyXEL CVE-2008-1161 (Buffer overflow in the Matroska demuxer (demuxers/demux_matroska.c) in ...) BUG: 209106 CVE-2008-1162 (SQL injection vulnerability in album.php in PHP WEB SCRIPT Dynamic ...) NOT-FOR-US: PHP Web Scripts Dynamic Photo Gallery CVE-2008-1163 (SQL injection vulnerability in index.php in phpArcadeScript 1.0 ...) NOT-FOR-US: phpArcadeScript CVE-2008-1164 (SQL injection vulnerability in index.php in phpComasy 0.8 allows ...) NOT-FOR-US: phpComasy CVE-2008-1165 (Multiple cross-site scripting (XSS) vulnerabilities in Flyspray 0.9.9 ...) NOT-FOR-US: Flyspray CVE-2008-1166 (Flyspray 0.9.9.4 generates different error messages depending on ...) NOT-FOR-US: Flyspray CVE-2008-1167 (Stack-based buffer overflow in the useragent function in useragent.c ...) BUG: 212208 CVE-2008-1168 (Cross-site scripting (XSS) vulnerability in Squid Analysis Report ...) BUG: 212731 CVE-2008-1169 (Directory traversal vulnerability in the embedded HTTP server in SCI ...) NOT-FOR-US: SIMM Comm SCI Photo Chat CVE-2008-1170 (Multiple PHP remote file inclusion vulnerabilities in KCWiki 1.0 allow ...) NOT-FOR-US: KCWiki CVE-2008-1171 (** DISPUTED ** ...) NOT-FOR-US: phpBB 123 Flash Chat Module CVE-2008-1172 (Cross-site request forgery (CSRF) vulnerabilities in account-inbox.php ...) NOT-FOR-US: TorrentTrader CVE-2008-1173 (Cross-site scripting (XSS) vulnerability in account-inbox.php in ...) NOT-FOR-US: TorrentTrader CVE-2008-1174 (Cross-site scripting (XSS) vulnerability in editUser.asp in AuthentiX ...) NOT-FOR-US: Flicks Software Authentix CVE-2008-1175 (Cross-site scripting (XSS) vulnerability in AuthentiX 6.3b1 Trial ...) NOT-FOR-US: Flicks Software Authentix CVE-2008-1176 (Cross-site scripting (XSS) vulnerability in function/sideblock.php in ...) NOT-FOR-US: Affiliate Market CVE-2008-1177 (SQL injection vulnerability in shop/detail.php in Affiliate Market ...) NOT-FOR-US: Affiliate Market CVE-2008-1178 (Directory traversal vulnerability in include/doc/index.php in Centreon ...) NOT-FOR-US: Centreon CVE-2008-1179 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: Centreon CVE-2008-1180 (Cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: Juniper Secure Access 2000 CVE-2008-1181 (Juniper Networks Secure Access 2000 5.5 R1 (build 11711) allows remote ...) NOT-FOR-US: Juniper Secure Access 2000 CVE-2008-1182 (Cross-site scripting (XSS) vulnerability in BSD Perimeter pfSense ...) NOT-FOR-US: BSD Perimeter pfSense CVE-2008-1183 (Multiple cross-site scripting (XSS) vulnerabilities in Crafty Syntax ...) NOT-FOR-US: Crafty Syntax Live Help CVE-2008-1184 (The DNSSEC validation library (libval) library in dnssec-tools before ...) NOT-FOR-US: DNSSEC Tools CVE-2008-1185 (Unspecified vulnerability in the Virtual Machine for Sun Java Runtime ...) BUG: 212425 CVE-2008-1186 (Unspecified vulnerability in the Virtual Machine for Sun Java Runtime ...) BUG: 212425 CVE-2008-1187 (Unspecified vulnerability in Sun Java Runtime Environment (JRE) and ...) BUG: 212425 CVE-2008-1188 (Multiple buffer overflows in the useEncodingDecl function in Java Web ...) BUG: 212425 CVE-2008-1189 (Buffer overflow in Java Web Start in Sun JDK and JRE 6 Update 4 and ...) BUG: 212425 CVE-2008-1190 (Unspecified vulnerability in Java Web Start in Sun JDK and JRE 6 ...) BUG: 212425 CVE-2008-1191 (Unspecified vulnerability in Java Web Start in Sun JDK and JRE 6 ...) BUG: 212425 CVE-2008-1192 (Unspecified vulnerability in the Java Plug-in for Sun JDK and JRE 6 ...) BUG: 212425 CVE-2008-1193 (Unspecified vulnerability in Java Runtime Environment Image Parsing ...) BUG: 212425 CVE-2008-1194 (Multiple unspecified vulnerabilities in the color management library ...) BUG: 212425 CVE-2008-1195 (Unspecified vulnerability in Sun JDK and Java Runtime Environment ...) BUG: 212425 CVE-2008-1196 (Stack-based buffer overflow in Java Web Start (javaws.exe) in Sun JDK ...) BUG: 212425 CVE-2008-1197 (The Marvell driver for the Netgear WN802T Wi-Fi access point with ...) NOT-FOR-US: netgear wn802t CVE-2008-1198 (The default IPSec ifup script in Red Hat Enterprise Linux 3 through 5 ...) NOT-FOR-US: Red Hat enterprise_linux CVE-2008-1199 (Dovecot before 1.0.11, when configured to use mail_extra_groups to ...) BUG: 212336 CVE-2008-1200 (Unspecified vulnerability in Microsoft Access allows remote ...) NOT-FOR-US: Microsoft Jet CVE-2008-1201 (Multiple unspecified vulnerabilities in FLA file parsing in Adobe ...) NOTE: Flash 8 on Windows only CVE-2008-1202 (Cross-site scripting (XSS) vulnerability in the web management ...) NOT-FOR-US: Adobe LiveCycle Workflow CVE-2008-1203 (The administrator interface for Adobe ColdFusion 8 and ColdFusion MX7 ...) NOT-FOR-US: Adobe ColdFusion MX CVE-2008-1204 (Multiple cross-site scripting (XSS) vulnerabilities in the ...) NOT-FOR-US: Administration Console in Sun Java System Access Manager CVE-2008-1205 (Unspecified vulnerability in the ipsecah kernel module in Sun Solaris ...) NOT-FOR-US: ipsecah kernel module in Sun Solaris CVE-2008-1206 (Format string vulnerability in the log_message function in lks.c in ...) NOT-FOR-US: Linux Kiss Server CVE-2008-1207 (Multiple unspecified vulnerabilities in Fujitsu Interstage Smart ...) NOT-FOR-US: Fujitsu Interstage Smart Repository, CVE-2008-1208 (Cross-site scripting (XSS) vulnerability in the login page in Check ...) NOT-FOR-US: Check Point VPN-1 UTM Edge W Embedded CVE-2008-1209 (Cross-site scripting (XSS) vulnerability in redirect.do in Xitex ...) NOT-FOR-US: Xitex WebContent M1 CVE-2008-1210 (Stack-based buffer overflow in the ctags parsing code in Programmer's ...) NOT-FOR-US: Programmer's Notepad CVE-2008-1211 (Cross-site scripting (XSS) vulnerability in BosDates 3.x and 4.x ...) NOT-FOR-US: BosDates CVE-2008-1212 (Cross-site scripting (XSS) vulnerability in set_permissions.php in ...) NOT-FOR-US: Podcast Generator CVE-2008-1213 (Cross-site scripting (XSS) vulnerability in Numara FootPrints for ...) NOT-FOR-US: Numara FootPrints for Linux CVE-2008-1214 (MRcgi/MRProcessIncomingForms.pl in Numara FootPrints 8.1 on Linux ...) NOT-FOR-US: Numara FootPrints CVE-2008-1215 (Stack-based buffer overflow in the command_Expand_Interpret function ...) NOT-FOR-US: FreeBSD CVE-2008-1216 (IBM Lotus Quickr 8.0 server, and possibly QuickPlace 7.x, does not ...) NOT-FOR-US: IBM Lotus Quickr CVE-2008-1217 (Unspecified vulnerability in nlnotes.dll in the client in IBM Lotus ...) NOT-FOR-US: IBM Lotus Notes CVE-2008-1218 (Argument injection vulnerability in Dovecot 1.0.x before 1.0.13, and ...) BUG: 213030 CVE-2008-1219 (SQL injection vulnerability in the Kutub-i Sitte (KutubiSitte) 1.1 ...) NOT-FOR-US: PHPNuke KutubiSitte Component CVE-2008-1220 (SQL injection vulnerability in the 4nChat 0.91 module for PHP-Nuke ...) NOT-FOR-US: PHPNuke 4nChat CVE-2008-1221 (Absolute path traversal vulnerability in the FTP server in MicroWorld ...) NOT-FOR-US: MicroWorld Technologies eScan Server CVE-2008-1222 (Cross-site scripting (XSS) vulnerability in Dokeos 1.8.4 before SP3 ...) NOT-FOR-US: Dokeos Open Source Learning and Knowledge Management Tool CVE-2008-1223 (Unspecified vulnerability in Dokeos 1.8.4 before SP3 allows attackers ...) NOT-FOR-US: Dokeos Open Source Learning and Knowledge Management Tool CVE-2008-1224 (Cross-site scripting (XSS) vulnerability in account.php in ...) NOT-FOR-US: BosDev BosClassifieds Classified Ads CVE-2008-1225 (Multiple cross-site scripting (XSS) vulnerabilities in WebCT Campus ...) NOT-FOR-US: WebCT CVE-2008-1226 (Multiple cross-site scripting (XSS) vulnerabilities in Zimbra ...) NOT-FOR-US: Zimbra Collaboration_Suite CVE-2008-1227 (Stack-based buffer overflow in the silc_fingerprint function in ...) NOT-FOR-US: SILC Toolkit CVE-2008-1228 (Cross-site scripting (XSS) vulnerability in admin.php in MG2 (formerly ...) NOT-FOR-US: MiniGal MG2 CVE-2008-1229 (Cross-site scripting (XSS) vulnerability in Edit.jsp in JSPWiki ...) NOT-FOR-US: JSPWiki CVE-2008-1230 (Unrestricted file upload vulnerability in JSPWiki 2.4.104 and 2.5.139 ...) NOT-FOR-US: JSPWiki CVE-2008-1231 (Directory traversal vulnerability in Edit.jsp in JSPWiki 2.4.104 and ...) NOT-FOR-US: JSPWiki CVE-2008-1232 (Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 ...) BUG: 225477 CVE-2008-1233 (Unspecified vulnerability in Mozilla Firefox before 2.0.0.13, ...) BUG: 214816 CVE-2008-1234 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox before ...) BUG: 214816 CVE-2008-1235 (Unspecified vulnerability in Mozilla Firefox before 2.0.0.13, ...) BUG: 214816 CVE-2008-1236 (Multiple unspecified vulnerabilities in Mozilla Firefox before ...) BUG: 214816 CVE-2008-1237 (Multiple unspecified vulnerabilities in Mozilla Firefox before ...) BUG: 214816 CVE-2008-1238 (Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9, when ...) BUG: 214816 CVE-2008-1239 RESERVED CVE-2008-1240 (LiveConnect in Mozilla Firefox before 2.0.0.13 and SeaMonkey before ...) BUG: 214816 CVE-2008-1241 (GUI overlay vulnerability in Mozilla Firefox before 2.0.0.13 and ...) BUG: 214816 CVE-2008-1242 (The control panel on the Belkin F5D7230-4 router with firmware 9.01.10 ...) NOT-FOR-US: Belkin F5D7230-4 router CVE-2008-1243 (Cross-site scripting (XSS) vulnerability on the Linksys WRT300N router ...) NOT-FOR-US: Linksys WRT300N router CVE-2008-1244 (cgi-bin/setup_dns.exe on the Belkin F5D7230-4 router with firmware ...) NOT-FOR-US: Belkin F5D7230-4 CVE-2008-1245 (cgi-bin/setup_virtualserver.exe on the Belkin F5D7230-4 router with ...) NOT-FOR-US: Belkin F5D7230-4 CVE-2008-1246 (** DISPUTED ** ...) NOT-FOR-US: Cisco CVE-2008-1247 (The web interface on the Linksys WRT54g router with firmware 1.00.9 ...) NOT-FOR-US: Linksys WRT54g CVE-2008-1248 (The web interface on the central phone server for the Snom 320 SIP ...) NOT-FOR-US: Snom 320 SIP Phone CVE-2008-1249 (snomControl.swf in the central phone server for the Snom 320 SIP Phone ...) NOT-FOR-US: central phone server for the Snom 320 SIP Phone CVE-2008-1250 (Multiple cross-site request forgery (CSRF) vulnerabilities in the web ...) NOT-FOR-US: central phone server for the Snom 320 SIP Phone CVE-2008-1251 (Cross-site scripting (XSS) vulnerability in the web interface on the ...) NOT-FOR-US: Snom 320 SIP Phone CVE-2008-1252 (b_banner.stm (aka the login page) on the Deutsche Telekom Speedport ...) NOT-FOR-US: Speedport W500 DSL CVE-2008-1253 (Cross-site scripting (XSS) vulnerability in cgi-bin/webcm on the ...) NOT-FOR-US: D-Link DSL-G604T CVE-2008-1254 (Multiple cross-site request forgery (CSRF) vulnerabilities on the ...) NOT-FOR-US: ZyXEL P-660HW CVE-2008-1255 (The ZyXEL P-660HW series router maintains authentication state by IP ...) NOT-FOR-US: ZyXEL P-660HW CVE-2008-1256 (The ZyXEL P-660HW series router has "admin" as its default password, ...) NOT-FOR-US: ZyXEL P-660HW CVE-2008-1257 (Cross-site scripting (XSS) vulnerability in Forms/DiagGeneral_2 on the ...) NOT-FOR-US: ZyXEL P-660HW CVE-2008-1258 (Cross-site scripting (XSS) vulnerability in prim.htm on the D-Link ...) NOT-FOR-US: D-Link DI-604 CVE-2008-1259 (The Zyxel P-2602HW-D1A router with 3.40(AJZ.1) firmware maintains ...) NOT-FOR-US: Zyxel P-2602HW-D1A CVE-2008-1260 (Multiple cross-site request forgery (CSRF) vulnerabilities on the ...) NOT-FOR-US: Zyxel P-2602HW-D1A CVE-2008-1261 (The Zyxel P-2602HW-D1A router with 3.40(AJZ.1) firmware provides ...) NOT-FOR-US: Zyxel P-2602HW-D1A CVE-2008-1262 (The administration panel on the Airspan WiMax ProST 4.1 antenna with ...) NOT-FOR-US: Airspan WiMax ProST CVE-2008-1263 (The Linksys WRT54G router stores passwords and keys in cleartext in ...) NOT-FOR-US: Linksys WRT54G router CVE-2008-1264 (The Linksys WRT54G router has "admin" as its default FTP password, ...) NOT-FOR-US: Linksys WRT54G router CVE-2008-1265 (The Linksys WRT54G router allows remote attackers to cause a denial of ...) NOT-FOR-US: Linksys WRT54G router CVE-2008-1266 (Multiple buffer overflows in the web interface on the D-Link DI-524 ...) NOT-FOR-US: D-Link DI-524 router CVE-2008-1267 (The Siemens SpeedStream 6520 router allows remote attackers to cause a ...) NOT-FOR-US: Siemens SpeedStream 6520 router CVE-2008-1268 (The FTP server on the Linksys WRT54G 7 router with 7.00.1 firmware ...) NOT-FOR-US: Linksys WRT54G 7 router CVE-2008-1269 (cp06_wifi_m_nocifr.cgi in the admin panel on the Alice Gate 2 Plus ...) NOT-FOR-US: Alice Gate 2 Plus Wi-Fi router CVE-2008-1270 (mod_userdir in lighttpd 1.4.18 and earlier, when userdir.path is not ...) BUG: 212930 CVE-2008-1271 REJECTED CVE-2008-1272 (Multiple SQL injection vulnerabilities in BM Classifieds 20080309 and ...) NOT-FOR-US: BM Classifieds CVE-2008-1273 (Multiple cross-site scripting (XSS) vulnerabilities in imageVue 1.7 ...) NOT-FOR-US: imageVue CVE-2008-1274 (Untrusted search path vulnerability in man in IBM AIX 6.1.0 allows ...) NOT-FOR-US: man in IBM AIX CVE-2008-1275 (Multiple unspecified vulnerabilities in the SMTP service in MailEnable ...) NOT-FOR-US: MailEnable Standard Edition CVE-2008-1276 (Multiple buffer overflows in the IMAP service (MEIMAPS.EXE) in ...) NOT-FOR-US: MailEnable Professional Edition and Enterprise Edition CVE-2008-1277 (The IMAP service (MEIMAPS.exe) in MailEnable Professional Edition and ...) NOT-FOR-US: MailEnable Professional Edition and Enterprise Edition CVE-2008-1278 (The RemotelyAnywhere.exe service in the Remotely Anywhere Server and ...) NOT-FOR-US: Remotely Anywhere Server and Workstation CVE-2008-1279 (Acronis True Image Group Server 1.5.19.191 and earlier, included in ...) NOT-FOR-US: Acronis True Image Enterprise Server CVE-2008-1280 (Acronis True Image Windows Agent 1.0.0.54 and earlier, included in ...) NOT-FOR-US: Acronis True Image Enterprise Server CVE-2008-1281 (Directory traversal vulnerability in TFTPsrvs.exe 2.5.3.1 and earlier, ...) NOT-FOR-US: Argon Technology Client Management Services CVE-2008-1282 (Buffer overflow in the BFup ActiveX control (BFup.dll) in B21Soft BFup ...) NOT-FOR-US: BFup CVE-2008-1283 (Cross-site scripting (XSS) vulnerability in Neptune Web Server 3.0 ...) NOT-FOR-US: Neptune Web Server CVE-2008-1284 (Directory traversal vulnerability in Horde 3.1.6, Groupware before ...) BUG: 213493 CVE-2008-1285 (Cross-site scripting (XSS) vulnerability in Sun Java Server Faces ...) NOT-FOR-US: Sun JSF CVE-2008-1286 (Unspecified vulnerability in Sun Java Web Console 3.0.2, 3.0.3, and ...) NOT-FOR-US: Sun Java Web Console CVE-2008-1287 (IBM Rational ClearQuest 7.0.1.1 and 7.0.0.2 generates different error ...) NOT-FOR-US: IBM Rational ClearQuest CVE-2008-1288 (IBM Rational ClearQuest 7.0.1.1 and 7.0.0.2 might allow local or ...) NOT-FOR-US: IBM Rational ClearQuest CVE-2008-1289 (Multiple buffer overflows in Asterisk Open Source 1.4.x before ...) NOTE: 1.4 only CVE-2008-1290 (ViewVC before 1.0.5 includes "all-forbidden" files within search ...) BUG: 212288 CVE-2008-1291 (ViewVC before 1.0.5 stores sensitive information under the web root ...) BUG: 212288 CVE-2008-1292 (ViewVC before 1.0.5 provides revision metadata without properly ...) BUG: 212288 CVE-2008-1293 (ldm in Linux Terminal Server Project (LTSP) 0.99 and 2 passes the -ac ...) NOTE: We do not ship LTSP 5.x. CVE-2008-1294 (Linux kernel 2.6.17, and other versions before 2.6.22, does not check ...) BUG: 215000 CVE-2008-1295 (SQL injection vulnerability in archives.php in Gregory Kokanosky (aka ...) NOT-FOR-US: Gregory Kokanosky phpMyNewsLetter CVE-2008-1296 (Multiple cross-site scripting (XSS) vulnerabilities in EncapsGallery ...) NOT-FOR-US: EncapsGallery CVE-2008-1297 (SQL injection vulnerability in index.php in the eWriting ...) NOT-FOR-US: Mambo com_ewriting CVE-2008-1298 (SQL injection vulnerability in Hadith module for PHP-Nuke allows ...) NOT-FOR-US: Kyantonius Hadith Module CVE-2008-1299 (Cross-site scripting (XSS) vulnerability in SolutionSearch.do in ...) NOT-FOR-US: ManageEngine ServiceDesk Plus CVE-2008-1300 (Cross-site scripting (XSS) vulnerability in the Logfile Viewer ...) NOT-FOR-US: Alkacon OpenCms CVE-2008-1301 (Absolute path traversal vulnerability in ...) NOT-FOR-US: Alkacon OpenCms CVE-2008-1302 (The Perforce service (p4s.exe) in Perforce Server 2007.3/143793 and ...) NOT-FOR-US: Perforce Server CVE-2008-1303 (The Perforce service (p4s.exe) in Perforce Server 2007.3/143793 and ...) NOT-FOR-US: Perforce Server CVE-2008-1304 (Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.3.2 ...) NOTE: Hard-masked CVE-2008-1305 (SQL injection vulnerability in filebase.php in the Filebase mod for ...) NOTE: Hard-masked CVE-2008-1306 (Multiple cross-site scripting (XSS) vulnerabilities in Savvy Content ...) NOT-FOR-US: Besavvy Savvy Content Manager CVE-2008-1307 (Heap-based buffer overflow in the KUpdateObj2 Class ActiveX control in ...) NOT-FOR-US: Kingsoft Antivirus Online Update Module CVE-2008-1308 (SQL injection vulnerability in the Sudirman Angriawan NukeC30 3.0 ...) NOT-FOR-US: PHP Nuke NukeC Module CVE-2008-1309 (The RealAudioObjects.RealAudio ActiveX control in rmoc3260.dll in ...) NOTE: Windows-only CVE-2008-1310 (Directory traversal vulnerability in the TFTP server in PacketTrap ...) NOT-FOR-US: PacketTrap PT360 Tool Suite CVE-2008-1311 (The TFTP server in PacketTrap pt360 Tool Suite PRO 2.0.3901.0 and ...) NOT-FOR-US: PacketTrap PT360 Tool Suite Pro CVE-2008-1312 (Unspecified vulnerability in the TFTP server in PacketTrap Networks ...) NOT-FOR-US: PacketTrap PT360 Tool Suite CVE-2008-1313 (Multiple SQL injection vulnerabilities in index.php in Bloo 1.00 and ...) NOT-FOR-US: Bloo CVE-2008-1314 (SQL injection vulnerability in the Johannes Hass gaestebuch 2.2 module ...) NOT-FOR-US: PHP Nuke Gaestebuch Module CVE-2008-1315 (SQL injection vulnerability in the ZClassifieds module for PHP-Nuke ...) NOT-FOR-US: PHP Nuke zClassifieds CVE-2008-1316 (SQL injection vulnerability in qtf_ind_search_ov.php in QT-cute ...) NOT-FOR-US: QT Cute QuickTalk Forum CVE-2008-1317 (Unspecified vulnerability in the Inter-Process Communication (IPC) ...) NOT-FOR-US: Sun Solaris CVE-2008-1318 (Unspecified vulnerability in MediaWiki 1.11 before 1.11.2 allows ...) BUG: 212170 CVE-2008-1319 (Untrusted search path and argument injection vulnerability in the ...) NOT-FOR-US: Versant Object Database CVE-2008-1320 (Multiple buffer overflows in ASG-Sentry Network Manager 7.0.0 and ...) NOT-FOR-US: ASG Sentry CVE-2008-1321 (The FxIAList service in ASG-Sentry Network Manager 7.0.0 and earlier ...) NOT-FOR-US: ASG Sentry CVE-2008-1322 (The File Check Utility (fcheck.exe) in ASG-Sentry Network Manager ...) NOT-FOR-US: ASG Sentry CVE-2008-1323 (Cross-site request forgery (CSRF) vulnerability in index.php in ...) NOT-FOR-US: WoltLab Burning Board Lite CVE-2008-1324 (Multiple directory traversal vulnerabilities in index.php in ...) NOT-FOR-US: Travelsized CMS CVE-2008-1325 (Multiple directory traversal vulnerabilities in index.php in Uberghey ...) NOT-FOR-US: Uberghey CMS CVE-2008-1326 (Cross-site scripting (XSS) vulnerability in search.php in Gallarific ...) NOT-FOR-US: Gallarific CVE-2008-1327 (Gallarific does not require authentication for (1) users.php and (2) ...) NOT-FOR-US: Gallarific CVE-2008-1328 (Buffer overflow in the LGServer service in CA ARCserve Backup for ...) NOT-FOR-US: LGServer CVE-2008-1329 (Unspecified vulnerability in the NetBackup service in CA ARCserve ...) NOT-FOR-US: NetBackup CVE-2008-1330 (Unspecified vulnerability in the Windows client API in Novell ...) NOT-FOR-US: Novell GroupWise CVE-2008-1331 (cgi-data/FastJSData.cgi in OmniPCX Office with Internet Access ...) NOT-FOR-US: OmniPCX Office CVE-2008-1332 (Unspecified vulnerability in Asterisk Open Source 1.2.x before 1.2.27, ...) BUG: 213883 CVE-2008-1333 (Format string vulnerability in Asterisk Open Source 1.6.x before ...) NOT-FOR-US: Asterisk Open Source 1.6 CVE-2008-1334 (cgi/b on the BT Home Hub router allows remote attackers to bypass ...) NOT-FOR-US: BT Home Hub CVE-2008-1335 (The ipsec4_get_ulp function in the kernel in NetBSD 2.0 through 3.1 ...) NOT-FOR-US: NetBSD CVE-2008-1336 (SQL injection vulnerability in Koobi CMS 4.2.3 through 4.3.0 allows ...) NOT-FOR-US: Koobi CMS CVE-2008-1337 (The instant message service in Timbuktu Pro 8.6.5 RC 229 and earlier ...) NOT-FOR-US: Timbuktu Pro CVE-2008-1338 (The Perforce service (p4s.exe) in Perforce Server 2007.3/143793 and ...) NOT-FOR-US: Perforce Server CVE-2008-1339 RESERVED CVE-2008-1340 (Virtual Machine Communication Interface (VMCI) in VMware Workstation ...) BUG: 213548 CVE-2008-1341 (SQL injection vulnerability in SearchResults.aspx in LaGarde ...) NOT-FOR-US: LaGarde StoreFront CVE-2008-1342 (Multiple cross-site scripting (XSS) vulnerabilities in the search ...) NOT-FOR-US: CollagePortal CVE-2008-1343 (Directory traversal vulnerability in (1) pkgadd and (2) pkgrm in SCO ...) NOT-FOR-US: pkgadd and pkgrm in SCO UnixWare CVE-2008-1344 (Multiple SQL injection vulnerabilities in MyioSoft EasyCalendar 4.0tr ...) NOT-FOR-US: MyioSoft EasyCalendar CVE-2008-1345 (Cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: MyioSoft EasyCalendar CVE-2008-1346 (SQL injection vulnerability in staticpages/easygallery/index.php in ...) NOT-FOR-US: MyioSoft EasyGallery CVE-2008-1347 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: MyioSoft EasyGallery CVE-2008-1348 (Cross-site scripting (XSS) vulnerability in index.php in the eWebsite ...) NOT-FOR-US: eWebsite CVE-2008-1349 (SQL injection vulnerability in viewcat.php in the bamaGalerie (Bama ...) NOT-FOR-US: bamaGalerie Bama Galerie CVE-2008-1350 (SQL injection vulnerability in kb.php in Fully Modded phpBB (phpbbfm) ...) NOT-FOR-US: Fully Modded phpBB phpbbfm CVE-2008-1351 (SQL injection vulnerability in the Tutorials 2.1b module for XOOPS ...) NOT-FOR-US: XOOPS CVE-2008-1352 (Directory traversal vulnerability in search.php in EdiorCMS (ecms) 3.0 ...) NOT-FOR-US: EdiorCMS ecms CVE-2008-1353 (zabbix_agentd in ZABBIX 1.4.4 allows remote attackers to cause a ...) BUG: 213765 CVE-2008-1354 (SQL injection vulnerability in MyIssuesView.asp in Advanced Data ...) NOT-FOR-US: Advanced Data Solutions Virtual Support Office-XP CVE-2008-1355 (Cross-site scripting (XSS) vulnerability in index.php in Jeebles ...) NOT-FOR-US: Jeebles Directory CVE-2008-1356 (Unspecified vulnerability in xscreensaver in Sun Solaris 10 Java ...) NOT-FOR-US: xscreensaver in Sun Solaris CVE-2008-1357 (Format string vulnerability in the logDetail function of applib.dll in ...) NOT-FOR-US: McAfee Common Management Agent CVE-2008-1358 (Stack-based buffer overflow in the IMAP server in Alt-N Technologies ...) NOT-FOR-US: MDaemon CVE-2008-1359 (Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB ...) NOT-FOR-US: Invision Power Board IPB or IP Board CVE-2008-1360 (Cross-site scripting (XSS) vulnerability in Nagios before 2.11 allows ...) BUG: 213766 CVE-2008-1361 (VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware ...) BUG: 213548 CVE-2008-1362 (VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware ...) BUG: 213548 CVE-2008-1363 (VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware ...) BUG: 213548 CVE-2008-1364 (Unspecified vulnerability in the DHCP service in VMware Workstation ...) BUG: 213548 CVE-2008-1365 (Stack-based buffer overflow in Trend Micro OfficeScan Corporate ...) NOT-FOR-US: Trend Micro OfficeScan CVE-2008-1366 (Trend Micro OfficeScan Corporate Edition 8.0 Patch 2 build 1189 and ...) NOT-FOR-US: Trend Micro OfficeScan CVE-2008-1367 (gcc 4.3.x does not generate a cld instruction while compiling ...) BUG: 213767 CVE-2008-1368 (CRLF injection vulnerability in Microsoft Internet Explorer 5 and 6 ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2008-1369 (A certain incorrect Sun Solaris 10 image on SPARC Enterprise T5120 and ...) NOT-FOR-US: Sun Solaris 10 CVE-2008-1370 (PHP remote file inclusion vulnerability in index.php in wildmary Yap ...) NOT-FOR-US: wildmary Yap Blog CVE-2008-1371 (Absolute path traversal vulnerability in install/index.php in Drake ...) NOT-FOR-US: Drake CMS CVE-2008-1372 (bzlib.c in bzip2 before 1.0.5 allows user-assisted remote attackers to ...) BUG: 213820 CVE-2008-1373 (Buffer overflow in the gif_read_lzw function in CUPS 1.3.6 allows ...) BUG: 214068 CVE-2008-1374 (Integer overflow in pdftops filter in CUPS in Red Hat Enterprise Linux ...) NOTE: obsolete CVE-2008-1375 (Race condition in the directory notification subsystem (dnotify) in ...) BUG: 216675 CVE-2008-1376 (A certain Red Hat build script for nfs-utils before 1.0.9-35z.el5_2 on ...) NOT-FOR-US: redhat nfs_utils CVE-2008-1377 (The (1) SProcRecordCreateContext and (2) SProcRecordRegisterClients ...) BUG: 225419 CVE-2008-1378 REJECTED CVE-2008-1379 (Integer overflow in the fbShmPutImage function in the MIT-SHM ...) BUG: 225419 CVE-2008-1380 (The JavaScript engine in Mozilla Firefox before 2.0.0.14, Thunderbird ...) BUG: 218065 CVE-2008-1381 (ZoneMinder before 1.23.3 allows remote authenticated users, and ...) BUG: 219694 CVE-2008-1382 (libpng 1.0.6 through 1.0.32, 1.2.0 through 1.2.26, and 1.4.0beta01 ...) BUG: 217047 CVE-2008-1383 (The docert function in ssl-cert.eclass, when used by src_compile or ...) BUG: 174759 CVE-2008-1384 (Integer overflow in PHP 5.2.5 and earlier allows context-dependent ...) BUG: 215266 CVE-2008-1385 (Cross-site scripting (XSS) vulnerability in the Top Referrers (aka ...) NOT-FOR-US: S9Y Serendipity CVE-2008-1386 (Multiple cross-site scripting (XSS) vulnerabilities in the installer ...) NOT-FOR-US: S9Y Serendipity CVE-2008-1387 (ClamAV before 0.93 allows remote attackers to cause a denial of ...) BUG: 213762 CVE-2008-1388 RESERVED CVE-2008-1389 (libclamav/chmunpack.c in the chm-parser in ClamAV before 0.94 allows ...) BUG: 236665 CVE-2008-1390 (The AsteriskGUI HTTP server in Asterisk Open Source 1.4.x before ...) NOTE: 1.4 only CVE-2008-1391 (Multiple integer overflows in libc in NetBSD 4.x, FreeBSD 6.x and 7.x, ...) NOT-FOR-US: libc in NetBSD CVE-2008-1392 (The default configuration of VMware Workstation 6.0.2, VMware Player ...) BUG: 213548 CVE-2008-1393 (Plone CMS 3.0.5, and probably other 3.x versions, places a base64 ...) NOTE: Plone 3.X only CVE-2008-1394 (Plone CMS before 3 places a base64 encoded form of the username and ...) NOTE: Transmitting passwords via HTTP is insecure anyway CVE-2008-1395 (Plone CMS does not record users' authentication states, and implements ...) NOTE: Plone 3.X only CVE-2008-1396 (Plone CMS 3.x uses invariant data (a client username and a server ...) NOTE: Plone 3.X only CVE-2008-1397 (Check Point VPN-1 Power/UTM, with NGX R60 through R65 and NG AI R55 ...) NOT-FOR-US: Checkpoint Check Point VPN 1 Pro CVE-2008-1398 (SQL injection vulnerability in online.php in AuraCMS 2.0 through 2.2.1 ...) NOT-FOR-US: AuraCMS CVE-2008-1399 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) NOT-FOR-US: Clansphere CVE-2008-1400 (Directory traversal vulnerability in the Net Inspector HTTP Server ...) NOT-FOR-US: mghttpd CVE-2008-1401 (Format string vulnerability in the Net Inspector HTTP server (mghttpd) ...) NOT-FOR-US: mghttpd CVE-2008-1402 (MG-SOFT Net Inspector 6.5.0.828 and earlier for Windows allows remote ...) NOT-FOR-US: MG SOFT Net Inspector CVE-2008-1403 (Stack-based buffer overflow in the TFTP server in BootManage TFTPD ...) NOT-FOR-US: BootManage Administrator CVE-2008-1404 (SQL injection vulnerability in index.php in the Viso (Industry Book) ...) NOT-FOR-US: Viso Industry Book CVE-2008-1405 (PHP remote file inclusion vulnerability in code/display.php in ...) NOT-FOR-US: fuzzylime cms CVE-2008-1406 (SQL injection vulnerability in annonces-p-f.php in the MyAnnonces 1.8 ...) NOT-FOR-US: MyAnnonces CVE-2008-1407 (SQL injection vulnerability in index.php in the WebChat 1.60 module ...) NOT-FOR-US: eXV2 CVE-2008-1408 (SQL injection vulnerability in includes/functions/banners-external.php ...) NOT-FOR-US: phpBP CVE-2008-1409 (Multiple directory traversal vulnerabilities in the Default theme in ...) NOT-FOR-US: Exero CMS CVE-2008-1410 (Directory traversal vulnerability in the PXE Server (pxesrv.exe) in ...) NOT-FOR-US: Acronis Snap Deploy CVE-2008-1411 (The PXE Server (pxesrv.exe) in Acronis Snap Deploy 2.0.0.1076 and ...) NOT-FOR-US: Acronis Snap Deploy CVE-2008-1412 (Unspecified vulnerability in multiple F-Secure anti-virus products, ...) NOT-FOR-US: F-Secure anti-virus CVE-2008-1413 (Cross-site scripting (XSS) vulnerability in search.php in SNewsCMS Rus ...) NOT-FOR-US: SNewsCMS Rus CVE-2008-1414 (Cross-site scripting (XSS) vulnerability in Multiple Time Sheets (MTS) ...) NOT-FOR-US: Multiple Time Sheets CVE-2008-1415 (Directory traversal vulnerability in index.php in Multiple Time Sheets ...) NOT-FOR-US: Multiple Time Sheets MTS CVE-2008-1416 (Multiple PHP remote file inclusion vulnerabilities in PHPauction GPL ...) NOT-FOR-US: PHPauction CVE-2008-1417 (The prerm script in axyl 2.1.7 allows local users to overwrite ...) NOT-FOR-US: Axyl CVE-2008-1418 RESERVED CVE-2008-1419 (Xiph.org libvorbis 1.2.0 and earlier does not properly handle a zero ...) BUG: 222085 CVE-2008-1420 (Integer overflow in residue partition value (aka partvals) evaluation ...) BUG: 222085 CVE-2008-1421 RESERVED CVE-2008-1422 RESERVED CVE-2008-1423 (Integer overflow in a certain quantvals and quantlist calculation in ...) BUG: 222085 CVE-2008-1424 RESERVED CVE-2008-1425 (SQL injection vulnerability in index.php in the gallery module in ...) NOT-FOR-US: Easy Clanpage CVE-2008-1426 (SQL injection vulnerability in album.asp in KAPhotoservice allows ...) NOT-FOR-US: KAPhotoservice CVE-2008-1427 (SQL injection vulnerability in the Joobi Acajoom (com_acajoom) 1.1.5 ...) NOTE: Masked CVE-2008-1428 (Multiple cross-site scripting (XSS) vulnerabilities in the Ubercart ...) NOT-FOR-US: Drupal Ubercart Module CVE-2008-1429 (Secure Internet Live Conferencing (SILC) Server before 1.1.1 allows ...) BUG: 214116 CVE-2008-1430 (SQL injection vulnerability in links.asp in ASPapp allows remote ...) NOT-FOR-US: Iatek ASPapp CVE-2008-1431 (RaidSonic NAS-4220-B with 2.6.0-n(2007-10-11) firmware stores a ...) NOT-FOR-US: RaidSonic Technology Firmware CVE-2008-1432 (Cross-site scripting (XSS) vulnerability in SolutionSearch.do in ...) NOT-FOR-US: ManageEngine SupportCenter Plus CVE-2008-1433 RESERVED CVE-2008-1434 (Use-after-free vulnerability in Microsoft Word in Office 2000 and XP ...) NOT-FOR-US: Microsoft word_viewer CVE-2008-1435 (Windows Explorer in Microsoft Windows Vista up to SP1, and Server ...) NOT-FOR-US: Microsoft Windows Server 2008 CVE-2008-1436 (Microsoft Windows XP Professional SP2, Vista, and Server 2003 and 2008 ...) NOT-FOR-US: Microsoft Windows CVE-2008-1437 (Unspecified vulnerability in Microsoft Malware Protection Engine ...) NOT-FOR-US: Microsoft forefront_security_for_exchange_server CVE-2008-1438 (Unspecified vulnerability in Microsoft Malware Protection Engine ...) NOT-FOR-US: Microsoft Malware Protection Engine mpengine dll CVE-2008-1439 RESERVED CVE-2008-1440 (Microsoft Windows XP SP2 and SP3, and Server 2003 SP1 and SP2, does ...) NOT-FOR-US: Microsoft Windows CVE-2008-1441 (Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold ...) NOT-FOR-US: Microsoft Windows CVE-2008-1442 (Heap-based buffer overflow in the substringData method in Microsoft ...) NOT-FOR-US: Microsoft Internet Explorer 6 and 7 CVE-2008-1443 RESERVED CVE-2008-1444 (Stack-based buffer overflow in Microsoft DirectX 7.0 and 8.1 on ...) NOT-FOR-US: Microsoft DirectX CVE-2008-1445 (Active Directory on Microsoft Windows 2000 Server SP4, XP Professional ...) NOT-FOR-US: Active Directory on Microsoft Windows CVE-2008-1446 (Integer overflow in the Internet Printing Protocol (IPP) ISAPI ...) NOT-FOR-US: Internet Printing Protocol IPP ISAPI extension in Microsoft Internet Information Services IIS CVE-2008-1447 (The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, ...) BUG: 231201 BUG: 231282 BUG: 231283 BUG: 231285 BUG: 233217 CVE-2008-1448 (The MHTML protocol handler in a component of Microsoft Outlook Express ...) NOT-FOR-US: Microsoft Windows Mail CVE-2008-1449 RESERVED CVE-2008-1450 RESERVED CVE-2008-1451 (The WINS service on Microsoft Windows 2000 SP4, and Server 2003 SP1 ...) NOT-FOR-US: WINS service on Microsoft Windows CVE-2008-1452 RESERVED CVE-2008-1453 (The Bluetooth stack in Microsoft Windows XP SP2 and SP3, and Vista ...) NOT-FOR-US: Bluetooth stack in Microsoft Windows CVE-2008-1454 (Unspecified vulnerability in Microsoft DNS in Windows 2000 SP4, Server ...) NOT-FOR-US: Microsoft windows nt CVE-2008-1455 (A "memory calculation error" in Microsoft Office PowerPoint 2000 SP3, ...) NOT-FOR-US: Microsoft compatibility_pack_word_excel_powerpoint CVE-2008-1456 (Array index vulnerability in the Event System in Microsoft Windows ...) NOT-FOR-US: Microsoft windows nt CVE-2008-1457 (The Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server ...) NOT-FOR-US: Microsoft windows nt CVE-2008-1458 (Cross-site scripting (XSS) vulnerability in index.php in CS-Cart 1.3.2 ...) NOT-FOR-US: CS Cart CVE-2008-1459 (SQL injection vulnerability in the Alberghi (com_alberghi) 2.1.3 and ...) NOT-FOR-US: Alberghi com_alberghi for Joomla CVE-2008-1460 (SQL injection vulnerability in the Joovideo (com_joovideo) 1.0 and ...) NOT-FOR-US: Joovideo com_joovideo CVE-2008-1461 (Buffer overflow in XnView 1.92.1 allows user-assisted remote attackers ...) BUG: 175670 CVE-2008-1462 (SQL injection vulnerability in the sections (Section) module in RunCMS ...) NOT-FOR-US: RunCMS CVE-2008-1463 (Cross-site scripting (XSS) vulnerability in the management GUI in ...) NOT-FOR-US: Imperva SecureSphere MX Management Server CVE-2008-1464 (Multiple SQL injection vulnerabilities in Gallarific Free Edition 1.1 ...) NOT-FOR-US: Gallarific CVE-2008-1465 (SQL injection vulnerability in the Detodas Restaurante ...) NOT-FOR-US: Detodas Restaurante (com_restaurante) CVE-2008-1466 (Multiple PHP remote file inclusion vulnerabilities in W-Agora 4.0 ...) NOT-FOR-US: W Agora CVE-2008-1467 (** DISPUTED ** ...) BUG: 214204 CVE-2008-1468 (Cross-site scripting (XSS) vulnerability in namazu.cgi in Namazu ...) BUG: 214266 CVE-2008-1469 (Gallarific Free Edition 1.1 does not require authentication for (1) ...) NOT-FOR-US: Gallarific CVE-2008-1470 (Incomplete blacklist vulnerability in IISWebAgentIF.dll in the WebID ...) NOT-FOR-US: WebID RSA Authentication Agent CVE-2008-1471 (The cpoint.sys driver in Panda Internet Security 2008 and Antivirus+ ...) NOT-FOR-US: Panda Internet Security CVE-2008-1472 (Stack-based buffer overflow in the ListCtrl ActiveX Control ...) NOT-FOR-US: CA BrightStor ARCserve Backup CVE-2008-1473 (The Altiris Client Service (AClient.exe) in Symantec Altiris ...) NOT-FOR-US: Symantec Altiris Deployment Solution CVE-2008-1474 (Multiple unspecified vulnerabilities in Roundup before 1.4.4 have ...) BUG: 212488 CVE-2008-1475 (The xml-rpc server in Roundup 1.4.4 does not check property ...) BUG: 214666 CVE-2008-1476 (Cross-site scripting (XSS) vulnerability in Serendipity (S9Y) before ...) NOT-FOR-US: Serendipity CVE-2008-1477 (Multiple cross-site scripting (XSS) vulnerabilities in busca.php in ...) NOT-FOR-US: eForum CVE-2008-1478 (Home FTP Server 1.4.5.89 allows remote attackers to cause a denial of ...) NOT-FOR-US: Home FTP Server CVE-2008-1479 (Cross-site scripting (XSS) vulnerability in index.php in ...) NOT-FOR-US: cyberfrogs net cfnetgs CVE-2008-1480 (rpc.metad in Sun Solaris 10 allows remote attackers to cause a denial ...) NOT-FOR-US: Sun Solaris CVE-2008-1481 (Cross-site scripting (XSS) vulnerability in index.php in webSPELL ...) NOT-FOR-US: webSPELL CVE-2008-1482 (Multiple integer overflows in xine-lib 1.1.11 and earlier allow remote ...) BUG: 214270 CVE-2008-1483 (OpenSSH 4.3p2, and probably other versions, allows local users to ...) BUG: 214985 CVE-2008-1484 (The password reset feature in PunBB 1.2.16 and earlier uses ...) NOT-FOR-US: PunBB CVE-2008-1485 (Cross-site scripting (XSS) vulnerability in PunBB 1.2.16 and earlier ...) NOT-FOR-US: PunBB CVE-2008-1486 (SQL injection vulnerability in Phorum before 5.2.6, when mysql_use_ft ...) NOT-FOR-US: Phorum CVE-2008-1487 (Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before ...) NOT-FOR-US: LinPHA CVE-2008-1488 (Stack-based buffer overflow in apc.c in Alternative PHP Cache (APC) ...) NOT-FOR-US: Alternative PHP Cache APC CVE-2008-1489 (Integer overflow in the MP4_ReadBox_rdrf function in libmp4.c for VLC ...) NOT-FOR-US: MP4_ReadBox_rdrf CVE-2008-1490 (Buffer overflow in a certain Aurigma ActiveX control in ...) NOT-FOR-US: Aurigma Image Uploader ActiveX control CVE-2008-1491 (Stack-based buffer overflow in the DPC Proxy server (DpcProxy.exe) in ...) NOT-FOR-US: Asus Remote Console CVE-2008-1492 (Multiple directory traversal vulnerabilities in CoronaMatrix ...) NOT-FOR-US: CoronaMatrix phpAddressBook CVE-2008-1493 (Directory traversal vulnerability in login.php in Cuteflow Bin 1.5.0 ...) NOT-FOR-US: Cuteflow Bin CVE-2008-1494 (SQL injection vulnerability in inc/module/online.php in Easy-Clanpage ...) NOT-FOR-US: Easy Clanpage CVE-2008-1495 (Unrestricted file upload vulnerability in administrer/produits.php in ...) NOT-FOR-US: Peel CVE-2008-1496 (Multiple SQL injection vulnerabilities in PEEL, possibly 3.x and ...) NOT-FOR-US: Peel CVE-2008-1497 (Stack-based buffer overflow in the IMAP service in NetWin SurgeMail ...) NOT-FOR-US: NetWin SurgeMail CVE-2008-1498 (Stack-based buffer overflow in the IMAP service in NetWin Surgemail ...) NOT-FOR-US: NetWin SurgeMail CVE-2008-1499 (Cross-site scripting (XSS) vulnerability in frontend/x/manpage.html in ...) NOT-FOR-US: cPanel CVE-2008-1500 (Cross-site scripting (XSS) vulnerability in index.php in TinyPortal ...) NOT-FOR-US: Tiny Portal CVE-2008-1501 (The send_user_mode function in s_user.c in (1) Undernet ircu ...) NOT-FOR-US: QuakeNet snircd CVE-2008-1502 (The _bad_protocol_once function in phpgwapi/inc/class.kses.inc.php in ...) BUG: 214212 CVE-2008-1503 (Cross-site scripting (XSS) vulnerability in the web management ...) NOT-FOR-US: F5 BIG IP CVE-2008-1504 (Cross-site scripting (XSS) vulnerability in setup.php3 in phpHeaven ...) NOT-FOR-US: phpHeaven phpMyChat CVE-2008-1505 (PHP remote file inclusion vulnerability in the SSTREAMTV custompages ...) NOT-FOR-US: SSTREAMTV Custompages CVE-2008-1506 (PEEL, possibly 3.x and earlier, allows remote attackers to obtain ...) NOT-FOR-US: Peel CVE-2008-1507 (PEEL, possibly 3.x and earlier, has (1) a default info@peel.fr account ...) NOT-FOR-US: Peel CVE-2008-1508 (SQL injection vulnerability in EfesTech E-Kontör and earlier allows ...) NOT-FOR-US: EfesTech CVE-2008-1509 (SQL injection vulnerability in index.php in XLPortal 2.2.4 and earlier ...) NOT-FOR-US: XLPortal CVE-2008-1510 (Cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: Alkacon OpenCMS CVE-2008-1511 (Multiple PHP remote file inclusion vulnerabilities in ooComments 1.0 ...) NOT-FOR-US: ooComments CVE-2008-1512 (Directory traversal vulnerability in admin/admin_xs.php in eXtreme ...) NOT-FOR-US: phpBB Module XS CVE-2008-1513 (SQL injection vulnerability in index.php in Danneo CMS 0.5.1 and ...) NOT-FOR-US: Danneo CMS CVE-2008-1514 (arch/s390/kernel/ptrace.c in Linux kernel 2.6.9, and other versions ...) NOTE: Old, Linux kernel 2.6.9 on Fedora 7 and 8 CVE-2008-1515 (The SOAP interface in OTRS 2.1.x before 2.1.8 and 2.2.x before 2.2.6 ...) BUG: 215138 CVE-2008-1516 RESERVED CVE-2008-1517 (Array index error in the xnu (Mach) kernel in Apple Mac OS X 10.5 ...) NOT-FOR-US: apple mac_os_x_server CVE-2008-1518 (Stack-based buffer overflow in kl1.sys in Kaspersky Anti-Virus 6.0 and ...) NOT-FOR-US: Kaspersky Lab Kaspersky Anti Virus CVE-2008-1519 RESERVED CVE-2008-1520 RESERVED CVE-2008-1521 (ZyXEL Prestige routers, including P-660 and P-661 models with firmware ...) NOT-FOR-US: ZyXEL CVE-2008-1522 (ZyXEL Prestige routers, including P-660 and P-661 models with firmware ...) NOT-FOR-US: ZyXEL CVE-2008-1523 (ZyXEL Prestige routers, including P-660, P-661, and P-662 models with ...) NOT-FOR-US: ZyXEL CVE-2008-1524 (The SNMP service on ZyXEL Prestige routers, including P-660 and P-661 ...) NOT-FOR-US: ZyXEL CVE-2008-1525 (The default SNMP configuration on ZyXEL Prestige routers, including ...) NOT-FOR-US: ZyXEL CVE-2008-1526 (ZyXEL Prestige routers, including P-660, P-661, and P-662 models with ...) NOT-FOR-US: ZyXEL CVE-2008-1527 (ZyXEL Prestige routers, including P-660, P-661, and P-662 models with ...) NOT-FOR-US: ZyXEL CVE-2008-1528 (ZyXEL Prestige routers, including P-660, P-661, and P-662 models with ...) NOT-FOR-US: ZyXEL CVE-2008-1529 (ZyXEL Prestige routers have a minimum password length for the admin ...) NOT-FOR-US: ZyXEL CVE-2008-1530 (GnuPG (gpg) 1.4.8 and 2.0.8 allows remote attackers to cause a denial ...) BUG: 214990 CVE-2008-1531 (The connection_state_machine function (connections.c) in lighttpd ...) BUG: 214892 CVE-2008-1532 (Perlbal before 1.70, when buffered upload is enabled, allows remote ...) BUG: 214784 CVE-2008-1533 (Unspecified vulnerability in the XML-RPC Blogger API plugin in Joomla! ...) NOT-FOR-US: XML RPC Blogger API plugin in Joomla CVE-2008-1534 (Multiple directory traversal vulnerabilities in PowerPHPBoard 1.00b ...) NOT-FOR-US: PowerScripts PowerPHPBoard CVE-2008-1535 (SQL injection vulnerability in the Matti Kiviharju rekry (aka ...) NOT-FOR-US: Matti Kiviharju Rekry Component CVE-2008-1536 (Cross-site scripting (XSS) vulnerability in index.php in Pictures Pro ...) NOT-FOR-US: PicturesPro Photo Cart CVE-2008-1537 (Directory traversal vulnerability in pb_inc/admincenter/index.php in ...) NOT-FOR-US: PowerScripts PowerBook CVE-2008-1538 (Cross-site scripting (XSS) vulnerability in searchAction.do in ...) NOT-FOR-US: ManageEngine EventLog Analyzer CVE-2008-1539 (SQL injection vulnerability in includes/dynamic_titles.php in PHP-Nuke ...) NOT-FOR-US: FutureNuke PHP_Nuke Platinum CVE-2008-1540 (SQL injection vulnerability in the Datsogallery (com_datsogallery) ...) NOT-FOR-US: Mambo Datsogallery CVE-2008-1541 (Directory traversal vulnerability in cgi-bin/his-webshop.pl in HIS ...) NOT-FOR-US: HIS Webshop CVE-2008-1542 (Airspan Base Station Distribution Unit (BSDU) has "topsecret" as its ...) NOT-FOR-US: Airspan base_station_distribution_unit CVE-2008-1543 (The Advanced User Interface Pages in the ProST Web Management ...) NOT-FOR-US: Airspan prost_web_management CVE-2008-1544 (The setRequestHeader method of the XMLHttpRequest object in Microsoft ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2008-1545 (The setRequestHeader method of the XMLHttpRequest object in Microsoft ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2008-1546 (servlet/MIMEReceiveServlet in the web controller for Mitsubishi ...) NOT-FOR-US: mitsubishi_electric GB CVE-2008-1547 (Open redirect vulnerability in exchweb/bin/redir.asp in Microsoft ...) NOT-FOR-US: Microsoft Outlook Web Access OWA for Exchange Server CVE-2008-1548 (Multiple cross-site scripting (XSS) vulnerabilities in Aeries Browser ...) NOT-FOR-US: Aeries Browser Interface ABI CVE-2008-1549 (Multiple SQL injection vulnerabilities in Aeries Browser Interface ...) NOT-FOR-US: Eagle Software Aries Student Information System CVE-2008-1550 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) NOT-FOR-US: CubeCart CVE-2008-1551 (SQL injection vulnerability in viewcat.php in the Photo 3.02 module ...) NOT-FOR-US: RunCMS CVE-2008-1552 (The silc_pkcs1_decode function in the silccrypt library (silcpkcs1.c) ...) BUG: 214812 CVE-2008-1553 (Directory traversal vulnerability in mod.php in TopperMod 1.0 allows ...) NOT-FOR-US: TopperMod CVE-2008-1554 (SQL injection vulnerability in account/index.php in TopperMod 2.0, ...) NOT-FOR-US: TopperMod CVE-2008-1555 (Directory traversal vulnerability in ...) NOT-FOR-US: BolinOS CVE-2008-1556 (Multiple cross-site scripting (XSS) vulnerabilities in BolinOS 4.6.1 ...) NOT-FOR-US: BolinOS CVE-2008-1557 (BolinOS 4.6.1 allows remote attackers to obtain sensitive information ...) NOT-FOR-US: BolinOS CVE-2008-1558 (Uncontrolled array index in the sdpplin_parse function in ...) BUG: 215006 CVE-2008-1559 (SQL injection vulnerability in the Bernard Gilly AlphaContent ...) NOT-FOR-US: Bernard Gilly AlphaContent com_alphacontent CVE-2008-1560 (Multiple cross-site scripting (XSS) vulnerabilities in Digiappz ...) NOT-FOR-US: Digiappz DigiDomain CVE-2008-1561 (Multiple unspecified vulnerabilities in Wireshark (formerly Ethereal) ...) BUG: 215276 CVE-2008-1562 (The LDAP dissector in Wireshark (formerly Ethereal) 0.99.2 through ...) BUG: 215276 CVE-2008-1563 (The "decode as" feature in packet-bssap.c in the SCCP dissector in ...) BUG: 215276 CVE-2008-1564 (Directory traversal vulnerability in Dan Costin File Transfer before ...) NOT-FOR-US: Dan Costin File Transfer CVE-2008-1565 (Directory traversal vulnerability in forum/irc/irc.php in the PJIRC ...) NOT-FOR-US: PJIRC CVE-2008-1566 (Cross-site scripting (XSS) vulnerability in Search.do in ManageEngine ...) NOT-FOR-US: ManageEngine Applications Manager CVE-2008-1567 (phpMyAdmin before 2.11.5.1 stores the MySQL (1) username and (2) ...) BUG: 215502 CVE-2008-1568 (comix 3.6.4 allows attackers to execute arbitrary commands via a ...) BUG: 215694 CVE-2008-1569 (policyd-weight 0.1.14 beta-16 and earlier allows local users to modify ...) BUG: 214403 CVE-2008-1570 (Race condition in the create_lockpath function in policyd-weight ...) BUG: 214403 CVE-2008-1571 (Directory traversal vulnerability in the embedded web server in Image ...) NOT-FOR-US: embedded web server in Image Capture in Apple Mac OS X CVE-2008-1572 (Image Capture in Apple Mac OS X before 10.5 does not properly use ...) NOT-FOR-US: Apple Mac OS X CVE-2008-1573 (The BMP and GIF image decoding engine in ImageIO in Apple Mac OS X ...) NOT-FOR-US: ImageIO in Apple Mac OS X CVE-2008-1574 (Integer overflow in ImageIO in Apple Mac OS X before 10.5.3 allows ...) NOT-FOR-US: ImageIO in Apple Mac OS X CVE-2008-1575 (Unspecified vulnerability in the Apple Type Services (ATS) server in ...) NOT-FOR-US: Apple Type Services ATS server in Apple Mac OS X CVE-2008-1576 (Mail in Apple Mac OS X before 10.5, when an IPv6 SMTP server is used, ...) NOT-FOR-US: Apple Mac OS X CVE-2008-1577 (Unspecified vulnerability in the Pixlet codec in Apple Pixlet Video in ...) NOT-FOR-US: Pixlet codec in Apple Pixlet Video in Apple Mac OS X CVE-2008-1578 (The sso_util program in Single Sign-On in Apple Mac OS X before 10.5.3 ...) NOT-FOR-US: Single Sign On in Apple Mac OS X CVE-2008-1579 (Wiki Server in Apple Mac OS X 10.5 before 10.5.3 allows remote ...) NOT-FOR-US: Apple Mac OS X CVE-2008-1580 (CFNetwork in Safari in Apple Mac OS X before 10.5.3 automatically ...) NOT-FOR-US: Safari in Apple Mac OS X CVE-2008-1581 (Heap-based buffer overflow in Apple QuickTime before 7.5 on Windows ...) NOT-FOR-US: Apple QuickTime CVE-2008-1582 (Unspecified vulnerability in Apple QuickTime before 7.5 allows remote ...) NOT-FOR-US: Apple QuickTime CVE-2008-1583 (Heap-based buffer overflow in Apple QuickTime before 7.5 allows remote ...) NOT-FOR-US: Apple QuickTime CVE-2008-1584 (Stack-based buffer overflow in Indeo.qtx in Apple QuickTime before 7.5 ...) NOT-FOR-US: Apple QuickTime CVE-2008-1585 (Apple QuickTime before 7.5 uses the url.dll!FileProtocolHandler ...) NOT-FOR-US: Apple QuickTime CVE-2008-1586 (ImageIO in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod ...) NOT-FOR-US: apple iphone_os CVE-2008-1587 RESERVED CVE-2008-1588 (Safari on Apple iPhone before 2.0 and iPod touch before 2.0 allows ...) NOT-FOR-US: Apple Safari CVE-2008-1589 (Safari on Apple iPhone before 2.0 and iPod touch before 2.0 ...) NOT-FOR-US: Apple Safari CVE-2008-1590 (JavaScriptCore in WebKit on Apple iPhone before 2.0 and iPod touch ...) NOT-FOR-US: WebKit javascriptcore CVE-2008-1591 (The pnVarPrepForStore function in PostNuke 0.764 and earlier skips ...) NOT-FOR-US: PostNuke CVE-2008-1592 (MQSeries 5.1 in IBM WebSphere MQ 5.1 through 5.3.1 on the HP NonStop ...) NOT-FOR-US: IBM WebSphere MQ CVE-2008-1593 (The checkpoint and restart feature in the kernel in IBM AIX 5.2, 5.3, ...) NOT-FOR-US: IBM AIX CVE-2008-1594 (The kernel in IBM AIX 5.2 and 5.3 does not properly handle resizing ...) NOT-FOR-US: IBM AIX CVE-2008-1595 (The proc filesystem in the kernel in IBM AIX 5.2 and 5.3 does not ...) NOT-FOR-US: IBM AIX CVE-2008-1596 (Trusted Execution in IBM AIX 6.1 uses an incorrect pathname argument ...) NOT-FOR-US: IBM AIX CVE-2008-1597 (The WPAR system call implementation in the kernel in IBM AIX 6.1 ...) NOT-FOR-US: IBM AIX CVE-2008-1598 (The kernel in IBM AIX 6.1 allows local users with ProbeVue privileges ...) NOT-FOR-US: IBM AIX CVE-2008-1599 (The nddstat programs on IBM AIX 5.2, 5.3, and 6.1 do not properly ...) NOT-FOR-US: IBM AIX CVE-2008-1600 (The lsmcode program on IBM AIX 5.2, 5.3, and 6.1 does not properly ...) NOT-FOR-US: IBM AIX CVE-2008-1601 (Stack-based buffer overflow in the reboot program on IBM AIX 5.2 and ...) NOT-FOR-US: IBM AIX CVE-2008-1602 (Stack-based buffer overflow in Orbit downloader 2.6.3 and 2.6.4 allows ...) NOT-FOR-US: orbit_downloader CVE-2008-1603 (Cross-site scripting (XSS) vulnerability in GNB DesignForm before 3.9 ...) NOT-FOR-US: gnb designform CVE-2008-1604 (Cross-site scripting (XSS) vulnerability in PerlMailer before 3.02 ...) NOT-FOR-US: perlmailer CVE-2008-1605 (The (1) ltmmCaptureCtrl Class, (2) ltmmConvertCtrl Class, and (3) ...) NOT-FOR-US: Leadtools multimedia_toolkit CVE-2008-1606 (Multiple directory traversal vulnerabilities in Elastic Path (EP) 4.1 ...) NOT-FOR-US: elastic_path CVE-2008-1607 (SQL injection vulnerability in haberoku.php in Serbay Arslanhan Bomba ...) NOT-FOR-US: Serby Arslanhan Bomba Haber CVE-2008-1608 (SQL injection vulnerability in postview.php in Clever Copy 3.0 allows ...) NOT-FOR-US: Clever Copy CVE-2008-1609 (Multiple PHP remote file inclusion vulnerabilities in just another ...) NOT-FOR-US: jaf_cms CVE-2008-1610 (Stack-based buffer overflow in TallSoft Quick TFTP Server Pro 2.1 ...) NOT-FOR-US: tallsoft_quick tftp_server_pro CVE-2008-1611 (Stack-based buffer overflow in TFTP Server SP 1.4 for Windows allows ...) NOT-FOR-US: tftp server winagents_tftp_server CVE-2008-1612 (The arrayShrink function (lib/Array.c) in Squid 2.6.STABLE17 allows ...) BUG: 216319 CVE-2008-1613 (SQL injection vulnerability in ioRD.asp in RedDot CMS 7.5 Build ...) NOT-FOR-US: RedDot CMS CVE-2008-1614 (suPHP before 0.6.3 allows local users to gain privileges via (1) a ...) BUG: 215568 CVE-2008-1615 (Linux kernel 2.6.18, and possibly other versions, when running on ...) BUG: 220979 CVE-2008-1616 RESERVED CVE-2008-1617 (Double free vulnerability in Web TransferCtrl Class 8,2,1,4 ...) NOT-FOR-US: interwoven worksite_web CVE-2008-1618 (The PPTP VPN service in Watchguard Firebox before 10, when performing ...) NOT-FOR-US: Watchguard Firebox CVE-2008-1619 (The ssm_i emulation in Xen 5.1 on IA64 architectures allows attackers ...) BUG: 220981 CVE-2008-1620 (Directory traversal vulnerability in 2X TFTP service (TFTPd.exe) ...) NOT-FOR-US: 2X ThinClientServer CVE-2008-1621 (Multiple cross-site scripting (XSS) vulnerabilities in GeeCarts allow ...) NOT-FOR-US: Geertsen Holdings Inc GeeCarts CVE-2008-1622 (Multiple PHP remote file inclusion vulnerabilities in GeeCarts allow ...) NOT-FOR-US: Geertsen Holdings Inc GeeCarts CVE-2008-1623 (SQL injection vulnerability in admin_view_image.php in Smoothflash ...) NOT-FOR-US: Lotus Web Studios Inc Smoothflash CVE-2008-1624 (Directory traversal vulnerability in v2demo/page.php in Jshop Server ...) NOT-FOR-US: Whorl Ltd JShop Server CVE-2008-1625 (aavmker4.sys in avast! Home and Professional 4.7 for Windows does not ...) NOT-FOR-US: Avast Antivirus Home CVE-2008-1626 (SQL injection vulnerability in eggBlog before 4.0.1 allows remote ...) NOT-FOR-US: eggblog CVE-2008-1627 (CDS Invenio 0.92.1 and earlier allows remote authenticated users to ...) NOT-FOR-US: CDS Software Consortium Invenio CVE-2008-1628 (Stack-based buffer overflow in the audit_log_user_command function in ...) BUG: 215705 CVE-2008-1629 (Cross-site scripting (XSS) vulnerability in PHPkrm before 1.5.0 allows ...) NOT-FOR-US: Pau Rodriguez PHPkrm CVE-2008-1630 (Multiple cross-site scripting (XSS) vulnerabilities in CuteFlow 1.5.0 ...) NOT-FOR-US: EMEDIA OFFICE GmbH CuteFlow CVE-2008-1631 (SQL injection vulnerability in login.php in CuteFlow 1.5.0 and 2.10.0 ...) NOT-FOR-US: EMEDIA OFFICE GmbH CuteFlow CVE-2008-1632 (Multiple SQL injection vulnerabilities in CuteFlow 2.10.0 allow remote ...) NOT-FOR-US: EMEDIA OFFICE GmbH CuteFlow CVE-2008-1633 (Unspecified vulnerability in Mondo Rescue before 2.2.5 has unknown ...) NOTE: ~arch only, 2.2.5 already in the tree CVE-2008-1634 (Cross-site scripting (XSS) vulnerability in index.php in JV2 Folder ...) NOT-FOR-US: JV2 Folder Gallery CVE-2008-1635 (Directory traversal vulnerability in view_private.php in Keep It ...) NOT-FOR-US: Raven PHP Scripts Keep It Simple Guest Book CVE-2008-1636 (Cross-site scripting (XSS) vulnerability in index.php in JV2 Quick ...) NOT-FOR-US: JV2 Quick Gallery CVE-2008-1637 (PowerDNS Recursor before 3.1.5 uses insufficient randomness to ...) BUG: 215567 CVE-2008-1638 (Nik Sharpener Pro, possibly 2.0, uses world-writable permissions for ...) NOT-FOR-US: NIK Software Inc NIK Sharpener Pro CVE-2008-1639 (SQL injection vulnerability in index.php in Neat weblog 0.2 allows ...) NOT-FOR-US: Neat Weblog CVE-2008-1640 (SQL injection vulnerability in jgs_treffen.php in the JGS-XA ...) NOT-FOR-US: JGS XA JGS_Treffen CVE-2008-1641 (SQL injection vulnerability in default.asp in EfesTECH Video 5.0 ...) NOT-FOR-US: EfesTech Video CVE-2008-1642 (Directory traversal vulnerability in index.php in Sava's GuestBook 2.0 ...) NOT-FOR-US: Savas Place Savas Guestbook CVE-2008-1643 (Directory traversal vulnerability in the PXE TFTP Service ...) NOT-FOR-US: LANDesk Software LANDesk Management Suite CVE-2008-1644 (SQL injection vulnerability in viewlinks.php in Sava's Link Manager ...) NOT-FOR-US: Savas Place Savas Link Manager CVE-2008-1645 (Directory traversal vulnerability in body.php in phpSpamManager ...) NOT-FOR-US: Guillaume Meister PHP SpamManager CVE-2008-1646 (SQL injection vulnerability in wp-download.php in the WP-Download 1.2 ...) NOT-FOR-US: Arnos Toolbox WP Download CVE-2008-1647 (The ChilkatHttp.ChilkatHttp.1 and ChilkatHttp.ChilkatHttpRequest.1 ...) NOT-FOR-US: Chilkat Software ChilkatHttp ActiveX CVE-2008-1648 (Sympa before 5.4 allows remote attackers to cause a denial of service ...) NOT-FOR-US: Sympa CVE-2008-1649 (Cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: MyioSoft EasyNews CVE-2008-1650 (SQL injection vulnerability in dynamicpages/index.php in EasyNews 4.0 ...) NOT-FOR-US: MyioSoft EasyNews CVE-2008-1651 (Directory traversal vulnerability in admin/login.php in EasyNews 4.0 ...) NOT-FOR-US: MyioSoft EasyNews CVE-2008-1652 (Directory traversal vulnerability in the _serve_request_multiple ...) BUG: 214784 CVE-2008-1653 (Directory traversal vulnerability in index.php in Sava's Link Manager ...) NOT-FOR-US: Savas Place Savas Link Manager CVE-2008-1654 (Interaction error between Adobe Flash and multiple Universal Plug and ...) BUG: 204344 CVE-2008-1655 (Unspecified vulnerability in Adobe Flash Player 9.0.115.0 and earlier, ...) BUG: 204344 CVE-2008-1656 (Adobe ColdFusion 8 and 8.0.1 does not properly implement the public ...) NOT-FOR-US: Adobe ColdFusion CVE-2008-1657 (OpenSSH 4.4 up to versions before 4.9 allows remote authenticated ...) BUG: 215702 CVE-2008-1658 (Format string vulnerability in the grant helper ...) BUG: 215701 CVE-2008-1659 (Unspecified vulnerability in HP LDAP-UX vB.04.10 through vB.04.15 ...) NOT-FOR-US: HP LDAP-UX CVE-2008-1660 (Unspecified vulnerability in useradd on HP-UX B.11.11, B.11.23, and ...) NOT-FOR-US: HP UX CVE-2008-1661 (Stack-based buffer overflow in DoubleTake.exe in HP StorageWorks ...) NOT-FOR-US: HP storageworks_storage_mirroring CVE-2008-1662 (Unspecified vulnerability in the HP System Administration Manager ...) NOT-FOR-US: HP system_administration_manager CVE-2008-1663 (Cross-site scripting (XSS) vulnerability in HP System Management ...) NOT-FOR-US: HP System Management Homepage CVE-2008-1664 (Unspecified vulnerability in libc on HP HP-UX B.11.23 and B.11.31 ...) NOT-FOR-US: HP UX CVE-2008-1665 (Multiple unspecified vulnerabilities in HP Select Identity (HPSI) ...) NOT-FOR-US: hpsi_active_directory_bidirectional_ldap_connector CVE-2008-1666 (Unspecified vulnerability in HP Oracle for OpenView (OfO) 8.1.7, ...) NOT-FOR-US: HP Oracle for OpenView CVE-2008-1667 (The Probe Builder Service (aka PBOVISServer.exe) in European ...) NOT-FOR-US: European Performance Systems EPS Probe Builder CVE-2008-1668 (ftpd.c in (1) wu-ftpd 2.4.2 and (2) ftpd in HP HP-UX B.11.11 assigns ...) NOT-FOR-US: HP UX CVE-2008-1669 (Linux kernel before 2.6.25.2 does not apply a certain protection ...) BUG: 220691 CVE-2008-1670 (Heap-based buffer overflow in the progressive PNG Image loader ...) BUG: 218848 CVE-2008-1671 (start_kdeinit in KDE 3.5.5 through 3.5.9, when installed setuid root, ...) BUG: 218933 CVE-2008-1672 (OpenSSL 0.9.8f and 0.9.8g allows remote attackers to cause a denial of ...) BUG: 223429 CVE-2008-1673 (The asn1 implementation in (a) the Linux kernel 2.4 before 2.4.36.6 ...) BUG: 225461 CVE-2008-1674 REJECTED CVE-2008-1675 (The bdx_ioctl_priv function in the tehuti driver (tehuti.c) in Linux ...) BUG: 220105 CVE-2008-1676 (Red Hat PKI Common Framework (rhpki-common) in Red Hat Certificate ...) NOT-FOR-US: Netscape Certificate Management System CVE-2008-1677 (Buffer overflow in the regular expression handler in Red Hat Directory ...) NOT-FOR-US: Red Hat Fedora Directory Server CVE-2008-1678 (Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c ...) BUG: 222643 CVE-2008-1679 (Multiple integer overflows in imageop.c in Python before 2.5.3 allow ...) BUG: 216673 CVE-2008-1680 (PHP-Nuke Platinum 7.6.b.5 allows remote attackers to obtain ...) NOT-FOR-US: Francisco Burzi PHP Nuke CVE-2008-1681 (Unspecified vulnerability in IBM DB2 Content Manager before 8.3 FP8 ...) NOT-FOR-US: IBM DB2 Content Manager CVE-2008-1682 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Online FlashQuiz com_onlineflashquiz CVE-2008-1683 REJECTED NOT-FOR-US: rejected.. CVE-2008-1684 (inetd on Sun Solaris 10, when debug logging is enabled, allows local ...) NOT-FOR-US: Sun Solaris CVE-2008-1685 (** DISPUTED ** ...) BUG: 216859 CVE-2008-1686 (Array index vulnerability in Speex 1.1.12 and earlier, as used in ...) BUG: 216499 CVE-2008-1687 (The (1) maketemp and (2) mkstemp builtin functions in GNU m4 before ...) BUG: 217229 CVE-2008-1688 (Unspecified vulnerability in GNU m4 before 1.4.11 might allow ...) BUG: 217229 CVE-2008-1689 (Stack consumption vulnerability in WebContainer.exe 1.0.0.336 and ...) NOT-FOR-US: WebContainer exe CVE-2008-1690 (WebContainer.exe 1.0.0.336 and earlier in SLMail Pro 6.3.1.0 and ...) NOT-FOR-US: SLMail Pro CVE-2008-1691 (Unspecified vulnerability in SLMail.exe in SLMail Pro 6.3.1.0 and ...) NOT-FOR-US: SLMail Pro CVE-2008-1692 (Eterm 0.9.4 opens a terminal window on :0 if -display is not specified ...) BUG: 216833 CVE-2008-1693 (The CairoFont::create function in CairoFontEngine.cc in Poppler, ...) BUG: 216850 CVE-2008-1694 (vcdiff in Emacs 20.7 to 22.1.50, when used with SCCS, allows local ...) BUG: 216880 CVE-2008-1695 RESERVED CVE-2008-1696 (Directory traversal vulnerability in makepost.php in DaZPHPNews 0.1-1, ...) NOT-FOR-US: dazphpnews CVE-2008-1697 (Stack-based buffer overflow in ovwparser.dll in HP OpenView Network ...) NOT-FOR-US: HP OpenView Network Node Manager CVE-2008-1698 (Cross-site scripting (XSS) vulnerability in gallery.php in Simple ...) NOT-FOR-US: ventrian simple_gallery CVE-2008-1699 (SQL injection vulnerability in permalink.php in Desi Quintans Writer's ...) NOT-FOR-US: desiquintans writers_block_cms CVE-2008-1700 (The Web TransferCtrl Class 8,2,1,4 (iManFile.cab), as used in WorkSite ...) NOT-FOR-US: interwoven worksite_web CVE-2008-1701 (Novell NetWare 6.5 allows attackers to cause a denial of service ...) NOT-FOR-US: Novell iPrint CVE-2008-1702 (Absolute path traversal vulnerability in dload.php in the my_gallery ...) NOT-FOR-US: e107 CVE-2008-1703 (Multiple buffer overflows in TIBCO Software Rendezvous before 8.1.0, ...) NOT-FOR-US: Tibco Rendezvous CVE-2008-1704 (Multiple buffer overflows in TIBCO Software Enterprise Message Service ...) NOT-FOR-US: Tibco iprocess_engine CVE-2008-1705 (Format string vulnerability in the logging function in IBM solidDB ...) NOT-FOR-US: IBM solidDB CVE-2008-1706 (Uncontrolled array index in IBM solidDB 06.00.1018 and earlier allows ...) NOT-FOR-US: IBM solidDB CVE-2008-1707 (IBM solidDB 06.00.1018 and earlier allows remote attackers to cause a ...) NOT-FOR-US: IBM solidDB CVE-2008-1708 (IBM solidDB 06.00.1018 and earlier does not validate a certain field ...) NOT-FOR-US: IBM solidDB CVE-2008-1709 (Buffer overflow in Microsoft Visual InterDev 6.0 (SP6) allows ...) NOT-FOR-US: Microsoft Visual InterDev CVE-2008-1710 (Untrusted search path vulnerability in chnfsmnt in IBM AIX 6.1 allows ...) NOT-FOR-US: IBM AIX CVE-2008-1711 (Terong PHP Photo Gallery (aka Advanced Web Photo Gallery) 1.0 stores ...) NOT-FOR-US: Terong advanced_web_photo_gallery CVE-2008-1712 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: mx_system mxBB CVE-2008-1713 (MailServer.exe in NoticeWare Email Server 4.6.1.0 allows remote ...) NOT-FOR-US: noticeware email_server CVE-2008-1714 (SQL injection vulnerability in show.php in FaScript FaPhoto 1.0, when ...) NOT-FOR-US: FaScript Faphoto CVE-2008-1715 (SQL injection vulnerability in content/user.php in AuraCMS 2.2.1 and ...) NOT-FOR-US: AuraCMS CVE-2008-1716 (Cross-site scripting (XSS) vulnerability in WoltLab Community ...) NOT-FOR-US: WoltLab Burning Board CVE-2008-1717 (WoltLab Community Framework (WCF) 1.0.6 in WoltLab Burning Board 3.0.5 ...) NOT-FOR-US: WoltLab Burning Board CVE-2008-1718 (Buffer overflow in mimesr.dll in Autonomy (formerly Verity) KeyView, ...) NOT-FOR-US: Autonomy KeyView CVE-2008-1719 (Multiple cross-site request forgery (CSRF) vulnerabilities in Nuke ET ...) NOT-FOR-US: Tru Zone NukeET CVE-2008-1720 (Buffer overflow in rsync 2.6.9 to 3.0.1, with extended attribute ...) BUG: 216887 CVE-2008-1721 (Integer signedness error in the zlib extension module in Python 2.5.2 ...) BUG: 217221 CVE-2008-1722 (Multiple integer overflows in (1) filter/image-png.c and (2) ...) BUG: 217232 CVE-2008-1723 RESERVED CVE-2008-1724 (Stack-based buffer overflow in the IActiveXTransfer.FileTransfer ...) NOT-FOR-US: Tumbleweed securetransport_server_app CVE-2008-1725 (The IBizEBank.FIProfile.1 ActiveX control in fiprofile20.ocx in IBiz ...) NOT-FOR-US: IBiz E Banking Integrator formerly IBiz OFX Integrator CVE-2008-1726 (Multiple SQL injection vulnerabilities in KnowledgeQuest 2.6, when ...) NOT-FOR-US: KnowledgeQuest CVE-2008-1727 (KnowledgeQuest 2.5 and 2.6 does not require authentication for access ...) NOT-FOR-US: KnowledgeQuest CVE-2008-1728 (ConnectionManagerImpl.java in Ignite Realtime Openfire 3.4.5 allows ...) BUG: 217234 CVE-2008-1729 (The menu system in Drupal 6 before 6.2 has incorrect menu settings, ...) BUG: 217223 CVE-2008-1730 (Directory traversal vulnerability in download.html in ARWScripts ...) NOT-FOR-US: ARWScripts Gallery Script Lite CVE-2008-1731 (The Simple Access module for Drupal 5.x through 5.x-1.2-2 does not ...) NOT-FOR-US: Simple Access module for Drupal CVE-2008-1732 (SQL injection vulnerability in showpredictionsformatch.php in ...) NOT-FOR-US: Prediction Football CVE-2008-1733 (SQL injection vulnerability in puarcade.class.php 2.2 and earlier in ...) NOT-FOR-US: Pragmatic Utopia PU Arcade CVE-2008-1734 (Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux ...) BUG: 209535 CVE-2008-1735 (BitDefender Antivirus 2008 20080118 and earlier allows local users to ...) NOT-FOR-US: BitDefender Antivirus CVE-2008-1736 (Comodo Firewall Pro before 3.0 does not properly validate certain ...) NOT-FOR-US: Comodo Firewall Pro CVE-2008-1737 (Sophos Anti-Virus 7.0.5, and other 7.x versions, when Runtime ...) NOT-FOR-US: Sophos Anti-Virus CVE-2008-1738 (Rising Antivirus 2008 before 20.38.20 allows local users to cause a ...) NOT-FOR-US: Rising Antivirus CVE-2008-1739 (Apple QuickTime before 7.4.5 allows remote attackers to cause a denial ...) NOT-FOR-US: apple quicktime CVE-2008-1740 (The Presence Engine (PE) service in Cisco Unified Presence before ...) NOT-FOR-US: Cisco Unified Presence CVE-2008-1741 (The SIP Proxy (SIPD) service in Cisco Unified Presence before 6.0(3) ...) NOT-FOR-US: Cisco Unified Presence CVE-2008-1742 (Memory leak in the Certificate Trust List (CTL) Provider service in ...) NOT-FOR-US: Cisco Unified Communications Manager CVE-2008-1743 (Memory leak in the Certificate Trust List (CTL) Provider service in ...) NOT-FOR-US: Cisco Unified Communications Manager CVE-2008-1744 (The Certificate Authority Proxy Function (CAPF) service in Cisco ...) NOT-FOR-US: Cisco Unified CallManager CVE-2008-1745 (Cisco Unified Communications Manager (CUCM) 5.x before 5.1(2) and 6.x ...) NOT-FOR-US: Cisco Unified Communications Manager CVE-2008-1746 (The SNMP Trap Agent service in Cisco Unified Communications Manager ...) NOT-FOR-US: Cisco Unified Communications Manager CVE-2008-1747 (Unspecified vulnerability in Cisco Unified Communications Manager 4.1 ...) NOT-FOR-US: Cisco Unified CallManager CVE-2008-1748 (Cisco Unified Communications Manager 4.1 before 4.1(3)SR7, 4.2 before ...) NOT-FOR-US: Cisco Unified Communications Manager CVE-2008-1749 (Memory leak in Cisco Content Switching Module (CSM) 4.2(3) up to ...) NOT-FOR-US: Cisco Content Switching Module CSM CVE-2008-1750 (SQL injection vulnerability in Integry Systems LiveCart 1.1.1 and ...) NOT-FOR-US: Integry Systems LiveCart CVE-2008-1751 (Multiple directory traversal vulnerabilities in index.php in Ksemail ...) NOT-FOR-US: Ksemail CVE-2008-1752 (ezRADIUS 0.1 stores sensitive information under the web root with ...) NOT-FOR-US: ezRADIUS CVE-2008-1753 (Cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: Alkacon OpenCMS CVE-2008-1754 (Symantec Altiris Deployment Solution before 6.9.164 stores the ...) NOT-FOR-US: Symantec Altiris Deployment Solution CVE-2008-1755 (Directory traversal vulnerability in the showSource function in ...) NOT-FOR-US: World of Phaos CVE-2008-1756 (Unspecified vulnerability in the Qmaster daemon in Sun N1 Grid Engine ...) NOT-FOR-US: Qmaster CVE-2008-1757 (Cross-site scripting (XSS) vulnerability in index.php in the ...) NOT-FOR-US: kwsphp CVE-2008-1758 (SQL injection vulnerability in the ConcoursPhoto module for KwsPHP ...) NOT-FOR-US: kwsphp CVE-2008-1759 (SQL injection vulnerability in the jeuxflash module for KwsPHP allows ...) NOT-FOR-US: kwsphp CVE-2008-1760 (Multiple PHP remote file inclusion vulnerabilities in Blogator-script ...) NOT-FOR-US: blogator_script CVE-2008-1761 (Opera before 9.27 allows remote attackers to cause a denial of service ...) BUG: 216022 CVE-2008-1762 (Opera before 9.27 allows remote attackers to cause a denial of service ...) BUG: 216022 CVE-2008-1763 (SQL injection vulnerability in _blogadata/include/sond_result.php in ...) NOT-FOR-US: blogator_script CVE-2008-1764 (Unspecified vulnerability in Opera before 9.27 has unknown impact and ...) BUG: 216022 CVE-2008-1765 (Buffer overflow in Adobe Photoshop Album Starter Edition 3.2, and ...) NOT-FOR-US: Adobe Photoshop CVE-2008-1766 (Multiple unspecified vulnerabilities in phpBB before 3.0.1 have ...) BUG: 217224 CVE-2008-1767 (Buffer overflow in pattern.c in libxslt before 1.1.24 allows ...) BUG: 222499 CVE-2008-1768 (Multiple integer overflows in VLC before 0.8.6f allow remote attackers ...) BUG: 214627 CVE-2008-1769 (VLC before 0.8.6f allow remote attackers to cause a denial of service ...) BUG: 214627 CVE-2008-1770 (CRLF injection vulnerability in Akamai Download Manager ActiveX ...) NOT-FOR-US: Akamai Technologies Download Manager CVE-2008-1771 (Integer overflow in the ws_getpostvars function in Firefly Media ...) BUG: 217986 CVE-2008-1772 (iScripts SocialWare stores passwords in cleartext in a database, which ...) NOT-FOR-US: iscripts socialware CVE-2008-1773 (PHP remote file inclusion vulnerability in includes/header.inc.php in ...) NOT-FOR-US: dragoon CVE-2008-1774 (SQL injection vulnerability in editlink.php in Pligg 9.9.0 allows ...) NOT-FOR-US: Pligg CMS CVE-2008-1775 (Cross-site scripting (XSS) vulnerability in mindex.do in ManageEngine ...) NOT-FOR-US: ManageEngine Firewall Analyzer CVE-2008-1776 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: phpblock CVE-2008-1777 (The eDirectory Host Environment service (dhost.exe) in Novell ...) NOT-FOR-US: Novell eDirectory CVE-2008-1778 (Unspecified vulnerability in the floating point context switch ...) NOT-FOR-US: Sun Solaris CVE-2008-1779 (Sun Solaris 8, 9, and 10 allows "remote privileged" users to cause a ...) NOT-FOR-US: Sun Solaris CVE-2008-1780 (Unspecified vulnerability in the labeled networking functionality in ...) NOT-FOR-US: Sun Solaris CVE-2008-1781 REJECTED CVE-2008-1782 (phpdemo/viewsource.php in Advanced Software Engineering ChartDirector ...) NOT-FOR-US: ChartDIrector CVE-2008-1783 (Prozilla Reviews 1.0 allows remote attackers to delete arbitrary users ...) NOT-FOR-US: prozilla CVE-2008-1784 (Prozilla Topsites 1.0 allows remote attackers to perform ...) NOT-FOR-US: prozilla CVE-2008-1785 (delete.php in Prozilla Top 100 1.2 allows remote authenticated users ...) NOT-FOR-US: prozilla CVE-2008-1786 (The DSM gui_cm_ctrls ActiveX control (gui_cm_ctrls.ocx), as used in ...) NOT-FOR-US: Computer Associates desktop_and_server_management CVE-2008-1787 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) NOT-FOR-US: Poplar Gedcom Viewer CVE-2008-1788 (SQL injection vulnerability in directory.php in Prozilla Entertainers ...) NOT-FOR-US: ProZIlla entertainers CVE-2008-1789 (SQL injection vulnerability in forum.php in Prozilla Forum allows ...) NOT-FOR-US: ProZIlla forum CVE-2008-1790 (Unrestricted file upload vulnerability in iScripts SocialWare allows ...) NOT-FOR-US: iscripts socialware CVE-2008-1791 (SQL injection vulnerability in ladder.php in My Gaming Ladder 7.5 and ...) NOT-FOR-US: MyGamingLadder CVE-2008-1792 (Cross-site scripting (XSS) vulnerability in the insertion filter in ...) NOT-FOR-US: Drupal flickr_module CVE-2008-1793 (Multiple cross-site scripting (XSS) vulnerabilities in view.cgi in ...) NOT-FOR-US: hoffice smart_photo_ads_gold CVE-2008-1794 (Multiple cross-site scripting (XSS) vulnerabilities in the Webform ...) NOT-FOR-US: Drupal webform_module CVE-2008-1795 (Multiple cross-site scripting (XSS) vulnerabilities in Blackboard ...) NOT-FOR-US: Blackboard Academic Suite CVE-2008-1796 (Comix 3.6.4 creates temporary directories with predictable names, ...) BUG: 215694 CVE-2008-1797 (Unspecified vulnerability in Secure Computing Webwasher 5.30 before ...) NOT-FOR-US: Secure Computing webwasher CVE-2008-1798 (Directory traversal vulnerability in forum/kietu/libs/calendrier.php ...) NOT-FOR-US: dragoon CVE-2008-1799 (Directory traversal vulnerability in thumbnails.php in sabros.us 1.75 ...) NOT-FOR-US: Sabros US CVE-2008-1800 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) NOT-FOR-US: divxdb CVE-2008-1801 (Integer underflow in the iso_recv_msg function (iso.c) in rdesktop ...) BUG: 220911 CVE-2008-1802 (Buffer overflow in the process_redirect_pdu (rdp.c) function in ...) BUG: 220911 CVE-2008-1803 (Integer signedness error in the xrealloc function (rdesktop.c) in ...) BUG: 220911 CVE-2008-1804 (preprocessors/spp_frag3.c in Sourcefire Snort before 2.8.1 does not ...) BUG: 223217 CVE-2008-1805 (Incomplete blacklist vulnerability in Skype 3.6.0.248, and other ...) NOTE: According to Skype advisory 2008-003, only Skype on Windows is affected. CVE-2008-1806 (Integer overflow in FreeType2 before 2.3.6 allows context-dependent ...) BUG: 225851 CVE-2008-1807 (FreeType2 before 2.3.6 allow context-dependent attackers to execute ...) BUG: 225851 CVE-2008-1808 (Multiple off-by-one errors in FreeType2 before 2.3.6 allow ...) BUG: 225851 CVE-2008-1809 (Heap-based buffer overflow in Novell eDirectory 8.7.3 before ...) NOT-FOR-US: Novell eDirectory CVE-2008-1810 (Untrusted search path vulnerability in dbmsrv in SAP MaxDB 7.6.03.15 ...) NOT-FOR-US: SAP MaxDB CVE-2008-1811 (Unspecified vulnerability in Oracle Application Express 3.0.1 has ...) NOT-FOR-US: Oracle Application Express component in Oracle Application Express CVE-2008-1812 (Unspecified vulnerability in the Oracle Enterprise Manager component ...) NOT-FOR-US: Oracle Enterprise Manager component in Oracle Database CVE-2008-1813 (Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5 FIPS+, ...) NOT-FOR-US: Oracle Database CVE-2008-1814 (Unspecified vulnerability in the Oracle Secure Enterprise Search or ...) NOT-FOR-US: Oracle Secure Enterprise Search or Ultrasearch component in Oracle Database CVE-2008-1815 (Unspecified vulnerability in the Change Data Capture component in ...) NOT-FOR-US: Change Data Capture component in Oracle Database CVE-2008-1816 (Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 and ...) NOT-FOR-US: Oracle Database CVE-2008-1817 (Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5 FIPS+, ...) NOT-FOR-US: Oracle Database CVE-2008-1818 (Unspecified vulnerability in the Authentication component in Oracle ...) NOT-FOR-US: Authentication component in Oracle Database CVE-2008-1819 (Unspecified vulnerability in the Oracle Net Services component in ...) NOT-FOR-US: Oracle Net Services component in Oracle Database CVE-2008-1820 (Unspecified vulnerability in the Data Pump component in Oracle ...) NOT-FOR-US: Data Pump component in Oracle Database CVE-2008-1821 (Unspecified vulnerability in the Advanced Queuing component in Oracle ...) NOT-FOR-US: Advanced Queuing component in Oracle Database CVE-2008-1822 (Unspecified vulnerability in the Oracle Application Express component ...) NOT-FOR-US: Oracle Application Express component in Oracle Application Express CVE-2008-1823 (Unspecified vulnerability in the Oracle Jinitiator component in Oracle ...) NOT-FOR-US: Oracle Jinitiator component in Oracle Application Server CVE-2008-1824 (Unspecified vulnerability in the Oracle Dynamic Monitoring Service ...) NOT-FOR-US: Oracle Dynamic Monitoring Service component in Oracle Application Server CVE-2008-1825 (Unspecified vulnerability in the Oracle Portal component in Oracle ...) NOT-FOR-US: Oracle Portal component in Oracle Application Server CVE-2008-1826 (Multiple unspecified vulnerabilities in Oracle E-Business Suite ...) NOT-FOR-US: Oracle E Business Suite CVE-2008-1827 (Multiple unspecified vulnerabilities in Oracle E-Business Suite ...) NOT-FOR-US: Oracle E Business Suite CVE-2008-1828 (Unspecified vulnerability in the PeopleSoft PeopleTools component in ...) NOT-FOR-US: PeopleSoft PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne CVE-2008-1829 (Unspecified vulnerability in the PeopleSoft HCM Recruiting component ...) NOT-FOR-US: PeopleSoft HCM Recruiting component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne CVE-2008-1830 (Unspecified vulnerability in the PeopleSoft HCM ePerformance component ...) NOT-FOR-US: PeopleSoft HCM ePerformance component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne CVE-2008-1831 (Multiple unspecified vulnerabilities in the Siebel SimBuilder ...) NOT-FOR-US: Siebel SimBuilder component in Oracle Siebel Enterprise CVE-2008-1832 (lib/prefs.tcl in Cecilia 2.0.5 allows local users to overwrite ...) NOT-FOR-US: cecilia CVE-2008-1833 (Heap-based buffer overflow in pe.c in libclamav in ClamAV 0.92.1 ...) BUG: 213762 CVE-2008-1834 (swfdec_load_object.c in Swfdec before 0.6.4 does not properly restrict ...) BUG: 217158 CVE-2008-1835 (ClamAV before 0.93 allows remote attackers to bypass the scanning ...) BUG: 213762 CVE-2008-1836 (The rfc2231 function in message.c in libclamav in ClamAV before 0.93 ...) BUG: 213762 CVE-2008-1837 (libclamunrar in ClamAV before 0.93 allows remote attackers to cause a ...) BUG: 213762 CVE-2008-1838 (SQL injection vulnerability in BosClassifieds Classified Ads System ...) NOT-FOR-US: BosDev bos_classifieds CVE-2008-1839 (Multgiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: WORK system e commerce CVE-2008-1840 (SQL injection vulnerability in upload.php in Coppermine Photo Gallery ...) BUG: 217575 CVE-2008-1841 (SQL injection vulnerability in the session handling functionality in ...) BUG: 217575 CVE-2008-1842 (Integer signedness error in ovspmd.exe in HP OpenView Network Node ...) NOT-FOR-US: HP OpenView Network Node Manager CVE-2008-1843 (SQL injection vulnerability in browse.php in W2B DatingClub (aka ...) NOT-FOR-US: W2B dating_club CVE-2008-1844 (SQL injection vulnerability in cat.php in W2B phpHotResources allows ...) NOT-FOR-US: W2B phphotresources CVE-2008-1845 (The Korn shell (aka mksh) before R33d on MirOS (aka MirBSD) does not ...) BUG: 218241 CVE-2008-1846 (The default configuration of SAP NetWeaver before 7.0 SP15 does not ...) NOT-FOR-US: SAP netweaver CVE-2008-1847 (SQL injection vulnerability in view.php in CoronaMatrix phpAddressBook ...) NOT-FOR-US: CoronaMatrix phpAddressBook CVE-2008-1848 (Cross-site scripting (XSS) vulnerability in the joomlaXplorer ...) NOT-FOR-US: joomlacode joomlaexplorer CVE-2008-1849 (Directory traversal vulnerability in index.php in the joomlaXplorer ...) NOT-FOR-US: joomlacode joomlaexplorer CVE-2008-1850 (Multiple cross-site scripting (XSS) vulnerabilities in login.php in ...) NOT-FOR-US: osiaffiliate CVE-2008-1851 (ovalarmsrv in HP OpenView Network Node Manager (OV NNM) 7.51, 7.53, ...) NOT-FOR-US: HP OpenView Network Node Manager CVE-2008-1852 (ovalarmsrv in HP OpenView Network Node Manager (OV NNM) 7.51, 7.53, ...) NOT-FOR-US: HP OpenView Network Node Manager CVE-2008-1853 (The ovtopmd service in HP OpenView Network Node Manager (OV NNM) 7.51, ...) NOT-FOR-US: HP OpenView Network Node Manager CVE-2008-1854 (Unspecified vulnerability in SmarterMail Web Server (SMWebSvr.exe) in ...) NOT-FOR-US: SmarterTools SmarterMail CVE-2008-1855 (FrameworkService.exe in McAfee Common Management Agent (CMA) 3.6.0.574 ...) NOT-FOR-US: McAfee CMA CVE-2008-1856 (plugins/maps/db_handler.php in LinPHA 1.3.3 and earlier does not ...) NOT-FOR-US: LinPHA CVE-2008-1857 (Multiple directory traversal vulnerabilities in viewsource.php in Make ...) NOT-FOR-US: mole make_our_life_easy CVE-2008-1858 (SQL injection vulnerability in index.php in 724Networks 724CMS 4.01 ...) NOT-FOR-US: 724CMS CVE-2008-1859 (SQL injection vulnerability in events.php in iScripts SocialWare ...) NOT-FOR-US: iscripts socialware CVE-2008-1860 (Static code injection vulnerability in admin.php in LokiCMS 0.3.3 and ...) NOT-FOR-US: LokiCMS CVE-2008-1861 (Directory traversal vulnerability in modules/threadstop/threadstop.php ...) NOT-FOR-US: ExBB Italia CVE-2008-1862 (ExBB Italia 0.22 and earlier only checks GET requests that use the ...) NOT-FOR-US: ExBB Italia CVE-2008-1863 (SQL injection vulnerability in view_reviews.php in Prozilla Cheat ...) NOT-FOR-US: Prozilla Cheat Script CVE-2008-1864 (SQL injection vulnerability in project.php in Prozilla Freelancers ...) NOT-FOR-US: Prozilla Freelancers CVE-2008-1865 (Stack-based buffer overflow in the msx_readnode function in libmosix.c ...) NOT-FOR-US: openmosix CVE-2008-1866 (admin/modif_config.php in Blog Pixel Motion (aka PixelMotion) ...) NOT-FOR-US: Blog Pixel Motion CVE-2008-1867 (SQL injection vulnerability in Blog Pixel Motion (aka Blog ...) NOT-FOR-US: Blog Pixel Motion CVE-2008-1868 (admin/sauvBase.php in Blog Pixel Motion (aka Blog PixelMotion) does ...) NOT-FOR-US: Blog Pixel Motion CVE-2008-1869 (SQL injection vulnerability in Site Sift Listings allows remote ...) NOT-FOR-US: Site Sift Listings CVE-2008-1870 (SQL injection vulnerability in getdata.php in PIGMy-SQL 1.4.1 and ...) NOT-FOR-US: PIGMy SQL CVE-2008-1871 (SQL injection vulnerability in links.php in Scriptsagent.com Links ...) NOT-FOR-US: Scriptsagent com Links Directory CVE-2008-1872 (SQL injection vulnerability in home.news.php in Comdev News Publisher ...) NOT-FOR-US: Comdev News Publisher CVE-2008-1873 (Cross-site scripting (XSS) vulnerability in the private message ...) NOT-FOR-US: Nuke ET CVE-2008-1874 (SQL injection vulnerability in account/user/mail.html in Xpoze Pro ...) NOT-FOR-US: Xpoze Pro CVE-2008-1875 (SQL injection vulnerability in index.php in Terong PHP Photo Gallery ...) NOT-FOR-US: Terong PHP Photo Gallery aka Advanced Web Photo Gallery CVE-2008-1876 (PHP remote file inclusion vulnerability in index.php in VisualPic ...) NOT-FOR-US: VisualPic CVE-2008-1877 (tss 0.8.1 allows local users to read arbitrary files via the -a ...) NOT-FOR-US: tss CVE-2008-1878 (Stack-based buffer overflow in the demux_nsf_send_chunk function in ...) BUG: 218059 CVE-2008-1879 RESERVED CVE-2008-1880 (The default configuration of Firebird before 2.0.3.12981.0-r6 on ...) BUG: 216158 CVE-2008-1881 (Stack-based buffer overflow in the ParseSSA function ...) BUG: 214277 CVE-2008-1882 RESERVED CVE-2008-1883 (The server in Blackboard Academic Suite 7.x stores MD5 password hashes ...) NOT-FOR-US: Blackboard Academic Suite CVE-2008-1884 (Directory traversal vulnerability in index.php in Wikepage Opus 13 ...) NOT-FOR-US: Wikepage Opus CVE-2008-1885 (Directory traversal vulnerability in the NeffyLauncher 1.0.5 ActiveX ...) NOT-FOR-US: NeffyLauncher CVE-2008-1886 (The NeffyLauncher 1.0.5 ActiveX control (NeffyLauncher.dll) in ...) NOT-FOR-US: CDNetworks CVE-2008-1887 (Python 2.5.2 and earlier allows context-dependent attackers to execute ...) BUG: 217221 CVE-2008-1888 (Cross-site scripting (XSS) vulnerability in Microsoft Windows ...) NOT-FOR-US: Microsoft Windows SharePoint Services CVE-2008-1889 (SQL injection vulnerability in viewcat.php in XplodPHP AutoTutorials ...) NOT-FOR-US: XplodPHP AutoTutorials CVE-2008-1890 (SQL injection vulnerability in the Jom Comment 2.0 build 345 component ...) NOT-FOR-US: azrul jom_comment CVE-2008-1891 (Directory traversal vulnerability in WEBrick in Ruby 1.8.4 and ...) BUG: 219085 CVE-2008-1892 (Cross-site scripting (XSS) vulnerability in bs_auth.php in ...) NOT-FOR-US: Blogator script CVE-2008-1893 (PHP remote file inclusion vulnerability in index.php in W2B Online ...) NOT-FOR-US: W2B Online Banking CVE-2008-1894 (Cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: BusinessObjects InfoView CVE-2008-1895 (Multiple SQL injection vulnerabilities in Carbon Communities 2.4 and ...) NOT-FOR-US: Carbon Communities CVE-2008-1896 (Multiple cross-site scripting (XSS) vulnerabilities in Carbon ...) NOT-FOR-US: Carbon Communities CVE-2008-1897 (The IAX2 channel driver (chan_iax2) in Asterisk Open Source 1.0.x, ...) BUG: 218966 CVE-2008-1898 (A certain ActiveX control in WkImgSrv.dll 7.03.0616.0, as distributed ...) NOT-FOR-US: Microsoft Works CVE-2008-1899 RESERVED CVE-2008-1900 (option_Update.asp in Carbon Communities 2.4 and earlier allows remote ...) NOT-FOR-US: Carbon Communities CVE-2008-1901 (aptlinex before 0.91 allows local users to overwrite arbitrary files ...) NOT-FOR-US: aptlinex CVE-2008-1902 (The GUI for aptlinex before 0.91 does not sufficiently warn the user ...) NOT-FOR-US: aptlinex CVE-2008-1903 (PHP remote file inclusion vulnerability in news_show.php in Newanz ...) NOT-FOR-US: Newanz NewsOffice CVE-2008-1904 (Cicoandcico CcMail 1.0.1 and earlier does not verify that the ...) NOT-FOR-US: Cicoandcico CcMail CVE-2008-1905 (NMMediaServer.exe in Nero MediaHome 3.3.3.0 and earlier, as used in ...) NOT-FOR-US: Nero MediaHome CVE-2008-1906 (Cross-site scripting (XSS) vulnerability in calendar.php in cpCommerce ...) NOT-FOR-US: cpCommerce CVE-2008-1907 (Multiple SQL injection vulnerabilities in ...) NOT-FOR-US: cpCommerce CVE-2008-1908 (Multiple directory traversal vulnerabilities in cpCommerce 1.1.0 allow ...) NOT-FOR-US: cpCommerce CVE-2008-1909 (SQL injection vulnerability in comment.php in PHP Knowledge Base ...) NOT-FOR-US: PHP Knowledge Base CVE-2008-1910 (Stack-based buffer overflow in the database service (ibserver.exe) in ...) NOT-FOR-US: Borland Interbase CVE-2008-1911 (SQL injection vulnerability in includes/system.php in 1024 CMS 1.4.2 ...) NOT-FOR-US: 1024 CMS CVE-2008-1912 (Stack-based buffer overflow in DivX Player 6.7 build 6.7.0.22 and ...) NOT-FOR-US: DivX Player CVE-2008-1913 (SQL injection vulnerability in index.php in Lasernet CMS 1.5 and 1.11, ...) NOT-FOR-US: lasernet_cms CVE-2008-1914 (Stack-based buffer overflow in the AntServer module (AntServer.exe) in ...) NOT-FOR-US: bigantsoft bigant_messenger CVE-2008-1915 (SQL injection vulnerability in view.asp in DevWorx BlogWorx 1.0 allows ...) NOT-FOR-US: devworx blogworx CVE-2008-1916 (Multiple cross-site scripting (XSS) vulnerabilities in the Ubercart ...) NOT-FOR-US: Drupal Ubercart Module CVE-2008-1917 (Multiple cross-site scripting (XSS) vulnerabilities in AMFPHP 1.2 ...) NOT-FOR-US: amfphp CVE-2008-1918 (SQL injection vulnerability in submit.php in PHP-Fusion 6.01.14 and ...) NOT-FOR-US: PHP_Fusion CVE-2008-1919 (SQL injection vulnerability in listtest.php in YourFreeWorld Apartment ...) NOT-FOR-US: YourFreeWorld apartment_search_script CVE-2008-1920 (Heap-based buffer overflow in the boxelyRenderer module in the ...) NOT-FOR-US: Mirabilis ICQ CVE-2008-1921 (SQL injection vulnerability in store_pages/category_list.php in 5th ...) NOT-FOR-US: 5th_avenue_software 5th_avenue_shopping_cart CVE-2008-1922 (Multiple stack-based buffer overflows in Sarg might allow attackers to ...) BUG: 222121 CVE-2008-1923 (The IAX2 channel driver (chan_iax2) in Asterisk 1.2 before revision ...) BUG: 218966 NOTE: This has been addressed in June 2007, and was released with 1.2.20. CVE-2008-1924 (Unspecified vulnerability in phpMyAdmin before 2.11.5.2, when running ...) BUG: 219005 CVE-2008-1925 (Buffer overflow in InspIRCd before 1.1.18, when using the namesx and ...) BUG: 215704 CVE-2008-1926 (Argument injection vulnerability in login (login-utils/login.c) in ...) BUG: 219202 CVE-2008-1927 (Double free vulnerability in Perl 5.8.8 allows context-dependent ...) BUG: 219203 CVE-2008-1928 (Buffer overflow in Imager 0.42 through 0.63 allows attackers to cause ...) NOT-FOR-US: Imager CVE-2008-1929 RESERVED CVE-2008-1930 (The cookie authentication method in WordPress 2.5 relies on a hash of ...) BUG: 219912 CVE-2008-1931 (Realtek HD Audio Codec Drivers RTKVHDA.sys and RTKVHDA64.sys before ...) NOT-FOR-US: Realtek HD Audio Codec Drivers CVE-2008-1932 (Integer overflow in Realtek HD Audio Codec Drivers RTKVHDA.sys and ...) NOT-FOR-US: Realtek HD Audio Codec Drivers CVE-2008-1933 (Absolute path traversal vulnerability in a certain ActiveX control in ...) NOT-FOR-US: Microsoft Zune Software CVE-2008-1934 (SQL injection vulnerability in commentaires.php in Crazy Goomba 1.2.1 ...) NOT-FOR-US: Crazy Goomba CVE-2008-1935 (SQL injection vulnerability in the Filiale 1.0.4 component for Joomla! ...) NOT-FOR-US: masked CVE-2008-1936 (SQL injection vulnerability in index.php in Classifieds Caffe allows ...) NOT-FOR-US: Classifieds Caffe CVE-2008-1937 (The user form processing (userform.py) in MoinMoin before 1.6.3, when ...) BUG: 218752 CVE-2008-1938 (Sony Mylo COM-2 Japanese model firmware before 1.002 does not properly ...) NOT-FOR-US: Sony mylo_com_2 CVE-2008-1939 (Multiple SQL injection vulnerabilities in W1L3D4 Philboard 1.0 allow ...) NOT-FOR-US: Aspindir philboard CVE-2008-1940 (The RBAC functionality in grsecurity before 2.1.11-2.6.24.5 and ...) BUG: 219089 CVE-2008-1941 (Cross-site scripting (XSS) vulnerability in the profile update feature ...) NOT-FOR-US: Akiva WebBoard CVE-2008-1942 (Foxit Reader 2.2 allows remote attackers to cause a denial of service ...) NOT-FOR-US: foxit_software reader CVE-2008-1943 (Buffer overflow in the backend of XenSource Xen Para Virtualized Frame ...) NOTE: Xen 3.1.2 is outdated CVE-2008-1944 (Buffer overflow in the backend framebuffer of XenSource Xen ...) NOTE: Xen 3.0 is outdated. CVE-2008-1945 (QEMU 0.9.0 does not properly handle changes to removable media, which ...) BUG: 235219 CVE-2008-1946 (The default configuration of su in /etc/pam.d/su in GNU coreutils ...) NOTE: Vulnerability does not affect default configurations of PAM / coreutils in Gentoo CVE-2008-1947 (Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 ...) BUG: 225477 CVE-2008-1948 (The _gnutls_server_name_recv_params function in lib/ext_server_name.c ...) BUG: 222823 CVE-2008-1949 (The _gnutls_recv_client_kx_message function in lib/gnutls_kx.c in ...) BUG: 222823 CVE-2008-1950 (Integer signedness error in the _gnutls_ciphertext2compressed function ...) BUG: 222823 CVE-2008-1951 (Untrusted search path vulnerability in a certain Red Hat build script ...) NOT-FOR-US: RedHat only CVE-2008-1952 (The backend for XenSource Xen Para Virtualized Frame Buffer (PVFB) in ...) NOTE: According to Debian, only present in changesets 17630 to 17643. CVE-2008-1953 (Cross-site scripting (XSS) vulnerability in the Sitedesigner before ...) NOT-FOR-US: Sitedesigner CVE-2008-1954 (SQL injection vulnerability in one_day.php in Web Calendar Pro 4.1 and ...) NOT-FOR-US: Web Calendar Pro CVE-2008-1955 (Cross-site scripting (XSS) vulnerability in rep.php in Martin BOUCHER ...) NOT-FOR-US: Martin BOUCHER MyBoard CVE-2008-1956 (Cross-site scripting (XSS) vulnerability in index.php in Wikepage Opus ...) NOT-FOR-US: Wikepage Opus CVE-2008-1957 (SQL injection vulnerability in news.php in Tr Script News 2.1 allows ...) NOT-FOR-US: Tr Script News CVE-2008-1958 (Unrestricted file upload vulnerability in the ajout_cat mode in ...) NOT-FOR-US: Tr Script News CVE-2008-1959 (Stack-based buffer overflow in the get_remote_video_port_media ...) NOT-FOR-US: SIPp CVE-2008-1960 (Cross-site scripting (XSS) vulnerability in cgi-bin/contray/search.cgi ...) NOT-FOR-US: ContRay CVE-2008-1961 (SQL injection vulnerability in index.php in Voice Of Web AllMyGuests ...) NOT-FOR-US: Voice Of Web AllMyGuests CVE-2008-1962 (Multiple directory traversal vulnerabilities in Aterr 0.9.1 allow ...) NOT-FOR-US: Aterr CVE-2008-1963 (PHP remote file inclusion vulnerability in includes/functions.php in ...) NOT-FOR-US: Quate Grape Web Statistics CVE-2008-1964 (** DISPUTED ** ...) NOTE: This issue is disputed. CVE-2008-1965 (Argument injection vulnerability in the cai: URI handler in ...) NOT-FOR-US: IBM Lotus Expeditor, CVE-2008-1966 (Multiple buffer overflows in the JAR file administration routines in ...) NOT-FOR-US: IBM DB2 CVE-2008-1967 (Cross-site scripting (XSS) vulnerability in CFLogon/CFLogon.asp in ...) NOT-FOR-US: Cezanne CVE-2008-1968 (Multiple SQL injection vulnerabilities in Cezanne 7 allow remote ...) NOT-FOR-US: Cezanne CVE-2008-1969 (Multiple cross-site scripting (XSS) vulnerabilities in Cezanne 6.5.1 ...) NOT-FOR-US: Cezanne CVE-2008-1970 (muCommander before 0.8.2 stores credentials.xml with insecure ...) NOT-FOR-US: muCommander CVE-2008-1971 (phShoutBox Final 1.5 and earlier only checks passwords when specified ...) NOT-FOR-US: phShoutBox CVE-2008-1972 (Multiple cross-site scripting (XSS) vulnerabilities in the user ...) NOT-FOR-US: Exponent CMS CVE-2008-1973 (Heap-based buffer overflow in SubEdit Player build 4056 and 4066 ...) NOT-FOR-US: SubEdit Player build CVE-2008-1974 (Cross-site scripting (XSS) vulnerability in addevent.php in Horde ...) BUG: 219304 CVE-2008-1975 (SQL injection vulnerability in index.php in E-RESERV 2.1 allows remote ...) NOT-FOR-US: E RESERV CVE-2008-1976 (Multiple cross-site scripting (XSS) vulnerabilities in the Drupal ...) NOT-FOR-US: Drupal Internationalization CVE-2008-1977 (Cross-site request forgery (CSRF) vulnerability in the ...) NOT-FOR-US: Drupal internationalization CVE-2008-1978 (Cross-site scripting (XSS) vulnerability in the Ubercart 5.x before ...) NOT-FOR-US: Ubercart CVE-2008-1979 (The Discovery Service (casdscvc) in CA ARCserve Backup 12.0.5454.0 and ...) NOT-FOR-US: CA ARCserve Backup CVE-2008-1980 (Cross-site scripting (XSS) vulnerability in E-Publish 5.x before ...) NOT-FOR-US: E Publish CVE-2008-1981 (Cross-site request forgery (CSRF) vulnerability in E-Publish 5.x ...) NOT-FOR-US: E Publish CVE-2008-1982 (SQL injection vulnerability in ss_load.php in the Spreadsheet (wpSS) ...) NOT-FOR-US: Spreadsheet wpSS CVE-2008-1983 (Cross-site scripting (XSS) vulnerability in Advanced Electron Forum ...) NOT-FOR-US: Advanced Electron Forum AEF CVE-2008-1984 (The eTrust Common Services (Transport) Daemon (eCSqdmn) in CA Secure ...) NOT-FOR-US: CA Secure Content Manager CVE-2008-1985 (Cross-site scripting (XSS) vulnerability in base.php in DigitalHive ...) NOT-FOR-US: DigitalHive CVE-2008-1986 (Cross-site scripting (XSS) vulnerability in liste_article.php in Blog ...) NOT-FOR-US: Blog Pixel Motion CVE-2008-1987 (Cross-site scripting (XSS) vulnerability in search.php in ...) NOT-FOR-US: EncapsGallery CVE-2008-1988 (Unrestricted file upload vulnerability in the file_upload function in ...) NOT-FOR-US: EncapsGallery CVE-2008-1989 (PHP remote file inclusion vulnerability in 123flashchat.php in the 123 ...) NOT-FOR-US: 123 Flash Chat 6.8.0 module for e107, CVE-2008-1990 (Multiple SQL injection vulnerabilities in Acidcat CMS 3.4.1 allow ...) NOT-FOR-US: Acidcat CMS CVE-2008-1991 (Cross-site scripting (XSS) vulnerability in admin_colors_swatch.asp in ...) NOT-FOR-US: Acidcat CMS CVE-2008-1992 (Acidcat CMS 3.4.1 does not properly restrict access to (1) ...) NOT-FOR-US: Acidcat CVE-2008-1993 (Acidcat CMS 3.4.1 does not restrict access to the FCKEditor component, ...) NOT-FOR-US: Acidcat CVE-2008-1994 (Multiple stack-based buffer overflows in (a) acon.c, (b) menu.c, and ...) NOT-FOR-US: acon CVE-2008-1995 (Sun Java System Directory Proxy Server 6.0, 6.1, and 6.2 classifies a ...) NOT-FOR-US: Sun Java System Directory Server CVE-2008-1996 (licq before 1.3.6 allows remote attackers to cause a denial of service ...) BUG: 219708 CVE-2008-1997 (Unspecified vulnerability in the ADMIN_SP_C2 procedure in IBM DB2 8 ...) NOT-FOR-US: IBM DB2 8 ADMIN_SP_C2 CVE-2008-1998 (The NNSTAT (aka SYSPROC.NNSTAT) procedure in IBM DB2 8 before FP16, ...) NOT-FOR-US: IBM DB2 8 NNSTAT CVE-2008-1999 (Apple Safari 3.1.1 allows remote attackers to spoof the address bar by ...) NOT-FOR-US: Apple Safari CVE-2008-2000 (Unspecified vulnerability in Apple Safari 3.1.1 allows remote ...) NOT-FOR-US: Apple Safari CVE-2008-2001 (Apple Safari 3.1.1 allows remote attackers to cause a denial of ...) NOT-FOR-US: Apple Safari CVE-2008-2002 (Multiple cross-site request forgery (CSRF) vulnerabilities on Motorola ...) NOT-FOR-US: Motorola Surfboard CVE-2008-2003 (BadBlue 2.72 Personal Edition stores multiple programs in the web ...) NOT-FOR-US: BadBlue 2.72 Personal Edition CVE-2008-2004 (The drive_init function in QEMU 0.9.1 determines the format of a raw ...) BUG: 221943 CVE-2008-2005 (The SuiteLink Service (aka slssvc.exe) in WonderWare SuiteLink before ...) NOT-FOR-US: Wonderware InTouch CVE-2008-2006 (Apple iCal 3.0.1 on Mac OS X allows remote CalDAV servers, and ...) NOT-FOR-US: Apple iCal CVE-2008-2007 REJECTED NOT-FOR-US: Apple iCal CVE-2008-2008 (Buffer overflow in the Display Names message feature in Cerulean ...) NOT-FOR-US: Cerulean Studios Trillian CVE-2008-2009 (Xiph.org libvorbis before 1.0 does not properly check for ...) NOTE: libvorbis <1.0 is not supported any more CVE-2008-2010 (Unspecified vulnerability in Apple QuickTime Player on Windows XP SP2 ...) NOT-FOR-US: Apple QuickTime Player CVE-2008-2011 (Cross-site scripting (XSS) vulnerability in the National Rail ...) NOT-FOR-US: National Rail Enquiries Live Departure Boards gadget CVE-2008-2012 (SQL injection vulnerability in index.php in the PostSchedule 1.0 ...) NOT-FOR-US: PostSchedule CVE-2008-2013 (SQL injection vulnerability in index.php in the pnFlashGames 1.5 ...) NOT-FOR-US: pnFlashGames CVE-2008-2014 (Mozilla Firefox 3.0 beta 5 allows remote attackers to cause a denial ...) NOTE: This version of Firefox is masked. CVE-2008-2015 (Multiple absolute path traversal vulnerabilities in certain ActiveX ...) NOT-FOR-US: WatchFire AppScan CVE-2008-2016 (PHP remote file inclusion vulnerability in Chilek Content Management ...) NOT-FOR-US: Chilek Content Management System aka ChiCoMaS CVE-2008-2017 (Directory traversal vulnerability in Chilek Content Management System ...) NOT-FOR-US: Chilek Content Management System aka ChiCoMaS CVE-2008-2018 (The AssignUser function in template.class.php in PHPizabi 0.848b C1 ...) NOT-FOR-US: PHPizabi CVE-2008-2019 (Simple Machines Forum (SMF), probably 1.1.4, relies on "randomly ...) NOT-FOR-US: Simple Machines Forum CVE-2008-2020 (The CAPTCHA implementation as used in (1) Francisco Burzi PHP-Nuke 7.0 ...) NOT-FOR-US: PHP-Nuke CVE-2008-2021 (Heap-based buffer overflow in Lhaplus before 1.57 allows remote ...) NOT-FOR-US: Lhaplus CVE-2008-2022 (Mulatiple cross-site scripting (XSS) vulnerabilities in PD9 Software ...) NOT-FOR-US: MegaBBS CVE-2008-2023 (Multiple SQL injection vulnerabilities in PD9 Software MegaBBS 2.2 ...) NOT-FOR-US: MegaBBS CVE-2008-2024 (Cross-site scripting (XSS) vulnerability in index.php in miniBB 2.2, ...) NOT-FOR-US: miniBB CVE-2008-2025 (Cross-site scripting (XSS) vulnerability in Apache Struts before ...) BUG: 267081 CVE-2008-2026 (Cross-site scripting (XSS) vulnerability in WebID/IISWebAgentIF.dll in ...) NOT-FOR-US: RSA Authentication Agent CVE-2008-2027 (Open redirect vulnerability in WebID/IISWebAgentIF.dll in RSA ...) NOT-FOR-US: RSA Authentication Agent CVE-2008-2028 (miniBB 2.2, and possibly earlier, when register_globals is enabled, ...) NOT-FOR-US: MiniBB CVE-2008-2029 (Multiple SQL injection vulnerabilities in (1) setup_mysql.php and (2) ...) NOT-FOR-US: MiniBB CVE-2008-2030 (Cross-site scripting (XSS) vulnerability in installControl.php3 in F5 ...) NOT-FOR-US: F5 Firepass 4100 CVE-2008-2031 (VicFTPS 5.0 allows remote attackers to cause a denial of service ...) NOT-FOR-US: VicFTPS CVE-2008-2032 (The FTP service in Acritum Femitter Server 1.03 allows remote ...) NOT-FOR-US: acritum Femitter Server CVE-2008-2033 REJECTED CVE-2008-2034 (SQL injection vulnerability in wp-download_monitor/download.php in the ...) NOT-FOR-US: WordPress Download Monitor plugin CVE-2008-2035 (Cross-site scripting (XSS) vulnerability in the Bluemoon, Inc. (1) ...) NOT-FOR-US: bluemoon newbb_fileup CVE-2008-2036 (SQL injection vulnerability in index.php in dream4 Koobi Pro 6.25 ...) NOT-FOR-US: dream4 Koobi Pro CVE-2008-2037 (Multiple cross-site scripting (XSS) vulnerabilities in EditeurScripts ...) NOT-FOR-US: editeurscripts EsContacts CVE-2008-2038 (Multiple SQL injection vulnerabilities in admin/adminindex.php in ...) NOT-FOR-US: Turnkey Solutions SunShop Shopping Cart CVE-2008-2039 RESERVED CVE-2008-2040 (Stack-based buffer overflow in the HTTP::getAuthUserPass function ...) BUG: 220281 CVE-2008-2041 (Multiple unspecified vulnerabilities in eGroupWare before 1.4.004 have ...) BUG: 218625 CVE-2008-2042 (The Javascript API in Adobe Acrobat Professional 7.0.9 and possibly ...) NOT-FOR-US: Adobe Acrobat Professional CVE-2008-2043 (Multiple cross-site request forgery (CSRF) vulnerabilities in cPanel, ...) NOT-FOR-US: cPanel CVE-2008-2044 (includes/library.php in netOffice Dwins 1.3 p2 compares the ...) NOT-FOR-US: NetOffice Dwins CVE-2008-2045 (Absolute path traversal vulnerability in SugarCRM Sugar Community ...) NOT-FOR-US: SugarCRM CVE-2008-2046 (Cross-site scripting (XSS) vulnerability in index.php in Softpedia ...) NOT-FOR-US: Softpedia SiteXS CMS CVE-2008-2047 (Multiple SQL injection vulnerabilities in Angelo-Emlak 1.0 allow ...) NOT-FOR-US: Aspindir Angelo Emlak CVE-2008-2048 (Cross-site scripting (XSS) vulnerability in hpz/admin/Default.asp in ...) NOT-FOR-US: Aspindir Angelo Emlak CVE-2008-2049 (The POP3 server (EPSTPOP3S.EXE) 4.22 in E-Post Mail Server 4.10 allows ...) NOT-FOR-US: E POST Corporation Mail Server CVE-2008-2050 (Stack-based buffer overflow in the FastCGI SAPI (fastcgi.c) in PHP ...) BUG: 215266 CVE-2008-2051 (The escapeshellcmd API function in PHP before 5.2.6 has unknown impact ...) BUG: 215266 CVE-2008-2052 (Open redirect vulnerability in redirect.php in Bitrix Site Manager 6.5 ...) NOT-FOR-US: Bitrix Site Manager CVE-2008-2053 (Unspecified vulnerability in Cisco Unified Customer Voice Portal (CVP) ...) NOT-FOR-US: Cisco Unified Customer Voice Portal CVP CVE-2008-2054 (Unspecified vulnerability in Cisco CiscoWorks Common Services 3.0.3 ...) NOT-FOR-US: CiscoWorks Common Services CVE-2008-2055 (Cisco Adaptive Security Appliance (ASA) and Cisco PIX security ...) NOT-FOR-US: Cisco pix_security_appliance CVE-2008-2056 (Cisco Adaptive Security Appliance (ASA) and Cisco PIX security ...) NOT-FOR-US: Cisco pix_security_appliance CVE-2008-2057 (The Instant Messenger (IM) inspection engine in Cisco Adaptive ...) NOT-FOR-US: Cisco pix_security_appliance CVE-2008-2058 (Cisco Adaptive Security Appliance (ASA) and Cisco PIX security ...) NOT-FOR-US: Cisco pix_security_appliance CVE-2008-2059 (Cisco Adaptive Security Appliance (ASA) and Cisco PIX security ...) NOT-FOR-US: Cisco pix_security_appliance CVE-2008-2060 (Unspecified vulnerability in Cisco Intrusion Prevention System (IPS) ...) NOT-FOR-US: Cisco Intrusion Prevention System CVE-2008-2061 (The Computer Telephony Integration (CTI) Manager service in Cisco ...) NOT-FOR-US: Cisco Unified CallManager CVE-2008-2062 (The Real-Time Information Server (RIS) Data Collector service in Cisco ...) NOT-FOR-US: Cisco Unified CallManager CVE-2008-2063 (SQL injection vulnerability in browse.videos.php in Joovili 3.1 allows ...) NOT-FOR-US: Joovili CVE-2008-2064 (Multiple unspecified vulnerabilities in PhpGedView before 4.1.5 have ...) NOT-FOR-US: phpGedView CVE-2008-2065 (SQL injection vulnerability in jokes.php in YourFreeWorld Jokes Site ...) NOT-FOR-US: YourFreeWorld jokes_site_script CVE-2008-2066 (Cross-site scripting (XSS) vulnerability in bb_admin.php in miniBB ...) NOT-FOR-US: MiniBB CVE-2008-2067 (SQL injection vulnerability in bb_admin.php in miniBB 2.2a allows ...) NOT-FOR-US: MiniBB CVE-2008-2068 (Cross-site scripting (XSS) vulnerability in WordPress 2.5 allows ...) BUG: 219912 CVE-2008-2069 (Buffer overflow in Novell GroupWise 7 allows remote attackers to cause ...) NOT-FOR-US: Novell Groupwise CVE-2008-2070 (The WHM interface 11.15.0 for cPanel 11.18 before 11.18.4 and 11.22 ...) NOT-FOR-US: cPanel CVE-2008-2071 (Multiple cross-site request forgery (CSRF) vulnerabilities in the WHM ...) NOT-FOR-US: cPanel CVE-2008-2072 (Cross-site scripting (XSS) vulnerability in index.php in Virtual ...) NOT-FOR-US: Virtual Design Studios vlbook CVE-2008-2073 (Directory traversal vulnerability in include/global.inc.php in Virtual ...) NOT-FOR-US: Virtual Design Studios vlbook CVE-2008-2074 (Multiple PHP remote file inclusion vulnerabilities Harris Yusuf Arifin ...) NOT-FOR-US: SuccessKid harris_wap_chat CVE-2008-2075 (Cross-site scripting (XSS) vulnerability in pic.php in AstroCam 2.5.0 ...) NOT-FOR-US: AstroCam CVE-2008-2076 (Directory traversal vulnerability in admin.php in ActualScripts ...) NOT-FOR-US: ActualScripts actualanalyzer_lite CVE-2008-2077 (Unspecified vulnerability in Plain Black WebGUI 7.4.34 has unknown ...) NOT-FOR-US: Plain Black WebGUI CVE-2008-2078 (Robocode before 1.6.0 allows user-assisted remote attackers to "access ...) NOT-FOR-US: Robocode CVE-2008-2079 (MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24, ...) BUG: 220399 CVE-2008-2080 (Stack-based buffer overflow in the Read32s_64 function in ...) BUG: 220391 CVE-2008-2081 (Directory traversal vulnerability in index.php in Siteman 2.0.x2 ...) NOT-FOR-US: Siteman CVE-2008-2082 (Cross-site scripting (XSS) vulnerability in index.php in Siteman ...) NOT-FOR-US: Siteman CVE-2008-2083 (SQL injection vulnerability in directory.php in Prozilla Hosting ...) NOT-FOR-US: ProZIlla hosting_index CVE-2008-2084 (SQL injection vulnerability in topics.php in the MyArticles 0.6 beta-1 ...) NOT-FOR-US: MyArticles CVE-2008-2085 (Multiple stack-based buffer overflows in the (1) get_remote_ip_media ...) NOT-FOR-US: IceWalkers SIPp CVE-2008-2086 (Sun Java Web Start and Java Plug-in for JDK and JRE 6 Update 10 and ...) BUG: 250012 CVE-2008-2087 (SQL injection vulnerability in search_result.php in Softbiz Web Host ...) NOT-FOR-US: SoftBiz Web Hosting Directory Script CVE-2008-2088 (SQL injection vulnerability in admin/news.php in PHP Forge 3.0 beta 2 ...) NOT-FOR-US: phpforge php_forge CVE-2008-2089 (Unspecified vulnerability in the SCTP protocol implementation in Sun ...) NOT-FOR-US: Sun Solaris CVE-2008-2090 (Unspecified vulnerability in the SCTP protocol implementation in Sun ...) NOT-FOR-US: Sun Solaris CVE-2008-2091 (Directory traversal vulnerability in ipn.php in KubeLabs Kubelance ...) NOT-FOR-US: kubelabs kubelance CVE-2008-2092 (Linksys SPA-2102 Phone Adapter 3.3.6 allows remote attackers to cause ...) NOT-FOR-US: Linksys SPA 2102 Phone Adapter CVE-2008-2093 (SQL injection vulnerability in the Profiler (com_comprofiler) ...) NOT-FOR-US: JoomlaPolis community_builder CVE-2008-2094 (SQL injection vulnerability in article.php in the Article module for ...) NOT-FOR-US: XOOPS Article Module CVE-2008-2095 (SQL injection vulnerability in index.php in the FlippingBook ...) NOT-FOR-US: page flip tools flipping_book CVE-2008-2096 (SQL injection vulnerability in BackLinkSpider allows remote attackers ...) NOT-FOR-US: backlinkspider backlink_spider CVE-2008-2097 (Buffer overflow in the openwsman management service in VMware ESXi 3.5 ...) NOT-FOR-US: openwsman CVE-2008-2098 (Heap-based buffer overflow in the VMware Host Guest File System (HGFS) ...) BUG: 224637 CVE-2008-2099 (Unspecified vulnerability in VMCI in VMware Workstation 6 before 6.0.4 ...) NOTE: Windows only CVE-2008-2100 (Multiple buffer overflows in VIX API 1.1.x before 1.1.4 build 93057 on ...) BUG: 224637 CVE-2008-2101 (The VMware Consolidated Backup (VCB) command-line utilities in VMware ...) NOT-FOR-US: vmware esx CVE-2008-2102 RESERVED CVE-2008-2103 (Cross-site scripting (XSS) vulnerability in Bugzilla 2.17.2 and later ...) BUG: 220799 CVE-2008-2104 (The WebService in Bugzilla 3.1.3 allows remote authenticated users ...) BUG: 220799 CVE-2008-2105 (email_in.pl in Bugzilla 2.23.4, 3.0.x before 3.0.3, and 3.1.x before ...) BUG: 220799 CVE-2008-2106 (Call of Duty 4 (CoD4) 1.5 and earlier allows remote authenticated ...) NOT-FOR-US: Call of Duty 4 CVE-2008-2107 (The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, ...) BUG: 215266 CVE-2008-2108 (The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, ...) BUG: 215266 CVE-2008-2109 (field.c in the libid3tag 0.15.0b library allows context-dependent ...) BUG: 210564 CVE-2008-2110 (Unrestricted file upload vulnerability in qtofm.php in QTOFileManager ...) NOT-FOR-US: QTOFileManager CVE-2008-2111 (The ActiveX Control (yNotifier.dll) in Yahoo! Assistant 3.6 and ...) NOT-FOR-US: Yahoo Assistant CVE-2008-2112 (Unspecified vulnerability in Sun Ray Kiosk Mode 4.0 allows local and ...) NOT-FOR-US: Sun Ray Kiosk Mode CVE-2008-2113 (SQL injection vulnerability in annuaire.php in PHPEasyData 1.5.4 ...) NOT-FOR-US: phpeasydata CVE-2008-2114 (SQL injection vulnerability in emall/search.php in Pre Shopping Mall ...) NOT-FOR-US: PreProjects com Pre Shopping Mall CVE-2008-2115 (Multiple cross-site scripting (XSS) vulnerabilities in editor.php in ...) NOT-FOR-US: ScriptsEZ Power Editor CVE-2008-2116 (Multiple directory traversal vulnerabilities in editor.php in ...) NOT-FOR-US: ScriptsEZ Power Editor CVE-2008-2117 (Cross-site scripting (XSS) vulnerability in pages/news.page.inc in ...) NOT-FOR-US: Project Alumni CVE-2008-2118 (SQL injection vulnerability in info.php in Project Alumni 1.0.9 allows ...) NOT-FOR-US: Project Alumni CVE-2008-2119 (Asterisk Open Source 1.0.x and 1.2.x before 1.2.29 and Business ...) BUG: 224835 CVE-2008-2120 (Unspecified vulnerability in Sun Java System Application Server 7 ...) NOT-FOR-US: Sun Java System Web Server CVE-2008-2121 (The TCP implementation in Sun Solaris 8, 9, and 10 allows remote ...) NOT-FOR-US: Sun Solaris CVE-2008-2122 (IBM Rational Build Forge 7.0.2 allows remote attackers to cause a ...) NOT-FOR-US: IBM Rational Build Forge CVE-2008-2123 (Cross-site scripting (XSS) vulnerability in WGate in SAP Internet ...) NOT-FOR-US: SAP Internet Transaction Server CVE-2008-2124 (SQL injection vulnerability in modules/print.asp in fipsASP fipsCMS ...) NOT-FOR-US: fipsASP fipsCMS CVE-2008-2125 (SQL injection vulnerability in viewalbums.php in Musicbox 2.3.6 and ...) NOT-FOR-US: Musicbox webapp CVE-2008-2126 (Multiple cross-site scripting (XSS) vulnerabilities in Tux CMS 0.1 ...) NOT-FOR-US: Tux CMS CVE-2008-2127 (Cross-site scripting (XSS) vulnerability in search.php in CMS Faethon ...) NOT-FOR-US: CMS Faethon CVE-2008-2128 (PHP remote file inclusion vulnerability in templates/header.php in CMS ...) NOT-FOR-US: CMS Faethon CVE-2008-2129 (SQL injection vulnerability in index.php in Galleristic 1.0, when ...) NOT-FOR-US: Cine Galleristic CVE-2008-2130 (SQL injection vulnerability in poll_vote.php in iGaming CMS 1.5 allows ...) NOT-FOR-US: iGaming CMS CVE-2008-2131 (Cross-site scripting (XSS) vulnerability in mvnForum 1.1 GA allows ...) NOT-FOR-US: MyVietnam mvnForum CVE-2008-2132 (SQL injection vulnerability in step1.asp in Systementor PostcardMentor ...) NOT-FOR-US: Systementor PostcardMentor CVE-2008-2133 (Cross-site scripting (XSS) vulnerability in the Journal module in ...) NOT-FOR-US: Tru Zone NukeET CVE-2008-2134 (The Journal module in Tru-Zone Nuke ET 3.x allows remote attackers to ...) NOT-FOR-US: Tru Zone NukeET CVE-2008-2135 (Multiple SQL injection vulnerabilities in VisualShapers ezContents ...) NOT-FOR-US: VisualShapers ezContents CVE-2008-2136 (Memory leak in the ipip6_rcv function in net/ipv6/sit.c in the Linux ...) BUG: 222647 CVE-2008-2137 (The (1) sparc_mmap_check function in arch/sparc/kernel/sys_sparc.c and ...) BUG: 224635 CVE-2008-2138 (Oracle Application Server (OracleAS) Portal 10g allows remote ...) NOT-FOR-US: Oracle application_server_portal CVE-2008-2139 (The rootpw plugin in rPath Appliance Platform Agent 2 and 3 does not ...) NOT-FOR-US: rPath appliance platform agent CVE-2008-2140 (Cross-site request forgery (CSRF) vulnerability in the rootpw plugin ...) NOT-FOR-US: rPath appliance_platform_agent CVE-2008-2141 RESERVED CVE-2008-2142 (Emacs 21 and XEmacs automatically load and execute .flc (fast lock) ...) BUG: 221197 CVE-2008-2143 (Unspecified versions of Microsoft Outlook Web Access (OWA) use the ...) NOT-FOR-US: Microsoft Outlook Web Access CVE-2008-2144 (Multiple unspecified vulnerabilities in Solaris print service for Sun ...) NOT-FOR-US: Sun Solaris CVE-2008-2145 (Stack-based buffer overflow in Novell Client 4.91 SP4 and earlier ...) NOT-FOR-US: Novell client CVE-2008-2146 (wp-includes/vars.php in Wordpress before 2.2.3 does not properly ...) NOTE: Wordpress <2.2.3 is masked CVE-2008-2147 (Untrusted search path vulnerability in VideoLAN VLC before 0.9.0 ...) BUG: 221959 CVE-2008-2148 (The utimensat system call (sys_utimensat) in Linux kernel 2.6.22 and ...) BUG: 221123 CVE-2008-2149 (Stack-based buffer overflow in the searchwn function in Wordnet 2.0, ...) BUG: 211491 CVE-2008-2150 RESERVED CVE-2008-2151 RESERVED CVE-2008-2152 (Integer overflow in the rtl_allocateMemory function in ...) BUG: 225723 CVE-2008-2153 RESERVED CVE-2008-2154 (IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP2 provides an ...) NOT-FOR-US: IBM CVE-2008-2155 RESERVED CVE-2008-2156 RESERVED CVE-2008-2157 (robotd in the Library Manager in EMC AlphaStor 3.1 SP1 for Windows ...) NOT-FOR-US: EMC Corporation AlphaStor CVE-2008-2158 (Multiple stack-based buffer overflows in the Command Line Interface ...) NOT-FOR-US: EMC Corporation AlphaStor CVE-2008-2159 (Microsoft Internet Explorer 7 can save encrypted pages in the cache ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2008-2160 (Multiple unspecified vulnerabilities in the JPEG (GDI+) and GIF image ...) NOT-FOR-US: Microsoft Windows CE CVE-2008-2161 (Buffer overflow in TFTP Server SP 1.4 and 1.5 on Windows, and possibly ...) NOT-FOR-US: TFTP Server SP 1.4 and 1.5 on Windows CVE-2008-2162 (Cross-site scripting (XSS) vulnerability in SonicWall Email Security ...) NOT-FOR-US: SonicWall Email Security CVE-2008-2163 (Cross-site scripting (XSS) vulnerability in IBM Lotus Quickr 8.1 ...) NOT-FOR-US: IBM Lotus Quickr CVE-2008-2164 RESERVED CVE-2008-2165 (Cross-site scripting (XSS) vulnerability in AccessCodeStart.asp in ...) NOT-FOR-US: Cisco Building Broadband Service Manager CVE-2008-2166 (Cross-site scripting (XSS) vulnerability in the search module in Sun ...) NOT-FOR-US: Sun Java System Web Server CVE-2008-2167 (Cross-site scripting (XSS) vulnerability in ZyXEL ZyWALL 100 allows ...) NOT-FOR-US: ZyXEL Zywall 100 CVE-2008-2168 (Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier ...) BUG: 222123 CVE-2008-2169 (Unspecified vulnerability in Avici routers allows remote attackers to ...) NOT-FOR-US: Avici CVE-2008-2170 (Unspecified vulnerability in Century routers allows remote attackers ...) NOT-FOR-US: Century CVE-2008-2171 (Unspecified vulnerability in AlaxalA AX routers allows remote ...) NOT-FOR-US: AlaxalA CVE-2008-2172 (Unspecified vulnerability in Hitachi GR routers allows remote ...) NOT-FOR-US: Hitachi CVE-2008-2173 (Unspecified vulnerability in Yamaha routers allows remote attackers to ...) NOT-FOR-US: Yamaha CVE-2008-2174 (Multiple unspecified vulnerabilities in Robin Rawson-Tetley Animal ...) NOT-FOR-US: Robin Rawson Tetley Animal Shelter Manager ASM CVE-2008-2175 (SQL injection vulnerability in comments.php in Gamma Scripts BlogMe ...) NOT-FOR-US: Gamma Scripts BlogMe PHP CVE-2008-2176 (Cross-site scripting (XSS) vulnerability in admin/category.php in ...) NOT-FOR-US: Zomplog CVE-2008-2177 (Multiple SQL injection vulnerabilities in phpDirectorySource 1.1.06, ...) NOT-FOR-US: phpDirectorySource CVE-2008-2178 (Cross-site scripting (XSS) vulnerability in admin.php in LifeType ...) NOT-FOR-US: LifeType CVE-2008-2179 (Cross-site scripting (XSS) vulnerability in SystemList.jsp in SysAid ...) NOT-FOR-US: SysAid CVE-2008-2180 (Multiple SQL injection vulnerabilities in cpLinks 1.03, when ...) NOT-FOR-US: cpLinks CVE-2008-2181 (Multiple cross-site scripting (XSS) vulnerabilities in search.php in ...) NOT-FOR-US: cpLinks CVE-2008-2182 (Cross-site scripting (XSS) vulnerability in the powermail extension ...) NOT-FOR-US: powermail extension CVE-2008-2183 (SQL injection vulnerability in index.php in SMartBlog (aka SMBlog) 1.3 ...) NOT-FOR-US: SMartBlog aka SMBlog CVE-2008-2184 (Multiple SQL injection vulnerabilities in SMartBlog (aka SMBlog) 1.3 ...) NOT-FOR-US: SMartBlog aka SMBlog CVE-2008-2185 (Directory traversal vulnerability in index.php in SMartBlog (aka ...) NOT-FOR-US: SMartBlog aka SMBlog CVE-2008-2186 (Cross-site scripting (XSS) vulnerability in index.php in Chilek ...) NOT-FOR-US: Chilek Content Management System aka ChiCoMaS CVE-2008-2187 (Cross-site scripting (XSS) vulnerability in mjguest.php in Mjguest 6.7 ...) NOT-FOR-US: Mjguest CVE-2008-2188 (Multiple cross-site scripting (XSS) vulnerabilities in EJ3 BlackBook ...) NOT-FOR-US: EJ3 CVE-2008-2189 (SQL injection vulnerability in viewfaqs.php in AnServ Auction XL ...) NOT-FOR-US: anserv auction_xl CVE-2008-2190 (SQL injection vulnerability in index.php in Online Rent (aka Online ...) NOT-FOR-US: romedchim_international_srl online_rent_property_script CVE-2008-2191 (SQL injection vulnerability in the pnEncyclopedia module 0.2.0 and ...) NOT-FOR-US: PostNuke Software Foundation pnEncyclopedia CVE-2008-2192 (Static code injection vulnerability in box/minichat/boxpop.php in ...) NOT-FOR-US: ITCMS CVE-2008-2193 (PHP remote file inclusion vulnerability in example.php in Thomas ...) NOT-FOR-US: scorpnews CVE-2008-2194 (SQL injection vulnerability in forums.php in DeluxeBB 1.2 and earlier ...) NOT-FOR-US: DeluxeBB CVE-2008-2195 (Static code injection vulnerability in admincp.php in DeluxeBB 1.2 and ...) NOT-FOR-US: DeluxeBB CVE-2008-2196 (Cross-site scripting (XSS) vulnerability in admin.php in LifeType ...) NOT-FOR-US: LifeType CVE-2008-2197 (SQL injection vulnerability in the blogwriter module 2.0 for Miniweb ...) NOT-FOR-US: blogwriter module CVE-2008-2198 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Kmita Tellfriend CVE-2008-2199 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Kmita Mail CVE-2008-2200 (Multiple cross-site scripting (XSS) vulnerabilities in Maian Weblog ...) NOT-FOR-US: Maian Weblog CVE-2008-2201 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: Maian Recipe CVE-2008-2202 (Multiple cross-site scripting (XSS) vulnerabilities in Maian Uploader ...) NOT-FOR-US: Maian Uploader CVE-2008-2203 (SQL injection vulnerability in search.php in Maian Search 1.1 allows ...) NOT-FOR-US: Maian Search CVE-2008-2204 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: Maian Search CVE-2008-2205 (SQL injection vulnerability in index.php in Maian Music 1.1 allows ...) NOT-FOR-US: Maian Music CVE-2008-2206 (Multiple cross-site scripting (XSS) vulnerabilities in Maian Music 1.1 ...) NOT-FOR-US: Maian Music CVE-2008-2207 (Cross-site scripting (XSS) vulnerability in admin/index.php in Maian ...) NOT-FOR-US: Maian Gallery CVE-2008-2208 (SQL injection vulnerability in index.php in Maian Greeting 2.1 allows ...) NOT-FOR-US: Maian Greeting CVE-2008-2209 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: Maian Greeting CVE-2008-2210 (Multiple cross-site scripting (XSS) vulnerabilities in Maian Support ...) NOT-FOR-US: Maian Support CVE-2008-2211 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: Maian Guestbook CVE-2008-2212 (Multiple cross-site scripting (XSS) vulnerabilities in Maian Cart 1.1 ...) NOT-FOR-US: Maian Cart CVE-2008-2213 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: Maian Links CVE-2008-2214 (Stack-based buffer overflow in the Network Manager in Castle Rock ...) NOT-FOR-US: Castle Rock Computing SNMPc CVE-2008-2215 (Multiple directory traversal vulnerabilities in Project-Based ...) NOT-FOR-US: Project Based Calendaring System PBCS CVE-2008-2216 (Unrestricted file upload vulnerability in src/yopy_upload.php in ...) NOT-FOR-US: Project Based Calendaring System PBCS CVE-2008-2217 (Directory traversal vulnerability in cm/graphie.php in Content ...) NOT-FOR-US: Phprojekt CVE-2008-2218 (Buffer overflow in the Multimedia PC Client in Nortel Multimedia ...) NOT-FOR-US: MCS CVE-2008-2219 (Cross-site scripting (XSS) vulnerability in install.php in C-News.fr ...) NOT-FOR-US: C News fr C News CVE-2008-2220 (Multiple PHP remote file inclusion vulnerabilities in Interact ...) NOT-FOR-US: Interact Learning CVE-2008-2221 (Unspecified vulnerability in the Java plugin in IBM WebSphere ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2008-2222 (SQL injection vulnerability in login.php in EQdkp 1.3.2f allows remote ...) NOT-FOR-US: EQdkp CVE-2008-2223 (SQL injection vulnerability in group_posts.php in vShare YouTube Clone ...) NOT-FOR-US: vShare YouTube Clone CVE-2008-2224 (Multiple PHP remote file inclusion vulnerabilities in SazCart 1.5.1, ...) NOT-FOR-US: SazCart CVE-2008-2225 (SQL injection vulnerability in index.php in gameCMS Lite 1.0 allows ...) NOT-FOR-US: gameCMS Lite CVE-2008-2226 (Unspecified vulnerability in the export feature in OpenKM before 2.0 ...) NOT-FOR-US: OpenKM CVE-2008-2227 (Multiple directory traversal vulnerabilities in PHP-Fusion Forum Rank ...) NOT-FOR-US: PHP Fusion Forum Rank System CVE-2008-2228 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Cyberfolio CVE-2008-2229 RESERVED CVE-2008-2230 (Untrusted search path vulnerability in (1) reportbug 3.8 and 3.31, and ...) NOT-FOR-US: reportbug ng reportbug CVE-2008-2231 (SQL injection vulnerability in Slashdot Like Automated Storytelling ...) NOT-FOR-US: Slashcode com Slash CVE-2008-2232 (The expand_template function in afuse.c in afuse 0.2 allows local ...) NOT-FOR-US: afuse CVE-2008-2233 (The client in Openwsman 1.2.0 and 2.0.0, in unknown configurations, ...) NOT-FOR-US: openwsman CVE-2008-2234 (Multiple buffer overflows in Openwsman 1.2.0 and 2.0.0 allow remote ...) NOT-FOR-US: openwsman CVE-2008-2235 (OpenSC before 0.11.5 uses weak permissions (ADMIN file control ...) BUG: 233543 CVE-2008-2236 (Cross-site scripting (XSS) vulnerability in blosxom.cgi in Blosxom ...) NOT-FOR-US: Not in portage, we only have www-apps/pyblosxom which does not contain that cgi CVE-2008-2237 (Heap-based buffer overflow in OpenOffice.org (OOo) 2.x before 2.4.2 ...) BUG: 244995 CVE-2008-2238 (Multiple integer overflows in OpenOffice.org (OOo) 2.x before 2.4.2 ...) BUG: 244995 CVE-2008-2239 RESERVED CVE-2008-2240 (Stack-based buffer overflow in the Web Server service in IBM Lotus ...) NOT-FOR-US: Web Server service in IBM Lotus Domino CVE-2008-2241 (Directory traversal vulnerability in caloggerd in CA BrightStor ...) NOT-FOR-US: CA BrightStor ARCserve Backup CVE-2008-2242 (Multiple buffer overflows in xdr functions in the server in CA ...) NOT-FOR-US: CA BrightStor ARCserve Backup CVE-2008-2243 RESERVED CVE-2008-2244 (Microsoft Office Word 2002 SP3 allows remote attackers to execute ...) NOT-FOR-US: Microsoft office_word CVE-2008-2245 (Heap-based buffer overflow in the InternalOpenColorProfile function in ...) NOT-FOR-US: Microsoft windows nt CVE-2008-2246 (Microsoft Windows Vista through SP1 and Server 2008 do not properly ...) NOT-FOR-US: Microsoft windows nt CVE-2008-2247 (Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) ...) NOT-FOR-US: Microsoft exchange_srv CVE-2008-2248 (Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) ...) NOT-FOR-US: Microsoft exchange_srv CVE-2008-2249 (Integer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, ...) NOT-FOR-US: GDI in Microsoft Windows CVE-2008-2250 (The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 ...) NOT-FOR-US: Microsoft Windows CVE-2008-2251 (Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, ...) NOT-FOR-US: kernel in Microsoft Windows CVE-2008-2252 (The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 ...) NOT-FOR-US: Microsoft Windows CVE-2008-2253 (Unspecified vulnerability in Microsoft Windows Media Player 11 allows ...) NOT-FOR-US: microsoft windows_media_player CVE-2008-2254 (Microsoft Internet Explorer 6 and 7 accesses uninitialized memory, ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2008-2255 (Microsoft Internet Explorer 5.01, 6, and 7 accesses uninitialized ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2008-2256 (Microsoft Internet Explorer 5.01, 6, and 7 does not properly handle ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2008-2257 (Microsoft Internet Explorer 5.01, 6, and 7 accesses uninitialized ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2008-2258 (Microsoft Internet Explorer 5.01, 6, and 7 accesses uninitialized ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2008-2259 (Microsoft Internet Explorer 6 and 7 does not perform proper "argument ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2008-2260 RESERVED CVE-2008-2261 RESERVED CVE-2008-2262 RESERVED CVE-2008-2263 (SQL injection vulnerability in linking.page.php in Automated Link ...) NOT-FOR-US: Links_Pile Automated Link Exchange Portal CVE-2008-2264 (Cross-site scripting (XSS) vulnerability in index.php in CyrixMED 1.4 ...) NOT-FOR-US: CyrixMED CVE-2008-2265 (SQL injection vulnerability in news.php in EMO Realty Manager allows ...) NOT-FOR-US: Emophp EMO Realty Manager CVE-2008-2266 (uulib/uunconc.c in UUDeview 0.5.20, as used in nzbget before 0.3.0 and ...) BUG: 222275 CVE-2008-2267 (Incomplete blacklist vulnerability in javaUpload.php in Postlet in the ...) NOT-FOR-US: CMS Made Simple CVE-2008-2268 (Open redirect vulnerability in interface/redirect.htm.php in Mjguest ...) NOT-FOR-US: mdsjack mjguest CVE-2008-2269 (AustinSmoke GasTracker (AS-GasTracker) 1.0.0 allows remote attackers ...) NOT-FOR-US: Kevin Ludlow AustinSmoke GasTracker CVE-2008-2270 (Multiple PHP remote file inclusion vulnerabilities in PHPWAY ...) NOT-FOR-US: PHPWAY Kostenloses_Linkmanagementscript CVE-2008-2271 (The Site Documentation Drupal module 5.x before 5.x-1.8 and 6.x before ...) NOT-FOR-US: Drupal Site_Documentation_Module CVE-2008-2272 (Multiple cross-site scripting (XSS) vulnerabilities in the web ...) NOT-FOR-US: arubanetworks aruba_mobility_controller CVE-2008-2273 (Unspecified vulnerability in the TACACS authentication component in ...) NOT-FOR-US: arubanetworks ArubaOS CVE-2008-2274 (Cross-site scripting (XSS) vulnerability in the sr_feuser_register ...) NOT-FOR-US: TYPO3 sr_feuser_register Extension CVE-2008-2275 (Unspecified vulnerability in sr_feuser_register 1.4.0, 1.6.0, 2.2.1 to ...) NOT-FOR-US: TYPO3 sr_feuser_register Extension CVE-2008-2276 (Cross-site request forgery (CSRF) vulnerability in ...) BUG: 222649 CVE-2008-2277 (SQL injection vulnerability in detail.php in Feedback and Rating ...) NOT-FOR-US: Kalptaru Infotech Feedback and Rating Script CVE-2008-2278 (SQL injection vulnerability in browseproject.php in Freelance Auction ...) NOT-FOR-US: freelanceauction eu Freelance Auction Script CVE-2008-2279 (Freelance Auction Script 1.0 stores user passwords in plaintext in the ...) NOT-FOR-US: freelanceauction eu Freelance Auction Script CVE-2008-2280 (Cross-site scripting (XSS) vulnerability in admin/index.php in Script ...) NOT-FOR-US: SCRIPTPHP PicEngine CVE-2008-2281 (Cross-zone scripting vulnerability in the Print Table of Links feature ...) NOT-FOR-US: Internet Explorer CVE-2008-2282 (admin.php in Internet Photoshow and Internet Photoshow Special Edition ...) NOT-FOR-US: Internet Photoshow CVE-2008-2283 (IDAutomation allows remote attackers to overwrite arbitrary files via ...) NOT-FOR-US: IDAutomationAZTEC dll aka IDautomation Aztec Barcode CVE-2008-2284 (PHP remote file inclusion vulnerability in fusebox5.php in Fusebox ...) NOT-FOR-US: Fusebox CVE-2008-2285 (The ssh-vulnkey tool on Ubuntu Linux 7.04, 7.10, and 8.04 LTS does not ...) NOTE: Does not affect Gentoo, inclusion of blacklist is discussed in the referenced bug BUG: 221759 CVE-2008-2286 (SQL injection vulnerability in axengine.exe in Symantec Altiris ...) NOT-FOR-US: Symantec Altiris Deployment Solution CVE-2008-2287 (Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 ...) NOT-FOR-US: Symantec Altiris Deployment Solution CVE-2008-2288 (Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 ...) NOT-FOR-US: Symantec Altiris Deployment Solution CVE-2008-2289 (Unspecified vulnerability in a tooltip element in Symantec Altiris ...) NOT-FOR-US: Symantec Altiris Deployment Solution CVE-2008-2290 (Unspecified vulnerability in the Agent user interface in Symantec ...) NOT-FOR-US: Symantec Altiris Deployment Solution CVE-2008-2291 (axengine.exe in Symantec Altiris Deployment Solution 6.8.x and 6.9.x ...) NOT-FOR-US: Symantec Altiris Deployment Solution CVE-2008-2292 (Buffer overflow in the __snprint_value function in snmp_get in ...) BUG: 222265 CVE-2008-2293 (admin.php in Multi-Page Comment System (MPCS) 1.0 and 1.1 allows ...) NOT-FOR-US: Multi Page Comment System MPCS CVE-2008-2294 (Pet Grooming Management System 2.0 allows remote attackers to gain ...) NOT-FOR-US: Pet Grooming Management System CVE-2008-2295 (Cross-site scripting (XSS) vulnerability in rg_search.php in Rgboard ...) NOT-FOR-US: Rgboard CVE-2008-2296 (PHP remote file inclusion vulnerability in include/bbs.lib.inc.php in ...) NOT-FOR-US: Rgboard CVE-2008-2297 (The admin.php file in Rantx allows remote attackers to bypass ...) NOT-FOR-US: Rantx CVE-2008-2298 (Admin.php in Web Slider 0.6 allows remote attackers to bypass ...) NOT-FOR-US: Web Slider CVE-2008-2299 (Unspecified vulnerability in SecureICA and ICA Basic encryption of ...) NOT-FOR-US: Citrix Presentation Server CVE-2008-2300 (Unspecified vulnerability in Citrix Presentation Server 4.5 and ...) NOT-FOR-US: Citrix Presentation Server CVE-2008-2301 (SQL injection vulnerability in Kostenloses Linkmanagementscript allows ...) NOT-FOR-US: Kostenloses Linkmanagementscript CVE-2008-2302 (Cross-site scripting (XSS) vulnerability in the login form in the ...) BUG: 222029 CVE-2008-2303 (Integer signedness error in Safari on Apple iPhone before 2.0 and iPod ...) NOT-FOR-US: Safari on Apple iPhone CVE-2008-2304 (Buffer overflow in Apple Core Image Fun House 2.0 and earlier in ...) NOT-FOR-US: Apple Core Image Fun House CVE-2008-2305 (Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac ...) NOT-FOR-US: Apple Type Services CVE-2008-2306 (Apple Safari before 3.1.2 on Windows does not properly interpret the ...) NOT-FOR-US: Apple Safari CVE-2008-2307 (Unspecified vulnerability in WebKit in Apple Safari before 3.1.2, as ...) NOT-FOR-US: Apple Safari CVE-2008-2308 (Unspecified vulnerability in Alias Manager in Apple Mac OS X 10.5.1 ...) NOT-FOR-US: Alias Manager in Apple Mac OS X CVE-2008-2309 (Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X ...) NOT-FOR-US: CoreTypes in Apple Mac OS X CVE-2008-2310 (Format string vulnerability in c++filt in Apple Mac OS X 10.5 before ...) BUG: 230593 CVE-2008-2311 (Launch Services in Apple Mac OS X before 10.5, when Open Safe Files is ...) NOT-FOR-US: Apple Mac OS X CVE-2008-2312 (Network Preferences in Apple Mac OS X 10.4.11 stores PPP passwords in ...) NOT-FOR-US: Network Preferences in Apple Mac OS X CVE-2008-2313 (Apple Mac OS X before 10.5 uses weak permissions for the User Template ...) NOT-FOR-US: Apple CVE-2008-2314 (Dock in Apple Mac OS X 10.5 before 10.5.4, when Exposé hot corners is ...) NOT-FOR-US: Apple Mac OS X CVE-2008-2315 (Multiple integer overflows in Python 2.5.2 and earlier allow ...) BUG: 230640 CVE-2008-2316 (Integer overflow in _hashopenssl.c in the hashlib module in Python ...) BUG: 230640 CVE-2008-2317 (WebCore in Apple Safari does not properly perform garbage collection ...) NOT-FOR-US: WebCore in Safari on Apple iPhone CVE-2008-2318 (The WOHyperlink implementation in WebObjects in Apple Xcode tools ...) NOT-FOR-US: WebObjects in Apple Xcode tools CVE-2008-2319 RESERVED CVE-2008-2320 (Stack-based buffer overflow in CarbonCore in Apple Mac OS X 10.4.11 ...) NOT-FOR-US: Apple carboncore CVE-2008-2321 (Unspecified vulnerability in CoreGraphics in Apple Mac OS X 10.4.11 ...) NOT-FOR-US: Apple coregraphics CVE-2008-2322 (Integer overflow in CoreGraphics in Apple Mac OS X 10.4.11, 10.5.2, ...) NOT-FOR-US: Apple coregraphics CVE-2008-2323 (Unspecified vulnerability in Data Detectors Engine in Apple Mac OS X ...) NOT-FOR-US: Apple data_detectors_engine CVE-2008-2324 (The Repair Permissions tool in Disk Utility in Apple Mac OS X 10.4.11 ...) NOT-FOR-US: Repair Permissions tool in Disk Utility in Apple Mac OS X CVE-2008-2325 (QuickLook in Apple Mac OS X 10.4.11 and 10.5.4 allows remote attackers ...) NOT-FOR-US: Apple quicklook CVE-2008-2326 (mDNSResponder in the Bonjour Namespace Provider in Apple Bonjour for ...) NOT-FOR-US: mDNSResponder for Windows CVE-2008-2327 (Multiple buffer underflows in the (1) LZWDecode, (2) LZWDecodeCompat, ...) BUG: 234080 CVE-2008-2328 RESERVED CVE-2008-2329 (Directory Services in Apple Mac OS X 10.5 through 10.5.4, when Active ...) NOT-FOR-US: Directory Services in Apple Mac OS X CVE-2008-2330 (slapconfig in Directory Services in Apple Mac OS X 10.5 through 10.5.4 ...) NOT-FOR-US: slapconfig in Directory Services in Apple Mac OS X CVE-2008-2331 (Finder in Apple Mac OS X 10.5 through 10.5.4 does not properly update ...) NOT-FOR-US: Finder in Apple Mac OS X CVE-2008-2332 (ImageIO in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows ...) NOT-FOR-US: apple mac_os_x_server CVE-2008-2333 (Cross-site scripting (XSS) vulnerability in ldap_test.cgi in Barracuda ...) NOT-FOR-US: Barracuda Spam Firewall BSF CVE-2008-2334 (Multiple SQL injection vulnerabilities in W1L3D4 Philboard 0.5 allow ...) NOT-FOR-US: Aspindir philboard CVE-2008-2335 (Cross-site scripting (XSS) vulnerability in search_results.php in ...) NOT-FOR-US: vastal phpvid CVE-2008-2336 (SQL injection vulnerability in category.php in 68 Classifieds 4.0.1 ...) NOT-FOR-US: 68 Classifieds CVE-2008-2337 (Multiple SQL injection vulnerabilities in IMGallery 2.5, when ...) NOT-FOR-US: IMGallery CVE-2008-2338 (Interspire ActiveKB 1.5 and earlier allows remote attackers to gain ...) NOT-FOR-US: Interspire ActiveKB CVE-2008-2339 (SQL injection vulnerability in index.php in Turnkey Web Tools SunShop ...) NOT-FOR-US: turnkeywebtools sunshop_shopping_cart CVE-2008-2340 (Multiple SQL injection vulnerabilities in News Manager 2.0 allow ...) NOT-FOR-US: News Manager CVE-2008-2341 (PHP remote file inclusion vulnerability in ch_readalso.php in News ...) NOT-FOR-US: avalonnet news_manager CVE-2008-2342 (Directory traversal vulnerability in attachments.php in News Manager ...) NOT-FOR-US: News Manager CVE-2008-2343 (News Manager 2.0 allows remote attackers to bypass restrictions and ...) NOT-FOR-US: News Manager CVE-2008-2344 (Cross-site scripting (XSS) vulnerability in the air_filemanager 0.6.0 ...) NOT-FOR-US: TYPO3 air_filemanager CVE-2008-2345 (Unspecified vulnerability in the air_filemanager 0.6.0 and earlier ...) NOT-FOR-US: TYPO3 air_filemanager CVE-2008-2346 (AlkalinePHP 0.77.35 and earlier allows remote attackers to bypass ...) NOT-FOR-US: alkalinephp CVE-2008-2347 (MyPicGallery 1.0 allows remote attackers to bypass application ...) NOT-FOR-US: mypicgallery CVE-2008-2348 (MeltingIce File System 1.0 allows remote attackers to bypass ...) NOT-FOR-US: meltingicefs melting_ice_file_system CVE-2008-2349 (Zomplog 3.8.2 and earlier allows remote attackers to gain ...) NOT-FOR-US: zomplog CVE-2008-2350 (Directory traversal vulnerability in highlight.php in bcoos 1.0.9 ...) NOT-FOR-US: bcoos CVE-2008-2351 (Multiple SQL injection vulnerabilities in index.php in CMS ...) NOT-FOR-US: cms_webmanager pro CVE-2008-2352 (Directory traversal vulnerability in index.php in Smeego 1.0, when ...) NOT-FOR-US: smeego CVE-2008-2353 (Directory traversal vulnerability in admin.php in GNU/Gallery 1.1.1.0 ...) NOT-FOR-US: gnugallery CVE-2008-2354 (Unspecified vulnerability in the data export function in testMaker ...) NOT-FOR-US: testmaker CVE-2008-2355 (Directory traversal vulnerability in index.php in WR-Meeting 1.0, when ...) NOT-FOR-US: wr script wr meeting CVE-2008-2356 (SQL injection vulnerability in index.php in Archangel Weblog 0.90.02 ...) NOT-FOR-US: archangelmgt archangel_weblog CVE-2008-2357 (Stack-based buffer overflow in the split_redraw function in split.c in ...) BUG: 223017 CVE-2008-2358 (Integer overflow in the dccp_feat_change function in net/dccp/feat.c ...) BUG: 225757 CVE-2008-2359 (The default configuration of consolehelper in system-config-network ...) NOT-FOR-US: Fedora 8 consolehelper CVE-2008-2360 (Integer overflow in the AllocateGlyph function in the Render extension ...) BUG: 225419 CVE-2008-2361 (Integer overflow in the ProcRenderCreateCursor function in the Render ...) BUG: 225419 CVE-2008-2362 (Multiple integer overflows in the Render extension in the X server 1.4 ...) BUG: 225419 CVE-2008-2363 (The PartsBatch class in Pan 0.132 and earlier does not properly manage ...) BUG: 224051 CVE-2008-2364 (The ap_proxy_http_process_response function in mod_proxy_http.c in the ...) BUG: 227111 CVE-2008-2365 (Race condition in the ptrace and utrace support in the Linux kernel ...) NOT-FOR-US: Red Hat Enterprise Linux AS CVE-2008-2366 (Untrusted search path vulnerability in a certain Red Hat build script ...) NOT-FOR-US: Red Hat CVE-2008-2367 (Red Hat Certificate System 7.2 uses world-readable permissions for ...) NOT-FOR-US: redhat certificate_system CVE-2008-2368 (Red Hat Certificate System 7.2 stores passwords in cleartext in the ...) NOT-FOR-US: redhat certificate_system CVE-2008-2369 (manzier.pxt in Red Hat Network Satellite Server before 5.1.1 has a ...) NOT-FOR-US: Red Hat Network Satellite Server CVE-2008-2370 (Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 ...) BUG: 225477 CVE-2008-2371 (Heap-based buffer overflow in pcre_compile.c in the Perl-Compatible ...) BUG: 228091 CVE-2008-2372 (The Linux kernel 2.6.24 and 2.6.25 before 2.6.25.9 allows local users ...) BUG: 230581 CVE-2008-2373 REJECTED CVE-2008-2374 (src/sdp.c in bluez-libs 3.30 in BlueZ, and other bluez-libs before ...) BUG: 230591 CVE-2008-2375 (Memory leak in a certain Red Hat deployment of vsftpd before 2.0.5 on ...) NOTE: <2.0.5 only CVE-2008-2376 (Integer overflow in the rb_ary_fill function in array.c in Ruby before ...) BUG: 225465 CVE-2008-2377 (Use-after-free vulnerability in the ...) BUG: 230263 CVE-2008-2378 (Untrusted search path vulnerability in hfkernel in hf 0.7.3 and 0.8 ...) NOT-FOR-US: debian hf CVE-2008-2379 (Cross-site scripting (XSS) vulnerability in SquirrelMail before 1.4.17 ...) BUG: 249774 CVE-2008-2380 (SQL injection vulnerability in authpgsqllib.c in Courier-Authlib ...) BUG: 225407 CVE-2008-2381 (SQL injection vulnerability in the create function in ...) NOT-FOR-US: gforge CVE-2008-2382 (The protocol_client_msg function in vnc.c in the VNC server in (1) ...) BUG: 252266 CVE-2008-2383 (CRLF injection vulnerability in xterm allows user-assisted attackers ...) BUG: 253155 CVE-2008-2384 (SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql ...) BUG: 255031 CVE-2008-2385 RESERVED CVE-2008-2386 RESERVED CVE-2008-2387 RESERVED CVE-2008-2388 (Multiple off-by-one errors in opensuse-updater in openSUSE 10.2 have ...) NOT-FOR-US: opensuse updater in openSUSE CVE-2008-2389 (opensuse-updater in openSUSE 10.2 allows local users to access ...) NOT-FOR-US: openSUSE CVE-2008-2390 (Hpufunction.dll 4.0.0.1 in HP Software Update exposes the unsafe (1) ...) NOT-FOR-US: HP Software Update CVE-2008-2391 (SubSonic allows remote attackers to bypass pagesize limits and cause a ...) NOT-FOR-US: codeplex subsonic CVE-2008-2392 (Unrestricted file upload vulnerability in WordPress 2.5.1 and earlier ...) NOTE: under security mask CVE-2008-2393 (SQL injection vulnerability in play.php in EntertainmentScript 1.4.0 ...) NOT-FOR-US: entertainmentscript CVE-2008-2394 (Multiple SQL injection vulnerabilities in TAGWORX.CMS 3.00.02 allow ...) NOT-FOR-US: tagworx_cms CVE-2008-2395 (SQL injection vulnerability in thread.php in AlkalinePHP 0.80.00 beta ...) NOT-FOR-US: alkalinephp CVE-2008-2396 (PHP remote file inclusion vulnerability in index.php in Wajox Software ...) NOT-FOR-US: wajox_software mircrossys_cms CVE-2008-2397 (Cross-site scripting (XSS) vulnerability in search-results.dot in ...) NOT-FOR-US: dotcms CVE-2008-2398 (Cross-site scripting (XSS) vulnerability in index.php in AppServ Open ...) NOT-FOR-US: AppServ Open Project AppServ CVE-2008-2399 (Directory traversal vulnerability in the FireFTP add-on before ...) NOT-FOR-US: FireFTP add on CVE-2008-2400 (Unspecified vulnerability in stunnel before 4.23, when running as a ...) NOTE: Windows only. CVE-2008-2401 (The Admin Server in Sun Java Active Server Pages (ASP) Server before ...) NOT-FOR-US: Sun java_active_server CVE-2008-2402 (The Admin Server in Sun Java Active Server Pages (ASP) Server before ...) NOT-FOR-US: Sun Java ASP Server CVE-2008-2403 (Multiple directory traversal vulnerabilities in unspecified ASP ...) NOT-FOR-US: Sun Java ASP Server CVE-2008-2404 (Stack-based buffer overflow in the request handling implementation in ...) NOT-FOR-US: Sun Java ASP Server CVE-2008-2405 (Sun Java Active Server Pages (ASP) Server before 4.0.3 allows remote ...) NOT-FOR-US: Sun java_active_server_pages CVE-2008-2406 (The administration application server in Sun Java Active Server Pages ...) NOT-FOR-US: Sun Java ASP Server CVE-2008-2407 (Stack-based buffer overflow in AIM.DLL in Cerulean Studios Trillian ...) NOT-FOR-US: Cerulean Studios Trillian CVE-2008-2408 (Heap-based buffer overflow in the XML parsing functionality in ...) NOT-FOR-US: Cerulean Studios Trillian Pro CVE-2008-2409 (Stack-based buffer overflow in Cerulean Studios Trillian before ...) NOT-FOR-US: Cerulean Studios Trillian CVE-2008-2410 (Cross-site scripting (XSS) vulnerability in the servlet engine and Web ...) NOT-FOR-US: IBM Lotus Domino CVE-2008-2411 (SQL injection vulnerability in index.php in SazCart 1.5.1 and earlier, ...) NOT-FOR-US: SazCart CVE-2008-2412 (SQL injection vulnerability in glossaire.php in ACGV News 0.9.1 allows ...) NOT-FOR-US: ACGV News CVE-2008-2413 (Cross-site scripting (XSS) vulnerability in glossaire.php in ACGV News ...) NOT-FOR-US: ACGV News CVE-2008-2414 (Cross-site scripting (XSS) vulnerability in send_email.php in AN ...) NOT-FOR-US: AN Guestbook ANG CVE-2008-2415 (Directory traversal vulnerability in ...) NOT-FOR-US: DigitalHive aka hive CVE-2008-2416 (SQL injection vulnerability in index.php in FicHive 1.0 allows remote ...) NOT-FOR-US: FicHive CVE-2008-2417 (SQL injection vulnerability in showQAnswer.asp in How2ASP.net Webboard ...) NOT-FOR-US: How2ASP net CVE-2008-2418 (Race condition in the STREAMS Administrative Driver (sad) in Sun ...) NOT-FOR-US: Sun Solaris CVE-2008-2419 (Mozilla Firefox 2.0.0.14 allows remote attackers to cause a denial of ...) BUG: 223363 CVE-2008-2420 (The OCSP functionality in stunnel before 4.24 does not properly search ...) BUG: 222805 CVE-2008-2421 (Cross-site scripting (XSS) vulnerability in the Web GUI in SAP Web ...) NOT-FOR-US: Web GUI in SAP Web Application Server WAS CVE-2008-2422 (SQL injection vulnerability in index.php in Web Slider 0.6 allows ...) NOT-FOR-US: Web Slider CVE-2008-2423 (Unspecified vulnerability in Interchange before 5.6.0 and before 5.5.2 ...) NOT-FOR-US: Interchange CVE-2008-2424 (Unspecified vulnerability in the 404 error page for the "Standard ...) NOT-FOR-US: Interchange CVE-2008-2425 (SQL injection vulnerability in index.php in FicHive 1.0 allows remote ...) NOT-FOR-US: FicHive CVE-2008-2426 (Multiple stack-based buffer overflows in Imlib 2 (aka imlib2) 1.4.0 ...) BUG: 223965 CVE-2008-2427 (Stack-based buffer overflow in NConvert 4.92, GFL SDK 2.82, and XnView ...) NOT-FOR-US: nconvert CVE-2008-2428 (Multiple SQL injection vulnerabilities in TorrentTrader 1.08 Classic ...) NOT-FOR-US: TorrentTrader Classic CVE-2008-2429 (Multiple SQL injection vulnerabilities in Calendarix Basic ...) NOT-FOR-US: calendarix basic CVE-2008-2430 (Integer overflow in the Open function in modules/demux/wav.c in VLC ...) BUG: 230692 CVE-2008-2431 (Multiple buffer overflows in Novell iPrint Client before 5.06 allow ...) NOT-FOR-US: novell iprint CVE-2008-2432 (Insecure method vulnerability in the GetFileList method in an ...) NOT-FOR-US: novell iprint CVE-2008-2433 (The web management console in Trend Micro OfficeScan 7.0 through 8.0, ...) NOT-FOR-US: Trend Micro client_server_messaging_suite CVE-2008-2434 (The Trend Micro HouseCall ActiveX control 6.51.0.1028 and 6.6.0.1278 ...) NOT-FOR-US: trend_micro housecall CVE-2008-2435 (Use-after-free vulnerability in the Trend Micro HouseCall ActiveX ...) NOT-FOR-US: trend_micro housecall CVE-2008-2436 (Multiple heap-based buffer overflows in the IppCreateServerRef ...) NOT-FOR-US: novell iprint_client CVE-2008-2437 (Stack-based buffer overflow in cgiRecvFile.exe in Trend Micro ...) NOT-FOR-US: trend_micro officescan CVE-2008-2438 (Integer overflow in ovalarmsrv.exe in HP OpenView Network Node Manager ...) NOT-FOR-US: hp openview_network_node_manager CVE-2008-2439 (Directory traversal vulnerability in the UpdateAgent function in ...) NOT-FOR-US: trend_micro worry_free_business_security CVE-2008-2440 RESERVED CVE-2008-2441 (Cisco Secure ACS 3.x before 3.3(4) Build 12 patch 7, 4.0.x, 4.1.x ...) NOT-FOR-US: Cisco Secure ACS CVE-2008-2442 RESERVED CVE-2008-2443 (SQL injection vulnerability in dpage.php in The Real Estate Script ...) NOT-FOR-US: The Real Estate Script CVE-2008-2444 (SQL injection vulnerability in userreg.php in CaLogic Calendars 1.2.2 ...) NOT-FOR-US: CaLogic Calendars CVE-2008-2445 (Cross-site scripting (XSS) vulnerability in profile.php in Web Group ...) NOT-FOR-US: Web Group Communication Center CVE-2008-2446 (Multiple SQL injection vulnerabilities in Web Group Communication ...) NOT-FOR-US: Web Group Communication Center CVE-2008-2447 (SQL injection vulnerability in products.php in the Mytipper ZoGo-shop ...) NOT-FOR-US: Mytipper ZoGo-shop plugin CVE-2008-2448 (Multiple SQL injection vulnerabilities in Meto Forum 1.1 allow remote ...) NOT-FOR-US: Meto Forum 1.1 CVE-2008-2449 (Multiple cross-site scripting (XSS) vulnerabilities in Isaac McGowan ...) NOT-FOR-US: phpInstantGallery 2.0 CVE-2008-2450 (Multiple cross-site scripting (XSS) vulnerabilities in the Statistics ...) NOT-FOR-US: Statistics (aka ke_stats) extension 0.1.2 and earlier for TYPO3 CVE-2008-2451 (Multiple SQL injection vulnerabilities in the Statistics (aka ...) NOT-FOR-US: Statistics (aka ke_stats) extension 0.1.2 and earlier for TYPO3 CVE-2008-2452 (Cross-site scripting (XSS) vulnerability in the Questionaire (aka ...) NOT-FOR-US: Questionaire (aka pbsurvey) extension 1.2.0 and earlier for TYPO3 CVE-2008-2453 (Multiple SQL injection vulnerabilities in PHP Classifieds Script allow ...) NOT-FOR-US: PHP Classifieds Script CVE-2008-2454 (SQL injection vulnerability in the xsstream-dm (com_xsstream-dm) ...) NOT-FOR-US: Joomla com_xsstream dm CVE-2008-2455 (SQL injection vulnerability in comment.php in the MacGuru BLOG Engine ...) NOT-FOR-US: MacGuru BLOG Engine plugin 2.2 for e107 CVE-2008-2456 (SQL injection vulnerability in index.php in ComicShout 2.5 and earlier ...) NOT-FOR-US: comicshout CVE-2008-2457 (SQL injection vulnerability in jokes_category.php in PHP-Jokesite 2.0 ...) NOT-FOR-US: bitmixsoft php jokesite CVE-2008-2458 (Cross-site scripting (XSS) vulnerability in index.php in Starsgames ...) NOT-FOR-US: Starsgames Control Panel CVE-2008-2459 (Directory traversal vulnerability in page.php in EntertainmentScript ...) NOT-FOR-US: entertainmentscript CVE-2008-2460 (SQL injection vulnerability in faq.php in vBulletin 3.7.0 Gold allows ...) NOT-FOR-US: vbulletin CVE-2008-2461 (SQL injection vulnerability in index.php in Netious CMS 0.4 allows ...) NOT-FOR-US: Netious CMS CVE-2008-2462 (Cross-site scripting (XSS) vulnerability in the viewfile documentation ...) NOTE: old CVE-2008-2463 (The Microsoft Office Snapshot Viewer ActiveX control in snapview.ocx ...) NOT-FOR-US: Microsoft office_snapshot_viewer_activex CVE-2008-2464 (The mld_input function in sys/netinet6/mld6.c in the kernel in NetBSD ...) NOT-FOR-US: netbsd CVE-2008-2465 RESERVED CVE-2008-2466 RESERVED CVE-2008-2467 RESERVED CVE-2008-2468 (Multiple buffer overflows in the QIP Server Service (aka qipsrvr.exe) ...) NOT-FOR-US: QIP Server Service CVE-2008-2469 (Heap-based buffer overflow in the SPF_dns_resolv_lookup function in ...) BUG: 242254 CVE-2008-2470 (The InstallShield Update Service Agent ActiveX control in isusweb.dll ...) NOT-FOR-US: InstallShield Update Service Agent CVE-2008-2471 RESERVED CVE-2008-2472 RESERVED CVE-2008-2473 RESERVED CVE-2008-2474 (Buffer overflow in x87 before 3.5.5 in ABB Process Communication Unit ...) NOT-FOR-US: ABB Process Communication Unit 400 (PCU400) - SCADA CVE-2008-2475 (eBay Enhanced Picture Uploader ActiveX control (EPUWALcontrol.dll) ...) NOT-FOR-US: ebay enhanced_picture_uploader_activex_control CVE-2008-2476 (The IPv6 Neighbor Discovery Protocol (NDP) implementation in (1) ...) NOT-FOR-US: We only have freebsd-sources < 6.3 CVE-2008-2477 (SQL injection vulnerability in index.php in MxBB (aka MX-System) ...) NOT-FOR-US: MxBB (aka MX-System) CVE-2008-2478 (** DISPUTED ** ...) NOT-FOR-US: cPanel CVE-2008-2479 (Multiple SQL injection vulnerabilities in phpFix 2.0 allow remote ...) NOT-FOR-US: phpFix 2.0 CVE-2008-2480 (PHP remote file inclusion vulnerability in plus.php in plusPHP Short ...) NOT-FOR-US: plusphp_short_url_multi user_script CVE-2008-2481 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: phpRaider CVE-2008-2482 (Directory traversal vulnerability in install_mod.php in insanevisions ...) NOT-FOR-US: insanevisions OneCMS CVE-2008-2483 (Directory traversal vulnerability in index.php in Xomol CMS 1.20071213 ...) NOT-FOR-US: Xomol CMS CVE-2008-2484 (SQL injection vulnerability in index.php in Xomol CMS 1.20071213, when ...) NOT-FOR-US: Xomol CMS CVE-2008-2485 (Cross-site scripting (XSS) vulnerability in the URL redirection script ...) NOT-FOR-US: PCPIN Chat CVE-2008-2486 (Unspecified vulnerability in eMule Plus before 1.2d has unknown impact ...) NOT-FOR-US: eMule Plus CVE-2008-2487 (SQL injection vulnerability in index.php in MAXSITE 1.10 and earlier ...) NOT-FOR-US: MAXSITE 1.10 CVE-2008-2488 (admin/userform.php in RoomPHPlanning 1.5 does not require ...) NOT-FOR-US: RoomPHPlanning CVE-2008-2489 (SQL injection vulnerability in the Library for Frontend Plugins (aka ...) NOT-FOR-US: Library for Frontend Plugins (aka sg_zfelib) extension 1.1.512 and earlier for TYPO3 CVE-2008-2490 (Cross-site scripting (XSS) vulnerability in the KJ Image Lightbox 2 ...) NOT-FOR-US: TYPO3 kj_imagelightbox2 CVE-2008-2491 (SQL injection vulnerability in adv_cat.php in AbleSpace 1.0 allows ...) NOT-FOR-US: AbleSpace CVE-2008-2492 (Multiple SQL injection vulnerabilities in Campus Bulletin Board 3.4 ...) NOT-FOR-US: Campus Bulletin Board CVE-2008-2493 (Cross-site scripting (XSS) vulnerability in post3/Book.asp in Campus ...) NOT-FOR-US: Campus Bulletin Board CVE-2008-2494 (Cross-site scripting (XSS) vulnerability in index.php in Zina 1.0 RC3 ...) BUG: 224081 CVE-2008-2495 (Directory traversal vulnerability in index.php in Zina 1.0 RC3 allows ...) BUG: 224081 CVE-2008-2496 (Multiple cross-site scripting (XSS) vulnerabilities in Quate CMS 0.3.4 ...) NOT-FOR-US: Quate CMS 0.3.4 CVE-2008-2497 (CRLF injection vulnerability in Mambo before 4.6.4 allows remote ...) BUG: 224513 CVE-2008-2498 (Multiple SQL injection vulnerabilities in index.php in Mambo before ...) BUG: 224513 CVE-2008-2499 (Stack-based buffer overflow in the Community Services Multiplexer (aka ...) NOT-FOR-US: IBM Lotus Sametime CVE-2008-2500 (Cross-site scripting (XSS) vulnerability in the MOStlyContent Editor ...) NOT-FOR-US: Mambo MostlyCE CVE-2008-2501 (Multiple SQL injection vulnerabilities in PHPhotoalbum 0.5 allow ...) NOT-FOR-US: Henning Stoverud PHPhotoalbum CVE-2008-2502 (Unspecified vulnerability in the web server in eMule X-Ray before 1.4 ...) NOT-FOR-US: Emule X_Ray CVE-2008-2503 (Buffer overflow in Uploadlist in eMule X-Ray before 1.4 has unknown ...) NOT-FOR-US: SourceForge eMule X Ray CVE-2008-2504 (Multiple SQL injection vulnerabilities in Simpel Side Netbutik 1 ...) NOT-FOR-US: Simpel Side Netbutik CVE-2008-2505 (Cross-site scripting (XSS) vulnerability in result.php in Simpel Side ...) NOT-FOR-US: Simpel Side Weblosninger CVE-2008-2506 (Multiple SQL injection vulnerabilities in Simpel Side Weblosning 1 ...) NOT-FOR-US: Simpel Side Weblosning CVE-2008-2507 (Cross-site scripting (XSS) vulnerability in Calcium40.pl in Brown Bear ...) NOT-FOR-US: Brown Bear Software Calcium CVE-2008-2508 (Cross-site scripting (XSS) vulnerability in news.php in Tr Script News ...) NOT-FOR-US: Tr Script News CVE-2008-2509 (SQL injection vulnerability in pwd.asp in Excuse Online allows remote ...) NOT-FOR-US: Excuse Online CVE-2008-2510 (SQL injection vulnerability in wp-uploadfile.php in the Upload File ...) NOT-FOR-US: WordPress Upload File plugin CVE-2008-2511 (Directory traversal vulnerability in the ...) NOT-FOR-US: CA Internet Security Suite CVE-2008-2512 (Directory traversal vulnerability in Symantec Backup Exec System ...) NOT-FOR-US: Symantec Backup Exec System Recovery Manager CVE-2008-2513 (Buffer overflow in the kernel in IBM AIX 5.2, 5.3, and 6.1 allows ...) NOT-FOR-US: kernel in IBM AIX CVE-2008-2514 (Buffer overflow in errpt in IBM AIX 5.2, 5.3, and 6.1 allows local ...) NOT-FOR-US: errpt in IBM AIX CVE-2008-2515 (Unspecified vulnerability in iostat in IBM AIX 5.2, 5.3, and 6.1 ...) NOT-FOR-US: iostat in IBM AIX CVE-2008-2516 (pam_sm_authenticate in pam_pgsql.c in libpam-pgsql 0.6.3 does not ...) NOT-FOR-US: libpam pgsql CVE-2008-2517 (The sarab.sh script in SaraB before 0.2.4 places the dar program's ...) BUG: 198473 CVE-2008-2518 (Cross-site scripting (XSS) vulnerability in the advanced search ...) NOT-FOR-US: Sun Java System Web Server CVE-2008-2519 (Directory traversal vulnerability in Core FTP client 2.1 Build 1565 ...) NOT-FOR-US: Core FTP client CVE-2008-2520 (Multiple PHP remote file inclusion vulnerabilities in BigACE 2.4, when ...) NOT-FOR-US: BigACE CVE-2008-2521 (SQL injection vulnerability in members.php in YABSoft Mega File ...) NOT-FOR-US: YABSoft Mega File Hosting Script aka MFH or MFHS CVE-2008-2522 (SQL injection vulnerability in members.php in Battle.net Clan Script ...) NOT-FOR-US: Battle net Clan Script for PHP CVE-2008-2523 (SQL injection vulnerability in the Autopatcher server plugin in RakNet ...) NOT-FOR-US: Autopatcher server plugin in RakNet CVE-2008-2524 (BlogPHP 2.0 allows remote attackers to bypass authentication, and post ...) NOT-FOR-US: BlogPHP CVE-2008-2525 (Cross-site scripting (XSS) vulnerability in the Event Database (aka ...) NOT-FOR-US: Event Database aka rlmp_eventdb extension CVE-2008-2526 (Cross-site scripting (XSS) vulnerability in the WT Gallery (aka ...) NOT-FOR-US: WT Gallery aka wt_gallery extension CVE-2008-2527 (Cross-site scripting (XSS) vulnerability in view.php in ActualScripts ...) NOT-FOR-US: ActualScripts ActualAnalyzer Server CVE-2008-2528 (Unspecified vulnerability in Citrix Access Gateway Standard Edition ...) NOT-FOR-US: Citrix Access Gateway Standard Edition CVE-2008-2529 (SQL injection vulnerability in read.php in Advanced Links Management ...) NOT-FOR-US: Advanced Links Management ALM CVE-2008-2530 (Multiple SQL injection vulnerabilities in Concepts & Solutions ...) NOT-FOR-US: QuickUpCMS CVE-2008-2531 (Cross-site scripting (XSS) vulnerability in the search script in Build ...) NOT-FOR-US: search script in Build A Niche Store BANS CVE-2008-2532 (SQL injection vulnerability in forum/topic_detail.php in AJ Square ...) NOT-FOR-US: AJ Square aj-hyip CVE-2008-2533 (Multiple cross-site scripting (XSS) vulnerabilities in Phoenix View ...) NOT-FOR-US: Phoenix View CMS CVE-2008-2534 (Directory traversal vulnerability in admin/admin_frame.php in Phoenix ...) NOT-FOR-US: Phoenix View CMS CVE-2008-2535 (Multiple SQL injection vulnerabilities in Phoenix View CMS Pre Alpha2 ...) NOT-FOR-US: Phoenix View CMS CVE-2008-2536 (SQL injection vulnerability in out.php in YABSoft Advanced Image ...) NOT-FOR-US: YABSoft Advanced Image Hosting AIH Script CVE-2008-2537 (SQL injection vulnerability in cat.php in HispaH Model Search allows ...) NOT-FOR-US: HispaH CVE-2008-2538 (Unspecified vulnerability in crontab on Sun Solaris 8 through 10, and ...) NOT-FOR-US: crontab on Sun Solaris CVE-2008-2539 (The Sun Cluster Global File System in Sun Cluster 3.1 on Sun Solaris 8 ...) NOT-FOR-US: Sun Cluster CVE-2008-2540 (Apple Safari on Mac OS X, and before 3.1.2 on Windows, does not prompt ...) NOT-FOR-US: Apple Safari CVE-2008-2541 (Multiple stack-based buffer overflows in the HTTP Gateway Service ...) NOT-FOR-US: CA etrust_secure_content_manager CVE-2008-2542 (Stack-based buffer overflow in the getline function in Ppm/ppm.C in ...) NOT-FOR-US: NASA Ames Research Center BigView CVE-2008-2543 (The ooh323 channel driver in Asterisk Addons 1.2.x before 1.2.9 and ...) BUG: 224949 CVE-2008-2544 RESERVED CVE-2008-2545 (Skype 3.6.0.248, and other versions before 3.8.0.139, uses a ...) NOTE: According to Skype advisory 2008-003, only Skype on Windows is affected. CVE-2008-2546 REJECTED CVE-2008-2547 (Stack-based buffer overflow in msiexec.exe 3.1.4000.1823 and ...) NOT-FOR-US: Microsoft windows_installer CVE-2008-2548 (Stack-based buffer overflow in the JPEG thumbprint component in the ...) NOT-FOR-US: Motorola razr CVE-2008-2549 (Adobe Acrobat Reader 8.1.2 and earlier, and before 7.1.1, allows ...) BUG: 225483 CVE-2008-2550 (Unspecified vulnerability in the Web Services Security component in ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2008-2551 (The DownloaderActiveX Control (DownloaderActiveX.ocx) in Icona SpA C6 ...) NOT-FOR-US: icona instant_messenger CVE-2008-2552 (Unspecified vulnerability in the Service Tag Registry on Sun Solaris ...) NOT-FOR-US: Sun Service Tag CVE-2008-2553 (Cross-site scripting (XSS) vulnerability in Slashdot Like Automated ...) NOT-FOR-US: Slashcode com Slash CVE-2008-2554 (Multiple SQL injection vulnerabilities in BP Blog 6.0 allow remote ...) NOT-FOR-US: BP Blog CVE-2008-2555 (SQL injection vulnerability in index.php in EasyWay CMS allows remote ...) NOT-FOR-US: CMS EasyWay CVE-2008-2556 (SQL injection vulnerability in read.php in PHP Visit Counter 0.4 and ...) NOT-FOR-US: hessel_brouwer php_visit_counter CVE-2008-2557 (Cross-site scripting (XSS) vulnerability in CRE Loaded 6.2.13.1 and ...) NOT-FOR-US: CRE Loaded CVE-2008-2558 (CRE Loaded 6.2.13.1 and earlier does not set the "Secure" attribute ...) NOT-FOR-US: CRE Loaded CVE-2008-2559 (Integer overflow in Borland Interbase 2007 SP2 (8.1.0.256) allows ...) NOT-FOR-US: damian_frizza Borland Interbase CVE-2008-2560 (SQL injection vulnerability in showpost.php in 427BB 2.3.1 allows ...) NOT-FOR-US: 427BB CVE-2008-2561 (Multiple cross-site scripting (XSS) vulnerabilities in 427BB 2.3.1 ...) NOT-FOR-US: 427BB CVE-2008-2562 (SQL injection vulnerability in edCss.php in PowerPhlogger 2.2.5 and ...) NOT-FOR-US: PowerPhlogger CVE-2008-2563 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...) NOT-FOR-US: SamTodo CVE-2008-2564 (SQL injection vulnerability in the JotLoader (com_jotloader) component ...) NOT-FOR-US: JotLoader com_jotloader component CVE-2008-2565 (Multiple SQL injection vulnerabilities in PHP Address Book 3.1.5 and ...) NOT-FOR-US: PHP Address Book CVE-2008-2566 (Multiple cross-site scripting (XSS) vulnerabilities in PHP Address ...) NOT-FOR-US: PHP Address Book CVE-2008-2567 (Cross-site scripting (XSS) vulnerability in Fenriru Sleipnir 2.7.1 ...) NOT-FOR-US: Fenriru Sleipnir CVE-2008-2568 (SQL injection vulnerability in the Simple Shop Galore (com_simpleshop) ...) NOT-FOR-US: Simple Shop Galore com_simpleshop component CVE-2008-2569 (SQL injection vulnerability in the EasyBook (com_easybook) component ...) NOT-FOR-US: EasyBook com_easybook component CVE-2008-2570 (Multiple unspecified vulnerabilities in LimeSurvey (formerly ...) NOT-FOR-US: LimeSurvey formerly PHPSurveyor CVE-2008-2571 (Cross-site request forgery (CSRF) vulnerability in LimeSurvey ...) NOT-FOR-US: LimeSurvey formerly PHPSurveyor CVE-2008-2572 (SQL injection vulnerability in php/leer_comentarios.php in FlashBlog ...) NOT-FOR-US: FlashBlog CVE-2008-2573 (Stack-based buffer overflow in SFTP in freeSSHd 1.2.1 allows remote ...) NOT-FOR-US: SFTP in freeSSHd CVE-2008-2574 (Unrestricted file upload vulnerability in admin/Editor/imgupload.php ...) NOT-FOR-US: FlashBlog CVE-2008-2575 (cbrPager before 0.9.17 allows user-assisted remote attackers to ...) BUG: 223657 CVE-2008-2576 (Unspecified vulnerability in the WebLogic Server component in Oracle ...) NOT-FOR-US: Oracle bea_product_suite CVE-2008-2577 (Unspecified vulnerability in the WebLogic Server component in Oracle ...) NOT-FOR-US: Oracle bea_product_suite CVE-2008-2578 (Unspecified vulnerability in the WebLogic Server component in Oracle ...) NOT-FOR-US: Oracle bea_product_suite CVE-2008-2579 (Unspecified vulnerability in the WebLogic Server Plugins for Apache, ...) NOT-FOR-US: Oracle bea_product_suite CVE-2008-2580 (Unspecified vulnerability in the WebLogic Server component in Oracle ...) NOT-FOR-US: Oracle bea_product_suite CVE-2008-2581 (Unspecified vulnerability in the WebLogic Server component in Oracle ...) NOT-FOR-US: Oracle bea_product_suite CVE-2008-2582 (Unspecified vulnerability in the WebLogic Server component in Oracle ...) NOT-FOR-US: Oracle bea_product_suite CVE-2008-2583 (Unspecified vulnerability in the sample Discussion Forum Portlet for ...) NOT-FOR-US: oracle_portal_component CVE-2008-2584 RESERVED CVE-2008-2585 (Unspecified vulnerability in the Oracle Report Manager component in ...) NOT-FOR-US: Oracle report_manager_component CVE-2008-2586 (Unspecified vulnerability in the Oracle Application Object Library ...) NOT-FOR-US: Oracle application_object_library CVE-2008-2587 (Unspecified vulnerability in the Advanced Replication component in ...) NOT-FOR-US: Oracle Database 10g CVE-2008-2588 (Unspecified vulnerability in the Oracle JDeveloper component in Oracle ...) NOT-FOR-US: oracle jdeveloper CVE-2008-2589 (Unspecified vulnerability in the Oracle Portal component in Oracle ...) NOT-FOR-US: oracle_portal_component CVE-2008-2590 (Unspecified vulnerability in the Instance Management component in ...) NOT-FOR-US: Oracle Database 10g CVE-2008-2591 (Unspecified vulnerability in the Oracle Database Vault component in ...) NOT-FOR-US: Oracle Database 10g CVE-2008-2592 (Unspecified vulnerability in the Advanced Replication component in ...) NOT-FOR-US: Oracle advanced_replication_component CVE-2008-2593 (Unspecified vulnerability in the Oracle Portal component in Oracle ...) NOT-FOR-US: oracle_portal_component CVE-2008-2594 (Unspecified vulnerability in the Oracle Portal component in Oracle ...) NOT-FOR-US: oracle_portal_component CVE-2008-2595 (Unspecified vulnerability in the Oracle Internet Directory component ...) NOT-FOR-US: Oracle Database 10g CVE-2008-2596 (Unspecified vulnerability in the Mobile Application Server component ...) NOT-FOR-US: Oracle mobile_application_server CVE-2008-2597 (Unspecified vulnerability in the TimesTen Client/Server component in ...) NOT-FOR-US: Oracle times_ten_client_server_component CVE-2008-2598 (Unspecified vulnerability in the TimesTen Client/Server component in ...) NOT-FOR-US: Oracle times_ten_client_server CVE-2008-2599 (Unspecified vulnerability in the TimesTen Client/Server component in ...) NOT-FOR-US: Oracle times_ten_client_server CVE-2008-2600 (Unspecified vulnerability in the Oracle Spatial component in Oracle ...) NOT-FOR-US: Oracle spatial_component CVE-2008-2601 (Unspecified vulnerability in the Oracle iStore component in Oracle ...) NOT-FOR-US: Oracle E Business Suite CVE-2008-2602 (Unspecified vulnerability in the Data Pump component in Oracle ...) NOT-FOR-US: Oracle Database 10g CVE-2008-2603 (Unspecified vulnerability in the Resource Manager component in Oracle ...) NOT-FOR-US: Oracle Enterprise Manager CVE-2008-2604 (Unspecified vulnerability in the Authentication component in Oracle ...) NOT-FOR-US: Oracle authentication_component CVE-2008-2605 (Unspecified vulnerability in the Authentication component in Oracle ...) NOT-FOR-US: Oracle authentication_component CVE-2008-2606 (Unspecified vulnerability in the Oracle Application Object Library ...) NOT-FOR-US: Oracle application_object_library CVE-2008-2607 (Unspecified vulnerability in the Advanced Queuing component in Oracle ...) NOT-FOR-US: Oracle Database 10g CVE-2008-2608 (Unspecified vulnerability in the Data Pump component in Oracle ...) NOT-FOR-US: Oracle Database 10g CVE-2008-2609 (Unspecified vulnerability in the Oracle Portal component in Oracle ...) NOT-FOR-US: oracle_portal_component CVE-2008-2610 (Unspecified vulnerability in the Oracle Applications Technology Stack ...) NOT-FOR-US: oracle_applications_technology_stack_component CVE-2008-2611 (Unspecified vulnerability in the Core RDBMS component in Oracle ...) NOT-FOR-US: Oracle core_rdbms_component CVE-2008-2612 (Unspecified vulnerability in the Hyperion BI Plus component in Oracle ...) NOT-FOR-US: Oracle Application Server CVE-2008-2613 (Unspecified vulnerability in the Database Scheduler component in ...) NOT-FOR-US: Oracle Database 10g CVE-2008-2614 (Unspecified vulnerability in the Oracle HTTP Server component in ...) NOT-FOR-US: Oracle Application Server CVE-2008-2615 (Unspecified vulnerability in the PeopleSoft PeopleTools component in ...) NOT-FOR-US: Oracle PeopleSoft Enterprise CVE-2008-2616 (Unspecified vulnerability in the PeopleSoft PeopleTools component in ...) NOT-FOR-US: Oracle PeopleSoft PeopleTools CVE-2008-2617 (Unspecified vulnerability in the PeopleSoft PeopleTools component in ...) NOT-FOR-US: Oracle PeopleSoft Enterprise CVE-2008-2618 (Unspecified vulnerability in the PeopleSoft PeopleTools component in ...) NOT-FOR-US: Oracle PeopleSoft Enterprise CVE-2008-2619 (Unspecified vulnerability in the Oracle Reports Developer component in ...) NOT-FOR-US: oracle e business_suite CVE-2008-2620 (Unspecified vulnerability in the PeopleSoft PeopleTools component in ...) NOT-FOR-US: Oracle PeopleSoft Enterprise CVE-2008-2621 (Unspecified vulnerability in the PeopleSoft PeopleTools component in ...) NOT-FOR-US: Oracle PeopleSoft Enterprise CVE-2008-2622 (Unspecified vulnerability in the PeopleSoft PeopleTools component in ...) NOT-FOR-US: Oracle PeopleSoft Enterprise CVE-2008-2623 (Unspecified vulnerability in the Oracle JDeveloper component in Oracle ...) NOT-FOR-US: Oracle JDeveloper component in Oracle Application Server CVE-2008-2624 (Unspecified vulnerability in the Oracle OLAP component in Oracle ...) NOT-FOR-US: oracle database_10g CVE-2008-2625 (Unspecified vulnerability in the Core RDBMS component in Oracle ...) NOT-FOR-US: oracle database_9i CVE-2008-2626 (SQL injection vulnerability in comment.asp in Battle Blog 1.25 and ...) NOT-FOR-US: Battle Blog CVE-2008-2627 (SQL injection vulnerability in the IDoBlog (com_idoblog) component b24 ...) NOT-FOR-US: IDoBlog CVE-2008-2628 (SQL injection vulnerability in the eQuotes (com_equotes) component ...) NOT-FOR-US: eQuotes com_equotes component CVE-2008-2629 (SQL injection vulnerability in the LifeType (formerly pLog) module for ...) NOT-FOR-US: LifeType CVE-2008-2630 (SQL injection vulnerability in the JooBlog (com_jb2) component 0.1.1 ...) NOT-FOR-US: JooBlog CVE-2008-2631 (The WordClient interface in Alt-N Technologies MDaemon 9.6.5 allows ...) NOT-FOR-US: MDaemon CVE-2008-2632 (SQL injection vulnerability in the acctexp (com_acctexp) component ...) NOT-FOR-US: acctexp com_acctexp component CVE-2008-2633 (Multiple SQL injection vulnerabilities in the EXP JoomRadio ...) NOT-FOR-US: EXP JoomRadio com_joomradio component CVE-2008-2634 (SQL injection vulnerability in index.asp in I-Pos Internet Pay Online ...) NOT-FOR-US: I Pos Internet Pay Online Store CVE-2008-2635 (Multiple directory traversal vulnerabilities in BitKinex 2.9.3 allow ...) NOT-FOR-US: BitKinex CVE-2008-2636 (The HTTP service on the Cisco Linksys WRH54G with firmware 1.01.03 ...) NOT-FOR-US: Cisco Linksys WRH54G CVE-2008-2637 (Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass SSL ...) NOT-FOR-US: F5 FirePass SSL VPN CVE-2008-2638 (Static code injection vulnerability in guestbook.php in 1Book 1.0.1 ...) NOT-FOR-US: 1Book CVE-2008-2639 (Stack-based buffer overflow in the ODBC server service in Citect ...) NOT-FOR-US: Citect CitectSCADA CVE-2008-2640 (Multiple cross-site scripting (XSS) vulnerabilities in the Flex 3 ...) NOT-FOR-US: Adobe flex_builder CVE-2008-2641 (Unspecified vulnerability in Adobe Reader and Acrobat 7.0.9 and ...) BUG: 233383 CVE-2008-2642 (SQL injection vulnerability in login.php in OtomiGenX 2.2 allows ...) NOT-FOR-US: OtomiGenX CVE-2008-2643 (SQL injection vulnerability in the Bible Study (com_biblestudy) ...) NOT-FOR-US: Bible Study com_biblestudy component CVE-2008-2644 (Multiple cross-site scripting (XSS) vulnerabilities in SMEWeb 1.4b and ...) NOT-FOR-US: SMEWeb CVE-2008-2645 (Multiple PHP remote file inclusion vulnerabilities in Brim (formerly ...) NOT-FOR-US: Brim formerly Booby CVE-2008-2646 (Multiple cross-site scripting (XSS) vulnerabilities in meBiblio 0.4.7 ...) NOT-FOR-US: meBiblio CVE-2008-2647 (SQL injection vulnerability in admin/journal_change_mask.inc.php in ...) NOT-FOR-US: meBiblio CVE-2008-2648 (Unrestricted file upload vulnerability in upload/uploader.html in ...) NOT-FOR-US: meBiblio CVE-2008-2649 (Multiple PHP remote file inclusion vulnerabilities in DesktopOnNet 3 ...) NOT-FOR-US: DesktopOnNet CVE-2008-2650 (Directory traversal vulnerability in cmsimple/cms.php in CMSimple 3.1, ...) NOT-FOR-US: CMSimple CVE-2008-2651 (SQL injection vulnerability in the Joomla! Bulletin Board (aka Joo!BB ...) NOT-FOR-US: Joomla Bulletin Board aka Joo BB or com_joobb component CVE-2008-2652 (Multiple SQL injection vulnerabilities in catalog.php in SMEWeb 1.4b ...) NOT-FOR-US: SMEWeb CVE-2008-2653 RESERVED CVE-2008-2654 (Off-by-one error in the read_client function in webhttpd.c in Motion ...) BUG: 227053 CVE-2008-2655 RESERVED CVE-2008-2656 RESERVED CVE-2008-2657 RESERVED CVE-2008-2658 RESERVED CVE-2008-2659 RESERVED CVE-2008-2660 RESERVED CVE-2008-2661 RESERVED CVE-2008-2662 (Multiple integer overflows in the rb_str_buf_append function in Ruby ...) BUG: 225465 CVE-2008-2663 (Multiple integer overflows in the rb_ary_store function in Ruby 1.8.4 ...) BUG: 225465 CVE-2008-2664 (The rb_str_format function in Ruby 1.8.4 and earlier, 1.8.5 before ...) BUG: 225465 CVE-2008-2665 (Directory traversal vulnerability in the posix_access function in PHP ...) BUG: 228369 CVE-2008-2666 (Multiple directory traversal vulnerabilities in PHP 5.2.6 and earlier ...) BUG: 228369 CVE-2008-2667 (SQL injection vulnerability in the Courier Authentication Library (aka ...) BUG: 225407 CVE-2008-2668 (Multiple cross-site scripting (XSS) vulnerabilities in yBlog 0.2.2.2 ...) NOT-FOR-US: yBlog CVE-2008-2669 (Multiple SQL injection vulnerabilities in yBlog 0.2.2.2 allow remote ...) NOT-FOR-US: yBlog CVE-2008-2670 (Multiple SQL injection vulnerabilities in index.php in Insanely Simple ...) NOT-FOR-US: Insanely Simple Blog CVE-2008-2671 (SQL injection vulnerability in comments.php in DCFM Blog 0.9.4 allows ...) NOT-FOR-US: DCFM Blog CVE-2008-2672 (Multiple directory traversal vulnerabilities in ErfurtWiki R1.02b and ...) NOT-FOR-US: ErfurtWiki CVE-2008-2673 (SQL injection vulnerability in index.php in Powie pNews 2.08 and 2.10, ...) NOT-FOR-US: Powie pNews CVE-2008-2674 (Unspecified vulnerability in the Interstage Management Console, as ...) NOT-FOR-US: Interstage Management Console as used in Fujitsu Interstage Application Server CVE-2008-2675 (Cross-site scripting (XSS) vulnerability in index.php in PHP Image ...) NOT-FOR-US: PHP Image Gallery CVE-2008-2676 (SQL injection vulnerability in the iJoomla News Portal ...) NOT-FOR-US: iJoomla News Portal com_news_portal component CVE-2008-2677 (Cross-site scripting (XSS) vulnerability in edit1.php in Telephone ...) NOT-FOR-US: Telephone Directory CVE-2008-2678 (Multiple SQL injection vulnerabilities in Telephone Directory 2008, ...) NOT-FOR-US: Telephone Directory CVE-2008-2679 (SQL injection vulnerability in the KeyWordsList function in ...) NOT-FOR-US: Realm CMS CVE-2008-2680 (Multiple cross-site scripting (XSS) vulnerabilities in _db/compact.asp ...) NOT-FOR-US: Realm CMS CVE-2008-2681 (Realm CMS 2.3 and earlier allows remote attackers to obtain sensitive ...) NOT-FOR-US: Realm CMS CVE-2008-2682 (_RealmAdmin/login.asp in Realm CMS 2.3 and earlier allows remote ...) NOT-FOR-US: Realm CMS CVE-2008-2683 (The BIDIB.BIDIBCtrl.1 ActiveX control in BIDIB.ocx 10.9.3.0 in Black ...) NOT-FOR-US: Black Ice Barcode SDK CVE-2008-2684 (The BIDIB.BIDIBCtrl.1 ActiveX control in BIDIB.ocx 10.9.3.0 in Black ...) NOT-FOR-US: Black Ice Barcode SDK CVE-2008-2685 (SQL injection vulnerability in article.asp in Battle Blog 1.25 Build 4 ...) NOT-FOR-US: Battle Blog CVE-2008-2686 (webinc/bxe/scripts/loadsave.php in Flux CMS 1.5.0 and earlier allows ...) NOT-FOR-US: flux_cms CVE-2008-2687 (Directory traversal vulnerability in inc/config.php in ProManager 0.73 ...) NOT-FOR-US: ProManager CVE-2008-2688 (SQL injection vulnerability in pilot.asp in ASPilot Pilot Cart 7.3 ...) NOT-FOR-US: pilotcart pilot_cart CVE-2008-2689 (PHP remote file inclusion vulnerability in pub/clients.php in ...) NOT-FOR-US: BrowserCRM CVE-2008-2690 (Multiple PHP remote file inclusion vulnerabilities in BrowserCRM ...) NOT-FOR-US: BrowserCRM CVE-2008-2691 (SQL injection vulnerability in read.asp in JiRo's FAQ Manager ...) NOT-FOR-US: JiRO faq_manager_experience CVE-2008-2692 (SQL injection vulnerability in the yvComment (com_yvcomment) component ...) NOT-FOR-US: Joomla com_yvcomment CVE-2008-2693 (Stack-based buffer overflow in the BITIFF.BITiffCtrl.1 ActiveX control ...) NOT-FOR-US: black_ice barcode_sdk CVE-2008-2694 (Cross-site scripting (XSS) vulnerability in search.php in phpInv 0.8.0 ...) NOT-FOR-US: phpinv CVE-2008-2695 (Directory traversal vulnerability in entry.php in phpInv 0.8.0 allows ...) NOT-FOR-US: phpinv CVE-2008-2696 (Exiv2 0.16 allows user-assisted remote attackers to cause a denial of ...) BUG: 225485 CVE-2008-2697 (SQL injection vulnerability in the Rapid Recipe (com_rapidrecipe) ...) NOT-FOR-US: Joomla com_rapidrecipe CVE-2008-2698 (Multiple cross-site scripting (XSS) vulnerabilities in photo_add-c.php ...) NOT-FOR-US: web album webalbum CVE-2008-2699 (Multiple directory traversal vulnerabilities in Galatolo WebManager ...) NOT-FOR-US: gwm galatolo_webmanager CVE-2008-2700 (SQL injection vulnerability in view.php in Galatolo WebManager 1.0 and ...) NOT-FOR-US: gwm galatolo_webmanager CVE-2008-2701 (SQL injection vulnerability in the GameQ (com_gameq) component 4.0 and ...) NOT-FOR-US: Joomla com_gameq CVE-2008-2702 (Directory traversal vulnerability in the FTP client in ALTools ESTsoft ...) NOT-FOR-US: ESTSoft alftp CVE-2008-2703 (Multiple stack-based buffer overflows in Novell GroupWise Messenger ...) NOT-FOR-US: Novell GroupWise Messenger CVE-2008-2704 (Novell GroupWise Messenger (GWIM) before 2.0.3 Hot Patch 1 allows ...) NOT-FOR-US: Novell GroupWise Messenger CVE-2008-2705 (Unspecified vulnerability in Sun Java System Access Manager (AM) 7.1, ...) NOT-FOR-US: Sun Java System Access Manager AM CVE-2008-2706 (Unspecified vulnerability in the event port implementation in Sun ...) NOT-FOR-US: Sun Solaris CVE-2008-2707 (Unspecified vulnerability in the e1000g driver in Sun Solaris 10 and ...) NOT-FOR-US: Sun Solaris CVE-2008-2708 (Unspecified vulnerability in the Sun (1) UltraSPARC T2 and (2) ...) NOT-FOR-US: Sun Solaris CVE-2008-2709 (Buffer overflow in the BrSmRcvAndCheck function in the RCHMGR module ...) NOT-FOR-US: BrSmRcvAndCheck function in the RCHMGR module on IBM OS/400 V5R4M0, V5R4M5, and V6R1M0 CVE-2008-2710 (Integer signedness error in the ip_set_srcfilter function in the IP ...) NOT-FOR-US: kernel in Sun Solaris CVE-2008-2711 (fetchmail 6.3.8 and earlier, when running in -v -v (aka verbose) mode, ...) BUG: 227105 CVE-2008-2712 (Vim 7.1.314, 6.4, and other versions allows user-assisted remote ...) BUG: 227453 CVE-2008-2713 (libclamav/petite.c in ClamAV before 0.93.1 allows remote attackers to ...) BUG: 227351 CVE-2008-2714 (Opera before 9.26 allows remote attackers to misrepresent web page ...) BUG: 226079 CVE-2008-2715 (Unspecified vulnerability in Opera before 9.5 allows remote attackers ...) BUG: 226079 CVE-2008-2716 (Unspecified vulnerability in Opera before 9.5 allows remote attackers ...) BUG: 226079 CVE-2008-2717 (TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, ...) NOT-FOR-US: TYPO3 CVE-2008-2718 (Cross-site scripting (XSS) vulnerability in fe_adminlib.inc in TYPO3 ...) NOT-FOR-US: TYPO3 CVE-2008-2719 (Off-by-one error in the ppscan function (preproc.c) in Netwide ...) BUG: 227773 CVE-2008-2720 (Cross-site scripting (XSS) vulnerability in Menalto Gallery before ...) BUG: 226059 CVE-2008-2721 (Unspecified vulnerability in the album-select module in Menalto ...) BUG: 226059 CVE-2008-2722 (Menalto Gallery before 2.2.5 allows remote attackers to bypass ...) BUG: 226059 CVE-2008-2723 (embed.php in Menalto Gallery before 2.2.5 allows remote attackers to ...) BUG: 226059 CVE-2008-2724 (Menalto Gallery before 2.2.5 does not enforce permissions for ...) BUG: 226059 CVE-2008-2725 (Integer overflow in the (1) rb_ary_splice function in Ruby 1.8.4 and ...) BUG: 225465 CVE-2008-2726 (Integer overflow in the (1) rb_ary_splice function in Ruby 1.8.4 and ...) BUG: 225465 CVE-2008-2727 REJECTED CVE-2008-2728 REJECTED CVE-2008-2729 (arch/x86_64/lib/copy_user.S in the Linux kernel before 2.6.19 on some ...) BUG: 230583 CVE-2008-2730 (The Real-Time Information Server (RIS) Data Collector service in Cisco ...) NOT-FOR-US: Cisco Unified CallManager CVE-2008-2731 RESERVED CVE-2008-2732 (Multiple unspecified vulnerabilities in the SIP inspection ...) NOT-FOR-US: cisco pix CVE-2008-2733 (Cisco PIX and Adaptive Security Appliance (ASA) 5500 devices 7.2 ...) NOT-FOR-US: cisco pix CVE-2008-2734 (Memory leak in the crypto functionality in Cisco Adaptive Security ...) NOT-FOR-US: cisco adaptive_security_appliance_5500 CVE-2008-2735 (The HTTP server in Cisco Adaptive Security Appliance (ASA) 5500 ...) NOT-FOR-US: cisco adaptive_security_appliance_5500 CVE-2008-2736 (Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) ...) NOT-FOR-US: cisco adaptive_security_appliance_5500 CVE-2008-2737 REJECTED CVE-2008-2738 RESERVED CVE-2008-2739 (The SERVICE.DNS signature engine in the Intrusion Prevention System ...) NOT-FOR-US: Intrusion Prevention System IPS in Cisco IOS CVE-2008-2740 RESERVED CVE-2008-2741 RESERVED CVE-2008-2742 (Unrestricted file upload in the mcpuk file editor ...) NOT-FOR-US: Achievo CVE-2008-2743 (Cross-site scripting (XSS) vulnerability in the embedded web server in ...) NOT-FOR-US: xerox_4595 CVE-2008-2744 (Cross-site scripting (XSS) vulnerability in vBulletin 3.6.10 and 3.7.1 ...) NOT-FOR-US: vbulletin CVE-2008-2745 (Stack-based buffer overflow in BiAnno ActiveX Control (BiAnno.ocx) in ...) NOT-FOR-US: black_ice annotation_software CVE-2008-2746 (SQL injection vulnerability in login.php in Gryphon gllcTS2 4.2.4 ...) NOT-FOR-US: Gryphon gllcts2 CVE-2008-2747 (No-IP Dynamic Update Client (DUC) 2.2.1 on Windows uses weak ...) NOT-FOR-US: no ip dynamic_update_client CVE-2008-2748 (Skulltag 0.97d2-RC2 and earlier allows remote attackers to cause a ...) NOT-FOR-US: Skulltag Team Skulltag CVE-2008-2749 (Unspecified vulnerability in cshttpd in Sun Java System Calendar ...) NOT-FOR-US: cshttpd in Sun Java System Calendar Server CVE-2008-2750 (The pppol2tp_recvmsg function in drivers/net/pppol2tp.c in the Linux ...) BUG: 228247 CVE-2008-2751 (Multiple cross-site scripting (XSS) vulnerabilities in the Glassfish ...) NOT-FOR-US: Glassfish webadmin interface in Sun Java System Application Server CVE-2008-2752 (Microsoft Word 2000 9.0.2812 and 2003 11.8106.8172 does not properly ...) NOT-FOR-US: Microsoft Word CVE-2008-2753 (Multiple SQL injection vulnerabilities in Pooya Site Builder (PSB) 6.0 ...) NOT-FOR-US: Pooya Site Builder PSB CVE-2008-2754 (SQL injection vulnerability in toplists.php in eFiction 3.0 and 3.4.3, ...) NOT-FOR-US: eFiction CVE-2008-2755 (SQL injection vulnerability in index.php in JAMM CMS allows remote ...) NOT-FOR-US: JAMM CVE-2008-2756 (Cross-site scripting (XSS) vulnerability in admin/users.asp in Xigla ...) NOT-FOR-US: Xigla Absolute Control Panel XE CVE-2008-2757 (SQL injection vulnerability in search.asp in Xigla Absolute News ...) NOT-FOR-US: Xigla Absolute News Manager XE CVE-2008-2758 (Multiple cross-site scripting (XSS) vulnerabilities in Xigla Absolute ...) NOT-FOR-US: Xigla Absolute News Manager XE CVE-2008-2759 (Multiple cross-site scripting (XSS) vulnerabilities in Xigla Absolute ...) NOT-FOR-US: Xigla Absolute Form Processor XE CVE-2008-2760 (SQL injection vulnerability in searchbanners.asp in Xigla Absolute ...) NOT-FOR-US: Xigla Absolute Banner Manager XE CVE-2008-2761 (Multiple cross-site scripting (XSS) vulnerabilities in Xigla Absolute ...) NOT-FOR-US: Xigla Absolute Banner Manager XE CVE-2008-2762 (SQL injection vulnerability in search.asp in Xigla Absolute Form ...) NOT-FOR-US: Xigla Absolute Form Processor XE CVE-2008-2763 (SQL injection vulnerability in search.asp in Xigla Absolute Live ...) NOT-FOR-US: Xigla Absolute Live Support XE CVE-2008-2764 (Cross-site scripting (XSS) vulnerability in admin/search.asp in Xigla ...) NOT-FOR-US: Xigla Absolute Live Support XE CVE-2008-2765 (SQL injection vulnerability in gallery.asp in Xigla Absolute Image ...) NOT-FOR-US: Xigla CVE-2008-2766 (Cross-site scripting (XSS) vulnerability in Xigla Absolute Image ...) NOT-FOR-US: Xigla CVE-2008-2767 (SQL injection vulnerability in search.asp in Xigla Poll Manager XE ...) NOT-FOR-US: Xigla CVE-2008-2768 (Cross-site scripting (XSS) vulnerability in admin/search.asp in Xigla ...) NOT-FOR-US: Xigla CVE-2008-2769 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Simple Machines phpRaider CVE-2008-2770 (SQL injection vulnerability in index.php in MycroCMS 0.5, when ...) NOT-FOR-US: MycroCMS CVE-2008-2771 (The Node Hierarchy module 5.x before 5.x-1.1 and 6.x before 6.x-1.0 ...) NOT-FOR-US: Drupal Node Hierarchy module CVE-2008-2772 (The Magic Tabs module 5.x before 5.x-1.1 for Drupal allows remote ...) NOT-FOR-US: Magic Tabs CVE-2008-2773 (Cross-site scripting (XSS) vulnerability in the Taxonomy Image module ...) NOT-FOR-US: Taxonomy Image module CVE-2008-2774 (SQL injection vulnerability in item.php in CartKeeper CKGold Shopping ...) NOT-FOR-US: CartKeeper CKGold Shopping Cart CVE-2008-2775 (SQL injection vulnerability in search.asp in DT Centrepiece 4.0 allows ...) NOT-FOR-US: DT Centrepiece CVE-2008-2776 (Cross-site scripting (XSS) vulnerability in search.asp in DT ...) NOT-FOR-US: DT Centrepiece CVE-2008-2777 (Cross-site scripting (XSS) vulnerability in Ortro before 1.3.1 allows ...) NOT-FOR-US: Ortro CVE-2008-2778 (SQL injection vulnerability in inc/class_search.php in the Search ...) NOT-FOR-US: Search System in RevokeBB CVE-2008-2779 (Directory traversal vulnerability in GlobalSCAPE CuteFTP Home 8.2.0 ...) NOT-FOR-US: GlobalSCAPE CuteFTP Home CVE-2008-2780 (The Anubis (aka Anubis+Ripe160) plugin before 1.3 for encrypt stores ...) NOT-FOR-US: encrypt CVE-2008-2781 (SQL injection vulnerability in index.php in DZOIC Handshakes 3.5 ...) NOT-FOR-US: DZOIC Handshakes CVE-2008-2782 (Multiple directory traversal vulnerabilities in OtomiGenX 2.2 allow ...) NOT-FOR-US: OtomiGenX CVE-2008-2783 (Multiple cross-site scripting (XSS) vulnerabilities in Horde ...) BUG: 228493 CVE-2008-2784 (The smtp_filter function in spamdyke before 3.1.8 does not filter RCPT ...) BUG: 223157 CVE-2008-2785 (Mozilla Firefox before 2.0.0.16 and 3.x before 3.0.1, Thunderbird ...) BUG: 228495 BUG: 231975 CVE-2008-2786 (Buffer overflow in Firefox 3.0 and 2.0.x has unknown impact and attack ...) BUG: 246001 CVE-2008-2787 (Cross-site scripting (XSS) vulnerability in out.php in OpenDocMan ...) NOT-FOR-US: OpenDocMan CVE-2008-2788 (Cross-site scripting (XSS) vulnerability in index.php in OpenDocMan ...) NOT-FOR-US: OpenDocMan CVE-2008-2789 (SQL injection vulnerability in pages/index.php in BASIC-CMS allows ...) NOT-FOR-US: basic cms CVE-2008-2790 (SQL injection vulnerability in detail.php in MountainGrafix easyTrade ...) NOT-FOR-US: MountainGrafix easyTrade CVE-2008-2791 (SQL injection vulnerability in product.detail.php in Kalptaru Infotech ...) NOT-FOR-US: Kalptaru Infotech Comparison Engine Power Script CVE-2008-2792 (SQL injection vulnerability in index.php in eroCMS 1.4 and earlier ...) NOT-FOR-US: erocms CVE-2008-2793 (SQL injection vulnerability in group_posts.php in ClipShare before ...) NOT-FOR-US: Clip Share ClipShare CVE-2008-2794 (Unspecified vulnerability in the GUI in Symantec Altiris Notification ...) NOT-FOR-US: Symantec Altiris Notification Server CVE-2008-2795 (Directory traversal vulnerability in the FTP and SFTP clients in IDM ...) NOT-FOR-US: IDM Computer Solutions Inc UltraEdit CVE-2008-2796 (SQL injection vulnerability in index.php in FreeCMS 0.2 allows remote ...) NOT-FOR-US: FreeCMS us FreeCMS CVE-2008-2797 (Cross-site scripting (XSS) vulnerability in MainLayout.do in ...) NOT-FOR-US: ManageEngine OpUtils CVE-2008-2798 (Multiple unspecified vulnerabilities in Mozilla Firefox before ...) BUG: 230567 CVE-2008-2799 (Multiple unspecified vulnerabilities in Mozilla Firefox before ...) BUG: 230567 CVE-2008-2800 (Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 allow ...) BUG: 230567 CVE-2008-2801 (Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not ...) BUG: 230567 CVE-2008-2802 (Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and ...) BUG: 230567 CVE-2008-2803 (The mozIJSSubScriptLoader.LoadScript function in Mozilla Firefox ...) BUG: 230567 CVE-2008-2804 REJECTED CVE-2008-2805 (Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 allow ...) BUG: 230567 CVE-2008-2806 (Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 on Mac OS ...) NOTE: OSX only CVE-2008-2807 (Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not ...) BUG: 230567 CVE-2008-2808 (Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not ...) BUG: 230567 CVE-2008-2809 (Mozilla 1.9 M8 and earlier, Mozilla Firefox 2 before 2.0.0.15, ...) BUG: 230567 CVE-2008-2810 (Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not ...) BUG: 230567 CVE-2008-2811 (The block reflow implementation in Mozilla Firefox before 2.0.0.15, ...) BUG: 230567 CVE-2008-2812 (The Linux kernel before 2.6.25.10 does not properly perform tty ...) BUG: 231341 CVE-2008-2813 (Directory traversal vulnerability in index.php in WallCity-Server ...) NOT-FOR-US: shoutcastadmin wallcity server_shoutcast_admin_panel CVE-2008-2814 (Cross-site scripting (XSS) vulnerability in WallCity-Server Shoutcast ...) NOT-FOR-US: shoutcastadmin wallcity server_shoutcast_admin_panel CVE-2008-2815 (SQL injection vulnerability in shopping/index.php in MyMarket 1.72 ...) NOT-FOR-US: mymarket CVE-2008-2816 (SQL injection vulnerability in post.php in Oxygen (aka O2PHP Bulletin ...) NOT-FOR-US: o2php oxygen CVE-2008-2817 (SQL injection vulnerability in albums.php in NiTrO Web Gallery 1.4.3 ...) NOT-FOR-US: nitropowered nitro_web_gallery CVE-2008-2818 (Directory traversal vulnerability in Easy-Clanpage 3.0 b1 allows ...) NOT-FOR-US: Easy Clanpage CVE-2008-2819 (SQL injection vulnerability in BlognPlus (BURO GUN +) 2.5.4 and ...) NOT-FOR-US: blognplus CVE-2008-2820 (Directory traversal vulnerability in lang/lang-system.php in Open ...) NOT-FOR-US: open_azimyt_cms CVE-2008-2821 (Directory traversal vulnerability in the FTP client in Glub Tech ...) NOT-FOR-US: glub secure_ftp CVE-2008-2822 (Multiple directory traversal vulnerabilities in the FTP client in ...) NOT-FOR-US: 3dftp 3d ftp_client CVE-2008-2823 (SQL injection vulnerability in newsarchive.php in PHPeasyblog ...) NOT-FOR-US: phpeasynews phpeasyblog CVE-2008-2824 (Unspecified vulnerability in the Extensible Interface Platform in Web ...) NOT-FOR-US: Xerox WorkCentre CVE-2008-2825 (Cross-site scripting (XSS) vulnerability in the embedded Web Server in ...) NOT-FOR-US: Xerox CVE-2008-2826 (Integer overflow in the sctp_getsockopt_local_addrs_old function in ...) BUG: 230585 CVE-2008-2827 (The rmtree function in lib/File/Path.pm in Perl 5.10 does not properly ...) NOTE: This affects Perl 5.10 only, which is not in the tree yet. NOTE: Left a note at the version bump bug, #206455 CVE-2008-2828 (Stack-based buffer overflow in tmsnc allows remote attackers to cause ...) BUG: 229157 CVE-2008-2829 (php_imap.c in PHP 5.2.5, 5.2.6, 4.x, and other versions, uses obsolete ...) BUG: 221969 CVE-2008-2830 (Open Scripting Architecture in Apple Mac OS X 10.4.11 and 10.5.4, and ...) NOT-FOR-US: Apple Mac OS X CVE-2008-2831 (Multiple cross-site scripting (XSS) vulnerabilities in the delegated ...) NOT-FOR-US: MailMarshal SMTP CVE-2008-2832 (Unrestricted file upload vulnerability in calendar_admin.asp in Full ...) NOT-FOR-US: fullrevolution aspwebcalendar2008 CVE-2008-2833 (admin/upload.php in le.cms 1.4 and earlier allows remote attackers to ...) NOT-FOR-US: worldlevel le cms CVE-2008-2834 (SQL injection vulnerability in projects.php in Scientific Image ...) NOT-FOR-US: sidb scientific_image_database CVE-2008-2835 (SQL injection vulnerability in cgi-bin/igsuite in IGSuite 3.2.4 allows ...) NOT-FOR-US: igsuite CVE-2008-2836 (PHP remote file inclusion vulnerability in send_reminders.php in ...) NOT-FOR-US: k5n WebCalendar CVE-2008-2837 (SQL injection vulnerability in index.php in CMS-BRD allows remote ...) NOT-FOR-US: cms brdconcept cms brd CVE-2008-2838 (Directory traversal vulnerability in index.php in Traindepot 0.1 ...) NOT-FOR-US: traindepot CVE-2008-2839 (Cross-site scripting (XSS) vulnerability in the search module in ...) NOT-FOR-US: traindepot CVE-2008-2840 (Multiple directory traversal vulnerabilities in Exero CMS 1.0.0 and ...) NOT-FOR-US: exerocms exero_cms CVE-2008-2841 (Argument injection vulnerability in XChat 2.8.7b and earlier on ...) NOT-FOR-US: XChat on Windows CVE-2008-2842 (Cross-site scripting (XSS) vulnerability in edit/showmedia.asp in ...) NOT-FOR-US: doitlive cms CVE-2008-2843 (Multiple SQL injection vulnerabilities in doITLive CMS 2.50 and ...) NOT-FOR-US: doitlive cms CVE-2008-2844 (SQL injection vulnerability in index.php in Carscripts Classifieds ...) NOT-FOR-US: carscripts_classifieds CVE-2008-2845 (SQL injection vulnerability in index.php in MyBizz-Classifieds allows ...) NOT-FOR-US: mybizz classifieds CVE-2008-2846 (SQL injection vulnerability in index.php in BoatScripts Classifieds ...) NOT-FOR-US: boatscripts_classifieds CVE-2008-2847 (SQL injection vulnerability in the Trade module in Maxtrade AIO 1.3.23 ...) NOT-FOR-US: softdivision maxtrade_aoi CVE-2008-2848 (Cross-site scripting (XSS) vulnerability in the search functionality ...) NOT-FOR-US: Mindtouch DekiWiki CVE-2008-2849 (Cross-site scripting (XSS) vulnerability in the TrailScout module 5.x ...) NOT-FOR-US: Drupal trailscout_module CVE-2008-2850 (SQL injection vulnerability in the TrailScout module 5.x before ...) NOT-FOR-US: Drupal trailscout_module CVE-2008-2851 (Multiple buffer overflows in OFF System before 0.19.14 allow remote ...) NOT-FOR-US: offsystem CVE-2008-2852 (Cross-site scripting (XSS) vulnerability in CGIWrap before 4.1, when ...) NOT-FOR-US: Nathan Neulinger CGIWrap CVE-2008-2853 (SQL injection vulnerability in index.php in Easy Webstore 1.2 allows ...) NOT-FOR-US: easy_webstore CVE-2008-2854 (Multiple PHP remote file inclusion vulnerabilities in Orlando CMS 0.6 ...) NOT-FOR-US: orlando_cms CVE-2008-2855 (Cross-site scripting (XSS) vulnerability in clanek.php in OwnRS Beta 3 ...) NOT-FOR-US: ownrs CVE-2008-2856 (SQL injection vulnerability in clanek.php in OwnRS Beta 3 allows ...) NOT-FOR-US: ownrs CVE-2008-2857 (AlstraSoft AskMe Pro 2.1 and earlier stores passwords in cleartext in ...) NOT-FOR-US: AlstraSoft AskMe Pro CVE-2008-2858 (SQL injection vulnerability in index.php in WebChamado 1.1 allows ...) NOT-FOR-US: webchamado CVE-2008-2859 (Unspecified vulnerability in the IMAP service in NetWin SurgeMail ...) NOT-FOR-US: NetWin SurgeMail CVE-2008-2860 (SQL injection vulnerability in category.php in AJSquare AJ Auction Pro ...) NOT-FOR-US: AJ Square aj_auction CVE-2008-2861 (Multiple cross-site scripting (XSS) vulnerabilities in eLineStudio ...) NOT-FOR-US: elinestudio site_composer CVE-2008-2862 (Multiple SQL injection vulnerabilities in eLineStudio Site Composer ...) NOT-FOR-US: elinestudio site_composer CVE-2008-2863 (Multiple absolute path traversal vulnerabilities in eLineStudio Site ...) NOT-FOR-US: elinestudio site_composer CVE-2008-2864 (eLineStudio Site Composer (ESC) 2.6 and earlier allows remote ...) NOT-FOR-US: elinestudio site_composer CVE-2008-2865 (SQL injection vulnerability in index.php in Kalptaru Infotech PHP Site ...) NOT-FOR-US: Kalptaru Infotech php_site_lock CVE-2008-2866 (SQL injection vulnerability in csc_article_details.php in Caupo.net ...) NOT-FOR-US: Caupo net cauposhop_classic CVE-2008-2867 (SQL injection vulnerability in adclick.php in E-topbiz Viral DX 1 2.07 ...) NOT-FOR-US: e topbiz viral_dx_1 CVE-2008-2868 (SQL injection vulnerability in detail.asp in DUware DUcalendar 1.0 and ...) NOT-FOR-US: DUware DUcalendar CVE-2008-2869 (SQL injection vulnerability in out.php in E-topbiz Link ADS 1 allows ...) NOT-FOR-US: e topbiz link_ads_1 CVE-2008-2870 (Multiple SQL injection vulnerabilities in ShareCMS 0.1 Beta allow ...) NOT-FOR-US: sharecms CVE-2008-2871 (Multiple cross-site scripting (XSS) vulnerabilities in template2.php ...) NOT-FOR-US: PEGames CVE-2008-2872 (SQL injection vulnerability in default.asp in sHibby sHop 2.2 and ...) NOT-FOR-US: Aspindir shibby_shop CVE-2008-2873 (sHibby sHop 2.2 and earlier stores sensitive information under the web ...) NOT-FOR-US: Aspindir shibby_shop CVE-2008-2874 (SQL injection vulnerability in index.php in Softbiz Jokes & Funny Pics ...) NOT-FOR-US: softbizscripts softbiz_jokes_and_funny_pics_script CVE-2008-2875 (SQL injection vulnerability in index.php in Webdevindo-CMS 1.0.0 ...) NOT-FOR-US: webdevindo cms CVE-2008-2876 (Directory traversal vulnerability in index.php in mUnky 0.0.1 allows ...) NOT-FOR-US: munky CVE-2008-2877 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: cmsworks CVE-2008-2878 (Open redirect vulnerability in rss_getfile.php in Academic Web Tools ...) NOT-FOR-US: yektaweb academic_web_tools CVE-2008-2879 (Benja CMS 0.1 does not require authentication for access to admin/, ...) NOT-FOR-US: benjacms benja_cms CVE-2008-2880 (Heap-based buffer overflow in the IBM AFP Viewer Plug-in 2.0.7.1 and ...) NOT-FOR-US: IBM afp_viewer_plug in CVE-2008-2881 (Relative Real Estate Systems 3.0 and earlier stores passwords in ...) NOT-FOR-US: relative_real_estate_systems CVE-2008-2882 (upgrade.asp in sHibby sHop 2.2 and earlier does not require ...) NOT-FOR-US: Aspindir shibby_shop CVE-2008-2883 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Jamroom CVE-2008-2884 (PHP remote file inclusion vulnerability in display.php in ...) NOT-FOR-US: rss_aggregator CVE-2008-2885 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: odars CVE-2008-2886 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Jamroom CVE-2008-2887 (Directory traversal vulnerability in index.php in chaozz@work ...) NOT-FOR-US: chaozzatwork fubarforum CVE-2008-2888 (Multiple PHP remote file inclusion vulnerabilities in MiGCMS 2.0.5, ...) NOT-FOR-US: migcms CVE-2008-2889 (Directory traversal vulnerability in the FTP client in AceBIT WISE-FTP ...) NOT-FOR-US: wise ftp CVE-2008-2890 (Multiple SQL injection vulnerabilities in Online Fantasy Football ...) NOT-FOR-US: offl online_fantasy_football_league CVE-2008-2891 (SQL injection vulnerability in index.php in eMuSOFT emuCMS 0.3 allows ...) NOT-FOR-US: eMuSOFT emuCMS CVE-2008-2892 (SQL injection vulnerability in the EXP Shop (com_expshop) component ...) NOT-FOR-US: feellove exp_shop_component CVE-2008-2893 (SQL injection vulnerability in news.php in AJ Square aj-hyip (aka AJ ...) NOT-FOR-US: ajhyip aj_square_aj hyip CVE-2008-2894 (Directory traversal vulnerability in the FTP client in NCH Software ...) NOT-FOR-US: NCH Software nch_software_classic_ftp CVE-2008-2895 (Directory traversal vulnerability in index.php in AproxEngine 5.1.0.4 ...) NOT-FOR-US: aproxengine CVE-2008-2896 (Directory traversal vulnerability in index.php in FireAnt 1.3 allows ...) NOT-FOR-US: getfireant fireant CVE-2008-2897 (SQL injection vulnerability in index.php in PageSquid CMS 0.3 Beta ...) NOT-FOR-US: pagesquid_cms CVE-2008-2898 (Directory traversal vulnerability in includes/header.php in ...) NOT-FOR-US: hedgehog cms CVE-2008-2899 (Unspecified vulnerability in includes/classes/page.php in j00lean-CMS ...) NOT-FOR-US: j00lean cms CVE-2008-2900 (SQL injection vulnerability in item.php in PHPAuction 3.2 allows ...) NOT-FOR-US: PHPauction CVE-2008-2901 (Multiple SQL injection vulnerabilities in Haudenschilt Family ...) NOT-FOR-US: Haudenschilt family_connections_cms CVE-2008-2902 (SQL injection vulnerability in profile.php in AlstraSoft AskMe Pro 2.1 ...) NOT-FOR-US: AlstraSoft AskMe Pro CVE-2008-2903 (SQL injection vulnerability in news.php in Advanced Webhost Billing ...) NOT-FOR-US: awbs advanced_webhost_billing_system CVE-2008-2904 (SQL injection vulnerability in shop.php in Conkurent PHPMyCart allows ...) NOT-FOR-US: phpmycart CVE-2008-2905 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: mambo foundation mambo CVE-2008-2906 (SQL injection vulnerability in lista_anexos.php in WebChamado 1.1 ...) NOT-FOR-US: webchamado CVE-2008-2907 (SQL injection vulnerability in admin/index.php in WebChamado 1.1, when ...) NOT-FOR-US: webchamado CVE-2008-2908 (Multiple stack-based buffer overflows in a certain ActiveX control in ...) NOT-FOR-US: Novell iPrint Client CVE-2008-2909 (SQL injection vulnerability in results.php in Clever Copy 3.0 allows ...) NOT-FOR-US: Clever Copy CVE-2008-2910 (Buffer overflow in the DXTTextOutEffect ActiveX control (aka the ...) NOT-FOR-US: muvee autoproducer CVE-2008-2911 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) NOT-FOR-US: Contenido Contendio CVE-2008-2912 (Multiple PHP remote file inclusion vulnerabilities in Contenido CMS ...) NOT-FOR-US: Contenido_cms CVE-2008-2913 (Directory traversal vulnerability in func.php in Devalcms 1.4a, when ...) NOT-FOR-US: devalcms CVE-2008-2914 (SQL injection vulnerability in jobseekers/JobSearch3.php (aka the ...) NOT-FOR-US: preprojects php_jobwebsite_pro CVE-2008-2915 (Multiple SQL injection vulnerabilities in jobseekers/JobSearch.php ...) NOT-FOR-US: preprojects pre_job_board CVE-2008-2916 (Multiple SQL injection vulnerabilities in Pre ADS Portal 2.0 and ...) NOT-FOR-US: preprojects pre_ads_portal CVE-2008-2917 (SQL injection vulnerability in productsofcat.asp in E-SMART CART ...) NOT-FOR-US: preprojects e smart_cart CVE-2008-2918 (SQL injection vulnerability in details.php in Application Dynamics ...) NOT-FOR-US: cartweaver CVE-2008-2919 (SQL injection vulnerability in listing.php in Gryphon gllcTS2 4.2.4 ...) NOT-FOR-US: gryphonllc gryphon_gllcts2 CVE-2008-2920 (admin/filemanager/ (aka the File Manager) in EZTechhelp EZCMS 1.2 and ...) NOT-FOR-US: eztechhelp_ezcms CVE-2008-2921 (SQL injection vulnerability in index.php in EZTechhelp EZCMS 1.2 and ...) NOT-FOR-US: EZTechhelp Company EZCMS CVE-2008-2922 (Stack-based buffer overflow in artegic Dana IRC client 1.3 and earlier ...) NOT-FOR-US: t0pP8uZz Dana IRC Client CVE-2008-2923 (Cross-site scripting (XSS) vulnerability in read/search/results in ...) NOT-FOR-US: Lyris List Manager CVE-2008-2924 (Cross-site scripting (XSS) vulnerability in Webmatic before 2.8 allows ...) NOT-FOR-US: Valarsoft WebMatic CVE-2008-2925 (SQL injection vulnerability in Webmatic before 2.8 allows remote ...) NOT-FOR-US: Valarsoft WebMatic CVE-2008-2926 (The kmxfw.sys driver in CA Host-Based Intrusion Prevention System ...) NOT-FOR-US: CA personal_firewall_2007 CVE-2008-2927 (Multiple integer overflows in the msn_slplink_process_msg functions in ...) BUG: 230045 CVE-2008-2928 (Multiple buffer overflows in the adminutil library in CGI applications ...) NOT-FOR-US: redhat Directory Server CVE-2008-2929 (Multiple cross-site scripting (XSS) vulnerabilities in the adminutil ...) NOT-FOR-US: redhat Directory Server CVE-2008-2930 (Red Hat Directory Server 7.1 before SP7, Red Hat Directory Server 8, ...) NOT-FOR-US: redhat Directory Server CVE-2008-2931 (The do_change_type function in fs/namespace.c in the Linux kernel ...) BUG: 231346 CVE-2008-2932 (Heap-based buffer overflow in Red Hat adminutil 1.1.6 allows remote ...) NOT-FOR-US: adminutil CVE-2008-2933 (Mozilla Firefox before 2.0.0.16, and 3.x before 3.0.1, interprets '|' ...) BUG: 231975 CVE-2008-2934 (Mozilla Firefox 3 before 3.0.1 on Mac OS X allows remote attackers to ...) NOTE: OSX only, apparantly CVE-2008-2935 (Multiple heap-based buffer overflows in the rc4 (1) encryption (aka ...) BUG: 232172 CVE-2008-2936 (Postfix before 2.3.15, 2.4 before 2.4.8, 2.5 before 2.5.4, and 2.6 ...) BUG: 232642 CVE-2008-2937 (Postfix 2.5 before 2.5.4 and 2.6 before 2.6-20080814 delivers to a ...) BUG: 232642 CVE-2008-2938 (Directory traversal vulnerability in Apache Tomcat 4.1.0 through ...) BUG: 225477 CVE-2008-2939 (Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the ...) BUG: 234088 CVE-2008-2940 (The alert-mailing implementation in HP Linux Imaging and Printing ...) BUG: 233959 CVE-2008-2941 (The hpssd message parser in hpssd.py in HP Linux Imaging and Printing ...) BUG: 233959 CVE-2008-2942 (Directory traversal vulnerability in patch.py in Mercurial 1.0.1 ...) BUG: 230193 CVE-2008-2943 (Double free vulnerability in IBM Tivoli Directory Server (TDS) 6.1.0.0 ...) NOT-FOR-US: IBM Tivoli Directory Server CVE-2008-2944 (Double free vulnerability in the utrace support in the Linux kernel, ...) NOT-FOR-US: Red Hat fedora core CVE-2008-2945 (Sun Java System Access Manager 6.3 through 7.1 and Sun Java System ...) NOT-FOR-US: Sun java_system_identity_server CVE-2008-2946 (The SNMP-DMI mapper subagent daemon (aka snmpXdmid) in Solstice ...) NOT-FOR-US: Sun Solaris CVE-2008-2947 (Cross-domain vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2008-2948 (Cross-domain vulnerability in Microsoft Internet Explorer 7 and 8 ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2008-2949 (Cross-domain vulnerability in Microsoft Internet Explorer 6 and 7 ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2008-2950 (The Page destructor in Page.cc in libpoppler in Poppler 0.8.4 and ...) BUG: 229931 CVE-2008-2951 (Open redirect vulnerability in the search script in Trac before 0.10.5 ...) BUG: 233175 CVE-2008-2952 (liblber/io.c in OpenLDAP 2.2.4 to 2.4.10 allows remote attackers to ...) BUG: 230269 CVE-2008-2953 (Linux DC++ (linuxdcpp) before 0.707 allows remote attackers to cause a ...) BUG: 230075 CVE-2008-2954 (client/NmdcHub.cpp in Linux DC++ (linuxdcpp) before 0.707 allows ...) BUG: 230075 CVE-2008-2955 (Pidgin 2.4.1 allows remote attackers to cause a denial of service ...) BUG: 230045 CVE-2008-2956 (Memory leak in Pidgin 2.0.0, and possibly other versions, allows ...) BUG: 230045 CVE-2008-2957 (The UPnP functionality in Pidgin 2.0.0, and possibly other versions, ...) BUG: 230045 CVE-2008-2958 (Race condition in (1) checkinstall 1.6.1 and (2) installwatch allows ...) NOT-FOR-US: checkinstall CVE-2008-2959 (Buffer overflow in a certain ActiveX control (vb6skit.dll) in ...) NOT-FOR-US: Microsoft Visual Basic Enterprise Edition CVE-2008-2960 (Cross-site scripting (XSS) vulnerability in phpMyAdmin before 2.11.7, ...) BUG: 229095 CVE-2008-2961 (Multiple directory traversal vulnerabilities in view/index.php in CMS ...) NOT-FOR-US: cmsmini cms_mini CVE-2008-2962 (Multiple cross-site scripting (XSS) vulnerabilities in MyBlog allow ...) NOT-FOR-US: MyBlog CVE-2008-2963 (Multiple SQL injection vulnerabilities in MyBlog allow remote ...) NOT-FOR-US: MyBlog CVE-2008-2964 (SQL injection vulnerability in guide.php in ResearchGuide 0.5 allows ...) NOT-FOR-US: researchguide CVE-2008-2965 (Cross-site scripting (XSS) vulnerability in viewforum.php in ...) NOT-FOR-US: jaxbot jaxultrabb CVE-2008-2966 (Directory traversal vulnerability in viewprofile.php in JaxUltraBB 2.0 ...) NOT-FOR-US: JaxUltraBB CVE-2008-2967 (Multiple cross-site scripting (XSS) vulnerabilities in Academic Web ...) NOT-FOR-US: Academic Web Tools AWT YEKTA CVE-2008-2968 (SQL injection vulnerability in rating.php in Academic Web Tools (AWT ...) NOT-FOR-US: Academic Web Tools AWT YEKTA CVE-2008-2969 (Directory traversal vulnerability in download.php in Academic Web ...) NOT-FOR-US: Academic Web Tools AWT YEKTA CVE-2008-2970 (Multiple session fixation vulnerabilities in Academic Web Tools (AWT ...) NOT-FOR-US: Academic Web Tools AWT YEKTA CVE-2008-2971 (SQL injection vulnerability in links-extern.php in CiBlog 3.1 allows ...) NOT-FOR-US: CiBlog CVE-2008-2972 (SQL injection vulnerability in index.php in KbLance allows remote ...) NOT-FOR-US: KbLance CVE-2008-2973 (Multiple cross-site scripting (XSS) vulnerabilities in chathead.php in ...) NOT-FOR-US: MM Chat CVE-2008-2974 (Directory traversal vulnerability in chatconfig.php in MM Chat 1.5, ...) NOT-FOR-US: MM Chat CVE-2008-2975 (Cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: TinX cms CVE-2008-2976 (Multiple directory traversal vulnerabilities in TinX/cms 1.1, when ...) NOT-FOR-US: TinX cms CVE-2008-2977 (Multiple PHP remote file inclusion vulnerabilities in Ourvideo CMS 9.5 ...) NOT-FOR-US: Ourvideo CMS CVE-2008-2978 (Directory traversal vulnerability in phpi/rss.php in Ourvideo CMS 9.5, ...) NOT-FOR-US: Ourvideo CMS CVE-2008-2979 (Multiple cross-site scripting (XSS) vulnerabilities in phpi/login.php ...) NOT-FOR-US: Ourvideo CMS CVE-2008-2980 (Multiple cross-site scripting (XSS) vulnerabilities in HomePH Design ...) NOT-FOR-US: HomePH Design CVE-2008-2981 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: HomePH Design CVE-2008-2982 (Multiple directory traversal vulnerabilities in HomePH Design 2.10 ...) NOT-FOR-US: HomePH Design CVE-2008-2983 (SQL injection vulnerability in index.php in Demo4 CMS 01 Beta allows ...) NOT-FOR-US: Demo4 CVE-2008-2984 (Cross-site scripting (XSS) vulnerability in backend/umleitung.php in ...) NOT-FOR-US: CMReams CMS CVE-2008-2985 (Directory traversal vulnerability in load_language.php in CMReams CMS ...) NOT-FOR-US: CMReams CMS CVE-2008-2986 (Multiple PHP remote file inclusion vulnerabilities in phpDMCA 1.0.0 ...) NOT-FOR-US: phpDMCA CVE-2008-2987 (Multiple cross-site scripting (XSS) vulnerabilities in Benja CMS 0.1 ...) NOT-FOR-US: Benja CMS CVE-2008-2988 (Unrestricted file upload vulnerability in admin/upload.php in Benja ...) NOT-FOR-US: Benja CMS CVE-2008-2989 (SQL injection vulnerability in index.php in HoMaP-CMS 0.1 allows ...) NOT-FOR-US: HoMaP CMS CVE-2008-2990 (PHP remote file inclusion vulnerability in facileforms.frame.php in ...) NOT-FOR-US: FacileForms com_facileforms component CVE-2008-2991 (Cross-site scripting (XSS) vulnerability in Adobe RoboHelp Server 6 ...) NOT-FOR-US: Adobe RoboHelp Server CVE-2008-2992 (Stack-based buffer overflow in Adobe Acrobat and Reader 8.1.2 and ...) BUG: 225483 CVE-2008-2993 (Multiple directory traversal vulnerabilities in index.php in FOG Forum ...) NOT-FOR-US: FOG Forum CVE-2008-2994 (Multiple cross-site scripting (XSS) vulnerabilities in PHPEasyData ...) NOT-FOR-US: PHPEasyData CVE-2008-2995 (Multiple SQL injection vulnerabilities in PHPEasyData 1.5.4 allow ...) NOT-FOR-US: PHPEasyData CVE-2008-2996 (Multiple SQL injection vulnerabilities in index.php in Gravity Board X ...) NOT-FOR-US: Gravity Board X GBX CVE-2008-2997 (Cross-site scripting (XSS) vulnerability in index.php in Gravity Board ...) NOT-FOR-US: Gravity Board X GBX CVE-2008-2998 (Multiple cross-site scripting (XSS) vulnerabilities in the Aggregation ...) NOT-FOR-US: Drupal Aggregation module CVE-2008-2999 (Multiple SQL injection vulnerabilities in the Aggregation module 5.x ...) NOT-FOR-US: Drupal Aggregation module CVE-2008-3000 (The Aggregation module 5.x before 5.x-4.4 for Drupal, when node access ...) NOT-FOR-US: Drupal Aggregation module CVE-2008-3001 (The Aggregation module 5.x before 5.x-4.4 for Drupal allows remote ...) NOT-FOR-US: Drupal Aggregation module CVE-2008-3002 RESERVED CVE-2008-3003 (Microsoft Office Excel 2007 Gold and SP1 does not properly delete the ...) NOT-FOR-US: Microsoft Office CVE-2008-3004 (Microsoft Office Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3; ...) NOT-FOR-US: Microsoft office_excel_viewer CVE-2008-3005 (Array index vulnerability in Microsoft Office Excel 2000 SP3 and 2002 ...) NOT-FOR-US: Microsoft Office CVE-2008-3006 (Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 ...) NOT-FOR-US: Microsoft office_excel_viewer CVE-2008-3007 (Argument injection vulnerability in a URI handler in Microsoft Office ...) NOT-FOR-US: microsoft office_onenote CVE-2008-3008 (Stack-based buffer overflow in the WMEncProfileManager ActiveX control ...) NOT-FOR-US: microsoft windows nt CVE-2008-3009 (Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 ...) NOT-FOR-US: Microsoft CVE-2008-3010 (Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 ...) NOT-FOR-US: Microsoft CVE-2008-3011 RESERVED CVE-2008-3012 (gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP ...) NOT-FOR-US: microsoft windows nt CVE-2008-3013 (gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP ...) NOT-FOR-US: microsoft windows nt CVE-2008-3014 (Buffer overflow in gdiplus.dll in GDI+ in Microsoft Internet Explorer ...) NOT-FOR-US: microsoft windows nt CVE-2008-3015 (Integer overflow in gdiplus.dll in GDI+ in Microsoft Office XP SP3, ...) NOT-FOR-US: microsoft works CVE-2008-3016 RESERVED CVE-2008-3017 RESERVED CVE-2008-3018 (Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter ...) NOT-FOR-US: Microsoft Works CVE-2008-3019 (Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter ...) NOT-FOR-US: Microsoft Works CVE-2008-3020 (Microsoft Office 2000 SP3 and XP SP3; Office Converter Pack; and Works ...) NOT-FOR-US: Microsoft Works CVE-2008-3021 (Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter ...) NOT-FOR-US: Microsoft Works CVE-2008-3022 (Multiple PHP remote file inclusion vulnerabilities in ...) NOT-FOR-US: phpbbportal phportal CVE-2008-3023 (Cross-site scripting (XSS) vulnerability in FreeStyle Wiki 3.6.2 and ...) NOT-FOR-US: fswiki freestyle_wiki CVE-2008-3024 (Stack-based buffer overflow in phgrafx in QNX Momentics (aka RTOS) ...) NOT-FOR-US: Momentics CVE-2008-3025 (SQL injection vulnerability in ad.php in plx Ad Trader 3.2 allows ...) NOT-FOR-US: Hussin X plx Web Studio Ad Trader CVE-2008-3026 (SQL injection vulnerability in index.php in OneClick CMS (aka Sisplet ...) NOT-FOR-US: OneClick CMS CVE-2008-3027 (SQL injection vulnerability in get_article.php in VanGogh Web CMS 0.9 ...) NOT-FOR-US: vangogh_web_cms CVE-2008-3028 (Multiple cross-site scripting (XSS) vulnerabilities in the Send-A-Card ...) NOT-FOR-US: TYPO3 send_a_card CVE-2008-3029 (Cross-site scripting (XSS) vulnerability in the WEC Discussion Forum ...) NOT-FOR-US: TYPO3 wec_discussion_forum CVE-2008-3030 (SQL injection vulnerability in default.asp in EfesTECH Shop 2.0 allows ...) NOT-FOR-US: efes_tech_shop CVE-2008-3031 (Directory traversal vulnerability in index.php in Simple PHP Agenda ...) NOT-FOR-US: simple_php_agenda CVE-2008-3032 (Cross-site scripting (XSS) vulnerability in the phpMyAdmin ...) NOT-FOR-US: TYPO3 phpMyAdmin CVE-2008-3033 (RSS-aggregator 1.0 does not require administrative authentication for ...) NOT-FOR-US: rss_aggregator CVE-2008-3034 (Multiple SQL injection vulnerabilities in RSS-aggregator 1.0 allow ...) NOT-FOR-US: rss_aggregator CVE-2008-3035 (SQL injection vulnerability in newThread.php in XchangeBoard 1.70 ...) NOT-FOR-US: XChangeBoard CVE-2008-3036 (Directory traversal vulnerability in index.php in CMS little 0.0.1 ...) NOT-FOR-US: cms_little CVE-2008-3037 (Cross-site scripting (XSS) vulnerability in the Address Directory ...) NOT-FOR-US: TYPO3 address_directory CVE-2008-3038 (SQL injection vulnerability in the Address Directory (sp_directory) ...) NOT-FOR-US: TYPO3 address_directory CVE-2008-3039 (SQL injection vulnerability in the DAM Frontend (dam_frontend) ...) NOT-FOR-US: TYPO3 dam_frontend_extension CVE-2008-3040 (Unspecified vulnerability in the DAM Frontend (dam_frontend) extension ...) NOT-FOR-US: TYPO3 dam_frontend_extension CVE-2008-3041 (Unspecified vulnerability in the DAM Frontend (dam_frontend) extension ...) NOT-FOR-US: TYPO3 dam_frontend_extension CVE-2008-3042 (Unspecified vulnerability in the DAM Frontend (dam_frontend) extension ...) NOT-FOR-US: TYPO3 dam_frontend_extension CVE-2008-3043 (Unspecified vulnerability in the WEC Discussion Forum (wec_discussion) ...) NOT-FOR-US: TYPO3 wec_discussion_forum CVE-2008-3044 (SQL injection vulnerability in the News Calendar (newscalendar) ...) NOT-FOR-US: TYPO3 news_calendar_extension CVE-2008-3045 (Unspecified vulnerability in the Industry Database (aka ...) NOT-FOR-US: TYPO3 industry_database_extension CVE-2008-3046 (Incomplete blacklist vulnerability in the Packman (kb_packman) ...) NOT-FOR-US: TYPO3 packman_extension CVE-2008-3047 (Incomplete blacklist vulnerability in the KB Unpack (kb_unpack) ...) NOT-FOR-US: TYPO3 kb_unpack_extension CVE-2008-3048 (Unspecified vulnerability in the PDF Generator 2 (pdf_generator2) ...) NOT-FOR-US: TYPO3 pdf_generator_2_extension CVE-2008-3049 (The PDF Generator 2 (pdf_generator2) extension 0.5.0 and earlier for ...) NOT-FOR-US: TYPO3 pdf_generator_2_extension CVE-2008-3050 (Unspecified vulnerability in the PDF Generator 2 (pdf_generator2) ...) NOT-FOR-US: TYPO3 pdf_generator_2_extension CVE-2008-3051 (SQL injection vulnerability in the Pinboard extension 0.0.6 and ...) NOT-FOR-US: TYPO3 pinboard_extension CVE-2008-3052 (Unspecified vulnerability in the SQL Frontend (mh_omsqlio) extension ...) NOT-FOR-US: TYPO3 sql_frontend_extension CVE-2008-3053 (SQL injection vulnerability in the SQL Frontend (mh_omsqlio) extension ...) NOT-FOR-US: TYPO3 sql_frontend_extension CVE-2008-3054 (SQL injection vulnerability in the Branchenbuch (aka Yellow Pages ...) NOT-FOR-US: TYPO3 Branchenbuch extension CVE-2008-3055 (SQL injection vulnerability in the Support view (ext_tbl) extension ...) NOT-FOR-US: TYPO3 support_view_extension CVE-2008-3056 (SQL injection vulnerability in the Codeon Petition (cd_petition) ...) NOT-FOR-US: TYPO3 codeon_petition_extension CVE-2008-3057 (Octeth Oempro 3.5.5.1, and possibly other versions before 4, does not ...) NOT-FOR-US: octeth oempro CVE-2008-3058 (Multiple SQL injection vulnerabilities in Octeth Oempro 3.5.5.1, and ...) NOT-FOR-US: octeth oempro CVE-2008-3059 (member/settings_account.php in Octeth Oempro 3.5.5.1, and possibly ...) NOT-FOR-US: octeth oempro CVE-2008-3060 (V-webmail 1.5.0 allows remote attackers to obtain sensitive ...) NOT-FOR-US: login CVE-2008-3061 (Open redirect vulnerability in redirect.php in V-webmail 1.5.0 allows ...) NOT-FOR-US: V webmail CVE-2008-3062 RESERVED CVE-2008-3063 (SQL injection vulnerability in login.php in V-webmail 1.5.0 might ...) NOT-FOR-US: V webmail CVE-2008-3064 (Unspecified vulnerability in RealNetworks RealPlayer Enterprise, ...) NOTE: According to Real, does not affect Linux CVE-2008-3065 RESERVED CVE-2008-3066 (Stack-based buffer overflow in a certain ActiveX control in rjbdll.dll ...) NOTE: According to Real, does not affect Linux CVE-2008-3067 (sudo in SUSE openSUSE 10.3 does not clear the stdin buffer when ...) NOTE: sudo 1.6.9 to 1.6.9p12 CVE-2008-3068 (Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, ...) NOT-FOR-US: Microsoft InfoPath CVE-2008-3069 (Multiple cross-site scripting (XSS) vulnerabilities in MyBB before ...) NOT-FOR-US: MyBB CVE-2008-3070 (Unspecified vulnerability in inc/datahandler/user.php in MyBB before ...) NOT-FOR-US: MyBB CVE-2008-3071 (Directory traversal vulnerability in inc/class_language.php in MyBB ...) NOT-FOR-US: MyBB CVE-2008-3072 (Simple Machines Forum (SMF) 1.1.x before 1.1.5 and 1.0.x before ...) NOT-FOR-US: Simple Machines Forum CVE-2008-3073 (Unspecified vulnerability in Simple Machines Forum (SMF) 1.1.x before ...) NOT-FOR-US: Simple Machines Forum CVE-2008-3074 (The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, ...) BUG: 245065 CVE-2008-3075 (The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, ...) BUG: 245065 CVE-2008-3076 (The Netrw plugin 125 in netrw.vim in Vim 7.2a.10 allows user-assisted ...) BUG: 245065 CVE-2008-3077 (arch/x86/kernel/ptrace.c in the Linux kernel before 2.6.25.10 on the ...) BUG: 231347 CVE-2008-3078 (Opera before 9.51 does not properly manage memory within functions ...) BUG: 230633 CVE-2008-3079 (Unspecified vulnerability in Opera before 9.51 on Windows allows ...) NOT-FOR-US: Opera on Windows CVE-2008-3080 (Cross-site request forgery (CSRF) vulnerability in admin.php in ...) NOT-FOR-US: myWebland myBloggie CVE-2008-3081 (Multiple unspecified "input validation" vulnerabilities in the Web ...) NOT-FOR-US: Web management interface aka Messaging Administration interface in Avaya Message Storage Server MSS CVE-2008-3082 (Cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: Commtouch Enterprise Anti Spam Gateway CVE-2008-3083 (SQL injection vulnerability in Brightcode Weblinks ...) NOT-FOR-US: Brightcode CVE-2008-3084 RESERVED CVE-2008-3085 RESERVED CVE-2008-3086 RESERVED CVE-2008-3087 (Directory traversal vulnerability in Kasseler CMS 1.3.0 allows remote ...) NOT-FOR-US: Kasseler CMS CVE-2008-3088 (Cross-site scripting (XSS) vulnerability in the Files module in ...) NOT-FOR-US: Files module in Kasseler CMS CVE-2008-3089 (SQL injection vulnerability in user.html in Xpoze Pro 3.06 (aka Xpoze ...) NOT-FOR-US: Xpoze Pro CVE-2008-3090 (Multiple SQL injection vulnerabilities in index.php in BlognPlus (BURO ...) NOT-FOR-US: BlognPlus BURO GUN CVE-2008-3091 (Cross-site scripting (XSS) vulnerability in the Taxonomy Autotagger ...) NOT-FOR-US: Taxonomy Autotagger module CVE-2008-3092 (SQL injection vulnerability in the Taxonomy Autotagger module 5.x ...) NOT-FOR-US: Taxonomy Autotagger module CVE-2008-3093 (Unrestricted file upload vulnerability in ImperialBB 2.3.5 and earlier ...) NOT-FOR-US: ImperialBB CVE-2008-3094 (The Organic Groups (OG) module 5.x before 5.x-7.3 and 6.x before ...) NOT-FOR-US: Organic CVE-2008-3095 (Cross-site scripting (XSS) vulnerability in the Organic Groups (OG) ...) NOT-FOR-US: Organic Groups OG module CVE-2008-3096 (The Outline Designer module 5.x before 5.x-1.4 for Drupal changes each ...) NOT-FOR-US: Outline CVE-2008-3097 (Cross-site scripting (XSS) vulnerability in the Tinytax module (aka ...) NOT-FOR-US: Tinytax module aka Tinytax taxonomy block CVE-2008-3098 (Cross-site scripting (XSS) vulnerability in admin/usercheck.php in ...) NOT-FOR-US: fuzzylime_cms CVE-2008-3099 RESERVED CVE-2008-3100 (Cross-site scripting (XSS) vulnerability in lib/owl.lib.php in Steve ...) NOT-FOR-US: Owl Intranet Knowledgebase CVE-2008-3101 (Multiple cross-site scripting (XSS) vulnerabilities in vtiger CRM ...) NOT-FOR-US: vtiger_crm CVE-2008-3102 (Mantis 1.1.x through 1.1.2 and 1.2.x through 1.2.0a2 does not set the ...) BUG: 238570 CVE-2008-3103 (Unspecified vulnerability in the Java Management Extensions (JMX) ...) BUG: 231337 CVE-2008-3104 (Multiple unspecified vulnerabilities in Sun Java Runtime Environment ...) BUG: 231337 CVE-2008-3105 (Unspecified vulnerability in the JAX-WS client and service in Sun Java ...) BUG: 231337 CVE-2008-3106 (Unspecified vulnerability in Sun Java Runtime Environment (JRE) in JDK ...) BUG: 231337 CVE-2008-3107 (Unspecified vulnerability in the Virtual Machine in Sun Java Runtime ...) BUG: 231337 CVE-2008-3108 (Buffer overflow in Sun Java Runtime Environment (JRE) in JDK and JRE ...) BUG: 231337 CVE-2008-3109 (Unspecified vulnerability in scripting language support in Sun Java ...) BUG: 231337 CVE-2008-3110 (Unspecified vulnerability in scripting language support in Sun Java ...) BUG: 231337 CVE-2008-3111 (Multiple buffer overflows in Sun Java Web Start in JDK and JRE 6 ...) BUG: 231337 CVE-2008-3112 (Directory traversal vulnerability in Sun Java Web Start in JDK and JRE ...) BUG: 231337 CVE-2008-3113 (Unspecified vulnerability in Sun Java Web Start in JDK and JRE 5.0 ...) BUG: 231337 CVE-2008-3114 (Unspecified vulnerability in Sun Java Web Start in JDK and JRE 6 ...) BUG: 231337 CVE-2008-3115 (Secure Static Versioning in Sun Java JDK and JRE 6 Update 6 and ...) BUG: 231337 CVE-2008-3116 (Format string vulnerability in dx8render.dll in Snail Game (aka Suzhou ...) NOT-FOR-US: hanghai 5th_street CVE-2008-3117 (Unrestricted file upload vulnerability in update_profile.php in ...) NOT-FOR-US: phpmotion CVE-2008-3118 (SQL injection vulnerability in play.php in PHPmotion 2.0 and earlier ...) NOT-FOR-US: phpmotion CVE-2008-3119 (SQL injection vulnerability in index.php in DreamPics Builder allows ...) NOT-FOR-US: DreamLevels dream_pics_builder CVE-2008-3120 REJECTED NOT-FOR-US: Dokeos CVE-2008-3121 (Multiple cross-site scripting (XSS) vulnerabilities in Xerox ...) NOT-FOR-US: Xerox CentreWare Web CVE-2008-3122 (Multiple SQL injection vulnerabilities in Xerox CentreWare Web (CWW) ...) NOT-FOR-US: Xerox CentreWare Web CVE-2008-3123 (SQL injection vulnerability in index.php in Mole Group Real Estate ...) NOT-FOR-US: Mole Group Real Estate Script CVE-2008-3124 (SQL injection vulnerability in index.php in Mole Group Hotel Script ...) NOT-FOR-US: Mole Group Hotel Script CVE-2008-3125 (SQL injection vulnerability in index.php in Mole Group Lastminute ...) NOT-FOR-US: Mole Group Lastminute Script CVE-2008-3126 (Multiple stack-based buffer overflows in the ServerView web interface ...) NOT-FOR-US: Fujitsu ServerView CVE-2008-3127 (PHP remote file inclusion vulnerability in hioxBannerRotate.php in ...) NOT-FOR-US: HIOX INDIA Banner Rotator CVE-2008-3128 (Directory traversal vulnerability in search.php in Pivot 1.40.5 allows ...) NOT-FOR-US: Pivot CVE-2008-3129 (Multiple SQL injection vulnerabilities in index.php in Catviz 0.4 beta ...) NOT-FOR-US: Catviz CVE-2008-3130 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) NOT-FOR-US: Simple Machines OpenCart CVE-2008-3131 (SQL injection vulnerability in chatbox.php in pSys 0.7.0 Alpha, when ...) NOT-FOR-US: Powie psys CVE-2008-3132 (SQL injection vulnerability in the beamospetition (com_beamospetition) ...) NOT-FOR-US: Joomla com_beamospetition CVE-2008-3133 (SQL injection vulnerability in admin/index.php in BareNuked CMS 1.1.0, ...) NOT-FOR-US: barenuked_cms CVE-2008-3134 (Multiple unspecified vulnerabilities in GraphicsMagick before 1.2.4 ...) NOTE: might affect imagemagick NOTE: imagemagick 6.3.3-6.4.0.6 has no GetImageCharacteristics() in image.c NOTE: Mailed ImageMagick guys because I'm not sure about the decoders. NOT-FOR-US: ImageMagick guys didn't seem to happy about my mail and they say graphicsmagick & ImageMagick have forked a looooooong time ago and that the vuln does not exist in ImageMagick. CVE-2008-3135 (Soldner Secret Wars 33724 and earlier allows remote attackers to cause ...) NOT-FOR-US: luigi_auriemma soldner_secret_wars CVE-2008-3136 (SQL injection vulnerability in catalogue.php in AShop Deluxe 4.x ...) NOT-FOR-US: AShopSoftware AShop Deluxe CVE-2008-3137 (The GSM SMS dissector in Wireshark (formerly Ethereal) 0.99.2 through ...) BUG: 230411 CVE-2008-3138 (The (1) PANA and (2) KISMET dissectors in Wireshark (formerly ...) BUG: 230411 CVE-2008-3139 (The RTMPT dissector in Wireshark (formerly Ethereal) 0.99.8 through ...) BUG: 230411 CVE-2008-3140 (The syslog dissector in Wireshark (formerly Ethereal) 1.0.0 allows ...) BUG: 230411 CVE-2008-3141 (Unspecified vulnerability in the RMI dissector in Wireshark (formerly ...) BUG: 230411 CVE-2008-3142 (Multiple buffer overflows in Python 2.5.2 and earlier on 32bit ...) BUG: 232137 CVE-2008-3143 (Multiple integer overflows in Python before 2.5.2 might allow ...) BUG: 232137 CVE-2008-3144 (Multiple integer overflows in the PyOS_vsnprintf function in ...) BUG: 232137 CVE-2008-3145 (The fragment_add_work function in epan/reassemble.c in Wireshark ...) BUG: 231587 CVE-2008-3146 (Multiple buffer overflows in packet_ncp2222.inc in Wireshark (formerly ...) BUG: 236515 CVE-2008-3147 (WeFi 3.2.1.4.1, when diagnostic mode is enabled, stores (1) WEP, (2) ...) NOT-FOR-US: WeFi CVE-2008-3148 (Stack-based buffer overflow in (1) OllyDBG 1.10 and (2) ImpREC 1.7f ...) NOT-FOR-US: OllyDBG, ImpREC CVE-2008-3149 (The SNMP daemon in the F5 FirePass 1200 6.0.2 hotfix 3 allows remote ...) NOT-FOR-US: F5 FirePass 1200 CVE-2008-3150 (Directory traversal vulnerability in index.php in Neutrino Atomic ...) NOT-FOR-US: Neutrino Atomic Edition CVE-2008-3151 (SQL injection vulnerability in the 4ndvddb 0.91 module for PHP-Nuke ...) NOT-FOR-US: 4ndvddb 0.91 module for PHP-Nuke CVE-2008-3152 (SQL injection vulnerability in directory.php in SmartPPC and SmartPPC ...) NOT-FOR-US: SmartPPC CVE-2008-3153 (SQL injection vulnerability in Triton CMS Pro allows remote attackers ...) NOT-FOR-US: Triton CVE-2008-3154 (SQL injection vulnerability in index.php in WebBlizzard CMS allows ...) NOT-FOR-US: WebBlizzard CVE-2008-3155 (Stack-based buffer overflow in the ActiveX control (as2guiie.dll) in ...) NOT-FOR-US: Panda ActiveScan CVE-2008-3156 (The ActiveScan ActiveX Control (as2guiie.dll) in Panda ActiveScan ...) NOT-FOR-US: Panda ActiveScan CVE-2008-3157 (Nortel SIP Multimedia PC Client 4.x MCS5100 and MCS5200 does not limit ...) NOT-FOR-US: Nortel CVE-2008-3158 (Unspecified vulnerability in NWFS.SYS in Novell Client for Windows ...) NOT-FOR-US: Novell Client for Windows CVE-2008-3159 (Integer overflow in ds.dlm, as used by dhost.exe, in Novell eDirectory ...) NOT-FOR-US: ds dlm as used by dhost exe in Novell eDirectory CVE-2008-3160 (Multiple unspecified vulnerabilities in IBM Data ONTAP 7.1 before ...) NOT-FOR-US: IBM Data ONTAP CVE-2008-3161 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: IBM Maximo CVE-2008-3162 (Stack-based buffer overflow in the str_read_packet function in ...) BUG: 231831 CVE-2008-3163 (Directory traversal vulnerability in dodosmail.php in DodosMail 2.5 ...) NOT-FOR-US: DodosMail CVE-2008-3164 (Directory traversal vulnerability in blog.php in fuzzylime (cms) 3.01, ...) NOT-FOR-US: fuzzylime cms CVE-2008-3165 (Directory traversal vulnerability in rss.php in fuzzylime (cms) 3.01a ...) NOT-FOR-US: fuzzylime cms CVE-2008-3166 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: BoonEx Ray CVE-2008-3167 (Multiple PHP remote file inclusion vulnerabilities in BoonEx Dolphin ...) NOT-FOR-US: BoonEx Dolphin CVE-2008-3168 (The files utility in Empire Server before 4.3.15 discloses the world ...) NOT-FOR-US: Empire Server CVE-2008-3169 (Multiple heap-based buffer overflows in Empire Server before 4.3.15 ...) NOT-FOR-US: Empire Server CVE-2008-3170 (Apple Safari allows web sites to set cookies for country-specific ...) NOT-FOR-US: Apple Safari CVE-2008-3171 (Apple Safari sends Referer headers containing https URLs to different ...) NOT-FOR-US: Apple Safari CVE-2008-3172 (Opera allows web sites to set cookies for country-specific top-level ...) BUG: 231830 CVE-2008-3173 (Microsoft Internet Explorer allows web sites to set cookies for ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2008-3174 (Unspecified vulnerability in the kmxfw.sys driver in CA Host-Based ...) NOT-FOR-US: Computer Associates host_based_intrusion_prevention_system CVE-2008-3175 (Integer underflow in rxRPC.dll in the LGServer service in the ...) NOT-FOR-US: CA arcserve_backup_for_laptops_and_desktops CVE-2008-3176 RESERVED CVE-2008-3177 (Sophos virus detection engine 2.75 on Linux and Unix, as used in ...) NOT-FOR-US: Sophos ES1000 CVE-2008-3178 (Unrestricted file upload vulnerability in upload_pictures.php in ...) NOT-FOR-US: WebXell CVE-2008-3179 (Directory traversal vulnerability in website.php in Web 2 Business ...) NOT-FOR-US: W2B phpdatingclub CVE-2008-3180 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: CWH Underground contentnow_cms CVE-2008-3181 (Unrestricted file upload vulnerability in upload.php in ContentNow CMS ...) NOT-FOR-US: content_now CVE-2008-3182 (Stack-based buffer overflow in DAP.exe in Download Accelerator Plus ...) NOT-FOR-US: speedbit download_accelerator_plus CVE-2008-3183 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: gapi_cms gapicms CVE-2008-3184 (Multiple cross-site scripting (XSS) vulnerabilities in vBulletin ...) NOT-FOR-US: vbulletin CVE-2008-3185 (SQL injection vulnerability in index.php in Relative Real Estate ...) NOT-FOR-US: vclcomponents relative_real_estate_systems CVE-2008-3186 (Multiple cross-site scripting (XSS) vulnerabilities in Chipmunk Blog ...) NOT-FOR-US: Chipmunk Scripts Chipmunk Blogger CVE-2008-3187 (zypp-refresh-patches in zypper in SUSE openSUSE 10.2, 10.3, and 11.0 ...) NOT-FOR-US: opensuse zypper CVE-2008-3188 (libxcrypt in SUSE openSUSE 11.0 uses the DES algorithm when the ...) NOT-FOR-US: libxcrypt CVE-2008-3189 (SQL injection vulnerability in dreamnews-rss.php in DreamNews Manager ...) NOT-FOR-US: DreamLevels dreamnews_manager CVE-2008-3190 (Directory traversal vulnerability in list.php in 1Scripts CodeDB 1.1.1 ...) NOT-FOR-US: 1Scripts CodeDB CVE-2008-3191 (Multiple SQL injection vulnerabilities in usercp.php in mForum 0.1a, ...) NOT-FOR-US: mForum CVE-2008-3192 (Directory traversal vulnerability in index.php in jSite 1.0 OE allows ...) NOT-FOR-US: jSite CVE-2008-3193 (SQL injection vulnerability in jSite 1.0 OE allows remote attackers to ...) NOT-FOR-US: jSite CVE-2008-3194 (Multiple directory traversal vulnerabilities in ...) NOT-FOR-US: pluck CVE-2008-3195 (Directory traversal vulnerability in bin/configure in TWiki before ...) BUG: 237843 CVE-2008-3196 (skeleton.c in yacc does not properly handle reduction of a rule with ...) BUG: 232005 CVE-2008-3197 (Cross-site request forgery (CSRF) vulnerability in phpMyAdmin before ...) BUG: 232007 CVE-2008-3198 (Mozilla Firefox 3.x before 3.0.1 allows remote attackers to inject ...) BUG: 231975 CVE-2008-3199 (Multiple unspecified vulnerabilities in ReSIProcate before 1.3.4 allow ...) NOT-FOR-US: resiprocate CVE-2008-3200 (SQL injection vulnerability in vlc_forum.php in Avlc Forum as of ...) NOT-FOR-US: easy script avlc_forum CVE-2008-3201 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) NOT-FOR-US: pagefusion CVE-2008-3202 (Cross-site scripting (XSS) vulnerability in index.php in Xomol CMS 1.2 ...) NOT-FOR-US: xomol_cms CVE-2008-3203 (js/pages/pages_data.php in AuraCMS 2.2 through 2.2.2 does not perform ...) NOT-FOR-US: AuraCMS CVE-2008-3204 (SQL injection vulnerability in tops_top.php in E-topbiz Million Pixels ...) NOT-FOR-US: e topbiz million_pixels CVE-2008-3205 (Directory traversal vulnerability in index.php in Easy-Script Wysi ...) NOT-FOR-US: easy script wysi_wiki_wyg CVE-2008-3206 (SQL injection vulnerability in browse.groups.php in Yuhhu Pubs Black ...) NOT-FOR-US: iamilkay yuhhu_pubs_black_cat CVE-2008-3207 (PHP remote file inclusion vulnerability in cms/modules/form.lib.php in ...) NOT-FOR-US: Sahil Ahuja pragyan_cms CVE-2008-3208 (Simple DNS Plus 4.1, 5.0, and possibly other versions before 5.1.101 ...) NOT-FOR-US: simpledns simple_dns_plus CVE-2008-3209 (Heap-based buffer overflow in the OpenGifFile function in BiGif.dll in ...) NOT-FOR-US: blackice black_ice_document_imaging_sdk CVE-2008-3210 (rutil/dns/DnsStub.cxx in ReSIProcate 1.3.2, as used by repro, allows ...) NOT-FOR-US: resiprocate CVE-2008-3211 (Scripteen Free Image Hosting Script 1.2 and 1.2.1 allows remote ...) NOT-FOR-US: scripteen free_image_hosting_script CVE-2008-3212 (Multiple SQL injection vulnerabilities in Scripteen Free Image Hosting ...) NOT-FOR-US: scripteen free_image_hosting_script CVE-2008-3213 (SQL injection vulnerability in secciones/tablon/tablon.php in WebCMS ...) NOT-FOR-US: webcms_portal_edition CVE-2008-3214 (dnsmasq 2.25 allows remote attackers to cause a denial of service ...) NOTE: Fixed in 2.26, we stabled that in 2006 CVE-2008-3215 (libclamav/petite.c in ClamAV before 0.93.3 allows remote attackers to ...) BUG: 227351 CVE-2008-3216 (The save function in br/prefmanager.d in projectl 1.001 creates a ...) NOT-FOR-US: projectl CVE-2008-3217 (PowerDNS Recursor before 3.1.6 does not always use the strongest ...) BUG: 231335 CVE-2008-3218 (Multiple cross-site scripting (XSS) vulnerabilities in Drupal 6.x ...) BUG: 231372 CVE-2008-3219 (The Drupal filter_xss_admin function in 5.x before 5.8 and 6.x before ...) BUG: 231372 CVE-2008-3220 (Cross-site request forgery (CSRF) vulnerability in Drupal 5.x before ...) BUG: 231372 CVE-2008-3221 (Cross-site request forgery (CSRF) vulnerability in Drupal 6.x before ...) BUG: 231372 CVE-2008-3222 (Session fixation vulnerability in Drupal 5.x before 5.9 and 6.x before ...) BUG: 231372 CVE-2008-3223 (SQL injection vulnerability in the Schema API in Drupal 6.x before 6.3 ...) BUG: 231372 CVE-2008-3224 (Unspecified vulnerability in phpBB before 3.0.1 has unknown impact and ...) BUG: 231580 CVE-2008-3225 (Joomla! before 1.5.4 allows attackers to access administration ...) BUG: 231579 CVE-2008-3226 (The file caching implementation in Joomla! before 1.5.4 allows ...) BUG: 231579 CVE-2008-3227 (Unspecified vulnerability in Joomla! before 1.5.4 has unknown impact ...) BUG: 231579 CVE-2008-3228 (Joomla! before 1.5.4 does not configure .htaccess to apply certain ...) BUG: 231579 CVE-2008-3229 (Stack-based buffer overflow in op before Changeset 563, when xauth ...) NOT-FOR-US: swapoff op CVE-2008-3230 (The ffmpeg lavf demuxer allows user-assisted attackers to cause a ...) NOTE: Client DoS only CVE-2008-3231 (xine-lib before 1.1.15 allows remote attackers to cause a denial of ...) BUG: 234777 CVE-2008-3232 (Unrestricted file upload vulnerability in ecrire/images.php in ...) NOT-FOR-US: Dotclear CVE-2008-3233 (Cross-site scripting (XSS) vulnerability in WordPress before 2.6, SVN ...) NOTE: Does not affect a released version. CVE-2008-3234 (sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH ...) NOT-FOR-US: Debian-specific CVE-2008-3235 (Unspecified vulnerability in the PropFilePasswordEncoder utility in ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2008-3236 (Unspecified vulnerability in Wsadmin in the System ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2008-3237 (Cross-site scripting (XSS) vulnerability in forward_to_friend.php in ...) NOT-FOR-US: iTechScripts iTechBids CVE-2008-3238 (Multiple SQL injection vulnerabilities in ITechBids 7.0 Gold allow ...) NOT-FOR-US: iTechScripts iTechBids CVE-2008-3239 (Unrestricted file upload vulnerability in the writeLogEntry function ...) NOT-FOR-US: phpizabi CVE-2008-3240 (SQL injection vulnerability in index.php in AlstraSoft Affiliate ...) NOT-FOR-US: AlstraSoft Affiliate Network Pro CVE-2008-3241 (SQL injection vulnerability in players-detail.php in UltraStats ...) NOT-FOR-US: ultrastats CVE-2008-3242 (Heap-based buffer overflow in the PPMedia Class ActiveX control in ...) NOT-FOR-US: PPMate CVE-2008-3243 (Multiple unspecified vulnerabilities in the scanning engine before ...) BUG: 232665 CVE-2008-3244 (The scanning engine before 4.4.4 in F-Prot Antivirus before 6.0.9.0 ...) BUG: 232665 CVE-2008-3245 (SQL injection vulnerability in phpHoo3.php in phpHoo3 4.3.9, 4.3.10, ...) NOT-FOR-US: phpHoo3 CVE-2008-3246 (Unspecified vulnerability in the PDF distiller component in the ...) NOT-FOR-US: PDF distiller component in the BlackBerry Attachment Service in BlackBerry Unite CVE-2008-3247 (The LDT implementation in the Linux kernel 2.6.25.x before 2.6.25.11 ...) BUG: 231750 CVE-2008-3248 (qiomkfile in the Quick I/O for Database feature in Symantec Veritas ...) NOT-FOR-US: symantec veritas_file_system CVE-2008-3249 (The client in Lenovo System Update before 3.14 does not properly ...) NOT-FOR-US: Lenovo System Update CVE-2008-3250 (SQL injection vulnerability in index.php in Arctic Issue Tracker 2.0.0 ...) NOT-FOR-US: Arctic Issue Tracker CVE-2008-3251 (Multiple SQL injection vulnerabilities in tplSoccerSite 1.0 allow ...) NOT-FOR-US: tplSoccerSite CVE-2008-3252 (Stack-based buffer overflow in the read_article function in ...) NOT-FOR-US: newsx CVE-2008-3253 (Cross-site scripting (XSS) vulnerability in the XenAPI HTTP interfaces ...) NOT-FOR-US: Citrix XenServer Express CVE-2008-3254 (SQL injection vulnerability in index.php in preCMS 1 allows remote ...) NOT-FOR-US: preCMS CVE-2008-3255 (Cross-site scripting (XSS) vulnerability in LunarNight Laboratory ...) NOT-FOR-US: LunarNight Laboratory WebProxy CVE-2008-3256 (SQL injection vulnerability in folder.php in Siteframe CMS 3.2.3 and ...) NOT-FOR-US: Siteframe CMS CVE-2008-3257 (Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle ...) NOT-FOR-US: Oracle WebLogic Server CVE-2008-3258 (Multiple SQL injection vulnerabilities in Zoph before 0.7.0.5 allow ...) NOT-FOR-US: Zoph CVE-2008-3259 (OpenSSH before 5.1 sets the SO_REUSEADDR socket option when the ...) NOTE: Does not affect Linux or *BSD. CVE-2008-3260 (Multiple cross-site scripting (XSS) vulnerabilities in Claroline ...) NOT-FOR-US: Claroline CVE-2008-3261 (Open redirect vulnerability in claroline/redirector.php in Claroline ...) NOT-FOR-US: Claroline CVE-2008-3262 (Cross-site request forgery (CSRF) vulnerability in Claroline before ...) NOT-FOR-US: Claroline CVE-2008-3263 (The IAX2 protocol implementation in Asterisk Open Source 1.0.x, 1.2.x ...) BUG: 232698 CVE-2008-3264 (The FWDOWNL firmware-download implementation in Asterisk Open Source ...) BUG: 232696 CVE-2008-3265 (SQL injection vulnerability in the DT Register (com_dtregister) 2.2.3 ...) NOT-FOR-US: DT Register com_dtregister CVE-2008-3266 (SQL injection vulnerability in picture_pic_bv.asp in SoftAcid Hotel ...) NOT-FOR-US: SoftAcid CVE-2008-3267 (SQL injection vulnerability in mojoJobs.cgi in MojoJobs allows remote ...) NOT-FOR-US: MojoJobs CVE-2008-3268 (Unspecified vulnerability in phpScheduleIt 1.2.0 through 1.2.9, when ...) NOT-FOR-US: phpScheduleIt CVE-2008-3269 (WRPCServer.exe in WinSoftMagic WinRemotePC (WRPC) Lite 2008 and Full ...) NOT-FOR-US: WinSoftMagic WinRemotePC WRPC Lite CVE-2008-3270 (yum-rhn-plugin in Red Hat Enterprise Linux (RHEL) 5 does not verify ...) NOT-FOR-US: redhat enterprise_linux CVE-2008-3271 (Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers ...) NOT-FOR-US: only ancient versions vulnerable, 5.5.0 and 4.1.0 through 4.1.31 CVE-2008-3272 (The snd_seq_oss_synth_make_info function in ...) BUG: 234799 CVE-2008-3273 (JBoss Enterprise Application Platform (aka JBossEAP or EAP) before ...) NOT-FOR-US: jboss_enterprise_application_server CVE-2008-3274 (The default configuration of Red Hat Enterprise IPA 1.0.0 and FreeIPA ...) NOT-FOR-US: IPA CVE-2008-3275 (The (1) real_lookup and (2) __lookup_hash functions in fs/namei.c in ...) BUG: 234803 CVE-2008-3276 (Integer overflow in the dccp_setsockopt_change function in ...) BUG: 235221 CVE-2008-3277 RESERVED CVE-2008-3278 RESERVED CVE-2008-3279 (Untrusted search path vulnerability in libbrlttybba.so in brltty 3.7.2 ...) NOT-FOR-US: mielke brltty CVE-2008-3280 RESERVED CVE-2008-3281 (libxml2 2.6.32 and earlier does not properly detect recursion during ...) BUG: 234099 CVE-2008-3282 (Integer overflow in the rtl_allocateMemory function in ...) BUG: 234093 NOTE: Does not affect Gentoo since we use the system memory allocator CVE-2008-3283 (Multiple memory leaks in Red Hat Directory Server 7.1 before SP7, Red ...) NOT-FOR-US: redhat Directory Server CVE-2008-3284 REJECTED CVE-2008-3285 (The Filesys::SmbClientParser module 2.7 and earlier for Perl allows ...) NOT-FOR-US: Filesys SmbClientParser CVE-2008-3286 (SWAT 4 1.1 and earlier allows remote attackers to cause a denial of ...) NOT-FOR-US: SWAT CVE-2008-3287 (retroclient.exe in EMC Dantz Retrospect Backup Client 7.5.116 allows ...) NOT-FOR-US: EMC Dantz Retrospect Backup Client CVE-2008-3288 (The Server Authentication Module in EMC Dantz Retrospect Backup Server ...) NOT-FOR-US: EMC Dantz Retrospect Backup Server CVE-2008-3289 (EMC Dantz Retrospect Backup Client 7.5.116 sends the password hash in ...) NOT-FOR-US: EMC Dantz Retrospect Backup Client CVE-2008-3290 (retroclient.exe in EMC Dantz Retrospect Backup Client 7.5.116 allows ...) NOT-FOR-US: EMC Dantz Retrospect Backup Client CVE-2008-3291 (SQL injection vulnerability in index.php in AproxEngine (aka Aprox CMS ...) NOT-FOR-US: AproxEngine aka Aprox CMS Engine CVE-2008-3292 (constants.inc in EZWebAlbum 1.0 allows remote attackers to bypass ...) NOT-FOR-US: EZWebAlbum CVE-2008-3293 (Directory traversal vulnerability in download.php in EZWebAlbum allows ...) NOT-FOR-US: EZWebAlbum CVE-2008-3294 (src/configure.in in Vim 5.0 through 7.1, when used for a build with ...) BUG: 232890 CVE-2008-3295 (Cross-site scripting (XSS) vulnerability in modules/system/admin.php ...) NOTE: Hard masked BUG: 172525 CVE-2008-3296 (Directory traversal vulnerability in modules/system/admin.php in XOOPS ...) NOTE: Hard masked BUG: 172525 CVE-2008-3297 (Multiple SQL injection vulnerabilities in SocialEngine (SE) before ...) NOT-FOR-US: Social Engine CVE-2008-3298 (SocialEngine (SE) before 2.83 grants certain write privileges for ...) NOT-FOR-US: Social Engine CVE-2008-3299 (eSyndiCat 1.6 allows remote attackers to bypass authentication and ...) NOT-FOR-US: esyndicat CVE-2008-3300 (AlphAdmin CMS 1.0.5/03 allows remote attackers to bypass ...) NOT-FOR-US: alphadmin_cms CVE-2008-3301 (Multiple cross-site scripting (XSS) vulnerabilities in BilboBlog 0.2.1 ...) NOT-FOR-US: tuxplanet bilboblog CVE-2008-3302 (SQL injection vulnerability in admin/delete.php in BilboBlog 0.2.1, ...) NOT-FOR-US: tuxplanet bilboblog CVE-2008-3303 (admin/login.php in BilboBlog 0.2.1, when register_globals is enabled, ...) NOT-FOR-US: tuxplanet bilboblog CVE-2008-3304 (BilboBlog 0.2.1 allows remote attackers to obtain sensitive ...) NOT-FOR-US: tuxplanet bilboblog CVE-2008-3305 (Cross-site scripting (XSS) vulnerability in mensaje.php in C. Desseno ...) NOT-FOR-US: Carlos Desseno youtube_blog CVE-2008-3306 (SQL injection vulnerability in info.php in C. Desseno YouTube Blog ...) NOT-FOR-US: C Desseno YouTube Blog ytb CVE-2008-3307 (SQL injection vulnerability in todos.php in C. Desseno YouTube Blog ...) NOT-FOR-US: C Desseno YouTube Blog ytb CVE-2008-3308 (PHP remote file inclusion vulnerability in cuenta/cuerpo.php in C. ...) NOT-FOR-US: C Desseno YouTube Blog ytb CVE-2008-3309 (SQL injection vulnerability in info_book.asp in DigiLeave 1.2 and ...) NOT-FOR-US: DigiLeave CVE-2008-3310 (SQL injection vulnerability in default.asp in Pre Survey Poll allows ...) NOT-FOR-US: Pre Survey Poll CVE-2008-3311 (PHP remote file inclusion vulnerability in config.php in Adam ...) NOT-FOR-US: Adam Scheinberg Flip CVE-2008-3312 (Directory traversal vulnerability in ...) NOT-FOR-US: Lemon CMS CVE-2008-3313 (Multiple PHP remote file inclusion vulnerabilities in CreaCMS 1.0 ...) NOT-FOR-US: CreaCMS CVE-2008-3314 (ZDaemon 1.08.07 and earlier allows remote attackers to cause a denial ...) NOT-FOR-US: ZDaemon CVE-2008-3315 (Multiple cross-site scripting (XSS) vulnerabilities in Claroline ...) NOT-FOR-US: Claroline CVE-2008-3316 (Cross-site scripting (XSS) vulnerability in the search feature in the ...) NOT-FOR-US: Geeklog CVE-2008-3317 (admin/index.php in Maian Search 1.1 and earlier allows remote ...) NOT-FOR-US: Maian Search CVE-2008-3318 (admin/index.php in Maian Weblog 4.0 and earlier allows remote ...) NOT-FOR-US: Maian Weblog CVE-2008-3319 (admin/index.php in Maian Links 3.1 and earlier allows remote attackers ...) NOT-FOR-US: Maian Links CVE-2008-3320 (admin/index.php in Maian Guestbook 3.2 and earlier allows remote ...) NOT-FOR-US: Maian Guestbook CVE-2008-3321 (admin/index.php in Maian Uploader 4.0 and earlier allows remote ...) NOT-FOR-US: Maian Uploader CVE-2008-3322 (admin/index.php in Maian Recipe 1.2 and earlier allows remote ...) NOT-FOR-US: Maian Recipe CVE-2008-3323 (setup.exe before 2.573.2.3 in Cygwin does not properly verify the ...) NOT-FOR-US: cygwin CVE-2008-3324 (The PartyGaming PartyPoker client program 121/120 does not properly ...) NOT-FOR-US: party_gaming party_poker_client CVE-2008-3325 (Cross-site request forgery (CSRF) vulnerability in Moodle 1.6.x before ...) NOT-FOR-US: Moodle CVE-2008-3326 (Cross-site scripting (XSS) vulnerability in blog/edit.php in Moodle ...) NOT-FOR-US: Moodle CVE-2008-3327 (Moodle 1.6.5, when display_errors is enabled, allows remote attackers ...) NOT-FOR-US: Moodle CVE-2008-3328 (Cross-site scripting (XSS) vulnerability in the wiki engine in Trac ...) BUG: 233175 CVE-2008-3329 (Unspecified vulnerability in Links before 2.1, when "only proxies" is ...) BUG: 231737 CVE-2008-3330 (Cross-site scripting (XSS) vulnerability in ...) BUG: 233334 CVE-2008-3331 (Cross-site scripting (XSS) vulnerability in return_dynamic_filters.php ...) BUG: 233336 CVE-2008-3332 (Eval injection vulnerability in adm_config_set.php in Mantis before ...) BUG: 233336 CVE-2008-3333 (Directory traversal vulnerability in core/lang_api.php in Mantis ...) BUG: 233336 CVE-2008-3334 (Cross-site scripting (XSS) vulnerability in MyBB 1.2.x before 1.2.14 ...) NOT-FOR-US: MyBB CVE-2008-3335 (Unspecified vulnerability in PunBB before 1.2.19 allows remote ...) NOT-FOR-US: PunBB CVE-2008-3336 (Multiple cross-site scripting (XSS) vulnerabilities in PunBB before ...) NOT-FOR-US: PunBB CVE-2008-3337 (PowerDNS Authoritative Server before 2.9.21.1 drops malformed queries, ...) BUG: 234032 CVE-2008-3338 (Multiple buffer overflows in TIBCO Hawk (1) AMI C library ...) NOT-FOR-US: Tibco iprocess_engine CVE-2008-3339 (search_result.cfm in Jobbex JobSite allows remote attackers to obtain ...) NOT-FOR-US: avidweb_technologies jobbex_jobsite CVE-2008-3340 (Cross-site scripting (XSS) vulnerability in search_result.cfm in ...) NOT-FOR-US: jobbex jobsite CVE-2008-3341 (Multiple SQL injection vulnerabilities in search_result.cfm in Jobbex ...) NOT-FOR-US: jobbex jobsite CVE-2008-3342 (Cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: MyioSoft easypublish CVE-2008-3343 (SQL injection vulnerability in staticpages/easypublish/index.php in ...) NOT-FOR-US: MyioSoft easypublish CVE-2008-3344 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: MyioSoft easye cards CVE-2008-3345 (SQL injection vulnerability in staticpages/easyecards/index.php in ...) NOT-FOR-US: MyioSoft easye cards CVE-2008-3346 (SQL injection vulnerability in product_detail.php in ShopCart DX ...) NOT-FOR-US: e topbiz shopcart_dx CVE-2008-3347 (SQL injection vulnerability in staticpages/easycalendar/index.php in ...) NOT-FOR-US: MyioSoft easydynamicpages CVE-2008-3348 (Cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: MyioSoft easydynamicpages CVE-2008-3349 (Multiple unspecified vulnerabilities in NetApp Data ONTAP, as used on ...) NOT-FOR-US: Netapp data_ontap CVE-2008-3350 (dnsmasq 2.43 allows remote attackers to cause a denial of service ...) BUG: 232523 CVE-2008-3351 (SQL injection vulnerability in atomPhotoBlog.php in Atom PhotoBlog ...) NOT-FOR-US: atomphotoblog CVE-2008-3352 (SQL injection vulnerability in index.php in Live Music Plus 1.1.0 ...) NOT-FOR-US: nersoft live_music_plus CVE-2008-3353 (Multiple cross-site scripting (XSS) vulnerabilities in Pure Software ...) NOT-FOR-US: puresw lore CVE-2008-3354 (Multiple PHP remote file inclusion vulnerabilities in the Newbb Plus ...) NOT-FOR-US: RunCMS CVE-2008-3355 (SQL injection vulnerability in sitemap.xml.php in Camera Life 2.6.2 ...) NOT-FOR-US: Camera Life CVE-2008-3356 (verifydb in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and Ingres ...) NOT-FOR-US: Ingres CVE-2008-3357 (Untrusted search path vulnerability in ingvalidpw in Ingres 2.6, ...) NOT-FOR-US: Ingres CVE-2008-3358 (Cross-site scripting (XSS) vulnerability in Web Dynpro (WD) in the SAP ...) NOT-FOR-US: sap netweaver CVE-2008-3359 (SQL injection vulnerability in register.php in Steve Bourgeois and ...) NOT-FOR-US: Owl Intranet Knowledgebase CVE-2008-3360 (Stack-based buffer overflow in the HTML parser in IntelliTamper 2.0.7 ...) NOT-FOR-US: IntelliTamper CVE-2008-3361 (Stack-based buffer overflow in IntelliTamper 2.07 allows remote web ...) NOT-FOR-US: IntelliTamper CVE-2008-3362 (Unrestricted file upload vulnerability in upload.php in the Giulio ...) NOT-FOR-US: WordPress wp_downloads_manager CVE-2008-3363 (Directory traversal vulnerability in user_portal.php in the Dokeos ...) NOT-FOR-US: Dokeos E Learning System CVE-2008-3364 (Buffer overflow in the ObjRemoveCtrl Class ActiveX control in ...) NOT-FOR-US: Trend Micro OfficeScan CVE-2008-3365 (Directory traversal vulnerability in index.php in Pixelpost 1.7.1 on ...) NOT-FOR-US: Pixelpost CVE-2008-3366 (SQL injection vulnerability in story.php in Pligg CMS Beta 9.9.0 ...) NOT-FOR-US: Pligg CMS CVE-2008-3367 (Cross-site scripting (XSS) vulnerability in RTE_popup_link.asp in Web ...) NOT-FOR-US: webwizguide web_wiz_rich_text_editor CVE-2008-3368 (PHP remote file inclusion vulnerability in tools/packages/import.php ...) NOT-FOR-US: ATutor CVE-2008-3369 (SQL injection vulnerability in products_rss.php in ViArt Shop 3.5 and ...) NOT-FOR-US: viart_shop CVE-2008-3370 (SQL injection vulnerability in the CUA Login Module in EMC Centera ...) NOT-FOR-US: EMC centera_universal_access CVE-2008-3371 (Directory traversal vulnerability in install/help.php in TalkBack ...) NOT-FOR-US: TalkBack CVE-2008-3372 (SQL injection vulnerability in search_form.php in Getacoder Clone ...) NOT-FOR-US: greatclone getacoder_clone CVE-2008-3373 (The files parsing engine in Grisoft AVG Anti-Virus before 8.0.156 ...) NOT-FOR-US: Grisoft AVG Antivirus CVE-2008-3374 (SQL injection vulnerability in ajax.php in Gregarius 0.5.4 and earlier ...) NOT-FOR-US: Gregarius CVE-2008-3375 (The jrCookie function in includes/jamroom-misc.inc.php in JamRoom ...) NOT-FOR-US: Jamroom CVE-2008-3376 (Multiple unspecified vulnerabilities in JamRoom before 3.4.0 have ...) NOT-FOR-US: Jamroom CVE-2008-3377 (SQL injection vulnerability in picture.php in phpTest 0.6.3 allows ...) NOT-FOR-US: Brandon Tallent phptest CVE-2008-3378 (SQL injection vulnerability in comment.php in Fizzmedia 1.51.2 allows ...) NOT-FOR-US: fizzmedia_negativekarma fizzmedia CVE-2008-3379 (Cross-site scripting (XSS) vulnerability in Snark VisualPic 0.3.1 ...) NOT-FOR-US: snarky visualpic CVE-2008-3380 (Cross-site scripting (XSS) vulnerability in ajaxp_backend.php in ...) NOT-FOR-US: MyioSoft easybookmarker CVE-2008-3381 (Multiple cross-site scripting (XSS) vulnerabilities in ...) BUG: 233560 CVE-2008-3382 (SQL injection vulnerability in mojoClassified.cgi in MojoClassifieds ...) NOT-FOR-US: MojoScripts mojoclassifieds CVE-2008-3383 (SQL injection vulnerability in mojoAuto.cgi in MojoAuto allows remote ...) NOT-FOR-US: MojoScripts mojoauto CVE-2008-3384 (Multiple directory traversal vulnerabilities in help/help.php in ...) NOT-FOR-US: cce interact interact CVE-2008-3385 (Directory traversal vulnerability in include/head_chat.inc.php in php ...) NOT-FOR-US: linuxwebshop php_help_agent CVE-2008-3386 (SQL injection vulnerability in album.php in AlstraSoft Video Share ...) NOT-FOR-US: AlstraSoft video_share_enterprise CVE-2008-3387 (SQL injection vulnerability in show.php in PHPFootball 1.6 allows ...) NOT-FOR-US: phpfootball CVE-2008-3388 (Multiple SQL injection vulnerabilities in Def-Blog 1.0.3 allow remote ...) NOT-FOR-US: easy script def_blog CVE-2008-3389 (Stack-based buffer overflow in the libbecompat library in Ingres 2.6, ...) NOT-FOR-US: Ingres CVE-2008-3390 (Directory traversal vulnerability in libraries/general.init.php in ...) NOT-FOR-US: minishowcase_image_gallery CVE-2008-3391 (Multiple cross-site scripting (XSS) vulnerabilities in Web Wiz Forum ...) NOT-FOR-US: webwizguide web_wiz_forums CVE-2008-3392 (Cross-site request forgery (CSRF) vulnerability in Web Wiz Forum 9.5 ...) NOT-FOR-US: webwizguide web_wiz_forums CVE-2008-3393 (SQL injection vulnerability in events.cfm in BookMine allows remote ...) NOT-FOR-US: infomining bookmine CVE-2008-3394 (Multiple cross-site scripting (XSS) vulnerabilities in search.cfm in ...) NOT-FOR-US: infomining bookmine CVE-2008-3395 (Calacode @Mail 5.41 on Linux uses weak world-readable permissions for ...) NOT-FOR-US: CalaCode atmail CVE-2008-3396 (Unreal Tournament 2004 (UT2004) 3369 and earlier allows remote ...) BUG: 239557 CVE-2008-3397 (Cross-site scripting (XSS) vulnerability in Runesoft Cerberus CMS ...) NOT-FOR-US: runesoft cerberus_cms CVE-2008-3398 (Multiple cross-site scripting (XSS) vulnerabilities in XRMS CRM 1.99.2 ...) BUG: 235005 CVE-2008-3399 (PHP remote file inclusion vulnerability in ...) BUG: 235005 CVE-2008-3400 (XRMS CRM 1.99.2 allows remote attackers to obtain configuration ...) BUG: 235005 CVE-2008-3401 (PHP remote file inclusion vulnerability in hioxRandomAd.php in HIOX ...) NOT-FOR-US: hscripts hiox_random_ad CVE-2008-3402 (Multiple PHP remote file inclusion vulnerabilities in HIOX Browser ...) NOT-FOR-US: hscripts hiox_random_ad CVE-2008-3403 (SQL injection vulnerability in mojoClassified.cgi in MojoPersonals ...) NOT-FOR-US: MojoScripts mojopersonals CVE-2008-3404 (Cross-site scripting (XSS) vulnerability in guestbook.js.php in ...) NOT-FOR-US: mdsjack mjguest CVE-2008-3405 (Directory traversal vulnerability in index.php in Ricardo Amaral ...) NOT-FOR-US: nazgulled nzfotolog CVE-2008-3406 (SQL injection vulnerability in showcat.php in phpLinkat 0.1 allows ...) NOT-FOR-US: phpLinkat CVE-2008-3407 (phpLinkat 0.1 allows remote attackers to bypass authentication and ...) NOT-FOR-US: phpLinkat CVE-2008-3408 (Stack-based buffer overflow in CoolPlayer allows user-assisted remote ...) NOT-FOR-US: CoolPlayer CVE-2008-3409 (Buffer overflow in Unreal Tournament 3 1.3beta4 and earlier allows ...) NOT-FOR-US: not in tree CVE-2008-3410 (Unreal Tournament 3 1.3beta4 and earlier allows remote attackers to ...) NOT-FOR-US: not in tree CVE-2008-3411 (The Axesstel AXW-D800 modem with D2_ETH_109_01_VEBR Jun-14-2006 ...) NOT-FOR-US: axesstel akw d800 CVE-2008-3412 (SQL injection vulnerability in Comsenz EPShop (aka ECShop) before 3.0 ...) NOT-FOR-US: ecshop epshop CVE-2008-3413 (SQL injection vulnerability in category.php in Greatclone GC Auction ...) NOT-FOR-US: Greatclone CVE-2008-3414 (SQL injection vulnerability in line2.php in SiteAdmin allows remote ...) NOT-FOR-US: SiteAdmin CVE-2008-3415 (Directory traversal vulnerability in common.php in CMScout 2.05, when ...) NOT-FOR-US: CMScout CVE-2008-3416 (SQL injection vulnerability in modules/members.php in IceBB before ...) NOT-FOR-US: IceBB CVE-2008-3417 (SQL injection vulnerability in home/index.asp in fipsCMS light 2.1 and ...) NOT-FOR-US: fipsCMS light CVE-2008-3418 (SQL injection vulnerability in browse.php in TriO 2.1 and earlier ...) NOT-FOR-US: TriO CVE-2008-3419 (SQL injection vulnerability in ugroups.php in Youtuber Clone allows ...) NOT-FOR-US: Youtuber CVE-2008-3420 (Multiple SQL injection vulnerabilities in Mobius for Mimsy XG 1 ...) NOT-FOR-US: Mobius Web Publishing Software CVE-2008-3421 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...) NOT-FOR-US: Blackboard Academic Suite CVE-2008-3422 (Multiple cross-site scripting (XSS) vulnerabilities in the ASP.net ...) BUG: 233562 CVE-2008-3423 (IBM WebSphere Portal 5.1 through 6.1.0.0 allows remote attackers to ...) NOT-FOR-US: IBM websphere_portal CVE-2008-3424 (Condor before 7.0.4 does not properly handle wildcards in the ...) NOT-FOR-US: Condor CVE-2008-3425 (Unspecified vulnerability in the Sun Java System Web Server 7.0 plugin ...) NOT-FOR-US: Sun Java System Web Server CVE-2008-3426 (Unspecified vulnerability in the Solaris Platform Information and ...) NOT-FOR-US: picld CVE-2008-3427 REJECTED NOT-FOR-US: M 246 bius CVE-2008-3428 (Session fixation vulnerability in phpFreeChat 1.1 allows remote ...) NOT-FOR-US: phpFreeChat CVE-2008-3429 (Buffer overflow in URI processing in HTTrack and WinHTTrack before ...) BUG: 233563 CVE-2008-3430 (Buffer overflow in the CoVideoWindow.ocx ActiveX control 5.0.907.1 in ...) NOT-FOR-US: Eyeball CVE-2008-3431 (The VBoxDrvNtDeviceControl function in VBoxDrv.sys in Sun xVM ...) NOTE: Virtualbox on Windows hosts only CVE-2008-3432 (Heap-based buffer overflow in the mch_expand_wildcards function in ...) NOT-FOR-US: We have 7.0 in the tree for about a year. CVE-2008-3433 (SpeedBit Download Accelerator Plus (DAP) before 8.6.3.9 does not ...) NOT-FOR-US: speedbit download_accelerator_plus CVE-2008-3434 (Apple iTunes before 6.0.5.20 does not properly verify the authenticity ...) NOT-FOR-US: Apple iTunes CVE-2008-3435 (LinkedIn Browser Toolbar 3.0.3.1100 and earlier does not properly ...) NOT-FOR-US: LinkedIn browser_toolbar CVE-2008-3436 (The GUP generic update process in Notepad++ before 4.8.1 does not ...) NOT-FOR-US: Notepad CVE-2008-3437 (OpenOffice.org (OOo) before 2.1.0 does not properly verify the ...) NOTE: Old CVE-2008-3438 (Apple Mac OS X does not properly verify the authenticity of updates, ...) NOT-FOR-US: Apple Mac OS X CVE-2008-3439 (SpeedBit Video Acceleration before 2.2.1.8 does not properly verify ...) NOT-FOR-US: speedbit_video_accelerator CVE-2008-3440 (Sun Java 1.6.0_03 and earlier versions, and possibly later versions, ...) NOTE: Old CVE-2008-3441 (Nullsoft Winamp before 5.24 does not properly verify the authenticity ...) NOT-FOR-US: Nullsoft Winamp CVE-2008-3442 (WinZip before 11.0 does not properly verify the authenticity of ...) NOT-FOR-US: WinZip CVE-2008-3443 (The regular expression engine (regex.c) in Ruby 1.8.5 and earlier, ...) BUG: 234806 CVE-2008-3444 (The content layout component in Mozilla Firefox 3.0 and 3.0.1 allows ...) NOTE: Client DoS only CVE-2008-3445 (SQL injection vulnerability in index.php in phpMyRealty (PMR) 2.0.0 ...) NOT-FOR-US: phpMyRealty CVE-2008-3446 (Directory traversal vulnerability in inc/wysiwyg.php in LetterIt 2 ...) NOT-FOR-US: letterit CVE-2008-3447 (The scanning engine in F-Prot Antivirus 6.2.1 4252 allows remote ...) BUG: 233928 CVE-2008-3448 (Cross-site scripting (XSS) vulnerability in index.php in common ...) NOT-FOR-US: common solutions csphonebook CVE-2008-3449 (MailEnable Professional 3.5.2 and Enterprise 3.52 allow remote ...) NOT-FOR-US: MailEnable CVE-2008-3450 (Unspecified vulnerability in the namefs kernel module in Sun Solaris 8 ...) NOT-FOR-US: Sun Solaris CVE-2008-3451 (PhpWebGallery 1.7.0 and 1.7.1 allows remote authenticated users with ...) NOT-FOR-US: PhpWebGallery CVE-2008-3452 (SQL injection vulnerability in the Calendar module in eNdonesia 8.4 ...) NOT-FOR-US: Calendar module in eNdonesia CVE-2008-3453 (Multiple unspecified vulnerabilities in ImpressCMS 1.0 have unknown ...) NOT-FOR-US: ImpressCMS CVE-2008-3454 (JnSHosts PHP Hosting Directory 2.0 allows remote attackers to bypass ...) NOT-FOR-US: JnSHosts CVE-2008-3455 (PHP remote file inclusion vulnerability in include/admin.php in ...) NOT-FOR-US: JnSHosts PHP Hosting Directory CVE-2008-3456 (phpMyAdmin before 2.11.8 does not sufficiently prevent its pages from ...) BUG: 232007 CVE-2008-3457 (Cross-site scripting (XSS) vulnerability in setup.php in phpMyAdmin ...) BUG: 232007 CVE-2008-3458 (Vtiger CRM before 5.0.4 stores sensitive information under the web ...) NOT-FOR-US: Vtiger CVE-2008-3459 (Unspecified vulnerability in OpenVPN 2.1-beta14 through 2.1-rc8, when ...) NOTE: This only affected ~arch ebuilds, and is already fixed in the tree. CVE-2008-3460 (WPGIMP32.FLT in Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; ...) NOT-FOR-US: Microsoft Works CVE-2008-3461 RESERVED CVE-2008-3462 RESERVED CVE-2008-3463 RESERVED CVE-2008-3464 (afd.sys in the Ancillary Function Driver (AFD) component in Microsoft ...) NOT-FOR-US: Ancillary CVE-2008-3465 (Heap-based buffer overflow in an API in GDI in Microsoft Windows 2000 ...) NOT-FOR-US: an API in GDI in Microsoft Windows CVE-2008-3466 (Microsoft Host Integration Server (HIS) 2000, 2004, and 2006 does not ...) NOT-FOR-US: Microsoft CVE-2008-3467 RESERVED CVE-2008-3468 RESERVED CVE-2008-3469 RESERVED CVE-2008-3470 RESERVED CVE-2008-3471 (Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, ...) NOT-FOR-US: Microsoft CVE-2008-3472 (Microsoft Internet Explorer 6 and 7 does not properly determine the ...) NOT-FOR-US: Microsoft CVE-2008-3473 (Microsoft Internet Explorer 6 and 7 does not properly determine the ...) NOT-FOR-US: Microsoft CVE-2008-3474 (Microsoft Internet Explorer 6 and 7 does not properly determine the ...) NOT-FOR-US: Microsoft CVE-2008-3475 (Microsoft Internet Explorer 6 does not properly handle errors related ...) NOT-FOR-US: Microsoft CVE-2008-3476 (Microsoft Internet Explorer 5.01 SP4 and 6 does not properly handle ...) NOT-FOR-US: Microsoft CVE-2008-3477 (Microsoft Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3 does not ...) NOT-FOR-US: VBA CVE-2008-3478 RESERVED CVE-2008-3479 (Heap-based buffer overflow in the Microsoft Message Queuing (MSMQ) ...) NOT-FOR-US: Microsoft Windows CVE-2008-3480 (Stack-based buffer overflow in the Anzio Web Print Object (WePO) ...) NOT-FOR-US: anzio web_print_object CVE-2008-3481 (themes/sample/theme.php in Coppermine Photo Gallery (CPG) 1.4.18 and ...) BUG: 234119 CVE-2008-3482 (Cross-site scripting (XSS) vulnerability in the error page feature in ...) NOT-FOR-US: Panasonic BB_HCM581 CVE-2008-3483 (Cross-site scripting (XSS) vulnerability in ScrewTurn Wiki 2.0.29 and ...) NOT-FOR-US: screwturn_wiki CVE-2008-3484 (SQL injection vulnerability in eStoreAff 0.1 allows remote attackers ...) NOT-FOR-US: estoreaff CVE-2008-3485 (Untrusted search path vulnerability in Citrix MetaFrame Presentation ...) NOT-FOR-US: Citrix MetaFrame Presentation Server CVE-2008-3486 (Directory traversal vulnerability in the user_get_profile function in ...) BUG: 234119 CVE-2008-3487 (SQL injection vulnerability in profile.php in PHPAuction GPL Enhanced ...) NOT-FOR-US: phpauctions phpauction_gpl_enhanced CVE-2008-3488 (Unspecified vulnerability in Novell iManager before 2.7 SP1 (2.7.1) ...) NOT-FOR-US: Novell iManager CVE-2008-3489 (SQL injection vulnerability in checkCookie function in ...) NOT-FOR-US: PHPX CVE-2008-3490 (SQL injection vulnerability in members/mail.php in E-topbiz Online ...) NOT-FOR-US: e topbiz online_dating CVE-2008-3491 (SQL injection vulnerability in go.php in Scripts24 iPost 1.0.1 and ...) NOT-FOR-US: scripts24 ipost CVE-2008-3492 (America's Army (aka AA or Army Game Project) 2.8.3.1 and earlier ...) NOT-FOR-US: We only have the server browser in tree. CVE-2008-3493 (vncviewer.exe in RealVNC Windows Client 4.1.2.0 allows remote VNC ...) NOT-FOR-US: realvnc_windows_client CVE-2008-3494 (8e6 R3000 Internet Filter 2.0.12.10 allows remote attackers to bypass ...) NOT-FOR-US: 8e6 R3000 Internet Filter CVE-2008-3495 (SQL injection vulnerability in kategori.asp in Pcshey Portal allows ...) NOT-FOR-US: Aspindir pcshey_portal CVE-2008-3496 (Buffer overflow in format descriptor parsing in the uvc_parse_format ...) BUG: 234808 CVE-2008-3497 (SQL injection vulnerability in pages.php in MyPHP CMS 0.3.1 allows ...) NOT-FOR-US: MyPHP CMS CVE-2008-3498 (SQL injection vulnerability in the nBill (com_netinvoice) component ...) NOT-FOR-US: Joomla com_netinvoice CVE-2008-3499 (Unspecified vulnerability in "a page in the workarea folder" in Ektron ...) NOT-FOR-US: ektron cms4000 net CVE-2008-3500 (Cross-site scripting (XSS) vulnerability in the Suggested Terms module ...) NOT-FOR-US: Drupal suggested_terms_module CVE-2008-3501 (Cross-site scripting (XSS) vulnerability in the WebAccess simple ...) NOT-FOR-US: Novell Groupwise CVE-2008-3502 (Unspecified vulnerability in Best Practical Solutions RT 3.0.0 through ...) BUG: 230007 CVE-2008-3503 (RSSFromParent in Plain Black WebGUI before 7.5.13 does not restrict ...) NOT-FOR-US: plain_black_webgui CVE-2008-3504 (Unspecified vulnerability in mask PHP File Manager (mPFM) before 2.3 ...) NOT-FOR-US: mpfm mask_php_file_manager CVE-2008-3505 (Cross-site scripting (XSS) vulnerability in PolyPager 1.0 rc2 and ...) NOT-FOR-US: polypager CVE-2008-3506 (SQL injection vulnerability in PolyPager 1.0 rc2 and earlier allows ...) NOT-FOR-US: polypager CVE-2008-3507 (SQL injection vulnerability in index.php in LiteNews 0.1 (aka 01), and ...) NOT-FOR-US: wogan_may litenews CVE-2008-3508 (LiteNews 0.1 (aka 01), and possibly 1.2 and earlier, allows remote ...) NOT-FOR-US: wogan_may litenews CVE-2008-3509 (LoveCMS 1.6.2 does not require administrative authentication for (1) ...) NOT-FOR-US: LoveCMS CVE-2008-3510 (Cross-site scripting (XSS) vulnerability in livehelp_js.php in Crafty ...) NOT-FOR-US: Crafty Syntax Live Help CVE-2008-3511 (Multiple cross-site scripting (XSS) vulnerabilities in Softbiz Image ...) NOT-FOR-US: SoftBiz Image Gallery CVE-2008-3512 (SQL injection vulnerability in the Kleinanzeigen module for PHP-Nuke ...) NOT-FOR-US: php_nuke Kleinanzeigen module CVE-2008-3513 (SQL injection vulnerability in the Book Catalog module 1.0 for ...) NOT-FOR-US: php_nuke basis_consultant_book_catalog CVE-2008-3514 (VMware VirtualCenter 2.5 before Update 2 and 2.0.2 before Update 5 ...) NOT-FOR-US: VMWare VirtualCenter CVE-2008-3515 (Multiple cross-site scripting (XSS) vulnerabilities in files generated ...) NOT-FOR-US: Adobe presenter CVE-2008-3516 (Multiple cross-site scripting (XSS) vulnerabilities in files generated ...) NOT-FOR-US: Adobe presenter CVE-2008-3517 REJECTED CVE-2008-3518 REJECTED CVE-2008-3519 (The default configuration of the JBossAs component in Red Hat JBoss ...) NOT-FOR-US: JBossEAP CVE-2008-3520 (Multiple integer overflows in JasPer 1.900.1 might allow ...) BUG: 222819 CVE-2008-3521 (Race condition in the jas_stream_tmpfile function in ...) BUG: 222819 CVE-2008-3522 (Buffer overflow in the jas_stream_printf function in ...) BUG: 222819 CVE-2008-3523 RESERVED CVE-2008-3524 (rc.sysinit in initscripts before 8.76.3-1 on Fedora 9 and other Linux ...) NOT-FOR-US: Fedora-Specific initscript CVE-2008-3525 (The sbni_ioctl function in drivers/net/wan/sbni.c in the wan subsystem ...) BUG: 237473 CVE-2008-3526 (Integer overflow in the sctp_setsockopt_auth_key function in ...) BUG: 236118 CVE-2008-3527 (arch/i386/kernel/sysenter.c in the Virtual Dynamic Shared Objects ...) BUG: 245754 CVE-2008-3528 (The error-reporting functionality in (1) fs/ext2/dir.c, (2) ...) BUG: 243150 CVE-2008-3529 (Heap-based buffer overflow in the xmlParseAttValueComplex function in ...) BUG: 237806 CVE-2008-3530 (sys/netinet6/icmp6.c in the kernel in FreeBSD 6.3 through 7.1, NetBSD ...) NOT-FOR-US: we only have freebsd-sources < 6.3 in the kernel CVE-2008-3531 (Stack-based buffer overflow in sys/kern/vfs_mount.c in the kernel in ...) NOT-FOR-US: we only have freebsd-sources < 6.2 in the kernel CVE-2008-3532 (The NSS plugin in libpurple in Pidgin 2.4.3 does not verify SSL ...) BUG: 234135 CVE-2008-3533 (Format string vulnerability in the window_error function in ...) BUG: 234079 CVE-2008-3534 (The shmem_delete_inode function in mm/shmem.c in the tmpfs ...) BUG: 234812 CVE-2008-3535 (Off-by-one error in the iov_iter_advance function in mm/filemap.c in ...) BUG: 234813 CVE-2008-3536 (Unspecified vulnerability in ovalarmsrv in HP OpenView Network Node ...) NOT-FOR-US: hp openview_network_node_manager CVE-2008-3537 (Unspecified vulnerability in ovalarmsrv in HP OpenView Network Node ...) NOT-FOR-US: hp openview_network_node_manager CVE-2008-3538 (Unspecified vulnerability in HP Enterprise Discovery 2.0 through 2.52 ...) NOT-FOR-US: HP Enterprise Discovery CVE-2008-3539 (Unspecified vulnerability in HP OpenView Select Identity (HPSI) ...) NOT-FOR-US: hp ibm_tivoli_dir_connector CVE-2008-3540 RESERVED CVE-2008-3541 RESERVED CVE-2008-3542 (Unspecified vulnerability in HP Insight Diagnostics before 7.9.1.2402 ...) NOT-FOR-US: HP Insight Diagnostics CVE-2008-3543 (Unspecified vulnerability in NFS / ONCplus B.11.31_04 and earlier on ...) NOT-FOR-US: hp oncplus CVE-2008-3544 (Multiple stack-based buffer overflows in ovalarmsrv in HP OpenView ...) NOT-FOR-US: hp openview_network_node_manager CVE-2008-3545 (Unspecified vulnerability in ovtopmd in HP OpenView Network Node ...) NOT-FOR-US: hp openview_network_node_manager CVE-2008-3546 (Stack-based buffer overflow in the (1) diff_addremove and (2) ...) BUG: 234075 CVE-2008-3547 (Buffer overflow in the server in OpenTTD 0.6.1 and earlier allows ...) BUG: 233929 CVE-2008-3548 (Unspecified vulnerability in the Sun Netra T5220 Server with firmware ...) NOT-FOR-US: Sun Netra T5220 Server CVE-2008-3549 (Unspecified vulnerability in the pthread_mutex_reltimedlock_np API in ...) NOT-FOR-US: Sun Solaris CVE-2008-3550 (The CQWeb login page in IBM Rational ClearQuest 7.0.1 allows remote ...) NOT-FOR-US: IBM Rational ClearQuest CVE-2008-3551 (Multiple unspecified vulnerabilities in Sun Java Platform Micro ...) NOT-FOR-US: Sun wireless_toolkit CVE-2008-3552 (Multiple unspecified vulnerabilities in Nokia Series 40 3rd edition ...) NOT-FOR-US: Nokia series_40 CVE-2008-3553 (Multiple unspecified vulnerabilities in Nokia Series 40 3rd edition ...) NOT-FOR-US: Sun J2ME CVE-2008-3554 (SQL injection vulnerability in index.php in Discuz! 6.0.1 allows ...) NOT-FOR-US: comsenz discuz CVE-2008-3555 (Directory traversal vulnerability in index.php in (1) WSN Forum 4.1.43 ...) NOT-FOR-US: wsn links CVE-2008-3556 (Multiple SQL injection vulnerabilities in index.php in Battle.net Clan ...) NOT-FOR-US: Haudenschilt battlenet_clan_script CVE-2008-3557 (Free Hosting Manager 1.2 and 2.0 allows remote attackers to bypass ...) NOT-FOR-US: fhm script free_hosting_manager CVE-2008-3558 (Stack-based buffer overflow in the WebexUCFObject ActiveX control in ...) NOT-FOR-US: webex_meeting_manager CVE-2008-3559 (Multiple cross-site scripting (XSS) vulnerabilities in KAPhotoservice ...) NOT-FOR-US: KAPhotoservice CVE-2008-3560 (Cross-site scripting (XSS) vulnerability in kshop_search.php in the ...) NOT-FOR-US: XOOPS kshop_module CVE-2008-3561 (SQL injection vulnerability in s03.php in Powergap Shopsystem, when ...) NOT-FOR-US: n CVE-2008-3562 (Directory traversal vulnerability in index.php in the Contact module ...) NOT-FOR-US: Chupix CMS CVE-2008-3563 (Multiple SQL injection vulnerabilities in Plogger 3.0 and earlier ...) NOT-FOR-US: Plogger CVE-2008-3564 (Multiple directory traversal vulnerabilities in index.php in Dayfox ...) NOT-FOR-US: Dayfox Designs dayfox_blog CVE-2008-3565 (Multiple cross-site scripting (XSS) vulnerabilities in Meeting Room ...) NOT-FOR-US: mrbs CVE-2008-3566 (Cross-site scripting (XSS) vulnerability in ZoneO-soft freeForum 1.7 ...) NOT-FOR-US: soft zoneo freeForum CVE-2008-3567 (Cross-zone scripting vulnerability in the NowPlaying functionality in ...) NOT-FOR-US: Nullsoft Winamp CVE-2008-3568 (Absolute path traversal vulnerability in ...) NOT-FOR-US: unak cms CVE-2008-3569 (Multiple cross-site scripting (XSS) vulnerabilities in XAMPP 1.6.7, ...) NOT-FOR-US: Apache Friends XAMPP CVE-2008-3570 (PHP remote file inclusion vulnerability in index.php in Africa Be Gone ...) NOT-FOR-US: africabegone africa_be_gone CVE-2008-3571 (The Xerox Phaser 8400 allows remote attackers to cause a denial of ...) NOT-FOR-US: Xerox phaser CVE-2008-3572 (Cross-site scripting (XSS) vulnerability in index.php in Pligg 9.9.5 ...) NOT-FOR-US: Pligg CMS CVE-2008-3573 (The CAPTCHA implementation in (1) Pligg 9.9.5 and possibly (2) ...) NOT-FOR-US: pligg CVE-2008-3574 (Multiple cross-site scripting (XSS) vulnerabilities in Pluck 4.5.2, ...) NOT-FOR-US: Pluck CVE-2008-3575 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: ezcontents_cms CVE-2008-3576 (Buffer overflow in the TruncateString function in src/gfx.cpp in ...) BUG: 233929 CVE-2008-3577 (Buffer overflow in src/openttd.cpp in OpenTTD before 0.6.2 allows ...) BUG: 233929 CVE-2008-3578 (HydraIRC 0.3.164 and earlier allows remote attackers to cause a denial ...) NOT-FOR-US: HydraIRC CVE-2008-3579 (Calacode @Mail 5.41 on Linux does not require administrative ...) NOT-FOR-US: CalaCode atmail CVE-2008-3580 (Multiple SQL injection vulnerabilities in Qsoft K-Links allow remote ...) NOT-FOR-US: qsoft k links CVE-2008-3581 (Cross-site scripting (XSS) vulnerability in index.php in Qsoft K-Links ...) NOT-FOR-US: qsoft k links CVE-2008-3582 (SQL injection vulnerability in login.php in Keld PHP-MySQL News Script ...) NOT-FOR-US: keld php mysql CVE-2008-3583 (Buffer overflow in the HTML parser in IntelliTamper 2.07 allows remote ...) NOT-FOR-US: intellitamper CVE-2008-3584 (NetBSD 3.0, 3.1, and 4.0, when a pppoe instance exists, does not ...) NOT-FOR-US: NetBSD pppoe issue CVE-2008-3585 (Multiple SQL injection vulnerabilities in PozScripts GreenCart PHP ...) NOT-FOR-US: pozscripts greencart_php_shopping_cart CVE-2008-3586 (SQL injection vulnerability in the EZ Store (com_ezstore) component ...) NOT-FOR-US: Joomla com_ezstore CVE-2008-3587 (Cross-site scripting (XSS) vulnerability in result.php in Chris ...) NOT-FOR-US: needscripts homes_4_sale CVE-2008-3588 (Multiple SQL injection vulnerabilities in phsBlog 0.1.1 allow remote ...) NOT-FOR-US: phsBlog CVE-2008-3589 (Directory traversal vulnerability in download.php in moziloCMS 1.10.1, ...) NOT-FOR-US: mozilocms CVE-2008-3590 (Multiple SQL injection vulnerabilities in admin/login.asp in E. Z. ...) NOT-FOR-US: Egi Zaberl e z _poll CVE-2008-3591 (SQL injection vulnerability in lib/class.admin.php in Twentyone ...) NOT-FOR-US: 21degrees symphony CVE-2008-3592 (Unrestricted file upload vulnerability in the File Manager in the ...) NOT-FOR-US: 21degrees symphony CVE-2008-3593 (Directory traversal vulnerability in index.php in SyzygyCMS 0.3 allows ...) NOT-FOR-US: syzygycms CVE-2008-3594 (SQL injection vulnerability in viewdetails.php in MagicScripts E-Store ...) NOT-FOR-US: MagicScripts E Store Kit 2 CVE-2008-3595 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: txtsql CVE-2008-3596 (Cross-site scripting (XSS) vulnerability in Harmoni before 1.4.7 ...) NOT-FOR-US: harmoni CVE-2008-3597 (Skulltag before 0.97d2-RC6 allows remote attackers to cause a denial ...) NOT-FOR-US: Skulltag Team Skulltag CVE-2008-3598 (Multiple SQL injection vulnerabilities in psipuss 1.0 allow remote ...) NOT-FOR-US: psi labs psipuss CVE-2008-3599 (SQL injection vulnerability in image.php in OpenImpro 1.1 allows ...) NOT-FOR-US: openimpro CVE-2008-3600 (Directory traversal vulnerability in contrib/phpBB2/modules.php in ...) BUG: 234137 CVE-2008-3601 (SQL injection vulnerability in index.php in Quicksilver Forums 1.4.1 ...) NOT-FOR-US: Quicksilver Forums CVE-2008-3602 (admin/wr_admin.php in PHP-Ring Webring System (aka uPHP_ring_website) ...) NOT-FOR-US: psychdaily php_ring_webring_system CVE-2008-3603 (SQL injection vulnerability in index.php in Vacation Rental Script 3.0 ...) NOT-FOR-US: Vacation Rentals Vacation Rental Script CVE-2008-3604 (SQL injection vulnerability in bannerclick.php in ZeeBuddy 2.1 allows ...) NOT-FOR-US: zeescripts zeebuddy CVE-2008-3605 (Unspecified vulnerability in McAfee Encrypted USB Manager 3.1.0.0, ...) NOT-FOR-US: McAfee encrypted_usb_manager CVE-2008-3606 (Heap-based buffer overflow in the IMAP service in Qbik WinGate ...) NOT-FOR-US: Qbik WinGate CVE-2008-3607 (The IMAP server in NoticeWare Email Server NG 4.6.3 and earlier allows ...) NOT-FOR-US: noticeware email_server CVE-2008-3608 (ImageIO in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows ...) NOT-FOR-US: apple mac_os_x_server CVE-2008-3609 (The kernel in Apple Mac OS X 10.5 through 10.5.4 does not properly ...) NOT-FOR-US: apple mac_os_x_server CVE-2008-3610 (Race condition in Login Window in Apple Mac OS X 10.5 through 10.5.4, ...) NOT-FOR-US: apple mac_os_x_server CVE-2008-3611 (Login Window in Apple Mac OS X 10.4.11 does not clear the current ...) NOT-FOR-US: apple mac_os_x_server CVE-2008-3612 (The Networking subsystem in Apple iPod touch 2.0 through 2.0.2, and ...) NOT-FOR-US: apple ipod_touch CVE-2008-3613 (Finder in Apple Mac OS X 10.5.2 through 10.5.4 allows remote attackers ...) NOT-FOR-US: apple mac_os_x CVE-2008-3614 (Integer overflow in Apple QuickTime before 7.5.5 on Windows allows ...) NOT-FOR-US: microsoft windows nt CVE-2008-3615 (ir50_32.qtx in an unspecified third-party Indeo v5 codec for ...) NOT-FOR-US: ligos invdeo_v5_codec CVE-2008-3616 (Multiple integer overflows in the SearchKit API in Apple Mac OS X ...) NOT-FOR-US: apple mac_os_x_server CVE-2008-3617 (Remote Management and Screen Sharing in Apple Mac OS X 10.5 through ...) NOT-FOR-US: apple mac_os_x_server CVE-2008-3618 (The File Sharing pane in the Sharing preference pane in Apple Mac OS X ...) NOT-FOR-US: apple mac_os_x CVE-2008-3619 (Time Machine in Apple Mac OS X 10.5 through 10.5.4 uses weak ...) NOT-FOR-US: apple mac_os_x_server CVE-2008-3620 RESERVED CVE-2008-3621 (VideoConference in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 ...) NOT-FOR-US: Apple Mac OS X CVE-2008-3622 (Cross-site scripting (XSS) vulnerability in Wiki Server in Apple Mac ...) NOT-FOR-US: Wiki Server in Apple Mac OS X CVE-2008-3623 (Heap-based buffer overflow in CoreGraphics in Apple Safari before 3.2 ...) NOT-FOR-US: apple safari CVE-2008-3624 (Heap-based buffer overflow in Apple QuickTime before 7.5.5 allows ...) NOT-FOR-US: Apple QuickTime CVE-2008-3625 (Stack-based buffer overflow in Apple QuickTime before 7.5.5 allows ...) NOT-FOR-US: apple quicktime CVE-2008-3626 (The CallComponentFunctionWithStorage function in Apple QuickTime ...) NOT-FOR-US: apple quicktime CVE-2008-3627 (Apple QuickTime before 7.5.5 does not properly handle (1) MDAT atoms ...) NOT-FOR-US: apple quicktime CVE-2008-3628 (Apple QuickTime before 7.5.5 on Windows allows remote attackers to ...) NOT-FOR-US: apple quicktime CVE-2008-3629 (Apple QuickTime before 7.5.5 allows remote attackers to cause a denial ...) NOT-FOR-US: Apple QuickTime CVE-2008-3630 (mDNSResponder in Apple Bonjour for Windows before 1.0.5, when an ...) NOT-FOR-US: mDNSResponder in Apple Bonjour for Windows CVE-2008-3631 (Application Sandbox in Apple iPod touch 2.0 through 2.0.2, and iPhone ...) NOT-FOR-US: apple ipod_touch CVE-2008-3632 (Use-after-free vulnerability in WebKit in Apple iPod touch 1.1 through ...) NOT-FOR-US: apple ipod_touch CVE-2008-3633 RESERVED CVE-2008-3634 (Apple iTunes before 8.0 on Mac OS X 10.4.11, when iTunes Music Sharing ...) NOT-FOR-US: apple itunes CVE-2008-3635 (Stack-based buffer overflow in QuickTimeInternetExtras.qtx in an ...) NOT-FOR-US: microsoft windows nt CVE-2008-3636 (Integer overflow in the IopfCompleteRequest API in the kernel in ...) NOT-FOR-US: apple itunes CVE-2008-3637 (The Hash-based Message Authentication Code (HMAC) provider in Java on ...) NOT-FOR-US: Java on Apple Mac OS X CVE-2008-3638 (Java on Apple Mac OS X 10.5.4 and 10.5.5 does not prevent applets from ...) NOT-FOR-US: Java on Apple Mac OS X CVE-2008-3639 (Heap-based buffer overflow in the read_rle16 function in imagetops in ...) BUG: 238976 CVE-2008-3640 (Integer overflow in the WriteProlog function in texttops in CUPS ...) BUG: 238976 CVE-2008-3641 (The Hewlett-Packard Graphics Language (HPGL) filter in CUPS before ...) BUG: 238976 CVE-2008-3642 (Buffer overflow in ColorSync in Mac OS X 10.4.11 and 10.5.5 allows ...) NOT-FOR-US: ColorSync in Mac OS X CVE-2008-3643 (Unspecified vulnerability in Finder in Mac OS X 10.5.5 allows ...) NOT-FOR-US: Finder in Mac OS X CVE-2008-3644 (Apple Safari before 3.2 does not properly prevent caching of form data ...) NOT-FOR-US: apple safari CVE-2008-3645 (Heap-based buffer overflow in the local IPC component in the ...) NOT-FOR-US: local IPC component in the EAPOLController plugin for configd Networking component in Mac OS X CVE-2008-3646 (The Postfix configuration file in Mac OS X 10.5.5 causes Postfix to be ...) NOT-FOR-US: Mac OS X CVE-2008-3647 (Buffer overflow in PSNormalizer in Mac OS X 10.4.11 and 10.5.5 allows ...) NOT-FOR-US: PSNormalizer in Mac OS X CVE-2008-3648 (nslookup.exe in Microsoft Windows XP SP2 allows user-assisted remote ...) NOT-FOR-US: Microsoft windows nt CVE-2008-3649 (SQL injection vulnerability in categorydetail.php in Article Friendly ...) NOT-FOR-US: articlefriendly article_friendly CVE-2008-3650 (Multiple unspecified vulnerabilities in Horde Groupware Webmail before ...) BUG: 228511 CVE-2008-3651 (Memory leak in racoon/proposal.c in the racoon daemon in ipsec-tools ...) BUG: 232831 CVE-2008-3652 (src/racoon/handler.c in racoon in ipsec-tools does not remove an ...) BUG: 232831 CVE-2008-3653 (Multiple unspecified vulnerabilities in TikiWiki CMS/Groupware before ...) BUG: 213320 CVE-2008-3654 (Unspecified vulnerability in TikiWiki CMS/Groupware before 2.0 allows ...) BUG: 213320 CVE-2008-3655 (Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through ...) BUG: 225465 CVE-2008-3656 (Algorithmic complexity vulnerability in the ...) BUG: 225465 CVE-2008-3657 (The dl module in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, ...) BUG: 225465 CVE-2008-3658 (Buffer overflow in the imageloadfont function in ext/gd/gd.c in PHP ...) BUG: 234102 CVE-2008-3659 (Buffer overflow in the memnstr function in PHP 4.4.x before 4.4.9 and ...) BUG: 234102 CVE-2008-3660 (PHP 4.4.x before 4.4.9, and 5.x through 5.2.6, when used as a FastCGI ...) BUG: 234102 CVE-2008-3661 (Drupal, probably 5.10 and 6.4, does not set the secure flag for the ...) BUG: 238571 CVE-2008-3662 (Gallery before 1.5.9, and 2.x before 2.2.6, does not set the secure ...) BUG: 238113 CVE-2008-3663 (Squirrelmail 1.4.15 does not set the secure flag for the session ...) BUG: 239054 CVE-2008-3664 (Multiple cross-site scripting (XSS) vulnerabilities in XRMS allow ...) BUG: 235005 CVE-2008-3665 RESERVED CVE-2008-3666 (Unspecified vulnerability in Sun Solaris 10 and OpenSolaris before ...) NOT-FOR-US: Sun Solaris CVE-2008-3667 (Stack-based buffer overflow in Maxthon Browser 2.0 and earlier allows ...) NOT-FOR-US: maxthon_browser CVE-2008-3668 (Multiple cross-site scripting (XSS) vulnerabilities in the Yogurt ...) NOT-FOR-US: Marcello Brandao yogurt_social_network_module CVE-2008-3669 (SQL injection vulnerability in comments.php in ZeeScripts Reviews ...) NOT-FOR-US: zeescripts zeereviews CVE-2008-3670 (SQL injection vulnerability in authordetail.php in Article Friendly ...) NOT-FOR-US: articlefriendly article_friendly CVE-2008-3671 (Acronis True Image Echo Server 9.x build 8072 on Linux does not ...) NOT-FOR-US: Acronis true_image_echo_server CVE-2008-3672 (SQL injection vulnerability in showcategory.php in PozScripts ...) NOT-FOR-US: pozscripts classified_ads CVE-2008-3673 (SQL injection vulnerability in browsecats.php in PozScripts Classified ...) NOT-FOR-US: pozscripts classified_ads CVE-2008-3674 (SQL injection vulnerability in ugroups.php in PozScripts TubeGuru ...) NOT-FOR-US: pozscripts tubeguru_video_sharing_script CVE-2008-3675 (Directory traversal vulnerability in classes/imgsize.php in Gelato ...) NOT-FOR-US: Gelato CVE-2008-3676 (Unspecified vulnerability in the IMAP server in hMailServer 4.4.1 ...) NOT-FOR-US: IMAP server in hMailServer CVE-2008-3677 (Directory traversal vulnerability in ...) NOT-FOR-US: Freeway CVE-2008-3678 (Cross-site scripting (XSS) vulnerability in admin/search_links.php in ...) NOT-FOR-US: Freeway CVE-2008-3679 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) NOT-FOR-US: IDevSpot PhpLinkExchange CVE-2008-3680 (The decryption function in Flagship Industries Ventrilo 3.0.2 and ...) BUG: 234819 CVE-2008-3681 (components/com_user/models/reset.php in Joomla! 1.5 through 1.5.5 does ...) BUG: 234577 CVE-2008-3682 (SQL injection vulnerability in dpage.php in YPN PHP Realty allows ...) NOT-FOR-US: YPN CVE-2008-3683 (Unspecified vulnerability in the FTP subsystem in Sun Java System Web ...) NOT-FOR-US: Sun Java System Web Proxy Server CVE-2008-3684 (Heap-based buffer overflow in aws_tmxn.exe in the Admin Agent service ...) NOT-FOR-US: emc documentum_applicationxtender_workflow_manager CVE-2008-3685 (Directory traversal vulnerability in aws_tmxn.exe in the Admin Agent ...) NOT-FOR-US: emc documentum_applicationxtender_workflow_manager CVE-2008-3686 (The rt6_fill_node function in net/ipv6/route.c in Linux kernel ...) BUG: 234821 CVE-2008-3687 (Heap-based buffer overflow in the flask_security_label function in Xen ...) NOTE: Xen 3.3 only CVE-2008-3688 (sockethandler.cpp in HTTP Antivirus Proxy (HAVP) 0.88 allows remote ...) BUG: 234715 CVE-2008-3689 RESERVED CVE-2008-3690 RESERVED CVE-2008-3691 (Unspecified vulnerability in a certain ActiveX control in VMware ...) NOT-FOR-US: ActiveX control in VMware Workstation CVE-2008-3692 (Unspecified vulnerability in a certain ActiveX control in VMware ...) NOT-FOR-US: ActiveX control in VMware Workstation CVE-2008-3693 (Unspecified vulnerability in a certain ActiveX control in VMware ...) NOT-FOR-US: ActiveX control in VMware Workstation CVE-2008-3694 (Unspecified vulnerability in a certain ActiveX control in VMware ...) NOT-FOR-US: ActiveX control in VMware Workstation CVE-2008-3695 (Unspecified vulnerability in a certain ActiveX control in VMware ...) NOT-FOR-US: ActiveX control in VMware Workstation CVE-2008-3696 (Unspecified vulnerability in a certain ActiveX control in VMware ...) NOT-FOR-US: ActiveX control in VMware Workstation CVE-2008-3697 (An unspecified ISAPI extension in VMware Server before 1.0.7 build ...) NOT-FOR-US: ISAPI extension in VMware Server CVE-2008-3698 (Unspecified vulnerability in the OpenProcess function in VMware ...) NOTE: Windows-only CVE-2008-3699 (The MagnatuneBrowser::listDownloadComplete function in ...) BUG: 234689 CVE-2008-3700 (Multiple cross-site scripting (XSS) vulnerabilities in Kayako ...) NOT-FOR-US: Kayako SupportSuite CVE-2008-3701 (SQL injection vulnerability in staff/index.php in Kayako SupportSuite ...) NOT-FOR-US: Kayako SupportSuite CVE-2008-3702 (Multiple stack-based buffer overflows in the Animation GIF ActiveX ...) NOT-FOR-US: Animation GIF ActiveX control in JComSoft AniGIF ocx CVE-2008-3703 (The management console in the Volume Manager Scheduler Service (aka ...) NOT-FOR-US: Symantec Veritas Storage Foundation CVE-2008-3704 (Heap-based buffer overflow in the MaskedEdit ActiveX control in ...) NOT-FOR-US: Microsoft Visual Studio CVE-2008-3705 (Stack-based buffer overflow in the CLogger::WriteFormated function in ...) NOT-FOR-US: EchoVNC Linux CVE-2008-3706 (SQL injection vulnerability in bannerclick.php in ZEEJOBSITE 2.0 ...) NOT-FOR-US: ZEEJOBSITE CVE-2008-3707 (Multiple PHP remote file inclusion vulnerabilities in CyBoards PHP ...) NOT-FOR-US: CyBoards PHP Lite CVE-2008-3708 (Multiple directory traversal vulnerabilities in dotCMS 1.6.0.9 allow ...) NOT-FOR-US: dotCMS CVE-2008-3709 (Multiple cross-site scripting (XSS) vulnerabilities in CyBoards PHP ...) NOT-FOR-US: CyBoards PHP Lite CVE-2008-3710 (Multiple directory traversal vulnerabilities in CyBoards PHP Lite 1.21 ...) NOT-FOR-US: CyBoards PHP Lite CVE-2008-3711 (SQL injection vulnerability in index.php in PHPArcadeScript (PHP ...) NOT-FOR-US: PHPArcadeScript PHP Arcade Script CVE-2008-3712 (Multiple cross-site scripting (XSS) vulnerabilities in Mambo 4.6.2 and ...) BUG: 203084 CVE-2008-3713 (SQL injection vulnerability in product.php in PHPBasket allows remote ...) NOT-FOR-US: PHPBasket CVE-2008-3714 (Cross-site scripting (XSS) vulnerability in awstats.pl in AWStats 6.8 ...) BUG: 235225 CVE-2008-3715 (Cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: FlexCMS CVE-2008-3716 (Cross-site request forgery (CSRF) vulnerability in Harmoni before ...) NOT-FOR-US: Harmoni CVE-2008-3717 (Harmoni before 1.6.0 does not require administrative privileges to ...) NOT-FOR-US: Harmoni CVE-2008-3718 (Multiple SQL injection vulnerabilities in cyberBB 0.6 allow remote ...) NOT-FOR-US: cyberBB CVE-2008-3719 (SQL injection vulnerability in directory.php in SFS Affiliate ...) NOT-FOR-US: SFS CVE-2008-3720 (SQL injection vulnerability in index.php in DeeEmm CMS (DMCMS) 0.7.4 ...) NOT-FOR-US: DeeEmm CMS DMCMS CVE-2008-3721 (PHP remote file inclusion vulnerability in user_language.php in DeeEmm ...) NOT-FOR-US: DeeEmm CMS DMCMS CVE-2008-3722 (SQL injection vulnerability in forum/neu.asp in fipsCMS 2.1 allows ...) NOT-FOR-US: fipsCMS CVE-2008-3723 (Directory traversal vulnerability in index.php in PHPizabi 0.848b C1 ...) NOT-FOR-US: PHPizabi CVE-2008-3724 (SQL injection vulnerability in index.php in Papoo before 3.7.2 allows ...) NOT-FOR-US: Papoo CVE-2008-3725 (SQL injection vulnerability in trr.php in YourFreeWorld Ad Board ...) NOT-FOR-US: YourFreeWorld CVE-2008-3726 (Cross-site scripting (XSS) vulnerability in Web Based Administration ...) NOT-FOR-US: Web Based Administration in MicroWorld Technologies MailScan CVE-2008-3727 (Directory traversal vulnerability in Web Based Administration in ...) NOT-FOR-US: Web Based Administration in MicroWorld Technologies MailScan CVE-2008-3728 (Web Based Administration in MicroWorld Technologies MailScan 5.6.a ...) NOT-FOR-US: MicroWorld Technologies MailScan CVE-2008-3729 (Web Based Administration in MicroWorld Technologies MailScan 5.6.a ...) NOT-FOR-US: MicroWorld Technologies MailScan CVE-2008-3730 (Cross-site scripting (XSS) vulnerability in Nordicwind Document ...) NOT-FOR-US: Nordicwind Document Management System NOAH CVE-2008-3731 (Unspecified vulnerability in Serv-U File Server 7.0.0.1, and other ...) NOT-FOR-US: Serv U File Server CVE-2008-3732 (Integer overflow in the Open function in modules/demux/tta.c in VLC ...) BUG: 235238 CVE-2008-3733 (Stack-based buffer overflow in EO Video (eo-video) 1.36 allows remote ...) NOT-FOR-US: EO Video eo video CVE-2008-3734 (Format string vulnerability in Ipswitch WS_FTP Home 2007.0.0.2 and ...) NOT-FOR-US: Ipswitch WS_FTP Home CVE-2008-3735 (Cross-site scripting (XSS) vulnerability in index.php in PHPizabi ...) NOT-FOR-US: PHPizabi CVE-2008-3736 (Multiple cross-site request forgery (CSRF) vulnerabilities in (1) ...) NOT-FOR-US: spacetag lacoodast CVE-2008-3737 (Unspecified vulnerability in (1) System Consultants La!Cooda WIZ 1.4.0 ...) NOT-FOR-US: spacetag lacoodast CVE-2008-3738 (Session fixation vulnerability in SpaceTag LacoodaST 2.1.3 and earlier ...) NOT-FOR-US: spacetag lacoodast CVE-2008-3739 (Cross-site scripting (XSS) vulnerability in (1) System Consultants ...) NOT-FOR-US: spacetag lacoodast CVE-2008-3740 (Cross-site scripting (XSS) vulnerability in the output filter in ...) BUG: 234714 CVE-2008-3741 (The private filesystem in Drupal 5.x before 5.10 and 6.x before 6.4 ...) BUG: 234714 CVE-2008-3742 (Unrestricted file upload vulnerability in the BlogAPI module in Drupal ...) BUG: 234714 CVE-2008-3743 (Multiple cross-site request forgery (CSRF) vulnerabilities in forms in ...) BUG: 234714 CVE-2008-3744 (Multiple cross-site request forgery (CSRF) vulnerabilities in Drupal ...) BUG: 234714 CVE-2008-3745 (The Upload module in Drupal 6.x before 6.4 allows remote authenticated ...) BUG: 234714 CVE-2008-3746 (neon 0.28.0 through 0.28.2 allows remote servers to cause a denial of ...) BUG: 234826 CVE-2008-3747 (The (1) get_edit_post_link and (2) get_edit_comment_link functions in ...) BUG: 168529 CVE-2008-3748 (SQL injection vulnerability in view_group.php in Active PHP Bookmarks ...) NOT-FOR-US: lbstone apb CVE-2008-3749 (SQL injection vulnerability in tr.php in YourFreeWorld Banner ...) NOT-FOR-US: YourFreeWorld banner_management_script CVE-2008-3750 (SQL injection vulnerability in tr.php in YourFreeWorld URL Rotator ...) NOT-FOR-US: YourFreeWorld url_rotator_script CVE-2008-3751 (SQL injection vulnerability in tr.php in YourFreeWorld Short Url & Url ...) NOT-FOR-US: YourFreeWorld Short Url and Url Tracker Script CVE-2008-3752 (SQL injection vulnerability in tr.php in YourFreeWorld Ad-Exchange ...) NOT-FOR-US: YourFreeWorld ad exchange_script CVE-2008-3753 (SQL injection vulnerability in details.php in YourFreeWorld Programs ...) NOT-FOR-US: YourFreeWorld programs_rating_script CVE-2008-3754 (SQL injection vulnerability in trl.php in YourFreeWorld Stylish Text ...) NOT-FOR-US: YourFreeWorld Stylish Text Ads Script CVE-2008-3755 (SQL injection vulnerability in view.php in YourFreeWorld Classifieds ...) NOT-FOR-US: YourFreeWorld classifieds CVE-2008-3756 (SQL injection vulnerability in tr.php in YourFreeWorld Viral Marketing ...) NOT-FOR-US: YourFreeWorld viral_marketing_script CVE-2008-3757 (SQL injection vulnerability in tr1.php in YourFreeWorld Forced Matrix ...) NOT-FOR-US: YourFreeWorld forced_matrix_script CVE-2008-3758 (Multiple cross-site scripting (XSS) vulnerabilities in Lussumo Vanilla ...) NOT-FOR-US: Lussumo Vanilla CVE-2008-3759 (Cross-site request forgery (CSRF) vulnerability in ...) NOT-FOR-US: Lussumo Vanilla CVE-2008-3760 (Cross-site request forgery (CSRF) vulnerability in the sign-out page ...) NOT-FOR-US: Lussumo Vanilla CVE-2008-3761 (hcmon.sys in VMware Workstation 6.5.1 and earlier, VMware Player 2.5.1 ...) NOT-FOR-US: hcmon.sys in VMware Workstation CVE-2008-3762 (SQL injection vulnerability in onlinestatus_html.php in Turnkey PHP ...) NOT-FOR-US: turnkeywebtools php_live_helper CVE-2008-3763 (Variable overwrite vulnerability in libsecure.php in Turnkey PHP Live ...) NOT-FOR-US: turnkeywebtools php_live_helper CVE-2008-3764 (Eval injection vulnerability in globalsoff.php in Turnkey PHP Live ...) NOT-FOR-US: turnkeywebtools php_live_helper CVE-2008-3765 (SQL injection vulnerability in code.php in Quick Poll Script allows ...) NOT-FOR-US: discountedscripts quick_poll_script CVE-2008-3766 (Realtime Internet Band Rehearsal Low-Latency (Internet) Connection ...) NOT-FOR-US: Realtime Internet Band Rehearsal Low-Latency CVE-2008-3767 (SQL injection vulnerability in classified.php in phpBazar 2.0.2 allows ...) NOT-FOR-US: phpBazar CVE-2008-3768 (Multiple SQL injection vulnerabilities in class.ajax.php in Turnkey ...) NOT-FOR-US: Turnkey Web Tools SunShop Shopping Cart CVE-2008-3769 (PHP remote file inclusion vulnerability in admin/create_order_new.php ...) NOT-FOR-US: Freeway CVE-2008-3770 (Multiple directory traversal vulnerabilities in Freeway 1.4.1.171, ...) NOT-FOR-US: Freeway CVE-2008-3771 (Cross-site scripting (XSS) vulnerability in members.php in Pars4u ...) NOT-FOR-US: Pars4u CVE-2008-3772 (SQL injection vulnerability in categories_portal.php in Pars4u ...) NOT-FOR-US: Pars4u CVE-2008-3773 (Cross-site scripting (XSS) vulnerability in vBulletin 3.7.2 PL1 and ...) NOT-FOR-US: vBulletin CVE-2008-3774 (SQL injection vulnerability in index.php in Simasy CMS allows remote ...) NOT-FOR-US: Simasy CVE-2008-3775 (Folder Lock 5.9.5 and earlier uses weak encryption (ROT-25) for the ...) NOT-FOR-US: Folder Lock CVE-2008-3776 (Directory traversal vulnerability in Fujitsu Web-Based Admin View ...) NOT-FOR-US: Fujitsu web_based_admin_view CVE-2008-3777 (The SIP Enablement Services (SES) Server in Avaya SIP Enablement ...) NOT-FOR-US: Avaya SIP Enablement Services CVE-2008-3778 (The remote management interface in SIP Enablement Services (SES) ...) NOT-FOR-US: Avaya SIP Enablement Services CVE-2008-3779 (Cross-site scripting (XSS) vulnerability in search/index.php in Five ...) NOT-FOR-US: review script five_star_review_script CVE-2008-3780 (SQL injection vulnerability in recommend.php in Five Star Review ...) NOT-FOR-US: review script five_star_review_script CVE-2008-3781 (Cross-site scripting (XSS) vulnerability in GMOD GBrowse before 1.69 ...) NOT-FOR-US: gmod gbrowse CVE-2008-3782 (Multiple cross-site scripting (XSS) vulnerabilities in admin/index.php ...) NOT-FOR-US: discountedscripts acg_ptp CVE-2008-3783 (Multiple SQL injection vulnerabilities in index.php in Matterdaddy ...) NOT-FOR-US: matterdaddy_market CVE-2008-3784 (SQL injection vulnerability in scrape.php in BtiTracker 1.4.7 and ...) NOT-FOR-US: btiteam btitracker CVE-2008-3785 (Multiple SQL injection vulnerabilities in the com_content component in ...) NOT-FOR-US: miacms com_component CVE-2008-3786 (Cross-site scripting (XSS) vulnerability in index.php in PICTURESPRO ...) NOT-FOR-US: PicturesPro Photo Cart CVE-2008-3787 (SQL injection vulnerability in listing_view.php in Web Directory ...) NOT-FOR-US: nullscripts web_directory_script CVE-2008-3788 (Multiple SQL injection vulnerabilities in PICTURESPRO Photo Cart 3.9, ...) NOT-FOR-US: PicturesPro Photo Cart CVE-2008-3789 (Samba 3.2.0 uses weak permissions (0666) for the (1) group_mapping.tdb ...) NOT-FOR-US: Obsolete NOTE: mailed maintainer for feedback CVE-2008-3790 (The REXML module in Ruby 1.8.6 through 1.8.6-p287, 1.8.7 through ...) BUG: 236060 CVE-2008-3791 (src/main-win.c in GPicView 0.1.9 in Lightweight X11 Desktop ...) BUG: 236525 CVE-2008-3792 (net/sctp/socket.c in the Stream Control Transmission Protocol (sctp) ...) BUG: 237475 CVE-2008-3793 RESERVED CVE-2008-3794 (Integer signedness error in the mms_ReceiveCommand function in ...) BUG: 235589 CVE-2008-3795 (Buffer overflow in Ipswitch WS_FTP Home client allows remote FTP ...) NOT-FOR-US: Ipswitch ws_ftp_home CVE-2008-3796 (Swfdec 0.6 before 0.6.8 allows remote attackers to cause a denial of ...) NOTE: client-application crash CVE-2008-3797 RESERVED CVE-2008-3798 (Cisco IOS 12.4 allows remote attackers to cause a denial of service ...) NOT-FOR-US: Cisco IOS 12.4 CVE-2008-3799 (Memory leak in the Session Initiation Protocol (SIP) implementation in ...) NOT-FOR-US: Session Initiation Protocol SIP implementation in Cisco IOS CVE-2008-3800 (Unspecified vulnerability in the Session Initiation Protocol (SIP) ...) NOT-FOR-US: Session Initiation Protocol SIP implementation in Cisco IOS CVE-2008-3801 (Unspecified vulnerability in the Session Initiation Protocol (SIP) ...) NOT-FOR-US: Session Initiation Protocol SIP implementation in Cisco IOS CVE-2008-3802 (Unspecified vulnerability in the Session Initiation Protocol (SIP) ...) NOT-FOR-US: Session Initiation Protocol SIP implementation in Cisco IOS CVE-2008-3803 (A "logic error" in Cisco IOS 12.0 through 12.4, when a Multiprotocol ...) NOT-FOR-US: Cisco IOS CVE-2008-3804 (Unspecified vulnerability in the Multi Protocol Label Switching (MPLS) ...) NOT-FOR-US: Multi Protocol Label Switching MPLS Forwarding Infrastructure MFI in Cisco IOS CVE-2008-3805 (Cisco IOS 12.0 through 12.4 on Cisco 10000, uBR10012 and uBR7200 ...) NOT-FOR-US: Cisco IOS CVE-2008-3806 (Cisco IOS 12.0 through 12.4 on Cisco 10000, uBR10012 and uBR7200 ...) NOT-FOR-US: Cisco IOS CVE-2008-3807 (Cisco IOS 12.2 and 12.3 on Cisco uBR10012 series devices, when ...) NOT-FOR-US: Cisco IOS CVE-2008-3808 (Unspecified vulnerability in Cisco IOS 12.0 through 12.4 allows remote ...) NOT-FOR-US: Cisco IOS CVE-2008-3809 (Cisco IOS 12.0 through 12.4 on Gigabit Switch Router (GSR) devices ...) NOT-FOR-US: Cisco IOS CVE-2008-3810 (Cisco IOS 12.2 and 12.4, when NAT Skinny Call Control Protocol (SCCP) ...) NOT-FOR-US: Cisco IOS CVE-2008-3811 (Cisco IOS 12.2 and 12.4, when NAT Skinny Call Control Protocol (SCCP) ...) NOT-FOR-US: Cisco IOS CVE-2008-3812 (Cisco IOS 12.4, when IOS firewall Application Inspection Control (AIC) ...) NOT-FOR-US: Cisco IOS CVE-2008-3813 (Unspecified vulnerability in Cisco IOS 12.2 and 12.4, when the L2TP ...) NOT-FOR-US: Cisco IOS CVE-2008-3814 (Unspecified vulnerability in Cisco Unity 4.x before 4.2(1)ES161, 5.x ...) NOT-FOR-US: Cisco Unity CVE-2008-3815 (Unspecified vulnerability in Cisco Adaptive Security Appliances (ASA) ...) NOT-FOR-US: Cisco Adaptive Security Appliances ASA CVE-2008-3816 (Unspecified vulnerability in Cisco Adaptive Security Appliances (ASA) ...) NOT-FOR-US: Cisco Adaptive Security Appliances ASA CVE-2008-3817 (Memory leak in Cisco Adaptive Security Appliances (ASA) 5500 Series ...) NOT-FOR-US: Cisco Adaptive Security Appliances ASA CVE-2008-3818 (Cisco ONS 15310-CL, 15310-MA, 15327, 15454, 15454 SDH, and 15600 with ...) NOT-FOR-US: Cisco CVE-2008-3819 (dnsserver in Cisco Application Control Engine Global Site Selector ...) NOT-FOR-US: cisco gss_4492r_global_site_selector CVE-2008-3820 (Cisco Security Manager 3.1 and 3.2 before 3.2.2, when Cisco IPS Event ...) NOT-FOR-US: cisco security_manager CVE-2008-3821 (Multiple cross-site scripting (XSS) vulnerabilities in the HTTP server ...) NOT-FOR-US: HTTP server in Cisco IOS CVE-2008-3822 RESERVED CVE-2008-3823 (Cross-site scripting (XSS) vulnerability in MIME/MIME/Contents.php in ...) BUG: 237362 CVE-2008-3824 (Cross-site scripting (XSS) vulnerability in (1) ...) BUG: 237362 CVE-2008-3825 (pam_krb5 2.2.14 in Red Hat Enterprise Linux (RHEL) 5 and earlier, when ...) BUG: 238130 CVE-2008-3826 (Unspecified vulnerability in Condor before 7.0.5 allows attackers to ...) NOT-FOR-US: Condor CVE-2008-3827 (Multiple integer underflows in the Real demuxer (demux_real.c) in ...) BUG: 239130 CVE-2008-3828 (Stack-based buffer overflow in the condor_ schedd daemon in Condor ...) NOT-FOR-US: condor_ schedd daemon in Condor CVE-2008-3829 (Unspecified vulnerability in the condor_ schedd daemon in Condor ...) NOT-FOR-US: condor_ schedd daemon in Condor CVE-2008-3830 (Condor before 7.0.5 does not properly handle when the configuration ...) NOT-FOR-US: allow CVE-2008-3831 (The i915 driver in (1) drivers/char/drm/i915_dma.c in the Linux kernel ...) BUG: 243042 CVE-2008-3832 (A certain Fedora patch for the utrace subsystem in the Linux kernel ...) NOT-FOR-US: Fedora specific CVE-2008-3833 (The generic_file_splice_write function in fs/splice.c in the Linux ...) BUG: 245013 CVE-2008-3834 (The dbus_signature_validate function in the D-bus library (libdbus) ...) BUG: 240308 CVE-2008-3835 (The nsXMLDocument::OnChannelRedirect function in Mozilla Firefox ...) BUG: 238535 CVE-2008-3836 (feedWriter in Mozilla Firefox before 2.0.0.17 allows remote attackers ...) BUG: 238535 CVE-2008-3837 (Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, and SeaMonkey ...) BUG: 238535 CVE-2008-3838 (Unspecified vulnerability in the NFS Remote Procedure Calls (RPC) ...) NOT-FOR-US: Sun Solaris CVE-2008-3839 (Unspecified vulnerability in the NFS module in the kernel in Sun ...) NOT-FOR-US: Sun Solaris CVE-2008-3840 (Crafty Syntax Live Help (CSLH) 2.14.6 and earlier stores passwords in ...) NOT-FOR-US: craftysyntax crafty_syntax_live_help CVE-2008-3841 (Cross-site scripting (XSS) vulnerability in admin/search_links.php in ...) NOT-FOR-US: openfreeway Freeway CVE-2008-3842 (Request Validation (aka the ValidateRequest filters) in ASP.NET in ...) NOT-FOR-US: Microsoft net_framework CVE-2008-3843 (Request Validation (aka the ValidateRequest filters) in ASP.NET in ...) NOT-FOR-US: Microsoft net_framework CVE-2008-3844 (Certain Red Hat Enterprise Linux (RHEL) 4 and 5 packages for OpenSSH, ...) NOT-FOR-US: RedHat rpms CVE-2008-3845 (Multiple SQL injection vulnerabilities in Crafty Syntax Live Help ...) NOT-FOR-US: craftysyntax crafty_syntax_live_help CVE-2008-3846 (Cross-site scripting (XSS) vulnerability in mysql-lists 1.2 and ...) NOT-FOR-US: aquagardensoft mysql lists CVE-2008-3847 (Multiple cross-site scripting (XSS) vulnerabilities in AN Guestbook ...) NOT-FOR-US: aguestbook an_guestbook CVE-2008-3848 (SQL injection vulnerability in single.php in Z-Breaknews 2.0 allows ...) NOT-FOR-US: pdesigner z breaknews CVE-2008-3849 (Cross-site scripting (XSS) vulnerability in the calendar controller in ...) NOT-FOR-US: civic cms CVE-2008-3850 (Cross-site scripting (XSS) vulnerability in Accellion File Transfer ...) NOT-FOR-US: accellion file_transfer_fta CVE-2008-3851 (Multiple directory traversal vulnerabilities in Pluck CMS 4.5.2 on ...) NOT-FOR-US: Pluck CVE-2008-3852 (Unspecified vulnerability in the CLR stored procedure deployment from ...) NOT-FOR-US: IBM DB2 Universal Database CVE-2008-3853 (Buffer overflow in the DAS server program in the Core DAS function ...) NOT-FOR-US: IBM DB2 CVE-2008-3854 (Multiple stack-based buffer overflows in IBM DB2 9.1 before Fixpak 5 ...) NOT-FOR-US: IBM DB2 CVE-2008-3855 (Unspecified vulnerability in the DB2 Administration Server (DAS) in ...) NOT-FOR-US: IBM DB2 CVE-2008-3856 (The routine infrastructure component in IBM DB2 8 before FP17, 9.1 ...) NOT-FOR-US: IBM DB2 CVE-2008-3857 (The Base Service Utilities component in IBM DB2 9.1 before Fixpak 5 ...) NOT-FOR-US: IBM DB2 CVE-2008-3858 (The Downlevel DB2RA Support component in IBM DB2 9.1 before Fixpak 4a ...) NOT-FOR-US: IBM DB2 CVE-2008-3859 (Davlin Thickbox Gallery 2 allows remote attackers to obtain the ...) NOT-FOR-US: davlin thickbox_gallery CVE-2008-3860 (Multiple cross-site scripting (XSS) vulnerabilities (1) in the WYSIWYG ...) NOT-FOR-US: IBM Lotus Quickr CVE-2008-3861 (Multiple SQL injection vulnerabilities in phpMyRealty (PMR) 1.0.9 and ...) NOT-FOR-US: phpMyRealty CVE-2008-3862 (Stack-based buffer overflow in CGI programs in the server in Trend ...) NOT-FOR-US: CGI programs in the server in Trend Micro OfficeScan CVE-2008-3863 (Stack-based buffer overflow in the read_special_escape function in ...) BUG: 243228 CVE-2008-3864 (The ApiThread function in the firewall service (aka TmPfw.exe) in ...) NOT-FOR-US: trend_micro officescan CVE-2008-3865 (Multiple heap-based buffer overflows in the ApiThread function in the ...) NOT-FOR-US: trend_micro officescan CVE-2008-3866 (The Trend Micro Personal Firewall service (aka TmPfw.exe) in Trend ...) NOT-FOR-US: trend_micro officescan CVE-2008-3867 (SQL injection vulnerability in spaces/emailuser.php in Interact 2.4.1 ...) NOT-FOR-US: cce interact interact CVE-2008-3868 (Cross-site request forgery (CSRF) vulnerability in Interact 2.4.1 ...) NOT-FOR-US: cce interact interact CVE-2008-3869 (Heap-based buffer overflow in sadmind in Sun Solaris 8 and 9 allows ...) NOT-FOR-US: sun solaris CVE-2008-3870 (Integer overflow in sadmind in Sun Solaris 8 and 9 allows remote ...) NOT-FOR-US: sun solaris CVE-2008-3871 (Multiple format string vulnerabilities in UltraISO 9.3.1.2633, and ...) NOT-FOR-US: ezbsystems ultraiso CVE-2008-3872 (Adobe Flash Player 8.0.39.0 and earlier, and 9.x up to 9.0.115.0, ...) NOT-FOR-US: obsolete, we have 9.0.124.0 in the tree for months CVE-2008-3873 (The System.setClipboard method in ActionScript in Adobe Flash Player ...) BUG: 239543 CVE-2008-3874 (Cross-site scripting (XSS) vulnerability in account.php in Lussumo ...) NOT-FOR-US: Lussumo Vanilla CVE-2008-3875 (The kernel in Sun Solaris 8 through 10 and OpenSolaris before snv_90 ...) NOT-FOR-US: Sun Solaris CVE-2008-3876 (Apple iPhone 2.0.2, in some configurations, allows physically ...) NOT-FOR-US: Apple iPhone CVE-2008-3877 (Stack-based buffer overflow in Acoustica Mixcraft 4.1 Build 96 and 4.2 ...) NOT-FOR-US: Acoustica mixcraft CVE-2008-3878 (Stack-based buffer overflow in the Ultra.OfficeControl ActiveX control ...) NOT-FOR-US: ultrashareware ultra_office_control CVE-2008-3879 (The Ultra.OfficeControl ActiveX control in OfficeCtrl.ocx 2.0.2008.801 ...) NOT-FOR-US: ultrashareware ultra_office_control CVE-2008-3880 (SQL injection vulnerability in zm_html_view_event.php in ZoneMinder ...) BUG: 236517 CVE-2008-3881 (Multiple cross-site scripting (XSS) vulnerabilities in ZoneMinder ...) BUG: 236517 CVE-2008-3882 (Unspecified "Command Injection" vulnerability in ZoneMinder 1.23.3 and ...) BUG: 236517 CVE-2008-3883 (configvar in Caudium 1.4.12 allows local users to overwrite arbitrary ...) NOT-FOR-US: caudium CVE-2008-3884 (Cross-site scripting (XSS) vulnerability in Blogn (BURO GUN) 1.9.7 and ...) NOT-FOR-US: Blogn CVE-2008-3885 (Cross-site request forgery (CSRF) vulnerability in Blogn (BURO GUN) ...) NOT-FOR-US: Blogn CVE-2008-3886 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) BUG: 236518 CVE-2008-3887 (Multiple SQL injection vulnerabilities in index.php in dotProject ...) BUG: 236518 CVE-2008-3888 (SQL injection vulnerability in members.asp in Mini-NUKE Freehost 2.3 ...) NOT-FOR-US: Aspindir mini_nuke_freehost CVE-2008-3889 (Postfix 2.4 before 2.4.9, 2.5 before 2.5.5, and 2.6 before ...) BUG: 236453 CVE-2008-3890 (The kernel in FreeBSD 6.3 through 7.0 on amd64 platforms can make an ...) NOT-FOR-US: we only have freebsd-sources < 6.3 in tree CVE-2008-3891 (The SAML Single Sign-On (SSO) Service for Google Apps allows remote ...) NOT-FOR-US: Google Apps CVE-2008-3892 (Buffer overflow in a certain ActiveX control in the COM API in VMware ...) NOT-FOR-US: ActiveX control in the COM API in VMware CVE-2008-3893 (Microsoft Bitlocker in Windows Vista before SP1 stores pre-boot ...) NOT-FOR-US: microsoft windows_vista CVE-2008-3894 (IBM Lenovo firmware 7CETB5WW 2.05 stores pre-boot authentication ...) NOT-FOR-US: ibm lenovo_7cetb5ww CVE-2008-3895 (LILO 22.6.1 and earlier stores pre-boot authentication passwords in ...) NOT-FOR-US: sys-boot/lilo-22.8-r2 in tree CVE-2008-3896 (Grub Legacy 0.97 and earlier stores pre-boot authentication passwords ...) BUG: 239547 NOTE: mailed devs CVE-2008-3897 (DiskCryptor 0.2.6 on Windows stores pre-boot authentication passwords ...) NOT-FOR-US: freed0m disckcryptor CVE-2008-3898 (Secu Star DriveCrypt Plus Pack 3.9 stores pre-boot authentication ...) NOT-FOR-US: secustar drivecrypt_plus_pack CVE-2008-3899 (TrueCrypt 5.0 stores pre-boot authentication passwords in the BIOS ...) NOTE: Upstream denies security impact. CVE-2008-3900 (Intel firmware PE94510M.86A.0050.2007.0710.1559 stores pre-boot ...) NOT-FOR-US: intel bios CVE-2008-3901 (Software suspend 2 2-2.2.1, when used with the Linux kernel 2.6.16, ...) NOT-FOR-US: suspend2 software_suspend_2 CVE-2008-3902 (HP firmware 68DTT F.0D stores pre-boot authentication passwords in the ...) NOT-FOR-US: hp 68dtt CVE-2008-3903 (Asterisk Open Source 1.2.x before 1.2.32, 1.4.x before 1.4.24.1, and ...) BUG: 237476 CVE-2008-3904 (src/main-win.c in GPicView 0.1.9 in Lightweight X11 Desktop ...) BUG: 236525 CVE-2008-3905 (resolv.rb in Ruby 1.8.5 and earlier, 1.8.6 before 1.8.6-p287, 1.8.7 ...) BUG: 225465 CVE-2008-3906 (CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows ...) BUG: 233562 CVE-2008-3907 (The open-in-browser command in newsbeuter before 1.1 allows remote ...) BUG: 236506 CVE-2008-3908 (Multiple buffer overflows in Princeton WordNet (wn) 3.0 allow ...) BUG: 211491 CVE-2008-3909 (The administration application in Django 0.91, 0.95, and 0.96 stores ...) BUG: 236527 CVE-2008-3910 (dns2tcp before 0.4.1 does not properly handle negative values in a ...) NOT-FOR-US: hsc dns2tcp CVE-2008-3911 (The proc_do_xprt function in net/sunrpc/sysctl.c in the Linux kernel ...) BUG: 237477 CVE-2008-3912 (libclamav in ClamAV before 0.94 allows attackers to cause a denial of ...) BUG: 236665 CVE-2008-3913 (Multiple memory leaks in freshclam/manager.c in ClamAV before 0.94 ...) BUG: 236665 CVE-2008-3914 (Multiple unspecified vulnerabilities in ClamAV before 0.94 have ...) BUG: 236665 CVE-2008-3915 (Buffer overflow in nfsd in the Linux kernel before 2.6.26.4, when ...) BUG: 237479 CVE-2008-3916 (Heap-based buffer overflow in the strip_escapes function in signal.c ...) BUG: 236521 CVE-2008-3917 (Cross-site scripting (XSS) vulnerability in index.php in Ovidentia ...) NOT-FOR-US: ovidentia CVE-2008-3918 (SQL injection vulnerability in index.php in Ovidentia 6.6.5 allows ...) NOT-FOR-US: ovidentia CVE-2008-3919 (Unspecified vulnerability in multiple JustSystems Ichitaro products ...) NOT-FOR-US: JustSystems Ichitaro CVE-2008-3920 (Unspecified vulnerability in BitlBee before 1.2.2 allows remote ...) BUG: 236160 CVE-2008-3921 (Multiple cross-site scripting (XSS) vulnerabilities in AWStats Totals ...) NOT-FOR-US: telartis_bv awstats_totals CVE-2008-3922 (awstatstotals.php in AWStats Totals 1.0 through 1.14 allows remote ...) NOT-FOR-US: telartis_bv awstats_totals CVE-2008-3923 (Multiple cross-site scripting (XSS) vulnerabilities in statistics.php ...) NOT-FOR-US: hans_oesterholt cmme CVE-2008-3924 (The "Make a backup" functionality in Content Management Made Easy ...) NOT-FOR-US: hans_oesterholt cmme CVE-2008-3925 (Cross-site request forgery (CSRF) vulnerability in admin.php in ...) NOT-FOR-US: hans_oesterholt cmme CVE-2008-3926 (Multiple directory traversal vulnerabilities in Content Management ...) NOT-FOR-US: hans_oesterholt cmme CVE-2008-3927 (genmsgidx in Tiger 3.2.2 allows local users to overwrite or delete ...) NOT-FOR-US: tiger CVE-2008-3928 (test.sh in Honeyd 1.5c might allow local users to overwrite arbitrary ...) BUG: 237481 CVE-2008-3929 (gather-messages.sh in Ampache 3.4.1 allows local users to overwrite ...) BUG: 237483 CVE-2008-3930 (migrate_aliases.sh in Citadel Server 7.37 allows local users to ...) NOT-FOR-US: Citadel CVE-2008-3931 (javareconf in R 2.7.2 allows local users to overwrite arbitrary files ...) BUG: 235822 CVE-2008-3932 (Wireshark (formerly Ethereal) 0.9.7 through 1.0.2 allows attackers to ...) BUG: 236515 CVE-2008-3933 (Wireshark (formerly Ethereal) 0.10.14 through 1.0.2 allows attackers ...) BUG: 236515 CVE-2008-3934 (Unspecified vulnerability in Wireshark (formerly Ethereal) 0.99.6 ...) BUG: 236515 CVE-2008-3935 (Cross-site scripting (XSS) vulnerability in DIC shop_v50 3.0 and ...) NOT-FOR-US: d ic shop_v52 CVE-2008-3936 (The web interface in Dreambox DM500C allows remote attackers to cause ...) NOT-FOR-US: Dreambox CVE-2008-3937 (Multiple cross-site scripting (XSS) vulnerabilities in Open Media ...) NOT-FOR-US: opendb CVE-2008-3938 (Cross-site request forgery (CSRF) vulnerability in user_admin.php in ...) NOT-FOR-US: opendb CVE-2008-3939 (Directory traversal vulnerability in the web interface in AVTECH PageR ...) NOT-FOR-US: avtech pager_enterprise CVE-2008-3940 (Format string vulnerability in the finger client in HP TCP/IP Services ...) NOT-FOR-US: hp openvms CVE-2008-3941 (Cross-site scripting (XSS) vulnerability in BizDirectory 2.04 and ...) NOT-FOR-US: bizdirectory CVE-2008-3942 (SQL injection vulnerability in landsee.php in Full PHP Emlak Script ...) NOT-FOR-US: Full PHP Emlak Script CVE-2008-3943 (SQL injection vulnerability in listtest.php in eZoneScripts Living ...) NOT-FOR-US: ezonescripts living_local CVE-2008-3944 (SQL injection vulnerability in index.php in ACG-PTP 1.0.6 allows ...) NOT-FOR-US: discountedscripts acg_ptp CVE-2008-3945 (SQL injection vulnerability in index.php in Words tag 1.2 allows ...) NOT-FOR-US: source_workshop words_tag_script CVE-2008-3946 (The finger client in HP TCP/IP Services for OpenVMS 5.x allows local ...) NOT-FOR-US: hp openvms CVE-2008-3947 (DCL (aka the CLI) in OpenVMS Alpha 8.3 allows local users to gain ...) NOT-FOR-US: hp openvms CVE-2008-3948 (SQL injection vulnerability in admin/users/self-2.php in XRMS allows ...) BUG: 235005 CVE-2008-3949 (emacs/lisp/progmodes/python.el in Emacs 22.1 and 22.2 imports Python ...) BUG: 236498 CVE-2008-3950 (Off-by-one error in the ...) NOT-FOR-US: Safari in Apple iPhone CVE-2008-3951 (SQL injection vulnerability in view_ann.php in Vastal I-Tech Agent ...) NOT-FOR-US: Vastal CVE-2008-3952 (SQL injection vulnerability in questions.php in EsFaq 2.0 allows ...) NOT-FOR-US: EsFaq CVE-2008-3953 (SQL injection vulnerability in keyword_search_action.php in Vastal ...) NOT-FOR-US: vastal shaadi_zone CVE-2008-3954 (SQL injection vulnerability in index.php in AlstraSoft Forum Pay Per ...) NOT-FOR-US: AlstraSoft CVE-2008-3955 (SQL injection vulnerability in index.php in Masir Camp E-Shop Module ...) NOT-FOR-US: masir_camp e shop_module CVE-2008-3956 (orgchart.exe in Microsoft Organization Chart 2.00 allows user-assisted ...) NOT-FOR-US: microsoft organization_chart CVE-2008-3957 (The Microsoft Windows Image Acquisition Logger ActiveX control allows ...) NOT-FOR-US: Microsoft Windows Image Acquisition Logger CVE-2008-3958 (IBM DB2 UDB 8 before Fixpak 17 allows remote attackers to cause a ...) NOT-FOR-US: ibm db2 CVE-2008-3959 (IBM DB2 UDB 8.1 before FixPak 16, 8.2 before FixPak 9, and 9.1 before ...) NOT-FOR-US: ibm db2 CVE-2008-3960 (Unspecified vulnerability in the JDBC Applet Server Service (aka ...) NOT-FOR-US: ibm db2_universal_database CVE-2008-3961 (Multiple unspecified vulnerabilities in Adobe Illustrator CS2 on ...) NOT-FOR-US: adobe illustrator CVE-2008-3962 (The from_format function in ssmtp.c in ssmtp 2.61 and 2.62, in certain ...) BUG: 234391 CVE-2008-3963 (MySQL 5.0 before 5.0.66, 5.1 before 5.1.26, and 6.0 before 6.0.6 does ...) BUG: 237166 CVE-2008-3964 (Multiple off-by-one errors in libpng before 1.2.32beta01, and 1.4 ...) BUG: 237175 CVE-2008-3965 (SQL injection vulnerability in misc.php in MyBB (aka MyBulletinBoard) ...) NOT-FOR-US: MyBB aka MyBulletinBoard CVE-2008-3966 (Multiple cross-site scripting (XSS) vulnerabilities in MyBB (aka ...) NOT-FOR-US: MyBB aka MyBulletinBoard CVE-2008-3967 (moderation.php in MyBB (aka MyBulletinBoard) before 1.4.1 does not ...) NOT-FOR-US: MyBB aka MyBulletinBoard CVE-2008-3968 (Cross-site scripting (XSS) vulnerability in userlist.php in PunBB ...) NOT-FOR-US: PunBB CVE-2008-3969 (Multiple unspecified vulnerabilities in BitlBee before 1.2.3 allow ...) BUG: 236160 CVE-2008-3970 (pam_mount 0.10 through 0.45, when luserconf is enabled, does not ...) BUG: 237093 CVE-2008-3971 (Heap-based buffer overflow in the open_man_file function in ...) NOT-FOR-US: gmanedit CVE-2008-3972 (pkcs15-tool in OpenSC before 0.11.6 does not apply security updates to ...) BUG: 233543 CVE-2008-3973 (Unspecified vulnerability in the SQL*Plus Windows GUI component in ...) NOT-FOR-US: SQL Plus CVE-2008-3974 (Unspecified vulnerability in the Oracle OLAP component in Oracle ...) NOT-FOR-US: Oracle OLAP component in Oracle Database CVE-2008-3975 (Unspecified vulnerability in the Oracle Portal component in Oracle ...) NOT-FOR-US: oracle application_server CVE-2008-3976 (Unspecified vulnerability in the Oracle Spatial component in Oracle ...) NOT-FOR-US: oracle database_9i CVE-2008-3977 (Unspecified vulnerability in the Oracle Portal component in Oracle ...) NOT-FOR-US: oracle application_server CVE-2008-3978 (Unspecified vulnerability in the Oracle Spatial component in Oracle ...) NOT-FOR-US: Oracle Spatial component in Oracle Database CVE-2008-3979 (Unspecified vulnerability in the Oracle Spatial component in Oracle ...) NOT-FOR-US: Oracle Spatial component in Oracle Database CVE-2008-3980 (Unspecified vulnerability in the Upgrade component in Oracle Database ...) NOT-FOR-US: oracle database_10g CVE-2008-3981 (Unspecified vulnerability in the Oracle Secure Backup component in ...) NOT-FOR-US: Oracle Secure Backup component in Oracle Secure Backup CVE-2008-3982 (Unspecified vulnerability in the Workspace Manager component in Oracle ...) NOT-FOR-US: oracle database_9i CVE-2008-3983 (Unspecified vulnerability in the Workspace Manager component in Oracle ...) NOT-FOR-US: oracle database_9i CVE-2008-3984 (Unspecified vulnerability in the Workspace Manager component in Oracle ...) NOT-FOR-US: oracle database_9i CVE-2008-3985 (Unspecified vulnerability in the Oracle Applications Technology Stack ...) NOT-FOR-US: oracle e business_suite CVE-2008-3986 (Unspecified vulnerability in the Oracle Discoverer Administrator ...) NOT-FOR-US: oracle application_server CVE-2008-3987 (Unspecified vulnerability in the Oracle Discoverer Desktop component ...) NOT-FOR-US: oracle application_server CVE-2008-3988 (Unspecified vulnerability in the iSupplier Portal component in Oracle ...) NOT-FOR-US: oracle e business_suite CVE-2008-3989 (Unspecified vulnerability in the Oracle Data Mining component in ...) NOT-FOR-US: oracle database_10g CVE-2008-3990 (Unspecified vulnerability in the Oracle OLAP component in Oracle ...) NOT-FOR-US: oracle database_9i CVE-2008-3991 (Unspecified vulnerability in the Oracle OLAP component in Oracle ...) NOT-FOR-US: oracle database_9i CVE-2008-3992 (Unspecified vulnerability in the Oracle Data Mining component in ...) NOT-FOR-US: oracle database_10g CVE-2008-3993 (Unspecified vulnerability in the Oracle Applications Framework ...) NOT-FOR-US: oracle e business_suite CVE-2008-3994 (Unspecified vulnerability in the Workspace Manager component in Oracle ...) NOT-FOR-US: oracle database_9i CVE-2008-3995 (Unspecified vulnerability in the Change Data Capture component in ...) NOT-FOR-US: oracle database_11i CVE-2008-3996 (Unspecified vulnerability in the Change Data Capture component in ...) NOT-FOR-US: oracle database_11i CVE-2008-3997 (Unspecified vulnerability in the Oracle OLAP component in Oracle ...) NOT-FOR-US: Oracle OLAP component in Oracle Database CVE-2008-3998 (Unspecified vulnerability in the Oracle iStore component in Oracle ...) NOT-FOR-US: oracle e business_suite CVE-2008-3999 (Unspecified vulnerability in the Oracle OLAP component in Oracle ...) NOT-FOR-US: Oracle OLAP component in Oracle Database CVE-2008-4000 (Unspecified vulnerability in the PeopleTools component in Oracle ...) NOT-FOR-US: oracle peoplesoft_peopletools CVE-2008-4001 (Unspecified vulnerability in the PeopleSoft Enterprise Portal ...) NOT-FOR-US: oracle peoplesoft_enterprise CVE-2008-4002 (Unspecified vulnerability in the PeopleTools component in Oracle ...) NOT-FOR-US: oracle peoplesoft_enterprise CVE-2008-4003 (Unspecified vulnerability in the PeopleTools component in Oracle ...) NOT-FOR-US: oracle peoplesoft_enterprise CVE-2008-4004 (Unspecified vulnerability in the JDE EnterpriseOne Business Service ...) NOT-FOR-US: oracle peoplesoft_enterprise CVE-2008-4005 (Unspecified vulnerability in the Oracle Application Express component ...) NOT-FOR-US: oracle database_11i CVE-2008-4006 (Unspecified vulnerability in the Oracle Secure Backup component in ...) NOT-FOR-US: Oracle Secure Backup component in Oracle Secure Backup CVE-2008-4007 (Unspecified vulnerability in the PeopleSoft Enterprise Components ...) NOT-FOR-US: PeopleSoft Enterprise Components component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne CVE-2008-4008 (Unspecified vulnerability in the WebLogic Server Plugins for Apache ...) NOT-FOR-US: oracle bea_product_suite CVE-2008-4009 (Unspecified vulnerability in the WebLogic Server component in BEA ...) NOT-FOR-US: oracle bea_product_suite CVE-2008-4010 (Unspecified vulnerability in the WebLogic Workshop component in BEA ...) NOT-FOR-US: oracle bea_product_suite CVE-2008-4011 (Unspecified vulnerability in the WebLogic Server component in BEA ...) NOT-FOR-US: oracle bea_product_suite CVE-2008-4012 (Unspecified vulnerability in the WebLogic Workshop component in BEA ...) NOT-FOR-US: oracle weblogic_workshop CVE-2008-4013 (Unspecified vulnerability in the WebLogic Server component in BEA ...) NOT-FOR-US: oracle bea_product_suite CVE-2008-4014 (Unspecified vulnerability in the Oracle BPEL Process Manager component ...) NOT-FOR-US: Oracle CVE-2008-4015 (Unspecified vulnerability in the Oracle Streams component in Oracle ...) NOT-FOR-US: Oracle Streams component in Oracle Database CVE-2008-4016 (Unspecified vulnerability in the Collaborative Workspaces component in ...) NOT-FOR-US: Collaborative Workspaces component in Oracle Collaboration Suite CVE-2008-4017 (Unspecified vulnerability in the OC4J component in Oracle Application ...) NOT-FOR-US: Oracle Application Server CVE-2008-4018 (swcons in bos.rte.console in IBM AIX 5.2.0 through 6.1.1 allows local ...) NOT-FOR-US: IBM AIX CVE-2008-4019 (Integer overflow in the REPT function in Microsoft Excel 2000 SP3, ...) NOT-FOR-US: REPT function in Microsoft Excel CVE-2008-4020 (Cross-site scripting (XSS) vulnerability in Microsoft Office XP SP3 ...) NOT-FOR-US: Microsoft CVE-2008-4021 RESERVED CVE-2008-4022 RESERVED CVE-2008-4023 (Active Directory in Microsoft Windows 2000 SP4 does not properly ...) NOT-FOR-US: Microsoft Windows CVE-2008-4024 (Microsoft Office Word 2000 SP3 and 2002 SP3 and Office 2004 for Mac ...) NOT-FOR-US: Microsoft CVE-2008-4025 (Integer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 ...) NOT-FOR-US: 1 CVE-2008-4026 (Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and ...) NOT-FOR-US: Microsoft CVE-2008-4027 (Double free vulnerability in Microsoft Office Word 2000 SP3, 2002 SP3, ...) NOT-FOR-US: 1 CVE-2008-4028 (Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and ...) NOT-FOR-US: 1 CVE-2008-4029 (Cross-domain vulnerability in Microsoft XML Core Services 3.0 and 4.0, ...) NOT-FOR-US: Microsoft XML Core Services CVE-2008-4030 (Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and ...) NOT-FOR-US: 1 CVE-2008-4031 (Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and ...) NOT-FOR-US: 1 CVE-2008-4032 (Microsoft Office SharePoint Server 2007 Gold and SP1 and Microsoft ...) NOT-FOR-US: context CVE-2008-4033 (Cross-domain vulnerability in Microsoft XML Core Services 3.0 through ...) NOT-FOR-US: Microsoft XML Core Services CVE-2008-4034 RESERVED CVE-2008-4035 RESERVED CVE-2008-4036 (Integer overflow in Memory Manager in Microsoft Windows XP SP2 and ...) NOT-FOR-US: Memory CVE-2008-4037 (Microsoft Windows 2000 Gold through SP4, XP Gold through SP3, Server ...) NOT-FOR-US: Microsoft CVE-2008-4038 (Buffer underflow in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server ...) NOT-FOR-US: Microsoft Windows CVE-2008-4039 (SQL injection vulnerability in index.php in Spice Classifieds allows ...) NOT-FOR-US: Spice Classifieds CVE-2008-4040 (Directory traversal vulnerability in the Kyocera Command Center in ...) NOT-FOR-US: Kyocera Command Center CVE-2008-4041 (The IMAP server in Softalk Mail Server (formerly WorkgroupMail) ...) NOT-FOR-US: softalk_mail_server CVE-2008-4042 REJECTED CVE-2008-4043 (Multiple SQL injection vulnerabilities in AJ Square AJ HYIP Acme allow ...) NOT-FOR-US: aj_square aj_hyip CVE-2008-4044 (SQL injection vulnerability in article/readarticle.php in AJ Square ...) NOT-FOR-US: aj_square aj_hyip CVE-2008-4045 (Multiple cross-site scripting (XSS) vulnerabilities in @Mail 5.42 ...) NOT-FOR-US: mail CVE-2008-4046 (SQL injection vulnerability in index.php in eliteCMS 1.0 allows remote ...) NOT-FOR-US: elitecms CVE-2008-4047 (Unspecified vulnerability in Novell Forum (formerly SiteScape Forum) ...) NOT-FOR-US: novell_forum CVE-2008-4048 (Heap-based buffer overflow in a certain ActiveX control in ...) NOT-FOR-US: friendly_technologies friendly_pppoe_client CVE-2008-4049 (A certain ActiveX control in fwRemoteCfg.dll 3.3.3.1 in Friendly ...) NOT-FOR-US: friendly_technologies friendly_pppoe_client CVE-2008-4050 (A certain ActiveX control in fwRemoteCfg.dll 3.3.3.1 in Friendly ...) NOT-FOR-US: friendly_technologies friendly_pppoe_client CVE-2008-4051 (Cross-site scripting (XSS) vulnerability in surveyresults.asp in Smart ...) NOT-FOR-US: jandus_technologies smart_survey CVE-2008-4052 (Stack-based buffer overflow in SMGSHR.EXE in OpenVMS for Integrity ...) NOT-FOR-US: hp openvms CVE-2008-4053 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) NOT-FOR-US: bluemoon popnupblog CVE-2008-4054 (SQL injection vulnerability in indir.php in Kolifa.net Download Script ...) NOT-FOR-US: kolifa download_script CVE-2008-4055 (SQL injection vulnerability in tops_top.php in Million Pixel Ad Script ...) NOT-FOR-US: Million Pixel Ad Script CVE-2008-4056 (Cross-site scripting (XSS) vulnerability in admin/login.php in ...) NOT-FOR-US: matterdaddy_market CVE-2008-4057 (Unspecified vulnerability in Objective Development Sharity 3 before ...) NOT-FOR-US: objective_development sharity CVE-2008-4058 (The XPConnect component in Mozilla Firefox before 2.0.0.17 and 3.x ...) BUG: 238535 CVE-2008-4059 (The XPConnect component in Mozilla Firefox before 2.0.0.17 allows ...) BUG: 238535 CVE-2008-4060 (Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird ...) BUG: 238535 CVE-2008-4061 (Integer overflow in the MathML component in Mozilla Firefox before ...) BUG: 238535 CVE-2008-4062 (Multiple unspecified vulnerabilities in Mozilla Firefox before ...) BUG: 238535 CVE-2008-4063 (Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before ...) BUG: 238535 CVE-2008-4064 (Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before ...) BUG: 238535 CVE-2008-4065 (Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird ...) BUG: 238535 CVE-2008-4066 (Mozilla Firefox 2.0.0.14, and other versions before 2.0.0.17, allows ...) BUG: 238535 CVE-2008-4067 (Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 ...) BUG: 238535 CVE-2008-4068 (Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 ...) BUG: 238535 CVE-2008-4069 (The XBM decoder in Mozilla Firefox before 2.0.0.17 and SeaMonkey ...) BUG: 238535 CVE-2008-4070 (Heap-based buffer overflow in Mozilla Thunderbird before 2.0.0.17 and ...) BUG: 238535 CVE-2008-4071 (A certain ActiveX control in Adobe Acrobat 9, when used with Microsoft ...) NOT-FOR-US: ActiveX control in Adobe Acrobat 9, CVE-2008-4072 (Multiple SQL injection vulnerabilities in index.php in phsBlog 0.2 ...) NOT-FOR-US: phsdev phsblog CVE-2008-4073 (SQL injection vulnerability in index.php in Zanfi Autodealers CMS ...) NOT-FOR-US: Zanfi CVE-2008-4074 (SQL injection vulnerability in index.php in Zanfi Autodealers CMS ...) NOT-FOR-US: Zanfi CVE-2008-4075 (Directory traversal vulnerability in index.php in D-iscussion Board ...) NOT-FOR-US: dino d iscussion_board CVE-2008-4076 (Cross-site scripting (XSS) vulnerability in (1) Tor World Tor Board ...) NOT-FOR-US: tor_world tor_board CVE-2008-4077 (The CGI scripts in (1) LedgerSMB (LSMB) before 1.2.15 and (2) ...) NOT-FOR-US: sql ledger CVE-2008-4078 (SQL injection vulnerability in the AR/AP transaction report in (1) ...) NOT-FOR-US: sql ledger CVE-2008-4079 (Cross-site scripting (XSS) vulnerability in Movable Type (MT) 4.x ...) NOT-FOR-US: six_apart movable_type CVE-2008-4080 (SQL injection vulnerability in Stash 1.0.3, when magic_quotes_gpc is ...) NOT-FOR-US: stash CVE-2008-4081 (admin/login.php in Stash 1.0.3 allows remote attackers to bypass ...) NOT-FOR-US: stash CVE-2008-4082 (SQL injection vulnerability in the Tasks plugin in Brim 2.0.0, when ...) NOT-FOR-US: brim project brim CVE-2008-4083 (Cross-site scripting (XSS) vulnerability in the Bookmarks plugin in ...) NOT-FOR-US: brim project brim CVE-2008-4084 (SQL injection vulnerability in staticpages/easyclassifields/index.php ...) NOT-FOR-US: myiosoft easyclassifields CVE-2008-4085 (plaiter in Plait before 1.6 allows local users to overwrite arbitrary ...) NOT-FOR-US: stephenjungels plait CVE-2008-4086 (SQL injection vulnerability in index.php in Reciprocal Links Manager ...) NOT-FOR-US: source_workshop reciprocal_links_manager CVE-2008-4087 (Stack-based buffer overflow in Acoustica Beatcraft 1.02 Build 19 ...) NOT-FOR-US: acoustica beatcraft CVE-2008-4088 (SQL injection vulnerability in print.php in myPHPNuke (MPN) before ...) NOT-FOR-US: myphpnuke CVE-2008-4089 (Cross-site scripting (XSS) vulnerability in print.php in myPHPNuke ...) NOT-FOR-US: myphpnuke CVE-2008-4090 (SQL injection vulnerability in index.php in PHP Coupon Script 4.0 ...) NOT-FOR-US: couponscript coupon_script CVE-2008-4091 (SQL injection vulnerability in index.php in Web Directory Script 1.5.3 ...) NOT-FOR-US: source_workshop web_directory_script CVE-2008-4092 (SQL injection vulnerability in printfeature.php in myPHPNuke (MPN) ...) NOT-FOR-US: myphpnuke CVE-2008-4093 (SQL injection vulnerability in memberstats.php in YourOwnBux 3.1 and ...) NOT-FOR-US: yourownbux CVE-2008-4094 (Multiple SQL injection vulnerabilities in Ruby on Rails before 2.1.1 ...) BUG: 239548 CVE-2008-4095 (Multiple unspecified vulnerabilities in the Importer in Flip4Mac WMV ...) NOT-FOR-US: Flip4Mac CVE-2008-4096 (libraries/database_interface.lib.php in phpMyAdmin before 2.11.9.1 ...) BUG: 237782 CVE-2008-4097 (MySQL 5.0.51a allows local users to bypass certain privilege checks by ...) BUG: 238117 CVE-2008-4098 (MySQL before 5.0.67 allows local users to bypass certain privilege ...) BUG: 238117 CVE-2008-4099 (PyDNS (aka python-dns) before 2.3.1-4 in Debian GNU/Linux does not use ...) BUG: 238118 CVE-2008-4100 (GNU adns 1.4 and earlier uses a fixed source port and sequential ...) BUG: 238119 CVE-2008-4101 (Vim 3.0 through 7.x before 7.2.010 does not properly escape ...) BUG: 238120 CVE-2008-4102 (Joomla! 1.5 before 1.5.7 initializes PHP's PRNG with a weak seed, ...) BUG: 237404 CVE-2008-4103 (The mailto (aka com_mailto) component in Joomla! 1.5 before 1.5.7 ...) BUG: 237404 CVE-2008-4104 (Multiple open redirect vulnerabilities in Joomla! 1.5 before 1.5.7 ...) BUG: 237404 CVE-2008-4105 (JRequest in Joomla! 1.5 before 1.5.7 does not sanitize variables that ...) BUG: 237404 CVE-2008-4106 (WordPress before 2.6.2 does not properly handle MySQL warnings about ...) BUG: 237406 CVE-2008-4107 (The (1) rand and (2) mt_rand functions in PHP 5.2.6 do not produce ...) BUG: 235676 CVE-2008-4108 (Tools/faqwiz/move-faqwiz.sh (aka the generic FAQ wizard moving tool) ...) BUG: 238124 CVE-2008-4109 (A certain Debian patch for OpenSSH before 4.3p2-9etch3 on etch; before ...) NOTE: The fix for this went into 4.4 / 4.6, which are long stable CVE-2008-4110 (Buffer overflow in the SQLVDIRLib.SQLVDirControl ActiveX control in ...) NOT-FOR-US: microsoft sql_server CVE-2008-4111 (Unspecified vulnerability in Servlet Engine/Web Container in IBM ...) NOT-FOR-US: Servlet Engine Web Container in IBM WebSphere Application Server WAS CVE-2008-4112 REJECTED CVE-2008-4113 (The sctp_getsockopt_hmac_ident function in net/sctp/socket.c in the ...) BUG: 237959 CVE-2008-4114 (srv.sys in the Server service in Microsoft Windows 2000 SP4, XP SP2 ...) NOT-FOR-US: Microsoft Windows Vista SP1 CVE-2008-4115 (TalkBack 2.3.6 allows remote attackers to obtain configuration ...) NOT-FOR-US: TalkBack CVE-2008-4116 (Buffer overflow in Apple QuickTime 7.5.5 and iTunes 8.0 allows remote ...) NOT-FOR-US: apple quicktime CVE-2008-4117 (Unspecified vulnerability in a web page in the PRM module in Sun ...) NOT-FOR-US: sun management_center CVE-2008-4118 (Cross-site scripting (XSS) vulnerability in High Norm Sound Master 2nd ...) NOT-FOR-US: high_norm sound_master_2nd CVE-2008-4119 (Multiple cross-site scripting (XSS) vulnerabilities in CA Service Desk ...) NOT-FOR-US: CA Service Desk CVE-2008-4120 (Multiple cross-site scripting (XSS) vulnerabilities in FlatPress 0.804 ...) NOT-FOR-US: flatpress CVE-2008-4121 (Multiple cross-site scripting (XSS) vulnerabilities in cpCommerce ...) NOT-FOR-US: cpcommerce CVE-2008-4122 (Joomla! 1.5.8 does not set the secure flag for the session cookie in ...) BUG: 253483 CVE-2008-4123 RESERVED CVE-2008-4124 RESERVED CVE-2008-4125 (The search function in phpBB 2.x provides a search_id value that leaks ...) NOT-FOR-US: phpBB 2.x CVE-2008-4126 (PyDNS (aka python-dns) before 2.3.1-5 in Debian GNU/Linux does not use ...) BUG: 238118 CVE-2008-4127 (Mshtml.dll in Microsoft Internet Explorer 7 Gold 7.0.5730 and 8 Beta ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2008-4128 (Multiple cross-site request forgery (CSRF) vulnerabilities in the HTTP ...) NOT-FOR-US: Cisco IOS CVE-2008-4129 (Gallery before 1.5.9, and 2.x before 2.2.6, does not properly handle ...) BUG: 238113 CVE-2008-4130 (Cross-site scripting (XSS) vulnerability in Gallery 2.x before 2.2.6 ...) BUG: 238113 CVE-2008-4131 (Multiple unspecified vulnerabilities in Sun Solaris 8 through 10 allow ...) NOT-FOR-US: Sun Solaris CVE-2008-4132 (Stack-based buffer overflow in the VSFlexGrid.VSFlexGridL ActiveX ...) NOT-FOR-US: VSFlexGrid CVE-2008-4133 (The web proxy service on the D-Link DIR-100 with firmware 1.12 and ...) NOT-FOR-US: D-Link DIR-100 CVE-2008-4134 (PHP remote file inclusion vulnerability in manager/static/view.php in ...) NOT-FOR-US: phpRealty CVE-2008-4135 (Symbian OS S60 3rd edition on the Nokia E90 Communicator 07.40.1.2 ...) NOT-FOR-US: Symbian CVE-2008-4136 (Michael Roth Software Personal FTP Server (PFT) 6.0f allows remote ...) NOT-FOR-US: Personal FTP Server CVE-2008-4137 (PHP remote file inclusion vulnerability in footer.php in PHP-Crawler ...) NOT-FOR-US: php_crawler CVE-2008-4138 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: technote CVE-2008-4139 (Cross-site scripting (XSS) vulnerability in admin.php in OpenSolution ...) NOT-FOR-US: opensolution quick cms lite CVE-2008-4140 (Cross-site scripting (XSS) vulnerability in admin.php in Quick.Cart ...) NOT-FOR-US: opensolution quick cart CVE-2008-4141 (Multiple PHP remote file inclusion vulnerabilities in x10Media x10 ...) NOT-FOR-US: x10media x10_automatic_mp3_script CVE-2008-4142 (SQL injection vulnerability in article.php in E-Php CMS allows remote ...) NOT-FOR-US: E Php CVE-2008-4143 (SQL injection vulnerability in category_search.php in RazorCommerce ...) NOT-FOR-US: RazorCommerce CVE-2008-4144 (SQL injection vulnerability in index.php in ACG-ScriptShop E-Gold ...) NOT-FOR-US: ACG ScriptShop CVE-2008-4145 (SQL injection vulnerability in user_read_links.php in Addalink 1.0 ...) NOT-FOR-US: addalink CVE-2008-4146 (Addalink 1.0 beta 4 and earlier allows remote attackers to (1) approve ...) NOT-FOR-US: addalink CVE-2008-4147 (Cross-site scripting (XSS) vulnerability in the Mailsave module 5.x ...) NOT-FOR-US: Mailsave module CVE-2008-4148 (SQL injection vulnerability in the Mailhandler module 5.x before ...) NOT-FOR-US: Mailhandler module CVE-2008-4149 (Cross-site scripting (XSS) vulnerability in the Greg Holsclaw Link to ...) NOT-FOR-US: Greg Holsclaw Link to Us module CVE-2008-4150 (SQL injection vulnerability in picture_category.php in Diesel Joke ...) NOT-FOR-US: Diesel CVE-2008-4151 (Directory traversal vulnerability in collect.php in CYASK 3.x allows ...) NOT-FOR-US: CYASK CVE-2008-4152 (Cross-site scripting (XSS) vulnerability in the Talk module 5.x before ...) NOT-FOR-US: Talk module CVE-2008-4153 (The Talk module 5.x before 5.x-1.3 and 6.x before 6.x-1.5, a module ...) NOT-FOR-US: Talk CVE-2008-4154 (SQL injection vulnerability in living-e webEdition CMS allows remote ...) NOT-FOR-US: living e CVE-2008-4155 (Multiple directory traversal vulnerabilities in EasySite 2.3 allow ...) NOT-FOR-US: EasySite CVE-2008-4156 (SQL injection vulnerability in print.php in CustomCms (CCMS) Gaming ...) NOT-FOR-US: CustomCms CCMS Gaming Portal CVE-2008-4157 (SQL injection vulnerability in groups.php in Vastal I-Tech phpVID 1.1 ...) NOT-FOR-US: vastal_i tech phpvid CVE-2008-4158 (Multiple directory traversal vulnerabilities in index.php in Zanfi CMS ...) NOT-FOR-US: zanfi_solutions zanfi_cms_lite CVE-2008-4159 (SQL injection vulnerability in index.php in Jaw Portal and Zanfi CMS ...) NOT-FOR-US: Zanfi CMS CVE-2008-4160 (Unspecified vulnerability in the UFS module in Sun Solaris 8 through ...) NOT-FOR-US: UFS module in Sun Solaris CVE-2008-4161 (SQL injection vulnerability in search_inv.php in Assetman 2.5b allows ...) NOT-FOR-US: Assetman CVE-2008-4162 (Open redirect vulnerability in admin/auth.php in NooMS 1.1 allows ...) NOT-FOR-US: NooMS CVE-2008-4163 (Unspecified vulnerability in ISC BIND 9.3.5-P2-W1, 9.4.2-P2-W1, and ...) NOTE: Windows only CVE-2008-4164 (cron.php in MemHT Portal 3.9.0 and earlier allows remote attackers to ...) NOT-FOR-US: MemHT Portal CVE-2008-4165 (admin/user/create_user.php in Kolab Groupware Server 1.0.0 places a ...) NOT-FOR-US: kolab CVE-2008-4166 (Integer overflow in the JavaScript engine in Avant Browser 11.7 Build ...) NOT-FOR-US: avantbrowser avant_browser CVE-2008-4167 (useradmin.php in Easy Photo Gallery (aka Ezphotogallery) 2.1 does not ...) NOT-FOR-US: ezphotogallery CVE-2008-4168 (Cross-site scripting (XSS) vulnerability in verify_login.jsp in ...) NOT-FOR-US: Pro2col CVE-2008-4169 (SQL injection vulnerability in detaillist.php in iScripts EasyIndex, ...) NOT-FOR-US: iScripts CVE-2008-4170 (create_account.php in osCommerce 2.2 RC 2a allows remote attackers to ...) NOT-FOR-US: osCommerce CVE-2008-4171 (SQL injection vulnerability in xmlout.php in Invision Power Board ...) NOT-FOR-US: Invision Power Board IP Board or IPB CVE-2008-4172 (SQL injection vulnerability in page.php in Cars & Vehicle (aka ...) NOT-FOR-US: Cars CVE-2008-4173 (SQL injection vulnerability in ProArcadeScript 1.3 allows remote ...) NOT-FOR-US: ProArcadeScript CVE-2008-4174 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) NOT-FOR-US: benjamin_kuz dynamic_mp3_lister CVE-2008-4175 (Multiple SQL injection vulnerabilities in Link Bid Script 1.5 allow ...) NOT-FOR-US: linkbidscript CVE-2008-4176 (SQL injection vulnerability in izle.asp in FoT Video scripti 1.1 beta ...) NOT-FOR-US: asp_indir fot_video_scripti CVE-2008-4177 (SQL injection vulnerability in search.php in Pre Real Estate Listings ...) NOT-FOR-US: Pre Real Estate Listings CVE-2008-4178 (SQL injection vulnerability in tr.php in DownlineGoldmine Special ...) NOT-FOR-US: downline_goldmine new_addon CVE-2008-4179 (Multiple cross-site scripting (XSS) vulnerabilities in NooMS 1.1 allow ...) NOT-FOR-US: nooms CVE-2008-4180 (Unspecified vulnerability in db.php in NooMS 1.1 allows remote ...) NOT-FOR-US: nooms CVE-2008-4181 (Directory traversal vulnerability in includes/xml.php in the Netenberg ...) NOT-FOR-US: netenberg fantastico_de_luxe CVE-2008-4182 (Cross-site scripting (XSS) vulnerability in imp/test.php in Horde ...) BUG: 238573 CVE-2008-4183 (IntegraMOD 1.4.x stores sensitive information under the web root with ...) NOT-FOR-US: integramod CVE-2008-4184 (Cross-site scripting (XSS) vulnerability in index.php in webCMS Portal ...) NOT-FOR-US: webCMS CVE-2008-4185 (SQL injection vulnerability in index.php in webCMS Portal Edition ...) NOT-FOR-US: webCMS CVE-2008-4186 (SQL injection vulnerability in index.php in webCMS Portal Edition ...) NOT-FOR-US: webCMS CVE-2008-4187 (Directory traversal vulnerability in index.php in ProActive CMS allows ...) NOT-FOR-US: ProActive CVE-2008-4188 (Unspecified vulnerability in the TYPO3 Secure Directory (kw_secdir) ...) NOT-FOR-US: typo3 secure_directory CVE-2008-4189 REJECTED NOT-FOR-US: xerox workcentre_pro CVE-2008-4190 (The IPSEC livetest tool in Openswan 2.4.12 and earlier, and 2.6.x ...) BUG: 238574 CVE-2008-4191 (extract-table.pl in Emacspeak 26 and 28 allows local users to ...) BUG: 238575 CVE-2008-4192 (The pserver_shutdown function in fence_egenera in cman 2.20080629 and ...) BUG: 235770 CVE-2008-4193 (Stack-based buffer overflow in SecurityGateway.dll in Alt-N ...) NOT-FOR-US: Alt N Technologies SecurityGateway CVE-2008-4194 (The p_exec_query function in src/dns_query.c in pdnsd before 1.2.7-par ...) BUG: 231285 CVE-2008-4195 (Opera before 9.52 does not properly restrict the ability of a framed ...) BUG: 235298 CVE-2008-4196 (Cross-site scripting (XSS) vulnerability in Opera before 9.52 allows ...) BUG: 235298 CVE-2008-4197 (Opera before 9.52 on Windows, Linux, FreeBSD, and Solaris, when ...) BUG: 235298 CVE-2008-4198 (Opera before 9.52, when rendering an http page that has loaded an ...) BUG: 235298 CVE-2008-4199 (Opera before 9.52 does not prevent use of links from web pages to feed ...) BUG: 235298 CVE-2008-4200 (Opera before 9.52 does not ensure that the address field of a news ...) BUG: 235298 CVE-2008-4201 (Heap-based buffer overflow in the decodeMP4file function ...) BUG: 238445 CVE-2008-4202 (SQL injection vulnerability in index.php in Gonafish LinksCaffePRO 4.5 ...) NOT-FOR-US: gonafish linkscaffepro CVE-2008-4203 (SQL injection vulnerability in cn_users.php in CzarNews 1.20 and ...) NOT-FOR-US: czaries czarnews CVE-2008-4204 (SQL injection vulnerability in city.asp in SoftAcid Hotel Reservation ...) NOT-FOR-US: SoftAcid CVE-2008-4205 (SQL injection vulnerability in search.php Attachmax Dolphin 2.1.0 ...) NOT-FOR-US: attachmax dolphin CVE-2008-4206 (PHP remote file inclusion vulnerability in config.php in Attachmax ...) NOT-FOR-US: attachmax dolphin CVE-2008-4207 (Attachmax Dolphin 2.1.0 and earlier does not properly protect info.php ...) NOT-FOR-US: attachmax dolphin CVE-2008-4208 (Unspecified vulnerability in OSADS Alliance Database before 2.1 has ...) NOT-FOR-US: osads_alliance_database CVE-2008-4209 RESERVED CVE-2008-4210 (fs/open.c in the Linux kernel before 2.6.22 does not properly strip ...) BUG: 245017 CVE-2008-4211 (Integer signedness error in (1) QuickLook in Apple Mac OS X 10.5.5 and ...) NOT-FOR-US: QuickLook in Mac OS X CVE-2008-4212 (Unspecified vulnerability in rlogind in the rlogin component in Mac OS ...) NOT-FOR-US: apple mac_os_x_server CVE-2008-4213 RESERVED CVE-2008-4214 (Unspecified vulnerability in Script Editor in Mac OS X 10.4.11 and ...) NOT-FOR-US: Script Editor in Mac OS X CVE-2008-4215 (Weblog in Mac OS X Server 10.4.11 does not properly check an error ...) NOT-FOR-US: Mac OS X Server CVE-2008-4216 (The plug-in interface in WebKit in Apple Safari before 3.2 does not ...) NOT-FOR-US: apple safari CVE-2008-4217 (Integer signedness error in BOM in Apple Mac OS X before 10.5.6 allows ...) NOT-FOR-US: BOM in Apple Mac OS X CVE-2008-4218 (Multiple integer overflows in the kernel in Apple Mac OS X before ...) NOT-FOR-US: kernel in Apple Mac OS X CVE-2008-4219 (The kernel in Apple Mac OS X before 10.5.6 allows local users to cause ...) NOT-FOR-US: Apple Mac OS X CVE-2008-4220 (Integer overflow in the inet_net_pton API in Libsystem in Apple Mac OS ...) NOT-FOR-US: inet_net_pton API in Libsystem in Apple Mac OS X CVE-2008-4221 (The strptime API in Libsystem in Apple Mac OS X before 10.5.6 allows ...) NOT-FOR-US: Libsystem in Apple Mac OS X CVE-2008-4222 (natd in network_cmds in Apple Mac OS X before 10.5.6, when Internet ...) NOT-FOR-US: network_cmds in Apple Mac OS X CVE-2008-4223 (Podcast Producer in Apple Mac OS X 10.5 before 10.5.6 allows remote ...) NOT-FOR-US: Apple Mac OS X CVE-2008-4224 (UDF in Apple Mac OS X before 10.5.6 allows user-assisted attackers to ...) NOT-FOR-US: Apple Mac OS X CVE-2008-4225 (Integer overflow in the xmlBufferResize function in libxml2 2.7.2 ...) BUG: 245960 CVE-2008-4226 (Integer overflow in the xmlSAX2Characters function in libxml2 2.7.2 ...) BUG: 245960 CVE-2008-4227 (Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 ...) NOT-FOR-US: apple iphone_os CVE-2008-4228 (The Passcode Lock feature in Apple iPhone OS 1.0 through 2.1 and ...) NOT-FOR-US: apple iphone_os CVE-2008-4229 (Race condition in the Passcode Lock feature in Apple iPhone OS 2.0 ...) NOT-FOR-US: apple iphone_os CVE-2008-4230 (The Passcode Lock feature in Apple iPhone OS 1.0 through 2.1 and ...) NOT-FOR-US: apple iphone_os CVE-2008-4231 (Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch ...) NOT-FOR-US: apple iphone_os CVE-2008-4232 (Safari in Apple iPhone OS 2.0 through 2.1 and iPhone OS for iPod touch ...) NOT-FOR-US: apple iphone_os CVE-2008-4233 (Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch ...) NOT-FOR-US: apple iphone_os CVE-2008-4234 (Incomplete blacklist vulnerability in the Quarantine feature in ...) NOT-FOR-US: Quarantine feature in CoreTypes in Apple Mac OS X CVE-2008-4235 RESERVED CVE-2008-4236 (Apple Type Services (ATS) in Apple Mac OS X 10.5 before 10.5.6 allows ...) NOT-FOR-US: Apple Mac OS X CVE-2008-4237 (Managed Client in Apple Mac OS X before 10.5.6 sometimes misidentifies ...) NOT-FOR-US: Apple Mac OS X CVE-2008-4238 RESERVED CVE-2008-4239 RESERVED CVE-2008-4240 RESERVED CVE-2008-4241 (SQL injection vulnerability in CJ Ultra Plus 1.0.4 and earlier allows ...) NOT-FOR-US: cj ultra_plus CVE-2008-4242 (ProFTPD 1.3.1 interprets long commands from an FTP client as multiple ...) BUG: 238762 CVE-2008-4243 (Directory traversal vulnerability in ImageServer (aka UTImageServer) ...) NOT-FOR-US: WebAdmin for Unreal CVE-2008-4244 (Rianxosencabos CMS 0.9 allows remote attackers to bypass ...) NOT-FOR-US: Rianxosencabos CVE-2008-4245 (The Admin Control Panel in Rianxosencabos CMS 0.9 does not require ...) NOT-FOR-US: Rianxosencabos CMS CVE-2008-4246 (Unspecified vulnerability in Denora IRC Stats Server before 1.4.1 ...) NOT-FOR-US: Denora IRC Stats Server CVE-2008-4247 (ftpd in OpenBSD 4.3, FreeBSD 7.0, NetBSD 4.0, Solaris, and possibly ...) BUG: 238762 BUG: 239047 BUG: 261199 CVE-2008-4248 RESERVED CVE-2008-4249 RESERVED CVE-2008-4250 (The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, ...) NOT-FOR-US: Microsoft Windows CVE-2008-4251 RESERVED CVE-2008-4252 (The DataGrid ActiveX control in Microsoft Visual Basic 6.0 and Visual ...) NOT-FOR-US: Microsoft Visual Basic CVE-2008-4253 (The FlexGrid ActiveX control in Microsoft Visual Basic 6.0, Visual ...) NOT-FOR-US: Microsoft Visual Basic CVE-2008-4254 (Multiple integer overflows in the Hierarchical FlexGrid ActiveX ...) NOT-FOR-US: Microsoft Visual Basic CVE-2008-4255 (Heap-based buffer overflow in mscomct2.ocx (aka Windows Common ActiveX ...) NOT-FOR-US: Microsoft Visual Basic CVE-2008-4256 (The Charts ActiveX control in Microsoft Visual Basic 6.0, Visual ...) NOT-FOR-US: Microsoft Visual Basic CVE-2008-4257 RESERVED CVE-2008-4258 (Microsoft Internet Explorer 5.01 SP4 and 6 SP1 does not properly ...) NOT-FOR-US: Microsoft CVE-2008-4259 (Microsoft Internet Explorer 7 sometimes attempts to access ...) NOT-FOR-US: Microsoft CVE-2008-4260 (Microsoft Internet Explorer 7 sometimes attempts to access a deleted ...) NOT-FOR-US: Microsoft CVE-2008-4261 (Stack-based buffer overflow in Microsoft Internet Explorer 5.01 SP4, 6 ...) NOT-FOR-US: web CVE-2008-4262 RESERVED CVE-2008-4263 RESERVED CVE-2008-4264 (Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and ...) NOT-FOR-US: Microsoft CVE-2008-4265 (Microsoft Office Excel 2000 SP3 allows remote attackers to execute ...) NOT-FOR-US: Microsoft CVE-2008-4266 (Array index vulnerability in Microsoft Office Excel 2000 SP3, 2002 ...) NOT-FOR-US: Microsoft CVE-2008-4267 RESERVED CVE-2008-4268 (The Windows Search component in Microsoft Windows Vista Gold and SP1 ...) NOT-FOR-US: Microsoft CVE-2008-4269 (The search-ms protocol handler in Windows Explorer in Microsoft ...) NOT-FOR-US: Windows CVE-2008-4270 REJECTED CVE-2008-4271 RESERVED CVE-2008-4272 RESERVED CVE-2008-4273 RESERVED CVE-2008-4274 RESERVED CVE-2008-4275 RESERVED CVE-2008-4276 RESERVED CVE-2008-4277 RESERVED CVE-2008-4278 (VMware VirtualCenter 2.5 before Update 3 build 119838 on Windows ...) NOT-FOR-US: M$-only CVE-2008-4279 (The CPU hardware emulation for 64-bit guest operating systems in ...) BUG: 241150 CVE-2008-4280 RESERVED CVE-2008-4281 (Directory traversal vulnerability in VMWare ESXi 3.5 before ...) NOT-FOR-US: vmware esxi CVE-2008-4282 RESERVED CVE-2008-4283 (CRLF injection vulnerability in the WebContainer component in IBM ...) NOT-FOR-US: WebContainer component in IBM WebSphere Application Server WAS CVE-2008-4284 (Open redirect vulnerability in the ibm_security_logout servlet in IBM ...) NOT-FOR-US: ibm_security_logout servlet in IBM WebSphere Application Server WAS CVE-2008-4285 (Unspecified vulnerability in the Performance Monitoring Infrastructure ...) NOT-FOR-US: ibm websphere_application_server CVE-2008-4286 RESERVED CVE-2008-4287 RESERVED CVE-2008-4288 RESERVED CVE-2008-4289 RESERVED CVE-2008-4290 RESERVED CVE-2008-4291 RESERVED CVE-2008-4292 (Opera before 9.52 does not check the CRL override upon encountering a ...) BUG: 235298 CVE-2008-4293 (Unspecified vulnerability in Opera before 9.52 on Windows, when ...) NOTE: Windows only CVE-2008-4294 (IBM Tivoli Netcool/Webtop 2.1 before 2.1.0.5 preserves cached user ...) NOT-FOR-US: IBM Tivoli Netcool/Webtop CVE-2008-4295 (Microsoft Windows Mobile 6.0 on HTC Wiza 200 and HTC MDA 8125 devices ...) NOT-FOR-US: Microsoft Windows Mobile CVE-2008-4296 (The Cisco Linksys WRT350N with firmware 1.0.3.7 has "admin" as its ...) NOT-FOR-US: Cisco Linksys CVE-2008-4297 (Mercurial before 1.0.2 does not enforce the allowpull permission ...) BUG: 239055 CVE-2008-4298 (Memory leak in the http_request_parse function in request.c in ...) BUG: 238180 CVE-2008-4299 (A certain ActiveX control in the Microsoft Internet Authentication ...) NOT-FOR-US: M$ CVE-2008-4300 (A certain ActiveX control in adsiis.dll in Microsoft Internet ...) NOT-FOR-US: M$ IIS CVE-2008-4301 (** DISPUTED ** ...) NOT-FOR-US: M$ CVE-2008-4302 (fs/splice.c in the splice subsystem in the Linux kernel before ...) BUG: 245019 CVE-2008-4303 (Multiple SQL injection vulnerabilities in phpCollab 2.5 rc3, 2.4, and ...) BUG: 235052 CVE-2008-4304 (general/login.php in phpCollab 2.5 rc3 and earlier allows remote ...) BUG: 235052 CVE-2008-4305 (Static code injection vulnerability in installation/setup.php in ...) BUG: 235052 CVE-2008-4306 (Buffer overflow in enscript before 1.6.4 has unknown impact and attack ...) BUG: 243228 CVE-2008-4307 (Race condition in the do_setlk function in fs/nfs/file.c in the Linux ...) BUG: 254903 CVE-2008-4308 (The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 ...) NOT-FOR-US: We do not have these old versions. CVE-2008-4309 (Integer overflow in the netsnmp_create_subtree_cache function in ...) BUG: 245306 CVE-2008-4310 (httputils.rb in WEBrick in Ruby 1.8.1 and 1.8.5, as used in Red Hat ...) NOT-FOR-US: According to http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/ our versions are not vulnerable. CVE-2008-4311 (The default configuration of system.conf in D-Bus (aka DBus) before ...) BUG: 250546 CVE-2008-4312 REJECTED CVE-2008-4313 (A certain Red Hat patch for tog-pegasus in OpenGroup Pegasus 2.7.0 ...) NOT-FOR-US: OpenGroup Pegasus CVE-2008-4314 (smbd in Samba 3.0.29 through 3.2.4 might allow remote attackers to ...) BUG: 247620 CVE-2008-4315 (tog-pegasus in OpenGroup Pegasus 2.7.0 on Red Hat Enterprise Linux ...) NOT-FOR-US: OpenGroup Pegasus CVE-2008-4316 (Multiple integer overflows in glib/gbase64.c in GLib before 2.20 allow ...) BUG: 249214 CVE-2008-4317 REJECTED CVE-2008-4318 (Observer 0.3.2.1 and earlier allows remote attackers to execute ...) NOT-FOR-US: project observer observer CVE-2008-4319 (fileadmin.php in Libra File Manager (aka Libra PHP File Manager) 1.18 ...) NOT-FOR-US: libra_file_manager php_filemanager CVE-2008-4320 (Multiple cross-site scripting (XSS) vulnerabilities in OpenNMS before ...) NOT-FOR-US: opennms org opennms CVE-2008-4321 (Buffer overflow in FlashGet (formerly JetCar) FTP 1.9 allows remote FTP ...) NOT-FOR-US: Flashget is M$-only CVE-2008-4322 (Stack-based buffer overflow in RealFlex Technologies Ltd. RealWin ...) NOT-FOR-US: RealFlex Technologies Ltd. RealWin Server is M$-only CVE-2008-4323 (Windows Explorer in Microsoft Windows XP SP3 allows user-assisted ...) NOT-FOR-US: M$ CVE-2008-4324 (The user interface event dispatcher in Mozilla Firefox 3.0.3 on ...) BUG: 240592 CVE-2008-4325 (lib/viewvc.py in ViewVC 1.0.5 uses the content-type parameter in the ...) BUG: 238077 CVE-2008-4326 (The PMA_escapeJsString function in libraries/js_escape.lib.php in ...) BUG: 237781 CVE-2008-4327 (gdiplus.dll in GDI+ in Microsoft Windows XP SP3 does not properly ...) NOT-FOR-US: M$ CVE-2008-4328 (SQL injection vulnerability in site_search.php in EasyRealtorPRO 2008 ...) NOT-FOR-US: easyrealtorpro CVE-2008-4329 (PHP remote file inclusion vulnerability in cms/system/openengine.php ...) NOT-FOR-US: openengine CVE-2008-4330 (Directory traversal vulnerability in index.php in LanSuite 3.3.2 ...) NOT-FOR-US: lansuite CVE-2008-4331 (Directory traversal vulnerability in library/pagefunctions.inc.php in ...) NOT-FOR-US: phpocs CVE-2008-4332 (SQL injection vulnerability in the showjavatopic function in func.php ...) NOT-FOR-US: cannot php_infoboard CVE-2008-4333 (Cross-site scripting (XSS) vulnerability in PHP infoBoard V.7 Plus ...) NOT-FOR-US: cannot php_infoboard CVE-2008-4334 (PHP infoBoard V.7 Plus allows remote attackers to bypass ...) NOT-FOR-US: cannot php_infoboard CVE-2008-4335 (SQL injection vulnerability in album.php in Atomic Photo Album (APA) ...) NOT-FOR-US: atomic_photo_album CVE-2008-4336 (Cross-site scripting (XSS) vulnerability in album.php in Atomic Photo ...) NOT-FOR-US: atomic_photo_album CVE-2008-4337 (Cross-site scripting (XSS) vulnerability in Bitweaver 2.0.2 allows ...) NOT-FOR-US: bitweaver CVE-2008-4338 (SQL injection vulnerability in the brilliant_gallery_checklist_save ...) NOT-FOR-US: vacilanda brilliant_gallery CVE-2008-4339 (Unspecified vulnerability in the Java Administration GUI (jnbSA) in ...) NOT-FOR-US: Java Administration GUI of Symantec Veritas NetBackup Server and NetBackup Enterprise Server CVE-2008-4340 (Google Chrome 0.2.149.29 and 0.2.149.30 allows remote attackers to ...) NOT-FOR-US: chrome is M$ only CVE-2008-4341 (add.php in MyBlog 0.9.8 and earlier allows remote attackers to bypass ...) NOT-FOR-US: myblog CVE-2008-4342 (NuMedia Soft NMS DVD Burning SDK Activex NMSDVDX.DVDEngineX.1 ActiveX ...) NOT-FOR-US: M$-only CVE-2008-4343 (The Chilkat XML ChilkatUtil.CkData.1 ActiveX control (ChilkatUtil.dll) ...) NOT-FOR-US: M$-only CVE-2008-4344 (SQL injection vulnerability in cat.php in 6rbScript allows remote ...) NOT-FOR-US: 6rbscript CVE-2008-4345 (SQL injection vulnerability in download.php in WebPortal CMS 0.7.4 and ...) NOT-FOR-US: webportal_cms CVE-2008-4346 (Directory traversal vulnerability in TalkBack 2.3.6 and 2.3.6.4 allows ...) NOT-FOR-US: talkback CVE-2008-4347 (SQL injection vulnerability in newskom.php in Powie pNews 2.03 allows ...) NOT-FOR-US: powie pnews CVE-2008-4348 (SQL injection vulnerability in photo.php in PHPortfolio, possibly 1.3, ...) NOT-FOR-US: outshine phportfolio CVE-2008-4349 (Multiple cross-site scripting (XSS) vulnerabilities in news.php in ...) NOT-FOR-US: s0nic paranews CVE-2008-4350 (SQL injection vulnerability in main.php in vbLOGIX Tutorial Script 1.0 ...) NOT-FOR-US: vblogix tutorial_script CVE-2008-4351 (Directory traversal vulnerability in index.php in phpSmartCom 0.2 ...) NOT-FOR-US: phpsmartcom CVE-2008-4352 (SQL injection vulnerability in inc/pages/viewprofile.php in ...) NOT-FOR-US: phpsmartcom CVE-2008-4353 (SQL injection vulnerability in link.php in Linkarity allows remote ...) NOT-FOR-US: linkarity CVE-2008-4354 (SQL injection vulnerability in the products module in NetArt Media ...) NOT-FOR-US: net_art_media iboutique CVE-2008-4355 (SQL injection vulnerability in showprofil.php in Powie PSCRIPT Forum ...) NOT-FOR-US: powie pforum CVE-2008-4356 (Multiple SQL injection vulnerabilities in Kasseler CMS 1.1.0 and 1.2.0 ...) NOT-FOR-US: kasseler cms kasseler_cms CVE-2008-4357 (SQL injection vulnerability in linkto.php in Powie pLink 2.07 allows ...) NOT-FOR-US: powie plink CVE-2008-4358 (Unspecified vulnerability in class/theme.class.php in SPAW Editor PHP ...) NOT-FOR-US: spaw_editor spaw_php CVE-2008-4359 (lighttpd before 1.4.20 compares URIs to patterns in the (1) ...) BUG: 239552 CVE-2008-4360 (mod_userdir in lighttpd before 1.4.20, when a case-insensitive ...) BUG: 238180 CVE-2008-4361 (Directory traversal vulnerability in PowerPortal 2.0.13 allows remote ...) NOT-FOR-US: powerportal CVE-2008-4362 (The Virtual Token driver (vdlptokn.sys) 1.0.2.43 in DESlock+ 3.2.7 ...) NOT-FOR-US: deslock CVE-2008-4363 (DLMFENC.sys 1.0.0.28 in DESlock+ 3.2.7 allows local users to cause a ...) NOT-FOR-US: deslock CVE-2008-4364 (SQL injection vulnerability in default.aspx in ParsaGostar ParsaWeb ...) NOT-FOR-US: parsagostar parsaweb_cms CVE-2008-4365 (Cross-site scripting (XSS) vulnerability in search.php in Siteman ...) NOT-FOR-US: siteman CVE-2008-4366 (Unrestricted file upload vulnerability in the image upload component ...) NOT-FOR-US: camera_life CVE-2008-4367 RESERVED CVE-2008-4368 (The default configuration of Java 1.5 on Apple Mac OS X 10.5.4 and ...) NOT-FOR-US: apple mac_os_x CVE-2008-4369 (SQL injection vulnerability in pics.php in Availscript Photo Album ...) NOT-FOR-US: availscript_photo_album CVE-2008-4370 (Multiple cross-site scripting (XSS) vulnerabilities in Availscript ...) NOT-FOR-US: availscript_photo_album CVE-2008-4371 (SQL injection vulnerability in articles.php in AvailScript Article ...) NOT-FOR-US: availscript_article_script CVE-2008-4372 (Cross-site scripting (XSS) vulnerability in articles.php in ...) NOT-FOR-US: availscript_article_script CVE-2008-4373 (SQL injection vulnerability in job_seeker/applynow.php in AvailScript ...) NOT-FOR-US: availscript_jobs_portal_script CVE-2008-4374 (SQL injection vulnerability in index.php in CMS Buzz allows remote ...) NOT-FOR-US: cmsbuzz cms_buzz CVE-2008-4375 (SQL injection vulnerability in viewprofile.php in Availscript ...) NOT-FOR-US: availscript_classmate_script CVE-2008-4376 (SQL injection vulnerability in index.php in Live TV Script allows ...) NOT-FOR-US: livetvscript live_tv_script CVE-2008-4377 (SQL injection vulnerability in index.asp in Creative Mind Creator CMS ...) NOT-FOR-US: creative_mind creator_cms CVE-2008-4378 (SQL injection vulnerability in report.php in Mr. CGI Guy Hot Links ...) NOT-FOR-US: mr _cgi_guy hot_links_sql_php CVE-2008-4379 (Cross-site scripting (XSS) vulnerability in report.php in Mr. CGI Guy ...) NOT-FOR-US: mr _cgi_guy hot_links_sql_php CVE-2008-4380 (The web interface in Samsung DVR SHR2040 allows remote attackers to ...) NOT-FOR-US: samsung dvr_shr2040 CVE-2008-4381 (Microsoft Internet Explorer 7 allows remote attackers to cause a ...) NOT-FOR-US: M$ IE CVE-2008-4382 (Konqueror in KDE 3.5.9 allows remote attackers to cause a denial of ...) BUG: 239565 CVE-2008-4383 (Stack-based buffer overflow in the Agranet-Emweb embedded management ...) NOT-FOR-US: Agranet Emweb CVE-2008-4384 (Multiple stack-based buffer overflows in MGI Software LPViewer ActiveX ...) NOT-FOR-US: M$-only CVE-2008-4385 (Husdawg, LLC Systems Requirements Lab 3, as used by Instant Expert ...) NOT-FOR-US: sysreqlab2 jar CVE-2008-4386 RESERVED CVE-2008-4387 (Unspecified vulnerability in the Simba MDrmSap ActiveX control in ...) NOT-FOR-US: SAP CVE-2008-4388 (The LaunchObj ActiveX control before 5.2.2.865 in launcher.dll in ...) NOT-FOR-US: Symantec AppStream Client CVE-2008-4389 (Symantec AppStream 5.2.x and Symantec Workspace Streaming (SWS) 6.1.x ...) NOT-FOR-US: symantec workspace_streaming CVE-2008-4390 (The Cisco Linksys WVC54GC wireless video camera before firmware 1.25 ...) NOT-FOR-US: cisco wvc54gc CVE-2008-4391 (Stack-based buffer overflow in the SetSource method in the ...) NOT-FOR-US: cisco wvc54gc CVE-2008-4392 (dnscache in Daniel J. Bernstein djbdns 1.05 does not prevent ...) BUG: 260014 CVE-2008-4393 (Cross-site scripting (XSS) vulnerability in VeriSign Kontiki Delivery ...) NOT-FOR-US: verisign kontiki_delivery_management_system CVE-2008-4394 (Multiple untrusted search path vulnerabilities in Portage before ...) BUG: 239560 CVE-2008-4395 (Multiple buffer overflows in the ndiswrapper module 1.53 for the Linux ...) BUG: 239371 CVE-2008-4396 (Stack-based buffer overflow in Safer Networking FileAlyzer 1.6.0.0 and ...) NOT-FOR-US: safer_networking filealyzer CVE-2008-4397 (Directory traversal vulnerability in the RPC interface (asdbapi.dll) ...) NOT-FOR-US: an RPC call with opnum CVE-2008-4398 (Unspecified vulnerability in the tape engine service in asdbapi.dll in ...) NOT-FOR-US: CA CVE-2008-4399 (Unspecified vulnerability in the database engine service in ...) NOT-FOR-US: CA CVE-2008-4400 (Unspecified vulnerability in asdbapi.dll in CA ARCserve Backup ...) NOT-FOR-US: CA CVE-2008-4401 (ActionScript in Adobe Flash Player 9.0.124.0 and earlier does not ...) BUG: 239543 CVE-2008-4402 (Multiple buffer overflows in CGI modules in the server in Trend Micro ...) NOT-FOR-US: trend_micro officescan CVE-2008-4403 (The CGI modules in the server in Trend Micro OfficeScan 8.0 SP1 before ...) NOT-FOR-US: trend_micro officescan CVE-2008-4404 (The IPv6 Neighbor Discovery Protocol (NDP) implementation on IBM ...) NOT-FOR-US: ibm zseries CVE-2008-4405 (xend in Xen 3.0.3 does not properly limit the contents of the ...) BUG: 241146 CVE-2008-4406 (A certain Debian patch to the run scripts for sabre (aka xsabre) ...) NOT-FOR-US: debian-specific CVE-2008-4407 (XRunSabre in sabre (aka xsabre) 0.2.4b relies on the ability to create ...) NOT-FOR-US: sabre aka xsabre CVE-2008-4408 (Cross-site scripting (XSS) vulnerability in MediaWiki 1.13.1, 1.12.0, ...) BUG: 239342 CVE-2008-4409 (libxml2 2.7.0 and 2.7.1 does not properly handle "predefined entities ...) BUG: 239346 CVE-2008-4410 (The vmi_write_ldt_entry function in arch/x86/kernel/vmi_32.c in the ...) BUG: 243148 CVE-2008-4411 (Cross-site scripting (XSS) vulnerability in HP System Management ...) NOT-FOR-US: hp system_management_homepage CVE-2008-4412 (Unspecified vulnerability in HP Systems Insight Manager (SIM) before ...) NOT-FOR-US: HP Systems Insight Manager SIM CVE-2008-4413 (Unspecified vulnerability in HP System Management Homepage (SMH) 2.2.6 ...) NOT-FOR-US: hp system_management_homepage CVE-2008-4414 (Unspecified vulnerability in the AdvFS showfile command in HP Tru64 ...) NOT-FOR-US: hp tru64 CVE-2008-4415 (Unspecified vulnerability in HP Service Manager (HPSM) before 7.01.71 ...) NOT-FOR-US: HP Service Manager HPSM CVE-2008-4416 (Unspecified vulnerability in the kernel in HP HP-UX B.11.31 allows ...) NOT-FOR-US: hp ux CVE-2008-4417 RESERVED CVE-2008-4418 (Unspecified vulnerability in DCE in HP HP-UX B.11.11, B.11.23, and ...) NOT-FOR-US: hp ux CVE-2008-4419 (Directory traversal vulnerability in the HP JetDirect web ...) NOT-FOR-US: hp laserjet_9050mfp CVE-2008-4420 (Multiple stack-based buffer overflows in DZIP32.DLL before 5.0.0.8 in ...) NOT-FOR-US: innermedia dynazip_max_secure CVE-2008-4421 (Directory traversal vulnerability in MetaGauge 1.0.0.17, and probably ...) NOT-FOR-US: hammer software metagauge CVE-2008-4422 REJECTED CVE-2008-4423 (SQL injection vulnerability in index.php in Ovidentia 6.6.5 allows ...) NOT-FOR-US: Ovidentia CVE-2008-4424 (Cross-site scripting (XSS) vulnerability in index.php in Domain Group ...) NOT-FOR-US: Domain Group Network GooCMS CVE-2008-4425 (Directory traversal vulnerability in upload.php in Phlatline's ...) NOT-FOR-US: Phlatline s Personal Information Manager pPIM CVE-2008-4426 (Cross-site scripting (XSS) vulnerability in events.php in Phlatline's ...) NOT-FOR-US: Phlatline s Personal Information Manager pPIM CVE-2008-4427 (changepassword.php in Phlatline's Personal Information Manager (pPIM) ...) NOT-FOR-US: Phlatline s Personal Information Manager pPIM CVE-2008-4428 (Unrestricted file upload vulnerability in upload.php in Phlatline's ...) NOT-FOR-US: Phlatline s Personal Information Manager pPIM CVE-2008-4429 (Unspecified vulnerability in SOURCENEXT Virus Security ZERO 9.5.0173 ...) NOT-FOR-US: SOURCENEXT Virus Security ZERO CVE-2008-4430 REJECTED CVE-2008-4431 (SQL injection vulnerability in index.php in IceBB 1.0-rc9.3 and ...) NOT-FOR-US: IceBB CVE-2008-4432 (Cross-site scripting (XSS) vulnerability in search.php in the RMSOFT ...) NOT-FOR-US: RMSOFT MiniShop module CVE-2008-4433 (SQL injection vulnerability in search.php in the RMSOFT MiniShop ...) NOT-FOR-US: RMSOFT MiniShop module CVE-2008-4434 (Stack-based buffer overflow in (1) uTorrent 1.7.7 build 8179 and ...) BUG: 239824 CVE-2008-4435 (Multiple cross-site scripting (XSS) vulnerabilities in the RMSOFT ...) NOT-FOR-US: RMSOFT Downloads Plus rmdp module CVE-2008-4436 (SQL injection vulnerability in bblog_plugins/builtin.help.php in bBlog ...) NOT-FOR-US: bBlog CVE-2008-4437 (Directory traversal vulnerability in importxml.pl in Bugzilla before ...) BUG: 239564 CVE-2008-4438 (Cross-site scripting (XSS) vulnerability in search.php in Datafeed ...) NOT-FOR-US: Datafeed Studio CVE-2008-4439 (PHP remote file inclusion vulnerability in admin/bin/patch.php in ...) NOT-FOR-US: MartinWood CVE-2008-4440 (The to-upgrade plugin in feta 1.4.16 allows local users to overwrite ...) NOT-FOR-US: feta CVE-2008-4441 (The Marvell driver for the Linksys WAP4400N Wi-Fi access point with ...) NOT-FOR-US: linksys wap400n CVE-2008-4442 RESERVED CVE-2008-4443 RESERVED CVE-2008-4444 (Cisco Unified IP Phone (aka SIP phone) 7960G and 7940G with firmware ...) NOT-FOR-US: Cisco CVE-2008-4445 (The sctp_auth_ep_set_hmacs function in net/sctp/auth.c in the Stream ...) BUG: 243154 CVE-2008-4446 (Cross-site scripting (XSS) vulnerability in Nucleus EUC-JP 3.31 SP1 ...) NOT-FOR-US: Nucleus EUC JP CVE-2008-4447 (Cross-site scripting (XSS) vulnerability in actions.php in Positive ...) NOT-FOR-US: Positive Software H Sphere WebShell CVE-2008-4448 (Cross-site request forgery (CSRF) vulnerability in actions.php in ...) NOT-FOR-US: Positive Software H Sphere WebShell CVE-2008-4449 (Stack-based buffer overflow in mIRC 6.34 allows remote attackers to ...) NOT-FOR-US: M$-only CVE-2008-4450 (Cross-site scripting (XSS) vulnerability in adodb.php in XAMPP for ...) NOT-FOR-US: M$-only CVE-2008-4451 (The SysInspector AntiStealth driver (esiasdrv.sys) 3.0.65535.0 in ESET ...) NOT-FOR-US: M$-only CVE-2008-4452 (Buffer overflow in Cambridge Computer Corporation vxFtpSrv 2.0.3 ...) NOT-FOR-US: Cambridge Computer Corporation vxFtpSrv CVE-2008-4453 (The GdPicture (1) Light Imaging Toolkit 4.7.1 GdPicture4S.Imaging ...) NOT-FOR-US: M$-only CVE-2008-4454 (Directory traversal vulnerability in EKINdesigns MySQL Quick Admin ...) NOT-FOR-US: EKINdesigns MySQL Quick Admin CVE-2008-4455 (Directory traversal vulnerability in index.php in EKINdesigns MySQL ...) NOT-FOR-US: EKINdesigns MySQL Quick Admin CVE-2008-4456 (Cross-site scripting (XSS) vulnerability in the command-line client in ...) BUG: 240407 CVE-2008-4457 (SQL injection vulnerability in inc/inc_statistics.php in MemHT Portal ...) NOT-FOR-US: MemHT Portal CVE-2008-4458 (SQL injection vulnerability in listings.php in E-Php B2B Trading ...) NOT-FOR-US: E Php CVE-2008-4459 (SQL injection vulnerability in pick_users.php in the groups module in ...) NOT-FOR-US: groups module in eXtrovert Thyme CVE-2008-4460 (SQL injection vulnerability in game.php in Vastal I-Tech MMORPG Zone ...) NOT-FOR-US: Vastal CVE-2008-4461 (SQL injection vulnerability in advanced_search_results.php in Vastal ...) NOT-FOR-US: Vastal I Tech Dating Zone possibly CVE-2008-4462 (SQL injection vulnerability in view_news.php in Vastal I-Tech Visa ...) NOT-FOR-US: Vastal CVE-2008-4463 (SQL injection vulnerability in view_news.php in Vastal I-Tech Jobs ...) NOT-FOR-US: Vastal CVE-2008-4464 (SQL injection vulnerability in view_mags.php in Vastal I-Tech Mag Zone ...) NOT-FOR-US: Vastal CVE-2008-4465 (SQL injection vulnerability in view_mags.php in Vastal I-Tech DVD Zone ...) NOT-FOR-US: Vastal CVE-2008-4466 (SQL injection vulnerability in view_products_cat.php in Vastal I-Tech ...) NOT-FOR-US: Vastal CVE-2008-4467 (SQL injection vulnerability in show_series_ink.php in Vastal I-Tech ...) NOT-FOR-US: Vastal CVE-2008-4468 (SQL injection vulnerability in view_news.php in Vastal I-Tech Share ...) NOT-FOR-US: Vastal CVE-2008-4469 (SQL injection vulnerability in view_cresume.php in Vastal I-Tech ...) NOT-FOR-US: Vastal CVE-2008-4470 (Stack-based buffer overflow in Numark CUE 5.0 rev2 allows ...) NOT-FOR-US: Numark CUE CVE-2008-4471 (Directory traversal vulnerability in the CExpressViewerControl class ...) NOT-FOR-US: autodesk revit_architecture CVE-2008-4472 (The UpdateEngine class in the LiveUpdate ActiveX control ...) NOT-FOR-US: autodesk revit_architecture CVE-2008-4473 (Multiple heap-based buffer overflows in Adobe Flash CS3 Professional ...) NOT-FOR-US: Adobe CVE-2008-4474 (freeradius-dialupadmin in freeradius 2.0.4 allows local users to ...) BUG: 240546 CVE-2008-4475 (ibackup 2.27 allows local users to overwrite arbitrary files via a ...) NOT-FOR-US: ibackup CVE-2008-4476 (sympa.pl in sympa 5.3.4 allows local users to overwrite arbitrary ...) NOT-FOR-US: sympa CVE-2008-4477 (alert.d/test.alert in mon 0.99.2 allows local users to overwrite ...) BUG: 235770 CVE-2008-4478 (Multiple integer overflows in dhost.exe in Novell eDirectory 8.8 ...) NOT-FOR-US: Novell eDirectory CVE-2008-4479 (Heap-based buffer overflow in dhost.exe in Novell eDirectory 8.8 ...) NOT-FOR-US: Novell eDirectory CVE-2008-4480 (Heap-based buffer overflow in dhost.exe in Novell eDirectory 8.x ...) NOT-FOR-US: Novell eDirectory CVE-2008-4481 (Cross-site scripting (XSS) vulnerability in Redmine 0.7.2 and earlier ...) NOT-FOR-US: Redmine CVE-2008-4482 (The XML parser in Xerces-C++ before 3.0.0 allows context-dependent ...) BUG: 240496 CVE-2008-4483 (Directory traversal vulnerability in index.php in Crux Gallery 1.32 ...) NOT-FOR-US: Crux Gallery CVE-2008-4484 (main.php in Crux Gallery 1.32 and earlier allows remote attackers to ...) NOT-FOR-US: Crux Gallery CVE-2008-4485 (Cross-site scripting (XSS) vulnerability in the ICAP patience page in ...) NOT-FOR-US: ICAP patience page in Blue Coat Security Gateway OS SGOS CVE-2008-4486 (Directory traversal vulnerability in index.php in SAC.php (SACphp), as ...) NOT-FOR-US: SAC php SACphp as used in Yerba CVE-2008-4487 (SQL injection vulnerability in ap-save.php in Atarone CMS 1.2.0 allows ...) NOT-FOR-US: Atarone CMS CVE-2008-4488 (Cross-site scripting (XSS) vulnerability in ap-pages.php in Atarone ...) NOT-FOR-US: Atarone CMS CVE-2008-4489 (Directory traversal vulnerability in ap-save.php in Atarone CMS 1.2.0 ...) NOT-FOR-US: Atarone CMS CVE-2008-4490 (Directory traversal vulnerability in config.inc.php in phpAbook 0.8.8b ...) NOT-FOR-US: phpAbook CVE-2008-4491 (Apple Mail.app 3.5 on Mac OS X, when "Store draft messages on the ...) NOT-FOR-US: apple mail CVE-2008-4492 (SQL injection vulnerability in referrals.php in YourOwnBux 4.0 allows ...) NOT-FOR-US: yourownbux CVE-2008-4493 (Microsoft PicturePusher ActiveX control (PipPPush.DLL 7.00.0709), as ...) NOT-FOR-US: M$-only CVE-2008-4494 (SQL injection vulnerability in completed-advance.php in TorrentTrader ...) NOT-FOR-US: TorrentTrader Classic CVE-2008-4495 (SQL injection vulnerability in view_cat.php in PHP Auto Dealer 2.7 ...) NOT-FOR-US: PHP Auto Dealer CVE-2008-4496 (SQL injection vulnerability in view_cat.php in PHP Realtor 1.5 allows ...) NOT-FOR-US: PHP Realtor CVE-2008-4497 (SQL injection vulnerability in event_detail.php in Built2Go Real ...) NOT-FOR-US: built2go CVE-2008-4498 (SQL injection vulnerability in searchresults.php in PHP Autos 2.9.1 ...) NOT-FOR-US: PHP Autos CVE-2008-4499 (Multiple directory traversal vulnerabilities in PHP Web Explorer 0.99b ...) NOT-FOR-US: PHP Web Explorer CVE-2008-4500 (Serv-U 7.0.0.1 through 7.3, including 7.2.0.1, allows remote ...) NOT-FOR-US: M$-only CVE-2008-4501 (Directory traversal vulnerability in the FTP server in Serv-U 7.0.0.1 ...) NOT-FOR-US: FTP server in Serv U CVE-2008-4502 (Multiple PHP remote file inclusion vulnerabilities in DataFeedFile ...) NOT-FOR-US: DataFeedFile CVE-2008-4503 (The Settings Manager in Adobe Flash Player 9.0.124.0 and earlier ...) BUG: 239543 CVE-2008-4504 (Heap-based buffer overflow in Mplayer.exe in Herosoft Inc. Hero DVD ...) NOT-FOR-US: herosoft hero_dvd_player CVE-2008-4505 (Unspecified vulnerability in IBM Lotus Quickr 8.1 before Fix pack 1 ...) NOT-FOR-US: ibm lotus_quickr CVE-2008-4506 (Unspecified vulnerability in IBM Lotus Quickr 8.1 before Fix pack 1 ...) NOT-FOR-US: ibm lotus_quickr CVE-2008-4507 (Unspecified vulnerability in IBM Lotus Quickr 8.1 before Fix pack 1 ...) NOT-FOR-US: ibm lotus_quickr CVE-2008-4508 (Stack-based buffer overflow in the file parsing function in Tonec ...) NOT-FOR-US: tonec_inc internet_download_manager CVE-2008-4509 (Unrestricted file upload vulnerability in processFiles.php in FOSS ...) NOT-FOR-US: foss_gallery CVE-2008-4510 (Microsoft Windows Vista Home and Ultimate Edition SP1 and earlier ...) NOT-FOR-US: microsoft windows nt CVE-2008-4511 (Todd Woolums ASP News Management, possibly 2.21, stores db/news.mdb ...) NOT-FOR-US: todd_woolums asp_news_management CVE-2008-4512 (ASP/MS Access Shoutbox, probably 1.1 beta, stores db/shoutdb.mdb under ...) NOT-FOR-US: ASP MS CVE-2008-4513 (Cross-site scripting (XSS) vulnerability in BBcode API module in ...) NOT-FOR-US: phorum CVE-2008-4514 (The HTML parser in KDE Konqueror 3.5.9 allows remote attackers to ...) BUG: 241112 CVE-2008-4515 (Blue Coat K9 Web Protection 4.0.230 Beta relies on client-side ...) NOT-FOR-US: blue_coat_systems k9_web_protection CVE-2008-4516 (SQL injection vulnerability in galerie.php in Galerie 3.2 allows ...) NOT-FOR-US: galerie CVE-2008-4517 (SQL injection vulnerability in leggi.php in geccBBlite 2.0 allows ...) NOT-FOR-US: geccbblite CVE-2008-4518 (Multiple SQL injection vulnerabilities in Fastpublish CMS 1.9.9.9.9 d ...) NOT-FOR-US: Fastpublish CMS CVE-2008-4519 (Multiple directory traversal vulnerabilities in Fastpublish CMS 1.9999 ...) NOT-FOR-US: Fastpublish CMS CVE-2008-4520 (Cross-site scripting (XSS) vulnerability in bulk_update.pl in ...) NOT-FOR-US: AutoNessus CVE-2008-4521 (SQL injection vulnerability in thisraidprogress.php in the World of ...) NOT-FOR-US: World of Warcraft tracker infusion raidtracker_panel module CVE-2008-4522 (Multiple directory traversal vulnerabilities in JMweb MP3 Music Audio ...) NOT-FOR-US: JMweb CVE-2008-4523 (SQL injection vulnerability in login.php in IP Reg 0.4 and earlier ...) NOT-FOR-US: IP Reg CVE-2008-4524 (SQL injection vulnerability in the "Check User" feature ...) NOT-FOR-US: Check User feature includes check_user php in AdaptCMS Lite and AdaptCMS Pro CVE-2008-4525 (SQL injection vulnerability in index.php in AmpJuke 0.7.5 allows ...) NOT-FOR-US: AmpJuke CVE-2008-4526 (Multiple directory traversal vulnerabilities in CCMS 3.1 allow remote ...) NOT-FOR-US: CCMS CVE-2008-4527 (SQL injection vulnerability in recept.php in the Recepies (Recept) ...) NOT-FOR-US: Recepies Recept module CVE-2008-4528 (Directory traversal vulnerability in notes.php in Phlatline's Personal ...) NOT-FOR-US: Phlatline s Personal Information Manager pPIM CVE-2008-4529 (Multiple PHP remote file inclusion vulnerabilities in asiCMS alpha ...) NOT-FOR-US: asiCMS alpha CVE-2008-4530 (Cross-site scripting (XSS) vulnerability in Brilliant Gallery 5.x ...) NOT-FOR-US: Brilliant Gallery CVE-2008-4531 (SQL injection vulnerability in Brilliant Gallery 5.x before 5.x-4.2, a ...) NOT-FOR-US: Brilliant Gallery CVE-2008-4532 (Cross-site scripting (XSS) vulnerability in index.php in MaxiScript ...) NOT-FOR-US: MaxiScript CVE-2008-4533 (Cross-site scripting (XSS) vulnerability in Kantan WEB Server 1.8 and ...) NOT-FOR-US: Kantan WEB Server CVE-2008-4534 (SQL injection vulnerability in EC-CUBE Ver2 2.1.2a and earlier, and ...) NOT-FOR-US: ec cube CVE-2008-4535 (Cross-site scripting (XSS) vulnerability in EC-CUBE Ver2 2.1.2a and ...) NOT-FOR-US: ec cube CVE-2008-4536 (Cross-site scripting (XSS) vulnerability in EC-CUBE Ver1 1.4.6 and ...) NOT-FOR-US: ec cube CVE-2008-4537 (Cross-site scripting (XSS) vulnerability in EC-CUBE Ver1 1.4.6 and ...) NOT-FOR-US: ec cube CVE-2008-4538 RESERVED CVE-2008-4539 (Heap-based buffer overflow in the Cirrus VGA implementation in (1) KVM ...) BUG: 253641 CVE-2008-4540 (Windows Mobile 6 on the HTC Hermes device makes WLAN passwords ...) NOT-FOR-US: microsoft windows_mobile CVE-2008-4541 (Heap-based buffer overflow in the FTP subsystem in Sun Java System Web ...) NOT-FOR-US: sun java_system_web_proxy_server CVE-2008-4542 (Cross-site scripting (XSS) vulnerability in Cisco Unity 4.x before ...) NOT-FOR-US: cisco unity CVE-2008-4543 (Cisco Unity 4.x before 4.2(1)ES161, 5.x before 5.0(1)ES53, and 7.x ...) NOT-FOR-US: cisco unity CVE-2008-4544 (Unspecified vulnerability in an unspecified Microsoft API, as used by ...) NOT-FOR-US: cisco unity CVE-2008-4545 (Cisco Unity 4.x before 4.2(1)ES161, 5.x before 5.0(1)ES53, and 7.x ...) NOT-FOR-US: cisco unity CVE-2008-4546 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and ...) BUG: 239543 CVE-2008-4547 (Heap-based buffer overflow in the PdvrAtl.PdvrOcx.1 ActiveX control ...) NOT-FOR-US: DVRHOST Web CMS OCX CVE-2008-4548 (Stack-based buffer overflow in the PTZCamPanelCtrl ActiveX control ...) NOT-FOR-US: PTZCamPanelCtrl ActiveX control CamPanel dll in RTS Sentry CVE-2008-4549 (The ImageShack Toolbar ActiveX control (ImageShackToolbar.dll) in ...) NOT-FOR-US: ImageShack Toolbar CVE-2008-4550 RESERVED CVE-2008-4551 (strongSwan 4.2.6 and earlier allows remote attackers to cause a denial ...) BUG: 238534 CVE-2008-4552 (nfs-utils 1.0.9, and possibly other versions before 1.1.3, invokes the ...) BUG: 242696 CVE-2008-4553 (qemu-make-debian-root in qemu 0.9.1-5 on Debian GNU/Linux allows local ...) NOT-FOR-US: Debian-specific CVE-2008-4554 (The do_splice_from function in fs/splice.c in the Linux kernel before ...) BUG: 243156 CVE-2008-4555 (Stack-based buffer overflow in the push_subg function in parser.y ...) BUG: 240636 CVE-2008-4556 (Stack-based buffer overflow in the adm_build_path function in sadmind ...) NOT-FOR-US: adm_build_path function in sadmind in Sun Solstice AdminSuite on Solaris CVE-2008-4557 (plugins/wacko/highlight/html.php in Strawberry in CuteNews.ru 1.1.1 ...) NOT-FOR-US: Strawberry in CuteNews ru CVE-2008-4558 (Array index error in VLC media player 0.9.2 allows remote attackers to ...) BUG: 242410 CVE-2008-4559 (HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows ...) NOT-FOR-US: hp openview_network_node_manager CVE-2008-4560 (HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows ...) NOT-FOR-US: hp openview_network_node_manager CVE-2008-4561 RESERVED CVE-2008-4562 (Buffer overflow in the ovlaunch CGI program in HP OpenView Network ...) NOT-FOR-US: hp openview_network_node_manager CVE-2008-4563 (Heap-based buffer overflow in adsmdll.dll 5.3.7.7296, as used by the ...) NOT-FOR-US: ibm tivoli_storage_manager_express CVE-2008-4564 (Stack-based buffer overflow in wp6sr.dll in the Autonomy KeyView SDK ...) NOT-FOR-US: Autonomy KeyView SDK CVE-2008-4565 RESERVED CVE-2008-4566 RESERVED CVE-2008-4567 RESERVED CVE-2008-4568 RESERVED CVE-2008-4569 (SQL injection vulnerability in xlacomments.asp in XIGLA Software ...) NOT-FOR-US: xigla absolute_poll_manager_xe CVE-2008-4570 (SQL injection vulnerability in index.php in Real Estate Classifieds ...) NOT-FOR-US: real estate scripts CVE-2008-4571 (Cross-site scripting (XSS) vulnerability in the LiveSearch module in ...) BUG: 242700 CVE-2008-4572 (GuildFTPd 0.999.14, and possibly other versions, allows remote ...) NOT-FOR-US: guildftpd CVE-2008-4573 (SQL injection vulnerability in kategori.asp in MunzurSoft Wep Portal ...) NOT-FOR-US: aspindir munzursoft_web_portal_w3 CVE-2008-4574 (SQL injection vulnerability in default.asp in Ayco Okul Portali allows ...) NOT-FOR-US: aspindir ayco_okul_portali CVE-2008-4575 (Buffer overflow in the DoCommand function in jhead before 2.84 might ...) BUG: 242702 CVE-2008-4576 (sctp in Linux kernel before 2.6.25.18 allows remote attackers to cause ...) BUG: 242706 CVE-2008-4577 (The ACL plugin in Dovecot before 1.1.4 treats negative access rights ...) BUG: 240409 CVE-2008-4578 (The ACL plugin in Dovecot before 1.1.4 allows attackers to bypass ...) BUG: 240409 CVE-2008-4579 (The (1) fence_apc and (2) fence_apc_snmp programs, as used in (a) ...) BUG: 240576 CVE-2008-4580 (fence_manual, as used in fence 2.02.00-r1 and possibly cman, allows ...) BUG: 240576 CVE-2008-4581 (The Editor in IBM ENOVIA SmarTeam 5 before release 18 SP5, and release ...) NOT-FOR-US: ibm enovia_smarteam CVE-2008-4582 (Mozilla Firefox 3.0.1 through 3.0.3, Firefox 2.x before 2.0.0.18, and ...) NOT-FOR-US: M$-only, .url shortcut specific CVE-2008-4583 (Insecure method vulnerability in the Chilkat FTP 2.0 ActiveX component ...) NOT-FOR-US: chilkat_software ftp CVE-2008-4584 (Insecure method vulnerability in Chilkat Mail 7.8 ActiveX control ...) NOT-FOR-US: chilkat_software mail CVE-2008-4585 (Belong Software Site Builder 0.1 beta allows remote attackers to ...) NOT-FOR-US: belong_software site_builder CVE-2008-4586 (Insecure method vulnerability in the MVSNCLientWebAgent61.WebAgent.1 ...) NOT-FOR-US: acresso flexnet_connect CVE-2008-4587 (Insecure method vulnerability in the ...) NOT-FOR-US: acresso flexnet_connect CVE-2008-4588 (Stack-based buffer overflow in the FTP server in Etype Eserv 3.x, ...) NOT-FOR-US: etype eserv CVE-2008-4589 (Heap-based buffer overflow in the tvtumin.sys kernel driver in Lenovo ...) NOT-FOR-US: lenovo resuce_and_recovery CVE-2008-4590 (Multiple SQL injection vulnerabilities in Stash 1.0.3 allow remote ...) NOT-FOR-US: stash CVE-2008-4591 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: phpwebgallery CVE-2008-4592 (Directory traversal vulnerability in index.php in Sports Clubs Web ...) NOT-FOR-US: sportspanel sports_clubs_web_portal CVE-2008-4593 (Apple iPhone 2.1 with firmware 5F136, when Require Passcode is enabled ...) NOT-FOR-US: Apple CVE-2008-4594 (Unspecified vulnerability in the SNMPv3 component in Linksys WAP4400N ...) NOT-FOR-US: SNMPv3 CVE-2008-4595 (Multiple unspecified vulnerabilities in Slaytanic Scripts Content Plus ...) NOT-FOR-US: Slaytanic Scripts Content Plus CVE-2008-4596 (Cross-site scripting (XSS) vulnerability in Shindig-Integrator 5.x, a ...) NOT-FOR-US: Shindig Integrator CVE-2008-4597 (Shindig-Integrator 5.x, a module for Drupal, does not properly ...) NOT-FOR-US: Shindig Integrator CVE-2008-4598 (Unspecified vulnerability in Shindig-Integrator 5.x, a module for ...) NOT-FOR-US: Shindig Integrator CVE-2008-4599 (SQL injection vulnerability in category.php in Mosaic Commerce allows ...) NOT-FOR-US: Mosaic CVE-2008-4600 (configure.php in PokerMax Poker League Tournament Script 0.13 allows ...) NOT-FOR-US: PokerMax Poker League Tournament Script CVE-2008-4601 (Cross-site scripting (XSS) vulnerability in the login feature in ...) NOT-FOR-US: login feature in Habari CMS CVE-2008-4602 (Directory traversal vulnerability in index.php in Post Affiliate Pro ...) NOT-FOR-US: Post Affiliate Pro CVE-2008-4603 (SQL injection vulnerability in search.php in iGaming CMS 2.0 Alpha 1 ...) NOT-FOR-US: iGaming CMS CVE-2008-4604 (SQL injection vulnerability in index.php in Easy CafeEngine 1.1 allows ...) NOT-FOR-US: Easy CafeEngine CVE-2008-4605 (SQL injection vulnerability in CafeEngine allows remote attackers to ...) NOT-FOR-US: CafeEngine CVE-2008-4606 (Multiple SQL injection vulnerabilities in IP Reg 0.4 and earlier allow ...) NOT-FOR-US: IP Reg CVE-2008-4607 RESERVED CVE-2008-4608 RESERVED CVE-2008-4609 (The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, ...) BUG: 253645 CVE-2008-4610 (MPlayer allows remote attackers to cause a denial of service ...) NOTE: same as with CVE-2007-6718 (rbu) NOTE: this only crashes mplayer here (craig) BUG: 253649 CVE-2008-4611 (SQL injection vulnerability in index.php in PHP Arsivimiz Php ...) NOT-FOR-US: php_arsivimiz php_ziyaretci_defteri CVE-2008-4612 (Cross-site scripting (XSS) vulnerability in PortalApp 4.0 allows ...) NOT-FOR-US: portalapp CVE-2008-4613 (SQL injection vulnerability in forums.asp in PortalApp 4.0 allows ...) NOT-FOR-US: portalapp CVE-2008-4614 (PortalApp 4.0 does not require authentication for (1) forums.asp and ...) NOT-FOR-US: portalapp CVE-2008-4615 (Unspecified vulnerability in i_utils.asp in PortalApp before 4.01a has ...) NOT-FOR-US: portalapp CVE-2008-4616 (The SpamBam plugin for WordPress allows remote attackers to bypass ...) NOT-FOR-US: wordpress spambam_plugin CVE-2008-4617 (SQL injection vulnerability in the actualite module 1.0 for Joomla! ...) NOT-FOR-US: joomla com_actualite CVE-2008-4618 (The Stream Control Transmission Protocol (sctp) implementation in the ...) BUG: 243180 CVE-2008-4619 (The RPC subsystem in Sun Solaris 9 allows remote attackers to cause a ...) NOTE: Fixed in net-libs/libtirpc-0.1.10 which is already stable NOTE: no glsa since it is only used by rpcbind which is ~arch NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=468014 CVE-2008-4620 (SQL injection vulnerability in Meeting Room Booking System (MRBS) ...) NOT-FOR-US: Meeting Room Booking System MRBS CVE-2008-4621 (SQL injection vulnerability in bannerclick.php in ZeeScripts ...) NOT-FOR-US: ZeeScripts CVE-2008-4622 (The isLoggedIn function in fastnews-code.php in phpFastNews 1.0.0 ...) NOT-FOR-US: phpFastNews CVE-2008-4623 (SQL injection vulnerability in the DS-Syndicate (com_ds-syndicate) ...) NOT-FOR-US: DS Syndicate com_ds syndicate component CVE-2008-4624 (PHP remote file inclusion vulnerability in init.php in Fast Click SQL ...) NOT-FOR-US: Fast Click SQL Lite CVE-2008-4625 (SQL injection vulnerability in stnl_iframe.php in the ShiftThis ...) NOT-FOR-US: ShiftThis CVE-2008-4626 (Directory traversal vulnerability in index.php in Fritz Berger yet ...) NOT-FOR-US: Fritz Berger yet another php photo album next generation yappa ng CVE-2008-4627 (SQL injection vulnerability in the rGallery plugin 1.09 for WoltLab ...) NOT-FOR-US: rGallery plugin CVE-2008-4628 (SQL injection vulnerability in del.php in myWebland miniBloggie 1.0 ...) NOT-FOR-US: myWebland miniBloggie CVE-2008-4629 (Cross-site scripting (XSS) vulnerability in Usagi Project MyNETS 1.2.0 ...) NOT-FOR-US: Usagi Project MyNETS CVE-2008-4630 (Multiple unspecified vulnerabilities in Midgard Components (MidCOM) ...) NOT-FOR-US: Midgard Components MidCOM Framework CVE-2008-4631 (Stack-based buffer overflow in the Message::AddToString function in ...) NOT-FOR-US: MUSCLE CVE-2008-4632 (Multiple directory traversal vulnerabilities in index.php in Kure ...) NOT-FOR-US: Kure CVE-2008-4633 (SQL injection vulnerability in Node Vote 5.x before 5.x-1.1 and 6.x ...) NOT-FOR-US: Node Vote CVE-2008-4634 (Cross-site scripting (XSS) vulnerability in Movable Type 4 through ...) NOT-FOR-US: Movable Type CVE-2008-4635 (Unspecified vulnerability in Hisanaga Electric Co, Ltd. hisa_cart 1.29 ...) NOT-FOR-US: Hisanaga Electric Co Ltd hisa_cart CVE-2008-4636 (yast2-backup 2.14.2 through 2.16.6 on SUSE Linux and Novell Linux ...) NOT-FOR-US: n CVE-2008-4637 (Cross-site scripting (XSS) vulnerability in cpCommerce before 1.2.4 ...) NOT-FOR-US: cpcommerce CVE-2008-4638 (qioadmin in the Quick I/O for Database feature in Symantec Veritas ...) NOT-FOR-US: symantec veritas_file_system CVE-2008-4639 (jhead.c in Matthias Wandel jhead 2.84 and earlier allows local users ...) BUG: 242702 CVE-2008-4640 (The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and ...) BUG: 243238 CVE-2008-4641 (The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and ...) BUG: 243238 CVE-2008-4642 (SQL injection vulnerability in profile.php in AstroSPACES 1.1.1 allows ...) NOT-FOR-US: astrospaces CVE-2008-4643 (SQL injection vulnerability in hits.php in myWebland myStats allows ...) NOT-FOR-US: myWebland CVE-2008-4644 (hits.php in myWebland myStats allows remote attackers to bypass IP ...) NOT-FOR-US: myWebland CVE-2008-4645 (plugins/event_tracer/event_list.php in PhpWebGallery 1.7.2 and earlier ...) NOT-FOR-US: PhpWebGallery CVE-2008-4646 (The Websense Reporter Module in Websense Enterprise 6.3.2 stores the ...) NOT-FOR-US: Websense Enterprise CVE-2008-4647 (SQL injection vulnerability in index.php in sweetCMS 1.5.2 allows ...) NOT-FOR-US: sweetCMS CVE-2008-4648 (Cross-site scripting (XSS) vulnerability in index.php in Elxis CMS ...) NOT-FOR-US: Elxis CMS CVE-2008-4649 (Session fixation vulnerability in Elxis CMS 2008.1 revision 2204 ...) NOT-FOR-US: Elxis CMS CVE-2008-4650 (SQL injection vulnerability in viewevent.php in myEvent 1.6 allows ...) NOT-FOR-US: myEvent CVE-2008-4651 (Multiple SQL injection vulnerabilities in Jetbox CMS 2.1 allow remote ...) NOT-FOR-US: Jetbox CMS CVE-2008-4652 (Buffer overflow in the ActiveX control (DartFtp.dll) in Dart ...) NOT-FOR-US: ActiveX control DartFtp dll in Dart Communications PowerTCP FTP for ActiveX CVE-2008-4653 (SQL injection vulnerability in makale.php in Makale 0.26 and possibly ...) NOT-FOR-US: Makale CVE-2008-4654 (Stack-based buffer overflow in the parse_master function in the Ty ...) BUG: 242740 CVE-2008-4655 (SQL injection vulnerability in the Simple survey (simplesurvey) 1.7.0 ...) NOT-FOR-US: typo3 simplesurvey CVE-2008-4656 (SQL injection vulnerability in the Frontend Users View (feusersview) ...) NOT-FOR-US: typo3 frontend_users_view CVE-2008-4657 (SQL injection vulnerability in the Econda Plugin (econda) 0.0.2 and ...) NOT-FOR-US: typo3 econda_plugin CVE-2008-4658 (SQL injection vulnerability in the JobControl (dmmjobcontrol) 1.15.4 ...) NOT-FOR-US: typo3 jobcontrol CVE-2008-4659 (SQL injection vulnerability in the Mannschaftsliste ...) NOT-FOR-US: typo3 mannschaftsliste CVE-2008-4660 (SQL injection vulnerability in the M1 Intern (m1_intern) 1.0.0 ...) NOT-FOR-US: M1 CVE-2008-4661 (Cross-site scripting (XSS) vulnerability in the Page Improvements ...) NOT-FOR-US: Page Improvements sm_pageimprovements CVE-2008-4662 (Directory traversal vulnerability in admin.php in LokiCMS 0.3.4, when ...) NOT-FOR-US: LokiCMS CVE-2008-4663 (Cross-site scripting (XSS) vulnerability in analysis.cgi 1.44, as used ...) NOT-FOR-US: analysis cgi CVE-2008-4664 (Heap-based buffer overflow in QvodInsert.QvodCtrl.1 ActiveX control ...) NOT-FOR-US: QVOD Player CVE-2008-4665 (SQL injection vulnerability in PG Matchmaking allows remote attackers ...) NOT-FOR-US: PG CVE-2008-4666 (SQL injection vulnerability in webboard.php in Ultimate Webboard 3.00 ...) NOT-FOR-US: Ultimate Webboard CVE-2008-4667 (Directory traversal vulnerability in rss.php in ArabCMS 2.0 beta 1 ...) NOT-FOR-US: ArabCMS CVE-2008-4668 (Directory traversal vulnerability in the Image Browser ...) NOT-FOR-US: Image Browser com_imagebrowser CVE-2008-4669 (Cross-site scripting (XSS) vulnerability in search.php in Dan Fletcher ...) NOT-FOR-US: Dan CVE-2008-4670 (Cross-site scripting (XSS) vulnerability in search.php in Ed Pudol ...) NOT-FOR-US: Ed CVE-2008-4671 (Cross-site scripting (XSS) vulnerability in wp-admin/wp-blogs.php in ...) NOT-FOR-US: we only have >2.6 in the tree CVE-2008-4672 (Cross-site scripting (XSS) vulnerability in search_results.php in ...) NOT-FOR-US: buymyscripts CVE-2008-4673 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: WebBiscuits Software Events Calendar CVE-2008-4674 (SQL injection vulnerability in realestate-index.php in Conkurent Real ...) NOT-FOR-US: Conkurent Real Estate Manager CVE-2008-4675 (SQL injection vulnerability in index.php in PHPcounter 1.3.2 and ...) NOT-FOR-US: PHPcounter CVE-2008-4676 (Unspecified vulnerability in Citrix XenApp (formerly Presentation ...) NOT-FOR-US: Citrix XenApp formerly Presentation Server CVE-2008-4677 (autoload/netrw.vim (aka the Netrw Plugin) 109, 131, and other versions ...) BUG: 245065 CVE-2008-4678 (The HTTP_Request_Parser method in the HTTP Transport component in IBM ...) NOT-FOR-US: ibm websphere_application_server CVE-2008-4679 (The Web Services Security component in IBM WebSphere Application ...) NOT-FOR-US: ibm websphere_application_server CVE-2008-4680 (packet-usb.c in the USB dissector in Wireshark 0.99.7 through 1.0.3 ...) BUG: 242996 CVE-2008-4681 (Unspecified vulnerability in the Bluetooth RFCOMM dissector in ...) BUG: 242996 CVE-2008-4682 (wtap.c in Wireshark 0.99.7 through 1.0.3 allows remote attackers to ...) BUG: 242996 CVE-2008-4683 (The dissect_btacl function in packet-bthci_acl.c in the Bluetooth ACL ...) BUG: 242996 CVE-2008-4684 (packet-frame in Wireshark 0.99.2 through 1.0.3 does not properly ...) BUG: 242996 CVE-2008-4685 (Use-after-free vulnerability in the dissect_q931_cause_ie function in ...) BUG: 242996 CVE-2008-4686 (Multiple integer overflows in ty.c in the TY demux plugin (aka the ...) BUG: 242740 CVE-2008-4687 (manage_proj_page.php in Mantis before 1.1.4 allows remote ...) BUG: 242722 CVE-2008-4688 (core/string_api.php in Mantis before 1.1.3 does not check the ...) BUG: 242722 CVE-2008-4689 (Mantis before 1.1.3 does not unset the session cookie during logout, ...) BUG: 241940 CVE-2008-4690 (lynx 2.8.6dev.15 and earlier, when advanced mode is enabled and lynx ...) BUG: 243058 CVE-2008-4691 (Unspecified vulnerability in the SQLNLS_UNPADDEDCHARLEN function in ...) NOT-FOR-US: SQLNLS_UNPADDEDCHARLEN CVE-2008-4692 (The Native Managed Provider for .NET component in IBM DB2 8 before ...) NOT-FOR-US: IBM CVE-2008-4693 (The SORT/LIST SERVICES component in IBM DB2 9.1 before FP6 and 9.5 ...) NOT-FOR-US: IBM CVE-2008-4694 (Unspecified vulnerability in Opera before 9.60 allows remote attackers ...) BUG: 240500 CVE-2008-4695 (Opera before 9.60 allows remote attackers to obtain sensitive ...) BUG: 240500 CVE-2008-4696 (Cross-site scripting (XSS) vulnerability in Opera.dll in Opera before ...) NOT-FOR-US: opera CVE-2008-4697 (The Fast Forward feature in Opera before 9.61, when a page is located ...) BUG: 243060 CVE-2008-4698 (Opera before 9.61 does not properly block scripts during preview of a ...) BUG: 243060 CVE-2008-4699 (Insecure method vulnerability in the ActiveX control (PAWWeb11.ocx) in ...) NOT-FOR-US: Peachtree Accounting CVE-2008-4700 (SQL injection vulnerability in admin.php in Libera CMS 1.12 and ...) NOT-FOR-US: Libera CMS CVE-2008-4701 (SQL injection vulnerability in admin.php in Libera CMS 1.12, when ...) NOT-FOR-US: Libera CMS CVE-2008-4702 (Multiple directory traversal vulnerabilities in PhpWebGallery 1.3.4 ...) NOT-FOR-US: PhpWebGallery CVE-2008-4703 (SQL injection vulnerability in news.php in BosDev BosNews 4.0 allows ...) NOT-FOR-US: BosDev BosNews CVE-2008-4704 (PHP remote file inclusion vulnerability in SezHooTabsAndActions.php in ...) NOT-FOR-US: SezHoo CVE-2008-4705 (SQL injection vulnerability in success_story.php in php Online Dating ...) NOT-FOR-US: php CVE-2008-4706 (SQL injection vulnerability in VBGooglemap Hotspot Edition 1.0.3, a ...) NOT-FOR-US: VBGooglemap Hotspot Edition CVE-2008-4707 (Directory traversal vulnerability in index.php in BbZL.PhP 0.92 allows ...) NOT-FOR-US: BbZL PhP CVE-2008-4708 (BbZL.PhP 0.92 allows remote attackers to bypass authentication and ...) NOT-FOR-US: BbZL PhP CVE-2008-4709 (SQL injection vulnerability in news_read.php in Pilot Group (PG) ...) NOT-FOR-US: Pilot CVE-2008-4710 (Cross-site scripting (XSS) vulnerability in the stock quotes page in ...) NOT-FOR-US: stock quotes page in Stock CVE-2008-4711 (SQL injection vulnerability in Joovili 3.0 and earlier, when ...) NOT-FOR-US: Joovili CVE-2008-4712 (Directory traversal vulnerability in pages/showblog.php in LnBlog ...) NOT-FOR-US: LnBlog CVE-2008-4713 (SQL injection vulnerability in view.php in 212cafe Board 0.07 allows ...) NOT-FOR-US: view php in CVE-2008-4714 (Atomic Photo Album 1.1.0 pre4 does not properly handle the ...) NOT-FOR-US: Atomic CVE-2008-4715 (SQL injection vulnerability in the Jpad (com_jpad) 1.0 component for ...) NOT-FOR-US: Jpad com_jpad CVE-2008-4716 (SQL injection vulnerability in show.php in BitmixSoft PHP-Lance 1.52 ...) NOT-FOR-US: BitmixSoft PHP Lance CVE-2008-4717 (SQL injection vulnerability in bannerclick.php in ZEELYRICS 2.0 allows ...) NOT-FOR-US: ZEELYRICS CVE-2008-4718 (Directory traversal vulnerability in help/mini.php in X7 Chat 2.0.1 A1 ...) NOT-FOR-US: help mini phpin CVE-2008-4719 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: openEngine CVE-2008-4720 (Multiple PHP remote file inclusion vulnerabilities in The Gemini ...) NOT-FOR-US: The Gemini Portal CVE-2008-4721 (PHP Jabbers Post Comment 3.0 allows remote attackers to bypass ...) NOT-FOR-US: PHP CVE-2008-4722 (Unspecified vulnerability in Sun Integrated Lights-Out Manager (ILOM) ...) NOT-FOR-US: Sun Integrated Lights Out Manager ILOM CVE-2008-4723 (Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox ...) BUG: 246004 CVE-2008-4724 (Multiple cross-site scripting (XSS) vulnerabilities in Google Chrome ...) NOT-FOR-US: Google Chrome CVE-2008-4725 (Cross-site scripting (XSS) vulnerability in Opera.dll in Opera 9.52 ...) NOT-FOR-US: Opera CVE-2008-4726 (Stack-based buffer overflow in the SFTP subsystem in GoodTech SSH 6.4 ...) NOT-FOR-US: SFTP subsystem in GoodTech SSH CVE-2008-4727 (Cross-site scripting (XSS) vulnerability in the contact update page ...) NOT-FOR-US: contact update page ss bwgkoemr P_UpdateEmrgContacts in SunGard Banner Student CVE-2008-4728 (Multiple insecure method vulnerabilities in the ...) NOT-FOR-US: Hummingbird Deployment Wizard CVE-2008-4729 (Stack-based buffer overflow in Hummingbird.XWebHostCtrl.1 ActiveX ...) NOT-FOR-US: Hummingbird Xweb ActiveX Control CVE-2008-4730 (Cross-site scripting (XSS) vulnerability in MyID.php in phpMyID 0.9 ...) NOT-FOR-US: phpMyID CVE-2008-4731 (Multiple unspecified vulnerabilities in YaCy before 0.61 have unknown ...) NOT-FOR-US: YaCy CVE-2008-4732 (SQL injection vulnerability in ajax_comments.php in the WP Comment ...) NOT-FOR-US: WP Comment Remix plugin CVE-2008-4733 (Cross-site scripting (XSS) vulnerability in wpcommentremix.php in WP ...) NOT-FOR-US: WP Comment Remix plugin CVE-2008-4734 (Cross-site request forgery (CSRF) vulnerability in the ...) NOT-FOR-US: wpcr_do_options_page function in WP Comment Remix plugin CVE-2008-4735 (PHP remote file inclusion vulnerability in header.php in Concord ...) NOT-FOR-US: Concord Asset Software and Ticket system CoAST CVE-2008-4736 (SQL injection vulnerability in index.php in RPG.Board 0.8 Beta2 and ...) NOT-FOR-US: RPG Board CVE-2008-4737 (Cross-site scripting (XSS) vulnerability in wholite.cgi in WhoDomLite ...) NOT-FOR-US: WhoDomLite CVE-2008-4738 (SQL injection vulnerability in gallery.php in MyCard 1.0.2 allows ...) NOT-FOR-US: MyCard CVE-2008-4739 (Directory traversal vulnerability in index.php in PlugSpace 0.1, when ...) NOT-FOR-US: PlugSpace CVE-2008-4740 (Directory traversal vulnerability in templater.php in the ZZ_Templater ...) NOT-FOR-US: tinycms CVE-2008-4741 (Directory traversal vulnerability in index.php in FAR-PHP 1.00, when ...) NOT-FOR-US: far php CVE-2008-4742 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: timetrex CVE-2008-4743 (SQL injection vulnerability in index.php in QuidaScript FAQ Management ...) NOT-FOR-US: quidascript faq_management_script CVE-2008-4744 (SQL injection vulnerability in product_detail.php in DXShopCart 4.30mc ...) NOT-FOR-US: dxproscripts dxshopcart CVE-2008-4745 (Cross-site scripting (XSS) vulnerability in emailFriend.asp in Uniwin ...) NOT-FOR-US: uniwin ecart_professional CVE-2008-4746 (Multiple SQL injection vulnerabilities in Uniwin eCart Professional ...) NOT-FOR-US: uniwin ecart_professional CVE-2008-4747 (Unspecified vulnerability in the search feature in Sun Java System ...) NOT-FOR-US: search feature in Sun Java System LDAP JDK CVE-2008-4748 (Format string vulnerability in the URI handler in KVirc 3.4.0, when ...) BUG: 244666 CVE-2008-4749 (Multiple insecure method vulnerabilities in the VImpX.VImpAX ActiveX ...) NOT-FOR-US: VImpX VImpAX ActiveX control VImpX ocx CVE-2008-4750 (Stack-based buffer overflow in the VImpX.VImpAX ActiveX control ...) NOT-FOR-US: VImpX VImpAX ActiveX control VImpX ocx CVE-2008-4751 (Cross-site scripting (XSS) vulnerability in index.php in iPei ...) NOT-FOR-US: iPei Guestbook CVE-2008-4752 (TlNews 2.2 allows remote attackers to bypass authentication and gain ...) NOT-FOR-US: TlNews CVE-2008-4753 (SQL injection vulnerability in EditUrl.php in AJ Square RSS Reader ...) NOT-FOR-US: AJ CVE-2008-4754 (SQL injection vulnerability in forum.php in Scripts for Sites (SFS) Ez ...) NOT-FOR-US: Scripts CVE-2008-4755 (SQL injection vulnerability in gotourl.php in PozScripts Classified ...) NOT-FOR-US: PozScripts CVE-2008-4756 (Cross-site scripting (XSS) vulnerability in add_prest_date.php in ...) NOT-FOR-US: PHPdaily CVE-2008-4757 (Multiple SQL injection vulnerabilities in PHP-Daily allow remote ...) NOT-FOR-US: PHPdaily CVE-2008-4758 (Directory traversal vulnerability in download_file.php in PHP-Daily ...) NOT-FOR-US: PHPdaily CVE-2008-4759 (Directory traversal vulnerability in download.php in BuzzyWall 1.3.1 ...) NOT-FOR-US: BuzzyWall CVE-2008-4760 (SQL injection vulnerability in lecture.php in Graphiks MyForum 1.3, ...) NOT-FOR-US: Graphiks MyForum CVE-2008-4761 (Cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: Kayako eSupport CVE-2008-4762 (Stack-based buffer overflow in freeSSHd 1.2.1 allows remote ...) NOT-FOR-US: freeSSHd CVE-2008-4763 (Multiple cross-site scripting (XSS) vulnerabilities in sample.php in ...) NOT-FOR-US: WiKID wClient PHP CVE-2008-4764 (Directory traversal vulnerability in the eXtplorer module ...) NOT-FOR-US: eXtplorer module com_extplorer CVE-2008-4765 (SQL injection vulnerability in pollBooth.php in osCommerce Poll Booth ...) NOT-FOR-US: osCommerce Poll Booth Add On CVE-2008-4766 (SQL injection vulnerability in member.php in Oxygen Bulletin Board ...) NOT-FOR-US: Oxygen Bulletin Board CVE-2008-4767 (Unrestricted file upload vulnerability in the DownloadsPlus module in ...) NOT-FOR-US: php nuke downloadsplus_module CVE-2008-4768 (SQL injection vulnerability in TLM CMS 3.1 allows remote attackers to ...) NOT-FOR-US: tlm_cms CVE-2008-4769 (Directory traversal vulnerability in the get_category_template ...) NOT-FOR-US: We only have >2.6 in tree CVE-2008-4770 (The CMsgReader::readRect function in the VNC Viewer component in ...) BUG: 255225 CVE-2008-4771 (Stack-based buffer overflow in VATDecoder.VatCtrl.1 ActiveX control in ...) NOT-FOR-US: vivotek rtsp_mpeg4_sp_control CVE-2008-4772 (SQL injection vulnerability in main/main.php in QuestCMS allows remote ...) NOT-FOR-US: questwork questcms CVE-2008-4773 (Directory traversal vulnerability in main/main.php in QuestCMS allows ...) NOT-FOR-US: questwork questcms CVE-2008-4774 (Cross-site scripting (XSS) vulnerability in main/main.php in QuestCMS ...) NOT-FOR-US: questwork questcms CVE-2008-4775 (Cross-site scripting (XSS) vulnerability in pmd_pdf.php in phpMyAdmin ...) BUG: 244914 CVE-2008-4776 (libgadu before 1.8.2 allows remote servers to cause a denial of ...) BUG: 244888 CVE-2008-4777 (SQL injection vulnerability in the Showroom Joomlearn LMS (com_lms) ...) NOT-FOR-US: joomla com_lms CVE-2008-4778 (SQL injection vulnerability in the gallery module in Koobi CMS 4.3.0 ...) NOT-FOR-US: dream4 koobi_cms CVE-2008-4779 (Stack-based buffer overflow in TUGzip 3.5.0.0 allows remote attackers ...) NOT-FOR-US: tguzip CVE-2008-4780 (Directory traversal vulnerability in admin/centre.php in MyForum 1.3, ...) NOT-FOR-US: easy script myforum CVE-2008-4781 (Directory traversal vulnerability in update.php in MyKtools 2.4 allows ...) NOT-FOR-US: easy script myktools CVE-2008-4782 (SQL injection vulnerability in public/code/cp_polls_results.php in All ...) NOT-FOR-US: aiocp CVE-2008-4783 (tlAds 1.0 allows remote attackers to bypass authentication and gain ...) NOT-FOR-US: easy script tlads CVE-2008-4784 (aflog 1.01 allows remote attackers to bypass authentication and gain ...) NOT-FOR-US: aflog CVE-2008-4785 (SQL injection vulnerability in newuser.php in the alternate_profiles ...) NOT-FOR-US: e107 alternate_profiles_plugin CVE-2008-4786 (SQL injection vulnerability in easyshop.php in the EasyShop plugin for ...) NOT-FOR-US: e107 easyshop_plugin CVE-2008-4787 (Visual truncation vulnerability in Microsoft Internet Explorer 6 ...) NOT-FOR-US: microsoft internet_explorer CVE-2008-4788 (Microsoft Internet Explorer 6 omits high-bit URL-encoded characters ...) NOT-FOR-US: microsoft internet_explorer CVE-2008-4789 (The validation functionality in the core upload module in Drupal 6.x ...) NOT-FOR-US: We only have drupal > 6.5 in tree CVE-2008-4790 (The core upload module in Drupal 5.x before 5.11 allows remote ...) NOT-FOR-US: We only have drupal 5.12 from the 5.x series in tree CVE-2008-4791 (The user module in Drupal 5.x before 5.11 and 6.x before 6.5 might ...) NOT-FOR-US: We only have drupal 6.6 in tree from the 6.x series CVE-2008-4792 (The core BlogAPI module in Drupal 5.x before 5.11 and 6.x before 6.5 ...) NOT-FOR-US: We only have drupal 6.6 and 5.12 in tree CVE-2008-4793 (The node module API in Drupal 5.x before 5.11 allows remote attackers ...) NOT-FOR-US: We only have drupal 6.6 and 5.12 in tree CVE-2008-4794 (Opera before 9.62 allows remote attackers to execute arbitrary ...) BUG: 244980 CVE-2008-4795 (The links panel in Opera before 9.62 processes Javascript within the ...) BUG: 244980 CVE-2008-4796 (The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3 ...) NOT-FOR-US: andrei_zmievski snoopy CVE-2008-4797 (Directory traversal vulnerability in Arihiro Kurata Kantan WEB Server ...) NOT-FOR-US: Arihiro Kurata Kantan WEB Server CVE-2008-4798 (The loadModule function in lib/WebGUI/Asset.pm in WebGUI before 7.5.30 ...) NOT-FOR-US: WebGUI CVE-2008-4799 (pamperspective in Netpbm before 10.35.48 does not properly calculate a ...) BUG: 245051 CVE-2008-4800 (The DebugDiag ActiveX control in CrashHangExt.dll, possibly 1.0, in ...) NOT-FOR-US: CrashHangExt dll possibly CVE-2008-4801 (Heap-based buffer overflow in the Data Protection for SQL CAD service ...) NOT-FOR-US: Data Protection for SQL CAD service aka dsmcat exe in the Client Acceptor Daemon CAD and the scheduler in the Backup Archive client CVE-2008-4802 (Cross-site scripting (XSS) vulnerability in complete.php in Simple PHP ...) NOT-FOR-US: Simple PHP Scripts blog CVE-2008-4803 (Cross-site scripting (XSS) vulnerability in index.php in Simple PHP ...) NOT-FOR-US: Simple PHP Scripts gallery CVE-2008-4804 (SQL injection vulnerability in the Gallery module 1.3 for PHP-Nuke ...) NOT-FOR-US: Gallery module CVE-2008-4805 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus ...) NOT-FOR-US: IBM Lotus Connections CVE-2008-4806 (Multiple SQL injection vulnerabilities in IBM Lotus Connections 2.x ...) NOT-FOR-US: IBM Lotus Connections CVE-2008-4807 (IBM Lotus Connections 2.x before 2.0.1 stores the password for the ...) NOT-FOR-US: trace log CVE-2008-4808 (IBM Lotus Connections 2.x before 2.0.1 allows attackers to discover ...) NOT-FOR-US: IBM CVE-2008-4809 (Multiple unspecified vulnerabilities in the Profiles search pages in ...) NOT-FOR-US: Profiles search pages in IBM Lotus Connections CVE-2008-4810 (The _expand_quoted_text function in libs/Smarty_Compiler.class.php in ...) BUG: 243856 CVE-2008-4811 (The _expand_quoted_text function in libs/Smarty_Compiler.class.php in ...) BUG: 243856 CVE-2008-4812 (Array index error in Adobe Reader and Acrobat, and the Explorer ...) BUG: 225483 CVE-2008-4813 (Adobe Reader and Acrobat 8.1.2 and earlier, and before 7.1.1, allow ...) BUG: 225483 CVE-2008-4814 (Unspecified vulnerability in a JavaScript method in Adobe Reader and ...) BUG: 225483 CVE-2008-4815 (Untrusted search path vulnerability in Adobe Reader and Acrobat 8.1.2 ...) BUG: 225483 CVE-2008-4816 (Unspecified vulnerability in the Download Manager in Adobe Reader ...) NOT-FOR-US: Download Manager in Adobe Reader CVE-2008-4817 (The Download Manager in Adobe Acrobat Professional and Reader 8.1.2 ...) BUG: 225483 CVE-2008-4818 (Cross-site scripting (XSS) vulnerability in Adobe Flash Player ...) BUG: 239543 CVE-2008-4819 (Unspecified vulnerability in Adobe Flash Player 9.0.124.0 and earlier ...) BUG: 239543 CVE-2008-4820 (Unspecified vulnerability in the Flash Player ActiveX control in Adobe ...) NOT-FOR-US: NFU: Windows CVE-2008-4821 (Adobe Flash Player 9.0.124.0 and earlier, when a Mozilla browser is ...) BUG: 239543 CVE-2008-4822 (Adobe Flash Player 9.0.124.0 and earlier does not properly interpret ...) BUG: 239543 CVE-2008-4823 (Cross-site scripting (XSS) vulnerability in Adobe Flash Player ...) BUG: 239543 CVE-2008-4824 (Multiple unspecified vulnerabilities in Adobe Flash Player 10.x before ...) BUG: 239543 CVE-2008-4825 (Multiple buffer overflows in UltraISO 9.3.1.2633, and possibly other ...) NOT-FOR-US: ezbsystems ultraiso CVE-2008-4826 REJECTED CVE-2008-4827 (Multiple heap-based buffer overflows in the AddTab method in the (1) ...) NOT-FOR-US: servantix tsc2_help_desk CVE-2008-4828 (Multiple stack-based buffer overflows in dsmagent.exe in the Remote ...) NOT-FOR-US: ibm tivoli_storage_manager_express CVE-2008-4829 (Multiple buffer overflows in lib/http.c in Streamripper 1.63.5 allow ...) BUG: 249039 CVE-2008-4830 (Insecure method vulnerability in the KWEdit ActiveX control in SAP GUI ...) NOT-FOR-US: sap_gui CVE-2008-4831 (Unspecified vulnerability in Adobe ColdFusion 8 and 8.0.1 and ...) NOT-FOR-US: adobe coldfusion CVE-2008-4832 (rc.sysinit in initscripts 8.12-8.21 and 8.56.15-0.1 on rPath allows ...) NOT-FOR-US: rpath initscripts CVE-2008-4833 RESERVED CVE-2008-4834 (Buffer overflow in SMB in the Server service in Microsoft Windows 2000 ...) NOT-FOR-US: SMB in the Server service in Microsoft Windows CVE-2008-4835 (SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and ...) NOT-FOR-US: Server service in Microsoft Windows CVE-2008-4836 RESERVED CVE-2008-4837 (Stack-based buffer overflow in Microsoft Office Word 2000 SP3, 2002 ...) NOT-FOR-US: Microsoft CVE-2008-4838 RESERVED CVE-2008-4839 RESERVED CVE-2008-4840 RESERVED CVE-2008-4841 (The WordPad Text Converter for Word 97 files in Microsoft Windows 2000 ...) NOT-FOR-US: Microsoft Windows CVE-2008-4842 RESERVED CVE-2008-4843 RESERVED CVE-2008-4844 (Use-after-free vulnerability in mshtml.dll in Microsoft Internet ...) NOT-FOR-US: microsoft internet_explorer CVE-2008-4845 RESERVED CVE-2008-4846 RESERVED CVE-2008-4847 RESERVED CVE-2008-4848 RESERVED CVE-2008-4849 RESERVED CVE-2008-4850 RESERVED CVE-2008-4851 RESERVED CVE-2008-4852 RESERVED CVE-2008-4853 RESERVED CVE-2008-4854 RESERVED CVE-2008-4855 RESERVED CVE-2008-4856 RESERVED CVE-2008-4857 RESERVED CVE-2008-4858 RESERVED CVE-2008-4859 RESERVED CVE-2008-4860 RESERVED CVE-2008-4861 RESERVED CVE-2008-4862 RESERVED CVE-2008-4863 (Untrusted search path vulnerability in BPY_interface in Blender 2.46 ...) BUG: 245310 CVE-2008-4864 (Multiple integer overflows in imageop.c in the imageop module in ...) BUG: 246006 CVE-2008-4865 (Untrusted search path vulnerability in valgrind before 3.4.0 allows ...) BUG: 245317 CVE-2008-4866 (Multiple buffer overflows in libavformat/utils.c in FFmpeg 0.4.9 ...) BUG: 245313 CVE-2008-4867 (Buffer overflow in libavcodec/dca.c in FFmpeg 0.4.9 before r14917, as ...) BUG: 245313 CVE-2008-4868 (Unspecified vulnerability in the avcodec_close function in ...) BUG: 245313 CVE-2008-4869 (FFmpeg 0.4.9, as used by MPlayer, allows context-dependent attackers ...) BUG: 245313 CVE-2008-4870 (dovecot 1.0.7 in Red Hat Enterprise Linux (RHEL) 5, and possibly ...) BUG: 245316 CVE-2008-4871 (Cross-site scripting (XSS) vulnerability in My Little Forum 1.75 and ...) NOT-FOR-US: My Little Forum CVE-2008-4872 (Cross-site scripting (XSS) vulnerability in bidhistory.php in ...) NOT-FOR-US: iTechBids Gold CVE-2008-4873 (board.cgi in Sepal SPBOARD 4.5 allows remote attackers to execute ...) NOT-FOR-US: Sepal SPBOARD CVE-2008-4874 (The web component in Philips Electronics VOIP841 DECT Phone with ...) NOT-FOR-US: Philips CVE-2008-4875 (Directory traversal vulnerability in the web server in Philips ...) NOT-FOR-US: web CVE-2008-4876 (Cross-site scripting (XSS) vulnerability in the web server component ...) NOT-FOR-US: a CVE-2008-4877 (SQL injection vulnerability in admin.php in WebCards 1.3, when ...) NOT-FOR-US: WebCards CVE-2008-4878 (Unrestricted file upload vulnerability in the "Add Image Macro" ...) NOT-FOR-US: Add Image Macro feature in WebCards CVE-2008-4879 (SQL injection vulnerability in prod.php in Maran PHP Shop allows ...) NOT-FOR-US: Maran CVE-2008-4880 (SQL injection vulnerability in prodshow.php in Maran PHP Shop allows ...) NOT-FOR-US: Maran CVE-2008-4881 (SQL injection vulnerability in tr.php in YourFreeWorld Reminder ...) NOT-FOR-US: YourFreeWorld CVE-2008-4882 (SQL injection vulnerability in tr.php in YourFreeWorld Autoresponder ...) NOT-FOR-US: YourFreeWorld CVE-2008-4883 (SQL injection vulnerability in tr.php in YourFreeWorld Blog Blaster ...) NOT-FOR-US: YourFreeWorld CVE-2008-4884 (SQL injection vulnerability in tr.php in YourFreeWorld Classifieds ...) NOT-FOR-US: YourFreeWorld CVE-2008-4885 (SQL injection vulnerability in tr1.php in YourFreeWorld Scrolling Text ...) NOT-FOR-US: YourFreeWorld CVE-2008-4886 (SQL injection vulnerability in index.php in YourFreeWorld Shopping ...) NOT-FOR-US: YourFreeWorld CVE-2008-4887 (SQL injection vulnerability in index.php in NetRisk 2.0 and earlier ...) NOT-FOR-US: NetRisk CVE-2008-4888 (Cross-site scripting (XSS) vulnerability in error.php in NetRisk 2.0 ...) NOT-FOR-US: NetRisk CVE-2008-4889 (SQL injection vulnerability in index.php in deV!L'z Clanportal (DZCP) ...) NOT-FOR-US: deV!L'z Clanportal (DZCP) CVE-2008-4890 (SQL injection vulnerability in products.php in 1st News 4 Professional ...) NOT-FOR-US: products php in CVE-2008-4891 (Cross-site scripting (XSS) vulnerability in signme.inc.php in ...) NOT-FOR-US: Planetluc SignMe CVE-2008-4892 (Cross-site scripting (XSS) vulnerability in gallery.inc.php in ...) NOT-FOR-US: Planetluc MyGallery CVE-2008-4893 (Cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: Tribiq CMS CVE-2008-4894 (Directory traversal vulnerability in ...) NOT-FOR-US: Tribiq CMS CVE-2008-4895 (SQL injection vulnerability in tr.php in YourFreeWorld Downline ...) NOT-FOR-US: YourFreeWorld CVE-2008-4896 (Cross-site scripting (XSS) vulnerability in fichiers/add_url.php in ...) NOT-FOR-US: Logz CMS CVE-2008-4897 (SQL injection vulnerability in fichiers/add_url.php in Logz podcast ...) NOT-FOR-US: Logz podcast CMS CVE-2008-4898 (Cross-site scripting (XSS) vulnerability in planetluc RateMe 1.3.3 ...) NOT-FOR-US: planetluc RateMe CVE-2008-4899 (Cross-site request forgery (CSRF) vulnerability in Planetluc RateMe ...) NOT-FOR-US: Planetluc RateMe CVE-2008-4900 (SQL injection vulnerability in tr.php in YourFreeWorld Classifieds ...) NOT-FOR-US: YourFreeWorld CVE-2008-4901 (SQL injection vulnerability in admin/admin.php in Article Publisher ...) NOT-FOR-US: Article Publisher Pro CVE-2008-4902 (SQL injection vulnerability in contact_author.php in Article Publisher ...) NOT-FOR-US: Article Publisher Pro CVE-2008-4903 (Cross-site scripting (XSS) vulnerability in the leave comment ...) NOT-FOR-US: leave comment feedback feature in Typo CVE-2008-4904 (SQL injection vulnerability in the "Manage pages" feature ...) NOT-FOR-US: Manage pages feature admin pages in Typo CVE-2008-4905 (Typo 5.1.3 and earlier uses a hard-coded salt for calculating password ...) NOT-FOR-US: Typo CVE-2008-4906 (SQL injection vulnerability in lyrics_song.php in the Lyrics ...) NOT-FOR-US: Lyrics CVE-2008-4907 (The message parsing feature in Dovecot 1.1.4 and 1.1.5, when using the ...) BUG: 244962 CVE-2008-4908 (maps/Info/combine.pl in CrossFire crossfire-maps 1.11.0 allows local ...) NOT-FOR-US: CrossFire crossfire maps CVE-2008-4909 (Cross-site request forgery (CSRF) vulnerability in CompactCMS 1.1 and ...) NOT-FOR-US: CompactCMS CVE-2008-4910 (The BasicService in Sun Java Web Start allows remote attackers to ...) BUG: 246010 CVE-2008-4911 (PHP remote file inclusion vulnerability in read.php in Chattaitaliano ...) NOT-FOR-US: Chattaitaliano CVE-2008-4912 (SQL injection vulnerability in popup_img.php in the fotogalerie module ...) NOT-FOR-US: fotogalerie CVE-2008-4913 (Directory traversal vulnerability in admin.php in LokiCMS 0.3.3 and ...) NOT-FOR-US: LokiCMS CVE-2008-4914 (Unspecified vulnerability in VMware ESXi 3.5 before ...) NOT-FOR-US: vmware esxi CVE-2008-4915 (The CPU hardware emulation in VMware Workstation 6.0.5 and earlier and ...) BUG: 245941 CVE-2008-4916 (Unspecified vulnerability in a guest virtual device driver in VMware ...) BUG: 245941 CVE-2008-4917 (Unspecified vulnerability in VMware Workstation 5.5.8 and earlier, and ...) BUG: 245941 CVE-2008-4918 (Cross-site scripting (XSS) vulnerability in SonicWALL SonicOS Enhanced ...) NOT-FOR-US: sonicwall sonicos CVE-2008-4919 (Insecure method vulnerability in VISAGESOFT eXPert PDF Viewer X ...) NOT-FOR-US: visagesoft expert_pdf_viewer_activex CVE-2008-4920 REJECTED CVE-2008-4921 (board/admin/reguser.php in Chipmunk CMS 1.3 allows remote attackers to ...) NOT-FOR-US: Chipmunk CMS CVE-2008-4922 (Buffer overflow in the DjVu ActiveX Control 3.0 for Microsoft Office ...) NOT-FOR-US: DjVu ActiveX Control CVE-2008-4923 (Multiple insecure method vulnerabilities in MW6 Technologies Aztec ...) NOT-FOR-US: MW6 CVE-2008-4924 (Multiple insecure method vulnerabilities in MW6 Technologies 1D ...) NOT-FOR-US: MW6 CVE-2008-4925 (Multiple insecure method vulnerabilities in MW6 Technologies ...) NOT-FOR-US: MW6 CVE-2008-4926 (Multiple insecure method vulnerabilities in MW6 Technologies PDF417 ...) NOT-FOR-US: MW6 CVE-2008-4927 (Microsoft Windows Media Player (WMP) 9.0 through 11 allows ...) NOT-FOR-US: Microsoft CVE-2008-4928 (Cross-site scripting (XSS) vulnerability in the redirect function in ...) NOT-FOR-US: MyBB aka MyBulletinBoard CVE-2008-4929 (MyBB (aka MyBulletinBoard) 1.4.2 uses insufficient randomness to ...) NOT-FOR-US: MyBB CVE-2008-4930 (MyBB (aka MyBulletinBoard) 1.4.2 does not properly handle an uploaded ...) NOT-FOR-US: MyBB CVE-2008-4931 (Cross-site scripting (XSS) vulnerability in the account module in ...) NOT-FOR-US: firmchannel digital_signage CVE-2008-4932 (webmail/modules/filesystem/edit.php in U-Mail Webmail server 4.91 ...) NOT-FOR-US: comingchina u mail_webmail_server CVE-2008-4933 (Buffer overflow in the hfsplus_find_cat function in ...) BUG: 245650 CVE-2008-4934 (The hfsplus_block_allocate function in fs/hfsplus/bitmap.c in the ...) BUG: 245650 CVE-2008-4935 (asciiview in aview 1.3.0 allows local users to overwrite arbitrary ...) BUG: 235808 CVE-2008-4936 (faxspool in mgetty 1.1.36 allows local users to overwrite arbitrary ...) BUG: 235806 CVE-2008-4937 (senddoc in OpenOffice.org (OOo) 2.4.1 allows local users to overwrite ...) BUG: 235824 CVE-2008-4938 (aegis 4.24 and aegis-web 4.24 allow local users to overwrite arbitrary ...) BUG: 245760 CVE-2008-4939 (apertium 3.0.7 allows local users to overwrite arbitrary files via a ...) NOT-FOR-US: apertium CVE-2008-4940 (xmlfile.py in aptoncd 0.1 allows local users to overwrite arbitrary ...) NOT-FOR-US: aptoncd CVE-2008-4941 (arb-common 0.0.20071207.1 allows local users to overwrite arbitrary ...) NOT-FOR-US: arb common CVE-2008-4942 (audiolink in audiolink 0.05 allows local users to overwrite arbitrary ...) NOT-FOR-US: audiolink CVE-2008-4943 (bulmages-servers 0.11.1 allows local users to overwrite arbitrary ...) NOT-FOR-US: bulmages servers CVE-2008-4944 (writtercontrol in cdcontrol 1.90 allows local users to overwrite ...) NOT-FOR-US: cdcontrol CVE-2008-4945 (amlabel-cdrw in cdrw-taper 0.4 might allow local users to overwrite ...) NOT-FOR-US: cdrw taper CVE-2008-4946 (convirt 0.8.2 allows local users to overwrite arbitrary files via a ...) NOT-FOR-US: convirt CVE-2008-4947 (dhis-dummy-log-engine in dhis-server 5.3 allows local users to ...) NOT-FOR-US: dhis server CVE-2008-4948 (fest.pl in digitaldj 0.7.5 allows local users to overwrite arbitrary ...) NOT-FOR-US: digitaldj CVE-2008-4949 (dist 3.5 allows local users to overwrite arbitrary files via a symlink ...) NOT-FOR-US: dist CVE-2008-4950 (** DISPUTED ** gccross in dpkg-cross 2.3.0 allows local users to ...) NOT-FOR-US: debian dpkg cross CVE-2008-4951 (dtc 0.29.6 allows local users to overwrite arbitrary files via a ...) NOT-FOR-US: We do not ship this, also see #235812 CVE-2008-4952 (emacs-jabber in emacs-jabber 0.7.91 allows local users to overwrite ...) BUG: 245761 CVE-2008-4953 (** DISPUTED ** ...) BUG: 246013 CVE-2008-4954 (mead.pl in fml 4.0.3 allows local users to overwrite arbitrary files ...) NOT-FOR-US: fml CVE-2008-4955 (freevo.real in freevo 1.8.1 allows local users to overwrite arbitrary ...) BUG: 235770 CVE-2008-4956 (fwb_install in fwbuilder 2.1.19 allows local users to overwrite ...) BUG: 235809 CVE-2008-4957 (find_flags in Kitware GCC-XML (gccxml) 0.9.0 allows local users to ...) BUG: 245765 CVE-2008-4958 (gdrae in gdrae 0.1 allows local users to overwrite arbitrary files via ...) NOT-FOR-US: gdrae CVE-2008-4959 (geo-code in gpsdrive-scripts 2.10~pre4 allows local users to overwrite ...) BUG: 251279 CVE-2008-4960 (impose in impose+ 0.2 allows local users to overwrite arbitrary files ...) NOT-FOR-US: impose CVE-2008-4961 RESERVED CVE-2008-4962 RESERVED CVE-2008-4963 (Unspecified vulnerability in the VLAN Trunking Protocol (VTP) ...) NOT-FOR-US: cisco ios CVE-2008-4964 (filters/any-UTF8 in konwert 1.8 allows local users to delete arbitrary ...) NOT-FOR-US: krzysztof_kozlowski konwert CVE-2008-4965 (liguidsoap.py in liguidsoap 0.3.8.1+2 allows local users to overwrite ...) NOT-FOR-US: savonet liguidsoap CVE-2008-4966 (linux-patch-openswan 2.4.12 allows local users to overwrite arbitrary ...) BUG: 238574 CVE-2008-4967 (linuxtrade 3.65 allows local users to overwrite arbitrary files via a ...) NOT-FOR-US: linuxtrade CVE-2008-4968 (The (1) rccs and (2) STUFF scripts in lmbench 3.0-a7 allow local users ...) BUG: 246015 CVE-2008-4969 (ltp-network-test 20060918 allows local users to overwrite arbitrary ...) NOT-FOR-US: alastair_mckinstry ltp network test CVE-2008-4970 (runiozone in lustre 1.6.5 allows local users to overwrite arbitrary ...) NOT-FOR-US: lustre tests CVE-2008-4971 (mafft-homologs in mafft 6.240 allows local users to overwrite ...) BUG: 245920 CVE-2008-4972 (mailgo in mgt 2.31 allows local users to overwrite arbitrary files via ...) NOT-FOR-US: steve_robbins mgt CVE-2008-4973 (i2myspell in myspell 3.1 allows local users to overwrite arbitrary ...) NOT-FOR-US: debian myspell CVE-2008-4974 (rrdedit in netmrg 0.20 allows local users to overwrite arbitrary files ...) NOT-FOR-US: netmrg CVE-2008-4975 (mkmailpost in newsgate 1.6 allows local users to overwrite arbitrary ...) NOT-FOR-US: debian newsgate CVE-2008-4976 (ogle 0.9.2 and ogle-mmx 0.9.2 allow local users to overwrite arbitrary ...) BUG: 245921 CVE-2008-4977 (** DISPUTED ** ...) BUG: 235811 CVE-2008-4978 (radiance 3R9+20080530 allows local users to overwrite arbitrary files ...) NOT-FOR-US: radiance CVE-2008-4979 (getipacctg in rancid 2.3.2~a8 allows local users to overwrite ...) NOT-FOR-US: shrubbery rancid CVE-2008-4980 (delqueueask in rccp 0.9 allows local users to overwrite arbitrary ...) NOT-FOR-US: zak_b_elep rccp CVE-2008-4981 (perl.robot in realtimebattle 1.0.8 allows local users to overwrite ...) NOT-FOR-US: remi_vanicat realtimebattle CVE-2008-4982 (rkhunter in rkhunter 1.3.2 allows local users to overwrite arbitrary ...) BUG: 235798 CVE-2008-4983 (scilab-bin 4.1.2 allows local users to overwrite arbitrary files via a ...) BUG: 245922 CVE-2008-4984 (scratchbox2 1.99.0.24 allows local users to overwrite arbitrary files ...) NOT-FOR-US: freedesktop scratchbox2 CVE-2008-4985 (vdrleaktest in Video Disk Recorder (aka vdr-dbg or vdr) 1.6.0 allows ...) BUG: 235827 CVE-2008-4986 (wims 3.62 allows local users to overwrite arbitrary files via a ...) NOT-FOR-US: georges_khaznadar wims CVE-2008-4987 (xastir 1.9.2 allows local users to overwrite arbitrary files via a ...) NOT-FOR-US: xastir CVE-2008-4988 (pscal in xcal 4.1 allows local users to overwrite arbitrary files via ...) NOT-FOR-US: lars_bahner xcal CVE-2008-4989 (The _gnutls_x509_verify_certificate function in lib/x509/verify.c in ...) BUG: 245850 CVE-2008-4990 (Enomaly Elastic Computing Platform (ECP), formerly Enomalism, before ...) NOT-FOR-US: enomaly elastic_computing_platform CVE-2008-4991 (SQL injection vulnerability in LOCKON CO.,LTD. EC-CUBE 2.3.0 and ...) NOT-FOR-US: ec cube CVE-2008-4992 (The SPARC hypervisor in Sun System Firmware 6.6.3 through 6.6.5 and ...) NOT-FOR-US: sun sparc_enterprise_server_t5240 CVE-2008-4993 (qemu-dm.debug in Xen 3.2.1 allows local users to overwrite arbitrary ...) BUG: 235805 CVE-2008-4994 (The (1) ncsarmt and (2) ncsawrap scripts in xmcd 2.6 allows local ...) NOT-FOR-US: xmcd CVE-2008-4995 (redirect.pl in bk2site 1.1.9 allows local users to overwrite arbitrary ...) NOT-FOR-US: bk2site CVE-2008-4996 (** DISPUTED ** ...) NOT-FOR-US: initramfs tools CVE-2008-4997 (** DISPUTED ** ...) NOT-FOR-US: datafreedom perl CVE-2008-4998 (** DISPUTED ** ...) BUG: 235802 CVE-2008-4999 (Nortel Networks UNIStim IP Phone 0604DAS allows remote attackers to ...) NOT-FOR-US: Nortel CVE-2008-5000 (SQL injection vulnerability in admin/includes/news.inc.php in PHPX ...) NOT-FOR-US: phpx CVE-2008-5001 (Multiple stack-based buffer overflows in multiple functions in ...) NOT-FOR-US: ultravnc CVE-2008-5002 (Insecure method vulnerability in the ChilkatCrypt2.ChilkatCrypt2.1 ...) NOT-FOR-US: chilkat_software chilkat_crypt_activex_control CVE-2008-5003 (SQL injection vulnerability in ndetail.php in Shahrood allows remote ...) NOT-FOR-US: shahrood CVE-2008-5004 (SQL injection vulnerability in genscode.php in myWebland Bloggie Lite ...) NOT-FOR-US: mywebland bloggie_lite CVE-2008-5005 (Multiple stack-based buffer overflows in (1) University of Washington ...) BUG: 245425 CVE-2008-5006 (smtp.c in the c-client library in University of Washington IMAP ...) BUG: 245425 CVE-2008-5007 (create_lazarus_export_tgz.sh in lazarus 0.9.24 allows local users to ...) BUG: 235828 CVE-2008-5008 (Buffer overflow in src/src_sinc.c in Secret Rabbit Code (aka SRC or ...) BUG: 237037 CVE-2008-5009 (Race condition in the s_xout kernel module in Sun Solstice X.25 9.2, ...) NOT-FOR-US: s_xout CVE-2008-5010 (in.dhcpd in the DHCP implementation in Sun Solaris 8 through 10, and ...) NOT-FOR-US: DHCP implementation in Sun Solaris CVE-2008-5011 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus ...) NOT-FOR-US: IBM Lotus Quickr CVE-2008-5012 (Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, ...) BUG: 246602 CVE-2008-5013 (Mozilla Firefox 2.x before 2.0.0.18 and SeaMonkey 1.x before 1.1.13 do ...) BUG: 246602 CVE-2008-5014 (jslock.cpp in Mozilla Firefox 3.x before 3.0.2, Firefox 2.x before ...) BUG: 246602 CVE-2008-5015 (Mozilla Firefox 3.x before 3.0.4 assigns chrome privileges to a file: ...) BUG: 246602 CVE-2008-5016 (The layout engine in Mozilla Firefox 3.x before 3.0.4, Thunderbird 2.x ...) BUG: 246602 CVE-2008-5017 (Integer overflow in xpcom/io/nsEscape.cpp in the browser engine in ...) BUG: 246602 CVE-2008-5018 (The JavaScript engine in Mozilla Firefox 3.x before 3.0.4, Firefox 2.x ...) BUG: 246602 CVE-2008-5019 (The session restore feature in Mozilla Firefox 3.x before 3.0.4 and ...) BUG: 246602 CVE-2008-5020 REJECTED CVE-2008-5021 (nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x before ...) BUG: 246602 CVE-2008-5022 (The nsXMLHttpRequest::NotifyEventListeners method in Firefox 3.x ...) BUG: 246602 CVE-2008-5023 (Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey ...) BUG: 246602 CVE-2008-5024 (Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, ...) BUG: 246602 CVE-2008-5025 (Stack-based buffer overflow in the hfs_cat_find_brec function in ...) BUG: 246710 CVE-2008-5026 (Microsoft SharePoint uses URLs with the same hostname and port number ...) NOT-FOR-US: Microsoft CVE-2008-5027 (The Nagios process in (1) Nagios before 3.0.5 and (2) op5 Monitor ...) BUG: 245887 CVE-2008-5028 (Cross-site request forgery (CSRF) vulnerability in cmd.cgi in (1) ...) BUG: 245887 CVE-2008-5029 (The __scm_destroy function in net/core/scm.c in the Linux kernel ...) BUG: 246359 CVE-2008-5030 (Heap-based buffer overflow in the cddb_read_disc_data function in ...) BUG: 245649 CVE-2008-5031 (Multiple integer overflows in Python 2.2.3 through 2.5.1, and 2.6, ...) BUG: 246991 CVE-2008-5032 (Stack-based buffer overflow in VideoLAN VLC media player 0.5.0 through ...) BUG: 245774 CVE-2008-5033 (The chip_command function in drivers/media/video/tvaudio.c in the ...) BUG: 246340 CVE-2008-5034 (** DISPUTED ** ...) NOT-FOR-US: a_mennucc1 printfilters ppd CVE-2008-5035 (The Resource Monitoring and Control (RMC) daemon in IBM Hardware ...) NOT-FOR-US: IBM Hardware Management Console HMC CVE-2008-5036 (Stack-based buffer overflow in VideoLAN VLC media player 0.9.x before ...) BUG: 245774 CVE-2008-5037 (SQL injection vulnerability in view.php in ElkaGroup Image Gallery 1.0 ...) NOT-FOR-US: elkagroup image_gallery CVE-2008-5038 (Use-after-free vulnerability in the NetWare Core Protocol (NCP) ...) NOT-FOR-US: NetWare Core Protocol NCP feature in Novell eDirectory CVE-2008-5039 (Cross-site scripting (XSS) vulnerability in the League module for ...) NOT-FOR-US: php nuke league_module CVE-2008-5040 (Graphiks MyForum 1.3 allows remote attackers to bypass authentication ...) NOT-FOR-US: Graphiks CVE-2008-5041 (Sweex RO002 Router with firmware Ts03-072 has "rdc123" as its default ...) NOT-FOR-US: Sweex CVE-2008-5042 (Zeeways PhotoVideoTube 1.1 and earlier allows remote attackers to ...) NOT-FOR-US: Zeeways CVE-2008-5043 (Multiple cross-site scripting (XSS) vulnerabilities in the web-based ...) NOT-FOR-US: web based CVE-2008-5044 (Race condition in Microsoft Windows Server 2003 and Vista allows local ...) NOT-FOR-US: Microsoft Windows Server CVE-2008-5045 (Heap-based buffer overflow in Network-Client FTP Now 2.6, and possibly ...) NOT-FOR-US: Network Client FTP Now CVE-2008-5046 (SQL injection vulnerability in index.php in Mole Group Pizza Script ...) NOT-FOR-US: Mole CVE-2008-5047 (SQL injection vulnerability in admin/index.php in Mole Group Rental ...) NOT-FOR-US: Mole CVE-2008-5048 (Buffer overflow in Atepmon.sys in ISecSoft Anti-Trojan Elite 4.2.1 and ...) NOT-FOR-US: ISecSoft Anti Trojan Elite CVE-2008-5049 (Buffer overflow in AKEProtect.sys 3.3.3.0 in ISecSoft Anti-Keylogger ...) NOT-FOR-US: AKEProtect sys CVE-2008-5050 (Off-by-one error in the get_unicode_name function ...) BUG: 245450 CVE-2008-5051 (SQL injection vulnerability in the JooBlog (com_jb2) component 0.1.1 ...) NOT-FOR-US: JooBlog CVE-2008-5052 (The AppendAttributeValue function in the JavaScript engine in Mozilla ...) BUG: 246602 CVE-2008-5053 (PHP remote file inclusion vulnerability in admin.rssreader.php in the ...) BUG: 246603 CVE-2008-5054 (Multiple SQL injection vulnerabilities in Develop It Easy Membership ...) NOT-FOR-US: Develop It Easy Membership System CVE-2008-5055 (SQL injection vulnerability in department_offline_context.php in ...) NOT-FOR-US: ActiveCampaign TrioLive CVE-2008-5056 (Cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: ActiveCampaign TrioLive CVE-2008-5057 (SQL injection vulnerability in film.asp in Yigit Aybuga Dizi Portali ...) NOT-FOR-US: Yigit CVE-2008-5058 (SQL injection vulnerability in siteadmin/loginsucess.php in Pre Simple ...) NOT-FOR-US: Pre CVE-2008-5059 (Cross-site scripting (XSS) vulnerability in index.php in ModernBill ...) NOT-FOR-US: ModernBill CVE-2008-5060 (Multiple PHP remote file inclusion vulnerabilities in ModernBill 4.4 ...) NOT-FOR-US: ModernBill CVE-2008-5061 (Cross-site scripting (XSS) vulnerability in php/cal_default.php in ...) NOT-FOR-US: Mini Web Calendar mwcal CVE-2008-5062 (Directory traversal vulnerability in php/cal_pdf.php in Mini Web ...) NOT-FOR-US: Mini Web Calendar mwcal CVE-2008-5063 (PHP remote file inclusion vulnerability in Admin/ADM_Pagina.php in ...) NOT-FOR-US: OTManager CVE-2008-5064 (SQL injection vulnerability in liga.php in H&H WebSoccer 2.80 allows ...) NOT-FOR-US: h h websoccer CVE-2008-5065 (TlGuestBook 1.2 allows remote attackers to bypass authentication and ...) NOT-FOR-US: TlGuestBook CVE-2008-5066 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Agares Media ThemeSiteScript CVE-2008-5067 (Cross-site scripting (XSS) vulnerability in search.php in Kmita ...) NOT-FOR-US: Kmita Catalogue CVE-2008-5068 (Multiple cross-site scripting (XSS) vulnerabilities in Kmita Gallery ...) NOT-FOR-US: Kmita CVE-2008-5069 (SQL injection vulnerability in go.php in Panuwat PromoteWeb MySQL, ...) NOT-FOR-US: deeserver panuwat_promoteweb_mysql CVE-2008-5070 (SQL injection vulnerability in Pro Chat Rooms 3.0.3, when ...) NOT-FOR-US: pro_chat_rooms CVE-2008-5071 (Multiple eval injection vulnerabilities in itpm_estimate.php in Yoxel ...) NOT-FOR-US: yoxel CVE-2008-5072 (vsfilter.dll in K-Lite Mega Codec Pack 3.5.7.0 allows remote attackers ...) NOT-FOR-US: k lite mega_codec_pack CVE-2008-5073 (Heap-based buffer overflow in an ActiveX control in Novell ZENworks ...) NOT-FOR-US: novell zenworks_desktop_management CVE-2008-5074 (SQL injection vulnerability in index.php in the Freshlinks 1.0 RC1 ...) NOT-FOR-US: php fusion freshlinks_module CVE-2008-5075 (Multiple SQL injection vulnerabilities in E-Uploader Pro 1.0 (aka ...) NOT-FOR-US: scriptsfrenzy e uploader_pro CVE-2008-5076 (htop 0.7 writes process names to a terminal without sanitizing ...) BUG: 245966 CVE-2008-5077 (OpenSSL 0.9.8i and earlier does not properly check the return value ...) BUG: 251346 CVE-2008-5078 (Multiple buffer overflows in the (1) recognize_eps_file function ...) NOTE: Tomas Hoger in https://bugzilla.redhat.com/show_bug.cgi?id=473958 pointed NOTE: out that 1.6.4 is not affected CVE-2008-5079 (net/atm/svc.c in the ATM subsystem in the Linux kernel 2.6.27.8 and ...) BUG: 250548 CVE-2008-5080 (awstats.pl in AWStats 6.8 and earlier does not properly remove quote ...) NOT-FOR-US: We only have 6.9 in tree, I also checked the patch, we're not vuln. CVE-2008-5081 (The originates_from_local_legacy_unicast_socket function ...) BUG: 250913 CVE-2008-5082 (The verifyProof function in the Token Processing System (TPS) ...) NOT-FOR-US: Token Processing System TPS component in Red Hat Certificate System RHCS CVE-2008-5083 RESERVED CVE-2008-5084 RESERVED CVE-2008-5085 RESERVED CVE-2008-5086 (Multiple methods in libvirt 0.3.2 through 0.5.1 do not check if a ...) BUG: 252205 CVE-2008-5087 (SQL injection vulnerability in TYPO3 Another Backend Login ...) NOT-FOR-US: TYPO3 CVE-2008-5088 (Multiple SQL injection vulnerabilities in PHPKB Knowledge Base ...) NOT-FOR-US: PHPKB Knowledge Base Software CVE-2008-5089 (Multiple insecure method vulnerabilities in the ...) NOT-FOR-US: Data Dynamics ActiveReports CVE-2008-5090 (Electron Inc. Advanced Electron Forum before 1.0.7 allows remote ...) NOT-FOR-US: bbcode CVE-2008-5091 (Buffer overflow in the LDAP Service in Novell eDirectory 8.7.3 before ...) NOT-FOR-US: LDAP Service in Novell eDirectory CVE-2008-5092 (Heap-based buffer overflows in Novell eDirectory HTTP protocol stack ...) NOT-FOR-US: Novell eDirectory HTTP protocol stack HTTPSTK CVE-2008-5093 (Cross-site scripting (XSS) vulnerability in the HTTP Protocol Stack ...) NOT-FOR-US: HTTP Protocol Stack HTTPSTK in Novell eDirectory CVE-2008-5094 (Heap-based buffer overflow in the NDS Service in Novell eDirectory ...) NOT-FOR-US: NDS Service in Novell eDirectory CVE-2008-5095 (Cross-site scripting (XSS) vulnerability in the Novell User ...) NOT-FOR-US: Novell User Application CVE-2008-5096 (Unspecified vulnerability in the TYPO3 File List (file_list) extension ...) NOT-FOR-US: TYPO3 CVE-2008-5097 (SQL injection vulnerability in index.php in MyFWB 1.0 allows remote ...) NOT-FOR-US: MyFWB CVE-2008-5098 (Cross-site scripting (XSS) vulnerability in Sun Java System Messaging ...) NOT-FOR-US: sun java_system_messaging_server CVE-2008-5099 (Sun Logical Domain Manager (aka LDoms Manager or ldm) 1.0 through ...) NOT-FOR-US: sun logical_domain_manager CVE-2008-5100 (The strong name (SN) implementation in Microsoft .NET Framework ...) NOT-FOR-US: microsoft net_framework CVE-2008-5101 (Buffer overflow in the BMP reader in OptiPNG 0.6 and 0.6.1 allows ...) BUG: 246522 CVE-2008-5102 (PythonScripts in Zope 2 2.11.2 and earlier, as used in Conga and other ...) BUG: 246411 CVE-2008-5103 (The (1) python-vm-builder and (2) ubuntu-vm-builder implementations in ...) NOT-FOR-US: dcgrendel vmbuilder CVE-2008-5104 (Ubuntu 6.06 LTS, 7.10, 8.04 LTS, and 8.10, when installed as a virtual ...) NOT-FOR-US: VMBuilder CVE-2008-5105 (KarjaSoft Sami FTP Server 2.0.x allows remote attackers to cause a ...) NOT-FOR-US: KarjaSoft CVE-2008-5106 (Buffer overflow in KarjaSoft Sami FTP Server 2.0.x allows remote ...) NOT-FOR-US: KarjaSoft Sami FTP Server CVE-2008-5107 (The installation process for Citrix Presentation Server 4.5 and ...) NOT-FOR-US: MSI CVE-2008-5108 (Unspecified vulnerability in Adobe AIR 1.1 and earlier allows ...) NOT-FOR-US: Adobe AIR CVE-2008-5109 (The default configuration of Adobe Flash Media Server (FMS) 3.0 does ...) NOT-FOR-US: adobe flash_media_server CVE-2008-5110 (syslog-ng does not call chdir when it calls chroot, which might allow ...) BUG: 247278 CVE-2008-5111 (Unspecified vulnerability in the socket function in Sun Solaris 10 and ...) NOT-FOR-US: socket function in Sun Solaris CVE-2008-5112 (The LDAP server in Active Directory in Microsoft Windows 2000 SP4 and ...) NOT-FOR-US: Active Directory in Microsoft Windows CVE-2008-5113 (WordPress 2.6.3 relies on the REQUEST superglobal array in certain ...) BUG: 247468 CVE-2008-5114 (Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System ...) NOT-FOR-US: sun java_system_identity_manager CVE-2008-5115 (Cross-site request forgery (CSRF) vulnerability in Sun Java System ...) NOT-FOR-US: sun java_system_identity_manager CVE-2008-5116 (Directory traversal vulnerability in idm/includes/helpServer.jsp in ...) NOT-FOR-US: sun java_system_identity_manager CVE-2008-5117 (Open redirect vulnerability in Sun Java System Identity Manager 6.0 ...) NOT-FOR-US: sun java_system_identity_manager CVE-2008-5118 (Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 ...) NOT-FOR-US: sun java_system_identity_manager CVE-2008-5119 (Cross-site scripting (XSS) vulnerability in search.php in ...) NOT-FOR-US: Scripts4Profit CVE-2008-5120 (Stack-based buffer overflow in the Process Software MultiNet finger ...) NOT-FOR-US: Process Software MultiNet finger service aka FINGERD for HP OpenVMS CVE-2008-5121 (dne2000.sys in Citrix Deterministic Network Enhancer (DNE) 2.21.7.233 ...) NOT-FOR-US: Citrix Deterministic Network Enhancer DNE CVE-2008-5122 (SQL injection vulnerability in WorkArea/ContentRatingGraph.aspx in ...) NOT-FOR-US: Ektron CVE-2008-5123 (SQL injection vulnerability in admin.php in CCleague Pro 1.2 allows ...) NOT-FOR-US: CCleague Pro CVE-2008-5124 (JSCAPE Secure FTP Applet 4.8.0 and earlier does not ask the user to ...) NOT-FOR-US: JSCAPE CVE-2008-5125 (admin.php in CCleague Pro 1.2 allows remote attackers to bypass ...) NOT-FOR-US: CCleague Pro CVE-2008-5126 (Cross-site scripting (XSS) vulnerability in search.php in BoutikOne ...) NOT-FOR-US: BoutikOne CVE-2008-5127 (Ocean12 Contact Manager Pro 1.02 stores sensitive information under ...) NOT-FOR-US: Ocean12 CVE-2008-5128 (Ocean12 Membership Manager Pro stores sensitive information under the ...) NOT-FOR-US: Ocean12 CVE-2008-5129 (Ocean12 Poll Manager Pro 1.00 stores sensitive information under the ...) NOT-FOR-US: Ocean12 CVE-2008-5130 (Ocean12 Calendar Manager Gold 2.04 stores sensitive information under ...) NOT-FOR-US: Ocean12 CVE-2008-5131 (Multiple SQL injection vulnerabilities in Develop It Easy News And ...) NOT-FOR-US: Develop It Easy News And Article System CVE-2008-5132 (SQL injection vulnerability in inc/ajax/ajax_rating.php in MemHT ...) NOT-FOR-US: MemHT Portal CVE-2008-5133 (ipnat in IP Filter in Sun Solaris 10 and OpenSolaris before snv_96, ...) NOT-FOR-US: IP Filter in Sun Solaris CVE-2008-5134 (Buffer overflow in the lbs_process_bss function in ...) BUG: 247541 CVE-2008-5135 (** DISPUTED ** ...) NOT-FOR-US: debian os prober CVE-2008-5136 (tkusr in tkusr 0.82 allows local users to overwrite arbitrary files ...) BUG: 247985 CVE-2008-5137 (tkman in tkman 2.2 allows local users to overwrite arbitrary files via ...) BUG: 247540 CVE-2008-5138 (passwdehd in libpam-mount 0.43 allows local users to overwrite ...) BUG: 247986 CVE-2008-5139 (updatejail in jailer 0.4 allows local users to overwrite arbitrary ...) NOT-FOR-US: jailer CVE-2008-5140 (trend-autoupdate.new in mailscanner 4.55.10 and other versions before ...) NOT-FOR-US: We do not ship trend-autoupdate.new CVE-2008-5141 (flamethrower in flamethrower 0.1.8 allows local users to overwrite ...) NOT-FOR-US: flamethrower CVE-2008-5142 (sendbug in freebsd-sendpr 3.113+5.3 on Debian GNU/Linux allows local ...) NOT-FOR-US: freebsd sendpr CVE-2008-5143 (mgt-helper in multi-gnome-terminal 1.6.2 allows local users to ...) NOT-FOR-US: mohammed_sameer multi gnome terminal CVE-2008-5144 (nvidia-cg-toolkit-installer in nvidia-cg-toolkit 2.0.0015 allows local ...) NOT-FOR-US: This is a bug in the debian-installer, see http://lists.debian.org/debian-devel/2008/08/msg00285.html CVE-2008-5145 (ltpmenu in ltp 20060918 allows local users to overwrite arbitrary ...) BUG: 249395 CVE-2008-5146 (add-accession-numbers in ctn 3.0.6 allows local users to overwrite ...) NOT-FOR-US: ctn CVE-2008-5147 (test-pipe-to-pyodconverter.org.sh in docvert 2.4 allows local users to ...) NOT-FOR-US: docvert CVE-2008-5148 (sch2eaglepos.sh in geda-gnetlist 1.4.0 allows local users to overwrite ...) BUG: 247538 CVE-2008-5149 (fwd_check.sh in libncbi6 6.1.20080302 allows local users to overwrite ...) NOT-FOR-US: libncbi6 CVE-2008-5150 (sample.sh in maildirsync 1.1 allows local users to append data to ...) NOT-FOR-US: maildirsync CVE-2008-5151 (test_parser.py in mayavi 1.5 allows local users to overwrite arbitrary ...) BUG: 247479 CVE-2008-5152 (inmail-show in mh-book 200605 allows local users to overwrite ...) NOT-FOR-US: mh book CVE-2008-5153 (spell-check-logic.cgi in Moodle 1.8.2 allows local users to overwrite ...) NOT-FOR-US: Moodle CVE-2008-5154 (bluetooth.rc in p3nfs 5.19 allows local users to overwrite arbitrary ...) BUG: 247481 CVE-2008-5155 (mail2sms.sh in smsclient 2.0.8z allows local users to overwrite ...) BUG: 247483 CVE-2008-5156 (si_mkbootserver in systemimager-server 3.6.3 allows local users to ...) NOT-FOR-US: systemimager server CVE-2008-5157 (tau 2.16.4 allows local users to overwrite arbitrary files via a ...) NOT-FOR-US: yann_dirson tau CVE-2008-5158 (Client Software WinCom LPD Total 3.0.2.623 and earlier allows remote ...) NOT-FOR-US: clientsoftware wincome_mpd_total CVE-2008-5159 (Integer overflow in the remote administration protocol processing in ...) NOT-FOR-US: clientsoftware wincome_mpd_total CVE-2008-5160 (Unspecified vulnerability in MyServer 0.8.11 allows remote attackers ...) NOT-FOR-US: myserver CVE-2008-5161 (Error handling in the SSH protocol in (1) SSH Tectia Client and Server ...) BUG: 247466 CVE-2008-5162 (The arc4random function in the kernel in FreeBSD 6.3 through 7.1 does ...) BUG: 249398 CVE-2008-5163 (Multiple SQL injection vulnerabilities in The Rat CMS Pre-Alpha 2 ...) NOT-FOR-US: theratstudios the_rat_cms CVE-2008-5164 (Multiple cross-site scripting (XSS) vulnerabilities in The Rat CMS ...) NOT-FOR-US: theratstudios the_rat_cms CVE-2008-5165 (Multiple SQL injection vulnerabilities in eTicket 1.5.7 allow remote ...) NOT-FOR-US: eticket CVE-2008-5166 (SQL injection vulnerability in riddle.php in Riddles Website 1.2.1 ...) NOT-FOR-US: easysitenetwork riddles_website CVE-2008-5167 (PHP remote file inclusion vulnerability in layout/default/params.php ...) NOT-FOR-US: boonex orca CVE-2008-5168 (SQL injection vulnerability in tip.php in Tips Complete Website 1.2.0 ...) NOT-FOR-US: easysitenetwork tips_complete_website CVE-2008-5169 (SQL injection vulnerability in drinks/drink.php in Drinks Complete ...) NOT-FOR-US: easysitenetwork drinks_complete_website CVE-2008-5170 (SQL injection vulnerability in item.php in Cheats Complete Website ...) NOT-FOR-US: easysitenetwork cheats_complete_website CVE-2008-5171 (Multiple directory traversal vulnerabilities in admin/minibb/index.php ...) NOT-FOR-US: phpblaster_cms CVE-2008-5172 (Multiple cross-site scripting (XSS) vulnerabilities in Yazd Forum ...) NOT-FOR-US: forumsoftware yazd_forum_software CVE-2008-5173 (Unspecified vulnerability in testMaker before 3.0p16 allows remote ...) NOT-FOR-US: testmaker CVE-2008-5174 (SQL injection vulnerability in joke.php in Jokes Complete Website ...) NOT-FOR-US: easysitenetwork jokes_complete_website CVE-2008-5175 (Directory traversal vulnerability in the FTP client in AceFTP Freeware ...) NOT-FOR-US: visicommedia aceftppro CVE-2008-5176 (Multiple buffer overflows in Client Software WinCom LPD Total ...) NOT-FOR-US: clientsoftware wincom_mpd_total CVE-2008-5177 (Stack-based buffer overflow in the DtbClsLogin function in Yosemite ...) NOT-FOR-US: insight tech yosemite_backup CVE-2008-5178 (Heap-based buffer overflow in Opera 9.62 on Windows allows remote ...) BUG: 247229 CVE-2008-5179 (Unspecified vulnerability in Microsoft Office Communications Server ...) NOT-FOR-US: microsoft windows_live_messenger CVE-2008-5180 (Microsoft Communicator, and Communicator in Microsoft Office 2010 ...) NOT-FOR-US: microsoft office_communicator CVE-2008-5181 (Microsoft Communicator allows remote attackers to cause a denial of ...) NOT-FOR-US: microsoft office_communicator CVE-2008-5182 (The inotify functionality in Linux kernel 2.6 before 2.6.28-rc5 might ...) BUG: 248754 CVE-2008-5183 (cupsd in CUPS 1.3.9 and earlier allows local users, and possibly ...) BUG: 248756 CVE-2008-5184 (The web interface (cgi-bin/admin.c) in CUPS before 1.3.8 uses the ...) BUG: 248756 CVE-2008-5185 (The highlighting functionality in geshi.php in GeSHi before 1.0.8 ...) NOT-FOR-US: GeSHi CVE-2008-5186 (** DISPUTED ** ...) NOT-FOR-US: geshi CVE-2008-5187 (The load function in the XPM loader for imlib2 1.4.2, and possibly ...) BUG: 248057 CVE-2008-5188 (The (1) ecryptfs-setup-private, (2) ecryptfs-setup-confidential, and ...) BUG: 248058 CVE-2008-5189 (CRLF injection vulnerability in Ruby on Rails before 2.0.5 allows ...) NOT-FOR-US: We do not have a vuln version in tree. CVE-2008-5190 (SQL injection vulnerability in index.php in eSHOP100 allows remote ...) NOT-FOR-US: eSHOP100 CVE-2008-5191 (Multiple SQL injection vulnerabilities in SePortal 2.4 allow remote ...) NOT-FOR-US: SePortal CVE-2008-5192 (SQL injection vulnerability in forum.asp in W1L3D4 Philboard 1.14 and ...) NOT-FOR-US: W1L3D4 CVE-2008-5193 (Cross-site scripting (XSS) vulnerability in search.asp in W1L3D4 ...) NOT-FOR-US: W1L3D4 CVE-2008-5194 (SQL injection vulnerability in checkavail.php in SoftVisions Software ...) NOT-FOR-US: SoftVisions Software Online Booking Manager obm CVE-2008-5195 (Multiple SQL injection vulnerabilities in SebracCMS (sbcms) 0.4 allow ...) NOT-FOR-US: SebracCMS sbcms CVE-2008-5196 (SQL injection vulnerability in kroax.php in the Kroax (the_kroax) 4.42 ...) NOT-FOR-US: Kroax the_kroax CVE-2008-5197 (SQL injection vulnerability in classifieds.php in PHP-Fusion allows ...) NOT-FOR-US: PHP Fusion CVE-2008-5198 (SQL injection vulnerability in memberlist.php in Acmlmboard 1.A2 ...) NOT-FOR-US: Acmlmboard CVE-2008-5199 (PHP remote file inclusion vulnerability in include.php in ...) NOT-FOR-US: PHPOutsourcing IdeaBox aka IdeBox CVE-2008-5200 (SQL injection vulnerability in the Xe webtv (com_xewebtv) component ...) NOT-FOR-US: Xe CVE-2008-5201 (Directory traversal vulnerability in index.php in OTManager CMS 24a ...) NOT-FOR-US: OTManager CMS CVE-2008-5202 (Cross-site scripting (XSS) vulnerability in index.php in OTManager CMS ...) NOT-FOR-US: OTManager CMS CVE-2008-5203 (Cross-site scripting (XSS) vulnerability in external_vote.php in ...) NOT-FOR-US: PowerAward CVE-2008-5204 (Multiple directory traversal vulnerabilities in PowerAward 1.1.0 RC1, ...) NOT-FOR-US: PowerAward CVE-2008-5205 (Cross-site scripting (XSS) vulnerability in edit.php in wellyblog ...) NOT-FOR-US: wellyblog CVE-2008-5206 (PHP remote file inclusion vulnerability in modules/mod_mainmenu.php in ...) NOT-FOR-US: MosXML CVE-2008-5207 (Multiple directory traversal vulnerabilities in Jonascms 1.2 allow ...) NOT-FOR-US: Jonascms CVE-2008-5208 (SQL injection vulnerability in sub_votepic.php in the Datsogallery ...) NOT-FOR-US: joomla com_datsogallery CVE-2008-5209 (Directory traversal vulnerability in modules/download/get_file.php in ...) NOT-FOR-US: admidio CVE-2008-5210 (Multiple PHP remote file inclusion vulnerabilities in PhpBlock A8.5 ...) NOT-FOR-US: phpblock CVE-2008-5211 (Cross-site scripting (XSS) vulnerability in search.php in Sphider ...) NOT-FOR-US: sphider CVE-2008-5212 (SQL injection vulnerability in classifide_ad.php in AJ Auction 6.2.1 ...) NOT-FOR-US: aj_square aj_auction CVE-2008-5213 (SQL injection vulnerability in featured_article.php in AJ Article 1.0 ...) NOT-FOR-US: aj_square aj_article CVE-2008-5214 (Cross-site scripting (XSS) vulnerability in service/calendrier.php in ...) NOT-FOR-US: clanlite CVE-2008-5215 (SQL injection vulnerability in service/profil.php in ClanLite ...) NOT-FOR-US: clanlite CVE-2008-5216 (SQL injection vulnerability in category_list.php in AJ Square ZeusCart ...) NOT-FOR-US: aj_square zeuscart CVE-2008-5217 (Directory traversal vulnerability in index.php in txtCMS 0.3, when ...) NOT-FOR-US: txtcms CVE-2008-5218 (ScriptsEz FREEze Greetings 1.0 stores pwd.txt under the web root with ...) NOT-FOR-US: scriptsez freeze_greetings CVE-2008-5219 (The password change feature (admin/cp.php) in VideoScript 4.0.1.50 and ...) NOT-FOR-US: videoscript CVE-2008-5220 (Unrestricted file upload vulnerability in admin/upload_form.php in ...) NOT-FOR-US: wportfolio CVE-2008-5221 (The account_save action in admin/userinfo.php in wPortfolio 0.3 and ...) NOT-FOR-US: wportfolio CVE-2008-5222 (SQL injection vulnerability in login.asp in Dvbbs 8.2.0 allows remote ...) NOT-FOR-US: dvbbs CVE-2008-5223 (SQL injection vulnerability in index.php in Airvae Commerce 3.0 allows ...) NOT-FOR-US: airvae commerce CVE-2008-5224 (Cross-site scripting (XSS) vulnerability in Kent Web Mart 1.61 and ...) NOT-FOR-US: kent web_mart CVE-2008-5225 (Multiple cross-site scripting (XSS) vulnerabilities in Xerox DocuShare ...) NOT-FOR-US: xerox docushare CVE-2008-5226 (SQL injection vulnerability in the MambAds (com_mambads) component 1.0 ...) NOT-FOR-US: MambAds is an addon CVE-2008-5227 (Unspecified vulnerability in PHPCow allows remote attackers to execute ...) NOT-FOR-US: phpcow CVE-2008-5228 (Cross-site scripting (XSS) vulnerability in IBM Workplace Content ...) NOT-FOR-US: ibm workplace_content_management CVE-2008-5229 (Stack-based buffer overflow in Microsoft Device IO Control in ...) NOT-FOR-US: microsoft windowst CVE-2008-5230 (The Temporal Key Integrity Protocol (TKIP) implementation in ...) NOT-FOR-US: cisco CVE-2008-5231 (Stack-based buffer overflow in the ExecuteRequest method in the Novell ...) NOT-FOR-US: novell iprint CVE-2008-5232 (Buffer overflow in the CallHTMLHelp method in the Microsoft Windows ...) NOT-FOR-US: microsoft windows CVE-2008-5233 (xine-lib 1.1.12, and other versions before 1.1.15, does not check for ...) BUG: 249041 CVE-2008-5234 (Multiple heap-based buffer overflows in xine-lib 1.1.12, and other ...) BUG: 249041 CVE-2008-5235 (Heap-based buffer overflow in the demux_real_send_chunk function in ...) BUG: 249041 CVE-2008-5236 (Multiple heap-based buffer overflows in xine-lib 1.1.12, and other ...) BUG: 249041 CVE-2008-5237 (Multiple integer overflows in xine-lib 1.1.12, and other 1.1.15 and ...) BUG: 249041 CVE-2008-5238 (Integer overflow in the real_parse_mdpr function in demux_real.c in ...) BUG: 249041 CVE-2008-5239 (xine-lib 1.1.12, and other 1.1.15 and earlier versions, does not ...) BUG: 249041 CVE-2008-5240 (xine-lib 1.1.12, and other 1.1.15 and earlier versions, relies on an ...) BUG: 249041 CVE-2008-5241 (Integer underflow in demux_qt.c in xine-lib 1.1.12, and other 1.1.15 ...) BUG: 249041 CVE-2008-5242 (demux_qt.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, ...) BUG: 249041 CVE-2008-5243 (The real_parse_headers function in demux_real.c in xine-lib 1.1.12, ...) BUG: 249041 CVE-2008-5244 (Unspecified vulnerability in xine-lib before 1.1.15 has unknown impact ...) BUG: 249041 CVE-2008-5245 (xine-lib before 1.1.15 performs V4L video frame preallocation before ...) BUG: 249041 CVE-2008-5246 (Multiple heap-based buffer overflows in xine-lib before 1.1.15 allow ...) BUG: 249041 CVE-2008-5247 (The real_parse_audio_specific_data function in demux_real.c in ...) BUG: 249041 CVE-2008-5248 (xine-lib before 1.1.15 allows remote attackers to cause a denial of ...) BUG: 249041 CVE-2008-5249 (Cross-site scripting (XSS) vulnerability in MediaWiki 1.13.0 through ...) BUG: 251044 CVE-2008-5250 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.6.11, ...) BUG: 251044 CVE-2008-5251 RESERVED CVE-2008-5252 (Cross-site request forgery (CSRF) vulnerability in the Special:Import ...) BUG: 251044 CVE-2008-5253 RESERVED CVE-2008-5254 RESERVED CVE-2008-5255 RESERVED CVE-2008-5256 (The AcquireDaemonLock function in ipcdUnix.cpp in Sun Innotek ...) BUG: 245958 CVE-2008-5257 (webseald in WebSEAL 6.0.0.17 in IBM Tivoli Access Manager for ...) NOT-FOR-US: WebSEAL CVE-2008-5258 RESERVED CVE-2008-5259 (Integer signedness error in DivX Web Player 1.4.2.7, and possibly ...) NOT-FOR-US: divx_web_player CVE-2008-5260 (Heap-based buffer overflow in the CamImage.CamImage.1 ActiveX control ...) NOT-FOR-US: axis_camera_control CVE-2008-5261 RESERVED CVE-2008-5262 (Multiple stack-based buffer overflows in the iGetHdrHeader function in ...) BUG: 255217 CVE-2008-5263 (Multiple stack-based buffer overflows in the mt_codec::getHdrHead ...) NOT-FOR-US: dmitry_baryshev ksquirrel libs CVE-2008-5264 (Cross-site scripting (XSS) vulnerability in searcher.exe in Tornado ...) NOT-FOR-US: Tornado Knowledge Retrieval System CVE-2008-5265 (Directory traversal vulnerability in index.php in TNT Forum 0.9.4, ...) NOT-FOR-US: TNT Forum CVE-2008-5266 (Cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: GlassFish CVE-2008-5267 (SQL injection vulnerability in answer.php in Experts 1.0.0, when ...) NOT-FOR-US: Experts CVE-2008-5268 (SQL injection vulnerability in content/forums/reply.asp in ASPPortal ...) NOT-FOR-US: ASPPortal CVE-2008-5269 (SQL injection vulnerability in index.php in pSys 0.7.0 alpha allows ...) NOT-FOR-US: pSys CVE-2008-5270 (SQL injection vulnerability in view.topics.php in Yuhhu Superstar 2008 ...) NOT-FOR-US: Yuhhu Superstar CVE-2008-5271 (Cross-site scripting (XSS) vulnerability in index.php in Fred Stuurman ...) NOT-FOR-US: Fred Stuurman SyndeoCMS CVE-2008-5272 (Multiple directory traversal vulnerabilities in Fred Stuurman ...) NOT-FOR-US: Fred Stuurman SyndeoCMS CVE-2008-5273 (SQL injection vulnerability in viewnews.asp in Todd Woolums ASP News ...) NOT-FOR-US: Todd Woolums ASP News Management CVE-2008-5274 (Todd Woolums ASP News Management 2.2 allows remote attackers to obtain ...) NOT-FOR-US: Todd CVE-2008-5275 (Multiple directory traversal vulnerabilities in the (a) "Unzip ...) BUG: 249242 CVE-2008-5276 (Integer overflow in the ReadRealIndex function in real.c in the Real ...) BUG: 249391 CVE-2008-5277 (PowerDNS before 2.9.21.2 allows remote attackers to cause a denial of ...) BUG: 247079 CVE-2008-5278 (Cross-site scripting (XSS) vulnerability in the self_link function in ...) NOT-FOR-US: We only have wordpress 2.6.5 in tree, which is not vulnerable CVE-2008-5279 (The Local ZIM Server (zcs.exe) in Zilab Chat and Instant Messaging ...) NOT-FOR-US: Zilab Chat and Instant Messaging ZIM Server CVE-2008-5280 (The Local ZIM Server in Zilab Chat and Instant Messaging (ZIM) Server ...) NOT-FOR-US: Zilab Chat and Instant Messaging ZIM Server CVE-2008-5281 (Heap-based buffer overflow in Titan FTP Server 6.05 build 550 allows ...) NOT-FOR-US: Titan FTP Server CVE-2008-5282 (Multiple stack-based buffer overflows in W3C Amaya Web Browser 10.0.1 ...) NOT-FOR-US: W3C CVE-2008-5283 (Google Hack Honeypot (GHH) File Upload Manager 1.3 allows remote ...) NOT-FOR-US: Google CVE-2008-5284 (The web server in IEA Software RadiusNT and RadiusX 5.1.38 and other ...) NOT-FOR-US: IEA Software RadiusNT and RadiusX CVE-2008-5285 (Wireshark 1.0.4 and earlier allows remote attackers to cause a denial ...) BUG: 248425 CVE-2008-5286 (Integer overflow in the _cupsImageReadPNG function in CUPS 1.1.17 ...) BUG: 249727 CVE-2008-5287 (SQL injection vulnerability in catagorie.php in Werner Hilversum FAQ ...) NOT-FOR-US: Werner Hilversum FAQ Manager CVE-2008-5288 (PHP remote file inclusion vulnerability in include/header.php in ...) NOT-FOR-US: Werner Hilversum FAQ Manager CVE-2008-5289 (SQL injection vulnerability in full_txt.php in Werner Hilversum Clean ...) NOT-FOR-US: Werner Hilversum Clean CMS CVE-2008-5290 (Cross-site scripting (XSS) vulnerability in full_txt.php in Werner ...) NOT-FOR-US: Werner Hilversum Clean CMS CVE-2008-5291 (Directory traversal vulnerability in code/track.php in FuzzyLime 3.03 ...) NOT-FOR-US: FuzzyLime CVE-2008-5292 (SQL injection vulnerability in view_snaps.php in VideoGirls BiZ allows ...) NOT-FOR-US: VideoGirls CVE-2008-5293 (SQL injection vulnerability in index.php in WebStudio eHotel allows ...) NOT-FOR-US: WebStudio CVE-2008-5294 (SQL injection vulnerability in index.php in WebStudio eCatalogue ...) NOT-FOR-US: WebStudio CVE-2008-5295 (SQL injection vulnerability in index.php in Jamit Job Board 3.4.10 ...) NOT-FOR-US: Jamit Job Board CVE-2008-5296 (Gallery 1.5.x before 1.5.10 and 1.6 before 1.6-RC3, when ...) BUG: 249277 CVE-2008-5297 (Buffer overflow in No-IP DUC 2.1.7 and earlier allows remote HTTP ...) BUG: 248709 CVE-2008-5298 (chm2pdf 0.9 uses temporary files in directories with fixed names, ...) NOT-FOR-US: directories CVE-2008-5299 (chm2pdf 0.9 allows user-assisted local users to delete arbitrary files ...) NOT-FOR-US: 1 CVE-2008-5300 (Linux kernel 2.6.28 allows local users to cause a denial of service ...) BUG: 249729 CVE-2008-5301 (Directory traversal vulnerability in the ManageSieve implementation in ...) BUG: 248840 CVE-2008-5302 (Race condition in the rmtree function in File::Path 1.08 and 2.07 ...) BUG: 249629 CVE-2008-5303 (Race condition in the rmtree function in File::Path 1.08 ...) BUG: 249629 CVE-2008-5304 (Cross-site scripting (XSS) vulnerability in TWiki before 4.2.4 allows ...) BUG: 250550 CVE-2008-5305 (Eval injection vulnerability in TWiki before 4.2.4 allows remote ...) BUG: 250356 CVE-2008-5306 (SQL injection vulnerability in admin/index.php in PG Real Estate ...) NOT-FOR-US: pilot_group pg_real_estate_solution CVE-2008-5307 (SQL injection vulnerability in admin/index.php in PG Roommate Finder ...) NOT-FOR-US: pilot_group pg_real_roommate_finder_solution CVE-2008-5308 (The Simple Forum 3.1d module for LoveCMS 1.6.2 Final does properly ...) NOT-FOR-US: lovecms the_simple_forum CVE-2008-5309 (SQL injection vulnerability in NetArt Media Real Estate Portal 1.2 ...) NOT-FOR-US: netart_media real_estate_portal CVE-2008-5310 (SQL injection vulnerability in image.php in NetArt Media Car Portal ...) NOT-FOR-US: netart_media car_portal CVE-2008-5311 (SQL injection vulnerability in image.php in NetArt Media Blog System ...) NOT-FOR-US: netart_media blog_system CVE-2008-5312 (mailscanner 4.55.10 and other versions before 4.74.16-1 might allow ...) BUG: 253657 CVE-2008-5313 (mailscanner 4.68.8 and other versions before 4.74.16-1 might allow ...) BUG: 253657 CVE-2008-5314 (Stack consumption vulnerability in libclamav/special.c in ClamAV ...) BUG: 249833 CVE-2008-5315 (Directory traversal vulnerability in the web interface in Apple iPhone ...) NOT-FOR-US: apple iphone_configuration_web_utility CVE-2008-5316 (Buffer overflow in the ReadEmbeddedTextTag function in src/cmsio1.c in ...) NOTE: 1.17 went stable in jan2008 CVE-2008-5317 (Integer signedness error in the cmsAllocGamma function in ...) NOTE: 1.17 went stable in jan2008 CVE-2008-5318 (Unspecified vulnerability in Tikiwiki before 2.2 has unknown impact ...) BUG: 243854 CVE-2008-5319 (Unspecified vulnerability in Tikiwiki before 2.2 has unknown impact ...) BUG: 243854 CVE-2008-5320 (SQL injection vulnerability in usersettings.php in e107 0.7.13 and ...) NOT-FOR-US: e107 CVE-2008-5321 (SQL injection vulnerability in index.php in GesGaleri, a module for ...) NOT-FOR-US: GesGaleri CVE-2008-5322 (Wysi Wiki Wyg 1.0 allows remote attackers to obtain system information ...) NOT-FOR-US: wysi CVE-2008-5323 (Cross-site scripting (XSS) vulnerability in index.php in Wysi Wiki Wyg ...) NOT-FOR-US: Wysi Wiki Wyg CVE-2008-5324 (Multiple cross-site scripting (XSS) vulnerabilities in CQ Web in IBM ...) NOT-FOR-US: CQ Web in IBM Rational ClearQuest CVE-2008-5325 (Multiple cross-site scripting (XSS) vulnerabilities in CQ Web in IBM ...) NOT-FOR-US: ibm rational_clearquest CVE-2008-5326 (The ClearQuest Maintenance Tool in IBM Rational ClearQuest 7.0.0 ...) NOT-FOR-US: ibm rational_clearquest CVE-2008-5327 (The ClearQuest Maintenance Tool in IBM Rational ClearQuest 7 before ...) NOT-FOR-US: ibm rational_clearquest CVE-2008-5328 (The ClearQuest Maintenance Tool in IBM Rational ClearQuest before 7 ...) NOT-FOR-US: ibm rational_clearquest CVE-2008-5329 (ClearQuest Web in IBM Rational ClearQuest MultiSite before 7.1 allows ...) NOT-FOR-US: ibm rational_clearquest CVE-2008-5330 (Multiple cross-site scripting (XSS) vulnerabilities in the web ...) NOT-FOR-US: ibm rational_clearquest CVE-2008-5331 (Adobe Acrobat 9 uses more efficient encryption than previous versions, ...) NOT-FOR-US: adobe acrobat CVE-2008-5332 (Multiple PHP remote file inclusion vulnerabilities in Pie 0.5.3 allow ...) NOT-FOR-US: pie CVE-2008-5333 (SQL injection vulnerability in members.php in NitroTech 0.0.3a allows ...) NOT-FOR-US: nitrotech CVE-2008-5334 (PHP remote file inclusion vulnerability in includes/common.php in ...) NOT-FOR-US: nitrotech CVE-2008-5335 (SQL injection vulnerability in messages.php in PHP-Fusion 6.01.15 and ...) NOT-FOR-US: php fusion CVE-2008-5336 (SQL injection vulnerability in index.php in WebStudio CMS allows ...) NOT-FOR-US: bdigital_web_solutions webstudio_cms CVE-2008-5337 (SQL injection vulnerability in lyrics.php in Bandwebsite (aka Bandsite ...) NOT-FOR-US: multimania bandwebsite CVE-2008-5338 (Cross-site scripting (XSS) vulnerability in info.php in Bandwebsite ...) NOT-FOR-US: multimania bandwebsite CVE-2008-5339 (Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in ...) BUG: 250012 CVE-2008-5340 (Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in ...) BUG: 250012 CVE-2008-5341 (Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in ...) BUG: 250012 CVE-2008-5342 (Unspecified vulnerability in the BasicService for Java Web Start (JWS) ...) BUG: 250012 CVE-2008-5343 (Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 ...) BUG: 250012 CVE-2008-5344 (Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in ...) BUG: 250012 CVE-2008-5345 (Unspecified vulnerability in Java Runtime Environment (JRE) with Sun ...) BUG: 250012 CVE-2008-5346 (Unspecified vulnerability in Java Runtime Environment (JRE) for Sun ...) BUG: 250012 CVE-2008-5347 (Multiple unspecified vulnerabilities in Java Runtime Environment (JRE) ...) BUG: 250012 CVE-2008-5348 (Unspecified vulnerability in Java Runtime Environment (JRE) for Sun ...) BUG: 250012 CVE-2008-5349 (Unspecified vulnerability in Java Runtime Environment (JRE) for Sun ...) BUG: 250012 CVE-2008-5350 (Unspecified vulnerability in Java Runtime Environment (JRE) for Sun ...) BUG: 250012 CVE-2008-5351 (Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and ...) BUG: 250012 CVE-2008-5352 (Integer overflow in the JAR unpacking utility (unpack200) in the ...) BUG: 250012 CVE-2008-5353 (The Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and ...) BUG: 250012 CVE-2008-5354 (Stack-based buffer overflow in Java Runtime Environment (JRE) for Sun ...) BUG: 250012 CVE-2008-5355 (The "Java Update" feature for Java Runtime Environment (JRE) for Sun ...) BUG: 250012 CVE-2008-5356 (Heap-based buffer overflow in Java Runtime Environment (JRE) for Sun ...) BUG: 250012 CVE-2008-5357 (Integer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE ...) BUG: 250012 CVE-2008-5358 (Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and ...) BUG: 250012 CVE-2008-5359 (Buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE ...) BUG: 250012 CVE-2008-5360 (Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and ...) BUG: 250012 CVE-2008-5361 (The ActionScript 2 virtual machine in Adobe Flash Player 10.x before ...) BUG: 239543 CVE-2008-5362 (The DefineConstantPool action in the ActionScript 2 virtual machine in ...) BUG: 239543 CVE-2008-5363 (The ActionScript 2 virtual machine in Adobe Flash Player 10.x before ...) BUG: 239543 CVE-2008-5364 (Stack-based buffer overflow in the getPlus ActiveX control in gp.ocx ...) NOT-FOR-US: nos_microsystems getplus_download_manager CVE-2008-5365 (SQL injection vulnerability in VoteHistory.asp in ActiveWebSoftwares ...) NOT-FOR-US: activewebsoftwares activevotes CVE-2008-5366 (The postinst script in ppp 2.4.4rel on Debian GNU/Linux allows local ...) NOT-FOR-US: We're not debian. CVE-2008-5367 (ip-up in ppp-udeb 2.4.4rel on Debian GNU/Linux allows local users to ...) NOTE: 250553 handles a very similar bug in gentoo NOT-FOR-US: Our script is not affected. CVE-2008-5368 (muttprint in muttprint 0.72d allows local users to overwrite arbitrary ...) BUG: 250554 CVE-2008-5369 (noip2 in noip2 2.1.7 allows local users to overwrite arbitrary files ...) NOT-FOR-US: no ip2 CVE-2008-5370 (pvpgn-support-installer in pvpgn 1.8.1 allows local users to overwrite ...) NOT-FOR-US: Debian-specific, I checked the sources, pvpgn-support-installer seems to be part of the debian-installer CVE-2008-5371 (screenie in screenie 1.30.0 allows local users to overwrite arbitrary ...) BUG: 250476 CVE-2008-5372 (sdm-login in sdm-terminal 0.4.0b allows local users to overwrite ...) NOT-FOR-US: jonas_smedegaard sdm terminal CVE-2008-5373 (mtx-changer.Adic-Scalar-24 in bacula-common 2.4.2 allows local users ...) NOT-FOR-US: We do not install the script (checked ebuild, also unstable). Notified maintainer not to include them, if he plans to update the ebuild. CVE-2008-5374 (bash-doc 3.2 allows local users to overwrite arbitrary files via a ...) BUG: 251319 CVE-2008-5375 (cmus-status-display in cmus 2.2.0 allows local users to overwrite ...) BUG: 250474 CVE-2008-5376 (editcomment in crip 3.7 allows local users to overwrite arbitrary ...) NOT-FOR-US: crip CVE-2008-5377 (pstopdf in CUPS 1.3.8 allows local users to overwrite arbitrary files ...) BUG: 251316 CVE-2008-5378 (arb-kill in arb 0.0.20071207.1 allows local users to overwrite ...) NOT-FOR-US: lehrstuhl_fur_mikrobiologie arb CVE-2008-5379 (netdisco-mibs-installer 1.0 allows local users to overwrite arbitrary ...) NOT-FOR-US: oliver_gorwits netdisco_mibs_installer CVE-2008-5380 (gpsdrive (aka gpsdrive-scripts) 2.09 allows local users to overwrite ...) BUG: 251279 CVE-2008-5381 (Buffer overflow in the URL processing in ffdshow (aka ffdshow-tryout) ...) NOT-FOR-US: ffdshow tryout ffdshow CVE-2008-5382 (Cross-site request forgery (CSRF) vulnerability in I-O DATA DEVICE ...) NOT-FOR-US: i o_data hlf f320 CVE-2008-5383 (Stack-based buffer overflow in National Instruments Electronics ...) NOT-FOR-US: national_instruments electronics_workbench CVE-2008-5384 (crontab in bos.rte.cron in IBM AIX 6.1.0 through 6.1.2 allows local ...) NOT-FOR-US: ibm aix CVE-2008-5385 (enq in bos.rte.printers in IBM AIX 6.1.0 through 6.1.2, when a print ...) NOT-FOR-US: ibm aix CVE-2008-5386 (Buffer overflow in ndp in IBM AIX 6.1.0 through 6.1.2, when the netcd ...) NOT-FOR-US: ibm aix CVE-2008-5387 (Buffer overflow in autoconf6 in IBM AIX 6.1.0 through 6.1.2, when ...) NOT-FOR-US: ibm aix CVE-2008-5388 RESERVED CVE-2008-5389 RESERVED CVE-2008-5390 RESERVED CVE-2008-5391 RESERVED CVE-2008-5392 RESERVED CVE-2008-5393 (UPR-Kernel in Ubuntu Privacy Remix (UPR) before 8.04_r1 includes ...) NOT-FOR-US: privacy cd unbuntu_privacy_remix CVE-2008-5394 (/bin/login in shadow 4.0.18.1 in Debian GNU/Linux, and probably other ...) BUG: 251320 CVE-2008-5395 (The parisc_show_stack function in arch/parisc/kernel/traps.c in the ...) BUG: 250559 CVE-2008-5396 (Array index error in the (1) torisa.c and (2) dahdi/tor2.c drivers in ...) BUG: 251324 CVE-2008-5397 (Tor before 0.2.0.32 does not properly process the (1) User and (2) ...) BUG: 250018 CVE-2008-5398 (Tor before 0.2.0.32 does not properly process the ...) BUG: 250018 CVE-2008-5399 (Cross-site scripting (XSS) vulnerability in the listonlineusers (aka ...) NOT-FOR-US: listonlineusers aka Who s online component in mvnForum CVE-2008-5400 (Multiple cross-site request forgery (CSRF) vulnerabilities in mvnForum ...) NOT-FOR-US: mvnForum CVE-2008-5401 (Stack-based buffer overflow in the image tooltip implementation in ...) NOT-FOR-US: image tooltip implementation in Trillian CVE-2008-5402 (Double free vulnerability in the XML parser in Trillian before ...) NOT-FOR-US: XML parser in Trillian CVE-2008-5403 (Heap-based buffer overflow in the XML parser in the AIM plugin in ...) NOT-FOR-US: XML parser in the AIM plugin in Trillian CVE-2008-5404 (Insecure method vulnerability in the FlexCell.Grid ActiveX control in ...) NOT-FOR-US: FlexCell Grid ActiveX control in FlexCell ocx CVE-2008-5405 (Stack-based buffer overflow in the RDP protocol password decoder in ...) NOT-FOR-US: RDP protocol password decoder in Cain Abel CVE-2008-5406 (Stack-based buffer overflow in Apple QuickTime Player 7.5.5 and iTunes ...) NOT-FOR-US: apple quicktime CVE-2008-5407 (Multiple unspecified vulnerabilities in the Backup Exec remote-agent ...) NOT-FOR-US: Backup Exec remote agent logon process in Symantec Backup Exec for Windows Servers CVE-2008-5408 (Buffer overflow in the data management protocol in Symantec Backup ...) NOT-FOR-US: data management protocol in Symantec Backup Exec for Windows Servers CVE-2008-5409 (Unspecified vulnerability in the pdf.xmd module in (1) BitDefender ...) NOT-FOR-US: software602 groupware_server CVE-2008-5410 (The PK11_SESSION cache in the OpenSSL PKCS#11 engine in Sun Solaris 10 ...) NOT-FOR-US: Sun Solaris CVE-2008-5411 (IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 sends SSL ...) NOT-FOR-US: IBM CVE-2008-5412 (Unspecified vulnerability in IBM WebSphere Application Server (WAS) 7 ...) NOT-FOR-US: IBM WebSphere Application Server WAS CVE-2008-5413 (PerfServlet in the PMI/Performance Tools component in IBM WebSphere ...) NOT-FOR-US: PMI Performance Tools component in IBM WebSphere Application Server WAS CVE-2008-5414 (Unspecified vulnerability in the Feature Pack for Web Services in the ...) NOT-FOR-US: Feature Pack for Web Services in the Web Services Security component in IBM WebSphere Application Server WAS CVE-2008-5415 (The LDBserver service in the server in CA ARCserve Backup 11.1 through ...) NOT-FOR-US: ca arcserve_backup CVE-2008-5416 (Heap-based buffer overflow in Microsoft SQL Server 2000 SP4, ...) NOT-FOR-US: Microsoft SQL Server CVE-2008-5417 (HP DECnet-Plus 8.3 before ECO03 for OpenVMS on the Alpha platform uses ...) NOT-FOR-US: HP CVE-2008-5418 (Directory traversal vulnerability in login.php in the PunPortal module ...) NOT-FOR-US: PunPortal module CVE-2008-5419 (Stack-based buffer overflow in SAN Manager Master Agent service (aka ...) NOT-FOR-US: SAN Manager Master Agent service aka msragent exe in EMC Control Center CVE-2008-5420 (The SAN Manager Master Agent service (aka msragent.exe) in EMC Control ...) NOT-FOR-US: EMC Control Center CVE-2008-5421 (The SSL web administration service in NetWin SmsGate 1.1n and earlier ...) NOT-FOR-US: netwin smsgate CVE-2008-5422 (Sun Sun Ray Server Software 3.1 through 4.0 does not properly restrict ...) NOT-FOR-US: sun ray_server_software CVE-2008-5423 (Sun Sun Ray Server Software 3.x and 4.0 and Sun Ray Windows Connector ...) NOT-FOR-US: Sun CVE-2008-5424 (The MimeOleClearDirtyTree function in InetComm.dll in Microsoft ...) NOT-FOR-US: Microsoft Outlook Express CVE-2008-5425 (ESet NOD32 2.70.0039.0000 does not properly handle (1) multipart/mixed ...) NOT-FOR-US: n CVE-2008-5426 (Kaspersky Internet Security Suite 2009 does not properly handle (1) ...) NOT-FOR-US: Kaspersky CVE-2008-5427 (Norton Antivirus in Norton Internet Security 15.5.0.23 does not ...) NOT-FOR-US: Norton Internet Security CVE-2008-5428 (Opera 9.51 on Windows XP does not properly handle (1) multipart/mixed ...) NOTE: Windows only CVE-2008-5429 (Incredimail build 5853710 does not properly handle (1) multipart/mixed ...) NOT-FOR-US: Incredimail CVE-2008-5430 (Mozilla Thunderbird 2.0.14 does not properly handle (1) ...) NOTE: Client-side DoS CVE-2008-5431 (Teamtek Universal FTP Server 1.0.44 allows remote attackers to cause a ...) NOT-FOR-US: Teamtek CVE-2008-5432 (Cross-site scripting (XSS) vulnerability in Moodle before 1.6.8, 1.7 ...) NOT-FOR-US: Moodle CVE-2008-5433 (Cross-site scripting (XSS) vulnerability in login.php in PunBB 1.3 and ...) NOT-FOR-US: punbb CVE-2008-5434 (Multiple SQL injection vulnerabilities in PunBB 1.3 and 1.3.1 allow ...) NOT-FOR-US: PunBB CVE-2008-5435 (Cross-site scripting (XSS) vulnerability in moderate.php in PunBB ...) NOT-FOR-US: PunBB CVE-2008-5436 (Unspecified vulnerability in the Oracle OLAP component in Oracle ...) NOT-FOR-US: Oracle OLAP component in Oracle Database CVE-2008-5437 (Unspecified vulnerability in the Job Queue component in Oracle ...) NOT-FOR-US: Job Queue component in Oracle Database CVE-2008-5438 (Unspecified vulnerability in the Oracle Portal component in Oracle ...) NOT-FOR-US: Oracle Portal component in Oracle Application Server CVE-2008-5439 (Unspecified vulnerability in the SQL*Plus Windows GUI component in ...) NOT-FOR-US: SQL Plus Windows GUI component in Oracle Database CVE-2008-5440 (Unspecified vulnerability in the TimesTen Data Server component in ...) NOT-FOR-US: TimesTen Data Server component in Oracle Database CVE-2008-5441 (Unspecified vulnerability in the Oracle Secure Backup component in ...) NOT-FOR-US: Oracle Secure Backup component in Oracle Secure Backup CVE-2008-5442 (Unspecified vulnerability in the Oracle Secure Backup component in ...) NOT-FOR-US: Oracle Secure Backup component in Oracle Secure Backup CVE-2008-5443 (Unspecified vulnerability in the Oracle Secure Backup component in ...) NOT-FOR-US: Oracle Secure Backup component in Oracle Secure Backup CVE-2008-5444 (Unspecified vulnerability in the Oracle Secure Backup component in ...) NOT-FOR-US: Oracle Secure Backup component in Oracle Secure Backup CVE-2008-5445 (Unspecified vulnerability in the Oracle Secure Backup component in ...) NOT-FOR-US: Oracle Secure Backup component in Oracle Secure Backup CVE-2008-5446 (Unspecified vulnerability in the Oracle Applications Framework ...) NOT-FOR-US: Oracle Applications Framework component in Oracle E Business Suite CVE-2008-5447 (Unspecified vulnerability in the Oracle Enterprise Manager component ...) NOT-FOR-US: Oracle Enterprise Manager component in Oracle Enterprise Manager CVE-2008-5448 (Unspecified vulnerability in the Oracle Secure Backup component in ...) NOT-FOR-US: Oracle Secure Backup component in Oracle Secure Backup CVE-2008-5449 (Unspecified vulnerability in the Oracle Secure Backup component in ...) NOT-FOR-US: Oracle Secure Backup component in Oracle Secure Backup CVE-2008-5450 (Unspecified vulnerability in the Oracle Applications Platform ...) NOT-FOR-US: Oracle Applications Platform Engineering component in Oracle E Business Suite CVE-2008-5451 (Unspecified vulnerability in the JD Edwards Tools component in Oracle ...) NOT-FOR-US: JD Edwards Tools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne CVE-2008-5452 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...) NOT-FOR-US: PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne CVE-2008-5453 RESERVED CVE-2008-5454 (Unspecified vulnerability in the iProcurement component in Oracle ...) NOT-FOR-US: iProcurement component in Oracle E Business Suite CVE-2008-5455 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS - ...) NOT-FOR-US: PeopleSoft Enterprise HRMS ePerformance component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne CVE-2008-5456 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...) NOT-FOR-US: PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne CVE-2008-5457 (Unspecified vulnerability in the Oracle BEA WebLogic Server Plugins ...) NOT-FOR-US: Oracle BEA WebLogic Server Plugins for Apache Sun and IIS web servers component in BEA Product Suite CVE-2008-5458 (Unspecified vulnerability in the Oracle Application Object Library ...) NOT-FOR-US: Oracle Application Object Library component in Oracle E Business Suite CVE-2008-5459 (Unspecified vulnerability in the WebLogic Server component in BEA ...) NOT-FOR-US: WebLogic Server component in BEA Product Suite CVE-2008-5460 (Unspecified vulnerability in the WebLogic Server component in BEA ...) NOT-FOR-US: WebLogic Server component in BEA Product Suite CVE-2008-5461 (Unspecified vulnerability in the WebLogic Server component in BEA ...) NOT-FOR-US: WebLogic Server component in BEA Product Suite CVE-2008-5462 (Unspecified vulnerability in the WebLogic Portal component in BEA ...) NOT-FOR-US: WebLogic Portal component in BEA Product Suite CVE-2008-5463 (Unspecified vulnerability in the PeopleSoft Enterprise Campus ...) NOT-FOR-US: PeopleSoft Enterprise Campus Solutions component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne CVE-2008-5464 RESERVED CVE-2008-5465 RESERVED CVE-2008-5466 RESERVED CVE-2008-5467 RESERVED CVE-2008-5468 RESERVED CVE-2008-5469 RESERVED CVE-2008-5470 RESERVED CVE-2008-5471 RESERVED CVE-2008-5472 RESERVED CVE-2008-5473 RESERVED CVE-2008-5474 RESERVED CVE-2008-5475 RESERVED CVE-2008-5476 RESERVED CVE-2008-5477 RESERVED CVE-2008-5478 RESERVED CVE-2008-5479 RESERVED CVE-2008-5480 RESERVED CVE-2008-5481 RESERVED CVE-2008-5482 RESERVED CVE-2008-5483 RESERVED CVE-2008-5484 RESERVED CVE-2008-5485 RESERVED CVE-2008-5486 (SQL injection vulnerability in admin.php in TurnkeyForms Text Link ...) NOT-FOR-US: TurnkeyForms CVE-2008-5487 (Cross-site scripting (XSS) vulnerability in admin.php in TurnkeyForms ...) NOT-FOR-US: TurnkeyForms CVE-2008-5488 (SQL injection vulnerability in admin.php in E-topbiz Domain Shop 2 ...) NOT-FOR-US: E topbiz Domain Shop CVE-2008-5489 (SQL injection vulnerability in channel_detail.php in ClipShare Pro 4, ...) NOT-FOR-US: ClipShare Pro CVE-2008-5490 (SQL injection vulnerability in index.php in PHPStore Yahoo Answers ...) NOT-FOR-US: PHPStore CVE-2008-5491 (SQL injection vulnerability in edit.php in SlimCMS 1.0.0 and earlier ...) NOT-FOR-US: SlimCMS CVE-2008-5492 (Heap-based buffer overflow in the PDFVIEW.PdfviewCtrl.1 ActiveX ...) NOT-FOR-US: pdfview ocx CVE-2008-5493 (SQL injection vulnerability in track.php in PHPStore Wholesales (aka ...) NOT-FOR-US: PHPStore CVE-2008-5494 (SQL injection vulnerability in the Contact Information Module ...) NOT-FOR-US: digitalgreys com_contactinfo CVE-2008-5495 (Unspecified vulnerability in the GungHo LoadPrgAx ActiveX control ...) NOT-FOR-US: GungHo LoadPrgAx ActiveX control CVE-2008-5496 (SQL injection vulnerability in showcategory.php in PozScripts Business ...) NOT-FOR-US: PozScripts CVE-2008-5497 (BandSite CMS 1.1.4 allows remote attackers to bypass authentication ...) NOT-FOR-US: BandSite CVE-2008-5498 (Array index error in the imageRotate function in PHP 5.2.8 and earlier ...) BUG: 249875 CVE-2008-5499 (Unspecified vulnerability in Adobe Flash Player for Linux 10.0.12.36, ...) BUG: 251496 CVE-2008-5500 (The layout engine in Mozilla Firefox 3.x before 3.0.5 and 2.x before ...) BUG: 251322 CVE-2008-5501 (The layout engine in Mozilla Firefox 3.x before 3.0.5, Thunderbird 2.x ...) BUG: 251322 CVE-2008-5502 (The layout engine in Mozilla Firefox 3.x before 3.0.5, Thunderbird 2.x ...) BUG: 251322 CVE-2008-5503 (The loadBindingDocument function in Mozilla Firefox 2.x before ...) BUG: 251322 CVE-2008-5504 (Mozilla Firefox 2.x before 2.0.0.19 allows remote attackers to run ...) BUG: 251322 CVE-2008-5505 (Mozilla Firefox 3.x before 3.0.5 allows remote attackers to bypass ...) BUG: 251322 CVE-2008-5506 (Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird ...) BUG: 251322 CVE-2008-5507 (Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird ...) BUG: 251322 CVE-2008-5508 (Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird ...) BUG: 251322 CVE-2008-5509 RESERVED CVE-2008-5510 (The CSS parser in Mozilla Firefox 3.x before 3.0.5 and 2.x before ...) BUG: 251322 CVE-2008-5511 (Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird ...) BUG: 251322 CVE-2008-5512 (Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before ...) BUG: 251322 CVE-2008-5513 (Unspecified vulnerability in the session-restore feature in Mozilla ...) BUG: 251322 CVE-2008-5514 (Off-by-one error in the rfc822_output_char function in the ...) BUG: 252567 CVE-2008-5515 (Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 ...) BUG: 273662 CVE-2008-5516 (The web interface in git (gitweb) 1.5.x before 1.5.5 allows remote ...) BUG: 255567 CVE-2008-5517 (The web interface in git (gitweb) 1.5.x before 1.5.6 allows remote ...) BUG: 255567 NOTE: only OpenSUSE?! Need to check. CVE-2008-5518 (Multiple directory traversal vulnerabilities in the web administration ...) NOT-FOR-US: microsoft windows CVE-2008-5519 (The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat ...) BUG: 265455 CVE-2008-5520 (AhnLab V3 2008.12.4.1 and possibly 2008.9.13.0, when Internet Explorer ...) NOT-FOR-US: ahnlab v3_internet_security CVE-2008-5521 (Avira AntiVir 7.9.0.36 and possibly 7.8.1.28, when Internet Explorer 6 ...) NOT-FOR-US: free av antivir CVE-2008-5522 (AVG Anti-Virus 8.0.0.161, when Internet Explorer 6 or 7 is used, ...) NOT-FOR-US: avg antivirus CVE-2008-5523 (avast! antivirus 4.8.1281.0, when Internet Explorer 6 or 7 is used, ...) NOT-FOR-US: avast_antivirus CVE-2008-5524 (CAT-QuickHeal 10.00 and possibly 9.50, when Internet Explorer 6 or 7 ...) NOT-FOR-US: cat_quickheal CVE-2008-5525 (ClamAV 0.94.1 and possibly 0.93.1, when Internet Explorer 6 or 7 is ...) NOTE: Windows / IE only CVE-2008-5526 (DrWeb Anti-virus 4.44.0.09170, when Internet Explorer 6 or 7 is used, ...) NOT-FOR-US: drweb anti virus CVE-2008-5527 (ESET Smart Security, when Internet Explorer 6 or 7 is used, allows ...) NOT-FOR-US: eset smart_security CVE-2008-5528 (Aladdin eSafe 7.0.17.0, when Internet Explorer 6 or 7 is used, allows ...) NOT-FOR-US: aladdin esafe CVE-2008-5529 (CA eTrust Antivirus 31.6.6086, when Internet Explorer 6 or 7 is used, ...) NOT-FOR-US: ca etrust_antivirus CVE-2008-5530 (Ewido Security Suite 4.0, when Internet Explorer 6 or 7 is used, ...) NOT-FOR-US: ewido_security_suite CVE-2008-5531 (Fortinet Antivirus 3.113.0.0, when Internet Explorer 6 or 7 is used, ...) NOT-FOR-US: fortinet fortiguard_antivirus CVE-2008-5532 (Ikarus Virus Utilities T3.1.1.45.0 and possibly T3.1.1.34.0, when ...) NOT-FOR-US: ikarus_antivirus CVE-2008-5533 (K7AntiVirus 7.10.541 and possibly 7.10.454, when Internet Explorer 6 ...) NOT-FOR-US: k7computing antivirus CVE-2008-5534 (ESET NOD32 Antivirus 3662 and possibly 3440, when Internet Explorer 6 ...) NOT-FOR-US: eset nod32_antivirus CVE-2008-5535 (Norman Antivirus 5.80.02, when Internet Explorer 6 or 7 is used, ...) NOT-FOR-US: norman_antivirus_ _antispyware CVE-2008-5536 (Panda Antivirus 9.0.0.4, when Internet Explorer 6 or 7 is used, allows ...) NOT-FOR-US: pandasecurity panda_antivirus CVE-2008-5537 (PC Tools AntiVirus 4.4.2.0, when Internet Explorer 6 or 7 is used, ...) NOT-FOR-US: pctools_antivirus CVE-2008-5538 (Prevx Prevx1 2, when Internet Explorer 6 or 7 is used, allows remote ...) NOT-FOR-US: prevx1 CVE-2008-5539 (RISING Antivirus 21.06.31.00 and possibly 20.61.42.00, when Internet ...) NOT-FOR-US: rising global rising_antivirus CVE-2008-5540 (Secure Computing Secure Web Gateway (aka Webwasher), when Internet ...) NOT-FOR-US: secure_computing webwasher CVE-2008-5541 (Sophos Anti-Virus 4.33.0, when Internet Explorer 6 or 7 is used, ...) NOT-FOR-US: sophos anti virus CVE-2008-5542 (Sunbelt VIPRE 3.1.1832.2 and possibly 3.1.1633.1, when Internet ...) NOT-FOR-US: sunbeltsoftware vipre CVE-2008-5543 (Symantec AntiVirus (SAV) 10, when Internet Explorer 6 or 7 is used, ...) NOT-FOR-US: symantec antivirus CVE-2008-5544 (Hacksoft The Hacker 6.3.1.2.174 and possibly 6.3.0.9.081, when ...) NOT-FOR-US: hacksoft the_hacker CVE-2008-5545 (Trend Micro VSAPI 8.700.0.1004 in Trend Micro AntiVirus, when Internet ...) NOT-FOR-US: trend_micro_antivirus CVE-2008-5546 (VirusBlokAda VBA32 3.12.8.5, when Internet Explorer 6 or 7 is used, ...) NOT-FOR-US: virusblokada vba32_antivirus CVE-2008-5547 (HAURI ViRobot 2008.12.4.1499 and possibly 2008.9.12.1375, when ...) NOT-FOR-US: hauri virobot CVE-2008-5548 (VirusBuster 4.5.11.0, when Internet Explorer 6 or 7 is used, allows ...) NOT-FOR-US: virusbuster CVE-2008-5549 (Unspecified vulnerability in the Sun Java Web Console components in ...) NOT-FOR-US: sun java_system_portal_server CVE-2008-5550 (Open redirect vulnerability in console/faces/jsp/login/BeginLogin.jsp ...) NOT-FOR-US: sun solaris CVE-2008-5551 (The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 allows remote ...) NOT-FOR-US: microsoft internet_explorer CVE-2008-5552 (The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 allows remote ...) NOT-FOR-US: microsoft internet_explorer CVE-2008-5553 (The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 disables ...) NOT-FOR-US: microsoft internet_explorer CVE-2008-5554 (The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 does not ...) NOT-FOR-US: microsoft internet_explorer CVE-2008-5555 (Microsoft Internet Explorer 8.0 Beta 2 relies on the ...) NOT-FOR-US: microsoft internet_explorer CVE-2008-5556 (** DISPUTED ** ...) NOT-FOR-US: microsoft internet_explorer CVE-2008-5557 (Heap-based buffer overflow in ...) BUG: 249875 CVE-2008-5558 (Asterisk Open Source 1.2.26 through 1.2.30.3 and Business Edition ...) BUG: 250748 CVE-2008-5559 (SQL injection vulnerability in sendcard.cfm in PostEcards allows ...) NOT-FOR-US: dazzlindonna postecards CVE-2008-5560 (PostEcards stores sensitive information under the web root with ...) NOT-FOR-US: dazzlindonna postecards CVE-2008-5561 (SQL injection vulnerability in Netref 4.0 allows remote attackers to ...) NOT-FOR-US: netref CVE-2008-5562 (ASPPortal stores sensitive information under the web root with ...) NOT-FOR-US: aspapps aspportal CVE-2008-5563 (Aruba Mobility Controller 2.4.8.x-FIPS, 2.5.x, 3.1.x, 3.2.x, 3.3.1.x, ...) NOT-FOR-US: arubanetworks aruba_mobility_controller CVE-2008-5564 (Unspecified vulnerability in the media server in Orb Networks Orb ...) NOT-FOR-US: orb_networks orb CVE-2008-5565 (Cross-site request forgery (CSRF) vulnerability in admin/settings.php ...) NOT-FOR-US: dinkumsoft dl_paycart CVE-2008-5566 (Cross-site scripting (XSS) vulnerability in index.php in Triangle ...) NOT-FOR-US: phpmultiplenewsletters CVE-2008-5567 (Cross-site request forgery (CSRF) vulnerability in ...) NOT-FOR-US: bonzacart bonza_cart CVE-2008-5568 (Cross-site request forgery (CSRF) vulnerability in admin/settings.php ...) NOT-FOR-US: ipn mate ipn_pro_3 CVE-2008-5569 (Multiple cross-site scripting (XSS) vulnerabilities in PHPepperShop ...) NOT-FOR-US: phpeppershop CVE-2008-5570 (Directory traversal vulnerability in index.php in PHP Multiple ...) NOT-FOR-US: php_multiple_newsletters CVE-2008-5571 (SQL injection vulnerability in admin/login.asp in Professional ...) NOT-FOR-US: dotnetindex professional_download_assistant CVE-2008-5572 (Professional Download Assistant 0.1 stores sensitive information under ...) NOT-FOR-US: dotnetindex professional_download_assistant CVE-2008-5573 (SQL injection vulnerability in the login feature in Poll Pro 2.0 ...) NOT-FOR-US: adcomplete poll_pro CVE-2008-5574 (SQL injection vulnerability in member.php in Webmaster Marketplace ...) NOT-FOR-US: unscripts webmaster_marketplace CVE-2008-5575 (Session fixation vulnerability in Pro Clan Manager 0.4.2 and earlier ...) NOT-FOR-US: proclanmanager pro_clan_manager CVE-2008-5576 (admin/forums.php in sCssBoard 1.0, 1.1, 1.11, and 1.12 allows remote ...) NOT-FOR-US: scssboard CVE-2008-5577 (PHP remote file inclusion vulnerability in index.php in sCssBoard 1.0, ...) NOT-FOR-US: scssboard CVE-2008-5578 (Multiple SQL injection vulnerabilities in index.php in sCssBoard 1.0, ...) NOT-FOR-US: scssboard CVE-2008-5579 (Absolute path traversal vulnerability in ...) NOT-FOR-US: mini pub CVE-2008-5580 (mini-pub.php/front-end/cat.php in mini-pub 0.3 allows remote attackers ...) NOT-FOR-US: mini pub CVE-2008-5581 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: mini pub CVE-2008-5582 (SQL injection vulnerability in utilities/login.asp in Nukedit 4.9.x, ...) NOT-FOR-US: nukedit CVE-2008-5583 (Cross-site request forgery (CSRF) vulnerability in index.php in ...) NOT-FOR-US: projectpier CVE-2008-5584 (Multiple cross-site scripting (XSS) vulnerabilities in ProjectPier 0.8 ...) NOT-FOR-US: projectpier CVE-2008-5585 (Multiple PHP remote file inclusion vulnerabilities in lcxBBportal 0.1 ...) NOT-FOR-US: lcxbbportal CVE-2008-5586 (SQL injection vulnerability in findoffice.php in Check Up New ...) NOT-FOR-US: check_up check_new CVE-2008-5587 (Directory traversal vulnerability in libraries/lib.inc.php in ...) BUG: 250451 CVE-2008-5588 (SQL injection vulnerability in rankup.asp in Katy Whitton RankEm ...) NOT-FOR-US: katywhitton rankem CVE-2008-5589 (SQL injection vulnerability in processlogin.asp in Katy Whitton RankEm ...) NOT-FOR-US: katywhitton rankem CVE-2008-5590 (SQL injection vulnerability in customer.forumtopic.php in Kalptaru ...) NOT-FOR-US: kalptaru_infotech product_sale_framework CVE-2008-5591 (Cross-site scripting (XSS) vulnerability in login.asp in Nightfall ...) NOT-FOR-US: iwrite nightfall_personal_diary CVE-2008-5592 (Nightfall Personal Diary 1.0 stores sensitive information under the ...) NOT-FOR-US: iwrite nightfall_personal_diary CVE-2008-5593 (Multiple directory traversal vulnerabilities in index.php in Mini CMS ...) NOT-FOR-US: bpowerhouse mini_cms CVE-2008-5594 (Multiple directory traversal vulnerabilities in index.php in Mini Blog ...) NOT-FOR-US: bpowerhouse mini_blog CVE-2008-5595 (SQL injection vulnerability in detail.asp in ASP AutoDealer allows ...) NOT-FOR-US: aspapps asp_autodealer CVE-2008-5596 (Ikon AdManager 2.1 and earlier stores sensitive information under the ...) NOT-FOR-US: dotnetindex ikon_admanager CVE-2008-5597 (Cold BBS stores sensitive information under the web root with ...) NOT-FOR-US: cold_bbs CVE-2008-5598 (Directory traversal vulnerability in index.php in PHPmyGallery 1.51 ...) NOT-FOR-US: phpmygallery CVE-2008-5599 (SQL injection vulnerability in default.asp in Merlix Teamworx Server ...) NOT-FOR-US: merlix teamworx_server CVE-2008-5600 (Merlix Teamworx Server stores sensitive information under the web root ...) NOT-FOR-US: merlix teamworx_server CVE-2008-5601 (User Engine Lite ASP stores sensitive information under the web root ...) NOT-FOR-US: User Engine Lite ASP CVE-2008-5602 (Natterchat 1.12 stores sensitive information under the web root with ...) NOT-FOR-US: Natterchat CVE-2008-5603 (ASPTicker 1.0 stores sensitive information under the web root with ...) NOT-FOR-US: ASPTicker CVE-2008-5604 (Directory traversal vulnerability in index.php in My Simple Forum 3.0 ...) NOT-FOR-US: My Simple Forum CVE-2008-5605 (Multiple SQL injection vulnerabilities in ASP Portal allow remote ...) NOT-FOR-US: ASP portal CVE-2008-5606 (Gazatem QMail Mailing List Manager 1.2 stores sensitive information ...) NOT-FOR-US: Gazatem CVE-2008-5607 (SQL injection vulnerability in the JMovies (aka JM or com_jmovies) ...) NOT-FOR-US: JMovies aka JM or com_jmovies component CVE-2008-5608 (ASP AutoDealer stores sensitive information under the web root with ...) NOT-FOR-US: ASP AutoDealer CVE-2008-5609 (SQL injection vulnerability in the Commerce extension 0.9.6 and ...) NOT-FOR-US: Commerce extension CVE-2008-5610 RESERVED CVE-2008-5611 RESERVED CVE-2008-5612 RESERVED CVE-2008-5613 RESERVED CVE-2008-5614 RESERVED CVE-2008-5615 RESERVED CVE-2008-5616 (Stack-based buffer overflow in the demux_open_vqf function in ...) BUG: 251017 CVE-2008-5617 (The ACL handling in rsyslog 3.12.1 to 3.20.0, 4.1.0, and 4.1.1 does ...) BUG: 249878 CVE-2008-5618 (imudp in rsyslog 4.x before 4.1.2, 3.21 before 3.21.9 beta, and 3.20 ...) BUG: 249878 CVE-2008-5619 (html2text.php in Chuggnutt HTML to Text Converter, as used in ...) NOT-FOR-US: roundcubemail CVE-2008-5620 (RoundCube Webmail (roundcubemail) before 0.2-beta allows remote ...) NOT-FOR-US: RoundCube CVE-2008-5621 (Cross-site request forgery (CSRF) vulnerability in phpMyAdmin 2.11.x ...) BUG: 250752 CVE-2008-5622 REJECTED CVE-2008-5623 RESERVED CVE-2008-5624 (PHP 5 before 5.2.7 does not properly initialize the page_uid and ...) BUG: 249875 CVE-2008-5625 (PHP 5 before 5.2.7 does not enforce the error_log safe_mode ...) BUG: 249875 CVE-2008-5626 (XM Easy Personal FTP Server 5.6.0 allows remote authenticated users to ...) NOT-FOR-US: dxmsoft xm_easy_personal_ftp_server CVE-2008-5627 (SQL injection vulnerability in account.asp in Active Trade 2 allows ...) NOT-FOR-US: activewebsoftwares active_trade CVE-2008-5628 (SQL injection vulnerability in index.php in CMS little 0.0.1 allows ...) NOT-FOR-US: little_cms CVE-2008-5629 (SQL injection vulnerability in index.php in Turnkey Arcade Script ...) NOT-FOR-US: turnkeyarcade turnkey_arcade_script CVE-2008-5630 (SQL injection vulnerability in merchants/index.php in Post Affiliate ...) NOT-FOR-US: qualityunit post_affiliate_pro CVE-2008-5631 (SQL injection vulnerability in start.asp in Active eWebquiz 8.0 allows ...) NOT-FOR-US: activewebsoftwares active_ewebquiz CVE-2008-5632 (SQL injection vulnerability in Account.asp in Active Time Billing 3.2 ...) NOT-FOR-US: activewebsoftwares active_time_billing CVE-2008-5633 (SQL injection vulnerability in register.asp in ActiveVotes 2.2 allows ...) NOT-FOR-US: activewebsoftwares activevotes CVE-2008-5634 (SQL injection vulnerability in account.asp in Active Force Matrix 2.0 ...) NOT-FOR-US: activewebsoftwares active_force_matrix CVE-2008-5635 (SQL injection vulnerability in account.asp in Active Membership 2.0 ...) NOT-FOR-US: activewebsoftwares active_membership CVE-2008-5636 (SQL injection vulnerability in cate.php in Lito Lite CMS, when ...) NOT-FOR-US: lovedesigner lito_lite_cms CVE-2008-5637 (SQL injection vulnerability in blog.asp in ParsBlogger (Pb) allows ...) NOT-FOR-US: parsblogger CVE-2008-5638 (Multiple SQL injection vulnerabilities in Active Price Comparison 4 ...) NOT-FOR-US: activewebsoftwares active_price_comparison CVE-2008-5639 (Directory traversal vulnerability in index.php in TxtBlog 1.0 Alpha ...) NOT-FOR-US: txtblogcms txtblog CVE-2008-5640 (SQL injection vulnerability in bidhistory.asp in Active Bids 3.5 ...) NOT-FOR-US: activewebsoftwares active_bids CVE-2008-5641 (SQL injection vulnerability in account.asp in Active Photo Gallery 6.2 ...) NOT-FOR-US: activewebsoftwares active_photo_gallery CVE-2008-5642 (Directory traversal vulnerability in admin/login.php in CMS Made ...) NOT-FOR-US: cmsmadesimple cms_made_simple CVE-2008-5643 (SQL injection vulnerability in the Books (com_books) component for ...) NOT-FOR-US: joomla com_books CVE-2008-5644 (Cross-site scripting (XSS) vulnerability in the file backend module in ...) NOT-FOR-US: typosphere typo CVE-2008-5645 (Directory traversal vulnerability in the media server in Orb Networks ...) NOT-FOR-US: orb_networks orb CVE-2008-5646 (Unspecified vulnerability in Trac before 0.11.2 allows attackers to ...) BUG: 246130 CVE-2008-5647 (Unspecified vulnerability in the HTML sanitizer filter in Trac before ...) BUG: 246130 CVE-2008-5648 (SQL injection vulnerability in admin/login.php in DeltaScripts PHP ...) NOT-FOR-US: deltascripts php_shop CVE-2008-5649 (SQL injection vulnerability in admin/admin.php in AlstraSoft Article ...) NOT-FOR-US: alstrasoft article_manager_pro CVE-2008-5650 (SQL injection vulnerability in the login directory in AlstraSoft Web ...) NOT-FOR-US: alstrasoft webhost_directory CVE-2008-5651 (SQL injection vulnerability in ...) NOT-FOR-US: myiosoft easybookmarker CVE-2008-5652 (SQL injection vulnerability in the loginADP function in ajaxp.php in ...) NOT-FOR-US: myiosoft easybookmarker CVE-2008-5653 (SQL injection vulnerability in the loginADP function in ajaxp.php in ...) NOT-FOR-US: myiosoft com ajaxportal CVE-2008-5654 (SQL injection vulnerability in the loginADP function in ajaxp.php in ...) NOT-FOR-US: myiosoft easycalendar CVE-2008-5655 (Multiple SQL injection vulnerabilities in MyioSoft EasyBookMarker 4.0 ...) NOT-FOR-US: myiosoft easybookmarker CVE-2008-5656 (Cross-site scripting (XSS) vulnerability in the frontend plugin for ...) NOT-FOR-US: typo3 CVE-2008-5657 (CRLF injection vulnerability in Quassel Core before 0.3.0.3 allows ...) NOTE: Already taken care of, bumped in October and ~arch only CVE-2008-5658 (Directory traversal vulnerability in the ZipArchive::extractTo ...) BUG: 249875 CVE-2008-5659 (The gnu.java.security.util.PRNG class in GNU Classpath 0.97.2 and ...) BUG: 251463 CVE-2008-5660 (Format string vulnerability in the vinagre_utils_show_error function ...) BUG: 250314 CVE-2008-5661 (The IPv4 Forwarding feature in Sun Solaris 10 and OpenSolaris snv_47 ...) NOT-FOR-US: Sun Solaris CVE-2008-5662 (Multiple buffer overflows in Sun Java Wireless Toolkit (WTK) for CLDC ...) NOT-FOR-US: Sun Java Wireless Toolkit WTK for CLDC CVE-2008-5663 (Multiple unrestricted file upload vulnerabilities in Kusaba 1.0.4 and ...) NOT-FOR-US: kusaba CVE-2008-5664 (Stack-based buffer overflow in Realtek Media Player (aka Realtek Sound ...) NOT-FOR-US: realtek_media_player CVE-2008-5665 (SQL injection vulnerability in index.php in the xhresim module in ...) NOT-FOR-US: xhresim module in XOOPS CVE-2008-5666 (WinFTP FTP Server 2.3.0, when passive (aka PASV) mode is used, allows ...) NOT-FOR-US: wftpserver winftp_ftp_server CVE-2008-5667 (The scanning engine in VirusBlokAda VBA32 Personal Antivirus 3.12.8.x ...) NOT-FOR-US: virusblokada vba32_personal_antivirus CVE-2008-5668 (Multiple cross-site scripting (XSS) vulnerabilities in Textpattern ...) NOT-FOR-US: textpattern CVE-2008-5669 (index.php in the comments preview section in Textpattern (aka Txp CMS) ...) NOT-FOR-US: textpattern CVE-2008-5670 (Textpattern (aka Txp CMS) 4.0.5 does not ask for the old password ...) NOT-FOR-US: textpattern CVE-2008-5671 (PHP remote file inclusion vulnerability in index.php in Joomla! 1.0.11 ...) BUG: 204335 CVE-2008-5672 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...) NOT-FOR-US: phparanoid CVE-2008-5673 (PHParanoid before 0.4 does not properly restrict access to the members ...) NOT-FOR-US: phparanoid CVE-2008-5674 (Multiple array index errors in the HTTP server in Darkwet Network ...) NOT-FOR-US: darkwet webcam_xp CVE-2008-5675 (Unspecified vulnerability in IBM WebSphere Portal 6.0 before 6.0.1.5 ...) NOT-FOR-US: ibm websphere_portal CVE-2008-5676 (Multiple unspecified vulnerabilities in the ModSecurity (aka ...) BUG: 240946 CVE-2008-5677 (Unrestricted file upload vulnerability in Kwalbum 2.0.4, 2.0.2, and ...) NOT-FOR-US: kwalbum CVE-2008-5678 (Fretwell-Downing Informatics (FDI) OLIB7 WebView 2.5.1.1 allows remote ...) NOT-FOR-US: fdgroup olib7_webview CVE-2008-5679 (The HTML parsing engine in Opera before 9.63 allows remote attackers ...) BUG: 247229 CVE-2008-5680 (Multiple buffer overflows in Opera before 9.63 might allow (1) remote ...) BUG: 247229 CVE-2008-5681 (Opera before 9.63 does not block unspecified "scripted URLs" during ...) BUG: 247229 CVE-2008-5682 (Cross-site scripting (XSS) vulnerability in Opera before 9.63 allows ...) BUG: 247229 CVE-2008-5683 (Unspecified vulnerability in Opera before 9.63 allows remote attackers ...) BUG: 247229 CVE-2008-5684 (Unspecified vulnerability in the X Inter Client Exchange library (aka ...) NOTE: No public information available from sun, google does not find bug 6748600 NOTE: might be solaris-specific? NOT-FOR-US: sun solaris CVE-2008-5685 (Sun ScApp firmware 5.18.x, 5.19.x, and 5.20.0 through 5.20.10 on Sun ...) NOT-FOR-US: sun scapp CVE-2008-5686 (IBM Tivoli Provisioning Manager (TPM) before 5.1.1.1 IF0006, when its ...) NOT-FOR-US: ibm tivoli_provisioning_manager CVE-2008-5687 (MediaWiki 1.11, and other versions before 1.13.3, does not properly ...) BUG: 251044 CVE-2008-5688 (MediaWiki 1.8.1, and other versions before 1.13.3, when the ...) BUG: 251044 CVE-2008-5689 (tun in IP Tunnel in Solaris 10 and OpenSolaris snv_01 through snv_76 ...) NOT-FOR-US: sun solaris CVE-2008-5690 (The Kerberos credential renewal feature in Sun Solaris 8, 9, and 10, ...) NOT-FOR-US: sun solaris CVE-2008-5691 (Heap-based buffer overflow in the Phoenician Casino FlashAX ActiveX ...) NOT-FOR-US: phonecian_casino flashax CVE-2008-5692 (Ipswitch WS_FTP Server Manager before 6.1.1, and possibly other ...) NOT-FOR-US: ipswitch ws_ftp CVE-2008-5693 (Ipswitch WS_FTP Server Manager 6.1.0.0 and earlier, and possibly other ...) NOT-FOR-US: ipswitch ws_ftp CVE-2008-5694 (PHP remote file inclusion vulnerability in ...) BUG: 252682 CVE-2008-5695 (wp-admin/options.php in WordPress MU before 1.3.2, and WordPress 2.3.2 ...) NOT-FOR-US: We only have newer versions in tree. CVE-2008-5696 (Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux server is ...) NOT-FOR-US: novell netware CVE-2008-5697 (The skype_tool.copy_num method in the Skype extension BETA 2.2.0.95 ...) NOT-FOR-US: skype_extension_for_firefox CVE-2008-5698 (HTMLTokenizer::scriptHandler in Konqueror in KDE 3.5.9 and 3.5.10 ...) BUG: 252686 CVE-2008-5699 (The name service cache daemon (nscd) in Sun Solaris 10 and OpenSolaris ...) NOT-FOR-US: sun solaris CVE-2008-5700 (libata in the Linux kernel before 2.6.27.9 does not set minimum ...) BUG: 252688 CVE-2008-5701 (Array index error in arch/mips/kernel/scall64-o32.S in the Linux ...) NOTE: MIPS only CVE-2008-5702 (Buffer underflow in the ibwdt_ioctl function in ...) BUG: 252690 CVE-2008-5703 (gpsdrive (aka gpsdrive-scripts) 2.10~pre4 allows local users to ...) BUG: 251279 CVE-2008-5704 (src/unit_test.c in gpsdrive (aka gpsdrive-scripts) 2.10~pre4 might ...) BUG: 251279 CVE-2008-5705 (The cTrigger::DoIt function in src/ctrigger.cpp in the trigger ...) NOT-FOR-US: verlihub project verlihub CVE-2008-5706 (The cTrigger::DoIt function in src/ctrigger.cpp in the trigger ...) NOT-FOR-US: verlihub project verlihub CVE-2008-5707 (SQL injection vulnerability in urunler.asp in Iltaweb Alisveris ...) NOT-FOR-US: aspindir iltaweb_alisveris_sistemi CVE-2008-5708 (redirect.php in SlimCMS 1.0.0 does not require authentication, which ...) NOT-FOR-US: slimcms CVE-2008-5709 (Multiple unspecified vulnerabilities in the web management interface ...) NOT-FOR-US: avaya communication_manager CVE-2008-5710 (Multiple unspecified vulnerabilities in the web management interface ...) NOT-FOR-US: avaya communication_manager CVE-2008-5711 (Heap-based buffer overflow in the Facebook PhotoUploader ActiveX ...) NOT-FOR-US: facebook photouploader CVE-2008-5712 (The HTML parser in KDE Konqueror 3.5.9 allows remote attackers to ...) BUG: 241112 CVE-2008-5713 (The __qdisc_run function in net/sched/sch_generic.c in the Linux ...) BUG: 252729 CVE-2008-5714 (Off-by-one error in monitor.c in Qemu 0.9.1 might make it easier for ...) BUG: 252595 CVE-2008-5715 (Mozilla Firefox 3.0.5 on Windows Vista allows remote attackers to ...) NOTE: Windows Vista CVE-2008-5716 (xend in Xen 3.3.0 does not properly restrict a guest VM's write access ...) BUG: 252731 CVE-2008-5717 (Cross-site scripting (XSS) vulnerability in Hitachi JP1/Integrated ...) NOT-FOR-US: Hitachi CVE-2008-5718 (The papd daemon in Netatalk before 2.0.4-beta2, when using certain ...) BUG: 252210 CVE-2008-5719 (Cross-site scripting (XSS) vulnerability in Hitachi Groupmax Web ...) NOT-FOR-US: Hitachi Groupmax Web Workflow SDK Set for Active Server Pages CVE-2008-5720 (Cross-site scripting (XSS) vulnerability in Mayaa before 1.1.23 allows ...) NOT-FOR-US: Mayaa CVE-2008-5721 (SapporoWorks BlackJumboDog (BJD) before 4.2.3 allows remote attackers ...) NOT-FOR-US: SapporoWorks CVE-2008-5722 (Buffer overflow in SAWStudio 3.9i allows user-assisted remote ...) NOT-FOR-US: SAWStudio CVE-2008-5723 (Directory traversal vulnerability in CGI RESCUE KanniBBS2000 (aka ...) NOT-FOR-US: CGI RESCUE KanniBBS2000 CVE-2008-5724 (The Personal Firewall driver (aka epfw.sys) 3.0.672.0 and earlier in ...) NOT-FOR-US: ESET Smart Security CVE-2008-5725 (The NT kernel-mode driver (aka pstrip.sys) 5.0.1.1 and earlier in ...) NOT-FOR-US: EnTech Taiwan PowerStrip CVE-2008-5726 (SQL injection vulnerability in thread.php in stormBoards 1.0.1 allows ...) NOT-FOR-US: stormBoards CVE-2008-5727 (SQL injection vulnerability in modules/auth/password_recovery.php in ...) NOT-FOR-US: AIST NetCat CVE-2008-5728 (Multiple directory traversal vulnerabilities in AIST NetCat 3.12 and ...) NOT-FOR-US: AIST NetCat CVE-2008-5729 (Multiple cross-site scripting (XSS) vulnerabilities in AIST NetCat ...) NOT-FOR-US: AIST NetCat CVE-2008-5730 (Multiple CRLF injection vulnerabilities in AIST NetCat 3.12 and ...) NOT-FOR-US: AIST NetCat CVE-2008-5731 (The PGPwded device driver (aka PGPwded.sys) in PGP Corporation PGP ...) NOT-FOR-US: PGP Corporation PGP Desktop CVE-2008-5732 (Unrestricted file upload vulnerability in lib/image_upload.php in ...) NOT-FOR-US: KafooeyBlog CVE-2008-5733 (SQL injection vulnerability in blog.php in the Team Impact TI Blog ...) NOT-FOR-US: Team Impact TI Blog CVE-2008-5734 (Cross-site scripting (XSS) vulnerability in WebMail Pro in IceWarp ...) NOT-FOR-US: WebMail Pro in IceWarp CVE-2008-5735 (Stack-based buffer overflow in skin.c in CoolPlayer 2.17 through 2.19 ...) NOT-FOR-US: CoolPlayer CVE-2008-5736 (Multiple unspecified vulnerabilities in FreeBSD 6 before 6.4-STABLE, ...) NOT-FOR-US: No security support for FreeBSD according to the Gentoo Linux Vulnerability Treatment Policy CVE-2008-5737 (SQL injection vulnerability in index.php in Nodstrum MySQL Calendar ...) NOT-FOR-US: Nodstrum MySQL Calendar CVE-2008-5738 (Nodstrum MySQL Calendar 1.1 and 1.2 allows remote attackers to bypass ...) NOT-FOR-US: Nodstrum CVE-2008-5739 (SQL injection vulnerability in evb/check_url.php in Pligg CMS 9.9.5 ...) NOT-FOR-US: Pligg CMS CVE-2008-5740 RESERVED CVE-2008-5741 RESERVED CVE-2008-5742 (Multiple open redirect vulnerabilities in AIST NetCat 3.12 and earlier ...) NOT-FOR-US: AIST NetCat CVE-2008-5743 (pdfjam creates the (1) pdf90, (2) pdfjoin, and (3) pdfnup files with a ...) BUG: 252734 CVE-2008-5744 (Array index error in the dahdi/tor2.c driver in Zaptel (aka DAHDI) ...) BUG: 251324 CVE-2008-5745 (Integer overflow in quartz.dll in the DirectShow framework in ...) NOT-FOR-US: microsoft windows_media_player CVE-2008-5746 (Sun SNMP Management Agent (SUNWmasf) 1.4u2 through 1.5.4 allows local ...) NOT-FOR-US: sun snmp_management_agent CVE-2008-5747 (F-Prot 4.6.8 for GNU/Linux allows remote attackers to bypass ...) BUG: 253497 CVE-2008-5748 (Directory traversal vulnerability in plugins/spaw2/dialogs/dialog.php ...) NOT-FOR-US: bloofoxcms CVE-2008-5749 (** DISPUTED ** ...) NOT-FOR-US: google chrome CVE-2008-5750 (Argument injection vulnerability in Microsoft Internet Explorer 8 beta ...) NOT-FOR-US: microsoft internet_explorer CVE-2008-5751 (SQL injection vulnerability in index.php in AlstraSoft Web Email ...) NOT-FOR-US: alstrasoft web_email_script_enterprise CVE-2008-5752 (Directory traversal vulnerability in getConfig.php in the Page Flip ...) NOT-FOR-US: wordpress page_flip_image_gallery_plugin CVE-2008-5753 (Stack-based buffer overflow in BulletProof FTP Client 2.63 allows ...) NOT-FOR-US: bpftp bulletproof_ftp_client CVE-2008-5754 (Stack-based buffer overflow in BulletProof FTP Client allows ...) NOT-FOR-US: bpftp bulletproof_ftp_client CVE-2008-5755 (Stack-based buffer overflow in IntelliTamper 2.07 and 2.08 allows ...) NOT-FOR-US: intellitamper CVE-2008-5756 (Buffer overflow in BreakPoint Software Hex Workshop 5.1.4 allows ...) NOT-FOR-US: bpsoft hex_workshop CVE-2008-5757 (Cross-site scripting (XSS) vulnerability in textarea/index.php in ...) NOT-FOR-US: textpattern CVE-2008-5758 (Cross-site request forgery (CSRF) vulnerability in PHParanoid before ...) NOT-FOR-US: phparanoid CVE-2008-5759 (Cross-site scripting (XSS) vulnerability in FlatnuX CMS (aka ...) NOT-FOR-US: flatnux CVE-2008-5760 (Cross-site scripting (XSS) vulnerability in error413.php in Kerio ...) NOT-FOR-US: kerio_mailserver CVE-2008-5761 (Multiple cross-site scripting (XSS) vulnerabilities in FlatnuX CMS ...) NOT-FOR-US: flatnux CVE-2008-5762 (Simple Text-File Login Script (SiTeFiLo) 1.0.6 stores sensitive ...) NOT-FOR-US: mariovaldez simple_text file_login_script CVE-2008-5763 (PHP remote file inclusion vulnerability in slogin_lib.inc.php in ...) NOT-FOR-US: mariovaldez simple_text file_login_script CVE-2008-5764 (PHP remote file inclusion vulnerability in calendar.php in WorkSimple ...) NOT-FOR-US: 2500mhz worksimple CVE-2008-5765 (WorkSimple 1.2.1 stores sensitive information under the web root with ...) NOT-FOR-US: 2500mhz worksimple CVE-2008-5766 (SQL injection vulnerability in download.php in Farsi Script Faupload ...) NOT-FOR-US: fascript faupload CVE-2008-5767 (SQL injection vulnerability in authors.asp in gNews Publisher allows ...) NOT-FOR-US: gazatem gnews_publisher CVE-2008-5768 (SQL injection vulnerability in print.php in the AM Events (aka ...) NOT-FOR-US: sirium am_events_module CVE-2008-5769 (Multiple cross-site scripting (XSS) vulnerabilities in Kerio ...) NOT-FOR-US: kerio_mailserver CVE-2008-5770 (Cross-site scripting (XSS) vulnerability in config/make_config.php in ...) NOT-FOR-US: phpweather CVE-2008-5771 (Directory traversal vulnerability in test.php in PHP Weather 2.2.2 ...) NOT-FOR-US: phpweather CVE-2008-5772 (Multiple SQL injection vulnerabilities in ASPSiteWare RealtyListings ...) NOT-FOR-US: aspsiteware realtylistings CVE-2008-5773 (Nukedit 4.9.8 stores sensitive information under the web root with ...) NOT-FOR-US: nukedit CVE-2008-5774 (Multiple SQL injection vulnerabilities in ASPSiteWare HomeBuilder 1.0 ...) NOT-FOR-US: aspsiteware homebuilder CVE-2008-5775 (SQL injection vulnerability in categories.php in Aperto Blog 0.1.1 ...) NOT-FOR-US: apertoblog CVE-2008-5776 (Multiple directory traversal vulnerabilities in Aperto Blog 0.1.1 ...) NOT-FOR-US: apertoblog CVE-2008-5777 (SQL injection vulnerability in index.php in CadeNix allows remote ...) NOT-FOR-US: cadenix CVE-2008-5778 (SQL injection vulnerability in report.php in Free Links Directory ...) NOT-FOR-US: flds_script flds CVE-2008-5779 (SQL injection vulnerability in lpro.php in Free Links Directory Script ...) NOT-FOR-US: flds_script flds CVE-2008-5780 (Forest Blog 1.3.2 stores sensitive information under the web root with ...) NOT-FOR-US: hostforest forest_blog CVE-2008-5781 (SQL injection vulnerability in right.php in Cant Find A Gaming CMS ...) NOT-FOR-US: cfagcms CVE-2008-5782 (SQL injection vulnerability in bannerclick.php in ZeeMatri 3.0 allows ...) NOT-FOR-US: zeeways zeematri CVE-2008-5783 (admin/index.php in V3 Chat Live Support 3.0.4 allows remote attackers ...) NOT-FOR-US: v3chat v3_chat_live_support CVE-2008-5784 (V3 Chat - Profiles/Dating Script 3.0.2 allows remote attackers to ...) NOT-FOR-US: v3chat v3_chat_profiles_dating_script CVE-2008-5785 (SQL injection vulnerability in V3 Chat - Profiles/Dating Script 3.0.2 ...) NOT-FOR-US: v3chat v3_chat_profiles_dating_script CVE-2008-5786 (Cross-site scripting (XSS) vulnerability in the Silva Find extension ...) NOT-FOR-US: infrae silva_find CVE-2008-5787 (Directory traversal vulnerability in mod.php in Arab Portal 2.1 on ...) NOT-FOR-US: arabportal arab_portal CVE-2008-5788 (SQL injection vulnerability in index.php in Domain Seller Pro 1.5 ...) NOT-FOR-US: domainsellerpro domain_seller_pro CVE-2008-5789 (Multiple PHP remote file inclusion vulnerabilities in the Recly ...) NOT-FOR-US: recly interactive_feederator CVE-2008-5790 (Multiple PHP remote file inclusion vulnerabilities in the ...) NOT-FOR-US: recly competitions CVE-2008-5791 (Multiple unspecified vulnerabilities in PrestaShop e-Commerce Solution ...) NOT-FOR-US: prestashop CVE-2008-5792 (PHP remote file inclusion vulnerability in show_joined.php in ...) NOT-FOR-US: indisguise indiscripts_enthusiast CVE-2008-5793 (Multiple PHP remote file inclusion vulnerabilities in the Clickheat - ...) NOT-FOR-US: recly clickheat heatmap CVE-2008-5794 (Directory traversal vulnerability in system/admin/images.php in ...) NOT-FOR-US: lovecms CVE-2008-5795 (Cross-site scripting (XSS) vulnerability in the eluna Page Comments ...) NOT-FOR-US: typo3 eluna_page_comments_extension CVE-2008-5796 (SQL injection vulnerability in the eluna Page Comments ...) NOT-FOR-US: typo3 eluna_page_comments_extension CVE-2008-5797 (SQL injection vulnerability in the advCalendar extension 0.3.1 and ...) NOT-FOR-US: typo3 advcalendar_extension CVE-2008-5798 (SQL injection vulnerability in the CMS Poll system (cms_poll) ...) NOT-FOR-US: typo3 cms_poll_system_extension CVE-2008-5799 (Cross-site scripting (XSS) vulnerability in the Wir ber uns ...) NOT-FOR-US: typo3 wir_ber_uns_extension CVE-2008-5800 (SQL injection vulnerability in the Wir ber uns [sic] (fsmi_people) ...) NOT-FOR-US: typo3 wir_ber_uns_extension CVE-2008-5801 (Unspecified vulnerability in the Dictionary (rtgdictionary) extension ...) NOT-FOR-US: typo3 dictionary_extension CVE-2008-5802 (SQL injection vulnerability in index.php in E-topbiz Online Store 1.0 ...) NOT-FOR-US: e topbiz online_store CVE-2008-5803 (SQL injection vulnerability in admin/login.php in E-topbiz Online ...) NOT-FOR-US: e topbiz online_store CVE-2008-5804 (SQL injection vulnerability in admin/admin_catalog.php in e-topbiz ...) NOT-FOR-US: e topbiz number_links_1_php_script CVE-2008-5805 (SQL injection vulnerability in detail.php in DeltaScripts PHP ...) NOT-FOR-US: deltascripts php_classifieds CVE-2008-5806 (SQL injection vulnerability in login.php in DeltaScripts PHP ...) NOT-FOR-US: deltascripts php_classifieds CVE-2008-5807 (Multiple cross-site scripting (XSS) vulnerabilities in TestLink before ...) NOT-FOR-US: teamst testlink CVE-2008-5808 (Cross-site scripting (XSS) vulnerability in Six Apart Movable Type ...) NOT-FOR-US: movable CVE-2008-5809 (futomi CGI Cafe Access Analyzer CGI Standard 4.0.1 and earlier and ...) NOT-FOR-US: futomi access_analyzer_cgi CVE-2008-5810 (WBPublish (aka WBPublish.exe) in Fujitsu-Siemens WebTransactions 7.0, ...) NOT-FOR-US: fujitsu siemens webtransactions CVE-2008-5811 (SQL injection vulnerability in the PaxGallery (com_paxgallery) ...) NOT-FOR-US: joomla com_paxgallery CVE-2008-5812 (Multiple unspecified vulnerabilities in SPIP 1.8 before 1.8.3b, 1.9 ...) NOT-FOR-US: spip CVE-2008-5813 (SQL injection vulnerability in inc/rubriques.php in SPIP 1.8 before ...) NOT-FOR-US: spip CVE-2008-5814 (Cross-site scripting (XSS) vulnerability in PHP, possibly 5.2.7 and ...) BUG: 249875 CVE-2008-5815 (SQL injection vulnerability in Acomment.php in phpAlumni allows remote ...) NOT-FOR-US: phpalumni CVE-2008-5816 (SQL injection vulnerability in repository.php in ILIAS 3.7.4 and ...) NOT-FOR-US: ilias CVE-2008-5817 (Multiple SQL injection vulnerabilities in index.php in Web Scribble ...) NOT-FOR-US: web_scribble_solutions webclassifieds CVE-2008-5818 (Directory traversal vulnerability in index.php in eDreamers ...) NOT-FOR-US: edreamers edcontainer CVE-2008-5819 (Directory traversal vulnerability in eDNews_archive.php in eDreamers ...) NOT-FOR-US: edreamers ednews CVE-2008-5820 (SQL injection vulnerability in eDNews_view.php in eDreamers eDNews 2 ...) NOT-FOR-US: edreamers ednews CVE-2008-5821 (Memory leak in WebKit.dll in WebKit, as used by Apple Safari 3.2 on ...) NOT-FOR-US: apple safari CVE-2008-5822 (Memory leak in Libxul, as used in Mozilla Firefox 3.0.5 and other ...) BUG: 255221 CVE-2008-5823 (An ActiveX control in prtstb06.dll in Microsoft Money 2006, when used ...) NOT-FOR-US: microsoft money CVE-2008-5824 (Heap-based buffer overflow in msadpcm.c in libaudiofile in audiofile ...) BUG: 253481 CVE-2008-5825 (The SmartPoster implementation on the Nokia 6131 Near Field ...) NOT-FOR-US: nokia 6131_nfc CVE-2008-5826 (The Nokia 6131 Near Field Communication (NFC) phone with 05.12 ...) NOT-FOR-US: nokia 6131_nfc CVE-2008-5827 (The Nokia 6131 Near Field Communication (NFC) phone with 05.12 ...) NOT-FOR-US: nokia 6131_nfc CVE-2008-5828 (Microsoft Windows Live Messenger Client 8.5.1 and earlier, when MSN ...) NOT-FOR-US: microsoft windows_live_messenger CVE-2008-5829 RESERVED CVE-2008-5830 RESERVED CVE-2008-5831 RESERVED CVE-2008-5832 RESERVED CVE-2008-5833 RESERVED CVE-2008-5834 RESERVED CVE-2008-5835 RESERVED CVE-2008-5836 RESERVED CVE-2008-5837 RESERVED CVE-2008-5838 (SQL injection vulnerability in search_results.php in E-Php Scripts ...) NOT-FOR-US: ephpscripts e shop_shopping_cart CVE-2008-5839 (Buffer overflow in Foxmail 6.5 allows remote attackers to execute ...) NOT-FOR-US: foxmail CVE-2008-5840 (PHP iCalendar 2.24 and earlier allows remote attackers to bypass ...) NOT-FOR-US: phpicalendar2 0 CVE-2008-5841 (Multiple SQL injection vulnerabilities in iGaming 1.5 and earlier ...) NOT-FOR-US: igamingcms igaming_cms CVE-2008-5842 (Multiple cross-site scripting (XSS) vulnerabilities in Fujitsu-Siemens ...) NOT-FOR-US: fujitsu siemens webtransactions CVE-2008-5843 (Multiple untrusted search path vulnerabilities in pdfjam allow local ...) BUG: 252734 CVE-2008-5844 (PHP 5.2.7 contains an incorrect change to the FILTER_UNSAFE_RAW ...) BUG: 249875 CVE-2008-5845 (Multiple cross-site scripting (XSS) vulnerabilities in Six Apart ...) NOT-FOR-US: sixapart movable_type CVE-2008-5846 (Six Apart Movable Type (MT) before 4.23 allows remote authenticated ...) NOT-FOR-US: sixapart movable_type CVE-2008-5847 (Constructr CMS 3.02.5 and earlier stores passwords in cleartext in a ...) NOT-FOR-US: constructr cms CVE-2008-5848 (The Advantech ADAM-6000 module has 00000000 as its default password, ...) NOT-FOR-US: advantech adam 6501 CVE-2008-5849 (Check Point VPN-1 R55, R65, and other versions, when Port Address ...) NOT-FOR-US: checkpoint vpn 1 CVE-2008-5850 REJECTED NOT-FOR-US: checkpoint vpn 1 CVE-2008-5851 (SQL injection vulnerability in index.php in My PHP Baseball Stats ...) NOT-FOR-US: mypbs CVE-2008-5852 (Emefa Guestbook 3.0 stores sensitive information under the web root ...) NOT-FOR-US: emefa_guestbook CVE-2008-5853 (Chilek Content Management System (aka ChiCoMaS) 2.0.4 and earlier ...) NOT-FOR-US: chicomas CVE-2008-5854 (Multiple cross-site scripting (XSS) vulnerabilities in login.php in ...) NOT-FOR-US: myphpscripts CVE-2008-5855 (myPHPscripts Login Session 2.0 stores sensitive information under the ...) NOT-FOR-US: myphpscripts login_session CVE-2008-5856 (Directory traversal vulnerability in scripts/export.php in ClaSS ...) NOT-FOR-US: class CVE-2008-5857 (The DropDocuments plugin in KnowledgeTree before 3.5.4a allows remote ...) NOT-FOR-US: knowledgetree_document_management CVE-2008-5858 (Multiple cross-site scripting (XSS) vulnerabilities in KnowledgeTree ...) NOT-FOR-US: knowledgetree_document_management CVE-2008-5859 (SQL injection vulnerability in index.php in Constructr CMS 3.02.5 and ...) NOT-FOR-US: constructr cms CVE-2008-5860 (Directory traversal vulnerability in backend/template.php in ...) NOT-FOR-US: constructr cms CVE-2008-5861 (Directory traversal vulnerability in source.php in FreeLyrics 1.0 ...) NOT-FOR-US: freelyrics CVE-2008-5862 (Directory traversal vulnerability in webcamXP 5.3.2.375 and 5.3.2.410 ...) NOT-FOR-US: webcamxp CVE-2008-5863 (SQL injection vulnerability in locator.php in the Userlocator module ...) NOT-FOR-US: v gn userlocator CVE-2008-5864 (SQL injection vulnerability in the Top Hotel (com_tophotelmodule) ...) NOT-FOR-US: joomlahbs hotel_booking_reservation_system CVE-2008-5865 (SQL injection vulnerability in the com_hbssearch component 1.0 in the ...) NOT-FOR-US: joomlahbs hotel_booking_reservation_system CVE-2008-5866 (The Proxim Wireless Tsunami MP.11 2411 with firmware 3.0.3 has public ...) NOT-FOR-US: proxim tsunami_mp 11_2411 CVE-2008-5867 (Directory traversal vulnerability in Yerba SACphp 6.3 allows remote ...) NOT-FOR-US: yerba CVE-2008-5868 (Stack-based buffer overflow in IntelliTamper 2.07 and 2.08 allows ...) NOT-FOR-US: intellitamper CVE-2008-5869 (Cross-site scripting (XSS) vulnerability in the Proxim Wireless ...) NOT-FOR-US: proxim tsunami_mp 11_2411 CVE-2008-5870 (FastStone Image Viewer 3.6 allows user-assisted attackers to cause a ...) NOT-FOR-US: faststone image_viewer CVE-2008-5871 (Nortel Multimedia Communication Server (MSC) 5100 3.0.13 does not ...) NOT-FOR-US: nortel multimedia_communication_server_5100 CVE-2008-5872 (Multiple unspecified vulnerabilities in the UNIStim File Transfer ...) NOT-FOR-US: nortel multimedia_communication_server_5100 CVE-2008-5873 (Yerba SACphp 6.3 and earlier allows remote attackers to bypass ...) NOT-FOR-US: yerba CVE-2008-5874 (Multiple SQL injection vulnerabilities in the Hotel Booking ...) NOT-FOR-US: joomlahbs hotel_booking_reservation_system CVE-2008-5875 (SQL injection vulnerability in the com_lowcosthotels component in the ...) NOT-FOR-US: joomlahbs hotel_booking_reservation_system CVE-2008-5876 (Buffer overflow in Irrlicht before 1.5 allows remote attackers to ...) BUG: 252203 CVE-2008-5877 (Multiple SQL injection vulnerabilities in Phpclanwebsite (aka PCW) ...) NOT-FOR-US: phpclanwebsite CVE-2008-5878 (Multiple directory traversal vulnerabilities in Phpclanwebsite (aka ...) NOT-FOR-US: phpclanwebsite CVE-2008-5879 (Cross-site scripting (XSS) vulnerability in index.php in ...) NOT-FOR-US: phpclanwebsite CVE-2008-5880 (admin/auth.php in Gobbl CMS 1.0 allows remote attackers to bypass ...) NOT-FOR-US: gobbl_cms CVE-2008-5881 (Multiple directory traversal vulnerabilities in playSMS 0.9.3 allow ...) NOT-FOR-US: playsms CVE-2008-5882 (SQL injection vulnerability in login.asp in Citrix Application Gateway ...) NOT-FOR-US: citrix broadcast_server CVE-2008-5883 (Absolute path traversal vulnerability in front-end/dir.php in mini-pub ...) NOT-FOR-US: mini pub CVE-2008-5884 (AyeView 2.20 allows user-assisted attackers to cause a denial of ...) NOT-FOR-US: zkesoft ayeview CVE-2008-5885 (The Net Guys ASPired2Quote stores sensitive information under the web ...) NOT-FOR-US: thenetguys aspired2quote CVE-2008-5886 (TAKempis Discussion Web 4.0 stores sensitive information under the web ...) NOT-FOR-US: takempis discussion_web CVE-2008-5887 (phplist before 2.10.8 allows remote attackers to include files via ...) NOT-FOR-US: phplist CVE-2008-5888 (Multiple SQL injection vulnerabilities in Click&Rank allow remote ...) NOT-FOR-US: icash click rank CVE-2008-5889 (Cross-site scripting (XSS) vulnerability in user.asp in Click&Rank ...) NOT-FOR-US: icash click rank CVE-2008-5890 (SQL injection vulnerability in feeds.php in Injader before 2.1.2 ...) NOT-FOR-US: injader CVE-2008-5891 (Cross-site scripting (XSS) vulnerability in the profile editing ...) NOT-FOR-US: injader CVE-2008-5892 (Multiple SQL injection vulnerabilities in ClickAndEmail allow remote ...) NOT-FOR-US: icash click email CVE-2008-5893 (Cross-site scripting (XSS) vulnerability in admin_dblayers.asp in ...) NOT-FOR-US: icash click email CVE-2008-5894 (Directory traversal vulnerability in index.php in Mediatheka 4.2 ...) NOT-FOR-US: mediatheka CVE-2008-5895 (SQL injection vulnerability in connection.php in Mediatheka 4.2 and ...) NOT-FOR-US: mediatheka CVE-2008-5896 (CodeAvalanche RateMySite stores sensitive information under the web ...) NOT-FOR-US: codeavalanche ratemysite CVE-2008-5897 (CodeAvalanche FreeWallpaper stores sensitive information under the web ...) NOT-FOR-US: codeavalanche freewallpaper CVE-2008-5898 (CodeAvalanche Directory stores sensitive information under the web ...) NOT-FOR-US: codeavalanche directory CVE-2008-5899 (CodeAvalanche FreeForAll stores sensitive information under the web ...) NOT-FOR-US: codeavalanche freeforall CVE-2008-5900 (CodeAvalanche Articles stores sensitive information under the web root ...) NOT-FOR-US: codeavalanche articles CVE-2008-5901 (iyzi Forum 1.0 beta 3 stores sensitive information under the web root ...) NOT-FOR-US: iyziforum iyzi_forum CVE-2008-5902 (Buffer overflow in the xrdp_bitmap_invalidate function in ...) BUG: 255148 CVE-2008-5903 (Array index error in the xrdp_bitmap_def_proc function in xrdp/funcs.c ...) BUG: 255148 CVE-2008-5904 (The rdp_rdp_process_color_pointer_pdu function in rdp/rdp_rdp.c in ...) BUG: 255148 CVE-2008-5905 (The web interface plugin in KTorrent before 3.1.4 allows remote ...) BUG: 244741 CVE-2008-5906 (Eval injection vulnerability in the web interface plugin in KTorrent ...) BUG: 244741 CVE-2008-5907 (The png_check_keyword function in pngwutil.c in libpng before 1.0.42, ...) BUG: 255231 CVE-2008-5908 (Unspecified vulnerability in the root/boot archive tool in Sun ...) NOT-FOR-US: root boot archive tool in Sun OpenSolaris has unknown impact and local attack vectors related to a Temporary file vulnerability aka Bug ID CVE-2008-5909 (Unspecified vulnerability in conv_lpd in Sun OpenSolaris has unknown ...) NOT-FOR-US: conv_lpd in Sun OpenSolaris has unknown impact and local attack vectors related to improper handling of temporary files aka Bug ID CVE-2008-5910 (Unspecified vulnerability in txzonemgr in Sun OpenSolaris has unknown ...) NOT-FOR-US: txzonemgr in Sun OpenSolaris has unknown impact and local attack vectors related to a Temporary file vulnerability aka Bug ID CVE-2008-5911 (Multiple buffer overflows in RealNetworks Helix Server and Helix ...) NOT-FOR-US: realnetworks helix_server_mobile CVE-2008-5912 (An unspecified function in the JavaScript implementation in Microsoft ...) NOT-FOR-US: JavaScript implementation in Microsoft Internet Explorer creates and exposes a temporary footprint when there is a current login to a web site which makes it easier for remote attackers to trick a user into acting upon a spoofed pop up message aka an in session phishing attack NOTE as of CVE-2008-5913 (The Math.random function in the JavaScript implementation in Mozilla ...) BUG: 255687 CVE-2008-5914 (An unspecified function in the JavaScript implementation in Apple ...) NOT-FOR-US: JavaScript implementation in Apple Safari creates and exposes a temporary footprint when there is a current login to a web site which makes it easier for remote attackers to trick a user into acting upon a spoofed pop up message aka an in session phishing attack NOTE as of CVE-2008-5915 (An unspecified function in the JavaScript implementation in Google ...) NOT-FOR-US: JavaScript implementation in Google Chrome creates and exposes a temporary footprint when there is a current login to a web site which makes it easier for remote attackers to trick a user into acting upon a spoofed pop up message aka an in session phishing attack NOTE as of CVE-2008-5916 (gitweb/gitweb.perl in gitweb in Git 1.6.x before 1.6.0.6, 1.5.6.x ...) BUG: 255567 CVE-2008-5917 (Cross-site scripting (XSS) vulnerability in the XSS filter ...) BUG: 256125 CVE-2008-5918 (Cross-site scripting (XSS) vulnerability in the ...) BUG: 243852 CVE-2008-5919 (Directory traversal vulnerability in rss.php in WebSVN 2.0 and ...) BUG: 243852 CVE-2008-5920 (The create_anchors function in utils.inc in WebSVN 1.x allows remote ...) BUG: 243852 CVE-2008-5921 (SQL injection vulnerability in albums.php in Umer Inc Songs Portal ...) NOT-FOR-US: umerinc songs_portal CVE-2008-5922 (Multiple PHP remote file inclusion vulnerabilities in ...) NOT-FOR-US: cfagcms CVE-2008-5923 (SQL injection vulnerability in default.asp in ASP-DEv XM Events Diary ...) NOT-FOR-US: asp dev xm_events_diary CVE-2008-5924 (SQL injection vulnerability in diary_viewC.asp in ASP-DEv XM Events ...) NOT-FOR-US: asp dev xm_events_diary CVE-2008-5925 (ASP-DEv XM Events Diary stores sensitive information under the web ...) NOT-FOR-US: asp dev xm_events_diary CVE-2008-5926 (Multiple SQL injection vulnerabilities in login.asp in ASP-DEv ...) NOT-FOR-US: asp dev internal_e mail_system CVE-2008-5927 (Multiple SQL injection vulnerabilities in admin/usercheck.php in ...) NOT-FOR-US: china on site flexphpnews CVE-2008-5928 (SQL injection vulnerability in redir.php in Free Links Directory ...) NOT-FOR-US: flds script flds CVE-2008-5929 (VP-ASP Shopping Cart 6.50 stores sensitive information under the web ...) NOT-FOR-US: vpasp vp asp_shopping_cart CVE-2008-5930 (SQL injection vulnerability in admin/blog_comments.asp in The Net Guys ...) NOT-FOR-US: the_net_guys aspired2blog CVE-2008-5931 (The Net Guys ASPired2Blog stores sensitive information under the web ...) NOT-FOR-US: the_net_guys aspired2blog CVE-2008-5932 (CodeAvalanche FreeForum stores sensitive information under the web ...) NOT-FOR-US: codeavalanche freeforum CVE-2008-5933 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) NOT-FOR-US: cmsisweb cms_isweb CVE-2008-5934 (SQL injection vulnerability in index.php in CMS ISWEB 3.0 allows ...) NOT-FOR-US: cmsisweb cms_isweb CVE-2008-5935 (Facto stores sensitive information under the web root with ...) NOT-FOR-US: factosystem_weblog CVE-2008-5936 (front-end/edit.php in mini-pub 0.3 and earlier allows remote attackers ...) NOT-FOR-US: mini pub CVE-2008-5937 (AyeView 2.20 allows user-assisted attackers to cause a denial of ...) NOT-FOR-US: zkesoft ayeview CVE-2008-5938 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: modxcms CVE-2008-5939 (Cross-site scripting (XSS) vulnerability in index.php in MODx CMS ...) NOT-FOR-US: modxcms CVE-2008-5940 (SQL injection vulnerability in index.php in MODx 0.9.6.2 and earlier, ...) NOT-FOR-US: modxcms CVE-2008-5941 (Cross-site request forgery (CSRF) vulnerability in MODx 0.9.6.1p2 and ...) NOT-FOR-US: modxcms CVE-2008-5942 (Multiple cross-site scripting (XSS) vulnerabilities in MODx before ...) NOT-FOR-US: modxcms CVE-2008-5943 (Multiple directory traversal vulnerabilities in NavBoard 16 (2.6.0) ...) NOT-FOR-US: navboard CVE-2008-5944 (Cross-site scripting (XSS) vulnerability in modules.php in NavBoard 16 ...) NOT-FOR-US: navboard CVE-2008-5945 (Nukeviet 2.0 Beta allows remote attackers to bypass authentication and ...) NOT-FOR-US: nukevietcms nukeviet CVE-2008-5946 (SQL injection vulnerability in readmore.php in PHP-Fusion 4.01 allows ...) NOT-FOR-US: php fusion CVE-2008-5947 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: yapbb CVE-2008-5948 (Directory traversal vulnerability in index.php in BNCwi 1.04 and ...) NOT-FOR-US: BNCwi CVE-2008-5949 (Multiple PHP remote file inclusion vulnerabilities in ccTiddly 1.7.4 ...) NOT-FOR-US: ccTiddly CVE-2008-5950 (SQL injection vulnerability in media/media_level.asp in ASP Template ...) NOT-FOR-US: ASP CVE-2008-5951 (ASP Template Creature stores sensitive information under the web root ...) NOT-FOR-US: ASP CVE-2008-5952 (SQL injection vulnerability in KTP Computer Customer Database (KTPCCD) ...) NOT-FOR-US: KTP CVE-2008-5953 (Directory traversal vulnerability in KTP Computer Customer Database ...) NOT-FOR-US: KTP CVE-2008-5954 (SQL injection vulnerability in KTP Computer Customer Database (KTPCCD) ...) NOT-FOR-US: KTP CVE-2008-5955 (SQL injection vulnerability in show.php in Wbstreet (aka PHPSTREET ...) NOT-FOR-US: Wbstreet aka PHPSTREET Webboard CVE-2008-5956 (Wbstreet (aka PHPSTREET Webboard) 1.0 stores sensitive information ...) NOT-FOR-US: Wbstreet CVE-2008-5957 (SQL injection vulnerability in the Mydyngallery (com_mydyngallery) ...) NOT-FOR-US: Mydyngallery com_mydyngallery component CVE-2008-5958 (Multiple SQL injection vulnerabilities in Active Test 2.1 allow remote ...) NOT-FOR-US: Active Test CVE-2008-5959 (Multiple SQL injection vulnerabilities in start.asp in Active Test 2.1 ...) NOT-FOR-US: Active Test CVE-2008-5960 (SQL injection vulnerability in index.php in Tribiq CMS Community ...) NOT-FOR-US: Tribiq CMS Community CVE-2008-5961 (Cross-site scripting (XSS) vulnerability in index.php in Tribiq CMS ...) NOT-FOR-US: Tribiq CMS Community CVE-2008-5962 (Directory traversal vulnerability in library/setup/rpc.php in Gravity ...) NOT-FOR-US: Gravity Getting Things Done GTD CVE-2008-5963 (Eval injection vulnerability in library/setup/rpc.php in Gravity ...) NOT-FOR-US: Gravity Getting Things Done GTD CVE-2008-5964 (Session fixation vulnerability in Social ImpressCMS before 1.1.1 RC1 ...) NOT-FOR-US: Social ImpressCMS CVE-2008-5965 (Directory traversal vulnerability in index.php in LokiCMS 0.3.4 and ...) NOT-FOR-US: lokicms CVE-2008-5966 (globsy_edit.php in Globsy 1.0 and earlier allows remote attackers to ...) NOT-FOR-US: globsy CVE-2008-5967 (admin/index.php in PHP iCalendar 2.3.4, 2.24, and earlier does not ...) NOT-FOR-US: phpicalendar CVE-2008-5968 (Directory traversal vulnerability in print.php in PHP iCalendar 2.24 ...) NOT-FOR-US: phpicalendar CVE-2008-5969 (SQL injection vulnerability in popupproduct.php in Sunbyte e-Flower ...) NOT-FOR-US: sunbyte e flower CVE-2008-5970 (SQL injection vulnerability in profile_social.php in i-Net Solution ...) NOT-FOR-US: i netsolution orkut_clone CVE-2008-5971 (Cross-site scripting (XSS) vulnerability in profile_social.php in ...) NOT-FOR-US: i netsolution orkut_clone CVE-2008-5972 (SQL injection vulnerability in default.asp in Active Business ...) NOT-FOR-US: activewebsoftwares active_business_directory CVE-2008-5973 (SQL injection vulnerability in login.aspx in Active Web Mail 4.0 ...) NOT-FOR-US: activewebsoftwares active_web_mail CVE-2008-5974 (Multiple SQL injection vulnerabilities in login.aspx in Active Price ...) NOT-FOR-US: activewebsoftwares active_price_comparison CVE-2008-5975 (SQL injection vulnerability in links.asp in Active Price Comparison ...) NOT-FOR-US: activewebsoftwares active_price_comparison CVE-2008-5976 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: preprojects php_jobwebsite_pro CVE-2008-5977 (SQL injection vulnerability in siteadmin/forgot.php in PHP JOBWEBSITE ...) NOT-FOR-US: preprojects php_jobwebsite_pro CVE-2008-5978 (Multiple SQL injection vulnerabilities in Ocean12 Mailing List Manager ...) NOT-FOR-US: ocean12_technologies mailing_list_manager CVE-2008-5979 (Cross-site scripting (XSS) vulnerability in default.asp in Ocean12 ...) NOT-FOR-US: ocean12_technologies mailing_list_manager CVE-2008-5980 (Ocean12 Mailing List Manager Gold stores sensitive data under the web ...) NOT-FOR-US: ocean12_technologies mailing_list_manager CVE-2008-5981 (PacPoll 4.0 stores sensitive information under the web root with ...) NOT-FOR-US: pacosdrivers pacpoll CVE-2008-5982 (Format string vulnerability in BMC PATROL Agent before 3.7.30 allows ...) NOT-FOR-US: bmc CVE-2008-5983 (Untrusted search path vulnerability in the PySys_SetArgv API function ...) BUG: 256619 CVE-2008-5984 (Untrusted search path vulnerability in the Python plugin in Dia ...) BUG: 257020 CVE-2008-5985 (Untrusted search path vulnerability in the Python interface in ...) BUG: 257000 CVE-2008-5986 (Untrusted search path vulnerability in the (1) "VST plugin with Python ...) NOT-FOR-US: csound CVE-2008-5987 (Untrusted search path vulnerability in the Python interface in Eye of ...) BUG: 257002 CVE-2008-5988 (SQL injection vulnerability in scripts/recruit_details.php in Jadu CMS ...) NOT-FOR-US: jadu_cms_for_government CVE-2008-5989 (Directory traversal vulnerability in defs.php in PHPcounter 1.3.2 and ...) NOT-FOR-US: phpcounter CVE-2008-5990 (Directory traversal vulnerability in connect/init.inc in emergecolab ...) NOT-FOR-US: eduforge emergecolab CVE-2008-5991 (Directory traversal vulnerability in docs.php in MailWatch for ...) NOT-FOR-US: mailwatch CVE-2008-5992 (Multiple SQL injection vulnerabilities in Jetik Emlak Sistem A (ESA) ...) NOT-FOR-US: jetik_emlak_sistem_a CVE-2008-5993 (Directory traversal vulnerability in image.php in Barcode Generator 1D ...) NOT-FOR-US: barcodephp barcodegen_1d CVE-2008-5994 (Cross-site scripting (XSS) vulnerability in index.php in Check Point ...) NOT-FOR-US: checkpoint connectra_ngx CVE-2008-5995 (Cross-site scripting (XSS) vulnerability in the freeCap CAPTCHA ...) NOT-FOR-US: typo3 freecap_captcha_extension CVE-2008-5996 (Cross-site scripting (XSS) vulnerability in the Simplenews module 5.x ...) NOT-FOR-US: link3 simplenews CVE-2008-5997 (Absolute path traversal vulnerability in ...) NOT-FOR-US: ocp2 omnicom_content_platform CVE-2008-5998 (Multiple SQL injection vulnerabilities in the ajax_checklist_save ...) NOT-FOR-US: drupal ajax_checklist CVE-2008-5999 (Cross-site scripting (XSS) vulnerability in the Ajax Checklist module ...) NOT-FOR-US: drupal ajax_checklist CVE-2008-6000 (The GDTdiIcpt.sys driver in G DATA AntiVirus 2008, InternetSecurity ...) NOT-FOR-US: gdata totalcare_2008 CVE-2008-6001 (index.php in ADN Forum 1.0b and earlier allows remote attackers to ...) NOT-FOR-US: adnforum CVE-2008-6002 (Absolute path traversal vulnerability in sendfile.php in web-cp 0.5.7, ...) NOT-FOR-US: web cp CVE-2008-6003 (SQL injection vulnerability in sellers_othersitem.php in AJ Auction ...) NOT-FOR-US: aj_square aj_auction CVE-2008-6004 (Cross-site scripting (XSS) vulnerability in search.php in AJ Auction ...) NOT-FOR-US: aj_square aj_auction CVE-2008-6005 (Multiple buffer overflows in the CheckUniqueName function in W3C Amaya ...) NOT-FOR-US: w3c amaya_web_browser CVE-2008-6006 (Multiple PHP remote file inclusion vulnerabilities in Micronation ...) NOT-FOR-US: minbank micronation_banking_system CVE-2008-6007 (SQL injection vulnerability in view_group.php in QuidaScript BookMarks ...) NOT-FOR-US: quidascript bookmarks_favourites_script CVE-2008-6008 (hyBook Guestbook Script stores sensitive information under the web ...) NOT-FOR-US: herongyang hybook CVE-2008-6009 (SG Real Estate Portal 2.0 allows remote attackers to bypass ...) NOT-FOR-US: sg_real_estate_portal CVE-2008-6010 (Multiple directory traversal vulnerabilities in SG Real Estate Portal ...) NOT-FOR-US: sg_real_estate_portal CVE-2008-6011 (SQL injection vulnerability in index.php in SG Real Estate Portal 2.0 ...) NOT-FOR-US: sg_real_estate_portal CVE-2008-6012 (Directory traversal vulnerability in index.php in Pritlog 0.4 and ...) NOT-FOR-US: Pritlog CVE-2008-6013 (Multiple SQL injection vulnerabilities in Freeway before 1.4.3.210 ...) NOT-FOR-US: Freeway CVE-2008-6014 (SQL injection vulnerability in scripts/links.php in Rianxosencabos CMS ...) NOT-FOR-US: Rianxosencabos CMS CVE-2008-6015 (Multiple SQL injection vulnerabilities in search.php in EsFaq 2.0 ...) NOT-FOR-US: EsFaq CVE-2008-6016 (SQL injection vulnerability in questions.php in EsFaq 2.0 allows ...) NOT-FOR-US: EsFaq CVE-2008-6017 (SQL injection vulnerability in messages.php in I-Rater Basic allows ...) NOT-FOR-US: i rater_basic CVE-2008-6018 (Directory traversal vulnerability in index.php in MyPHPSite, when ...) NOT-FOR-US: myphpsite CVE-2008-6019 (SQL injection vulnerability in index.php in EACOMM DO-CMS 3.0 allows ...) NOT-FOR-US: do cms CVE-2008-6020 (SQL injection vulnerability in the Views module 6.x before 6.x-2.2 for ...) NOT-FOR-US: drupal views CVE-2008-6021 (Multiple unspecified vulnerabilities in Attachmate Reflection for ...) NOT-FOR-US: attachmate reflection_for_secure_it CVE-2008-6022 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: xnova CVE-2008-6023 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: xnova CVE-2008-6024 (Unspecified vulnerability in the NFSv4 client module in the kernel on ...) NOT-FOR-US: sun solaris CVE-2008-6025 (Directory traversal vulnerability in scr/form.php in openElec 3.01 and ...) NOT-FOR-US: openelec CVE-2008-6026 (SQL injection vulnerability in tienda.php in BlueCUBE CMS allows ...) NOT-FOR-US: bluecube_cms CVE-2008-6027 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) NOT-FOR-US: bluepage_cms CVE-2008-6028 (SQL injection vulnerability in list.php in University of Queensland ...) NOT-FOR-US: university_of_queensland fez CVE-2008-6029 (SQL injection vulnerability in search.php in BuzzyWall 1.3.1 and ...) NOT-FOR-US: buzzywall CVE-2008-6030 (Multiple SQL injection vulnerabilities in NetArtMedia Jobs Portal 1.3 ...) NOT-FOR-US: netartmedia jobs_portal CVE-2008-6031 (SQL injection vulnerability in vote.php in WSN Links 2.22 and 2.23 ...) NOT-FOR-US: wsn_links CVE-2008-6032 (SQL injection vulnerability in comments.php in WSN Links Free 4.0.34P ...) NOT-FOR-US: wsn links CVE-2008-6033 (SQL injection vulnerability in comments.php in WSN Links 2.20 allows ...) NOT-FOR-US: wsn_links CVE-2008-6034 (Cross-site scripting (XSS) vulnerability in dispatch.php in Achievo ...) NOT-FOR-US: achievo CVE-2008-6035 (Cross-site scripting (XSS) vulnerability in dispatch.php in Achievo ...) NOT-FOR-US: achievo CVE-2008-6036 (PHP remote file inclusion vulnerability in main.inc.php in BaseBuilder ...) NOT-FOR-US: basebuilder CVE-2008-6037 (SQL injection vulnerability in view.php in AvailScript Article Script ...) NOT-FOR-US: availscript_article_script CVE-2008-6038 (SQL injection vulnerability in index.php in MapCal 0.1 allows remote ...) NOT-FOR-US: mapcal CVE-2008-6039 (Session fixation vulnerability in BLUEPAGE CMS 2.5 and earlier allows ...) NOT-FOR-US: bluepage_cms CVE-2008-6040 (SQL injection vulnerability in index.php in Arcadem Pro 2.700 through ...) NOT-FOR-US: agares_media arcadem_pro CVE-2008-6041 (Multiple cross-site scripting (XSS) vulnerabilities in Index.asp in ...) NOT-FOR-US: dataspade CVE-2008-6042 (SQL injection vulnerability in the re_search module in NetArtMedia ...) NOT-FOR-US: netartmedia real_estate_portal CVE-2008-6043 (Multiple SQL injection vulnerabilities in PHP Pro Bid (PPB) 6.04 allow ...) NOT-FOR-US: phpprobid php_pro_bid CVE-2008-6044 (Cross-site scripting (XSS) vulnerability in advanced_search_result.php ...) NOT-FOR-US: xt commerce CVE-2008-6045 (Session fixation vulnerability in shopping_cart.php in xt:Commerce ...) NOT-FOR-US: xt commerce CVE-2008-6046 (SQL injection vulnerability in ADbNewsSender before 1.5.2 allows ...) NOT-FOR-US: adbnewssender CVE-2008-6047 (Cross-site scripting (XSS) vulnerability in ADbNewsSender before 1.5.2 ...) NOT-FOR-US: adbnewssender CVE-2008-6048 (Multiple cross-site request forgery (CSRF) vulnerabilities in TangoCMS ...) NOT-FOR-US: tangocms CVE-2008-6049 REJECTED NOT-FOR-US: moxiecode tinymce CVE-2008-6050 (SQL injection vulnerability in the Tech Articles (com_tech_article) ...) NOT-FOR-US: ircmaxell tech_article CVE-2008-6051 (MetaCart Free stores metacart.mdb under the web root with insufficient ...) NOT-FOR-US: metalinks metacart CVE-2008-6052 (PreProjects Pre E-Learning Portal stores db_elearning.mdb under the ...) NOT-FOR-US: preprojects pre_e learning_portal CVE-2008-6053 (PreProjects Pre Resume Submitter stores onlineresume.mdb under the web ...) NOT-FOR-US: preprojects pre_resume_submitter CVE-2008-6054 (PreProjects Pre Courier and Cargo Business stores dbcourior.mdb under ...) NOT-FOR-US: preprojects com pre_courier_and_cargo_business CVE-2008-6055 (PreProjects Pre Classified Listings stores pclasp.mdb under the web ...) NOT-FOR-US: preprojects pre_classified_listings CVE-2008-6056 (Multiple cross-site scripting (XSS) vulnerabilities in World Recipe ...) NOT-FOR-US: ex designs world_recipe CVE-2008-6057 (Doug Luxem Liberum Help Desk 0.97.3 stores db/helpdesk2000.mdb under ...) NOT-FOR-US: liberum_help_desk CVE-2008-6058 (Syslserve 1.058 and earlier, and probably 1.059, allows remote ...) NOT-FOR-US: syslserve CVE-2008-6059 (xml/XMLHttpRequest.cpp in WebCore in WebKit before r38566 does not ...) NOT-FOR-US: webkit CVE-2008-6060 (Cross-site scripting (XSS) vulnerability in ActionScript in arbitrary ...) NOT-FOR-US: infosoftglobal fusion_charts CVE-2008-6061 (Cross-site scripting (XSS) vulnerability in ActionScript in arbitrary ...) NOT-FOR-US: techsmith camtasia_studio CVE-2008-6062 (Cross-site scripting (XSS) vulnerability in ActionScript in arbitrary ...) NOT-FOR-US: adobe dreamweaver CVE-2008-6063 (Microsoft Word 2007, when the "Save as PDF" add-on is enabled, places ...) NOT-FOR-US: microsoft word CVE-2008-6064 (Multiple SQL injection vulnerabilities in DomPHP 0.81 allow remote ...) NOT-FOR-US: domphp CVE-2008-6065 (Oracle Database Server 10.1, 10.2, and 11g grants directory WRITE ...) NOT-FOR-US: oracle database_server CVE-2008-6066 (Multiple PHP remote file inclusion vulnerabilities in Meet#Web 0.8 ...) NOT-FOR-US: meet web CVE-2008-6067 REJECTED NOT-FOR-US: ephpscripts e shop_shopping_cart CVE-2008-6068 (SQL injection vulnerability in the JoomlaDate (com_joomladate) ...) NOT-FOR-US: web_design_hero joomladate CVE-2008-6069 (SQL injection vulnerability in e107chat.php in the eChat plugin 4.2 ...) NOT-FOR-US: 123flashchat echat_plugin CVE-2008-6070 (Multiple heap-based buffer underflows in the ReadPALMImage function in ...) NOT-FOR-US: graphicsmagick CVE-2008-6071 (Heap-based buffer overflow in the DecodeImage function in ...) NOT-FOR-US: graphicsmagick CVE-2008-6072 (Multiple unspecified vulnerabilities in GraphicsMagick before 1.1.14, ...) NOT-FOR-US: graphicsmagick CVE-2008-6073 (StorageCrypt 2.0.1 does not properly encrypt disks, which allows local ...) NOT-FOR-US: magic2003 storagecrypt CVE-2008-6074 (Directory traversal vulnerability in frame.php in phpcrs 2.06 and ...) NOT-FOR-US: phpcrs CVE-2008-6075 (SQL injection vulnerability in aspkat.asp in Bahar Download Script 2.0 ...) NOT-FOR-US: rasihbahar bahar_download_script CVE-2008-6076 (SQL injection vulnerability in the Daily Message (com_dailymessage) ...) NOT-FOR-US: jlleblanc com_dailymessage CVE-2008-6077 (SQL injection vulnerability in loudblog/ajax.php in LoudBlog 0.8.0a ...) NOT-FOR-US: loudblog CVE-2008-6078 (SQL injection vulnerability in open.php in the Private Messaging ...) NOT-FOR-US: limbo_cms com_privmsg CVE-2008-6079 (imlib2 before 1.4.2 allows context-dependent attackers to have an ...) NOT-FOR-US: We already have 1.4.2 in tree since December. CVE-2008-6080 (Directory traversal vulnerability in download.php in the ionFiles ...) NOT-FOR-US: codecall com_ionfiles CVE-2008-6081 (SQL injection vulnerability in contact.php in Simple Customer 1.2 ...) NOT-FOR-US: simplecustomer simple_customer CVE-2008-6082 (Titan FTP Server 6.26 build 630 allows remote attackers to cause a ...) NOT-FOR-US: southrivertech titan_ftp_server CVE-2008-6083 (Directory traversal vulnerability in header.php in TXTshop beta 1.0 ...) NOT-FOR-US: txtshop CVE-2008-6084 (Unrestricted file upload vulnerability in pages/download.php in Iamma ...) NOT-FOR-US: matteoiammarrone iamma_simple_gallery CVE-2008-6085 (Integer overflow in multiple F-Secure anti-virus products, including ...) NOT-FOR-US: f secure_protection_service_for_consumers CVE-2008-6086 (SQL injection vulnerability in album.php in Camera Life 2.6.2b4 allows ...) NOT-FOR-US: Camera Life CVE-2008-6087 (Cross-site scripting (XSS) vulnerability in topic.php in Camera Life ...) NOT-FOR-US: Camera Life CVE-2008-6088 (SQL injection vulnerability in the Joomtracker (com_joomtracker) 1.01 ...) NOT-FOR-US: Joomtracker com_joomtracker CVE-2008-6089 (Directory traversal vulnerability in main.php in ScriptsEz Easy Image ...) NOT-FOR-US: ScriptsEz CVE-2008-6090 (Directory traversal vulnerability in members.php in ScriptsEz Mini ...) NOT-FOR-US: ScriptsEz CVE-2008-6091 (SQL injection vulnerability in plugins.php in BMForum 5.6, when ...) NOT-FOR-US: bmforum CVE-2008-6092 (phpscripts Ranking Script allows remote attackers to bypass ...) NOT-FOR-US: phpscripts ranking script CVE-2008-6093 (SQL injection vulnerability in index.php in Noname CMS 1.0, when ...) NOT-FOR-US: noname cms noname_cms CVE-2008-6094 (Cross-site scripting (XSS) vulnerability in user.do in Celoxis ...) NOT-FOR-US: celoxis CVE-2008-6095 (Cross-site scripting (XSS) vulnerability in surveillanceView.htm in ...) NOT-FOR-US: opennms CVE-2008-6096 (Cross-site scripting (XSS) vulnerability in Juniper NetScreen ScreenOS ...) NOT-FOR-US: juniper netscreen_screenos CVE-2008-6097 (Multiple cross-site scripting (XSS) vulnerabilities in WikyBlog before ...) NOT-FOR-US: wikyblog CVE-2008-6098 (Bugzilla 3.2 before 3.2 RC2, 3.0 before 3.0.6, 2.22 before 2.22.6, ...) BUG: 258592 CVE-2008-6099 (PHP remote file inclusion vulnerability in index.php in RPortal 1.1 ...) NOT-FOR-US: rportal CVE-2008-6100 (Multiple SQL injection vulnerabilities in Discussion Forums 2k 3.3, ...) NOT-FOR-US: Discussion Forums CVE-2008-6101 (SQL injection vulnerability in click.php in Adult Banner Exchange ...) NOT-FOR-US: Adult CVE-2008-6102 (SQL injection vulnerability in ratelink.php in Link Trader Script ...) NOT-FOR-US: Link CVE-2008-6103 (PHP remote file inclusion vulnerability in index.php in A4Desk Event ...) NOT-FOR-US: A4Desk CVE-2008-6104 (SQL injection vulnerability in A4Desk PHP Event Calendar allows remote ...) NOT-FOR-US: A4Desk CVE-2008-6105 (Cross-site scripting (XSS) vulnerability in IBM Workplace for Business ...) NOT-FOR-US: IBM Workplace for Business Controls and Reporting CVE-2008-6106 (Cross-site request forgery (CSRF) vulnerability in IBM Workplace for ...) NOT-FOR-US: IBM Workplace for Business Controls and Reporting CVE-2008-6107 (The (1) sys32_mremap function in arch/sparc64/kernel/sys_sparc32.c, ...) BUG: 258593 CVE-2008-6108 (Cross-site scripting (XSS) vulnerability in result.php in Galatolo ...) NOT-FOR-US: Galatolo WebManager GWM CVE-2008-6109 (Robin Rawson-Tetley Animal Shelter Manager (ASM) before 2.2.2 does not ...) NOT-FOR-US: Robin CVE-2008-6110 (Unspecified vulnerability in SemanticScuttle before 0.90 has unknown ...) NOT-FOR-US: SemanticScuttle CVE-2008-6111 (SQL injection vulnerability in blog.php in NetArt Media Vlog System ...) NOT-FOR-US: netart_media vlog_system CVE-2008-6112 (Multiple directory traversal vulnerabilities in Ez Ringtone Manager ...) NOT-FOR-US: scriptsez ez_ringtone_manager CVE-2008-6113 (Cross-site scripting (XSS) vulnerability in SemanticScuttle before ...) NOT-FOR-US: semanticscuttle CVE-2008-6114 (SQL injection vulnerability in product_details.php in the Mytipper ...) NOT-FOR-US: mytipper zogo_shop CVE-2008-6115 (SQL injection vulnerability in directory.php in Prozilla Hosting Index ...) NOT-FOR-US: prozilla hosting_index CVE-2008-6116 (SQL injection vulnerability in the EXtrovert Software Thyme ...) NOT-FOR-US: extrosoft com_thyme CVE-2008-6117 (SQL injection vulnerability in homepage.php in PG Job Site Pro allows ...) NOT-FOR-US: pilotgroup pg_job_site_pro CVE-2008-6118 (win/content/upload.php in Goople CMS 1.7 allows remote attackers to ...) NOT-FOR-US: goople_cms CVE-2008-6119 (Static code injection vulnerability in ...) NOT-FOR-US: goople_cms CVE-2008-6120 (SQL injection vulnerability in profile_comments.php in SocialEngine ...) NOT-FOR-US: socialengine CVE-2008-6121 (CRLF injection vulnerability in SocialEngine (SE) 2.7 and earlier ...) NOT-FOR-US: socialengine CVE-2008-6122 (The web management interface in Netgear WGR614v9 allows remote ...) NOT-FOR-US: netgear wgr614 CVE-2008-6123 (The netsnmp_udp_fmtaddr function (snmplib/snmpUDPDomain.c) in net-snmp ...) BUG: 250429 CVE-2008-6124 (SQL injection vulnerability in the hotpot_delete_selected_attempts ...) NOT-FOR-US: moodle CVE-2008-6125 (Unspecified vulnerability in the user editing interface in Moodle ...) NOT-FOR-US: moodle CVE-2008-6126 (Multiple directory traversal vulnerabilities in moziloCMS 1.10.2 and ...) NOT-FOR-US: moziloCMS CVE-2008-6127 (Multiple cross-site scripting (XSS) vulnerabilities in moziloCMS ...) NOT-FOR-US: moziloCMS CVE-2008-6128 (Session fixation vulnerability in moziloCMS 1.10.2 and earlier allows ...) NOT-FOR-US: moziloCMS CVE-2008-6129 (Directory traversal vulnerability in print.php in moziloWiki 1.0.1 and ...) NOT-FOR-US: moziloWiki CVE-2008-6130 (Cross-site scripting (XSS) vulnerability in index.php in moziloWiki ...) NOT-FOR-US: moziloWiki CVE-2008-6131 (Session fixation vulnerability in moziloWiki 1.0.1 and earlier allows ...) NOT-FOR-US: moziloWiki CVE-2008-6132 (Eval injection vulnerability in reserve.php in phpScheduleIt 1.2.10 ...) NOT-FOR-US: phpScheduleIt CVE-2008-6133 (SQL injection vulnerability in arsaprint.php in Full PHP Emlak Script ...) NOT-FOR-US: Full CVE-2008-6134 (SQL injection vulnerability in EveryBlog 5.x and 6.x, a module for ...) NOT-FOR-US: drupal everyblog CVE-2008-6135 (Cross-site scripting (XSS) vulnerability in EveryBlog 5.x and 6.x, a ...) NOT-FOR-US: drupal everyblog CVE-2008-6136 (Unspecified vulnerability in EveryBlog 5.x and 6.x, a module for ...) NOT-FOR-US: drupal everyblog CVE-2008-6137 (EveryBlog 5.x and 6.x, a module for Drupal, allows remote attackers to ...) NOT-FOR-US: drupal everyblog CVE-2008-6138 (PHP remote file inclusion vulnerability in adminhead.php in ...) NOT-FOR-US: webbiscuits modules_controller CVE-2008-6139 (Directory traversal vulnerability in faqsupport/wce.download.php in ...) NOT-FOR-US: webbiscuits modules_controller CVE-2008-6140 (Unspecified vulnerability in the Session Initiation Protocol (SIP) ...) NOT-FOR-US: avaya one x CVE-2008-6141 (Unspecified vulnerability in Avaya IP Softphone 6.0 SP4 and 6.01.85 ...) NOT-FOR-US: avaya ip_soft_phone CVE-2008-6142 (Multiple SQL injection vulnerabilities in admin/usercheck.php in ...) NOT-FOR-US: china on site flexphpic CVE-2008-6143 (OwenPoll 1.0 allows remote attackers to bypass authentication and ...) NOT-FOR-US: owentechkenya owenpoll CVE-2008-6144 (Multiple cross-site scripting (XSS) vulnerabilities in the WEC ...) NOT-FOR-US: typo3 wec_discussion_forum CVE-2008-6145 (Multiple SQL injection vulnerabilities in the WEC Discussion Forum ...) NOT-FOR-US: typo3 wec_discussion_forum CVE-2008-6146 (SQL injection vulnerability in pm.php in DeluxeBB 1.2 and earlier, ...) NOT-FOR-US: deluxebb CVE-2008-6147 (ForumApp 3.3 stores sensitive information under the web root with ...) NOT-FOR-US: aspapp forumapp CVE-2008-6148 (SQL injection vulnerability in the Live Ticker (com_liveticker) module ...) NOT-FOR-US: raven worx liveticker CVE-2008-6149 (SQL injection vulnerability in the mDigg (com_mdigg) component 2.2.8 ...) NOT-FOR-US: joomlaapps com_mdigg CVE-2008-6150 (SQL injection vulnerability in classdis.asp in SepCity Classified Ads ...) NOT-FOR-US: sepcity classified_ads CVE-2008-6151 (SQL injection vulnerability in shpdetails.asp in SepCity Shopping Mall ...) NOT-FOR-US: sepcity shopping_mall CVE-2008-6152 (SQL injection vulnerability in deptdisplay.asp in SepCity Faculty ...) NOT-FOR-US: sepcity faculty_portal CVE-2008-6153 (SQL injection vulnerability in Photo.asp in Jay Patel Pixel8 Web Photo ...) NOT-FOR-US: jay_patel pixel8_web_photo_album CVE-2008-6154 (SQL injection vulnerability in index.php in Hispah Text Links Ads 1.1 ...) NOT-FOR-US: hispah text_links_ads CVE-2008-6155 (SQL injection vulnerability in index.php in Hispah Text Links Ads 1.1 ...) NOT-FOR-US: hispah text_links_ads CVE-2008-6156 (SQL injection vulnerability in editCampaign.php in AdMan 1.1.20070907 ...) NOT-FOR-US: formfields adman CVE-2008-6157 (SepCity Classified Ads stores the admin password in cleartext in ...) NOT-FOR-US: sepcity classified_ads CVE-2008-6158 (Multiple unspecified vulnerabilities in the admin backend in w3b>cms ...) NOT-FOR-US: w3bcms w3b cms CVE-2008-6159 (Content Management Made Easy (CMME) 1.19 allows remote attackers to ...) NOT-FOR-US: hans_oesterholt cmme CVE-2008-6160 (Semantically-Interconnected Online Communities (SIOC) 5.x before ...) NOT-FOR-US: Semantically Interconnected CVE-2008-6161 (Cross-site scripting (XSS) vulnerability in WOW Raid Manager (WRM) ...) NOT-FOR-US: WOW Raid Manager WRM CVE-2008-6162 (Bux.to Clone script allows remote attackers to bypass authentication ...) NOT-FOR-US: bux to_clone_script CVE-2008-6163 (SQL injection vulnerability in www/delivery/ac.php in OpenX 2.6.1 ...) NOT-FOR-US: openx CVE-2008-6164 (Cross-site scripting (XSS) vulnerability in index.php in DreamCost ...) NOT-FOR-US: dreamcost hostadmin CVE-2008-6165 (SQL injection vulnerability in gestion.php in CSPartner 0.1, when ...) NOT-FOR-US: CSPartner CVE-2008-6166 (SQL injection vulnerability in the KBase (com_kbase) 1.2 component for ...) NOT-FOR-US: KBase com_kbase CVE-2008-6167 (Directory traversal vulnerability in search.php in miniPortail 2.2 and ...) NOT-FOR-US: miniportail CVE-2008-6168 (Cross-site scripting (XSS) vulnerability in search.php in miniPortail ...) NOT-FOR-US: miniportail CVE-2008-6169 (Cross-site request forgery (CSRF) vulnerability in the Localization ...) NOT-FOR-US: Drupal core is not affected CVE-2008-6170 (Cross-site scripting (XSS) vulnerability in Drupal 5.x before 5.12 and ...) NOT-FOR-US: Old version, which we do not have in tree. CVE-2008-6171 (includes/bootstrap.inc in Drupal 5.x before 5.12 and 6.x before 6.6, ...) BUG: 243414 CVE-2008-6172 (Directory traversal vulnerability in captcha/captcha_image.php in the ...) NOT-FOR-US: joomla rwcards CVE-2008-6173 (Cross-site scripting (XSS) vulnerability in fullscreen.php in ...) NOT-FOR-US: clip share clipshare CVE-2008-6174 (Cross-site scripting (XSS) vulnerability in admin/postlister/index.php ...) NOT-FOR-US: jetbox_cms CVE-2008-6175 (SilverSHielD 1.0.2.34 allows remote attackers to cause a denial of ...) NOT-FOR-US: k2sxs silvershield CVE-2008-6176 REJECTED CVE-2008-6177 (Multiple directory traversal vulnerabilities in LightBlog 9.8, when ...) NOT-FOR-US: publicwarehouse lightblog CVE-2008-6178 (Unrestricted file upload vulnerability in ...) NOT-FOR-US: tru zone nukeet CVE-2008-6179 (SQL injection vulnerability in sug_cat.php in IndexScript 3.0 allows ...) NOT-FOR-US: indexscript CVE-2008-6180 (SQL injection vulnerability in system/nlb_user.class.php in NewLife ...) NOT-FOR-US: newlife_blogger CVE-2008-6181 (SQL injection vulnerability in the Mad4Joomla Mailforms ...) NOT-FOR-US: mad4media com_mad4joomla CVE-2008-6182 (SQL injection vulnerability in the Ignite Gallery (com_ignitegallery) ...) NOT-FOR-US: joomla ignitegallery CVE-2008-6183 (Multiple directory traversal vulnerabilities in index.php in My PHP ...) NOT-FOR-US: myphpindexer my_php_indexer CVE-2008-6184 (SQL injection vulnerability in the OwnBiblio (com_ownbiblio) component ...) NOT-FOR-US: joomla ownbiblio CVE-2008-6185 (NoticeWare Email Server NG 5.1.2.2 allows remote attackers to cause a ...) NOT-FOR-US: noticeware_email_server_ng CVE-2008-6186 (Stack-based buffer overflow in RaidenFTPD 2.4 build 3620 allows remote ...) NOT-FOR-US: raidenftpd CVE-2008-6187 (SQL injection vulnerability in frs/shownotes.php in Gforge 4.5.19 and ...) NOT-FOR-US: gforge CVE-2008-6188 (SQL injection vulnerability in people/editprofile.php in Gforge 4.6 ...) NOT-FOR-US: gforge CVE-2008-6189 (SQL injection vulnerability in GForge 4.5.19 allows remote attackers ...) NOT-FOR-US: gforge CVE-2008-6190 (Cross-site scripting (XSS) vulnerability in index.php in EEBCMS 0.95 ...) NOT-FOR-US: eeb welt eebcms CVE-2008-6191 (Conductor.exe in Intrinsic Swimage Encore before 5.0.1.21 contains a ...) NOT-FOR-US: intrinsic swimage_encore CVE-2008-6192 (Multiple cross-site scripting (XSS) vulnerabilities in unspecified ...) NOT-FOR-US: sun java_system_portal_server CVE-2008-6193 (Sam Crew MyBlog stores passwords in cleartext in a MySQL database, ...) NOT-FOR-US: myblog CVE-2008-6194 (Memory leak in the DNS server in Microsoft Windows allows remote ...) NOT-FOR-US: microsoft windows CVE-2008-6195 (Directory traversal vulnerability in the PXE TFTP Service ...) NOT-FOR-US: landesk_management_suite CVE-2008-6196 (Multiple PHP remote file inclusion vulnerabilities in Philippe CROCHAT ...) NOT-FOR-US: philippe_crochat easysite CVE-2008-6197 (SQL injection vulnerability in index.php in the galerie module for ...) NOT-FOR-US: kwsphp galerie_module CVE-2008-6198 (SQL injection vulnerability in pages.php in Custom Pages 1.0 plugin ...) NOT-FOR-US: mybboard custom_pages_plugin CVE-2008-6199 (2532designs 2532|Gigs 1.2.2 and earlier allows remote attackers to ...) NOT-FOR-US: 2532gigs CVE-2008-6200 (Multiple cross-site scripting (XSS) vulnerabilities in Swiki 1.5 allow ...) NOT-FOR-US: swiki CVE-2008-6201 (Directory traversal vulnerability in help.php in the eskuel module in ...) NOT-FOR-US: kwsphp CVE-2008-6202 (SQL injection vulnerability in CoBaLT 1.0 allows remote attackers to ...) NOT-FOR-US: jakob persson cobalt CVE-2008-6203 (SQL injection vulnerability in adminler.asp in CoBaLT 2.0 allows ...) NOT-FOR-US: jakob persson cobalt CVE-2008-6204 (Multiple SQL injection vulnerabilities in SuperNET Shop 1.0 and ...) NOT-FOR-US: supernet_shop CVE-2008-6205 (Cross-site scripting (XSS) vulnerability in seeurl.php in Xavier ...) NOT-FOR-US: xaaaaav38 urlstreet CVE-2008-6206 (Multiple PHP remote file inclusion vulnerabilities in RobotStats 0.1 ...) NOT-FOR-US: robotstats CVE-2008-6207 (Unrestricted file upload vulnerability in form_upload.php in PHPG ...) NOT-FOR-US: phpg_upload CVE-2008-6208 (Cross-site scripting (XSS) vulnerability in submitnews.php in e107 CMS ...) NOT-FOR-US: e107 CVE-2008-6209 (SQL injection vulnerability in view_product.php in Vastal I-Tech ...) NOT-FOR-US: vastal software_zone CVE-2008-6210 (SQL injection vulnerability in index.php in dream4 Koobi 4.4 and 5.4 ...) NOT-FOR-US: dream4 koobi CVE-2008-6211 (Multiple cross-site scripting (XSS) vulnerabilities in PhpForums.net ...) NOT-FOR-US: mcgallerypro mcgallery CVE-2008-6212 (Cross-site scripting (XSS) vulnerability in admin.php in Php-Stats ...) NOT-FOR-US: php stats CVE-2008-6213 (SQL injection vulnerability in mypage.php in Harlandscripts Pro ...) NOT-FOR-US: harlandscripts pro_traffic_one CVE-2008-6214 (SQL injection vulnerability in poll_results.php in Harlandscripts Pro ...) NOT-FOR-US: harlandscripts pro_traffic_one CVE-2008-6215 (Cross-site scripting (XSS) vulnerability in cadena_ofertas_ext.php in ...) NOT-FOR-US: bookingcentre booking_system_for_hotels_group CVE-2008-6216 (SQL injection vulnerability in cadena_ofertas_ext.php in Venalsur ...) NOT-FOR-US: bookingcentre booking_system_for_hotels_group CVE-2008-6217 (Cross-site scripting (XSS) vulnerability in index.php in Extrakt ...) NOT-FOR-US: extrakt_framework CVE-2008-6218 (Memory leak in the png_handle_tEXt function in pngrutil.c in libpng ...) BUG: 244808 CVE-2008-6219 (nsrexecd.exe in multiple EMC Networker products including EMC ...) NOT-FOR-US: multiple EMC Networker products including EMC NetWorker Server Storage Node and Client CVE-2008-6220 (SQL injection vulnerability in login.php in Simple Document Management ...) NOT-FOR-US: Simple Document Management System SDMS CVE-2008-6221 (PHP remote file inclusion vulnerability in config.dadamail.php in the ...) NOT-FOR-US: Dada Mail Manager com_dadamail component CVE-2008-6222 (Directory traversal vulnerability in the Pro Desk Support Center ...) NOT-FOR-US: Pro Desk Support Center com_pro_desk component CVE-2008-6223 (PHP remote file inclusion vulnerability in visualizza.php in Way Of ...) NOT-FOR-US: Way Of The Warrior WOTW CVE-2008-6224 (Directory traversal vulnerability in visualizza.php in Way Of The ...) NOT-FOR-US: Way Of The Warrior WOTW CVE-2008-6225 (** DISPUTED ** ...) NOT-FOR-US: mole group airline_ticket_sale_script CVE-2008-6226 (SQL injection vulnerability in moreinfo.php in Pre Projects PHP Auto ...) NOT-FOR-US: Pre CVE-2008-6227 (SQL injection vulnerability in buyer_detail.php in Pre Multi-Vendor ...) NOT-FOR-US: Pre CVE-2008-6228 (Pre Multi-Vendor Shopping Malls allows remote attackers to bypass ...) NOT-FOR-US: Pre CVE-2008-6229 (Cross-site scripting (XSS) vulnerability in the administrative ...) NOT-FOR-US: administrative interface in Drupal Content Construction Kit CCK CVE-2008-6230 (SQL injection vulnerability in Tour.php in Pre Projects Pre Podcast ...) NOT-FOR-US: preproject pre_podcast_portal CVE-2008-6231 (Pre Classified Listing PHP allows remote attackers to bypass ...) NOT-FOR-US: Pre CVE-2008-6232 (Pre Shopping Mall allows remote attackers to bypass authentication and ...) NOT-FOR-US: Pre CVE-2008-6233 (SQL injection vulnerability in index.php in Five Dollar Scripts Drinks ...) NOT-FOR-US: fivedollarscripts drinks CVE-2008-6234 (SQL injection vulnerability in the com_musica module in Joomla! and ...) NOT-FOR-US: com_musica CVE-2008-6235 (The Netrw plugin (netrw.vim) in Vim 7.0 and 7.1 allows user-assisted ...) BUG: 245065 CVE-2008-6236 (SQL injection vulnerability in login.php in Simple Document Management ...) NOT-FOR-US: Simple Document Management System SDMS CVE-2008-6237 (SQL injection vulnerability in software-description.php in Scripts For ...) NOT-FOR-US: Scripts CVE-2008-6238 (Cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: OpenEdit Digital Asset Management DAM CVE-2008-6239 (Cross-site request forgery (CSRF) vulnerability in OpenEdit Digital ...) NOT-FOR-US: OpenEdit Digital Asset Management DAM CVE-2008-6240 (Cross-site scripting (XSS) vulnerability in data/views/index.html in ...) NOT-FOR-US: OpenEdit Digital Asset Management DAM CVE-2008-6241 (Multiple SQL injection vulnerabilities in admin/usercheck.php in ...) NOT-FOR-US: FlexPHPSite CVE-2008-6242 (SQL injection vulnerability in SearchResults.php in Scripts For Sites ...) NOT-FOR-US: scripts_for_sites ez_e store CVE-2008-6243 (SQL injection vulnerability in showcategory.php in Scripts For Sites ...) NOT-FOR-US: scripts_for_sites ez_hotscripts likesite CVE-2008-6244 (SQL injection vulnerability in view_reviews.php in Scripts for Sites ...) NOT-FOR-US: scripts for sites ez_gaming_cheats CVE-2008-6245 (SQL injection vulnerability in track.php in Scripts For Sites (SFS) EZ ...) NOT-FOR-US: scripts for sites ez_biz_pro CVE-2008-6246 (SQL injection vulnerability in category.php in Scripts For Sites (SFS) ...) NOT-FOR-US: scripts for sites ez_webring CVE-2008-6247 (SQL injection vulnerability in topsite.php in Scripts For Sites (SFS) ...) NOT-FOR-US: scripts for sites ez_top_sites CVE-2008-6248 (Cross-site scripting (XSS) vulnerability in all.php in Galatolo ...) NOT-FOR-US: galatolo_webmanager CVE-2008-6249 (SQL injection vulnerability in plugins/users/index.php in Galatolo ...) NOT-FOR-US: gwm galatolo_webmanager CVE-2008-6250 (SQL injection vulnerability in Comdev Web Blogger 4.1.3 and earlier ...) NOT-FOR-US: comdev_web_blogger CVE-2008-6251 (PHP remote file inclusion vulnerability in includes/init.php in phpFan ...) NOT-FOR-US: scripts phpfan CVE-2008-6252 (Stack-based buffer overflow in the smc program in smcFanControl 2.1.2 ...) NOT-FOR-US: smcfancontrol CVE-2008-6253 (Directory traversal vulnerability in data/inc/lib/pcltar.lib.php in ...) NOT-FOR-US: pluck cms pluck CVE-2008-6254 (SQL injection vulnerability in scripts/documents.php in Jadu Galaxies ...) NOT-FOR-US: jadu_galaxies CVE-2008-6255 (Multiple SQL injection vulnerabilities in vBulletin 3.7.4 allow remote ...) NOT-FOR-US: vbulletin CVE-2008-6256 (SQL injection vulnerability in admincp/admincalendar.php in vBulletin ...) NOT-FOR-US: vbulletin CVE-2008-6257 (SQL injection vulnerability in default.asp in Openasp 3.0 and earlier ...) NOT-FOR-US: openasp CVE-2008-6258 (SQL injection vulnerability in users.asp in QuadComm Q-Shop 3.0, and ...) NOT-FOR-US: quadcomm q shop CVE-2008-6259 (Cross-site scripting (XSS) vulnerability in search.asp in QuadComm ...) NOT-FOR-US: quadcomm q shop CVE-2008-6260 (SQL injection vulnerability in index.php in Ultrastats 0.2.144 and ...) NOT-FOR-US: ultrastats CVE-2008-6261 (SQL injection vulnerability in view.php in E-topbiz AdManager 4 allows ...) NOT-FOR-US: e topbiz admanager CVE-2008-6262 (SQL injection vulnerability in lib/url/meta_url.php in SaturnCMS ...) NOT-FOR-US: infireal saturncms CVE-2008-6263 (SQL injection vulnerability in lib/user/t_user.php in SaturnCMS allows ...) NOT-FOR-US: infireal saturncms CVE-2008-6264 (SQL injection vulnerability in admin/admin.php in E-topbiz Slide ...) NOT-FOR-US: e topbiz slide_popups CVE-2008-6265 (Directory traversal vulnerability in portfolio/css.php in Cyberfolio ...) NOT-FOR-US: cyberfolio CVE-2008-6266 (SQL injection vulnerability in links.php in Appalachian State ...) BUG: 260274 CVE-2008-6267 (Cross-site scripting (XSS) vulnerability in detail.php in Multi ...) NOT-FOR-US: Multi Languages WebShop Online CVE-2008-6268 (SQL injection vulnerability in detail.php in WEBBDOMAIN Multi ...) NOT-FOR-US: Multi Languages WebShop Online CVE-2008-6269 (Joovili 3.1.4 allows remote attackers to bypass authentication and ...) NOT-FOR-US: joovili CVE-2008-6270 (SQL injection vulnerability in admin/index.php in Dragan Mitic Apoll ...) NOT-FOR-US: miticdjd apoll CVE-2008-6271 (Directory traversal vulnerability in index.php in TBmnetCMS 1.0, when ...) NOT-FOR-US: tbmnetcms CVE-2008-6272 (SQL injection vulnerability in admin/index.php in Dragan Mitic Apoll ...) NOT-FOR-US: miticdjd apoll CVE-2008-6273 (Directory traversal vulnerability in configuration_script.php in ...) NOT-FOR-US: myktools CVE-2008-6274 (Multiple SQL injection vulnerabilities in index.php in FamilyProject ...) NOT-FOR-US: mjcreation familyproject CVE-2008-6275 (Cross-site scripting (XSS) vulnerability in the User Karma module 5.x ...) NOT-FOR-US: drupal user_karma_module CVE-2008-6276 (Multiple SQL injection vulnerabilities in the User Karma module 5.x ...) NOT-FOR-US: drupal user_karma_module CVE-2008-6277 (SQL injection vulnerability in product.php in RakhiSoftware Price ...) NOT-FOR-US: rakhisoftware_shopping_cart CVE-2008-6278 (Multiple cross-site scripting (XSS) vulnerabilities in product.php in ...) NOT-FOR-US: rakhisoftware_shopping_cart CVE-2008-6279 (RakhiSoftware Price Comparison Script (aka Shopping Cart) allows ...) NOT-FOR-US: rakhisoftware_shopping_cart CVE-2008-6280 (Cross-site scripting (XSS) vulnerability in apply.cgi on the Linksys ...) NOT-FOR-US: linksysbycisco wrt160n CVE-2008-6281 (SQL injection vulnerability in index.php in Bluo CMS 1.2 allows remote ...) NOT-FOR-US: bluocms bluo_cms CVE-2008-6282 (SQL injection vulnerability in engine/users/users_edit_pub.inc in CMS ...) NOT-FOR-US: CMS Ortus CVE-2008-6283 (Cross-site scripting (XSS) vulnerability in Subtext 2.0 allows remote ...) NOT-FOR-US: Subtext CVE-2008-6284 (SQL injection vulnerability in edit.php in Z1Exchange 1.0 allows ...) NOT-FOR-US: Z1Exchange CVE-2008-6285 (SQL injection vulnerability in index.php in PHP TV Portal 2.0 and ...) NOT-FOR-US: PHP TV Portal CVE-2008-6286 (Multiple SQL injection vulnerabilities in SubscriberStart.asp in ...) NOT-FOR-US: Active Newsletter CVE-2008-6287 (Multiple PHP remote file inclusion vulnerabilities in Broadcast ...) NOT-FOR-US: Broadcast Machine CVE-2008-6288 (Directory traversal vulnerability in download.php in Interface Medien ...) NOT-FOR-US: Interface Medien ibase CVE-2008-6289 (SQL injection vulnerability in cityview.php in Tours Manager 1.0 ...) NOT-FOR-US: toursmanager tours_manager CVE-2008-6290 (Directory traversal vulnerability in includefile.php in nicLOR Sito, ...) NOT-FOR-US: niclor include_sito CVE-2008-6291 (Acc PHP eMail 1.1 allows remote attackers to bypass authentication and ...) NOT-FOR-US: accscripts acc_php_email CVE-2008-6292 (Acc Autos 4.0 allows remote attackers to bypass authentication and ...) NOT-FOR-US: accscripts acc_autos CVE-2008-6293 (admin/Index.php in Acc Real Estate 4.0 allows remote attackers to ...) NOT-FOR-US: accscripts acc_real_estate CVE-2008-6294 (admin/Index.php in Acc Statistics 1.1 allows remote attackers to ...) NOT-FOR-US: accscripts acc_statistics CVE-2008-6295 (Multiple cross-site scripting (XSS) vulnerabilities in Camera Life ...) NOT-FOR-US: camera_life CVE-2008-6296 (admin.php in Maran PHP Shop allows remote attackers to bypass ...) NOT-FOR-US: maran php_shop CVE-2008-6297 (Cross-site scripting (XSS) vulnerability in order.php in DHCart allows ...) NOT-FOR-US: dhcart CVE-2008-6298 (Unspecified vulnerability in sISAPILocation before 1.0.2.2 allows ...) NOT-FOR-US: rocketeer dip sisapilocation CVE-2008-6299 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5.7 ...) NOT-FOR-US: We only have Joomla! 1.5.9 which is hardmasked anyway... CVE-2008-6300 (Galatolo WebManager 1.3a allows remote attackers to bypass ...) NOT-FOR-US: gwm galatolo_webmanager CVE-2008-6301 (SQL injection vulnerability in shoutbox_view.php in the Small ShoutBox ...) NOT-FOR-US: prezmo small_shoutbox CVE-2008-6302 (TurnkeyForms Local Classifieds allows remote attackers to bypass ...) NOT-FOR-US: turnkeyforms local_classifieds CVE-2008-6303 (SQL injection vulnerability in tourview.php in ToursManager allows ...) NOT-FOR-US: Joovili CVE-2008-6304 (SQL injection vulnerability in xt:Commerce before 3.0.4 Sp2.1, when ...) NOT-FOR-US: Dragan Mitic Apoll CVE-2008-6305 (PHP remote file inclusion vulnerability in init.php in Free Directory ...) NOT-FOR-US: TBmnetCMS CVE-2008-6306 (Cross-site scripting (XSS) vulnerability in signinform.php in Softbiz ...) NOT-FOR-US: softbizscripts classifieds_script CVE-2008-6307 (E-topbiz Link Back Checker 1 allows remote attackers to bypass ...) NOT-FOR-US: e topbiz link_back_checker CVE-2008-6308 (Multiple directory traversal vulnerabilities in Private Messaging ...) NOT-FOR-US: punbb private_messaging_system CVE-2008-6309 (SQL injection vulnerability in index.php in W3matter AskPert allows ...) NOT-FOR-US: w3matter askpert CVE-2008-6310 (SQL injection vulnerability in index.php in W3matter RevSense 1.0 ...) NOT-FOR-US: w3matter revsense CVE-2008-6311 (SQL injection vulnerability in view.php in Butterfly Organizer 2.0.1 ...) NOT-FOR-US: butterflymedia butterfly_organizer CVE-2008-6312 (SQL injection vulnerability in index.php in ProQuiz 1.0 allows remote ...) NOT-FOR-US: manzovi proquiz CVE-2008-6313 (Directory traversal vulnerability in addedit-render.php in phpAddEdit ...) NOT-FOR-US: phpaddedit CVE-2008-6314 (SQL injection vulnerability in tag_board.php in the Tag Board module ...) NOT-FOR-US: Tag Board module CVE-2008-6315 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: phpmygallery CVE-2008-6316 (Directory traversal vulnerability in _conf/core/common-tpl-vars.php in ...) NOT-FOR-US: phpmygallery CVE-2008-6317 (Directory traversal vulnerability in ...) NOT-FOR-US: phpmygallery CVE-2008-6318 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: phpmygallery CVE-2008-6319 (SQL injection vulnerability in calendarevent.cfm in CF_Calendar allows ...) NOT-FOR-US: cfmsource cf_calendar CVE-2008-6320 (SQL injection vulnerability in index.cfm in CF Shopkart 5.2.2 allows ...) NOT-FOR-US: cfshopkart cf_shopkart CVE-2008-6321 (CF Shopkart 5.2.2 stores cfshopkart52.mdb under the web root with ...) NOT-FOR-US: cfshopkart cf_shopkart CVE-2008-6322 (SQL injection vulnerability in index.cfm in CFMSource CFMBlog allows ...) NOT-FOR-US: cfmsource cfmblog CVE-2008-6323 (SQL injection vulnerability in forummessages.cfm in CFMSource ...) NOT-FOR-US: cfmsource cf_auction CVE-2008-6324 (SQL injection vulnerability in forummessages.cfm in CF_Forum allows ...) NOT-FOR-US: cfmsource cf_forum CVE-2008-6325 (Multiple cross-site scripting (XSS) vulnerabilities in Softbiz ...) NOT-FOR-US: softbizscripts classifieds_script CVE-2008-6326 (SQL injection vulnerability in login.php in Simple Customer as ...) NOT-FOR-US: simplecustomer simple_customer CVE-2008-6327 (SQL injection vulnerability in index.php in ProQuiz 1.0 allows remote ...) NOT-FOR-US: manzovi proquiz CVE-2008-6328 (SQL injection vulnerability in view.php in Butterfly Organizer 2.0.0 ...) NOT-FOR-US: butterflymedia butterfly_organizer CVE-2008-6329 (SQL injection vulnerability in Employee/login.asp in Pre ASP Job Board ...) NOT-FOR-US: Pre CVE-2008-6330 (SQL injection vulnerability in index.php in MyTopix 1.3.0 and earlier ...) NOT-FOR-US: MyTopix CVE-2008-6331 (Multiple cross-site request forgery (CSRF) vulnerabilities in Streber ...) NOT-FOR-US: Streber CVE-2008-6332 (SQL injection vulnerability in login.php in Simple Customer 1.2 allows ...) NOT-FOR-US: Simple Customer CVE-2008-6333 (SQL injection vulnerability in news.php in RSS Simple News (RSSSN), ...) NOT-FOR-US: RSS CVE-2008-6334 (Directory traversal vulnerability in download.php in eMetrix Extract ...) NOT-FOR-US: eMetrix CVE-2008-6335 (Directory traversal vulnerability in download.php in eMetrix Online ...) NOT-FOR-US: eMetrix CVE-2008-6336 (Directory traversal vulnerability in download.php in Text Lines ...) NOT-FOR-US: Text Lines Rearrange Script CVE-2008-6337 (SQL injection vulnerability in the Volunteer Management System ...) NOT-FOR-US: Volunteer Management System com_volunteer module CVE-2008-6338 (SQL injection vulnerability in the WEBERkommunal Facilities ...) NOT-FOR-US: WEBERkommunal Facilities wes_facilities extension CVE-2008-6339 REJECTED CVE-2008-6340 (Cross-site scripting (XSS) vulnerability in the Vox populi ...) NOT-FOR-US: Vox populi mv_vox_populi extension CVE-2008-6341 (Cross-site scripting (XSS) vulnerability in the SB Universal Plugin ...) NOT-FOR-US: SB Universal Plugin SBuniplug extension CVE-2008-6342 (Unspecified vulnerability in the TYPO3 Simple File Browser ...) NOT-FOR-US: TYPO3 CVE-2008-6343 (Cross-site scripting (XSS) vulnerability in the TU-Clausthal ODIN ...) NOT-FOR-US: TU Clausthal ODIN tuc_odin extension CVE-2008-6344 (SQL injection vulnerability in the TU-Clausthal Staff (tuc_staff) ...) NOT-FOR-US: TU Clausthal Staff tuc_staff CVE-2008-6345 (SQL injection vulnerability in Forum.php in SolarCMS 0.53.8 and 1.0 ...) NOT-FOR-US: SolarCMS CVE-2008-6346 (Cross-site scripting (XSS) vulnerability in the DR Wiki (dr_wiki) ...) NOT-FOR-US: DR Wiki dr_wiki extension CVE-2008-6347 (PHP remote file inclusion vulnerability in lib/onguma.class.php in the ...) NOT-FOR-US: Onguma CVE-2008-6348 (Multiple SQL injection vulnerabilities in DevelopItEasy Photo Gallery ...) NOT-FOR-US: DevelopItEasy Photo Gallery CVE-2008-6349 (SQL injection vulnerability in survey_results_text.php in TurnkeyForms ...) NOT-FOR-US: TurnkeyForms Business Survey Pro CVE-2008-6350 (SQL injection vulnerability in listtest.php in TurnkeyForms Local ...) NOT-FOR-US: TurnkeyForms CVE-2008-6351 (Cross-site scripting (XSS) vulnerability in listtest.php in ...) NOT-FOR-US: TurnkeyForms CVE-2008-6352 (SQL injection vulnerability in home.html in Xpoze Pro 4.10 allows ...) NOT-FOR-US: Xpoze Pro CVE-2008-6353 (SQL injection vulnerability in index.asp in ASP-CMS 1.0 allows remote ...) NOT-FOR-US: ASP CMS CVE-2008-6354 (The Net Guys ASPired2poll stores sensitive information under the web ...) NOT-FOR-US: ASPired2poll CVE-2008-6355 (The Net Guys ASPired2Protect stores sensitive information under the ...) NOT-FOR-US: ASPired2Protect CVE-2008-6356 (evCal Events Calendar stores sensitive information under the web root ...) NOT-FOR-US: evCal CVE-2008-6357 (MyCal Personal Events Calendar stores sensitive information under the ...) NOT-FOR-US: MyCal CVE-2008-6358 (SQL injection vulnerability in group_index.php in Social Groupie ...) NOT-FOR-US: Social CVE-2008-6359 (Cross-site scripting (XSS) vulnerability in index.php in Max's ...) NOT-FOR-US: Guestbook CVE-2008-6360 (Cross-site scripting (XSS) vulnerability in the userranks feature in ...) NOT-FOR-US: ImpressCMS CVE-2008-6361 (Directory traversal vulnerability in index.php in InSun Feed CMS 1.7.3 ...) NOT-FOR-US: InSun Feed CMS CVE-2008-6362 (SQL injection vulnerability in sitepage.php in Multiple Membership ...) NOT-FOR-US: Multiple Membership Script CVE-2008-6363 (Stack-based buffer overflow in DesignWorks Professional 4.3.1 and ...) NOT-FOR-US: DesignWorks Professional CVE-2008-6364 (SQL injection vulnerability in logon_process.jsp in Ad Server ...) NOT-FOR-US: Banner Exchange Solution CVE-2008-6365 (SQL injection vulnerability in logon.jsp in Ad Server Solutions Ad ...) NOT-FOR-US: Ad Management Software CVE-2008-6366 (SQL injection vulnerability in logon.jsp in Ad Server Solutions ...) NOT-FOR-US: Ad Server Solutions Affiliate Software Java CVE-2008-6367 (Unrestricted file upload vulnerability in Photos/create_album.php in ...) NOT-FOR-US: Social Groupie CVE-2008-6368 (SQL injection vulnerability in index.php in Chipmunk Guestbook 1.4m ...) NOT-FOR-US: Chipmunk Guestbook CVE-2008-6369 (SQL injection vulnerability in default.asp in Ocean12 Contact Manager ...) NOT-FOR-US: Ocean12 CVE-2008-6370 (Cross-site scripting (XSS) vulnerability in default.asp in Ocean12 ...) NOT-FOR-US: Ocean12 CVE-2008-6371 (SQL injection vulnerability in login.asp in Ocean12 Membership Manager ...) NOT-FOR-US: Ocean12 CVE-2008-6372 (SQL injection vulnerability in default.asp in Ocean12 FAQ Manager Pro ...) NOT-FOR-US: Ocean12 CVE-2008-6373 (Unspecified vulnerability in Nagios before 3.0.6 has unspecified ...) BUG: 261058 CVE-2008-6374 (CodefixerSoftware MailingListPro Free Edition stores sensitive ...) NOT-FOR-US: CodefixerSoftware CVE-2008-6375 (JBook stores sensitive information under the web root with ...) NOT-FOR-US: JBook CVE-2008-6376 (SQL injection vulnerability in main.asp in Jbook allows remote ...) NOT-FOR-US: Jbook CVE-2008-6377 (PHP remote file inclusion vulnerability in include/global.php in Multi ...) NOT-FOR-US: Multi SEO phpBB CVE-2008-6378 (SQL injection vulnerability in calendar_Eventupdate.asp in Calendar Mx ...) NOT-FOR-US: Calendar Mx Professional CVE-2008-6379 (SQL injection vulnerability in pics_pre.asp in Gallery MX 2.0.0 allows ...) NOT-FOR-US: Gallery MX CVE-2008-6380 (SQL injection vulnerability in default.aspx in Active Web Helpdesk 2.0 ...) NOT-FOR-US: Active Web Helpdesk CVE-2008-6381 (SQL injection vulnerability in modules/adresses/viewcat.php in bcoos ...) NOT-FOR-US: bcoos CVE-2008-6382 (ASP Portal 3.2.5 stores sensitive information under the web root with ...) NOT-FOR-US: ASP Portal CVE-2008-6383 (SQL injection vulnerability in SpeedTech Organization and Resource ...) NOT-FOR-US: SpeedTech Organization and Resource Manager Storm CVE-2008-6384 (Multiple cross-site request forgery (CSRF) vulnerabilities in Comment ...) NOT-FOR-US: Comment Mail CVE-2008-6385 (Cross-site scripting (XSS) vulnerability in index.php in W3matter ...) NOT-FOR-US: W3matter CVE-2008-6386 (Cross-site scripting (XSS) vulnerability in showads.php in Z1Exchange ...) NOT-FOR-US: Z1Exchange CVE-2008-6387 (Quick Tree View .NET 3.1 stores sensitive information under the web ...) NOT-FOR-US: Quick Tree View CVE-2008-6388 (Rapid Classified 3.1 and 3.15 stores sensitive information under the ...) NOT-FOR-US: Rapid Classified CVE-2008-6389 (SQL injection vulnerability in asadmin/default.asp in Rae Media ...) NOT-FOR-US: Rae Media Contact CVE-2008-6390 (SQL injection vulnerability in login.asp in Ocean12 Membership Manager ...) NOT-FOR-US: Ocean12 CVE-2008-6391 (SQL injection vulnerability in main.asp in Jbook allows remote ...) NOT-FOR-US: Jbook CVE-2008-6392 (SQL injection vulnerability in showads.php in Z1Exchange allows remote ...) NOT-FOR-US: Z1Exchange CVE-2008-6393 (PSI Jabber client before 0.12.1 allows remote attackers to cause a ...) BUG: 252830 CVE-2008-6394 (SQL injection vulnerability in core/user.php in CS-Cart 1.3.5 and ...) NOT-FOR-US: cs cart CVE-2008-6395 (The web management interface in 3Com Wireless 8760 Dual Radio 11a/b/g ...) NOT-FOR-US: 3com wireless_8760_dual radio CVE-2008-6396 (Cross-site scripting (XSS) vulnerability in account.php in Celerondude ...) NOT-FOR-US: Celerondude Uploader CVE-2008-6397 (rlatex in AlcoveBook sgml2x 1.0.0 allows local users to overwrite ...) NOT-FOR-US: AlcoveBook CVE-2008-6398 (sng_regress in SNG 1.0.2 allows local users to overwrite arbitrary ...) NOT-FOR-US: SNG CVE-2008-6399 (Unspecified vulnerability in DotNetNuke 4.5.2 through 4.9 allows ...) NOT-FOR-US: DotNetNuke CVE-2008-6400 (Cross-site scripting (XSS) vulnerability in refbase before 0.9.5 ...) BUG: 261384 CVE-2008-6401 (SQL injection vulnerability in sayfa.php in JETIK-WEB allows remote ...) NOT-FOR-US: jetik web CVE-2008-6402 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: muskatli sofi_webgui CVE-2008-6403 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: openrat CVE-2008-6404 (Cross-site scripting (XSS) vulnerability in add_calendars.php in ...) NOT-FOR-US: extrosoft thyme CVE-2008-6405 (SQL injection vulnerability in showcategory.php in Hotscripts Clone ...) NOT-FOR-US: greatclone hotscripts_clone CVE-2008-6406 (Cross-site scripting (XSS) vulnerability in admin.php in DataLife ...) NOT-FOR-US: datalifecms datalife_engine CVE-2008-6407 (Directory traversal vulnerability in frame.php in ol'bookmarks manager ...) NOT-FOR-US: brian_wilson ol bookmarks CVE-2008-6408 (PHP remote file inclusion vulnerability in frame.php in ol'bookmarks ...) NOT-FOR-US: brian_wilson ol bookmarks CVE-2008-6409 (SQL injection vulnerability in index.php in ol'bookmarks manager 0.7.5 ...) NOT-FOR-US: brian_wilson ol bookmarks CVE-2008-6410 (Directory traversal vulnerability in show.php in ol'bookmarks manager ...) NOT-FOR-US: brian_wilson ol bookmarks CVE-2008-6411 (Explay CMS 2.1 and earlier allows remote attackers to bypass ...) NOT-FOR-US: explay_cms CVE-2008-6412 (Unspecified vulnerability in Vignette Content Management 7.3.0.5, ...) NOT-FOR-US: vignette_content_management CVE-2008-6413 (Cross-site scripting (XSS) vulnerability in the Answers module ...) NOT-FOR-US: ticklespace answers_module CVE-2008-6414 (SQL injection vulnerability in detail.php in AJ Auction Pro Platinum ...) NOT-FOR-US: aj_square aj_auction CVE-2008-6415 (Buffer overflow in YoungZSoft CCProxy 6.5 might allow remote attackers ...) NOT-FOR-US: youngzsoft ccproxy CVE-2008-6416 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: greensql CVE-2008-6417 (Unspecified vulnerability in GreenSQL-Console before 0.3.5 allows ...) NOT-FOR-US: greensql CVE-2008-6418 (SQL injection vulnerability in scrape.php in TorrentTrader before ...) NOT-FOR-US: torrenttrader CVE-2008-6419 (Multiple SQL injection vulnerabilities in Social Site Generator (SSG) ...) NOT-FOR-US: Social Site Generator SSG CVE-2008-6420 (Social Site Generator (SSG) 2.0 allows remote attackers to read ...) NOT-FOR-US: Social CVE-2008-6421 (PHP remote file inclusion vulnerability in social_game_play.php in ...) NOT-FOR-US: Social Site Generator SSG CVE-2008-6422 (Multiple SQL injection vulnerabilities in PsychoStats 2.3, 2.3.1, and ...) NOT-FOR-US: PsychoStats CVE-2008-6423 (Directory traversal vulnerability in passwiki.php in PassWiki 0.9.16 ...) NOT-FOR-US: PassWiki CVE-2008-6424 (Directory traversal vulnerability in FFFTP 1.96b allows remote FTP ...) NOT-FOR-US: FFFTP CVE-2008-6425 (SQL injection vulnerability in news.php in ComicShout 2.8 allows ...) NOT-FOR-US: ComicShout CVE-2008-6426 REJECTED CVE-2008-6427 (SQL injection vulnerability in index.php in Hivemaker Professional ...) NOT-FOR-US: Hivemaker CVE-2008-6428 (The CGI framework in Kaya 0.4.0 allows remote attackers to inject ...) NOT-FOR-US: Kaya CVE-2008-6429 (SQL injection vulnerability in the PrayerCenter (com_prayercenter) ...) NOT-FOR-US: PrayerCenter com_prayercenter component CVE-2008-6430 (SQL injection vulnerability in the MyContent (com_mycontent) component ...) NOT-FOR-US: MyContent com_mycontent component CVE-2008-6431 (Multiple cross-site scripting (XSS) vulnerabilities in BMForum 5.6 ...) NOT-FOR-US: BMForum CVE-2008-6432 REJECTED CVE-2008-6433 (Cross-site scripting (XSS) vulnerability in index.cfm in Blue River ...) NOT-FOR-US: Blue River Interactive Group Sava CMS CVE-2008-6434 (SQL injection vulnerability in index.cfm in Blue River Interactive ...) NOT-FOR-US: Blue River Interactive Group Sava CMS CVE-2008-6435 (Multiple cross-site scripting (XSS) vulnerabilities in phpSQLiteCMS 1 ...) NOT-FOR-US: phpSQLiteCMS CVE-2008-6436 (Cross-site scripting (XSS) vulnerability in the Web Server in Xerox ...) NOT-FOR-US: Web Server in Xerox WorkCentre CVE-2008-6437 (Multiple cross-site scripting (XSS) vulnerabilities in PHPFreeForum ...) NOT-FOR-US: PHPFreeForum CVE-2008-6438 (SQL injection vulnerability in macgurublog_menu/macgurublog.php in the ...) NOT-FOR-US: MacGuru BLOG Engine plugin CVE-2008-6439 (Cross-site scripting (XSS) vulnerability in search_results.php in ...) NOT-FOR-US: ABK Soft AbleDating CVE-2008-6440 (Cerberus Helpdesk before 4.0 (Build 600) allows remote attackers to ...) NOT-FOR-US: Cerberus Helpdesk CVE-2008-6441 (Format string vulnerability in the Epic Games Unreal engine client, as ...) BUG: 285010 CVE-2008-6442 (Insecure method vulnerability in Sina Inc. DLoader Class ActiveX ...) NOT-FOR-US: sina dloader CVE-2008-6443 (SQL injection vulnerability in forum_duzen.php in phpKF allows remote ...) NOT-FOR-US: phpkf CVE-2008-6444 (Stack-based buffer overflow in CSTransfer.dll in Baidu Hi IM might ...) NOT-FOR-US: baidu_hi CVE-2008-6445 (Unspecified vulnerability in YourPlace before 1.0.1 has unknown impact ...) NOT-FOR-US: yourplace CVE-2008-6446 (Static code injection vulnerability in the Guestbook component in CMS ...) NOT-FOR-US: geniuscyber maxsite CVE-2008-6447 (Buffer overflow in emmailstore.dll 6.5.0.3 in the QuikSoft EasyMail ...) NOT-FOR-US: emmailstore dll CVE-2008-6448 (Cross-site scripting (XSS) vulnerability in install.cgi in SKYARC ...) NOT-FOR-US: skyarc mtcms_wysiwyg_editor CVE-2008-6449 (Cross-site request forgery (CSRF) vulnerability in multiple Century ...) NOT-FOR-US: Century Systems CVE-2008-6450 (Cross-site scripting (XSS) vulnerability in Under Construction, Baby ...) NOT-FOR-US: Under Construction, Baby CVE-2008-6451 (SQL injection vulnerability in humor.php in jPORTAL 2 allows remote ...) NOT-FOR-US: jportal CVE-2008-6452 (SQL injection vulnerability in show_vote.php in Oceandir 2.9 and ...) NOT-FOR-US: oceandir CVE-2008-6453 (Directory traversal vulnerability in section.php in 6rbScript 3.3, ...) NOT-FOR-US: 6rbscript CVE-2008-6454 (SQL injection vulnerability in section.php in 6rbScript 3.3 allows ...) NOT-FOR-US: 6rbscript CVE-2008-6455 (Session fixation vulnerability in Edikon phpShop 0.8.1 allows remote ...) NOT-FOR-US: edikon phpshop CVE-2008-6456 (SQL injection vulnerability in the HBook (h_book) extension 2.3.0 and ...) NOT-FOR-US: martin_helmich hbook CVE-2008-6457 (SQL injection vulnerability in the Swigmore institute (cgswigmore) ...) NOT-FOR-US: walnutstreet cgswigmore CVE-2008-6458 (SQL injection vulnerability in the FE address edit for tt_address & ...) NOT-FOR-US: dieter_mayer fe_address_edit CVE-2008-6459 (SQL injection vulnerability in the auto BE User Registration ...) NOT-FOR-US: typo3 autobeuser CVE-2008-6460 (SQL injection vulnerability in the Simple Random Objects ...) NOT-FOR-US: mirko_werner mw_random_objects CVE-2008-6461 (SQL injection vulnerability in the Random Prayer 2 (ste_prayer2) ...) NOT-FOR-US: fr simon_rundell ste_prayer2 CVE-2008-6462 (SQL injection vulnerability in the My quiz and poll (myquizpoll) ...) NOT-FOR-US: kurt_gusbeth myquizpoll CVE-2008-6463 (SQL injection vulnerability in the Diocese of Portsmouth Church Search ...) NOT-FOR-US: fr simon_rundell pd_churchsearch CVE-2008-6464 (SQL injection vulnerability in event.php in Mevin Productions Basic ...) NOT-FOR-US: mevin basic php events lister CVE-2008-6465 (Multiple cross-site scripting (XSS) vulnerabilities in login.php in ...) NOT-FOR-US: parallels h sphere CVE-2008-6466 (SQL injection vulnerability in image_gallery.php in the Akira Powered ...) NOT-FOR-US: akirapowered image_gallery CVE-2008-6467 (SQL injection vulnerability in jobs/jobseekers/job-info.php in Diesel ...) NOT-FOR-US: dieselscripts diesel_job_site CVE-2008-6468 (SQL injection vulnerability in index.php in Diesel Pay allows remote ...) NOT-FOR-US: dieselscripts diesel_pay CVE-2008-6469 (SQL injection vulnerability in index.php in PlainCart 1.1.2 allows ...) NOT-FOR-US: plaincart CVE-2008-6470 (Multiple unspecified vulnerabilities in ClanSphere before 2008.2.1 ...) NOT-FOR-US: clansphere CVE-2008-6471 (SQL injection vulnerability in detail.php in MountainGrafix easyLink ...) NOT-FOR-US: mountaingrafix easylink CVE-2008-6472 (The WLCCP dissector in Wireshark 0.99.7 through 1.0.4 allows remote ...) BUG: 248425 CVE-2008-6473 (_blogadata/include/init_pass2.php in Blogator-script 0.95 allows ...) NOT-FOR-US: blogator script CVE-2008-6474 (The management interface in F5 BIG-IP 9.4.3 allows remote ...) NOT-FOR-US: f5 big ip CVE-2008-6475 (SQL injection vulnerability in the guestbook component ...) NOT-FOR-US: drake_team drake_cms CVE-2008-6476 (Cross-site scripting (XSS) vulnerability in blog/search.aspx in ...) NOT-FOR-US: codex blogengine CVE-2008-6477 (SQL injection vulnerability in Mumbo Jumbo Media OP4 allows remote ...) NOT-FOR-US: mumbo_jumbo op4 CVE-2008-6478 (Cross-site request forgery (CSRF) vulnerability in the file manager in ...) NOT-FOR-US: Virtuozzo CVE-2008-6479 (Cross-site request forgery (CSRF) vulnerability in the "change ...) NOT-FOR-US: Virtuozzo CVE-2008-6480 (Cross-site request forgery (CSRF) vulnerability in ...) NOT-FOR-US: Datalife Engine CVE-2008-6481 (SQL injection vulnerability in the Versioning component ...) NOT-FOR-US: joomprod com_versioning CVE-2008-6482 (PHP remote file inclusion vulnerability in admin.treeg.php in the ...) NOT-FOR-US: justjoomla com_treeg CVE-2008-6483 (PHP remote file inclusion vulnerability in admin.googlebase.php in the ...) NOT-FOR-US: Ecom Solutions VirtueMart Google Base aka com_googlebase or Froogle component CVE-2008-6484 (SQL injection vulnerability in login.php in Mole Group Taxi Map Script ...) NOT-FOR-US: Mole CVE-2008-6485 (SQL injection vulnerability in index.php in SoftComplex PHP Image ...) NOT-FOR-US: SoftComplex CVE-2008-6486 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: SharedLog CVE-2008-6487 (Multiple SQL injection vulnerabilities in login.asp in Digiappz ...) NOT-FOR-US: Digiappz DigiAffiliate CVE-2008-6488 (SQL injection vulnerability in index.php in SoftComplex PHP Image ...) NOT-FOR-US: softcomplex php_image_gallery CVE-2008-6489 (SQL injection vulnerability in MyAlbum component (com_myalbum) 1.0 for ...) NOT-FOR-US: huseyin_bora_abaci com_myalbum CVE-2008-6490 (function/update_xml.php in FLABER 1.1 and earlier allows remote ...) NOT-FOR-US: flysforum flaber CVE-2008-6491 (PHP remote file inclusion vulnerability in connexion.php in PHPGKit ...) NOT-FOR-US: denis_moinel phpgkit CVE-2008-6492 (Unrestricted file upload vulnerability in process.php in Tizag ...) NOT-FOR-US: tizag_countdown_creator CVE-2008-6493 (Easy Content Management Publishing stores sensitive information under ...) NOT-FOR-US: easy news easy_content_management_publishing CVE-2008-6494 (ASP User Engine.NET stores sensitive information under the web root ...) NOT-FOR-US: robs projects asp_user_engine net CVE-2008-6495 (Cross-site scripting (XSS) vulnerability in index.php in Fritz Berger ...) NOT-FOR-US: zirkon_box yappa ng CVE-2008-6496 (Insecure method vulnerability in the VSPDFEditorX.VSPDFEdit ActiveX ...) NOT-FOR-US: visagesoft expert_pdf_editorx CVE-2008-6497 (The Neostrada Livebox ADSL Router allows remote attackers to cause a ...) NOT-FOR-US: tp neostrada_livebox_adsl_router CVE-2008-6498 (Cross-site request forgery (CSRF) vulnerability in ...) NOT-FOR-US: apachefriends xampp CVE-2008-6499 (security/xamppsecurity.php in XAMPP 1.6.8 performs an extract ...) NOT-FOR-US: apachefriends xampp CVE-2008-6500 (Cross-site scripting (XSS) vulnerability in CodeToad ASP Shopping Cart ...) NOT-FOR-US: codetoad asp_shopping_cart CVE-2008-6501 (Cross-site scripting (XSS) vulnerability in profiles/index.php in Pro ...) NOT-FOR-US: pro_chat_rooms CVE-2008-6502 (Directory traversal vulnerability in Pro Chat Rooms 3.0.2 allows ...) NOT-FOR-US: pro_chat_rooms CVE-2008-6503 (Multiple cross-site scripting (XSS) vulnerabilities in PrestaShop ...) NOT-FOR-US: prestashop CVE-2008-6504 (ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and ...) NOT-FOR-US: opensymphony xwork2 1 1 CVE-2008-6505 (Multiple directory traversal vulnerabilities in Apache Struts 2.0.x ...) NOT-FOR-US: We only ship version1 which is not vuln according to upstream CVE-2008-6506 (Unspecified vulnerability in phpBB before 3.0.4 allows attackers to ...) BUG: 251037 CVE-2008-6507 (Unspecified vulnerability in phpBB before 3.0.4 allows attackers to ...) BUG: 251037 CVE-2008-6508 (Directory traversal vulnerability in the AuthCheck filter in the Admin ...) BUG: 246008 CVE-2008-6509 (SQL injection vulnerability in CallLogDAO in SIP Plugin in Openfire ...) BUG: 246008 CVE-2008-6510 (Cross-site scripting (XSS) vulnerability in login.jsp in the Admin ...) BUG: 246008 CVE-2008-6511 (Open redirect vulnerability in login.jsp in Openfire 3.6.0a and ...) BUG: 246008 CVE-2008-6512 (Cross-domain vulnerability in the WorkerPool API in Google Gears ...) NOT-FOR-US: google gears CVE-2008-6513 (Unrestricted file upload vulnerability in saa.php in Andy's PHP ...) NOT-FOR-US: aphpkb CVE-2008-6514 (The Expo plugin in Compiz Fusion 0.7.8 allows local users with ...) BUG: 263678 CVE-2008-6515 (Cross-site scripting (XSS) vulnerability in Fritz Berger yet another ...) NOT-FOR-US: vclcomponents yappa ng CVE-2008-6516 (Multiple directory traversal vulnerabilities in phpKF-Portal 1.10 ...) NOT-FOR-US: phpkf portal CVE-2008-6517 (SQL injection vulnerability in NewsHOWLER 1.03 Beta allows remote ...) NOT-FOR-US: newshowler 1 0 3_beta CVE-2008-6518 (Unrestricted file upload vulnerability in the profile feature in ...) NOT-FOR-US: profile CVE-2008-6519 (Format string vulnerability in Xitami Web Server 2.2a through 2.5c2, ...) NOT-FOR-US: Xitami Web Server CVE-2008-6520 (Multiple format string vulnerabilities in the SSI filter in Xitami Web ...) NOT-FOR-US: SSI filter in Xitami Web Server CVE-2008-6521 (index.php in Terracotta (aka OpenTerracotta) 0.6.1 allows remote ...) NOT-FOR-US: Terracotta aka OpenTerracotta CVE-2008-6522 (Multiple directory traversal vulnerabilities in the RenderFile ...) NOT-FOR-US: Terracotta aka OpenTerracotta CVE-2008-6523 (auth.php in openInvoice 0.90 beta and earlier allows remote attackers ...) NOT-FOR-US: openInvoice CVE-2008-6524 (resetpass.php in openInvoice 0.90 beta and earlier allows remote ...) NOT-FOR-US: openInvoice CVE-2008-6525 (SQL injection vulnerability in the Admin Panel in Nice PHP FAQ Script ...) NOT-FOR-US: nicephpscripts CVE-2008-6526 (SQL injection vulnerability in index.php in BosDev BosClassifieds ...) NOT-FOR-US: bosdev bos_classifieds CVE-2008-6527 (SQL injection vulnerability in forum.asp in GO4I.NET ASP Forum 1.0 ...) NOT-FOR-US: go4i go41 net_asp_forum CVE-2008-6528 (NTFS TmaxSoft JEUS 5 before Fix 26 allows remote attackers to read the ...) NOT-FOR-US: tmaxsoft jeus CVE-2008-6529 (Cross-site scripting (XSS) vulnerability in listtest.php in ...) NOT-FOR-US: ezonescripts living_local CVE-2008-6530 (Unrestricted file upload vulnerability in editimage.php in ...) NOT-FOR-US: ezonescripts living_local CVE-2008-6531 (The WebWork 1 web application framework in Atlassian JIRA before ...) NOT-FOR-US: atlassian jira CVE-2008-6532 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...) NOT-FOR-US: We're shipping 5.16 and 6.10 CVE-2008-6533 (Drupal 5.x before 5.13 and 6.x before 6.7 does not delete all related ...) BUG: 250737 CVE-2008-6534 (Incomplete blacklist vulnerability in NULL FTP Server Free and Pro ...) NOT-FOR-US: vwsolutions null_ftp CVE-2008-6535 (admin/settings.php in PayPal eStores allows remote attackers to bypass ...) NOT-FOR-US: paypalestores paypal_estores CVE-2008-6536 (Unspecified vulnerability in 7-zip before 4.5.7 has unknown impact and ...) NOT-FOR-US: 7 zip CVE-2008-6537 (LightNEasy/lightneasy.php in LightNEasy No database version 1.2 allows ...) NOT-FOR-US: lightneasy CVE-2008-6538 (DeStar 0.2.2-5 allows remote attackers to add arbitrary users via a ...) NOT-FOR-US: DeStar CVE-2008-6539 (Static code injection vulnerability in user/settings/ in DeStar ...) NOT-FOR-US: destar CVE-2008-6540 (DotNetNuke before 4.8.2, during installation or upgrade, does not warn ...) NOT-FOR-US: dotnetnuke CVE-2008-6541 (Unrestricted file upload vulnerability in the file manager module in ...) NOT-FOR-US: dotnetnuke CVE-2008-6542 (Unspecified vulnerability in the Skin Manager in DotNetNuke before ...) NOT-FOR-US: dotnetnuke CVE-2008-6543 (Multiple PHP remote file inclusion vulnerabilities in ComScripts TEAM ...) NOT-FOR-US: comscripts quick_classifieds CVE-2008-6544 (** DISPUTED ** ...) NOT-FOR-US: n CVE-2008-6545 (PHP remote file inclusion vulnerability in news/include/createdb.php ...) NOT-FOR-US: comscripts web_server_creator_web_portal CVE-2008-6546 (Unspecified vulnerability in phpns before 2.1.3 has unknown impact and ...) NOT-FOR-US: alecwh phpns CVE-2008-6547 (schema.py in FormEncode for Python (python-formencode) 1.0 does not ...) NOT-FOR-US: We have 1.0.1 for about a year now. CVE-2008-6548 (The rst parser (parser/text_rst.py) in MoinMoin 1.6.1 does not check ...) NOTE: obsolete CVE-2008-6549 (The password_checker function in config/multiconfig.py in MoinMoin ...) NOTE: obsolete CVE-2008-6550 (Cross-site scripting (XSS) vulnerability in glossaire.php in Glossaire ...) NOT-FOR-US: davidbourrier glossaire CVE-2008-6551 (Multiple directory traversal vulnerabilities in e-Vision CMS 2.0.2 and ...) NOT-FOR-US: e vision_cms CVE-2008-6552 (Red Hat Cluster Project 2.x allows local users to modify or overwrite ...) NOT-FOR-US: redhat cluster_project CVE-2008-6553 (microcms-admin-home.php in Implied by Design Micro CMS (Micro-CMS) 3.5 ...) NOT-FOR-US: impliedbydesign micro cms CVE-2008-6554 (cgi-bin/script in Aztech ADSL2/2+ 4-port router 3.7.0 build 070426 ...) NOT-FOR-US: Aztech CVE-2008-6555 (cgi-bin/webutil.pl in The Puppet Master WebUtil allows remote ...) NOT-FOR-US: The CVE-2008-6556 (cgi-bin/webutil.pl in The Puppet Master WebUtil 2.3 allows remote ...) NOT-FOR-US: The Puppet Master WebUtil CVE-2008-6557 (cgi-bin/webutil.pl in The Puppet Master WebUtil 2.7 allows remote ...) NOT-FOR-US: The Puppet Master WebUtil CVE-2008-6558 (Untrusted search path vulnerability in (1) hvdisp and (2) rcvm in ...) NOT-FOR-US: ReliantHA CVE-2008-6559 (Merge mcd in ReliantHA 1.1.4 in SCO UnixWare 7.1.4 allows local users ...) NOT-FOR-US: ReliantHA CVE-2008-6560 (Buffer overflow in CMAN - The Cluster Manager before 2.03.09-1 on ...) BUG: 264433 CVE-2008-6561 (Citrix Presentation Server Client for Windows before 10.200 does not ...) NOT-FOR-US: unspecified CVE-2008-6562 (Cross-site scripting (XSS) vulnerability in jax_linklists.php in Jack ...) NOT-FOR-US: Jack tR Jax LinkLists CVE-2008-6563 (Buffer overflow in the XML parser in Trillian 3.1.9.0, and possibly ...) NOT-FOR-US: XML parser in Trillian CVE-2008-6564 (Nortel UNIStim protocol, as used in Communication Server 1000 and ...) NOT-FOR-US: Communication Server CVE-2008-6565 (Cross-site scripting (XSS) vulnerability in Invision Power Board 2.3.1 ...) NOT-FOR-US: Invision Power Board CVE-2008-6566 (Unspecified vulnerability in Octopussy before 0.9.5.8 has unknown ...) NOT-FOR-US: Octopussy CVE-2008-6567 (Multiple cross-site scripting (XSS) vulnerabilities in Gallarific Free ...) NOT-FOR-US: Gallarific CVE-2008-6568 (Unrestricted file upload vulnerability in Yehe 2.0 allows remote ...) NOT-FOR-US: Yehe CVE-2008-6569 (Session fixation vulnerability in Cybozu Garoon 2.0.0 through 2.1.3 ...) NOT-FOR-US: Cybozu Garoon CVE-2008-6570 (Cross-site scripting (XSS) vulnerability in the RSS reader in Cybozu ...) NOT-FOR-US: RSS reader in Cybozu Garoon CVE-2008-6571 (Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before ...) NOT-FOR-US: LinPHA CVE-2008-6572 (SQL injection vulnerability in search_results.php in ABK-Soft ...) NOT-FOR-US: abledating CVE-2008-6573 (Multiple SQL injection vulnerabilities in Avaya SIP Enablement ...) NOT-FOR-US: avaya communication_manager CVE-2008-6574 (Unspecified vulnerability in SIP Enablement Services (SES) in Avaya ...) NOT-FOR-US: avaya communication_manager CVE-2008-6575 (Unspecified vulnerability in the SIP server in SIP Enablement Services ...) NOT-FOR-US: avaya communication_manager CVE-2008-6576 (Unspecified vulnerability in the "session limitation technique" in the ...) NOT-FOR-US: nortel cs1000 CVE-2008-6577 (Nortel MG1000S, Signaling Server, and Call Server on the ...) NOT-FOR-US: nortel cs1000 CVE-2008-6578 (Multiple unspecified vulnerabilities in Nortel Communication Server ...) NOT-FOR-US: nortel cs1000 CVE-2008-6579 (Nortel Communication Server 1000 4.50.x allows remote attackers to ...) NOT-FOR-US: nortel cs1000 CVE-2008-6580 (The Red_Reservations script for ColdFusion stores sensitive ...) NOT-FOR-US: scripts red_reservations CVE-2008-6581 (login.php in PhpAddEdit 1.3 allows remote attackers to bypass ...) NOT-FOR-US: phpadd CVE-2008-6582 (SQL injection vulnerability in index.php in Miniweb 2.0 allows remote ...) NOT-FOR-US: miniweb CVE-2008-6583 (Buffer overflow in BS.player 2.27 build 959 allows remote attackers to ...) NOT-FOR-US: BS player CVE-2008-6584 (html/index.php in TorrentFlux 2.3 allows remote authenticated users to ...) NOT-FOR-US: TorrentFlux CVE-2008-6585 (Cross-site request forgery (CSRF) vulnerability in html/admin.php in ...) NOT-FOR-US: TorrentFlux CVE-2008-6586 (Cross-site request forgery (CSRF) vulnerability in gui/index.php in ...) NOT-FOR-US: Torrent uTorrent WebUI CVE-2008-6587 (Cross-site request forgery (CSRF) vulnerability in index.tmpl in Vuze ...) NOT-FOR-US: Module does not seem to be shipped by us CVE-2008-6588 (Aztech ADSL2/2+ 4-port router has a default "isp" account with a ...) NOT-FOR-US: Aztech CVE-2008-6589 (Multiple cross-site scripting (XSS) vulnerabilities in LightNEasy "no ...) NOT-FOR-US: LightNEasy no database aka flat version CVE-2008-6590 (Multiple directory traversal vulnerabilities in LightNEasy "no ...) NOT-FOR-US: LightNEasy no database aka flat version CVE-2008-6591 (LightNEasy "no database" (aka flat) version 1.2.2, and possibly SQLite ...) NOT-FOR-US: LightNEasy CVE-2008-6592 (thumbsup.php in Thumbs-Up 1.12, as used in LightNEasy "no database" ...) NOT-FOR-US: Thumbs Up CVE-2008-6593 (SQL injection vulnerability in LightNEasy/lightneasy.php in LightNEasy ...) NOT-FOR-US: LightNEasy SQLite CVE-2008-6594 (SQL injection vulnerability in the cm_rdfexport extension for TYPO3 ...) NOT-FOR-US: cm_rdfexport CVE-2008-6595 (SQL injection vulnerability in the pmk_rssnewsexport extension for ...) NOT-FOR-US: pmk_rssnewsexport CVE-2008-6596 (SQL injection vulnerability in admin/index.php in PHCDownload 1.1 ...) NOT-FOR-US: PHCDownload CVE-2008-6597 (Cross-site scripting (XSS) vulnerability in upload/install/index.php ...) NOT-FOR-US: PHCDownload CVE-2008-6598 (Multiple race conditions in WANPIPE before 3.3.6 have unknown impact ...) NOTE: obsolete CVE-2008-6599 (cookiecheck.php in CookieCheck 1.0 stores tmp/cc_sessions under the ...) NOT-FOR-US: CookieCheck CVE-2008-6600 (Cross-site scripting (XSS) vulnerability in the search feature in ...) NOT-FOR-US: search feature in XMLPortal CVE-2008-6601 (Unspecified vulnerability in Epona 1.5rc3 allows remote attackers to ...) NOT-FOR-US: Epona CVE-2008-6602 (Unspecified vulnerability in Download Center Lite before 2.1 has ...) NOT-FOR-US: Download Center Lite CVE-2008-6603 (MoinMoin 1.6.2 and 1.7 does not properly enforce ACL checks when ...) NOT-FOR-US: We don't ship these old versions CVE-2008-6604 (Directory traversal vulnerability in index.php in PicoFlat CMS 0.5.9 ...) NOT-FOR-US: picoflat_cms CVE-2008-6605 (Cross-site request forgery (CSRF) vulnerability in the xslt script in ...) NOT-FOR-US: 2wire 2700hg CVE-2008-6606 (SQL injection vulnerability in view.php in MatPo Link 1.2 Beta allows ...) NOT-FOR-US: matpo_link CVE-2008-6607 (Cross-site scripting (XSS) vulnerability in view.php in MatPo Link 1.2 ...) NOT-FOR-US: matpo_link CVE-2008-6608 (Multiple SQL injection vulnerabilities in DevelopItEasy Events ...) NOT-FOR-US: developiteasy events_calendar CVE-2008-6609 (Cross-site scripting (XSS) vulnerability in phpcksec.php in Stefan Ott ...) NOT-FOR-US: Stefan Ott phpcksec CVE-2008-6610 (Absolute path traversal vulnerability in phpcksec.php in Stefan Ott ...) NOT-FOR-US: Stefan Ott phpcksec CVE-2008-6611 (SQL injection vulnerability in index.php in Minimal ABlog 0.4 allows ...) NOT-FOR-US: Minimal ABlog CVE-2008-6612 (Unrestricted file upload vulnerability in admin/uploader.php in ...) NOT-FOR-US: Minimal ABlog CVE-2008-6613 (uploader.php in minimal-ablog 0.4 does not properly restrict access, ...) NOT-FOR-US: minimal ablog CVE-2008-6614 (Multiple SQL injection vulnerabilities in microcms-admin-login.php in ...) NOT-FOR-US: Implied By Design IBD Micro CMS CVE-2008-6615 (SQL injection vulnerability in index.php in Zen Software Zen Cart 2008 ...) NOT-FOR-US: Zen Software Zen Cart CVE-2008-6616 (Cross-site scripting (XSS) vulnerability in index.php in Zen Software ...) NOT-FOR-US: Zen Software Zen Cart CVE-2008-6617 (Unrestricted file upload vulnerability in adm/visual/upload.php in ...) NOT-FOR-US: SiteXS CMS CVE-2008-6618 (Multiple SQL injection vulnerabilities in ClassSystem 2.3 allow remote ...) NOT-FOR-US: ClassSystem CVE-2008-6619 (Unrestricted file upload vulnerability in class/ApplyDB.php in ...) NOT-FOR-US: ClassSystem CVE-2008-6620 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: GraFX miniCWB CVE-2008-6621 (Unspecified vulnerability in GraphicsMagick before 1.2.3 allows remote ...) NOT-FOR-US: graphicsmagick CVE-2008-6622 (SQL injection vulnerability in choosecard.php in WEBBDOMAIN Post Card ...) NOT-FOR-US: webbdomian post_card CVE-2008-6623 (SQL injection vulnerability in getin.php in WEBBDOMAIN Post Card (aka ...) NOT-FOR-US: webbdomain post_card CVE-2008-6624 (SQL injection vulnerability in getin.php in WEBBDOMAIN Petition 1.02, ...) NOT-FOR-US: webbdomain petition CVE-2008-6625 (SQL injection vulnerability in getin.php in WEBBDOMAIN Polls (aka ...) NOT-FOR-US: webbdomain polls CVE-2008-6626 (SQL injection vulnerability in getin.php in WEBBDOMAIN Quiz 1.02 and ...) NOT-FOR-US: webbdomain quiz CVE-2008-6627 (SQL injection vulnerability in getin.php in WEBBDOMAIN WebShop 1.2, ...) NOT-FOR-US: webbdomain web_shop CVE-2008-6628 REJECTED NOT-FOR-US: webbdomain web_shop_online CVE-2008-6629 (Cross-site scripting (XSS) vulnerability in detail.php in WEBBDOMAIN ...) NOT-FOR-US: webbdomain web_shop_online CVE-2008-6630 (Directory traversal vulnerability in the wt_gallery extension 2.5.0 ...) NOT-FOR-US: typo3 wt_gallery CVE-2008-6631 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) NOT-FOR-US: blogphp CVE-2008-6632 (SQL injection vulnerability in func/login.php in MercuryBoard 1.1.5 ...) NOT-FOR-US: mercuryboard CVE-2008-6633 (SQL injection vulnerability in RoomPHPlanning 1.5 allows remote ...) NOT-FOR-US: beaussier roomphplanning CVE-2008-6634 (SQL injection vulnerability in RoomPHPlanning 1.5 allows remote ...) NOT-FOR-US: beaussier roomphplanning CVE-2008-6635 (PHP remote file inclusion vulnerability in skins/default.php in Geody ...) NOT-FOR-US: geody dagger CVE-2008-6636 (PHP remote file inclusion vulnerability in skins/default.php in Geody ...) NOT-FOR-US: geody dagger CVE-2008-6637 (Multiple cross-site scripting (XSS) vulnerabilities in forgotPW.php in ...) NOT-FOR-US: libraryvideocompany safari_montage CVE-2008-6638 (Insecure method vulnerability in the Versalsoft HTTP Image Uploader ...) NOT-FOR-US: versalsoft http_file_upload_activex_control CVE-2008-6639 (Cross-site request forgery (CSRF) vulnerability in admin.php in ...) NOT-FOR-US: ajaxplorer CVE-2008-6640 (Multiple SQL injection vulnerabilities in BatmanPorTaL allow remote ...) NOT-FOR-US: batmanportal CVE-2008-6641 (Multiple SQL injection vulnerabilities in Shader TV (Beta) allow ...) NOT-FOR-US: aspindir shader_tv CVE-2008-6642 (SQL injection vulnerability in view.php in DotContent FluentCMS 4.x ...) NOT-FOR-US: dotcontent fluentcms CVE-2008-6643 (LokiCMS 0.3.4 and possibly earlier versions does not properly restrict ...) NOT-FOR-US: lokicms CVE-2008-6644 (Cross-site scripting (XSS) vulnerability in Default.aspx in DotNetNuke ...) NOT-FOR-US: dotnetnuke CVE-2008-6645 (Cross-site scripting (XSS) vulnerability in Opencosmo VisualSentinel ...) NOT-FOR-US: opencosmo visualsentinel CVE-2008-6646 (Cross-site scripting (XSS) vulnerability in index.php in CoronaMatrix ...) NOT-FOR-US: coronamatrix phpaddressbook CVE-2008-6647 (SQL injection vulnerability in gallery.php in Ktools PhotoStore 3.4.3 ...) NOT-FOR-US: ktools photostore CVE-2008-6648 (SQL injection vulnerability in crumbs.php in Ktools PhotoStore 3.4.3 ...) NOT-FOR-US: ktools photostore CVE-2008-6649 (SQL injection vulnerability in manager/image_details_editor.php in ...) NOT-FOR-US: ktools photostore CVE-2008-6650 (del.php in miniBloggie 1.0 allows remote attackers to delete arbitrary ...) NOT-FOR-US: mywebland minibloggie CVE-2008-6651 (Static code injection vulnerability in edithistory.php in OxYProject ...) NOT-FOR-US: oxyproject CVE-2008-6652 (SQL injection vulnerability in asd.php in OneCMS 2.5 allows remote ...) NOT-FOR-US: insanevisions onecms CVE-2008-6653 (SQL injection vulnerability in webhosting.php in the Webhosting ...) NOT-FOR-US: wh com com_webhosting CVE-2008-6654 (Cross-site scripting (XSS) vulnerability in search_results.php in ...) NOT-FOR-US: structum infobiz_server CVE-2008-6655 (Multiple cross-site scripting (XSS) vulnerabilities in GEDCOM_TO_MYSQL ...) NOT-FOR-US: comscripts gedcom_to_mysl CVE-2008-6656 (Multiple SQL injection vulnerabilities in Open Auto Classifieds 1.4.3b ...) NOT-FOR-US: openautoclassifieds open_auto_classifieds CVE-2008-6657 (Cross-site request forgery (CSRF) vulnerability in index.php in Simple ...) NOT-FOR-US: simple_machines_forum CVE-2008-6658 (Directory traversal vulnerability in index.php in Simple Machines ...) NOT-FOR-US: simple_machines_forum CVE-2008-6659 (Directory traversal vulnerability in index.php in Simple Machines ...) NOT-FOR-US: simple_machines_forum CVE-2008-6660 (Unrestricted file upload vulnerability in bigdump.php in Alexey Ozerov ...) NOT-FOR-US: alexeyozerov bigdump CVE-2008-6661 (Multiple integer overflows in the scanning engine in Bitdefender for ...) BUG: 253822 CVE-2008-6662 (AVG Anti-Virus for Linux 7.5.51, and possibly earlier, allows remote ...) NOT-FOR-US: AVG CVE-2008-6663 (SQL injection vulnerability in profile.php in PHPAuctions.info ...) NOT-FOR-US: phpauctions phpauction CVE-2008-6664 (action.php in SH-News 3.0 allows remote attackers to bypass ...) NOT-FOR-US: yarck sh news CVE-2008-6665 (change.php in Ananta CMS 1.0b5, with magic_quotes_gpc disabled, allows ...) NOT-FOR-US: anantasoft ananta_cms CVE-2008-6666 (Multiple cross-site scripting (XSS) vulnerabilities in Kronos webTA ...) NOT-FOR-US: kronos_webta CVE-2008-6667 (A+ PHP Scripts News Management System (NMS) allows remote attackers to ...) NOT-FOR-US: marc_melvin a_php_scripts_news_management_system CVE-2008-6668 (Multiple directory traversal vulnerabilities in nweb2fax 0.2.7 and ...) NOT-FOR-US: dirk_bartley nweb2fax CVE-2008-6669 (viewrq.php in nweb2fax 0.2.7 and earlier allows remote attackers to ...) NOT-FOR-US: dirk_bartley nweb2fax CVE-2008-6670 (Integer overflow in Vertex4 SunAge 1.08.1 and earlier allows remote ...) NOT-FOR-US: vertex4 sunage CVE-2008-6671 (Vertex4 SunAge 1.08.1 and earlier allows remote attackers to cause a ...) NOT-FOR-US: vertex4 sunage CVE-2008-6672 (Vertex4 SunAge 1.08.1 and earlier allows remote attackers to cause a ...) NOT-FOR-US: vertex4 sunage CVE-2008-6673 (asp/bs_login.asp in QuickerSite 1.8.5 does not properly restrict ...) NOT-FOR-US: quickersite CVE-2008-6674 (mailPage.asp in QuickerSite 1.8.5 allows remote attackers to flood ...) NOT-FOR-US: quickersite CVE-2008-6675 (Multiple cross-site scripting (XSS) vulnerabilities in QuickerSite ...) NOT-FOR-US: quickersite CVE-2008-6676 (QuickerSite 1.8.5 allows remote attackers to obtain sensitive ...) NOT-FOR-US: quickersite CVE-2008-6677 (Unrestricted file upload vulnerability in ...) NOT-FOR-US: quickersite CVE-2008-6678 (SQL injection vulnerability in asp/includes/contact.asp in QuickerSite ...) NOT-FOR-US: quickersite CVE-2008-6679 (Buffer overflow in the BaseFont writer module in Ghostscript 8.62, and ...) BUG: 264614 CVE-2008-6680 (libclamav/pe.c in ClamAV before 0.95 allows remote attackers to cause ...) BUG: 264834 CVE-2008-6681 (Cross-site scripting (XSS) vulnerability in dijit.Editor in Dojo ...) NOT-FOR-US: dojotoolkit dojo CVE-2008-6682 (Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts ...) NOT-FOR-US: apache struts CVE-2008-6683 (Cross-site scripting (XSS) vulnerability in listtest.php in Apartment ...) NOT-FOR-US: Apartment CVE-2008-6684 (Unrestricted file upload vulnerability in editimage.php in Apartment ...) NOT-FOR-US: Apartment CVE-2008-6685 (Unspecified vulnerability in Frontend Filemanager (air_filemanager) ...) NOT-FOR-US: Frontend Filemanager air_filemanager CVE-2008-6686 (SQL injection vulnerability in CoolURI (cooluri) 1.0.11 and earlier ...) NOT-FOR-US: CoolURI cooluri CVE-2008-6687 (Cross-site scripting (XSS) vulnerability in DCD GoogleMap ...) NOT-FOR-US: DCD GoogleMap dcdgooglemap CVE-2008-6688 (Cross-site scripting (XSS) vulnerability in JobControl (dmmjobcontrol) ...) NOT-FOR-US: JobControl dmmjobcontrol CVE-2008-6689 (SQL injection vulnerability in JobControl (dmmjobcontrol) 1.15.0 and ...) NOT-FOR-US: JobControl dmmjobcontrol CVE-2008-6690 (Unspecified vulnerability in nepa-design.de Spam Protection ...) NOT-FOR-US: nepa design de Spam Protection nd_antispam extension CVE-2008-6691 (SQL injection vulnerability in Diocese of Portsmouth Calendar Today ...) NOT-FOR-US: Diocese of Portsmouth Calendar Today pd_calendar_today extension CVE-2008-6692 (SQL injection vulnerability in Diocese of Portsmouth Training Courses ...) NOT-FOR-US: Diocese of Portsmouth Training Courses pd_trainingcourses extension CVE-2008-6693 (SQL injection vulnerability in Download system (sb_downloader) ...) NOT-FOR-US: Download system sb_downloader extension CVE-2008-6694 (SQL injection vulnerability in Random Prayer (ste_prayer) 0.0.1 for ...) NOT-FOR-US: Random Prayer ste_prayer CVE-2008-6695 (SQL injection vulnerability in TIMTAB social bookmark icons ...) NOT-FOR-US: TIMTAB social bookmark icons timtab_sociable CVE-2008-6696 (SQL injection vulnerability in Fussballtippspiel (toto) 0.1.1 and ...) NOT-FOR-US: Fussballtippspiel toto CVE-2008-6697 (SQL injection vulnerability in TARGET-E WorldCup Bets (worldcup) 2.0.0 ...) NOT-FOR-US: TARGET E WorldCup Bets worldcup CVE-2008-6698 (Cross-site scripting (XSS) vulnerability in TARGET-E WorldCup Bets ...) NOT-FOR-US: TARGET E WorldCup Bets worldcup CVE-2008-6699 (Cross-site scripting (XSS) vulnerability in Resource Library ...) NOT-FOR-US: Resource Library tjs_reslib CVE-2008-6700 (Multiple cross-site scripting (XSS) vulnerabilities in Butterfly ...) NOT-FOR-US: Butterfly Organizer CVE-2008-6701 (NetScout (formerly Network General) Visualizer V2100 and InfiniStream ...) NOT-FOR-US: NetScout CVE-2008-6702 (S.T.A.L.K.E.R.: Shadow of Chernobyl 1.0006 and earlier allows remote ...) NOT-FOR-US: S T A L K E R CVE-2008-6703 (Stack-based buffer overflow in the IPureServer::_Recieve function in ...) NOT-FOR-US: IPureServer _Recieve function in S T A L K E R Shadow of Chernobyl CVE-2008-6704 (Integer overflow in the NET_Compressor::Decompress function in ...) NOT-FOR-US: NET_Compressor Decompress function in S T A L K E R Shadow of Chernobyl CVE-2008-6705 (The MultipacketReciever::RecievePacket function in S.T.A.L.K.E.R.: ...) NOT-FOR-US: S T A L K E R Shadow of Chernobyl CVE-2008-6706 (Multiple unspecified vulnerabilities in the Web management interface ...) NOT-FOR-US: Web management interface in Avaya SIP Enablement Services SES CVE-2008-6707 (The Web management interface in Avaya SIP Enablement Services (SES) ...) NOT-FOR-US: Avaya SIP Enablement Services SES CVE-2008-6708 (Unspecified vulnerability in the Web management interface in Avaya SIP ...) NOT-FOR-US: Web management interface in Avaya SIP Enablement Services SES CVE-2008-6709 (Unspecified vulnerability in the Web management interface in Avaya SIP ...) NOT-FOR-US: Web management interface in Avaya SIP Enablement Services SES CVE-2008-6710 (Unspecified vulnerability in the Web administration interface in Avaya ...) NOT-FOR-US: Web administration interface in Avaya Communication Manager CVE-2008-6711 (Unspecified vulnerability in the Web administration interface in Avaya ...) NOT-FOR-US: Web administration interface in Avaya Communication Manager CVE-2008-6712 (The HTTP/XML-RPC service in Crysis 1.21 (game version 1.1.1.6156) and ...) NOT-FOR-US: Crysis CVE-2008-6713 (World in Conflict (WIC) 1.008 and earlier allows remote attackers to ...) NOT-FOR-US: Conflict WIC CVE-2008-6714 (admin.php in xeCMS 1.0.0 RC2 and earlier allows remote attackers to ...) NOT-FOR-US: xeCMS CVE-2008-6715 (Multiple cross-site scripting (XSS) vulnerabilities in Pre ADS Portal ...) NOT-FOR-US: preprojects pre_ads_portal CVE-2008-6716 (homeadmin/adminhome.php in Pre ADS Portal 2.0 and earlier does not ...) NOT-FOR-US: preprojects pre_ads_portal CVE-2008-6717 (U&M Software Signup 1.0 and 1.1 does not require administrative ...) NOT-FOR-US: admin CVE-2008-6718 (U&M Software JustBookIt 1.0 does not require administrative ...) NOT-FOR-US: admin CVE-2008-6719 (U&M Software Event Lister (aka JustListIt) 1.0 does not require ...) NOT-FOR-US: admin CVE-2008-6720 (SQL injection vulnerability in admin/adm_login.php in DeltaScripts PHP ...) NOT-FOR-US: deltascripts php_links CVE-2008-6721 (SQL injection vulnerability in index.php in AJ Square AJ Article ...) NOT-FOR-US: ajsquare aj_article CVE-2008-6722 (Novell Access Manager 3 SP4 does not properly expire X.509 certificate ...) NOT-FOR-US: novell access_manager CVE-2008-6723 (TurnkeyForms Entertainment Portal 2.0 allows remote attackers to ...) NOT-FOR-US: turnkeyforms entertainment_portal CVE-2008-6724 (Cross-site scripting (XSS) vulnerability in index.pl in Perl Nopaste ...) NOT-FOR-US: patrick_matthai pnopaste CVE-2008-6725 (Multiple SQL injection vulnerabilities in CMScout 2.06 allow remote ...) NOT-FOR-US: cmscout CVE-2008-6726 (Multiple directory traversal vulnerabilities in CMScout 2.06, when ...) NOT-FOR-US: cmscout CVE-2008-6727 (Cross-site scripting (XSS) vulnerability in Ultimate PHP Board (UPB) ...) NOT-FOR-US: myupb upb CVE-2008-6728 (SQL injection vulnerability in the Sections module in PHP-Nuke, ...) NOT-FOR-US: phpnuke php nuke CVE-2008-6729 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...) NOT-FOR-US: phpmotion CVE-2008-6730 (Multiple SQL injection vulnerabilities in admin/usercheck.php in ...) NOT-FOR-US: china on site flexphplink CVE-2008-6731 (Unrestricted file upload vulnerability in submitlink.php in ...) NOT-FOR-US: china on site flexphplink CVE-2008-6732 (Cross-site scripting (XSS) vulnerability in the Language skin object ...) NOT-FOR-US: DotNetNuke CVE-2008-6733 (Cross-site scripting (XSS) vulnerability in the error handling page in ...) NOT-FOR-US: DotNetNuke CVE-2008-6734 (Directory traversal vulnerability in Public/index.php in Keller Web ...) NOT-FOR-US: n CVE-2008-6735 (Directory traversal vulnerability in qc/index.php in ThaiQuickCart 3 ...) NOT-FOR-US: ThaiQuickCart CVE-2008-6736 (Flat Calendar 1.1 does not properly restrict access to administrative ...) NOT-FOR-US: Flat Calendar CVE-2008-6737 (Crysis 1.21 and earlier allows remote attackers to obtain sensitive ...) NOT-FOR-US: Crysis CVE-2008-6738 (MyShoutPro 1.2 allows remote attackers to bypass authentication and ...) NOT-FOR-US: MyShoutPro CVE-2008-6739 (Todd Woolums ASP Download management script 1.03 does not require ...) NOT-FOR-US: Todd CVE-2008-6740 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: HoMaP CMS CVE-2008-6741 (SQL injection vulnerability in Load.php in Simple Machines Forum (SMF) ...) NOT-FOR-US: Simple Machines Forum SMF CVE-2008-6742 (Foxy P2P software allows remote attackers to cause a denial of service ...) NOT-FOR-US: Foxy P2P CVE-2008-6743 (RSMScript 1.21 allows remote attackers to bypass authentication and ...) NOT-FOR-US: shock therapy rsmscript CVE-2008-6744 (Cross-site request forgery (CSRF) vulnerability in Cybozu Office 6, ...) NOT-FOR-US: cybozu_office CVE-2008-6745 (index.php in BlogPHP 2.0 allows remote attackers to gain administrator ...) NOT-FOR-US: blogphp CVE-2008-6746 (Cross-site scripting (XSS) vulnerability in the contact display view ...) BUG: 228505 CVE-2008-6747 (dotProject before 2.1.2 does not properly restrict access to ...) NOT-FOR-US: obsolete CVE-2008-6748 (Eval injection vulnerability in Megacubo 5.0.7 allows remote attackers ...) NOT-FOR-US: megacubo CVE-2008-6749 (Multiple SQL injection vulnerabilities in admin/usercheck.php in ...) NOT-FOR-US: china on site flexphpdirectory CVE-2008-6750 (Unrestricted file upload vulnerability in add.php in FlexPHPDirectory ...) NOT-FOR-US: china on site flexphpdirectory CVE-2008-6751 (Unrestricted file upload vulnerability in index.php in the Twitter ...) NOT-FOR-US: revou CVE-2008-6752 (adminlogin/password.php in the Twitter Clone (TClone) plugin for ReVou ...) NOT-FOR-US: revou CVE-2008-6753 (SQL injection vulnerability in SilverStripe before 2.2.2 allows remote ...) NOT-FOR-US: silverstripe CVE-2008-6754 (The Personal Sticky Threads addon 1.0.3c for vBulletin allows remote ...) NOT-FOR-US: mephisteus the_personal_sticky_threads CVE-2008-6755 (ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to ...) NOT-FOR-US: zoneminder CVE-2008-6756 (ZoneMinder 1.23.3 on Gentoo Linux uses 0644 permissions for ...) BUG: 250715 CVE-2008-6757 (Cross-site scripting (XSS) vulnerability in manuals_search.php in ...) NOT-FOR-US: viart_shop CVE-2008-6758 (Cross-site request forgery (CSRF) vulnerability in cart_save.php in ...) NOT-FOR-US: viart_shop CVE-2008-6759 (ViArt Shop (aka Shopping Cart) 3.5 allows remote attackers to obtain ...) NOT-FOR-US: viart_shop CVE-2008-6760 (ViArt Shop (aka Shopping Cart) 3.5 allows remote attackers to obtain ...) NOT-FOR-US: viart_shop CVE-2008-6761 (Static code injection vulnerability in admin/install.php in ...) NOT-FOR-US: china on site flexcustomer0 0 6 CVE-2008-6762 (Open redirect vulnerability in wp-admin/upgrade.php in WordPress, ...) BUG: 268145 CVE-2008-6763 (login2.php in Silentum LoginSys 1.0.0 allows remote attackers to ...) NOT-FOR-US: hypersilence silentum_loginsys CVE-2008-6764 (Cross-site scripting (XSS) vulnerability in login.php in Silentum ...) NOT-FOR-US: hypersilence silentum_loginsys CVE-2008-6765 (ViArt Shop (aka Shopping Cart) 3.5 allows remote attackers to access ...) NOT-FOR-US: viart_shop CVE-2008-6766 (cart_save.php in ViArt Shop (aka Shopping Cart) 3.5 allows remote ...) NOT-FOR-US: viart_shop CVE-2008-6767 (wp-admin/upgrade.php in WordPress, probably 2.6.x, allows remote ...) BUG: 268145 CVE-2008-6768 (Unrestricted file upload vulnerability in admin/editor/images.php in ...) NOT-FOR-US: shopsystem forum k s_shopsoftware CVE-2008-6769 (Unrestricted file upload vulnerability in upload.php in YourPlace ...) NOT-FOR-US: peterselie yourplace CVE-2008-6770 (YourPlace 1.0.2 and earlier stores sensitive information under the web ...) NOT-FOR-US: peterselie yourplace CVE-2008-6771 (YourPlace 1.0.2 and earlier allows remote attackers to obtain ...) NOT-FOR-US: peterselie yourplace CVE-2008-6772 (login/register_form.php in YourPlace 1.0.2 and earlier does not check ...) NOT-FOR-US: peterselie yourplace CVE-2008-6773 (Static code injection vulnerability in user/internettoolbar/edit.php ...) NOT-FOR-US: peterselie yourplace CVE-2008-6774 (internettoolbar/edit.php in YourPlace 1.0.2 and earlier does not end ...) NOT-FOR-US: peterselie yourplace CVE-2008-6775 (HTC Touch Pro and HTC Touch Cruise vCard allows remote attackers to ...) NOT-FOR-US: HTC CVE-2008-6776 (SQL injection vulnerability in viewcomments.php in Scripts For Sites ...) NOT-FOR-US: Scripts CVE-2008-6777 (Multiple SQL injection vulnerabilities in MyPHP Forum 3.0 and earlier ...) NOT-FOR-US: MyPHP Forum CVE-2008-6778 (SQL injection vulnerability in viewfaqs.php in Scripts for Sites (SFS) ...) NOT-FOR-US: Scripts CVE-2008-6779 (SQL injection vulnerability in the Sarkilar module for PHP-Nuke allows ...) NOT-FOR-US: Sarkilar CVE-2008-6780 (SQL injection vulnerability in directory.php in Scripts for Sites ...) NOT-FOR-US: Scripts CVE-2008-6781 (SQL injection vulnerability in directory.php in Sites for Scripts ...) NOT-FOR-US: Sites CVE-2008-6782 (SQL injection vulnerability in directory.php in Sites for Scripts ...) NOT-FOR-US: Sites CVE-2008-6783 (SQL injection vulnerability in directory.php in Sites for Scripts ...) NOT-FOR-US: Sites CVE-2008-6784 (SQL injection vulnerability in directory.php in Scripts For Sites ...) NOT-FOR-US: Scripts CVE-2008-6785 (Unrestricted file upload vulnerability in Mini File Host 1.5 allows ...) NOT-FOR-US: Mini File Host CVE-2008-6786 (Multiple directory traversal vulnerabilities in geekigeeki.py in ...) NOT-FOR-US: GeekiGeeki CVE-2008-6787 (SQL injection vulnerability in administrator/index.php in Lizardware ...) NOT-FOR-US: Lizardware CMS CVE-2008-6788 (SQL injection vulnerability in MindDezign Photo Gallery 2.2, when ...) NOT-FOR-US: minddezign photo_gallery CVE-2008-6789 (SQL injection vulnerability in MindDezign Photo Gallery 2.2 allows ...) NOT-FOR-US: minddezign photo_gallery CVE-2008-6790 (The admin module in MindDezign Photo Gallery 2.2 allows remote ...) NOT-FOR-US: minddezign photo_gallery CVE-2008-6791 (PumpKIN TFTP Server 2.7.2.0 allows remote attackers to cause a denial ...) NOT-FOR-US: klever pumpkin CVE-2008-6792 (system-tools-backends before 2.6.0-1ubuntu1.1 in Ubuntu 8.10, as used ...) BUG: 270326 CVE-2008-6793 (The get_file_type function in lib/file_content.php in DFLabs PTK 0.1, ...) NOT-FOR-US: dflabs ptk CVE-2008-6794 (SQL injection vulnerability in directory.php in Scripts For Sites ...) NOT-FOR-US: sfs_ez_pub fsf_ex_pub CVE-2008-6795 (SQL injection vulnerability in view_news.php in nicLOR ...) NOT-FOR-US: niclor vibro school cms CVE-2008-6796 (SQL injection vulnerability in manager/login.php in Pre Projects Pre ...) NOT-FOR-US: preprojects pre_real_estate_listings CVE-2008-6797 (The server in Mitel NuPoint Messenger R11 and R3 sends usernames and ...) NOT-FOR-US: mitel_nupoint_messenger CVE-2008-6798 (Multiple SQL injection vulnerabilities in login.php in Pre Projects ...) NOT-FOR-US: preprojects pre_real_estate_listings CVE-2008-6799 (connection.php in FlashChat 5.0.8 allows remote attackers to bypass ...) NOT-FOR-US: tufat flashchat CVE-2008-6800 REJECTED NOTE: has been rejected CVE-2008-6801 (Cross-site request forgery (CSRF) vulnerability in Vivvo CMS before ...) NOT-FOR-US: vivvo CVE-2008-6802 (Multiple SQL injection vulnerabilities in index.php in phPhotoGallery ...) NOT-FOR-US: phpexplorer phphotogallery CVE-2008-6803 (SQL injection vulnerability in diziler.asp in Yigit Aybuga Dizi ...) NOT-FOR-US: yigit_aybuga dizi_portali CVE-2008-6804 (** DISPUTED ** Tribiq CMS 5.0.9a beta allows remote attackers to ...) NOT-FOR-US: tribiq_cms CVE-2008-6805 (Multiple SQL injection vulnerabilities in Mic_Blog 0.0.3, when ...) NOT-FOR-US: micgr mic_blog CVE-2008-6806 (Unrestricted file upload vulnerability in includes/imageupload.php in ...) NOT-FOR-US: 7 shop 7shop CVE-2008-6807 (PHP remote file inclusion vulnerability in ListRecords.php in osprey ...) NOT-FOR-US: ibiblio osprey CVE-2008-6808 (SQL injection vulnerability in links.php in Scripts for Sites (SFS) EZ ...) NOT-FOR-US: scripts for sites ez_link_directory CVE-2008-6809 (SQL injection vulnerability in hotel_habitaciones.php in Venalsur ...) NOT-FOR-US: Venalsur Booking Centre Booking System for Hotels Group CVE-2008-6810 (Multiple SQL injection vulnerabilities in admin/checklogin.php in ...) NOT-FOR-US: Venalsur Booking Centre Booking System for Hotels Group CVE-2008-6811 (Unrestricted file upload vulnerability in image_processing.php in the ...) NOT-FOR-US: e Commerce Plugin CVE-2008-6812 (SQL injection vulnerability in bukutamu.php in phpWebNews 0.2 MySQL ...) NOT-FOR-US: surat_kabar phpwebnews CVE-2008-6813 (SQL injection vulnerability in index.php in phpWebNews 0.2 MySQL ...) NOT-FOR-US: surat_kabar phpwebnews CVE-2008-6814 (Unrestricted file upload vulnerability in image_upload.php in the ...) NOT-FOR-US: jan_de_graaff com_simpleboard CVE-2008-6815 (mykdownload.php in MyKtools 2.4 does not require administrative ...) NOT-FOR-US: mykto CVE-2008-6816 (Eaton MGEOPS Network Shutdown Module before 3.10 Build 13 allows ...) NOT-FOR-US: eaton network_shutdown_module CVE-2008-6817 (Mole Group Lastminute Script 4.0 and earlier stores passwords in ...) NOT-FOR-US: mole group lastminute_script CVE-2008-6818 (Mole Group Real Estate Script 1.1 and earlier stores passwords in ...) NOT-FOR-US: mole group real_estate_script CVE-2008-6819 (win32k.sys in Microsoft Windows Server 2003 and Vista allows local ...) NOT-FOR-US: Microsoft Windows Server CVE-2008-6820 (The db2fmp process in IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 ...) NOT-FOR-US: IBM CVE-2008-6821 (Buffer overflow in the DAS server in IBM DB2 8 before FP17, 9.1 before ...) NOT-FOR-US: DAS CVE-2008-6822 (Unrestricted file upload vulnerability in uploadp.php in New Earth ...) NOT-FOR-US: newearthpt imguoload CVE-2008-6823 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...) NOT-FOR-US: a link wl54ap3 CVE-2008-6824 (The management interface on the A-LINK WL54AP3 and WL54AP2 access ...) NOT-FOR-US: a link wl54ap3 CVE-2008-6825 (Directory traversal vulnerability in user/index.php in Fonality ...) NOT-FOR-US: trixbox CVE-2008-6826 (dhtml.pl in MHF Media Pro allows remote attackers to execute arbitrary ...) NOT-FOR-US: mhfmedia ads_pro CVE-2008-6827 (The ListView control in the Client GUI (AClient.exe) in Symantec ...) NOT-FOR-US: symantec altiris_notification_server CVE-2008-6828 (Symantec Altiris Deployment Solution 6.x before 6.9.355 SP1 stores the ...) NOT-FOR-US: symantec altiris_deployment_solution CVE-2008-6829 (VicFTPS 5.0 allows remote attackers to cause a denial of service ...) NOT-FOR-US: vicftps CVE-2008-6830 (The disconnection feature in Citrix Web Interface 5.0 and 5.0.1 for ...) NOT-FOR-US: citrix web_interface CVE-2008-6831 (Multiple cross-site scripting (XSS) vulnerabilities in Atlassian JIRA ...) NOT-FOR-US: atlassian jira CVE-2008-6832 (Cross-site request forgery (CSRF) vulnerability in Atlassian JIRA ...) NOT-FOR-US: atlassian jira CVE-2008-6833 (Directory traversal vulnerability in commsrss.php in fuzzylime (cms) ...) NOT-FOR-US: fuzzylime_cms CVE-2008-6834 (Multiple directory traversal vulnerabilities in fuzzylime (cms) 3.01 ...) NOT-FOR-US: fuzzylime_cms CVE-2008-6835 (Cross-site scripting (XSS) vulnerability in OpenID 5.x before 5.x-1.2, ...) NOT-FOR-US: OpenID CVE-2008-6836 (Cross-site request forgery (CSRF) vulnerability in OpenID 5.x before ...) NOT-FOR-US: OpenID CVE-2008-6837 (SQL injection vulnerability in Zoph 0.7.2.1 allows remote attackers to ...) NOT-FOR-US: Zoph CVE-2008-6838 (Cross-site scripting (XSS) vulnerability in search.php in Zoph 0.7.2.1 ...) NOT-FOR-US: Zoph CVE-2008-6839 (Multiple cross-site scripting (XSS) vulnerabilities in TGS Content ...) NOT-FOR-US: TGS Content Management CVE-2008-6840 (Multiple PHP remote file inclusion vulnerabilities in V-webmail 1.6.4 ...) NOT-FOR-US: christof_bruyland v webmail CVE-2008-6841 (PHP remote file inclusion vulnerability in the Green Mountain ...) NOT-FOR-US: gmitc com_dbquery CVE-2008-6842 (Directory traversal vulnerability in ...) NOT-FOR-US: pluck cms pluck CVE-2008-6843 (Directory traversal vulnerability in index.php in Fantastico, as used ...) NOT-FOR-US: Fantastico as used with cPanel CVE-2008-6844 (The registration view (/user/register) in eZ Publish 3.5.6 and ...) NOT-FOR-US: eZ Publish CVE-2008-6845 (The unpack feature in ClamAV 0.93.3 and earlier allows remote ...) NOT-FOR-US: obsolete CVE-2008-6846 (Multiple stack-based buffer overflows in avast! Linux Home Edition ...) NOT-FOR-US: avast Linux Home Edition CVE-2008-6847 (Cross-site scripting (XSS) vulnerability in Employee/emp_login.asp in ...) NOT-FOR-US: Pre CVE-2008-6848 (Cross-site scripting (XSS) vulnerability in index.php in phpGreetCards ...) NOT-FOR-US: w2b phpgreetcards CVE-2008-6849 (Unrestricted file upload vulnerability in index.php in phpGreetCards ...) NOT-FOR-US: w2b phpgreetcards CVE-2008-6850 (Cross-site scripting (XSS) vulnerability in messages.php in PHP-Fusion ...) NOT-FOR-US: php fusion CVE-2008-6851 (SQL injection vulnerability in page.php in PHP Link Directory (phpLD) ...) NOT-FOR-US: php_link_directory CVE-2008-6852 (SQL injection vulnerability in the Ice Gallery (com_ice) component 0.5 ...) NOT-FOR-US: markus_donhauser ice_gallery_component_for_joomla CVE-2008-6853 (SQL injection vulnerability in modules/poll/index.php in AIST NetCat ...) NOT-FOR-US: netcat CVE-2008-6854 (Xigla Software Absolute FAQ Manager.NET 6.0 allows remote attackers to ...) NOT-FOR-US: xigla absolute_faq_manager_ net CVE-2008-6855 (Xigla Software Absolute News Feed 1.0 and possibly 1.5 allows remote ...) NOT-FOR-US: xigla absolute_news_feed CVE-2008-6856 (Xigla Software Absolute News Manager.NET 5.1 allows remote attackers ...) NOT-FOR-US: xigla absolute_news_manager net CVE-2008-6857 (Absolute Podcast .NET 1.0 allows remote attackers to bypass ...) NOT-FOR-US: xigla absolute_podcast net CVE-2008-6858 (Absolute Banner Manager .NET 4.0 allows remote attackers to bypass ...) NOT-FOR-US: xigla absolute_banner_manager net CVE-2008-6859 (Xigla Software Absolute Control Panel XE 1.5 allows remote attackers ...) NOT-FOR-US: xigla absolute_control_panel_xe CVE-2008-6860 (Xigla Software Absolute Poll Manager XE 4.1 allows remote attackers to ...) NOT-FOR-US: xigla absolute_poll_manager_xe CVE-2008-6861 (Xigla Software Absolute Newsletter 6.0 and 6.1 allows remote attackers ...) NOT-FOR-US: xigla absolute_newsletter CVE-2008-6862 (Absolute Content Rotator 6.0 allows remote attackers to bypass ...) NOT-FOR-US: xigla absolute_content_rotator CVE-2008-6863 (Xigla Software Absolute Form Processor .NET 4.0 allows remote ...) NOT-FOR-US: xigla absolute_form_processor net CVE-2008-6864 (Xigla Software Absolute Live Support .NET 5.1 allows remote attackers ...) NOT-FOR-US: xigla absolute_live_support_ net CVE-2008-6865 (SQL injection vulnerability in modules.php in the Sectionsnew module ...) NOT-FOR-US: php nuke CVE-2008-6866 (SQL injection vulnerability in modules.php in the Current_Issue module ...) NOT-FOR-US: php nuke current_issue_module CVE-2008-6867 (SQL injection vulnerability in content.php in Scripts For Sites (SFS) ...) NOT-FOR-US: scripts_for_sites ez_career CVE-2008-6868 (Cross-site scripting (XSS) vulnerability in default/login.php in ...) NOT-FOR-US: editeurscripts esbaseadmin CVE-2008-6869 (Oramon Oracle Database Monitoring Tool 2.0.1 stores sensitive ...) NOT-FOR-US: oramon CVE-2008-6870 (Merlix Educate Server allows remote attackers to bypass intended ...) NOT-FOR-US: merlix educate_server CVE-2008-6871 (Merlix Educate Server stores db.mdb under the web root with ...) NOT-FOR-US: merlix educate_server CVE-2008-6872 (ASPThai.NET ASPThai Forums 8.5 stores sensitive information under the ...) NOT-FOR-US: aspthai net aspthai_forums CVE-2008-6873 (SQL injection vulnerability in Active Web Mail 4.0 allows remote ...) NOT-FOR-US: activewebsoftwares active_web_mail CVE-2008-6874 (Multiple SQL injection vulnerabilities in ASP SiteWare autoDealer 1 ...) NOT-FOR-US: aspsiteware autodealer CVE-2008-6875 (SQL injection vulnerability in default.asp in ASP Product Catalog ...) NOT-FOR-US: humayun_shabbir_bhutta asp_product_catalog CVE-2008-6876 (Cross-site scripting (XSS) vulnerability in login.php in EsPartenaires ...) NOT-FOR-US: editeurscripts espartenaires CVE-2008-6877 (** DISPUTED ** ...) NOT-FOR-US: zen_cart CVE-2008-6878 (** DISPUTED ** Directory traversal vulnerability in ...) NOT-FOR-US: zen_cart CVE-2008-6879 (Cross-site scripting (XSS) vulnerability in Apache Roller 2.3, 3.0, ...) NOT-FOR-US: apache roller CVE-2008-6880 (SQL injection vulnerability in joke.php in EasySiteNetwork Free Jokes ...) NOT-FOR-US: easysitenetwork jokes_complete_website CVE-2008-6881 (Multiple SQL injection vulnerabilities in the Live Chat (com_livechat) ...) NOT-FOR-US: joompolitan com_livechat CVE-2008-6882 (Live Chat (com_livechat) component 1.0 for Joomla! allows remote ...) NOT-FOR-US: joompolitan com_livechat CVE-2008-6883 (SQL injection vulnerability in the Live Chat (com_livechat) component ...) NOT-FOR-US: joompolitan com_livechat CVE-2008-6884 (Multiple directory traversal vulnerabilities in XOOPS 2.3.1, when ...) BUG: 280016 CVE-2008-6885 (Cross-site scripting (XSS) vulnerability in pmlite.php in XOOPS 2.3.1 ...) BUG: 280016 CVE-2008-6886 (RSA EnVision 3.5.0, 3.5.1, 3.5.2, and 3.7.0 does not properly restrict ...) NOT-FOR-US: rsa envision CVE-2008-6887 (SQL injection vulnerability in detailad.asp in Pre Classified Listings ...) NOT-FOR-US: preprojects pre_classified_listings CVE-2008-6888 (Cross-site scripting (XSS) vulnerability in signup.asp in Pre ...) NOT-FOR-US: preprojects pre_classified_listings CVE-2008-6889 (SQL injection vulnerability in Merchantsadd.asp in ASPReferral 5.3 ...) NOT-FOR-US: activewebsoftwares aspreferral CVE-2008-6890 (SQL injection vulnerability in messages.asp in ASP Forum Script allows ...) NOT-FOR-US: codetoad asp_forum_script CVE-2008-6891 (Multiple cross-site scripting (XSS) vulnerabilities in ASP Forum ...) NOT-FOR-US: codetoad asp_forum_script CVE-2008-6892 (SQL injection vulnerability in lire/index.php in Peel 3.1 allows ...) NOT-FOR-US: Peel CVE-2008-6893 (Cross-site scripting (XSS) vulnerability in Alt-N MDaemon WorldClient ...) NOT-FOR-US: Alt N MDaemon WorldClient CVE-2008-6894 (Multiple cross-site scripting (XSS) vulnerabilities in login.php in ...) NOT-FOR-US: login php in CVE-2008-6895 (3CX Phone System 6.0.806.0 allows remote attackers to cause a denial ...) NOT-FOR-US: 3CX CVE-2008-6896 (login.php in 3CX Phone System 6.0.806.0, when 100% disk capacity is ...) NOT-FOR-US: 3CX CVE-2008-6897 (Multiple buffer overflows in Getleft.exe in Andres Garcia Getleft 1.2 ...) NOT-FOR-US: andres_garcia getleft CVE-2008-6898 (Buffer overflow in the XHTTP Module 4.1.0.0 in the ActiveX control for ...) NOT-FOR-US: saschart sascam_webcam_server CVE-2008-6899 (Multiple buffer overflows in freeSSHd 1.2.1 allow remote authenticated ...) NOT-FOR-US: freesshd CVE-2008-6900 (Unrestricted file upload vulnerability in "Add Pen/Author Name" ...) NOT-FOR-US: availscript com availscript_article_script CVE-2008-6901 (Multiple directory traversal vulnerabilities in 2532designs 2532|Gigs ...) NOT-FOR-US: 2532gigs CVE-2008-6902 (Unrestricted file upload vulnerability in upload_flyer.php in ...) NOT-FOR-US: 2532gigs CVE-2008-6903 (Sophos Anti-Virus for Windows before 7.6.3, Anti-Virus for Windows ...) NOT-FOR-US: sophos anti virus7 6 3 CVE-2008-6904 (Multiple unspecified vulnerabilities in Sophos SAVScan 4.33.0 for ...) NOT-FOR-US: sophos anti virus CVE-2008-6905 (Cross-site request forgery (CSRF) vulnerability in index.php in ...) NOT-FOR-US: babbleboard CVE-2008-6906 (Cross-site scripting (XSS) vulnerability in index.php in BabbleBoard ...) NOT-FOR-US: babbleboard CVE-2008-6907 (Multiple SQL injection vulnerabilities in checkuser.php in 2532designs ...) NOT-FOR-US: 2532gigs CVE-2008-6908 (Services 5.x before 5.x-0.92 and 6.x before 6.x-0.13, a module for ...) NOT-FOR-US: marc_ingram services CVE-2008-6909 (Services 5.x before 5.x-0.92 and 6.x before 6.x-0.13, a module for ...) NOT-FOR-US: services_module_for_drupal CVE-2008-6910 (Services 5.x before 5.x-0.92 and 6.x before 6.x-0.13, a module for ...) NOT-FOR-US: marc_ingram services CVE-2008-6911 (SQL injection vulnerability in the authenticateUser function in ...) NOT-FOR-US: brewblogger CVE-2008-6912 (Zeeways SHAADICLONE 2.0 allows remote attackers to bypass ...) NOT-FOR-US: zeew CVE-2008-6913 (Unrestricted file upload vulnerability in editresume_next.php in ...) NOT-FOR-US: Zeeways ZEEJOBSITE CVE-2008-6914 (Unrestricted file upload vulnerability in viewprofile.php in Zeeways ...) NOT-FOR-US: Zeeways ZEEPROPERTY CVE-2008-6915 (Cross-site scripting (XSS) vulnerability in view_prop_details.php in ...) NOT-FOR-US: Zeeways ZEEPROPERTY CVE-2008-6916 (Siemens SpeedStream 5200 with NetPort Software 1.1 allows remote ...) NOT-FOR-US: the CVE-2008-6917 (SQL injection vulnerability in admin.php in Exocrew ExoPHPDesk 1.2 ...) NOT-FOR-US: Exocrew ExoPHPDesk CVE-2008-6918 (Unrestricted file upload vulnerability in admin/galeria.php in ...) NOT-FOR-US: theportal2 pl theportal2 CVE-2008-6919 (profileedit.php TaskDriver 1.3 and earlier allows remote attackers to ...) NOT-FOR-US: taskdriver CVE-2008-6920 (Unrestricted file upload vulnerability in auth.php in phpEmployment ...) NOT-FOR-US: w2b phpemployment CVE-2008-6921 (Unrestricted file upload vulnerability in index.php in phpAdBoard 1.8 ...) NOT-FOR-US: w2b phpadboard CVE-2008-6922 (Multiple stack-based buffer overflows in CMailCOM.dll in CMailServer ...) NOT-FOR-US: youngzsoft cmailserver CVE-2008-6923 (SQL injection vulnerability in the content component (com_content) ...) BUG: 281516 CVE-2008-6924 (Multiple cross-site scripting (XSS) vulnerabilities in register.php in ...) NOT-FOR-US: intelliants esyndicat CVE-2008-6925 (Cross-site scripting (XSS) vulnerability in function.php in Zenphoto ...) NOT-FOR-US: zenphoto CVE-2008-6926 (Directory traversal vulnerability in ...) NOT-FOR-US: cpanel CVE-2008-6927 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: cpanel CVE-2008-6928 (Unrestricted file upload vulnerability in PHPStore Complete ...) NOT-FOR-US: phpstore complete_classifieds CVE-2008-6929 (Unrestricted file upload vulnerability in PHPStore Auto Classifieds ...) NOT-FOR-US: phpstore auto_classifieds CVE-2008-6930 (Unrestricted file upload vulnerability in PHPStore Real Estate allows ...) NOT-FOR-US: phpstore real_estate CVE-2008-6931 (Unrestricted file upload vulnerability in PHPStore Job Search (aka ...) NOT-FOR-US: phpstore phpcareers CVE-2008-6932 (Unrestricted file upload vulnerability in submit_file.php in ...) NOT-FOR-US: alstrasoft sendit CVE-2008-6933 (Directory traversal vulnerability in index.php in MiniGal b13 (aka ...) NOT-FOR-US: minigal CVE-2008-6934 (Static code injection vulnerability in Sanus|artificium (aka Sanusart) ...) NOT-FOR-US: sansuart free_simple_guestbook_php_script CVE-2008-6935 (Argument injection vulnerability in Exodus 0.10 allows remote ...) NOT-FOR-US: joe_fuhrman exodus CVE-2008-6936 (Argument injection vulnerability in Exodus 0.10 allows remote ...) NOT-FOR-US: jabber exodus CVE-2008-6937 (Argument injection vulnerability in Exodus 0.10 allows remote ...) NOT-FOR-US: jabber exodus CVE-2008-6938 (Pi3Web 2.0.3 before PL2, when installed on Windows as a desktop ...) NOT-FOR-US: pi3web CVE-2008-6939 (TurnkeyForms Web Hosting Directory allows remote attackers to bypass ...) NOT-FOR-US: turnkeyforms web_hosting_directory CVE-2008-6940 (TurnkeyForms Web Hosting Directory stores sensitive information under ...) NOT-FOR-US: turnkeyforms web_hosting_directory CVE-2008-6941 (SQL injection vulnerability in the login functionality in TurnkeyForms ...) NOT-FOR-US: turnkeyforms web_hosting_directory CVE-2008-6942 (Unrestricted file upload vulnerability in ScriptsFeed Realtor ...) NOT-FOR-US: scriptsfeed realtor_classifieds_system CVE-2008-6943 (Unrestricted file upload vulnerability in ScriptsFeed Recipes Listing ...) NOT-FOR-US: scriptsfeed recipes_listing_portal CVE-2008-6944 (Unrestricted file upload vulnerability in ScriptsFeed Auto Classifieds ...) NOT-FOR-US: scriptsfeed auto_classifieds CVE-2008-6945 (Multiple cross-site scripting (XSS) vulnerabilities in Interchange 5.7 ...) NOT-FOR-US: icdevgroup interchange CVE-2008-6946 (Cross-site scripting (XSS) vulnerability in manageproject.php in ...) NOT-FOR-US: collabtive CVE-2008-6947 (Collabtive 0.4.8 allows remote attackers to bypass authentication and ...) NOT-FOR-US: collabtive CVE-2008-6948 (Unrestricted file upload vulnerability in Collabtive 0.4.8 allows ...) NOT-FOR-US: collabtive CVE-2008-6949 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...) NOT-FOR-US: collabtive CVE-2008-6950 (Multiple SQL injection vulnerabilities in login.asp in Bankoi ...) NOT-FOR-US: webhost panel bankoi_webhosting_control_panel CVE-2008-6951 (MauryCMS 0.53.2 and earlier does not require administrative ...) NOT-FOR-US: cms maury91 maurycms CVE-2008-6952 (SQL injection vulnerability in Rss.php in MauryCMS 0.53.2 and earlier ...) NOT-FOR-US: cms maury91 maurycms CVE-2008-6953 (Buffer overflow in oovoo.exe in ooVoo 1.7.1.35, and possibly other ...) NOT-FOR-US: ooVoo CVE-2008-6954 (The web interface (CobblerWeb) in Cobbler before 1.2.9 allows remote ...) NOT-FOR-US: Cobbler CVE-2008-6955 (mxCamArchive 2.2 stores sensitive information under the web root with ...) NOT-FOR-US: mxCamArchive CVE-2008-6956 (Static code injection vulnerability in admin/admin.php in mxCamArchive ...) NOT-FOR-US: mxCamArchive CVE-2008-6957 (member.php in Crossday Discuz! Board allows remote attackers to reset ...) NOT-FOR-US: Crossday CVE-2008-6958 (wap/index.php in Crossday Discuz! Board 6.x and 7.x allows remote ...) NOT-FOR-US: Crossday Discuz Board CVE-2008-6959 (Insecure method vulnerability in the Chilkat Socket ActiveX control ...) NOT-FOR-US: ChilkatSocket dll CVE-2008-6960 (download.php in X10media x10 Automatic Mp3 Search Engine Script 1.5.5 ...) NOT-FOR-US: X10media CVE-2008-6961 (mailnews in Mozilla Thunderbird before 2.0.0.18 and SeaMonkey before ...) BUG: 246602 CVE-2008-6962 (Avira AntiVir Premium, Premium Security Suite, AntiVir Professional, ...) NOT-FOR-US: avira antivir_security_suite CVE-2008-6963 (admin.php in TurnkeyForms Text Link Sales allows remote attackers to ...) NOT-FOR-US: turnkeyforms text_link_sales CVE-2008-6964 (SQL injection vulnerability in the login page in X7 Chat 2.0.5 allows ...) NOT-FOR-US: x7_group x7_chat CVE-2008-6965 (AJ Square AJ Auction OOPD, Pro Platinum Skin #1, Pro Platinum Skin #2, ...) NOT-FOR-US: aj_square aj_auction CVE-2008-6966 (AJ Square AJ Auction Pro Platinum Skin #1 sends a redirect but does ...) NOT-FOR-US: aj_square aj_auction CVE-2008-6967 (Multiple unspecified vulnerabilities in WorldClient in Alt-N MDaemon ...) NOT-FOR-US: alt n worldclient CVE-2008-6968 (Multiple SQL injection vulnerabilities in submit.php in Pligg CMS ...) NOT-FOR-US: pligg_cms CVE-2008-6969 (Multiple cross-site scripting (XSS) vulnerabilities in checkout.php in ...) NOT-FOR-US: pentasoft_corp avactis_shopping_cart CVE-2008-6970 (SQL injection vulnerability in dosearch.inc.php in UBB.threads 7.3.1 ...) NOT-FOR-US: ubbcentral ubb threads CVE-2008-6971 (The password reset functionality in Simple Machines Forum (SMF) 1.0.x ...) NOT-FOR-US: simplemachines smf CVE-2008-6972 (Multiple cross-site scripting (XSS) vulnerabilities in Drupal Content ...) NOT-FOR-US: yves_chedemois cck CVE-2008-6973 (Multiple unspecified vulnerabilities in IBM WebSphere Commerce 6.0 ...) NOT-FOR-US: ibm websphere_commerce CVE-2008-6974 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...) NOT-FOR-US: dd wrt CVE-2008-6975 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...) NOT-FOR-US: dd wrt CVE-2008-6976 (MicroTik RouterOS 3.x through 3.13 and 2.x through 2.9.51 allows ...) NOT-FOR-US: MicroTik CVE-2008-6977 (Cross-site scripting (XSS) vulnerability in album.asp in Full ...) NOT-FOR-US: Full Revolution aspWebAlbum CVE-2008-6978 (Unrestricted file upload vulnerability in Full Revolution aspWebAlbum ...) NOT-FOR-US: Full Revolution aspWebAlbum CVE-2008-6979 (Cross-site scripting (XSS) vulnerability in as_archives.php in ...) NOT-FOR-US: phpAdultSite CMS possibly CVE-2008-6980 (SQL injection vulnerability in as_archives.php in phpAdultSite CMS, ...) NOT-FOR-US: phpAdultSite CMS possibly CVE-2008-6981 (index.php in phpAdultSite CMS, possibly 2.3.2, allows remote attackers ...) NOT-FOR-US: phpAdultSite CMS possibly CVE-2008-6982 (Cross-site scripting (XSS) vulnerability in index.php in devalcms 1.4a ...) NOT-FOR-US: devalcms CVE-2008-6983 (modules/tool/hitcounter.php in devalcms 1.4a allows remote attackers ...) NOT-FOR-US: devalcms CVE-2008-6984 (Plesk 8.6.0, when short mail login names (SHORTNAMES) are enabled, ...) NOT-FOR-US: Plesk CVE-2008-6985 (Multiple SQL injection vulnerabilities in ...) NOT-FOR-US: Zen Cart CVE-2008-6986 (SQL injection vulnerability in the actionMultipleAddProduct function ...) NOT-FOR-US: Zen Cart CVE-2008-6987 (Unrestricted file upload vulnerability in eZoneScripts Dating Website ...) NOT-FOR-US: eZoneScripts CVE-2008-6988 (Multiple cross-site scripting (XSS) vulnerabilities in Easy Photo ...) NOT-FOR-US: Easy Photo Gallery aka Ezphotogallery CVE-2008-6989 (SQL injection vulnerability in gallery.php in Easy Photo Gallery (aka ...) NOT-FOR-US: Easy Photo Gallery aka Ezphotogallery CVE-2008-6990 (SQL injection vulnerability in gallery.php in Easy Photo Gallery (aka ...) NOT-FOR-US: Easy Photo Gallery aka Ezphotogallery CVE-2008-6991 (SQL injection vulnerability in public/page.php in Websens CMSbright ...) NOT-FOR-US: Websens CVE-2008-6992 (GreenSQL Firewall (greensql-fw), possibly before 0.9.2 or 0.9.4, ...) NOT-FOR-US: GreenSQL CVE-2008-6993 (Siemens Gigaset WLAN Camera 1.27 has an insecure default password, ...) NOT-FOR-US: Siemens CVE-2008-6994 (Stack-based buffer overflow in the SaveAs feature ...) BUG: 285006 CVE-2008-6995 (Integer underflow in net/base/escape.cc in chrome.dll in Google Chrome ...) BUG: 285006 CVE-2008-6996 (Google Chrome BETA (0.2.149.27) does not prompt the user before saving ...) BUG: 285006 CVE-2008-6997 (Google Chrome 0.2.149.27 allows user-assisted remote attackers to ...) BUG: 285006 CVE-2008-6998 (Stack-based buffer overflow in chrome/common/gfx/url_elider.cc in ...) BUG: 285006 CVE-2008-6999 (phpAuction 3.2, and possibly 3.3.0 GPL Basic edition, allows remote ...) NOT-FOR-US: phpAuction CVE-2008-7000 (PHP remote file inclusion vulnerability in index.php in PHPAuction 3.2 ...) NOT-FOR-US: PHPAuction CVE-2008-7001 (Unrestricted file upload vulnerability in the file manager in Creative ...) NOT-FOR-US: file manager in Creative Mind Creator CMS CVE-2008-7002 (PHP 5.2.5 does not enforce (a) open_basedir and (b) safe_mode_exec_dir ...) BUG: 297369 CVE-2008-7003 (Multiple SQL injection vulnerabilities in login.php in The Rat CMS ...) NOT-FOR-US: The Rat CMS Alpha CVE-2008-7004 (Buffer overflow in Electronic Logbook (ELOG) before 2.7.1 has unknown ...) NOT-FOR-US: elog CVE-2008-7005 (include/modules/top/1-random_quote.php in Minb Is Not a Blog (minb) ...) NOT-FOR-US: minb_is_not_a_blog CVE-2008-7006 (Free PHP VX Guestbook 1.06 allows remote attackers to bypass ...) NOT-FOR-US: phpversion php_vx_guestbook CVE-2008-7007 (Free PHP VX Guestbook 1.06 allows remote attackers to bypass ...) NOT-FOR-US: phpversion php_vx_guestbook CVE-2008-7008 (HyperStop Web Host Directory 1.2 allows remote attackers to bypass ...) NOT-FOR-US: hyperstop web_host_directory CVE-2008-7009 (Buffer overflow in multiscan.exe in Check Point ZoneAlarm Security ...) NOT-FOR-US: checkpoint zonealarm CVE-2008-7010 (Skalfa Software SkaLinks Exchange Script 1.5 allows remote attackers ...) NOT-FOR-US: skalinks exchange_script CVE-2008-7011 (The Unreal engine, as used in Unreal Tournament 3 1.3, Unreal ...) BUG: 285010 CVE-2008-7012 (courier/1000@/api_error_email.html (aka "error reporting page") in ...) NOT-FOR-US: accellion file_transfer_appliance_fta CVE-2008-7013 (NetService.dll in Baidu Hi IM allows remote servers to cause a denial ...) NOT-FOR-US: baidu_hi_im CVE-2008-7014 (fhttpd 0.4.2 allows remote attackers to cause a denial of service ...) NOT-FOR-US: fhttpd CVE-2008-7015 (Unreal engine 3, as used in Unreal Tournament 3 1.3, Frontlines: Fuel ...) NOT-FOR-US: No Unreal 3 for linux yet CVE-2008-7016 (tnftpd before 20080929 splits large command strings into multiple ...) NOT-FOR-US: we only have the client CVE-2008-7017 (Cross-site scripting (XSS) vulnerability in analyse.php in CAcert ...) NOT-FOR-US: cacert CVE-2008-7018 (Cross-site scripting (XSS) vulnerability in NashTech Easy PHP Calendar ...) NOT-FOR-US: nashtech easy_php_calendar CVE-2008-7019 (Esqlanelapse 2.6.1 and 2.6.2 allows remote attackers to bypass ...) NOT-FOR-US: esqlanelapse CVE-2008-7020 (McAfee SafeBoot Device Encryption 4 build 4750 and earlier stores ...) NOT-FOR-US: mcafee safeboot_device_encryption CVE-2008-7021 (Unrestricted file upload vulnerability in editlogo.php in AvailScript ...) NOT-FOR-US: availscript jobs_portal_script CVE-2008-7022 (Insecure method vulnerability in ChilkatMail_v7_9.dll in the Chilkat ...) NOT-FOR-US: chilkatsoft chilkat_imap_activex_control CVE-2008-7023 (Aruba Mobility Controller running ArubaOS 3.3.1.16, and possibly other ...) NOT-FOR-US: arubanetworks arubaos CVE-2008-7024 (admin.php in Arz Development The Gemini Portal 4.7 and earlier allows ...) NOT-FOR-US: arzdev gemini_portal CVE-2008-7025 (TrueVector in Check Point ZoneAlarm 8.0.020.000, with vsmon.exe ...) NOT-FOR-US: checkpoint zonealarm CVE-2008-7026 (Unrestricted file upload vulnerability in filesystem3.class.php in ...) NOT-FOR-US: efrontlearning efront CVE-2008-7027 (Libra File Manager 1.18 and earlier allows remote attackers to bypass ...) NOT-FOR-US: libra_file_manager php_filemanager CVE-2008-7028 (RPG.Board 0.8 Beta2 and earlier allows remote attackers to bypass ...) NOT-FOR-US: aves rpg_board CVE-2008-7029 (Unrestricted file upload vulnerability in usercp.php in AlilG ...) NOT-FOR-US: alilg aliboard CVE-2008-7030 (Multiple SQL injection vulnerabilities in Site2Nite Real Estate Web ...) NOT-FOR-US: site2nite real_estate_web CVE-2008-7031 (Heap-based buffer overflow in Foxit Remote Access Server (aka WAC ...) NOT-FOR-US: foxitsoftware wac_server CVE-2008-7032 (Web Management Console Cross-site request forgery (CSRF) vulnerability ...) NOT-FOR-US: f5 big ip CVE-2008-7033 (SQL injection vulnerability in the Simple Shop Galore (com_simpleshop) ...) NOT-FOR-US: galore com_simpleshop CVE-2008-7034 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: phpecho_cms CVE-2008-7035 (Cross-site scripting (XSS) vulnerability in an unspecified component ...) NOT-FOR-US: simple_machines phpraider CVE-2008-7036 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) NOT-FOR-US: e xoops CVE-2008-7037 (The Sidebar gadget in ITN News Gadget (aka ITN Hub Gadget) 1.06 for ...) NOT-FOR-US: itn_news_gadget CVE-2008-7038 (SQL injection vulnerability in the My_eGallery module for PHP-Nuke ...) NOT-FOR-US: maxdev my_egallery CVE-2008-7039 (Cross-site scripting (XSS) vulnerability in admin/comments.php in ...) NOT-FOR-US: gelatocms CVE-2008-7040 (SQL injection vulnerability in ahah/sf-profile.php in the Yellow ...) NOT-FOR-US: Yellow CVE-2008-7041 (AJ Classifieds allows remote attackers to bypass authentication and ...) NOT-FOR-US: AJ CVE-2008-7042 (PHP remote file inclusion vulnerability in url.php in FreshScripts ...) NOT-FOR-US: freshscripts fresh_email_script CVE-2008-7043 (Cross-site scripting (XSS) vulnerability in register.php in ...) NOT-FOR-US: freshscripts fresh_email_script CVE-2008-7044 (SQL injection vulnerability in admin/include/newpoll.php in AJ Square ...) NOT-FOR-US: aj_square free_polling_script CVE-2008-7045 (AJ Square Free Polling Script (AJPoll) Database version allows remote ...) NOT-FOR-US: aj_square free_polling_script CVE-2008-7046 (AJ Square Free Polling Script (AJPoll) allows remote attackers to ...) NOT-FOR-US: aj_square free_polling_script CVE-2008-7047 (NatterChat 1.1 allows remote attackers to bypass authentication and ...) NOT-FOR-US: NatterChat CVE-2008-7048 (Multiple cross-site scripting (XSS) vulnerabilities in NatterChat 1.12 ...) NOT-FOR-US: natterchat CVE-2008-7049 (Multiple SQL injection vulnerabilities in login.asp in NatterChat 1.1 ...) NOT-FOR-US: natterchat CVE-2008-7050 (The password_check function in auth/auth_phpbb3.php in WoW Raid ...) NOT-FOR-US: WoW Raid Manager CVE-2008-7051 (AJ Square AJ Article allows remote attackers to bypass authentication ...) NOT-FOR-US: ajsquare aj_article CVE-2008-7052 (Unrestricted file upload vulnerability in profile.php in Pre Projects ...) NOT-FOR-US: Pre CVE-2008-7053 (LogMeIn Remote Access Utility ActiveX control (RACtrl.dll) allows ...) NOT-FOR-US: logmein ractrl dll CVE-2008-7054 (Multiple directory traversal vulnerabilities in ezContents 2.0.3 allow ...) NOT-FOR-US: ezcontents CVE-2008-7055 (module.php in ezContents 2.0.3 allows remote attackers to bypass the ...) NOT-FOR-US: ezcontents CVE-2008-7056 (BandSite CMS 1.1.4 does not perform access control for ...) NOT-FOR-US: grayscalecms bandsite_cms CVE-2008-7057 (Cross-site scripting (XSS) vulnerability in merchandise.php in ...) NOT-FOR-US: grayscalecms bandsite_cms CVE-2008-7058 (Cross-site request forgery (CSRF) vulnerability in BandSite CMS 1.1.4 ...) NOT-FOR-US: grayscalecms bandsite_cms CVE-2008-7059 (SQL injection vulnerability in index.php in One-News Beta 2 allows ...) NOT-FOR-US: one news CVE-2008-7060 (Multiple cross-site scripting (XSS) vulnerabilities in One-News Beta 2 ...) NOT-FOR-US: one news CVE-2008-7061 (The tooltip manager (chrome/views/tooltip_manager.cc) in Google Chrome ...) BUG: 285006 CVE-2008-7062 (Unrestricted file upload vulnerability in admin/index.php in Download ...) NOT-FOR-US: lovecms CVE-2008-7063 (Ocean12 FAQ Manager Pro stores sensitive data under the web root with ...) NOT-FOR-US: ocean12tech faq_manager_pro CVE-2008-7064 (Directory traversal vulnerability in the get_lang function in ...) NOT-FOR-US: quicksilver_forums CVE-2008-7065 (Siemens C450 IP and C475 IP VoIP devices allow remote attackers to ...) NOT-FOR-US: siemens gigaset_c475_ip CVE-2008-7066 (OpenForum 0.66 Beta allows remote attackers to bypass authentication ...) NOT-FOR-US: 2enetworx openforum CVE-2008-7067 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: pagetreecms page_tree_cms CVE-2008-7068 (The dba_replace function in PHP 5.2.6 and 4.x allows context-dependent ...) NOT-FOR-US: Not a bug, see RedHat bugzilla 519266 CVE-2008-7069 (All Club CMS (ACCMS) 0.0.2 and earlier stores sensitive information ...) NOT-FOR-US: paul_arbogast accms CVE-2008-7070 (Argument injection vulnerability in the URI handler in KVIrc 3.4.2 ...) BUG: 282891 CVE-2008-7071 (SQL injection vulnerability in authenticate.php in Chipmunk Topsites ...) NOT-FOR-US: chipmunk scripts chipmunk_topsites CVE-2008-7072 (Cross-site scripting (XSS) vulnerability in index.php in Chipmunk ...) NOT-FOR-US: chipmunk scripts chipmunk_topsites CVE-2008-7073 (PHP remote file inclusion vulnerability in lib/action/rss.php in RSS ...) NOT-FOR-US: rssmodule rss_module CVE-2008-7074 (Format string vulnerability in MemeCode Software i.Scribe 1.88 through ...) NOT-FOR-US: memcode i scribe CVE-2008-7075 (Multiple SQL injection vulnerabilities in Kalptaru Infotech Ltd. Star ...) NOT-FOR-US: kalptaru_infotech stararticles CVE-2008-7076 (Unrestricted file upload vulnerability in user.modify.profile.php in ...) NOT-FOR-US: kalptaru_infotech stararticles CVE-2008-7077 (Multiple SQL injection vulnerabilities in SailPlanner 0.3a allow ...) NOT-FOR-US: relative sailplanner CVE-2008-7078 (Multiple buffer overflows in Rumpus before 6.0.1 allow remote ...) NOT-FOR-US: maxum rumpus CVE-2008-7079 (Buffer overflow in Nero ShowTime 5.0.15.0 allows remote attackers to ...) NOT-FOR-US: Nero ShowTime CVE-2008-7080 (Team PHP PHP Classifieds Script stores sensitive information under the ...) NOT-FOR-US: phpclassifiedsscript php_classifieds_script CVE-2008-7081 (userHandler.cgi in RaidSonic ICY BOX NAS firmware 2.3.2.IB.2.RS.1 ...) NOT-FOR-US: raidsonic_technology icy_box_nas CVE-2008-7082 (MyBB (aka MyBulletinBoard) 1.4.3 includes the sensitive my_post_key ...) NOT-FOR-US: mybb CVE-2008-7083 (Multiple SQL injection vulnerabilities in ReVou Micro Blogging Twitter ...) NOT-FOR-US: revou micro_blogging_twitter_clone CVE-2008-7084 (Directory traversal vulnerability in the web server 1.0 in Velocity ...) NOT-FOR-US: hirschelectronics velocity_security_management_system CVE-2008-7085 (Multiple SQL injection vulnerabilities in TheHockeyStop HockeySTATS ...) NOT-FOR-US: thehockeystop hockeystats_online CVE-2008-7086 (Maian Greetings 2.1 allows remote attackers to bypass authentication ...) NOT-FOR-US: maianscriptworld maian_greetings CVE-2008-7087 (PHP remote file inclusion vulnerability in search_wA.php in OpenPro ...) NOT-FOR-US: openpro CVE-2008-7088 (Unrestricted file upload vulnerability in upload.php in PhotoPost ...) NOT-FOR-US: photopost_vbgallery CVE-2008-7089 (Cross-site scripting (XSS) vulnerability in Pligg 9.9 and earlier ...) NOT-FOR-US: pligg_cms CVE-2008-7090 (Multiple directory traversal vulnerabilities in Pligg 9.9 and earlier ...) NOT-FOR-US: pligg_cms CVE-2008-7091 (Multiple SQL injection vulnerabilities in Pligg 9.9 and earlier allow ...) NOT-FOR-US: pligg_cms CVE-2008-7092 (Multiple cross-site scripting (XSS) vulnerabilities in Unica Affinium ...) NOT-FOR-US: unica affinium_campaign CVE-2008-7093 (Multiple directory traversal vulnerabilities in Unica Affinium ...) NOT-FOR-US: unica affinium_campaign CVE-2008-7094 (Campaign/CampaignListener in the listener server in Unica Affinium ...) NOT-FOR-US: unica affinium_campaign CVE-2008-7095 (The SNMP daemon in ArubaOS 3.3.2.6 in Aruba Mobility Controller does ...) NOT-FOR-US: ArubaOS CVE-2008-7096 (Intel Desktop and Intel Mobile Boards with BIOS firmware DQ35JO, ...) NOT-FOR-US: intel bios CVE-2008-7097 (Multiple SQL injection vulnerabilities in Qsoft K-Rate Premium allow ...) NOT-FOR-US: qsoft k rate CVE-2008-7098 (Multiple cross-site scripting (XSS) vulnerabilities in Qsoft K-Rate ...) NOT-FOR-US: qsoft k rate CVE-2008-7099 (Unspecified vulnerability in the Manage Templates feature in Qsoft ...) NOT-FOR-US: qsoft k rate CVE-2008-7100 (Unspecified vulnerability in DotNetNuke 4.4.1 through 4.8.4 allows ...) NOT-FOR-US: dotnetnuke CVE-2008-7101 (Unspecified vulnerability in DotNetNuke 4.0 through 4.8.4 and 5.0 ...) NOT-FOR-US: dotnetnuke CVE-2008-7102 (DotNetNuke 2.0 through 4.8.4 allows remote attackers to load .ascx ...) NOT-FOR-US: dotnetnuke CVE-2008-7103 (Stack-based buffer overflow in an ActiveX control in ...) NOT-FOR-US: najdi si toolbar CVE-2008-7104 (Sophos PureMessage Scanner service (PMScanner.exe) in PureMessage for ...) NOT-FOR-US: sophos puremessage_for_microsoft_exchange CVE-2008-7105 (Sophos PureMessage for Microsoft Exchange 3.0 before 3.0.2 allows ...) NOT-FOR-US: sophos puremessage_for_microsoft_exchange CVE-2008-7106 (The installation of Sophos PureMessage for Microsoft Exchange 3.0 ...) NOT-FOR-US: sophos puremessage_for_microsoft_exchange CVE-2008-7107 (easdrv.sys in ESET Smart Security 3.0.667.0 allows local users to ...) NOT-FOR-US: eset smart_security CVE-2008-7108 (Multiple cross-site scripting (XSS) vulnerabilities in Carmosa phpCart ...) NOT-FOR-US: carmosa phpcart CVE-2008-7109 (The Scanner File Utility (aka listener) in Kyocera Mita (KM) 3.3.0.1 ...) NOT-FOR-US: kyoceramita scanner_file_utility CVE-2008-7110 (Directory traversal vulnerability in the Scanner File Utility (aka ...) NOT-FOR-US: kyoceramita scanner_file_utility CVE-2008-7111 (The Scanner File Utility (aka listener) in Kyocera Mita (KM) 3.3.0.1 ...) NOT-FOR-US: kyoceramita scanner_file_utility CVE-2008-7112 (The Scanner File Utility (aka listener) in Kyocera Mita (KM) 3.3.0.1 ...) NOT-FOR-US: kyoceramita scanner_file_utility CVE-2008-7113 (The Scanner File Utility (aka listener) in Kyocera Mita (KM) 3.3.0.1 ...) NOT-FOR-US: kyoceramita scanner_file_utility CVE-2008-7114 (SQL injection vulnerability in members_search.php in iFusion Services ...) NOT-FOR-US: ifusionservices ifdate CVE-2008-7115 (The web interface to the Belkin Wireless G router and ADSL2 modem ...) NOT-FOR-US: belkin wireless_g_router CVE-2008-7116 (SQL injection vulnerability in the admin panel (admin/) in WeBid ...) NOT-FOR-US: webidsupport webid CVE-2008-7117 (eledicss.php in WeBid auction script 0.5.4 allows remote attackers to ...) NOT-FOR-US: webidsupport webid CVE-2008-7118 (WeBid auction script 0.5.4 stores sensitive information under the web ...) NOT-FOR-US: webidsupport webid CVE-2008-7119 (SQL injection vulnerability in item.php in WeBid auction script 0.5.4 ...) NOT-FOR-US: webidsupport webid CVE-2008-7120 (SQL injection vulnerability in Mr. CGI Guy Hot Links SQL-PHP 3 and ...) NOT-FOR-US: mrcgiguy hot_links_sql php CVE-2008-7121 (Cross-site scripting (XSS) vulnerability in Mr. CGI Guy Hot Links ...) NOT-FOR-US: mrcgiguy hot_links_sql php CVE-2008-7122 (Multiple insecure method vulnerabilities in an ActiveX control in ...) NOT-FOR-US: evansprogramming registry_pro CVE-2008-7123 (Static code injection vulnerability in ...) NOT-FOR-US: zkup CVE-2008-7124 (zKup CMS 2.0 through 2.3 does not require administrative ...) NOT-FOR-US: zkup CVE-2008-7125 (pphoto in Ariadne before 2.6 allows remote authenticated users with ...) NOT-FOR-US: ariadne cms ariadne_cms CVE-2008-7126 (Integer overflow in osagent.exe in Borland VisiBroker Smart Agent ...) NOT-FOR-US: microfocus visibroker CVE-2008-7127 (osagent.exe in Borland VisiBroker Smart Agent 08.00.00.C1.03 and ...) NOT-FOR-US: microfocus visibroker CVE-2008-7128 (The ssl_parse_client_key_exchange function in XySSL before 0.9 does ...) NOT-FOR-US: Obsolete. Now called polarssl, bumped, no vuln versions left in tree, never stable CVE-2008-7129 (XySSL before 0.9 allows remote attackers to cause a denial of service ...) NOT-FOR-US: See CVE-2008-7128 CVE-2008-7130 (Unspecified vulnerability in DB2 Monitoring Console 2.2.4 and earlier ...) NOT-FOR-US: peter_kohlmann db2_monitoring_console CVE-2008-7131 (Unspecified vulnerability in DB2 Monitoring Console 2.2.4 and earlier ...) NOT-FOR-US: peter_kohlmann db2_monitoring_console CVE-2008-7132 (Cross-site scripting (XSS) vulnerability in index.php in Nuked-Klan ...) NOT-FOR-US: nuked klan CVE-2008-7133 (Multiple cross-site scripting (XSS) vulnerabilities in onlinetools.org ...) NOT-FOR-US: onlinetools easyimagecatalogue CVE-2008-7134 (Multiple cross-site scripting (XSS) vulnerabilities in the default URI ...) NOT-FOR-US: redgalaxy download_center CVE-2008-7135 (toolbaru.dll in ICQ Toolbar (ICQToolbar) 2.3 allows remote attackers ...) NOT-FOR-US: icq_toolbar CVE-2008-7136 (toolbaru.dll in ICQ Toolbar (ICQToolbar) 2.3 allows remote attackers ...) NOT-FOR-US: icq_toolbar CVE-2008-7137 (WS-Proxy in Eye-Fi 1.1.2 allows remote attackers to cause a denial of ...) NOT-FOR-US: eye fi eye fi_manager CVE-2008-7138 (The Manager in Eye-Fi 1.1.2 generates predictable snonce values based ...) NOT-FOR-US: eye fi_manager CVE-2008-7139 (Multiple cross-site request forgery (CSRF) vulnerabilities in WS-Proxy ...) NOT-FOR-US: eye fi_manager CVE-2008-7140 (Multiple cross-site scripting (XSS) vulnerabilities in @lex Guestbook ...) NOT-FOR-US: alexguestbook lex_guestbook CVE-2008-7141 (Cross-site scripting (XSS) vulnerability in setup.php in @lex Poll 2.1 ...) NOT-FOR-US: alexphpteam lex_poll CVE-2008-7142 (Absolute path traversal vulnerability in the Disk Usage module ...) NOT-FOR-US: Disk Usage module frontend x diskusage index html in cPanel CVE-2008-7143 (phpBB 2.0.23 includes the session ID in a request to modcp.php when ...) NOT-FOR-US: Obsolete CVE-2008-7144 (Multiple unspecified vulnerabilities in RARLAB WinRAR before 3.71 have ...) NOT-FOR-US: FAILRAR CVE-2008-7145 (Multiple SQL injection vulnerabilities in index.php in CoronaMatrix ...) NOT-FOR-US: CoronaMatrix phpAddressBook CVE-2008-7146 (IntraLearn Software IntraLearn 2.1, and possibly other versions before ...) NOT-FOR-US: help 1 Instructor CVE-2008-7147 (Multiple cross-site scripting (XSS) vulnerabilities in IntraLearn ...) NOT-FOR-US: IntraLearn Software IntraLearn CVE-2008-7148 (Unspecified vulnerability in Synfig Animation Studio before 0.61.08 ...) NOT-FOR-US: Synfig Animation Studio CVE-2008-7149 (Unspecified vulnerability in AgileWiki before 0.10.1 has unknown ...) NOT-FOR-US: AgileWiki CVE-2008-7150 (Cross-site scripting (XSS) vulnerability in Refine by Taxonomy 5.x ...) NOT-FOR-US: Refine by Taxonomy CVE-2008-7151 (Cross-site request forgery (CSRF) vulnerability in Live 5.x before ...) NOT-FOR-US: Live CVE-2008-7152 (Multiple PHP remote file inclusion vulnerabilities in Specimen Image ...) NOT-FOR-US: Specimen CVE-2008-7153 (SQL injection vulnerability in the autoDetectRegion function in ...) NOT-FOR-US: docebo CVE-2008-7154 (Docebo 3.5.0.3 and earlier allows remote attackers to obtain sensitive ...) NOT-FOR-US: docebo CVE-2008-7155 (NetRisk 1.9.7 does not properly restrict access to ...) NOT-FOR-US: phprisk netrisk CVE-2008-7156 (EkinBoard 1.1.0 and earlier, when register_globals is enabled, allows ...) NOT-FOR-US: ekinboard CVE-2008-7157 (Unrestricted file upload vulnerability in EkinBoard 1.1.0 and earlier ...) NOT-FOR-US: ekinboard CVE-2008-7158 (Numara FootPrints 7.5a through 7.5a1 and 8.0 through 8.0a allows ...) NOT-FOR-US: numarasoftware footprints CVE-2008-7159 (The silc_asn1_encoder function in lib/silcasn1/silcasn1_encode.c in ...) BUG: 284561 CVE-2008-7160 (The silc_http_server_parse function in lib/silchttp/silchttpserver.c ...) BUG: 284561 CVE-2008-7161 (Fortinet FortiGuard Fortinet FortiGate-1000 3.00 build 040075,070111 ...) NOT-FOR-US: fortinet fortigate 1000 CVE-2008-7162 (Buffer overflow in Hero Super Player 3000 allows remote attackers to ...) NOT-FOR-US: heroshare hero_super_player_3000 CVE-2008-7163 (Directory traversal vulnerability in mods/Integrated/index.php in ...) NOT-FOR-US: sinecms CVE-2008-7164 (Multiple unspecified vulnerabilities in Shareaza before 2.3.1.0 have ...) NOT-FOR-US: ryo oh ki shareaza CVE-2008-7165 (Cross-site request forgery in cp06_wifi_m_nocifr.cgi in the ...) NOT-FOR-US: alice gate2_plus_wi fi CVE-2008-7166 (Buffer overflow in the web interface in BitTorrent 6.0.1 (build 7859) ...) BUG: 283819 CVE-2008-7167 (Unrestricted file upload vulnerability in upload.php in Page Manager ...) NOT-FOR-US: sami_ekblad page_manager CVE-2008-7168 (Insecure method vulnerability in the UUSee UUUpgrade ActiveX control ...) NOT-FOR-US: uusee uuupgrade ocx CVE-2008-7169 (SQL injection vulnerability in Jabode horoscope extension (com_jabode) ...) NOT-FOR-US: com_jabode CVE-2008-7170 (GSC build 2067 and earlier relies on the client to enforce ...) NOT-FOR-US: getgsc gsc CVE-2008-7171 (Multiple cross-site scripting (XSS) vulnerabilities in Lightweight ...) NOT-FOR-US: yanick_bourbeau lightweight_news_portal CVE-2008-7172 (Lightweight news portal (LNP) 1.0b does not properly restrict access ...) NOT-FOR-US: yanick_bourbeau lightweight_news_portal CVE-2008-7173 (The Jura Internet Connection Kit for the Jura Impressa F90 coffee ...) NOT-FOR-US: juracapecoffee internet_connectivity_kit CVE-2008-7174 (Multiple buffer overflows in the Jura Internet Connection Kit for the ...) NOT-FOR-US: juracapecoffee internet_connectivity_kit CVE-2008-7175 (Cross-site scripting (XSS) vulnerability in wp-admin/admin.php in ...) NOT-FOR-US: alex_rabe nextgen_gallery CVE-2008-7176 (Multiple directory traversal vulnerabilities in Facil CMS 0.1RC allow ...) NOT-FOR-US: celina_jorge facil_cms CVE-2008-7177 (Buffer overflow in the listing module in Netwide Assembler (NASM) ...) NOT-FOR-US: Obsolete CVE-2008-7178 (Directory traversal vulnerability in Uploader module 1.1 for XOOPS ...) NOT-FOR-US: xoops uploader CVE-2008-7179 (OTManager CMS 2.4 allows remote attackers to bypass authentication and ...) NOT-FOR-US: otmanager_cms CVE-2008-7180 (del_query1.php in Telephone Directory 2008 allows remote attackers to ...) NOT-FOR-US: telephone_directory_2008 CVE-2008-7181 (Butterfly Organizer 2.0.0 allows remote attackers to (1) delete ...) NOT-FOR-US: butterflymedia butterfly_organizer CVE-2008-7182 (Buffer overflow in the IMAP service in NetWin Surgemail 3.9e, and ...) NOT-FOR-US: netwin surgemail CVE-2008-7183 (PHP remote file inclusion vulnerability in eva/index.php in EVA CMS ...) NOT-FOR-US: evacms eva_cms CVE-2008-7184 (Cross-site scripting (XSS) vulnerability in Diigo Toolbar and Diigolet ...) NOT-FOR-US: diigolet CVE-2008-7185 (GNOME Rhythmbox 0.11.5 allows remote attackers to cause a denial of ...) BUG: 284448 CVE-2008-7186 (Coppermine Photo Gallery (CPG) 1.4.14 does not restrict access to ...) NOT-FOR-US: Obsolete CVE-2008-7187 (Coppermine Photo Gallery (CPG) 1.4.14 allows remote attackers to ...) NOT-FOR-US: ObSolete CVE-2008-7188 (ClipShare 2.6 does not properly restrict access to certain ...) NOT-FOR-US: email CVE-2008-7189 (Multiple unspecified vulnerabilities in Local Media Browser before 0.1 ...) NOT-FOR-US: Local Media Browser CVE-2008-7190 (Unspecified vulnerability in Adium before 1.2 has unknown impact and ...) NOT-FOR-US: Adium CVE-2008-7191 (Unspecified vulnerability in Polipo before 1.0.4 allows remote ...) BUG: 284449 CVE-2008-7192 (Cross-site request forgery (CSRF) vulnerability in index.php in ...) NOT-FOR-US: WoltLab Burning Board wBB CVE-2008-7193 (PHPKIT 1.6.4 PL1 includes the session ID in the URL, which allows ...) NOT-FOR-US: URL CVE-2008-7194 (Unspecified vulnerability in Fujitsu Interstage HTTP Server, as used ...) NOT-FOR-US: fujitsu interstage_application_server CVE-2008-7195 (Unspecified vulnerability in Fujitsu Interstage HTTP Server, as used ...) NOT-FOR-US: fujitsu interstage_application_server CVE-2008-7196 (Unspecified vulnerability in metashell before 0.03 has unknown impact ...) NOT-FOR-US: mark_reinsfelder metashell CVE-2008-7197 (Multiple unspecified vulnerabilities in G15Daemon before 1.9.4 have ...) BUG: 284520 CVE-2008-7198 (Multiple unspecified vulnerabilities in phpns before 2.1.1beta1 have ...) NOT-FOR-US: alecwh phpns CVE-2008-7199 (Phoenix Contact FL IL 24 BK-PAC allows remote attackers to cause a ...) NOT-FOR-US: phoenixcontact fl_il_24_bk pac CVE-2008-7200 (Double free vulnerability in Deliantra server engine before 2.4 has ...) NOT-FOR-US: deliantra CVE-2008-7201 (Lantronix MSS485-T allows remote attackers to cause a denial of ...) NOT-FOR-US: lantronix mss485 t CVE-2008-7202 (Multiple cross-site scripting (XSS) vulnerabilities in OpenWebMail ...) NOT-FOR-US: openwebmail acatysmoof openwebmail CVE-2008-7203 (Valve Software Half-Life Counter-Strike 1.6 allows remote attackers to ...) NOT-FOR-US: Take that, kiddies! CVE-2008-7204 (Cross-site request forgery (CSRF) vulnerability in VirtueMart 1.0.13a ...) NOT-FOR-US: virtuemart CVE-2008-7205 (Unspecified vulnerability in the product view functionality in ...) NOT-FOR-US: virtuemart CVE-2008-7206 (Unspecified vulnerability in Electronic Logbook (ELOG) before 2.7.2 ...) NOT-FOR-US: stefan_ritt elog_web_logbook CVE-2008-7207 (RivetTracker before 1.0 stores passwords in cleartext in config.php, ...) NOT-FOR-US: cleartext CVE-2008-7208 (Multiple SQL injection vulnerabilities in OneCMS 2.4, and possibly ...) NOT-FOR-US: OneCMS CVE-2008-7209 (Unrestricted file upload vulnerability in the add2 action in ...) NOT-FOR-US: OneCMS CVE-2008-7210 (directory.php in AJchat 0.10 allows remote attackers to bypass input ...) NOT-FOR-US: AJchat CVE-2008-7211 (CreativeLabs es1371mp.sys 5.1.3612.0 WDM audio driver, as used in ...) NOT-FOR-US: n CVE-2008-7212 (MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote ...) NOT-FOR-US: Obsolete CVE-2008-7213 (Cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: Obsolete CVE-2008-7214 (Cross-site request forgery (CSRF) vulnerability in ...) NOT-FOR-US: Obsolete CVE-2008-7215 (The Image Manager in MOStlyCE before 2.4, as used in Mambo 4.6.3 and ...) NOT-FOR-US: Obsolete CVE-2008-7216 (Peter's Math Anti-Spam Spinoff plugin for WordPress generates audio ...) NOT-FOR-US: Peter s CVE-2008-7217 (Microsoft Office 2008 for Mac, when running on Macintosh systems that ...) NOT-FOR-US: Microsoft CVE-2008-7218 (Unspecified vulnerability in the Horde API in Horde 3.1 before 3.1.6 ...) NOT-FOR-US: Obsolete CVE-2008-7219 (Horde Kronolith H3 2.1 before 2.1.7 and 2.2 before 2.2-RC2; Nag H3 2.1 ...) NOT-FOR-US: Obsolete CVE-2008-7220 (Unspecified vulnerability in Prototype JavaScript framework ...) BUG: 284874 CVE-2008-7221 (Cross-site request forgery (CSRF) vulnerability in RunCMS 1.6.1 allows ...) NOT-FOR-US: runcms CVE-2008-7222 (Cross-site scripting (XSS) vulnerability in system/admin.php in RunCMS ...) NOT-FOR-US: runcms CVE-2008-7223 (Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before ...) NOT-FOR-US: linpha CVE-2008-7224 (Buffer overflow in entity_cache in ELinks before 0.11.4rc0 allows ...) BUG: 285011 CVE-2008-7225 (Heap-based buffer overflow in Foxit Remote Access Server (aka WAC ...) NOT-FOR-US: Foxit Remote Access Server aka WAC Server CVE-2008-7226 (SQL injection vulnerability in index.php in the Recipes module 1.3, ...) NOT-FOR-US: recipe_module CVE-2008-7227 (PartialBufferOutputStream2 in GeoServer before 1.6.1 and 1.7.0-beta1 ...) NOT-FOR-US: geoserver CVE-2008-7228 (Multiple format string vulnerabilities in White_Dune before ...) NOT-FOR-US: white CVE-2008-7229 (GreenSQL Firewall (greensql-fw) before 0.9.2 allows remote attackers ...) NOT-FOR-US: greensql_firewall CVE-2008-7230 (Unspecified vulnerability in Small Footprint CIM Broker (SFCB) before ...) NOT-FOR-US: broker CVE-2008-7231 (Cross-site scripting (XSS) vulnerability in Meridio Document and ...) NOT-FOR-US: meridio CVE-2008-7232 (Buffer overflow in the report function in xtacacsd 4.1.2 and earlier ...) NOT-FOR-US: report function in xtacacsd CVE-2008-7233 (Unspecified vulnerability in the E-Business Application client, as ...) NOT-FOR-US: E Business Application client as used in Oracle Application Server CVE-2008-7234 (Unspecified vulnerability in the Oracle BPEL Worklist Application ...) NOT-FOR-US: Oracle BPEL Worklist Application component in Oracle Application Server CVE-2008-7235 (Unspecified vulnerability in the Oracle Forms component in Oracle ...) NOT-FOR-US: Oracle Forms component in Oracle Application Server CVE-2008-7236 (Unspecified vulnerability in the Oracle JDeveloper component in Oracle ...) NOT-FOR-US: Oracle JDeveloper component in Oracle Application Server CVE-2008-7237 (Unspecified vulnerability in the Oracle Internet Directory component ...) NOT-FOR-US: Oracle Internet Directory component in Oracle Application Server CVE-2008-7238 (Multiple unspecified vulnerabilities in Oracle E-Business Suite 12.0.3 ...) NOT-FOR-US: Oracle E Business Suite CVE-2008-7239 (Multiple unspecified vulnerabilities in Oracle E-Business Suite ...) NOT-FOR-US: Oracle E Business Suite CVE-2008-7240 (Directory traversal vulnerability in include/unverified.inc.php in ...) NOT-FOR-US: linuxwebshop php_user_base CVE-2008-7241 (Cross-site request forgery (CSRF) vulnerability in PunBB before 1.2.17 ...) NOT-FOR-US: punbb CVE-2008-7242 (Multiple cross-site scripting (XSS) vulnerabilities in MODx CMS ...) NOT-FOR-US: modx CVE-2008-7243 (Cross-site request forgery (CSRF) vulnerability in page 34 in MODx CMS ...) NOT-FOR-US: page CVE-2008-7244 (Mozilla Firefox 3.0.1 and earlier allows remote attackers to cause a ...) NOT-FOR-US: This is an annoyance, not pursuing as a security bug CVE-2008-7245 (Opera 9.52 and earlier allows remote attackers to cause a denial of ...) NOT-FOR-US: This is just an annoyance, not pursuing as security bug. CVE-2008-7246 (Google Chrome 0.2.149.29 and earlier allows remote attackers to cause ...) NOT-FOR-US: This is just an annoyance, not pursing as a seucirty bug. CVE-2008-7247 (sql/sql_table.cc in MySQL 5.0.x through 5.0.88, 5.1.x through 5.1.41, ...) BUG: 294187 CVE-2008-7248 (Ruby on Rails 2.1 before 2.1.3 and 2.2.x before 2.2.2 does not verify ...) BUG: 247549 CVE-2008-7249 (Buffer overflow in Squid Analysis Report Generator (Sarg) 2.2.3.1, and ...) NOT-FOR-US: Obsolete CVE-2008-7250 (Cross-site scripting (XSS) vulnerability in Squid Analysis Report ...) NOT-FOR-US: Obsolete CVE-2008-7251 (libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 creates a ...) BUG: 302745 CVE-2008-7252 (libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 uses ...) BUG: 302745 CVE-2008-7253 (The default configuration of the web server in IBM Lotus Domino ...) NOT-FOR-US: ibm lotus_domino_server CVE-2008-7254 (Directory traversal vulnerability in includes/template-loader.php in ...) NOT-FOR-US: ermenegildo_fiorito irmin_cms CVE-2008-7255 (login_screen.tcl in aMSN (aka Alvaro's Messenger) before 0.97.1 saves ...) NOT-FOR-US: obsolete CVE-2008-7256 (mm/shmem.c in the Linux kernel before 2.6.28-rc8, when strict ...) BUG: 325581 CVE-2008-7257 (CRLF injection vulnerability in +webvpn+/index.html in WebVPN on Cisco ...) NOT-FOR-US: cisco asa_5580 CVE-2008-7258 (** DISPUTED ** ...) NOT-FOR-US: DISPUTED CVE-2008-7259 RESERVED CVE-2008-7260 RESERVED CVE-2008-7261 (The Workplace (aka WP) component in IBM FileNet P8 Application Engine ...) NOT-FOR-US: ibm filenet_p8_application_engine CVE-2008-7262 (Multiple directory traversal vulnerabilities in FTPServer.py in ...) NOT-FOR-US: g rodola pyftpdlib CVE-2008-7263 (ftpserver.py in pyftpdlib before 0.5.0 does not delay its response ...) NOT-FOR-US: g rodola pyftpdlib CVE-2008-7264 (The ftp_QUIT function in ftpserver.py in pyftpdlib before 0.5.0 allows ...) NOT-FOR-US: g rodola pyftpdlib CVE-2008-7265 (The pr_data_xfer function in ProFTPD before 1.3.2rc3 allows remote ...) TODO: check CVE-2009-0001 (Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote ...) NOT-FOR-US: apple quicktime CVE-2009-0002 (Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote ...) NOT-FOR-US: apple quicktime CVE-2009-0003 (Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote ...) NOT-FOR-US: apple quicktime CVE-2009-0004 (Buffer overflow in Apple QuickTime before 7.6 allows remote attackers ...) NOT-FOR-US: apple quicktime CVE-2009-0005 (Unspecified vulnerability in Apple QuickTime before 7.6 allows remote ...) NOT-FOR-US: apple quicktime CVE-2009-0006 (Integer signedness error in Apple QuickTime before 7.6 allows remote ...) NOT-FOR-US: apple quicktime CVE-2009-0007 (Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote ...) NOT-FOR-US: apple quicktime CVE-2009-0008 (Unspecified vulnerability in Apple QuickTime MPEG-2 Playback Component ...) NOT-FOR-US: apple quicktime_mpeg 2_playback_component CVE-2009-0009 (Unspecified vulnerability in the Pixlet codec in Apple Mac OS X ...) NOT-FOR-US: apple mac_os_x_server CVE-2009-0010 (Integer underflow in QuickDraw Manager in Apple Mac OS X 10.4.11 and ...) NOT-FOR-US: apple mac_os_x CVE-2009-0011 (Certificate Assistant in Apple Mac OS X 10.5.6 allows local users to ...) NOT-FOR-US: apple mac_os_x_server CVE-2009-0012 (Heap-based buffer overflow in CoreText in Apple Mac OS X 10.5.6 allows ...) NOT-FOR-US: apple mac_os_x CVE-2009-0013 (dscl in DS Tools in Apple Mac OS X 10.4.11 and 10.5.6 requires that ...) NOT-FOR-US: apple mac_os_x_server CVE-2009-0014 (Folder Manager in Apple Mac OS X 10.5.6 uses insecure default ...) NOT-FOR-US: apple mac_os_x_server CVE-2009-0015 (Unspecified vulnerability in fseventsd in the FSEvents framework in ...) NOT-FOR-US: apple mac_os_x_server CVE-2009-0016 (Apple iTunes before 8.1 on Windows allows remote attackers to cause a ...) NOT-FOR-US: Apple CVE-2009-0017 (csregprinter in the Printing component in Apple Mac OS X 10.4.11 and ...) NOT-FOR-US: apple mac_os_x_server CVE-2009-0018 (The Remote Apple Events server in Apple Mac OS X 10.4.11 and 10.5.6 ...) NOT-FOR-US: apple mac_os_x_server CVE-2009-0019 (Remote Apple Events in Apple Mac OS X 10.4.11 and 10.5.6 allows remote ...) NOT-FOR-US: apple mac_os_x CVE-2009-0020 (Unspecified vulnerability in CarbonCore in Apple Mac OS X 10.4.11 and ...) NOT-FOR-US: apple mac_os_x_server CVE-2009-0021 (NTP 4.2.4 before 4.2.4p5 and 4.2.5 before 4.2.5p150 does not properly ...) BUG: 254098 CVE-2009-0022 (Samba 3.2.0 through 3.2.6, when registry shares are enabled, allows ...) BUG: 253850 CVE-2009-0023 (The apr_strmatch_precompile function in strmatch/apr_strmatch.c in ...) BUG: 274193 CVE-2009-0024 (The sys_remap_file_pages function in mm/fremap.c in the Linux kernel ...) BUG: 254905 CVE-2009-0025 (BIND 9.6.0, 9.5.1, 9.5.0, 9.4.3, and earlier does not properly check ...) BUG: 254134 CVE-2009-0026 (Multiple cross-site scripting (XSS) vulnerabilities in Apache ...) NOT-FOR-US: apache jackrabbit CVE-2009-0027 (The request handler in JBossWS in JBoss Enterprise Application ...) NOT-FOR-US: JBossWS in JBoss Enterprise Application Platform CVE-2009-0028 (The clone system call in the Linux kernel 2.6.28 and earlier allows ...) BUG: 260558 CVE-2009-0029 (The ABI in the Linux kernel 2.6.28 and earlier on s390, powerpc, ...) BUG: 255571 CVE-2009-0030 (A certain Red Hat patch for SquirrelMail 1.4.8 sets the same SQMSESSID ...) NOT-FOR-US: RH specific bug in backported patch CVE-2009-0031 (Memory leak in the keyctl_join_session_keyring function ...) BUG: 256126 CVE-2009-0032 (CUPS on Mandriva Linux 2008.0, 2008.1, 2009.0, Corporate Server (CS) ...) NOT-FOR-US: This is a vulnerability in pdfdistiller, which we do not NOT-FOR-US: ship as a CPUS backend CVE-2009-0033 (Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 ...) BUG: 272566 CVE-2009-0034 (parse.c in sudo 1.6.9p17 through 1.6.9p19 does not properly interpret ...) BUG: 256633 CVE-2009-0035 RESERVED CVE-2009-0036 (Buffer overflow in the proxyReadClientSocket function in ...) BUG: 258777 CVE-2009-0037 (The redirect implementation in curl and libcurl 5.11 through 7.19.3, ...) BUG: 260361 CVE-2009-0038 (Multiple cross-site scripting (XSS) vulnerabilities in the web ...) NOT-FOR-US: apache geronimo CVE-2009-0039 (Multiple cross-site request forgery (CSRF) vulnerabilities in the web ...) NOT-FOR-US: apache geronimo CVE-2009-0040 (The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before ...) BUG: 259578 CVE-2009-0041 (IAX2 in Asterisk Open Source 1.2.x before 1.2.31, 1.4.x before ...) BUG: 254304 CVE-2009-0042 (Multiple unspecified vulnerabilities in the Arclib library ...) NOT-FOR-US: Arclib CVE-2009-0043 (The smmsnmpd service in CA Service Metric Analysis r11.0 through r11.1 ...) NOT-FOR-US: ca service_metric_analysis CVE-2009-0044 RESERVED CVE-2009-0045 RESERVED CVE-2009-0046 (Sun GridEngine 5.3 and earlier does not properly check the return ...) NOT-FOR-US: sun grid_engine CVE-2009-0047 (Gale 0.99 and earlier does not properly check the return value from ...) NOT-FOR-US: gale CVE-2009-0048 (OpenEvidence 1.0.6 and earlier does not properly check the return ...) NOT-FOR-US: openevidence CVE-2009-0049 (Belgian eID middleware (eidlib) 2.6.0 and earlier does not properly ...) NOT-FOR-US: eidlib CVE-2009-0050 (Lasso 2.2.1 and earlier does not properly check the return value from ...) NOT-FOR-US: lasso CVE-2009-0051 (ZXID 0.29 and earlier does not properly check the return value from ...) NOT-FOR-US: zxid CVE-2009-0052 (The Atheros wireless driver, as used in Netgear WNDAP330 Wi-Fi access ...) NOT-FOR-US: netgear wndap330 CVE-2009-0053 (PXE Encryption in Cisco IronPort Encryption Appliance 6.2.4 before ...) NOT-FOR-US: Cisco IronPort Encryption Appliance CVE-2009-0054 (PXE Encryption in Cisco IronPort Encryption Appliance 6.2.4 before ...) NOT-FOR-US: Cisco IronPort Encryption Appliance CVE-2009-0055 (Cross-site request forgery (CSRF) vulnerability in the administration ...) NOT-FOR-US: administration interface in Cisco IronPort Encryption Appliance CVE-2009-0056 (Cross-site request forgery (CSRF) vulnerability in the administration ...) NOT-FOR-US: administration interface in Cisco IronPort Encryption Appliance CVE-2009-0057 (The Certificate Authority Proxy Function (CAPF) service in Cisco ...) NOT-FOR-US: cisco unified_communications_manager CVE-2009-0058 (The Cisco Wireless LAN Controller (WLC), Cisco Catalyst 6500 Wireless ...) NOT-FOR-US: cisco wireless_lan_controller CVE-2009-0059 (The Cisco Wireless LAN Controller (WLC), Cisco Catalyst 6500 Wireless ...) NOT-FOR-US: cisco wireless_lan_controller CVE-2009-0060 RESERVED CVE-2009-0061 (Unspecified vulnerability in the Wireless LAN Controller (WLC) TSEC ...) NOT-FOR-US: cisco wireless_lan_controller CVE-2009-0062 (Unspecified vulnerability in the Cisco Wireless LAN Controller (WLC), ...) NOT-FOR-US: cisco wireless_lan_controller CVE-2009-0063 (Cross-site scripting (XSS) vulnerability in the Control Center in ...) NOT-FOR-US: symantec brightmail_gateway_appliance CVE-2009-0064 (Multiple unspecified vulnerabilities in the Control Center in Symantec ...) NOT-FOR-US: symantec brightmail_gateway_appliance CVE-2009-0065 (Buffer overflow in net/sctp/sm_statefuns.c in the Stream Control ...) BUG: 254907 CVE-2009-0066 (Multiple unspecified vulnerabilities in Intel system software for ...) NOT-FOR-US: intel trusted_execution_technology CVE-2009-0067 RESERVED CVE-2009-0068 (Interaction error in xdg-open allows remote attackers to execute ...) TODO: check-later CVE-2009-0069 (Unspecified vulnerability in the nfs4rename_persistent_fh function in ...) NOT-FOR-US: sun solaris CVE-2009-0070 (Integer signedness error in Apple Safari allows remote attackers to ...) NOT-FOR-US: apple safari CVE-2009-0071 (Mozilla Firefox 3.0.5 and earlier 3.0.x versions, when designMode is ...) BUG: 255234 CVE-2009-0072 (Microsoft Internet Explorer 6.0 through 8.0 beta2 allows remote ...) NOT-FOR-US: microsoft internet_explorer CVE-2009-0073 RESERVED CVE-2009-0074 RESERVED CVE-2009-0075 (Microsoft Internet Explorer 7 does not properly handle errors during ...) NOT-FOR-US: Microsoft CVE-2009-0076 (Microsoft Internet Explorer 7, when XHTML strict mode is used, allows ...) NOT-FOR-US: conjunction CVE-2009-0077 (The firewall engine in Microsoft Forefront Threat Management Gateway, ...) NOT-FOR-US: Microsoft Forefront Threat Management Gateway Medium Business Edition TMG MBE and Internet Security and Acceleration ISA Server CVE-2009-0078 (The Windows Management Instrumentation (WMI) provider in Microsoft ...) NOT-FOR-US: Microsoft CVE-2009-0079 (The RPCSS service in Microsoft Windows XP SP2 and SP3 and Server 2003 ...) NOT-FOR-US: Microsoft CVE-2009-0080 (The ThreadPool class in Windows Vista Gold and SP1, and Server 2008, ...) NOT-FOR-US: Windows CVE-2009-0081 (The graphics device interface (GDI) implementation in the kernel in ...) NOT-FOR-US: microsoft windows_xp CVE-2009-0082 (The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 ...) NOT-FOR-US: microsoft windows_xp CVE-2009-0083 (The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server ...) NOT-FOR-US: microsoft windows_xp CVE-2009-0084 (Use-after-free vulnerability in DirectShow in Microsoft DirectX 8.1 ...) NOT-FOR-US: Microsoft DirectX CVE-2009-0085 (The Secure Channel (aka SChannel) authentication component in ...) NOT-FOR-US: microsoft windows_xp CVE-2009-0086 (Integer underflow in Windows HTTP Services (aka WinHTTP) in Microsoft ...) NOT-FOR-US: Windows HTTP Services aka WinHTTP in Microsoft Windows CVE-2009-0087 (Unspecified vulnerability in the Word 6 text converter in WordPad in ...) NOT-FOR-US: Word CVE-2009-0088 (The WordPerfect 6.x Converter (WPFT632.CNV, 1998.1.27.0) in Microsoft ...) NOT-FOR-US: Microsoft Office Word CVE-2009-0089 (Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP ...) NOT-FOR-US: Microsoft Windows CVE-2009-0090 (Microsoft .NET Framework 1.0 SP3, 1.1 SP1, and 2.0 SP1 does not ...) NOT-FOR-US: microsoft windows_xp CVE-2009-0091 (Microsoft .NET Framework 2.0, 2.0 SP1, and 3.5 does not properly ...) NOT-FOR-US: microsoft windows_xp CVE-2009-0092 RESERVED CVE-2009-0093 (Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and ...) NOT-FOR-US: microsoft windows_server_2008 CVE-2009-0094 (The WINS server in Microsoft Windows 2000 SP4 and Server 2003 SP1 and ...) NOT-FOR-US: microsoft windows_server_2008 CVE-2009-0095 (Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 does not ...) NOT-FOR-US: Visio CVE-2009-0096 (Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 does not ...) NOT-FOR-US: Microsoft CVE-2009-0097 (Microsoft Office Visio 2002 SP2 and 2003 SP3 does not properly ...) NOT-FOR-US: Microsoft CVE-2009-0098 (Microsoft Exchange 2000 Server SP3, Exchange Server 2003 SP2, and ...) NOT-FOR-US: Microsoft CVE-2009-0099 (The Electronic Messaging System Microsoft Data Base (EMSMDB32) ...) NOT-FOR-US: Microsoft Exchange CVE-2009-0100 (Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; ...) NOT-FOR-US: Microsoft Office CVE-2009-0101 RESERVED CVE-2009-0102 (Microsoft Project 2000 SR1 and 2002 SP1, and Office Project 2003 SP3, ...) NOT-FOR-US: Microsoft CVE-2009-0103 (Multiple PHP remote file inclusion vulnerabilities in playSMS 0.9.3 ...) NOT-FOR-US: playsms CVE-2009-0104 (SQL injection vulnerability in index.php in EZpack 4.2b2 allows remote ...) NOT-FOR-US: se ed ezpack CVE-2009-0105 (Cross-site scripting (XSS) vulnerability in index.php in EZpack 4.2b2 ...) NOT-FOR-US: se ed ezpack CVE-2009-0106 (SQL injection vulnerability in profile.php in PHPAuctions (aka ...) NOT-FOR-US: phpauctions CVE-2009-0107 (Cross-site scripting (XSS) vulnerability in profile.php in PHPAuctions ...) NOT-FOR-US: phpauctions CVE-2009-0108 (PHPAuctions (aka PHPAuctionSystem) allows remote attackers to bypass ...) NOT-FOR-US: phpauctions CVE-2009-0109 (SQL injection vulnerability in index.php in RiotPix 0.61 and earlier ...) NOT-FOR-US: riotpix CVE-2009-0110 (SQL injection vulnerability in read.php in RiotPix 0.61 and earlier ...) NOT-FOR-US: riotpix CVE-2009-0111 (SQL injection vulnerability in frontpage.php in Goople CMS 1.8.2 and ...) NOT-FOR-US: goople_cms CVE-2009-0112 (Cross-site request forgery (CSRF) vulnerability in ...) NOT-FOR-US: expinion poll_pro CVE-2009-0113 (Directory traversal vulnerability in attachmentlibrary.php in the ...) NOT-FOR-US: joomla xstandard CVE-2009-0114 (Unspecified vulnerability in the Settings Manager in Adobe Flash ...) BUG: 260264 CVE-2009-0115 (The Device Mapper multipathing driver (aka multipath-tools or ...) BUG: 264564 CVE-2009-0116 RESERVED CVE-2009-0117 RESERVED CVE-2009-0118 RESERVED CVE-2009-0119 (Buffer overflow in Microsoft Windows XP SP3 allows remote attackers to ...) NOT-FOR-US: Microsoft CVE-2009-0120 (The IBM WebSphere DataPower XML Security Gateway XS40 with firmware ...) NOT-FOR-US: IBM CVE-2009-0121 (SQL injection vulnerability in frontpage.php in Goople CMS 1.8.2 ...) NOT-FOR-US: Goople CMS CVE-2009-0122 (hplip.postinst in HP Linux Imaging and Printing (HPLIP) 2.7.7 and ...) NOT-FOR-US: Debian specific postinst http://launchpadlibrarian.net/20545796/hplip-gutsy.diff CVE-2009-0123 (Unspecified vulnerability in Apple Safari on Mac OS X 10.5 and Windows ...) NOT-FOR-US: Apple Safari on Mac OS X CVE-2009-0124 (The tqsl_verifyDataBlock function in openssl_cert.cpp in American ...) NOT-FOR-US: American Radio Relay League ARRL tqsllib CVE-2009-0125 (** DISPUTED ** ...) BUG: 255576 CVE-2009-0126 (The decrypt_public function in lib/crypt.cpp in the client in Berkeley ...) BUG: 248749 CVE-2009-0127 (** DISPUTED ** M2Crypto does not properly check the return value from ...) NOT-FOR-US: Disputed in redhat bug 479676 CVE-2009-0128 (plugins/crypto/openssl/crypto_openssl.c in Simple Linux Utility for ...) NOT-FOR-US: llnl slurm CVE-2009-0129 (libcrypt-openssl-dsa-perl does not properly check the return value ...) BUG: 258864 CVE-2009-0130 (** DISPUTED ** lib/crypto/c_src/crypto_drv.c in erlang does not ...) NOT-FOR-US: disputed in debian bug 511520 CVE-2009-0131 (The UFS implementation in the kernel in Sun OpenSolaris snv_29 through ...) NOT-FOR-US: kernel CVE-2009-0132 (Integer overflow in the aio_suspend function in Sun Solaris 8 through ...) NOT-FOR-US: aio_suspend function in Sun Solaris CVE-2009-0133 (Buffer overflow in Microsoft HTML Help Workshop 4.74 and earlier ...) NOT-FOR-US: Microsoft HTML Help Workshop CVE-2009-0134 (Insecure method vulnerability in the EasyGrid.SGCtrl.32 ActiveX ...) NOT-FOR-US: share2 easy_grid_control CVE-2009-0135 (Multiple integer overflows in the Audible::Tag::readTag function in ...) BUG: 254896 CVE-2009-0136 (Multiple array index errors in the Audible::Tag::readTag function in ...) BUG: 254896 CVE-2009-0137 (Multiple unspecified vulnerabilities in Safari RSS in Apple Mac OS X ...) NOT-FOR-US: apple safari CVE-2009-0138 (servermgrd (Server Manager) in Apple Mac OS X 10.5.6 does not properly ...) NOT-FOR-US: apple mac_os_x_server CVE-2009-0139 (Integer overflow in the SMB component in Apple Mac OS X 10.5.6 allows ...) NOT-FOR-US: apple mac_os_x_server CVE-2009-0140 (Unspecified vulnerability in the SMB component in Apple Mac OS X ...) NOT-FOR-US: apple mac_os_x_server CVE-2009-0141 (XTerm in Apple Mac OS X 10.4.11 and 10.5.6, when used with luit, ...) NOT-FOR-US: apple mac_os_x CVE-2009-0142 (Race condition in AFP Server in Apple Mac OS X 10.5.6 allows local ...) NOT-FOR-US: apple mac_os_x_server CVE-2009-0143 (Apple iTunes before 8.1 does not properly inform the user about the ...) NOT-FOR-US: Apple CVE-2009-0144 (CFNetwork in Apple Mac OS X 10.5 before 10.5.7 does not properly parse ...) NOT-FOR-US: apple mac_os_x_server CVE-2009-0145 (CoreGraphics in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7, iPhone ...) NOT-FOR-US: apple mac_os_x_server CVE-2009-0146 (Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and ...) BUG: 263028 CVE-2009-0147 (Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and ...) BUG: 263028 CVE-2009-0148 (Multiple buffer overflows in Cscope before 15.7a allow remote ...) BUG: 263023 CVE-2009-0149 (Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows local users to ...) NOT-FOR-US: apple mac_os_x_server CVE-2009-0150 (Stack-based buffer overflow in Apple Mac OS X 10.5 before 10.5.7 ...) NOT-FOR-US: apple mac_os_x_server CVE-2009-0151 (The screen saver in Dock in Apple Mac OS X 10.5 before 10.5.8 does not ...) NOT-FOR-US: apple mac_os_x_server CVE-2009-0152 (iChat in Apple Mac OS X 10.5 before 10.5.7 disables SSL for AOL ...) NOT-FOR-US: apple mac_os_x_server CVE-2009-0153 (International Components for Unicode (ICU) 4.0, 3.6, and other 3.x ...) NOT-FOR-US: apple mac_os_x_server CVE-2009-0154 (Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac ...) NOT-FOR-US: apple mac_os_x_server CVE-2009-0155 (Integer underflow in CoreGraphics in Apple Mac OS X 10.5 before ...) NOT-FOR-US: apple mac_os_x_server CVE-2009-0156 (Launch Services in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 ...) NOT-FOR-US: apple mac_os_x_server CVE-2009-0157 (Heap-based buffer overflow in CFNetwork in Apple Mac OS X 10.5 before ...) NOT-FOR-US: apple mac_os_x_server CVE-2009-0158 (Stack-based buffer overflow in telnet in Apple Mac OS X 10.4.11 and ...) NOT-FOR-US: apple mac_os_x_server CVE-2009-0159 (Stack-based buffer overflow in the cookedprint function in ntpq/ntpq.c ...) BUG: 263033 CVE-2009-0160 (QuickDraw Manager in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 ...) NOT-FOR-US: apple mac_os_x_server CVE-2009-0161 (The OpenSSL::OCSP module for Ruby in Apple Mac OS X 10.5 before 10.5.7 ...) NOT-FOR-US: apple mac_os_x_server CVE-2009-0162 (Cross-site scripting (XSS) vulnerability in Safari before 3.2.3, and 4 ...) NOT-FOR-US: apple safari CVE-2009-0163 (Integer overflow in the TIFF image decoding routines in CUPS 1.3.9 and ...) BUG: 263070 CVE-2009-0164 (The web interface for CUPS before 1.3.10 does not validate the HTTP ...) BUG: 263070 CVE-2009-0165 (Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, as ...) BUG: 263028 CVE-2009-0166 (The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, ...) BUG: 263028 CVE-2009-0167 (Unspecified vulnerability in lpadmin in Sun Solaris 10 and OpenSolaris ...) NOT-FOR-US: lpadmin in Sun Solaris CVE-2009-0168 (Unspecified vulnerability in ppdmgr in Sun Solaris 10 and OpenSolaris ...) NOT-FOR-US: ppdmgr in Sun Solaris CVE-2009-0169 (Sun Java System Access Manager 7.1 allows remote authenticated ...) NOT-FOR-US: sub realm CVE-2009-0170 (Sun Java System Access Manager 6.3 2005Q1, 7 2005Q4, and 7.1 allows ...) NOT-FOR-US: the CVE-2009-0171 (The Sun SPARC Enterprise M4000 and M5000 Server, within a certain ...) NOT-FOR-US: Sun CVE-2009-0172 (Unspecified vulnerability in IBM DB2 8 before FP17a, 9.1 before FP6a, ...) NOT-FOR-US: IBM CVE-2009-0173 (Unspecified vulnerability in the server in IBM DB2 8 before FP17a, 9.1 ...) NOT-FOR-US: server CVE-2009-0174 (Stack-based buffer overflow in VUPlayer 2.49 allows remote attackers ...) NOT-FOR-US: vuplayer CVE-2009-0175 (Heap-based buffer overflow in Heathco Software MP3 TrackMaker 1.5 ...) NOT-FOR-US: heathcosoft mp3_trackmaker CVE-2009-0176 (Multiple heap-based buffer overflows in the PDF distiller in the ...) NOT-FOR-US: research_in_motion_limited blackberry_unite CVE-2009-0177 (vmwarebase.dll, as used in the vmware-authd service (aka ...) NOT-FOR-US: Windows only affected CVE-2009-0178 (Unspecified vulnerability in IBM Hardware Management Console (HMC) 7 ...) NOT-FOR-US: IBM Hardware Management Console HMC CVE-2009-0179 (libmikmod 3.1.11 through 3.2.0, as used by MikMod and possibly other ...) BUG: 255363 CVE-2009-0180 (Certain Fedora build scripts for nfs-utils before 1.1.2-9.fc9 on ...) NOT-FOR-US: nfs utils CVE-2009-0181 (Buffer overflow in VUPlayer allows user-assisted attackers to have an ...) NOT-FOR-US: VUPlayer CVE-2009-0182 (Buffer overflow in VUPlayer 2.49 and earlier allows user-assisted ...) NOT-FOR-US: VUPlayer CVE-2009-0183 (Stack-based buffer overflow in Remote Control Server in Free Download ...) NOT-FOR-US: free_download_manager CVE-2009-0184 (Multiple buffer overflows in the torrent parsing implementation in ...) NOT-FOR-US: free_download_manager CVE-2009-0185 (Heap-based buffer overflow in Apple QuickTime before 7.6.2 allows ...) NOT-FOR-US: apple quicktime CVE-2009-0186 (Integer overflow in libsndfile 1.0.18, as used in Winamp and other ...) BUG: 261173 CVE-2009-0187 (Stack-based buffer overflow in Orbit Downloader 2.8.2 and 2.8.3, and ...) NOT-FOR-US: Orbit Downloader CVE-2009-0188 (Apple QuickTime before 7.6.2 allows remote attackers to execute ...) NOT-FOR-US: apple quicktime CVE-2009-0189 RESERVED CVE-2009-0190 RESERVED CVE-2009-0191 (Foxit Reader 2.3 before Build 3902 and 3.0 before Build 1506, ...) NOT-FOR-US: foxitsoftware foxit_reader CVE-2009-0192 (Off-by-one error in the iMonitor component in Novell eDirectory 8.8 ...) NOT-FOR-US: novell edirectory CVE-2009-0193 (Heap-based buffer overflow in Adobe Acrobat Reader 9 before 9.1, 8 ...) BUG: 259992 CVE-2009-0194 (The domain-locking implementation in the ...) NOT-FOR-US: garmin_communicator_plugin CVE-2009-0195 (Heap-based buffer overflow in Xpdf 3.02pl2 and earlier, CUPS 1.3.9, ...) BUG: 263028 CVE-2009-0196 (Heap-based buffer overflow in the big2_decode_symbol_dict function ...) BUG: 264594 CVE-2009-0197 (Integer overflow in the FORMATS Plugin before 4.23 for IrfanView ...) NOT-FOR-US: irfanview formats CVE-2009-0198 (Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and ...) BUG: 273908 CVE-2009-0199 (Heap-based buffer overflow in the VMnc media codec in vmnc.dll in ...) NOT-FOR-US: Windows only CVE-2009-0200 (Integer underflow in OpenOffice.org (OOo) before 3.1.1 and ...) BUG: 283370 CVE-2009-0201 (Heap-based buffer overflow in OpenOffice.org (OOo) before 3.1.1 and ...) BUG: 283370 CVE-2009-0202 (Array index error in FL21WIN.DLL in the PowerPoint Freelance Windows ...) NOT-FOR-US: microsoft office_powerpoint CVE-2009-0203 RESERVED CVE-2009-0204 (Cross-site scripting (XSS) vulnerability in HP Select Access 6.1 and ...) NOT-FOR-US: HP Select Access CVE-2009-0205 RESERVED CVE-2009-0206 (Unspecified vulnerability in NFS in HP ONCplus B.11.31.05 and earlier ...) NOT-FOR-US: NFS CVE-2009-0207 (Unspecified vulnerability in HP-UX B.11.11 running VERITAS Oracle Disk ...) NOT-FOR-US: HP UX CVE-2009-0208 (Unspecified vulnerability in HP Virtual Rooms Client before 7.0.1, ...) NOT-FOR-US: hp virtual_rooms CVE-2009-0209 (PI Server in OSIsoft PI System before 3.4.380.x does not properly use ...) NOT-FOR-US: OSIsoft PI System CVE-2009-0210 (Buffer overflow in the MLF application in AREVA e-terrahabitat 5.7 and ...) NOT-FOR-US: MLF application in AREVA e terrahabitat CVE-2009-0211 (Unspecified vulnerability in the WebFGServer application in AREVA ...) NOT-FOR-US: WebFGServer application in AREVA e terrahabitat CVE-2009-0212 (Unspecified vulnerability in the WebFGServer application in AREVA ...) NOT-FOR-US: WebFGServer application in AREVA e terrahabitat CVE-2009-0213 (Unspecified vulnerability in the NETIO application in AREVA ...) NOT-FOR-US: NETIO application in AREVA e terrahabitat CVE-2009-0214 (Unspecified vulnerability in the WebFGServer application in AREVA ...) NOT-FOR-US: WebFGServer application in AREVA e terrahabitat CVE-2009-0215 (Stack-based buffer overflow in the GetXMLValue method in the IBM ...) NOT-FOR-US: ibm access_support_activex_control CVE-2009-0216 (GE Fanuc iFIX 5.0 and earlier relies on client-side authentication ...) NOT-FOR-US: ge_fanuc ifix CVE-2009-0217 (The design of the W3C XML Signature Syntax and Processing (XMLDsig) ...) BUG: 277872 CVE-2009-0218 (Insecure method vulnerability in Particle Software IntraLaunch ...) NOT-FOR-US: particlesoftware intralaunch CVE-2009-0219 (The PDF distiller in the Attachment Service in Research in Motion ...) NOT-FOR-US: research_in_motion_limited blackberry_unite CVE-2009-0220 (Multiple stack-based buffer overflows in the PowerPoint 4.0 importer ...) NOT-FOR-US: microsoft office_powerpoint CVE-2009-0221 (Integer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 ...) NOT-FOR-US: microsoft office_powerpoint CVE-2009-0222 (Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows ...) NOT-FOR-US: microsoft office_powerpoint CVE-2009-0223 (Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows ...) NOT-FOR-US: microsoft office_powerpoint CVE-2009-0224 (Microsoft Office PowerPoint 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1 ...) NOT-FOR-US: microsoft works CVE-2009-0225 (Microsoft Office PowerPoint 2002 SP3 allows remote attackers to ...) NOT-FOR-US: microsoft office_powerpoint CVE-2009-0226 (Stack-based buffer overflow in the PowerPoint 4.2 conversion filter in ...) NOT-FOR-US: microsoft office_powerpoint CVE-2009-0227 (Stack-based buffer overflow in the PowerPoint 4.2 conversion filter ...) NOT-FOR-US: microsoft office_powerpoint CVE-2009-0228 (Stack-based buffer overflow in the EnumeratePrintShares function in ...) NOT-FOR-US: microsoft windows_2000 CVE-2009-0229 (The Windows Printing Service in Microsoft Windows 2000 SP4, XP SP2 and ...) NOT-FOR-US: microsoft windows_xp CVE-2009-0230 (The Windows Print Spooler in Microsoft Windows 2000 SP4, XP SP2 and ...) NOT-FOR-US: microsoft windows_xp CVE-2009-0231 (The Embedded OpenType (EOT) Font Engine (T2EMBED.DLL) in Microsoft ...) NOT-FOR-US: Embedded OpenType EOT Font Engine in Microsoft Windows CVE-2009-0232 (Integer overflow in the Embedded OpenType (EOT) Font Engine in ...) NOT-FOR-US: Embedded OpenType EOT Font Engine in Microsoft Windows CVE-2009-0233 (The DNS Resolver Cache Service (aka DNSCache) in Windows DNS Server in ...) NOT-FOR-US: microsoft windows_server_2008 CVE-2009-0234 (The DNS Resolver Cache Service (aka DNSCache) in Windows DNS Server in ...) NOT-FOR-US: microsoft windows_server_2008 CVE-2009-0235 (Stack-based buffer overflow in the Word 97 text converter in WordPad ...) NOT-FOR-US: Word CVE-2009-0236 RESERVED CVE-2009-0237 (Cross-site scripting (XSS) vulnerability in cookieauth.dll in the HTML ...) NOT-FOR-US: HTML forms authentication component in Microsoft Forefront Threat Management Gateway Medium Business Edition TMG MBE and Internet Security and Acceleration ISA Server CVE-2009-0238 (Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; ...) NOT-FOR-US: microsoft office_excel_viewer CVE-2009-0239 (Cross-site scripting (XSS) vulnerability in Windows Search 4.0 for ...) NOT-FOR-US: microsoft windows_xp CVE-2009-0240 (listing.php in WebSVN 2.0 and possibly 1.7 beta, when using an SVN ...) BUG: 243852 CVE-2009-0241 (Stack-based buffer overflow in the process_path function in ...) BUG: 255366 CVE-2009-0242 REJECTED CVE-2009-0243 (Microsoft Windows does not properly enforce the Autorun and ...) NOT-FOR-US: microsoft windows_xp CVE-2009-0244 (Directory traversal vulnerability in the OBEX FTP Service in the ...) NOT-FOR-US: microsoft windows_mobile CVE-2009-0245 (Cross-site scripting (XSS) vulnerability in Usagi Project MyNETS ...) NOT-FOR-US: usagi mynets CVE-2009-0246 (Stack-based buffer overflow in easyHDR PRO 1.60.2 allows user-assisted ...) NOT-FOR-US: easyhdr CVE-2009-0247 (The server for 53KF Web IM 2009 Home, Professional, and Enterprise ...) NOT-FOR-US: 53kf web_im_2009 CVE-2009-0248 (Cross-site scripting (XSS) vulnerability in rankup.asp in Katy Whitton ...) NOT-FOR-US: katywhitton rankem CVE-2009-0249 (Katy Whitton RankEm stores sensitive information under the web root ...) NOT-FOR-US: katywhitton rankem CVE-2009-0250 (Ryneezy phoSheezy 0.2 stores sensitive information under the web root ...) NOT-FOR-US: ryneezy phosheezy CVE-2009-0251 (Static code injection vulnerability in admin.php in Ryneezy phoSheezy ...) NOT-FOR-US: ryneezy phosheezy CVE-2009-0252 (Multiple SQL injection vulnerabilities in default.asp in Enthrallweb ...) NOT-FOR-US: enthrallweb ereservations CVE-2009-0253 (Mozilla Firefox 3.0.5 allows remote attackers to trick a user into ...) BUG: 256131 CVE-2009-0254 (Stack-based buffer overflow in easyHDR PRO 1.60.2 allows user-assisted ...) NOT-FOR-US: easyhdr CVE-2009-0255 (The System extension Install tool in TYPO3 4.0.0 through 4.0.9, 4.1.0 ...) NOT-FOR-US: typo3 CVE-2009-0256 (Session fixation vulnerability in the authentication library in TYPO3 ...) NOT-FOR-US: typo3 CVE-2009-0257 (Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 4.0.0 ...) NOT-FOR-US: typo3 CVE-2009-0258 (The Indexed Search Engine (indexed_search) system extension in TYPO3 ...) NOT-FOR-US: typo3 CVE-2009-0259 (The Word processor in OpenOffice.org 1.1.2 through 1.1.5 allows remote ...) NOTE: Only affects old OOo versions CVE-2009-0260 (Multiple cross-site scripting (XSS) vulnerabilities in ...) BUG: 256128 CVE-2009-0261 (Stack-based buffer overflow in EffectMatrix Total Video Player 1.31 ...) NOT-FOR-US: EffectMatrix Total Video Player CVE-2009-0262 (Stack-based buffer overflow in Triologic Media Player 7 and 8.0.0.0 ...) NOT-FOR-US: Triologic Media Player CVE-2009-0263 (Multiple buffer overflows in Winamp 5.541 and earlier allow remote ...) NOT-FOR-US: Winamp CVE-2009-0264 (Buffer overflow in the Registry Setting Tool in Fujitsu ...) NOT-FOR-US: fujitsu systemcastwizard_lite CVE-2009-0265 (Internet Systems Consortium (ISC) BIND 9.6.0 and earlier does not ...) BUG: 257949 CVE-2009-0266 (Stack-based buffer overflow in Triologic Media Player 8.0.0.0 allows ...) NOT-FOR-US: trilogic media_player CVE-2009-0267 (libike in Sun Solaris 9 and 10, and OpenSolaris before snv_100, does ...) NOT-FOR-US: sun solaris CVE-2009-0268 (Race condition in the pseudo-terminal (aka pty) driver module in Sun ...) NOT-FOR-US: sun solaris CVE-2009-0269 (fs/ecryptfs/inode.c in the eCryptfs subsystem in the Linux kernel ...) BUG: 256460 CVE-2009-0270 (Stack-based buffer overflow in PXEService.exe in Fujitsu ...) NOT-FOR-US: fujitsu systemcastwizard_lite CVE-2009-0271 (Directory traversal vulnerability in the TFTP service in Fujitsu ...) NOT-FOR-US: fujitsu systemcastwizard_lite CVE-2009-0272 (Cross-site request forgery (CSRF) vulnerability in Novell GroupWise ...) NOT-FOR-US: novell groupwise CVE-2009-0273 (Multiple cross-site scripting (XSS) vulnerabilities in Novell ...) NOT-FOR-US: novell groupwise CVE-2009-0274 (Unspecified vulnerability in WebAccess in Novell GroupWise 6.5, 7.0, ...) NOT-FOR-US: novell groupwise CVE-2009-0275 (Static code injection vulnerability in admin.php in Ryneezy phoSheezy ...) NOT-FOR-US: ryneezy phosheezy CVE-2009-0276 (Cross-domain vulnerability in the V8 JavaScript engine in Google ...) NOT-FOR-US: google chrome CVE-2009-0277 (Unspecified vulnerability in the kernel in OpenSolaris snv_100 through ...) NOT-FOR-US: sun opensolaris CVE-2009-0278 (Sun Java System Application Server (AS) 8.1 and 8.2 allows remote ...) NOT-FOR-US: sun java_system_application_server CVE-2009-0279 (SQL injection vulnerability in comentar.php in Pardal CMS 0.2.0 and ...) NOT-FOR-US: pardalcms CVE-2009-0280 (Asp Project Management 1.0 allows remote attackers to bypass ...) NOT-FOR-US: asp project CVE-2009-0281 (SQL injection vulnerability in login.aspx in WarHound Walking Club ...) NOT-FOR-US: warhound walking_club CVE-2009-0282 (Integer overflow in Ralink Technology USB wireless adapter (RT73) 3.08 ...) NOT-FOR-US: ralinktech rt73 CVE-2009-0283 (Cross-site scripting (XSS) vulnerability in err.asp in Oblog allows ...) NOT-FOR-US: aobosoft oblog CVE-2009-0284 (SQL injection vulnerability in category.php in Flax Article Manager ...) NOT-FOR-US: flaxweb flax_article_manager CVE-2009-0285 (Cross-site scripting (XSS) vulnerability in error.asp in BBSXP 5.13 ...) NOT-FOR-US: bbsxp CVE-2009-0286 (Directory traversal vulnerability in upgrade/index.php in OpenGoo 1.1, ...) NOT-FOR-US: opengoo CVE-2009-0287 (SQL injection vulnerability in lib/patUser.php in KEEP Toolkit before ...) NOT-FOR-US: keep CVE-2009-0288 (Directory traversal vulnerability in k23productions TFTPUtil GUI 1.2.0 ...) NOT-FOR-US: windows_tftp_utility tftputil CVE-2009-0289 (k23productions TFTPUtil GUI 1.2.0 and 1.3.0 allows remote attackers to ...) NOT-FOR-US: windows_tftp_utility tftputil CVE-2009-0290 (Directory traversal vulnerability in common.php in SIR GNUBoard ...) NOT-FOR-US: sir gnuboard CVE-2009-0291 (Directory traversal vulnerability in fc.php in OpenX 2.6.3 allows ...) NOT-FOR-US: OpenX CVE-2009-0292 (SQL injection vulnerability in show_cat2.php in SHOP-INET 4 allows ...) NOT-FOR-US: SHOP INET CVE-2009-0293 (SQL injection vulnerability in profile_view.php in Wazzum Dating ...) NOT-FOR-US: Wazzum Dating Software possibly CVE-2009-0294 (Multiple PHP remote file inclusion vulnerabilities in WB News 2.0.1, ...) NOT-FOR-US: WB News CVE-2009-0295 (SQL injection vulnerability in index.php in Information Technology ...) NOT-FOR-US: Information Technology Light Poll Information ITLPoll CVE-2009-0296 (SQL injection vulnerability in shop_display_products.php in Script ...) NOT-FOR-US: Script Toko Online CVE-2009-0297 (SQL injection vulnerability in login_check.asp in ClickAuction allows ...) NOT-FOR-US: ClickAuction CVE-2009-0298 (Heap-based buffer overflow in MW6 Technologies Barcode ActiveX control ...) NOT-FOR-US: MW6 CVE-2009-0299 (SQL injection vulnerability in index.php in Groone GLinks 2.1 allows ...) NOT-FOR-US: Groone GLinks CVE-2009-0300 REJECTED NOT-FOR-US: NewsCMSlite CVE-2009-0301 (Multiple insecure method vulnerabilities in the FlexCell.Grid ActiveX ...) NOT-FOR-US: FlexCell Grid ActiveX control FlexCell ocx in FlexCell Grid Control CVE-2009-0302 (SQL injection vulnerability in the Downloads 8.0 module for PHP-Nuke, ...) NOT-FOR-US: PHP-Nuke CVE-2009-0303 (Cross-site scripting (XSS) vulnerability in Web Help Desk before ...) NOT-FOR-US: Web Help Desk CVE-2009-0304 (The kernel in Sun Solaris 10 and 11 snv_101b, and OpenSolaris before ...) NOT-FOR-US: Sun Solaris CVE-2009-0305 (Multiple stack-based buffer overflows in the Research in Motion RIM ...) NOT-FOR-US: Research in Motion RIM AxLoader ActiveX control in AxLoader ocx and AxLoader dll in BlackBerry Application Web Loader CVE-2009-0306 (Buffer overflow in the IBM Lotus Notes Intellisync ActiveX control in ...) NOT-FOR-US: ibm lotus_notes_intellisync CVE-2009-0307 (Cross-site scripting (XSS) vulnerability in the "Customize Statistics ...) NOT-FOR-US: blackberry enterprise_server CVE-2009-0308 RESERVED CVE-2009-0309 RESERVED CVE-2009-0310 (Buffer overflow in SUSE blinux (aka sbl) in SUSE openSUSE 10.3 through ...) NOT-FOR-US: SUSE blinux aka sbl in SUSE openSUSE CVE-2009-0311 (The Backbone service (ftbackbone.exe) in EMC AutoStart before 5.3 SP2 ...) NOT-FOR-US: EMC AutoStart CVE-2009-0312 (Cross-site scripting (XSS) vulnerability in the antispam feature ...) BUG: 256621 CVE-2009-0313 (winetricks before 20081223 allows local users to overwrite arbitrary ...) NOT-FOR-US: winetricks CVE-2009-0314 (Untrusted search path vulnerability in the Python module in gedit ...) BUG: 257004 CVE-2009-0315 (Untrusted search path vulnerability in the Python module in xchat ...) BUG: 257006 CVE-2009-0316 (Untrusted search path vulnerability in src/if_python.c in the Python ...) BUG: 257007 CVE-2009-0317 (Untrusted search path vulnerability in the Python language bindings ...) BUG: 257011 CVE-2009-0318 (Untrusted search path vulnerability in the GObject Python interpreter ...) BUG: 257012 CVE-2009-0319 (Unspecified vulnerability in the autofs module in the kernel in Sun ...) NOT-FOR-US: sun solaris CVE-2009-0320 (Microsoft Windows XP, Server 2003 and 2008, and Vista exposes I/O ...) NOT-FOR-US: microsoft windows_xp CVE-2009-0321 (Apple Safari 3.2.1 (aka AppVer 3.525.27.1) on Windows allows remote ...) NOT-FOR-US: apple safari CVE-2009-0322 (drivers/firmware/dell_rbu.c in the Linux kernel before 2.6.27.13, and ...) BUG: 257014 CVE-2009-0323 (Multiple stack-based buffer overflows in W3C Amaya Web Browser 10.0 ...) NOT-FOR-US: w3 amaya CVE-2009-0324 (Multiple SQL injection vulnerabilities in BibCiter 1.4 allow remote ...) NOT-FOR-US: bibciter CVE-2009-0325 (Directory traversal vulnerability in entries/index.php in Ninja Blog ...) NOT-FOR-US: ninjadesigns ninja_blog CVE-2009-0326 (SQL injection vulnerability in login.php in Dark Age CMS 0.2c beta ...) NOT-FOR-US: dark_age_cms CVE-2009-0327 (SQL injection vulnerability in readbible.php in Free Bible Search PHP ...) NOT-FOR-US: seraphimtech free_bible_search_php_script CVE-2009-0328 (ROBS-PROJECTS Digital Sales IPN (aka DS-IPN.NET or DS-IPN Paypal Shop) ...) NOT-FOR-US: robs projects digital_sales_ipn CVE-2009-0329 (SQL injection vulnerability in the PcCookBook (com_pccookbook) ...) NOT-FOR-US: joomla com_pccookbook CVE-2009-0330 (Directory traversal vulnerability in index.php in Simple Content ...) NOT-FOR-US: wss pro simple_content_management_system CVE-2009-0331 (Directory traversal vulnerability in gallery/comment.php in Enhanced ...) NOT-FOR-US: quirm espg CVE-2009-0332 (Multiple SQL injection vulnerabilities in AV Book Library before 1.1 ...) NOT-FOR-US: avbooklibrary CVE-2009-0333 (SQL injection vulnerability in the WebAmoeba (WA) Ticket System ...) NOT-FOR-US: joomla com_waticketsystem CVE-2009-0334 (SQL injection vulnerability in index.asp in Katy Whitton BlogIt! ...) NOT-FOR-US: katywhitton blogit CVE-2009-0335 (Cross-site scripting (XSS) vulnerability in index.asp in Katy Whitton ...) NOT-FOR-US: katywhitton blogit CVE-2009-0336 (Katy Whitton BlogIt! stores sensitive information under the web root ...) NOT-FOR-US: katywhitton blogit CVE-2009-0337 (SQL injection vulnerability in index.asp in Katy Whitton BlogIt! ...) NOT-FOR-US: katywhitton blogit CVE-2009-0338 (Cross-site scripting (XSS) vulnerability in inc_webblogmanager.asp in ...) NOT-FOR-US: dmxready blog_manager CVE-2009-0339 (SQL injection vulnerability in inc_webblogmanager.asp in DMXReady Blog ...) NOT-FOR-US: dmxready blog_manager CVE-2009-0340 (Multiple directory traversal vulnerabilities in Simple PHP Newsletter ...) NOT-FOR-US: quirm simple_php_newsletter CVE-2009-0341 (The shell32 module in Microsoft Internet Explorer 7.0 on Windows XP ...) NOT-FOR-US: microsoft internet_explorer CVE-2009-0342 (Niels Provos Systrace before 1.6f on the x86_64 Linux platform allows ...) NOT-FOR-US: niels_provos systrace CVE-2009-0343 (Niels Provos Systrace 1.6f and earlier on the x86_64 Linux platform ...) NOT-FOR-US: niels_provos systrace CVE-2009-0344 (Unspecified vulnerability in the Embedded Lights Out Manager (ELOM) on ...) NOT-FOR-US: sun fire_x2200_m2 CVE-2009-0345 (Unspecified vulnerability in the Embedded Lights Out Manager (ELOM) on ...) NOT-FOR-US: sun fire_x2200_m2 CVE-2009-0346 (The IP-in-IP packet processing implementation in the IPsec and IP ...) NOT-FOR-US: sun solaris CVE-2009-0347 (Open redirect vulnerability in cs.html in the Autonomy (formerly ...) NOT-FOR-US: autonomy ultraseek CVE-2009-0348 (The login module in Sun Java System Access Manager 6 2005Q1 (aka 6.3), ...) NOT-FOR-US: sun java_system_access_manager CVE-2009-0349 (Stack-based buffer overflow in FTPShell Server 4.3 allows ...) NOT-FOR-US: n CVE-2009-0350 (Stack-based buffer overflow in Merak Media Player 3.2 allows remote ...) NOT-FOR-US: merak media_player CVE-2009-0351 (Stack-based buffer overflow in WFTPSRV.exe in WinFTP 2.3.0 allows ...) NOT-FOR-US: wftpserver winftp_ftp_server CVE-2009-0352 (Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before ...) BUG: 257577 CVE-2009-0353 (Unspecified vulnerability in Mozilla Firefox 3.x before 3.0.6, ...) BUG: 257577 CVE-2009-0354 (Cross-domain vulnerability in js/src/jsobj.cpp in Mozilla Firefox 3.x ...) BUG: 257577 CVE-2009-0355 (components/sessionstore/src/nsSessionStore.js in Mozilla Firefox ...) BUG: 257577 CVE-2009-0356 (Mozilla Firefox before 3.0.6 and SeaMonkey do not block links to the ...) BUG: 257577 CVE-2009-0357 (Mozilla Firefox before 3.0.6 and SeaMonkey before 1.1.15 do not ...) BUG: 257577 CVE-2009-0358 (Mozilla Firefox 3.x before 3.0.6 does not properly implement the (1) ...) BUG: 257577 CVE-2009-0359 (Multiple cross-site scripting (XSS) vulnerabilities in Samizdat before ...) NOT-FOR-US: Samizdat CVE-2009-0360 (Russ Allbery pam-krb5 before 3.13, when linked against MIT Kerberos, ...) BUG: 257075 CVE-2009-0361 (Russ Allbery pam-krb5 before 3.13, as used by libpam-heimdal, su in ...) BUG: 257075 CVE-2009-0362 (filter.d/wuftpd.conf in Fail2ban 0.8.3 uses an incorrect regular ...) BUG: 258866 CVE-2009-0363 (Multiple buffer overflows in (a) BarnOwl before 1.0.5 and (b) owl ...) NOT-FOR-US: a BarnOwl CVE-2009-0364 (Format string vulnerability in the mini_calendar component in ...) NOT-FOR-US: citadel webcit CVE-2009-0365 (nm-applet.conf in GNOME NetworkManager before 0.7.0.99 contains an ...) NOT-FOR-US: We're not ubuntu CVE-2009-0366 (The uncompress_buffer function in src/server/simple_wml.cpp in Wesnoth ...) BUG: 260058 CVE-2009-0367 (The Python AI module in Wesnoth 1.4.x and 1.5 before 1.5.11 allows ...) BUG: 261282 CVE-2009-0368 (OpenSC before 0.11.7 allows physically proximate attackers to bypass ...) BUG: 260514 CVE-2009-0369 (Microsoft Internet Explorer 7 allows remote attackers to trick a user ...) NOT-FOR-US: Microsoft CVE-2009-0370 (Multiple unspecified vulnerabilities in IBM AIX 5.2.0 through 6.1.2 ...) NOT-FOR-US: IBM AIX CVE-2009-0371 (Directory traversal vulnerability in post.php in SiteXS CMS 0.1.1 and ...) NOT-FOR-US: SiteXS CMS CVE-2009-0372 (Unrestricted file upload vulnerability in index.php in Miltenovik ...) NOT-FOR-US: Miltenovik Manojlo MemHT Portal CVE-2009-0373 (SQL injection vulnerability in the ElearningForce Flash Magazine ...) NOT-FOR-US: ElearningForce CVE-2009-0374 (** DISPUTED ** ...) NOT-FOR-US: google chrome CVE-2009-0375 (Buffer overflow in a DLL file in RealNetworks RealPlayer 10, ...) NOTE: masked CVE-2009-0376 (Heap-based buffer overflow in a DLL file in RealNetworks RealPlayer ...) NOTE: masked CVE-2009-0377 (SQL injection vulnerability in the beamospetition (com_beamospetition) ...) NOT-FOR-US: joomla com_beamospetition CVE-2009-0378 (Cross-site scripting (XSS) vulnerability in index.php in the ...) NOT-FOR-US: joomla com_beamospetition CVE-2009-0379 (SQL injection vulnerability in the Prince Clan Chess Club ...) NOT-FOR-US: joomla com_pcchess CVE-2009-0380 (** DISPUTED ** ...) NOT-FOR-US: sigsiu net sobi2 CVE-2009-0381 (SQL injection vulnerability in the BazaarBuilder Ecommerce Shopping ...) NOT-FOR-US: bazaarbuilder ecommerce_shopping_cart CVE-2009-0382 (Unspecified vulnerability in Internationalization (i18n) Translation ...) NOTE: 3rd party module CVE-2009-0383 (delete.php in Max.Blog 1.0.6 does not properly restrict access, which ...) NOT-FOR-US: mzbservices max blog CVE-2009-0384 (SQL injection vulnerability in autor.php in OwnRS CMS 1.2 allows ...) NOT-FOR-US: ownrs CVE-2009-0385 (Integer signedness error in the fourxm_read_header function in ...) BUG: 257380 CVE-2009-0386 (Heap-based buffer overflow in the qtdemux_parse_samples function in ...) BUG: 256096 CVE-2009-0387 (Array index error in the qtdemux_parse_samples function in ...) BUG: 256096 CVE-2009-0388 (Multiple integer signedness errors in (1) UltraVNC 1.0.2 and 1.0.5 and ...) BUG: 257953 CVE-2009-0389 (Multiple insecure method vulnerabilities in the Web On Windows (WOW) ...) NOT-FOR-US: eztools software web_on_windows_activex CVE-2009-0390 (Argument injection vulnerability in Enomaly Elastic Computing Platform ...) NOT-FOR-US: enomaly elastic_computing_platform CVE-2009-0391 (Unspecified vulnerability in IBM WebSphere Application Server (WAS) ...) NOT-FOR-US: ibm websphere_application_server CVE-2009-0392 (Directory traversal vulnerability in sysconf.cgi in Motorola Wimax ...) NOT-FOR-US: motorola cpei300 CVE-2009-0393 (Cross-site scripting (XSS) vulnerability in sysconf.cgi in Motorola ...) NOT-FOR-US: motorola cpei300 CVE-2009-0394 (SQL injection vulnerability in login.php in Pre Lecture Exercises ...) NOT-FOR-US: ple_cms CVE-2009-0395 (SQL injection vulnerability in the login feature in NetArt Media Car ...) NOT-FOR-US: netartmedia car_portal CVE-2009-0396 (The Sony Ericsson W910i, W660i, K618i, K610i, Z610i, K810i, K660i, ...) NOT-FOR-US: sony_ericsson z610i CVE-2009-0397 (Heap-based buffer overflow in the qtdemux_parse_samples function in ...) BUG: 256096 CVE-2009-0398 (Array index error in the gst_qtp_trak_handler function in ...) BUG: 256096 CVE-2009-0399 (Chipmunk Blogger Script allows remote attackers to gain administrator ...) NOT-FOR-US: chipmunk_scripts chipmunk_blogger CVE-2009-0400 (SQL injection vulnerability in blog.php in SocialEngine 3.06 trial ...) NOT-FOR-US: socialengine CVE-2009-0401 (SQL injection vulnerability in browsecats.php in E-Php CMS allows ...) NOT-FOR-US: ephpscripts e php_cms CVE-2009-0402 (SQL injection vulnerability in client/new_account.php in Domain ...) NOT-FOR-US: gplhost domain_technologie_control CVE-2009-0403 (SQL injection vulnerability in admin/authenticate.php in Chipmunk ...) NOT-FOR-US: chipmunk_scripts chipmunk_blogger CVE-2009-0404 (Multiple cross-site scripting (XSS) vulnerabilities in Bioinformatics ...) NOT-FOR-US: bioinformatics htmlawed CVE-2009-0405 (SQL injection vulnerability in articles.php in smartSite CMS 1.0 ...) NOT-FOR-US: smartsitecms CVE-2009-0406 (SQL injection vulnerability in index.php in Community CMS 0.4 and ...) NOT-FOR-US: community_cms CVE-2009-0407 (SQL injection vulnerability in admin/login.php in PHP-CMS Project 1 ...) NOT-FOR-US: php cms_project CVE-2009-0408 (Cross-site request forgery (CSRF) vulnerability in osCommerce 2.2 RC ...) NOT-FOR-US: oscommerce CVE-2009-0409 (SQL injection vulnerability in offline_auth.php in Max.Blog 1.0.6 and ...) NOT-FOR-US: mzbservices max blog CVE-2009-0410 (Off-by-one error in the SMTP daemon in GroupWise Internet Agent (GWIA) ...) NOT-FOR-US: novell groupwise CVE-2009-0411 (Google Chrome before 1.0.154.46 does not properly restrict access from ...) NOT-FOR-US: google chrome CVE-2009-0412 (The ProcessLogin function in class.auth.php in Interspire Shopping ...) NOT-FOR-US: interspire shopping_cart CVE-2009-0413 (Cross-site scripting (XSS) vulnerability in RoundCube Webmail ...) BUG: 257956 CVE-2009-0414 (Unspecified vulnerability in Tor before 0.2.0.33 has unspecified ...) BUG: 256078 CVE-2009-0415 (Untrusted search path vulnerability in trickle 1.07 allows local users ...) NOT-FOR-US: monkey trickle CVE-2009-0416 (The SSL certificate setup program (genSslCert.sh) in Standards Based ...) NOT-FOR-US: SBLIM sfcb CVE-2009-0417 (Cross-site scripting (XSS) vulnerability in the ...) BUG: 258779 CVE-2009-0418 (The IPv6 Neighbor Discovery Protocol (NDP) implementation in HP HP-UX ...) NOT-FOR-US: hp ux CVE-2009-0419 (Microsoft XML Core Services, as used in Microsoft Expression Web, ...) NOT-FOR-US: microsoft xml_core_services CVE-2009-0420 (SQL injection vulnerability in the RD-Autos (com_rdautos) 1.5.5 Stable ...) NOT-FOR-US: rd media rd autos CVE-2009-0421 (SQL injection vulnerability in the Eventing (com_eventing) 1.6.x ...) NOT-FOR-US: joomla com_eventing CVE-2009-0422 (Dynamic variable evaluation vulnerability in lists/admin.php in ...) NOT-FOR-US: phplist CVE-2009-0423 (Directory traversal vulnerability in index.php in Php Photo Album ...) NOT-FOR-US: kevin_walker php_photo_album CVE-2009-0424 (Cross-site scripting (XSS) vulnerability in sign1.php in AN Guestbook ...) NOT-FOR-US: an_guestbook CVE-2009-0425 (SQL injection vulnerability in index.php in Blue Eye CMS 1.0.0 and ...) NOT-FOR-US: blue_eye_cms CVE-2009-0426 (SQL injection vulnerability in ...) NOT-FOR-US: dmxready classified_listings_manager CVE-2009-0427 (SQL injection vulnerability in ...) NOT-FOR-US: dmxready directory_manager CVE-2009-0428 (SQL injection vulnerability in ...) NOT-FOR-US: dmxready secure_document_library CVE-2009-0429 (Multiple SQL injection vulnerabilities in Active Bids allow remote ...) NOT-FOR-US: activewebsoftwares active_bids CVE-2009-0430 (Multiple cross-site scripting (XSS) vulnerabilities in Active Bids ...) NOT-FOR-US: activewebsoftwares active_bids CVE-2009-0431 (SQL injection vulnerability in Default.asp in LinksPro Standard ...) NOT-FOR-US: codefixer linkspro CVE-2009-0432 (The installation process for the File Transfer servlet in the System ...) NOT-FOR-US: System Management Repository component in IBM WebSphere Application Server WAS CVE-2009-0433 (Unspecified vulnerability in IBM WebSphere Application Server (WAS) ...) NOT-FOR-US: IBM WebSphere Application Server WAS CVE-2009-0434 (PerfServlet in the PMI/Performance Tools component in IBM WebSphere ...) NOT-FOR-US: PMI Performance Tools component in IBM WebSphere Application Server WAS CVE-2009-0435 (Unspecified vulnerability in the IBM Asynchronous I/O (aka AIO or ...) NOT-FOR-US: IBM Asynchronous I O aka AIO or libibmaio library in the Java Message Service JMS component in IBM WebSphere Application Server WAS CVE-2009-0436 (The (1) mod_ibm_ssl and (2) mod_cgid modules in IBM HTTP Server 6.0.x ...) NOT-FOR-US: IBM HTTP Server CVE-2009-0437 (The Installation Factory installation process for IBM WebSphere ...) NOT-FOR-US: Installation CVE-2009-0438 (IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 on Windows ...) NOT-FOR-US: IBM CVE-2009-0439 (Unspecified vulnerability in the queue manager in IBM WebSphere MQ ...) NOT-FOR-US: ibm websphere_mq CVE-2009-0440 (IBM WebSphere Partner Gateway (WPG) 6.0.0 through 6.0.0.7 does not ...) NOT-FOR-US: IBM CVE-2009-0441 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: technote CVE-2009-0442 (Directory traversal vulnerability in bbcode.php in PHPbbBook 1.3 and ...) NOT-FOR-US: phpbbbook CVE-2009-0443 (Stack-based buffer overflow in Elecard AVC HD PLAYER 5.5.90116 allows ...) NOT-FOR-US: elecard_avc_hd_player CVE-2009-0444 (Multiple PHP remote file inclusion vulnerabilities in GRBoard 1.8, ...) NOT-FOR-US: sirini grboard CVE-2009-0445 (SQL injection vulnerability in index.php in Dreampics Gallery Builder ...) NOT-FOR-US: dreampics gallery_builder CVE-2009-0446 (SQL injection vulnerability in photo.php in WEBalbum 2.4b allows ...) NOT-FOR-US: web album webalbum CVE-2009-0447 (Multiple SQL injection vulnerabilities in default.asp in MyDesign ...) NOT-FOR-US: aspindir mydesign_sayac CVE-2009-0448 (Directory traversal vulnerability in admin/modules/aa/preview.php in ...) NOT-FOR-US: syntax_desktop CVE-2009-0449 (Buffer overflow in klim5.sys in Kaspersky Anti-Virus for Workstations ...) NOT-FOR-US: kaspersky_lab kaspersky_anti virus CVE-2009-0450 (Stack-based buffer overflow in BlazeVideo HDTV Player 3.5 and earlier ...) NOT-FOR-US: blazevideo hdtv_player CVE-2009-0451 (SQL injection vulnerability in Skalfa SkaLinks 1.5 allows remote ...) NOT-FOR-US: skalinks CVE-2009-0452 (Multiple SQL injection vulnerabilities in parents/login.php in Online ...) NOT-FOR-US: onlinegrades online_grades CVE-2009-0453 (Online Grades 3.2.4 allows remote attackers to obtain configuration ...) NOT-FOR-US: onlinegrades online_grades CVE-2009-0454 (Multiple SQL injection vulnerabilities in DMXReady Online Notebook ...) NOT-FOR-US: dmxready online_notebook_manager CVE-2009-0455 (Cross-site scripting (XSS) vulnerability in the anonymous comments ...) NOT-FOR-US: glFusion CVE-2009-0456 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: sourdough CVE-2009-0457 (Multiple directory traversal vulnerabilities in AJA Portal 1.2 allow ...) NOT-FOR-US: magtrb aja_portal CVE-2009-0458 (Multiple SQL injection vulnerabilities in admin/login_submit.php in ...) NOT-FOR-US: wholehogsoftware ware_support CVE-2009-0459 (Multiple SQL injection vulnerabilities in admin/login_submit.php in ...) NOT-FOR-US: wholehogsoftware password_protect CVE-2009-0460 (Whole Hog Ware Support 1.x allows remote attackers to bypass ...) NOT-FOR-US: wholehogsoftware ware_support CVE-2009-0461 (Whole Hog Password Protect: Enhanced 1.x allows remote attackers to ...) NOT-FOR-US: wholehogsoftware password_protect CVE-2009-0462 (Multiple SQL injection vulnerabilities in customer_login_check.asp in ...) NOT-FOR-US: clicktech clickcart CVE-2009-0463 (PHP remote file inclusion vulnerability in includes/header.php in ...) NOT-FOR-US: groonesworld glinks CVE-2009-0464 (PHP remote file inclusion vulnerability in includes/header.php in ...) NOT-FOR-US: groonesworld gbook CVE-2009-0465 (The SaveDoc method in the All_In_The_Box.AllBox ActiveX control in ...) NOT-FOR-US: synactis all_in_the_box ocx CVE-2009-0466 (Cross-site scripting (XSS) vulnerability in Vivvo CMS before 4.1.1 ...) NOT-FOR-US: vivvo CVE-2009-0467 (Cross-site scripting (XSS) vulnerability in proxy.html in Profense Web ...) NOT-FOR-US: armorlogic profense_web_application_firewall CVE-2009-0468 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...) NOT-FOR-US: armorlogic profense_web_application_firewall CVE-2009-0469 (Unspecified vulnerability in futomi's CGI Cafe Fulltext search CGI ...) NOT-FOR-US: futomis_cgi_cafe fulltext_search_cgi CVE-2009-0470 (Multiple cross-site scripting (XSS) vulnerabilities in the HTTP server ...) NOT-FOR-US: HTTP server in Cisco IOS CVE-2009-0471 (Cross-site request forgery (CSRF) vulnerability in the HTTP server in ...) NOT-FOR-US: HTTP server in Cisco IOS CVE-2009-0472 (Multiple cross-site scripting (XSS) vulnerabilities in the web ...) NOT-FOR-US: web interface in the Rockwell Automation ControlLogix CVE-2009-0473 (Open redirect vulnerability in the web interface in the Rockwell ...) NOT-FOR-US: web interface in the Rockwell Automation ControlLogix CVE-2009-0474 (The web interface in the Rockwell Automation ControlLogix 1756-ENBT/A ...) NOT-FOR-US: Rockwell Automation ControlLogix CVE-2009-0475 (Integer underflow in the Huffman decoding functionality ...) NOT-FOR-US: OpenCORE CVE-2009-0476 (Stack-based buffer overflow in MultiMedia Soft AdjMmsEng.dll 7.11.1.0 ...) NOT-FOR-US: MultiMedia Soft AdjMmsEng dll CVE-2009-0477 (Unspecified vulnerability in the process (aka proc) filesystem in Sun ...) NOT-FOR-US: process CVE-2009-0478 (Squid 2.7 to 2.7.STABLE5, 3.0 to 3.0.STABLE12, and 3.1 to 3.1.0.4 ...) BUG: 257585 CVE-2009-0479 (Multiple SQL injection vulnerabilities in admin/admin_login.php in ...) NOT-FOR-US: Online Grades CVE-2009-0480 (The IP implementation in Sun Solaris 8 through 10, and OpenSolaris ...) NOT-FOR-US: Sun Solaris CVE-2009-0481 (Bugzilla 2.x before 2.22.7, 3.0 before 3.0.7, 3.2 before 3.2.1, and ...) BUG: 258592 CVE-2009-0482 (Cross-site request forgery (CSRF) vulnerability in Bugzilla before 3.2 ...) BUG: 258592 CVE-2009-0483 (Cross-site request forgery (CSRF) vulnerability in Bugzilla 2.22 ...) BUG: 258592 CVE-2009-0484 (Cross-site request forgery (CSRF) vulnerability in Bugzilla 3.0 before ...) BUG: 258592 CVE-2009-0485 (Cross-site request forgery (CSRF) vulnerability in Bugzilla 2.17 to ...) BUG: 258592 CVE-2009-0486 (Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, calls ...) BUG: 258592 CVE-2009-0487 (Cross-site scripting (XSS) vulnerability in Mahara before 1.0.9 allows ...) NOT-FOR-US: mahara CVE-2009-0488 (Cross-site scripting (XSS) vulnerability in Phorum before 5.2.10 ...) NOT-FOR-US: phorum CVE-2009-0489 (The DBus configuration file for Wicd before 1.5.9 allows arbitrary ...) BUG: 258596 CVE-2009-0490 (Stack-based buffer overflow in the String_parse::get_nonspace_quoted ...) BUG: 258597 CVE-2009-0491 (Stack-based buffer overflow in Elecard MPEG Player 5.5 build ...) NOT-FOR-US: elecard_mpeg_player CVE-2009-0492 (Unspecified vulnerability in SimpleIrcBot before 1.0 Stable has ...) NOT-FOR-US: simpleircbot CVE-2009-0493 (SQL injection vulnerability in login.php in IT!CMS 2.1a and earlier ...) NOT-FOR-US: it cms CVE-2009-0494 (SQL injection vulnerability in the Portfol (com_portfol) 1.2 component ...) NOT-FOR-US: mivaco com_portfol CVE-2009-0495 (PHP remote file inclusion vulnerability in include/define.php in ...) NOT-FOR-US: it747 realtor_747 CVE-2009-0496 (Multiple cross-site scripting (XSS) vulnerabilities in Ignite Realtime ...) BUG: 254309 CVE-2009-0497 (Directory traversal vulnerability in log.jsp in Ignite Realtime ...) BUG: 254309 CVE-2009-0498 (Virtual GuestBook (vgbook) 2.1 stores sensitive information under the ...) NOT-FOR-US: minitdesign virtual_guestbook CVE-2009-0499 (Cross-site request forgery (CSRF) vulnerability in the forum code in ...) NOT-FOR-US: moodle CVE-2009-0500 (Cross-site scripting (XSS) vulnerability in course/lib.php in Moodle ...) NOT-FOR-US: moodle CVE-2009-0501 (Unspecified vulnerability in the Calendar export feature in Moodle 1.8 ...) NOT-FOR-US: moodle CVE-2009-0502 (Cross-site scripting (XSS) vulnerability in blocks/html/block_html.php ...) NOT-FOR-US: snoopy CVE-2009-0503 (IBM WebSphere Message Broker 6.1.x before 6.1.0.2 writes a database ...) NOT-FOR-US: IBM CVE-2009-0504 (WSPolicy in the Web Services component in IBM WebSphere Application ...) NOT-FOR-US: Web Services component in IBM WebSphere Application Server WAS CVE-2009-0505 (The CICS listener in IBM TXSeries for Multiplatforms 6.2 GA waits for ...) NOT-FOR-US: ibm txseries CVE-2009-0506 (Unspecified vulnerability in IBM WebSphere Application Server (WAS) ...) NOT-FOR-US: ibm websphere_application_server CVE-2009-0507 (IBM WebSphere Process Server (WPS) 6.1.2 before 6.1.2.3 and 6.2 before ...) NOT-FOR-US: IBM CVE-2009-0508 (The Servlet Engine/Web Container and JSP components in IBM WebSphere ...) NOT-FOR-US: IBM WebSphere Application Server WAS CVE-2009-0509 (Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and ...) BUG: 273908 CVE-2009-0510 (Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and ...) BUG: 273908 CVE-2009-0511 (Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and ...) BUG: 273908 CVE-2009-0512 (Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and ...) BUG: 273908 CVE-2009-0513 (Multiple PHP remote file inclusion vulnerabilities in WebFrame 0.76 ...) NOT-FOR-US: WebFrame CVE-2009-0514 (Multiple directory traversal vulnerabilities in WebFrame 0.76 allow ...) NOT-FOR-US: WebFrame CVE-2009-0515 (Directory traversal vulnerability in check_lang.php in Yet Another ...) NOT-FOR-US: Yet Another NOCC YANOCC CVE-2009-0516 (SQL injection vulnerability in the classified page (classified.php) in ...) NOT-FOR-US: classified page classified php in BusinessSpace CVE-2009-0517 (Eval injection vulnerability in index.php in phpSlash 0.8.1.1 and ...) NOT-FOR-US: phpSlash CVE-2009-0518 (VI Client in VMware VirtualCenter before 2.5 Update 4, VMware ESXi 3.5 ...) NOT-FOR-US: vmware_virtualcenter CVE-2009-0519 (Unspecified vulnerability in Adobe Flash Player 9.x before 9.0.159.0 ...) BUG: 260264 CVE-2009-0520 (Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 ...) BUG: 260264 CVE-2009-0521 (Untrusted search path vulnerability in Adobe Flash Player 9.x before ...) BUG: 260264 CVE-2009-0522 (Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 on ...) NOT-FOR-US: NFU Windows, we'll update to 10.0.22.87, because if the other issues (#260264) CVE-2009-0523 (Cross-site scripting (XSS) vulnerability in Adobe RoboHelp Server 6 ...) NOT-FOR-US: Adobe RoboHelp Server CVE-2009-0524 (Cross-site scripting (XSS) vulnerability in Adobe RoboHelp 6 and 7, ...) NOT-FOR-US: Adobe RoboHelp CVE-2009-0525 (Cross-site scripting (XSS) vulnerability in the sajax_get_common_js ...) NOT-FOR-US: modernmethod sajax CVE-2009-0526 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) NOT-FOR-US: adaptcms CVE-2009-0527 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: adaptcms CVE-2009-0528 (SQL injection vulnerability in frame.php in Rhadrix If-CMS 2.07 and ...) NOT-FOR-US: rhadrix if cms CVE-2009-0529 (Cross-site scripting (XSS) vulnerability in index.php in SnippetMaster ...) NOT-FOR-US: electrictoad snippetmaster_webpage_editor CVE-2009-0530 (Multiple PHP remote file inclusion vulnerabilities in SnippetMaster ...) NOT-FOR-US: electrictoad snippetmaster_webpage_editor CVE-2009-0531 (SQL injection vulnerability in gallery/view.asp in A Better ...) NOT-FOR-US: ontarioabandonedplaces a_better_member based_asp_photo_gallery CVE-2009-0532 (Cross-site scripting (XSS) vulnerability in password.php in Scripts ...) NOT-FOR-US: scripts_for_sites ez_baby CVE-2009-0533 (Cross-site scripting (XSS) vulnerability in password.php in Scripts ...) NOT-FOR-US: scripts_for_sites ez_reminder CVE-2009-0534 (SQL injection vulnerability in FlexCMS allows remote attackers to ...) NOT-FOR-US: flexcms CVE-2009-0535 (Directory traversal vulnerability in export.php in Thyme 1.3 and ...) NOT-FOR-US: extrosoft thyme CVE-2009-0536 (at in bos.rte.cron on IBM AIX 5.2.0, 5.3.0 through 5.3.9, and 6.1.0 ...) NOT-FOR-US: ibm aix CVE-2009-0537 (Integer overflow in the fts_build function in fts.c in libc in (1) ...) NOT-FOR-US: openbsd CVE-2009-0538 (Format string vulnerability in Symantec pcAnywhere before 12.5 SP1 ...) NOT-FOR-US: Symantec pcAnywhere CVE-2009-0539 RESERVED CVE-2009-0540 (Cross-site scripting (XSS) vulnerability in Libero 5.3 SP5, and ...) NOT-FOR-US: insightinformatics libero CVE-2009-0541 (Multiple cross-site scripting (XSS) vulnerabilities in Magento 1.2.0 ...) NOT-FOR-US: magentocommerc magento CVE-2009-0542 (SQL injection vulnerability in ProFTPD Server 1.3.1 through 1.3.2rc2 ...) BUG: 258450 CVE-2009-0543 (ProFTPD Server 1.3.1, with NLS support enabled, allows remote ...) BUG: 258450 CVE-2009-0544 (Buffer overflow in the PyCrypto ARC2 module 2.0.1 allows remote ...) BUG: 258049 CVE-2009-0545 (cgi-bin/kerbynet in ZeroShell 1.0beta11 and earlier allows remote ...) NOT-FOR-US: zeroshell CVE-2009-0546 (Stack-based buffer overflow in NewsGator FeedDemon 2.7 and earlier ...) NOT-FOR-US: newsgator feeddemon CVE-2009-0547 (Evolution 2.22.3.1 checks S/MIME signatures against a copy of the ...) BUG: 258867 CVE-2009-0548 (Cross-site scripting (XSS) vulnerability in the Additional Report ...) NOT-FOR-US: eset remote_administrator CVE-2009-0549 (Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, ...) NOT-FOR-US: Microsoft Office CVE-2009-0550 (Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP ...) NOT-FOR-US: Microsoft Windows CVE-2009-0551 (Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3, ...) NOT-FOR-US: request CVE-2009-0552 (Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6 ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2009-0553 (Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3, ...) NOT-FOR-US: memory CVE-2009-0554 (Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 ...) NOT-FOR-US: memory CVE-2009-0555 (Microsoft Windows Media Runtime, as used in DirectShow WMA Voice ...) NOT-FOR-US: microsoft windows_xp CVE-2009-0556 (Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3, and ...) NOT-FOR-US: Microsoft Office PowerPoint CVE-2009-0557 (Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, ...) NOT-FOR-US: Microsoft Office CVE-2009-0558 (Array index error in Excel in Microsoft Office 2000 SP3 and Office ...) NOT-FOR-US: Microsoft Office CVE-2009-0559 (Stack-based buffer overflow in Excel in Microsoft Office 2000 SP3 and ...) NOT-FOR-US: Excel in Microsoft Office CVE-2009-0560 (Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, ...) NOT-FOR-US: Microsoft Office CVE-2009-0561 (Integer overflow in Excel in Microsoft Office 2000 SP3, Office XP SP3, ...) NOT-FOR-US: Excel in Microsoft Office CVE-2009-0562 (The Office Web Components ActiveX Control in Microsoft Office XP SP3, ...) NOT-FOR-US: microsoft office_web_components CVE-2009-0563 (Stack-based buffer overflow in Microsoft Office Word 2002 SP3, 2003 ...) NOT-FOR-US: microsoft open_xml_file_format_converter CVE-2009-0564 RESERVED CVE-2009-0565 (Buffer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, and 2007 ...) NOT-FOR-US: microsoft open_xml_file_format_converter CVE-2009-0566 (Microsoft Office Publisher 2007 SP1 does not properly calculate object ...) NOT-FOR-US: legacy CVE-2009-0567 RESERVED CVE-2009-0568 (The RPC Marshalling Engine (aka NDR) in Microsoft Windows 2000 SP4, XP ...) NOT-FOR-US: Microsoft Windows CVE-2009-0569 (Buffer overflow in Becky! Internet Mail 2.48.02 and earlier allows ...) NOT-FOR-US: Becky Internet Mail CVE-2009-0570 (Directory traversal vulnerability in send.php in Ninja Designs Mailist ...) NOT-FOR-US: Ninja Designs Mailist CVE-2009-0571 (admin.php in Ninja Designs Mailist 3.0 stores backup copies of ...) NOT-FOR-US: Ninja Designs Mailist CVE-2009-0572 (PHP remote file inclusion vulnerability in include/flatnux.php in ...) NOT-FOR-US: FlatnuX CVE-2009-0573 (Multiple cross-site scripting (XSS) vulnerabilities in FotoWeb 6.0 ...) NOT-FOR-US: FotoWeb CVE-2009-0574 (SQL injection vulnerability in index.php in Easy CafeEngine allows ...) NOT-FOR-US: Easy CVE-2009-0575 (Cross-site scripting (XSS) vulnerability in the ...) NOT-FOR-US: Views Bulk Operations CVE-2009-0576 (Unspecified vulnerability in Sun Java System Directory Server 5.2 p6 ...) NOT-FOR-US: Sun Java System Directory Server CVE-2009-0577 (Integer overflow in the WriteProlog function in texttops in CUPS ...) NOT-FOR-US: We've removed older versions, even 1.2.x a couple of months ago. CVE-2009-0578 (GNOME NetworkManager before 0.7.0.99 does not properly verify ...) NOT-FOR-US: We're not ubuntu CVE-2009-0579 (Linux-PAM before 1.0.4 does not enforce the minimum password age ...) BUG: 261108 CVE-2009-0580 (Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 ...) BUG: 272566 CVE-2009-0581 (Memory leak in LittleCMS (aka lcms or liblcms) before 1.18beta2, as ...) BUG: 260269 CVE-2009-0582 (The ntlm_challenge function in the NTLM SASL authentication mechanism ...) BUG: 261203 CVE-2009-0583 (Multiple integer overflows in icc.c in the International Color ...) BUG: 261087 CVE-2009-0584 (icc.c in the International Color Consortium (ICC) Format library (aka ...) BUG: 261087 CVE-2009-0585 (Integer overflow in the soup_base64_encode function in soup-misc.c in ...) BUG: 262550 CVE-2009-0586 (Integer overflow in the gst_vorbis_tag_add_coverart function ...) BUG: 262552 CVE-2009-0587 (Multiple integer overflows in Evolution Data Server (aka ...) BUG: 262555 CVE-2009-0588 (agent/request/op.cgi in the Registration Authority (RA) component in ...) NOT-FOR-US: redhat dogtag_certificate_system CVE-2009-0589 REJECTED CVE-2009-0590 (The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows ...) BUG: 263751 CVE-2009-0591 (The CMS_verify function in OpenSSL 0.9.8h through 0.9.8j, when CMS is ...) BUG: 263751 CVE-2009-0592 (Multiple directory traversal vulnerabilities in PNphpBB2 1.2i and ...) NOT-FOR-US: pnphpbb2 CVE-2009-0593 (SQL injection vulnerability in members.php in plx Auto Reminder 3.7 ...) NOT-FOR-US: plxwebdev plx_auto_reminder CVE-2009-0594 (Cross-site scripting (XSS) vulnerability in index.php in phpSkelSite ...) NOT-FOR-US: apmuthu phpskelsite CVE-2009-0595 (PHP remote file inclusion vulnerability in skysilver/login.tpl.php in ...) NOT-FOR-US: phpskelsite CVE-2009-0596 (Directory traversal vulnerability in skysilver/login.tpl.php in ...) NOT-FOR-US: phpskelsite CVE-2009-0597 (SQL injection vulnerability in admin/index.php in w3b>cms (aka ...) NOT-FOR-US: w3b_cms aka_w3blabor_cms CVE-2009-0598 (SQL injection vulnerability in index.php in PhpMesFilms 1.0 and 1.8 ...) NOT-FOR-US: phpmesfilms CVE-2009-0599 (Buffer overflow in wiretap/netscreen.c in Wireshark 0.99.7 through ...) BUG: 258013 CVE-2009-0600 (Wireshark 0.99.6 through 1.0.5 allows user-assisted remote attackers ...) BUG: 258013 CVE-2009-0601 (Format string vulnerability in Wireshark 0.99.8 through 1.0.5 on ...) BUG: 258013 CVE-2009-0602 (Unrestricted file upload vulnerability in upload.php in WikkiTikkiTavi ...) NOT-FOR-US: wikkitikkitavi CVE-2009-0603 (Cross-site scripting (XSS) vulnerability in index.php in the Link ...) NOT-FOR-US: drupal link_module CVE-2009-0604 (SQL injection vulnerability in index.php in PHP Director 0.21 and ...) NOT-FOR-US: php_director CVE-2009-0605 (Stack consumption vulnerability in the do_page_fault function in ...) BUG: 260057 CVE-2009-0606 (The link_image function in linker/linker.c in the dynamic linker in ...) NOT-FOR-US: dynamic linker in Bionic in Open Handset Alliance Android CVE-2009-0607 (Multiple integer overflows in malloc_leak.c in Bionic in Open Handset ...) NOT-FOR-US: Bionic in Open Handset Alliance Android CVE-2009-0608 (Integer overflow in the showLog function in fake_log_device.c in ...) NOT-FOR-US: liblog in Open Handset Alliance Android CVE-2009-0609 (Sun Java System Directory Proxy Server in Sun Java System Directory ...) NOT-FOR-US: Sun Java System Directory Server Enterprise Edition CVE-2009-0610 (Multiple static code injection vulnerabilities in post.php in Simple ...) NOT-FOR-US: Simple PHP News CVE-2009-0611 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: qfsearch AdminServlet in QuickFinder Server in Novell Open Enterprise Server CVE-2009-0612 (Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 3.x and ...) NOT-FOR-US: Trend CVE-2009-0613 (Trend Micro InterScan Web Security Suite (IWSS) 3.1 before build 1237 ...) NOT-FOR-US: Trend CVE-2009-0614 (Unspecified vulnerability in the Web Server in Cisco Unified ...) NOT-FOR-US: Web Server in Cisco Unified MeetingPlace Web Conferencing CVE-2009-0615 (Directory traversal vulnerability in Cisco Application Networking ...) NOT-FOR-US: Cisco Application Networking Manager ANM CVE-2009-0616 (Cisco Application Networking Manager (ANM) before 2.0 uses default ...) NOT-FOR-US: Cisco CVE-2009-0617 (Cisco Application Networking Manager (ANM) before 2.0 uses a default ...) NOT-FOR-US: Cisco CVE-2009-0618 (Unspecified vulnerability in the Java agent in Cisco Application ...) NOT-FOR-US: Java agent in Cisco Application Networking Manager ANM CVE-2009-0619 (Unspecified vulnerability in the Session Border Controller (SBC) ...) NOT-FOR-US: Session Border Controller SBC CVE-2009-0620 (Cisco ACE Application Control Engine Module for Catalyst 6500 Switches ...) NOT-FOR-US: Cisco CVE-2009-0621 (Cisco ACE 4710 Application Control Engine Appliance before A1(8a) uses ...) NOT-FOR-US: Cisco CVE-2009-0622 (Unspecified vulnerability in Cisco ACE Application Control Engine ...) NOT-FOR-US: Cisco ACE Application Control Engine Module for Catalyst CVE-2009-0623 (Unspecified vulnerability in Cisco ACE Application Control Engine ...) NOT-FOR-US: Cisco ACE Application Control Engine Module for Catalyst CVE-2009-0624 (Unspecified vulnerability in the SNMPv2c implementation in Cisco ACE ...) NOT-FOR-US: Cisco ACE Application Control Engine Module for Catalyst CVE-2009-0625 (Unspecified vulnerability in Cisco ACE Application Control Engine ...) NOT-FOR-US: Cisco ACE Application Control Engine Module for Catalyst CVE-2009-0626 (The SSLVPN feature in Cisco IOS 12.3 through 12.4 allows remote ...) NOT-FOR-US: cisco ios CVE-2009-0627 (Unspecified vulnerability in Cisco NX-OS before 4.0(1a)N2(1), when ...) NOT-FOR-US: cisco nx_os CVE-2009-0628 (Memory leak in the SSLVPN feature in Cisco IOS 12.3 through 12.4 ...) NOT-FOR-US: cisco_ios CVE-2009-0629 (The (1) Airline Product Set (aka ALPS), (2) Serial Tunnel Code (aka ...) NOT-FOR-US: cisco ios CVE-2009-0630 (The (1) Cisco Unified Communications Manager Express; (2) SIP Gateway ...) NOT-FOR-US: cisco ios CVE-2009-0631 (Unspecified vulnerability in Cisco IOS 12.0 through 12.4, when ...) NOT-FOR-US: cisco ios CVE-2009-0632 (The IP Phone Personal Address Book (PAB) Synchronizer feature in Cisco ...) NOT-FOR-US: cisco unified_communications_manager CVE-2009-0633 (Multiple unspecified vulnerabilities in the (1) Mobile IP NAT ...) NOT-FOR-US: cisco_ios CVE-2009-0634 (Multiple unspecified vulnerabilities in the home agent (HA) ...) NOT-FOR-US: cisco_ios CVE-2009-0635 (Memory leak in the Cisco Tunneling Control Protocol (cTCP) ...) NOT-FOR-US: Cisco Tunneling Control Protocol cTCP encapsulation feature in Cisco IOS CVE-2009-0636 (Unspecified vulnerability in Cisco IOS 12.0 through 12.4, when SIP ...) NOT-FOR-US: Cisco IOS CVE-2009-0637 (The SCP server in Cisco IOS 12.2 through 12.4, when Role-Based CLI ...) NOT-FOR-US: Cisco IOS CVE-2009-0638 (The Cisco Firewall Services Module (FWSM) 2.x, 3.1 before 3.1(16), 3.2 ...) NOT-FOR-US: cisco firewall_services_module CVE-2009-0639 (PHP remote file inclusion vulnerability in moduli/libri/index.php in ...) NOT-FOR-US: phpyabs CVE-2009-0640 (Directory traversal vulnerability in the administrative web server in ...) NOT-FOR-US: swannsecurity dvr4 securanet CVE-2009-0641 (sys_term.c in telnetd in FreeBSD 7.0-RELEASE and other 7.x versions ...) NOT-FOR-US: freebsd CVE-2009-0642 (ext/openssl/ossl_ocsp.c in Ruby 1.8 and 1.9 does not properly check ...) BUG: 260006 CVE-2009-0643 (Static code injection vulnerability in post.php in Simple PHP News 1.0 ...) NOT-FOR-US: dminnich simple_php_news CVE-2009-0644 (The HTTP interface in Swann DVR4-SecuraNet has a certain default ...) NOT-FOR-US: Swann CVE-2009-0645 (Directory traversal vulnerability in index.php in Jaws 0.8.8 allows ...) NOT-FOR-US: Jaws CVE-2009-0646 (Multiple SQL injection vulnerabilities in 4Site CMS 2.6 and earlier ...) NOT-FOR-US: 4Site CVE-2009-0647 (msnmsgr.exe in Windows Live Messenger (WLM) 2009 build 14.0.8064.206, ...) NOT-FOR-US: microsoft windows_live_messenger CVE-2009-0648 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...) NOT-FOR-US: falt4_extreme CVE-2009-0649 (The web browser in Symbian OS on the Nokia N95 cell phone allows ...) NOT-FOR-US: Symbian CVE-2009-0650 (Stack-based buffer overflow in the GetStatsFromLine function in TPTEST ...) BUG: 261191 CVE-2009-0651 (Unspecified vulnerability in the Veritas network daemon (aka vnetd) in ...) NOT-FOR-US: Veritas network daemon aka vnetd in Symantec Veritas NetBackup Server Enterprise Server CVE-2009-0652 (The Internationalized Domain Names (IDN) blacklist in Mozilla Firefox ...) BUG: 260062 CVE-2009-0653 (OpenSSL, probably 0.9.6, does not verify the Basic Constraints for an ...) NOTE: obsolete CVE-2009-0654 (Tor 0.2.0.28, and probably 0.2.0.34 and earlier, allows remote ...) NOT-FOR-US: Will not be fixed upstream, no reason in tracking this. NOTE: Issue disputed: http://blog.torproject.org/blog/one-cell-enough CVE-2009-0655 (Lenovo Veriface III allows physically proximate attackers to login to ...) NOT-FOR-US: Lenovo CVE-2009-0656 (Asus SmartLogon 1.0.0005 allows physically proximate attackers to ...) NOT-FOR-US: Asus CVE-2009-0657 (Toshiba Face Recognition 2.0.2.32 allows physically proximate ...) NOT-FOR-US: Toshiba CVE-2009-0658 (Buffer overflow in Adobe Reader 9.0 and earlier, and Acrobat 9.0 and ...) BUG: 259992 CVE-2009-0659 (Stack-based buffer overflow in the GetStatsFromLine function in TPTEST ...) BUG: 261191 CVE-2009-0660 (Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.0 ...) NOT-FOR-US: mahara CVE-2009-0661 (Wee Enhanced Environment for Chat (WeeChat) 0.2.6 allows remote ...) BUG: 262997 CVE-2009-0662 (The PlonePAS product 3.x before 3.9 and 3.2.x before 3.2.2, a product ...) NOT-FOR-US: plonepas CVE-2009-0663 (Heap-based buffer overflow in the DBD::Pg (aka DBD-Pg or ...) NOT-FOR-US: obsolete CVE-2009-0664 (Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.0.x ...) NOT-FOR-US: mahara CVE-2009-0665 RESERVED CVE-2009-0666 RESERVED CVE-2009-0667 (Untrusted search path vulnerability in Agent/Backend.pm in ...) NOT-FOR-US: ocsinventory ng ocsinventory agent CVE-2009-0668 (Unspecified vulnerability in Zope Object Database (ZODB) before 3.8.2, ...) BUG: 280822 CVE-2009-0669 (Zope Object Database (ZODB) before 3.8.2, when certain Zope Enterprise ...) BUG: 280822 CVE-2009-0670 RESERVED CVE-2009-0671 REJECTED CVE-2009-0672 (SQL injection vulnerability in the Resend_Email module in Raven Web ...) NOT-FOR-US: Resend_Email module in Raven Web Services RavenNuke CVE-2009-0673 (Eval injection vulnerability in the Custom Fields feature in the Your ...) NOT-FOR-US: Custom Fields feature in the Your Account module in Raven Web Services RavenNuke CVE-2009-0674 (images/captcha.php in Raven Web Services RavenNuke 2.30, when ...) NOT-FOR-US: Raven Web Services RavenNuke CVE-2009-0675 (The skfp_ioctl function in drivers/net/skfp/skfddi.c in the Linux ...) BUG: 260066 CVE-2009-0676 (The sock_getsockopt function in net/core/sock.c in the Linux kernel ...) BUG: 260068 CVE-2009-0677 (avatarlist.php in the Your Account module, reached through ...) NOT-FOR-US: Your Account module reached through modules php in Raven Web Services RavenNuke CVE-2009-0678 (images/captcha.php in RavenNuke 2.30 allows remote attackers to obtain ...) NOT-FOR-US: RavenNuke CVE-2009-0679 (Cross-site scripting (XSS) vulnerability in the Your Account module in ...) NOT-FOR-US: Your Account module in RavenNuke CVE-2009-0680 (cgi-bin/welcome/VPN_only in the web interface in Netgear SSL312 allows ...) NOT-FOR-US: web CVE-2009-0681 (PGP Desktop before 9.10 allows local users to (1) cause a denial of ...) NOT-FOR-US: pgp desktop CVE-2009-0682 (vetmonnt.sys in CA Internet Security Suite r3, vetmonnt.sys before ...) NOT-FOR-US: CA CVE-2009-0683 RESERVED CVE-2009-0684 RESERVED CVE-2009-0685 RESERVED CVE-2009-0686 (The TrendMicro Activity Monitor Module (tmactmon.sys) 2.52.0.1002 in ...) NOT-FOR-US: trendmicro internet_security CVE-2009-0687 (The pf_test_rule function in OpenBSD Packet Filter (PF), as used in ...) NOT-FOR-US: openbsd CVE-2009-0688 (Multiple buffer overflows in the CMU Cyrus SASL library before 2.1.23 ...) BUG: 270261 CVE-2009-0689 (Array index error in the (1) dtoa implementation in dtoa.c (aka ...) NOT-FOR-US: dtoa CVE-2009-0690 (The Foxit JPEG2000/JBIG2 Decoder add-on before 2.0.2009.616 for Foxit ...) NOT-FOR-US: foxitsoftware jpeg2000 jbig2_decoder_add on CVE-2009-0691 (The Foxit JPEG2000/JBIG2 Decoder add-on before 2.0.2009.616 for Foxit ...) NOT-FOR-US: foxitsoftware jpeg2000_jbig2_decoder_add on CVE-2009-0692 (Stack-based buffer overflow in the script_write_params method in ...) BUG: 277729 CVE-2009-0693 RESERVED CVE-2009-0694 RESERVED CVE-2009-0695 RESERVED CVE-2009-0696 (The dns_db_findrdataset function in db.c in named in ISC BIND 9.4 ...) BUG: 279508 CVE-2009-0697 RESERVED CVE-2009-0698 (Integer overflow in the 4xm demuxer (demuxers/demux_4xm.c) in xine-lib ...) BUG: 260069 CVE-2009-0699 (Cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: Plunet BusinessManager CVE-2009-0700 (Plunet BusinessManager 4.1 and earlier allows remote authenticated ...) NOT-FOR-US: Plunet CVE-2009-0701 (Multiple PHP remote file inclusion vulnerabilities in index.php in ...) NOT-FOR-US: Cybershade CMS CVE-2009-0702 (SQL injection vulnerability in the Phoca Documentation ...) NOT-FOR-US: Phoca CVE-2009-0703 (SQL injection vulnerability in bview.asp in ASPThai.Net Webboard 6.0 ...) NOT-FOR-US: ASPThai Net Webboard CVE-2009-0704 (SQL injection vulnerability in search.php in WSN Guest 1.23 allows ...) NOT-FOR-US: WSN Guest CVE-2009-0705 (SQL injection vulnerability in news.php in PowerScripts PowerNews ...) NOT-FOR-US: PowerScripts PowerNews CVE-2009-0706 (SQL injection vulnerability in the Simple Review (com_simple_review) ...) NOT-FOR-US: Simple Review com_simple_review component CVE-2009-0707 (SQL injection vulnerability in admin/index.php in PowerClan 1.14a ...) NOT-FOR-US: PowerClan CVE-2009-0708 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...) NOT-FOR-US: SemanticScuttle CVE-2009-0709 (SQL injection vulnerability in login.php in PHPFootball 1.6 allows ...) NOT-FOR-US: PHPFootball CVE-2009-0710 (Multiple cross-site scripting (XSS) vulnerabilities in PHPFootball 1.6 ...) NOT-FOR-US: PHPFootball CVE-2009-0711 (filter.php in PHPFootball 1.6 and earlier allows remote attackers to ...) NOT-FOR-US: PHPFootball CVE-2009-0712 (Unspecified vulnerability in WMI Mapper for HP Systems Insight Manager ...) NOT-FOR-US: hp wmi_mapper CVE-2009-0713 (Unspecified vulnerability in WMI Mapper for HP Systems Insight Manager ...) NOT-FOR-US: hp wmi CVE-2009-0714 (Unspecified vulnerability in the dpwinsup module (dpwinsup.dll) for ...) NOT-FOR-US: HP Data Protector Express and Express SSE CVE-2009-0715 (Unspecified vulnerability in Secure NaviCLI in HP Storage Essentials ...) NOT-FOR-US: hp storage_essentials CVE-2009-0716 (Unspecified vulnerability in HP StorageWorks Storage Mirroring 5 ...) NOT-FOR-US: hp storageworks_storage_mirroring CVE-2009-0717 (Unspecified vulnerability in HP StorageWorks Storage Mirroring 5 ...) NOT-FOR-US: hp storageworks_storage_mirroring CVE-2009-0718 (Unspecified vulnerability in HP StorageWorks Storage Mirroring 5 ...) NOT-FOR-US: hp storageworks_storage_mirroring CVE-2009-0719 (Unspecified vulnerability in useradd in HP HP-UX B.11.11, B.11.23, and ...) NOT-FOR-US: hp ux CVE-2009-0720 (Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) ...) NOT-FOR-US: HP OpenView Network Node Manager OV NNM CVE-2009-0721 (Unspecified vulnerability in Easy Login in the Sender module in HP ...) NOT-FOR-US: hp remote_graphics_software CVE-2009-0722 (Directory traversal vulnerability in admin.php in Potato News 1.0.0 ...) NOT-FOR-US: potato scripts potato_news CVE-2009-0723 (Multiple integer overflows in LittleCMS (aka lcms or liblcms) before ...) BUG: 260269 CVE-2009-0724 RESERVED CVE-2009-0725 RESERVED CVE-2009-0726 (SQL injection vulnerability in the GigCalendar (com_gigcal) component ...) NOT-FOR-US: GigCalendar com_gigcal component CVE-2009-0727 (SQL injection vulnerability in jobdetails.php in taifajobs 1.0 and ...) NOT-FOR-US: taifajobs CVE-2009-0728 (SQL injection vulnerability in the My_eGallery module for MAXdev MDPro ...) NOT-FOR-US: My_eGallery CVE-2009-0729 (Multiple directory traversal vulnerabilities in Page Engine CMS 2.0 ...) NOT-FOR-US: Page Engine CMS CVE-2009-0730 (Multiple SQL injection vulnerabilities in the GigCalendar (com_gigcal) ...) NOT-FOR-US: GigCalendar com_gigcal component CVE-2009-0731 (Directory traversal vulnerability in pages/play.php in Free Arcade ...) NOT-FOR-US: Free Arcade Script CVE-2009-0732 (Downloadcenter 2.1 stores common.h under the web root with ...) NOT-FOR-US: Downloadcenter CVE-2009-0733 (Multiple stack-based buffer overflows in the ReadSetOfCurves function ...) BUG: 260269 CVE-2009-0734 (Heap-based buffer overflow in MultimediaPlayer.exe 6.86.240.7 in Nokia ...) NOT-FOR-US: nokia_pc_suite CVE-2009-0735 (Directory traversal vulnerability in lib/classes/message_class.php in ...) NOT-FOR-US: papoo CVE-2009-0736 (Cross-site scripting (XSS) vulnerability in Pebble before 2.3.2 allows ...) NOT-FOR-US: simon_brown pebble CVE-2009-0737 (Multiple cross-site scripting (XSS) vulnerabilities in the web-based ...) BUG: 261128 CVE-2009-0738 (SQL injection vulnerability in login.php in Auth Php 1.0 allows remote ...) NOT-FOR-US: frankmancuso auth_php CVE-2009-0739 (SQL injection vulnerability in login.php in MyNews 0.10 allows remote ...) NOT-FOR-US: frankmancuso mynews CVE-2009-0740 (SQL injection vulnerability in login.php in BlueBird Prelease allows ...) NOT-FOR-US: frankmancuso bluebird CVE-2009-0741 (SQL injection vulnerability in Login.asp in Craft Silicon Banking@Home ...) NOT-FOR-US: craftsilicon banking home CVE-2009-0742 (The username command in Cisco ACE Application Control Engine Module ...) NOT-FOR-US: Cisco ACE Application Control Engine Module for Catalyst CVE-2009-0743 (Cross-site scripting (XSS) vulnerability in the edit account page in ...) NOT-FOR-US: edit account page in the Web Server in Cisco Unified MeetingPlace Web Conferencing CVE-2009-0744 (Apple Safari 4 Beta build 528.16 allows remote attackers to cause a ...) NOT-FOR-US: Apple CVE-2009-0745 (The ext4_group_add function in fs/ext4/resize.c in the Linux kernel ...) BUG: 260559 CVE-2009-0746 (The make_indexed_dir function in fs/ext4/namei.c in the Linux kernel ...) BUG: 260561 CVE-2009-0747 (The ext4_isize function in fs/ext4/ext4.h in the Linux kernel 2.6.27 ...) BUG: 260563 CVE-2009-0748 (The ext4_fill_super function in fs/ext4/super.c in the Linux kernel ...) BUG: 260564 CVE-2009-0749 (Use-after-free vulnerability in the GIFReadNextExtension function in ...) BUG: 260265 CVE-2009-0750 (SQL injection vulnerability in login.php in the smNews example script ...) NOT-FOR-US: txtSQL CVE-2009-0751 (Yaws before 1.80 allows remote attackers to cause a denial of service ...) NOT-FOR-US: Yaws CVE-2009-0752 (Unspecified vulnerability in Movable Type Pro and Community Solution ...) NOT-FOR-US: Movable Type Pro and Community Solution CVE-2009-0753 (Absolute path traversal vulnerability in MLDonkey 2.8.4 through 2.9.7 ...) BUG: 260072 CVE-2009-0754 (PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows ...) BUG: 261192 CVE-2009-0755 (The FormWidgetChoice::loadDefaults function in Poppler before 0.10.4 ...) BUG: 260266 CVE-2009-0756 (The JBIG2Stream::readSymbolDictSeg function in Poppler before 0.10.4 ...) BUG: 260266 CVE-2009-0757 (Multiple buffer overflows in GNU MPFR 2.4.0 allow context-dependent ...) BUG: 260968 CVE-2009-0758 (The originates_from_local_legacy_unicast_socket function in ...) BUG: 260971 CVE-2009-0759 (Multiple CRLF injection vulnerabilities in webadmin in ZNC before ...) BUG: 260148 CVE-2009-0760 (Team Board 1.x and 2.x stores sensitive information under the web root ...) NOT-FOR-US: team5 team_board CVE-2009-0761 (Cross-site scripting (XSS) vulnerability in online.asp in Team Board ...) NOT-FOR-US: team5 team_board 1 0 5 CVE-2009-0762 (Cross-site scripting (XSS) vulnerability in ScriptsEz Ez PHP Comment ...) NOT-FOR-US: scriptsez ez_php_comment CVE-2009-0763 (Cross-site scripting (XSS) vulnerability in default.php in Kipper 2.01 ...) NOT-FOR-US: bookelves kipper CVE-2009-0764 (Multiple cross-site scripting (XSS) vulnerabilities in Kipper 2.01 ...) NOT-FOR-US: bookelves kipper CVE-2009-0765 (Directory traversal vulnerability in index.php in Kipper 2.01 allows ...) NOT-FOR-US: bookelves kipper CVE-2009-0766 (Directory traversal vulnerability in default.php in Kipper 2.01 allows ...) NOT-FOR-US: bookelves kipper CVE-2009-0767 (Kipper 2.01 stores sensitive information under the web root with ...) NOT-FOR-US: bookelves kipper CVE-2009-0768 (SQL injection vulnerability in forumhop.php in YapBB 1.2 and earlier ...) NOT-FOR-US: yapbb CVE-2009-0769 (QIP 2005 build 8082 allows remote attackers to cause a denial of ...) NOT-FOR-US: qip CVE-2009-0770 (dkim-milter 2.6.0 through 2.8.0 allows remote attackers to cause a ...) BUG: 261204 CVE-2009-0771 (The layout engine in Mozilla Firefox before 3.0.7, Thunderbird before ...) BUG: 261386 CVE-2009-0772 (The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird ...) BUG: 261386 CVE-2009-0773 (The JavaScript engine in Mozilla Firefox before 3.0.7, Thunderbird ...) BUG: 261386 CVE-2009-0774 (The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird ...) BUG: 261386 CVE-2009-0775 (Double free vulnerability in Mozilla Firefox before 3.0.7, Thunderbird ...) BUG: 261386 CVE-2009-0776 (nsIRDFService in Mozilla Firefox before 3.0.7, Thunderbird before ...) BUG: 261386 CVE-2009-0777 (Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and ...) BUG: 261386 CVE-2009-0778 (The icmp_send function in net/ipv4/icmp.c in the Linux kernel before ...) BUG: 262303 CVE-2009-0779 (Buffer overflow in pppdial in IBM AIX 5.3 and 6.1 allows local users ...) NOT-FOR-US: pppdial in IBM AIX CVE-2009-0780 (The aspath_prepend function in rde_attr.c in bgpd in OpenBSD 4.3 and ...) NOT-FOR-US: bgpd in OpenBSD CVE-2009-0781 (Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the ...) NOTE: we already have a warning for examples, maybe we should just NOTE: ignore this? BUG: 261469 CVE-2009-0782 REJECTED CVE-2009-0783 (Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 ...) BUG: 272566 CVE-2009-0784 (Race condition in the SystemTap stap tool 0.0.20080705 and ...) BUG: 263037 CVE-2009-0785 RESERVED CVE-2009-0786 REJECTED CVE-2009-0787 (The ecryptfs_write_metadata_to_contents function in the eCryptfs ...) BUG: 263424 CVE-2009-0788 RESERVED CVE-2009-0789 (OpenSSL before 0.9.8k on WIN64 and certain other platforms does not ...) BUG: 263751 CVE-2009-0790 (The pluto IKE daemon in Openswan and Strongswan IPsec 2.6 before ...) BUG: 264346 CVE-2009-0791 (Multiple integer overflows in Xpdf 2.x and 3.x and Poppler 0.x, as ...) TODO: check CVE-2009-0792 (Multiple integer overflows in icc.c in the International Color ...) BUG: 264594 CVE-2009-0793 (cmsxform.c in LittleCMS (aka lcms or liblcms) 1.18, as used in OpenJDK ...) BUG: 264604 CVE-2009-0794 (Integer overflow in the PulseAudioTargetDataL class in ...) NOT-FOR-US: sun openjdk CVE-2009-0795 REJECTED CVE-2009-0796 (Cross-site scripting (XSS) vulnerability in Status.pm in ...) BUG: 266035 CVE-2009-0797 RESERVED CVE-2009-0798 (ACPI Event Daemon (acpid) before 1.0.10 allows remote attackers to ...) BUG: 268079 CVE-2009-0799 (The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, ...) BUG: 263028 CVE-2009-0800 (Multiple "input validation flaws" in the JBIG2 decoder in Xpdf 3.02pl2 ...) BUG: 263028 CVE-2009-0801 (Squid, when transparent interception mode is enabled, uses the HTTP ...) BUG: 261208 CVE-2009-0802 (Qbik WinGate, when transparent interception mode is enabled, uses the ...) NOT-FOR-US: Qbik CVE-2009-0803 (SmoothWall SmoothGuardian, as used in SmoothWall Firewall, ...) NOT-FOR-US: SmoothWall Firewall NetworkGuardian and SchoolGuardian CVE-2009-0804 (Ziproxy 2.6.0, when transparent interception mode is enabled, uses the ...) BUG: 261210 CVE-2009-0805 (Cross-site scripting (XSS) vulnerability in piCal 0.91h and earlier, a ...) NOT-FOR-US: piCal CVE-2009-0806 (Unspecified vulnerability in OpenGoo before 1.2.1 allows remote ...) NOT-FOR-US: OpenGoo CVE-2009-0807 (zFeeder 1.6 allows remote attackers to gain administrative access via ...) NOT-FOR-US: zFeeder CVE-2009-0808 (Multiple SQL injection vulnerabilities in SimpleCMMS before 0.1.0 ...) NOT-FOR-US: SimpleCMMS CVE-2009-0809 (The Web Editor in Dassault Systemes ENOVIA SmarTeam V5 before Release ...) NOT-FOR-US: Dassault CVE-2009-0810 (SQL injection vulnerability in login.php in xGuestbook 2.0 allows ...) NOT-FOR-US: xGuestbook CVE-2009-0811 (Insecure method vulnerability in the SopCast SopCore ActiveX control ...) NOT-FOR-US: SopCast SopCore ActiveX control in sopocx ocx CVE-2009-0812 (Stack-based buffer overflow in BreakPoint Software Hex Workshop 4.23, ...) NOT-FOR-US: BreakPoint Software Hex Workshop CVE-2009-0813 (Insecure method vulnerability in the ImeraIEPlugin ActiveX control ...) NOT-FOR-US: ImeraIEPlugin ActiveX control ImeraIEPlugin dll CVE-2009-0814 (Cross-site scripting (XSS) vulnerability in Widgets.aspx in Blogsa 1.0 ...) NOT-FOR-US: Blogsa CVE-2009-0815 (The jumpUrl mechanism in class.tslib_fe.php in TYPO3 3.3.x through ...) NOT-FOR-US: TYPO3 CVE-2009-0816 (Multiple cross-site scripting (XSS) vulnerabilities in the backend ...) NOT-FOR-US: backend CVE-2009-0817 (Cross-site scripting (XSS) vulnerability in the Protected Node module ...) NOT-FOR-US: Protected Node module CVE-2009-0818 (Cross-site scripting (XSS) vulnerability in the ...) NOT-FOR-US: taxonomy_theme_admin_table_builder function taxonomy_theme_admin inc in Taxonomy Theme module CVE-2009-0819 (sql/item_xmlfunc.cc in MySQL 5.1 before 5.1.32 and 6.0 before 6.0.10 ...) BUG: 261388 CVE-2009-0820 (Multiple eval injection vulnerabilities in phpScheduleIt before 1.2.11 ...) NOT-FOR-US: phpScheduleIt CVE-2009-0821 (Mozilla Firefox 2.0.0.20 and earlier allows remote attackers to cause ...) BUG: 261390 CVE-2009-0822 RESERVED CVE-2009-0823 RESERVED CVE-2009-0824 (Elaborate Bytes ElbyCDIO.sys 6.0.2.0 and earlier, as distributed in ...) NOT-FOR-US: SlySoft AnyDVD CVE-2009-0825 (SQL injection vulnerability in system/rss.php in TinX/cms 3.x before ...) NOT-FOR-US: TinX/cms CVE-2009-0826 (BlogHelper stores common_db.inc under the web root with insufficient ...) NOT-FOR-US: BlogHelper CVE-2009-0827 (PollHelper stores poll.inc under the web root with insufficient access ...) NOT-FOR-US: PollHelper CVE-2009-0828 (QuoteBook stores quotes.inc under the web root with insufficient ...) NOT-FOR-US: QuoteBook CVE-2009-0829 (Multiple SQL injection vulnerabilities in QuoteBook allow remote ...) NOT-FOR-US: QuoteBook CVE-2009-0830 (Cross-site scripting (XSS) vulnerability in QuoteBook allows remote ...) NOT-FOR-US: QuoteBook CVE-2009-0831 (SQL injection vulnerability in members.php in the Members CV (job) ...) NOT-FOR-US: Members CV job module CVE-2009-0832 (SQL injection vulnerability in items.php in the E-Cart module 1.3 for ...) NOT-FOR-US: E Cart module CVE-2009-0833 (Heap-based buffer overflow in gen_msn.dll in the gen_msn plugin 0.31 ...) NOT-FOR-US: gen_msn plugin CVE-2009-0834 (The audit_syscall_entry function in the Linux kernel 2.6.28.7 and ...) BUG: 261582 CVE-2009-0835 (The __secure_computing function in kernel/seccomp.c in the seccomp ...) BUG: 261589 CVE-2009-0836 (Foxit Reader 2.3 before Build 3902 and 3.0 before Build 1506, ...) NOT-FOR-US: foxit reader3 0 CVE-2009-0837 (Stack-based buffer overflow in Foxit Reader 3.0 before Build 1506, ...) NOT-FOR-US: foxit reader3 0 CVE-2009-0838 (The crypto pseudo device driver in Sun Solaris 10, and OpenSolaris ...) NOT-FOR-US: Sun Solaris CVE-2009-0839 (Stack-based buffer overflow in mapserv.c in mapserv in MapServer 4.x ...) BUG: 264563 CVE-2009-0840 (Heap-based buffer underflow in the readPostBody function in cgiutil.c ...) BUG: 264563 CVE-2009-0841 (Directory traversal vulnerability in mapserv.c in mapserv in MapServer ...) BUG: 264563 CVE-2009-0842 (mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 allows ...) BUG: 264563 CVE-2009-0843 (The msLoadQuery function in mapserv in MapServer 4.x before 4.10.4 and ...) BUG: 264563 CVE-2009-0844 (The get_input_token function in the SPNEGO implementation in MIT ...) BUG: 263398 CVE-2009-0845 (The spnego_gss_accept_sec_context function in ...) BUG: 262736 CVE-2009-0846 (The asn1_decode_generaltime function in lib/krb5/asn.1/asn1_decode.c ...) BUG: 263398 CVE-2009-0847 (The asn1buf_imbed function in the ASN.1 decoder in MIT Kerberos 5 (aka ...) BUG: 263398 CVE-2009-0848 (Untrusted search path vulnerability in GTK2 in OpenSUSE 11.0 and 11.1 ...) NOTE: This is suse specific, i checked our patches (rbu) CVE-2009-0849 (Stack-based buffer overflow in the DtbClsLogin function in NovaStor ...) NOT-FOR-US: NovaNET CVE-2009-0850 (Cross-site scripting (XSS) vulnerability in BitDefender Internet ...) NOT-FOR-US: BitDefender Internet Security CVE-2009-0851 (Multiple SQL injection vulnerabilities in CelerBB 0.0.2, when ...) NOT-FOR-US: CelerBB CVE-2009-0852 (showme.php in CelerBB 0.0.2 allows remote attackers to obtain ...) NOT-FOR-US: CelerBB CVE-2009-0853 (login.php in CelerBB 0.0.2, when magic_quotes_gpc is disabled, allows ...) NOT-FOR-US: CelerBB CVE-2009-0854 (Untrusted search path vulnerability in dash 0.5.4, when used as a ...) NOTE: Not upstream dash, only the ubuntu patch we did not apply CVE-2009-0855 (Cross-site scripting (XSS) vulnerability in the administrative console ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2009-0856 (Multiple cross-site scripting (XSS) vulnerabilities in sample ...) NOT-FOR-US: sample applications in IBM WebSphere Application Server WAS CVE-2009-0857 (Cross-site scripting (XSS) vulnerability in /prm/reports in the ...) NOT-FOR-US: Sun Management Center CVE-2009-0858 (The response_addname function in response.c in Daniel J. Bernstein ...) BUG: 260975 CVE-2009-0859 (The shm_get_stat function in ipc/shm.c in the shm subsystem in the ...) BUG: 261991 CVE-2009-0860 (Cross-site scripting (XSS) vulnerability in the web user interface in ...) NOT-FOR-US: netcordia netmri CVE-2009-0861 (Cross-site scripting (XSS) vulnerability in phpDenora before 1.2.3 ...) NOT-FOR-US: denorastats phpdenora CVE-2009-0862 (Cross-site scripting (XSS) vulnerability in the ...) NOT-FOR-US: tangocms CVE-2009-0863 (SQL injection vulnerability in admin/delete_page.php in S-Cms 1.1 ...) NOT-FOR-US: matteoiammarrone s cms CVE-2009-0864 (S-Cms 1.1 Stable allows remote attackers to bypass authentication and ...) NOT-FOR-US: matteoiammarrone s cms CVE-2009-0865 (Directory traversal vulnerability in the SnapShotToFile method in the ...) NOT-FOR-US: geovision livex_activex_control CVE-2009-0866 (pHNews Alpha 1 stores sensitive information under the web root with ...) NOT-FOR-US: phnews CVE-2009-0867 (The HRM-S service in Fujitsu Enhanced Support Facility 3.0 and 3.0.1 ...) NOT-FOR-US: fujitsu enhanced_support_facility CVE-2009-0868 (CRLF injection vulnerability in the WebLink template in Fujitsu ...) NOT-FOR-US: fujitsu jasmine2000 CVE-2009-0869 (Buffer overflow in the client in IBM Tivoli Storage Manager (TSM) HSM ...) NOT-FOR-US: ibm tivoli_storage_manager_hsm CVE-2009-0870 (The NFSv4 Server module in the kernel in Sun Solaris 10, and ...) NOT-FOR-US: sun solaris CVE-2009-0871 (The SIP channel driver in Asterisk Open Source 1.4.22, 1.4.23, and ...) NOTE: does not affect our 1.2 -- 1.4 and 1.6 are not in the tree CVE-2009-0872 (The NFS server in Sun Solaris 10, and OpenSolaris before snv_111, does ...) NOT-FOR-US: sun solaris CVE-2009-0873 (The NFS daemon (aka nfsd) in Sun Solaris 10 and OpenSolaris before ...) NOT-FOR-US: sun solaris CVE-2009-0874 (Multiple unspecified vulnerabilities in the Doors subsystem in the ...) NOT-FOR-US: sun solaris CVE-2009-0875 (Race condition in the Doors subsystem in the kernel in Sun Solaris 8 ...) NOT-FOR-US: sun solaris CVE-2009-0876 (Sun xVM VirtualBox 2.0.0, 2.0.2, 2.0.4, 2.0.6r39760, 2.1.0, 2.1.2, and ...) BUG: 260331 CVE-2009-0877 (Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System ...) NOT-FOR-US: sun java_system_communications_express CVE-2009-0878 (The read_game_map function in src/terrain_translation.cpp in Wesnoth ...) BUG: 262345 CVE-2009-0879 (The CIM server in IBM Director before 5.20.3 Service Update 2 on ...) NOT-FOR-US: ibm director CVE-2009-0880 (Directory traversal vulnerability in the CIM server in IBM Director ...) NOT-FOR-US: ibm director CVE-2009-0881 (SQL injection vulnerability in ejemplo/paises.php in isiAJAX 1 allows ...) NOT-FOR-US: isiajax CVE-2009-0882 (Multiple SQL injection vulnerabilities in nForum 1.5 allow remote ...) NOT-FOR-US: nforum CVE-2009-0883 (SQL injection vulnerability in Blue Eye CMS 1.0.0 and earlier, when ...) NOT-FOR-US: blue_eye_cms CVE-2009-0884 (Buffer overflow in FileZilla Server before 0.9.31 allows remote ...) NOT-FOR-US: filezilla_server CVE-2009-0885 (Multiple heap-based buffer overflows in Media Commands 1.0 allow ...) NOT-FOR-US: mediacommands media_commands CVE-2009-0886 (Directory traversal vulnerability in login.php in OneOrZero Helpdesk ...) NOT-FOR-US: oneorzero_helpdesk CVE-2009-0887 (Integer signedness error in the _pam_StrTok function in ...) BUG: 261512 CVE-2009-0888 (Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and ...) BUG: 273908 CVE-2009-0889 (Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and ...) BUG: 273908 CVE-2009-0890 RESERVED CVE-2009-0891 (The Web Services Security component in IBM WebSphere Application ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2009-0892 (The administrative console in IBM WebSphere Application Server (WAS) ...) NOT-FOR-US: ibm websphere_application_server CVE-2009-0893 (Multiple heap-based buffer overflows in xvidcore/src/decoder.c in the ...) BUG: 271786 CVE-2009-0894 (Heap-based buffer overflow in the decoder_create function in the ...) BUG: 271786 CVE-2009-0895 (Integer overflow in Novell eDirectory 8.7.3.x before 8.7.3.10 ftf2 and ...) NOT-FOR-US: novell edirectory CVE-2009-0896 (Buffer overflow in the queue manager in IBM WebSphere MQ 6.x before ...) NOT-FOR-US: ibm websphere_mq CVE-2009-0897 (IBM WebSphere Partner Gateway (WPG) 6.1.0 before 6.1.0.1 and 6.1.1 ...) NOT-FOR-US: ibm websphere_partner_gateway CVE-2009-0898 (Stack-based buffer overflow in HP OpenView Network Node Manager (OV ...) NOT-FOR-US: hp openview_network_node_manager CVE-2009-0899 (IBM WebSphere Application Server (WAS) 6.1 through 6.1.0.24 and 7.0 ...) NOT-FOR-US: ibm websphere_portal CVE-2009-0900 RESERVED CVE-2009-0901 (The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 ...) NOT-FOR-US: microsoft visual_studio_ net CVE-2009-0902 RESERVED CVE-2009-0903 (IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.3, and the ...) NOT-FOR-US: ibm websphere_application_server CVE-2009-0904 (The IBM Stax XMLStreamWriter in the Web Services component in IBM ...) NOT-FOR-US: Web Services component in IBM WebSphere Application Server WAS CVE-2009-0905 RESERVED CVE-2009-0906 (The Service Component Architecture (SCA) feature pack for IBM ...) NOT-FOR-US: ibm websphere_application_server CVE-2009-0907 REJECTED CVE-2009-0908 (Unspecified vulnerability in the ACE shared folders implementation in ...) NOT-FOR-US: vmware ace CVE-2009-0909 (Heap-based buffer overflow in the VNnc Codec in VMware Workstation ...) BUG: 265139 CVE-2009-0910 (Heap-based buffer overflow in the VNnc Codec in VMware Workstation ...) BUG: 265139 CVE-2009-0911 RESERVED CVE-2009-0912 (perl-MDK-Common 1.1.11 and 1.1.24, 1.2.9 through 1.2.14, and possibly ...) NOT-FOR-US: mdk CVE-2009-0913 (Unspecified vulnerability in the keysock kernel module in Solaris 10 ...) NOT-FOR-US: sun solaris CVE-2009-0914 (Opera before 9.64 allows remote attackers to execute arbitrary code ...) BUG: 261032 CVE-2009-0915 (Opera before 9.64 allows remote attackers to conduct cross-domain ...) BUG: 261032 CVE-2009-0916 (Unspecified vulnerability in Opera before 9.64 has unknown impact and ...) BUG: 261032 CVE-2009-0917 (Cross-site scripting (XSS) vulnerability in DFLabs PTK 1.0.0 through ...) NOT-FOR-US: DFLabs PTK CVE-2009-0918 (Multiple unspecified vulnerabilities in DFLabs PTK 1.0.0 through 1.0.4 ...) NOT-FOR-US: DFLabs PTK CVE-2009-0919 (XAMPP installs multiple packages with insecure default passwords, ...) NOT-FOR-US: DFLabs PTK CVE-2009-0920 (Stack-based buffer overflow in OvCgi/Toolbar.exe in HP OpenView ...) NOT-FOR-US: HP OpenView Network Node Manager OV NNM CVE-2009-0921 (Multiple heap-based buffer overflows in OvCgi/Toolbar.exe in HP ...) NOT-FOR-US: HP OpenView Network Node Manager OV NNM CVE-2009-0922 (PostgreSQL before 8.3.7, 8.2.13, 8.1.17, 8.0.21, and 7.4.25 allows ...) BUG: 261223 CVE-2009-0923 (Unspecified vulnerability in Kerberos Incremental Propagation in ...) NOT-FOR-US: sun solaris CVE-2009-0924 (Unspecified vulnerability in Sun OpenSolaris snv_39 through snv_45, ...) NOT-FOR-US: sun solaris CVE-2009-0925 (Unspecified vulnerability in Sun Solaris 10 on SPARC sun4v systems, ...) NOT-FOR-US: Sun Solaris CVE-2009-0926 (Unspecified vulnerability in the UFS filesystem functionality in Sun ...) NOT-FOR-US: sun solaris CVE-2009-0927 (Stack-based buffer overflow in Adobe Reader and Adobe Acrobat 9 before ...) BUG: 259992 CVE-2009-0928 (Heap-based buffer overflow in Adobe Acrobat Reader and Acrobat ...) BUG: 259992 CVE-2009-0929 (Directory traversal vulnerability in the media manager in Nucleus CMS ...) NOT-FOR-US: nucleus_group nucleus_cms CVE-2009-0930 (Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP ...) BUG: 262976 CVE-2009-0931 (Cross-site scripting (XSS) vulnerability in the tag cloud search ...) BUG: 262978 CVE-2009-0932 (Directory traversal vulnerability in framework/Image/Image.php in ...) BUG: 262978 CVE-2009-0933 (Cross-site scripting (XSS) vulnerability in the administrative ...) NOT-FOR-US: dotclear CVE-2009-0934 (Cross-site scripting (XSS) vulnerability in ejabberd before 2.0.4 ...) BUG: 262696 CVE-2009-0935 (The inotify_read function in the Linux kernel 2.6.27 to 2.6.27.13, ...) BUG: 262979 CVE-2009-0936 (Unspecified vulnerability in Tor before 0.2.0.34 allows attackers to ...) BUG: 258833 CVE-2009-0937 (Unspecified vulnerability in Tor before 0.2.0.34 allows directory ...) BUG: 258833 CVE-2009-0938 (Unspecified vulnerability in Tor before 0.2.0.34 allows directory ...) BUG: 258833 CVE-2009-0939 (Tor before 0.2.0.34 treats incomplete IPv4 addresses as valid, which ...) BUG: 258833 CVE-2009-0940 (Multiple cross-site request forgery (CSRF) vulnerabilities in the HP ...) NOT-FOR-US: HP CVE-2009-0941 (The HP Embedded Web Server (EWS) on HP LaserJet Printers, Edgeline ...) NOT-FOR-US: HP CVE-2009-0942 (Help Viewer in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not ...) NOT-FOR-US: apple mac_os_x_server CVE-2009-0943 (Help Viewer in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not ...) NOT-FOR-US: apple mac_os_x_server CVE-2009-0944 (The Microsoft Office Spotlight Importer in Spotlight in Apple Mac OS X ...) NOT-FOR-US: apple mac_os_x_server CVE-2009-0945 (Array index error in the insertItemBefore method in WebKit, as used in ...) BUG: 271861 BUG: 271863 CVE-2009-0946 (Multiple integer overflows in FreeType 2.3.9 and earlier allow remote ...) BUG: 263032 CVE-2009-0947 RESERVED CVE-2009-0948 RESERVED CVE-2009-0949 (The ippReadIO function in cups/ipp.c in cupsd in CUPS before 1.3.10 ...) BUG: 273911 CVE-2009-0950 (Stack-based buffer overflow in Apple iTunes before 8.2 allows remote ...) NOT-FOR-US: apple itunes CVE-2009-0951 (Heap-based buffer overflow in Apple QuickTime before 7.6.2 allows ...) NOT-FOR-US: apple quicktime CVE-2009-0952 (Buffer overflow in Apple QuickTime before 7.6.2 allows remote ...) NOT-FOR-US: apple quicktime CVE-2009-0953 (Heap-based buffer overflow in Apple QuickTime before 7.6.2 allows ...) NOT-FOR-US: apple quicktime CVE-2009-0954 (Heap-based buffer overflow in Apple QuickTime before 7.6.2 on Windows ...) NOT-FOR-US: apple quicktime CVE-2009-0955 (Apple QuickTime before 7.6.2 allows remote attackers to execute ...) NOT-FOR-US: apple quicktime CVE-2009-0956 (Apple QuickTime before 7.6.2 does not properly initialize memory ...) NOT-FOR-US: apple quicktime CVE-2009-0957 (Heap-based buffer overflow in Apple QuickTime before 7.6.2 allows ...) NOT-FOR-US: apple quicktime CVE-2009-0958 (Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 ...) NOT-FOR-US: apple iphone_os CVE-2009-0959 (The MPEG-4 video codec in Apple iPhone OS 1.0 through 2.2.1 and iPhone ...) NOT-FOR-US: apple iphone_os CVE-2009-0960 (The Mail component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS ...) NOT-FOR-US: apple iphone_os CVE-2009-0961 (The Mail component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS ...) NOT-FOR-US: apple iphone_os CVE-2009-0962 (Unspecified vulnerability in Futomi's CGI Cafe MP Form Mail CGI ...) NOT-FOR-US: futomi mp_form_mail_cgi CVE-2009-0963 (Multiple SQL injection vulnerabilities in PHPRunner 4.2, and possibly ...) NOT-FOR-US: xlinesoft phprunner CVE-2009-0964 (UserView_list.php in PHPRunner 4.2, and possibly earlier, stores ...) NOT-FOR-US: xlinesoft phprunner CVE-2009-0965 (SQL injection vulnerability in functions/browse.php in Ganesha Digital ...) NOT-FOR-US: ismail_fahmi ganesha_digital_library CVE-2009-0966 (PHP remote file inclusion vulnerability in cross.php in YABSoft Mega ...) NOT-FOR-US: yabsoft mega_file_hosting_script CVE-2009-0967 (The FTP server in Serv-U 7.0.0.1 through 7.4.0.1 allows remote ...) NOT-FOR-US: serv u_file_server CVE-2009-0968 (SQL injection vulnerability in fmoblog.php in the fMoblog plugin 2.1 ...) NOT-FOR-US: wordpress fmoblog_plugin CVE-2009-0969 (Cross-site request forgery (CSRF) vulnerability in ...) NOT-FOR-US: phpfox CVE-2009-0970 (PHP remote file inclusion vulnerability in includes/class_image.php in ...) NOT-FOR-US: phpprobid CVE-2009-0971 (Cross-site scripting (XSS) vulnerability in futomi's CGI Cafe Access ...) NOT-FOR-US: futomi access_analyzer_cgi CVE-2009-0972 (Unspecified vulnerability in the Workspace Manager component in Oracle ...) NOT-FOR-US: oracle database_9i CVE-2009-0973 (Unspecified vulnerability in the Cluster Ready Services component in ...) NOT-FOR-US: oracle database_10g CVE-2009-0974 (Unspecified vulnerability in the Portal component in Oracle ...) NOT-FOR-US: oracle application_server_10g CVE-2009-0975 (Unspecified vulnerability in the Workspace Manager component in Oracle ...) NOT-FOR-US: oracle database_11g CVE-2009-0976 (Unspecified vulnerability in the Workspace Manager component in Oracle ...) NOT-FOR-US: oracle database_11g CVE-2009-0977 (Unspecified vulnerability in the Advanced Queuing component in Oracle ...) NOT-FOR-US: oracle database_9i CVE-2009-0978 (Unspecified vulnerability in the Workspace Manager component in Oracle ...) NOT-FOR-US: oracle database_11g CVE-2009-0979 (Unspecified vulnerability in the Resource Manager component in Oracle ...) NOT-FOR-US: oracle database_9i CVE-2009-0980 (Unspecified vulnerability in the SQLX Functions component in Oracle ...) NOT-FOR-US: oracle database_11g CVE-2009-0981 (Unspecified vulnerability in the Application Express component in ...) NOT-FOR-US: oracle database_11g CVE-2009-0982 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...) NOT-FOR-US: oracle peoplesoft_enterprise CVE-2009-0983 (Unspecified vulnerability in the Portal component in Oracle ...) NOT-FOR-US: oracle application_server_10g CVE-2009-0984 (Unspecified vulnerability in the Database Vault component in Oracle ...) NOT-FOR-US: oracle database_9i CVE-2009-0985 (Unspecified vulnerability in the Core RDBMS component in Oracle ...) NOT-FOR-US: oracle database_11g CVE-2009-0986 (Unspecified vulnerability in the Workspace Manager component in Oracle ...) NOT-FOR-US: oracle database_11g CVE-2009-0987 (Unspecified vulnerability in the Upgrade component in Oracle Database ...) NOT-FOR-US: oracle database_server CVE-2009-0988 (Unspecified vulnerability in the Password Policy component in Oracle ...) NOT-FOR-US: oracle database_11g CVE-2009-0989 (Unspecified vulnerability in the BI Publisher component in Oracle ...) NOT-FOR-US: oracle application_server_10g CVE-2009-0990 (Unspecified vulnerability in the BI Publisher component in Oracle ...) NOT-FOR-US: oracle application_server_10g CVE-2009-0991 (Unspecified vulnerability in the Listener component in Oracle Database ...) NOT-FOR-US: oracle database_9i CVE-2009-0992 (Unspecified vulnerability in the Advanced Queuing component in Oracle ...) NOT-FOR-US: oracle database_11g CVE-2009-0993 (Unspecified vulnerability in the OPMN component in Oracle Application ...) NOT-FOR-US: oracle application_server_10g CVE-2009-0994 (Unspecified vulnerability in the BI Publisher component in Oracle ...) NOT-FOR-US: oracle application_server_10g CVE-2009-0995 (Unspecified vulnerability in the Oracle Applications Framework ...) NOT-FOR-US: oracle e business_suite_12 CVE-2009-0996 (Unspecified vulnerability in the BI Publisher component in Oracle ...) NOT-FOR-US: oracle application_server_10g CVE-2009-0997 (Unspecified vulnerability in the Database Vault component in Oracle ...) NOT-FOR-US: oracle database_11g CVE-2009-0998 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS - ...) NOT-FOR-US: oracle peoplesoft_enterprise CVE-2009-0999 (Unspecified vulnerability in the Oracle Application Object Library ...) NOT-FOR-US: oracle e business_suite_12 CVE-2009-1000 (The Oracle Applications Framework component in Oracle E-Business Suite ...) NOT-FOR-US: oracle e business_suite CVE-2009-1001 (Unspecified vulnerability in Oracle BEA WebLogic Portal 8.1 Gold ...) NOT-FOR-US: oracle bea_product_suite CVE-2009-1002 (Unspecified vulnerability in Oracle BEA WebLogic Server 10.3, 10.0 ...) NOT-FOR-US: oracle bea_product_suite CVE-2009-1003 (Unspecified vulnerability in the WebLogic Server component in BEA ...) NOT-FOR-US: oracle bea_product_suite CVE-2009-1004 (Unspecified vulnerability in the WebLogic Server component in BEA ...) NOT-FOR-US: oracle bea_product_suite CVE-2009-1005 (Unspecified vulnerability in the Oracle Data Service Integrator ...) NOT-FOR-US: oracle bea_product_suite CVE-2009-1006 (Unspecified vulnerability in the JRockit component in BEA Product ...) NOT-FOR-US: oracle jrockit CVE-2009-1007 (Unspecified vulnerability in the Data Mining component in Oracle ...) NOT-FOR-US: oracle database_server CVE-2009-1008 (Unspecified vulnerability in the Outside In Technology component in ...) NOT-FOR-US: oracle application_server CVE-2009-1009 (Unspecified vulnerability in the Outside In Technology component in ...) NOT-FOR-US: oracle application_server CVE-2009-1010 (Unspecified vulnerability in the Outside In Technology component in ...) NOT-FOR-US: oracle application_server CVE-2009-1011 (Unspecified vulnerability in the Outside In Technology component in ...) NOT-FOR-US: oracle application_server CVE-2009-1012 (Unspecified vulnerability in the plug-ins for Apache and IIS web ...) NOT-FOR-US: oracle bea_product_suite CVE-2009-1013 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...) NOT-FOR-US: oracle peoplesoft_enterprise CVE-2009-1014 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...) NOT-FOR-US: oracle peoplesoft_enterprise CVE-2009-1015 (Unspecified vulnerability in the Core RDBMS component in Oracle ...) NOT-FOR-US: oracle database_server CVE-2009-1016 (Unspecified vulnerability in the WebLogic Server component in BEA ...) NOT-FOR-US: oracle bea_product_suite CVE-2009-1017 (Unspecified vulnerability in the BI Publisher component in Oracle ...) NOT-FOR-US: oracle application_server_10g CVE-2009-1018 (Unspecified vulnerability in the Workspace Manager component in Oracle ...) NOT-FOR-US: oracle database_server CVE-2009-1019 (Unspecified vulnerability in the Network Authentication component in ...) NOT-FOR-US: oracle database_server CVE-2009-1020 (Unspecified vulnerability in the Network Foundation component in ...) NOT-FOR-US: oracle database_server CVE-2009-1021 (Unspecified vulnerability in the Advanced Replication component in ...) NOT-FOR-US: oracle database_server CVE-2009-1022 (Heap-based buffer overflow in the Preview/ Set Segment function in ...) NOT-FOR-US: gomlab gom_encoder CVE-2009-1023 (SQL injection vulnerability in index.php in phpComasy 0.9.1 allows ...) NOT-FOR-US: phpcomasy CVE-2009-1024 (Multiple SQL injection vulnerabilities in Beerwin PHPLinkAdmin 1.0 ...) NOT-FOR-US: beerwin phplinkadmin CVE-2009-1025 (PHP remote file inclusion vulnerability in linkadmin.php in Beerwin ...) NOT-FOR-US: beerwin phplinkadmin CVE-2009-1026 (Multiple SQL injection vulnerabilities in login.php in Kim Websites ...) NOT-FOR-US: kim websites CVE-2009-1027 (SQL injection vulnerability in OpenCart 1.1.8 allows remote attackers ...) NOT-FOR-US: opencart CVE-2009-1028 (Stack-based buffer overflow in ediSys eZip Wizard 3.0 allows remote ...) NOT-FOR-US: edisys ezip_wizard CVE-2009-1029 (Stack-based buffer overflow in POP Peeper 3.4.0.0 and earlier allows ...) NOT-FOR-US: poppeeper pop_peeper CVE-2009-1030 (Cross-site scripting (XSS) vulnerability in the choose_primary_blog ...) NOT-FOR-US: wordpress_mu CVE-2009-1031 (Directory traversal vulnerability in the FTP server in Rhino Software ...) NOT-FOR-US: rhinosoft serv u CVE-2009-1032 (SQL injection vulnerability in gallery_list.php in YABSoft Advanced ...) NOT-FOR-US: yabsoft advanced_image_hosting_script CVE-2009-1033 (SQL injection vulnerability in misc.php in DeluxeBB 1.3 and earlier ...) NOT-FOR-US: deluxebb CVE-2009-1034 (SQL injection vulnerability in the Tasklist module 5.x-1.x before ...) NOT-FOR-US: drupal tasklist CVE-2009-1035 (Cross-site scripting (XSS) vulnerability in the Tasklist module ...) NOT-FOR-US: drupal tasklist CVE-2009-1036 (Cross-site request forgery (CSRF) vulnerability in the Plus 1 module ...) NOT-FOR-US: drupal plus1 CVE-2009-1037 (Unspecified vulnerability in the Send by e-mail module in the ...) NOT-FOR-US: Drupal module CVE-2009-1038 (Multiple SQL injection vulnerabilities in YAP Blog 1.1.1 allow remote ...) NOT-FOR-US: YAP Blog CVE-2009-1039 (Buffer overflow in CDex 1.70b2 allows remote attackers to execute ...) NOT-FOR-US: CDex CVE-2009-1040 (Buffer overflow in WinAsm Studio 5.1.5.0 allows user-assisted remote ...) NOT-FOR-US: WinAsm Studio CVE-2009-1041 (The ktimer feature (sys/kern/kern_time.c) in FreeBSD 7.0, 7.1, and 7.2 ...) BUG: 263844 CVE-2009-1042 (Unspecified vulnerability in Apple Safari on Mac OS X 10.5.6 allows ...) NOT-FOR-US: apple safari CVE-2009-1043 (Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows ...) NOT-FOR-US: microsoft windows CVE-2009-1044 (Mozilla Firefox 3.0.7 on Windows 7 allows remote attackers to execute ...) BUG: 262704 CVE-2009-1045 (requests/status.xml in VLC 0.9.8a allows remote attackers to cause a ...) BUG: 262708 CVE-2009-1046 (The console selection feature in the Linux kernel 2.6.28 before ...) BUG: 263788 CVE-2009-1047 (Cross-site scripting (XSS) vulnerability in the Send by e-mail module ...) NOT-FOR-US: we do not ship this module CVE-2009-1048 (The web interface on the snom VoIP phones snom 300, snom 320, snom ...) NOT-FOR-US: snom_320_linux CVE-2009-1049 (SQL injection vulnerability in articleCall.php in Bloginator 1A allows ...) NOT-FOR-US: Bloginator CVE-2009-1050 (Bloginator 1A allows remote attackers to bypass authentication and ...) NOT-FOR-US: kamads bloginator CVE-2009-1051 (FubarForum 1.6 and earlier stores sensitive information under the web ...) NOT-FOR-US: chaozz fubarforum CVE-2009-1052 (FireAnt 1.3 and earlier stores sensitive information under the web ...) NOT-FOR-US: chaozz fireant CVE-2009-1053 (chaozzDB 1.2 and earlier stores sensitive information under the web ...) NOT-FOR-US: chaozzDB CVE-2009-1054 (Unspecified vulnerability in JustSystems Ichitaro 13, 2004 through ...) NOT-FOR-US: ichitaro CVE-2009-1055 (Unspecified vulnerability in the web service in Sitecore CMS 5.3.1 ...) NOT-FOR-US: sitecore cms CVE-2009-1056 (IBM Rational AppScan Enterprise before 5.5 FP1 allows remote attackers ...) NOT-FOR-US: ibm rational_appscan CVE-2009-1057 (MicroSmarts Enterprise ZipItFast! 3.0 allows remote attackers to ...) NOT-FOR-US: microsmarts zipitfast CVE-2009-1058 (Stack-based buffer overflow in ZipGenius might allow remote attackers ...) NOT-FOR-US: zipgenius CVE-2009-1059 (Stack-based buffer overflow in Trident PowerZip 7.2 might allow remote ...) NOT-FOR-US: powerzip CVE-2009-1060 (Unspecified vulnerability in Apple Safari on Mac OS X 10.5.6 allows ...) NOT-FOR-US: apple safari CVE-2009-1061 (Unspecified vulnerability in Adobe Acrobat Reader 9 before 9.1, 8 ...) BUG: 259992 CVE-2009-1062 (Adobe Acrobat Reader 9 before 9.1, 8 before 8.1.4, and 7 before 7.1.1 ...) BUG: 259992 CVE-2009-1063 (Buffer overflow in eXeScope 6.50 allows user-assisted remote attackers ...) NOT-FOR-US: eXeScope CVE-2009-1064 (Argument injection vulnerability in orbitmxt.dll 2.1.0.2 in the Orbit ...) NOT-FOR-US: orbitmxt dll CVE-2009-1065 (SQL injection vulnerability in index.php in Pixie CMS 1.01a allows ...) NOT-FOR-US: Pixie CMS CVE-2009-1066 (SQL injection vulnerability in the referral function in ...) NOT-FOR-US: Pixie CMS CVE-2009-1067 (Cross-site scripting (XSS) vulnerability in index.php in Pixie CMS ...) NOT-FOR-US: Pixie CMS CVE-2009-1068 (Stack-based buffer overflow in BS.Player (bsplayer) 2.32 Build 975 ...) NOT-FOR-US: BS Player bsplayer CVE-2009-1069 (Multiple cross-site scripting (XSS) vulnerabilities in the node edit ...) NOT-FOR-US: we do not ship this module CVE-2009-1070 (Cross-site scripting (XSS) vulnerability in system/index.php in ...) NOT-FOR-US: ExpressionEngine CVE-2009-1071 (Stack-based buffer overflow in Icarus 2.0 allows remote attackers to ...) NOT-FOR-US: Icarus CVE-2009-1072 (nfsd in the Linux kernel before 2.6.28.9 does not drop the CAP_MKNOD ...) BUG: 264436 CVE-2009-1073 (nss-ldapd before 0.6.8 uses world-readable permissions for the ...) BUG: 264574 CVE-2009-1074 (Sun Java System Identity Manager (IdM) 7.0 through 8.0 does not use ...) NOT-FOR-US: sun java_system_identity_manager CVE-2009-1075 (Sun Java System Identity Manager (IdM) 7.0 through 8.0 responds ...) NOT-FOR-US: Sun CVE-2009-1076 (Sun Java System Identity Manager (IdM) 7.0 through 8.0 responds ...) NOT-FOR-US: Sun CVE-2009-1077 (The Change My Password implementation in the admin interface in Sun ...) NOT-FOR-US: admin interface in Sun Java System Identity Manager IdM CVE-2009-1078 (Sun Java System Identity Manager (IdM) 7.0 through 8.0 does not ...) NOT-FOR-US: Sun CVE-2009-1079 (Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System ...) NOT-FOR-US: Sun Java System Identity Manager IdM CVE-2009-1080 (Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System ...) NOT-FOR-US: Sun Java System Identity Manager IdM CVE-2009-1081 (Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System ...) NOT-FOR-US: Sun Java System Identity Manager IdM CVE-2009-1082 (Sun Java System Identity Manager (IdM) 7.0 through 8.0 allows remote ...) NOT-FOR-US: Sun CVE-2009-1083 (Sun Java System Identity Manager (IdM) 7.0 through 8.0 on Linux, AIX, ...) NOT-FOR-US: passwords CVE-2009-1084 (Sun Java System Identity Manager (IdM) 7.0 through 8.0 does not ...) NOT-FOR-US: Sun CVE-2009-1085 (Piwik 0.2.32 and earlier stores sensitive information under the web ...) NOT-FOR-US: Piwik CVE-2009-1086 (Heap-based buffer overflow in the ldns_rr_new_frm_str_internal ...) NOT-FOR-US: nlnetlabs ldns CVE-2009-1087 (Multiple argument injection vulnerabilities in PPLive.exe in PPLive ...) NOT-FOR-US: PPLive CVE-2009-1088 (Hannon Hill Cascade Server 5.7 and other versions allows remote ...) NOT-FOR-US: Hannon CVE-2009-1089 (Absolute path traversal vulnerability in upload.php in Rapidleech ...) NOT-FOR-US: rapidleech rapid_leech CVE-2009-1090 (Directory traversal vulnerability in upload.php in Rapidleech rev.36 ...) NOT-FOR-US: Rapidleech CVE-2009-1091 (Cross-site scripting (XSS) vulnerability in upload.php in Rapidleech ...) NOT-FOR-US: rapidleech rapid_leech CVE-2009-1092 (Use-after-free vulnerability in the LIVEAUDIO.LiveAudioCtrl.1 ActiveX ...) NOT-FOR-US: LIVEAUDIO LiveAudioCtrl 1 CVE-2009-1093 (LdapCtx in the LDAP service in Java SE Development Kit (JDK) and Java ...) BUG: 263810 CVE-2009-1094 (Unspecified vulnerability in the LDAP implementation in Java SE ...) BUG: 263810 CVE-2009-1095 (Integer overflow in unpack200 in Java SE Development Kit (JDK) and ...) BUG: 263810 CVE-2009-1096 (Buffer overflow in unpack200 in Java SE Development Kit (JDK) and Java ...) BUG: 263810 CVE-2009-1097 (Multiple buffer overflows in Java SE Development Kit (JDK) and Java ...) BUG: 263810 CVE-2009-1098 (Buffer overflow in Java SE Development Kit (JDK) and Java Runtime ...) BUG: 263810 CVE-2009-1099 (Integer signedness error in Java SE Development Kit (JDK) and Java ...) BUG: 263810 CVE-2009-1100 (Multiple unspecified vulnerabilities in Java SE Development Kit (JDK) ...) BUG: 263810 CVE-2009-1101 (Unspecified vulnerability in the lightweight HTTP server ...) BUG: 263810 CVE-2009-1102 (Unspecified vulnerability in the Virtual Machine in Java SE ...) BUG: 263810 CVE-2009-1103 (Unspecified vulnerability in the Java Plug-in in Java SE Development ...) BUG: 263810 CVE-2009-1104 (The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime ...) BUG: 263810 CVE-2009-1105 (The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime ...) BUG: 263810 CVE-2009-1106 (The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime ...) BUG: 263810 CVE-2009-1107 (The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime ...) BUG: 263810 CVE-2009-1108 RESERVED CVE-2009-1109 RESERVED CVE-2009-1110 RESERVED CVE-2009-1111 RESERVED CVE-2009-1112 RESERVED CVE-2009-1113 RESERVED CVE-2009-1114 RESERVED CVE-2009-1115 RESERVED CVE-2009-1116 RESERVED CVE-2009-1117 RESERVED CVE-2009-1118 RESERVED CVE-2009-1119 (Multiple heap-based buffer overflows in EMC RepliStor 6.2 before SP5 ...) NOT-FOR-US: EMC RepliStor CVE-2009-1120 RESERVED CVE-2009-1121 RESERVED CVE-2009-1122 (The WebDAV extension in Microsoft Internet Information Services (IIS) ...) NOT-FOR-US: Microsoft Internet Information Services IIS CVE-2009-1123 (The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 ...) NOT-FOR-US: Microsoft Windows CVE-2009-1124 (The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 ...) NOT-FOR-US: Microsoft Windows CVE-2009-1125 (The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 ...) NOT-FOR-US: Microsoft Windows CVE-2009-1126 (The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server ...) NOT-FOR-US: Microsoft Windows CVE-2009-1127 (win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and ...) NOT-FOR-US: microsoft windows_xp CVE-2009-1128 (Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows ...) NOT-FOR-US: microsoft office_powerpoint CVE-2009-1129 (Multiple stack-based buffer overflows in the PowerPoint 95 importer ...) NOT-FOR-US: microsoft office_powerpoint CVE-2009-1130 (Heap-based buffer overflow in Microsoft Office PowerPoint 2002 SP3 and ...) NOT-FOR-US: microsoft office_powerpoint CVE-2009-1131 (Multiple stack-based buffer overflows in Microsoft Office PowerPoint ...) NOT-FOR-US: microsoft office_powerpoint CVE-2009-1132 (Heap-based buffer overflow in the Wireless LAN AutoConfig Service (aka ...) NOT-FOR-US: microsoft windows_vista CVE-2009-1133 (Heap-based buffer overflow in Microsoft Remote Desktop Connection ...) NOT-FOR-US: microsoft windows_xp CVE-2009-1134 (Excel in 2007 Microsoft Office System SP1 and SP2; Microsoft Office ...) NOT-FOR-US: 2007 CVE-2009-1135 (Microsoft Internet Security and Acceleration (ISA) Server 2006 Gold ...) NOT-FOR-US: Microsoft CVE-2009-1136 (The Microsoft Office Web Components Spreadsheet ActiveX control (aka ...) NOT-FOR-US: Office CVE-2009-1137 (Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows ...) NOT-FOR-US: microsoft office_powerpoint CVE-2009-1138 (The LDAP service in Active Directory on Microsoft Windows 2000 SP4 ...) NOT-FOR-US: Active Directory on Microsoft Windows CVE-2009-1139 (Memory leak in the LDAP service in Active Directory on Microsoft ...) NOT-FOR-US: LDAP service in Active Directory on Microsoft Windows CVE-2009-1140 (Microsoft Internet Explorer 5.01 SP4; 6 SP1; 6 and 7 for Windows XP ...) NOT-FOR-US: Microsoft CVE-2009-1141 (Microsoft Internet Explorer 6 for Windows XP SP2 and SP3 and Server ...) NOT-FOR-US: Microsoft CVE-2009-1142 RESERVED CVE-2009-1143 RESERVED CVE-2009-1144 (Untrusted search path vulnerability in the Gentoo package of Xpdf ...) BUG: 242930 CVE-2009-1145 RESERVED CVE-2009-1146 (Unspecified vulnerability in an ioctl in hcmon.sys in VMware ...) NOT-FOR-US: Windows only CVE-2009-1147 (Unspecified vulnerability in vmci.sys in the Virtual Machine ...) NOT-FOR-US: Windows only CVE-2009-1148 (Directory traversal vulnerability in bs_disp_as_mime_type.php in the ...) BUG: 263711 CVE-2009-1149 (CRLF injection vulnerability in bs_disp_as_mime_type.php in the BLOB ...) BUG: 263711 CVE-2009-1150 (Multiple cross-site scripting (XSS) vulnerabilities in the export page ...) BUG: 263711 CVE-2009-1151 (Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x ...) BUG: 263711 CVE-2009-1152 (Siemens Gigaset SE461 WiMAX router 1.5-BL024.9.6401, and possibly ...) NOT-FOR-US: siemens gigaset_wimax_router CVE-2009-1153 RESERVED CVE-2009-1154 (Cisco IOS XR 3.8.1 and earlier allows remote attackers to cause a ...) NOT-FOR-US: cisco ios_xr CVE-2009-1155 (Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security ...) NOT-FOR-US: cisco pix CVE-2009-1156 (Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) ...) NOT-FOR-US: cisco pix CVE-2009-1157 (Memory leak on Cisco Adaptive Security Appliances (ASA) 5500 Series ...) NOT-FOR-US: cisco pix CVE-2009-1158 (Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) ...) NOT-FOR-US: cisco pix CVE-2009-1159 (Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) ...) NOT-FOR-US: cisco pix CVE-2009-1160 (Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security ...) NOT-FOR-US: cisco pix CVE-2009-1161 (Directory traversal vulnerability in the TFTP service in Cisco ...) NOT-FOR-US: cisco unified_service_monitor CVE-2009-1162 (Cross-site scripting (XSS) vulnerability in the Spam Quarantine login ...) NOT-FOR-US: cisco ironport_asyncos CVE-2009-1163 (Memory leak on the Cisco Physical Access Gateway with software before ...) NOT-FOR-US: cisco physical_access_gateway CVE-2009-1164 (The administrative web interface on the Cisco Wireless LAN Controller ...) NOT-FOR-US: cisco_4400_wireless_lan_controller CVE-2009-1165 (Memory leak on the Cisco Wireless LAN Controller (WLC) platform 4.x ...) NOT-FOR-US: cisco_4400_wireless_lan_controller CVE-2009-1166 (The administrative web interface on the Cisco Wireless LAN Controller ...) NOT-FOR-US: cisco catalyst CVE-2009-1167 (Unspecified vulnerability on the Cisco Wireless LAN Controller (WLC) ...) NOT-FOR-US: cisco_4400_wireless_lan_controller CVE-2009-1168 (Cisco IOS 12.0(32)S12 through 12.0(32)S13 and 12.0(33)S3 through ...) NOT-FOR-US: cisco ios_xe CVE-2009-1169 (The txMozillaXSLTProcessor::TransformToDoc function in Mozilla Firefox ...) BUG: 262704 CVE-2009-1170 (Unspecified vulnerability in Sun OpenSolaris snv_100 through snv_101 ...) NOT-FOR-US: sun opensolaris CVE-2009-1171 (The TeX filter in Moodle 1.6 before 1.6.9+, 1.7 before 1.7.7+, 1.8 ...) NOT-FOR-US: Moodle CVE-2009-1172 (The JAX-RPC WS-Security runtime in the Web Services Security component ...) NOT-FOR-US: ibm websphere_application_server CVE-2009-1173 (IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.3 uses weak ...) NOT-FOR-US: ibm websphere_application_server CVE-2009-1174 (The Web Services Security component in IBM WebSphere Application ...) NOT-FOR-US: ibm websphere_application_server CVE-2009-1175 (Cross-site scripting (XSS) vulnerability in apps/web/vs_diag.cgi in ...) BUG: 264568 CVE-2009-1176 (mapserv.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before ...) BUG: 264563 CVE-2009-1177 (Multiple stack-based buffer overflows in maptemplate.c in mapserv in ...) BUG: 264563 CVE-2009-1178 (Unspecified vulnerability in the server in IBM Tivoli Storage Manager ...) NOT-FOR-US: ibm tivoli_storage_manager CVE-2009-1179 (Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, ...) BUG: 263028 CVE-2009-1180 (The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, ...) BUG: 263028 CVE-2009-1181 (The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, ...) BUG: 263028 CVE-2009-1182 (Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf 3.02pl2 and ...) BUG: 263028 CVE-2009-1183 (The JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and ...) BUG: 263028 CVE-2009-1184 (The selinux_ip_postroute_iptables_compat function in ...) BUG: 268875 CVE-2009-1185 (udev before 1.4.1 does not verify whether a NETLINK message originates ...) BUG: 266290 CVE-2009-1186 (Buffer overflow in the util_path_encode function in ...) BUG: 266290 CVE-2009-1187 (Integer overflow in the JBIG2 decoding feature in Poppler before ...) BUG: 263028 CVE-2009-1188 (Integer overflow in the JBIG2 decoding feature in the ...) BUG: 263028 CVE-2009-1189 (The _dbus_validate_signature_with_reason function ...) BUG: 266443 CVE-2009-1190 (Algorithmic complexity vulnerability in the ...) NOT-FOR-US: Spring Framework CVE-2009-1191 (mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server ...) BUG: 268154 CVE-2009-1192 (The (1) agp_generic_alloc_page and (2) agp_generic_alloc_pages ...) BUG: 270328 CVE-2009-1193 RESERVED CVE-2009-1194 (Integer overflow in the pango_glyph_string_set_size function in ...) BUG: 268976 CVE-2009-1195 (The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not ...) BUG: 271470 CVE-2009-1196 (The directory-services functionality in the scheduler in CUPS 1.1.17 ...) NOT-FOR-US: Our current versions do have the fix, we do not have 1.1.x anymore CVE-2009-1197 RESERVED CVE-2009-1198 RESERVED CVE-2009-1199 RESERVED CVE-2009-1200 RESERVED CVE-2009-1201 (Eval injection vulnerability in the csco_wrap_js function in ...) NOT-FOR-US: cisco adaptive_security_appliance CVE-2009-1202 (WebVPN on the Cisco Adaptive Security Appliances (ASA) device with ...) NOT-FOR-US: cisco adaptive_security_appliance CVE-2009-1203 (WebVPN on the Cisco Adaptive Security Appliances (ASA) device with ...) NOT-FOR-US: cisco adaptive_security_appliance CVE-2009-1204 (Cross-site scripting (XSS) vulnerability in TikiWiki (Tiki) ...) BUG: 264570 CVE-2009-1205 REJECTED NOT-FOR-US: sapgui CVE-2009-1206 (Unspecified vulnerability in futomi's CGI Cafe Access Analyzer CGI ...) NOT-FOR-US: futomi cgi_cafe_access_analyzer_cgi CVE-2009-1207 (Race condition in the dircmp script in Sun Solaris 8 through 10, and ...) NOT-FOR-US: sun opensolaris CVE-2009-1208 (SQL injection vulnerability in auth2db 0.2.5, and possibly other ...) NOT-FOR-US: auth2db CVE-2009-1209 (Stack-based buffer overflow in W3C Amaya Web Browser 11.1 allows ...) NOT-FOR-US: amaya CVE-2009-1210 (Format string vulnerability in the PROFINET/DCP (PN-DCP) dissector in ...) BUG: 264571 CVE-2009-1211 (Blue Coat ProxySG, when transparent interception mode is enabled, uses ...) NOT-FOR-US: bluecoat proxysg CVE-2009-1212 (Multiple insecure method vulnerabilities in PRECIS~2.DLL in the ...) NOT-FOR-US: precisionid data_matrix_barcode_activex_control CVE-2009-1213 (Cross-site request forgery (CSRF) vulnerability in attachment.cgi in ...) BUG: 264572 CVE-2009-1214 (GNU screen 4.0.3 creates the /tmp/screen-exchange temporary file with ...) BUG: 264573 CVE-2009-1215 (Race condition in GNU screen 4.0.3 allows local users to create or ...) BUG: 264573 CVE-2009-1216 (Multiple unspecified vulnerabilities in (1) unlzh.c and (2) unpack.c ...) NOT-FOR-US: microsoft windows_vista CVE-2009-1217 (Off-by-one error in the GpFont::SetData function in gdiplus.dll in ...) NOT-FOR-US: microsoft windows_xp CVE-2009-1218 (Multiple cross-site scripting (XSS) vulnerabilities in Sun Calendar ...) NOT-FOR-US: sun one_calendar_server CVE-2009-1219 (Sun Calendar Express Web Server in Sun ONE Calendar Server 6.0 and Sun ...) NOT-FOR-US: Sun ONE Calendar Server CVE-2009-1220 (Cross-site scripting (XSS) vulnerability in +webvpn+/index.html in ...) NOT-FOR-US: WebVPN on the Cisco Adaptive Security Appliances ASA CVE-2009-1221 RESERVED CVE-2009-1222 (Directory traversal vulnerability in index.php in webEdition 6.0.0.4 ...) NOT-FOR-US: webedition CVE-2009-1223 (aspWebCalendar Free Edition stores sensitive information under the web ...) NOT-FOR-US: aspWebCalendar CVE-2009-1224 (SQL injection vulnerability in ...) NOT-FOR-US: vsp stats processor CVE-2009-1225 (Cross-site scripting (XSS) vulnerability in index.php in Turnkey Ebook ...) NOT-FOR-US: Turnkey Ebook Store CVE-2009-1226 (core/admin/delete.php in Podcast Generator 1.1 and earlier does not ...) NOT-FOR-US: podcast CVE-2009-1227 (** DISPUTED ** ...) NOT-FOR-US: PKI CVE-2009-1228 (Cross-site scripting (XSS) vulnerability in register.php in Arcadwy ...) NOT-FOR-US: Arcadwy CVE-2009-1229 (SQL injection vulnerability in Arcadwy Arcade Script allows remote ...) NOT-FOR-US: Arcadwy CVE-2009-1230 (Static code injection vulnerability in index.php in Podcast Generator ...) NOT-FOR-US: Podcast Generator CVE-2009-1231 (Unspecified vulnerability in the eClient in IBM DB2 Content Manager ...) NOT-FOR-US: ibm db2_content_manager CVE-2009-1232 (Mozilla Firefox 3.0.8 and earlier 3.0.x versions allows remote ...) BUG: 265165 CVE-2009-1233 (Apple Safari 3.2.2 and 4 Beta on Windows allows remote attackers to ...) BUG: 271865 BUG: 271866 CVE-2009-1234 (Opera 9.64 allows remote attackers to cause a denial of service ...) BUG: 264831 CVE-2009-1235 (XNU 1228.9.59 and earlier on Apple Mac OS X 10.5.6 and earlier does ...) NOT-FOR-US: apple mac_os_x_server CVE-2009-1236 (Heap-based buffer overflow in the AppleTalk networking stack in XNU ...) NOT-FOR-US: apple mac_os_x_server CVE-2009-1237 (Multiple memory leaks in XNU 1228.3.13 and earlier on Apple Mac OS X ...) NOT-FOR-US: apple mac_os_x_server CVE-2009-1238 (Race condition in the HFS vfs sysctl interface in XNU 1228.8.20 and ...) NOT-FOR-US: apple mac_os_x_server CVE-2009-1239 (IBM DB2 9.1 before FP7 returns incorrect query results in certain ...) NOT-FOR-US: certain CVE-2009-1240 (Unspecified vulnerability in the IBM Proventia engine 4.9.0.0.44 ...) NOT-FOR-US: IBM Proventia engine CVE-2009-1241 (Unspecified vulnerability in ClamAV before 0.95 allows remote ...) BUG: 264834 CVE-2009-1242 (The vmx_set_msr function in arch/x86/kvm/vmx.c in the VMX ...) BUG: 265169 CVE-2009-1243 (net/ipv4/udp.c in the Linux kernel before 2.6.29.1 performs an ...) BUG: 265177 CVE-2009-1244 (Unspecified vulnerability in the virtual machine display function in ...) BUG: 265139 CVE-2009-1245 (Multiple SQL injection vulnerabilities in the insert_to_pastebin ...) NOT-FOR-US: CCCP Community Clan Portal Pastebin CVE-2009-1246 (Multiple directory traversal vulnerabilities in Blogplus 1.0 allow ...) NOT-FOR-US: Blogplus CVE-2009-1247 (SQL injection vulnerability in login.php in Acute Control Panel 1.0.0 ...) NOT-FOR-US: Acute Control Panel CVE-2009-1248 (Multiple PHP remote file inclusion vulnerabilities in Acute Control ...) NOT-FOR-US: Acute Control Panel CVE-2009-1249 (Cross-site scripting (XSS) vulnerability in Feed element mapper 5.x ...) NOT-FOR-US: Feed element mapper CVE-2009-1250 (The cache manager in the client in OpenAFS 1.0 through 1.4.8 and 1.5.0 ...) BUG: 265538 CVE-2009-1251 (Heap-based buffer overflow in the cache manager in the client in ...) BUG: 265538 CVE-2009-1252 (Stack-based buffer overflow in the crypto_recv function in ...) BUG: 268962 CVE-2009-1253 (James Stone Tunapie 2.1 allows local users to overwrite arbitrary ...) BUG: 265390 CVE-2009-1254 (James Stone Tunapie 2.1 allows remote attackers to execute arbitrary ...) BUG: 265390 CVE-2009-1255 (The process_stat function in (1) Memcached before 1.2.8 and (2) ...) BUG: 268158 CVE-2009-1256 (SQL injection vulnerability in FlexCMS 2.5 allows remote attackers to ...) NOT-FOR-US: FlexCMS CVE-2009-1257 (Heap-based buffer overflow in Magic ISO Maker 5.5 build 0274 allows ...) NOT-FOR-US: Magic ISO Maker CVE-2009-1258 (SQL injection vulnerability in the RD-Autos (com_rdautos) component ...) NOT-FOR-US: RD Autos com_rdautos component CVE-2009-1259 (SQL injection vulnerability in inc/bb/topic.php in Insane Visions ...) NOT-FOR-US: Insane Visions AdaptBB CVE-2009-1260 (Multiple stack-based buffer overflows in UltraISO 9.3.3.2685 and ...) NOT-FOR-US: UltraISO CVE-2009-1261 (Multiple cross-site scripting (XSS) vulnerabilities in Web Help Desk ...) NOT-FOR-US: Web Help Desk CVE-2009-1262 (Format string vulnerability in Fortinet FortiClient 3.0.614, and ...) NOT-FOR-US: Fortinet FortiClient CVE-2009-1263 (SQL injection vulnerability in sub_commententry.php in the BookJoomlas ...) NOT-FOR-US: BookJoomlas com_bookjoomlas component CVE-2009-1264 (Frontend User Registration (sr_feuser_register) extension 2.5.20 and ...) NOT-FOR-US: Frontend CVE-2009-1265 (Integer overflow in rose_sendmsg (sys/net/af_rose.c) in the Linux ...) BUG: 266308 CVE-2009-1266 (Unspecified vulnerability in Wireshark before 1.0.7-0.1-1 has unknown ...) BUG: 264571 CVE-2009-1267 (Unspecified vulnerability in the LDAP dissector in Wireshark 0.99.2 ...) NOT-FOR-US: Windows only CVE-2009-1268 (The Check Point High-Availability Protocol (CPHAP) dissector in ...) BUG: 264571 CVE-2009-1269 (Unspecified vulnerability in Wireshark 0.99.6 through 1.0.6 allows ...) BUG: 264571 CVE-2009-1270 (libclamav/untar.c in ClamAV before 0.95 allows remote attackers to ...) BUG: 264834 CVE-2009-1271 (The JSON_parser function (ext/json/JSON_parser.c) in PHP 5.2.x before ...) BUG: 266125 CVE-2009-1272 (The php_zip_make_relative_path function in php_zip.c in PHP 5.2.x ...) BUG: 260576 CVE-2009-1273 (pam_ssh 1.92 and possibly other versions, as used when PAM is compiled ...) BUG: 263579 CVE-2009-1274 (Integer overflow in the qt_error parse_trak_atom function in ...) BUG: 265250 CVE-2009-1275 (Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other ...) NOT-FOR-US: Tiles CVE-2009-1276 (XScreenSaver in Sun Solaris 10 and OpenSolaris before snv_109, and ...) NOT-FOR-US: sun solaris CVE-2009-1277 (SQL injection vulnerability in index.php in Gravity Board X (GBX) 2.0 ...) NOT-FOR-US: gravityboardx gravity_board_x CVE-2009-1278 (Static code injection vulnerability in forms/ajax/configure.php in ...) NOT-FOR-US: gravityboardx gravity_board_x CVE-2009-1279 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5 ...) BUG: 266309 CVE-2009-1280 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...) BUG: 266309 CVE-2009-1281 (Cross-site scripting (XSS) vulnerability in glFusion before 1.1.3 ...) NOT-FOR-US: glfusion CVE-2009-1282 (SQL injection vulnerability in private/system/lib-session.php in ...) NOT-FOR-US: glfusion CVE-2009-1283 (glFusion before 1.1.3 performs authentication with a user-provided ...) NOT-FOR-US: glfusion CVE-2009-1284 (Buffer overflow in BibTeX 0.99 allows context-dependent attackers to ...) BUG: 264598 CVE-2009-1285 (Static code injection vulnerability in the getConfigFile function in ...) BUG: 266438 CVE-2009-1286 (The IMAP task in the server in IBM Lotus Domino 8.0.2 before FP1 IF1 ...) NOT-FOR-US: server in IBM Lotus Domino CVE-2009-1287 (Cross-site scripting (XSS) vulnerability in Cisco Subscriber Edge ...) NOT-FOR-US: cisco subscriber_edge_services_manager CVE-2009-1288 (Multiple cross-site scripting (XSS) vulnerabilities in the Advanced ...) NOT-FOR-US: Advanced CVE-2009-1289 (private/login.ssi in the Advanced Management Module (AMM) on the IBM ...) NOT-FOR-US: Advanced CVE-2009-1290 (Multiple cross-site request forgery (CSRF) vulnerabilities in the web ...) NOT-FOR-US: web CVE-2009-1291 (Stack-based buffer overflow in TIBCO SmartSockets before 6.8.2, ...) NOT-FOR-US: tibco smartsockets_rtserver CVE-2009-1292 (UCM-CQ in IBM Rational ClearCase 7.0.0.x before 7.0.0.5, 7.0.1.x ...) NOT-FOR-US: ibm rational_clearcase CVE-2009-1293 (The web login functionality (c/portal/login) in Novell Teaming 1.0 ...) NOT-FOR-US: novell teaming CVE-2009-1294 (Multiple cross-site scripting (XSS) vulnerabilities in web/guest/home ...) NOT-FOR-US: novell teaming CVE-2009-1295 (Apport before 0.108.4 on Ubuntu 8.04 LTS, before 0.119.2 on Ubuntu ...) NOT-FOR-US: ubuntu CVE-2009-1296 (The eCryptfs support utilities (ecryptfs-utils) 73-0ubuntu6.1 on ...) NOT-FOR-US: Ubuntu. Passwords in logfiles. Again. NFU! CVE-2009-1297 (iscsi_discovery in open-iscsi in SUSE openSUSE 10.3 through 11.1 and ...) BUG: 290631 CVE-2009-1298 (The ip_frag_reasm function in net/ipv4/ip_fragment.c in the Linux ...) BUG: 296393 CVE-2009-1299 (The pa_make_secure_dir function in core-util.c in PulseAudio 0.9.10 ...) BUG: 313329 CVE-2009-1300 (apt 0.7.20 does not check when the date command returns an "invalid ...) NOT-FOR-US: debian apt CVE-2009-1301 (Integer signedness error in the store_id3_text function in the ID3v2 ...) BUG: 265342 CVE-2009-1302 (The browser engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird ...) BUG: 267234 CVE-2009-1303 (The browser engine in Mozilla Firefox before 3.0.9, Thunderbird before ...) BUG: 267234 CVE-2009-1304 (The JavaScript engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird ...) BUG: 267234 CVE-2009-1305 (The JavaScript engine in Mozilla Firefox before 3.0.9, Thunderbird ...) BUG: 267234 CVE-2009-1306 (The jar: URI implementation in Mozilla Firefox before 3.0.9, ...) BUG: 267234 CVE-2009-1307 (The view-source: URI implementation in Mozilla Firefox before 3.0.9, ...) BUG: 267234 CVE-2009-1308 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox before ...) BUG: 267234 CVE-2009-1309 (Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey do not ...) BUG: 267234 CVE-2009-1310 (Cross-site scripting (XSS) vulnerability in the MozSearch plugin ...) BUG: 267234 CVE-2009-1311 (Mozilla Firefox before 3.0.9 and SeaMonkey before 1.1.17 allow ...) BUG: 267234 CVE-2009-1312 (Mozilla Firefox before 3.0.9 and SeaMonkey 1.1.17 do not block ...) BUG: 267234 CVE-2009-1313 (The nsTextFrame::ClearTextRun function in ...) BUG: 267234 CVE-2009-1314 (body.asp in Web File Explorer 3.1 allows remote attackers to create ...) NOT-FOR-US: webfileexplorer web_file_explorer CVE-2009-1315 (Multiple cross-site scripting (XSS) vulnerabilities in AbleSpace 1.0 ...) NOT-FOR-US: abk soft ablespace CVE-2009-1316 (Multiple SQL injection vulnerabilities in AbleSpace 1.0 allow remote ...) NOT-FOR-US: abk soft ablespace CVE-2009-1317 (Multiple SQL injection vulnerabilities in Aqua CMS 1.1, when ...) NOT-FOR-US: aquacms aqua_cms CVE-2009-1318 (Directory traversal vulnerability in index.php in Jamroom 3.1.2, 3.2.3 ...) NOT-FOR-US: jamroom CVE-2009-1319 (Directory traversal vulnerability in includes/ini.inc.php in GuestCal ...) NOT-FOR-US: guestcal guest_cal CVE-2009-1320 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: zazzle store_builder CVE-2009-1321 (Cross-site scripting (XSS) vulnerability in search.asp in ASP Product ...) NOT-FOR-US: humayun_shabbir_bhutta asp_product_catalog CVE-2009-1322 (ASP Product Catalog 1.0 stores sensitive information under the web ...) NOT-FOR-US: humayun_shabbir_bhutta asp_product_catalog CVE-2009-1323 (SQL injection vulnerability in body.asp in Web File Explorer 3.1 ...) NOT-FOR-US: webfileexplorer web_file_explorer CVE-2009-1324 (Stack-based buffer overflow in Mini-stream ASX to MP3 Converter ...) NOT-FOR-US: mini stream asx_to_mp3_converter CVE-2009-1325 (Stack-based buffer overflow in Mini-stream Ripper 3.0.1.1 allows ...) NOT-FOR-US: mini stream ripper CVE-2009-1326 (Stack-based buffer overflow in Mini-stream RM Downloader 3.0.0.9 ...) NOT-FOR-US: mini stream rm_downloader CVE-2009-1327 (Stack-based buffer overflow in Mini-stream WM Downloader 3.0.0.9 ...) NOT-FOR-US: mini stream wm_downloader CVE-2009-1328 (Stack-based buffer overflow in Mini-stream RM-MP3 Converter 3.0.0.7 ...) NOT-FOR-US: mini stream rm mp3_converter CVE-2009-1329 (Stack-based buffer overflow in Mini-stream Shadow Stream Recorder ...) NOT-FOR-US: mini stream shadow_stream_recorder CVE-2009-1330 (Stack-based buffer overflow in Easy RM to MP3 Converter allows remote ...) NOT-FOR-US: mini stream easy_rm_to_mp3_converter CVE-2009-1331 (Integer overflow in Microsoft Windows Media Player (WMP) ...) NOT-FOR-US: microsoft windows_media_player CVE-2009-1332 (The Online Help feature in Sun Java System Directory Server 5.2 and ...) NOT-FOR-US: Sun Java System Directory Server CVE-2009-1333 (Cross-site scripting (XSS) vulnerability in refresh_rate.htm in the ...) NOT-FOR-US: web interface on the HP Deskjet CVE-2009-1334 (Cross-site scripting (XSS) vulnerability in login/FilepathLogin.html ...) NOT-FOR-US: IBM Tivoli Continuous Data Protection CDP for Files CVE-2009-1335 (Microsoft Internet Explorer 7 and 8 on Windows XP and Vista allows ...) NOT-FOR-US: Microsoft CVE-2009-1336 (fs/nfs/client.c in the Linux kernel before 2.6.23 does not properly ...) BUG: 267237 CVE-2009-1337 (The exit_notify function in kernel/exit.c in the Linux kernel before ...) BUG: 267239 CVE-2009-1338 (The kill_something_info function in kernel/signal.c in the Linux ...) BUG: 267240 CVE-2009-1339 (Cross-site request forgery (CSRF) vulnerability in TWiki before 4.3.1 ...) BUG: 268159 CVE-2009-1340 RESERVED CVE-2009-1341 (Memory leak in the dequote_bytea function in quote.c in the DBD::Pg ...) NOT-FOR-US: obsolete CVE-2009-1342 (Cross-site scripting (XSS) vulnerability in the CCK comment reference ...) NOT-FOR-US: We do not ship this module CVE-2009-1343 (Cross-site scripting (XSS) vulnerability in the Print (aka Printer, ...) NOT-FOR-US: drupal print CVE-2009-1344 (Cross-site scripting (XSS) vulnerability in the Localization client ...) NOT-FOR-US: drupal localization_client CVE-2009-1345 (SQL injection vulnerability in document.php in cpCommerce 1.2.8 allows ...) NOT-FOR-US: cpcommerce CVE-2009-1346 (SQL injection vulnerability in publico/ficha.php in NetHoteles 3.0 ...) NOT-FOR-US: interguias nethoteles CVE-2009-1347 (Multiple SQL injection vulnerabilities in stats/index.php in chCounter ...) NOT-FOR-US: chcounter CVE-2009-1348 (The AV engine before DAT 5600 in McAfee VirusScan, Total Protection, ...) NOT-FOR-US: McAfee CVE-2009-1349 (Cross-site scripting (XSS) vulnerability in C2Net Stronghold 2.3 ...) NOT-FOR-US: stronghold CVE-2009-1350 (Unspecified vulnerability in xtagent.exe in Novell NetIdentity Client ...) NOT-FOR-US: novell netidentity_client1 2 3 CVE-2009-1351 (Heap-based buffer overflow in Apollo 37zz allows remote attackers to ...) NOT-FOR-US: apollo CVE-2009-1352 (Stack-based buffer overflow in Dawningsoft PowerCHM 5.7 allows remote ...) NOT-FOR-US: dawningsoft powerchm CVE-2009-1353 (Buffer overflow in the http_parse_hex function in libz/misc.c in ...) NOT-FOR-US: sebastian_fernandez zervit CVE-2009-1354 (Directory traversal vulnerability in Mongoose 2.4 allows remote ...) NOT-FOR-US: sergey_lyubka mongoose CVE-2009-1355 (Stack-based buffer overflow in muxatmd in IBM AIX 5.2, 5.3, and 6.1 ...) NOT-FOR-US: ibm aix CVE-2009-1356 (Stack-based buffer overflow in Elecard AVC HD Player allows remote ...) NOT-FOR-US: elecard_avc_hd_player CVE-2009-1357 (CRLF injection vulnerability in da/DA/Login in Sun Java System ...) NOT-FOR-US: sun java_system_delegated_administrator CVE-2009-1358 (apt-get in apt before 0.7.21 does not check for the correct error code ...) NOT-FOR-US: apt-get CVE-2009-1359 (Unspecified vulnerability in the SCTP sockets implementation in Sun ...) NOT-FOR-US: sun opensolaris CVE-2009-1360 (The __inet6_check_established function in net/ipv6/inet6_hashtables.c ...) BUG: 267242 CVE-2009-1361 (dig.php in GScripts.net DNS Tools allows remote attackers to execute ...) NOT-FOR-US: gscripts dns_tools CVE-2009-1362 (SQL injection vulnerability in administration/index.php in chCounter ...) NOT-FOR-US: chcounter CVE-2009-1363 RESERVED CVE-2009-1364 (Use-after-free vulnerability in the embedded GD library in libwmf ...) BUG: 268161 CVE-2009-1365 (Unspecified vulnerability in Adobe Flash Media Server (FMS) before ...) NOT-FOR-US: Adobe Flash Media Server FMS CVE-2009-1366 (Cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: dotnetnuke CVE-2009-1367 (Cross-site scripting (XSS) vulnerability in index.php in moziloCMS ...) NOT-FOR-US: mozilocms CVE-2009-1368 (Directory traversal vulnerability in index.php in moziloCMS 1.11 ...) NOT-FOR-US: mozilocms CVE-2009-1369 (moziloCMS 1.11 allows remote attackers to obtain sensitive information ...) NOT-FOR-US: mozilocms CVE-2009-1370 (Stack-based buffer overflow in ape_plugin.plg in Xilisoft Video ...) NOT-FOR-US: xilisoft_video_converter CVE-2009-1371 (The CLI_ISCONTAINED macro in libclamav/others.h in ClamAV before ...) BUG: 265545 CVE-2009-1372 (Stack-based buffer overflow in the cli_url_canon function in ...) BUG: 265545 CVE-2009-1373 (Buffer overflow in the XMPP SOCKS5 bytestream server in Pidgin ...) BUG: 270811 CVE-2009-1374 (Buffer overflow in the decrypt_out function in Pidgin (formerly Gaim) ...) BUG: 270811 CVE-2009-1375 (The PurpleCircBuffer implementation in Pidgin (formerly Gaim) before ...) BUG: 270811 CVE-2009-1376 (Multiple integer overflows in the msn_slplink_process_msg functions in ...) BUG: 270811 CVE-2009-1377 (The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k and ...) BUG: 270305 CVE-2009-1378 (Multiple memory leaks in the dtls1_process_out_of_seq_message function ...) BUG: 270305 CVE-2009-1379 (Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment ...) BUG: 270305 CVE-2009-1380 (Cross-site scripting (XSS) vulnerability in JMX-Console in JBossAs in ...) NOT-FOR-US: redhat jboss_enterprise_application_platform CVE-2009-1381 (The map_yp_alias function in functions/imap_general.php in ...) BUG: 270671 CVE-2009-1382 (Multiple stack-based buffer overflows in mimetex.cgi in mimeTeX, when ...) NOT-FOR-US: Sunrise-only. Notified in bug 172901 CVE-2009-1383 (The getdirective function in mathtex.cgi in mathTeX, when downloaded ...) NOT-FOR-US: mathTeX when downloaded CVE-2009-1384 (pam_krb5 2.2.14 through 2.3.4, as used in Red Hat Enterprise Linux ...) BUG: 273924 CVE-2009-1385 (Integer underflow in the e1000_clean_rx_irq function in ...) BUG: 273912 CVE-2009-1386 (ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause ...) NOT-FOR-US: Obsolete CVE-2009-1387 (The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in ...) BUG: 270305 CVE-2009-1388 (The ptrace_start function in kernel/ptrace.c in the Linux kernel ...) BUG: 277368 CVE-2009-1389 (Buffer overflow in the RTL8169 NIC driver (drivers/net/r8169.c) in the ...) BUG: 275741 CVE-2009-1390 (Mutt 1.5.19, when linked against (1) OpenSSL (mutt_ssl.c) or (2) ...) BUG: 274488 CVE-2009-1391 (Off-by-one error in the inflate function in Zlib.xs in ...) BUG: 273141 CVE-2009-1392 (The browser engine in Mozilla Firefox 3 before 3.0.11, Thunderbird ...) BUG: 273918 CVE-2009-1393 RESERVED CVE-2009-1394 (Stack-based buffer overflow in Motorola Timbuktu Pro 8.6.5 on Windows ...) NOT-FOR-US: Motorola Timbuktu Pro CVE-2009-1395 RESERVED CVE-2009-1396 RESERVED CVE-2009-1397 RESERVED CVE-2009-1398 RESERVED CVE-2009-1399 RESERVED CVE-2009-1400 RESERVED CVE-2009-1401 RESERVED CVE-2009-1402 RESERVED CVE-2009-1403 (SQL injection vulnerability in product_info.php in CRE Loaded 6.2 ...) NOT-FOR-US: creloaded cre_loaded CVE-2009-1404 (SQL injection vulnerability in admin.php in PastelCMS 0.8.0, when ...) NOT-FOR-US: pastelcms CVE-2009-1405 (Directory traversal vulnerability in index.php in PastelCMS 0.8.0, ...) NOT-FOR-US: pastelcms CVE-2009-1406 (Directory traversal vulnerability in cms_detect.php in TotalCalendar ...) NOT-FOR-US: sweetphp totalcalendar CVE-2009-1407 (Directory traversal vulnerability in config.php in NotFTP 1.3.1 allows ...) NOT-FOR-US: wonko notftp CVE-2009-1408 (Cross-site scripting (XSS) vulnerability in webSPELL 4.2.0c allows ...) NOT-FOR-US: webspell CVE-2009-1409 (SQL injection vulnerability in usersettings.php in e107 0.7.15 and ...) NOT-FOR-US: e107 CVE-2009-1410 (SQL injection vulnerability in index.php in Quick.Cms.Lite 0.5 allows ...) NOT-FOR-US: opensolution quick cms lite CVE-2009-1411 (SQL injection vulnerability in events/inc/events.inc.php in the Events ...) NOT-FOR-US: neocrome seditio CVE-2009-1412 (Argument injection vulnerability in the chromehtml: protocol handler ...) NOT-FOR-US: google chrome CVE-2009-1413 (Google Chrome 1.0.x does not cancel timeouts upon a page transition, ...) NOT-FOR-US: google chrome CVE-2009-1414 (Google Chrome 2.0.x lets modifications to the global object persist ...) NOT-FOR-US: google chrome CVE-2009-1415 (lib/pk-libgcrypt.c in libgnutls in GnuTLS before 2.6.6 does not ...) BUG: 267774 CVE-2009-1416 (lib/gnutls_pk.c in libgnutls in GnuTLS 2.5.0 through 2.6.5 generates ...) BUG: 267774 CVE-2009-1417 (gnutls-cli in GnuTLS before 2.6.6 does not verify the activation and ...) BUG: 267774 CVE-2009-1418 (Cross-site scripting (XSS) vulnerability in HP System Management ...) NOT-FOR-US: hp system_management_homepage CVE-2009-1419 (Unspecified vulnerability in HP Discovery & Dependency Mapping ...) NOT-FOR-US: hp discovery dependency_mapping_inventory CVE-2009-1420 (Stack-based buffer overflow in rping in HP OpenView Network Node ...) NOT-FOR-US: hp openview_network_node_manager CVE-2009-1421 (Unspecified vulnerability in NFS / ONCplus B.11.31_06 and B.11.31_07 ...) NOT-FOR-US: NFS CVE-2009-1422 (Unspecified vulnerability in HP ProCurve Threat Management Services zl ...) NOT-FOR-US: hp procurve_threat_management_services_zl_module CVE-2009-1423 (Unspecified vulnerability in HP ProCurve Threat Management Services zl ...) NOT-FOR-US: hp procurve_threat_management_services_zl_module CVE-2009-1424 (Unspecified vulnerability in HP ProCurve Threat Management Services zl ...) NOT-FOR-US: hp procurve_threat_management_services_zl_module CVE-2009-1425 (Unspecified vulnerability in HP ProCurve Threat Management Services zl ...) NOT-FOR-US: hp procurve_threat_management_services_zl_module CVE-2009-1426 (Unspecified vulnerability on HP ProLiant DL and ML 100 Series G5, G5p, ...) NOT-FOR-US: hp proliant_onboard_administrator CVE-2009-1427 (Unspecified vulnerability in HP-UX B.11.31 allows local users to cause ...) NOT-FOR-US: HP UX CVE-2009-1428 (Multiple cross-site scripting (XSS) vulnerabilities in ccLgView.exe in ...) NOT-FOR-US: symantec norton_internet_security CVE-2009-1429 (The Intel LANDesk Common Base Agent (CBA) in Symantec Alert Management ...) NOT-FOR-US: symantec system_center CVE-2009-1430 (Multiple stack-based buffer overflows in IAO.EXE in the Intel Alert ...) NOT-FOR-US: symantec system_center CVE-2009-1431 (XFR.EXE in the Intel File Transfer service in the console in Symantec ...) NOT-FOR-US: symantec system_center CVE-2009-1432 (Symantec Reporting Server, as used in Symantec AntiVirus (SAV) ...) NOT-FOR-US: Symantec AntiVirus SAV Corporate Edition CVE-2009-1433 (SQL injection vulnerability in File::find (filesystem/File.php) in ...) NOT-FOR-US: silverstripe CVE-2009-1434 (Cross-site request forgery (CSRF) vulnerability in Foswiki before ...) NOT-FOR-US: Foswiki CVE-2009-1435 (NTRtScan.exe in Trend Micro OfficeScan Client 8.0 SP1 and 8.0 SP1 ...) NOT-FOR-US: trend_micro officescan CVE-2009-1436 (The db interface in libc in FreeBSD 6.3, 6.4, 7.0, 7.1, and ...) NOT-FOR-US: freebsd CVE-2009-1437 (Stack-based buffer overflow in PortableApps CoolPlayer Portable (aka ...) NOT-FOR-US: coolplayer CVE-2009-1438 (Integer overflow in the CSoundFile::ReadMed function ...) BUG: 266913 CVE-2009-1439 (Buffer overflow in fs/cifs/connect.c in CIFS in the Linux kernel ...) BUG: 266638 CVE-2009-1440 (Incomplete blacklist vulnerability in DownloadListCtrl.cpp in amule ...) BUG: 268163 CVE-2009-1441 (Heap-based buffer overflow in the ParamTraits<SkBitmap>::Read function ...) NOT-FOR-US: google chrome CVE-2009-1442 (Multiple integer overflows in Skia, as used in Google Chrome 1.x ...) NOT-FOR-US: google chrome CVE-2009-1443 (Multiple unspecified vulnerabilities in the Server component in OCS ...) NOT-FOR-US: ocsinventory ng ocs_inventory_ng CVE-2009-1444 (PHP remote file inclusion vulnerability in indexk.php in WebPortal CMS ...) NOT-FOR-US: webportal_cms CVE-2009-1445 (Multiple directory traversal vulnerabilities in WebPortal CMS 0.8-beta ...) NOT-FOR-US: ivano_culmine webportal_cms CVE-2009-1446 (Unrestricted file upload vulnerability in upload.php in Elkagroup ...) NOT-FOR-US: elkagroup image_gallery CVE-2009-1447 (Unrestricted file upload vulnerability in admin/editor/image.php in ...) NOT-FOR-US: e cart free_shopping_cart CVE-2009-1448 (Cross-site scripting (XSS) vulnerability in apricot.php in LovPop.net ...) NOT-FOR-US: lovpop apricot CVE-2009-1449 (Stack-based buffer overflow in PortableApps CoolPlayer Portable (aka ...) NOT-FOR-US: coolplayer CVE-2009-1450 (PHP remote file inclusion vulnerability in format.php in SMA-DB 0.3.12 ...) NOT-FOR-US: bluevirus design sma db CVE-2009-1451 (Cross-site scripting (XSS) vulnerability in startpage.php in SMA-DB ...) NOT-FOR-US: bluevirus design sma db CVE-2009-1452 (Multiple PHP remote file inclusion vulnerabilities in theme/format.php ...) NOT-FOR-US: bluevirus design sma db CVE-2009-1453 (SQL injection vulnerability in class.eport.php in Tiny Blogr 1.0.0 ...) NOT-FOR-US: anoochit_chalothorn tiny_blogr CVE-2009-1454 (Cross-site scripting (XSS) vulnerability in tasks.php in WebCollab ...) NOT-FOR-US: andrew_simpson webcollab CVE-2009-1455 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...) NOT-FOR-US: andrew_simpson webcollab CVE-2009-1456 (Directory traversal vulnerability in admin.php in Malleo 1.2.3 allows ...) NOT-FOR-US: stephane_rajalu malleo CVE-2009-1457 (Cross-site scripting (XSS) vulnerability in player.php in Nuke ...) NOT-FOR-US: evolution extreme nuke_evolution_xtreme CVE-2009-1458 (Multiple cross-site scripting (XSS) vulnerabilities in admin/index.php ...) NOT-FOR-US: razorcms CVE-2009-1459 (Cross-site request forgery (CSRF) vulnerability in razorCMS before 0.4 ...) NOT-FOR-US: razorcms CVE-2009-1460 (razorCMS before 0.4 uses weak permissions for (1) ...) NOT-FOR-US: razorcms CVE-2009-1461 (Cross-site scripting (XSS) vulnerability in the Create New Page form ...) NOT-FOR-US: razorcms CVE-2009-1462 (The Security Manager in razorCMS before 0.4 does not verify the ...) NOT-FOR-US: razorcms CVE-2009-1463 (Static code injection vulnerability in razorCMS before 0.4 allows ...) NOT-FOR-US: razorcms CVE-2009-1464 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...) NOT-FOR-US: Application Access Server A A S CVE-2009-1465 (Application Access Server (A-A-S) 2.0.48 has "wildbat" as its default ...) NOT-FOR-US: Application CVE-2009-1466 (Application Access Server (A-A-S) 2.0.48 stores (1) passwords and (2) ...) NOT-FOR-US: cleartext CVE-2009-1467 (Multiple cross-site scripting (XSS) vulnerabilities in IceWarp eMail ...) NOT-FOR-US: icewarp webmail_server CVE-2009-1468 (Multiple SQL injection vulnerabilities in the search form in ...) NOT-FOR-US: icewarp webmail_server CVE-2009-1469 (CRLF injection vulnerability in the Forgot Password implementation in ...) NOT-FOR-US: icewarp webmail_server CVE-2009-1470 RESERVED CVE-2009-1471 RESERVED CVE-2009-1472 (The Java client program for the ATEN KH1516i IP KVM switch with ...) NOT-FOR-US: aten kn9116_ip_kvm_switch CVE-2009-1473 (The (1) Windows and (2) Java client programs for the ATEN KH1516i IP ...) NOT-FOR-US: aten kn9116_ip_kvm_switch CVE-2009-1474 (The ATEN KH1516i IP KVM switch with firmware 1.0.063 and the KN9116 IP ...) NOT-FOR-US: aten kn9116_ip_kvm_switch CVE-2009-1475 RESERVED CVE-2009-1476 (Buffer overflow in lib/load_http.c in ippool in Darren Reed IPFilter ...) NOT-FOR-US: darren_reed ipfilter CVE-2009-1477 (The https web interfaces on the ATEN KH1516i IP KVM switch with ...) NOT-FOR-US: aten pn9108_power_over_the_net CVE-2009-1478 (Multiple unspecified vulnerabilities in the DTrace ioctl handlers in ...) NOT-FOR-US: sun solaris CVE-2009-1479 (Directory traversal vulnerability in client/desktop/default.htm in ...) NOT-FOR-US: boxalino CVE-2009-1480 (SQL injection vulnerability in index.php Pragyan CMS 2.6.4 allows ...) NOT-FOR-US: sahil_ahuja pragyan_cms CVE-2009-1481 (SQL injection vulnerability in action.asp in PuterJam's Blog (PJBlog3) ...) NOT-FOR-US: pjhome puterjams_blog CVE-2009-1482 (Multiple cross-site scripting (XSS) vulnerabilities in ...) BUG: 268565 CVE-2009-1483 (Unrestricted file upload vulnerability in upload-file.php in Adam ...) NOT-FOR-US: studiolounge address_book CVE-2009-1484 (Cross-site scripting (XSS) vulnerability in the web mail interface ...) NOT-FOR-US: gecad axigen_mail_server CVE-2009-1485 (The logging feature in eMule Plus before 1.2e allows remote attackers ...) NOT-FOR-US: emuleplus emule_plus CVE-2009-1486 (Directory traversal vulnerability in pmscript.php in Flatchat 3.0 ...) NOT-FOR-US: ninjadesigns flatchat CVE-2009-1487 (SQL injection vulnerability in pages/login.php in FunGamez RC1 allows ...) NOT-FOR-US: rens_rikkerink fungamez CVE-2009-1488 (Directory traversal vulnerability in admin/load.php in FunGamez RC1 ...) NOT-FOR-US: rens_rikkerink fungamez CVE-2009-1489 (includes/user.php in Fungamez RC1 allows remote attackers to bypass ...) NOT-FOR-US: rens_rikkerink fungamez CVE-2009-1490 (Heap-based buffer overflow in Sendmail before 8.13.2 allows remote ...) NOT-FOR-US: The oldest version we've got in tree is 8.13.6-r1 CVE-2009-1491 (McAfee GroupShield for Microsoft Exchange on Exchange Server 2000, and ...) NOT-FOR-US: McAfee CVE-2009-1492 (The getAnnots Doc method in the JavaScript API in Adobe Reader and ...) BUG: 267846 CVE-2009-1493 (The customDictionaryOpen spell method in the JavaScript API in Adobe ...) BUG: 267846 CVE-2009-1494 (The process_stat function in Memcached 1.2.8 discloses ...) BUG: 268158 CVE-2009-1495 (Web File Explorer 3.1 stores sensitive information under the web root ...) NOT-FOR-US: Web CVE-2009-1496 (Directory traversal vulnerability in the Cmi Marketplace ...) NOT-FOR-US: Cmi Marketplace com_cmimarketplace component CVE-2009-1497 (Stack-based buffer overflow in srt2smi.exe in Gretech Online Movie ...) NOT-FOR-US: Gretech Online Movie Player GOM Player CVE-2009-1498 (Directory traversal vulnerability in inc/profilemain.php in Game Maker ...) NOT-FOR-US: Game Maker CVE-2009-1499 (SQL injection vulnerability in the MailTo (aka com_mailto) component ...) BUG: 279809 NOTE: possibly disputed NOTE: but http://www.milw0rm.com/exploits/8366 ? CVE-2009-1500 (SQL injection vulnerability in index.php in ProjectCMS 1.0 Beta allows ...) NOT-FOR-US: ProjectCMS CVE-2009-1501 (Cross-site scripting (XSS) vulnerability in the Exif module 5.x-1.x ...) NOT-FOR-US: We do not ship this module CVE-2009-1502 (Directory traversal vulnerability in plugin.php in S-Cms 1.1 Stable ...) NOT-FOR-US: S Cms CVE-2009-1503 (Multiple SQL injection vulnerabilities in login.php in Tiger Document ...) NOT-FOR-US: Tiger CVE-2009-1504 (Absolute Form Processor XE 1.5 allows remote attackers to bypass ...) NOT-FOR-US: Absolute CVE-2009-1505 (SQL injection vulnerability in the News Page module 5.x before 5.x-1.2 ...) NOT-FOR-US: News Page CVE-2009-1506 (SQL injection vulnerability in classes/Xp.php in eLitius 1.0 allows ...) NOT-FOR-US: eLitius CVE-2009-1507 (The Node Access User Reference module 5.x before 5.x-2.0-beta4 and 6.x ...) NOT-FOR-US: We do not ship this module CVE-2009-1508 (SQL injection vulnerability in the xforum_validateUser function in ...) NOT-FOR-US: X Forum CVE-2009-1509 (SQL injection vulnerability in ajaxp_backend.php in MyioSoft ...) NOT-FOR-US: MyioSoft AjaxPortal CVE-2009-1510 (Multiple directory traversal vulnerabilities in KoschtIT Image Gallery ...) NOT-FOR-US: KoschtIT Image Gallery CVE-2009-1511 (GDI+ in Microsoft Windows XP SP3 allows remote attackers to cause a ...) NOT-FOR-US: Microsoft CVE-2009-1512 (Static code injection vulnerability in X-Forum 0.6.2 allows remote ...) NOT-FOR-US: X Forum CVE-2009-1513 (Buffer overflow in the PATinst function in src/load_pat.cpp in ...) BUG: 266913 CVE-2009-1514 (Google Chrome 1.0.154.53 allows remote attackers to cause a denial of ...) NOT-FOR-US: google chrome CVE-2009-1515 (Heap-based buffer overflow in the cdf_read_sat function in src/cdf.c ...) NOT-FOR-US: christos_zoulas file CVE-2009-1516 (Stack-based buffer overflow in the IceWarpServer.APIObject ActiveX ...) NOT-FOR-US: icewarp merak_mail_server CVE-2009-1517 (Multiple insecure method vulnerabilities in the Symantec.EasySetup.1 ...) NOT-FOR-US: symantec norton_ghost CVE-2009-1518 (Cross-site request forgery (CSRF) vulnerability in Beltane before ...) NOT-FOR-US: beltane CVE-2009-1519 (Directory traversal vulnerability in index.php in Pecio CMS 1.1.5 ...) NOT-FOR-US: pecio cms pecio_cms CVE-2009-1520 (Buffer overflow in the Web GUI in the IBM Tivoli Storage Manager (TSM) ...) NOT-FOR-US: Web GUI in the IBM Tivoli Storage Manager TSM client CVE-2009-1521 (Unspecified vulnerability in the Java GUI in the IBM Tivoli Storage ...) NOT-FOR-US: Java GUI in the IBM Tivoli Storage Manager TSM client CVE-2009-1522 (The IBM Tivoli Storage Manager (TSM) client 5.5.0.0 through 5.5.1.17 ...) NOT-FOR-US: IBM CVE-2009-1523 (Directory traversal vulnerability in the HTTP server in Mort Bay Jetty ...) NOT-FOR-US: HTTP server in Mort Bay Jetty CVE-2009-1524 (Cross-site scripting (XSS) vulnerability in Mort Bay Jetty before ...) NOT-FOR-US: Mort Bay Jetty CVE-2009-1525 (CMD_DB in JBMC Software DirectAdmin before 1.334 allows remote ...) NOT-FOR-US: JBMC Software DirectAdmin CVE-2009-1526 (JBMC Software DirectAdmin before 1.334 allows local users to create or ...) NOT-FOR-US: certain CVE-2009-1527 (Race condition in the ptrace_attach function in kernel/ptrace.c in the ...) BUG: 270330 CVE-2009-1528 (Microsoft Internet Explorer 6 and 7 for Windows XP SP2 and SP3; 6 and ...) NOT-FOR-US: memory CVE-2009-1529 (Microsoft Internet Explorer 7 for Windows XP SP2 and SP3; 7 for Server ...) NOT-FOR-US: memory CVE-2009-1530 (Use-after-free vulnerability in Microsoft Internet Explorer 7 for ...) NOT-FOR-US: memory CVE-2009-1531 (Microsoft Internet Explorer 7 for Windows XP SP2 and SP3; 7 for Server ...) NOT-FOR-US: memory CVE-2009-1532 (Microsoft Internet Explorer 8 for Windows XP SP2 and SP3; 8 for Server ...) NOT-FOR-US: memory CVE-2009-1533 (Buffer overflow in the Works for Windows document converters in ...) NOT-FOR-US: Works for Windows document converters in Microsoft Office CVE-2009-1534 (Buffer overflow in the Office Web Components ActiveX Control in ...) NOT-FOR-US: microsoft office_web_components CVE-2009-1535 (The WebDAV extension in Microsoft Internet Information Services (IIS) ...) NOT-FOR-US: microsoft iis CVE-2009-1536 (ASP.NET in Microsoft .NET Framework 2.0 SP1 and SP2 and 3.5 Gold and ...) NOT-FOR-US: microsoft windows_vista CVE-2009-1537 (Unspecified vulnerability in the QuickTime Movie Parser Filter in ...) NOT-FOR-US: DirectShow in Microsoft DirectX CVE-2009-1538 (The QuickTime Movie Parser Filter in quartz.dll in DirectShow in ...) NOT-FOR-US: DirectShow in Microsoft DirectX CVE-2009-1539 (The QuickTime Movie Parser Filter in quartz.dll in DirectShow in ...) NOT-FOR-US: DirectShow in Microsoft DirectX CVE-2009-1540 RESERVED CVE-2009-1541 RESERVED CVE-2009-1542 (The Virtual Machine Monitor (VMM) in Microsoft Virtual PC 2004 SP1, ...) NOT-FOR-US: Microsoft Virtual PC CVE-2009-1543 RESERVED CVE-2009-1544 (Double free vulnerability in the Workstation service in Microsoft ...) NOT-FOR-US: microsoft windows_xp CVE-2009-1545 (Unspecified vulnerability in Avifil32.dll in the Windows Media file ...) NOT-FOR-US: microsoft windows_xp CVE-2009-1546 (Integer overflow in Avifil32.dll in the Windows Media file handling ...) NOT-FOR-US: microsoft windows_xp CVE-2009-1547 (Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, ...) NOT-FOR-US: microsoft windows_xp CVE-2009-1548 (SQL injection vulnerability in index.php in BluSky CMS allows remote ...) NOT-FOR-US: BluSky CVE-2009-1549 (AGTC MyShop 3.2b allows remote attackers to bypass authentication and ...) NOT-FOR-US: AGTC CVE-2009-1550 (Zakkis Technology ABC Advertise 1.0 does not properly restrict access ...) NOT-FOR-US: Zakkis CVE-2009-1551 (Multiple PHP remote file inclusion vulnerabilities in Qt quickteam 2 ...) NOT-FOR-US: Qt quickteam CVE-2009-1552 (Unspecified vulnerability in the IGMP driver in SCO Unixware Release ...) NOT-FOR-US: IGMP driver in SCO Unixware Release CVE-2009-1553 (Multiple cross-site scripting (XSS) vulnerabilities in the Admin ...) NOT-FOR-US: Admin Console in Sun GlassFish Enterprise Server CVE-2009-1554 (Cross-site scripting (XSS) vulnerability in ThemeServlet.java in Sun ...) NOT-FOR-US: Sun Woodstock CVE-2009-1555 (The Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 ...) NOT-FOR-US: response CVE-2009-1556 (img/main.cgi on the Cisco Linksys WVC54GCA wireless video camera with ...) NOT-FOR-US: img CVE-2009-1557 (Multiple cross-site scripting (XSS) vulnerabilities on the Cisco ...) NOT-FOR-US: Multiple CVE-2009-1558 (Directory traversal vulnerability in adm/file.cgi on the Cisco Linksys ...) NOT-FOR-US: adm file cgi CVE-2009-1559 (Absolute path traversal vulnerability in adm/file.cgi on the Cisco ...) NOT-FOR-US: adm file cgi CVE-2009-1560 (The Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 ...) NOT-FOR-US: cleartext CVE-2009-1561 (Cross-site request forgery (CSRF) vulnerability in administration.cgi ...) NOT-FOR-US: administration cgi CVE-2009-1562 RESERVED CVE-2009-1563 REJECTED BUG: 290892 CVE-2009-1564 (Heap-based buffer overflow in vmnc.dll in the VMnc media codec in ...) NOT-FOR-US: vmware workstation CVE-2009-1565 (vmnc.dll in the VMnc media codec in VMware Movie Decoder before 6.5.4 ...) NOT-FOR-US: vmware workstation CVE-2009-1566 (Integer overflow in Roxio Easy Media Creator 9.0.136, and Roxio ...) NOT-FOR-US: roxio easy_media_creator CVE-2009-1567 (Multiple stack-based buffer overflows in the Lateral Arts Photobox ...) NOT-FOR-US: larts uploader_activex_control CVE-2009-1568 (Stack-based buffer overflow in ienipp.ocx in Novell iPrint Client ...) NOT-FOR-US: novell iprint_client CVE-2009-1569 (Multiple stack-based buffer overflows in Novell iPrint Client 4.38, ...) NOT-FOR-US: novell iprint CVE-2009-1570 (Integer overflow in the ReadImage function in ...) BUG: 293127 CVE-2009-1571 (Use-after-free vulnerability in the HTML parser in Mozilla Firefox ...) BUG: 307045 BUG: 305689 BUG: 312647 CVE-2009-1572 (The BGP daemon (bgpd) in Quagga 0.99.11 and earlier allows remote ...) BUG: 267998 CVE-2009-1573 (xvfb-run 1.6.1 in Debian GNU/Linux, Ubuntu, Fedora 10, and possibly ...) NOTE: We do not ship xvfb-run CVE-2009-1574 (racoon/isakmp_frag.c in ipsec-tools before 0.7.2 allows remote ...) BUG: 267135 CVE-2009-1575 (Cross-site scripting (XSS) vulnerability in Drupal 5.x before 5.17 and ...) BUG: 268036 CVE-2009-1576 (Unspecified vulnerability in Drupal 5.x before 5.17 and 6.x before ...) BUG: 268036 CVE-2009-1577 (Multiple stack-based buffer overflows in the putstring function in ...) BUG: 263023 CVE-2009-1578 (Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail ...) BUG: 269567 CVE-2009-1579 (The map_yp_alias function in functions/imap_general.php in ...) BUG: 269567 CVE-2009-1580 (Session fixation vulnerability in SquirrelMail before 1.4.18 allows ...) BUG: 269567 CVE-2009-1581 (functions/mime.php in SquirrelMail before 1.4.18 does not protect the ...) BUG: 269567 CVE-2009-1582 (Million Dollar Text Links 1.0 does not properly restrict administrator ...) NOT-FOR-US: kalptarudemos million_dollar_text_links CVE-2009-1583 (Multiple cross-site scripting (XSS) vulnerabilities in TemaTres 1.0.3 ...) NOT-FOR-US: r020 tematres CVE-2009-1584 (Multiple SQL injection vulnerabilities in TemaTres 1.0.3 and 1.031, ...) NOT-FOR-US: r020 tematres CVE-2009-1585 (Multiple SQL injection vulnerabilities in TemaTres 1.031, when ...) NOT-FOR-US: r020 tematres CVE-2009-1586 (Stack-based buffer overflow in the NZB importer feature in GrabIt ...) NOT-FOR-US: shemes grabit CVE-2009-1587 (index.php in PHP Site Lock 2.0 allows remote attackers to bypass ...) NOT-FOR-US: kalptarudemos php_site_lock CVE-2009-1588 (Cross-site scripting (XSS) vulnerability in CGI RESCUE MiniBBS 8t ...) NOT-FOR-US: cgi_rescue_minibbs CVE-2009-1589 (Unspecified vulnerability in CGI RESCUE MiniBBS22 before 1.01 allows ...) NOT-FOR-US: cgi_rescue_minibbs22 CVE-2009-1590 (Unspecified vulnerability in CGI RESCUE FORM2MAIL before 1.42 allows ...) NOT-FOR-US: cgi_rescue form2mail CVE-2009-1591 (CRLF injection vulnerability in CGI RESCUE Web Mailer before 1.04 ...) NOT-FOR-US: cgi_rescue cgi_web_mailer CVE-2009-1592 (Stack-based buffer overflow in ElectraSoft 32bit FTP 09.04.24 allows ...) NOT-FOR-US: electrasoft 32bit_ftp CVE-2009-1593 (Armorlogic Profense Web Application Firewall before 2.2.22, and 2.4.x ...) NOT-FOR-US: n CVE-2009-1594 (Armorlogic Profense Web Application Firewall before 2.2.22, and 2.4.x ...) NOT-FOR-US: armorlogic profense_web_application_firewall CVE-2009-1595 (The jabber:iq:auth implementation in IQAuthHandler.java in Ignite ...) BUG: 266129 CVE-2009-1596 (Ignite Realtime Openfire before 3.6.5 does not properly implement the ...) BUG: 266129 CVE-2009-1597 (Mozilla Firefox executes DOM calls in response to a javascript: URI in ...) BUG: 273915 CVE-2009-1598 (Google Chrome executes DOM calls in response to a javascript: URI in ...) NOT-FOR-US: google chrome CVE-2009-1599 (Opera executes DOM calls in response to a javascript: URI in the ...) BUG: 273915 CVE-2009-1600 (Apple Safari executes DOM calls in response to a javascript: URI in ...) NOT-FOR-US: apple safari CVE-2009-1601 (The Ubuntu clamav-milter.init script in clamav-milter before ...) NOT-FOR-US: ubuntu linux CVE-2009-1602 (Pablo Software Solutions Quick 'n Easy Mail Server 3.3 allows remote ...) NOT-FOR-US: pablosoftwaresolutions quick n_easy_mail_server CVE-2009-1603 (src/tools/pkcs11-tool.c in pkcs11-tool in OpenSC 0.11.7, when used ...) BUG: 269920 CVE-2009-1604 (Unspecified vulnerability in LimeSurvey before 1.82 allows remote ...) NOT-FOR-US: limesurvey CVE-2009-1605 (Heap-based buffer overflow in the loadexponentialfunc function in ...) NOT-FOR-US: kowalczyk sumatrapdf CVE-2009-1606 (Multiple stack-based and heap-based buffer overflows in Dafolo ...) NOT-FOR-US: dafolocontrol CVE-2009-1607 (Cross-site scripting (XSS) vulnerability in the administrator panel in ...) NOT-FOR-US: linkbase CVE-2009-1608 (Multiple buffer overflows in Microchip MPLAB IDE 8.30 and possibly ...) NOT-FOR-US: microchip mplab_ide CVE-2009-1609 (Unrestricted file upload vulnerability in admin/uploadform.asp in ...) NOT-FOR-US: battleblog battle_blog CVE-2009-1610 (admin/changepassword.php in Job Script Job Board Software 2.0 allows ...) NOT-FOR-US: jobscript job_script_job_board_software CVE-2009-1611 (Stack-based buffer overflow in ElectraSoft 32bit FTP 09.04.24 allows ...) NOT-FOR-US: electrasoft 32bit_ftp CVE-2009-1612 (Stack-based buffer overflow in the MPS.StormPlayer.1 ActiveX control ...) NOT-FOR-US: baofeng storm CVE-2009-1613 (Multiple SQL injection vulnerabilities in leap.php in Leap CMS 0.1.4, ...) NOT-FOR-US: gowondesigns leap CVE-2009-1614 (Multiple cross-site scripting (XSS) vulnerabilities in Leap CMS 0.1.4 ...) NOT-FOR-US: gowondesigns leap CVE-2009-1615 (Unrestricted file upload vulnerability in Leap CMS 0.1.4 allows remote ...) NOT-FOR-US: gowondesigns leap CVE-2009-1616 (Cross-site scripting (XSS) vulnerability in docs/showdoc.php in ...) NOT-FOR-US: coppermine_photo_gallery CVE-2009-1617 (Teraway LinkTracker 1.0 allows remote attackers to bypass ...) NOT-FOR-US: teraway linktracker CVE-2009-1618 (Teraway LiveHelp 2.0 allows remote attackers to bypass authentication ...) NOT-FOR-US: teraway livehelp CVE-2009-1619 (Teraway FileStream 1.0 allows remote attackers to bypass ...) NOT-FOR-US: teraway filestream CVE-2009-1620 (Multiple cross-site scripting (XSS) vulnerabilities in input.php in ...) NOT-FOR-US: matachat CVE-2009-1621 (Directory traversal vulnerability in index.php in OpenCart 1.1.8 ...) NOT-FOR-US: opencart CVE-2009-1622 (SQL injection vulnerability in user.php in EcShop 2.5.0 allows remote ...) NOT-FOR-US: ecshop CVE-2009-1623 (Cross-site scripting (XSS) vulnerability in index.php in ...) NOT-FOR-US: dew code dew newphplinks CVE-2009-1624 (Directory traversal vulnerability in index.php in Dew-NewPHPLinks 2.0 ...) NOT-FOR-US: dew code dew newphplinks CVE-2009-1625 (Directory traversal vulnerability in index.php in Thickbox Gallery 2 ...) NOT-FOR-US: davlin thickbox_gallery CVE-2009-1626 (SQL injection vulnerability in public/specific.php in EZ-Blog before ...) NOT-FOR-US: will_kraft ez blog CVE-2009-1627 (Stack-based buffer overflow in Streaming Download Project (SDP) ...) NOT-FOR-US: sdp_multimedia streaming_download_project CVE-2009-1628 (Stack-based buffer overflow in mnet.exe in Unisys Business Information ...) NOT-FOR-US: Unisys Business Information Server BIS CVE-2009-1629 (ajaxterm.js in AjaxTerm 0.10 and earlier generates session IDs with ...) BUG: 269922 CVE-2009-1630 (The nfs_permission function in fs/nfs/dir.c in the NFS client ...) BUG: 270333 CVE-2009-1631 (The Mailer component in Evolution 2.26.1 and earlier uses ...) BUG: 270334 CVE-2009-1632 (Multiple memory leaks in Ipsec-tools before 0.7.2 allow remote ...) BUG: 267135 CVE-2009-1633 (Multiple buffer overflows in the cifs subsystem in the Linux kernel ...) BUG: 271802 CVE-2009-1634 (The WebAccess component in Novell GroupWise 7.x before 7.03 HP3 and ...) NOT-FOR-US: Novell GroupWise CVE-2009-1635 (Multiple cross-site scripting (XSS) vulnerabilities in the WebAccess ...) NOT-FOR-US: novell groupwise CVE-2009-1636 (Multiple buffer overflows in the Internet Agent (aka GWIA) component ...) NOT-FOR-US: Internet Agent aka GWIA component in Novell GroupWise CVE-2009-1637 (profile.php in Simple Customer 1.3 does not require administrative ...) NOT-FOR-US: simplecustomer simple_customer CVE-2009-1638 (Techno Dreams Job Career Package 3.0 allows remote attackers to bypass ...) NOT-FOR-US: t dreams job_career_package CVE-2009-1639 (Stack-based buffer overflow in Nucleus Data Recovery Kernel Recovery ...) NOT-FOR-US: nucleustechnologies kernel_recovery CVE-2009-1640 (Stack-based buffer overflow in Nucleus Data Recovery Kernel Recovery ...) NOT-FOR-US: nucleustechnologies kernel_recovery CVE-2009-1641 (Multiple stack-based buffer overflows in Mini-stream Ripper 3.0.1.1 ...) NOT-FOR-US: Ripper CVE-2009-1642 (Multiple stack-based buffer overflows in Mini-stream ASX to MP3 ...) NOT-FOR-US: mini stream_to_mp3_converter CVE-2009-1643 (Stack-based buffer overflow in Sorinara Soritong MP3 Player 1.0 allows ...) NOT-FOR-US: sorinara soritong_mp3_player CVE-2009-1644 (Stack-based buffer overflow in Sorinara Streaming Audio Player 0.9 ...) NOT-FOR-US: sorinara streaming_audio_player CVE-2009-1645 (Multiple stack-based buffer overflows in Mini-stream Easy RM-MP3 ...) NOT-FOR-US: mini stream easy_rm mp3_converter CVE-2009-1646 (Stack-based buffer overflow in Mini-stream RM Downloader 3.0.0.9 ...) NOT-FOR-US: mini stream_rm_downloader CVE-2009-1647 (Heap-based buffer overflow in popcorn.exe in Ultrafunk Popcorn 1.87 ...) NOT-FOR-US: ultrafunk popcorn CVE-2009-1648 (The YaST2 LDAP module in yast2-ldap-server on SUSE Linux Enterprise ...) NOT-FOR-US: yast2 ldap server CVE-2009-1649 (Directory traversal vulnerability in arch.php in beLive 0.2.3 allows ...) NOT-FOR-US: bicluc belive CVE-2009-1650 (Multiple SQL injection vulnerabilities in photos.php in Shutter 0.1.1 ...) NOT-FOR-US: tenfourzero shutter CVE-2009-1651 (SQL injection vulnerability in admin/member_details.php in 2daybiz ...) NOT-FOR-US: i net_solution business_community_script CVE-2009-1652 (admin/adminaddeditdetails.php in Business Community Script does not ...) NOT-FOR-US: i netsolution business_community_script CVE-2009-1653 (Directory traversal vulnerability in ...) NOT-FOR-US: tiny_but_strong CVE-2009-1654 (Cross-site scripting (XSS) vulnerability in questiondetail.php in Easy ...) NOT-FOR-US: easy scripts answer_and_question_script CVE-2009-1655 (Multiple SQL injection vulnerabilities in myaccount.php in Easy ...) NOT-FOR-US: easy scripts answer_and_question_script CVE-2009-1656 (Xerox WorkCentre and WorkCentre Pro 232, 238, 245, 255, 265, 275; and ...) NOT-FOR-US: xerox workcentre CVE-2009-1657 (Multiple SQL injection vulnerabilities in the Starrating plugin before ...) NOT-FOR-US: Starrating plugin CVE-2009-1658 (Multiple SQL injection vulnerabilities in admin/admin.php in Realty ...) NOT-FOR-US: Realty Webware Technologies Realty Web Base CVE-2009-1659 (Unrestricted file upload vulnerability in admin/uploadimage.php in ...) NOT-FOR-US: eLitius CVE-2009-1660 (Stack-based buffer overflow in URUWorks ViPlay3 3.0 and earlier allows ...) NOT-FOR-US: URUWorks CVE-2009-1661 (SQL injection vulnerability in admin/utopic.php in uTopic 1.0, when ...) NOT-FOR-US: uTopic CVE-2009-1662 (Multiple SQL injection vulnerabilities in admin/login.php in Wright ...) NOT-FOR-US: Wright Way Services Recipe Script CVE-2009-1663 (Unrestricted file upload vulnerability in myaccount.php in Easy ...) NOT-FOR-US: Answer and Question Script CVE-2009-1664 (myaccount.php in Easy Scripts Answer and Question Script does not ...) NOT-FOR-US: Answer and Question Script CVE-2009-1665 (myaccount.php in Easy Scripts Answer and Question Script allows remote ...) NOT-FOR-US: Answer and Question Script CVE-2009-1666 (Multiple unspecified vulnerabilities in CycloMedia CycloScopeLite ...) NOT-FOR-US: cyclomedia cycloscopelite CVE-2009-1667 (Stack-based buffer overflow in Mini-stream CastRipper 2.50.70 allows ...) NOT-FOR-US: mini stream castripper CVE-2009-1668 (TYPSoft FTP Server 1.11 allows remote attackers to cause a denial of ...) NOT-FOR-US: typsoft_ftp_server CVE-2009-1669 (The smarty_function_math function in libs/plugins/function.math.php in ...) BUG: 270494 CVE-2009-1670 (user/index.php in TCPDB 3.8 does not require administrative ...) NOT-FOR-US: tcpdb CVE-2009-1671 (Multiple buffer overflows in the Deployment Toolkit ActiveX control in ...) NOT-FOR-US: sun jre CVE-2009-1672 (The Deployment Toolkit ActiveX control in deploytk.dll 6.0.130.3 in ...) NOT-FOR-US: sun jre CVE-2009-1673 (The kernel in Sun Solaris 9 allows local users to cause a denial of ...) NOT-FOR-US: sun solaris CVE-2009-1674 (Stack-based buffer overflow in Microchip MPLAB IDE 8.30 allows ...) NOT-FOR-US: microchip mplab_ide CVE-2009-1675 (Stack-based buffer overflow in ElectraSoft 32bit FTP 09.04.24 allows ...) NOT-FOR-US: electrasoft 32bit_ftp CVE-2009-1676 REJECTED NOT-FOR-US: microsoft iis CVE-2009-1677 (Multiple static code injection vulnerabilities in the saveFeed ...) NOT-FOR-US: bitweaver CVE-2009-1678 (Directory traversal vulnerability in the saveFeed function in ...) NOT-FOR-US: bitweaver CVE-2009-1679 (The Profiles component in Apple iPhone OS 1.0 through 2.2.1 and iPhone ...) NOT-FOR-US: apple iphone_os CVE-2009-1680 (Safari in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod ...) NOT-FOR-US: apple iphone_os CVE-2009-1681 (WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and ...) BUG: 284109 CVE-2009-1682 (Apple Safari before 4.0 does not properly check for revoked Extended ...) TODO: check CVE-2009-1683 (The Telephony component in Apple iPhone OS 1.0 through 2.2.1 and ...) NOT-FOR-US: apple iphone_os CVE-2009-1684 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...) BUG: 284110 CVE-2009-1685 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...) BUG: 284112 CVE-2009-1686 (WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and ...) BUG: 284114 CVE-2009-1687 (The JavaScript garbage collector in WebKit in Apple Safari before 4.0, ...) BUG: 284116 CVE-2009-1688 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...) BUG: 284118 CVE-2009-1689 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...) BUG: 284119 CVE-2009-1690 (Use-after-free vulnerability in WebKit, as used in Apple Safari before ...) BUG: 284121 CVE-2009-1691 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...) BUG: 284123 CVE-2009-1692 (WebKit before r41741, as used in Apple iPhone OS 1.0 through 2.2.1, ...) BUG: 284124 CVE-2009-1693 (WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and ...) BUG: 284125 CVE-2009-1694 (WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and ...) BUG: 284127 CVE-2009-1695 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...) BUG: 284128 CVE-2009-1696 (WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and ...) BUG: 284129 CVE-2009-1697 (CRLF injection vulnerability in WebKit in Apple Safari before 4.0, ...) BUG: 284131 CVE-2009-1698 (WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and ...) BUG: 284132 CVE-2009-1699 (The XSL stylesheet implementation in WebKit in Apple Safari before ...) BUG: 284134 CVE-2009-1700 (The XSLT implementation in WebKit in Apple Safari before 4.0, iPhone ...) BUG: 284136 CVE-2009-1701 (Use-after-free vulnerability in the JavaScript DOM implementation in ...) BUG: 284137 CVE-2009-1702 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...) BUG: 284138 CVE-2009-1703 (WebKit in Apple Safari before 4.0 does not prevent references to file: ...) BUG: 284140 CVE-2009-1704 (CFNetwork in Apple Safari before 4.0 misinterprets downloaded image ...) NOT-FOR-US: apple safari CVE-2009-1705 (CoreGraphics in Apple Safari before 4.0 on Windows does not properly ...) NOT-FOR-US: apple safari CVE-2009-1706 (The Private Browsing feature in Apple Safari before 4.0 on Windows ...) NOT-FOR-US: apple safari CVE-2009-1707 (Race condition in the Reset Safari implementation in Apple Safari ...) NOT-FOR-US: NFU CVE-2009-1708 (Apple Safari before 4.0 does not prevent calls to the open-help-anchor ...) NOT-FOR-US: apple safari CVE-2009-1709 (Use-after-free vulnerability in the garbage-collection implementation ...) BUG: 284142 CVE-2009-1710 (WebKit in Apple Safari before 4.0 allows remote attackers to spoof the ...) BUG: 284144 CVE-2009-1711 (WebKit in Apple Safari before 4.0 does not properly initialize memory ...) BUG: 284146 CVE-2009-1712 (WebKit in Apple Safari before 4.0 does not prevent remote loading of ...) BUG: 284147 CVE-2009-1713 (The XSLT functionality in WebKit in Apple Safari before 4.0 does not ...) BUG: 284148 CVE-2009-1714 (Cross-site scripting (XSS) vulnerability in Web Inspector in WebKit in ...) BUG: 284150 CVE-2009-1715 (Cross-site scripting (XSS) vulnerability in Web Inspector in WebKit in ...) BUG: 284151 CVE-2009-1716 (CFNetwork in Apple Safari before 4.0 on Windows does not properly ...) NOT-FOR-US: apple safari CVE-2009-1717 (Integer overflow in Terminal in Apple Mac OS X 10.5 before 10.5.7 ...) NOT-FOR-US: apple mac_os_x_server CVE-2009-1718 (WebKit in Apple Safari before 4.0 allows user-assisted remote ...) BUG: 284153 CVE-2009-1719 (The Aqua Look and Feel for Java implementation in Java 1.5 on Mac OS X ...) NOT-FOR-US: Java CVE-2009-1720 (Multiple integer overflows in OpenEXR 1.2.2 and 1.6.1 allow ...) BUG: 277202 CVE-2009-1721 (The decompression implementation in the Imf::hufUncompress function in ...) BUG: 277202 CVE-2009-1722 (Heap-based buffer overflow in the compression implementation in ...) BUG: 277202 CVE-2009-1723 (CFNetwork in Apple Mac OS X 10.5 before 10.5.8 places an incorrect URL ...) NOT-FOR-US: apple mac_os_x_server CVE-2009-1724 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...) TODO: check CVE-2009-1725 (WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, ...) BUG: 281818 BUG: 281819 BUG: 281821 BUG: 279027 CVE-2009-1726 (Heap-based buffer overflow in ColorSync in Apple Mac OS X 10.4.11 and ...) NOT-FOR-US: apple mac_os_x_server CVE-2009-1727 (Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X 10.5 ...) NOT-FOR-US: apple mac_os_x_server CVE-2009-1728 (Stack-based buffer overflow in Image RAW in Apple Mac OS X 10.5 before ...) NOT-FOR-US: apple mac_os_x_server CVE-2009-1729 (Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System ...) NOT-FOR-US: sun java_system_communications_express CVE-2009-1730 (Multiple directory traversal vulnerabilities in NetMechanica ...) NOT-FOR-US: netmechanica netdecision_tftp_server CVE-2009-1731 (SQL injection vulnerability in panel/index.php in MLFFAT 2.1 allows ...) NOT-FOR-US: mlffat CVE-2009-1732 (Cross-site scripting (XSS) vulnerability in admin/usermanager in ...) NOT-FOR-US: richard_ellerbrock ipplan CVE-2009-1733 (Cross-site request forgery (CSRF) vulnerability in IPplan 4.91a allows ...) NOT-FOR-US: richard_ellerbrock ipplan CVE-2009-1734 (SQL injection vulnerability in listing_video.php in VidSharePro allows ...) NOT-FOR-US: omnisoftsol vidsharepro CVE-2009-1735 (Cross-site scripting (XSS) vulnerability in search.php in VidSharePro ...) NOT-FOR-US: omnisoftsol vidsharepro CVE-2009-1736 (SQL injection vulnerability in the GridSupport (GS) Ticket System ...) NOT-FOR-US: joomla com_gsticketsystem CVE-2009-1737 (Directory traversal vulnerability in bom.php in MyPic 2.1 allows ...) NOT-FOR-US: diqiye mypic CVE-2009-1738 (Cross-site scripting (XSS) vulnerability in Feed Block 6.x-1.x before ...) NOT-FOR-US: We do not ship this module CVE-2009-1739 (PAD Site Scripts 3.6 allows remote attackers to bypass authentication ...) NOT-FOR-US: phpeasycode pad_site_scripts CVE-2009-1740 (Multiple heap-based buffer overflows in the D-Link MPEG4 Viewer ...) NOT-FOR-US: dlink mpeg4_viewer_activex_control CVE-2009-1741 (Multiple SQL injection vulnerabilities in login.php in DM FileManager ...) NOT-FOR-US: dutchmonkey dm_filemanager CVE-2009-1742 (code.php in PC4Arb Pc4 Uploader 9.0 and earlier makes it easier for ...) NOT-FOR-US: pc4arb pc4_uploader CVE-2009-1743 (Directory traversal vulnerability in InstallHFZ.exe 6.5.201.0 in ...) NOT-FOR-US: pinnaclesys pinnacle_studio CVE-2009-1744 (InstallHFZ.exe 6.5.201.0 in Pinnacle Hollywood Effects 6, a module in ...) NOT-FOR-US: pinnaclesys pinnacle_studio CVE-2009-1745 (Armorlogic Profense Web Application Firewall before 2.2.22, and 2.4.x ...) NOT-FOR-US: armorlogic profense_web_application_firewall CVE-2009-1746 (SQL injection vulnerability in berita.php in Dian Gemilang DGNews 3.0 ...) NOT-FOR-US: diangemilang dgnews CVE-2009-1747 (SQL injection vulnerability in index.php in 26th Avenue bSpeak 1.10 ...) NOT-FOR-US: 26th_avenue bspeak CVE-2009-1748 (Multiple directory traversal vulnerabilities in index.php in Catviz ...) NOT-FOR-US: joost_horward catviz CVE-2009-1749 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) NOT-FOR-US: joost_horward catviz CVE-2009-1750 (Unrestricted file upload vulnerability in VidSharePro allows remote ...) NOT-FOR-US: omnisoftsol vidsharepro CVE-2009-1751 (SQL injection vulnerability in list_list.php in Realty Webware ...) NOT-FOR-US: realtywebware realty_web base CVE-2009-1752 (exJune Office Message System 1 does not properly restrict access to ...) NOT-FOR-US: exjune office_message_system CVE-2009-1753 (Coccinelle 0.1.7 allows local users to overwrite arbitrary files via a ...) NOT-FOR-US: emn coccinelle CVE-2009-1754 (The PackageManagerService class in ...) NOT-FOR-US: android CVE-2009-1755 (Off-by-one error in the packet_read_query_section function in packet.c ...) NOT-FOR-US: sunrise-only; notified CVE-2009-1756 (SLiM Simple Login Manager 1.3.0 places the X authority magic cookie ...) NOT-FOR-US: simone_rota slim_simple_login_manager CVE-2009-1757 (Cross-site request forgery (CSRF) vulnerability in Transmission 1.5 ...) BUG: 269605 CVE-2009-1758 (The hypervisor_callback function in Xen, possibly before 3.4.0, as ...) BUG: 277372 CVE-2009-1759 (Stack-based buffer overflow in the btFiles::BuildFromMI function ...) BUG: 266953 CVE-2009-1760 (Directory traversal vulnerability in src/torrent_info.cpp in Rasterbar ...) BUG: 273916 CVE-2009-1761 (The message engine in CA ARCserve Backup r12.0 and r12.0 SP1 for ...) NOT-FOR-US: CA CVE-2009-1762 (Multiple cross-site scripting (XSS) vulnerabilities in the WebAccess ...) NOT-FOR-US: novell groupwise CVE-2009-1763 (Unspecified vulnerability in the Solaris Secure Digital slot driver ...) NOT-FOR-US: sun opensolaris CVE-2009-1764 (SQL injection vulnerability in inc/ajax.asp in MaxCMS 2.0 allows ...) NOT-FOR-US: maxcms CVE-2009-1765 (Multiple directory traversal vulnerabilities in pluck 4.6.2, when ...) NOT-FOR-US: pluck cms pluck CVE-2009-1766 (SQL injection vulnerability in index.php in LightOpenCMS 0.1 allows ...) NOT-FOR-US: teozkr lightopencms CVE-2009-1767 (admin/edituser.php in 2daybiz Template Monster Clone does not require ...) NOT-FOR-US: 2daybiz template_monster_clone CVE-2009-1768 (Directory traversal vulnerability in download.php in Rama Zaiten CMS ...) NOT-FOR-US: jalal_aldeen_omary ramazaitencms0 9 8 CVE-2009-1769 (The web interface in Open Computer and Software Inventory Next ...) NOT-FOR-US: ocsinventory ng ocs_inventory_ng CVE-2009-1770 (Directory traversal vulnerability in ...) NOT-FOR-US: flyspeck_cms CVE-2009-1771 (index.php in Flyspeck CMS 6.8 does not require administrative ...) NOT-FOR-US: flyspeck_cms CVE-2009-1772 (Cross-site scripting (XSS) vulnerability in activeCollab 2.1 Corporate ...) NOT-FOR-US: activecollab CVE-2009-1773 (activeCollab 2.1 Corporate allows remote attackers to obtain sensitive ...) NOT-FOR-US: activecollab CVE-2009-1774 (Directory traversal vulnerability in plugins/ddb/foot.php in ...) NOT-FOR-US: Strawberry CVE-2009-1775 (Multiple cross-site scripting (XSS) vulnerabilities in Ulteo Open ...) NOT-FOR-US: ulteo open_virtual_desktop CVE-2009-1776 (Multiple cross-site scripting (XSS) vulnerabilities in FormMail.pl in ...) NOT-FOR-US: matt_wright formmail CVE-2009-1777 (CRLF injection vulnerability in FormMail.pl in Matt Wright FormMail ...) NOT-FOR-US: matt_wright formmail CVE-2009-1778 (SQL injection vulnerability in the new user registration feature in ...) NOT-FOR-US: bigace_cms CVE-2009-1779 (PHP remote file inclusion vulnerability in admin.php in Frax.dk Php ...) NOT-FOR-US: roboform frax dk_php_recommend CVE-2009-1780 (admin.php in Frax.dk Php Recommend 1.3 and earlier does not require ...) NOT-FOR-US: roboform frax dk_php_recommend CVE-2009-1781 (Static code injection vulnerability in admin.php in Frax.dk Php ...) NOT-FOR-US: roboform frax dk_php_recommend CVE-2009-1782 (Multiple F-Secure anti-virus products, including Anti-Virus for ...) NOT-FOR-US: f secure_anti virus CVE-2009-1783 (Multiple FRISK Software F-Prot anti-virus products, including ...) NOT-FOR-US: Multiple CVE-2009-1784 (The AVG parsing engine 8.5 323, as used in multiple AVG anti-virus ...) NOT-FOR-US: multiple CVE-2009-1785 (Cross-site scripting (XSS) vulnerability in Ulteo Open Virtual Desktop ...) NOT-FOR-US: ulteo open_virtual_desktop CVE-2009-1786 (The malloc subsystem in libc in IBM AIX 5.3 and 6.1 allows local users ...) NOT-FOR-US: ibm aix CVE-2009-1787 (Multiple SQL injection vulnerabilities in PHP Dir Submit (aka ...) NOT-FOR-US: phpdirsubmit php_dir_submit CVE-2009-1788 (Heap-based buffer overflow in voc_read_header in libsndfile 1.0.15 ...) BUG: 269863 CVE-2009-1789 (mod/server.mod/servmsg.c in Eggheads Eggdrop and Windrop 1.6.19 and ...) BUG: 271804 CVE-2009-1790 (Cross-site scripting (XSS) vulnerability in CGI RESCUE Trees before ...) NOT-FOR-US: cgi_rescue rescue CVE-2009-1791 (Heap-based buffer overflow in aiff_read_header in libsndfile 1.0.15 ...) BUG: 269863 CVE-2009-1792 (The system.openURL function in StoneTrip Ston3D StandalonePlayer (aka ...) NOT-FOR-US: StoneTrip Ston3D StandalonePlayer CVE-2009-1793 RESERVED CVE-2009-1794 RESERVED CVE-2009-1795 RESERVED CVE-2009-1796 (Cross-site scripting (XSS) vulnerability in Sun Java System Portal ...) NOT-FOR-US: sun java_system_portal_server CVE-2009-1797 (Multiple cross-site request forgery (CSRF) vulnerabilities on the ...) NOT-FOR-US: apc switched_rack_pdu CVE-2009-1798 (Multiple cross-site scripting (XSS) vulnerabilities on the Network ...) NOT-FOR-US: apc switched_rack_pdu CVE-2009-1799 (Multiple SQL injection vulnerabilities in the getGalleryImage function ...) NOT-FOR-US: sebastian thiele st gallery CVE-2009-1800 (Stack-based buffer overflow in the Chinagames CGAgent ActiveX control ...) NOT-FOR-US: chinagames igame CVE-2009-1801 (Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.5.1, ...) NOT-FOR-US: freepbx CVE-2009-1802 (Multiple cross-site request forgery (CSRF) vulnerabilities in FreePBX ...) NOT-FOR-US: freepbx CVE-2009-1803 (FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, ...) NOT-FOR-US: freepbx CVE-2009-1804 (Multiple SQL injection vulnerabilities in admin/index.php in ...) NOT-FOR-US: videoscript youtube_video_script CVE-2009-1805 (Unspecified vulnerability in the VMware Descheduled Time Accounting ...) NOT-FOR-US: vmware workstation CVE-2009-1806 (Unspecified vulnerability in IBM Hardware Management Console (HMC) 7 ...) NOT-FOR-US: ibm hardware_management_console CVE-2009-1807 (Unspecified vulnerability in Config.dll in Baofeng products 3.09.04.17 ...) NOT-FOR-US: baofeng storm CVE-2009-1808 (Microsoft Windows XP SP3 allows local users to cause a denial of ...) NOT-FOR-US: microsoft windows_xp CVE-2009-1809 (Multiple cross-site scripting (XSS) vulnerabilities in myColex 1.4.2 ...) NOT-FOR-US: myColex CVE-2009-1810 (Multiple SQL injection vulnerabilities in myColex 1.4.2 allow remote ...) NOT-FOR-US: myColex CVE-2009-1811 (Multiple cross-site scripting (XSS) vulnerabilities in myGesuad 0.9.14 ...) NOT-FOR-US: myGesuad CVE-2009-1812 (Multiple SQL injection vulnerabilities in myGesuad 0.9.14 (aka 0.9) ...) NOT-FOR-US: myGesuad CVE-2009-1813 (Multiple SQL injection vulnerabilities in admin/index.php in Submitter ...) NOT-FOR-US: Submitter Script CVE-2009-1814 (SQL injection vulnerability in mail.php in PHPenpals 1.1 and earlier ...) NOT-FOR-US: PHPenpals CVE-2009-1815 (Stack-based buffer overflow in Sonic Spot Audioactive Player 1.93b ...) NOT-FOR-US: Sonic Spot Audioactive Player CVE-2009-1816 (SQL injection vulnerability in admin.php in My Game Script 2.0 allows ...) NOT-FOR-US: My Game Script CVE-2009-1817 (Multiple buffer overflows in DigiMode Maya 1.0.2 allow remote ...) NOT-FOR-US: DigiMode Maya CVE-2009-1818 (SQL injection vulnerability in admin/admin_manager.asp in MaxCMS 2.0 ...) NOT-FOR-US: MaxCMS CVE-2009-1819 (SQL injection vulnerability in product.php in 2daybiz Custom T-shirt ...) NOT-FOR-US: product php in CVE-2009-1820 (Cross-site scripting (XSS) vulnerability in product.php in 2daybiz ...) NOT-FOR-US: product php in CVE-2009-1821 (DMXReady Registration Manager 1.1 stores sensitive information under ...) NOT-FOR-US: DMXReady CVE-2009-1822 (Multiple PHP remote file inclusion vulnerabilities in the InterJoomla ...) NOT-FOR-US: InterJoomla ArtForms com_artforms component CVE-2009-1823 (Cross-site scripting (XSS) vulnerability in the Print (aka Printer, ...) NOT-FOR-US: Print aka Printer e mail and PDF versions module CVE-2009-1824 (The ps_drv.sys kernel driver in ArcaBit ArcaVir 2009 Antivirus ...) NOT-FOR-US: ArcaBit ArcaVir CVE-2009-1825 (modules/admuser.php in myColex 1.4.2 does not require administrative ...) NOT-FOR-US: myColex CVE-2009-1826 (modules/admuser.php in myGesuad 0.9.14 (aka 0.9) does not require ...) NOT-FOR-US: myGesuad CVE-2009-1827 (The SVG component in Mozilla Firefox 3.0.4 allows remote attackers to ...) NOT-FOR-US: Obsolete CVE-2009-1828 (Mozilla Firefox 3.0.10 allows remote attackers to cause a denial of ...) BUG: 273918 CVE-2009-1829 (Unspecified vulnerability in the PCNFSD dissector in Wireshark 0.8.20 ...) BUG: 271062 CVE-2009-1830 (Stack-based buffer overflow in Soulseek 156 and 157 NS allows remote ...) NOT-FOR-US: Soulseek CVE-2009-1831 (The Nullsoft Modern Skins Support module (gen_ff.dll) in Nullsoft ...) NOT-FOR-US: Nullsoft Winamp CVE-2009-1832 (Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and ...) BUG: 273918 CVE-2009-1833 (The JavaScript engine in Mozilla Firefox before 3.0.11, Thunderbird ...) BUG: 273918 CVE-2009-1834 (Visual truncation vulnerability in netwerk/dns/src/nsIDNService.cpp in ...) BUG: 273918 CVE-2009-1835 (Mozilla Firefox before 3.0.11 and SeaMonkey before 1.1.17 associate ...) BUG: 273918 CVE-2009-1836 (Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and ...) BUG: 273918 CVE-2009-1837 (Race condition in the NPObjWrapper_NewResolve function in ...) BUG: 273918 CVE-2009-1838 (The garbage-collection implementation in Mozilla Firefox before ...) BUG: 273918 CVE-2009-1839 (Mozilla Firefox 3 before 3.0.11 associates an incorrect principal with ...) BUG: 273918 CVE-2009-1840 (Mozilla Firefox before 3.0.11, Thunderbird, and SeaMonkey do not check ...) BUG: 273918 CVE-2009-1841 (js/src/xpconnect/src/xpcwrappedjsclass.cpp in Mozilla Firefox before ...) BUG: 273918 CVE-2009-1842 (SQL injection vulnerability in main/tracking/userLog.php in Francisco ...) NOT-FOR-US: php nuke CVE-2009-1843 (Multiple SQL injection vulnerabilities in Flash Quiz Beta 2 allow ...) NOT-FOR-US: glenn_mcgurrin online_flashquiz CVE-2009-1844 (Multiple cross-site scripting (XSS) vulnerabilities in Drupal 5.x ...) BUG: 269753 CVE-2009-1845 (Cross-site scripting (XSS) vulnerability in ajax/updatecheck.php in ...) NOT-FOR-US: Lussumo Vanilla CVE-2009-1846 (Multiple directory traversal vulnerabilities in SiteX 0.7.4 Build 418 ...) NOT-FOR-US: SiteX CVE-2009-1847 (Directory traversal vulnerability in index.php in Easy PX 41 CMS 9.0 ...) NOT-FOR-US: Easy PX CVE-2009-1848 (SQL injection vulnerability in the JoomlaMe AgoraGroups (aka AG or ...) NOT-FOR-US: JoomlaMe AgoraGroups aka AG or com_agoragroup component CVE-2009-1849 (Cross-site scripting (XSS) vulnerability in the Monitor_Bandwidth ...) NOT-FOR-US: Monitor_Bandwidth function in PRTG Traffic Grapher CVE-2009-1850 (SQL injection vulnerability in index.php in phpBugTracker 1.0.3 allows ...) NOT-FOR-US: phpBugTracker CVE-2009-1851 (SQL injection vulnerability in include.php in phpBugTracker 1.0.4 and ...) NOT-FOR-US: phpBugTracker CVE-2009-1852 (Multiple SQL injection vulnerabilities in Graphiks MyForum 1.3 allow ...) NOT-FOR-US: Graphiks MyForum CVE-2009-1853 (Multiple SQL injection vulnerabilities in index.php in Kensei Board ...) NOT-FOR-US: Kensei Board CVE-2009-1854 (Million Dollar Text Links 1.0 allows remote attackers to bypass ...) NOT-FOR-US: Million CVE-2009-1855 (Stack-based buffer overflow in Adobe Reader 7 and Acrobat 7 before ...) BUG: 273908 CVE-2009-1856 (Integer overflow in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe ...) BUG: 273908 CVE-2009-1857 (Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat ...) BUG: 273908 CVE-2009-1858 (The JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe ...) BUG: 273908 CVE-2009-1859 (Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat ...) BUG: 273908 CVE-2009-1860 (Unspecified vulnerability in Adobe Shockwave Player before 11.5.0.600 ...) NOT-FOR-US: Adobe Shockwave Player CVE-2009-1861 (Multiple heap-based buffer overflows in Adobe Reader 7 and Acrobat 7 ...) BUG: 273908 CVE-2009-1862 (Unspecified vulnerability in Adobe Reader and Acrobat 9.x through ...) BUG: 278819 BUG: 278813 CVE-2009-1863 (Unspecified vulnerability in Adobe Flash Player before 9.0.246.0 and ...) BUG: 278819 CVE-2009-1864 (Heap-based buffer overflow in Adobe Flash Player before 9.0.246.0 and ...) BUG: 278819 CVE-2009-1865 (Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and ...) BUG: 278819 CVE-2009-1866 (Stack-based buffer overflow in Adobe Flash Player before 9.0.246.0 and ...) BUG: 278819 CVE-2009-1867 (Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and ...) BUG: 278819 CVE-2009-1868 (Heap-based buffer overflow in Adobe Flash Player before 9.0.246.0 and ...) BUG: 278819 CVE-2009-1869 (Integer overflow in the ActionScript Virtual Machine 2 (AVM2) abcFile ...) BUG: 278819 CVE-2009-1870 (Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and ...) BUG: 278819 CVE-2009-1871 RESERVED CVE-2009-1872 (Multiple cross-site scripting (XSS) vulnerabilities in Adobe ...) NOT-FOR-US: Adobe ColdFusion Server CVE-2009-1873 (Directory traversal vulnerability in logging/logviewer.jsp in the ...) NOT-FOR-US: Management Console in Adobe JRun Application Server CVE-2009-1874 (Multiple cross-site scripting (XSS) vulnerabilities in the Management ...) NOT-FOR-US: Management Console in Adobe JRun CVE-2009-1875 (Multiple cross-site scripting (XSS) vulnerabilities in Adobe ...) NOT-FOR-US: Adobe ColdFusion CVE-2009-1876 (Adobe ColdFusion 8.0.1 and earlier might allow attackers to obtain ...) NOT-FOR-US: Adobe CVE-2009-1877 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 8.0.1 and ...) NOT-FOR-US: Adobe ColdFusion CVE-2009-1878 (Session fixation vulnerability in Adobe ColdFusion 8.0.1 and earlier ...) NOT-FOR-US: Adobe ColdFusion CVE-2009-1879 (Cross-site scripting (XSS) vulnerability in index.template.html in the ...) NOT-FOR-US: adobe flex CVE-2009-1880 (Cross-site scripting (XSS) vulnerability in MT312 REP-BBS allows ...) NOT-FOR-US: mt312 rep bbs CVE-2009-1881 (Cross-site scripting (XSS) vulnerability in MT312 IMG-BBS allows ...) NOT-FOR-US: mt312 img bbs CVE-2009-1882 (Integer overflow in the XMakeImage function in magick/xwindow.c in ...) BUG: 271502 CVE-2009-1883 (The z90crypt_unlocked_ioctl function in the z90crypt driver in the ...) BUG: 286088 CVE-2009-1884 (Off-by-one error in the bzinflate function in Bzip2.xs in the ...) BUG: 281955 CVE-2009-1885 (Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in ...) BUG: 308009 CVE-2009-1886 (Multiple format string vulnerabilities in client/client.c in smbclient ...) BUG: 274601 CVE-2009-1887 (agent/snmp_agent.c in snmpd in net-snmp 5.0.9 in Red Hat Enterprise ...) NOTE: We did not backport but bump, so the CVE does not affect us CVE-2009-1888 (The acl_group_override function in smbd/posix_acls.c in smbd in Samba ...) BUG: 275236 CVE-2009-1889 (The OSCAR protocol implementation in Pidgin before 2.5.8 misinterprets ...) BUG: 276000 CVE-2009-1890 (The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy ...) BUG: 276426 CVE-2009-1891 (The mod_deflate module in Apache httpd 2.2.11 and earlier compresses ...) BUG: 276792 CVE-2009-1892 (dhcpd in ISC DHCP 3.0.4 and 3.1.1, when the dhcp-client-identifier and ...) BUG: 275231 CVE-2009-1893 (The configtest function in the Red Hat dhcpd init script for DHCP ...) NOT-FOR-US: redhat enterprise_linux CVE-2009-1894 (Race condition in PulseAudio 0.9.9, 0.9.10, and 0.9.14 allows local ...) BUG: 276986 CVE-2009-1895 (The personality subsystem in the Linux kernel before 2.6.31-rc3 has a ...) BUG: 277714 CVE-2009-1896 (The Java Web Start framework in IcedTea in OpenJDK before ...) NOT-FOR-US: sun openjdk CVE-2009-1897 (The tun_chr_poll function in drivers/net/tun.c in the tun subsystem in ...) BUG: 278122 CVE-2009-1898 (The secure login page in the Administrative Console component in IBM ...) NOT-FOR-US: ibm websphere_application_server CVE-2009-1899 (Unspecified vulnerability in the Administrative Configservice API in ...) NOT-FOR-US: ibm websphere_application_server CVE-2009-1900 (The Configservice APIs in the Administrative Console component in IBM ...) NOT-FOR-US: ibm websphere_application_server CVE-2009-1901 (The Security component in IBM WebSphere Application Server (WAS) 6.0.2 ...) NOT-FOR-US: ibm websphere_application_server CVE-2009-1902 (The multipart processor in ModSecurity before 2.5.9 allows remote ...) BUG: 262302 CVE-2009-1903 (The PDF XSS protection feature in ModSecurity before 2.5.8 allows ...) BUG: 262302 CVE-2009-1904 (The BigDecimal library in Ruby 1.8.6 before p369 and 1.8.7 before p173 ...) BUG: 273213 CVE-2009-1905 (The Common Code Infrastructure component in IBM DB2 8 before FP17, 9.1 ...) NOT-FOR-US: IBM CVE-2009-1906 (The DRDA Services component in IBM DB2 9.1 before FP7 and 9.5 before ...) NOT-FOR-US: correlation token in the APPID string as demonstrated by an APPID string sent by the third party DataDirect JDBC driver CVE-2009-1907 (Cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: Claroline CVE-2009-1908 (Cross-site scripting (XSS) vulnerability in Skip 1.0.2 and earlier, ...) NOT-FOR-US: Skip CVE-2009-1909 (SQL injection vulnerability in Skip 1.0.2 and earlier, and 1.1RC2 and ...) NOT-FOR-US: Skip CVE-2009-1910 (SQL injection vulnerability in index.php in RTWebalbum 1.0.462 allows ...) NOT-FOR-US: RTWebalbum CVE-2009-1911 (Directory traversal vulnerability in .include/init.php (aka ...) NOT-FOR-US: include init php aka admin _include init php in QuiXplorer CVE-2009-1912 (Directory traversal vulnerability in src/func/language.php in webSPELL ...) NOT-FOR-US: webSPELL CVE-2009-1913 (SQL injection vulnerability in manager.php in LuxBum 0.5.5, when ...) NOT-FOR-US: LuxBum CVE-2009-1914 (The pci_register_iommu_region function in ...) BUG: 273919 CVE-2009-1915 (Stack-based buffer overflow in the URL Search Hook (ICQToolBar.dll) in ...) NOT-FOR-US: URL Search Hook ICQToolBar dll in ICQ CVE-2009-1916 (dig.php in GScripts.net DNS Tools allows remote attackers to execute ...) NOT-FOR-US: GScripts net CVE-2009-1917 (Microsoft Internet Explorer 6 SP1; Internet Explorer 6 for Windows XP ...) NOT-FOR-US: microsoft windows_xp CVE-2009-1918 (Microsoft Internet Explorer 5.01 SP4 and 6 SP1; Internet Explorer 6 ...) NOT-FOR-US: microsoft windows_xp CVE-2009-1919 (Microsoft Internet Explorer 5.01 SP4 and 6 SP1; Internet Explorer 6 ...) NOT-FOR-US: microsoft windows_xp CVE-2009-1920 (The JScript scripting engine 5.1, 5.6, 5.7, and 5.8 in JScript.dll in ...) NOT-FOR-US: microsoft windows_xp CVE-2009-1921 RESERVED CVE-2009-1922 (The Message Queuing (aka MSMQ) service for Microsoft Windows 2000 SP4, ...) NOT-FOR-US: microsoft windows_xp CVE-2009-1923 (Heap-based buffer overflow in the Windows Internet Name Service (WINS) ...) NOT-FOR-US: Windows Internet Name Service WINS component for Microsoft Windows CVE-2009-1924 (Integer overflow in the Windows Internet Name Service (WINS) component ...) NOT-FOR-US: Windows Internet Name Service WINS component for Microsoft Windows CVE-2009-1925 (The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and ...) NOT-FOR-US: microsoft windows_vista CVE-2009-1926 (Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista ...) NOT-FOR-US: microsoft windows_vista CVE-2009-1927 RESERVED CVE-2009-1928 (Stack consumption vulnerability in the LDAP service in Active ...) NOT-FOR-US: microsoft windows_xp CVE-2009-1929 (Heap-based buffer overflow in the Microsoft Terminal Services Client ...) NOT-FOR-US: Microsoft Terminal Services Client ActiveX control running RDP CVE-2009-1930 (The Telnet service in Microsoft Windows 2000 SP4, XP SP2 and SP3, ...) NOT-FOR-US: Microsoft Windows CVE-2009-1931 RESERVED CVE-2009-1932 (Multiple integer overflows in the (1) user_info_callback, (2) ...) BUG: 272972 CVE-2009-1933 (Kerberos in Sun Solaris 8, 9, and 10, and OpenSolaris before snv_117, ...) NOT-FOR-US: sun solaris CVE-2009-1934 (Cross-site scripting (XSS) vulnerability in the Reverse Proxy Plug-in ...) NOT-FOR-US: sun java_system_web_server CVE-2009-1935 (Integer overflow in the pipe_build_write_buffer function ...) BUG: 277719 CVE-2009-1936 (_functions.php in cpCommerce 1.2.x, possibly including 1.2.9, sends a ...) NOT-FOR-US: cpcommerce CVE-2009-1937 (Cross-site scripting (XSS) vulnerability in the comment posting ...) NOT-FOR-US: lightneasy CVE-2009-1938 (Cross-site scripting (XSS) vulnerability in Joomla! 1.5.x through ...) BUG: 273921 CVE-2009-1939 (Cross-site scripting (XSS) vulnerability in the JA_Purity template for ...) BUG: 273921 CVE-2009-1940 (Cross-site scripting (XSS) vulnerability in the administrator panel in ...) BUG: 273921 CVE-2009-1941 (PAD Site Scripts 3.6 stores sensitive information under the web ...) NOT-FOR-US: phpeasycode pad_site_scripts CVE-2009-1942 (Cross-site scripting (XSS) vulnerability in the Quiz module 5.x, ...) NOT-FOR-US: we do not ship this module CVE-2009-1943 (Stack-based buffer overflow in the IKE service (ireIke.exe) in SafeNet ...) NOT-FOR-US: safenet softremote1 4 CVE-2009-1944 (Stack-based buffer overflow in AIMP 2.51 build 330 allows remote ...) NOT-FOR-US: aimp CVE-2009-1945 (SQL injection vulnerability in webCal3_detail.asp in WebCal 3.04 ...) NOT-FOR-US: tzo webcal CVE-2009-1946 (PHP remote file inclusion vulnerability in latestposts.php in AdaptBB ...) NOT-FOR-US: adaptbb CVE-2009-1947 (SQL injection vulnerability in the UnbDbEncode function in ...) NOT-FOR-US: unclassified_newsboard CVE-2009-1948 (Multiple directory traversal vulnerabilities in forum.php in ...) NOT-FOR-US: unclassified_newsboard CVE-2009-1949 (import_wbb1.php in Unclassified NewsBoard (UNB) 1.6.4 allows remote ...) NOT-FOR-US: unclassified_newsboard CVE-2009-1950 (SQL injection vulnerability in yorum.asp in WebEyes Guest Book 3 ...) NOT-FOR-US: webeyes guest_book CVE-2009-1951 (Cross-site scripting (XSS) vulnerability in index.php in PropertyMax ...) NOT-FOR-US: propertymaxpro propertymax_pro_free CVE-2009-1952 (Multiple SQL injection vulnerabilities in the administrative login ...) NOT-FOR-US: propertymaxpro propertymax_pro_free CVE-2009-1953 (IBM FileNet Content Manager 4.0, 4.0.1, and 4.5, as used in IBM ...) NOT-FOR-US: oracle weblogic_application_server CVE-2009-1954 (Unspecified vulnerability in portmapper (aka portmap) in IBM AIX 5.3 ...) NOT-FOR-US: ibm aix CVE-2009-1955 (The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in ...) BUG: 272260 CVE-2009-1956 (Off-by-one error in the apr_brigade_vprintf function in Apache ...) BUG: 268643 CVE-2009-1957 (charon/sa/ike_sa.c in the charon daemon in strongSWAN before 4.3.1 ...) BUG: 272276 CVE-2009-1958 (charon/sa/tasks/child_create.c in the charon daemon in strongSWAN ...) BUG: 272276 CVE-2009-1959 (Off-by-one error in the event_wallops function in ...) BUG: 271875 CVE-2009-1960 (inc/init.php in DokuWiki 2009-02-14, rc2009-02-06, and rc2009-01-30, ...) BUG: 272431 CVE-2009-1961 (The inode double locking code in fs/ocfs2/file.c in the Linux kernel ...) BUG: 273922 CVE-2009-1962 (Xfig, possibly 3.2.5, allows local users to read and write arbitrary ...) BUG: 264575 CVE-2009-1963 (Unspecified vulnerability in the Network Foundation component in ...) NOT-FOR-US: oracle database_server CVE-2009-1964 (Unspecified vulnerability in the Workspace Manager component in Oracle ...) NOT-FOR-US: oracle database_server CVE-2009-1965 (Unspecified vulnerability in the Net Foundation Layer component in ...) NOT-FOR-US: oracle database_server CVE-2009-1966 (Unspecified vulnerability in the Config Management component in (1) ...) NOT-FOR-US: oracle enterprise_manager CVE-2009-1967 (Unspecified vulnerability in the Config Management component in (1) ...) NOT-FOR-US: oracle enterprise_manager CVE-2009-1968 (Unspecified vulnerability in the Secure Enterprise Search component in ...) NOT-FOR-US: oracle database_server CVE-2009-1969 (Unspecified vulnerability in the Auditing component in Oracle Database ...) NOT-FOR-US: oracle database_server CVE-2009-1970 (Unspecified vulnerability in the Listener component in Oracle Database ...) NOT-FOR-US: oracle database_server CVE-2009-1971 (Unspecified vulnerability in the Data Pump component in Oracle ...) NOT-FOR-US: oracle database_server CVE-2009-1972 (Unspecified vulnerability in the Auditing component in Oracle Database ...) NOT-FOR-US: oracle database_server CVE-2009-1973 (Unspecified vulnerability in the Virtual Private Database component in ...) NOT-FOR-US: oracle database_server CVE-2009-1974 (Unspecified vulnerability in the WebLogic Server component in BEA ...) NOT-FOR-US: oracle bea_product_suite CVE-2009-1975 (Unspecified vulnerability in the WebLogic Server component in BEA ...) NOT-FOR-US: oracle bea_product_suite CVE-2009-1976 (Unspecified vulnerability in the HTTP Server component in Oracle ...) NOT-FOR-US: oracle application_server CVE-2009-1977 (Unspecified vulnerability in the Oracle Secure Backup component in ...) NOT-FOR-US: oracle secure_backup CVE-2009-1978 (Unspecified vulnerability in the Oracle Secure Backup component in ...) NOT-FOR-US: oracle secure_backup CVE-2009-1979 (Unspecified vulnerability in the Network Authentication component in ...) NOT-FOR-US: oracle database_server CVE-2009-1980 (Unspecified vulnerability in the Oracle Application Object Library ...) NOT-FOR-US: oracle e business_suite CVE-2009-1981 (Unspecified vulnerability in the Highly Interactive Client component ...) NOT-FOR-US: oracle siebel_enterprise_suite CVE-2009-1982 (Unspecified vulnerability in the Oracle Applications Framework ...) NOT-FOR-US: oracle e business_suite CVE-2009-1983 (Unspecified vulnerability in the Oracle iStore component in Oracle ...) NOT-FOR-US: oracle e business_suite CVE-2009-1984 (Unspecified vulnerability in the Application Install component in ...) NOT-FOR-US: oracle e business_suite CVE-2009-1985 (Unspecified vulnerability in the Network Authentication component in ...) NOT-FOR-US: oracle database_server CVE-2009-1986 (Unspecified vulnerability in the Oracle Applications Manager component ...) NOT-FOR-US: oracle e business_suite CVE-2009-1987 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools - ...) NOT-FOR-US: oracle peoplesoft_enterprise CVE-2009-1988 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS eProfile ...) NOT-FOR-US: oracle peoplesoft_enterprise CVE-2009-1989 (Unspecified vulnerability in the PeopleSoft Enterprise FMS component ...) NOT-FOR-US: oracle peoplesoft_enterprise CVE-2009-1990 (Unspecified vulnerability in the Business Intelligence Enterprise ...) NOT-FOR-US: oracle application_server CVE-2009-1991 (Unspecified vulnerability in the Oracle Text component in Oracle ...) NOT-FOR-US: oracle database_server CVE-2009-1992 (Unspecified vulnerability in the Core RDBMS component in Oracle ...) NOT-FOR-US: oracle database_server CVE-2009-1993 (Unspecified vulnerability in the Application Express component in ...) NOT-FOR-US: oracle database_server CVE-2009-1994 (Unspecified vulnerability in the Oracle Spatial component in Oracle ...) NOT-FOR-US: oracle database_server CVE-2009-1995 (Unspecified vulnerability in the Advanced Queuing component in Oracle ...) NOT-FOR-US: oracle database_server CVE-2009-1996 (Unspecified vulnerability in the Logical Standby component in Oracle ...) NOT-FOR-US: oracle database_server CVE-2009-1997 (Unspecified vulnerability in the Authentication component in Oracle ...) NOT-FOR-US: oracle database_server CVE-2009-1998 (Unspecified vulnerability in the Oracle Communications Order and ...) NOT-FOR-US: oracle industry_applications CVE-2009-1999 (Unspecified vulnerability in the Business Intelligence Enterprise ...) NOT-FOR-US: oracle application_server CVE-2009-2000 (Unspecified vulnerability in the Authentication component in Oracle ...) NOT-FOR-US: oracle database_server CVE-2009-2001 (Unspecified vulnerability in the PL/SQL component in Oracle Database ...) NOT-FOR-US: oracle database_server CVE-2009-2002 (Unspecified vulnerability in the WebLogic Portal component in BEA ...) NOT-FOR-US: oracle bea_product_suite CVE-2009-2003 (Ascad Networks Password Protector SD 1.3.1 allows remote attackers to ...) NOT-FOR-US: ascadnetworks password_protector_sd CVE-2009-2004 (Multiple SQL injection vulnerabilities in main/mySpace/myStudents.php ...) NOT-FOR-US: dokeos CVE-2009-2005 (Cross-site request forgery (CSRF) vulnerability in Dokeos 1.8.5, and ...) NOT-FOR-US: dokeos CVE-2009-2006 (Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.5, ...) NOT-FOR-US: dokeos CVE-2009-2007 (Multiple directory traversal vulnerabilities in Dokeos 1.8.5, and ...) NOT-FOR-US: dokeos CVE-2009-2008 (Multiple SQL injection vulnerabilities in Dokeos 1.8.5, and possibly ...) NOT-FOR-US: dokeos CVE-2009-2009 (Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.5, ...) NOT-FOR-US: dokeos CVE-2009-2010 (Multiple SQL injection vulnerabilities in Haudenschilt Family ...) NOT-FOR-US: haudenschilt family_connections_cms CVE-2009-2011 (Worldweaver DX Studio Player 3.0.29.0, 3.0.22.0, 3.0.12.0, and ...) NOT-FOR-US: Worldweaver CVE-2009-2012 (Unspecified vulnerability in idmap in Sun OpenSolaris snv_88 through ...) NOT-FOR-US: sun opensolaris CVE-2009-2013 (SQL injection vulnerability in bin/aps_browse_sources.php in Frontis ...) NOT-FOR-US: frontisgroup frontis CVE-2009-2014 (SQL injection vulnerability in the ComSchool (com_school) component ...) NOT-FOR-US: joomla com_school CVE-2009-2015 (Directory traversal vulnerability in includes/file_includer.php in the ...) NOT-FOR-US: ideal com_moofaq CVE-2009-2016 (SQL injection vulnerability in products.php in Virtue Shopping Mall ...) NOT-FOR-US: virtuenetz virtue_shopping_mall CVE-2009-2017 (SQL injection vulnerability in products.php in Virtue Book Store ...) NOT-FOR-US: virtuenetz virtue_book_store CVE-2009-2018 (SQL injection vulnerability in admin/index.php in Jared Eckersley ...) NOT-FOR-US: jaredeckersley mycars CVE-2009-2019 (SQL injection vulnerability in news_detail.php in Virtue News Manager ...) NOT-FOR-US: virtuenetz virtue_news_manager CVE-2009-2020 (Cross-site scripting (XSS) vulnerability in news_detail.php in Virtue ...) NOT-FOR-US: virtuenetz virtue_news_manager CVE-2009-2021 (SQL injection vulnerability in search.php in Virtue Classifieds allows ...) NOT-FOR-US: virtuenetz virtue_classifieds CVE-2009-2022 (fipsCMS Light 2.1 stores sensitive information under the web root with ...) NOT-FOR-US: fipsasp fipscms_light CVE-2009-2023 (SQL injection vulnerability in index.php in Shop-Script Pro 2.12, when ...) NOT-FOR-US: shop script CVE-2009-2024 (Vlad Titarenko ASP VT Auth 1.0 stores sensitive information under the ...) NOT-FOR-US: vt rovno asp_vt_auth CVE-2009-2025 (admin/login.php in DM FileManager 3.9.2 allows remote attackers to ...) NOT-FOR-US: dutchmonkey dm_filemanager CVE-2009-2026 (Stack-based buffer overflow in a token searching function in the ...) NOT-FOR-US: ca unicenter_software_delivery CVE-2009-2027 (The Installer in Apple Safari before 4.0 on Windows allows local users ...) NOT-FOR-US: apple safari CVE-2009-2028 (Multiple unspecified vulnerabilities in Adobe Reader 7 and Acrobat 7 ...) BUG: 273908 CVE-2009-2029 (Unspecified vulnerability in rpc.nisd in Sun Solaris 8 through 10, and ...) NOT-FOR-US: sun solaris CVE-2009-2030 (Unspecified vulnerability in the XML Digital Signature verification ...) NOT-FOR-US: ibm os 400 CVE-2009-2031 (smbfs in Sun OpenSolaris snv_84 through snv_110, when default mount ...) NOT-FOR-US: sun opensolaris CVE-2009-2032 (Cross-site scripting (XSS) vulnerability in search.asp in PDshopPro, ...) NOT-FOR-US: PDshopPro when downloaded CVE-2009-2033 (Cross-site scripting (XSS) vulnerability in index.php in Yogurt 0.3 ...) NOT-FOR-US: Yogurt CVE-2009-2034 (SQL injection vulnerability in writemessage.php in Yogurt 0.3, when ...) NOT-FOR-US: Yogurt CVE-2009-2035 (Unspecified vulnerability in Services 6.x before 6.x-0.14, a module ...) NOT-FOR-US: services_module_for_drupal CVE-2009-2036 (SQL injection vulnerability in index.php in Open Biller 0.1 allows ...) NOT-FOR-US: Open Biller CVE-2009-2037 (Multiple directory traversal vulnerabilities in Online Grades & ...) NOT-FOR-US: Online Grades Attendance CVE-2009-2038 (Unspecified vulnerability in the Finnish Bank Payment module 2.2 for ...) NOT-FOR-US: Finnish Bank Payment module CVE-2009-2039 (Unspecified vulnerability in the Luottokunta module before 1.3 for ...) NOT-FOR-US: Luottokunta module CVE-2009-2040 (admin/options.php in Grestul 1.2 does not properly restrict access, ...) NOT-FOR-US: Grestul CVE-2009-2041 (Cross-site scripting (XSS) vulnerability in A51 D.O.O. activeCollab ...) NOT-FOR-US: A51 CVE-2009-2042 (libpng before 1.2.37 does not properly parse 1-bit interlaced images ...) BUG: 272970 CVE-2009-2043 (nsViewManager.cpp in Mozilla Firefox 3.0.2 through 3.0.10 allows ...) BUG: 273918 CVE-2009-2044 (Mozilla Firefox 3.0.10 and earlier on Linux allows remote attackers to ...) BUG: 273918 CVE-2009-2045 (The Cisco Video Surveillance Stream Manager firmware before 5.3, as ...) NOT-FOR-US: UDP packet to port CVE-2009-2046 (The embedded web server on the Cisco Video Surveillance 2500 Series IP ...) NOT-FOR-US: embedded CVE-2009-2047 (Directory traversal vulnerability in the Administration interface in ...) NOT-FOR-US: Administration interface in Cisco Customer Response Solutions CRS CVE-2009-2048 (Cross-site scripting (XSS) vulnerability in the Administration ...) NOT-FOR-US: Administration interface in Cisco Customer Response Solutions CRS CVE-2009-2049 (Cisco IOS 12.0(32)S12 through 12.0(32)S13 and 12.0(33)S3 through ...) NOT-FOR-US: cisco ios_xe CVE-2009-2050 (Cisco Unified Communications Manager (aka CUCM, formerly CallManager) ...) NOT-FOR-US: cisco unified_communications_manager CVE-2009-2051 (Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x ...) NOT-FOR-US: cisco unified_communications_manager CVE-2009-2052 (Cisco Unified Communications Manager (aka CUCM, formerly CallManager) ...) NOT-FOR-US: cisco unified_communications_manager CVE-2009-2053 (Cisco Unified Communications Manager (aka CUCM, formerly CallManager) ...) NOT-FOR-US: cisco unified_communications_manager CVE-2009-2054 (Cisco Unified Communications Manager (aka CUCM, formerly CallManager) ...) NOT-FOR-US: cisco unified_communications_manager CVE-2009-2055 (Cisco IOS XR 3.4.0 through 3.8.1 allows remote attackers to cause a ...) NOT-FOR-US: wild on CVE-2009-2056 (Cisco IOS XR 3.8.1 and earlier allows remote authenticated users to ...) NOT-FOR-US: Cisco CVE-2009-2057 (Microsoft Internet Explorer before 8 uses the HTTP Host header to ...) NOT-FOR-US: microsoft internet_explorer CVE-2009-2058 (Apple Safari before 3.2.2 uses the HTTP Host header to determine the ...) TODO: check CVE-2009-2059 (Opera, possibly before 9.25, uses the HTTP Host header to determine ...) BUG: 294680 CVE-2009-2060 (src/net/http/http_transaction_winhttp.cc in Google Chrome before ...) NOT-FOR-US: google chrome CVE-2009-2061 (Mozilla Firefox before 3.0.10 processes a 3xx HTTP CONNECT response ...) BUG: 273918 CVE-2009-2062 (Apple Safari before 3.2.2 processes a 3xx HTTP CONNECT response before ...) TODO: check CVE-2009-2063 (Opera, possibly before 9.25, processes a 3xx HTTP CONNECT response ...) BUG: 283391 CVE-2009-2064 (Microsoft Internet Explorer 8, and possibly other versions, detects ...) NOT-FOR-US: microsoft pocket_internet_explorer CVE-2009-2065 (Mozilla Firefox 3.0.10, and possibly other versions, detects http ...) BUG: 273918 CVE-2009-2066 (Apple Safari detects http content in https web pages only when the ...) NOT-FOR-US: apple safari CVE-2009-2067 (Opera detects http content in https web pages only when the top-level ...) BUG: 294680 CVE-2009-2068 (Google Chrome detects http content in https web pages only when the ...) NOT-FOR-US: opera CVE-2009-2069 (Microsoft Internet Explorer before 8 displays a cached certificate for ...) NOT-FOR-US: microsoft pocket_internet_explorer CVE-2009-2070 (Opera displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT ...) BUG: 294680 CVE-2009-2071 (Google Chrome before 1.0.154.53 displays a cached certificate for a ...) NOT-FOR-US: google chrome CVE-2009-2072 (Apple Safari does not require a cached certificate before displaying a ...) TODO: check CVE-2009-2073 (Cross-site request forgery (CSRF) vulnerability in Linksys WRT160N ...) NOT-FOR-US: cisco wrt160n CVE-2009-2074 (Cross-site scripting (XSS) vulnerability in Nodequeue 5.x before ...) NOT-FOR-US: Nodequeue CVE-2009-2075 (Nodequeue 5.x before 5.x-2.7 and 6.x before 6.x-2.2, a module for ...) NOT-FOR-US: Nodequeue CVE-2009-2076 (Cross-site scripting (XSS) vulnerability in Views 6.x before 6.x-2.6, ...) NOT-FOR-US: Views CVE-2009-2077 (Drupal 6.x before 6.x-2.6, a module for Drupal, allows remote ...) BUG: 277715 CVE-2009-2078 (Multiple cross-site scripting (XSS) vulnerabilities in Booktree 5.x ...) NOT-FOR-US: Booktree CVE-2009-2079 (Cross-site scripting (XSS) vulnerability in the administrative page ...) NOT-FOR-US: drupal taxonomy_manager CVE-2009-2080 (admin.php in MRCGIGUY The Ticket System 2.0 does not properly restrict ...) NOT-FOR-US: MRCGIGUY The Ticket System CVE-2009-2081 (Directory traversal vulnerability in help.php in phpWebThings 1.5.2 ...) NOT-FOR-US: phpWebThings CVE-2009-2082 (SQL injection vulnerability in insidepage.php in Creative Web ...) NOT-FOR-US: Creative Web Solutions Multi Level CMS CVE-2009-2083 (Cross-site scripting (XSS) vulnerability in the term data detail page ...) NOT-FOR-US: mattias_hutterer taxonomy_manager CVE-2009-2084 (Simple Linux Utility for Resource Management (SLURM) 1.2 and 1.3 ...) NOT-FOR-US: our slurm is a different package CVE-2009-2085 (The Security component in IBM WebSphere Application Server (WAS) 6.1 ...) NOT-FOR-US: ibm websphere_application_server CVE-2009-2086 REJECTED CVE-2009-2087 (The Web Services functionality in IBM WebSphere Application Server ...) NOT-FOR-US: ibm websphere_application_server CVE-2009-2088 (The Servlet Engine/Web Container component in IBM WebSphere ...) NOT-FOR-US: ibm websphere_application_server CVE-2009-2089 (The Migration component in IBM WebSphere Application Server (WAS) 6.1 ...) NOT-FOR-US: ibm websphere_application_server CVE-2009-2090 (Unspecified vulnerability in wsadmin in the System ...) NOT-FOR-US: ibm websphere_application_server CVE-2009-2091 (The System Management/Repository component in IBM WebSphere ...) NOT-FOR-US: ibm websphere_application_server CVE-2009-2092 (IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.5 does not ...) NOT-FOR-US: ibm websphere_application_server CVE-2009-2093 (SQL injection vulnerability in the console in IBM WebSphere Partner ...) NOT-FOR-US: ibm websphere_partner_gateway CVE-2009-2094 (Unspecified vulnerability in IBM WebSphere Commerce 6.0 Enterprise ...) NOT-FOR-US: ibm websphere_commerce CVE-2009-2095 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Mundi Mail CVE-2009-2096 (SQL injection vulnerability in house/listing_view.php in ...) NOT-FOR-US: phpCollegeExchange CVE-2009-2097 (SQL injection vulnerability in ...) NOT-FOR-US: Zoki CVE-2009-2098 (SQL injection vulnerability in topicler.php in phPortal 1.0 allows ...) NOT-FOR-US: phPortal CVE-2009-2099 (SQL injection vulnerability in the iJoomla RSS Feeder ...) NOT-FOR-US: iJoomla CVE-2009-2100 (Directory traversal vulnerability in the JoomlaPraise Projectfork ...) NOT-FOR-US: JoomlaPraise Projectfork com_projectfork component CVE-2009-2101 (Directory traversal vulnerability in archive.php in TorrentVolve 1.4, ...) NOT-FOR-US: TorrentVolve CVE-2009-2102 (SQL injection vulnerability in the Jumi (com_jumi) component 2.0.3 and ...) NOT-FOR-US: Jumi com_jumi component CVE-2009-2103 (SQL injection vulnerability in the Frontend MP3 Player (fe_mp3player) ...) NOT-FOR-US: Frontend CVE-2009-2104 (Cross-site scripting (XSS) vulnerability in the Modern Guestbook / ...) NOT-FOR-US: Modern Guestbook Commenting System ve_guestbook extension CVE-2009-2105 (SQL injection vulnerability in the References database (t3references) ...) NOT-FOR-US: References CVE-2009-2106 (SQL injection vulnerability in the Virtual Civil Services (civserv) ...) NOT-FOR-US: Virtual Civil Services civserv extension CVE-2009-2107 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) NOT-FOR-US: Webmedia Explorer webmex CVE-2009-2108 (git-daemon in git 1.4.4.5 through 1.6.3 allows remote attackers to ...) BUG: 273905 CVE-2009-2109 (Multiple directory traversal vulnerabilities in FretsWeb 1.2 allow ...) NOT-FOR-US: daan_sprenkels fretsweb CVE-2009-2110 (Multiple directory traversal vulnerabilities in DB Top Sites 1.0, when ...) NOT-FOR-US: jnmsolutions db_top_sites CVE-2009-2111 (Static code injection vulnerability in add_reg.php in DB Top Sites 1.0 ...) NOT-FOR-US: jnmsolutions db_top_sites CVE-2009-2112 (Directory traversal vulnerability in include/page_bottom.php in phpFK ...) NOT-FOR-US: frank karau phpfk CVE-2009-2113 (Multiple SQL injection vulnerabilities in FretsWeb 1.2 allow remote ...) NOT-FOR-US: daan_sprenkels fretsweb CVE-2009-2114 (Multiple cross-site scripting (XSS) vulnerabilities in admin.php in ...) NOT-FOR-US: skybluecanvas CVE-2009-2115 (admin.php in SkyBlueCanvas 1.1 r237 allows remote authenticated ...) NOT-FOR-US: skybluecanvas CVE-2009-2116 (Directory traversal vulnerability in admin.php in SkyBlueCanvas 1.1 ...) NOT-FOR-US: skybluecanvas CVE-2009-2117 (uye_paneli.php in phPortal 1.0 allows remote attackers to bypass ...) NOT-FOR-US: phportal CVE-2009-2118 (Integer overflow in IrfanView 4.23, when the resampling or screen ...) NOT-FOR-US: irfanview CVE-2009-2119 (Cross-site scripting (XSS) vulnerability in the login interface ...) NOT-FOR-US: f5 firepass_ssl_vpn CVE-2009-2120 (Multiple SQL injection vulnerabilities in TekBase All-in-One 3.1 allow ...) NOT-FOR-US: tekbase_all in one CVE-2009-2121 (Buffer overflow in the browser kernel in Google Chrome before ...) BUG: 275745 CVE-2009-2122 (SQL injection vulnerability in viewimg.php in the Paolo Palmonari ...) NOT-FOR-US: paolo_palmonari photoracer_plugin_for_wordpress CVE-2009-2123 (Multiple SQL injection vulnerabilities in Elvin 1.2.0 allow remote ...) NOT-FOR-US: elvinbts CVE-2009-2124 (Directory traversal vulnerability in page.php in Elvin 1.2.0 allows ...) NOT-FOR-US: elvinbts CVE-2009-2125 (delete_bug.php in Elvin before 1.2.1 does not require administrative ...) NOT-FOR-US: elvinbts CVE-2009-2126 (Cross-site scripting (XSS) vulnerability in close_bug.php in Elvin ...) NOT-FOR-US: elvinbts CVE-2009-2127 (Cross-site scripting (XSS) vulnerability in show_activity.php in Elvin ...) NOT-FOR-US: elvinbts CVE-2009-2128 (SQL injection vulnerability in close_bug.php in Elvin before 1.2.1 ...) NOT-FOR-US: elvinbts CVE-2009-2129 (Cross-site request forgery (CSRF) vulnerability in login.php in Elvin ...) NOT-FOR-US: elvinbts CVE-2009-2130 (Elvin 1.2.0 allows remote attackers to read the PHP source code of (1) ...) NOT-FOR-US: elvinbts CVE-2009-2131 (Cross-site scripting (XSS) vulnerability in 4images 1.7.7 and earlier ...) NOT-FOR-US: 4homepages 4images CVE-2009-2132 (Directory traversal vulnerability in global.php in 4images before ...) NOT-FOR-US: 4homepages 4images CVE-2009-2133 (Multiple cross-site scripting (XSS) vulnerabilities in Pivot 1.40.4 ...) NOT-FOR-US: pivot CVE-2009-2134 (pivot/tb.php in Pivot 1.40.4 and 1.40.7 allows remote attackers to ...) NOT-FOR-US: pivot CVE-2009-2135 (Multiple race conditions in the Solaris Event Port API in Sun Solaris ...) NOT-FOR-US: sun solaris CVE-2009-2136 (Unspecified vulnerability in the TCP/IP networking stack in Sun ...) NOT-FOR-US: sun solaris CVE-2009-2137 (Memory leak in the Ultra-SPARC T2 crypto provider device driver (aka ...) NOT-FOR-US: sun solaris CVE-2009-2138 (Multiple open redirect vulnerabilities in TBDev.NET 01-01-08 allow ...) NOT-FOR-US: tbdev net CVE-2009-2139 (Heap-based buffer overflow in svtools/source/filter.vcl/wmf/enhwmf.cxx ...) NOT-FOR-US: Old bug, fixed in our versions, see http://cgit.freedesktop.org/ooo-build/ooo-build/commit/?id=49b4e38571912a7d28c4044e5b2bd57e51c77d55 CVE-2009-2140 (Multiple heap-based buffer overflows in ...) NOT-FOR-US: Old bug, fixed in our current versions. CVE-2009-2141 (Multiple cross-site scripting (XSS) vulnerabilities in TBDev.NET ...) NOT-FOR-US: tbdev net CVE-2009-2142 (Multiple SQL injection vulnerabilities in admin/index.asp in Zip Store ...) NOT-FOR-US: zipstore zip_store_chat CVE-2009-2143 (PHP remote file inclusion vulnerability in firestats-wordpress.php in ...) NOT-FOR-US: firestats CVE-2009-2144 (SQL injection vulnerability in the FireStats plugin before ...) NOT-FOR-US: firestats CVE-2009-2145 (Multiple cross-site scripting (XSS) vulnerabilities in transLucid 1.75 ...) NOT-FOR-US: pantha translucid CVE-2009-2146 (Unrestricted file upload vulnerability in the Compose Email feature in ...) NOT-FOR-US: sugarcrm CVE-2009-2147 (SQL injection vulnerability in fdown.php in phpWebThings 1.5.2 and ...) NOT-FOR-US: phpwebthings CVE-2009-2148 (SQL injection vulnerability in news/index.php in Campus Virtual-LMS ...) NOT-FOR-US: campusvirtualcomputrade campus_virtual lms CVE-2009-2149 (Multiple cross-site scripting (XSS) vulnerabilities in Campus ...) NOT-FOR-US: campusvirtualcomputrade campus_virtual lms CVE-2009-2150 (Multiple cross-site request forgery (CSRF) vulnerabilities in Campus ...) NOT-FOR-US: campusvirtualcomputrade campus_virtual lms CVE-2009-2151 (Directory traversal vulnerability in index.php in AdaptWeb 0.9.2 ...) NOT-FOR-US: adaptweb CVE-2009-2152 (SQL injection vulnerability in a_index.php in AdaptWeb 0.9.2 allows ...) NOT-FOR-US: isabela_gasparini adaptweb CVE-2009-2153 (Cross-site scripting (XSS) vulnerability in index.php in Impleo Music ...) NOT-FOR-US: sappy dk impleo_music_collection CVE-2009-2154 (SQL injection vulnerability in admin/login.php in Impleo Music ...) NOT-FOR-US: sappy dk impleo_music_collection CVE-2009-2155 (Cross-site scripting (XSS) vulnerability in report/ReportViewAction.do ...) NOT-FOR-US: zohocorp webnms CVE-2009-2156 (Multiple cross-site scripting (XSS) vulnerabilities in TorrentTrader ...) NOT-FOR-US: torrenttrader_classic CVE-2009-2157 (Multiple SQL injection vulnerabilities in TorrentTrader Classic 1.09 ...) NOT-FOR-US: torrenttrader_classic CVE-2009-2158 (account-recover.php in TorrentTrader Classic 1.09 chooses random ...) NOT-FOR-US: torrenttrader_classic CVE-2009-2159 (backup-database.php in TorrentTrader Classic 1.09 does not require ...) NOT-FOR-US: torrenttrader_classic CVE-2009-2160 (TorrentTrader Classic 1.09 allows remote attackers to (1) obtain ...) NOT-FOR-US: torrenttrader_classic CVE-2009-2161 (Directory traversal vulnerability in backend/admin-functions.php in ...) NOT-FOR-US: torrenttrader_classic CVE-2009-2162 (Cross-site scripting (XSS) vulnerability in the XOOPS MANIAC ...) NOT-FOR-US: xoops pukiwikimod CVE-2009-2163 (Cross-site scripting (XSS) vulnerability in login/default.aspx in ...) NOT-FOR-US: sitecore cms CVE-2009-2164 (Multiple SQL injection vulnerabilities in Kjtechforce mailman beta1, ...) NOT-FOR-US: kjtechforce mailman CVE-2009-2165 (SerendipityNZ (aka SimpleBoxes) Serene Bach 2.20R and earlier, and ...) NOT-FOR-US: serendipitynz serene_bach_sb CVE-2009-2166 (Absolute path traversal vulnerability in cvs.php in OCS Inventory NG ...) NOT-FOR-US: ocsinventory ng ocs_inventory_ng CVE-2009-2167 (Multiple SQL injection vulnerabilities in cpanel/login.php in EgyPlus ...) NOT-FOR-US: egyplus 7ammel CVE-2009-2168 (cpanel/login.php in EgyPlus 7ammel (aka 7ml) 1.0.1 and earlier sends a ...) NOT-FOR-US: egyplus 7ammel CVE-2009-2169 (Insecure method vulnerability in the PDFVIEWER.PDFViewerCtrl.1 ActiveX ...) NOT-FOR-US: edraw pdf_viewer_component CVE-2009-2170 (Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.0 ...) NOT-FOR-US: mahara CVE-2009-2171 (Mahara 1.1 before 1.1.5 does not apply permission checks when saving a ...) NOT-FOR-US: Mahara CVE-2009-2172 (Cross-site scripting (XSS) vulnerability in forum/radioandtv.php in ...) NOT-FOR-US: Radio CVE-2009-2173 (The LAN game feature in Carom3D 5.06 allows remote authenticated users ...) NOT-FOR-US: Carom3D CVE-2009-2174 (GUPnP 0.12.7 allows remote attackers to cause a denial of service ...) BUG: 274453 CVE-2009-2175 (Stack-based buffer overflow in the flattenIncrementally function in ...) NOT-FOR-US: Not in tree, put note in request bug CVE-2009-2176 (Multiple directory traversal vulnerabilities in fuzzylime (cms) 3.03a ...) NOT-FOR-US: fuzzylime cms CVE-2009-2177 (code/display.php in fuzzylime (cms) 3.03a and earlier, when ...) NOT-FOR-US: fuzzylime cms CVE-2009-2178 (Cross-site scripting (XSS) vulnerability in website.php in ...) NOT-FOR-US: phpDatingClub CVE-2009-2179 (SQL injection vulnerability in search.php in phpDatingClub 3.7 allows ...) NOT-FOR-US: phpDatingClub CVE-2009-2180 (Multiple directory traversal vulnerabilities in upfiles/index.php in ...) NOT-FOR-US: Pc4 CVE-2009-2181 (Cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: Campsite CVE-2009-2182 (Multiple PHP remote file inclusion vulnerabilities in Campsite 3.3.0 ...) NOT-FOR-US: Campsite CVE-2009-2183 (Directory traversal vulnerability in admin-files/ad.php in Campsite ...) NOT-FOR-US: Campsite CVE-2009-2184 (Absolute path traversal vulnerability in forcedownload.php in Gravy ...) NOT-FOR-US: Gravy Media Photo Host CVE-2009-2185 (The ASN.1 parser (pluto/asn1.c, libstrongswan/asn1/asn1.c, ...) BUG: 275096 BUG: 275233 CVE-2009-2186 (Unspecified vulnerability in Adobe Shockwave Player before 11.0.0.465 ...) NOT-FOR-US: Adobe Shockwave Player CVE-2009-2187 (Multiple memory leaks in the (1) IP and (2) IPv6 multicast ...) NOT-FOR-US: kernel in Sun Solaris CVE-2009-2188 (Buffer overflow in ImageIO in Apple Mac OS X 10.5 before 10.5.8, and ...) NOT-FOR-US: apple mac_os_x_server CVE-2009-2189 RESERVED CVE-2009-2190 (launchd in Apple Mac OS X 10.5 before 10.5.8 allows remote attackers ...) NOT-FOR-US: apple mac_os_x_server CVE-2009-2191 (Format string vulnerability in Login Window in Apple Mac OS X 10.4.11 ...) NOT-FOR-US: apple mac_os_x_server CVE-2009-2192 (MobileMe in Apple Mac OS X 10.5 before 10.5.8 does not properly delete ...) NOT-FOR-US: apple mac_os_x_server CVE-2009-2193 (Buffer overflow in the kernel in Apple Mac OS X 10.5 before 10.5.8 ...) NOT-FOR-US: apple mac_os_x_server CVE-2009-2194 (Apple Mac OS X 10.5 before 10.5.8 does not properly share file ...) NOT-FOR-US: apple mac_os_x_server CVE-2009-2195 (Buffer overflow in WebKit in Apple Safari before 4.0.3 allows remote ...) BUG: 284569 CVE-2009-2196 (Unspecified vulnerability in Apple Safari 4 before 4.0.3 allows remote ...) NOT-FOR-US: microsoft windows_xp CVE-2009-2197 RESERVED CVE-2009-2198 (Apple GarageBand before 5.1 reconfigures Safari to accept all cookies ...) NOT-FOR-US: Apple CVE-2009-2199 (Incomplete blacklist vulnerability in WebKit in Apple Safari before ...) TODO: check CVE-2009-2200 (WebKit in Apple Safari before 4.0.3 does not properly restrict the URL ...) TODO: check CVE-2009-2201 (The screensharing feature in the Admin application in Apple Xsan ...) NOT-FOR-US: Admin application in Apple Xsan CVE-2009-2202 (Apple QuickTime before 7.6.4 allows remote attackers to execute ...) NOT-FOR-US: Apple CVE-2009-2203 (Buffer overflow in Apple QuickTime before 7.6.4 allows remote ...) NOT-FOR-US: Apple QuickTime CVE-2009-2204 (Unspecified vulnerability in the CoreTelephony component in Apple ...) NOT-FOR-US: CoreTelephony component in Apple iPhone OS CVE-2009-2205 (Stack-based buffer overflow in the Java Web Start command launcher in ...) NOT-FOR-US: OSX only CVE-2009-2206 (Multiple heap-based buffer overflows in the AudioCodecs library in the ...) NOT-FOR-US: CoreAudio component in Apple iPhone OS CVE-2009-2207 (The MobileMail component in Apple iPhone OS 3.0 and 3.0.1, and iPhone ...) NOT-FOR-US: Apple iPhone OS CVE-2009-2208 (FreeBSD 6.3, 6.4, 7.1, and 7.2 does not enforce permissions on the ...) BUG: 277721 CVE-2009-2209 (SQL injection vulnerability in rscms_mod_newsview.php in RS-CMS 2.1 ...) NOT-FOR-US: RS CMS CVE-2009-2210 (Mozilla Thunderbird before 2.0.0.22 and SeaMonkey before 1.1.17 allow ...) BUG: 273918 CVE-2009-2211 (Cross-site scripting (XSS) vulnerability in the CQWeb server in IBM ...) NOT-FOR-US: ibm rational_clearquest CVE-2009-2212 (The CQWeb server in IBM Rational ClearQuest 7.0.0 before 7.0.0.6 and ...) NOT-FOR-US: ibm rational_clearquest CVE-2009-2213 (The default configuration of the Security global settings on the ...) NOT-FOR-US: citrix netscaler_access_gateway_firmware CVE-2009-2214 (The Secure Gateway service in Citrix Secure Gateway 3.1 and earlier ...) NOT-FOR-US: citrix secure_gateway CVE-2009-2215 (Multiple cross-site scripting (XSS) vulnerabilities in URD before ...) NOT-FOR-US: urdland urd CVE-2009-2216 (Cross-site scripting (XSS) vulnerability in CMD_REDIRECT in ...) NOT-FOR-US: jbmc software directadmin CVE-2009-2217 (Cross-site scripting (XSS) vulnerability in NBBC before 1.4.2 allows ...) NOT-FOR-US: phantom inker nbbc CVE-2009-2218 (Multiple PHP remote file inclusion vulnerabilities in ...) NOT-FOR-US: david_degner phpcollegeexchange CVE-2009-2219 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: david_degner phpcollegeexchange CVE-2009-2220 (Multiple directory traversal vulnerabilities in Tribiq CMS 5.0.12c, ...) NOT-FOR-US: tribiq_cms CVE-2009-2221 (Cross-site scripting (XSS) vulnerability in PHP-I-BOARD 1.2 and ...) NOT-FOR-US: php s3 to php i board CVE-2009-2222 (Directory traversal vulnerability in PHP-I-BOARD 1.2 and earlier ...) NOT-FOR-US: php s3 to php i board CVE-2009-2223 (Directory traversal vulnerability in locms/smarty.php in LightOpenCMS ...) NOT-FOR-US: LightOpenCMS CVE-2009-2224 (Directory traversal vulnerability in ang/shared/flags.php in AN ...) NOT-FOR-US: AN Guestbook CVE-2009-2225 (Stack-based buffer overflow in SureThing CD/DVD Labeler 5.1.616 trial ...) NOT-FOR-US: SureThing CD DVD Labeler CVE-2009-2226 (Cross-site scripting (XSS) vulnerability in Let's PHP! Tree BBS ...) NOT-FOR-US: Let s PHP Tree BBS CVE-2009-2227 (Stack-based buffer overflow in B Labs Bopup Communication Server ...) NOT-FOR-US: Bopup Communication Server CVE-2009-2228 (Cross-site scripting (XSS) vulnerability in engine.php in Kasseler CMS ...) NOT-FOR-US: Kasseler CVE-2009-2229 (Directory traversal vulnerability in engine.php in Kasseler CMS 1.3.5 ...) NOT-FOR-US: Kasseler CMS CVE-2009-2230 (SQL injection vulnerability in inc/datahandlers/user.php in MyBB (aka ...) NOT-FOR-US: MyBB aka MyBulletinBoard CVE-2009-2231 (MIDAS 1.43 allows remote attackers to bypass authentication and obtain ...) NOT-FOR-US: mid as midas CVE-2009-2232 (SQL injection vulnerability in image.php in Softbiz Banner Ad ...) NOT-FOR-US: Softbiz CVE-2009-2233 (The admin interface in AWScripts.com Gallery Search Engine 1.5 allows ...) NOT-FOR-US: AWScripts com Gallery Search Engine CVE-2009-2234 (Multiple SQL injection vulnerabilities in admin.php in VICIDIAL Call ...) NOT-FOR-US: VICIDIAL Call Center Suite CVE-2009-2235 (SQL injection vulnerability in page.php in Your Articles Directory ...) NOT-FOR-US: Your CVE-2009-2236 (SQL injection vulnerability in yad-admin/login.php in Your Article ...) NOT-FOR-US: Your CVE-2009-2237 (Unspecified vulnerability in Views Bulk Operations 5.x-1.x before ...) NOT-FOR-US: Views Bulk Operations CVE-2009-2238 (Unrestricted file upload vulnerability in ...) NOT-FOR-US: DMXReady Registration Manager CVE-2009-2239 (SQL injection vulnerability in the (1) casinobase (com_casinobase), ...) NOT-FOR-US: 1 CVE-2009-2240 (Cross-site scripting (XSS) vulnerability in AD2000 free-sw leger (aka ...) NOT-FOR-US: AD2000 CVE-2009-2241 (Cross-site scripting (XSS) vulnerability in search.asp in ASP Inline ...) NOT-FOR-US: ASP CVE-2009-2242 (SQL injection vulnerability in active_appointments.asp in ASP Inline ...) NOT-FOR-US: ASP CVE-2009-2243 (SQL injection vulnerability in active_appointments.asp in ASP Inline ...) NOT-FOR-US: ASP CVE-2009-2244 RESERVED CVE-2009-2245 RESERVED CVE-2009-2246 RESERVED CVE-2009-2247 RESERVED CVE-2009-2248 RESERVED CVE-2009-2249 RESERVED CVE-2009-2250 RESERVED CVE-2009-2251 RESERVED CVE-2009-2252 RESERVED CVE-2009-2253 RESERVED CVE-2009-2254 (Zen Cart 1.3.8a, 1.3.8, and earlier does not require administrative ...) NOT-FOR-US: zen cart zen_cart CVE-2009-2255 (Zen Cart 1.3.8a, 1.3.8, and earlier does not require administrative ...) NOT-FOR-US: zen cart zen_cart CVE-2009-2256 (The administrative web interface on the Netgear DG632 with firmware ...) NOT-FOR-US: netgear dg632 CVE-2009-2257 (The administrative web interface on the Netgear DG632 with firmware ...) NOT-FOR-US: netgear dg632 CVE-2009-2258 (Directory traversal vulnerability in cgi-bin/webcm in the ...) NOT-FOR-US: netgear dg632_firmware CVE-2009-2259 (Multiple SQL injection vulnerabilities in PHP Address Book 4.0.x allow ...) NOT-FOR-US: php address_book CVE-2009-2260 (stardict 3.0.1, when Enable Net Dict is configured, sends the contents ...) NOT-FOR-US: stardict CVE-2009-2261 (PeaZIP 2.6.1, 2.5.1, and earlier on Windows allows user-assisted ...) NOT-FOR-US: giorgio_tani peazip CVE-2009-2262 (PHP remote file inclusion vulnerability in install/di.php in ...) NOT-FOR-US: myiosoft ajaxportal CVE-2009-2263 (Directory traversal vulnerability in index.php in Awesome PHP Mega ...) NOT-FOR-US: awesomephp mega_file_manager CVE-2009-2264 RESERVED CVE-2009-2265 (Multiple directory traversal vulnerabilities in FCKeditor before ...) NOT-FOR-US: fckeditor CVE-2009-2266 (OXID eShop 4.x before 4.1.4-21266, 3.x, and 2.x allows remote ...) NOT-FOR-US: OXID CVE-2009-2267 (VMware Workstation 6.5.x before 6.5.3 build 185404, VMware Player ...) BUG: 297367 CVE-2009-2268 (Cross-site scripting (XSS) vulnerability in the Cross-Domain ...) NOT-FOR-US: sun java_system_access_manager CVE-2009-2269 (SQL injection vulnerability in Empire CMS 5.1 allows remote attackers ...) NOT-FOR-US: phome_empire_cms CVE-2009-2270 (Unrestricted file upload vulnerability in member/uploads_edit.php in ...) NOT-FOR-US: dedecms CVE-2009-2271 (The Huawei D100 has (1) a certain default administrator password for ...) NOT-FOR-US: huawei d100 CVE-2009-2272 (The Huawei D100 stores the administrator's account name and password ...) NOT-FOR-US: huaweidevice d100 CVE-2009-2273 (The default configuration of the Wi-Fi component on the Huawei D100 ...) NOT-FOR-US: huaweidevice d100 CVE-2009-2274 (The Huawei D100 allows remote attackers to obtain sensitive ...) NOT-FOR-US: huawei d100 CVE-2009-2275 (Directory traversal vulnerability in frontend/x3/stats/lastvisit.html ...) NOT-FOR-US: cpanel CVE-2009-2276 (SQL injection vulnerability in voteforus.php in the Vote For Us ...) NOT-FOR-US: biglle vote_for_us_extension CVE-2009-2277 (Cross-site scripting (XSS) vulnerability in WebAccess in VMware ...) NOT-FOR-US: vmware virtualcenter CVE-2009-2278 RESERVED CVE-2009-2279 RESERVED CVE-2009-2280 RESERVED CVE-2009-2281 (Multiple heap-based buffer underflows in the readPostBody function in ...) BUG: 264563 CVE-2009-2282 (The Virtual Network Terminal Server daemon (vntsd) for Logical Domains ...) NOT-FOR-US: sun solaris CVE-2009-2283 (Multiple cross-site scripting (XSS) vulnerabilities in the help jsp ...) NOT-FOR-US: sun solaris CVE-2009-2284 (Cross-site scripting (XSS) vulnerability in phpMyAdmin before 3.2.0.1 ...) BUG: 276218 CVE-2009-2285 (Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 ...) BUG: 276339 CVE-2009-2286 (Buffer overflow in compface 1.5.2 and earlier allows user-assisted ...) NOT-FOR-US: Debian fork vulnerable only CVE-2009-2287 (The kvm_arch_vcpu_ioctl_set_sregs function in the KVM in Linux kernel ...) BUG: 277375 CVE-2009-2288 (statuswml.cgi in Nagios before 3.1.1 allows remote attackers to ...) BUG: 275288 CVE-2009-2289 (Cross-site scripting (XSS) vulnerability in index.php in Arcade Trade ...) NOT-FOR-US: arcadetradescript arcade_trade_script CVE-2009-2290 (SQL injection vulnerability in the Boy Scout Advancement (com_bsadv) ...) NOT-FOR-US: kim_eckert com_bsadv CVE-2009-2291 (Unspecified vulnerability in LoginToboggan 6.x-1.x before 6.x-1.5, a ...) NOT-FOR-US: chad_phillips logintoboggan CVE-2009-2292 (Cross-site scripting (XSS) vulnerability in Appleple a-News 2.32 ...) NOT-FOR-US: appleple a news CVE-2009-2293 (Optimum Web Design Tutorial Share 3.5.0 and earlier allows remote ...) NOT-FOR-US: tutorial share tutorial_share CVE-2009-2294 (Integer overflow in the Png_datainfo_callback function in Dillo 2.1 ...) BUG: 276432 CVE-2009-2295 (Multiple integer overflows in CamlImages 2.2 and earlier might allow ...) BUG: 276235 CVE-2009-2296 (The NFSv4 server kernel module in Sun Solaris 10, and OpenSolaris ...) NOT-FOR-US: Sun Solaris CVE-2009-2297 (Unspecified vulnerability in the udp subsystem in the kernel in Sun ...) NOT-FOR-US: udp subsystem in the kernel in Sun Solaris CVE-2009-2298 (Stack-based buffer overflow in rping in HP OpenView Network Node ...) NOT-FOR-US: rping in HP OpenView Network Node Manager OV NNM CVE-2009-2299 (The Artofdefence Hyperguard Web Application Firewall (WAF) module ...) NOT-FOR-US: Artofdefence CVE-2009-2300 (The management interface in the phion airlock Web Application Firewall ...) NOT-FOR-US: phion airlock Web Application Firewall WAF CVE-2009-2301 (The radware AppWall Web Application Firewall (WAF) 1.0.2.6, with ...) NOT-FOR-US: radware CVE-2009-2302 (Cross-site scripting (XSS) vulnerability in index.php in Aardvark ...) NOT-FOR-US: Aardvark Topsites PHP CVE-2009-2303 (index.php in Aardvark Topsites PHP 5.2.1 and earlier allows remote ...) NOT-FOR-US: Aardvark Topsites PHP CVE-2009-2304 (index.php in Aardvark Topsites PHP 5.2.0 and earlier allows remote ...) NOT-FOR-US: Aardvark Topsites PHP CVE-2009-2305 (The ARD-9808 DVR card security camera allows remote attackers to cause ...) NOT-FOR-US: ARD 9808 CVE-2009-2306 (The ARD-9808 DVR card security camera stores sensitive information ...) NOT-FOR-US: ARD 9808 CVE-2009-2307 (SQL injection vulnerability in the CWGuestBook module 2.1 and earlier ...) NOT-FOR-US: CWGuestBook module CVE-2009-2308 (Multiple SQL injection vulnerabilities in affiliates.php in the ...) NOT-FOR-US: Affiliation aka Affiliates module CVE-2009-2309 (SQL injection vulnerability in index.php in Codice CMS 2 allows remote ...) NOT-FOR-US: Codice CMS CVE-2009-2310 (SQL injection vulnerability in include/get_read.php in ...) NOT-FOR-US: Extensible BioLawCom CMS X BLC CVE-2009-2311 (SQL injection vulnerability in the rGallery plugin 1.2.3 for WoltLab ...) NOT-FOR-US: rGallery plugin CVE-2009-2312 (SmartFilter Web Gateway Security 4.2.1.00 stores user credentials in ...) NOT-FOR-US: cleartext CVE-2009-2313 (Directory traversal vulnerability in index.php in Jinzora Media ...) NOT-FOR-US: Jinzora Media Jukebox CVE-2009-2314 (Race condition in the Sun Lightweight Availability Collection Tool 3.0 ...) NOT-FOR-US: Sun Lightweight Availability Collection Tool CVE-2009-2315 REJECTED NOT-FOR-US: Apple CVE-2009-2316 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Tivoli ...) NOT-FOR-US: IBM Tivoli Identity Manager ITIM CVE-2009-2317 (The Axesstel MV 410R has a certain default administrator password, and ...) NOT-FOR-US: Axesstel CVE-2009-2318 (The Axesstel MV 410R allows remote attackers to cause a denial of ...) NOT-FOR-US: Axesstel CVE-2009-2319 (The default configuration of the Wi-Fi component on the Axesstel MV ...) NOT-FOR-US: default CVE-2009-2320 (The web interface on the Axesstel MV 410R relies on client-side ...) NOT-FOR-US: web CVE-2009-2321 (cgi-bin/sysconf.cgi on the Axesstel MV 410R allows remote attackers to ...) NOT-FOR-US: cgi bin sysconf cgi CVE-2009-2322 (Cross-site scripting (XSS) vulnerability in cgi-bin/sysconf.cgi on the ...) NOT-FOR-US: cgi bin sysconf cgi on the Axesstel MV CVE-2009-2323 (The web interface on the Axesstel MV 410R redirects users back to the ...) NOT-FOR-US: web CVE-2009-2324 (Multiple cross-site scripting (XSS) vulnerabilities in FCKeditor ...) NOT-FOR-US: fckeditor CVE-2009-2325 (Directory traversal vulnerability in index.php in Clicknet CMS 2.1 ...) NOT-FOR-US: Clicknet CMS CVE-2009-2326 (Multiple SQL injection vulnerabilities in KerviNet Forum 1.1 and ...) NOT-FOR-US: KerviNet Forum CVE-2009-2327 (Cross-site scripting (XSS) vulnerability in add_voting.php in KerviNet ...) NOT-FOR-US: KerviNet Forum CVE-2009-2328 (admin/edit_user.php in KerviNet Forum 1.1 and earlier does not require ...) NOT-FOR-US: KerviNet Forum CVE-2009-2329 (KerviNet Forum 1.1 and earlier allows remote attackers to obtain ...) NOT-FOR-US: include_files CVE-2009-2330 (Cross-site scripting (XSS) vulnerability in admin/admin_menu.php in ...) NOT-FOR-US: CMS Chainuk CVE-2009-2331 (Multiple static code injection vulnerabilities in CMS Chainuk 1.2 and ...) NOT-FOR-US: CMS Chainuk CVE-2009-2332 (CMS Chainuk 1.2 and earlier allows remote attackers to obtain ...) NOT-FOR-US: id CVE-2009-2333 (Multiple directory traversal vulnerabilities in CMS Chainuk 1.2 and ...) NOT-FOR-US: CMS Chainuk CVE-2009-2334 (wp-admin/admin.php in WordPress and WordPress MU before 2.8.1 does not ...) BUG: 277317 CVE-2009-2335 (WordPress and WordPress MU before 2.8.1 exhibit different behavior for ...) BUG: 277317 CVE-2009-2336 (The forgotten mail interface in WordPress and WordPress MU before ...) BUG: 277317 CVE-2009-2337 (SQL injection vulnerability in includes/module/book/index.inc.php in ...) NOT-FOR-US: w3bcms gaestebuch_guestbook_module CVE-2009-2338 (Directory traversal vulnerability in includes/startmodules.inc.php in ...) NOT-FOR-US: freewebshop CVE-2009-2339 (SQL injection vulnerability in index.php in Rentventory allows remote ...) NOT-FOR-US: rentventory CVE-2009-2340 (SQL injection vulnerability in admin/index.php in Opial 1.0 allows ...) NOT-FOR-US: opial CVE-2009-2341 (SQL injection vulnerability in albumdetail.php in Opial 1.0 allows ...) NOT-FOR-US: shalwan opial CVE-2009-2342 (Cross-site scripting (XSS) vulnerability in admin.php (aka the login ...) NOT-FOR-US: hans_oesterholt cmme CVE-2009-2343 (Cross-site scripting (XSS) vulnerability in people.php in Zoph before ...) NOT-FOR-US: zoph CVE-2009-2344 (The web-based management interfaces in Sourcefire Defense Center (DC) ...) NOT-FOR-US: sourcefire defense_center CVE-2009-2345 (Multiple SQL injection vulnerabilities in ClanSphere before 2009.0.1 ...) NOT-FOR-US: clansphere CVE-2009-2346 (The IAX2 protocol implementation in Asterisk Open Source 1.2.x before ...) BUG: 283624 CVE-2009-2347 (Multiple integer overflows in inter-color spaces conversion tools in ...) BUG: 276988 CVE-2009-2348 (Android 1.5 CRBxx allows local users to bypass the (1) ...) NOT-FOR-US: android CVE-2009-2349 RESERVED CVE-2009-2350 (Microsoft Internet Explorer 6.0.2900.2180 and earlier does not block ...) NOT-FOR-US: microsoft internet_explorer CVE-2009-2351 (Opera 9.52 and earlier does not block javascript: URIs in Refresh ...) BUG: 277716 CVE-2009-2352 (Google Chrome 1.0.154.48 and earlier does not block javascript: URIs ...) BUG: 277378 CVE-2009-2353 (encoder.php in eAccelerator allows remote attackers to execute ...) BUG: 277293 CVE-2009-2354 (SQL injection vulnerability in the auth_checkpass function in the ...) NOT-FOR-US: nulllogic groupware CVE-2009-2355 (The forum module in NullLogic Groupware 1.2.7 allows remote ...) NOT-FOR-US: NullLogic Groupware CVE-2009-2356 (Multiple stack-based buffer overflows in the pgsqlQuery function in ...) NOT-FOR-US: dan_cahill nulllogic_groupware CVE-2009-2357 (The default configuration of TekRADIUS 3.0 uses the sa account to ...) NOT-FOR-US: yasinkaplan tekradius CVE-2009-2358 (TekRADIUS 3.0 uses BUILTIN\Users:R permissions for the TekRADIUS.ini ...) NOT-FOR-US: yasinkaplan tekradius CVE-2009-2359 (Multiple SQL injection vulnerabilities in TekRADIUS 3.0 allow ...) NOT-FOR-US: yasinkaplan tekradius CVE-2009-2360 (Cross-site scripting (XSS) vulnerability in passwd/main.php in the ...) BUG: 277294 CVE-2009-2361 (SQL injection vulnerability in include/class.staff.php in osTicket ...) NOT-FOR-US: osticket CVE-2009-2362 (Stack-based buffer overflow in KUDRSOFT AudioPLUS 2.0.0.215 allows ...) NOT-FOR-US: yukudr audioplus CVE-2009-2363 (Stack-based buffer overflow in KUDRSOFT AudioPLUS 2.00.215 allows ...) NOT-FOR-US: yukudr audioplus CVE-2009-2364 (Stack-based buffer overflow in Mp3-Nator 2.0 allows remote attackers ...) NOT-FOR-US: mp3 nator CVE-2009-2365 (SQL injection vulnerability in login.asp in DataCheck Solutions ...) NOT-FOR-US: datachecknh gallerypal_fe CVE-2009-2366 (SQL injection vulnerability in login.asp in DataCheck Solutions ...) NOT-FOR-US: datachecknh forumpal_fe CVE-2009-2367 (cgi-bin/makecgi-pro in Iomega StorCenter Pro generates predictable ...) NOT-FOR-US: iomega storcenter_pro CVE-2009-2368 (Unspecified vulnerability in Socks Server 5 before 3.7.8-8 has unknown ...) NOT-FOR-US: matteo_ricchetti ss5 CVE-2009-2369 (Integer overflow in the wxImage::Create function in ...) BUG: 277722 CVE-2009-2370 (Cross-site scripting (XSS) vulnerability in Advanced Forum 5.x before ...) NOT-FOR-US: michelle_cox advanced_forum CVE-2009-2371 (Advanced Forum 6.x before 6.x-1.1, a module for Drupal, does not ...) NOT-FOR-US: michelle_cox advanced_forum CVE-2009-2372 (Drupal 6.x before 6.13 does not prevent users from modifying user ...) BUG: 276214 CVE-2009-2373 (Cross-site scripting (XSS) vulnerability in the Forum module in Drupal ...) BUG: 276214 CVE-2009-2374 (Drupal 5.x before 5.19 and 6.x before 6.13 does not properly sanitize ...) BUG: 276214 CVE-2009-2375 (Stack-based buffer overflow in Photo DVD Maker 8.02, and possibly ...) NOT-FOR-US: photo dvd maker photo_dvd_maker CVE-2009-2376 (Cross-site scripting (XSS) vulnerability in the Html::textarea ...) NOT-FOR-US: tangocms CVE-2009-2377 (Buffer overflow in the Avax Vector ActiveX control in avPreview.ocx in ...) NOT-FOR-US: avax software avax_vector_activex CVE-2009-2378 (PHP remote file inclusion vulnerability in formmailer.admin.inc.php in ...) NOT-FOR-US: jtr jax_formmailer CVE-2009-2379 (Directory traversal vulnerability in public/index.php in BIGACE Web ...) NOT-FOR-US: bigace_cms CVE-2009-2380 (Cross-site scripting (XSS) vulnerability in includes/functions.php in ...) NOT-FOR-US: 4homepages 4images CVE-2009-2381 (Gizmo 3.1.0.79 on Linux does not verify a server's SSL certificate, ...) NOT-FOR-US: Sunrise-only, notified in bug 103587 CVE-2009-2382 (admin.php in phpMyBlockchecker 1.0.0055 allows remote attackers to ...) NOT-FOR-US: jay jayx0r phpmyblockchecker CVE-2009-2383 (SQL injection vulnerability in BTE_RW_webajax.php in the Related Sites ...) NOT-FOR-US: blogtrafficexchange related sites CVE-2009-2384 (Buffer overflow in amp.exe in Brothersoft PEamp 1.02b allows ...) NOT-FOR-US: mathi peamp CVE-2009-2385 (SQL injection vulnerability in the awardsMembers function in ...) NOT-FOR-US: fustrate member_awards CVE-2009-2386 (Insecure method vulnerability in Awingsoft Awakening Winds3D Viewer ...) NOT-FOR-US: Awingsoft CVE-2009-2387 (Unspecified vulnerability in the proc filesystem in Sun OpenSolaris ...) NOT-FOR-US: sun opensolaris CVE-2009-2388 (SQL injection vulnerability in admin/index.php in Opial 1.0 allows ...) NOT-FOR-US: shalwan opial CVE-2009-2389 (Multiple SQL injection vulnerabilities in newsscript.php in USOLVED ...) NOT-FOR-US: usolved newsolved CVE-2009-2390 (SQL injection vulnerability in the BookFlip (com_bookflip) component ...) NOT-FOR-US: f cimag in com_bookflip CVE-2009-2391 (Cross-site scripting (XSS) vulnerability in text.php in Virtuenetz ...) NOT-FOR-US: virtuenetz virtue_online_test_generator CVE-2009-2392 (SQL injection vulnerability in text.php in Virtuenetz Virtue Online ...) NOT-FOR-US: virtuenetz virtue_online_test_generator CVE-2009-2393 (admin/index.php in Virtuenetz Virtue Online Test Generator does not ...) NOT-FOR-US: virtuenetz virtue_online_test_generator CVE-2009-2394 (SQL injection vulnerability in cat.php in SMSPages 1.0 in Mr.Saphp ...) NOT-FOR-US: smspages CVE-2009-2395 (SQL injection vulnerability in the K2 (com_k2) component 1.0.1 Beta ...) NOT-FOR-US: joomlaworks com_k2 CVE-2009-2396 (PHP remote file inclusion vulnerability in template/album.php in DM ...) NOT-FOR-US: dutchmonkey dm_album CVE-2009-2397 (Directory traversal vulnerability in download.php in Audio Article ...) NOT-FOR-US: audioarticledirectory audio_article_directory CVE-2009-2398 (Directory traversal vulnerability in test/index.php in PHP-Sugar 0.80 ...) NOT-FOR-US: php sugar CVE-2009-2399 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: dutchmonkey dm_filemanager CVE-2009-2400 (SQL injection vulnerability in the PHP (com_php) component for Joomla! ...) NOT-FOR-US: com_php CVE-2009-2401 (Cross-site scripting (XSS) vulnerability in PHPEcho CMS 2.0-rc3 allows ...) NOT-FOR-US: phpecho_cms CVE-2009-2402 (SQL injection vulnerability in index.php in the forum module in ...) NOT-FOR-US: phpecho_cms CVE-2009-2403 (Heap-based buffer overflow in SCMPX 1.5.1 allows remote attackers to ...) NOT-FOR-US: shinji chiba scmpx CVE-2009-2404 (Heap-based buffer overflow in a regular-expression parser in Mozilla ...) BUG: 280226 CVE-2009-2405 (Multiple cross-site scripting (XSS) vulnerabilities in the Web Console ...) NOT-FOR-US: redhat jboss_enterprise_application_platform CVE-2009-2406 (Stack-based buffer overflow in the parse_tag_11_packet function in ...) BUG: 279897 CVE-2009-2407 (Heap-based buffer overflow in the parse_tag_3_packet function in ...) BUG: 279898 CVE-2009-2408 (Mozilla Network Security Services (NSS) before 3.12.3, Firefox before ...) BUG: 280226 CVE-2009-2409 (The Network Security Services (NSS) library before 3.12.3, as used in ...) BUG: 280227 CVE-2009-2410 (The local_handler_callback function in ...) NOT-FOR-US: fedorahosted sssd CVE-2009-2411 (Multiple integer overflows in the libsvn_delta library in Subversion ...) BUG: 280494 CVE-2009-2412 (Multiple integer overflows in the Apache Portable Runtime (APR) ...) BUG: 280514 CVE-2009-2413 RESERVED CVE-2009-2414 (Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26, ...) BUG: 280617 CVE-2009-2415 (Multiple integer overflows in memcached 1.1.12 and 1.2.2 allow remote ...) BUG: 279386 CVE-2009-2416 (Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, ...) BUG: 280617 CVE-2009-2417 (lib/ssluse.c in cURL and libcurl 7.4 through 7.19.5, when OpenSSL is ...) BUG: 281515 CVE-2009-2418 RESERVED CVE-2009-2419 (Use-after-free vulnerability in the servePendingRequests function in ...) TODO: check CVE-2009-2420 (Apple Safari 3.2.3 does not properly implement the file: protocol ...) NOT-FOR-US: apple safari CVE-2009-2421 (The CFCharacterSetInitInlineBuffer method in CoreFoundation.dll in ...) NOT-FOR-US: Windows CVE-2009-2422 (The example code for the digest authentication functionality ...) BUG: 276279 CVE-2009-2423 (SQL injection vulnerability in category.php in Ebay Clone 2009 allows ...) NOT-FOR-US: Ebay Clone CVE-2009-2424 (Cross-site scripting (XSS) vulnerability in search.php in Ebay Clone ...) NOT-FOR-US: Ebay Clone CVE-2009-2425 (Tor before 0.2.0.35 allows remote attackers to cause a denial of ...) BUG: 275628 CVE-2009-2426 (The connection_edge_process_relay_cell_not_open function in ...) BUG: 275628 CVE-2009-2427 (SQL injection vulnerability in co-profile.php in Jobbr 2.2.7 allows ...) NOT-FOR-US: jobbr CVE-2009-2428 (Multiple SQL injection vulnerabilities in Tausch Ticket Script 3 allow ...) NOT-FOR-US: Tausch Ticket Script CVE-2009-2429 (SmartFilter Web Gateway Security 4.2.1.00 stores user credentials in ...) NOT-FOR-US: smartfilter CVE-2009-2430 (Unspecified vulnerability in auditconfig in Sun Solaris 8, 9, 10, and ...) NOT-FOR-US: auditconfig in Sun Solaris CVE-2009-2431 (WordPress 2.7.1 places the username of a post's author in an HTML ...) BUG: 277317 CVE-2009-2432 (WordPress and WordPress MU before 2.8.1 allow remote attackers to ...) BUG: 277317 CVE-2009-2433 (Stack-based buffer overflow in the AddFavorite method in Microsoft ...) NOT-FOR-US: AddFavorite CVE-2009-2434 (Buffer overflow in the syscall implementation in IBM AIX 5.3 allows ...) NOT-FOR-US: ibm aix CVE-2009-2435 (The Sametime server in IBM Lotus Instant Messaging and Web ...) NOT-FOR-US: ibm lotus_instant_messaging_and_web_conferencing CVE-2009-2436 (SQL injection vulnerability in page.php in Online Dating Software ...) NOT-FOR-US: phponlinedatingsoftware myphpdating CVE-2009-2437 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) NOT-FOR-US: rentventory CVE-2009-2438 (Cross-site scripting (XSS) vulnerability in index.php in the search ...) NOT-FOR-US: clansphere CVE-2009-2439 (Multiple SQL injection vulnerabilities in Web Development House ...) NOT-FOR-US: web_development_house alibaba_clone CVE-2009-2440 (Cross-site scripting (XSS) vulnerability in index.php in JNM Guestbook ...) NOT-FOR-US: jnmsolutions guestbook CVE-2009-2441 (Cross-site scripting (XSS) vulnerability in ogp_show.php in Online ...) NOT-FOR-US: esoftpro online_guestbook_pro CVE-2009-2442 (Cross-site scripting (XSS) vulnerability in public/index.php in ...) NOT-FOR-US: linea21 CVE-2009-2443 (Siteframe 3.2.3, and other 3.2.x versions, allows remote attackers to ...) NOT-FOR-US: siteframe_cms CVE-2009-2444 (Directory traversal vulnerability in maillinglist/setup/step1.php.inc ...) NOT-FOR-US: ADbNewsSender CVE-2009-2445 (Sun Java System Web Server (aka Sun ONE Web Server) 6.1 before SP12, ...) NOT-FOR-US: Sun CVE-2009-2446 (Multiple format string vulnerabilities in the dispatch_command ...) BUG: 277717 CVE-2009-2447 (Multiple cross-site scripting (XSS) vulnerabilities in ogp_show.php in ...) NOT-FOR-US: Online Guestbook Pro CVE-2009-2448 (Cross-site scripting (XSS) vulnerability in ogp_show.php in Online ...) NOT-FOR-US: Online Guestbook Pro CVE-2009-2449 (Directory traversal vulnerability in ...) NOT-FOR-US: ADbNewsSender CVE-2009-2450 (The OAmon.sys kernel driver 3.1.0.0 and earlier in Tall Emu Online ...) NOT-FOR-US: Tall Emu Online Armor Personal Firewall AV CVE-2009-2451 (Multiple SQL injection vulnerabilities in index.php in MIM:InfiniX ...) NOT-FOR-US: mim infinix infinix CVE-2009-2452 (Multiple unspecified vulnerabilities in Citrix Licensing 11.5 have ...) NOT-FOR-US: citrix licensing CVE-2009-2453 (Citrix XenApp (formerly Presentation Server) 4.5 Hotfix Rollup Pack 3 ...) NOT-FOR-US: citrix xenapp CVE-2009-2454 (Cross-site scripting (XSS) vulnerability in Citrix Web Interface 4.6, ...) NOT-FOR-US: citrix web_interface CVE-2009-2455 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: atmail tmail CVE-2009-2456 (The DS\NDSD component in Novell eDirectory 8.8 before SP5 allows ...) NOT-FOR-US: novell edirectory CVE-2009-2457 (The DS\NDSD component in Novell eDirectory 8.8 before SP5 allows ...) NOT-FOR-US: novell edirectory CVE-2009-2458 (Unspecified vulnerability in Sun Fire V215 Server, when using XVR-100 ...) NOT-FOR-US: sun_fire_server CVE-2009-2459 (Multiple unspecified vulnerabilities in mimeTeX, when downloaded ...) NOT-FOR-US: Sunrise-only. Notified in bug 172901 CVE-2009-2460 (Multiple stack-based buffer overflows in mathtex.cgi in mathTeX, when ...) NOT-FOR-US: forkosh mathtex CVE-2009-2461 (mathtex.cgi in mathTeX, when downloaded before 20090713, does not ...) NOT-FOR-US: mathtex CVE-2009-2462 (The browser engine in Mozilla Firefox before 3.0.12 and Thunderbird ...) BUG: 280393 CVE-2009-2463 (Multiple integer overflows in the (1) PL_Base64Decode and (2) ...) BUG: 280393 CVE-2009-2464 (The nsXULTemplateQueryProcessorRDF::CheckIsSeparator function in ...) BUG: 280393 CVE-2009-2465 (Mozilla Firefox before 3.0.12 and Thunderbird allow remote attackers ...) BUG: 280393 CVE-2009-2466 (The JavaScript engine in Mozilla Firefox before 3.0.12 and Thunderbird ...) BUG: 280393 CVE-2009-2467 (Mozilla Firefox before 3.0.12 and 3.5 before 3.5.1 allows remote ...) BUG: 280393 CVE-2009-2468 (Integer overflow in Apple CoreGraphics, as used in Safari before ...) BUG: 268976 NOTE: on linux, it was pango that caused this, see MFSA 2009-36 / CVE-2009-1194. CVE-2009-2469 (Mozilla Firefox before 3.0.12 does not properly handle an SVG element ...) BUG: 280393 CVE-2009-2470 (Mozilla Firefox before 3.0.12, and 3.5.x before 3.5.2, allows remote ...) BUG: 280393 CVE-2009-2471 (The setTimeout function in Mozilla Firefox before 3.0.12 does not ...) BUG: 280393 CVE-2009-2472 (Mozilla Firefox before 3.0.12 does not always use ...) BUG: 280393 CVE-2009-2473 (neon before 0.28.6, when expat is used, does not properly detect ...) BUG: 281950 CVE-2009-2474 (neon before 0.28.6, when OpenSSL or GnuTLS is used, does not properly ...) BUG: 281950 CVE-2009-2475 (Sun Java SE 5.0 before Update 20 and 6 before Update 15, and OpenJDK, ...) BUG: 280409 CVE-2009-2476 (The Java Management Extensions (JMX) implementation in Sun Java SE 6 ...) BUG: 280409 CVE-2009-2477 (js/src/jstracer.cpp in the Just-in-time (JIT) JavaScript compiler (aka ...) BUG: 277752 CVE-2009-2478 (Mozilla Firefox 3.5 allows remote attackers to cause a denial of ...) BUG: 277752 CVE-2009-2479 (Mozilla Firefox 3.0.x, 3.5, and 3.5.1 on Windows allows remote ...) BUG: 277752 CVE-2009-2480 (Cross-site scripting (XSS) vulnerability in mt-wizard.cgi in Six Apart ...) NOT-FOR-US: movabletype six_apart_movable_type CVE-2009-2481 (mt-wizard.cgi in Six Apart Movable Type before 4.261, when global ...) NOT-FOR-US: sixapart movable_type CVE-2009-2482 (The pam_unix module in OpenPAM in NetBSD 4.0 before 4.0.2 and 5.0 ...) NOT-FOR-US: netbsd CVE-2009-2483 (libprop/prop_object.c in proplib in NetBSD 4.0 and 4.0.1 allows local ...) NOT-FOR-US: netbsd CVE-2009-2484 (Stack-based buffer overflow in the Win32AddConnection function in ...) NOT-FOR-US: videolan vlc_media_player CVE-2009-2485 (Stack-based buffer overflow in HT-MP3Player 1.0 allows remote ...) NOT-FOR-US: tingan ht mp3player CVE-2009-2486 (Unspecified vulnerability in the SCTP implementation in Sun Solaris ...) NOT-FOR-US: sun solaris CVE-2009-2487 (Use-after-free vulnerability in the frpr_icmp function in the ipfilter ...) NOT-FOR-US: sun solaris CVE-2009-2488 (Unspecified vulnerability in the NFSv4 module in the kernel in Sun ...) NOT-FOR-US: sun solaris CVE-2009-2489 (Unspecified vulnerability in the utdmsession program in Sun Ray Server ...) NOT-FOR-US: sun ray_server_software CVE-2009-2490 (Unspecified vulnerability in the utaudiod daemon in Sun Ray Server ...) NOT-FOR-US: sun ray_server_software CVE-2009-2491 (The utaudiod daemon in Sun Ray Server Software (SRSS) 4.0, when ...) NOT-FOR-US: sun ray_server_software CVE-2009-2492 (Cross-site scripting (XSS) vulnerability in mt-wizard.cgi in Six Apart ...) NOT-FOR-US: sixapart movable_type CVE-2009-2493 (The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 ...) NOT-FOR-US: microsoft visual_studio_ net CVE-2009-2494 (The Active Template Library (ATL) in Microsoft Windows 2000 SP4, XP ...) NOT-FOR-US: Microsoft Windows CVE-2009-2495 (The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 ...) NOT-FOR-US: microsoft visual_studio_ net CVE-2009-2496 (Heap-based buffer overflow in the Office Web Components ActiveX ...) NOT-FOR-US: Office CVE-2009-2497 (The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0, 2.0 ...) NOT-FOR-US: microsoft windows_xp CVE-2009-2498 (Microsoft Windows Media Format Runtime 9.0, 9.5, and 11 and Windows ...) NOT-FOR-US: microsoft windows_xp CVE-2009-2499 (Microsoft Windows Media Format Runtime 9.0, 9.5, and 11; and Microsoft ...) NOT-FOR-US: microsoft windows_xp CVE-2009-2500 (Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows ...) NOT-FOR-US: microsoft windows_xp CVE-2009-2501 (Heap-based buffer overflow in GDI+ in Microsoft Internet Explorer 6 ...) NOT-FOR-US: microsoft windows_xp CVE-2009-2502 (Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows ...) NOT-FOR-US: microsoft windows_xp CVE-2009-2503 (GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, ...) NOT-FOR-US: microsoft windows_xp CVE-2009-2504 (Multiple integer overflows in unspecified APIs in GDI+ in Microsoft ...) NOT-FOR-US: microsoft windows_xp CVE-2009-2505 (The Internet Authentication Service (IAS) in Microsoft Windows Vista ...) NOT-FOR-US: Microsoft CVE-2009-2506 (Integer overflow in the text converters in Microsoft Office Word 2002 ...) NOT-FOR-US: Microsoft Office Word CVE-2009-2507 (A certain ActiveX control in the Indexing Service in Microsoft Windows ...) NOT-FOR-US: microsoft windows_xp CVE-2009-2508 (The single sign-on implementation in Active Directory Federation ...) NOT-FOR-US: Active Directory Federation Services ADFS in Microsoft Windows Server CVE-2009-2509 (Active Directory Federation Services (ADFS) in Microsoft Windows ...) NOT-FOR-US: Microsoft Windows Server CVE-2009-2510 (The CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2 ...) NOT-FOR-US: microsoft windows_xp CVE-2009-2511 (Integer overflow in the CryptoAPI component in Microsoft Windows 2000 ...) NOT-FOR-US: microsoft windows_xp CVE-2009-2512 (The Web Services on Devices API (WSDAPI) in Windows Vista Gold, SP1, ...) NOT-FOR-US: microsoft windows_vista CVE-2009-2513 (The Graphics Device Interface (GDI) in win32k.sys in the kernel in ...) NOT-FOR-US: microsoft windows_xp CVE-2009-2514 (win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and ...) NOT-FOR-US: microsoft windows_xp CVE-2009-2515 (Integer underflow in the kernel in Microsoft Windows 2000 SP4, XP SP2 ...) NOT-FOR-US: microsoft windows_xp CVE-2009-2516 (The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 ...) NOT-FOR-US: microsoft windows_xp CVE-2009-2517 (The kernel in Microsoft Windows Server 2003 SP2 does not properly ...) NOT-FOR-US: microsoft windows_xp CVE-2009-2518 (Integer overflow in GDI+ in Microsoft Office XP SP3 allows remote ...) NOT-FOR-US: microsoft windows_xp CVE-2009-2519 (The DHTML Editing Component ActiveX control in Microsoft Windows 2000 ...) NOT-FOR-US: microsoft windows_xp CVE-2009-2520 RESERVED CVE-2009-2521 (Stack consumption vulnerability in the FTP Service in Microsoft ...) NOT-FOR-US: microsoft iis CVE-2009-2522 RESERVED CVE-2009-2523 (The License Logging Server (llssrv.exe) in Microsoft Windows 2000 SP4 ...) NOT-FOR-US: microsoft windows_2000 CVE-2009-2524 (Integer underflow in the NTLM authentication feature in the Local ...) NOT-FOR-US: microsoft windows_xp CVE-2009-2525 (Microsoft Windows Media Runtime, as used in DirectShow WMA Voice ...) NOT-FOR-US: microsoft windows_xp CVE-2009-2526 (Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and ...) NOT-FOR-US: microsoft windows_vista CVE-2009-2527 (Heap-based buffer overflow in Microsoft Windows Media Player 6.4 ...) NOT-FOR-US: microsoft windows_xp CVE-2009-2528 (GDI+ in Microsoft Office XP SP3 does not properly handle malformed ...) NOT-FOR-US: microsoft windows_xp CVE-2009-2529 (Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not ...) NOT-FOR-US: microsoft windows_xp CVE-2009-2530 (Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly ...) NOT-FOR-US: microsoft windows_xp CVE-2009-2531 (Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly ...) NOT-FOR-US: microsoft windows_xp CVE-2009-2532 (Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold ...) NOT-FOR-US: microsoft windows_vista CVE-2009-2533 (rmserver in RealNetworks Helix Server and Helix Mobile Server before ...) NOT-FOR-US: RealNetworks Helix Server and Helix Mobile Server CVE-2009-2534 (RealNetworks Helix Server and Helix Mobile Server before 13.0.0 allow ...) NOT-FOR-US: the CVE-2009-2535 (Mozilla Firefox before 2.0.0.19 and 3.x before 3.0.5, SeaMonkey, and ...) BUG: 251322 BUG: 257577 CVE-2009-2536 (Microsoft Internet Explorer 5 through 8 allows remote attackers to ...) NOT-FOR-US: microsoft internet_explorer CVE-2009-2537 (KDE Konqueror allows remote attackers to cause a denial of service ...) BUG: 280231 CVE-2009-2538 (The Nokia N95 running Symbian OS 9.2, N82, and N810 Internet Tablet ...) NOT-FOR-US: nokia symbian CVE-2009-2539 (The Aigo P8860 allows remote attackers to cause a denial of service ...) NOT-FOR-US: aigo_md_p8860 CVE-2009-2540 (Opera, possibly 9.64 and earlier, allows remote attackers to cause a ...) NOT-FOR-US: opera_browser CVE-2009-2541 (The web browser on the Sony PLAYSTATION 3 (PS3) allows remote ...) NOT-FOR-US: sony playstation_3 CVE-2009-2542 (Netscape 6 and 8 allows remote attackers to cause a denial of service ...) NOT-FOR-US: netscape navigator CVE-2009-2543 (Multiple unspecified vulnerabilities in the IBM Proventia engine ...) NOT-FOR-US: ibm proventia_network_multi function_security CVE-2009-2544 (Directory traversal vulnerability in the Marcelo Costa FileServer ...) NOT-FOR-US: marcelo_costa fileserver CVE-2009-2545 (SQL injection vulnerability in Advanced Electron Forum (AEF) 1.x, when ...) NOT-FOR-US: anelectron advanced_electron_forum CVE-2009-2546 (Directory traversal vulnerability in Advanced Electron Forum (AEF) 1.x ...) NOT-FOR-US: anelectron advanced_electron_forum CVE-2009-2547 (Integer underflow in Armed Assault (aka ArmA) 1.14 and earlier, and ...) NOT-FOR-US: bistudio arma_2 CVE-2009-2548 (Format string vulnerability in Armed Assault (aka ArmA) 1.14 and ...) NOT-FOR-US: bistudio arma_2 CVE-2009-2549 (Armed Assault (aka ArmA) 1.14 and earlier, and 1.16 beta, and Armed ...) NOT-FOR-US: bistudio arma_2 CVE-2009-2550 (Stack-based buffer overflow in Hamster Audio Player 0.3a allows remote ...) NOT-FOR-US: ondanera net hamster_audio_player CVE-2009-2551 (Multiple cross-site scripting (XSS) vulnerabilities in ScriptsEz Easy ...) NOT-FOR-US: scriptsez easy_image_downloader CVE-2009-2552 (Multiple directory traversal vulnerabilities in comments.php in Super ...) NOT-FOR-US: supersimple super_simple_blog_script CVE-2009-2553 (Multiple SQL injection vulnerabilities in comments.php in Super Simple ...) NOT-FOR-US: supersimple super_simple_blog_script CVE-2009-2554 (SQL injection vulnerability in the search method in jobline.class.php ...) NOT-FOR-US: olle_johansson jobline CVE-2009-2555 (Heap-based buffer overflow in src/jsregexp.cc in Google V8 before ...) BUG: 280232 CVE-2009-2556 (Google Chrome before 2.0.172.37 allows attackers to leverage renderer ...) BUG: 280232 CVE-2009-2557 (Directory traversal vulnerability in system/download.php in Admin News ...) NOT-FOR-US: adminnewstools admin_news_tools CVE-2009-2558 (system/message.php in Admin News Tools 2.5 does not properly restrict ...) NOT-FOR-US: adminnewstools admin_news_tools CVE-2009-2559 (Buffer overflow in the IPMI dissector in Wireshark 1.2.0 allows remote ...) BUG: 278564 CVE-2009-2560 (Multiple unspecified vulnerabilities in Wireshark 1.2.0 allow remote ...) BUG: 278564 CVE-2009-2561 (Unspecified vulnerability in the sFlow dissector in Wireshark 1.2.0 ...) BUG: 278564 CVE-2009-2562 (Unspecified vulnerability in the AFS dissector in Wireshark 0.9.2 ...) BUG: 278564 CVE-2009-2563 (Unspecified vulnerability in the Infiniband dissector in Wireshark ...) BUG: 278564 CVE-2009-2564 (NOS Microsystems getPlus Download Manager, as used in Adobe Reader ...) NOT-FOR-US: nos_microsystems getplus_download_manager CVE-2009-2565 (Cross-site scripting (XSS) vulnerability in Perl CGI's By Mrs. ...) NOT-FOR-US: t okada shiromuku fs6 diary CVE-2009-2566 (Stack-based buffer overflow in TFM MMPlayer 2.0, and possibly ...) NOT-FOR-US: tfm mmplayer CVE-2009-2567 (SQL injection vulnerability in the Almond Classifieds (com_aclassf) ...) NOT-FOR-US: almondsoft almond_classifieds CVE-2009-2568 (Stack-based buffer overflow in Sorinara Streaming Audio Player (SAP) ...) NOT-FOR-US: sorinara streaming_audio_player CVE-2009-2569 (Multiple cross-site scripting (XSS) vulnerabilities in Verlihub ...) NOT-FOR-US: verlihub project verlihub_control_panel CVE-2009-2570 (Stack-based buffer overflow in the Symantec.FaxViewerControl.1 ActiveX ...) NOT-FOR-US: symantec winfax_pro CVE-2009-2571 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) NOT-FOR-US: verliadmin CVE-2009-2572 (Cross-site request forgery (CSRF) vulnerability in the Fivestar module ...) NOT-FOR-US: lullabot fivestar_module_for_drupal CVE-2009-2573 (Multiple SQL injection vulnerabilities in MiniTwitter 0.2 beta, when ...) NOT-FOR-US: bioscripts minitwitter CVE-2009-2574 (index.php in MiniTwitter 0.2 beta allows remote authenticated users to ...) NOT-FOR-US: bioscripts minitwitter CVE-2009-2575 (The Research In Motion (RIM) BlackBerry 8800 allows remote attackers ...) NOT-FOR-US: rim blackberry_8800 CVE-2009-2576 (Microsoft Internet Explorer 6.0.2900.2180 and earlier allows remote ...) NOT-FOR-US: microsoft ie CVE-2009-2577 (Opera 9.52 and earlier allows remote attackers to cause a denial of ...) NOT-FOR-US: Client DoS CVE-2009-2578 (Google Chrome 2.x through 2.0.172 allows remote attackers to cause a ...) BUG: 280232 CVE-2009-2579 (SQL injection vulnerability in reward_points.post.php in the Reward ...) NOT-FOR-US: cs cart CVE-2009-2580 REJECTED NOT-FOR-US: this CVE-2009-2581 (Cross-site scripting (XSS) vulnerability in modifier.php in ...) NOT-FOR-US: editeurscripts esnews CVE-2009-2582 (Stack-based buffer overflow in manager.exe in Akamai Download Manager ...) NOT-FOR-US: akamai_technologies download_manager CVE-2009-2583 (Multiple session fixation vulnerabilities in IBM Tivoli Identity ...) NOT-FOR-US: ibm tivoli_identity_manager CVE-2009-2584 (Off-by-one error in the options_write function in ...) BUG: 278974 CVE-2009-2585 (SQL injection vulnerability in index.php in Mlffat 2.2 allows remote ...) NOT-FOR-US: mlffat CVE-2009-2586 (Cross-site scripting (XSS) vulnerability in articles.php in EDGEPHP ...) NOT-FOR-US: edgephp ezarticles CVE-2009-2587 (Multiple cross-site scripting (XSS) vulnerabilities in DragDropCart ...) NOT-FOR-US: dragdropcart CVE-2009-2588 (Multiple cross-site scripting (XSS) vulnerabilities in Hotscripts Type ...) NOT-FOR-US: resalecode hotscripts_type_php_clone_script CVE-2009-2589 (Multiple cross-site scripting (XSS) vulnerabilities in Hutscripts PHP ...) NOT-FOR-US: resalecode hutscripts_php_website_script CVE-2009-2590 (SQL injection vulnerability in showcategory.php in Hutscripts PHP ...) NOT-FOR-US: resalecode hutscripts_php_website_script CVE-2009-2591 (SQL injection vulnerability in the MyAnnonces module for E-Xoopport ...) NOT-FOR-US: runcms myannonces CVE-2009-2592 (SQL injection vulnerability in guestbook.php in PHPJunkYard GBook 1.6 ...) NOT-FOR-US: phpjunkyard gbook CVE-2009-2593 (SQL injection vulnerability in censura.php in Censura 1.16.04 allows ...) NOT-FOR-US: censura CVE-2009-2594 (Cross-site scripting (XSS) vulnerability in censura.php in Censura ...) NOT-FOR-US: censura CVE-2009-2595 (Cross-site scripting (XSS) vulnerability in productSearch.html in ...) NOT-FOR-US: censura CVE-2009-2596 (Unspecified vulnerability in the Solaris Auditing subsystem in Sun ...) NOT-FOR-US: sun solaris CVE-2009-2597 (The Sun Java System (SJS) Access Manager Policy Agent module 2.2 for ...) NOT-FOR-US: sun java_system_access_manager_policy_agent CVE-2009-2598 (Multiple SQL injection vulnerabilities in Online Grades & Attendance ...) NOT-FOR-US: onlinegrades online_grades CVE-2009-2599 (SQL injection vulnerability in index.php in RadCLASSIFIEDS Gold 2.0 ...) NOT-FOR-US: radscripts radclassifieds CVE-2009-2600 (Multiple directory traversal vulnerabilities in view.php in Webboard ...) NOT-FOR-US: akiva webboard CVE-2009-2601 (SQL injection vulnerability in the Joomlaequipment (aka JUser or ...) NOT-FOR-US: joomlaequipment juser CVE-2009-2602 (R2 Newsletter Lite, Pro, and Stats stores sensitive information under ...) NOT-FOR-US: r2newsletter r2_newsletter_stats CVE-2009-2603 (Multiple SQL injection vulnerabilities in index.php in Escon ...) NOT-FOR-US: e supportportal escon_supportportal_pro CVE-2009-2604 (Multiple SQL injection vulnerabilities in adminlogin.asp in Zen Help ...) NOT-FOR-US: zenhelpdesk zen_help_desk CVE-2009-2605 (Multiple SQL injection vulnerabilities in adminquery.php in Traidnt Up ...) NOT-FOR-US: traidnt_up CVE-2009-2606 (ASP Football Pool 2.3 stores sensitive information under the web root ...) NOT-FOR-US: brainjar asp_football_pool CVE-2009-2607 (SQL injection vulnerability in the com_pinboard component for Joomla! ...) NOT-FOR-US: pinme com_pinboard CVE-2009-2608 (Multiple SQL injection vulnerabilities in PHP Address Book 4.0.x allow ...) NOT-FOR-US: chatelao php_address_book CVE-2009-2609 (SQL injection vulnerability in the amoCourse (com_amocourse) component ...) NOT-FOR-US: n CVE-2009-2610 (Cross-site scripting (XSS) vulnerability in the Links Related module ...) NOT-FOR-US: scott_courtney links_package CVE-2009-2611 (Directory traversal vulnerability in ...) NOT-FOR-US: gander myfusion CVE-2009-2612 (SQL injection vulnerability in login.aspx in ProSMDR allows remote ...) NOT-FOR-US: prosmdr CVE-2009-2613 (Multiple cross-site scripting (XSS) vulnerabilities in DataCheck ...) NOT-FOR-US: datachecknh linkpal CVE-2009-2614 (SQL injection vulnerability in z_admin_login.asp in DataCheck ...) NOT-FOR-US: datachecknh linkpal CVE-2009-2615 (Multiple cross-site scripting (XSS) vulnerabilities in DataCheck ...) NOT-FOR-US: datachecknh sitepal CVE-2009-2616 (SQL injection vulnerability in z_admin_login.asp in DataCheck ...) NOT-FOR-US: datachecknh sitepal CVE-2009-2617 (Stack-based buffer overflow in medialib.dll in BaoFeng Storm 3.9.62 ...) NOT-FOR-US: baofeng storm CVE-2009-2618 (SQL injection vulnerability in the Surveys (aka NS-Polls) module in ...) NOT-FOR-US: maxdev mdpro CVE-2009-2619 (SQL injection vulnerability in login.asp in DataCheck Solutions ...) NOT-FOR-US: datachecknh v spacepal CVE-2009-2620 (src/remote/server.cpp in fbserver.exe in Firebird SQL 1.5 before ...) BUG: 279800 CVE-2009-2621 (Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 does not ...) BUG: 279379 CVE-2009-2622 (Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 allows remote ...) BUG: 279379 CVE-2009-2623 RESERVED CVE-2009-2624 (The huft_build function in inflate.c in gzip before 1.3.13 creates a ...) BUG: 300943 CVE-2009-2625 (XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime ...) BUG: 280611 BUG: 280615 BUG: 280613 CVE-2009-2626 (The zend_restore_ini_entry_cb function in zend_ini.c in PHP 5.3.0, ...) BUG: 280602 CVE-2009-2627 (Insecure method vulnerability in the Acer LunchApp (aka ...) NOT-FOR-US: acerctrl ocx CVE-2009-2628 (The VMnc media codec in vmnc.dll in VMware Movie Decoder before 6.5.3 ...) NOT-FOR-US: Windows only CVE-2009-2629 (Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through ...) BUG: 283802 CVE-2009-2630 RESERVED CVE-2009-2631 (Multiple clientless SSL VPN products that run in web browsers, ...) NOT-FOR-US: stonesoft stonegate CVE-2009-2632 (Buffer overflow in the SIEVE script component (sieve/script.c), as ...) BUG: 283596 CVE-2009-2633 (PHP remote file inclusion vulnerability in toolbar_ext.php in the ...) NOT-FOR-US: ordasoft com_vehiclemanager CVE-2009-2634 (PHP remote file inclusion vulnerability in toolbar_ext.php in the ...) NOT-FOR-US: ordasoft com_medialibrary CVE-2009-2635 (PHP remote file inclusion vulnerability in toolbar_ext.php in the ...) NOT-FOR-US: ordasoft com_realestatemanager CVE-2009-2636 (Cross-site scripting (XSS) vulnerability in the Integration page in ...) NOT-FOR-US: kerio_mailserver CVE-2009-2637 (PHP remote file inclusion vulnerability in toolbar_ext.php in the ...) NOT-FOR-US: ordasoft com_booklibrary CVE-2009-2638 (SQL injection vulnerability in the AkoBook (com_akobook) component 2.3 ...) NOT-FOR-US: konze com_akobook CVE-2009-2639 (SQL injection vulnerability in admin.php in MRCGIGUY The Ticket System ...) NOT-FOR-US: mrcgiguy the_ticket_system CVE-2009-2640 (Multiple SQL injection vulnerabilities in cgi/admin.cgi in Interlogy ...) NOT-FOR-US: interlogy profile_manager CVE-2009-2641 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: rich_white school_data_nav CVE-2009-2642 (index.php in Desi Short URL Script 1.0 allows remote attackers to ...) NOT-FOR-US: desiscripts desi_short_url_script CVE-2009-2643 (Multiple unspecified vulnerabilities in the PDF distiller in the ...) NOT-FOR-US: rim blackberry_professional_software CVE-2009-2644 (Race condition in the Solaris Auditing subsystem in Sun Solaris 9 and ...) NOT-FOR-US: sun solaris CVE-2009-2645 REJECTED NOT-FOR-US: this CVE-2009-2646 (Multiple unspecified vulnerabilities in the PDF distiller in the ...) NOT-FOR-US: rim blackberry_professional_software CVE-2009-2647 (Unspecified vulnerability in Kaspersky Anti-Virus 2010 and Kaspersky ...) NOT-FOR-US: kaspersky_internet_security CVE-2009-2648 (FlashDen Guestbook allows remote attackers to obtain configuration ...) NOT-FOR-US: flashden guestbook CVE-2009-2649 (The IATA (ata) driver in FreeBSD 6.0 and 8.0, when read access to /dev ...) BUG: 280826 CVE-2009-2650 (Heap-based buffer overflow in Sorcerer Software MultiMedia Jukebox 4.0 ...) NOT-FOR-US: sorcerersoftware multimedia_jukebox CVE-2009-2651 (main/rtp.c in Asterisk Open Source 1.6.1 before 1.6.1.2 allows remote ...) BUG: 280159 CVE-2009-2652 (Unspecified vulnerability in Solaris Trusted Extensions in Sun Solaris ...) NOT-FOR-US: Solaris Trusted Extensions in Sun Solaris CVE-2009-2653 (** DISPUTED ** ...) NOT-FOR-US: Microsoft CVE-2009-2654 (Mozilla Firefox before 3.0.13, and 3.5.x before 3.5.2, allows remote ...) BUG: 280234 CVE-2009-2655 (mshtml.dll in Microsoft Internet Explorer 7 and 8 on Windows XP SP3 ...) NOT-FOR-US: microsoft internet_explorer CVE-2009-2656 (Unspecified vulnerability in the com.android.phone process in Android ...) NOT-FOR-US: com android phone process in Android CVE-2009-2657 (nilfs-utils before 2.0.14 installs multiple programs with unnecessary ...) BUG: 280363 CVE-2009-2658 (Directory traversal vulnerability in ZNC before 0.072 allows remote ...) BUG: 278684 CVE-2009-2659 (The Admin media handler in core/servers/basehttp.py in Django 1.0 and ...) BUG: 279720 CVE-2009-2660 (Multiple integer overflows in CamlImages 2.2 might allow ...) BUG: 276235 CVE-2009-2661 (The asn1_length function in strongSwan 2.8 before 2.8.11, 4.2 before ...) BUG: 279319 CVE-2009-2662 (The browser engine in Mozilla Firefox 3.5.x before 3.5.2 allows remote ...) BUG: 280393 CVE-2009-2663 (libvorbis before r16182, as used in Mozilla Firefox 3.5.x before 3.5.2 ...) BUG: 280590 BUG: 280393 CVE-2009-2664 (The js_watch_set function in js/src/jsdbgapi.cpp in the JavaScript ...) BUG: 280393 CVE-2009-2665 (The nsDocument::SetScriptGlobalObject function in ...) BUG: 280234 CVE-2009-2666 (socket.c in fetchmail before 6.3.11 does not properly handle a '\0' ...) BUG: 280537 CVE-2009-2667 (Unspecified vulnerability in IBM Tivoli Key Lifecycle Manager (TKLM) ...) NOT-FOR-US: ibm tklm CVE-2009-2668 (Microsoft Internet Explorer 6 through 6.0.2900.2180 and 7 through ...) NOT-FOR-US: microsoft internet_explorer CVE-2009-2669 (A certain debugging component in IBM AIX 5.3 and 6.1 does not properly ...) NOT-FOR-US: ibm aix CVE-2009-2670 (The audio system in Sun Java Runtime Environment (JRE) in JDK and JRE ...) BUG: 280409 CVE-2009-2671 (The SOCKS proxy implementation in Sun Java Runtime Environment (JRE) ...) BUG: 280409 CVE-2009-2672 (The proxy mechanism implementation in Sun Java Runtime Environment ...) BUG: 280409 CVE-2009-2673 (The proxy mechanism implementation in Sun Java Runtime Environment ...) BUG: 280409 CVE-2009-2674 (Integer overflow in javaws.exe in Sun Java Web Start in Sun Java ...) BUG: 280409 CVE-2009-2675 (Integer overflow in the unpack200 utility in Sun Java Runtime ...) BUG: 280409 CVE-2009-2676 (Unspecified vulnerability in JNLPAppletlauncher in Sun Java SE, and SE ...) BUG: 280409 CVE-2009-2677 (Cross-site request forgery (CSRF) vulnerability in HP Insight Control ...) NOT-FOR-US: hp insight_control_suite_for_linux CVE-2009-2678 (Unspecified vulnerability in Open System Services (OSS) Name Server on ...) NOT-FOR-US: hp nonstop_server CVE-2009-2679 (Unspecified vulnerability in bootpd in HP HP-UX B.11.11, B.11.23, and ...) NOT-FOR-US: hp ux CVE-2009-2680 (Unspecified vulnerability in the Remote Management Interface (RMI) for ...) NOT-FOR-US: hp storageworks_msl8096_tape_library CVE-2009-2681 (Unspecified vulnerability in HP ProCurve Identity Driven Manager (IDM) ...) NOT-FOR-US: hp procurve_identity_driven_manager CVE-2009-2682 (Unspecified vulnerability in Role-Based Access Control (RBAC) in HP ...) NOT-FOR-US: hp ux CVE-2009-2683 (Unspecified vulnerability in the Sender module in HP Remote Graphics ...) NOT-FOR-US: hp remote_graphics_software CVE-2009-2684 (Multiple cross-site scripting (XSS) vulnerabilities in Jetdirect and ...) NOT-FOR-US: hp laserjet_p4515 CVE-2009-2685 (Stack-based buffer overflow in the login form in the management web ...) NOT-FOR-US: hp power_manager CVE-2009-2686 (Unspecified vulnerability in HP NonStop G06.12.00 through G06.32.00, ...) NOT-FOR-US: HP CVE-2009-2687 (The exif_read_data function in the Exif module in PHP before 5.2.10 ...) BUG: 274670 CVE-2009-2688 (Multiple integer overflows in glyphs-eimage.c in XEmacs 21.4.22, when ...) BUG: 275397 CVE-2009-2689 (JDK13Services.getProviders in Sun Java SE 5.0 before Update 20 and 6 ...) BUG: 280409 CVE-2009-2690 (The encoder in Sun Java SE 6 before Update 15, and OpenJDK, grants ...) BUG: 280409 CVE-2009-2691 (The mm_for_maps function in fs/proc/base.c in the Linux kernel ...) BUG: 281178 CVE-2009-2692 (The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, ...) BUG: 281391 CVE-2009-2693 (Directory traversal vulnerability in Apache Tomcat 5.5.0 through ...) BUG: 303719 CVE-2009-2694 (The msn_slplink_process_msg function in ...) BUG: 281545 CVE-2009-2695 (The Linux kernel before 2.6.31-rc7 does not properly prevent mmap ...) BUG: 283821 CVE-2009-2696 (Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the ...) NOT-FOR-US: We do no ship that. CVE-2009-2697 (The Red Hat build script for the GNOME Display Manager (GDM) before ...) NOT-FOR-US: Red CVE-2009-2698 (The udp_sendmsg function in the UDP implementation in (1) ...) BUG: 282529 CVE-2009-2699 (The Solaris pollset feature in the Event Port backend in ...) NOT-FOR-US: Solaris only CVE-2009-2700 (src/network/ssl/qsslcertificate.cpp in Nokia Trolltech Qt 4.x does not ...) BUG: 283810 CVE-2009-2701 (Unspecified vulnerability in the Zope Enterprise Objects (ZEO) ...) NOT-FOR-US: Not yet in-tree, notified in bug 191260 CVE-2009-2702 (KDE KSSL in kdelibs 3.5.4, 4.2.4, and 4.3 does not properly handle a ...) BUG: 285018 CVE-2009-2703 (libpurple/protocols/irc/msgs.c in the IRC protocol plugin in libpurple ...) BUG: 283814 CVE-2009-2704 (CA SiteMinder allows remote attackers to bypass cross-site scripting ...) NOT-FOR-US: sun j2ee CVE-2009-2705 (CA SiteMinder allows remote attackers to bypass cross-site scripting ...) NOT-FOR-US: sun j2ee CVE-2009-2706 RESERVED CVE-2009-2707 (Unspecified vulnerability in ia32el (aka the IA 32 emulation ...) NOT-FOR-US: novell suse_linux_enterprise_server CVE-2009-2708 RESERVED CVE-2009-2709 RESERVED CVE-2009-2710 RESERVED CVE-2009-2711 (XScreenSaver in Sun Solaris 9 and 10, OpenSolaris before snv_120, and ...) NOT-FOR-US: Sun Solaris CVE-2009-2712 (Sun Java System Access Manager 6.3 2005Q1, 7.0 2005Q4, and 7.1; and ...) NOT-FOR-US: sun opensso_enterprise CVE-2009-2713 (The CDCServlet component in Sun Java System Access Manager 7.0 2005Q4 ...) NOT-FOR-US: sun java_system_web_server CVE-2009-2714 (Unspecified vulnerability in Sun VirtualBox 3.0.0 and 3.0.2 allows ...) BUG: 280157 CVE-2009-2715 (Sun VirtualBox 2.2 through 3.0.2 r49928 allows guest OS users to cause ...) BUG: 280157 CVE-2009-2716 (The plugin functionality in Sun Java SE 6 before Update 15 does not ...) BUG: 280409 CVE-2009-2717 (The Abstract Window Toolkit (AWT) implementation in Sun Java SE 6 ...) NOT-FOR-US: windows CVE-2009-2718 (The Abstract Window Toolkit (AWT) implementation in Sun Java SE 6 ...) BUG: 280409 CVE-2009-2719 (The Java Web Start implementation in Sun Java SE 6 before Update 15 ...) BUG: 280409 CVE-2009-2720 (Unspecified vulnerability in the ...) BUG: 280409 CVE-2009-2721 (Multiple unspecified vulnerabilities in the Provider class in Sun Java ...) BUG: 280409 CVE-2009-2722 (Multiple unspecified vulnerabilities in the Provider class in Sun Java ...) BUG: 280409 CVE-2009-2723 (Unspecified vulnerability in deserialization in the Provider class in ...) BUG: 280409 CVE-2009-2724 (Race condition in the java.lang package in Sun Java SE 5.0 before ...) BUG: 280409 CVE-2009-2725 RESERVED CVE-2009-2726 (The SIP channel driver in Asterisk Open Source 1.2.x before 1.2.34, ...) BUG: 281107 CVE-2009-2727 (Stack-based buffer overflow in the _tt_internal_realpath function in ...) NOT-FOR-US: ibm aix CVE-2009-2728 RESERVED CVE-2009-2729 RESERVED CVE-2009-2730 (libgnutls in GnuTLS before 2.8.2 does not properly handle a '\0' ...) BUG: 281224 CVE-2009-2731 RESERVED CVE-2009-2732 (The checkHTTPpassword function in http.c in ntop 3.3.10 and earlier ...) BUG: 281956 CVE-2009-2733 (Multiple cross-site scripting (XSS) vulnerabilities in Achievo before ...) NOT-FOR-US: achievo CVE-2009-2734 (SQL injection vulnerability in the get_employee function in ...) NOT-FOR-US: achievo CVE-2009-2735 (SQL injection vulnerability in admin.php in sun-jester OpenNews 1.0, ...) NOT-FOR-US: sun jester opennews CVE-2009-2736 (Static code injection vulnerability in admin.php in sun-jester ...) NOT-FOR-US: sun jester opennews CVE-2009-2737 (The EditCSVAction function in cgi/actions.py in Roundup 1.2 before ...) BUG: 281517 CVE-2009-2738 (Cross-site request forgery (CSRF) vulnerability in the WebGUI in ...) NOT-FOR-US: freenas CVE-2009-2739 (Cross-site scripting (XSS) vulnerability in FreeNAS before 0.69.2 ...) NOT-FOR-US: freenas CVE-2009-2740 (kmxIds.sys before 7.3.1.18 in CA Host-Based Intrusion Prevention ...) NOT-FOR-US: CA Host Based Intrusion Prevention System HIPS CVE-2009-2741 (Unspecified vulnerability in the wberuntimeear application in the test ...) NOT-FOR-US: ibm websphere_business_events CVE-2009-2742 (Cross-site scripting (XSS) vulnerability in Eclipse Help in IBM ...) NOT-FOR-US: Eclipse Help in IBM WebSphere Application Server WAS CVE-2009-2743 (IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.27, and 7.0 ...) NOT-FOR-US: IBM CVE-2009-2744 (Unspecified vulnerability in IBM WebSphere Application Server (WAS) ...) NOT-FOR-US: IBM WebSphere Application Server WAS CVE-2009-2745 RESERVED CVE-2009-2746 (Cross-site request forgery (CSRF) vulnerability in the administrative ...) NOT-FOR-US: ibm websphere_application_server CVE-2009-2747 RESERVED CVE-2009-2748 RESERVED CVE-2009-2749 (Feature Pack for Communications Enabled Applications (CEA) before ...) NOT-FOR-US: ibm websphere_application_server CVE-2009-2750 (IBM WebSphere Service Registry and Repository (WSRR) 6.3.0 before FP2 ...) NOT-FOR-US: ibm websphere_service_registry_and_repository CVE-2009-2751 (IBM WebSphere Commerce 7.0 uses the same cryptographic key for session ...) NOT-FOR-US: IBM CVE-2009-2752 (IBM WebSphere Commerce 7.0 does not properly encrypt data in a ...) NOT-FOR-US: database CVE-2009-2753 (Multiple buffer overflows in the authentication functionality in ...) NOT-FOR-US: ibm informix_dynamic_server CVE-2009-2754 (Integer signedness error in the authentication functionality in ...) NOT-FOR-US: ibm informix_dynamic_server CVE-2009-2755 RESERVED CVE-2009-2756 RESERVED CVE-2009-2757 RESERVED CVE-2009-2758 RESERVED CVE-2009-2759 RESERVED CVE-2009-2760 RESERVED CVE-2009-2761 (Unquoted Windows search path vulnerability in the scheduler ...) NOT-FOR-US: avira antivir_security_suite CVE-2009-2762 (wp-login.php in WordPress 2.8.3 and earlier allows remote attackers to ...) BUG: 281219 CVE-2009-2763 RESERVED CVE-2009-2764 (Microsoft Internet Explorer 8.0.7100.0 on Windows 7 RC on the x64 ...) NOT-FOR-US: conjunction CVE-2009-2765 (httpd.c in httpd in the management GUI in DD-WRT 24 sp1, and other ...) NOT-FOR-US: httpd in the management GUI in DD WRT CVE-2009-2766 (httpd.c in httpd in the management GUI in DD-WRT 24 sp1 does not ...) NOT-FOR-US: httpd in the management GUI in DD WRT CVE-2009-2767 (The init_posix_timers function in kernel/posix-timers.c in the Linux ...) BUG: 281180 CVE-2009-2768 (The load_flat_shared_library function in fs/binfmt_flat.c in the flat ...) BUG: 281299 CVE-2009-2769 (PHP remote file inclusion vulnerability in include/timesheet.php in ...) NOT-FOR-US: ultrize timesheet CVE-2009-2770 (PowerUpload 2.4 allows remote attackers to bypass authentication and ...) NOT-FOR-US: PowerUpload CVE-2009-2771 (Cross-site scripting (XSS) vulnerability in Free Arcade Script 1.3 ...) NOT-FOR-US: freearcadescript free_arcade_script CVE-2009-2772 (Multiple cross-site scripting (XSS) vulnerabilities in PG Roommate ...) NOT-FOR-US: realtysoft pg_roomate_finder_solution CVE-2009-2773 (PHP remote file inclusion vulnerability in home.php in PHP Paid 4 Mail ...) NOT-FOR-US: shop 020 php_paid_4_mail_script CVE-2009-2774 (SQL injection vulnerability in paidbanner.php in PHP Paid 4 Mail ...) NOT-FOR-US: PHP Paid CVE-2009-2775 (SQL injection vulnerability in linkout.php in PHPArcadeScript (PHP ...) NOT-FOR-US: PHPArcadeScript PHP Arcade Script CVE-2009-2776 (SQL injection vulnerability in showresult.asp in Smart ASP Survey ...) NOT-FOR-US: Smart CVE-2009-2777 (SQL injection vulnerability in visitor/view.php in GarageSales Script ...) NOT-FOR-US: garagesalesjunkie garagesales_script CVE-2009-2778 (Cross-site scripting (XSS) vulnerability in visitor/view.php in ...) NOT-FOR-US: garagesalesjunkie garagesales_script CVE-2009-2779 (SQL injection vulnerability in index.php in AJ Matrix DNA allows ...) NOT-FOR-US: ajsquare aj_matrix_dna CVE-2009-2780 (Multiple cross-site scripting (XSS) vulnerabilities in 68 Classifieds ...) NOT-FOR-US: 68_classifieds CVE-2009-2781 (SQL injection vulnerability in forum.php in Arab Portal 2.x, when ...) NOT-FOR-US: arabportal arab_portal CVE-2009-2782 (SQL injection vulnerability in the JFusion (com_jfusion) component for ...) NOT-FOR-US: com_jfusion CVE-2009-2783 (Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.3.3 ...) BUG: 285020 CVE-2009-2784 (Multiple directory traversal vulnerabilities in dit.cms 1.3, when ...) NOT-FOR-US: ditcms dit cms CVE-2009-2785 (Multiple cross-site scripting (XSS) vulnerabilities in PHP Open ...) NOT-FOR-US: classifiedphpscript php_open_classifieds_script CVE-2009-2786 (SQL injection vulnerability in reputation.php in the Reputation plugin ...) NOT-FOR-US: reputation CVE-2009-2787 (Directory traversal vulnerability in ...) NOT-FOR-US: reputation CVE-2009-2788 (Multiple SQL injection vulnerabilities in Mobilelib GOLD 3 allow ...) NOT-FOR-US: mobilelib_gold CVE-2009-2789 (SQL injection vulnerability in the Permis (com_groups) component 1.0 ...) NOT-FOR-US: permis com_groups CVE-2009-2790 (SQL injection vulnerability in cat_products.php in SoftBiz Dating ...) NOT-FOR-US: softbiz dating_script CVE-2009-2791 (PHP remote file inclusion vulnerability in pda_projects.php in ...) NOT-FOR-US: webdynamite projectbutler CVE-2009-2792 (Directory traversal vulnerability in plugings/pagecontent.php in ...) NOT-FOR-US: joshua_oliver really_simple_cms CVE-2009-2793 (The kernel in NetBSD, probably 5.0.1 and earlier, on x86 platforms ...) NOT-FOR-US: netbsd CVE-2009-2794 (The Exchange Support component in Apple iPhone OS before 3.1, and ...) NOT-FOR-US: Apple iPhone OS CVE-2009-2795 (Heap-based buffer overflow in the Recovery Mode component in Apple ...) NOT-FOR-US: Recovery Mode component in Apple iPhone OS CVE-2009-2796 (The UIKit component in Apple iPhone OS 3.0, and iPhone OS 3.0.1 for ...) NOT-FOR-US: Apple iPhone OS CVE-2009-2797 (The WebKit component in Safari in Apple iPhone OS before 3.1, and ...) NOT-FOR-US: apple iphone_os CVE-2009-2798 (Heap-based buffer overflow in Apple QuickTime before 7.6.4 allows ...) NOT-FOR-US: Apple QuickTime CVE-2009-2799 (Heap-based buffer overflow in Apple QuickTime before 7.6.4 allows ...) NOT-FOR-US: Apple QuickTime CVE-2009-2800 (Buffer overflow in Alias Manager in Apple Mac OS X 10.4.11 and 10.5.8 ...) NOT-FOR-US: apple mac_os_x_server CVE-2009-2801 (The Application Firewall in Apple Mac OS X 10.5.8 drops unspecified ...) NOT-FOR-US: apple mac_os_x_server CVE-2009-2802 RESERVED CVE-2009-2803 (CarbonCore in Apple Mac OS X 10.4.11 and 10.5.8 allows attackers to ...) NOT-FOR-US: Apple Mac OS X CVE-2009-2804 (Integer overflow in ColorSync in Apple Mac OS X 10.4.11 and 10.5.8, ...) NOT-FOR-US: ColorSync in Apple Mac OS X CVE-2009-2805 (Integer overflow in CoreGraphics in Apple Mac OS X 10.4.11 and 10.5.8 ...) NOT-FOR-US: CoreGraphics in Apple Mac OS X CVE-2009-2806 RESERVED CVE-2009-2807 (Heap-based buffer overflow in the USB backend in CUPS in Apple Mac OS ...) NOT-FOR-US: apple mac_os_x_server CVE-2009-2808 (Help Viewer in Apple Mac OS X before 10.6.2 does not use an HTTPS ...) NOT-FOR-US: apple mac_os_x_server CVE-2009-2809 (ImageIO in Apple Mac OS X 10.4.11 and 10.5.8 allows remote attackers ...) NOT-FOR-US: Apple Mac OS X CVE-2009-2810 (Launch Services in Apple Mac OS X 10.6.x before 10.6.2 recursively ...) NOT-FOR-US: apple mac_os_x_server CVE-2009-2811 (Incomplete blacklist vulnerability in Launch Services in Apple Mac OS ...) NOT-FOR-US: Launch Services in Apple Mac OS X CVE-2009-2812 (Launch Services in Apple Mac OS X 10.5.8 does not properly recognize ...) NOT-FOR-US: Apple Mac OS X CVE-2009-2813 (Samba 3.4 before 3.4.2, 3.3 before 3.3.8, 3.2 before 3.2.15, and ...) NOT-FOR-US: Apple Mac OS X CVE-2009-2814 (Cross-site scripting (XSS) vulnerability in the Wiki Server in Apple ...) NOT-FOR-US: Wiki Server in Apple Mac OS X CVE-2009-2815 (The Telephony component in Apple iPhone OS before 3.1 does not ...) NOT-FOR-US: Apple iPhone OS CVE-2009-2816 (The implementation of Cross-Origin Resource Sharing (CORS) in WebKit, ...) TODO: check CVE-2009-2817 (Buffer overflow in Apple iTunes before 9.0.1 allows remote attackers ...) NOT-FOR-US: apple itunes CVE-2009-2818 (Adaptive Firewall in Apple Mac OS X before 10.6.2 does not properly ...) NOT-FOR-US: apple mac_os_x_server CVE-2009-2819 (AFP Client in Apple Mac OS X 10.5.8 allows remote AFP servers to ...) NOT-FOR-US: apple mac_os_x_server CVE-2009-2820 (The web interface in CUPS before 1.4.2, as used on Apple Mac OS X ...) NOT-FOR-US: apple mac_os_x_server CVE-2009-2821 RESERVED CVE-2009-2822 (AirPort Utility before 5.5.1 for Apple AirPort Base Station does not ...) NOT-FOR-US: apple airport_utility CVE-2009-2823 (The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the ...) NOT-FOR-US: apple mac_os_x_server CVE-2009-2824 (Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS ...) NOT-FOR-US: apple mac_os_x_server CVE-2009-2825 (Certificate Assistant in Apple Mac OS X before 10.6.2 does not ...) NOT-FOR-US: apple mac_os_x_server CVE-2009-2826 (Multiple integer overflows in CoreGraphics in Apple Mac OS X 10.5.8 ...) NOT-FOR-US: apple mac_os_x_server CVE-2009-2827 (Heap-based buffer overflow in Disk Images in Apple Mac OS X 10.5.8 ...) NOT-FOR-US: apple mac_os_x_server CVE-2009-2828 (The server in DirectoryService in Apple Mac OS X 10.5.8 allows remote ...) NOT-FOR-US: apple mac_os_x_server CVE-2009-2829 (Event Monitor in Apple Mac OS X 10.5.8 does not properly handle ...) NOT-FOR-US: apple mac_os_x_server CVE-2009-2830 (Multiple buffer overflows in Christos Zoulas file before 5.03 in Apple ...) NOT-FOR-US: apple mac_os_x_server CVE-2009-2831 (Dictionary in Apple Mac OS X 10.5.8 allows remote attackers to create ...) NOT-FOR-US: apple mac_os_x_server CVE-2009-2832 (Buffer overflow in FTP Server in Apple Mac OS X before 10.6.2 allows ...) NOT-FOR-US: apple mac_os_x_server CVE-2009-2833 (Buffer overflow in the UCCompareTextDefault API in International ...) NOT-FOR-US: apple mac_os_x_server CVE-2009-2834 (IOKit in Apple Mac OS X before 10.6.2 allows local users to modify the ...) NOT-FOR-US: apple mac_os_x_server CVE-2009-2835 (The kernel in Apple Mac OS X before 10.6.2 does not properly handle ...) NOT-FOR-US: apple mac_os_x_server CVE-2009-2836 (Race condition in Login Window in Apple Mac OS X 10.6.x before 10.6.2, ...) NOT-FOR-US: apple mac_os_x_server CVE-2009-2837 (Heap-based buffer overflow in QuickDraw Manager in Apple Mac OS X ...) NOT-FOR-US: apple mac_os_x CVE-2009-2838 (Integer overflow in QuickLook in Apple Mac OS X 10.5.8 allows remote ...) NOT-FOR-US: apple mac_os_x CVE-2009-2839 (Screen Sharing in Apple Mac OS X 10.5.8 allows remote VNC servers to ...) NOT-FOR-US: apple mac_os_x_server CVE-2009-2840 (Spotlight in Apple Mac OS X 10.5.8 does not properly handle temporary ...) NOT-FOR-US: apple mac_os_x_server CVE-2009-2841 (The HTMLMediaElement::loadResource function in ...) TODO: check CVE-2009-2842 (Apple Safari before 4.0.4 does not properly implement certain (1) Open ...) NOT-FOR-US: apple safari CVE-2009-2843 (Java for Mac OS X 10.5 before Update 6 and 10.6 before Update 1 ...) NOT-FOR-US: apple mac_os_x_server CVE-2009-2844 (cfg80211 in net/wireless/scan.c in the Linux kernel 2.6.30-rc1 and ...) BUG: 281562 CVE-2009-2845 REJECTED NOT-FOR-US: this CVE-2009-2846 (The eisa_eeprom_read function in the parisc isa-eeprom component ...) BUG: 281999 CVE-2009-2847 (The do_sigaltstack function in kernel/signal.c in Linux kernel 2.4 ...) BUG: 280425 CVE-2009-2848 (The execve function in the Linux kernel, possibly 2.6.30-rc6 and ...) BUG: 282003 CVE-2009-2849 (The md driver (drivers/md/md.c) in the Linux kernel before 2.6.30.2 ...) BUG: 282005 CVE-2009-2850 (Multiple buffer overflows in NASA Common Data Format (CDF) allow ...) BUG: 278679 CVE-2009-2851 (Cross-site scripting (XSS) vulnerability in the administrator ...) BUG: 278492 CVE-2009-2852 (WP-Syntax plugin 0.9.1 and earlier for Wordpress, with ...) NOT-FOR-US: We do not ship that plugin CVE-2009-2853 (Wordpress before 2.8.3 allows remote attackers to gain privileges via ...) BUG: 280346 CVE-2009-2854 (Wordpress before 2.8.3 does not check capabilities for certain ...) BUG: 280346 CVE-2009-2855 (The strListGetItem function in src/HttpHeaderTools.c in Squid 2.7 ...) BUG: 279380 CVE-2009-2856 (Sun Virtual Desktop Infrastructure (VDI) 3.0, when anonymous binding ...) NOT-FOR-US: Sun CVE-2009-2857 (The kernel in Sun Solaris 8, 9, and 10, and OpenSolaris before ...) NOT-FOR-US: Sun Solaris CVE-2009-2858 (Memory leak in the Security component in IBM DB2 8.1 before FP18 on ...) NOT-FOR-US: Security CVE-2009-2859 (IBM DB2 8.1 before FP18 allows attackers to obtain unspecified access ...) NOT-FOR-US: IBM CVE-2009-2860 (Unspecified vulnerability in db2jds in IBM DB2 8.1 before FP18 allows ...) NOT-FOR-US: db2jds CVE-2009-2861 (The Over-the-Air Provisioning (OTAP) functionality on Cisco Aironet ...) NOT-FOR-US: cisco lightweight_access_aoint CVE-2009-2862 (The Object Groups for Access Control Lists (ACLs) feature in Cisco IOS ...) NOT-FOR-US: cisco ios CVE-2009-2863 (Race condition in the Firewall Authentication Proxy feature in Cisco ...) NOT-FOR-US: cisco ios CVE-2009-2864 (Cisco Unified Communications Manager (aka CUCM, formerly CallManager) ...) NOT-FOR-US: cisco unified_communications_manager CVE-2009-2865 (Buffer overflow in the login implementation in the Extension Mobility ...) NOT-FOR-US: cisco ios CVE-2009-2866 (Unspecified vulnerability in Cisco IOS 12.2 through 12.4 allows remote ...) NOT-FOR-US: cisco ios CVE-2009-2867 (Unspecified vulnerability in Cisco IOS 12.2XNA, 12.2XNB, 12.2XNC, ...) NOT-FOR-US: cisco ios CVE-2009-2868 (Unspecified vulnerability in Cisco IOS 12.2 through 12.4, when ...) NOT-FOR-US: cisco ios CVE-2009-2869 (Unspecified vulnerability in Cisco IOS 12.2XNA, 12.2XNB, 12.2XNC, ...) NOT-FOR-US: cisco ios CVE-2009-2870 (Unspecified vulnerability in Cisco IOS 12.2 through 12.4, when the ...) NOT-FOR-US: cisco ios CVE-2009-2871 (Unspecified vulnerability in Cisco IOS 12.2 and 12.4, when SSLVPN ...) NOT-FOR-US: cisco ios CVE-2009-2872 (Cisco IOS 12.0 through 12.4, when IP-based tunnels and the Cisco ...) NOT-FOR-US: cisco ios CVE-2009-2873 (Cisco IOS 12.0 through 12.4, when IP-based tunnels and the Cisco ...) NOT-FOR-US: n CVE-2009-2874 (The TimesTenD process in Cisco Unified Presence 1.x, 6.x before ...) NOT-FOR-US: cisco unified_presence_server CVE-2009-2875 (Buffer overflow in atas32.dll in the Cisco WebEx WRF Player 26.x ...) NOT-FOR-US: Cisco WebEx WRF Player CVE-2009-2876 (Heap-based buffer overflow in atas32.dll in the Cisco WebEx WRF Player ...) NOT-FOR-US: Cisco WebEx WRF Player CVE-2009-2877 (Stack-based buffer overflow in ataudio.dll in the Cisco WebEx WRF ...) NOT-FOR-US: Cisco WebEx WRF Player CVE-2009-2878 (Heap-based buffer overflow in atas32.dll in the Cisco WebEx WRF Player ...) NOT-FOR-US: Cisco WebEx WRF Player CVE-2009-2879 (Heap-based buffer overflow in atas32.dll in the Cisco WebEx WRF Player ...) NOT-FOR-US: Cisco WebEx WRF Player CVE-2009-2880 (Buffer overflow in atrpui.dll in the Cisco WebEx WRF Player 26.x ...) NOT-FOR-US: Cisco WebEx WRF Player CVE-2009-2881 (Multiple SQL injection vulnerabilities in Basilic 1.5.13 allow remote ...) NOT-FOR-US: artis imag basilic CVE-2009-2882 (Multiple cross-site scripting (XSS) vulnerabilities in PG MatchMaking ...) NOT-FOR-US: datingpro matchmaking CVE-2009-2883 (SQL injection vulnerability in admin/login.php in SaphpLesson 4.0, ...) NOT-FOR-US: arabless saphplesson CVE-2009-2884 (Cross-site scripting (XSS) vulnerability in bios.php in PHP Scripts ...) NOT-FOR-US: phpscriptsnow world s_tallest_buildings CVE-2009-2885 (SQL injection vulnerability in bios.php in PHP Scripts Now World's ...) NOT-FOR-US: < CVE-2009-2886 (SQL injection vulnerability in bios.php in PHP Scripts Now President ...) NOT-FOR-US: phpscriptsnow president_bios CVE-2009-2887 (Cross-site scripting (XSS) vulnerability in bios.php in PHP Scripts ...) NOT-FOR-US: phpscriptsnow president_bios CVE-2009-2888 (SQL injection vulnerability in index.php in PHP Scripts Now Hangman ...) NOT-FOR-US: phpscriptsnow hangman CVE-2009-2889 (Cross-site scripting (XSS) vulnerability in index.php in PHP Scripts ...) NOT-FOR-US: phpscriptsnow hangman CVE-2009-2890 (Cross-site scripting (XSS) vulnerability in results.php in PHP Scripts ...) NOT-FOR-US: phpscriptsnow riddles CVE-2009-2891 (SQL injection vulnerability in list.php in PHP Scripts Now Riddles ...) NOT-FOR-US: phpscriptsnow riddles CVE-2009-2892 (Multiple SQL injection vulnerabilities in header.php in Scripteen Free ...) NOT-FOR-US: scripteen free_image_hosting_script CVE-2009-2893 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) NOT-FOR-US: xzeroscripts xzero_community_classifieds CVE-2009-2894 (Multiple SQL injection vulnerabilities in Ebay Clone 2009 allow remote ...) NOT-FOR-US: clone2009 ebay_clone CVE-2009-2895 (SQL injection vulnerability in rss.php in Ultimate Regnow Affiliate ...) NOT-FOR-US: phpsugar ultimate_regnow_affiliate CVE-2009-2896 (Buffer overflow in KMplayer 2.9.4.1433 and earlier allows remote ...) NOT-FOR-US: this is not the kde kmplayer CVE-2009-2897 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: springsource tc_server CVE-2009-2898 (Cross-site scripting (XSS) vulnerability in the Alerts list feature in ...) NOT-FOR-US: springsource tc_server CVE-2009-2899 RESERVED CVE-2009-2900 RESERVED CVE-2009-2901 (The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and ...) BUG: 303719 CVE-2009-2902 (Directory traversal vulnerability in Apache Tomcat 5.5.0 through ...) BUG: 303719 CVE-2009-2903 (Memory leak in the appletalk subsystem in the Linux kernel 2.4.x ...) BUG: 284894 CVE-2009-2904 (A certain Red Hat modification to the ChrootDirectory feature in ...) NOT-FOR-US: openssh CVE-2009-2905 (Heap-based buffer overflow in textbox.c in newt 0.51.5, 0.51.6, and ...) BUG: 285854 CVE-2009-2906 (smbd in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8, ...) BUG: 290633 CVE-2009-2907 (Multiple cross-site scripting (XSS) vulnerabilities in SpringSource tc ...) NOT-FOR-US: springsource tc_server CVE-2009-2908 (The d_delete function in fs/ecryptfs/inode.c in eCryptfs in the Linux ...) BUG: 288014 CVE-2009-2909 (Integer signedness error in the ax25_setsockopt function in ...) BUG: 289914 CVE-2009-2910 (arch/x86/ia32/ia32entry.S in the Linux kernel before 2.6.31.4 on the ...) BUG: 289915 CVE-2009-2911 (SystemTap 1.0, when the --unprivileged option is used, does not ...) BUG: 290218 CVE-2009-2912 (The (1) sendfile and (2) sendfilev functions in Sun Solaris 8 through ...) NOT-FOR-US: sun solaris CVE-2009-2913 (Cross-site scripting (XSS) vulnerability in index.php in XZero ...) NOT-FOR-US: xzeroscripts xzero_community_classifieds CVE-2009-2914 (Cross-site scripting (XSS) vulnerability in index.php in XZero ...) NOT-FOR-US: xzeroscripts xzero_community_classifieds CVE-2009-2915 (SQL injection vulnerability in 2fly_gift.php in 2FLY Gift Delivery ...) NOT-FOR-US: 2fly gift_delivery_system CVE-2009-2916 (Format string vulnerability in the CNS_AddTxt function in logs.dll in ...) NOT-FOR-US: 2kgames vietcong2 CVE-2009-2917 (Stack-based buffer overflow in ImTOO MPEG Encoder 3.1.53 allows remote ...) NOT-FOR-US: imtoo mpeg_encoder CVE-2009-2918 (The tgbvpn.sys driver in TheGreenBow IPSec VPN Client 4.61.003 allows ...) NOT-FOR-US: thegreenbow_vpn_client CVE-2009-2919 (Cross-site scripting (XSS) vulnerability in Boonex Orca 2.0 and 2.0.2 ...) NOT-FOR-US: boonex orca CVE-2009-2920 (Multiple cross-site scripting (XSS) vulnerabilities in Elvin 1.2.2 ...) NOT-FOR-US: elvinbts CVE-2009-2921 (Multiple SQL injection vulnerabilities in login.php in MOC Designs PHP ...) NOT-FOR-US: mocdesigns php_news CVE-2009-2922 (Absolute path traversal vulnerability in pixaria.image.php in Pixaria ...) NOT-FOR-US: pixaria_gallery CVE-2009-2923 (Multiple directory traversal vulnerabilities in BitmixSoft PHP-Lance ...) NOT-FOR-US: bitmixsoft php lance CVE-2009-2924 (Multiple SQL injection vulnerabilities in Videos Broadcast Yourself 2 ...) NOT-FOR-US: videosbroadcastyourself videos_broadcast_yourself CVE-2009-2925 (Directory traversal vulnerability in DJcalendar.cgi in DJCalendar ...) NOT-FOR-US: djcalendar CVE-2009-2926 (Multiple SQL injection vulnerabilities in PHP Competition System BETA ...) NOT-FOR-US: phpcompet free php_competition_system CVE-2009-2927 (SQL injection vulnerability in DetailFile.php in DigitalSpinners DS ...) NOT-FOR-US: digitalspinners ds_cms CVE-2009-2928 (Cross-site scripting (XSS) vulnerability in login.php in TGS Content ...) NOT-FOR-US: tgs cms tgs_content_management CVE-2009-2929 (Multiple SQL injection vulnerabilities in TGS Content Management 0.x ...) NOT-FOR-US: tgs cms tgs_content_management CVE-2009-2930 (Cross-site scripting (XSS) vulnerability in the Search feature in elka ...) NOT-FOR-US: elkagroup elkapax_cms CVE-2009-2931 (Directory traversal vulnerability in p.php in SlideShowPro Director ...) NOT-FOR-US: slideshowpro director CVE-2009-2932 (Cross-site scripting (XSS) vulnerability in uddiclient/process in the ...) NOT-FOR-US: sap netweaver CVE-2009-2933 (SQL injection vulnerability in comments.php in Piwigo before 2.0.3 ...) NOT-FOR-US: piwigo CVE-2009-2934 (Multiple stack-based buffer overflows in xaudio.dll in Programmed ...) NOT-FOR-US: programmedintegration pipl CVE-2009-2935 (Google V8, as used in Google Chrome before 2.0.172.43, allows remote ...) BUG: 285006 CVE-2009-2936 (** DISPUTED ** The Command Line Interface (aka Server CLI or ...) NOT-FOR-US: Will not be fixed upstream CVE-2009-2937 (Cross-site scripting (XSS) vulnerability in Planet 2.0 and Planet ...) NOT-FOR-US: Planet CVE-2009-2938 RESERVED CVE-2009-2939 (The postfix.postinst script in the Debian GNU/Linux and Ubuntu postfix ...) NOT-FOR-US: Debian GNU Linux and Ubuntu postfix CVE-2009-2940 (The pygresql module 3.8.1 and 4.0 for Python does not properly support ...) BUG: 289228 CVE-2009-2941 RESERVED CVE-2009-2942 (The mysql-ocaml bindings 1.0.4 for MySQL do not properly support the ...) BUG: 289226 CVE-2009-2943 (The postgresql-ocaml bindings 1.5.4, 1.7.0, and 1.12.1 for PostgreSQL ...) BUG: 289222 CVE-2009-2944 (Incomplete blacklist vulnerability in the teximg plugin in ikiwiki ...) NOT-FOR-US: Not in the tree, notified in bug 144453 CVE-2009-2945 (weblogin/login.fcgi (aka the WebLogin login script) in Stanford ...) NOT-FOR-US: Not yet in-tree, notified in bug 235140. CVE-2009-2946 (Eval injection vulnerability in scripts/uscan.pl before Rev 1984 in ...) NOT-FOR-US: scripts uscan pl before Rev CVE-2009-2947 (Cross-site scripting (XSS) vulnerability in Xapian Omega before 1.0.16 ...) NOT-FOR-US: xapian CVE-2009-2948 (mount.cifs in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before ...) BUG: 290633 CVE-2009-2949 (Integer overflow in the XPMReader::ReadXPM function in ...) BUG: 305195 CVE-2009-2950 (Heap-based buffer overflow in the ...) BUG: 305195 CVE-2009-2951 (Phenotype CMS before 2.9 does not use a random salt value for password ...) NOT-FOR-US: phenotype cms phenotype_cms CVE-2009-2952 (Unspecified vulnerability in the pollwakeup function in Sun Solaris ...) NOT-FOR-US: pollwakeup function in Sun Solaris CVE-2009-2953 (Mozilla Firefox 3.0.6 through 3.0.13, and 3.5.x, allows remote ...) TODO: check CVE-2009-2954 (Microsoft Internet Explorer 6.0.2900.2180 and earlier allows remote ...) NOT-FOR-US: Microsoft CVE-2009-2955 (Google Chrome 1.0.154.48 and earlier allows remote attackers to cause ...) BUG: 285006 CVE-2009-2956 (The (1) Net.Commerce and (2) Net.Data components in IBM WebSphere ...) NOT-FOR-US: IBM CVE-2009-2957 (Heap-based buffer overflow in the tftp_request function in tftp.c in ...) BUG: 282653 CVE-2009-2958 (The tftp_request function in tftp.c in dnsmasq before 2.50, when ...) BUG: 282653 CVE-2009-2959 (Cross-site scripting (XSS) vulnerability in the waterfall web status ...) BUG: 282855 CVE-2009-2960 (CuteFlow 2.10.3 and 2.11.0_c does not properly restrict access to ...) NOT-FOR-US: cuteflow CVE-2009-2961 (Stack-based buffer overflow in Thaddy de Konng KOL Player 1.0 allows ...) NOT-FOR-US: kolmck kol_player CVE-2009-2962 REJECTED NOT-FOR-US: this CVE-2009-2963 (Unspecified vulnerability in the update feature in Toolbar Uninstaller ...) NOT-FOR-US: decomputeur toolbar_uninstaller CVE-2009-2964 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...) BUG: 281580 CVE-2009-2965 (Cross-site scripting (XSS) vulnerability in entry/index.jsp in ...) NOT-FOR-US: radvision scopia CVE-2009-2966 (avp.exe in Kaspersky Internet Security 9.0.0.459 and Anti-Virus ...) NOT-FOR-US: kaspersky_internet_security CVE-2009-2967 (Multiple cross-site scripting (XSS) vulnerabilities in Buildbot 0.7.6 ...) BUG: 282855 CVE-2009-2968 (Directory traversal vulnerability in a support component in the web ...) NOT-FOR-US: vmware_studio CVE-2009-2969 RESERVED CVE-2009-2970 (Stack-based buffer overflow in the GetUiDllVersion function in an ...) NOT-FOR-US: GetUiDllVersion function in an ActiveX control in UiCheck dll CVE-2009-2971 RESERVED CVE-2009-2972 (in.lpd in the print service in Sun Solaris 8 and 9 allows remote ...) NOT-FOR-US: print service in Sun Solaris CVE-2009-2973 (Google Chrome before 2.0.172.43 does not prevent SSL connections to a ...) BUG: 285006 CVE-2009-2974 (Google Chrome 1.0.154.65, 1.0.154.48, and earlier allows remote ...) BUG: 285006 CVE-2009-2975 (Mozilla Firefox 3.5.2 on Windows XP, in some situations possibly ...) NOT-FOR-US: Windows only CVE-2009-2976 (Cisco Aironet Lightweight Access Point (AP) devices send the contents ...) NOT-FOR-US: cleartext CVE-2009-2977 (The Cisco Security Monitoring, Analysis and Response System (CS-MARS) ...) NOT-FOR-US: log sysbacktrace CVE-2009-2978 (SQL injection vulnerability in SugarCRM 4.5.1o and earlier, 5.0.0k and ...) NOT-FOR-US: Not in portage, notified in bug 103295 CVE-2009-2979 (Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and ...) BUG: 289016 CVE-2009-2980 (Integer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x ...) BUG: 289016 CVE-2009-2981 (Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x ...) BUG: 289016 CVE-2009-2982 (An unspecified certificate in Adobe Reader and Acrobat 9.x before 9.2, ...) BUG: 289016 CVE-2009-2983 (Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and ...) BUG: 289016 CVE-2009-2984 (Unspecified vulnerability in the image decoder in Adobe Acrobat 9.x ...) BUG: 289016 CVE-2009-2985 (Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x ...) BUG: 289016 CVE-2009-2986 (Multiple heap-based buffer overflows in Adobe Reader and Acrobat 7.x ...) BUG: 289016 CVE-2009-2987 (Unspecified vulnerability in an ActiveX control in Adobe Reader and ...) NOT-FOR-US: an ActiveX control in Adobe Reader and Acrobat CVE-2009-2988 (Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x ...) BUG: 289016 CVE-2009-2989 (Integer overflow in Adobe Acrobat 9.x before 9.2, 8.x before 8.1.7, ...) BUG: 289016 CVE-2009-2990 (Array index error in Adobe Reader and Acrobat 9.x before 9.2, 8.x ...) BUG: 289016 CVE-2009-2991 (Unspecified vulnerability in the Mozilla plug-in in Adobe Reader and ...) BUG: 289016 CVE-2009-2992 (An unspecified ActiveX control in Adobe Reader and Acrobat 9.x before ...) BUG: 289016 CVE-2009-2993 (The JavaScript for Acrobat API in Adobe Reader and Acrobat 7.x before ...) BUG: 289016 CVE-2009-2994 (Buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x ...) BUG: 289016 CVE-2009-2995 (Integer overflow in Adobe Acrobat 7.x before 7.1.4, 8.x before 8.1.7, ...) BUG: 289016 CVE-2009-2996 (Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x ...) BUG: 289016 CVE-2009-2997 (Heap-based buffer overflow in Adobe Reader and Acrobat 7.x before ...) BUG: 289016 CVE-2009-2998 (Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x ...) BUG: 289016 CVE-2009-2999 (The com.android.phone process in Android 1.5 CRBxx allows remote ...) NOT-FOR-US: android CVE-2009-3000 (The sockfs module in the kernel in Sun Solaris 10 and OpenSolaris ...) NOT-FOR-US: sun solaris CVE-2009-3001 (The llc_ui_getname function in net/llc/af_llc.c in the Linux kernel ...) BUG: 283824 CVE-2009-3002 (The Linux kernel before 2.6.31-rc7 does not initialize certain data ...) BUG: 283825 CVE-2009-3003 (Microsoft Internet Explorer 6 through 8 allows remote attackers to ...) NOT-FOR-US: microsoft internet_explorer CVE-2009-3004 (Avant Browser 11.7 Builds 35 and 36 allows remote attackers to spoof ...) NOT-FOR-US: avant_force avant_browser CVE-2009-3005 (Lunascape 5.1.3 and 5.1.4 allows remote attackers to spoof the address ...) NOT-FOR-US: lunascape CVE-2009-3006 (Maxthon Browser 2.5.3.80 UNICODE allows remote attackers to spoof the ...) NOT-FOR-US: maxthon_browser CVE-2009-3007 (Mozilla Firefox 3.5.1 and SeaMonkey 1.1.17, and Flock 2.5.1, allow ...) TODO: check CVE-2009-3008 (K-Meleon 1.5.3 allows context-dependent attackers to spoof the address ...) NOT-FOR-US: christophe_thibault k meleon CVE-2009-3009 (Cross-site scripting (XSS) vulnerability in Ruby on Rails 2.x before ...) BUG: 283369 CVE-2009-3010 (Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre; ...) TODO: check CVE-2009-3011 (Google Chrome 1.0.154.48 and earlier, 2.0.172.28, 2.0.172.37, and ...) BUG: 285006 CVE-2009-3012 (Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre ...) TODO: check CVE-2009-3013 (Opera 9.52 and earlier, and 10.00 Beta 3 Build 1699, does not properly ...) BUG: 294680 CVE-2009-3014 (Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre; ...) TODO: check CVE-2009-3015 (QtWeb 3.0 Builds 001 and 003 does not properly block javascript: and ...) NOT-FOR-US: qtweb CVE-2009-3016 (Apple Safari 4.0.3 does not properly block javascript: and data: URIs ...) TODO: check CVE-2009-3017 (Orca Browser 1.2 build 5 does not properly block data: URIs in Refresh ...) NOT-FOR-US: orcabrowser orca_browser CVE-2009-3018 (Maxthon Browser 3.0.0.145 Alpha with Ultramode does not properly block ...) NOT-FOR-US: maxthon_browser CVE-2009-3019 (Microsoft Internet Explorer 6 on Windows XP SP2 and SP3, and Internet ...) NOT-FOR-US: Microsoft CVE-2009-3020 (win32k.sys in Microsoft Windows Server 2003 SP2 allows remote ...) NOT-FOR-US: t CVE-2009-3021 (Cross-site scripting (XSS) vulnerability in Site Calendar 'mycaljp' ...) NOT-FOR-US: Site Calendar mycaljp plugin CVE-2009-3022 (Cross-site request forgery (CSRF) vulnerability in bingo!CMS 1.2 and ...) NOT-FOR-US: bingo CMS CVE-2009-3023 (Buffer overflow in the FTP Service in Microsoft Internet Information ...) NOT-FOR-US: FTP server in Microsoft IIS CVE-2009-3024 (The verify_hostname_of_cert function in the certificate checking ...) BUG: 276360 CVE-2009-3025 (Unspecified vulnerability in Pidgin 2.6.0 allows remote attackers to ...) NOT-FOR-US: Did not have this version in the tree CVE-2009-3026 (protocols/jabber/auth.c in libpurple in Pidgin 2.6.0, and possibly ...) BUG: 283324 CVE-2009-3027 (VRTSweb.exe in VRTSweb in Symantec Backup Exec Continuous Protection ...) NOT-FOR-US: VRTSweb in Symantec Backup Exec Continuous Protection Server CPS CVE-2009-3028 RESERVED CVE-2009-3029 (Cross-site scripting (XSS) vulnerability in the console in Symantec ...) NOT-FOR-US: symantec securityexpressions_audit_and_compliance_server CVE-2009-3030 (Cross-site scripting (XSS) vulnerability in Symantec ...) NOT-FOR-US: symantec securityexpressions_audit_and_compliance_server CVE-2009-3031 (Stack-based buffer overflow in the BrowseAndSaveFile method in the ...) NOT-FOR-US: symantec altiris_notification_server CVE-2009-3032 (Integer overflow in kvolefio.dll 8.5.0.8339 and 10.5.0.0 in the ...) NOT-FOR-US: symantec mail_security CVE-2009-3033 (Buffer overflow in the RunCmd method in the Altiris eXpress NS Console ...) NOT-FOR-US: symantec altiris_notification_server CVE-2009-3034 RESERVED CVE-2009-3035 (The web console in Symantec Altiris Notification Server 6.0.x before ...) NOT-FOR-US: symantec altiris_notification_server CVE-2009-3036 (Cross-site scripting (XSS) vulnerability in the console in Symantec IM ...) NOT-FOR-US: symantec im_manager CVE-2009-3037 (Buffer overflow in xlssr.dll in the Autonomy KeyView XLS viewer (aka ...) NOT-FOR-US: Autonomy KeyView XLS viewer aka File Viewer for Excel as used in IBM Lotus Notes CVE-2009-3038 (A certain ActiveX control in lnresobject.dll 7.1.1.119 in the Research ...) NOT-FOR-US: lnresobject dll CVE-2009-3039 RESERVED CVE-2009-3040 (Multiple SQL injection vulnerabilities in Open Computer and Software ...) NOT-FOR-US: Open Computer and Software OCS Inventory NG CVE-2009-3041 (SPIP 1.9 before 1.9.2i and 2.0.x through 2.0.8 does not use proper ...) NOT-FOR-US: wild in August CVE-2009-3042 (SQL injection vulnerability in machine.php in Open Computer and ...) NOT-FOR-US: Open Computer and Software OCS Inventory NG CVE-2009-3043 (The tty_ldisc_hangup function in drivers/char/tty_ldisc.c in the Linux ...) BUG: 283826 CVE-2009-3044 (Opera before 10.00 does not properly handle a (1) '\0' character or ...) BUG: 283391 CVE-2009-3045 (Opera before 10.00 trusts root X.509 certificates signed with the MD2 ...) BUG: 283391 CVE-2009-3046 (Opera before 10.00 does not check all intermediate X.509 certificates ...) BUG: 283391 CVE-2009-3047 (Opera before 10.00, when a collapsed address bar is used, does not ...) BUG: 283391 CVE-2009-3048 (Opera before 10.00 on Linux, Solaris, and FreeBSD does not properly ...) BUG: 283391 CVE-2009-3049 (Opera before 10.00 does not properly display all characters in ...) BUG: 283391 CVE-2009-3050 (Buffer overflow in the set_page_size function in util.cxx in HTMLDOC ...) BUG: 278186 CVE-2009-3051 (Multiple format string vulnerabilities in ...) BUG: 284561 CVE-2009-3052 (SQL injection vulnerability in root/includes/prime_quick_style.php in ...) NOT-FOR-US: absoluteanime prime_quick_style CVE-2009-3053 (Directory traversal vulnerability in the Agora (com_agora) component ...) NOT-FOR-US: jvitals com_agora CVE-2009-3054 (SQL injection vulnerability in the Artetics.com Art Portal ...) NOT-FOR-US: artetics com_artportal CVE-2009-3055 (PHP remote file inclusion vulnerability in engine/api/api.class.php in ...) NOT-FOR-US: dlecms dle CVE-2009-3056 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: bas_bloemsaat kingcms CVE-2009-3057 (Multiple cross-site scripting (XSS) vulnerabilities in AOM Software ...) NOT-FOR-US: aom software beex CVE-2009-3058 (Stack-based buffer overflow in akPlayer 1.9.0 allows remote attackers ...) NOT-FOR-US: aksoft akplayer CVE-2009-3059 (Multiple SQL injection vulnerabilities in Joker Board (aka JBoard) 2.0 ...) NOT-FOR-US: allpublication jboard CVE-2009-3060 (Multiple cross-site scripting (XSS) vulnerabilities in Joker Board ...) NOT-FOR-US: allpublication jboard CVE-2009-3061 (SQL injection vulnerability in lesson.php in Alqatari Q R Script 1.0 ...) NOT-FOR-US: alqa6ari script_q_r CVE-2009-3062 (SQL injection vulnerability in message_box.php in OSI Codes PHP Live! ...) NOT-FOR-US: phplivesupport phplive CVE-2009-3063 (SQL injection vulnerability in the Game Server (com_gameserver) ...) NOT-FOR-US: indianpulses com_gameserver CVE-2009-3064 (Directory traversal vulnerability in debugger/debug_php.php in Ve-EDIT ...) NOT-FOR-US: rein_velt vedit CVE-2009-3065 (PHP remote file inclusion vulnerability in editor/edit_htmlarea.php in ...) NOT-FOR-US: rein_velt vedit CVE-2009-3066 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: propertywatchscript property_watch CVE-2009-3067 (Cross-site scripting (XSS) vulnerability in index.php in Reservation ...) NOT-FOR-US: webformatique reservation_manager CVE-2009-3068 (Unrestricted file upload vulnerability in the RoboHelpServer Servlet ...) NOT-FOR-US: Adobe RoboHelp Server CVE-2009-3069 (Unspecified vulnerability in the browser engine in Mozilla Firefox ...) BUG: 284441 CVE-2009-3070 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) BUG: 284439 CVE-2009-3071 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) BUG: 284439 CVE-2009-3072 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) BUG: 284441 BUG: 284439 CVE-2009-3073 (Unspecified vulnerability in the JavaScript engine in Mozilla Firefox ...) BUG: 284441 CVE-2009-3074 (Unspecified vulnerability in the JavaScript engine in Mozilla Firefox ...) BUG: 284439 CVE-2009-3075 (Multiple unspecified vulnerabilities in the JavaScript engine in ...) BUG: 284439 CVE-2009-3076 (Mozilla Firefox before 3.0.14 does not properly implement certain ...) BUG: 284439 CVE-2009-3077 (Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, does not ...) BUG: 284441 BUG: 284439 CVE-2009-3078 (Visual truncation vulnerability in Mozilla Firefox before 3.0.14, and ...) BUG: 284441 BUG: 284439 CVE-2009-3079 (Unspecified vulnerability in Mozilla Firefox before 3.0.14, and 3.5.x ...) BUG: 284441 BUG: 284439 CVE-2009-3080 (Array index error in the gdth_read_event function in ...) BUG: 293751 CVE-2009-3081 (SQL injection vulnerability in index.php in Uiga Church Portal allows ...) NOT-FOR-US: Uiga CVE-2009-3082 (SQL injection vulnerability in wcategory.php in Snow Hall Silurus ...) NOT-FOR-US: Snow Hall Silurus System CVE-2009-3083 (The msn_slp_sip_recv function in libpurple/protocols/msn/slp.c in the ...) BUG: 283814 CVE-2009-3084 (The msn_slp_process_msg function in libpurple/protocols/msn/slpcall.c ...) BUG: 283814 CVE-2009-3085 (The XMPP protocol plugin in libpurple in Pidgin before 2.6.2 does not ...) BUG: 283814 CVE-2009-3086 (A certain algorithm in Ruby on Rails 2.1.0 through 2.2.2, and 2.3.x ...) BUG: 283396 CVE-2009-3087 (Unspecified vulnerability in nserver.exe in the server in IBM Lotus ...) NOT-FOR-US: server in IBM Lotus Domino CVE-2009-3088 (Heap-based buffer overflow in ibmdiradm in IBM Tivoli Directory Server ...) NOT-FOR-US: ibmdiradm in IBM Tivoli Directory Server TDS CVE-2009-3089 (IBM Tivoli Directory Server (TDS) 6.0 allows remote attackers to cause ...) NOT-FOR-US: administration server on Linux as demonstrated by certain modules in VulnDisco Pack Professional CVE-2009-3090 (Unspecified vulnerability in IBM Tivoli Directory Server (TDS) 6.0 on ...) NOT-FOR-US: IBM Tivoli Directory Server TDS CVE-2009-3091 (Unspecified vulnerability on the ASUS WL-330gE has unknown impact and ...) NOT-FOR-US: VulnDisco Pack Professional CVE-2009-3092 (Buffer overflow on the ASUS WL-500W wireless router has unknown impact ...) NOT-FOR-US: VulnDisco Pack Professional CVE-2009-3093 (Unspecified vulnerability on the ASUS WL-500W wireless router has ...) NOT-FOR-US: VulnDisco Pack Professional CVE-2009-3094 (The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the ...) BUG: 283729 CVE-2009-3095 (The mod_proxy_ftp module in the Apache HTTP Server allows remote ...) BUG: 283729 CVE-2009-3096 (Multiple unspecified vulnerabilities in HP Performance Insight 5.3 ...) NOT-FOR-US: HP Performance Insight CVE-2009-3097 (Multiple unspecified vulnerabilities in HP Performance Insight 5.3 on ...) NOT-FOR-US: HP Performance Insight CVE-2009-3098 (Unspecified vulnerability in the Portal in HP Operations Dashboard 2.1 ...) NOT-FOR-US: Portal in HP Operations Dashboard CVE-2009-3099 (Unspecified vulnerability in HP OpenView Operations Manager 8.1 on ...) NOT-FOR-US: HP OpenView Operations Manager CVE-2009-3100 (xscreensaver (aka Gnome-XScreenSaver) in Sun Solaris 9 and 10, ...) NOT-FOR-US: Sun Solaris CVE-2009-3101 (xscreensaver (aka Gnome-XScreenSaver) in Sun Solaris 10, and ...) NOT-FOR-US: Sun Solaris CVE-2009-3102 (The doHotCopy subroutine in socket-server.pl in Zmanda Recovery ...) NOT-FOR-US: Zmanda Recovery Manager ZRM for MySQL CVE-2009-3103 (Array index error in the SMBv2 protocol implementation in srv2.sys in ...) NOT-FOR-US: microsoft windows_vista CVE-2009-3104 (Unspecified vulnerability in Symantec Norton AntiVirus 2005 through ...) NOT-FOR-US: symantec norton_antivirus CVE-2009-3105 (Cross-site scripting (XSS) vulnerability in IBM Lotus iNotes (aka ...) NOT-FOR-US: ibm domino_web_access CVE-2009-3106 (The Servlet Engine/Web Container component in IBM WebSphere ...) NOT-FOR-US: ibm websphere_application_server CVE-2009-3107 (Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430 ...) NOT-FOR-US: symantec altiris_deployment_solution CVE-2009-3108 (The Aclient GUI in Symantec Altiris Deployment Solution 6.9.x before ...) NOT-FOR-US: symantec altiris_deployment_solution CVE-2009-3109 (Unspecified vulnerability in the AClient agent in Symantec Altiris ...) NOT-FOR-US: AClient agent in Symantec Altiris Deployment Solution CVE-2009-3110 (Race condition in the file transfer functionality in Symantec Altiris ...) NOT-FOR-US: symantec altiris_deployment_solution CVE-2009-3111 (The rad_decode function in FreeRADIUS before 1.1.8 allows remote ...) BUG: 284454 CVE-2009-3112 (Unspecified vulnerability in OXID eShop Professional, Enterprise, and ...) NOT-FOR-US: OXID eShop Professional Enterprise and Community Edition CVE-2009-3113 (Unspecified vulnerability in OXID eShop Professional, Enterprise, and ...) NOT-FOR-US: OXID eShop Professional Enterprise and Community Edition CVE-2009-3114 (The RSS reader widget in IBM Lotus Notes 8.0 and 8.5 saves items from ...) NOT-FOR-US: IBM Lotus Notes CVE-2009-3115 (SolarWinds TFTP Server 9.2.0.111 and earlier allows remote attackers ...) NOT-FOR-US: SolarWinds CVE-2009-3116 (SQL injection vulnerability in index.php in Uiga Church Portal allows ...) NOT-FOR-US: Uiga CVE-2009-3117 (SQL injection vulnerability in category.php in Snow Hall Silurus ...) NOT-FOR-US: Snow Hall Silurus System CVE-2009-3118 (SQL injection vulnerability in mod/poll/comment.php in the vote module ...) NOT-FOR-US: vote module in Danneo CMS CVE-2009-3119 (SQL injection vulnerability in screen.php in the Download System mSF ...) NOT-FOR-US: Download CVE-2009-3120 (Cross-site scripting (XSS) vulnerability in public/index.php in BIGACE ...) NOT-FOR-US: BIGACE Web CMS CVE-2009-3121 (Cross-site scripting (XSS) vulnerability in the Ajax Table module 5.x ...) NOT-FOR-US: Ajax Table module CVE-2009-3122 (The Ajax Table module 5.x for Drupal does not perform access control, ...) NOT-FOR-US: Ajax CVE-2009-3123 (Directory traversal vulnerability in gallery/gallery.php in Wap-Motor ...) NOT-FOR-US: Wap Motor CVE-2009-3124 (Directory traversal vulnerability in get_message.cgi in QuarkMail ...) NOT-FOR-US: QuarkMail CVE-2009-3125 (SQL injection vulnerability in the Bug.search WebService function in ...) BUG: 284824 CVE-2009-3126 (Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows ...) NOT-FOR-US: microsoft windows_xp CVE-2009-3127 (Microsoft Office Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for ...) NOT-FOR-US: microsoft open_xml_file_format_converter CVE-2009-3128 (Microsoft Office Excel 2002 SP3 and 2003 SP3, and Office Excel Viewer ...) NOT-FOR-US: microsoft open_xml_file_format_converter CVE-2009-3129 (Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; ...) NOT-FOR-US: microsoft open_xml_file_format_converter CVE-2009-3130 (Heap-based buffer overflow in Microsoft Office Excel 2002 SP3, Office ...) NOT-FOR-US: microsoft open_xml_file_format_converter CVE-2009-3131 (Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; ...) NOT-FOR-US: microsoft open_xml_file_format_converter CVE-2009-3132 (Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; ...) NOT-FOR-US: microsoft open_xml_file_format_converter CVE-2009-3133 (Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and ...) NOT-FOR-US: microsoft open_xml_file_format_converter CVE-2009-3134 (Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; ...) NOT-FOR-US: microsoft open_xml_file_format_converter CVE-2009-3135 (Stack-based buffer overflow in Microsoft Office Word 2002 SP3 and 2003 ...) NOT-FOR-US: microsoft open_xml_file_format_converter CVE-2009-3136 RESERVED CVE-2009-3137 RESERVED CVE-2009-3138 RESERVED CVE-2009-3139 RESERVED CVE-2009-3140 RESERVED CVE-2009-3141 RESERVED CVE-2009-3142 RESERVED CVE-2009-3143 RESERVED CVE-2009-3144 RESERVED CVE-2009-3145 RESERVED CVE-2009-3146 (Cross-site scripting (XSS) vulnerability in search_advance.php in ...) NOT-FOR-US: articlefriend_script CVE-2009-3147 (Cross-site scripting (XSS) vulnerability in showproduct.php in ...) NOT-FOR-US: allenthusiast reviewpost_php_pro CVE-2009-3148 (Multiple SQL injection vulnerabilities in PortalXP Teacher Edition 1.2 ...) NOT-FOR-US: portalxp CVE-2009-3149 (Directory traversal vulnerability in _css/js.php in Elgg 1.5, when ...) NOT-FOR-US: Elgg CVE-2009-3150 (SQL injection vulnerability in index.php in Multi Website 1.5 allows ...) NOT-FOR-US: Multi Website CVE-2009-3151 (Directory traversal vulnerability in actions/downloadFile.php in ...) NOT-FOR-US: Ultrize TimeSheet CVE-2009-3152 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: NTSOFT CVE-2009-3153 (Multiple cross-site scripting (XSS) vulnerabilities in x10 MP3 Search ...) NOT-FOR-US: x10 CVE-2009-3154 (SQL injection vulnerability in the Almond Classifieds (com_aclassf) ...) NOT-FOR-US: Almond Classifieds com_aclassf component CVE-2009-3155 (Cross-site scripting (XSS) vulnerability in gmap.php in the Almond ...) NOT-FOR-US: Almond Classifieds com_aclassf component CVE-2009-3156 (Cross-site scripting (XSS) vulnerability in the Date Tools sub-module ...) NOT-FOR-US: 3rdparty CVE-2009-3157 (Cross-site scripting (XSS) vulnerability in the Calendar module 6.x ...) NOT-FOR-US: 3rdpary CVE-2009-3158 (admin/files.php in simplePHPWeb 0.2 does not require authentication, ...) NOT-FOR-US: simplePHPWeb CVE-2009-3159 (Unspecified vulnerability in the rriDecompress function in IBM ...) NOT-FOR-US: rriDecompress function in IBM WebSphere MQ CVE-2009-3160 (IBM WebSphere MQ 6.x through 6.0.2.7, 7.0.0.0, 7.0.0.1, 7.0.0.2, and ...) NOT-FOR-US: IBM CVE-2009-3161 (The server in IBM WebSphere MQ 7.0.0.1, 7.0.0.2, and 7.0.1.0 allows ...) NOT-FOR-US: IBM WebSphere MQ CVE-2009-3162 (Cross-site scripting (XSS) vulnerability in Multi Website 1.5 allows ...) NOT-FOR-US: Multi Website CVE-2009-3163 (Multiple format string vulnerabilities in lib/silcclient/command.c in ...) BUG: 284561 CVE-2009-3164 (Unspecified vulnerability in the IPv6 networking stack in Sun Solaris ...) NOT-FOR-US: Sun Solaris CVE-2009-3165 (SQL injection vulnerability in the Bug.create WebService function in ...) BUG: 284824 CVE-2009-3166 (token.cgi in Bugzilla 3.4rc1 through 3.4.1 places a password in a URL ...) BUG: 284824 CVE-2009-3167 (Directory traversal vulnerability in index.php in Anantasoft Gazelle ...) NOT-FOR-US: anantasoft gazelle_cms CVE-2009-3168 (Mevin Productions Basic PHP Events Lister 2.0 does not properly ...) NOT-FOR-US: Mevin CVE-2009-3169 (Multiple unspecified vulnerabilities in Hitachi JP1/File Transmission ...) NOT-FOR-US: Hitachi CVE-2009-3170 (Stack-based buffer overflow in AIMP2 Audio Converter 2.53 (build 330) ...) NOT-FOR-US: AIMP2 CVE-2009-3171 (Multiple cross-site scripting (XSS) vulnerabilities in Anantasoft ...) NOT-FOR-US: Anantasoft Gazelle CMS CVE-2009-3172 (Unspecified vulnerability in Hitachi Groupmax Groupware Server 07-00 ...) NOT-FOR-US: Hitachi Groupmax Groupware Server CVE-2009-3173 (Unrestricted file upload vulnerability in admin/add_album.php in The ...) NOT-FOR-US: The Rat CMS Alpha CVE-2009-3174 (PHP remote file inclusion vulnerability in fonctions_racine.php in ...) NOT-FOR-US: OBOphiX CVE-2009-3175 (Multiple SQL injection vulnerabilities in Model Agency Manager PRO ...) NOT-FOR-US: Model CVE-2009-3176 (Buffer overflow in the ActiveX control in Novell iPrint Client 4.38 ...) NOT-FOR-US: ActiveX control in Novell iPrint Client CVE-2009-3177 (Unspecified vulnerability in Kaspersky Online Scanner 7.0 has unknown ...) NOT-FOR-US: Kaspersky Online Scanner CVE-2009-3178 (Unspecified vulnerability in mm.exe in Symantec Altiris Deployment ...) NOT-FOR-US: Symantec Altiris Deployment Solution CVE-2009-3179 (Multiple unspecified vulnerabilities in Symantec Altiris Deployment ...) NOT-FOR-US: Symantec Altiris Deployment Solution CVE-2009-3180 (Anantasoft Gazelle CMS 1.0 allows remote attackers to conduct a ...) NOT-FOR-US: Anantasoft CVE-2009-3181 (Directory traversal vulnerability in Anantasoft Gazelle CMS 1.0 allows ...) NOT-FOR-US: Anantasoft Gazelle CMS CVE-2009-3182 (Unrestricted file upload vulnerability in ...) NOT-FOR-US: Anantasoft Gazelle CMS CVE-2009-3183 (Heap-based buffer overflow in w in Sun Solaris 8 through 10, and ...) NOT-FOR-US: w in Sun Solaris CVE-2009-3184 (Multiple SQL injection vulnerabilities in index.php in Pirates of The ...) NOT-FOR-US: Pirates CVE-2009-3185 (SQL injection vulnerability in plugin.php in the Crazy Star plugin 2.0 ...) NOT-FOR-US: Crazy Star plugin CVE-2009-3186 (Multiple cross-site scripting (XSS) vulnerabilities in VideoGirls BiZ ...) NOT-FOR-US: VideoGirls CVE-2009-3187 (Cross-site scripting (XSS) vulnerability in gamelist.php in Stand ...) NOT-FOR-US: Stand Alone Arcade CVE-2009-3188 (PHP remote file inclusion vulnerability in save.php in phpSANE 0.5.0 ...) NOT-FOR-US: phpSANE CVE-2009-3189 (Cross-site scripting (XSS) vulnerability in search.php in DigiOz ...) NOT-FOR-US: DigiOz Guestbook CVE-2009-3190 (Multiple SQL injection vulnerabilities in PAD Site Scripts 3.6 allow ...) NOT-FOR-US: PAD Site Scripts CVE-2009-3191 (Multiple cross-site scripting (XSS) vulnerabilities in PAD Site ...) NOT-FOR-US: PAD Site Scripts CVE-2009-3192 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) NOT-FOR-US: LinkorCMS CVE-2009-3193 (SQL injection vulnerability in the DigiFolio (com_digifolio) component ...) NOT-FOR-US: DigiFolio com_digifolio component CVE-2009-3194 (Cross-site scripting (XSS) vulnerability in index.php in JCE-Tech ...) NOT-FOR-US: JCE Tech CVE-2009-3195 (Multiple cross-site scripting (XSS) vulnerabilities in JCE-Tech ...) NOT-FOR-US: JCE Tech Auction RSS Content Script CVE-2009-3196 (Cross-site scripting (XSS) vulnerability in index.php in JCE-Tech PHP ...) NOT-FOR-US: JCE Tech CVE-2009-3197 (Cross-site scripting (XSS) vulnerability in search.php in JCE-Tech PHP ...) NOT-FOR-US: JCE Tech CVE-2009-3198 (Cross-site scripting (XSS) vulnerability in search.php in JCE-Tech ...) NOT-FOR-US: JCE Tech Affiliate Master Datafeed Parser Script CVE-2009-3199 (Uebimiau Webmail 3.2.0-2.0 stores sensitive information under the web ...) NOT-FOR-US: Uebimiau CVE-2009-3200 (The QNAP TS-239 Pro and TS-639 Pro with firmware 2.1.7 0613, 3.1.0 ...) NOT-FOR-US: ENCK CVE-2009-3201 (Integer overflow in Media Player Classic 6.4.9 allows user-assisted ...) NOT-FOR-US: Media Player Classic CVE-2009-3202 (Cross-site scripting (XSS) vulnerability in search.php in ULoKI PHP ...) NOT-FOR-US: uloki_php_forum CVE-2009-3203 (SQL injection vulnerability in store.php in AJ Auction Pro OOPD 2.x ...) NOT-FOR-US: ajsquare aj_auction_pro oopd CVE-2009-3204 (Multiple cross-site scripting (XSS) vulnerabilities in Stiva Forum 1.0 ...) NOT-FOR-US: stivaforum stiva_forum CVE-2009-3205 (SQL injection vulnerability in main.php in CBAuthority allows remote ...) NOT-FOR-US: cbauthority CVE-2009-3206 (Multiple cross-site scripting (XSS) vulnerabilities in the ImageCache ...) NOT-FOR-US: ImageCache module CVE-2009-3207 (The ImageCache module 5.x before 5.x-2.5 and 6.x before ...) NOT-FOR-US: ImageCache CVE-2009-3208 (Multiple SQL injection vulnerabilities in phpfreeBB 1.0 allow remote ...) NOT-FOR-US: phpfreeBB CVE-2009-3209 (SQL injection vulnerability in remove.php in PHP eMail Manager 3.3.0 ...) NOT-FOR-US: PHP eMail Manager CVE-2009-3210 (Multiple cross-site scripting (XSS) vulnerabilities in the Print (aka ...) NOT-FOR-US: Print aka Printer e mail and PDF versions module CVE-2009-3211 (Directory traversal vulnerability in VivaPrograms Infinity Script ...) NOT-FOR-US: VivaPrograms Infinity Script CVE-2009-3212 (SQL injection vulnerability in VivaPrograms Infinity Script 2.x.x, ...) NOT-FOR-US: VivaPrograms Infinity Script CVE-2009-3213 (Stack-based buffer overflow in broid 1.0 Beta 3a allows remote ...) NOT-FOR-US: broid CVE-2009-3214 (Multiple stack-based buffer overflows in Photodex ProShow Gold ...) NOT-FOR-US: Photodex ProShow Gold CVE-2009-3215 (SQL injection vulnerability in IXXO Cart Standalone before 3.9.6.1, ...) NOT-FOR-US: IXXO Cart Standalone CVE-2009-3216 (Multiple directory traversal vulnerabilities in iWiccle 1.01, when ...) NOT-FOR-US: iWiccle CVE-2009-3217 (SQL injection vulnerability in the admin module in iWiccle 1.01 allows ...) NOT-FOR-US: admin module in iWiccle CVE-2009-3218 (SQL injection vulnerability in control/login.php in AR Web Content ...) NOT-FOR-US: AR Web Content Manager AWCM CVE-2009-3219 (Directory traversal vulnerability in a.php in AR Web Content Manager ...) NOT-FOR-US: AR Web Content Manager AWCM CVE-2009-3220 (PHP remote file inclusion vulnerability in cp_html2txt.php in All In ...) NOT-FOR-US: All In One Control Panel AIOCP CVE-2009-3221 (Stack-based buffer overflow in Audio Lib Player (ALP) allows remote ...) NOT-FOR-US: Audio CVE-2009-3222 (Cross-site scripting (XSS) vulnerability in index.php in ...) NOT-FOR-US: FreeWebScriptz Honest Traffic FWSHT CVE-2009-3223 (SQL injection vulnerability in ppc-add-keywords.php in Inout Adserver ...) NOT-FOR-US: Inout CVE-2009-3224 (SQL injection vulnerability in index.php in Super Mod System, when ...) NOT-FOR-US: Super Mod System when using the CVE-2009-3225 (Multiple cross-site scripting (XSS) vulnerabilities in AlmondSoft ...) NOT-FOR-US: AlmondSoft CVE-2009-3226 (SQL injection vulnerability in index.php in AlmondSoft Almond ...) NOT-FOR-US: AlmondSoft CVE-2009-3227 (Cross-site scripting (XSS) vulnerability in index.php in AlmondSoft ...) NOT-FOR-US: AlmondSoft CVE-2009-3228 (The tc_fill_tclass function in net/sched/sch_api.c in the tc subsystem ...) BUG: 289916 CVE-2009-3229 (The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before ...) BUG: 284274 CVE-2009-3230 (The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before ...) BUG: 284274 CVE-2009-3231 (The core server component in PostgreSQL 8.3 before 8.3.8 and 8.2 ...) BUG: 284274 CVE-2009-3232 (pam-auth-update for PAM, as used in Ubuntu 8.10 and 9.4, and Debian ...) NOT-FOR-US: ubuntu_linux CVE-2009-3233 (changetrack 4.3 allows local users to execute arbitrary commands via ...) NOT-FOR-US: changetrack CVE-2009-3234 (Buffer overflow in the perf_copy_attr function in ...) BUG: 285461 CVE-2009-3235 (Multiple stack-based buffer overflows in the Sieve plugin in Dovecot ...) BUG: 286844 CVE-2009-3236 (The form library in Horde Application Framework 3.2 before 3.2.5 and ...) BUG: 285052 CVE-2009-3237 (Multiple cross-site scripting (XSS) vulnerabilities in Horde ...) BUG: 285052 CVE-2009-3238 (The get_random_int function in drivers/char/random.c in the Linux ...) BUG: 286091 CVE-2009-3239 REJECTED NOT-FOR-US: this CVE-2009-3240 (Cross-site scripting (XSS) vulnerability in the Happy Linux XF-Section ...) NOT-FOR-US: Happy Linux XF Section module CVE-2009-3241 (Unspecified vulnerability in the OpcUa (OPC UA) dissector in Wireshark ...) BUG: 285280 CVE-2009-3242 (Unspecified vulnerability in packet.c in the GSM A RR dissector in ...) BUG: 285280 CVE-2009-3243 (Unspecified vulnerability in the TLS dissector in Wireshark 1.2.0 and ...) BUG: 285280 CVE-2009-3244 (Heap-based buffer overflow in the SwDir.dll ActiveX control in Adobe ...) NOT-FOR-US: SwDir dll ActiveX control in Adobe ShockWave Player CVE-2009-3245 (OpenSSL before 0.9.8m does not check for a NULL return value from ...) BUG: 308011 CVE-2009-3246 (SQL injection vulnerability in spnews.php in MyBuxScript PTC-BUX ...) NOT-FOR-US: mybuxscript pts bux CVE-2009-3247 (Cross-site scripting (XSS) vulnerability in the Activities module in ...) NOT-FOR-US: vtiger_crm CVE-2009-3248 (Cross-site request forgery (CSRF) vulnerability in the RSS module in ...) NOT-FOR-US: vtiger_crm CVE-2009-3249 (Multiple directory traversal vulnerabilities in vtiger CRM 5.0.4 allow ...) NOT-FOR-US: vtiger_crm CVE-2009-3250 (The saveForwardAttachments procedure in the Compose Mail functionality ...) NOT-FOR-US: vtiger_crm CVE-2009-3251 (include/utils/ListViewUtils.php in vtiger CRM before 5.1.0 allows ...) NOT-FOR-US: vtiger_crm CVE-2009-3252 (Multiple SQL injection vulnerabilities in news.php in Rock Band CMS ...) NOT-FOR-US: dave_robinson rockbandcms CVE-2009-3253 (Stack-based buffer overflow in TriceraSoft Swift Ultralite 1.032 ...) NOT-FOR-US: tricerasoft swift_ultralite CVE-2009-3254 (Multiple stack-based buffer overflows in Ultimate Player 1.56 beta ...) NOT-FOR-US: ultimatevideosite ultimate_player CVE-2009-3255 (SQL injection vulnerability in RASH Quote Management System (RQMS) ...) NOT-FOR-US: thomas_cuchta rash CVE-2009-3256 (Cross-site scripting (XSS) vulnerability in include/ajax/blogInfo.php ...) NOT-FOR-US: livestreet CVE-2009-3257 (vtiger CRM before 5.1.0 allows remote authenticated users to bypass ...) NOT-FOR-US: vtiger_crm CVE-2009-3258 (vtiger CRM before 5.1.0 allows remote authenticated users, with ...) NOT-FOR-US: vtiger_crm CVE-2009-3259 (Multiple SQL injection vulnerabilities in RASH Quote Management System ...) NOT-FOR-US: thomas_cuchta rash CVE-2009-3260 (Cross-site scripting (XSS) vulnerability in LiveStreet 0.2 allows ...) NOT-FOR-US: livestreet CVE-2009-3261 (update/update_0.1.2_to_0.2.php in LiveStreet 0.2 does not require ...) NOT-FOR-US: livestreet CVE-2009-3262 (Cross-site scripting (XSS) vulnerability in the Self Service UI (SSUI) ...) NOT-FOR-US: ibm tivoli_identity_manager CVE-2009-3263 (Cross-site scripting (XSS) vulnerability in Google Chrome 2.x and 3.x ...) NOT-FOR-US: google chrome CVE-2009-3264 (The getSVGDocument method in Google Chrome before 3.0.195.21 omits an ...) NOT-FOR-US: google chrome CVE-2009-3265 (Cross-site scripting (XSS) vulnerability in Opera 9 and 10 allows ...) BUG: 286469 CVE-2009-3266 (Opera before 10.01 does not properly restrict HTML in a (1) RSS or (2) ...) BUG: 286469 CVE-2009-3267 (Microsoft Internet Explorer 6 through 6.0.2900.2180, and ...) NOT-FOR-US: Microsoft CVE-2009-3268 (Google Chrome 1.0.154.48 and earlier allows remote attackers to cause ...) NOT-FOR-US: google chrome CVE-2009-3269 (Opera 9.52 and earlier allows remote attackers to cause a denial of ...) BUG: 277716 CVE-2009-3270 (Microsoft Internet Explorer 7 through 7.0.6000.16711 allows remote ...) NOT-FOR-US: loop CVE-2009-3271 (Apple Safari on iPhone OS 3.0.1 allows remote attackers to cause a ...) NOT-FOR-US: SRC CVE-2009-3272 (Stack consumption vulnerability in WebKit.dll in WebKit in Apple ...) NOT-FOR-US: apple safari CVE-2009-3273 (iPhone Mail in Apple iPhone OS, and iPhone OS for iPod touch, does not ...) NOT-FOR-US: Apple CVE-2009-3274 (Mozilla Firefox 3.6a1, 3.5.3, 3.5.2, and earlier 3.5.x versions, and ...) BUG: 290892 CVE-2009-3275 (Blocks/Common/Src/Configuration/Manageability/Adm/AdmContentBuilder.cs ...) NOT-FOR-US: Microsoft CVE-2009-3276 (Zoran/WinFormsAdvansed/RegeularDataToXML/Form1.cs in WinFormsAdvansed ...) NOT-FOR-US: WinFormsAdvansed CVE-2009-3277 (DataVault.Tesla/Impl/TypeSystem/AssociationHelper.cs in datavault ...) NOT-FOR-US: datavault CVE-2009-3278 (The QNAP TS-239 Pro and TS-639 Pro with firmware 2.1.7 0613, 3.1.0 ...) NOT-FOR-US: QNAP CVE-2009-3279 (The QNAP TS-239 Pro and TS-639 Pro with firmware 2.1.7 0613, 3.1.0 ...) NOT-FOR-US: plain CVE-2009-3280 (Integer signedness error in the find_ie function in ...) BUG: 286093 CVE-2009-3281 (The vmx86 kernel extension in VMware Fusion before 2.0.6 build 196839 ...) NOT-FOR-US: vmware fusion CVE-2009-3282 (Integer overflow in the vmx86 kernel extension in VMware Fusion before ...) NOT-FOR-US: vmware fusion CVE-2009-3283 (Cross-site scripting (XSS) vulnerability in phpspot PHP BBS, PHP Image ...) NOT-FOR-US: phpspot webshot CVE-2009-3284 (Directory traversal vulnerability in phpspot PHP BBS, PHP Image ...) NOT-FOR-US: phpspot webshot CVE-2009-3285 RESERVED CVE-2009-3286 (NFSv4 in the Linux kernel 2.6.18, and possibly other versions, does ...) BUG: 286096 CVE-2009-3287 (lib/thin/connection.rb in Thin web server before 1.2.4 relies on the ...) BUG: 286085 CVE-2009-3288 (The sg_build_indirect function in drivers/scsi/sg.c in Linux kernel ...) BUG: 286098 CVE-2009-3289 (The g_file_copy function in glib 2.0 sets the permissions of a target ...) BUG: 286102 CVE-2009-3290 (The kvm_emulate_hypercall function in arch/x86/kvm/x86.c in KVM in the ...) BUG: 286104 CVE-2009-3291 (The php_openssl_apply_verification_policy function in PHP before ...) BUG: 285434 CVE-2009-3292 (Unspecified vulnerability in PHP before 5.2.11, and 5.3.x before ...) BUG: 285434 CVE-2009-3293 (Unspecified vulnerability in the imagecolortransparent function in PHP ...) BUG: 285434 CVE-2009-3294 (The popen API function in TSRM/tsrm_win32.c in PHP before 5.2.11 and ...) NOT-FOR-US: Windows only CVE-2009-3295 (The prep_reprocess_req function in kdc/do_tgs_req.c in the cross-realm ...) BUG: 303723 CVE-2009-3296 (Multiple integer overflows in tiffread.c in CamlImages 2.2 might allow ...) BUG: 290222 CVE-2009-3297 REJECTED CVE-2009-3298 (Mahara before 1.0.13, and 1.1.x before 1.1.7, allows remote ...) NOT-FOR-US: mahara CVE-2009-3299 (Cross-site scripting (XSS) vulnerability in the resume blocktype in ...) NOT-FOR-US: mahara CVE-2009-3300 (Multiple cross-site scripting (XSS) vulnerabilities in the Identity ...) NOT-FOR-US: internet2 service_provider CVE-2009-3301 (Integer underflow in filter/ww8/ww8par2.cxx in OpenOffice.org (OOo) ...) BUG: 305195 CVE-2009-3302 (filter/ww8/ww8par2.cxx in OpenOffice.org (OOo) before 3.2 allows ...) BUG: 305195 CVE-2009-3303 (Cross-site scripting (XSS) vulnerability in www/help/tracker.php in ...) NOT-FOR-US: gforge CVE-2009-3304 (GForge 4.5.14, 4.7 rc2, and 4.8.2 allows local users to overwrite ...) NOT-FOR-US: gforge CVE-2009-3305 (Polipo 1.0.4, and possibly other versions, allows remote attackers to ...) BUG: 300173 CVE-2009-3306 (PHP remote file inclusion vulnerability in include/header.php in ...) NOT-FOR-US: richrumble clearsite CVE-2009-3307 (Multiple PHP remote file inclusion vulnerabilities in FSphp 0.2.1 ...) NOT-FOR-US: frank_lichtenheld fsphp CVE-2009-3308 (SQL injection vulnerability in show-cat.php in FanUpdate 2.2.1 allows ...) NOT-FOR-US: fanupdate CVE-2009-3309 (SQL injection vulnerability in index.cfm in CF ShopKart 5.4 beta ...) NOT-FOR-US: cfshopkart cf_shopkart CVE-2009-3310 (SQL injection vulnerability in index.php in Zainu 1.0 allows remote ...) NOT-FOR-US: shalwan zainu CVE-2009-3311 (Cross-site scripting (XSS) vulnerability in index.php in ...) NOT-FOR-US: rssmediascript CVE-2009-3312 (PHP remote file inclusion vulnerability in php/init.poll.php in ...) NOT-FOR-US: tomex phppollscript CVE-2009-3313 (Multiple SQL injection vulnerabilities in FMyClone 2.3 allow remote ...) NOT-FOR-US: fmyclone CVE-2009-3314 (SQL injection vulnerability in ladders.php in Elite Gaming Ladders 3.2 ...) NOT-FOR-US: eliteladders elite_gaming_ladders CVE-2009-3315 (SQL injection vulnerability in admin/index.php in NeLogic Nephp ...) NOT-FOR-US: nelogic nephp_publisher CVE-2009-3316 (SQL injection vulnerability in the JReservation (com_jreservation) ...) NOT-FOR-US: jforjoomla com_jreservation CVE-2009-3317 (PHP remote file inclusion vulnerability in pages/pageHeader.php in ...) NOT-FOR-US: thecodeweasel opensiteadmin CVE-2009-3318 (Directory traversal vulnerability in the Roland Breedveld Album ...) NOT-FOR-US: breedveld com_album CVE-2009-3319 (SQL injection vulnerability in poems.php in DCI-Designs Dawaween 1.03 ...) NOT-FOR-US: dci designs dawaween CVE-2009-3320 (Cross-site scripting (XSS) vulnerability in scrivi.php in Zenas ...) NOT-FOR-US: Zenas PaoLink aka Pao Link CVE-2009-3321 (SQL injection vulnerability in SaphpLesson 4.3, when magic_quotes_gpc ...) NOT-FOR-US: SaphpLesson CVE-2009-3322 (The Siemens Gigaset SE361 WLAN router allows remote attackers to cause ...) NOT-FOR-US: Siemens CVE-2009-3323 (Multiple PHP remote file inclusion vulnerabilities in BAnner ROtation ...) NOT-FOR-US: BAnner ROtation System mini BAROSmini CVE-2009-3324 (PHP remote file inclusion vulnerability in include/prodler.class.php ...) NOT-FOR-US: ProdLer CVE-2009-3325 (SQL injection vulnerability in the Focusplus Developments Survey ...) NOT-FOR-US: Focusplus Developments Survey Manager com_surveymanager component CVE-2009-3326 (SQL injection vulnerability in index.php in CMScontrol Content ...) NOT-FOR-US: CMScontrol Content Management System CVE-2009-3327 (Multiple SQL injection vulnerabilities in WX-Guestbook 1.1.208 allow ...) NOT-FOR-US: WX Guestbook CVE-2009-3328 (Cross-site scripting (XSS) vulnerability in sign.php in WX-Guestbook ...) NOT-FOR-US: WX Guestbook CVE-2009-3329 (Stack-based buffer overflow in Winplot 1.25.0.1 allows user-assisted ...) NOT-FOR-US: Winplot CVE-2009-3330 (SQL injection vulnerability in index.php in cP Creator 2.7.1, when ...) NOT-FOR-US: cP Creator CVE-2009-3331 (Multiple PHP remote file inclusion vulnerabilities in DDL CMS 1.0 ...) NOT-FOR-US: DDL CMS CVE-2009-3332 (SQL injection vulnerability in the JBudgetsMagic (com_jbudgetsmagic) ...) NOT-FOR-US: JBudgetsMagic com_jbudgetsmagic component CVE-2009-3333 (PHP remote file inclusion vulnerability in koesubmit.php in the ...) NOT-FOR-US: koeSubmit com_koesubmit component CVE-2009-3334 (SQL injection vulnerability in the Lhacky! Extensions Cave Joomla! ...) NOT-FOR-US: Lhacky Extensions Cave Joomla Integrated Newsletters Component aka JINC or com_jinc component CVE-2009-3335 (SQL injection vulnerability in the TurtuShout component 0.11 for ...) NOT-FOR-US: turtushout CVE-2009-3336 (SQL injection vulnerability in auction_details.php in PHP Pro Bid ...) NOT-FOR-US: PHP CVE-2009-3337 (SQL injection vulnerability in the Freetag (serendipity_event_freetag) ...) NOT-FOR-US: s9y serendipity_freetag plugin CVE-2009-3338 (Stack-based buffer overflow in EffectMatrix (E.M.) Magic Morph 1.95b ...) NOT-FOR-US: effectmatrix magic_morph CVE-2009-3339 (Unspecified vulnerability in McAfee Email and Web Security Appliance ...) NOT-FOR-US: mcafee email_and_web_security_appliance CVE-2009-3340 (Unspecified vulnerability in FreeSSHD 1.2.4 allows remote attackers to ...) NOT-FOR-US: freesshd CVE-2009-3341 (Buffer overflow on the Linksys WRT54GL wireless router allows remote ...) NOT-FOR-US: linksys wrt54gl CVE-2009-3342 (SQL injection vulnerability in frontend/assets/ajax/checkusername.php ...) NOT-FOR-US: alphaplug com_alphauserpoints CVE-2009-3343 (SQL injection vulnerability in details.asp in HotWeb Rentals allows ...) NOT-FOR-US: hotwebscripts hotweb_rentals CVE-2009-3344 (Unspecified vulnerability in SAP Crystal Reports Server 2008 on ...) NOT-FOR-US: sap crystal_reports_server CVE-2009-3345 (Heap-based buffer overflow in SAP Crystal Reports Server 2008 has ...) NOT-FOR-US: sap crystal_reports_server CVE-2009-3346 (Unspecified vulnerability in SAP Crystal Reports Server 2008 allows ...) NOT-FOR-US: sap crystal_reports_server CVE-2009-3347 (Buffer overflow on the D-Link DIR-400 wireless router allows remote ...) NOT-FOR-US: d link dir 400 CVE-2009-3348 (Cross-site scripting (XSS) vulnerability in Datavore Gyro 5.0 allows ...) NOT-FOR-US: datavore gyro CVE-2009-3349 (SQL injection vulnerability in Datavore Gyro 5.0 allows remote ...) NOT-FOR-US: datavore gyro CVE-2009-3350 (Multiple unspecified vulnerabilities in the Subdomain Manager module ...) NOT-FOR-US: roshan_shah subdomain_manager CVE-2009-3351 (Multiple unspecified vulnerabilities in the Node Browser module for ...) NOT-FOR-US: kristy_frey node_browser_module CVE-2009-3352 (Multiple unspecified vulnerabilities in the quota_by_role (Quota by ...) NOT-FOR-US: roshan_shah quota_by_role CVE-2009-3353 (Multiple unspecified vulnerabilities in the Node2Node module for ...) NOT-FOR-US: steve_lockwood node2node CVE-2009-3354 (Multiple unspecified vulnerabilities in the Rest API module for Drupal ...) NOT-FOR-US: andrew_sterling_hanenkamp rest_api_module CVE-2009-3355 (Cross-site scripting (XSS) vulnerability in profile.php in Datetopia ...) NOT-FOR-US: datetopia buy_dating_site CVE-2009-3356 (SQL injection vulnerability in index.php in Image voting 1.0 allows ...) NOT-FOR-US: plohni image_voting CVE-2009-3357 (Multiple SQL injection vulnerabilities in the Hotel Booking ...) NOT-FOR-US: hbs CVE-2009-3358 (SQL injection vulnerability in profile.php in Tourism Scripts Adult ...) NOT-FOR-US: tourismscripts adult_portal_escort_listing CVE-2009-3359 (Multiple cross-site scripting (XSS) vulnerabilities in Match Agency ...) NOT-FOR-US: datetopia match_agency_biz CVE-2009-3360 (Multiple cross-site scripting (XSS) vulnerabilities in Datemill 1.0 ...) NOT-FOR-US: datemill CVE-2009-3361 (SQL injection vulnerability in index.php in PHP-IPNMonitor allows ...) NOT-FOR-US: paul_gibbs php ipnmonitor CVE-2009-3362 (PHP remote file inclusion vulnerability in printnews.php3 in SZNews ...) NOT-FOR-US: sznews CVE-2009-3363 (Cross-site scripting (XSS) vulnerability in the BUEditor module 5.x ...) NOT-FOR-US: ufku_bayburt bueditor CVE-2009-3364 (Stack-based buffer overflow in FTPShell Client 4.1 RC2 allows remote ...) NOT-FOR-US: ftpshell CVE-2009-3365 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: aurora CVE-2009-3366 (Directory traversal vulnerability in navigation.php in An image ...) NOT-FOR-US: plohni an_image_gallery CVE-2009-3367 (Multiple cross-site scripting (XSS) vulnerabilities in An image ...) NOT-FOR-US: plohni an_image_gallery CVE-2009-3368 (Cross-site scripting (XSS) vulnerability in the Hotel Booking ...) NOT-FOR-US: joomlahbs com_hbssearch CVE-2009-3369 (CgiUserConfigEdit in BackupPC 3.1.0, when SSH keys and Rsync are in ...) BUG: 308013 NOTE: Notified in bump bug 287133, need to check if in-tree version is vulnerable CVE-2009-3370 (Mozilla Firefox before 3.0.15, and 3.5.x before 3.5.4, allows remote ...) BUG: 290892 CVE-2009-3371 (Use-after-free vulnerability in Mozilla Firefox 3.5.x before 3.5.4 ...) BUG: 290892 CVE-2009-3372 (Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey ...) BUG: 290892 CVE-2009-3373 (Heap-based buffer overflow in the GIF image parser in Mozilla Firefox ...) BUG: 290892 CVE-2009-3374 (The XPCVariant::VariantDataToJS function in the XPCOM implementation ...) BUG: 290892 CVE-2009-3375 (content/html/document/src/nsHTMLDocument.cpp in Mozilla Firefox 3.0.x ...) BUG: 290892 CVE-2009-3376 (Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey ...) BUG: 290892 CVE-2009-3377 (Multiple unspecified vulnerabilities in liboggz before ...) BUG: 290892 CVE-2009-3378 (The oggplay_data_handle_theora_frame function in ...) BUG: 290892 CVE-2009-3379 (Multiple unspecified vulnerabilities in libvorbis, as used in Mozilla ...) BUG: 290892 CVE-2009-3380 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) BUG: 290892 CVE-2009-3381 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) BUG: 290892 CVE-2009-3382 (layout/base/nsCSSFrameConstructor.cpp in the browser engine in Mozilla ...) BUG: 290892 CVE-2009-3383 (Multiple unspecified vulnerabilities in the JavaScript engine in ...) BUG: 290892 CVE-2009-3384 (Multiple unspecified vulnerabilities in WebKit in Apple Safari before ...) NOT-FOR-US: apple safari CVE-2009-3385 (The mail component in Mozilla SeaMonkey before 1.1.19 does not ...) BUG: 312649 CVE-2009-3386 (Template.pm in Bugzilla 3.3.2 through 3.4.3 and 3.5 through 3.5.1 ...) BUG: 296520 CVE-2009-3387 (Bugzilla 3.3.1 through 3.4.4, 3.5.1, and 3.5.2 does not allow group ...) BUG: 303725 CVE-2009-3388 (liboggplay in Mozilla Firefox 3.5.x before 3.5.6 and SeaMonkey before ...) BUG: 312647 BUG: 297532 CVE-2009-3389 (Integer overflow in libtheora in Xiph.Org Theora before 1.1, as used ...) BUG: 312647 BUG: 297532 CVE-2009-3390 (Multiple unspecified vulnerabilities in the (1) iscsiadm and (2) ...) NOT-FOR-US: sun opensolaris CVE-2009-3391 RESERVED CVE-2009-3392 (Unspecified vulnerability in the Agile Engineering Data Management ...) NOT-FOR-US: oracle e business_suite CVE-2009-3393 (Unspecified vulnerability in the Oracle Application Object Library ...) NOT-FOR-US: oracle e business_suite CVE-2009-3394 RESERVED CVE-2009-3395 (Unspecified vulnerability in the AutoVue component in Oracle ...) NOT-FOR-US: oracle e business_suite CVE-2009-3396 (Unspecified vulnerability in the WebLogic Server component in BEA ...) NOT-FOR-US: oracle bea_product_suite CVE-2009-3397 (Unspecified vulnerability in the Oracle Application Object Library ...) NOT-FOR-US: oracle e business_suite CVE-2009-3398 RESERVED CVE-2009-3399 (Unspecified vulnerability in the WebLogic Server component in BEA ...) NOT-FOR-US: oracle bea_product_suite CVE-2009-3400 (Unspecified vulnerability in the Oracle Advanced Benefits component in ...) NOT-FOR-US: oracle e business_suite CVE-2009-3401 (Unspecified vulnerability in the Oracle Applications Technology Stack ...) NOT-FOR-US: oracle e business_suite CVE-2009-3402 (Unspecified vulnerability in the Oracle Applications Framework ...) NOT-FOR-US: oracle e business_suite CVE-2009-3403 (Unspecified vulnerability in the JRockit component in BEA Product ...) NOT-FOR-US: oracle bea_product_suite CVE-2009-3404 (Unspecified vulnerability in the PeopleSoft PeopleTools & Enterprise ...) NOT-FOR-US: oracle peoplesoft_enterprise CVE-2009-3405 (Unspecified vulnerability in the JD Edwards Tools component in Oracle ...) NOT-FOR-US: oracle peoplesoft_enterprise CVE-2009-3406 (Unspecified vulnerability in the JD Edwards Tools component in Oracle ...) NOT-FOR-US: oracle peoplesoft_enterprise CVE-2009-3407 (Unspecified vulnerability in the Portal component in Oracle ...) NOT-FOR-US: oracle application_server CVE-2009-3408 (Unspecified vulnerability in the Oracle Application Object Library ...) NOT-FOR-US: oracle e business_suite CVE-2009-3409 (Unspecified vulnerability in the PeopleSoft Enterprise HCM (TAM) ...) NOT-FOR-US: oracle peoplesoft_enterprise CVE-2009-3410 (Unspecified vulnerability in the RDBMS component in Oracle Database ...) NOT-FOR-US: oracle database_server CVE-2009-3411 (Unspecified vulnerability in the Oracle Data Pump component in Oracle ...) NOT-FOR-US: oracle database_server CVE-2009-3412 (Unspecified vulnerability in the Unzip component in Oracle Database ...) NOT-FOR-US: oracle database_server CVE-2009-3413 (Unspecified vulnerability in the Oracle Spatial component in Oracle ...) NOT-FOR-US: oracle database_server CVE-2009-3414 (Unspecified vulnerability in the Oracle Spatial component in Oracle ...) NOT-FOR-US: oracle database_server CVE-2009-3415 (Unspecified vulnerability in the Oracle OLAP component in Oracle ...) NOT-FOR-US: oracle database_server CVE-2009-3416 (Unspecified vulnerability in the Oracle Application Object Library ...) NOT-FOR-US: oracle e business_suite CVE-2009-3417 (SQL injection vulnerability in the IDoBlog (com_idoblog) component 1.1 ...) NOT-FOR-US: IDoBlog com_idoblog component CVE-2009-3418 (Multiple SQL injection vulnerabilities in Plume CMS 1.2.3 allow (1) ...) NOT-FOR-US: plume CVE-2009-3419 (SQL injection vulnerability in index.php in the Publisher module 2.0 ...) NOT-FOR-US: miniweb CVE-2009-3420 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) NOT-FOR-US: Publisher module CVE-2009-3421 (login.php in Zenas PaoBacheca Guestbook 2.1, when register_globals is ...) NOT-FOR-US: zenas CVE-2009-3422 (login.php in Zenas PaoLiber 1.1, when register_globals is enabled, ...) NOT-FOR-US: Zenas PaoLiber CVE-2009-3423 (login.php in Zenas PaoLink 1.0, when register_globals is enabled, ...) NOT-FOR-US: Zenas PaoLink CVE-2009-3424 (Multiple PHP remote file inclusion vulnerabilities in MaxCMS 3.11.20b, ...) NOT-FOR-US: maxcms CVE-2009-3425 (Directory traversal vulnerability in ...) NOT-FOR-US: MaxCMS CVE-2009-3426 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: MaxCMS CVE-2009-3427 (Cross-site scripting (XSS) vulnerability in Kayako SupportSuite ...) NOT-FOR-US: Kayako SupportSuite CVE-2009-3428 (Stack-based buffer overflow in Easy Music Player 1.0.0.2 allows remote ...) NOT-FOR-US: easy CVE-2009-3429 (Stack-based buffer overflow in Pirate Radio Destiny Media Player 1.61 ...) NOT-FOR-US: Pirate Radio Destiny Media Player CVE-2009-3430 (SQL injection vulnerability in login.php in Allomani Mobile 2.5 allows ...) NOT-FOR-US: Allomani Mobile CVE-2009-3431 (Stack consumption vulnerability in Adobe Reader and Acrobat 9.1.3, ...) BUG: 289016 CVE-2009-3432 (Unspecified vulnerability in xscreensaver in Sun Solaris 10, and ...) NOT-FOR-US: sun solaris CVE-2009-3433 (Unspecified vulnerability in clsetup in the configuration utility in ...) NOT-FOR-US: sun cluster CVE-2009-3434 (SQL injection vulnerability in the Tupinambis (com_tupinambis) ...) NOT-FOR-US: onestopjoomla com_tupinambis CVE-2009-3435 (Cross-site scripting (XSS) vulnerability in the variable editor in the ...) NOT-FOR-US: moshe_weitzman devel CVE-2009-3436 (Multiple SQL injection vulnerabilities in forum.asp in MaxWebPortal ...) NOT-FOR-US: maxwebportal CVE-2009-3437 (Cross-site scripting (XSS) vulnerability in the live preview feature ...) NOT-FOR-US: n CVE-2009-3438 (SQL injection vulnerability in the JoomlaFacebook (com_facebook) ...) NOT-FOR-US: witchakorn_kamolpornwijit com_facebook CVE-2009-3439 (Multiple SQL injection vulnerabilities in Open Source Security ...) NOT-FOR-US: alienvault ossim CVE-2009-3440 (Cross-site scripting (XSS) vulnerability in Open Source Security ...) NOT-FOR-US: alienvault ossim CVE-2009-3441 (Open Source Security Information Management (OSSIM) before 2.1.2 ...) NOT-FOR-US: alienvault ossim CVE-2009-3442 (The Meta tags (aka Nodewords) module before 6.x-1.1 for Drupal does ...) NOT-FOR-US: drupal CVE-2009-3443 (SQL injection vulnerability in the Fastball (com_fastball) component ...) NOT-FOR-US: fastballproductions com_fastball CVE-2009-3444 (Cross-site scripting (XSS) vulnerability in email.php in e107 0.7.16 ...) NOT-FOR-US: e107 CVE-2009-3445 (Unspecified vulnerability in Code-Crafters Ability Mail Server before ...) NOT-FOR-US: code crafters ability_mail_server CVE-2009-3446 (SQL injection vulnerability in the MyRemote Video Gallery (com_mytube) ...) NOT-FOR-US: rick_estrada com_mytube CVE-2009-3447 (Unrestricted file upload vulnerability in RADactive I-Load before ...) NOT-FOR-US: radactive i load CVE-2009-3448 (npvmgr.exe in BakBone NetVault Backup 8.22 Build 29 allows remote ...) NOT-FOR-US: bakbone netvault CVE-2009-3449 (MP3 Collector 2.3 allows remote attackers to cause a denial of service ...) NOT-FOR-US: collectorz mp3_collector CVE-2009-3450 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: radactive i load CVE-2009-3451 (Directory traversal vulnerability in WebCoreModule.ashx in RADactive ...) NOT-FOR-US: radactive i load CVE-2009-3452 (WebCoreModule.ashx in RADactive I-Load before 2008.2.5.0 allows remote ...) NOT-FOR-US: radactive i load CVE-2009-3453 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus ...) NOT-FOR-US: ibm lotus_quickr CVE-2009-3454 REJECTED NOT-FOR-US: microsoft ie CVE-2009-3455 (Apple Safari, possibly before 4.0.3, on Mac OS X does not properly ...) NOT-FOR-US: apple safari CVE-2009-3456 (Google Chrome, possibly 3.0.195.21 and earlier, does not properly ...) NOT-FOR-US: Old version, not in tree CVE-2009-3457 (Cisco ACE XML Gateway (AXG) and ACE Web Application Firewall (WAF) ...) NOT-FOR-US: cisco ace_xml_gateway CVE-2009-3458 (Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x ...) BUG: 289016 CVE-2009-3459 (Heap-based buffer overflow in Adobe Reader and Acrobat 7.x before ...) BUG: 289016 CVE-2009-3460 (Adobe Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x ...) BUG: 289016 CVE-2009-3461 (Unspecified vulnerability in Adobe Acrobat 9.x before 9.2 allows ...) BUG: 289016 CVE-2009-3462 (Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x ...) BUG: 289016 CVE-2009-3463 (Array index error in Adobe Shockwave Player before 11.5.2.602 allows ...) NOT-FOR-US: adobe shockwave_player CVE-2009-3464 (Adobe Shockwave Player before 11.5.2.602 allows remote attackers to ...) NOT-FOR-US: adobe shockwave_player CVE-2009-3465 (Adobe Shockwave Player before 11.5.2.602 allows remote attackers to ...) NOT-FOR-US: adobe shockwave_player CVE-2009-3466 (Adobe Shockwave Player before 11.5.2.602 allows remote attackers to ...) NOT-FOR-US: adobe shockwave_player CVE-2009-3467 (Cross-site scripting (XSS) vulnerability in an unspecified method in ...) NOT-FOR-US: adobe coldfusion CVE-2009-3468 (Multiple unspecified vulnerabilities in Common Desktop Environment ...) NOT-FOR-US: sun solaris CVE-2009-3469 (Cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: ibm lotus_connections CVE-2009-3470 (IBM Informix Dynamic Server (IDS) 10.00 before 10.00.xC11, 11.10 ...) NOT-FOR-US: ibm informix_dynamic_server CVE-2009-3471 (IBM DB2 8 before FP18, 9.1 before FP8, 9.5 before FP4, and 9.7 before ...) NOT-FOR-US: ibm db2 CVE-2009-3472 (IBM DB2 8 before FP18, 9.1 before FP8, and 9.5 before FP4 allows ...) NOT-FOR-US: ibm db2 CVE-2009-3473 (IBM DB2 9.1 before FP8 does not require the SETSESSIONUSER privilege ...) NOT-FOR-US: ibm db2 CVE-2009-3474 (OpenSAML 2.x before 2.2.1 and XMLTooling 1.x before 1.2.1, as used by ...) NOT-FOR-US: saml CVE-2009-3475 (Internet2 Shibboleth Service Provider software 1.3.x before 1.3.3 and ...) NOT-FOR-US: shibbl CVE-2009-3476 (Buffer overflow in OpenSAML before 1.1.3 as used in Internet2 ...) NOT-FOR-US: internet2 xmltooling CVE-2009-3477 (The Blackberry Browser in RIM BlackBerry Device Software 4.5.0 before ...) NOT-FOR-US: rim blackberry_device_software CVE-2009-3478 (Argument injection vulnerability in (1) ...) NOT-FOR-US: fireftp_extension_for_firefox CVE-2009-3479 (Cross-site scripting (XSS) vulnerability in Bibliography (Biblio) 5.x ...) NOT-FOR-US: Bibliography Biblio CVE-2009-3480 (SQL injection vulnerability in the iCRM Basic (com_icrmbasic) ...) NOT-FOR-US: isygen icrm_basic CVE-2009-3481 (A certain interface in the iCRM Basic (com_icrmbasic) component ...) NOT-FOR-US: iCRM Basic com_icrmbasic component CVE-2009-3482 (TrustPort Antivirus before 2.8.0.2266 and PC Security before ...) NOT-FOR-US: TrustPort CVE-2009-3483 (Heap-based buffer overflow in the Create New Site feature in ...) NOT-FOR-US: Create New Site feature in GlobalSCAPE CuteFTP Professional Home and Lite CVE-2009-3484 (Stack-based buffer overflow in Core FTP 2.1 build 1612 allows ...) NOT-FOR-US: Core FTP CVE-2009-3485 (Cross-site scripting (XSS) vulnerability in the J-Web interface in ...) NOT-FOR-US: J Web interface in Juniper JUNOS CVE-2009-3486 (Multiple cross-site scripting (XSS) vulnerabilities in the J-Web ...) NOT-FOR-US: J Web interface in Juniper JUNOS CVE-2009-3487 (Multiple cross-site scripting (XSS) vulnerabilities in the J-Web ...) NOT-FOR-US: J Web interface in Juniper JUNOS CVE-2009-3488 (Cross-site scripting (XSS) vulnerability in the Bibliography (aka ...) NOT-FOR-US: Bibliography aka Biblio module CVE-2009-3489 (Adobe Photoshop Elements 8.0 installs the Adobe Active File Monitor V8 ...) NOT-FOR-US: Adobe CVE-2009-3490 (GNU Wget before 1.12 does not properly handle a '\0' character in a ...) BUG: 286058 CVE-2009-3491 (SQL injection vulnerability in the Kinfusion SportFusion ...) NOT-FOR-US: Kinfusion SportFusion com_sportfusion component CVE-2009-3492 (Multiple PHP remote file inclusion vulnerabilities in Loggix Project ...) NOT-FOR-US: Loggix Project CVE-2009-3493 (Multiple cross-site scripting (XSS) vulnerabilities in Zenas ...) NOT-FOR-US: Zenas PaoBacheca Guestbook CVE-2009-3494 (Multiple SQL injection vulnerabilities in index.php in T-HTB Manager ...) NOT-FOR-US: T HTB Manager CVE-2009-3495 (SQL injection vulnerability in view_mag.php in Vastal I-Tech DVD Zone ...) NOT-FOR-US: n CVE-2009-3496 (Cross-site scripting (XSS) vulnerability in view_mag.php in Vastal ...) NOT-FOR-US: n CVE-2009-3497 (SQL injection vulnerability in view_listing.php in Vastal I-Tech Agent ...) NOT-FOR-US: Vastal CVE-2009-3498 (SQL injection vulnerability in php/update_article_hits.php in HBcms ...) NOT-FOR-US: HBcms CVE-2009-3499 (SQL injection vulnerability in employee.aspx in BPowerHouse ...) NOT-FOR-US: BPowerHouse BPLawyerCaseDocuments CVE-2009-3500 (Multiple SQL injection vulnerabilities in BPowerHouse BPGames 1.0 ...) NOT-FOR-US: n CVE-2009-3501 (SQL injection vulnerability in students.php in BPowerHouse BPStudents ...) NOT-FOR-US: BPowerHouse BPStudents CVE-2009-3502 (SQL injection vulnerability in music.php in BPowerHouse BPMusic 1.0 ...) NOT-FOR-US: BPowerHouse BPMusic CVE-2009-3503 (Multiple SQL injection vulnerabilities in search.aspx in BPowerHouse ...) NOT-FOR-US: BPowerHouse BPHolidayLettings CVE-2009-3504 (SQL injection vulnerability in offers_buy.php in Alibaba Clone 3.0 ...) NOT-FOR-US: Alibaba Clone CVE-2009-3505 (SQL injection vulnerability in view_news.php in Vastal I-Tech MMORPG ...) NOT-FOR-US: Vastal CVE-2009-3506 (Multiple cross-site scripting (XSS) vulnerabilities in CMSphp 0.21 ...) NOT-FOR-US: jean michel_wyttenbach cmsphp CVE-2009-3507 (Directory traversal vulnerability in modules.php in CMSphp 0.21 allows ...) NOT-FOR-US: jean michel_wyttenbach cmsphp CVE-2009-3508 (Multiple directory traversal vulnerabilities in MUJE CMS 1.0.4.34 ...) NOT-FOR-US: fcgphilipp mujecms CVE-2009-3509 (Cross-site scripting (XSS) vulnerability in admin/admin_index.php in ...) NOT-FOR-US: cj design cj_dynamic_poll CVE-2009-3510 (SQL injection vulnerability in viewListing.php in linkSpheric 0.74 ...) NOT-FOR-US: dataspheric linkspheric CVE-2009-3511 (Multiple PHP remote file inclusion vulnerabilities in justVisual 1.2 ...) NOT-FOR-US: fh54 justvisual CVE-2009-3512 (Multiple cross-site scripting (XSS) vulnerabilities in MyWeight 1.0 ...) NOT-FOR-US: MyWeight CVE-2009-3513 (Multiple cross-site scripting (XSS) vulnerabilities in Pilot Group ...) NOT-FOR-US: Pilot CVE-2009-3514 (Multiple SQL injection vulnerabilities in d.net CMS allow remote ...) NOT-FOR-US: d net CVE-2009-3515 (Directory traversal vulnerability in dnet_admin/index.php in d.net CMS ...) NOT-FOR-US: d net CVE-2009-3516 (gssd in IBM AIX 5.3.x through 5.3.9 and 6.1.0 through 6.1.2 does not ...) NOT-FOR-US: IBM AIX CVE-2009-3517 (nfs.ext in IBM AIX 5.3.x through 5.3.9 and 6.1.0 through 6.1.2 does ...) NOT-FOR-US: IBM AIX CVE-2009-3518 (Argument injection vulnerability in the iim: URI handler in IBMIM.exe ...) NOT-FOR-US: IBM Installation Manager CVE-2009-3519 (Multiple memory leaks in the IP module in the kernel in Sun Solaris 8 ...) NOT-FOR-US: IP module in the kernel in Sun Solaris CVE-2009-3520 (Cross-site request forgery (CSRF) vulnerability in the Your_account ...) NOT-FOR-US: jean michel_wyttenbach cmsphp CVE-2009-3521 (Multiple cross-site scripting (XSS) vulnerabilities in the ...) NOT-FOR-US: ibm tivoli_composite_application_manager_for_wesbsphere CVE-2009-3522 (Stack-based buffer overflow in aswMon2.sys in avast! Home and ...) NOT-FOR-US: avast Home and Professional for Windows CVE-2009-3523 (aavmKer4.sys in avast! Home and Professional for Windows before ...) NOT-FOR-US: avast Home and Professional for Windows CVE-2009-3524 (Unspecified vulnerability in ashWsFtr.dll in avast! Home and ...) NOT-FOR-US: avast Home and Professional for Windows CVE-2009-3525 (The pyGrub boot loader in Xen 3.0.3, 3.3.0, and Xen-3.3.1 does not ...) BUG: 287936 CVE-2009-3526 RESERVED CVE-2009-3527 (Race condition in the Pipe (IPC) close function in FreeBSD 6.3 and 6.4 ...) TODO: BSD CVE-2009-3528 (SQL injection vulnerability in Profile.php in MyMsg 1.0.3 allows ...) NOT-FOR-US: al4us mymsg CVE-2009-3529 (SQL injection vulnerability in index.php in RadScripts RadBids Gold 4 ...) NOT-FOR-US: radscripts radbids CVE-2009-3530 (Cross-site scripting (XSS) vulnerability in storefront.php in ...) NOT-FOR-US: radscripts radbids CVE-2009-3531 (SQL injection vulnerability in vnews.php in Universe CMS 1.0.6 allows ...) NOT-FOR-US: universe_cms CVE-2009-3532 (Multiple SQL injection vulnerabilities in login.asp (aka the login ...) NOT-FOR-US: logrover CVE-2009-3533 (SQL injection vulnerability in report.php in Meeting Room Booking ...) NOT-FOR-US: john_beranek meeting_room_booking_system CVE-2009-3534 (Directory traversal vulnerability in index.php in LionWiki 3.0.3, when ...) NOT-FOR-US: lionwiki CVE-2009-3535 (Directory traversal vulnerability in image.php in Clear Content 1.1 ...) NOT-FOR-US: allisclear clear_content CVE-2009-3536 (Multiple stack-based buffer overflows in EpicDJSoftware EpicVJ 1.2.8.0 ...) NOT-FOR-US: epicdjsoftware epicvj CVE-2009-3537 (Multiple stack-based buffer overflows in EpicDJSoftware EpicDJ 1.3.9.1 ...) NOT-FOR-US: epicdjsoftware epicdj CVE-2009-3538 (Directory traversal vulnerability in thumb.php in Clear Content 1.1 ...) NOT-FOR-US: allisclear clear_content CVE-2009-3539 (Multiple cross-site scripting (XSS) vulnerabilities in YourFreeWorld ...) NOT-FOR-US: yourfreeworld ultra_classifieds_pro CVE-2009-3540 (Cross-site scripting (XSS) vulnerability in listads.php in ...) NOT-FOR-US: yourfreeworld ultra_classifieds_pro CVE-2009-3541 (PHP remote file inclusion vulnerability in CoupleDB.php in ...) NOT-FOR-US: phpgenealogy CVE-2009-3542 (Directory traversal vulnerability in ls.php in LittleSite (aka LS or ...) NOT-FOR-US: kneuro littlesite php CVE-2009-3543 (SQL injection vulnerability in _phenotype/admin/login.php in Phenotype ...) NOT-FOR-US: phenotype cms phenotype_cms CVE-2009-3544 (Xerver HTTP Server 4.32 allows remote attackers to obtain the source ...) NOT-FOR-US: xerver CVE-2009-3545 (DataWizard Technologies FtpXQ FTP Server 3.0 allows remote ...) NOT-FOR-US: datawizard ftpxq_server CVE-2009-3546 (The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.x before ...) BUG: 292130 CVE-2009-3547 (Multiple race conditions in fs/pipe.c in the Linux kernel before ...) BUG: 291904 CVE-2009-3548 (The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 ...) NOT-FOR-US: apache tomcat CVE-2009-3549 (packet-paltalk.c in the Paltalk dissector in Wireshark 1.2.0 through ...) BUG: 290710 CVE-2009-3550 (The DCERPC/NT dissector in Wireshark 0.10.10 through 1.0.9 and 1.2.0 ...) BUG: 290710 CVE-2009-3551 (Off-by-one error in the dissect_negprot_response function in ...) BUG: 290710 CVE-2009-3552 RESERVED CVE-2009-3553 (Use-after-free vulnerability in the abstract file-descriptor handling ...) BUG: 295256 CVE-2009-3554 (Twiddle in Red Hat JBoss Enterprise Application Platform (aka JBoss ...) NOT-FOR-US: redhat jboss_enterprise_application_platform CVE-2009-3555 (The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as ...) BUG: 292023 CVE-2009-3556 (A certain Red Hat configuration step for the qla2xxx driver in the ...) NOT-FOR-US: redhat enterprise_linux CVE-2009-3557 (The tempnam function in ext/standard/file.c in PHP before 5.2.12 and ...) BUG: 297369 CVE-2009-3558 (The posix_mkfifo function in ext/posix/posix.c in PHP before 5.2.12 ...) BUG: 297370 CVE-2009-3559 (** DISPUTED ** ...) NOT-FOR-US: Disputed. CVE-2009-3560 (The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, ...) BUG: 303727 CVE-2009-3561 (Directory traversal vulnerability in Xerver HTTP Server 4.32 allows ...) NOT-FOR-US: xerver CVE-2009-3562 (Cross-site scripting (XSS) vulnerability in Xerver HTTP Server 4.32 ...) NOT-FOR-US: xerver CVE-2009-3563 (ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote ...) BUG: 290881 CVE-2009-3564 (puppetmasterd in puppet 0.24.6 does not reset supplementary groups ...) BUG: 303729 CVE-2009-3565 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: McAfee IntruShield Network Security Manager NSM CVE-2009-3566 (McAfee IntruShield Network Security Manager (NSM) before 5.1.11.8.1 ...) NOT-FOR-US: Set Cookie CVE-2009-3567 (Cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: kayako supportsuite CVE-2009-3568 (Comment RSS 5.x before 5.x-2.2 and 6.x before 6.x-2.2, a module for ...) NOT-FOR-US: Comment CVE-2009-3569 (Stack-based buffer overflow in OpenOffice.org (OOo) allows remote ...) BUG: 308015 CVE-2009-3570 (Unspecified vulnerability in OpenOffice.org (OOo) has unspecified ...) BUG: 308015 CVE-2009-3571 (Unspecified vulnerability in OpenOffice.org (OOo) has unknown impact ...) BUG: 308015 CVE-2009-3572 (OpenBSD 4.4, 4.5, and 4.6, when running on an i386 kernel, does not ...) NOT-FOR-US: OpenBSD CVE-2009-3573 (Multiple insecure method vulnerabilities in the PDIControl.PDI.1 ...) NOT-FOR-US: EMC Captiva PixTools Distributed Imaging CVE-2009-3574 (Tuniac 090517c allows remote attackers to cause a denial of service ...) NOT-FOR-US: pls CVE-2009-3575 (Buffer overflow in DHTRoutingTableDeserializer.cc in aria2 0.15.3, ...) BUG: 288291 CVE-2009-3576 (Autodesk Softimage 7.x and Softimage XSI 6.x allow remote attackers to ...) NOT-FOR-US: autodesk_softimage_xsi CVE-2009-3577 (Autodesk 3D Studio Max (3DSMax) 6 through 9 and 2008 through 2010 ...) NOT-FOR-US: autodesk 3ds_max CVE-2009-3578 (Autodesk Maya 8.0, 8.5, 2008, 2009, and 2010 and Alias Wavefront Maya ...) NOT-FOR-US: autodesk_maya CVE-2009-3579 (Cross-site scripting (XSS) vulnerability in the CookieDump.java sample ...) NOT-FOR-US: jetty CVE-2009-3580 (Cross-site request forgery (CSRF) vulnerability in am.pl in SQL-Ledger ...) NOT-FOR-US: notified in request bug CVE-2009-3581 (Multiple cross-site scripting (XSS) vulnerabilities in SQL-Ledger ...) NOT-FOR-US: notified in request bug CVE-2009-3582 (Multiple SQL injection vulnerabilities in the delete subroutine in ...) NOT-FOR-US: notified in request bug CVE-2009-3583 (Directory traversal vulnerability in the Preferences menu item in ...) NOT-FOR-US: notified in request bug CVE-2009-3584 (SQL-Ledger 2.8.24 does not set the secure flag for the session cookie ...) NOT-FOR-US: notified in request bug CVE-2009-3585 (Session fixation vulnerability in html/Elements/SetupSessionCookie in ...) BUG: 285298 CVE-2009-3586 (Off-by-one error in src/http.c in CoreHTTP 0.5.3.1 and earlier allows ...) NOT-FOR-US: frank_yaul corehttp CVE-2009-3587 (Unspecified vulnerability in the arclib component in the Anti-Virus ...) NOT-FOR-US: arclib component in the Anti Virus engine in CA Anti Virus for the Enterprise formerly eTrust Antivirus CVE-2009-3588 (Unspecified vulnerability in the arclib component in the Anti-Virus ...) NOT-FOR-US: arclib component in the Anti Virus engine in CA Anti Virus for the Enterprise formerly eTrust Antivirus CVE-2009-3589 (incron 0.5.5 does not initialize supplementary groups when running a ...) NOT-FOR-US: Obsolete CVE-2009-3590 (SQL injection vulnerability in showcat.php in VS PANEL 7.3.6 allows ...) NOT-FOR-US: vspanel vs_panel CVE-2009-3591 (Dopewars 1.5.12 allows remote attackers to cause a denial of service ...) BUG: 288295 CVE-2009-3592 (Cross-site scripting (XSS) vulnerability in customer/home.php in ...) NOT-FOR-US: Qualiteam CVE-2009-3593 (Multiple cross-site scripting (XSS) vulnerabilities in Freelancers 1.0 ...) NOT-FOR-US: Freelancers CVE-2009-3594 (Cross-site scripting (XSS) vulnerability in bpost.php in BLOB Blog ...) NOT-FOR-US: BLOB Blog System CVE-2009-3595 (SQL injection vulnerability in results.php in VS PANEL 7.5.5 allows ...) NOT-FOR-US: VS PANEL CVE-2009-3596 (JoxTechnology Ajox Poll does not properly restrict access to ...) NOT-FOR-US: JoxTechnology CVE-2009-3597 (Digitaldesign CMS 0.1 stores sensitive information under the web root ...) NOT-FOR-US: digitaldesign ddcms CVE-2009-3598 (Cross-site scripting (XSS) vulnerability in survey_result.php in ...) NOT-FOR-US: eCardMAX FormXP CVE-2009-3599 (Cross-site scripting (XSS) vulnerability in single_winner1.php in ...) NOT-FOR-US: HUBScript CVE-2009-3600 (HUBScript 1.0 allows remote attackers to obtain configuration ...) NOT-FOR-US: HUBScript CVE-2009-3601 (Cross-site scripting (XSS) vulnerability in demo_page.php in Scriptsez ...) NOT-FOR-US: Scriptsez CVE-2009-3602 (Unbound before 1.3.4 does not properly verify signatures for NSEC3 ...) NOT-FOR-US: Not yet in-tree, notified in bug 223103. CVE-2009-3603 (Integer overflow in the SplashBitmap::SplashBitmap function in Xpdf ...) BUG: 290430 CVE-2009-3604 (The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x before ...) BUG: 290430 CVE-2009-3605 (Multiple integer overflows in Poppler 0.10.5 and earlier allow remote ...) BUG: 290464 CVE-2009-3606 (Integer overflow in the PSOutputDev::doImageL1Sep function in Xpdf ...) BUG: 290430 CVE-2009-3607 (Integer overflow in the create_surface_from_thumbnail_data function in ...) BUG: 290430 CVE-2009-3608 (Integer overflow in the ObjectStream::ObjectStream function in XRef.cc ...) BUG: 290430 CVE-2009-3609 (Integer overflow in the ImageStream::ImageStream function in Stream.cc ...) BUG: 290430 CVE-2009-3610 REJECTED CVE-2009-3611 (common/snapshots.py in Back In Time (aka backintime) 0.9.26 changes ...) BUG: 289047 CVE-2009-3612 (The tcf_fill_node function in net/sched/cls_api.c in the netlink ...) BUG: 289918 CVE-2009-3613 (The swiotlb functionality in the r8169 driver in drivers/net/r8169.c ...) BUG: 289830 CVE-2009-3614 RESERVED CVE-2009-3615 (The OSCAR protocol plugin in libpurple in Pidgin before 2.6.3 and ...) BUG: 289298 CVE-2009-3616 (Multiple use-after-free vulnerabilities in vnc.c in the VNC server in ...) BUG: 290643 CVE-2009-3617 (Format string vulnerability in the AbstractCommand::onAbort function ...) BUG: 288291 CVE-2009-3618 (Cross-site scripting (XSS) vulnerability in viewvc.py in ViewVC 1.0 ...) BUG: 281576 CVE-2009-3619 (Unspecified vulnerability in ViewVC 1.0 before 1.0.9 and 1.1 before ...) BUG: 281576 CVE-2009-3620 (The ATI Rage 128 (aka r128) driver in the Linux kernel before ...) BUG: 291350 CVE-2009-3621 (net/unix/af_unix.c in the Linux kernel 2.6.31.4 and earlier allows ...) BUG: 291351 CVE-2009-3622 (Algorithmic complexity vulnerability in wp-trackback.php in WordPress ...) BUG: 290013 CVE-2009-3623 (The lookup_cb_cred function in fs/nfsd/nfs4callback.c in the nfsd4 ...) BUG: 291352 CVE-2009-3624 (The get_instantiation_keyring function in security/keys/keyctl.c in ...) BUG: 291905 CVE-2009-3625 (Directory traversal vulnerability in www/index.php in Sahana 0.6.2.2 ...) NOT-FOR-US: Sahana CVE-2009-3626 (Perl 5.10.1 allows context-dependent attackers to cause a denial of ...) BUG: 293128 CVE-2009-3627 (The decode_entities function in util.c in HTML-Parser before 3.63 ...) BUG: 290194 CVE-2009-3628 (The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before ...) NOT-FOR-US: typo3 CVE-2009-3629 (Multiple cross-site scripting (XSS) vulnerabilities in the Backend ...) NOT-FOR-US: typo3 CVE-2009-3630 (The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before ...) NOT-FOR-US: typo3 CVE-2009-3631 (The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before ...) NOT-FOR-US: typo3 CVE-2009-3632 (SQL injection vulnerability in the traditional frontend editing ...) NOT-FOR-US: typo3 CVE-2009-3633 (Cross-site scripting (XSS) vulnerability in the ...) NOT-FOR-US: typo3 CVE-2009-3634 (Cross-site scripting (XSS) vulnerability in the Frontend Login Box ...) NOT-FOR-US: typosphere typo CVE-2009-3635 (The Install Tool subcomponent in TYPO3 4.0.13 and earlier, 4.1.x ...) NOT-FOR-US: typo3 CVE-2009-3636 (Cross-site scripting (XSS) vulnerability in the Install Tool ...) NOT-FOR-US: typo3 CVE-2009-3637 (Stack-based buffer overflow in the M_AddToServerList function in ...) NOT-FOR-US: icculus alien_arena CVE-2009-3638 (Integer overflow in the kvm_dev_ioctl_get_supported_cpuid function in ...) BUG: 291354 CVE-2009-3639 (The mod_tls module in ProFTPD before 1.3.2b, and 1.3.3 before ...) BUG: 290664 CVE-2009-3640 (The update_cr8_intercept function in arch/x86/kvm/x86.c in the KVM ...) BUG: 291356 CVE-2009-3641 (Snort before 2.8.5.1, when the -v option is enabled, allows remote ...) BUG: 291357 CVE-2009-3642 (Multiple SQL injection vulnerabilities in the Call Logging feature in ...) NOT-FOR-US: Call Logging feature in FrontRange HEAT CVE-2009-3643 (Dxmsoft XM Easy Personal FTP Server 5.8.0 allows remote attackers to ...) NOT-FOR-US: Dxmsoft CVE-2009-3644 (SQL injection vulnerability in the Soundset (com_soundset) component ...) NOT-FOR-US: Soundset com_soundset component CVE-2009-3645 (SQL injection vulnerability in the JoomlaCache CB Resume Builder ...) NOT-FOR-US: JoomlaCache CVE-2009-3646 (InterVations NaviCOPA Web Server 3.01 allows remote attackers to ...) NOT-FOR-US: InterVations CVE-2009-3647 (Cross-site scripting (XSS) vulnerability in emaullinks.php in YABSoft ...) NOT-FOR-US: YABSoft Mega File Hosting Script aka MFH or MFHS CVE-2009-3648 (Cross-site scripting (XSS) vulnerability in Service Links 6.x-1.0, a ...) NOT-FOR-US: Service Links CVE-2009-3649 (Cross-site scripting (XSS) vulnerability in forums/index.php in Power ...) NOT-FOR-US: Power Bulletin Board PBBoard CVE-2009-3650 (Cross-site scripting (XSS) vulnerability in Dex 5.x-1.0 and earlier ...) NOT-FOR-US: Dex CVE-2009-3651 (Cross-site scripting (XSS) vulnerability in the "Monitor browsers' ...) NOT-FOR-US: Monitor browsers feature in Browscap CVE-2009-3652 (Cross-site scripting (XSS) vulnerability in Organic Groups (OG) ...) NOT-FOR-US: Organic Groups OG CVE-2009-3653 (Cross-site scripting (XSS) vulnerability in the additional links ...) NOT-FOR-US: additional links interface in XML Sitemap CVE-2009-3654 (Unspecified vulnerability in Boost before 6.x-1.03, a module for ...) NOT-FOR-US: Boost CVE-2009-3655 (Rhino Software Serv-U 7.0.0.1 through 8.2.0.3 allows remote attackers ...) NOT-FOR-US: Rhino CVE-2009-3656 (Cross-site request forgery (CSRF) vulnerability in Shared Sign-On 5.x ...) NOT-FOR-US: Shared Sign On CVE-2009-3657 (Session fixation vulnerability in Shared Sign-On 5.x and 6.x, a module ...) NOT-FOR-US: Shared Sign On CVE-2009-3658 (Use-after-free vulnerability in the Sb.SuperBuddy.1 ActiveX control ...) NOT-FOR-US: America Online AOL CVE-2009-3659 (SQL injection vulnerability in file/stats.php in BS Counter 2.5.3 ...) NOT-FOR-US: BS Counter CVE-2009-3660 (PHP remote file inclusion vulnerability in libraries/database.php in ...) NOT-FOR-US: Efront CVE-2009-3661 (Multiple SQL injection vulnerabilities in the DJ-Catalog ...) NOT-FOR-US: DJ Catalog CVE-2009-3662 (FileCopa FTP Server 5.01 allows remote attackers to cause a denial of ...) NOT-FOR-US: FileCopa CVE-2009-3663 (Format string vulnerability in the h_readrequest function in http.c in ...) NOT-FOR-US: httpdx Web Server CVE-2009-3664 (Multiple directory traversal vulnerabilities in index.php in Nullam ...) NOT-FOR-US: Nullam Blog CVE-2009-3665 (Multiple SQL injection vulnerabilities in index.php in Nullam Blog ...) NOT-FOR-US: Nullam Blog CVE-2009-3666 (Cross-site scripting (XSS) vulnerability in index.php in Nullam Blog ...) NOT-FOR-US: Nullam Blog CVE-2009-3667 (SQL injection vulnerability in admin/index.php in AdsDX 3.05 allows ...) NOT-FOR-US: AdsDX CVE-2009-3668 (Cross-site scripting (XSS) vulnerability in ardguest.php in Ardguest ...) NOT-FOR-US: Ardguest CVE-2009-3669 (SQL injection vulnerability in the foobla Suggestions ...) NOT-FOR-US: foobla Suggestions com_foobla_suggestions component CVE-2009-3670 (Stack-based buffer overflow in KSP Sound Player 2009 R2 and R2.1 ...) NOT-FOR-US: KSP Sound Player CVE-2009-3671 (Microsoft Internet Explorer 8 does not properly handle objects in ...) NOT-FOR-US: memory CVE-2009-3672 (Microsoft Internet Explorer 6 and 7 does not properly handle objects ...) NOT-FOR-US: microsoft internet_explorer CVE-2009-3673 (Microsoft Internet Explorer 7 and 8 does not properly handle objects ...) NOT-FOR-US: memory CVE-2009-3674 (Microsoft Internet Explorer 8 does not properly handle objects in ...) NOT-FOR-US: memory CVE-2009-3675 (LSASS.exe in the Local Security Authority Subsystem Service (LSASS) in ...) NOT-FOR-US: Local Security Authority Subsystem Service LSASS in Microsoft Windows CVE-2009-3676 (The SMB client in the kernel in Microsoft Windows Server 2008 R2 and ...) NOT-FOR-US: Microsoft Windows Server CVE-2009-3677 (The Internet Authentication Service (IAS) in Microsoft Windows 2000 ...) NOT-FOR-US: Microsoft Windows CVE-2009-3678 (Integer overflow in cdd.dll in the Canonical Display Driver (CDD) in ...) NOT-FOR-US: microsoft windows_7 CVE-2009-3679 RESERVED CVE-2009-3680 RESERVED CVE-2009-3681 RESERVED CVE-2009-3682 RESERVED CVE-2009-3683 RESERVED CVE-2009-3684 RESERVED CVE-2009-3685 RESERVED CVE-2009-3686 RESERVED CVE-2009-3687 RESERVED CVE-2009-3688 RESERVED CVE-2009-3689 RESERVED CVE-2009-3690 RESERVED CVE-2009-3691 (Multiple integer overflows in setnet32.exe 3.50.0.13752 in IBM ...) NOT-FOR-US: IBM Informix Client SDK CVE-2009-3692 (Unspecified vulnerability in the VBoxNetAdpCtl configuration tool in ...) BUG: 288836 CVE-2009-3693 (Directory traversal vulnerability in the Persits.XUpload.2 ActiveX ...) NOT-FOR-US: persits xupload CVE-2009-3694 (Directory traversal vulnerability in config/config.php in ezRecipe-Zee ...) NOT-FOR-US: jdtmmsm ezrecipe zee CVE-2009-3695 (Algorithmic complexity vulnerability in the forms library in Django ...) BUG: 288366 CVE-2009-3696 (Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.11.x before ...) BUG: 288899 CVE-2009-3697 (SQL injection vulnerability in the PDF schema generator functionality ...) BUG: 288899 CVE-2009-3698 (An unspecified function in the Dalvik API in Android 1.5 and earlier ...) NOT-FOR-US: android CVE-2009-3699 (Stack-based buffer overflow in libcsa.a (aka the calendar daemon ...) NOT-FOR-US: ibm aix CVE-2009-3700 (Buffer overflow in sgLog.c in squidGuard 1.3 and 1.4 allows remote ...) BUG: 290623 CVE-2009-3701 (Multiple cross-site scripting (XSS) vulnerabilities in the ...) BUG: 297306 CVE-2009-3702 (Multiple absolute path traversal vulnerabilities in PHP-Calendar 1.1 ...) NOT-FOR-US: php calendar CVE-2009-3703 (Multiple SQL injection vulnerabilities in the WP-Forum plugin before ...) NOT-FOR-US: WP Forum plugin CVE-2009-3704 (ZoIPer 2.22, and possibly other versions before 2.24 Library 5324, ...) NOT-FOR-US: ZoIPer CVE-2009-3705 (PHP remote file inclusion vulnerability in debugger.php in Achievo ...) NOT-FOR-US: achievo CVE-2009-3706 (Unspecified vulnerability in the ZFS filesystem in Sun Solaris 10, and ...) NOT-FOR-US: sun solaris CVE-2009-3707 (VMware Authentication Daemon 1.0 in vmware-authd.exe in the VMware ...) BUG: 297367 CVE-2009-3708 (Stack-based buffer overflow in the Meta Content Optimizer in Konae ...) NOT-FOR-US: konae alleycode_html_editor CVE-2009-3709 (Stack-based buffer overflow in the Meta Content Optimizer in Konae ...) NOT-FOR-US: konae alleycode_html_editor CVE-2009-3710 (RioRey RIOS 4.6.6 and 4.7.0 uses an undocumented, hard-coded username ...) NOT-FOR-US: RioRey CVE-2009-3711 (Stack-based buffer overflow in the h_handlepeer function in http.cpp ...) NOT-FOR-US: httpdx CVE-2009-3712 (Multiple SQL injection vulnerabilities in Ebay Clone 2009 allow remote ...) NOT-FOR-US: justclone ebay_clone CVE-2009-3713 (SQL injection vulnerability in fichero.php in MorcegoCMS 1.7.6 and ...) NOT-FOR-US: morcego_cms CVE-2009-3714 (Cross-site scripting (XSS) vulnerability in admin_login.php in ...) NOT-FOR-US: maniacomputer mcshoutbox CVE-2009-3715 (Multiple SQL injection vulnerabilities in scr_login.php in MCshoutbox ...) NOT-FOR-US: maniacomputer mcshoutbox CVE-2009-3716 (Unrestricted file upload vulnerability in admin.php in MCshoutbox 1.1 ...) NOT-FOR-US: MCshoutbox CVE-2009-3717 (Heap-based buffer overflow in LucVil PatPlayer 3.9 allows remote ...) NOT-FOR-US: LucVil PatPlayer CVE-2009-3718 (SQL injection vulnerability in admin/authenticate.asp in Battle Blog ...) NOT-FOR-US: battleblog battle_blog CVE-2009-3719 (Cross-site scripting (XSS) vulnerability in comment.asp in Battle Blog ...) NOT-FOR-US: battleblog battle_blog CVE-2009-3720 (The updatePosition function in lib/xmltok_impl.c in libexpat in Expat ...) BUG: 280615 CVE-2009-3721 RESERVED CVE-2009-3722 (The handle_dr function in arch/x86/kvm/vmx.c in the KVM subsystem in ...) BUG: 291359 CVE-2009-3723 RESERVED CVE-2009-3724 RESERVED CVE-2009-3725 (The connector layer in the Linux kernel before 2.6.31.5 does not ...) BUG: 294238 CVE-2009-3726 (The nfs4_proc_lock function in fs/nfs/nfs4proc.c in the NFSv4 client ...) BUG: 294234 CVE-2009-3727 (Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.3, ...) BUG: 284892 CVE-2009-3728 (Directory traversal vulnerability in the ICC_Profile.getInstance ...) BUG: 291817 CVE-2009-3729 (Unspecified vulnerability in the TrueType font parsing functionality ...) BUG: 291817 CVE-2009-3730 (Multiple cross-site scripting (XSS) vulnerabilities in the ReqWeb Help ...) NOT-FOR-US: ReqWeb Help feature aka the Web Client Help system in IBM Rational RequisitePro CVE-2009-3731 (Multiple cross-site scripting (XSS) vulnerabilities in WebWorks Help ...) NOT-FOR-US: webworks publisher CVE-2009-3732 (Format string vulnerability in vmware-vmrc.exe build 158248 in VMware ...) BUG: 335866 CVE-2009-3733 (Directory traversal vulnerability in VMware Server 1.x before 1.0.10 ...) BUG: 297367 CVE-2009-3734 (Unspecified vulnerability in the management console in the S2 Security ...) NOT-FOR-US: s2sys linear_emerge_access_control_system CVE-2009-3735 (The ActiveScan Installer ActiveX control in as2stubie.dll before ...) NOT-FOR-US: panda_activescan CVE-2009-3736 (ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as ...) BUG: 295535 CVE-2009-3737 (The Oracle Siebel Option Pack for IE ActiveX control does not properly ...) NOT-FOR-US: oracle siebel_option_pack_ie_activex_control CVE-2009-3738 RESERVED CVE-2009-3739 (Multiple unspecified vulnerabilities on the Rockwell Automation AB ...) NOT-FOR-US: rockwellautomation ab_micrologix_controller CVE-2009-3740 RESERVED CVE-2009-3741 RESERVED CVE-2009-3742 (Cross-site scripting (XSS) vulnerability in Liferay Portal before ...) NOT-FOR-US: Liferay Portal CVE-2009-3743 (Off-by-one error in the TrueType bytecode interpreter in Ghostscript ...) TODO: check CVE-2009-3744 (rep_serv.exe 6.3.1.3 in the server in EMC RepliStor allows remote ...) NOT-FOR-US: server in EMC RepliStor allows remote attackers to cause a denial of service via a crafted packet to TCP port CVE-2009-3745 (Cross-site scripting (XSS) vulnerability in the help pages in IBM ...) NOT-FOR-US: help pages in IBM Rational AppScan Enterprise Edition CVE-2009-3746 (XScreenSaver in Sun Solaris 10, when the accessibility feature is ...) NOT-FOR-US: Sun Solaris CVE-2009-3747 (Cross-site scripting (XSS) vulnerability in index.php in TBmnetCMS 1.0 ...) NOT-FOR-US: TBmnetCMS CVE-2009-3748 (Multiple cross-site scripting (XSS) vulnerabilities in the Web ...) NOT-FOR-US: Web Administrator in Websense Personal Email Manager CVE-2009-3749 (The Web Administrator service (STEMWADM.EXE) in Websense Personal ...) NOT-FOR-US: Websense Personal Email Manager CVE-2009-3750 (SQL injection vulnerability in read.php in ToyLog 0.1 allows remote ...) NOT-FOR-US: ToyLog CVE-2009-3751 (Cross-site scripting (XSS) vulnerability in home.php in Opial 1.0 ...) NOT-FOR-US: Opial CVE-2009-3752 (SQL injection vulnerability in home.php in Opial 1.0 allows remote ...) NOT-FOR-US: Opial CVE-2009-3753 (Unrestricted file upload vulnerability in Opial 1.0 allows remote ...) NOT-FOR-US: Opial CVE-2009-3754 (Multiple SQL injection vulnerabilities in phpBMS 0.96 allow remote ...) NOT-FOR-US: phpBMS CVE-2009-3755 (Multiple cross-site scripting (XSS) vulnerabilities in phpBMS 0.96 ...) NOT-FOR-US: phpBMS CVE-2009-3756 (phpBMS 0.96 allows remote attackers to obtain sensitive information ...) NOT-FOR-US: advancedsearch php CVE-2009-3757 (Multiple cross-site scripting (XSS) vulnerabilities in sample code in ...) NOT-FOR-US: sample CVE-2009-3758 (SQL injection vulnerability in login.php in sample code in the ...) NOT-FOR-US: sample CVE-2009-3759 (Multiple cross-site request forgery (CSRF) vulnerabilities in sample ...) NOT-FOR-US: sample CVE-2009-3760 (Static code injection vulnerability in config/writeconfig.php in the ...) NOT-FOR-US: sample CVE-2009-3761 RESERVED CVE-2009-3762 (Unspecified vulnerability in Oracle OpenSSO Enterprise 8.0 allows ...) NOT-FOR-US: oracle opensso_enterprise CVE-2009-3763 (Unspecified vulnerability in the Access Manager / OpenSSO component in ...) NOT-FOR-US: oracle opensso_enterprise CVE-2009-3764 (Unspecified vulnerability in the OpenSSO component in Oracle OpenSSO ...) NOT-FOR-US: oracle opensso_enterprise CVE-2009-3765 (mutt_ssl.c in mutt 1.5.19 and 1.5.20, when OpenSSL is used, does not ...) BUG: 290660 CVE-2009-3766 (mutt_ssl.c in mutt 1.5.16 and other versions before 1.5.19, when ...) BUG: 290660 CVE-2009-3767 (libraries/libldap/tls_o.c in OpenLDAP 2.2 and 2.4, and possibly other ...) BUG: 290345 CVE-2009-3768 RESERVED CVE-2009-3769 RESERVED CVE-2009-3770 RESERVED CVE-2009-3771 RESERVED CVE-2009-3772 RESERVED CVE-2009-3773 RESERVED CVE-2009-3774 RESERVED CVE-2009-3775 RESERVED CVE-2009-3776 RESERVED CVE-2009-3777 RESERVED CVE-2009-3778 (SQL injection vulnerability in Moodle Course List 6.x before 6.x-1.2, ...) NOT-FOR-US: Moodle Course List CVE-2009-3779 (Cross-site scripting (XSS) vulnerability in vCard 5.x before 5.x-1.4 ...) NOT-FOR-US: vCard CVE-2009-3780 (Cross-site scripting (XSS) vulnerability in Abuse 5.x before 5.x-2.1 ...) NOT-FOR-US: Abuse CVE-2009-3781 (The filefield_file_download function in FileField 6.x-3.1, a module ...) NOT-FOR-US: FileField CVE-2009-3782 (Unspecified vulnerability in Userpoints 6.x before 6.x-1.1, a module ...) NOT-FOR-US: Userpoints CVE-2009-3783 (Cross-site scripting (XSS) vulnerability in Simplenews Statistics 6.x ...) NOT-FOR-US: Simplenews Statistics CVE-2009-3784 (Open redirect vulnerability in Simplenews Statistics 6.x before ...) NOT-FOR-US: Simplenews Statistics CVE-2009-3785 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...) NOT-FOR-US: Simplenews Statistics CVE-2009-3786 (Cross-site scripting (XSS) vulnerability in Organic Groups (OG) ...) NOT-FOR-US: Organic Groups OG Vocabulary CVE-2009-3787 (files.php in Vivvo CMS 4.1.5.1 allows remote attackers to conduct ...) NOT-FOR-US: Vivvo CMS CVE-2009-3788 (SQL injection vulnerability in index.php in OpenDocMan 1.2.5 allows ...) NOT-FOR-US: OpenDocMan CVE-2009-3789 (Multiple cross-site scripting (XSS) vulnerabilities in OpenDocMan ...) NOT-FOR-US: OpenDocMan CVE-2009-3790 (Heap-based buffer overflow in FormMax (formerly AcroForm) evaluation ...) NOT-FOR-US: FormMax formerly AcroForm evaluation CVE-2009-3791 (Unspecified vulnerability in Adobe Flash Media Server (FMS) before ...) NOT-FOR-US: adobe flash_media_server CVE-2009-3792 (Directory traversal vulnerability in Adobe Flash Media Server (FMS) ...) NOT-FOR-US: adobe flash_media_server CVE-2009-3793 (Unspecified vulnerability in Adobe Flash Player before 9.0.277.0 and ...) BUG: 322855 CVE-2009-3794 (Heap-based buffer overflow in Adobe Flash Player before 10.0.42.34 and ...) BUG: 296407 CVE-2009-3795 RESERVED CVE-2009-3796 (Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might ...) BUG: 296407 CVE-2009-3797 (Adobe Flash Player 10.x before 10.0.42.34 and Adobe AIR before 1.5.3 ...) BUG: 296407 CVE-2009-3798 (Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might ...) BUG: 296407 CVE-2009-3799 (Integer overflow in the Verifier::parseExceptionHandlers function in ...) BUG: 296407 CVE-2009-3800 (Multiple unspecified vulnerabilities in Adobe Flash Player before ...) BUG: 296407 CVE-2009-3801 (SQL injection vulnerability in index.php in OpenDocMan 1.2.5 allows ...) NOT-FOR-US: opendocman CVE-2009-3802 (Amiro.CMS 5.4.0.0 and earlier allows remote attackers to obtain ...) NOT-FOR-US: amirocms amiro cms CVE-2009-3803 (Multiple cross-site scripting (XSS) vulnerabilities in Amiro.CMS ...) NOT-FOR-US: amirocms amiro cms CVE-2009-3804 (Multiple SQL injection vulnerabilities in modules/forum/post.php in ...) NOT-FOR-US: runcms CVE-2009-3805 (gpg2.exe in Gpg4win 2.0.1, as used in KDE Kleopatra 2.0.11, allows ...) NOT-FOR-US: gpg4win CVE-2009-3806 (SQL injection vulnerability in feedback_js.php in DedeCMS 5.1 allows ...) NOT-FOR-US: dedecms CVE-2009-3807 (Stack-based buffer overflow in MixVibes 7.043 Pro allows remote ...) NOT-FOR-US: mixvibes CVE-2009-3808 (MixSense DJ Studio 1.0.0.1 allows remote attackers to cause a denial ...) NOT-FOR-US: kramware mixsense_dj_studio CVE-2009-3809 (Acoustica MP3 Audio Mixer 1.0 and possibly 2.471 allows remote ...) NOT-FOR-US: acoustica mp3_audio_mixer CVE-2009-3810 (Heap-based buffer overflow in Acoustica MP3 Audio Mixer 2.471 allows ...) NOT-FOR-US: acoustica mp3_audio_mixer CVE-2009-3811 (Stack-based buffer overflow in Music Tag Editor 1.61 build 212 allows ...) NOT-FOR-US: assistanttools music_tag_editor CVE-2009-3812 (Heap-based buffer overflow in OtsAV DJ trial version 1.85.64.0, Radio ...) NOT-FOR-US: otslabs otsav_tv CVE-2009-3813 (Multiple SQL injection vulnerabilities in RunCMS 2M1 allow remote ...) NOT-FOR-US: runcms CVE-2009-3814 (Static code injection vulnerability in RunCMS 2M1 allows remote ...) NOT-FOR-US: runcms CVE-2009-3815 (RunCMS 2M1, when running with certain error_reporting levels, allows ...) NOT-FOR-US: runcms CVE-2009-3816 (Multiple cross-site scripting (XSS) vulnerabilities in Activities ...) NOT-FOR-US: ibm lotus_connections CVE-2009-3817 (PHP remote file inclusion vulnerability in doc/releasenote.php in the ...) NOT-FOR-US: ordasoft com_booklibrary CVE-2009-3818 (Unspecified vulnerability in the session handling feature in freeCap ...) NOT-FOR-US: stanislas_rolland sr_freecap CVE-2009-3819 (Unspecified vulnerability in the Random Images (maag_randomimage) ...) NOT-FOR-US: urs_maag maag_randomimage CVE-2009-3820 (SQL injection vulnerability in the Flagbit Filebase (fb_filebase) ...) NOT-FOR-US: flagbit fb_filebase CVE-2009-3821 (Cross-site scripting (XSS) vulnerability in the Apache Solr Search ...) NOT-FOR-US: apache solr CVE-2009-3822 (PHP remote file inclusion vulnerability in Fiji Web Design Ajax Chat ...) NOT-FOR-US: fijiwebdesign com_ajaxchat CVE-2009-3823 (Directory traversal vulnerability in myhtml.php in Mobilelib GOLD 3.0, ...) NOT-FOR-US: ac4p mobilelib_gold CVE-2009-3824 (Directory traversal vulnerability in include/processor.php in ...) NOT-FOR-US: michael_j_greenwood php_content_manager CVE-2009-3825 (Multiple directory traversal vulnerabilities in GenCMS 2006 allow ...) NOT-FOR-US: thomas_graber gencms CVE-2009-3826 (Multiple buffer overflows in squidGuard 1.4 allow remote attackers to ...) BUG: 290623 CVE-2009-3827 RESERVED CVE-2009-3828 (The web interface for Everfocus EDR1600 DVR allows remote attackers to ...) NOT-FOR-US: web CVE-2009-3829 (Integer overflow in wiretap/erf.c in Wireshark before 1.2.2 allows ...) BUG: 285280 CVE-2009-3830 (The download functionality in Team Services in Microsoft Office ...) NOT-FOR-US: Team Services in Microsoft Office SharePoint Server CVE-2009-3831 (Opera before 10.01 allows remote attackers to execute arbitrary code ...) BUG: 290862 CVE-2009-3832 (Opera before 10.01 on Windows does not prevent use of Web fonts in ...) NOT-FOR-US: windows CVE-2009-3833 (Cross-site scripting (XSS) vulnerability in index.php in TFTgallery ...) NOT-FOR-US: tftgallery CVE-2009-3834 (SQL injection vulnerability in the Photoblog (com_photoblog) component ...) NOT-FOR-US: webguerilla com_photoblog CVE-2009-3835 (SQL injection vulnerability in the JShop (com_jshop) component for ...) NOT-FOR-US: whorl_ltd jshop CVE-2009-3836 (ArubaOS 3.3.1.x, 3.3.2.x, RN 3.1.x, 3.4.x, and 3.3.2.x-FIPS on the ...) NOT-FOR-US: arubanetworks arubaos CVE-2009-3837 (Stack-based buffer overflow in Eureka Email 2.2q allows remote POP3 ...) NOT-FOR-US: eureka email eureka_email CVE-2009-3838 (Stack-based buffer overflow in Pegasus Mail (PMail) 4.41 and possibly ...) NOT-FOR-US: pmail pegasus_mail CVE-2009-3839 (Unspecified vulnerability in the Solaris Trusted Extensions Policy ...) NOT-FOR-US: sun solaris CVE-2009-3840 (The embedded database engine service (aka ovdbrun.exe) in HP OpenView ...) NOT-FOR-US: hp openview_network_node_manager CVE-2009-3841 (Unspecified vulnerability in HP Discovery & Dependency Mapping ...) NOT-FOR-US: hp discovery dependency_mapping_inventory CVE-2009-3842 (Unspecified vulnerability on the HP Color LaserJet M3530 Multifunction ...) NOT-FOR-US: hp color_laserjet_m3530_multifunction_printer CVE-2009-3843 (HP Operations Manager 8.10 on Windows contains a "hidden account" in ...) NOT-FOR-US: hp operations_manager CVE-2009-3844 (Stack-based buffer overflow in the OmniInet process in HP OpenView ...) NOT-FOR-US: hp openview_data_protector_application_recovery_manager CVE-2009-3845 (The port-3443 HTTP server in HP OpenView Network Node Manager (OV NNM) ...) NOT-FOR-US: hp openview_network_node_manager CVE-2009-3846 (Multiple heap-based buffer overflows in ovlogin.exe in HP OpenView ...) NOT-FOR-US: hp openview_network_node_manager CVE-2009-3847 (Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) ...) NOT-FOR-US: hp openview_network_node_manager CVE-2009-3848 (Stack-based buffer overflow in nnmRptConfig.exe in HP OpenView Network ...) NOT-FOR-US: hp openview_network_node_manager CVE-2009-3849 (Multiple stack-based buffer overflows in HP OpenView Network Node ...) NOT-FOR-US: hp openview_network_node_manager CVE-2009-3850 (Blender 2.34, 2.35a, 2.40, and 2.49b allows remote attackers to ...) BUG: 293130 CVE-2009-3851 (Trusted Extensions in Sun Solaris 10 interferes with the operation of ...) NOT-FOR-US: sun solaris CVE-2009-3852 (Unspecified vulnerability in the XML component in IBM Runtimes for ...) NOT-FOR-US: ibm_runtimes_for_java_technology CVE-2009-3853 (Stack-based buffer overflow in the client acceptor daemon (CAD) ...) NOT-FOR-US: ibm tivoli_storage_manager_client CVE-2009-3854 (Buffer overflow in the traditional client scheduler in the client in ...) NOT-FOR-US: ibm tivoli_storage_manager_client CVE-2009-3855 (Multiple unspecified vulnerabilities in the (1) UNIX and (2) Linux ...) NOT-FOR-US: IBM Tivoli Storage Manager TSM CVE-2009-3856 (Cross-site scripting (XSS) vulnerability in the default URI in news/ ...) NOT-FOR-US: twiglightcms twilight_cms CVE-2009-3857 (Buffer overflow in Softonic International SciTE 1.72 allows ...) BUG: 293643 NOTE: cannot reproduce --a3li CVE-2009-3858 (Cross-site scripting (XSS) vulnerability in GejoSoft allows remote ...) NOT-FOR-US: gejosoft CVE-2009-3859 (Buffer overflow in eEye Retina WiFi Scanner 1.0.8.68, as used in ...) NOT-FOR-US: eEye Retina WiFi Scanner CVE-2009-3860 (Multiple insecure method vulnerabilities in Idefense Labs COMRaider ...) NOT-FOR-US: Idefense CVE-2009-3861 (Stack-based buffer overflow in SafeNet SoftRemote 10.8.5 (Build 2) and ...) NOT-FOR-US: SafeNet SoftRemote CVE-2009-3862 (The NDSD process in Novell eDirectory 8.7.3 before 8.7.3.10 ftf2 and ...) NOT-FOR-US: Novell eDirectory CVE-2009-3863 (Buffer overflow in the gxmim1.dll ActiveX control in Novell Groupwise ...) NOT-FOR-US: Novell Groupwise Client CVE-2009-3864 (The Java Update functionality in Java Runtime Environment (JRE) in Sun ...) NOT-FOR-US: windows-only CVE-2009-3865 (The launch method in the Deployment Toolkit plugin in Java Runtime ...) BUG: 291817 CVE-2009-3866 (The Java Web Start Installer in Sun Java SE in JDK and JRE 6 before ...) BUG: 291817 CVE-2009-3867 (Stack-based buffer overflow in the HsbParser.getSoundBank function in ...) BUG: 291817 CVE-2009-3868 (Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before ...) BUG: 291817 CVE-2009-3869 (Stack-based buffer overflow in the setDiffICM function in the Abstract ...) BUG: 291817 CVE-2009-3870 REJECTED CVE-2009-3871 (Heap-based buffer overflow in the setBytePixels function in the ...) BUG: 291817 CVE-2009-3872 (Unspecified vulnerability in the JPEG JFIF Decoder in Sun Java SE in ...) BUG: 291817 CVE-2009-3873 (The JPEG Image Writer in Sun Java SE in JDK and JRE 5.0 before Update ...) BUG: 291817 CVE-2009-3874 (Integer overflow in the JPEGImageReader implementation in the ImageI/O ...) BUG: 291817 CVE-2009-3875 (The MessageDigest.isEqual function in Java Runtime Environment (JRE) ...) BUG: 291817 CVE-2009-3876 (Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before ...) BUG: 291817 CVE-2009-3877 (Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before ...) BUG: 291817 CVE-2009-3878 (Buffer overflow in Sun Java System Web Server 7.0 Update 6 has ...) NOT-FOR-US: sun java_system_web_server CVE-2009-3879 (Multiple unspecified vulnerabilities in the (1) X11 and (2) ...) BUG: 291817 CVE-2009-3880 (The Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in ...) BUG: 291817 CVE-2009-3881 (Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, ...) BUG: 291817 CVE-2009-3882 (Multiple unspecified vulnerabilities in the Swing implementation in ...) BUG: 291817 CVE-2009-3883 (Multiple unspecified vulnerabilities in the Windows Pluggable Look and ...) NOT-FOR-US: windows-only CVE-2009-3884 (The TimeZone.getTimeZone method in Sun Java SE 5.0 before Update 22 ...) BUG: 291817 CVE-2009-3885 (Sun Java SE 5.0 before Update 22 and 6 before Update 17 on Windows ...) NOT-FOR-US: windows CVE-2009-3886 (The Java Web Start implementation in Sun Java SE 6 before Update 17 ...) BUG: 291817 CVE-2009-3887 RESERVED CVE-2009-3888 (The do_mmap_pgoff function in mm/nommu.c in the Linux kernel before ...) BUG: 294240 CVE-2009-3889 (The dbg_lvl file for the megaraid_sas driver in the Linux kernel ...) BUG: 294241 CVE-2009-3890 (Unrestricted file upload vulnerability in the wp_check_filetype ...) BUG: 293261 CVE-2009-3891 (Cross-site scripting (XSS) vulnerability in wp-admin/press-this.php in ...) BUG: 293261 CVE-2009-3892 (Cross-site scripting (XSS) vulnerability in Best Practical Solutions ...) NOT-FOR-US: bestpractical rt CVE-2009-3893 RESERVED CVE-2009-3894 (Multiple untrusted search path vulnerabilities in dstat before 0.7.0 ...) BUG: 293497 CVE-2009-3895 (Heap-based buffer overflow in the exif_entry_fix function (aka the tag ...) BUG: 293190 CVE-2009-3896 (src/http/ngx_http_parse.c in nginx (aka Engine X) 0.1.0 through ...) BUG: 293786 CVE-2009-3897 (Dovecot 1.2.x before 1.2.8 sets 0777 permissions during creation of ...) BUG: 293954 CVE-2009-3898 (Directory traversal vulnerability in ...) BUG: 293788 CVE-2009-3899 (Memory leak in the Sockets Direct Protocol (SDP) driver in Sun Solaris ...) NOT-FOR-US: sun solaris CVE-2009-3900 (Unspecified vulnerability in the Cluster Management component in IBM ...) NOT-FOR-US: ibm powerha CVE-2009-3901 (Multiple cross-site scripting (XSS) vulnerabilities in e-Courier CMS ...) NOT-FOR-US: ecouriersoftware e courirer_cms CVE-2009-3902 (Directory traversal vulnerability in Cherokee Web Server 0.5.4 and ...) NOT-FOR-US: cherokee_httpd CVE-2009-3903 (Multiple cross-site scripting (XSS) vulnerabilities in jspui/index.jsp ...) NOT-FOR-US: manageengine netflow_analyzer CVE-2009-3904 (classes/session/cc_admin_session.php in CubeCart 4.3.4 does not ...) NOT-FOR-US: cubecart CVE-2009-3905 (Multiple cross-site scripting (XSS) vulnerabilities in e-Courier CMS ...) NOT-FOR-US: ecouriersoftware e courirer_cms CVE-2009-3906 REJECTED CVE-2009-3907 REJECTED CVE-2009-3908 REJECTED CVE-2009-3909 (Integer overflow in the read_channel_data function in ...) BUG: 293127 CVE-2009-3910 RESERVED CVE-2009-3911 (Cross-site scripting (XSS) vulnerability in settings.php in TFTgallery ...) NOT-FOR-US: tftgallery CVE-2009-3912 (Directory traversal vulnerability in index.php in TFTgallery 0.13 ...) NOT-FOR-US: tftgallery CVE-2009-3913 (SQL injection vulnerability in summary.php in Xerox Fiery Webtools ...) NOT-FOR-US: xerox fiery_webtools CVE-2009-3914 (Cross-site scripting (XSS) vulnerability in the Temporary Invitation ...) NOT-FOR-US: wolfgang_ziegler temporary_invitation CVE-2009-3915 (Cross-site scripting (XSS) vulnerability in the "Separate title and ...) NOT-FOR-US: john_c_fiala link CVE-2009-3916 (Cross-site scripting (XSS) vulnerability in the Node Hierarchy module ...) NOT-FOR-US: ronan_dowling nodehierarchy CVE-2009-3917 (Cross-site scripting (XSS) vulnerability in the S5 Presentation Player ...) NOT-FOR-US: greg_knaddison s5 CVE-2009-3918 (Cross-site scripting (XSS) vulnerability in the Zoomify module 5.x ...) NOT-FOR-US: karim_ratib zoomify CVE-2009-3919 (Cross-site scripting (XSS) vulnerability in the NGP COO/CWP ...) NOT-FOR-US: sean_robertson crmngp CVE-2009-3920 (An administration page in the NGP COO/CWP Integration (crmngp) module ...) NOT-FOR-US: sean_robertson crmngp CVE-2009-3921 (The Smartqueue_og module 5.x before 5.x-1.3 and 6.x before ...) NOT-FOR-US: ezra_barnett_gildesgame smartqueue_og CVE-2009-3922 (Multiple cross-site request forgery (CSRF) vulnerabilities in the User ...) NOT-FOR-US: chad_phillips userprotect CVE-2009-3923 (The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop ...) NOT-FOR-US: sun virtualbox CVE-2009-3924 (Buffer overflow in pbsv.dll, as used in Soldier of Fortune II and ...) NOT-FOR-US: raven_software soldier_of_fortune_2 CVE-2009-3925 RESERVED CVE-2009-3926 RESERVED CVE-2009-3927 RESERVED CVE-2009-3928 RESERVED CVE-2009-3929 RESERVED CVE-2009-3930 (Multiple integer overflows in Christos Zoulas file before 5.02 allow ...) BUG: 268180 CVE-2009-3931 (Incomplete blacklist vulnerability in browser/download/download_exe.cc ...) NOT-FOR-US: old version, not in portage CVE-2009-3932 (The Gears plugin in Google Chrome before 3.0.195.32 allows ...) NOT-FOR-US: old version, not in portage CVE-2009-3933 (WebKit before r50173, as used in Google Chrome before 3.0.195.32, ...) NOT-FOR-US: old Version, we only have 4.0.x CVE-2009-3934 (The WebFrameLoaderClient::dispatchDidChangeLocationWithinPage function ...) NOT-FOR-US: old version, we only have 4.0.x CVE-2009-3935 (Multiple unspecified vulnerabilities in the Advanced Management Module ...) NOT-FOR-US: ibm advanced_management_module_firmware CVE-2009-3936 (Unspecified vulnerability in Citrix Online Plug-in for Windows 11.0.x ...) NOT-FOR-US: Citrix Online Plug in for Windows CVE-2009-3937 (Memory leak in Solaris TCP sockets in Sun OpenSolaris snv_106 through ...) NOT-FOR-US: Solaris CVE-2009-3938 (Buffer overflow in the ABWOutputDev::endWord function in ...) BUG: 308017 CVE-2009-3939 (The poll_mode_io file for the megaraid_sas driver in the Linux kernel ...) BUG: 294243 CVE-2009-3940 (Unspecified vulnerability in Guest Additions in Sun xVM VirtualBox ...) BUG: 294678 CVE-2009-3941 (Martin Lambers mpop before 1.0.19, when OpenSSL is used, does not ...) NOT-FOR-US: martin_lambers mpop CVE-2009-3942 (Martin Lambers msmtp before 1.4.19, when OpenSSL is used, does not ...) BUG: 293647 CVE-2009-3943 (Microsoft Internet Explorer 6 through 6.0.2900.2180 and 7 through ...) NOT-FOR-US: microsoft ie CVE-2009-3944 (Research In Motion (RIM) BlackBerry Browser on the BlackBerry 8800 ...) NOT-FOR-US: rim blackberry_8800 CVE-2009-3945 (Unspecified vulnerability in the Front-End Editor in the com_content ...) NOT-FOR-US: joomla CVE-2009-3946 (Joomla! before 1.5.15 allows remote attackers to read an extension's ...) BUG: 293648 CVE-2009-3947 (Buffer overflow in the FTP service on the Tandberg MXP F7.0 allows ...) NOT-FOR-US: tandberg_mxp_endpoints CVE-2009-3948 (JetAudio 7.5.3 COWON Media Center allows remote attackers to cause a ...) NOT-FOR-US: cowonamerica cowon_media_center jetaudio CVE-2009-3949 (cp/profile.php in VivaPrograms Infinity 2.0.5 and earlier does not ...) NOT-FOR-US: vivaprograms infinity_script CVE-2009-3950 (Multiple cross-site scripting (XSS) vulnerabilities in Bractus ...) NOT-FOR-US: bract suntrack CVE-2009-3951 (Unspecified vulnerability in the Flash Player ActiveX control in Adobe ...) NOT-FOR-US: Windows only. CVE-2009-3952 (Buffer overflow in Adobe Illustrator CS3 13.0.3 and earlier and ...) NOT-FOR-US: Adobe CVE-2009-3953 (The U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, 8.x ...) BUG: 297385 CVE-2009-3954 (The 3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and ...) NOT-FOR-US: n CVE-2009-3955 (Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows ...) NOT-FOR-US: adobe acrobat_reader CVE-2009-3956 (The default configuration of Adobe Reader and Acrobat 9.x before 9.3, ...) NOT-FOR-US: adobe acrobat_reader CVE-2009-3957 (Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows ...) NOT-FOR-US: adobe acrobat_reader CVE-2009-3958 (Multiple stack-based buffer overflows in the NOS Microsystems getPlus ...) NOT-FOR-US: adobe acrobat_reader CVE-2009-3959 (Integer overflow in the U3D implementation in Adobe Reader and Acrobat ...) NOT-FOR-US: adobe acrobat_reader CVE-2009-3960 (Unspecified vulnerability in BlazeDS 3.2 and earlier, as used in ...) NOT-FOR-US: adobe lifecycle_data_services CVE-2009-3961 (SQL injection vulnerability in user.php in Super Serious Stats (aka ...) NOT-FOR-US: jos_de_ruijter superseriousstats CVE-2009-3962 (The management interface on the 2wire Gateway 1700HG, 1701HG, 1800HW, ...) NOT-FOR-US: 2wire 2701hg t CVE-2009-3963 (Multiple unspecified vulnerabilities in XOOPS before 2.4.0 Final have ...) BUG: 285020 CVE-2009-3964 (SQL injection vulnerability in the NinjaMonials (com_ninjacentral) ...) NOT-FOR-US: ninjaforge ninjamonials CVE-2009-3965 (SQL injection vulnerability in rating.php in New 5 star Rating 1.0 ...) NOT-FOR-US: maniacomputer new5starrating CVE-2009-3966 (Arcade Trade Script 1.0 allows remote attackers to bypass ...) NOT-FOR-US: arcadetradescript arcade_trade_script CVE-2009-3967 (SQL injection vulnerability in browse.php in Ed Charkow SuperCharged ...) NOT-FOR-US: ed_charkow supercharged_linking CVE-2009-3968 (Multiple SQL injection vulnerabilities in ITechBids 8.0 allow remote ...) NOT-FOR-US: itechscripts itechbids CVE-2009-3969 (Stack-based buffer overflow in Faslo Player 7.0 allows remote ...) NOT-FOR-US: faslo_player CVE-2009-3970 (SQL injection vulnerability in index.php in PHP Dir Submit (aka ...) NOT-FOR-US: phpdirsubmit php_dir_submit CVE-2009-3971 (SQL injection vulnerability in the jTips (com_jtips) component 1.0.7 ...) NOT-FOR-US: jtips CVE-2009-3972 (SQL injection vulnerability in the Q-Proje Siirler Bileseni ...) NOT-FOR-US: qproje siirler_bileseni CVE-2009-3973 (SQL injection vulnerability in index.php in Turnkey Arcade Script ...) NOT-FOR-US: turnkeyarcade turnkey_arcade_script CVE-2009-3974 (Multiple SQL injection vulnerabilities in Invision Power Board (IPB or ...) NOT-FOR-US: invisionpower invision_power_board CVE-2009-3975 (SQL injection vulnerability in index.php in Moa Gallery 1.1.0 and ...) NOT-FOR-US: moagallery moa CVE-2009-3976 (Buffer overflow in Labtam ProFTP 2.9 allows remote FTP servers to ...) NOT-FOR-US: proftpd CVE-2009-3977 (Multiple buffer overflows in a certain ActiveX control in ...) NOT-FOR-US: hp openview_network_node_manager CVE-2009-3978 (The nsGIFDecoder2::GifWrite function in decoders/gif/nsGIFDecoder2.cpp ...) BUG: 312651 CVE-2009-3979 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) BUG: 297532 BUG: 312647 BUG: 307045 CVE-2009-3980 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) BUG: 307045 CVE-2009-3981 (Unspecified vulnerability in the browser engine in Mozilla Firefox ...) BUG: 312647 BUG: 312645 BUG: 307045 CVE-2009-3982 (Multiple unspecified vulnerabilities in the JavaScript engine in ...) BUG: 297532 BUG: 312647 BUG: 307045 CVE-2009-3983 (Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey ...) BUG: 297532 BUG: 312645 BUG: 312647 CVE-2009-3984 (Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey ...) BUG: 312647 BUG: 297532 BUG: 312645 CVE-2009-3985 (Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey ...) BUG: 312645 BUG: 312647 BUG: 297532 CVE-2009-3986 (Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey ...) BUG: 312645 BUG: 312647 BUG: 297532 CVE-2009-3987 (The GeckoActiveXObject function in Mozilla Firefox before 3.0.16 and ...) BUG: 312645 BUG: 312647 BUG: 297532 CVE-2009-3988 (Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and ...) BUG: 312645 BUG: 312647 BUG: 305689 CVE-2009-3989 (Bugzilla before 3.0.11, 3.2.x before 3.2.6, 3.4.x before 3.4.5, and ...) BUG: 303725 CVE-2009-3990 RESERVED CVE-2009-3991 RESERVED CVE-2009-3992 RESERVED CVE-2009-3993 RESERVED CVE-2009-3994 (Stack-based buffer overflow in the GetUID function in ...) NOT-FOR-US: denton_woods devil CVE-2009-3995 (Multiple heap-based buffer overflows in IN_MOD.DLL (aka the Module ...) NOT-FOR-US: IN_MOD DLL aka the Module Decoder Plug in in Winamp CVE-2009-3996 (Heap-based buffer overflow in IN_MOD.DLL (aka the Module Decoder ...) NOT-FOR-US: IN_MOD DLL aka the Module Decoder Plug in in Winamp CVE-2009-3997 (Integer overflow in IN_MOD.DLL (aka the Module Decoder Plug-in) in ...) NOT-FOR-US: IN_MOD DLL aka the Module Decoder Plug in in Winamp CVE-2009-3998 RESERVED CVE-2009-3999 (Stack-based buffer overflow in goform/formExportDataLogs in HP Power ...) NOT-FOR-US: hp power_manager CVE-2009-4000 (Directory traversal vulnerability in goform/formExportDataLogs in HP ...) NOT-FOR-US: hp power_manager CVE-2009-4001 (Integer overflow in XnView before 1.97.2 might allow remote attackers ...) NOT-FOR-US: xnview CVE-2009-4002 (Heap-based buffer overflow in Adobe Shockwave Player before 11.5.6.606 ...) NOT-FOR-US: adobe shockwave_player CVE-2009-4003 (Multiple integer overflows in Adobe Shockwave Player before 11.5.6.606 ...) NOT-FOR-US: adobe shockwave_player CVE-2009-4004 (Buffer overflow in the kvm_vcpu_ioctl_x86_setup_mce function in ...) BUG: 294244 CVE-2009-4005 (The collect_rx_frame function in drivers/isdn/hisax/hfc_usb.c in the ...) BUG: 294245 CVE-2009-4006 (Stack-based buffer overflow in the TEA decoding algorithm in RhinoSoft ...) NOT-FOR-US: rhinosoft serv u CVE-2009-4007 (Unspecified vulnerability in the NormaliseTrainConsist function in ...) BUG: 300175 CVE-2009-4008 RESERVED CVE-2009-4009 (Buffer overflow in PowerDNS Recursor before 3.1.7.2 allows remote ...) BUG: 299942 CVE-2009-4010 (Unspecified vulnerability in PowerDNS Recursor before 3.1.7.2 allows ...) BUG: 299942 CVE-2009-4011 RESERVED CVE-2009-4012 (Multiple integer overflows in LibThai before 0.1.13 might allow ...) NOT-FOR-US: linux thai libthai CVE-2009-4013 (Multiple directory traversal vulnerabilities in Lintian 1.23.x through ...) NOT-FOR-US: debian lintian CVE-2009-4014 (Multiple format string vulnerabilities in Lintian 1.23.x through ...) NOT-FOR-US: debian lintian CVE-2009-4015 (Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x ...) NOT-FOR-US: debian lintian CVE-2009-4016 (Integer underflow in the clean_string function in irc_string.c in (1) ...) BUG: 303735 CVE-2009-4017 (PHP before 5.2.12 and 5.3.x before 5.3.1 does not restrict the number ...) BUG: 293888 CVE-2009-4018 (The proc_open function in ext/standard/proc_open.c in PHP before ...) BUG: 297374 CVE-2009-4019 (mysqld in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 does not ...) BUG: 294187 CVE-2009-4020 (Stack-based buffer overflow in the hfs subsystem in the Linux kernel ...) BUG: 295652 CVE-2009-4021 (The fuse_direct_io function in fs/fuse/file.c in the fuse subsystem in ...) BUG: 294531 CVE-2009-4022 (Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before ...) BUG: 294497 CVE-2009-4023 (Argument injection vulnerability in the sendmail implementation of the ...) BUG: 294256 CVE-2009-4024 (Argument injection vulnerability in the ping function in Ping.php in ...) BUG: 294258 CVE-2009-4025 (Argument injection vulnerability in the traceroute function in ...) BUG: 294264 CVE-2009-4026 (The mac80211 subsystem in the Linux kernel before ...) BUG: 295660 CVE-2009-4027 (Race condition in the mac80211 subsystem in the Linux kernel before ...) BUG: 295661 CVE-2009-4028 (The vio_verify_callback function in viosslfactories.c in MySQL 5.0.x ...) BUG: 294187 CVE-2009-4029 (The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, ...) BUG: 295357 CVE-2009-4030 (MySQL 5.1.x before 5.1.41 allows local users to bypass certain ...) BUG: 300177 CVE-2009-4031 (The do_insn_fetch function in arch/x86/kvm/emulate.c in the x86 ...) BUG: 294625 CVE-2009-4032 (Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.7e ...) BUG: 294573 CVE-2009-4033 (A certain Red Hat patch for acpid 1.0.4 effectively triggers a call to ...) NOT-FOR-US: RedHat specific bug CVE-2009-4034 (PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before ...) BUG: 297383 CVE-2009-4035 (The FoFiType1::parse function in fofi/FoFiType1.cc in Xpdf 3.0.0, gpdf ...) TODO: check CVE-2009-4036 RESERVED CVE-2009-4037 (Multiple SQL injection vulnerabilities in FrontAccounting (FA) before ...) NOT-FOR-US: frontaccounting CVE-2009-4038 (Multiple cross-site scripting (XSS) vulnerabilities in NCH Software ...) NOT-FOR-US: nch axon_virtual_pbx CVE-2009-4039 (Cross-site scripting (XSS) vulnerability in Piwigo before 2.0.6 allows ...) NOT-FOR-US: piwigo CVE-2009-4040 (Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.0.17 and ...) NOT-FOR-US: phpmyfaq CVE-2009-4041 (UseBB 1.0.9 before 1.0.10 allows remote attackers to cause a denial of ...) NOT-FOR-US: usebb CVE-2009-4042 (Cross-site scripting (XSS) vulnerability in the RootCandy theme 6.x ...) NOT-FOR-US: marek_sotak rootcandy CVE-2009-4043 (Cross-site scripting (XSS) vulnerability in the AddToAny module 5.x ...) NOT-FOR-US: patrick_przybilla addtoany CVE-2009-4044 (The Web Services module 6.x for Drupal does not perform the expected ...) NOT-FOR-US: bruno_massa web_services CVE-2009-4045 (Multiple SQL injection vulnerabilities in FrontAccounting (FA) before ...) NOT-FOR-US: frontaccounting CVE-2009-4046 (Multiple SQL injection vulnerabilities in FrontAccounting (FA) 2.2.x ...) NOT-FOR-US: frontaccounting CVE-2009-4047 (Multiple cross-site scripting (XSS) vulnerabilities in PHD Help Desk ...) NOT-FOR-US: p hd phd_help_desk CVE-2009-4048 (Dxmsoft XM Easy Personal FTP Server 5.8.0 allows remote authenticated ...) NOT-FOR-US: dxmsoft xm_easy_personal_ftp_server CVE-2009-4049 (Heap-based buffer overflow in aswRdr.sys (aka the TDI RDR driver) in ...) NOT-FOR-US: avast_antivirus_professional CVE-2009-4050 (Directory traversal vulnerability in get_file.php in phpMyBackupPro ...) NOT-FOR-US: phpmybackuppro CVE-2009-4051 (Home FTP Server 1.10.1.139 allows remote attackers to cause a denial ...) NOT-FOR-US: downstairs dnsalias home_ftp_server CVE-2009-4052 (Multiple cross-site scripting (XSS) vulnerabilities in the JSF Widget ...) NOT-FOR-US: ibm rational_software_architect CVE-2009-4053 (Multiple directory traversal vulnerabilities in Home FTP Server ...) NOT-FOR-US: downstairs dnsalias home_ftp_server CVE-2009-4054 REJECTED NOT-FOR-US: microsoft ie CVE-2009-4055 (rtp.c in Asterisk Open Source 1.2.x before 1.2.37, 1.4.x before ...) BUG: 295270 CVE-2009-4056 (Directory traversal vulnerability in admin/popup.php in Betsy CMS 3.5 ...) NOT-FOR-US: betsy_cms CVE-2009-4057 (SQL injection vulnerability in the inertialFATE iF Portfolio Nexus ...) NOT-FOR-US: inertialfate com_if_nexus CVE-2009-4058 (SQL injection vulnerability in allauctions.php in Telebid Auction ...) NOT-FOR-US: telebidauctionscript telebid_auction_script CVE-2009-4059 (SQL injection vulnerability in the JoomClip (com_joomclip) component ...) NOT-FOR-US: joomclan com_joomclip CVE-2009-4060 (SQL injection vulnerability in includes/content/viewProd.inc.php in ...) NOT-FOR-US: cubecart CVE-2009-4061 (Multiple cross-site scripting (XSS) vulnerabilities in the Agreement ...) NOT-FOR-US: yuriy_babenko agreement_module CVE-2009-4062 (Multiple cross-site scripting (XSS) vulnerabilities in the ...) NOT-FOR-US: anon design printfriendly CVE-2009-4063 (Cross-site scripting (XSS) vulnerability in the Subgroups for Organic ...) NOT-FOR-US: ezra_barnett_gildesgame og_subgroups CVE-2009-4064 (Cross-site scripting (XSS) vulnerability in the Gallery Assist module ...) NOT-FOR-US: puntolatinoclub gallery_assist_module CVE-2009-4065 (Cross-site scripting (XSS) vulnerability in the settings page in the ...) NOT-FOR-US: jeff_miccolis strongarm_module CVE-2009-4066 (Multiple cross-site request forgery (CSRF) vulnerabilities in the "My ...) NOT-FOR-US: paul_beaney phplist CVE-2009-4067 RESERVED CVE-2009-4068 RESERVED CVE-2009-4069 (Multiple cross-site scripting (XSS) vulnerabilities in GForge 4.5.14, ...) NOT-FOR-US: gforge CVE-2009-4070 (SQL injection vulnerability in GForge 4.5.14, 4.7.3, and possibly ...) NOT-FOR-US: gforge CVE-2009-4071 (Opera before 10.10, when exception stacktraces are enabled, places ...) BUG: 294208 CVE-2009-4072 (Unspecified vulnerability in Opera before 10.10 has unknown impact and ...) BUG: 294208 CVE-2009-4073 (The printing functionality in Microsoft Internet Explorer 8 allows ...) NOT-FOR-US: microsoft ie CVE-2009-4074 (The XSS Filter in Microsoft Internet Explorer 8 allows remote ...) NOT-FOR-US: microsoft ie CVE-2009-4075 (Unspecified vulnerability in the timeout mechanism in sshd in Sun ...) NOT-FOR-US: sun solaris CVE-2009-4076 (Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail ...) BUG: 294679 CVE-2009-4077 (Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail ...) BUG: 294679 CVE-2009-4078 (Multiple cross-site scripting (XSS) vulnerabilities in Redmine 0.8.5 ...) NOT-FOR-US: h CVE-2009-4079 (Cross-site request forgery (CSRF) vulnerability in Redmine 0.8.5 and ...) NOT-FOR-US: redmine CVE-2009-4080 (Multiple unspecified vulnerabilities in ldap_cachemgr (aka the LDAP ...) NOT-FOR-US: ldap_cachemgr aka the LDAP client configuration cache daemon in Sun Solaris CVE-2009-4081 (Untrusted search path vulnerability in dstat before r3199 allows local ...) BUG: 293497 CVE-2009-4082 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: lanifex outreach_project_tool CVE-2009-4083 (Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.16 and ...) NOT-FOR-US: e107 CVE-2009-4084 (SQL injection vulnerability in the search feature in e107 0.7.16 and ...) NOT-FOR-US: e107 CVE-2009-4085 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: jabba_laci phptraverse CVE-2009-4086 (CRLF injection vulnerability in Xerver HTTP Server 4.31 and 4.32 ...) NOT-FOR-US: javascript xerver CVE-2009-4087 (Cross-site scripting (XSS) vulnerability in index.php in telepark.wiki ...) NOT-FOR-US: telepark wiki CVE-2009-4088 (Multiple directory traversal vulnerabilities in telepark.wiki 2.4.23 ...) NOT-FOR-US: telepark wiki CVE-2009-4089 (telepark.wiki 2.4.23 and earlier allows remote attackers to bypass ...) NOT-FOR-US: telepark wiki CVE-2009-4090 (Unrestricted file upload vulnerability in ajax/addComment.php in ...) NOT-FOR-US: telepark wiki CVE-2009-4091 (comments.php in Simplog 0.9.3.2, and possibly earlier, does not ...) NOT-FOR-US: simplog CVE-2009-4092 (Cross-site request forgery (CSRF) vulnerability in user.php in Simplog ...) NOT-FOR-US: simplog CVE-2009-4093 (Multiple cross-site scripting (XSS) vulnerabilities in comments.php in ...) NOT-FOR-US: simplog CVE-2009-4094 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: designforjoomla com_ezine CVE-2009-4095 (myPhile 1.2.1 allows remote attackers to bypass authentication via an ...) NOT-FOR-US: companionway myphile CVE-2009-4096 (RADIO istek scripti 2.5 stores sensitive information under the web ...) NOT-FOR-US: scriptlerim radio_isetek_scripti CVE-2009-4097 (Stack-based buffer overflow in the MplayInputFile function in Serenity ...) NOT-FOR-US: malsmith serenity_audio_player CVE-2009-4098 (Unrestricted file upload vulnerability in banner-edit.php in OpenX ...) NOT-FOR-US: OpenX adserver CVE-2009-4099 (SQL injection vulnerability in the Google Calendar GCalendar ...) NOT-FOR-US: com_gigcalendar CVE-2009-4100 (Yoono extension before 6.1.1 for Firefox performs certain operations ...) NOT-FOR-US: Yoono CVE-2009-4101 (infoRSS 1.1.4.2 and earlier extension for Firefox performs certain ...) NOT-FOR-US: infoRSS CVE-2009-4102 (Sage 1.4.3 and earlier extension for Firefox performs certain ...) NOT-FOR-US: Sage CVE-2009-4103 (Buffer overflow in Robo-FTP 3.6.17, and possibly other versions, ...) NOT-FOR-US: robo ftp CVE-2009-4104 (SQL injection vulnerability in Lyften Designs LyftenBloggie ...) NOT-FOR-US: Lyften Designs LyftenBloggie com_lyftenbloggie component CVE-2009-4105 (TYPSoft FTP Server 1.10 allows remote authenticated users to cause a ...) NOT-FOR-US: typsoft_ftp_server CVE-2009-4106 (Unrestricted file upload vulnerability in admintools/editpage-2.php in ...) NOT-FOR-US: ohloh agoko_cms CVE-2009-4107 (Buffer overflow in Invisible Browsing 5.0.52 allows user-assisted ...) NOT-FOR-US: amplusnet invisible_browsing CVE-2009-4108 (XM Easy Personal FTP Server 5.8.0 allows remote authenticated users to ...) NOT-FOR-US: dxmsoft xm_easy_personal_ftp_server CVE-2009-4109 (The install wizard in DotNetNuke 4.0 through 5.1.4 does not prevent ...) NOT-FOR-US: dotnetnuke CVE-2009-4110 (Cross-site scripting (XSS) vulnerability in the search functionality ...) NOT-FOR-US: dotnetnuke CVE-2009-4111 (Argument injection vulnerability in Mail/sendmail.php in the Mail ...) BUG: 294256 CVE-2009-4112 (Cacti 0.8.7e and earlier allows remote authenticated administrators to ...) BUG: 294573 CVE-2009-4113 (Static code injection vulnerability in the Categories module in ...) NOT-FOR-US: korn19 utf 8_cutenews CVE-2009-4114 (kl1.sys in Kaspersky Anti-Virus 2010 9.0.0.463, and possibly other ...) NOT-FOR-US: kaspersky_anti virus CVE-2009-4115 (Multiple static code injection vulnerabilities in the Categories ...) NOT-FOR-US: cutephp cutenews CVE-2009-4116 (Multiple directory traversal vulnerabilities in CutePHP CuteNews ...) NOT-FOR-US: cutephp cutenews CVE-2009-4117 (Multiple stack-based buffer overflows in pdf_shade4.c in MuPDF before ...) NOT-FOR-US: kowalczyk sumatrapdf CVE-2009-4118 (The StartServiceCtrlDispatcher function in the cvpnd service ...) NOT-FOR-US: cisco vpn_client CVE-2009-4119 (Cross-site scripting (XSS) vulnerability in Feed Element Mapper module ...) NOT-FOR-US: alex_barth feed_element_mapper CVE-2009-4120 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...) NOT-FOR-US: opensolution quick cart CVE-2009-4121 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...) NOT-FOR-US: opensolution quick cms lite CVE-2009-4122 RESERVED CVE-2009-4123 RESERVED CVE-2009-4124 (Heap-based buffer overflow in the rb_str_justify function in string.c ...) BUG: 296052 CVE-2009-4125 RESERVED CVE-2009-4126 RESERVED CVE-2009-4127 (Unspecified vulnerability in Wikipedia Toolbar extension before ...) NOT-FOR-US: Wikipedia Toolbar extension CVE-2009-4128 (GNU GRand Unified Bootloader (GRUB) 2 1.97 only compares the submitted ...) BUG: 295536 CVE-2009-4129 (Race condition in Mozilla Firefox allows remote attackers to produce a ...) TODO: check CVE-2009-4130 (Visual truncation vulnerability in the MakeScriptDialogTitle function ...) TODO: check CVE-2009-4131 (The EXT4_IOC_MOVE_EXT (aka move extents) ioctl implementation in the ...) BUG: 296383 CVE-2009-4132 REJECTED CVE-2009-4133 (Condor 6.5.4 through 7.2.4, 7.3.x, and 7.4.0, as used in MRG, Grid for ...) NOT-FOR-US: redhat enterprise_mrg CVE-2009-4134 (Buffer underflow in the rgbimg module in Python 2.5 allows remote ...) BUG: 335868 CVE-2009-4135 (The distcheck rule in dist-check.mk in GNU coreutils 5.2.1 through 8.1 ...) BUG: 297375 CVE-2009-4136 (PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before ...) BUG: 297383 CVE-2009-4137 (The loadContentFromCookie function in core/Cookie.php in Piwik before ...) NOT-FOR-US: piwik CVE-2009-4138 (drivers/firewire/ohci.c in the Linux kernel before 2.6.32-git9, when ...) BUG: 297045 CVE-2009-4139 RESERVED CVE-2009-4140 (Unrestricted file upload vulnerability in ofc_upload_image.php in Open ...) NOT-FOR-US: teethgrinder co uk open_flash_chart CVE-2009-4141 (Use-after-free vulnerability in the fasync_helper function in ...) BUG: 303737 CVE-2009-4142 (The htmlspecialchars function in PHP before 5.2.12 does not properly ...) BUG: 293888 CVE-2009-4143 (PHP before 5.2.12 does not properly handle session data, which has ...) BUG: 293888 CVE-2009-4144 (NetworkManager (NM) 0.7.2 does not ensure that the configured ...) BUG: 300178 CVE-2009-4145 (nm-connection-editor in NetworkManager (NM) 0.7.x exports connection ...) BUG: 300178 CVE-2009-4146 (The _rtld function in the Run-Time Link-Editor (rtld) in ...) TODO: BSD CVE-2009-4147 (The _rtld function in the Run-Time Link-Editor (rtld) in ...) TODO: BSD CVE-2009-4148 (DAZ Studio 2.3.3.161, 2.3.3.163, and 3.0.1.135 allows remote attackers ...) NOT-FOR-US: daz3d daz_studio CVE-2009-4149 (Cross-site scripting (XSS) vulnerability in the web interface in CA ...) NOT-FOR-US: web interface in CA Service Desk CVE-2009-4150 (dasauto in IBM DB2 8 before FP18, 9.1 before FP8, 9.5 before FP4, and ...) NOT-FOR-US: ibm db2 CVE-2009-4151 (Session fixation vulnerability in html/Elements/SetupSessionCookie in ...) BUG: 285298 CVE-2009-4152 (Cross-site scripting (XSS) vulnerability in the Collaboration ...) NOT-FOR-US: Collaboration component in IBM WebSphere Portal CVE-2009-4153 (Unspecified vulnerability in the XMLAccess component in IBM WebSphere ...) NOT-FOR-US: XMLAccess component in IBM WebSphere Portal CVE-2009-4154 (Directory traversal vulnerability in includes/feedcreator.class.php in ...) NOT-FOR-US: Elxis CVE-2009-4155 (Multiple SQL injection vulnerabilities in Eshopbuilde CMS allow remote ...) NOT-FOR-US: Eshopbuilde CVE-2009-4156 (PHP remote file inclusion vulnerability in modules/pms/index.php in ...) NOT-FOR-US: Ciamos CMS CVE-2009-4157 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) NOT-FOR-US: ProofReader com_proofreader component CVE-2009-4158 (SQL injection vulnerability in the Calendar Base (cal) extension ...) NOT-FOR-US: Calendar Base cal extension CVE-2009-4159 (Cross-site scripting (XSS) vulnerability in the newsletter ...) NOT-FOR-US: newsletter configuration feature in the backend module in the Direct Mail direct_mail extension CVE-2009-4160 (Unspecified vulnerability in the Simple download-system with counter ...) NOT-FOR-US: Simple download system with counter and categories kk_downloader extension CVE-2009-4161 (Cross-site scripting (XSS) vulnerability in the [AN] Search it! ...) NOT-FOR-US: AN Search it an_searchit extension CVE-2009-4162 (Unspecified vulnerability in the DB Integration (wfqbe) extension ...) NOT-FOR-US: DB Integration wfqbe extension CVE-2009-4163 (SQL injection vulnerability in the TW Productfinder (tw_productfinder) ...) NOT-FOR-US: TW Productfinder tw_productfinder extension CVE-2009-4164 (Cross-site scripting (XSS) vulnerability in the simple Glossar ...) NOT-FOR-US: simple Glossar simple_glossar extension CVE-2009-4165 (SQL injection vulnerability in the simple Glossar (simple_glossar) ...) NOT-FOR-US: simple Glossar simple_glossar extension CVE-2009-4166 (SQL injection vulnerability in the Trips (mchtrips) extension 2.0.0 ...) NOT-FOR-US: Trips mchtrips extension CVE-2009-4167 (Unspecified vulnerability in the Automatic Base Tags for RealUrl ...) NOT-FOR-US: Automatic Base Tags for RealUrl lt_basetag extension CVE-2009-4168 (Cross-site scripting (XSS) vulnerability in Roy Tanck tagcloud.swf, as ...) NOT-FOR-US: WP Cumulus Plug in CVE-2009-4169 (Cross-site scripting (XSS) vulnerability in wp-cumulus.php in the ...) NOT-FOR-US: WP Cumulus Plug in CVE-2009-4170 (WP-Cumulus Plug-in 1.20 for WordPress, and possibly other versions, ...) NOT-FOR-US: an CVE-2009-4171 (An ActiveX control in YahooBridgeLib.dll for Yahoo! Messenger ...) NOT-FOR-US: YahooBridgeLib dll for Yahoo Messenger CVE-2009-4172 (Cross-site scripting (XSS) vulnerability in index.php in CutePHP ...) NOT-FOR-US: CutePHP CuteNews CVE-2009-4173 (Cross-site request forgery (CSRF) vulnerability in CutePHP CuteNews ...) NOT-FOR-US: CutePHP CuteNews CVE-2009-4174 (The editnews module in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews ...) NOT-FOR-US: CutePHP CuteNews CVE-2009-4175 (CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b allows remote ...) NOT-FOR-US: korn19 utf 8_cutenews CVE-2009-4176 (Multiple heap-based buffer overflows in ovsessionmgr.exe in HP ...) NOT-FOR-US: hp openview_network_node_manager CVE-2009-4177 (Buffer overflow in webappmon.exe in HP OpenView Network Node Manager ...) NOT-FOR-US: hp openview_network_node_manager CVE-2009-4178 (Heap-based buffer overflow in OvWebHelp.exe in HP OpenView Network ...) NOT-FOR-US: hp openview_network_node_manager CVE-2009-4179 (Stack-based buffer overflow in ovalarm.exe in HP OpenView Network Node ...) NOT-FOR-US: hp openview_network_node_manager CVE-2009-4180 (Stack-based buffer overflow in snmpviewer.exe in HP OpenView Network ...) NOT-FOR-US: hp openview_network_node_manager CVE-2009-4181 (Stack-based buffer overflow in ovwebsnmpsrv.exe in HP OpenView Network ...) NOT-FOR-US: hp openview_network_node_manager CVE-2009-4182 (Multiple unspecified vulnerabilities in HP Web Jetadmin 10.2, when a ...) NOT-FOR-US: hp web_jetadmin CVE-2009-4183 (Unspecified vulnerability in HP OpenView Storage Data Protector 6.00 ...) NOT-FOR-US: hp openview_storage_data_protector CVE-2009-4184 (Unspecified vulnerability in HP Enterprise Cluster Master Toolkit ...) NOT-FOR-US: hp enterprise_cluster_master_toolkit CVE-2009-4185 (Cross-site scripting (XSS) vulnerability in proxy/smhui/getuiinfo in ...) NOT-FOR-US: proxy smhui getuiinfo in HP System Management Homepage SMH CVE-2009-4186 (Stack consumption vulnerability in Apple Safari 4.0.3 on Windows ...) NOT-FOR-US: apple safari CVE-2009-4187 (Multiple cross-site scripting (XSS) vulnerabilities in the Gateway ...) NOT-FOR-US: sun java_system_portal_server CVE-2009-4188 (HP Operations Dashboard has a default password of j2deployer for the ...) NOT-FOR-US: hp operations_dashboard CVE-2009-4189 (HP Operations Manager has a default password of OvW*busr1 for the ...) NOT-FOR-US: hp operations_manager CVE-2009-4190 (Unspecified vulnerability in the kernel in Sun OpenSolaris 2009.06 ...) NOT-FOR-US: sun opensolaris CVE-2009-4191 (Unspecified vulnerability in the kernel in Sun Solaris 10 and ...) NOT-FOR-US: sun solaris CVE-2009-4192 (Directory traversal vulnerability in dialog/file_manager.php in ...) NOT-FOR-US: interspire knowledge_manager CVE-2009-4193 (Merkaartor 0.14 allows local users to append data to arbitrary files ...) BUG: 297377 CVE-2009-4194 (Directory traversal vulnerability in Golden FTP Server 4.30 Free and ...) NOT-FOR-US: kmint21 golden_ftp_server CVE-2009-4195 (Buffer overflow in Adobe Illustrator CS4 14.0.0, CS3 13.0.3 and ...) NOT-FOR-US: adobe illustrator CVE-2009-4196 (Multiple cross-site scripting (XSS) vulnerabilities in multiple ...) NOT-FOR-US: huawei mt882_v100t002b020_arg t CVE-2009-4197 (rpwizPppoe.htm in Huawei MT882 V100R002B020 ARG-T running firmware ...) NOT-FOR-US: huawei mt882_modem CVE-2009-4198 (SQL injection vulnerability in my_orders.php in MyMiniBill allows ...) NOT-FOR-US: MyMiniBill CVE-2009-4199 (Multiple SQL injection vulnerabilities in the Mambo Resident (aka Mos ...) NOT-FOR-US: mamboforge com_mosres CVE-2009-4200 (SQL injection vulnerability in the Seminar (com_seminar) component ...) NOT-FOR-US: vollmar com_seminar CVE-2009-4201 (Multiple stack-based buffer overflows in Mp3 Tag Assistant ...) NOT-FOR-US: assistanttools mp3_tag_assistance_professional CVE-2009-4202 (Directory traversal vulnerability in the Omilen Photo Gallery ...) NOT-FOR-US: omilenitsolutions com_omphotogallery CVE-2009-4203 (Multiple SQL injection vulnerabilities in admin/aclass/admin_func.php ...) NOT-FOR-US: arabportal arab_portal CVE-2009-4204 (SQL injection vulnerability in read.php in Flashlight Free Edition ...) NOT-FOR-US: ringsworld flashlight_free_edition CVE-2009-4205 (Directory traversal vulnerability in admin.php in Flashlight Free ...) NOT-FOR-US: ringsworld flashlight_free_edition CVE-2009-4206 (SQL injection vulnerability in admin.link.modify.php in Million Dollar ...) NOT-FOR-US: cmsnx million_dollar_text_links CVE-2009-4207 (Cross-site scripting (XSS) vulnerability in the Webform module 5.x ...) NOT-FOR-US: nathan_haug webform CVE-2009-4208 (SQL injection vulnerability in the os_news module in Open-school (OS) ...) NOT-FOR-US: open school CVE-2009-4209 (Multiple cross-site scripting (XSS) vulnerabilities in admin/index.php ...) NOT-FOR-US: mozilocms CVE-2009-4210 (The Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and ...) NOT-FOR-US: microsoft windows_xp CVE-2009-4211 (The U.S. Defense Information Systems Agency (DISA) Security Readiness ...) NOT-FOR-US: disa srr_for_solaris CVE-2009-4212 (Multiple integer underflows in the (1) AES and (2) RC4 decryption ...) BUG: 308021 CVE-2009-4213 RESERVED CVE-2009-4214 (Cross-site scripting (XSS) vulnerability in the strip_tags function in ...) BUG: 294797 CVE-2009-4215 (Panda Global Protection 2010, Internet Security 2010, and Antivirus ...) NOT-FOR-US: pandasecurity panda_internet_security CVE-2009-4216 (Directory traversal vulnerability in funzioni/lib/menulast.php in ...) NOT-FOR-US: klinza_professional_cms CVE-2009-4217 (SQL injection vulnerability in the Itamar Elharar MusicGallery ...) NOT-FOR-US: itamar_elharar com_musicgallery CVE-2009-4218 (Multiple SQL injection vulnerabilities in files/login.asp in JiRo's ...) NOT-FOR-US: jiros jbsx CVE-2009-4219 (Stack-based buffer overflow in the MYACTIVEX.MyActiveXCtrl.1 ActiveX ...) NOT-FOR-US: haihaisoft_universal_player CVE-2009-4220 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: raphael_mazoyer pointcomma CVE-2009-4221 (SQL injection vulnerability in classified.php in phpBazar 2.1.1fix and ...) NOT-FOR-US: smartisoft phpbazar CVE-2009-4222 (phpBazar 2.1.1fix and earlier does not require administrative ...) NOT-FOR-US: smartisoft phpbazar CVE-2009-4223 (PHP remote file inclusion vulnerability in adm/krgourl.php in KR-Web ...) NOT-FOR-US: gianni_tommasi kr php_web_content_server CVE-2009-4224 (Multiple PHP remote file inclusion vulnerabilities in SweetRice 0.5.4, ...) NOT-FOR-US: basic cms sweetrice CVE-2009-4225 (Stack-based buffer overflow in the PestPatrol ActiveX control ...) NOT-FOR-US: ca etrust_pestpatrole_ppctl dll_activex CVE-2009-4226 (Race condition in the IP module in the kernel in Sun OpenSolaris ...) NOT-FOR-US: sun opensolaris CVE-2009-4227 (Stack-based buffer overflow in the read_1_3_textobject function in ...) BUG: 297379 CVE-2009-4228 (Stack consumption vulnerability in u_bound.c in Xfig 3.2.5b and ...) BUG: 297379 CVE-2009-4229 (Multiple SQL injection vulnerabilities in ActiveWebSoftwares Active ...) NOT-FOR-US: activewebsoftwares active_bids CVE-2009-4230 (Multiple stack-based buffer overflows in src/Task.cc in the FastCGI ...) NOT-FOR-US: ruven_pillay iipimage_server CVE-2009-4231 (Directory traversal vulnerability in as/lib/plugins.php in SweetRice ...) NOT-FOR-US: basic cms sweetrice CVE-2009-4232 (The Kide Shoutbox (com_kide) component 0.4.6 for Joomla! does not ...) NOT-FOR-US: jonijnm com_kide CVE-2009-4233 (Cross-site scripting (XSS) vulnerability in modules/mod_yj_whois.php ...) NOT-FOR-US: youjoomla yj_whois CVE-2009-4234 (Cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: micronet network_access_controller_sp1910 CVE-2009-4235 (acpid 1.0.4 sets an unrestrictive umask, which might allow local users ...) BUG: 297381 CVE-2009-4236 (The process function in ...) NOT-FOR-US: ec cube_ver2 CVE-2009-4237 (Multiple cross-site scripting (XSS) vulnerabilities in TestLink before ...) NOT-FOR-US: teamst testlink CVE-2009-4238 (Multiple SQL injection vulnerabilities in TestLink before 1.8.5 allow ...) NOT-FOR-US: teamst testlink CVE-2009-4239 (Cross-site scripting (XSS) vulnerability in the Web console in IBM ...) NOT-FOR-US: Web console in IBM InfoSphere Information Server CVE-2009-4240 (Multiple buffer overflows in unspecified setuid executables in the ...) NOT-FOR-US: unspecified setuid executables in the DataStage subsystem in IBM InfoSphere Information Server CVE-2009-4241 (Heap-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer ...) NOT-FOR-US: realnetworks realplayer_sp CVE-2009-4242 (Heap-based buffer overflow in the CGIFCodec::GetPacketBuffer function ...) NOT-FOR-US: realnetworks realplayer_sp CVE-2009-4243 (RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through ...) NOT-FOR-US: realnetworks realplayer_sp CVE-2009-4244 (Heap-based buffer overflow in RealNetworks RealPlayer 10; RealPlayer ...) NOT-FOR-US: realnetworks realplayer_sp CVE-2009-4245 (Heap-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer ...) NOT-FOR-US: realnetworks realplayer_sp CVE-2009-4246 (Stack-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer ...) NOT-FOR-US: realnetworks realplayer_sp CVE-2009-4247 (Stack-based buffer overflow in protocol/rtsp/rtspclnt.cpp in ...) NOT-FOR-US: realnetworks realplayer_sp CVE-2009-4248 (Buffer overflow in the RTSPProtocol::HandleSetParameterRequest ...) NOT-FOR-US: realnetworks realplayer_sp CVE-2009-4249 (Multiple cross-site scripting (XSS) vulnerabilities in CutePHP ...) NOT-FOR-US: CutePHP CuteNews CVE-2009-4250 (Multiple cross-site scripting (XSS) vulnerabilities in CutePHP ...) NOT-FOR-US: CutePHP CuteNews CVE-2009-4251 (Stack-based buffer overflow in Jasc Paint Shop Pro 8.10 (aka Corel ...) NOT-FOR-US: Jasc Paint Shop Pro CVE-2009-4252 (Cross-site scripting (XSS) vulnerability in images.php in Image ...) NOT-FOR-US: Image Hosting Script DPI CVE-2009-4253 (Cross-site scripting (XSS) vulnerability in dspStats.php in ...) NOT-FOR-US: PowerPhlogger CVE-2009-4254 (PowerPhlogger 2.2.5 allows remote attackers to obtain sensitive ...) NOT-FOR-US: include CVE-2009-4255 (Cross-site scripting (XSS) vulnerability in the You!Hostit! template ...) NOT-FOR-US: You Hostit template CVE-2009-4256 (Multiple SQL injection vulnerabilities in cource.php in AlefMentor 2.0 ...) NOT-FOR-US: AlefMentor CVE-2009-4257 (Heap-based buffer overflow in datatype/smil/common/smlpkt.cpp in ...) NOT-FOR-US: realnetworks realplayer_sp CVE-2009-4258 RESERVED CVE-2009-4259 RESERVED CVE-2009-4260 RESERVED CVE-2009-4261 (Multiple directory traversal vulnerabilities in the iallocator ...) BUG: 300188 CVE-2009-4262 (Harold Bakker's NewsScript (HB-NS) 1.3 allows remote attackers to ...) NOT-FOR-US: harold_bakker hb ns CVE-2009-4263 (SQL injection vulnerability in main_forum.php in PTCPay GeN3 forum 1.3 ...) NOT-FOR-US: ptcpay gen3_forum_1 3 CVE-2009-4264 (PHP remote file inclusion vulnerability in components/core/connect.php ...) NOT-FOR-US: barnraiser aroundme CVE-2009-4265 (Stack-based buffer overflow in Ideal Administration 2009 9.7.1, and ...) NOT-FOR-US: pointdev ideal_administration_2009 CVE-2009-4266 (Cross-site scripting (XSS) vulnerability in search.php in YABSoft ...) NOT-FOR-US: yabsoft advanced_image_hosting_script CVE-2009-4267 RESERVED CVE-2009-4268 RESERVED CVE-2009-4269 (The password hash generation algorithm in the BUILTIN authentication ...) NOT-FOR-US: apache derby CVE-2009-4270 (Stack-based buffer overflow in the errprintf function in base/gsmisc.c ...) BUG: 300192 CVE-2009-4271 (The Linux kernel 2.6.9 through 2.6.17 on the x86_64 and amd64 ...) BUG: 312475 CVE-2009-4272 (A certain Red Hat patch for net/ipv4/route.c in the Linux kernel ...) NOT-FOR-US: redhat enterprise_linux CVE-2009-4273 (stap-server in SystemTap before 1.1 allows remote attackers to execute ...) NOT-FOR-US: We already have 1.1, besides: unstable. No bug for this. CVE-2009-4274 (Stack-based buffer overflow in converter/ppm/xpmtoppm.c in netpbm ...) BUG: 308025 CVE-2009-4275 RESERVED CVE-2009-4276 RESERVED CVE-2009-4277 RESERVED CVE-2009-4278 RESERVED CVE-2009-4279 RESERVED CVE-2009-4280 RESERVED CVE-2009-4281 RESERVED CVE-2009-4282 RESERVED CVE-2009-4283 RESERVED CVE-2009-4284 RESERVED CVE-2009-4285 RESERVED CVE-2009-4286 RESERVED CVE-2009-4287 RESERVED CVE-2009-4288 RESERVED CVE-2009-4289 RESERVED CVE-2009-4290 RESERVED CVE-2009-4291 RESERVED CVE-2009-4292 (Buffer overflow in the URL filtering function in Internet Initiative ...) NOT-FOR-US: iij seil x2 CVE-2009-4293 (Internet Initiative Japan SEIL/X1, SEIL/X2, and SEIL/B1 firmware 2.30 ...) NOT-FOR-US: iij seil x2 CVE-2009-4294 (Unspecified vulnerability in the Authentication Manager (aka utauthd) ...) NOT-FOR-US: Authentication Manager aka utauthd in Sun Ray Server Software CVE-2009-4295 (Sun Ray Server Software 4.0 and 4.1 does not generate a unique DSA ...) NOT-FOR-US: Sun CVE-2009-4296 (SQL injection vulnerability in the Taxonomy Timer module 5.x-1.8 and ...) NOT-FOR-US: Taxonomy Timer module CVE-2009-4297 (Multiple cross-site request forgery (CSRF) vulnerabilities in Moodle ...) NOT-FOR-US: moodle CVE-2009-4298 (The LAMS module (mod/lams) for Moodle 1.8 before 1.8.11 and 1.9 before ...) NOT-FOR-US: moodle CVE-2009-4299 (mod/glossary/showentry.php in the Glossary module for Moodle 1.8 ...) NOT-FOR-US: moodle CVE-2009-4300 (Multiple unspecified authentication plugins in Moodle 1.8 before ...) NOT-FOR-US: moodle CVE-2009-4301 (mnet/lib.php in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7, when ...) NOT-FOR-US: moodle CVE-2009-4302 (login/index_form.html in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 ...) NOT-FOR-US: moodle CVE-2009-4303 (Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 stores (1) password ...) NOT-FOR-US: moodle CVE-2009-4304 (Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 does not use a random ...) NOT-FOR-US: moodle CVE-2009-4305 (SQL injection vulnerability in the SCORM module in Moodle 1.8 before ...) NOT-FOR-US: moodle CVE-2009-4306 (Unspecified vulnerability in the EXT4_IOC_MOVE_EXT (aka move extents) ...) BUG: 300194 CVE-2009-4307 (The ext4_fill_flex_info function in fs/ext4/super.c in the Linux ...) BUG: 300195 CVE-2009-4308 (The ext4_decode_error function in fs/ext4/super.c in the ext4 ...) BUG: 300197 CVE-2009-4309 (Heap-based buffer overflow in the Intel Indeo41 codec for Windows ...) NOT-FOR-US: microsoft windows_xp CVE-2009-4310 (Stack-based buffer overflow in the Intel Indeo41 codec for Windows ...) NOT-FOR-US: microsoft windows_xp CVE-2009-4311 (Unspecified vulnerability in the Indeo codec in Microsoft Windows 2000 ...) NOT-FOR-US: microsoft windows_xp CVE-2009-4312 (Unspecified vulnerability in the Indeo codec in Microsoft Windows 2000 ...) NOT-FOR-US: microsoft windows_xp CVE-2009-4313 (ir32_32.dll 3.24.15.3 in the Indeo32 codec in Microsoft Windows 2000 ...) NOT-FOR-US: microsoft windows_xp CVE-2009-4314 (Sun Ray Server Software 4.1 on Solaris 10, when Automatic Multi-Group ...) NOT-FOR-US: sun ray_server_software CVE-2009-4315 (Directory traversal vulnerability in admin/ajaxsave.php in Nuggetz CMS ...) NOT-FOR-US: nuggetz_cms CVE-2009-4316 (Cross-site scripting (XSS) vulnerability in searchresults_main.php in ...) NOT-FOR-US: zeeways zeelyrics CVE-2009-4317 (Cross-site scripting (XSS) vulnerability in index.php in ScriptsEz Ez ...) NOT-FOR-US: scriptsez ez_cart CVE-2009-4318 (Cross-site scripting (XSS) vulnerability in index.php in Real Estate ...) NOT-FOR-US: realestatephp real_estate_manager CVE-2009-4319 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: eocms CVE-2009-4320 (Cross-site scripting (XSS) vulnerability in searchform.php in The Next ...) NOT-FOR-US: lythgoes the_next_generation_of_genealogy_sitebuilding CVE-2009-4321 (extras/curltest.php in Zen Cart 1.3.8 and 1.3.8a, and possibly other ...) NOT-FOR-US: zen cart zen_cart CVE-2009-4322 (extras/ipn_test_return.php in Zen Cart allows remote attackers to ...) NOT-FOR-US: zen cart zen_cart CVE-2009-4323 (The installation for Zen Cart stores sensitive information and ...) NOT-FOR-US: zen cart zen_cart CVE-2009-4324 (Use-after-free vulnerability in the Doc.media.newPlayer method in ...) BUG: 297385 CVE-2009-4325 (The Client Interfaces component in IBM DB2 8.2 before FP18, 9.1 before ...) NOT-FOR-US: ibm db2 CVE-2009-4326 (The RAND scalar function in the Common Code Infrastructure component ...) NOT-FOR-US: ibm db2 CVE-2009-4327 (The Common Code Infrastructure component in IBM DB2 9.5 before FP5 and ...) NOT-FOR-US: ibm db2 CVE-2009-4328 (Unspecified vulnerability in the DRDA Services component in IBM DB2 ...) NOT-FOR-US: ibm db2 CVE-2009-4329 (Unspecified vulnerability in the Engine Utilities component in IBM DB2 ...) NOT-FOR-US: ibm db2 CVE-2009-4330 (Unspecified vulnerability in db2licm in the Engine Utilities component ...) NOT-FOR-US: ibm db2 CVE-2009-4331 (The Install component in IBM DB2 9.5 before FP5 and 9.7 before FP1 ...) NOT-FOR-US: ibm db2 CVE-2009-4332 (db2pd in the Problem Determination component in IBM DB2 9.1 before FP7 ...) NOT-FOR-US: ibm db2 CVE-2009-4333 (The Relational Data Services component in IBM DB2 9.5 before FP5 ...) NOT-FOR-US: ibm db2 CVE-2009-4334 (The Self Tuning Memory Manager (STMM) component in IBM DB2 9.1 before ...) NOT-FOR-US: ibm db2 CVE-2009-4335 (Multiple unspecified vulnerabilities in bundled stored procedures in ...) NOT-FOR-US: ibm db2 CVE-2009-4336 (Cross-site scripting (XSS) vulnerability in the Diocese of Portsmouth ...) NOT-FOR-US: Diocese of Portsmouth Calendar pd_calendar extension CVE-2009-4337 (SQL injection vulnerability in the Diocese of Portsmouth Calendar ...) NOT-FOR-US: Diocese of Portsmouth Calendar pd_calendar extension CVE-2009-4338 (SQL injection vulnerability in the Flash SlideShow (slideshow) ...) NOT-FOR-US: Flash SlideShow slideshow extension CVE-2009-4339 (SQL injection vulnerability in the Subscription (mf_subscription) ...) NOT-FOR-US: Subscription mf_subscription extension CVE-2009-4340 (Cross-site scripting (XSS) vulnerability in the No indexed Search ...) NOT-FOR-US: No indexed Search no_indexed_search extension CVE-2009-4341 (SQL injection vulnerability in the No indexed Search ...) NOT-FOR-US: No indexed Search no_indexed_search extension CVE-2009-4342 (SQL injection vulnerability in the Job Exchange (jobexchange) ...) NOT-FOR-US: Job Exchange jobexchange extension CVE-2009-4343 (Cross-site scripting (XSS) vulnerability in the Training Company ...) NOT-FOR-US: Training Company Database trainincdb extension CVE-2009-4344 (Cross-site scripting (XSS) vulnerability in the ZID Linkliste ...) NOT-FOR-US: ZID Linkliste zid_linklist extension CVE-2009-4345 (Cross-site scripting (XSS) vulnerability in the vShoutbox (vshoutbox) ...) NOT-FOR-US: vShoutbox vshoutbox extension CVE-2009-4346 (Cross-site scripting (XSS) vulnerability in the Frontend news ...) NOT-FOR-US: Frontend news submitter with RTE fe_rtenews extension CVE-2009-4347 (Cross-site scripting (XSS) vulnerability in daloradius-users/login.php ...) NOT-FOR-US: daloRADIUS CVE-2009-4348 (Cross-site scripting (XSS) vulnerability in index.php in Harold ...) NOT-FOR-US: Harold Bakker s NewsScript HB NS CVE-2009-4349 (Cross-site request forgery (CSRF) vulnerability in ...) NOT-FOR-US: Link Up Gold CVE-2009-4350 (SQL injection vulnerability in index.php in Arctic Issue Tracker 2.1.1 ...) NOT-FOR-US: Arctic Issue Tracker CVE-2009-4351 (SQL injection vulnerability in ADMIN/loginaction.php in WSCreator 1.1, ...) NOT-FOR-US: WSCreator CVE-2009-4352 (Multiple cross-site scripting (XSS) vulnerabilities in TransWARE ...) NOT-FOR-US: TransWARE Active mail CVE-2009-4353 (The Mobile Edition of TransWARE Active! mail 2003 build 2003.0139.0871 ...) NOT-FOR-US: Referer CVE-2009-4354 (TransWARE Active! mail 2003 build 2003.0139.0871 and earlier does not ...) NOT-FOR-US: session CVE-2009-4355 (Memory leak in the zlib_stateful_finish function in ...) BUG: 303739 CVE-2009-4356 (Multiple integer overflows in the jpeg.w5s and png.w5s filters in ...) NOT-FOR-US: Winamp CVE-2009-4357 (CQWeb (aka the web interface) in IBM Rational ClearQuest before 7.1.1 ...) NOT-FOR-US: IBM Rational ClearQuest CVE-2009-4358 (freebsd-update in FreeBSD 8.0, 7.2, 7.1, 6.4, and 6.3 uses insecure ...) TODO: BSD CVE-2009-4359 (Cross-site scripting (XSS) vulnerability in folder.php in the ...) NOT-FOR-US: marc andre_lanciault smartmedia CVE-2009-4360 (SQL injection vulnerability in modules/content/index.php in the ...) NOT-FOR-US: handcoders content_module CVE-2009-4361 (Multiple buffer overflows in qoslist in IBM AIX 6.1 allow local users ...) NOT-FOR-US: ibm aix CVE-2009-4362 (Multiple buffer overflows in qosmod in IBM AIX 6.1 allow local users ...) NOT-FOR-US: ibm aix CVE-2009-4363 (Text_Filter/lib/Horde/Text/Filter/Xss.php in Horde Application ...) BUG: 308027 CVE-2009-4364 (Cross-site scripting (XSS) vulnerability in index.php in ScriptsEz Ez ...) NOT-FOR-US: scriptsez ez_blog CVE-2009-4365 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...) NOT-FOR-US: scriptsez ez_blog CVE-2009-4366 (Cross-site scripting (XSS) vulnerability in index.php in ScriptsEz Ez ...) NOT-FOR-US: scriptsez ez_blog CVE-2009-4367 (The Staging Webservice ("sitecore modules/staging/service/api.asmx") ...) NOT-FOR-US: sitecore staging_module CVE-2009-4368 (Multiple unspecified vulnerabilities in Centreon before 2.1.4 have ...) BUG: 303743 CVE-2009-4369 (Cross-site scripting (XSS) vulnerability in the Contact module ...) BUG: 297474 CVE-2009-4370 (Cross-site scripting (XSS) vulnerability in the Menu module ...) BUG: 297474 CVE-2009-4371 (Cross-site scripting (XSS) vulnerability in the Locale module ...) BUG: 300199 CVE-2009-4372 (AlienVault Open Source Security Information Management (OSSIM) 2.1.5, ...) NOT-FOR-US: alienvault open_suource_security_information_management CVE-2009-4373 (Unrestricted file upload vulnerability in ...) NOT-FOR-US: alienvault ossim CVE-2009-4374 (Directory traversal vulnerability in ...) NOT-FOR-US: alienvault open_suource_security_information_management CVE-2009-4375 (SQL injection vulnerability in repository/repository_attachment.php in ...) NOT-FOR-US: alienvault open_suource_security_information_management CVE-2009-4376 (Buffer overflow in the daintree_sna_read function in the Daintree SNA ...) BUG: 297388 CVE-2009-4377 (The (1) SMB and (2) SMB2 dissectors in Wireshark 0.9.0 through 1.2.4 ...) BUG: 297388 CVE-2009-4378 (The IPMI dissector in Wireshark 1.2.0 through 1.2.4, when running on ...) BUG: 297388 CVE-2009-4379 (Multiple cross-site scripting (XSS) vulnerabilities in Valarsoft ...) NOT-FOR-US: valarsoft webmatic CVE-2009-4380 (Multiple SQL injection vulnerabilities in Valarsoft Webmatic before ...) NOT-FOR-US: valarsoft webmatic CVE-2009-4381 (Cross-site scripting (XSS) vulnerability in index.php in texmedia ...) NOT-FOR-US: texmedia million_pixel_script CVE-2009-4382 (Cross-site scripting (XSS) vulnerability in module.php in PHPFABER ...) NOT-FOR-US: phpfaber_content_management_system CVE-2009-4383 (Directory traversal vulnerability in Pforum.php in Rocomotion P forum ...) NOT-FOR-US: rocomotion p_forum CVE-2009-4384 (Multiple cross-site scripting (XSS) vulnerabilities in Scriptsez.net ...) NOT-FOR-US: scriptsez ez_poll_hoster CVE-2009-4385 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...) NOT-FOR-US: scriptsez ez_poll_hoster CVE-2009-4386 (SQL injection vulnerability in hotel_tiempolibre_ext.php in Venalsur ...) NOT-FOR-US: bookingcentre booking_system_for_hotels_group CVE-2009-4387 (The cross-site scripting (XSS) protection mechanism in ...) NOT-FOR-US: manageengine password_manager_pro6 1 CVE-2009-4388 (Cross-site scripting (XSS) vulnerability in the ListMan (nl_listman) ...) NOT-FOR-US: frank_krger nl_listman CVE-2009-4389 (Unspecified vulnerability in the Watchdog (aba_watchdog) extension ...) NOT-FOR-US: robert_puntigam aba_watchdog CVE-2009-4390 (SQL injection vulnerability in the Car (car) extension 0.1.1 for TYPO3 ...) NOT-FOR-US: jochen_rieger car CVE-2009-4391 (Cross-site scripting (XSS) vulnerability in the File list (dr_blob) ...) NOT-FOR-US: daniel_regelein dr_blob CVE-2009-4392 (SQL injection vulnerability in the XDS Staff List (xds_staff) ...) NOT-FOR-US: typo3 xds_staff CVE-2009-4393 (SQL injection vulnerability in the Document Directorys ...) NOT-FOR-US: daniel_ptzinger danp_documentdirs CVE-2009-4394 (SQL injection vulnerability in the Random Prayer 2 (ste_prayer2) ...) NOT-FOR-US: fr simon_rundell ste_prayer2 CVE-2009-4395 (Cross-site scripting (XSS) vulnerability in the Random Prayer 2 ...) NOT-FOR-US: fr simon_rundell ste_prayer2 CVE-2009-4396 (SQL injection vulnerability in the Diocese of Portsmouth Resources ...) NOT-FOR-US: Diocese of Portsmouth Resources Database pd_resources extension CVE-2009-4397 (Cross-site scripting (XSS) vulnerability in the Diocese of Portsmouth ...) NOT-FOR-US: fr simon_rundell pd_resources CVE-2009-4398 (Cross-site scripting (XSS) vulnerability in the Parish of the Holy ...) NOT-FOR-US: fr simon_rundell hs_religiousartgallery CVE-2009-4399 (SQL injection vulnerability in the Parish of the Holy Spirit Religious ...) NOT-FOR-US: fr simon_rundell hs_religiousartgallery CVE-2009-4400 (Cross-site scripting (XSS) vulnerability in the Parish Administration ...) NOT-FOR-US: fr simon_rundell ste_parish_admin CVE-2009-4401 (SQL injection vulnerability in the Parish Administration Database ...) NOT-FOR-US: fr simon_rundell ste_parish_admin CVE-2009-4402 (The default configuration of SQL-Ledger 2.8.24 allows remote attackers ...) NOT-FOR-US: notified in request bug CVE-2009-4403 (Cross-site scripting (XSS) vulnerability in index.php in Rumba XML 1.8 ...) NOT-FOR-US: rumbacms rumba_xml CVE-2009-4404 (Unspecified vulnerability in t-prot (TOFU Protection) before 2.8 ...) NOT-FOR-US: jochen_striepe t prot CVE-2009-4405 (Multiple unspecified vulnerabilities in Trac before 0.11.6 have ...) BUG: 300201 CVE-2009-4406 (Cross-site scripting (XSS) vulnerability in Forms/login1 in American ...) NOT-FOR-US: apc ap7932_b2 CVE-2009-4407 (Multiple cross-site request forgery (CSRF) vulnerabilities in PyForum ...) NOT-FOR-US: pyforum CVE-2009-4408 (Multiple cross-site scripting (XSS) vulnerabilities in models.parser ...) NOT-FOR-US: pyforum CVE-2009-4409 (The (1) CHAP and (2) MS-CHAP-V2 authentication capabilities in the PPP ...) NOT-FOR-US: iij seil b1 CVE-2009-4410 (The fuse_ioctl_copy_user function in the ioctl handler in ...) BUG: 300203 CVE-2009-4411 (The (1) setfacl and (2) getfacl commands in XFS acl 2.2.47, when ...) BUG: 298067 CVE-2009-4412 (Unrestricted file upload vulnerability in Serendipity before 1.5 ...) NOT-FOR-US: s9y serendipity CVE-2009-4413 (The httpClientDiscardBody function in client.c in Polipo 0.9.8, ...) BUG: 300173 CVE-2009-4414 (SQL injection vulnerability in phpgwapi /inc/class.auth_sql.inc.php in ...) BUG: 278864 CVE-2009-4415 (Multiple directory traversal vulnerabilities in phpGroupWare ...) BUG: 278864 CVE-2009-4416 (Cross-site scripting (XSS) vulnerability in login.php in phpGroupWare ...) BUG: 278864 CVE-2009-4417 (The shutdown function in the Zend_Log_Writer_Mail class in Zend ...) BUG: 300206 CVE-2009-4418 (The unserialize function in PHP 5.3.0 and earlier allows ...) NOT-FOR-US: We do not have php-5.3 yet. CVE-2009-4419 (Intel Q35, GM45, PM45 Express, Q45, and Q43 Express chipsets in the ...) NOT-FOR-US: intel q45_chipset CVE-2009-4420 (Buffer overflow in the bd daemon in F5 Networks BIG-IP Application ...) NOT-FOR-US: f5 big ip_protocol_security_manager CVE-2009-4421 (Directory traversal vulnerability in languages_cgi.php in Simple PHP ...) NOT-FOR-US: alexander_palmo simple_php_blog CVE-2009-4422 (Multiple cross-site scripting (XSS) vulnerabilities in the ...) BUG: 303745 CVE-2009-4423 (SQL injection vulnerability in index.php in weenCompany 4.0.0 allows ...) NOT-FOR-US: weentech weencompany CVE-2009-4424 (SQL injection vulnerability in results.php in the Pyrmont plugin 2 for ...) NOT-FOR-US: imotta pyrmont_plugin CVE-2009-4425 (Cross-site scripting (XSS) vulnerability in index.php in iDevCart 1.09 ...) NOT-FOR-US: idevspot idevcart CVE-2009-4426 (Multiple directory traversal vulnerabilities in Ignition 1.2, when ...) NOT-FOR-US: launchpad ignition CVE-2009-4427 (Directory traversal vulnerability in cmd.php in phpLDAPadmin 1.1.0.5 ...) BUG: 300219 CVE-2009-4428 (SQL injection vulnerability in the JoomPortfolio (com_joomportfolio) ...) NOT-FOR-US: joomplace com_joomportfolio CVE-2009-4429 (Cross-site scripting (XSS) vulnerability in the Sections module 5.x ...) NOT-FOR-US: alexander_hass sections_module CVE-2009-4430 (SQL injection vulnerability in index.php in VirtueMart 1.0 allows ...) NOT-FOR-US: virtuemart CVE-2009-4431 (PHP remote file inclusion vulnerability in cal_popup.php in the ...) NOT-FOR-US: anything digital com_jcalpro CVE-2009-4432 (SQL injection vulnerability in index.php in CodeMight VideoCMS 3.1 ...) NOT-FOR-US: codemight videocms CVE-2009-4433 (Multiple cross-site scripting (XSS) vulnerabilities in IDevSpot ...) NOT-FOR-US: idevspot isupport CVE-2009-4434 (Directory traversal vulnerability in index.php in IDevSpot iSupport ...) NOT-FOR-US: idevspot isupport CVE-2009-4435 (Multiple directory traversal vulnerabilities in F3Site 2009 allow ...) NOT-FOR-US: f3site CVE-2009-4436 (Multiple SQL injection vulnerabilities in Active Web Softwares ...) NOT-FOR-US: activewebsoftwares ewebquiz CVE-2009-4437 (Multiple SQL injection vulnerabilities in Active Auction House 3.6 ...) NOT-FOR-US: activewebsoftwares active_auction_house CVE-2009-4438 (The Query Compiler, Rewrite, and Optimizer component in IBM DB2 9.1 ...) NOT-FOR-US: ibm db2 CVE-2009-4439 (Unspecified vulnerability in the Query Compiler, Rewrite, and ...) NOT-FOR-US: ibm db2 CVE-2009-4440 (Directory Proxy Server (DPS) in Sun Java System Directory Server ...) NOT-FOR-US: sun java_system_directory_server CVE-2009-4441 (Directory Proxy Server (DPS) in Sun Java System Directory Server ...) NOT-FOR-US: sun java_system_directory_server CVE-2009-4442 (Directory Proxy Server (DPS) in Sun Java System Directory Server ...) NOT-FOR-US: sun java_system_directory_server CVE-2009-4443 (Unspecified vulnerability in the psearch (aka persistent search) ...) NOT-FOR-US: sun java_system_directory_server CVE-2009-4444 (Microsoft Internet Information Services (IIS) 5.x and 6.x uses only ...) NOT-FOR-US: microsoft iis CVE-2009-4445 (Microsoft Internet Information Services (IIS), when used in ...) NOT-FOR-US: microsoft iis CVE-2009-4446 (Cross-site scripting (XSS) vulnerability in admin.php in ...) NOT-FOR-US: ikemcg phpinstantgallery CVE-2009-4447 (Jax Guestbook 3.5.0 allows remote attackers to bypass authentication ...) NOT-FOR-US: jax_scripts jax_guestbook CVE-2009-4448 (inc/functions_time.php in MyBB (aka MyBulletinBoard) 1.4.10, and ...) NOT-FOR-US: mybboard mybb CVE-2009-4449 (Directory traversal vulnerability in MyBB (aka MyBulletinBoard) ...) NOT-FOR-US: mybboard mybb CVE-2009-4450 (Multiple cross-site scripting (XSS) vulnerabilities in map.php in ...) NOT-FOR-US: livezilla CVE-2009-4451 (Unrestricted file upload vulnerability in upper.php in kandalf upper ...) NOT-FOR-US: php html kandalf_upper CVE-2009-4452 (Kaspersky Anti-Virus 5.0 (5.0.712); Antivirus Personal 5.0.x; ...) NOT-FOR-US: kaspersky_lab kaspersky_internet_security_2010 CVE-2009-4453 (Insecure method vulnerability in SoftCab Sound Converter ActiveX ...) NOT-FOR-US: softcab sound_converter_activex CVE-2009-4454 (vccleaner in VideoCache 1.9.2 allows local users with Squid proxy user ...) NOT-FOR-US: saini videocache CVE-2009-4455 (The default configuration of Cisco ASA 5500 Series Adaptive Security ...) NOT-FOR-US: cisco adaptive_security_appliance_5500 CVE-2009-4456 (SQL injection vulnerability in news_detail.php in Green Desktiny ...) NOT-FOR-US: greendesktiny green_desktiny CVE-2009-4457 (Multiple unspecified vulnerabilities in the Vsftpd Webmin module ...) NOT-FOR-US: provider4u vsftpd_webmin_module CVE-2009-4458 (Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.5.2 ...) NOT-FOR-US: freepbx CVE-2009-4459 (Redmine 0.8.7 and earlier uses the title tag before defining the ...) NOT-FOR-US: redmine CVE-2009-4460 (Multiple cross-site scripting (XSS) vulnerabilities in Auto-Surf ...) NOT-FOR-US: ljscripts auto surf_traffic_exchange_script CVE-2009-4461 (Multiple cross-site scripting (XSS) vulnerabilities in FlatPress 0.909 ...) NOT-FOR-US: flatpress CVE-2009-4462 (Stack-based buffer overflow in the NetBiterConfig utility ...) NOT-FOR-US: intellicom netbiterconfig CVE-2009-4463 (Intellicom NetBiter WebSCADA devices use default passwords for the ...) NOT-FOR-US: intellicom netbiter_webscada_ws200 CVE-2009-4464 (Cross-site scripting (XSS) vulnerability in searchadvance.asp in ...) NOT-FOR-US: activewebsoftwares active_business_directory CVE-2009-4465 (DeluxeBB 1.3 stores sensitive information under the web root with ...) NOT-FOR-US: deluxebb CVE-2009-4466 (DeluxeBB 1.3 allows remote attackers to obtain sensitive information ...) NOT-FOR-US: deluxebb CVE-2009-4467 (misc.php in DeluxeBB 1.3 allows remote attackers to register accounts ...) NOT-FOR-US: deluxebb CVE-2009-4468 (Cross-site scripting (XSS) vulnerability in misc.php in DeluxeBB 1.3 ...) NOT-FOR-US: deluxebb CVE-2009-4469 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: giombetti phppowercards CVE-2009-4470 (SQL injection vulnerability in boardrule.php in DVBBS 2.0 allows ...) NOT-FOR-US: dvbbs CVE-2009-4471 (Multiple PHP remote file inclusion vulnerabilities in FreeSchool 1.1.0 ...) NOT-FOR-US: freeschool CVE-2009-4472 (Multiple PHP remote file inclusion vulnerabilities in PHPope 1.0.0 and ...) NOT-FOR-US: phpope CVE-2009-4473 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: ektron cms4000 net CVE-2009-4474 (SQL injection vulnerability in the Mike de Boer zoom (com_zoom) ...) NOT-FOR-US: mikedeboer com_zoom CVE-2009-4475 (SQL injection vulnerability in the Joomlub (com_joomlub) component for ...) NOT-FOR-US: com_joomlub CVE-2009-4476 (Stack-based buffer overflow in HAURI ViRobot Desktop 5.5 before ...) NOT-FOR-US: hauri virobot_desktop CVE-2009-4477 (SQL injection vulnerability in page.html in Xstate Real Estate 1.0 ...) NOT-FOR-US: xstate real_estate CVE-2009-4478 (Multiple cross-site scripting (XSS) vulnerabilities in Xstate Real ...) NOT-FOR-US: xstate real_estate CVE-2009-4479 (LDAP3A.exe in MailSite 8.0.4 allows remote attackers to cause a denial ...) NOT-FOR-US: mailsite CVE-2009-4480 (Buffer overflow in the web service in AzeoTech DAQFactory 5.77 might ...) NOT-FOR-US: azeotech daqfactory CVE-2009-4481 REJECTED CVE-2009-4482 (Buffer overflow in MediaServer.exe in TVersity 1.6 allows remote ...) NOT-FOR-US: tversity CVE-2009-4483 (Unspecified vulnerability in LDAP3A.exe in MailSite 8.0.4 allows ...) NOT-FOR-US: mailsite CVE-2009-4484 (Multiple stack-based buffer overflows in the CertDecoder::GetName ...) BUG: 303747 CVE-2009-4485 RESERVED CVE-2009-4486 (Stack-based buffer overflow in the eDirectory plugin in Novell ...) NOT-FOR-US: eDirectory plugin in Novell iManager CVE-2009-4487 (nginx 0.7.64 writes data to a log file without sanitizing ...) BUG: 303751 CVE-2009-4488 (** DISPUTED ** Varnish 2.0.6 writes data to a log file without ...) NOT-FOR-US: notabug CVE-2009-4489 (header.c in Cherokee before 0.99.32 writes data to a log file without ...) BUG: 303753 CVE-2009-4490 (mini_httpd 1.19 writes data to a log file without sanitizing ...) BUG: 303755 CVE-2009-4491 (thttpd 2.25b0 writes data to a log file without sanitizing ...) NOT-FOR-US: old version, we already ship 2.25b-r7 CVE-2009-4492 (WEBrick 1.3.1 in Ruby 1.8.6 through patchlevel 383, 1.8.7 through ...) BUG: 300468 CVE-2009-4493 (Orion Application Server 2.0.7 writes data to a log file without ...) NOT-FOR-US: Orion CVE-2009-4494 (AOLserver 4.5.1 writes data to a log file without sanitizing ...) NOT-FOR-US: AOLserver CVE-2009-4495 (Yaws 1.85 writes data to a log file without sanitizing non-printable ...) NOT-FOR-US: Yaws CVE-2009-4496 (Boa 0.94.14rc21 writes data to a log file without sanitizing ...) NOT-FOR-US: Boa CVE-2009-4497 (Cross-site scripting (XSS) vulnerability in LXR Cross Referencer 0.9.5 ...) NOT-FOR-US: LXR Cross Referencer CVE-2009-4498 (The node_process_command function in Zabbix Server before 1.8 allows ...) BUG: 261071 CVE-2009-4499 (SQL injection vulnerability in the get_history_lastid function in the ...) BUG: 261071 CVE-2009-4500 (The process_trap function in trapper/trapper.c in Zabbix Server before ...) BUG: 261071 CVE-2009-4501 (The zbx_get_next_field function in libs/zbxcommon/str.c in Zabbix ...) BUG: 261071 CVE-2009-4502 (The NET_TCP_LISTEN function in net.c in Zabbix Agent before 1.6.7, ...) BUG: 261071 CVE-2009-4503 RESERVED CVE-2009-4504 RESERVED CVE-2009-4505 (Multiple cross-site scripting (XSS) vulnerabilities in OpenCMS OAMP ...) NOT-FOR-US: OpenCMS OAMP Comments Module CVE-2009-4506 RESERVED CVE-2009-4507 RESERVED CVE-2009-4508 RESERVED CVE-2009-4509 (The administrative web console on the TANDBERG Video Communication ...) NOT-FOR-US: vsecurity tandberg_video_communication_server CVE-2009-4510 (The SSH service on the TANDBERG Video Communication Server (VCS) ...) NOT-FOR-US: vsecurity tandberg_video_communication_server CVE-2009-4511 (Multiple directory traversal vulnerabilities in the web administration ...) NOT-FOR-US: vsecurity tandberg_video_communication_server CVE-2009-4512 (Directory traversal vulnerability in index.php in Oscailt 3.3, when ...) NOT-FOR-US: indymedia oscailt CVE-2009-4513 (Multiple cross-site scripting (XSS) vulnerabilities in the Workflow ...) NOT-FOR-US: drupal workflow CVE-2009-4514 (Cross-site scripting (XSS) vulnerability in the OpenSocial ...) NOT-FOR-US: drupal shindig integrator CVE-2009-4515 (The Storm module 6.x before 6.x-1.25 for Drupal does not enforce ...) NOT-FOR-US: drupal storm CVE-2009-4516 (Cross-site scripting (XSS) vulnerability in the FAQ Ask module 5.x and ...) NOT-FOR-US: drupal faq CVE-2009-4517 (Cross-site request forgery (CSRF) vulnerability in the FAQ Ask module ...) NOT-FOR-US: drupal faq CVE-2009-4518 (Cross-site scripting (XSS) vulnerability in the Insert Node module 5.x ...) NOT-FOR-US: mark_burton insertnode CVE-2009-4519 (Multiple unspecified vulnerabilities in Ortro before 1.3.4 have ...) NOT-FOR-US: ortro CVE-2009-4520 (The CCK Comment Reference module 5.x before 5.x-1.2 and 6.x before ...) NOT-FOR-US: kristof_de_jaeger commentreference CVE-2009-4521 (Cross-site scripting (XSS) vulnerability in birt-viewer/run in Eclipse ...) NOT-FOR-US: n CVE-2009-4522 (Cross-site scripting (XSS) vulnerability in search.5.html in ...) NOT-FOR-US: bloofoxcms CVE-2009-4523 (Cross-site scripting (XSS) vulnerability in index.php in Zainu 1.0 ...) NOT-FOR-US: zainu CVE-2009-4524 (Cross-site scripting (XSS) vulnerability in the RealName module ...) NOT-FOR-US: nancy_wichmann realname CVE-2009-4525 (Cross-site scripting (XSS) vulnerability in the Print (aka Printer, ...) NOT-FOR-US: joao_ventura print CVE-2009-4526 (The Send by e-mail sub-module in the Print (aka Printer, e-mail and ...) NOT-FOR-US: joao_ventura print CVE-2009-4527 (The Shibboleth authentication module 5.x before 5.x-3.4 and 6.x before ...) NOT-FOR-US: niif shib_auth CVE-2009-4528 (The Organic Groups (OG) Vocabulary module 6.x before 6.x-1.0 for ...) NOT-FOR-US: moshe_weitzman og_vocab CVE-2009-4529 (InterVations NaviCOPA Web Server 3.0.1.2 and earlier allows remote ...) NOT-FOR-US: intervations navicopa_web_server CVE-2009-4530 (Mongoose 2.8.0 and earlier allows remote attackers to obtain the ...) NOT-FOR-US: sergey_lyubka mongoose CVE-2009-4531 (httpdx 1.4.4 and earlier allows remote attackers to obtain the source ...) NOT-FOR-US: jasper httpdx CVE-2009-4532 (Cross-site scripting (XSS) vulnerability in the Webform module 5.x ...) NOT-FOR-US: nathan_haug webform CVE-2009-4533 (The Webform module 5.x before 5.x-2.8 and 6.x before 6.x-2.8, a module ...) NOT-FOR-US: nathan_haug webform CVE-2009-4534 (Open redirect vulnerability in the FAQ Ask module 5.x and 6.x before ...) NOT-FOR-US: nanwich faq_ask CVE-2009-4535 (Mongoose 2.8.0 and earlier allows remote attackers to obtain the ...) NOT-FOR-US: valenok mongoose CVE-2009-4536 (drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel ...) BUG: 303757 CVE-2009-4537 (drivers/net/r8169.c in the r8169 driver in the Linux kernel 2.6.32.3 ...) BUG: 303759 CVE-2009-4538 (drivers/net/e1000e/netdev.c in the e1000e driver in the Linux kernel ...) BUG: 303757 CVE-2009-4539 (Cross-site scripting (XSS) vulnerability in main.php in SQLiteManager ...) NOT-FOR-US: sqlitemanager CVE-2009-4540 (SQL injection vulnerability in page.php in Mini CMS 1.0.1 allows ...) NOT-FOR-US: bpowerhouse mini_cms CVE-2009-4541 (Multiple PHP remote file inclusion vulnerabilities in IsolSoft Support ...) NOT-FOR-US: isolsoft support_center CVE-2009-4542 (Cross-site scripting (XSS) vulnerability in newticket.php in IsolSoft ...) NOT-FOR-US: isolsoft support_center CVE-2009-4543 (PHP remote file inclusion vulnerability in index.php in Cromosoft ...) NOT-FOR-US: cromosoft facil_helpdesk CVE-2009-4544 (Cross-site scripting (XSS) vulnerability in kbase/kbase.php in ...) NOT-FOR-US: cromosoft facil_helpdesk CVE-2009-4545 (Logoshows BBS 2.0 stores sensitive information under the web root with ...) NOT-FOR-US: logoshows_bbs CVE-2009-4546 (globepersonnel_login.asp in Logoshows BBS 2.0 allows remote attackers ...) NOT-FOR-US: logoshows_bbs CVE-2009-4547 (Multiple cross-site scripting (XSS) vulnerabilities in ViArt CMS 3.x ...) NOT-FOR-US: viart_cms CVE-2009-4548 (Multiple cross-site scripting (XSS) vulnerabilities in ViArt Helpdesk ...) NOT-FOR-US: viart_helpdesk CVE-2009-4549 (Stack-based buffer overflow in A2 Media Player Pro 2.51 allows remote ...) NOT-FOR-US: cdmi a2_media_player_pro CVE-2009-4550 (SQL injection vulnerability in the Kunena Forum (com_kunena) component ...) NOT-FOR-US: kunena_forum CVE-2009-4551 (SQL injection vulnerability in the Survey Pro module for Miniweb 2.0 ...) NOT-FOR-US: intesync miniweb CVE-2009-4552 (Cross-site scripting (XSS) vulnerability in the Survey Pro module for ...) NOT-FOR-US: intesync miniweb CVE-2009-4553 (Stack-based buffer overflow in iRehearse allows remote attackers to ...) NOT-FOR-US: rjvmedia irehearse CVE-2009-4554 (Multiple cross-site scripting (XSS) vulnerabilities in Snitz Forums ...) NOT-FOR-US: forum snitz snitz_forums_2000 CVE-2009-4555 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...) NOT-FOR-US: k factor agoracart CVE-2009-4556 (Quick Heal AntiVirus Plus 2009 10.00 SP1 and Quick Heal Total Security ...) NOT-FOR-US: quickheal total_security_2009 CVE-2009-4557 (Cross-site scripting (XSS) vulnerability in the Image Assist module ...) NOT-FOR-US: unleashedmind img_assist CVE-2009-4558 (The Image Assist module 5.x-1.x before 5.x-1.8, 5.x-2.x before ...) NOT-FOR-US: unleashedmind img_assist CVE-2009-4559 (Cross-site scripting (XSS) vulnerability in the Submitted By module ...) NOT-FOR-US: nanwich submitted_by CVE-2009-4560 (SQL injection vulnerability in profile.php in WebLeague 2.2.0 allows ...) NOT-FOR-US: worms league webleague CVE-2009-4561 (Multiple SQL injection vulnerabilities in Admin/index.php in WebLeague ...) NOT-FOR-US: worms league webleague CVE-2009-4562 (Cross-site scripting (XSS) vulnerability in zp-core/admin.php in ...) NOT-FOR-US: zenphoto CVE-2009-4563 (Cross-site request forgery (CSRF) vulnerability in ...) NOT-FOR-US: zenphoto CVE-2009-4564 (SQL injection vulnerability in index.php in Zenphoto 1.2.5, when the ...) NOT-FOR-US: notified new ebuild bug CVE-2009-4565 (sendmail before 8.14.4 does not properly handle a '\0' character in a ...) BUG: 299120 CVE-2009-4566 (SQL injection vulnerability in index.php in Zenphoto 1.2.5 allows ...) NOT-FOR-US: zenphoto CVE-2009-4567 (Multiple cross-site scripting (XSS) vulnerabilities in editprofile.php ...) NOT-FOR-US: viscacha CVE-2009-4568 (Cross-site scripting (XSS) vulnerability in Webmin before 1.500 and ...) BUG: 300208 CVE-2009-4569 (SQL injection vulnerability in elkagroup Image Gallery allows remote ...) NOT-FOR-US: elkagroup image_gallery CVE-2009-4570 (Cross-site scripting (XSS) vulnerability in PhpShop 0.8.1 allows ...) NOT-FOR-US: phpshop CVE-2009-4571 (Multiple SQL injection vulnerabilities in index.php in PhpShop 0.8.1 ...) NOT-FOR-US: phpshop CVE-2009-4572 (Cross-site request forgery (CSRF) vulnerability in PhpShop 0.8.1 ...) NOT-FOR-US: phpshop CVE-2009-4573 (Multiple cross-site scripting (XSS) vulnerabilities in the Joomulus ...) NOT-FOR-US: joomlabear mod_joomulus CVE-2009-4574 (SQL injection vulnerability in country_escorts.php in I-Escorts ...) NOT-FOR-US: i escorts_directory_script CVE-2009-4575 (Cross-site scripting (XSS) vulnerability in the Q-Personel ...) NOT-FOR-US: qproje com_qpersonel CVE-2009-4576 (SQL injection vulnerability in the BeeHeard (com_beeheard) component ...) NOT-FOR-US: cmstactics com_beeheard CVE-2009-4577 (SQL injection vulnerability in the MDForum module 2.x through 2.07 for ...) NOT-FOR-US: maxdev mdforum CVE-2009-4578 (Cross-site scripting (XSS) vulnerability in the Facileforms ...) NOT-FOR-US: facileforms CVE-2009-4579 (Cross-site scripting (XSS) vulnerability in the Artist avenue ...) NOT-FOR-US: joomla com_artistavenue CVE-2009-4580 (Multiple cross-site scripting (XSS) vulnerabilities in Hasta Blog 2.3 ...) NOT-FOR-US: hastablog hasta_blog CVE-2009-4581 (Directory traversal vulnerability in modules/admincp.php in ...) NOT-FOR-US: roseonlinecms CVE-2009-4582 (SQL injection vulnerability in detail.php in the Dictionary module for ...) NOT-FOR-US: xoops_dictionary CVE-2009-4583 (SQL injection vulnerability in the DhForum (com_dhforum) component for ...) NOT-FOR-US: joomla com_dhforum CVE-2009-4584 (admin.php in dB Masters Multimedia Links Directory 3.1.3 allows remote ...) NOT-FOR-US: dbmasters db_masters_multimedia_links_directory CVE-2009-4585 (UranyumSoft Listing Service stores sensitive information under the web ...) NOT-FOR-US: aspindir uranyumsoft_listing_service CVE-2009-4586 (Multiple cross-site scripting (XSS) vulnerabilities in index.html in ...) NOT-FOR-US: Wowd client CVE-2009-4587 (Cherokee Web Server 0.5.4 allows remote attackers to cause a denial of ...) NOT-FOR-US: URI CVE-2009-4588 (Heap-based buffer overflow in the WindsPlayerIE.View.1 ActiveX control ...) NOT-FOR-US: WindsPly ocx CVE-2009-4589 (Cross-site scripting (XSS) vulnerability in the Special:Block ...) BUG: 300220 CVE-2009-4590 (Cross-site scripting (XSS) vulnerability in base_local_rules.php in ...) NOT-FOR-US: Basic Analysis and Security Engine BASE CVE-2009-4591 (SQL injection vulnerability in Basic Analysis and Security Engine ...) NOT-FOR-US: Basic Analysis and Security Engine BASE CVE-2009-4592 (Unspecified vulnerability in base_local_rules.php in Basic Analysis ...) NOT-FOR-US: Basic Analysis and Security Engine BASE CVE-2009-4593 (The bftpdutmp_log function in bftpdutmp.c in Bftpd before 2.4 does not ...) NOT-FOR-US: notified bug CVE-2009-4594 (Unspecified vulnerability in IBM Lotus iNotes (aka Domino Web Access ...) NOT-FOR-US: ibm lotus_inotes CVE-2009-4595 (SQL injection vulnerability in index.php in PHP Inventory 1.2 allows ...) NOT-FOR-US: phpwares php_inventory CVE-2009-4596 (Cross-site scripting (XSS) vulnerability in index.php in PHP Inventory ...) NOT-FOR-US: phpwares php_inventory CVE-2009-4597 (Multiple SQL injection vulnerabilities in index.php in PHP Inventory ...) NOT-FOR-US: phpwares php_inventory CVE-2009-4598 (SQL injection vulnerability in the JPhoto (com_jphoto) component 1.0 ...) NOT-FOR-US: corephp com_jphoto CVE-2009-4599 (Multiple SQL injection vulnerabilities in the JS Jobs (com_jsjobs) ...) NOT-FOR-US: joomshark com_jsjobs CVE-2009-4600 (SQL injection vulnerability in realestate20/loginaction.php in NetArt ...) NOT-FOR-US: netartmedia media_real_estate_portal CVE-2009-4601 (Cross-site scripting (XSS) vulnerability in basic_search_result.php in ...) NOT-FOR-US: zeeways zeejobsite CVE-2009-4602 (Cross-site scripting (XSS) vulnerability in the Randomizer module 5.x ...) NOT-FOR-US: drupal randomizer CVE-2009-4603 (Unspecified vulnerability in sapstartsrv.exe in the SAP Kernel 6.40, ...) NOT-FOR-US: sap_kernel CVE-2009-4604 (PHP remote file inclusion vulnerability in mamboleto.php in the ...) NOT-FOR-US: fernando_soares com_mamboleto CVE-2009-4605 (scripts/setup.php (aka the setup script) in phpMyAdmin 2.11.x before ...) BUG: 303761 CVE-2009-4606 (South River Technologies WebDrive 9.02 build 2232 installs the ...) NOT-FOR-US: south_river_technologies webdrive CVE-2009-4607 (The command line interface in Overland Storage Snap Server 410 with ...) NOT-FOR-US: overlandstorage guardianos CVE-2009-4608 (Cross-site scripting (XSS) vulnerability in Canon IT Solutions Inc. ...) NOT-FOR-US: canon its accessguardian CVE-2009-4609 (The Dump Servlet in Mort Bay Jetty 6.x and 7.0.0 allows remote ...) NOT-FOR-US: Mort Bay Jetty CVE-2009-4610 (Multiple cross-site scripting (XSS) vulnerabilities in Mort Bay Jetty ...) NOT-FOR-US: Mort Bay Jetty CVE-2009-4611 (Mort Bay Jetty 6.x and 7.0.0 writes backtrace data without sanitizing ...) NOT-FOR-US: Age CVE-2009-4612 (Multiple cross-site scripting (XSS) vulnerabilities in the WebApp JSP ...) NOT-FOR-US: WebApp JSP Snoop page in Mort Bay Jetty CVE-2009-4613 (SQL injection vulnerability in realestate20/loginaction.php in NetArt ...) NOT-FOR-US: netartmedia media_real_estate_portal CVE-2009-4614 (Multiple PHP remote file inclusion vulnerabilities in Moa Gallery ...) NOT-FOR-US: dan_brown moa_gallery CVE-2009-4615 (SQL injection vulnerability in review.php in MYRE Holiday Rental ...) NOT-FOR-US: myrephp myre_holiday_rental_manager CVE-2009-4616 (Cross-site scripting (XSS) vulnerability in search.php in MYRE Holiday ...) NOT-FOR-US: myrephp myre_holiday_rental_manager CVE-2009-4617 (Multiple SQL injection vulnerabilities in Tourism Script Accommodation ...) NOT-FOR-US: tourismscripts tourism_script_accomodation_hotel_booking_portal_script CVE-2009-4618 (Multiple SQL injection vulnerabilities in Tourism Script Bus Script ...) NOT-FOR-US: tourismscripts bus_script CVE-2009-4619 (SQL injection vulnerability in the Lucy Games (com_lucygames) ...) NOT-FOR-US: Component not part of default install. CVE-2009-4620 (SQL injection vulnerability in the Joomloc (com_joomloc) component 1.0 ...) NOT-FOR-US: Component not part of the default install. CVE-2009-4621 (SQL injection vulnerability in the JiangHu Inn plugin 1.1 and earlier ...) NOT-FOR-US: Component not part of the default install. CVE-2009-4622 (PHP remote file inclusion vulnerability in admin/admin_news_bot.php in ...) NOT-FOR-US: sourceforge drunken_golem_gaming_portal CVE-2009-4623 (Multiple PHP remote file inclusion vulnerabilities in Advanced Comment ...) NOT-FOR-US: plohni advanced_comment_system CVE-2009-4624 (SQL injection vulnerability in download.php in Nicecoder iDesk allows ...) NOT-FOR-US: nicecoder idesk CVE-2009-4625 (SQL injection vulnerability in the updateOnePage function in ...) NOT-FOR-US: tamlyncreative com_bfsurvey_profree CVE-2009-4626 (Directory traversal vulnerability in menu.php in phpNagios 1.2.0 ...) NOT-FOR-US: phpnagios CVE-2009-4627 (Directory traversal vulnerability in sources/_template_parser.php in ...) NOT-FOR-US: dan_brown moa_gallery CVE-2009-4628 (SQL injection vulnerability in the TemplatePlaza.com TPDugg ...) NOT-FOR-US: templateplaza com_tpdugg CVE-2009-4629 (Mozilla Necko, as used in Thunderbird 3.0.1, SeaMonkey, and other ...) BUG: 303763 CVE-2009-4630 (Mozilla Necko, as used in Firefox, SeaMonkey, and other applications, ...) BUG: 303763 CVE-2009-4631 (Off-by-one error in the VP3 decoder (vp3.c) in FFmpeg 0.5 allows ...) BUG: 307755 CVE-2009-4632 (oggparsevorbis.c in FFmpeg 0.5 does not properly perform certain ...) BUG: 307755 CVE-2009-4633 (vorbis_dec.c in FFmpeg 0.5 uses an assignment operator when a ...) BUG: 307755 CVE-2009-4634 (Multiple integer underflows in FFmpeg 0.5 allow remote attackers to ...) BUG: 307755 CVE-2009-4635 (FFmpeg 0.5 allows remote attackers to cause a denial of service and ...) BUG: 307755 CVE-2009-4636 (FFmpeg 0.5 allows remote attackers to cause a denial of service (hang) ...) BUG: 307755 CVE-2009-4637 (FFmpeg 0.5 allows remote attackers to cause a denial of service ...) BUG: 307755 CVE-2009-4638 (Integer overflow in FFmpeg 0.5 allows remote attackers to cause a ...) BUG: 307755 CVE-2009-4639 (The av_rescale_rnd function in the AVI demuxer in FFmpeg 0.5 allows ...) BUG: 307755 CVE-2009-4640 (Array index error in vorbis_dec.c in FFmpeg 0.5 allows remote ...) BUG: 307755 CVE-2009-4641 (gnome-screensaver 2.28.0 does not resume adherence to its activation ...) BUG: 308029 CVE-2009-4642 (gnome-screensaver 2.26.1 relies on the gnome-session D-Bus interface ...) BUG: 308029 CVE-2009-4643 (Stack-based buffer overflow in dsInstallerService.dll in the Juniper ...) NOT-FOR-US: juniper odyssey_access_client CVE-2009-4644 (Accellion Secure File Transfer Appliance before 8_0_105 allows remote ...) NOT-FOR-US: accellion file_transfer_appliance_fta CVE-2009-4645 (Directory traversal vulnerability in web_client_user_guide.html in ...) NOT-FOR-US: accellion file_transfer_appliance_fta CVE-2009-4646 (Static code injection vulnerability in the administrative web ...) NOT-FOR-US: accellion file_transfer_appliance_fta CVE-2009-4647 (Cross-site scripting (XSS) vulnerability in Accellion Secure File ...) NOT-FOR-US: accellion file_transfer_appliance_fta CVE-2009-4648 (Accellion Secure File Transfer Appliance before 8_0_105 does not ...) NOT-FOR-US: accellion file_transfer_appliance_fta CVE-2009-4649 (Multiple cross-site scripting (XSS) vulnerabilities in geccBBlite 0.1 ...) NOT-FOR-US: geccbblite CVE-2009-4650 (SQL injection vulnerability in the Webee Comments (com_webeecomment) ...) NOT-FOR-US: onnogroen com_webeecomment CVE-2009-4651 (Multiple cross-site scripting (XSS) vulnerabilities in the Webee ...) NOT-FOR-US: onnogroen com_webeecomment CVE-2009-4652 (The (1) Conn_GetCipherInfo and (2) Conn_UsesSSL functions in ...) BUG: 307437 CVE-2009-4653 (Stack-based buffer overflow in the dhost module in Novell eDirectory ...) NOT-FOR-US: novell edirectory CVE-2009-4654 (Stack-based buffer overflow in the dhost module in Novell eDirectory ...) NOT-FOR-US: novell edirectory CVE-2009-4655 (The dhost web service in Novell eDirectory 8.8.5 uses a predictable ...) NOT-FOR-US: novell edirectory CVE-2009-4656 (Stack-based buffer overflow in E-Soft DJ Studio Pro 4.2 including ...) NOT-FOR-US: E Soft DJ Studio Pro CVE-2009-4657 (The administrator package for Xerver 4.32 does not require ...) NOT-FOR-US: administrator CVE-2009-4658 (Xerver 4.32 allows remote authenticated users to cause a denial of ...) NOT-FOR-US: management CVE-2009-4659 (Unspecified vulnerability in MP3-Cutter Ease Audio Cutter 1.20 allows ...) NOT-FOR-US: MP3 Cutter CVE-2009-4660 (Stack-based buffer overflow in the AntServer Module (AntServer.exe) in ...) NOT-FOR-US: AntServer Module AntServer exe in BigAnt IM Server CVE-2009-4661 (Multiple buffer overflows in BigAnt Server 2.50 SP6 and earlier allow ...) NOT-FOR-US: BigAnt Server CVE-2009-4662 (Cross-site scripting (XSS) vulnerability in the WebAccess component in ...) NOT-FOR-US: WebAccess component in Novell GroupWise CVE-2009-4663 (Heap-based buffer overflow in the Quiksoft EasyMail Objects 6 ActiveX ...) NOT-FOR-US: Quiksoft EasyMail Objects CVE-2009-4664 (Firewall Builder 3.0.4, 3.0.5, and 3.0.6, when running on Linux, ...) NOT-FOR-US: Firewall CVE-2009-4665 (Directory traversal vulnerability in ...) NOT-FOR-US: cutesoft_components cute_editor_for_asp net CVE-2009-4666 (Multiple PHP remote file inclusion vulnerabilities in Webradev ...) NOT-FOR-US: qualityunit download_protect CVE-2009-4667 (SQL injection vulnerability in form.php in WebMember 1.0 allows remote ...) NOT-FOR-US: phpmember webmember CVE-2009-4668 (Stack-based buffer overflow in JetCast.exe 2.0.4.1109 in jetAudio ...) NOT-FOR-US: cowon_america jetaudio CVE-2009-4669 (Multiple SQL injection vulnerabilities in RoomPHPlanning 1.6 allow ...) NOT-FOR-US: beaussier roomphplanning CVE-2009-4670 (admin/delitem.php in RoomPHPlanning 1.6 does not require ...) NOT-FOR-US: beaussier roomphplanning CVE-2009-4671 (Login.php in RoomPHPlanning 1.6 allows remote attackers to bypass ...) NOT-FOR-US: beaussier roomphplanning CVE-2009-4672 (Directory traversal vulnerability in main.php in the WP-Lytebox plugin ...) NOT-FOR-US: grupenet wp lytebox_plugin CVE-2009-4673 (SQL injection vulnerability in profile.php in Mole Group Adult Portal ...) NOT-FOR-US: mole group adult_portal_script CVE-2009-4674 (admin/admin.php in Mole Group Sky Hunter Airline Ticket Sale Script ...) NOT-FOR-US: mole group sky_hunter_airline_ticket_sale_script CVE-2009-4675 (admin/admin_info/index.php in the Mole Group Gastro Portal (Restaurant ...) NOT-FOR-US: mole group gastro_portal_ restaurant_directory _script CVE-2009-4676 (Stack-based buffer overflow in JetCast.exe 2.0.4.1109 in jetAudio ...) NOT-FOR-US: JetCast exe CVE-2009-4677 (Cross-site scripting (XSS) vulnerability in search.php in phpFK PHP ...) NOT-FOR-US: frank karau phpfk_php_forum CVE-2009-4678 (Cross-site scripting (XSS) vulnerability in index.php in Winn ...) NOT-FOR-US: winn_guestbook CVE-2009-4679 (Directory traversal vulnerability in the inertialFATE iF Portfolio ...) NOT-FOR-US: inertialfate com_if_nexus CVE-2009-4680 (SQL injection vulnerability in search.php in phpDirectorySource 1.x ...) NOT-FOR-US: phpdirectorysource CVE-2009-4681 (Cross-site scripting (XSS) vulnerability in search.php in ...) NOT-FOR-US: phpdirectorysource CVE-2009-4682 (Cross-site scripting (XSS) vulnerability in vote.php in Good/Bad Vote ...) NOT-FOR-US: scriptsez good bad_vote CVE-2009-4683 (Directory traversal vulnerability in vote.php in Good/Bad Vote allows ...) NOT-FOR-US: scriptsez good bad_vote CVE-2009-4684 (Cross-site scripting (XSS) vulnerability in index.php in EZodiak ...) NOT-FOR-US: edgephp ezodiak CVE-2009-4685 (Cross-site scripting (XSS) vulnerability in celebrities.php in PHP ...) NOT-FOR-US: phpscriptsnow astrology CVE-2009-4686 (Cross-site scripting (XSS) vulnerability in account.php in phplemon ...) NOT-FOR-US: phplemon adquick CVE-2009-4687 (SQL injection vulnerability in silentum_guestbook.php in Silentum ...) NOT-FOR-US: hypersilence silentum_guestbook CVE-2009-4688 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) NOT-FOR-US: resalecode php_shopping_cart_selling_website_script CVE-2009-4689 (SQL injection vulnerability in index.php in PHP Shopping Cart Selling ...) NOT-FOR-US: resalecode php_shopping_cart_selling_website_script CVE-2009-4690 (Multiple cross-site scripting (XSS) vulnerabilities in YourFreeWorld ...) NOT-FOR-US: yourfreeworld programs_rating_script CVE-2009-4691 (SQL injection vulnerability in addlink.php in Classified Linktrader ...) NOT-FOR-US: resalecode classified_linktrader_script CVE-2009-4692 (Cross-site scripting (XSS) vulnerability in index.php in RadScripts ...) NOT-FOR-US: radscripts radlance CVE-2009-4693 (Multiple PHP remote file inclusion vulnerabilities in GraFX MiniCWB ...) NOT-FOR-US: grafxsoftware minicwb CVE-2009-4694 (Cross-site scripting (XSS) vulnerability in index.php in RadScripts ...) NOT-FOR-US: radscripts radlance CVE-2009-4695 (SQL injection vulnerability in index.php in RadScripts RadLance Gold ...) NOT-FOR-US: radscripts radlance CVE-2009-4696 (SQL injection vulnerability in index.php in RadNICS Gold 5 allows ...) NOT-FOR-US: radscripts radnics CVE-2009-4697 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) NOT-FOR-US: radscripts radnics CVE-2009-4698 (Multiple SQL injection vulnerabilities in the Qas (aka Quas) module ...) NOT-FOR-US: alexandre_amaral xoops_celepar CVE-2009-4699 (Multiple cross-site scripting (XSS) vulnerabilities in SkaDate Dating ...) NOT-FOR-US: skadate_online_dating_software CVE-2009-4700 (Directory traversal vulnerability in index.php in SkaDate Dating ...) NOT-FOR-US: skadate_online_dating_software CVE-2009-4701 (SQL injection vulnerability in the Myth download (myth_download) ...) NOT-FOR-US: liviu_mitrofan myth_download CVE-2009-4702 (SQL injection vulnerability in the Tour Extension (pm_tour) extension ...) NOT-FOR-US: markus_barchfeld pm_tour CVE-2009-4703 (SQL injection vulnerability in the Webesse Image Gallery (ws_gallery) ...) NOT-FOR-US: typo3 ws_gallery CVE-2009-4704 (Unspecified vulnerability in the Webesse E-Card (ws_ecard) extension ...) NOT-FOR-US: typo3 ws_ecard CVE-2009-4705 (Cross-site scripting (XSS) vulnerability in the Twitter Search ...) NOT-FOR-US: thomas_loeffler twittersearch CVE-2009-4706 (Cross-site scripting (XSS) vulnerability in the Mailform (mailform) ...) NOT-FOR-US: sebastian_winterhalder mailform CVE-2009-4707 (Cross-site scripting (XSS) vulnerability in the [Gobernalia] Front End ...) NOT-FOR-US: maximo_cuadros gb_fenewssubmit CVE-2009-4708 (SQL injection vulnerability in the [Gobernalia] Front End News ...) NOT-FOR-US: maximo_cuadros gb_fenewssubmit CVE-2009-4709 (SQL injection vulnerability in the datamints Newsticker ...) NOT-FOR-US: dirk_maiwert datamints_newsticker CVE-2009-4710 (SQL injection vulnerability in the Reset backend password ...) NOT-FOR-US: robert_heel cwt_resetbepassword CVE-2009-4711 (SQL injection vulnerability in the CoolURI (cooluri) extension before ...) NOT-FOR-US: jan_bednarik cooluri CVE-2009-4712 (SQL injection vulnerability in index.php in Tukanas Classifieds (aka ...) NOT-FOR-US: tukanas easyclassifieds_script CVE-2009-4713 (Multiple cross-site scripting (XSS) vulnerabilities in the Qas (aka ...) NOT-FOR-US: alexandre_amaral xoops_celepar CVE-2009-4714 (Cross-site scripting (XSS) vulnerability in the quiz module for XOOPS ...) NOT-FOR-US: alexandre_amaral xoops_celepar CVE-2009-4715 (Cross-site scripting (XSS) vulnerability in rates.php in Real Time ...) NOT-FOR-US: phpscriptsnow real_time_currency_exchange CVE-2009-4716 (Cross-site scripting (XSS) vulnerability in results.php in EDGEPHP ...) NOT-FOR-US: edgephp ezwebsearch CVE-2009-4717 (Multiple cross-site scripting (XSS) vulnerabilities in Gonafish ...) NOT-FOR-US: gonafish webstatcaffe CVE-2009-4718 (SQL injection vulnerability in visitorduration.php in Gonafish ...) NOT-FOR-US: gonafish webstatcaffe CVE-2009-4719 (SQL injection vulnerability in index.php in Discloser 0.0.4 rc2 allows ...) NOT-FOR-US: bob_jewell discloser CVE-2009-4720 (SQL injection vulnerability in cgi-bin/gnudip.cgi in GnuDIP 2.1.1 ...) NOT-FOR-US: gnudip CVE-2009-4721 (Multiple SQL injection vulnerabilities in Admin/index.asp in ...) NOT-FOR-US: andrews web aw bannerad CVE-2009-4722 (SQL injection vulnerability in the CheckLogin function in ...) NOT-FOR-US: limny CVE-2009-4723 (Directory traversal vulnerability in confirm.php in Netpet CMS 1.9 ...) NOT-FOR-US: netpet_cms CVE-2009-4724 (SQL injection vulnerability in shop.htm in PaymentProcessorScript.net ...) NOT-FOR-US: paymentprocessorscript net ppscript CVE-2009-4725 (Directory traversal vulnerability in modules/aljazeera/admin/setup.php ...) NOT-FOR-US: arabportal arab_portal CVE-2009-4726 (Directory traversal vulnerability in download.php in Quickdev 4 PHP ...) NOT-FOR-US: olivier_michaud_pierre yves quickdev4php CVE-2009-4727 (SQL injection vulnerability in x/login in JungleScripts Ajax Short Url ...) NOT-FOR-US: junglescripts ajax_short_url_script CVE-2009-4728 (SQL injection vulnerability in the administrative interface in ...) NOT-FOR-US: questions_answered CVE-2009-4729 (Multiple cross-site scripting (XSS) vulnerabilities in x10 Adult Media ...) NOT-FOR-US: x10media adult_script CVE-2009-4730 (SQL injection vulnerability in report.php in x10 Adult Media Script ...) NOT-FOR-US: x10media adult_script CVE-2009-4731 (SQL injection vulnerability in photos.php in Model Agency Manager PRO ...) NOT-FOR-US: boldfx model_agency_manager_pro CVE-2009-4732 (SQL injection vulnerability in tt/index.php in TT Web Site Manager ...) NOT-FOR-US: technotoad tt_web_site_manager CVE-2009-4733 (SQL injection vulnerability in checkuser.php in SimpleLoginSys 0.5, ...) NOT-FOR-US: supercrackmunkey simpleloginsys CVE-2009-4734 (SQL injection vulnerability in login.php in Allomani Movies Library ...) NOT-FOR-US: allomani movie_library CVE-2009-4735 (SQL injection vulnerability in login.php in Allomani Audio & Video ...) NOT-FOR-US: allomani audio_ _video_library CVE-2009-4736 (Cross-site scripting (XSS) vulnerability in search.php in CommonSense ...) NOT-FOR-US: sensesites commonsense_cms CVE-2009-4737 (Stack-based buffer overflow in JustSystems Corporation Ichitaro 13, ...) NOT-FOR-US: justsystems ichitaro_viewer CVE-2009-4738 RESERVED CVE-2009-4739 (PHP remote file inclusion vulnerability in index.php in SkaDate Dating ...) NOT-FOR-US: skadate_online_dating_software CVE-2009-4740 (Directory traversal vulnerability in the Webesse E-Card (ws_ecard) ...) NOT-FOR-US: typo3 ws_ecard CVE-2009-4741 (Unspecified vulnerability in the Extras Manager before 2.0.0.67 in ...) NOT-FOR-US: skype CVE-2009-4742 (Multiple SQL injection vulnerabilities in Docebo 3.6.0.3 allow remote ...) NOT-FOR-US: docebo CVE-2009-4743 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: afterlogic webmail_pro CVE-2009-4744 (Cross-site scripting (XSS) vulnerability in the Contact module in ...) NOT-FOR-US: oicgroup exponent_cms CVE-2009-4745 (Multiple SQL injection vulnerabilities in index.php in Dreamlevels ...) NOT-FOR-US: dreamlevels dreampoll CVE-2009-4746 (Cross-site scripting (XSS) vulnerability in index.php in Dreamlevels ...) NOT-FOR-US: dreamlevels dreampoll CVE-2009-4747 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: tecnick aiocp CVE-2009-4748 (SQL injection vulnerability in mycategoryorder.php in the My Category ...) NOT-FOR-US: andrew_charlton my_category_order CVE-2009-4749 (Multiple SQL injection vulnerabilities in PHP Live! 3.2.1 and 3.2.2 ...) NOT-FOR-US: phplivesupport php_live CVE-2009-4750 (PHP remote file inclusion vulnerability in home.php in Top Paidmailer ...) NOT-FOR-US: phppower top_paidmailer CVE-2009-4751 (SQL injection vulnerability in anzeiger/start.php in Swinger Club ...) NOT-FOR-US: phppower swinger_club_portal CVE-2009-4752 (PHP remote file inclusion vulnerability in anzeiger/start.php in ...) NOT-FOR-US: phppower swinger_club_portal CVE-2009-4753 (Multiple buffer overflows in the FTP server on the Addonics NAS ...) NOT-FOR-US: nas_adapter nasu2fw41 CVE-2009-4754 (Stack-based buffer overflow in Mercury Audio Player 1.21 allows remote ...) NOT-FOR-US: mercuryaudio audio_player CVE-2009-4755 (Multiple stack-based buffer overflows in Mercury Audio Player 1.21 ...) NOT-FOR-US: mercuryaudio audio_player CVE-2009-4756 (Stack-based buffer overflow in TraktorBeatport.exe 1.0.0.283 in ...) NOT-FOR-US: beatport_player CVE-2009-4757 (Stack-based buffer overflow in BrotherSoft EW-MusicPlayer 0.8 allows ...) NOT-FOR-US: evils world ew musicplayer CVE-2009-4758 (Stack-based buffer overflow in dicas Mpegable Player 2.12 allows ...) NOT-FOR-US: dicas mpegable_player CVE-2009-4759 (Buffer overflow in BrotherSoft BMXPlay 0.4.4b allows remote attackers ...) NOT-FOR-US: joric bmxplay CVE-2009-4760 (Winn ASP Guestbook 1.01 Beta stores sensitive information under the ...) NOT-FOR-US: winn asp_guestbook CVE-2009-4761 (Stack-based buffer overflow in Mini-stream RM Downloader allows remote ...) NOT-FOR-US: mini stream rm_downloader CVE-2009-4762 (MoinMoin 1.7.x before 1.7.3 and 1.8.x before 1.8.3 checks parent ACLs ...) BUG: 273858 CVE-2009-4763 (Unspecified vulnerability in the ClickHeat plugin, as used in ...) NOT-FOR-US: ClickHeat plugin as used in phpMyVisites CVE-2009-4764 (Adobe Reader 8.x and 9.x on Windows is able to execute EXE files that ...) NOT-FOR-US: adobe acrobat_reader CVE-2009-4765 (CNR Hikaye Portal 2.0 stores sensitive information under the web root ...) NOT-FOR-US: cnr somee hikaye_portal CVE-2009-4766 (YP Portal MS-Pro Surumu (aka MS-Pro Portal Scripti) 1.0 and 1.2 stores ...) NOT-FOR-US: yasirpro ms pro_portal_scripti CVE-2009-4767 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) NOT-FOR-US: plohni shoutbox CVE-2009-4768 (Unspecified vulnerability in the JASS script interpreter in Warcraft ...) NOT-FOR-US: blizzard warcraft_3_the_frozen_throne CVE-2009-4769 (Multiple format string vulnerabilities in the tolog function in httpdx ...) NOT-FOR-US: jasper httpdx CVE-2009-4770 (The FTP server component in httpdx 1.4, 1.4.5, 1.4.6, 1.4.6b, and 1.5 ...) NOT-FOR-US: jasper httpdx CVE-2009-4771 (The PayPal Website Payments Standard functionality in the Ubercart ...) NOT-FOR-US: ubercart CVE-2009-4772 (Unspecified vulnerability in the PayPal Website Payments Standard ...) NOT-FOR-US: ubercart CVE-2009-4773 (Cross-site request forgery (CSRF) vulnerability in the ...) NOT-FOR-US: ubercart CVE-2009-4774 (Unspecified vulnerability in Sun Solaris 10 and OpenSolaris snv_49 ...) NOT-FOR-US: sun solaris CVE-2009-4775 (Format string vulnerability in Ipswitch WS_FTP Professional 12 before ...) NOT-FOR-US: ipswitch ws_ftp CVE-2009-4776 (Buffer overflow in Hitachi Cosminexus V4 through V8, Processing Kit ...) NOT-FOR-US: hitachi ucosminexus_service_platform CVE-2009-4777 (Unspecified vulnerability in multiple versions of Hitachi ...) NOT-FOR-US: hitachi jp1_integrated_management_service_support CVE-2009-4778 (Multiple unspecified vulnerabilities in the PDF distiller in the ...) NOT-FOR-US: rim blackberry_professional_software CVE-2009-4779 (Multiple PHP remote file inclusion vulnerabilities in NukeHall 0.3 and ...) NOT-FOR-US: robert_garrigos nukehall CVE-2009-4780 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) NOT-FOR-US: phpmyfaq CVE-2009-4781 (TUKEVA Password Reminder before 1.0.0.4 uses a hard-coded password for ...) NOT-FOR-US: TUKEVA CVE-2009-4782 (Multiple cross-site scripting (XSS) vulnerabilities in Theeta CMS, ...) NOT-FOR-US: mntechsolutions theeta_cms CVE-2009-4783 (Multiple SQL injection vulnerabilities in Theeta CMS, possibly 0.01, ...) NOT-FOR-US: mntechsolutions theeta_cms CVE-2009-4784 (SQL injection vulnerability in the Joaktree (com_joaktree) component ...) NOT-FOR-US: Joaktree com_joaktree component CVE-2009-4785 (SQL injection vulnerability in the Quick News (com_quicknews) ...) NOT-FOR-US: Quick CVE-2009-4786 (Multiple cross-site scripting (XSS) vulnerabilities in Pligg before ...) NOT-FOR-US: Pligg CVE-2009-4787 (Multiple cross-site request forgery (CSRF) vulnerabilities in Pligg ...) NOT-FOR-US: Pligg CVE-2009-4788 (Multiple open redirect vulnerabilities in Pligg 1.0.2 and earlier ...) NOT-FOR-US: Pligg CVE-2009-4789 (Multiple PHP remote file inclusion vulnerabilities in the MojoBlog ...) NOT-FOR-US: MojoBlog component RC CVE-2009-4790 (Multiple directory traversal vulnerabilities in Sysax Multi Server 4.5 ...) NOT-FOR-US: Sysax Multi Server CVE-2009-4791 (Multiple SQL injection vulnerabilities in Family Connections (aka ...) NOT-FOR-US: Family Connections aka FCMS CVE-2009-4792 (SQL injection vulnerability in includes/content/member_content.php in ...) NOT-FOR-US: BandSite CMS CVE-2009-4793 (Unrestricted file upload vulnerability in ...) NOT-FOR-US: BandSite CMS CVE-2009-4794 (Multiple SQL injection vulnerabilities in Community CMS 0.5 allow ...) NOT-FOR-US: Community CMS CVE-2009-4795 (Multiple SQL injection vulnerabilities in Xlight FTP Server before ...) NOT-FOR-US: Xlight FTP Server CVE-2009-4796 (Multiple SQL injection vulnerabilities in the ExecuteQueries function ...) NOT-FOR-US: glFusion CVE-2009-4797 (SQL injection vulnerability in browse.php in JobHut 1.2 and earlier ...) NOT-FOR-US: JobHut CVE-2009-4798 (Multiple SQL injection vulnerabilities in Diskos CMS 6.x allow remote ...) NOT-FOR-US: Diskos CMS CVE-2009-4799 (Diskos CMS 6.x stores sensitive information under the web root with ...) NOT-FOR-US: Diskos CVE-2009-4800 (Directory traversal vulnerability in Sysax Multi Server 4.3 and 4.5 ...) NOT-FOR-US: Sysax Multi Server CVE-2009-4801 (EZ-Blog Beta 1 does not require authentication, which allows remote ...) NOT-FOR-US: EZ Blog CVE-2009-4802 (SQL injection vulnerability in the Flat Manager (flatmgr) extension ...) NOT-FOR-US: Flat Manager flatmgr extension CVE-2009-4803 (SQL injection vulnerability in the Accessibility Glossary ...) NOT-FOR-US: Accessibility CVE-2009-4804 (Cross-site scripting (XSS) vulnerability in the Calendar Base (cal) ...) NOT-FOR-US: Calendar Base cal extension CVE-2009-4805 (Multiple SQL injection vulnerabilities in EZ-Blog Beta 1, when ...) NOT-FOR-US: EZ Blog Beta CVE-2009-4806 (admin/save_user.asp in Digital Interchange Document Library 1.0.1 does ...) NOT-FOR-US: Digital Interchange Document Library CVE-2009-4807 (Multiple SQL injection vulnerabilities in Graugon PHP Article ...) NOT-FOR-US: Graugon PHP Article Publisher CVE-2009-4808 (admin.php in Graugon PHP Article Publisher 1.0 allows remote attackers ...) NOT-FOR-US: Graugon PHP Article Publisher CVE-2009-4809 (Directory traversal vulnerability in thumbnail.ghp in Easy File ...) NOT-FOR-US: Easy File Sharing EFS Web Server CVE-2009-4810 (The Secure Remote Password (SRP) implementation in Samhain before ...) NOT-FOR-US: Obsolete CVE-2009-4811 (VMware Authentication Daemon 1.0 in vmware-authd.exe in the VMware ...) BUG: 335866 CVE-2009-4812 (Wolfram Research webMathematica allows remote attackers to obtain ...) NOT-FOR-US: wolfram webmathematica CVE-2009-4813 (Cross-site scripting (XSS) vulnerability in myps.php in MyBB (aka ...) NOT-FOR-US: mybboard mybb CVE-2009-4814 (Cross-site scripting (XSS) vulnerability in Wolfram Research ...) NOT-FOR-US: wolfram webmathematica CVE-2009-4815 (Directory traversal vulnerability in Serv-U before 9.2.0.1 allows ...) NOT-FOR-US: serv u CVE-2009-4816 (Directory traversal vulnerability in api/download_checker.php in ...) NOT-FOR-US: andy_stedemos the_uploader CVE-2009-4817 (Unrestricted file upload vulnerability in Element-IT Ultimate Uploader ...) NOT-FOR-US: element it ultimate_uploader CVE-2009-4818 (Unrestricted file upload vulnerability in upload.php in PHPSimplicity ...) NOT-FOR-US: phpsimplicity simplicity_of_upload CVE-2009-4819 (Multiple unrestricted file upload vulnerabilities in upload.php in ...) NOT-FOR-US: stoverud phphotoalbum CVE-2009-4820 (Angelo-Emlak 1.0 stores sensitive information under the web root with ...) NOT-FOR-US: aspindir angelo emlak CVE-2009-4821 (The D-Link DIR-615 with firmware 3.10NA does not require ...) NOT-FOR-US: dlink dir 615 CVE-2009-4822 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) NOT-FOR-US: kasseler cms kasseler_cms CVE-2009-4823 (Cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: cpanel CVE-2009-4824 (Unspecified vulnerability in Kolab Webclient before 1.2.0 in Kolab ...) NOT-FOR-US: kolab_server CVE-2009-4825 (8pixel.net Blog 4 stores sensitive information under the web root with ...) NOT-FOR-US: 8pixel net simple_blog CVE-2009-4826 (Cross-site request forgery (CSRF) vulnerability in ...) NOT-FOR-US: scriptez mini_hosting_panel CVE-2009-4827 (Cross-site request forgery (CSRF) vulnerability in admin.php in Mail ...) NOT-FOR-US: scriptez mail_manager_pro CVE-2009-4828 (Cross-site request forgery (CSRF) vulnerability in ...) NOT-FOR-US: php_web_scripts ad_manager_pro CVE-2009-4829 (Cross-site scripting (XSS) vulnerability in the Automated Logout ...) NOT-FOR-US: john_vandervort autologout CVE-2009-4830 (Unspecified vulnerability in OpenX 2.8.1 and 2.8.2 allows remote ...) NOT-FOR-US: openx CVE-2009-4831 (Cerulean Studios Trillian 3.1 Basic does not check SSL certificates ...) NOT-FOR-US: trillian CVE-2009-4832 (The dlpcrypt.sys kernel driver 0.1.1.27 in DESlock+ 4.0.2 allows local ...) NOT-FOR-US: deslock CVE-2009-4833 (MySQL Connector/NET before 6.0.4, when using encryption, does not ...) BUG: 320947 CVE-2009-4834 (lib.php in Zeroboard 4.1 pl7 allows remote attackers to execute ...) NOT-FOR-US: xpressengine zeroboard CVE-2009-4835 (The (1) htk_read_header, (2) alaw_init, (3) ulaw_init, (4) pcm_init, ...) BUG: 320949 CVE-2009-4836 (Eval injection vulnerability in system/services/init.php in Movie PHP ...) NOT-FOR-US: moviephp movie_php_script CVE-2009-4837 (Multiple cross-site scripting (XSS) vulnerabilities in Basic Analysis ...) BUG: 320951 CVE-2009-4838 (SQL injection vulnerability in base_ag_common.php in Basic Analysis ...) BUG: 320951 CVE-2009-4839 (Multiple cross-site scripting (XSS) vulnerabilities in Basic Analysis ...) BUG: 320951 CVE-2009-4840 (Heap-based buffer overflow in the IAManager ActiveX control in ...) NOT-FOR-US: roxio cineplayer CVE-2009-4841 (Heap-based buffer overflow in the SonicMediaPlayer ActiveX control in ...) NOT-FOR-US: roxio cineplayer CVE-2009-4842 (Multiple cross-site scripting (XSS) vulnerabilities in ToutVirtual ...) NOT-FOR-US: toutvirtual virtualiq CVE-2009-4843 (ToutVirtual VirtualIQ Pro before 3.5 build 8691 does not require ...) NOT-FOR-US: toutvirtual virtualiq CVE-2009-4844 (ToutVirtual VirtualIQ Pro 3.2 build 7882 does not restrict access to ...) NOT-FOR-US: toutvirtual virtualiq CVE-2009-4845 (The configuration page in ToutVirtual VirtualIQ Pro 3.2 build 7882 ...) NOT-FOR-US: toutvirtual virtualiq CVE-2009-4846 (Multiple buffer overflows in Deliantra Server before 2.82 allow remote ...) NOT-FOR-US: deliantra CVE-2009-4847 (Deliantra Server before 2.82 allows remote authenticated users to ...) NOT-FOR-US: deliantra CVE-2009-4848 (Multiple cross-site scripting (XSS) vulnerabilities in ToutVirtual ...) NOT-FOR-US: toutvirtual virtualiq CVE-2009-4849 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...) NOT-FOR-US: toutvirtual virtualiq CVE-2009-4850 (The Awingsoft Awakening Winds3D Viewer plugin 3.5.0.9 allows remote ...) NOT-FOR-US: awingsoft awakening_winds3d_viewer_plugin CVE-2009-4851 (The activation resend function in the Profiles module in XOOPS before ...) NOT-FOR-US: xoops CVE-2009-4852 (Multiple cross-site scripting (XSS) vulnerabilities in SemanticScuttle ...) NOT-FOR-US: festic semanticscuttle CVE-2009-4853 (Multiple cross-site scripting (XSS) vulnerabilities in JumpBox before ...) NOT-FOR-US: jumpbox CVE-2009-4854 (addons/import.php in TalkBack 2.3.14 allows remote attackers to ...) NOT-FOR-US: scripts oldguy talkback CVE-2009-4855 (** DISPUTED ** ...) NOT-FOR-US: typo3 CVE-2009-4856 (Cross-site scripting (XSS) vulnerability in subitems.php in PHP Easy ...) NOT-FOR-US: ecomstudio php_easy_shopping_cart CVE-2009-4857 (Cross-site scripting (XSS) vulnerability in login.php in PHP Photo ...) NOT-FOR-US: ecomstudio php_photo_vote1 3f CVE-2009-4858 (Cross-site scripting (XSS) vulnerability in questiondetail.php in ...) NOT-FOR-US: turnkeyforms yahoo answers clone CVE-2009-4859 (Multiple cross-site scripting (XSS) vulnerabilities in Online Work ...) NOT-FOR-US: onlinetechtools com owos_lite CVE-2009-4860 (SQL injection vulnerability in demo.php in Typing Pal 1.0 and earlier ...) NOT-FOR-US: demarque typing_pal CVE-2009-4861 (Cross-site scripting (XSS) vulnerability in shownews.php in SupportPRO ...) NOT-FOR-US: supportpro supportdesk CVE-2009-4862 (Multiple SQL injection vulnerabilities in Alwasel 1.5 allow remote ...) NOT-FOR-US: abushhab alwasel CVE-2009-4863 (Stack-based buffer overflow in UltraPlayer Media Player 2.112 allows ...) NOT-FOR-US: ultraplayer_media_player CVE-2009-4864 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: i escorts_directory_script CVE-2009-4865 (Multiple SQL injection vulnerabilities in escorts_search.php in ...) NOT-FOR-US: i escorts_directory_script CVE-2009-4866 (Cross-site scripting (XSS) vulnerability in search.cgi in Matt's ...) NOT-FOR-US: matt_wright simple_search CVE-2009-4867 (Buffer overflow in Tuniac 090517c allows remote attackers to cause a ...) NOT-FOR-US: tony_million tuniac CVE-2009-4868 (Cross-site scripting (XSS) vulnerability in Hitron Soft Answer Me 1.0 ...) NOT-FOR-US: hitronsoft answer_me CVE-2009-4869 (Cross-site scripting (XSS) vulnerability in index.php in Nasim Guest ...) NOT-FOR-US: hitronsoft nasim_guest_book CVE-2009-4870 (Multiple SQL injection vulnerabilities in login.php in PHPCityPortal ...) NOT-FOR-US: phpcityportal CVE-2009-4871 (SQL injection vulnerability in globepersonnel_forum.asp in Logoshows ...) NOT-FOR-US: logoshows_bbs CVE-2009-4872 (Multiple SQL injection vulnerabilities in globepersonnel_login.asp in ...) NOT-FOR-US: logoshows_bbs CVE-2009-4873 (Stack-based buffer overflow in the HTTP server in Rhino Software ...) NOT-FOR-US: rhinosoft serv u CVE-2009-4874 (TalkBack 2.3.14 does not properly restrict access to the edit comment ...) NOT-FOR-US: scripts oldguy talkback CVE-2009-4875 (FCKeditor.Java 2.4 allows remote attackers to cause a denial of ...) NOT-FOR-US: frederico_caldeira_knabben fckeditor java CVE-2009-4876 (admin/cikkform.php in Netrix CMS 1.0 allows remote attackers to modify ...) NOT-FOR-US: netrix_cms CVE-2009-4877 (Multiple cross-site request forgery (CSRF) vulnerabilities in WebGUI ...) NOT-FOR-US: plainblack webgui CVE-2009-4878 (Unspecified vulnerability in the Administration Console in Novell ...) NOT-FOR-US: novell access_manager CVE-2009-4879 (The Identity Server in Novell Access Manager before 3.1 SP1 allows ...) NOT-FOR-US: novell access_manager CVE-2009-4880 (Multiple integer overflows in the strfmon implementation in the GNU C ...) BUG: 285818 CVE-2009-4881 (Integer overflow in the __vstrfmon_l function in stdlib/strfmon_l.c in ...) BUG: 285818 CVE-2009-4882 (Cross-site scripting (XSS) vulnerability in zc/publisher/html.rb in ...) NOT-FOR-US: zonecheck CVE-2009-4883 (SQL injection vulnerability in index.php in PHPRecipeBook 2.24 and ...) NOT-FOR-US: todd_rogers phprecipebook CVE-2009-4884 (Multiple SQL injection vulnerabilities in phpCommunity 2 2.1.8, when ...) NOT-FOR-US: phpcomm CVE-2009-4885 (Cross-site scripting (XSS) vulnerability in templates/1/login.php in ...) NOT-FOR-US: bernhard_frohlich phpcom CVE-2009-4886 (Multiple directory traversal vulnerabilities in phpCommunity 2 2.1.8 ...) NOT-FOR-US: bernhard_frohlich phpcom CVE-2009-4887 (PHP remote file inclusion vulnerability in index.php in CMS S.Builder ...) NOT-FOR-US: sbuilder cms_s builder CVE-2009-4888 (Cross-site scripting (XSS) vulnerability in poster.php in PHortail ...) NOT-FOR-US: n CVE-2009-4889 (SQL injection vulnerability in books.php in the Book Panel ...) NOT-FOR-US: basti2web book_panel CVE-2009-4890 (Multiple cross-site scripting (XSS) vulnerabilities in the login ...) NOT-FOR-US: vbook CVE-2009-4891 (SQL injection vulnerability in index.php in CS-Cart 2.0.0 Beta 3 ...) NOT-FOR-US: cs cart CVE-2009-4892 (SQL injection vulnerability in Content Management System WEBjump! ...) NOT-FOR-US: webjump CVE-2009-4893 (Buffer overflow in UnrealIRCd 3.2beta11 through 3.2.8, when ...) BUG: 325547 CVE-2009-4894 (Multiple cross-site scripting (XSS) vulnerabilities in profile.php in ...) NOT-FOR-US: punbb CVE-2009-4895 (Race condition in the tty_fasync function in drivers/char/tty_io.c in ...) BUG: 342249 CVE-2009-4896 (Multiple directory traversal vulnerabilities in the mlmmj-php-admin ...) BUG: 259968 CVE-2009-4897 (Buffer overflow in gs/psi/iscan.c in Ghostscript 8.64 and earlier ...) BUG: 300192 CVE-2009-4898 (Cross-site request forgery (CSRF) vulnerability in TWiki before 4.3.2 ...) BUG: 284356 CVE-2009-4899 RESERVED CVE-2009-4900 RESERVED CVE-2009-4901 (The MSGFunctionDemarshall function in winscard_svc.c in the PC/SC ...) NOT-FOR-US: muscle pcsc lite CVE-2009-4902 (Buffer overflow in the MSGFunctionDemarshall function in ...) NOT-FOR-US: pcscd CVE-2009-4903 (Cross-site scripting (XSS) vulnerability in index.php in oBlog allows ...) NOT-FOR-US: oblog CVE-2009-4904 (article.php in oBlog does not properly restrict comments, which allows ...) NOT-FOR-US: dootzky oblog CVE-2009-4905 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...) NOT-FOR-US: accscripts acc_statistics CVE-2009-4906 (Cross-site request forgery (CSRF) vulnerability in index.php in Acc ...) NOT-FOR-US: accscripts acc_php_email CVE-2009-4907 (Multiple cross-site request forgery (CSRF) vulnerabilities in oBlog ...) NOT-FOR-US: dootzky oblog CVE-2009-4908 (Multiple cross-site scripting (XSS) vulnerabilities in oBlog allow ...) NOT-FOR-US: dootzky oblog CVE-2009-4909 (admin/index.php in oBlog allows remote attackers to conduct ...) NOT-FOR-US: dootzky oblog CVE-2009-4910 (Cross-site scripting (XSS) vulnerability in the WebVPN portal on Cisco ...) NOT-FOR-US: cisco asa_5580 CVE-2009-4911 (Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) ...) NOT-FOR-US: cisco asa_5580 CVE-2009-4912 (Cisco Adaptive Security Appliances (ASA) 5580 series devices with ...) NOT-FOR-US: cisco asa_5580 CVE-2009-4913 (The IPv6 implementation on Cisco Adaptive Security Appliances (ASA) ...) NOT-FOR-US: cisco asa_5580 CVE-2009-4914 (Memory leak on Cisco Adaptive Security Appliances (ASA) 5580 series ...) NOT-FOR-US: cisco asa_5580 CVE-2009-4915 (Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) ...) NOT-FOR-US: cisco asa_5580 CVE-2009-4916 (Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) ...) NOT-FOR-US: cisco asa_5580 CVE-2009-4917 (Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) ...) NOT-FOR-US: cisco asa_5580 CVE-2009-4918 (Cisco Adaptive Security Appliances (ASA) 5580 series devices with ...) NOT-FOR-US: cisco asa_5580 CVE-2009-4919 (Buffer overflow on Cisco Adaptive Security Appliances (ASA) 5580 ...) NOT-FOR-US: cisco asa_5580 CVE-2009-4920 (Unspecified vulnerability in CTM on Cisco Adaptive Security Appliances ...) NOT-FOR-US: cisco asa_5580 CVE-2009-4921 (Cisco Adaptive Security Appliances (ASA) 5580 series devices with ...) NOT-FOR-US: cisco asa_5580 CVE-2009-4922 (Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) ...) NOT-FOR-US: cisco asa_5580 CVE-2009-4923 (Unspecified vulnerability in the DTLS implementation on Cisco Adaptive ...) NOT-FOR-US: cisco asa_5580 CVE-2009-4924 (Dan Pascu python-cjson 1.0.5 does not properly handle a ['/'] argument ...) NOT-FOR-US: cjson CVE-2009-4925 (Multiple SQL injection vulnerabilities in Portale e-commerce Creasito ...) NOT-FOR-US: creasito_e commerce_content_manager CVE-2009-4926 (Multiple cross-site scripting (XSS) vulnerabilities in Online Contact ...) NOT-FOR-US: esoftpro online_contact_manager CVE-2009-4927 (WB News 2.1.2 allows remote attackers to bypass authentication and ...) NOT-FOR-US: webmobo wbnews CVE-2009-4928 (PHP remote file inclusion vulnerability in config.php in TotalCalendar ...) NOT-FOR-US: sweetphp totalcalendar CVE-2009-4929 (admin/manage_users.php in TotalCalendar 2.4 does not require ...) NOT-FOR-US: sweetphp totalcalender CVE-2009-4930 (Cross-site scripting (XSS) vulnerability in the ...) NOT-FOR-US: sungard banner_student CVE-2009-4931 (Stack-based buffer overflow in Groovy Media Player 1.1.0 allows remote ...) NOT-FOR-US: bestwebsharing groovy_media_player CVE-2009-4932 (Stack-based buffer overflow in 1by1 1.67 (aka 1.6.7.0) allows remote ...) NOT-FOR-US: mpesch3 de1 1by1 CVE-2009-4933 (Multiple SQL injection vulnerabilities in login.php in EZ Webitor ...) NOT-FOR-US: groovy CVE-2009-4934 (Cross-site scripting (XSS) vulnerability in index.php in Online Photo ...) NOT-FOR-US: esoftpro online_photo_pro CVE-2009-4935 (SQL injection vulnerability in ogp_show.php in Online Guestbook Pro ...) NOT-FOR-US: esoftpro online_guestbook_pro CVE-2009-4936 (Multiple SQL injection vulnerabilities in Small Pirate (SPirate) 2.1 ...) NOT-FOR-US: spirate small_pirate CVE-2009-4937 (Cross-site scripting (XSS) vulnerability in Small Pirate (SPirate) 2.1 ...) NOT-FOR-US: spirate small_pirate CVE-2009-4938 (SQL injection vulnerability in the JVideo! (com_jvideo) component ...) NOT-FOR-US: warphd com_jvideo CVE-2009-4939 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) NOT-FOR-US: impactsoftcompany adpeeps CVE-2009-4940 (SQL injection vulnerability in index.php in Zeus Cart 2.3 and earlier ...) NOT-FOR-US: zeus CVE-2009-4941 (Cross-site scripting (XSS) vulnerability in sign_in.php in ATRC ...) NOT-FOR-US: atutor acollab CVE-2009-4942 (Cross-site request forgery (CSRF) vulnerability in ACollab 1.2 allows ...) NOT-FOR-US: atutor acollab CVE-2009-4943 (index.php in AdPeeps 8.5d1 allows remote attackers to obtain sensitive ...) NOT-FOR-US: impactsoftcompany adpeeps CVE-2009-4944 (Multiple cross-site scripting (XSS) vulnerabilities in ATRC ACollab ...) NOT-FOR-US: atutor acollab CVE-2009-4945 (AdPeeps 8.5d1 has a default password of admin for the admin account, ...) NOT-FOR-US: atutor acollab CVE-2009-4946 (Directory traversal vulnerability in the Messaging (com_messaging) ...) NOT-FOR-US: thetricky com_messaging CVE-2009-4947 (SQL injection vulnerability in frmLoginPwdReminderPopup.aspx in Q2 ...) NOT-FOR-US: q2solutions connx CVE-2009-4948 (Cross-site scripting (XSS) vulnerability in the Store Locator ...) NOT-FOR-US: joachim_ruhs locator CVE-2009-4949 (SQL injection vulnerability in the Store Locator extension before ...) NOT-FOR-US: joachim_ruhs locator CVE-2009-4950 (SQL injection vulnerability in the A21glossary Advanced Output ...) NOT-FOR-US: tim_lochmueller_ _thomas_buss a21glossary_advanced_output CVE-2009-4951 (Unspecified vulnerability in the ClickStream Analyzer [output] ...) NOT-FOR-US: hans_olthoff alternet_csa_out CVE-2009-4952 (Directory traversal vulnerability in the Directory Listing ...) NOT-FOR-US: serge_gebhardt dir_listing CVE-2009-4953 (Cross-site scripting (XSS) vulnerability in the Userdata Create/Edit ...) NOT-FOR-US: stefan_geith sg_userdata CVE-2009-4954 (SQL injection vulnerability in the Versatile Calendar Extension [VCE] ...) NOT-FOR-US: websedit sk_calendar CVE-2009-4955 (SQL injection vulnerability in the ultraCards (th_ultracards) ...) NOT-FOR-US: thomas_hempel th_ultracards CVE-2009-4956 (Cross-site scripting (XSS) vulnerability in the Visitor Tracking ...) NOT-FOR-US: wapplersystems ws_stats CVE-2009-4957 (Directory traversal vulnerability in loadpanel.php in Interspire ...) NOT-FOR-US: interspire activekb CVE-2009-4958 (SQL injection vulnerability in video.php in EMO Breeder Manager (aka ...) NOT-FOR-US: emophp emo_breeder_manager CVE-2009-4959 (SQL injection vulnerability in the T3M E-Mail Marketing Tool (t3m) ...) NOT-FOR-US: stefan_koch t3m CVE-2009-4960 (Directory traversal vulnerability in modules/backup/download.php in ...) NOT-FOR-US: lanai core CVE-2009-4961 (Lanai Core 0.6 allows remote attackers to obtain configuration ...) NOT-FOR-US: lanai core CVE-2009-4962 (Stack-based buffer overflow in Fat Player 0.6b allows remote attackers ...) NOT-FOR-US: adammo fat_player CVE-2009-4963 (Cross-site scripting (XSS) vulnerability in the Commerce extension ...) NOT-FOR-US: typo3 commerce_extension CVE-2009-4964 (Stack-based buffer overflow in KSP 2006 FINAL allows remote attackers ...) NOT-FOR-US: ksplayer ksp_sound_player CVE-2009-4965 (SQL injection vulnerability in the AIRware Lexicon (air_lexicon) ...) NOT-FOR-US: thomas_waggershauser air_lexicon CVE-2009-4966 (SQL injection vulnerability in the AST ZipCodeSearch ...) NOT-FOR-US: elemente ast_addresszipsearch CVE-2009-4967 (SQL injection vulnerability in the Car (car) extension before 0.1.1 ...) NOT-FOR-US: jochen_rieger car CVE-2009-4968 (SQL injection vulnerability in the Event Registration (event_registr) ...) NOT-FOR-US: christian_ehmann event_registr CVE-2009-4969 (SQL injection vulnerability in the Solidbase Bannermanagement ...) NOT-FOR-US: typo3 sbanner CVE-2009-4970 (SQL injection vulnerability in the t3m_affiliate extension 0.5.0 for ...) NOT-FOR-US: typo3 macher t3m_affiliate CVE-2009-4971 (SQL injection vulnerability in the AJAX Chat (vjchat) extension before ...) NOT-FOR-US: vincent_tietz vjchat CVE-2009-4972 (Cross-site scripting (XSS) vulnerability in index.php (aka the log in ...) NOT-FOR-US: kelvin_mo simpleid CVE-2009-4973 (SQL injection vulnerability in rss.php in TotalCalendar 2.4 allows ...) NOT-FOR-US: sweetphp totalcalendar CVE-2009-4974 (Directory traversal vulnerability in box_display.php in TotalCalendar ...) NOT-FOR-US: sweetphp totalcalendar CVE-2009-4975 (Cross-site scripting (XSS) vulnerability in webview.cpp in ...) TODO: check CVE-2009-4976 (Cross-site scripting (XSS) vulnerability in webkitpart.cpp in ...) BUG: 335869 CVE-2009-4977 (PHP remote file inclusion vulnerability in index.php in MyBackup 1.4.0 ...) NOT-FOR-US: tufat mybackup CVE-2009-4978 (Directory traversal vulnerability in down.php in MyBackup 1.4.0 allows ...) NOT-FOR-US: tufat mybackup CVE-2009-4979 (Multiple SQL injection vulnerabilities in search.php in Photokorn ...) NOT-FOR-US: keil software photokorn_gallery CVE-2009-4980 (Multiple cross-site scripting (XSS) vulnerabilities in Photokorn ...) NOT-FOR-US: keil software photokorn_gallery CVE-2009-4981 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...) NOT-FOR-US: keil software photokorn_gallery CVE-2009-4982 (SQL injection vulnerability in the select function in Irokez CMS ...) NOT-FOR-US: irokez_cms CVE-2009-4983 (Multiple cross-site scripting (XSS) vulnerabilities in Silurus ...) NOT-FOR-US: snowhall silurus_system CVE-2009-4984 (Multiple cross-site scripting (XSS) vulnerabilities in Accessories Me ...) NOT-FOR-US: websitesrus accessories_me_php_affiliate_script CVE-2009-4985 (SQL injection vulnerability in browse.php in Accessories Me PHP ...) NOT-FOR-US: websitesrus accessories_me_php_affiliate_script CVE-2009-4986 (Directory traversal vulnerability in index.php in In-Portal 4.3.1, ...) NOT-FOR-US: in portal CVE-2009-4987 (admin/header.php in Scripteen Free Image Hosting Script 2.3 allows ...) NOT-FOR-US: scripteen free_image_hosting_script CVE-2009-4988 (Stack-based buffer overflow in NT_Naming_Service.exe in SAP Business ...) NOT-FOR-US: sap business_one_2005 a CVE-2009-4989 (Cross-site scripting (XSS) vulnerability in index.php in AJ Auction ...) NOT-FOR-US: ajsquare aj_auction_pro oopd CVE-2009-4990 (Cross-site scripting (XSS) vulnerability in the Webform report module ...) NOT-FOR-US: jrbcs webform_report CVE-2009-4991 (Cross-site scripting (XSS) vulnerability in users/resume_register.php ...) NOT-FOR-US: omnistaretools omnistar_recruiting CVE-2009-4992 (SQL injection vulnerability in paidbanner.php in LM Starmail Paidmail ...) NOT-FOR-US: script shop24 lm_starmail_paidmail CVE-2009-4993 (PHP remote file inclusion vulnerability in home.php in LM Starmail ...) NOT-FOR-US: script shop24 lm_starmail_paidmail CVE-2009-4994 (Cross-site scripting (XSS) vulnerability in frmKBSearch.aspx in ...) NOT-FOR-US: smartertools smartertrack CVE-2009-4995 (Cross-site scripting (XSS) vulnerability in frmTickets.aspx in ...) NOT-FOR-US: smartertools smartertrack CVE-2009-4996 (** DISPUTED ** ...) NOT-FOR-US: Issue disputed. CVE-2009-4997 (gnome-power-manager 2.27.92 does not properly implement the ...) TODO: check CVE-2009-4998 (The Workplace (aka WP) component in IBM FileNet P8 Application Engine ...) NOT-FOR-US: ibm filenet_p8_application_engine CVE-2009-4999 (Cross-site scripting (XSS) vulnerability in the Workplace (aka WP) ...) NOT-FOR-US: ibm filenet_p8_application_engine CVE-2009-5000 (Multiple cross-site scripting (XSS) vulnerabilities in the Workplace ...) NOT-FOR-US: ibm filenet_p8_application_engine CVE-2009-5001 (The Workplace (aka WP) component in IBM FileNet P8 Application Engine ...) NOT-FOR-US: ibm filenet_p8_application_engine CVE-2009-5002 (The Workplace (aka WP) component in IBM FileNet P8 Application Engine ...) NOT-FOR-US: ibm filenet_p8_application_engine CVE-2009-5003 (SQL injection vulnerability in click.php in e-soft24 Banner Exchange ...) NOT-FOR-US: e soft24 banner_exchange_script CVE-2009-5004 RESERVED CVE-2009-5005 (The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache ...) NOT-FOR-US: redhat enterprise_mrg CVE-2009-5006 (The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in ...) NOT-FOR-US: redhat enterprise_mrg CVE-2009-5007 (The Cisco trial client on Linux for Cisco AnyConnect SSL VPN allows ...) NOT-FOR-US: cisco anyconnect_ssl_vpn CVE-2009-5008 (Cisco Secure Desktop (CSD), when used in conjunction with an ...) NOT-FOR-US: cisco secure_desktop CVE-2009-5009 (Double free vulnerability in OpenConnect before 1.40 might allow ...) NOT-FOR-US: infradead openconnect CVE-2009-5010 (Race condition in the FTPHandler class in ftpserver.py in pyftpdlib ...) NOT-FOR-US: g rodola pyftpdlib CVE-2009-5011 (Race condition in the FTPHandler class in ftpserver.py in pyftpdlib ...) NOT-FOR-US: g rodola pyftpdlib CVE-2009-5012 (ftpserver.py in pyftpdlib before 0.5.2 does not require the l ...) NOT-FOR-US: g rodola pyftpdlib CVE-2009-5013 (Memory leak in the on_dtp_close function in ftpserver.py in pyftpdlib ...) NOT-FOR-US: g rodola pyftpdlib CVE-2009-5014 (The default quickstart configuration of TurboGears2 (aka tg2) before ...) TODO: check CVE-2009-5015 (The URL dispatch mechanism in TurboGears2 (aka tg2) before 2.0.2 ...) TODO: check CVE-2010-0001 (Integer underflow in the unlzw function in unlzw.c in gzip before 1.4 ...) BUG: 300943 CVE-2010-0002 (The /etc/profile.d/60alias.sh script in the Mandriva bash package for ...) NOT-FOR-US: bash CVE-2010-0003 (The print_fatal_signal function in kernel/signal.c in the Linux kernel ...) BUG: 300949 CVE-2010-0004 (ViewVC before 1.1.3 composes the root listing view without using the ...) BUG: 298127 CVE-2010-0005 (query.py in the query interface in ViewVC before 1.1.3 does not reject ...) BUG: 298127 CVE-2010-0006 (The ipv6_hop_jumbo function in net/ipv6/exthdrs.c in the Linux kernel ...) BUG: 300951 CVE-2010-0007 (net/bridge/netfilter/ebtables.c in the ebtables module in the ...) BUG: 300955 CVE-2010-0008 (The sctp_rcv_ootb function in the SCTP implementation in the Linux ...) BUG: 312477 CVE-2010-0009 (Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain ...) BUG: 312439 CVE-2010-0010 (Integer overflow in the ap_proxy_send_fb function in ...) NOT-FOR-US: Obsolete CVE-2010-0011 (The eval_js function in uzbl-core.c in Uzbl before 2010.01.05 exposes ...) BUG: 299887 CVE-2010-0012 (Directory traversal vulnerability in libtransmission/metainfo.c in ...) BUG: 301773 CVE-2010-0013 (Directory traversal vulnerability in slp.c in the MSN protocol plugin ...) BUG: 299751 CVE-2010-0014 (System Security Services Daemon (SSSD) before 1.0.1, when the krb5 ...) NOT-FOR-US: fedoraproject sssd CVE-2010-0015 (nis/nss_nis/nis-pwd.c in the GNU C Library (aka glibc or libc6) 2.7 ...) BUG: 301761 CVE-2010-0016 (The SMB client implementation in Microsoft Windows 2000 SP4, XP SP2 ...) NOT-FOR-US: microsoft windows_xp CVE-2010-0017 (Race condition in the SMB client implementation in Microsoft Windows ...) NOT-FOR-US: microsoft windows_vista CVE-2010-0018 (Integer overflow in the Embedded OpenType (EOT) Font Engine ...) NOT-FOR-US: microsoft windows_xp CVE-2010-0019 (Microsoft Silverlight 3 before 3.0.50611.0 on Windows, and before ...) NOT-FOR-US: microsoft silverlight CVE-2010-0020 (The SMB implementation in the Server service in Microsoft Windows 2000 ...) NOT-FOR-US: microsoft windows_xp CVE-2010-0021 (Multiple race conditions in the SMB implementation in the Server ...) NOT-FOR-US: microsoft windows_xp CVE-2010-0022 (The SMB implementation in the Server service in Microsoft Windows 2000 ...) NOT-FOR-US: microsoft windows_xp CVE-2010-0023 (The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows 2000 ...) NOT-FOR-US: microsoft windows_xp CVE-2010-0024 (The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, ...) NOT-FOR-US: microsoft windows_xp CVE-2010-0025 (The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, ...) NOT-FOR-US: microsoft windows_xp CVE-2010-0026 (The Hyper-V server implementation in Microsoft Windows Server 2008 ...) NOT-FOR-US: microsoft windows_server_2008 CVE-2010-0027 (The URL validation functionality in Microsoft Internet Explorer 5.01, ...) NOT-FOR-US: microsoft ie CVE-2010-0028 (Integer overflow in Microsoft Paint in Windows 2000 SP4, XP SP2 and ...) NOT-FOR-US: microsoft windows_xp CVE-2010-0029 (Buffer overflow in Microsoft Office PowerPoint 2002 SP3 allows remote ...) NOT-FOR-US: microsoft powerpoint CVE-2010-0030 (Heap-based buffer overflow in Microsoft Office PowerPoint 2002 SP3 and ...) NOT-FOR-US: microsoft powerpoint CVE-2010-0031 (Array index error in Microsoft Office PowerPoint 2002 SP3 and 2003 ...) NOT-FOR-US: microsoft powerpoint CVE-2010-0032 (Use-after-free vulnerability in Microsoft Office PowerPoint 2002 SP3 ...) NOT-FOR-US: microsoft powerpoint CVE-2010-0033 (Stack-based buffer overflow in Microsoft Office PowerPoint 2003 SP3 ...) NOT-FOR-US: microsoft powerpoint CVE-2010-0034 (Stack-based buffer overflow in Microsoft Office PowerPoint 2003 SP3 ...) NOT-FOR-US: microsoft powerpoint CVE-2010-0035 (The Key Distribution Center (KDC) in Kerberos in Microsoft Windows ...) NOT-FOR-US: microsoft windows_server_2008 CVE-2010-0036 (Buffer overflow in CoreAudio in Apple Mac OS X 10.5.8 and 10.6.2 ...) NOT-FOR-US: apple mac_os_x_server CVE-2010-0037 (Buffer overflow in Image RAW in Apple Mac OS X 10.5.8 and 10.6.2 ...) NOT-FOR-US: apple mac_os_x_server CVE-2010-0038 (Recovery Mode in Apple iPhone OS 1.0 through 3.1.2, and iPhone OS for ...) NOT-FOR-US: apple iphone_os CVE-2010-0039 RESERVED CVE-2010-0040 (Integer overflow in ColorSync in Apple Safari before 4.0.5 on Windows, ...) NOT-FOR-US: apple safari CVE-2010-0041 (ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows ...) NOT-FOR-US: apple safari CVE-2010-0042 (ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows ...) NOT-FOR-US: apple safari CVE-2010-0043 (ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows ...) NOT-FOR-US: apple safari CVE-2010-0044 (PubSub in Apple Safari before 4.0.5 does not properly implement use of ...) NOT-FOR-US: no pubsub in webkit CVE-2010-0045 (Apple Safari before 4.0.5 on Windows does not properly validate ...) NOT-FOR-US: Windows CVE-2010-0046 (The Cascading Style Sheets (CSS) implementation in WebKit in Apple ...) TODO: check CVE-2010-0047 (Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 ...) TODO: check CVE-2010-0048 (Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 ...) TODO: check CVE-2010-0049 (Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 ...) TODO: check CVE-2010-0050 (Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 ...) TODO: check CVE-2010-0051 (WebKit in Apple Safari before 4.0.5 does not properly validate the ...) TODO: check CVE-2010-0052 (Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 ...) TODO: check CVE-2010-0053 (Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 ...) TODO: check CVE-2010-0054 (Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 ...) TODO: check CVE-2010-0055 (xar in Apple Mac OS X 10.5.8 does not properly validate package ...) NOT-FOR-US: apple mac_os_x_server CVE-2010-0056 (Buffer overflow in Cocoa spell checking in AppKit in Apple Mac OS X ...) NOT-FOR-US: apple mac_os_x_server CVE-2010-0057 (AFP Server in Apple Mac OS X before 10.6.3 does not prevent guest use ...) NOT-FOR-US: apple mac_os_x_server CVE-2010-0058 (freshclam in ClamAV in Apple Mac OS X 10.5.8 with Security Update ...) NOT-FOR-US: apple mac_os_x_server CVE-2010-0059 (CoreAudio in Apple Mac OS X before 10.6.3 allows remote attackers to ...) NOT-FOR-US: apple mac_os_x_server CVE-2010-0060 (CoreAudio in Apple Mac OS X before 10.6.3 allows remote attackers to ...) NOT-FOR-US: apple mac_os_x_server CVE-2010-0061 RESERVED CVE-2010-0062 (Heap-based buffer overflow in quicktime.qts in CoreMedia and QuickTime ...) NOT-FOR-US: apple mac_os_x_server CVE-2010-0063 (Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X ...) NOT-FOR-US: apple mac_os_x_server CVE-2010-0064 (DesktopServices in Apple Mac OS X 10.6 before 10.6.3 preserves file ...) NOT-FOR-US: apple mac_os_x_server CVE-2010-0065 (Disk Images in Apple Mac OS X before 10.6.3 allows user-assisted ...) NOT-FOR-US: apple mac_os_x_server CVE-2010-0066 (Unspecified vulnerability in the Access Manager Identity Server ...) NOT-FOR-US: oracle application_server CVE-2010-0067 (Unspecified vulnerability in the Oracle Containers for J2EE component ...) NOT-FOR-US: oracle application_server CVE-2010-0068 (Unspecified vulnerability in the WebLogic Server component in BEA ...) NOT-FOR-US: oracle bea_product_suite CVE-2010-0069 (Unspecified vulnerability in the WebLogic Server component in BEA ...) NOT-FOR-US: oracle bea_product_suite CVE-2010-0070 (Unspecified vulnerability in the Oracle Containers for J2EE component ...) NOT-FOR-US: oracle application_server CVE-2010-0071 (Unspecified vulnerability in the Listener component in Oracle Database ...) NOT-FOR-US: oracle database_server CVE-2010-0072 (Unspecified vulnerability in the Oracle Secure Backup component in ...) NOT-FOR-US: oracle secure_backup CVE-2010-0073 (Unspecified vulnerability in the WebLogic Server in Oracle WebLogic ...) NOT-FOR-US: oracle weblogic_server_component CVE-2010-0074 (Unspecified vulnerability in the WebLogic Server component in BEA ...) NOT-FOR-US: oracle bea_product_suite CVE-2010-0075 (Unspecified vulnerability in the Oracle HRMS (Self Service) component ...) NOT-FOR-US: oracle e business_suite CVE-2010-0076 (Unspecified vulnerability in the Application Express Application ...) NOT-FOR-US: oracle database CVE-2010-0077 (Unspecified vulnerability in the CRM Technical Foundation (mobile) ...) NOT-FOR-US: oracle e business_suite CVE-2010-0078 (Unspecified vulnerability in the WebLogic Server component in BEA ...) NOT-FOR-US: oracle bea_product_suite CVE-2010-0079 (Multiple vulnerabilities in the JRockit component in BEA Product Suite ...) NOT-FOR-US: oracle bea_product_suite CVE-2010-0080 (Unspecified vulnerability in the PeopleSoft Enterprise HCM - eProfile ...) NOT-FOR-US: oracle peoplesoft_enterprise CVE-2010-0081 (Unspecified vulnerability in the Application Server Control component ...) NOT-FOR-US: fusion CVE-2010-0082 (Unspecified vulnerability in the HotSpot Server component in Oracle ...) BUG: 306579 CVE-2010-0083 (Unspecified vulnerability in Oracle OpenSolaris 8, 9, and 10 allows ...) NOT-FOR-US: oracle opensolaris CVE-2010-0084 (Unspecified vulnerability in the Java Runtime Environment component in ...) BUG: 306579 CVE-2010-0085 (Unspecified vulnerability in the Java Runtime Environment component in ...) BUG: 306579 CVE-2010-0086 (Unspecified vulnerability in the Portal component in Oracle Fusion ...) NOT-FOR-US: oracle fusion_middleware CVE-2010-0087 (Unspecified vulnerability in the Java Web Start, Java Plug-in ...) BUG: 306579 CVE-2010-0088 (Unspecified vulnerability in the Java Runtime Environment component in ...) BUG: 306579 CVE-2010-0089 (Unspecified vulnerability in the Java Web Start, Java Plug-in ...) BUG: 306579 CVE-2010-0090 (Unspecified vulnerability in the Java Web Start, Java Plug-in ...) BUG: 306579 CVE-2010-0091 (Unspecified vulnerability in the Java Runtime Environment component in ...) BUG: 306579 CVE-2010-0092 (Unspecified vulnerability in the Java Runtime Environment component in ...) BUG: 306579 CVE-2010-0093 (Unspecified vulnerability in the Java Runtime Environment component in ...) BUG: 306579 CVE-2010-0094 (Unspecified vulnerability in the Java Runtime Environment component in ...) BUG: 306579 CVE-2010-0095 (Unspecified vulnerability in the Java Runtime Environment component in ...) BUG: 306579 CVE-2010-0096 RESERVED CVE-2010-0097 (ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before ...) BUG: 301548 CVE-2010-0098 (ClamAV before 0.96 does not properly handle the (1) CAB and (2) 7z ...) BUG: 314087 CVE-2010-0099 REJECTED CVE-2010-0100 RESERVED CVE-2010-0101 (The embedded HTTP server in multiple Lexmark laser and inkjet printers ...) NOT-FOR-US: lexmark x94x CVE-2010-0102 RESERVED CVE-2010-0103 (UsbCharger.dll in the Energizer DUO USB battery charger software ...) NOT-FOR-US: energizer duo_usb CVE-2010-0104 (Unspecified vulnerability in the Broadcom Integrated NIC Management ...) NOT-FOR-US: broadcom CVE-2010-0105 (The hfs implementation in Apple Mac OS X 10.6.2 and 10.6.3 supports ...) NOT-FOR-US: apple mac_os_x CVE-2010-0106 (The on-demand scanning in Symantec AntiVirus 10.0.x and 10.1.x before ...) NOT-FOR-US: symantec endpoint_protection CVE-2010-0107 (Buffer overflow in an ActiveX control (SYMLTCOM.dll) in Symantec N360 ...) NOT-FOR-US: symantec norton_internet_security CVE-2010-0108 (Buffer overflow in the cliproxy.objects.1 ActiveX control in the ...) NOT-FOR-US: symantec endpoint_protection CVE-2010-0109 RESERVED CVE-2010-0110 RESERVED CVE-2010-0111 RESERVED CVE-2010-0112 (Multiple SQL injection vulnerabilities in the Administrative Interface ...) TODO: check CVE-2010-0113 RESERVED CVE-2010-0114 RESERVED CVE-2010-0115 RESERVED CVE-2010-0116 (Integer overflow in RealNetworks RealPlayer 11.0 through 11.1 and ...) NOT-FOR-US: realnetworks realplayer_sp CVE-2010-0117 (RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 ...) NOT-FOR-US: realnetworks realplayer_sp CVE-2010-0118 (Bournal before 1.4.1 allows local users to overwrite arbitrary files ...) NOT-FOR-US: becauseinter bournal CVE-2010-0119 (Bournal before 1.4.1 on FreeBSD 8.0, when the -K option is used, ...) NOT-FOR-US: becauseinter bournal CVE-2010-0120 (Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through ...) NOT-FOR-US: realnetworks realplayer_sp CVE-2010-0121 RESERVED CVE-2010-0122 (Multiple SQL injection vulnerabilities in Employee Timeclock Software ...) NOT-FOR-US: timeclock software employee_timeclock_software CVE-2010-0123 (The database backup implementation in Employee Timeclock Software 0.99 ...) NOT-FOR-US: timeclock software employee_timeclock_software CVE-2010-0124 (Employee Timeclock Software 0.99 places the database password on the ...) NOT-FOR-US: timeclock software employee_timeclock_software CVE-2010-0125 RESERVED CVE-2010-0126 (Heap-based buffer overflow in an unspecified library in Autonomy ...) NOT-FOR-US: autonomy keyview_viewer_sdk CVE-2010-0127 (Adobe Shockwave Player before 11.5.7.609 allows remote attackers to ...) NOT-FOR-US: adobe shockwave_player CVE-2010-0128 (Integer signedness error in dirapi.dll in Adobe Shockwave Player ...) NOT-FOR-US: adobe shockwave_player CVE-2010-0129 (Multiple integer overflows in Adobe Shockwave Player before 11.5.7.609 ...) NOT-FOR-US: adobe shockwave_player CVE-2010-0130 (Integer overflow in Adobe Shockwave Player before 11.5.7.609 might ...) NOT-FOR-US: adobe shockwave_player CVE-2010-0131 (Stack-based buffer overflow in the SpreadSheet Lotus 123 reader ...) NOT-FOR-US: autonomy keyview_viewer_sdk CVE-2010-0132 (Cross-site scripting (XSS) vulnerability in ViewVC 1.1 before 1.1.5 ...) BUG: 312165 CVE-2010-0133 (Multiple stack-based buffer overflows in the SpreadSheet Lotus 123 ...) NOT-FOR-US: autonomy keyview_viewer_sdk CVE-2010-0134 (Integer signedness error in rtfsr.dll in Autonomy KeyView 10.4 and ...) NOT-FOR-US: autonomy keyview_viewer_sdk CVE-2010-0135 (Heap-based buffer overflow in the WordPerfect 5.x reader (wosr.dll), ...) NOT-FOR-US: autonomy keyview_viewer_sdk CVE-2010-0136 (OpenOffice.org (OOo) 2.0.4, 2.4.1, and 3.1.1 does not properly enforce ...) BUG: 307307 CVE-2010-0137 (Unspecified vulnerability in the sshd_child_handler process in the SSH ...) NOT-FOR-US: cisco ios_xr CVE-2010-0138 (Buffer overflow in Cisco CiscoWorks Internetwork Performance Monitor ...) NOT-FOR-US: ciscoworks_internetwork_performance_monitor CVE-2010-0139 (Cisco Unified MeetingPlace 7 before 7.0(2.3) hotfix 5F, 6 before ...) NOT-FOR-US: cisco unified_meetingplace CVE-2010-0140 (Multiple unspecified vulnerabilities in the web server in Cisco ...) NOT-FOR-US: cisco unified_meetingplace CVE-2010-0141 (MeetingTime in Cisco Unified MeetingPlace 6 before MR5, and possibly ...) NOT-FOR-US: cisco unified_meetingplace CVE-2010-0142 (MeetingTime in Cisco Unified MeetingPlace 6 before MR5, and possibly ...) NOT-FOR-US: cisco unified_meetingplace CVE-2010-0143 (Unspecified vulnerability in the administrative interface in the ...) NOT-FOR-US: cisco ironport_postx CVE-2010-0144 (Unspecified vulnerability in the WebSafe DistributorServlet in the ...) NOT-FOR-US: cisco ironport_postx CVE-2010-0145 (Unspecified vulnerability in the embedded HTTPS server on the Cisco ...) NOT-FOR-US: cisco ironport_postx CVE-2010-0146 (Directory traversal vulnerability in the Management Center for Cisco ...) NOT-FOR-US: cisco security_agents CVE-2010-0147 (SQL injection vulnerability in the Management Center for Cisco ...) NOT-FOR-US: cisco security_agents CVE-2010-0148 (Unspecified vulnerability in Cisco Security Agent 5.2 before ...) NOT-FOR-US: cisco security_agents CVE-2010-0149 (Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security ...) NOT-FOR-US: cisco pix_500 CVE-2010-0150 (Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security ...) NOT-FOR-US: cisco pix_500 CVE-2010-0151 (The Cisco Firewall Services Module (FWSM) 4.0 before 4.0(8), as used ...) NOT-FOR-US: cisco firewall_services_module CVE-2010-0152 (Multiple cross-site scripting (XSS) vulnerabilities in the Local ...) NOT-FOR-US: ibm proventia_network_mail_security_system_virtual_appliance_firmware CVE-2010-0153 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...) NOT-FOR-US: ibm proventia_network_mail_security_system_virtual_appliance_firmware CVE-2010-0154 (Directory traversal vulnerability in sla/index.php in the Local ...) NOT-FOR-US: ibm proventia_network_mail_security_system_virtual_appliance_firmware CVE-2010-0155 (CRLF injection vulnerability in load.php in the Local Management ...) NOT-FOR-US: ibm proventia_network_mail_security_system_virtual_appliance_firmware CVE-2010-0156 (Puppet 0.24.x before 0.24.9 and 0.25.x before 0.25.2 allows local ...) BUG: 308031 CVE-2010-0157 (Directory traversal vulnerability in the Bible Study (com_biblestudy) ...) NOT-FOR-US: joomlabiblestudy com_biblestudy CVE-2010-0158 (** DISPUTED ** ...) NOT-FOR-US: joomlabamboo jb_simpla CVE-2010-0159 (The browser engine in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x ...) BUG: 312645 BUG: 305689 BUG: 307045 BUG: 312647 CVE-2010-0160 (The Web Worker functionality in Mozilla Firefox 3.0.x before 3.0.18 ...) BUG: 312645 BUG: 305689 BUG: 312647 CVE-2010-0161 (The nsAuthSSPI::Unwrap function in extensions/auth/nsAuthSSPI.cpp in ...) NOT-FOR-US: Windows only CVE-2010-0162 (Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and ...) BUG: 312645 BUG: 305689 BUG: 312647 CVE-2010-0163 (Mozilla Thunderbird before 2.0.0.24 and SeaMonkey before 1.1.19 ...) BUG: 312649 BUG: 312675 CVE-2010-0164 (Use-after-free vulnerability in the ...) BUG: 311021 CVE-2010-0165 (The TraceRecorder::traverseScopeChain function in js/src/jstracer.cpp ...) BUG: 311021 CVE-2010-0166 (The gfxTextRun::SanitizeGlyphRuns function in ...) NOT-FOR-US: OSX only CVE-2010-0167 (The browser engine in Mozilla Firefox 3.0.x before 3.0.18, 3.5.x ...) BUG: 312645 BUG: 307045 BUG: 305689 BUG: 311021 BUG: 312647 CVE-2010-0168 (The nsDocument::MaybePreLoadImage function in ...) BUG: 311021 CVE-2010-0169 (The CSSLoaderImpl::DoSheetComplete function in ...) BUG: 312645 BUG: 312647 BUG: 305689 BUG: 312021 BUG: 307045 CVE-2010-0170 (Mozilla Firefox 3.6 before 3.6.2 does not offer plugins the expected ...) BUG: 311021 CVE-2010-0171 (Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x ...) BUG: 312645 BUG: 312647 BUG: 305689 BUG: 311021 BUG: 307045 CVE-2010-0172 (toolkit/components/passwordmgr/src/nsLoginManagerPrompter.js in the ...) BUG: 311021 CVE-2010-0173 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) TODO: check CVE-2010-0174 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) TODO: check CVE-2010-0175 (Use-after-free vulnerability in the nsTreeSelection implementation in ...) TODO: check CVE-2010-0176 (Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before ...) TODO: check CVE-2010-0177 (Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before ...) TODO: check CVE-2010-0178 (Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before ...) TODO: check CVE-2010-0179 (Mozilla Firefox before 3.0.19 and 3.5.x before 3.5.8, and SeaMonkey ...) TODO: check CVE-2010-0180 (Install/Filesystem.pm in Bugzilla 3.5.1 through 3.6 and 3.7, when ...) BUG: 329923 CVE-2010-0181 (Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, and SeaMonkey ...) TODO: check CVE-2010-0182 (The XMLDocument::load function in Mozilla Firefox before 3.5.9 and ...) TODO: check CVE-2010-0183 (Use-after-free vulnerability in the nsCycleCollector::MarkRoots ...) TODO: check CVE-2010-0184 (The (1) domainutility and (2) domainutilitycmd components in TIBCO ...) NOT-FOR-US: tibco runtime_agent CVE-2010-0185 (The default configuration of Adobe ColdFusion 9.0 does not restrict ...) NOT-FOR-US: adobe coldfusion CVE-2010-0186 (Cross-domain vulnerability in Adobe Flash Player before 10.0.45.2, ...) BUG: 307749 BUG: 306429 CVE-2010-0187 (Adobe Flash Player before 10.0.45.2 and Adobe AIR before 1.5.3.9130 ...) BUG: 307749 CVE-2010-0188 (Unspecified vulnerability in Adobe Reader and Acrobat 8.x before 8.2.1 ...) BUG: 306429 CVE-2010-0189 (A certain ActiveX control in NOS Microsystems getPlus Download Manager ...) NOT-FOR-US: adobe download_manager CVE-2010-0190 (Cross-site scripting (XSS) vulnerability in Adobe Reader and Acrobat ...) BUG: 313343 CVE-2010-0191 (Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on ...) BUG: 313343 CVE-2010-0192 (Unspecified vulnerability in Adobe Reader and Acrobat 9.x before ...) BUG: 313343 CVE-2010-0193 (Unspecified vulnerability in Adobe Reader and Acrobat 9.x before ...) BUG: 313343 CVE-2010-0194 (Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on ...) BUG: 313343 CVE-2010-0195 (Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on ...) BUG: 313343 CVE-2010-0196 (Unspecified vulnerability in Adobe Reader and Acrobat 9.x before ...) BUG: 313343 CVE-2010-0197 (Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on ...) BUG: 313343 CVE-2010-0198 (Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x ...) BUG: 313343 CVE-2010-0199 (Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x ...) BUG: 313343 CVE-2010-0200 REJECTED CVE-2010-0201 (Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on ...) BUG: 313343 CVE-2010-0202 (Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x ...) BUG: 313343 CVE-2010-0203 (Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x ...) BUG: 313343 CVE-2010-0204 (Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on ...) BUG: 313343 CVE-2010-0205 (The png_decompress_chunk function in pngrutil.c in libpng 1.0.x before ...) BUG: 307637 CVE-2010-0206 RESERVED CVE-2010-0207 RESERVED CVE-2010-0208 RESERVED CVE-2010-0209 (Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and ...) BUG: 332205 CVE-2010-0210 RESERVED CVE-2010-0211 (The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not ...) BUG: 323777 CVE-2010-0212 (OpenLDAP 2.4.22 allows remote attackers to cause a denial of service ...) BUG: 323777 CVE-2010-0213 (BIND 9.7.1 and 9.7.1-P1, when a recursive validating server has a ...) NOT-FOR-US: We already have 9.7.1-p2 CVE-2010-0214 RESERVED CVE-2010-0215 RESERVED CVE-2010-0216 RESERVED CVE-2010-0217 RESERVED CVE-2010-0218 (ISC BIND 9.7.2 through 9.7.2-P1 uses an incorrect ACL to restrict the ...) NOT-FOR-US: We only have 9.7.2_p2, and it's still unstable. CVE-2010-0219 (Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects ...) TODO: check CVE-2010-0220 (The nsObserverList::FillObserverArray function in ...) BUG: 312679 CVE-2010-0221 (Kingston DataTraveler BlackBox (DTBB), DataTraveler Secure Privacy ...) NOT-FOR-US: kingston datatraveler_secure CVE-2010-0222 (Kingston DataTraveler BlackBox (DTBB), DataTraveler Secure Privacy ...) NOT-FOR-US: kingston datatraveler_secure CVE-2010-0223 (Kingston DataTraveler BlackBox (DTBB), DataTraveler Secure Privacy ...) NOT-FOR-US: kingston datatraveler_secure CVE-2010-0224 (SanDisk Cruzer Enterprise USB flash drives validate passwords with a ...) NOT-FOR-US: sandisk cruzer_enterprise_usb CVE-2010-0225 (SanDisk Cruzer Enterprise USB flash drives use a fixed 256-bit key for ...) NOT-FOR-US: scandisk cruzer_enterprise_usb CVE-2010-0226 (SanDisk Cruzer Enterprise USB flash drives do not prevent password ...) NOT-FOR-US: sandisk cruzer_enterprise_usb CVE-2010-0227 (Verbatim Corporate Secure and Corporate Secure FIPS Edition USB flash ...) NOT-FOR-US: verbatim corporate_secure CVE-2010-0228 (Verbatim Corporate Secure and Corporate Secure FIPS Edition USB flash ...) NOT-FOR-US: verbatim corporate_secure CVE-2010-0229 (Verbatim Corporate Secure and Corporate Secure FIPS Edition USB flash ...) NOT-FOR-US: verbatim corporate_secure CVE-2010-0230 (SUSE Linux Enterprise 10 SP3 (SLE10-SP3) and openSUSE 11.2 configures ...) NOT-FOR-US: suse_linux CVE-2010-0231 (The SMB implementation in the Server service in Microsoft Windows 2000 ...) NOT-FOR-US: microsoft windows_xp CVE-2010-0232 (The kernel in Microsoft Windows NT 3.1 through Windows 7, including ...) NOT-FOR-US: microsoft windows_xp CVE-2010-0233 (Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, ...) NOT-FOR-US: microsoft windows_xp CVE-2010-0234 (The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 ...) NOT-FOR-US: microsoft windows_xp CVE-2010-0235 (The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 ...) NOT-FOR-US: microsoft windows_xp CVE-2010-0236 (The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 ...) NOT-FOR-US: microsoft windows_xp CVE-2010-0237 (The kernel in Microsoft Windows 2000 SP4 and XP SP2 and SP3 allows ...) NOT-FOR-US: microsoft windows_xp CVE-2010-0238 (Unspecified vulnerability in registry-key validation in the kernel in ...) NOT-FOR-US: microsoft windows_xp CVE-2010-0239 (The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and ...) NOT-FOR-US: microsoft windows_vista CVE-2010-0240 (The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and ...) NOT-FOR-US: microsoft windows_vista CVE-2010-0241 (The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and ...) NOT-FOR-US: microsoft windows_vista CVE-2010-0242 (The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and ...) NOT-FOR-US: microsoft windows_vista CVE-2010-0243 (Buffer overflow in MSO.DLL in Microsoft Office XP SP3 and Office 2004 ...) NOT-FOR-US: microsoft office CVE-2010-0244 (Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly ...) NOT-FOR-US: microsoft ie CVE-2010-0245 (Microsoft Internet Explorer 8 does not properly handle objects in ...) NOT-FOR-US: microsoft ie CVE-2010-0246 (Microsoft Internet Explorer 8 does not properly handle objects in ...) NOT-FOR-US: microsoft ie CVE-2010-0247 (Microsoft Internet Explorer 5.01 SP4, 6, and 6 SP1 does not properly ...) NOT-FOR-US: microsoft ie CVE-2010-0248 (Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly ...) NOT-FOR-US: microsoft ie CVE-2010-0249 (Use-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, ...) NOT-FOR-US: microsoft internet_explorer CVE-2010-0250 (Heap-based buffer overflow in DirectShow in Microsoft DirectX, as used ...) NOT-FOR-US: microsoft windows_xp CVE-2010-0251 RESERVED CVE-2010-0252 (The Microsoft Data Analyzer ActiveX control (aka the Office Excel ...) NOT-FOR-US: microsoft windows_xp CVE-2010-0253 RESERVED CVE-2010-0254 (Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does ...) NOT-FOR-US: microsoft visio CVE-2010-0255 (Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not ...) NOT-FOR-US: microsoft windows_xp CVE-2010-0256 (Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does ...) NOT-FOR-US: microsoft visio CVE-2010-0257 (Microsoft Office Excel 2002 SP3 does not properly parse the Excel file ...) NOT-FOR-US: microsoft open_xml_file_format_converter CVE-2010-0258 (Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; ...) NOT-FOR-US: microsoft open_xml_file_format_converter CVE-2010-0259 RESERVED CVE-2010-0260 (Heap-based buffer overflow in Microsoft Office Excel 2007 SP1 and SP2; ...) NOT-FOR-US: microsoft open_xml_file_format_converter CVE-2010-0261 (Heap-based buffer overflow in Microsoft Office Excel 2007 SP1 and SP2 ...) NOT-FOR-US: microsoft open_xml_file_format_converter CVE-2010-0262 (Microsoft Office Excel 2007 SP1 and SP2 and Office 2004 for Mac do not ...) NOT-FOR-US: microsoft open_xml_file_format_converter CVE-2010-0263 (Microsoft Office Excel 2007 SP1 and SP2; Office 2008 for Mac; Open XML ...) NOT-FOR-US: microsoft open_xml_file_format_converter CVE-2010-0264 (Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and ...) NOT-FOR-US: microsoft open_xml_file_format_converter CVE-2010-0265 (Buffer overflow in Microsoft Windows Movie Maker 2.1, 2.6, and 6.0, ...) NOT-FOR-US: microsoft windows_xp CVE-2010-0266 (Microsoft Office Outlook 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 does ...) NOT-FOR-US: microsoft outlook CVE-2010-0267 (Microsoft Internet Explorer 6, 6 SP1, and 7 does not properly handle ...) NOT-FOR-US: microsoft windows_xp CVE-2010-0268 (Unspecified vulnerability in the Windows Media Player ActiveX control ...) NOT-FOR-US: microsoft windows_xp CVE-2010-0269 (The SMB client in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, ...) NOT-FOR-US: microsoft windows_xp CVE-2010-0270 (The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does ...) NOT-FOR-US: microsoft windows_server_2008 CVE-2010-0271 (hald in Sun OpenSolaris snv_51 through snv_130 does not have the ...) NOT-FOR-US: sun opensolaris CVE-2010-0272 (Heap-based buffer overflow in Sun Java System Web Server 7.0 Update 6 ...) NOT-FOR-US: sun java_system_web_server CVE-2010-0273 (Unspecified vulnerability in Sun Java System Web Server 7.0 Update 6 ...) NOT-FOR-US: sun java_system_web_server CVE-2010-0274 (Unspecified vulnerability in the Edit Contact scene in Ultra-light ...) NOT-FOR-US: ibm lotus_inotes CVE-2010-0275 (Ultra-light Mode in IBM Lotus iNotes (aka Domino Web Access or DWA) ...) NOT-FOR-US: ibm lotus_inotes CVE-2010-0276 (IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.241 for ...) NOT-FOR-US: ibm lotus_inotes CVE-2010-0277 (slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.6, ...) BUG: 305715 CVE-2010-0278 (A certain ActiveX control in msgsc.14.0.8089.726.dll in Microsoft ...) NOT-FOR-US: microsoft windows_live_messenger CVE-2010-0279 (Unrestricted file upload vulnerability in upload.php in BTS-GI Read ...) NOT-FOR-US: bts gi net read_excel CVE-2010-0280 (Array index error in Jan Eric Kyprianidis lib3ds 1.x, as used in ...) BUG: 308033 CVE-2010-0281 RESERVED CVE-2010-0282 RESERVED CVE-2010-0283 (The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 ...) BUG: 308021 CVE-2010-0284 (Directory traversal vulnerability in the getEntry method in the ...) NOT-FOR-US: novell access_manager CVE-2010-0285 (gnome-screensaver 2.14.3, 2.22.2, 2.27.x, 2.28.0, and 2.28.3, when the ...) BUG: 308029 CVE-2010-0286 (Unspecified vulnerability in the OpenID Identity Authentication ...) NOT-FOR-US: typo3 CVE-2010-0287 (Directory traversal vulnerability in the ACL Manager plugin ...) BUG: 301310 CVE-2010-0288 (A typo in the administrator permission check in the ACL Manager plugin ...) BUG: 301310 CVE-2010-0289 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ACL ...) BUG: 301310 CVE-2010-0290 (Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before ...) BUG: 308035 CVE-2010-0291 (The Linux kernel before 2.6.32.4 allows local users to gain privileges ...) BUG: 307441 CVE-2010-0292 (The read_from_cmd_socket function in cmdmon.c in chronyd in Chrony ...) BUG: 308037 CVE-2010-0293 (The client logging functionality in chronyd in Chrony before 1.23.1 ...) BUG: 307757 CVE-2010-0294 (chronyd in Chrony before 1.23.1, and possibly 1.24-pre1, generates a ...) BUG: 307757 CVE-2010-0295 (lighttpd before 1.4.26, and 1.5.x, allocates a buffer for each read ...) BUG: 303213 CVE-2010-0296 (The encode_name macro in misc/mntent_r.c in the GNU C Library (aka ...) BUG: 335871 CVE-2010-0297 (Buffer overflow in the usb_host_handle_control function in the USB ...) BUG: 308039 CVE-2010-0298 (The x86 emulator in KVM 83 does not use the Current Privilege Level ...) BUG: 308041 CVE-2010-0299 (openSUSE 11.2 installs the devtmpfs root directory with insecure ...) NOT-FOR-US: lolsuse CVE-2010-0300 (cache.c in ircd-ratbox before 2.2.9 allows remote attackers to cause a ...) NOT-FOR-US: ircd ratbox CVE-2010-0301 (main.C in maildrop 2.3.0 and earlier, when run by root with the -d ...) BUG: 308043 CVE-2010-0302 (Use-after-free vulnerability in the abstract file-descriptor handling ...) BUG: 308045 CVE-2010-0303 (mystring.c in hybserv in IRCD-Hybrid (aka Hybrid2 IRC Services) 1.9.2 ...) NOT-FOR-US: dinko_korunic hybserv2 CVE-2010-0304 (Multiple buffer overflows in the LWRES dissector in Wireshark 0.9.15 ...) BUG: 302665 CVE-2010-0305 (ejabberd_c2s.erl in ejabberd before 2.1.3 allows remote attackers to ...) BUG: 308047 CVE-2010-0306 (The x86 emulator in KVM 83, when a guest is configured for Symmetric ...) BUG: 308041 CVE-2010-0307 (The load_elf_binary function in fs/binfmt_elf.c in the Linux kernel ...) BUG: 307443 CVE-2010-0308 (lib/rfc1035.c in Squid 2.x, 3.0 through 3.0.STABLE22, and 3.1 through ...) BUG: 301828 CVE-2010-0309 (The pit_ioport_read function in the Programmable Interval Timer (PIT) ...) BUG: 308041 CVE-2010-0310 (Trusted Extensions in Sun Solaris 10 allows local users to gain ...) NOT-FOR-US: sun solaris CVE-2010-0311 (Unspecified vulnerability in Sun Java System Identity Manager (aka ...) NOT-FOR-US: sun opensso_enterprise CVE-2010-0312 (The do_extendedOp function in ibmslapd in IBM Tivoli Directory Server ...) NOT-FOR-US: ibm tivoli_directory_server CVE-2010-0313 (The core_get_proxyauth_dn function in ns-slapd in Sun Java System ...) NOT-FOR-US: sun java_system_directory_server CVE-2010-0314 (Apple Safari allows remote attackers to discover a redirect's target ...) NOT-FOR-US: apple safari CVE-2010-0315 (WebKit before r53607, as used in Google Chrome before 4.0.249.89, ...) TODO: check CVE-2010-0316 (Integer overflow in Google SketchUp before 7.1 M2 allows remote ...) NOT-FOR-US: google_sketchup CVE-2010-0317 (Novell Netware 6.5 SP8 allows remote attackers to cause a denial of ...) NOT-FOR-US: novell netware CVE-2010-0318 (The replay functionality for ZFS Intent Log (ZIL) in FreeBSD 7.1, 7.2, ...) TODO: BSD CVE-2010-0319 (Cross-site scripting (XSS) vulnerability in index.php in Docmint 1.0 ...) NOT-FOR-US: docmint CVE-2010-0320 (Cross-site scripting (XSS) vulnerability in submitlink.php in Glitter ...) NOT-FOR-US: x10media glitter_central_script CVE-2010-0321 (Cross-site scripting (XSS) vulnerability in jobs/index.php in Jamit ...) NOT-FOR-US: jamit_job_board CVE-2010-0322 (SQL injection vulnerability in the init function in MK-AnydropdownMenu ...) NOT-FOR-US: matthias_karr mk_anydropdownmenu CVE-2010-0323 (Unspecified vulnerability in the Photo Book (goof_fotoboek) extension ...) NOT-FOR-US: arco_van_geest goof_fotoboek CVE-2010-0324 (SQL injection vulnerability in the Customer Reference List (ref_list) ...) NOT-FOR-US: patrick_bauerochse ref_list CVE-2010-0325 (Unspecified vulnerability in the SB Folderdownload (sb_folderdownload) ...) NOT-FOR-US: sebastian_baumann sb_folderdownload CVE-2010-0326 (Cross-site scripting (XSS) vulnerability in the Developer log (devlog) ...) NOT-FOR-US: rene_fritz devlog CVE-2010-0327 (Cross-site scripting (XSS) vulnerability in the KJ: Imagelightbox ...) NOT-FOR-US: julian_kleinhans kj_imagelightbox2 CVE-2010-0328 (Cross-site scripting (XSS) vulnerability in the Unit Converter ...) NOT-FOR-US: rastislav_birka cs2_unitconv CVE-2010-0329 (SQL injection vulnerability in the powermail extension 1.5.1 and ...) NOT-FOR-US: alex_kellner powermail CVE-2010-0330 (SQL injection vulnerability in the Googlemaps for tt_news ...) NOT-FOR-US: julian_fries jf_easymaps CVE-2010-0331 (Cross-site scripting (XSS) vulnerability in the TV21 Talkshow ...) NOT-FOR-US: typo3 tv21_talkshow CVE-2010-0332 (SQL injection vulnerability in the TV21 Talkshow (tv21_talkshow) ...) NOT-FOR-US: typo3 tv21_talkshow CVE-2010-0333 (SQL injection vulnerability in the Helpdesk (mg_help) extension 1.1.6 ...) NOT-FOR-US: typo3 mg_help CVE-2010-0334 (SQL injection vulnerability in the Vote rank for news ...) NOT-FOR-US: typo3 vote_for_tt_news CVE-2010-0335 (Cross-site scripting (XSS) vulnerability in the Vote rank for news ...) NOT-FOR-US: typo3 vote_for_tt_news CVE-2010-0336 (Unspecified vulnerability in the kiddog_mysqldumper ...) NOT-FOR-US: typo3 kiddog_mysqldumper CVE-2010-0337 (SQL injection vulnerability in the tt_news Mail alert ...) NOT-FOR-US: typo3 kiddog_mysqldumper CVE-2010-0338 (SQL injection vulnerability in the TT_Products editor (ttpedit) ...) NOT-FOR-US: typo3 ttpedit CVE-2010-0339 (SQL injection vulnerability in the User Links (vm19_userlinks) ...) NOT-FOR-US: typo3 vm19_userlinks CVE-2010-0340 (SQL injection vulnerability in the MJS Event Pro (mjseventpro) ...) NOT-FOR-US: typo3 mjseventpro CVE-2010-0341 (SQL injection vulnerability in the BB Simple Jobs (bb_simplejobs) ...) NOT-FOR-US: typo3 bb_simplejobs CVE-2010-0342 (SQL injection vulnerability in the Reports for Job (job_reports) ...) NOT-FOR-US: typo3 job_reports CVE-2010-0343 (SQL injection vulnerability in the Clan Users List (pb_clanlist) ...) NOT-FOR-US: typo3 pb_clanlist CVE-2010-0344 (SQL injection vulnerability in the zak_store_management extension ...) NOT-FOR-US: typo3 zak_store_management CVE-2010-0345 (Cross-site scripting (XSS) vulnerability in the Majordomo extension ...) NOT-FOR-US: typo3 majordomo CVE-2010-0346 (Cross-site scripting (XSS) vulnerability in the Tip many friends ...) NOT-FOR-US: typo3 mimi_tipfriends CVE-2010-0347 (Cross-site scripting (XSS) vulnerability in the VD / Geomap ...) NOT-FOR-US: typo3 vd_gemomap CVE-2010-0348 (Directory traversal vulnerability in C3 Corp. WebCalenderC3 0.32 and ...) NOT-FOR-US: c 3 webcalenderc3 CVE-2010-0349 (Cross-site scripting (XSS) vulnerability in C3 Corp. WebCalenderC3 ...) NOT-FOR-US: c 3 co jp webcalenderc3 CVE-2010-0350 (Directory traversal vulnerability in the Photo Book (goof_fotoboek) ...) NOT-FOR-US: arco_van_geest goof_fotoboek CVE-2010-0351 RESERVED CVE-2010-0352 RESERVED CVE-2010-0353 RESERVED CVE-2010-0354 RESERVED CVE-2010-0355 RESERVED CVE-2010-0356 (Stack-based buffer overflow in the MOVIEPLAYER.MoviePlayerCtrl.1 ...) NOT-FOR-US: viscomsoft movie_player_pro_sdk_activex CVE-2010-0357 (Cross-site scripting (XSS) vulnerability in the Login page in IBM ...) NOT-FOR-US: ibm lotus_web_content_management CVE-2010-0358 (Heap-based buffer overflow in the server in IBM Lotus Domino 7 and 8.5 ...) NOT-FOR-US: ibm lotus_domino CVE-2010-0359 (Buffer overflow in the SSLv2 support in Zeus Web Server before 4.3r5 ...) NOT-FOR-US: zeus_web_server CVE-2010-0360 (Sun Java System Web Server (aka SJWS) 7.0 Update 7 allows remote ...) NOT-FOR-US: sun java_system_web_server CVE-2010-0361 (Stack-based buffer overflow in the WebDAV implementation in webservd ...) NOT-FOR-US: sun java_system_web_server CVE-2010-0362 (Zeus Web Server before 4.3r5 does not use random transaction IDs for ...) NOT-FOR-US: zeus_web_server CVE-2010-0363 (Cross-site scripting (XSS) vulnerability in Zeus Web Server before ...) NOT-FOR-US: zeus_web_server CVE-2010-0364 (Stack-based buffer overflow in VideoLAN VLC Media Player 0.8.6 allows ...) NOT-FOR-US: Obsolete CVE-2010-0365 (Cross-site scripting (XSS) vulnerability in search.php in BitScripts ...) NOT-FOR-US: bitscripts bits_video_script CVE-2010-0366 (Multiple unrestricted file upload vulnerabilities in (1) register.php ...) NOT-FOR-US: bitscripts bits_video_script CVE-2010-0367 (Multiple PHP remote file inclusion vulnerabilities in BitScripts Bits ...) NOT-FOR-US: bitscripts bits_video_script CVE-2010-0368 RESERVED CVE-2010-0369 RESERVED CVE-2010-0370 (Cross-site scripting (XSS) vulnerability in the Node Blocks module ...) NOT-FOR-US: thomas_turnbull nodeblock CVE-2010-0371 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) NOT-FOR-US: hitmaaan_gallery CVE-2010-0372 (SQL injection vulnerability in the Articlemanager (com_articlemanager) ...) NOT-FOR-US: hong_chuyen com_articlemanager CVE-2010-0373 (SQL injection vulnerability in the libros (com_libros) component for ...) NOT-FOR-US: joomla com_libros CVE-2010-0374 (Cross-site scripting (XSS) vulnerability in the Marketplace ...) NOT-FOR-US: codingfish com_marketplace CVE-2010-0375 (SQL injection vulnerability in product_list.php in JCE-Tech PHP ...) NOT-FOR-US: jce tech php_calendars_script CVE-2010-0376 (Cross-site scripting (XSS) vulnerability in product_list.php in ...) NOT-FOR-US: jce tech php_calendars_script CVE-2010-0377 (SQL injection vulnerability in modules/arcade/index.php in PHP MySpace ...) NOT-FOR-US: phpmyspace CVE-2010-0378 (Use-after-free vulnerability in Adobe Flash Player 6.0.79, as ...) NOT-FOR-US: microsoft windows_xp CVE-2010-0379 (Multiple unspecified vuilnerabilities in the Macromedia Flash ActiveX ...) NOT-FOR-US: microsoft windows_xp CVE-2010-0380 (install.php in JCE-Tech PHP Calendars, downloaded 20100121, allows ...) NOT-FOR-US: jce tech php_calendars_script CVE-2010-0381 (SQL injection vulnerability in modules/arcade/index.php in PHP MySpace ...) NOT-FOR-US: phpmyspace CVE-2010-0382 (ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before ...) BUG: 308035 CVE-2010-0383 (Tor before 0.2.1.22, and 0.2.2.x before 0.2.2.7-alpha, uses deprecated ...) BUG: 301701 CVE-2010-0384 (Tor 0.2.2.x before 0.2.2.7-alpha, when functioning as a directory ...) NOT-FOR-US: 0.2.2.x not in the tree yet. CVE-2010-0385 (Tor before 0.2.1.22, and 0.2.2.x before 0.2.2.7-alpha, when ...) BUG: 301701 CVE-2010-0386 (The default configuration of Sun Java System Application Server 7 and ...) NOT-FOR-US: sun java_system_application_server CVE-2010-0387 (Multiple heap-based buffer overflows in (1) webservd and (2) the admin ...) NOT-FOR-US: sun java_system_web_server CVE-2010-0388 (Format string vulnerability in the WebDAV implementation in webservd ...) NOT-FOR-US: sun java_system_web_server CVE-2010-0389 (The admin server in Sun Java System Web Server 7.0 Update 6 allows ...) NOT-FOR-US: sun java_system_web_server CVE-2010-0390 (Unrestricted file upload vulnerability in maxImageUpload/index.php in ...) NOT-FOR-US: phpf1 max s_image_uploader CVE-2010-0391 (Multiple stack-based buffer overflows in Embarcadero Technologies ...) NOT-FOR-US: embarcadero interbase_smp_2009 CVE-2010-0392 (Stack-based buffer overflow in vpnconf.exe in TheGreenBow IPSec VPN ...) NOT-FOR-US: thegreenbow ipsec_vpn_client CVE-2010-0393 (The _cupsGetlang function, as used by lppasswd.c in lppasswd in CUPS ...) BUG: 308045 CVE-2010-0394 (PyGIT.py in the Trac Git plugin (trac-git) before ...) NOT-FOR-US: nanosleep trac git CVE-2010-0395 (OpenOffice.org 2.x and 3.0 before 3.2.1 allows user-assisted remote ...) BUG: 320491 CVE-2010-0396 (Directory traversal vulnerability in the dpkg-source component in dpkg ...) BUG: 309633 CVE-2010-0397 (The xmlrpc extension in PHP 5.3.1 does not properly handle a missing ...) NOT-FOR-US: NFU: 5.3.x hardmasked CVE-2010-0398 RESERVED CVE-2010-0399 RESERVED CVE-2010-0400 (SQL injection vulnerability in lib/user.php in mahara 1.0.4 allows ...) NOT-FOR-US: mahara CVE-2010-0401 (OpenTTD before 1.0.1 accepts a company password for authentication in ...) BUG: 320955 CVE-2010-0402 (OpenTTD before 1.0.1 does not properly validate index values of ...) BUG: 320955 CVE-2010-0403 (Directory traversal vulnerability in about.php in phpGroupWare (phpgw) ...) BUG: 320957 CVE-2010-0404 (Multiple SQL injection vulnerabilities in phpGroupWare (phpgw) before ...) BUG: 320957 CVE-2010-0405 (Integer overflow in the BZ2_decompress function in decompress.c in ...) BUG: 338215 CVE-2010-0406 (OpenTTD before 1.0.1 allows remote attackers to cause a denial of ...) BUG: 320955 CVE-2010-0407 (Multiple buffer overflows in the MSGFunctionDemarshall function in ...) NOT-FOR-US: muscle pcsc lite CVE-2010-0408 (The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp ...) BUG: 308049 CVE-2010-0409 (Buffer overflow in the GMIME_UUENCODE_LEN macro in ...) BUG: 308051 CVE-2010-0410 (drivers/connector/connector.c in the Linux kernel before 2.6.32.8 ...) BUG: 307445 CVE-2010-0411 (Multiple integer signedness errors in the (1) __get_argv and (2) ...) BUG: 308053 CVE-2010-0412 (stap-server in SystemTap 1.1 does not properly restrict the value of ...) BUG: 308053 CVE-2010-0413 RESERVED CVE-2010-0414 (gnome-screensaver before 2.28.2 allows physically proximate attackers ...) BUG: 308029 CVE-2010-0415 (The do_pages_move function in mm/migrate.c in the Linux kernel before ...) BUG: 307447 CVE-2010-0416 (Buffer overflow in the Unescape function in common/util/hxurl.cpp and ...) NOT-FOR-US: realnetworks realplayer CVE-2010-0417 (Buffer overflow in common/util/rlstate.cpp in Helix Player 1.0.6 and ...) NOT-FOR-US: realnetworks realplayer CVE-2010-0418 (The web interface in chumby one before 1.0.4 and chumby classic before ...) NOT-FOR-US: chumby_one CVE-2010-0419 (The x86 emulator in KVM 83, when a guest is configured for Symmetric ...) BUG: 308041 CVE-2010-0420 (libpurple in Finch in Pidgin before 2.6.6, when an XMPP multi-user ...) BUG: 305715 CVE-2010-0421 (Array index error in the hb_ot_layout_build_glyph_classes function in ...) BUG: 313331 CVE-2010-0422 (gnome-screensaver 2.28.x before 2.28.3 does not properly synchronize ...) BUG: 308029 CVE-2010-0423 (gtkimhtml.c in Pidgin before 2.6.6 allows remote attackers to cause a ...) BUG: 305715 CVE-2010-0424 (The edit_cmd function in crontab.c in (1) cronie before 1.4.4 and (2) ...) BUG: 308055 CVE-2010-0425 (modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server ...) NOT-FOR-US: mod_isapi in the Apache HTTP Server CVE-2010-0426 (sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a ...) BUG: 306865 CVE-2010-0427 (sudo 1.6.x before 1.6.9p21, when the runas_default option is used, ...) BUG: 306865 CVE-2010-0428 (libspice, as used in QEMU-KVM in the Hypervisor (aka rhev-hypervisor) ...) NOT-FOR-US: redhat qspice CVE-2010-0429 (libspice, as used in QEMU-KVM in the Hypervisor (aka rhev-hypervisor) ...) NOT-FOR-US: redhat qspice CVE-2010-0430 RESERVED CVE-2010-0431 (QEMU-KVM, as used in the Hypervisor (aka rhev-hypervisor) in Red Hat ...) BUG: 335872 CVE-2010-0432 (Multiple cross-site scripting (XSS) vulnerabilities in the Apache Open ...) NOT-FOR-US: apache open_for_business_project CVE-2010-0433 (The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before ...) BUG: 308011 CVE-2010-0434 (The ap_read_request function in server/protocol.c in the Apache HTTP ...) BUG: 308049 CVE-2010-0435 (The Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise ...) BUG: 335872 CVE-2010-0436 (Race condition in backend/ctrl.c in KDM in KDE Software Compilation ...) BUG: 315235 CVE-2010-0437 (The ip6_dst_lookup_tail function in net/ipv6/ip6_output.c in the Linux ...) BUG: 312479 CVE-2010-0438 (Multiple SQL injection vulnerabilities in Kernel/System/Ticket.pm in ...) BUG: 308059 CVE-2010-0439 (Chip Salzenberg Deliver allows local users to cause a denial of ...) NOT-FOR-US: chip_salzenberg deliver CVE-2010-0440 (Cross-site scripting (XSS) vulnerability in +CSCOT+/translation in ...) NOT-FOR-US: cisco secure_desktop CVE-2010-0441 (Asterisk Open Source 1.6.0.x before 1.6.0.22, 1.6.1.x before 1.6.1.14, ...) BUG: 308061 CVE-2010-0442 (The bitsubstr function in backend/utils/adt/varbit.c in PostgreSQL ...) BUG: 308063 CVE-2010-0443 (Unspecified vulnerability in Record Management Services (RMS) before ...) NOT-FOR-US: hp openvms_rms CVE-2010-0444 (HP Operations Agent 8.51, 8.52, 8.53, and 8.60 on Solaris 10 uses a ...) NOT-FOR-US: hp operations_agent CVE-2010-0445 (Unspecified vulnerability in HP Network Node Manager (NNM) 8.10, 8.11, ...) NOT-FOR-US: hp network_node_manager CVE-2010-0446 (Unspecified vulnerability on the HP DreamScreen 100 and 130 with ...) NOT-FOR-US: hp dreamscreen CVE-2010-0447 (The helpmanager servlet in the web server in HP OpenView Performance ...) NOT-FOR-US: hp openview_performance_insight CVE-2010-0448 (Unspecified vulnerability in HP SOA Registry Foundation 6.63 and 6.64 ...) NOT-FOR-US: HP SOA Registry Foundation CVE-2010-0449 (Cross-site scripting (XSS) vulnerability in HP SOA Registry Foundation ...) NOT-FOR-US: HP SOA Registry Foundation CVE-2010-0450 (Unspecified vulnerability in HP SOA Registry Foundation 6.63 and 6.64 ...) NOT-FOR-US: HP SOA Registry Foundation CVE-2010-0451 (The installation process for NFS/ONCplus B.11.31_08 and earlier on HP ...) NOT-FOR-US: hp ux CVE-2010-0452 (Multiple cross-site scripting (XSS) vulnerabilities in HP Project and ...) NOT-FOR-US: hp project_and_portfolio_management_center CVE-2010-0453 (The ucode_ioctl function in intel/io/ucode_drv.c in Sun Solaris 10 and ...) NOT-FOR-US: sun solaris CVE-2010-0454 (SQL injection vulnerability in cgi/cgilua.exe/sys/start.htm in ...) NOT-FOR-US: fabricadigital publique CVE-2010-0455 (Cross-site scripting (XSS) vulnerability in forum/viewtopic.php in ...) NOT-FOR-US: punbb CVE-2010-0456 (SQL injection vulnerability in the indianpulse Game Server ...) NOT-FOR-US: indianpulses com_gameserver CVE-2010-0457 (SQL injection vulnerability in home.php in magic-portal 2.1 allows ...) NOT-FOR-US: a3malnet magic portal CVE-2010-0458 (Multiple SQL injection vulnerabilities in NetArt Media Blog System 1.5 ...) NOT-FOR-US: netart_media blog_system CVE-2010-0459 (SQL injection vulnerability in the Mochigames (com_mochigames) ...) NOT-FOR-US: yoflash com_mochigames CVE-2010-0460 (Multiple cross-site scripting (XSS) vulnerabilities in staff/index.php ...) NOT-FOR-US: kayako supportsuite CVE-2010-0461 (SQL injection vulnerability in the casino (com_casino) component 1.0 ...) NOT-FOR-US: joomla com_casino CVE-2010-0462 (Heap-based buffer overflow in IBM DB2 9.1 before FP9, 9.5 before FP6, ...) NOT-FOR-US: ibm db2 CVE-2010-0463 (Horde IMP 4.3.6 and earlier does not request that the web browser ...) BUG: 307759 CVE-2010-0464 (Roundcube 0.3.1 and earlier does not request that the web browser ...) BUG: 308065 CVE-2010-0465 (Cross-site scripting (XSS) vulnerability in the online Documents ...) NOT-FOR-US: Notified in ebuild bug CVE-2010-0466 RESERVED CVE-2010-0467 (Directory traversal vulnerability in the ccNewsletter ...) NOT-FOR-US: chillcreations com_ccnewsletter CVE-2010-0468 (Cross-site scripting (XSS) vulnerability in utilities/longproc.cfm in ...) NOT-FOR-US: paperthin commonspot_content_server CVE-2010-0469 (SQL injection vulnerability in Files2Links F2L 3000 appliance 4.0.0, ...) NOT-FOR-US: files2links f2l_3000_appliance CVE-2010-0470 (Cross-site scripting (XSS) vulnerability in scvrtsrv.cmd in Comtrend ...) NOT-FOR-US: comtrend ct 507it_adsl_router CVE-2010-0471 (SQL injection vulnerability in the comment submission interface ...) NOT-FOR-US: enanocms CVE-2010-0472 (kuddb2 in Tivoli Monitoring for DB2, as distributed in IBM DB2 9.7 FP1 ...) NOT-FOR-US: ibm db2 CVE-2010-0473 RESERVED CVE-2010-0474 RESERVED CVE-2010-0475 (Cross-site scripting (XSS) vulnerability in esp/editUser.esp in the ...) NOT-FOR-US: palo_alto_networks firewall CVE-2010-0476 (The SMB client in Microsoft Windows Server 2003 SP2, Vista Gold, SP1, ...) NOT-FOR-US: microsoft windows_vista CVE-2010-0477 (The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does ...) NOT-FOR-US: microsoft windows_server_2008 CVE-2010-0478 (Stack-based buffer overflow in nsum.exe in the Windows Media Unicast ...) NOT-FOR-US: microsoft windows_2000 CVE-2010-0479 (Buffer overflow in Microsoft Office Publisher 2002 SP3, 2003 SP3, and ...) NOT-FOR-US: microsoft publisher CVE-2010-0480 (Multiple stack-based buffer overflows in the MPEG Layer-3 audio codecs ...) NOT-FOR-US: microsoft windows_xp CVE-2010-0481 (The kernel in Microsoft Windows Vista Gold, SP1, and SP2, Windows ...) NOT-FOR-US: microsoft windows_vista CVE-2010-0482 (The kernel in Microsoft Windows Server 2008 R2 and Windows 7 does not ...) NOT-FOR-US: microsoft windows_server_2008 CVE-2010-0483 (vbscript.dll in VBScript 5.1, 5.6, 5.7, and 5.8 in Microsoft Windows ...) NOT-FOR-US: Microsoft Windows CVE-2010-0484 (The Windows kernel-mode drivers in win32k.sys in Microsoft Windows ...) NOT-FOR-US: microsoft windows_xp CVE-2010-0485 (The Windows kernel-mode drivers in win32k.sys in Microsoft Windows ...) NOT-FOR-US: microsoft windows_xp CVE-2010-0486 (The WinVerifyTrust function in Authenticode Signature Verification ...) NOT-FOR-US: microsoft windows_xp CVE-2010-0487 (The Authenticode Signature verification functionality in cabview.dll ...) NOT-FOR-US: microsoft windows_xp CVE-2010-0488 (Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 does not ...) NOT-FOR-US: microsoft windows_xp CVE-2010-0489 (Race condition in Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and ...) NOT-FOR-US: microsoft windows_xp CVE-2010-0490 (Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly ...) NOT-FOR-US: microsoft windows_xp CVE-2010-0491 (Use-after-free vulnerability in Microsoft Internet Explorer 5.01 SP4, ...) NOT-FOR-US: microsoft windows_xp CVE-2010-0492 (Use-after-free vulnerability in mstime.dll in Microsoft Internet ...) NOT-FOR-US: microsoft windows_xp CVE-2010-0493 RESERVED CVE-2010-0494 (Cross-domain vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, ...) NOT-FOR-US: microsoft windows_xp CVE-2010-0495 RESERVED CVE-2010-0496 (FreeBit ServersMan 3.1.5 on Apple iPhone OS 3.1.2, and iPhone OS for ...) NOT-FOR-US: freebit serversman CVE-2010-0497 (Disk Images in Apple Mac OS X before 10.6.3 does not provide the ...) NOT-FOR-US: apple mac_os_x_server CVE-2010-0498 (Directory Services in Apple Mac OS X before 10.6.3 does not properly ...) NOT-FOR-US: apple mac_os_x_server CVE-2010-0499 RESERVED CVE-2010-0500 (Event Monitor in Apple Mac OS X before 10.6.3 does not properly ...) NOT-FOR-US: apple mac_os_x_server CVE-2010-0501 (Directory traversal vulnerability in FTP Server in Apple Mac OS X ...) NOT-FOR-US: apple mac_os_x_server CVE-2010-0502 (iChat Server in Apple Mac OS X Server before 10.6.3, when group chat ...) NOT-FOR-US: apple mac_os_x_server CVE-2010-0503 (Use-after-free vulnerability in iChat Server in Apple Mac OS X Server ...) NOT-FOR-US: apple mac_os_x_server CVE-2010-0504 (Multiple stack-based buffer overflows in iChat Server in Apple Mac OS ...) NOT-FOR-US: apple mac_os_x_server CVE-2010-0505 (Heap-based buffer overflow in ImageIO in Apple Mac OS X before 10.6.3 ...) NOT-FOR-US: apple mac_os_x_server CVE-2010-0506 (Buffer overflow in Image RAW in Apple Mac OS X 10.5.8 allows remote ...) NOT-FOR-US: apple mac_os_x_server CVE-2010-0507 (Buffer overflow in Image RAW in Apple Mac OS X before 10.6.3 allows ...) NOT-FOR-US: apple mac_os_x_server CVE-2010-0508 (Mail in Apple Mac OS X before 10.6.3 does not disable the filter rules ...) NOT-FOR-US: apple mac_os_x_server CVE-2010-0509 (SFLServer in OS Services in Apple Mac OS X before 10.6.3 allows local ...) NOT-FOR-US: apple mac_os_x_server CVE-2010-0510 (Password Server in Apple Mac OS X Server before 10.6.3 does not ...) NOT-FOR-US: Apple Mac OS X Server CVE-2010-0511 (Podcast Producer in Apple Mac OS X 10.6 before 10.6.3 deletes the ...) NOT-FOR-US: Apple Mac OS X CVE-2010-0512 (The Accounts Preferences implementation in Apple Mac OS X 10.6 before ...) NOT-FOR-US: Apple Mac OS X CVE-2010-0513 (Stack-based buffer overflow in PS Normalizer in Apple Mac OS X before ...) NOT-FOR-US: PS Normalizer in Apple Mac OS X CVE-2010-0514 (Heap-based buffer overflow in QuickTime in Apple Mac OS X before ...) NOT-FOR-US: QuickTime in Apple Mac OS X CVE-2010-0515 (QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to ...) NOT-FOR-US: Apple Mac OS X CVE-2010-0516 (Heap-based buffer overflow in QuickTime in Apple Mac OS X before ...) NOT-FOR-US: QuickTime in Apple Mac OS X CVE-2010-0517 (Heap-based buffer overflow in QuickTime in Apple Mac OS X before ...) NOT-FOR-US: QuickTime in Apple Mac OS X CVE-2010-0518 (QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to ...) NOT-FOR-US: Apple Mac OS X CVE-2010-0519 (Integer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows ...) NOT-FOR-US: QuickTime in Apple Mac OS X CVE-2010-0520 (Heap-based buffer overflow in QuickTimeAuthoring.qtx in QuickTime in ...) NOT-FOR-US: QuickTime in Apple Mac OS X CVE-2010-0521 (Server Admin in Apple Mac OS X Server before 10.6.3 does not properly ...) NOT-FOR-US: Apple Mac OS X Server CVE-2010-0522 (Server Admin in Apple Mac OS X Server 10.5.8 does not properly ...) NOT-FOR-US: Apple Mac OS X Server CVE-2010-0523 (Wiki Server in Apple Mac OS X 10.5.8 does not restrict the file types ...) NOT-FOR-US: Apple Mac OS X CVE-2010-0524 (The default configuration of the FreeRADIUS server in Apple Mac OS X ...) NOT-FOR-US: Apple Mac OS X Server CVE-2010-0525 (Mail in Apple Mac OS X before 10.6.3 does not properly enforce the key ...) NOT-FOR-US: Apple Mac OS X CVE-2010-0526 (Heap-based buffer overflow in QuickTimeMPEG.qtx in QuickTime in Apple ...) NOT-FOR-US: QuickTime in Apple Mac OS X CVE-2010-0527 (Integer overflow in Apple QuickTime before 7.6.6 on Windows allows ...) NOT-FOR-US: apple quicktime CVE-2010-0528 (Apple QuickTime before 7.6.6 on Windows allows remote attackers to ...) NOT-FOR-US: apple quicktime CVE-2010-0529 (Heap-based buffer overflow in QuickTime.qts in Apple QuickTime before ...) NOT-FOR-US: apple quicktime CVE-2010-0530 RESERVED CVE-2010-0531 (Apple iTunes before 9.1 allows remote attackers to cause a denial of ...) NOT-FOR-US: apple itunes CVE-2010-0532 (Race condition in the installation package in Apple iTunes before 9.1 ...) NOT-FOR-US: apple itunes CVE-2010-0533 (Directory traversal vulnerability in AFP Server in Apple Mac OS X ...) NOT-FOR-US: apple mac_os_x_server CVE-2010-0534 (Wiki Server in Apple Mac OS X 10.6 before 10.6.3 does not enforce the ...) NOT-FOR-US: Apple Mac OS X CVE-2010-0535 (Dovecot in Apple Mac OS X 10.6 before 10.6.3, when Kerberos is ...) NOT-FOR-US: Apple Mac OS X CVE-2010-0536 (Apple QuickTime before 7.6.6 on Windows allows remote attackers to ...) NOT-FOR-US: apple quicktime CVE-2010-0537 (DesktopServices in Apple Mac OS X 10.6 before 10.6.3 does not properly ...) NOT-FOR-US: Apple Mac OS X CVE-2010-0538 (Apple Java for Mac OS X 10.5 before Update 7 and Java for Mac OS X ...) NOT-FOR-US: apple java CVE-2010-0539 (Integer signedness error in the window drawing implementation in Apple ...) NOT-FOR-US: apple java_1 6 CVE-2010-0540 (Cross-site request forgery (CSRF) vulnerability in the web interface ...) BUG: 325551 CVE-2010-0541 (Cross-site scripting (XSS) vulnerability in the WEBrick HTTP server in ...) NOT-FOR-US: apple mac_os_x_server CVE-2010-0542 (The _WriteProlog function in texttops.c in texttops in the Text Filter ...) BUG: 325551 CVE-2010-0543 (ImageIO in Apple Mac OS X 10.5.8, and 10.6 before 10.6.2, allows ...) NOT-FOR-US: apple mac_os_x_server CVE-2010-0544 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...) TODO: check CVE-2010-0545 (The Finder in DesktopServices in Apple Mac OS X 10.5.8, and 10.6 ...) NOT-FOR-US: apple mac_os_x_server CVE-2010-0546 (Folder Manager in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, ...) NOT-FOR-US: apple mac_os_x_server CVE-2010-0547 (client/mount.cifs.c in mount.cifs in smbfs in Samba 3.4.5 and earlier ...) BUG: 308067 CVE-2010-0548 (Multiple unspecified vulnerabilities in the Network Controller and Web ...) NOT-FOR-US: xerox workcentre_5687 CVE-2010-0549 (Unspecified vulnerability in the Network Controller in Xerox ...) NOT-FOR-US: xerox workcentre_6400_system_software CVE-2010-0550 (admin.htm in Geo++ GNCASTER 1.4.0.7 and earlier does not properly ...) NOT-FOR-US: geopp geo _gncaster CVE-2010-0551 (HTTP authentication implementation in Geo++ GNCASTER 1.4.0.7 and ...) NOT-FOR-US: geopp geo _gncaster CVE-2010-0552 (Geo++ GNCASTER 1.4.0.7 and earlier allows remote attackers to cause a ...) NOT-FOR-US: geopp geo _gncaster CVE-2010-0553 (Geo++ GNCASTER 1.4.0.7 and earlier allows remote authenticated users ...) NOT-FOR-US: geopp geo _gncaster CVE-2010-0554 (The HTTP Authentication implementation in Geo++ GNCASTER 1.4.0.7 and ...) NOT-FOR-US: geopp geo _gncaster CVE-2010-0555 (Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not ...) NOT-FOR-US: microsoft windows_xp CVE-2010-0556 (browser/login/login_prompt.cc in Google Chrome before 4.0.249.89 ...) TODO: check CVE-2010-0557 (IBM Cognos Express 9.0 allows attackers to obtain unspecified access ...) NOT-FOR-US: ibm cognos_express CVE-2010-0558 (The default configuration of Oracle OpenSolaris snv_77 through snv_131 ...) NOT-FOR-US: sun opensolaris CVE-2010-0559 (The default configuration of Oracle OpenSolaris snv_91 through snv_131 ...) NOT-FOR-US: sun opensolaris CVE-2010-0560 (Unspecified vulnerability in the BIOS in Intel Desktop Board DB, DG, ...) NOT-FOR-US: intel_desktop_board CVE-2010-0561 (Integer signedness error in NetBSD 4.0, 5.0, and NetBSD-current before ...) NOT-FOR-US: netbsd CVE-2010-0562 (The sdump function in sdump.c in fetchmail 6.3.11, 6.3.12, and 6.3.13, ...) BUG: 307761 CVE-2010-0563 (The Single Sign-on (SSO) functionality in IBM WebSphere Application ...) NOT-FOR-US: ibm websphere_application_server CVE-2010-0564 (Buffer overflow in Trend Micro URL Filtering Engine (TMUFE) in ...) NOT-FOR-US: trendmicro officescan CVE-2010-0565 (Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security ...) NOT-FOR-US: cisco pix_500 CVE-2010-0566 (Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security ...) NOT-FOR-US: cisco pix_500 CVE-2010-0567 (Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security ...) NOT-FOR-US: cisco pix_500 CVE-2010-0568 (Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security ...) NOT-FOR-US: cisco pix_500 CVE-2010-0569 (Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security ...) NOT-FOR-US: cisco pix_500 CVE-2010-0570 (Cisco Digital Media Manager (DMM) 5.0.x and 5.1.x has a default ...) NOT-FOR-US: Cisco CVE-2010-0571 (Unspecified vulnerability in Cisco Digital Media Manager (DMM) 5.0.x ...) NOT-FOR-US: Cisco Digital Media Manager DMM CVE-2010-0572 (Cisco Digital Media Manager (DMM) before 5.2 allows remote ...) NOT-FOR-US: Cisco CVE-2010-0573 (Unspecified vulnerability on the Cisco Digital Media Player before 5.2 ...) NOT-FOR-US: Unspecified CVE-2010-0574 (Unspecified vulnerability in Cisco Wireless LAN Controller (WLC) ...) NOT-FOR-US: cisco wireless_lan_controller_software CVE-2010-0575 (Cisco Wireless LAN Controller (WLC) software, possibly 6.0.x or ...) NOT-FOR-US: cisco wireless_lan_controller_software CVE-2010-0576 (Unspecified vulnerability in Cisco IOS 12.0 through 12.4, IOS XE 2.1.x ...) NOT-FOR-US: cisco ios CVE-2010-0577 (Cisco IOS 12.2 through 12.4, when certain PMTUD, SNAT, or window-size ...) NOT-FOR-US: cisco ios CVE-2010-0578 (The IKE implementation in Cisco IOS 12.2 through 12.4 on Cisco 7200 ...) NOT-FOR-US: cisco ios CVE-2010-0579 (The SIP implementation in Cisco IOS 12.3 and 12.4 allows remote ...) NOT-FOR-US: cisco ios CVE-2010-0580 (Unspecified vulnerability in the SIP implementation in Cisco IOS 12.3 ...) NOT-FOR-US: cisco ios CVE-2010-0581 (Unspecified vulnerability in the SIP implementation in Cisco IOS 12.3 ...) NOT-FOR-US: cisco ios CVE-2010-0582 (Cisco IOS 12.1 through 12.4, and 15.0M before 15.0(1)M1, allows remote ...) NOT-FOR-US: cisco ios CVE-2010-0583 (Memory leak in the H.323 implementation in Cisco IOS 12.1 through ...) NOT-FOR-US: cisco ios CVE-2010-0584 (Unspecified vulnerability in Cisco IOS 12.4, when NAT SCCP ...) NOT-FOR-US: cisco ios CVE-2010-0585 (Cisco IOS 12.1 through 12.4, when Cisco Unified Communications Manager ...) NOT-FOR-US: cisco ios CVE-2010-0586 (Cisco IOS 12.1 through 12.4, when Cisco Unified Communications Manager ...) NOT-FOR-US: cisco ios CVE-2010-0587 (Cisco Unified Communications Manager (aka CUCM, formerly CallManager) ...) NOT-FOR-US: cisco unified_communications_manager CVE-2010-0588 (Cisco Unified Communications Manager (aka CUCM, formerly CallManager) ...) NOT-FOR-US: cisco unified_communications_manager CVE-2010-0589 (The Web Install ActiveX control (CSDWebInstaller) in Cisco Secure ...) NOT-FOR-US: cisco secure_desktop CVE-2010-0590 (The CMSIPUtility component in Cisco Unified Communications Manager ...) NOT-FOR-US: cisco unified_communications_manager CVE-2010-0591 (Cisco Unified Communications Manager (aka CUCM, formerly CallManager) ...) NOT-FOR-US: cisco unified_communications_manager CVE-2010-0592 (The CTI Manager service in Cisco Unified Communications Manager (aka ...) NOT-FOR-US: cisco unified_communications_manager CVE-2010-0593 (The Cisco RVS4000 4-port Gigabit Security Router before 1.3.2.0, ...) NOT-FOR-US: Cisco CVE-2010-0594 (Cross-site scripting (XSS) vulnerability in Cisco Router and Security ...) NOT-FOR-US: cisco router_and_security_device_manager CVE-2010-0595 (Cisco Mediator Framework 1.5.1 before 1.5.1.build.14-eng, 2.2 before ...) NOT-FOR-US: cisco mediator_framework CVE-2010-0596 (Unspecified vulnerability in Cisco Mediator Framework 2.2 before ...) NOT-FOR-US: cisco mediator_framework CVE-2010-0597 (Unspecified vulnerability in Cisco Mediator Framework 1.5.1 before ...) NOT-FOR-US: cisco mediator_framework CVE-2010-0598 (Cisco Mediator Framework 1.5.1 before 1.5.1.build.14-eng, 2.2 before ...) NOT-FOR-US: cisco mediator_framework CVE-2010-0599 (Cisco Mediator Framework 1.5.1 before 1.5.1.build.14-eng, 2.2 before ...) NOT-FOR-US: cisco mediator_framework CVE-2010-0600 (Cisco Mediator Framework 1.5.1 before 1.5.1.build.14-eng, 2.2 before ...) NOT-FOR-US: cisco mediator_framework CVE-2010-0601 (The MGCP implementation on the Cisco PGW 2200 Softswitch with software ...) NOT-FOR-US: cisco pgw_2200_softswitch CVE-2010-0602 (The SIP implementation on the Cisco PGW 2200 Softswitch with software ...) NOT-FOR-US: cisco pgw_2200_softswitch CVE-2010-0603 (The SIP implementation on the Cisco PGW 2200 Softswitch with software ...) NOT-FOR-US: cisco pgw_2200_softswitch CVE-2010-0604 (Unspecified vulnerability in the SIP implementation on the Cisco PGW ...) NOT-FOR-US: cisco pgw_2200_softswitch CVE-2010-0605 (SQL injection vulnerability in scp/ajax.php in osTicket before 1.6.0 ...) NOT-FOR-US: osticket CVE-2010-0606 (Cross-site scripting (XSS) vulnerability in scp/ajax.php in osTicket ...) NOT-FOR-US: osticket CVE-2010-0607 (Cross-site scripting (XSS) vulnerability in Forms/status_statistics_1 ...) NOT-FOR-US: sterlitetechnologies sam300_ax_router CVE-2010-0608 (SQL injection vulnerability in index.php in NovaBoard 1.1.2 allows ...) NOT-FOR-US: novaboard CVE-2010-0609 (SQL injection vulnerability in header.php in NovaBoard 1.1.2 allows ...) NOT-FOR-US: novaboard CVE-2010-0610 (Multiple SQL injection vulnerabilities in the Photoblog ...) NOT-FOR-US: webguerilla com_photoblog CVE-2010-0611 (Multiple SQL injection vulnerabilities in adminlogin.php in Baal ...) NOT-FOR-US: baalsystems baal_systems CVE-2010-0612 (Unspecified vulnerability in DocumentManager before 4.0 has unknown ...) NOT-FOR-US: dmanager documentmanager CVE-2010-0613 (Directory traversal vulnerability in viewfile.php in ARWScripts Fonts ...) NOT-FOR-US: arwscripts fonts_script CVE-2010-0614 (SQL injection vulnerability in ajax.php in evalSMSI 2.1.03 allows ...) NOT-FOR-US: myshell evalsmsi CVE-2010-0615 (Cross-site scripting (XSS) vulnerability in assess.php in evalSMSI ...) NOT-FOR-US: myshell evalsmsi CVE-2010-0616 (evalSMSI 2.1.03 stores passwords in cleartext in the database, which ...) NOT-FOR-US: myshell evalsmsi CVE-2010-0617 (Cross-site scripting (XSS) vulnerability in ajax.php in evalSMSI ...) NOT-FOR-US: myshell evalsmsi CVE-2010-0618 (The flood-protection feature in the base, IPDS DLE, Forms DLE, Barcode ...) NOT-FOR-US: lexmark z2420 CVE-2010-0619 (Stack-based buffer overflow in the base, IPDS DLE, Forms DLE, Barcode ...) NOT-FOR-US: lexmark x94x CVE-2010-0620 (Directory traversal vulnerability in the SSL Service in EMC HomeBase ...) NOT-FOR-US: emc homebase_server CVE-2010-0621 RESERVED CVE-2010-0622 (The wake_futex_pi function in kernel/futex.c in the Linux kernel ...) BUG: 307449 CVE-2010-0623 (The futex_lock_pi function in kernel/futex.c in the Linux kernel ...) BUG: 307451 CVE-2010-0624 (Heap-based buffer overflow in the rmt_read__ function in ...) BUG: 313333 CVE-2010-0625 (Stack-based buffer overflow in NWFTPD.nlm before 5.10.01 in the FTP ...) NOT-FOR-US: novell netware CVE-2010-0626 RESERVED CVE-2010-0627 RESERVED CVE-2010-0628 (The spnego_gss_accept_sec_context function in ...) BUG: 312481 CVE-2010-0629 (Use-after-free vulnerability in kadmin/server/server_stubs.c in ...) BUG: 321935 CVE-2010-0630 (SQL injection vulnerability in viewjokes.php in Evernew Free Joke ...) NOT-FOR-US: evernewscripts free_joke_script CVE-2010-0631 (Multiple SQL injection vulnerabilities in index.php in Eicra Car ...) NOT-FOR-US: eicrasoft eicra_car_rental script CVE-2010-0632 (SQL injection vulnerability in the Parkview Consultants SimpleFAQ ...) NOT-FOR-US: parkviewconsultants com_simplefaq CVE-2010-0633 (Unspecified vulnerability in Citrix XenServer 5.0 Update 3 and ...) NOT-FOR-US: citrix xenserver CVE-2010-0634 (Unspecified vulnerability in Fast Lexical Analyzer Generator (flex) ...) NOT-FOR-US: Obsolete CVE-2010-0635 (SQL injection vulnerability in the plgSearchEventsearch::onSearch ...) NOT-FOR-US: jevents_search_plugin CVE-2010-0636 (Multiple cross-site scripting (XSS) vulnerabilities in WebCalendar ...) NOT-FOR-US: k5n webcalendar CVE-2010-0637 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...) NOT-FOR-US: k5n webcalendar CVE-2010-0638 (Cross-site request forgery (CSRF) vulnerability in WebCalendar 1.2.0 ...) NOT-FOR-US: k5n webcalendar CVE-2010-0639 (The htcpHandleTstRequest function in htcp.c in Squid 2.x before ...) BUG: 301828 CVE-2010-0640 (Cross-site scripting (XSS) vulnerability in CA eHealth Performance ...) NOT-FOR-US: ca ehealth_performance_manager CVE-2010-0641 (Cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: cisco collaboration_server CVE-2010-0642 (Cisco Collaboration Server (CCS) 5 allows remote attackers to read the ...) NOT-FOR-US: cisco collaboration_server CVE-2010-0643 (Google Chrome before 4.0.249.89 attempts to make direct connections to ...) TODO: check CVE-2010-0644 (Google Chrome before 4.0.249.89, when a SOCKS 5 proxy server is ...) TODO: check CVE-2010-0645 (Multiple integer overflows in factory.cc in Google V8 before r3560, as ...) TODO: check CVE-2010-0646 (Multiple integer signedness errors in factory.cc in Google V8 before ...) TODO: check CVE-2010-0647 (WebKit before r53525, as used in Google Chrome before 4.0.249.89, ...) TODO: check CVE-2010-0648 (Mozilla Firefox, possibly before 3.6, allows remote attackers to ...) TODO: check CVE-2010-0649 (Integer overflow in the CrossCallParamsEx::CreateFromBuffer function ...) TODO: check CVE-2010-0650 (WebKit, as used in Google Chrome before 4.0.249.78 and Apple Safari, ...) TODO: check CVE-2010-0651 (WebKit before r52784, as used in Google Chrome before 4.0.249.78 and ...) TODO: check CVE-2010-0652 (Microsoft Internet Explorer permits cross-origin loading of CSS ...) NOT-FOR-US: microsoft internet_explorer CVE-2010-0653 (Opera before 10.10 permits cross-origin loading of CSS stylesheets ...) BUG: 308069 CVE-2010-0654 (Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, ...) TODO: check CVE-2010-0655 (Use-after-free vulnerability in Google Chrome before 4.0.249.78 allows ...) TODO: check CVE-2010-0656 (WebKit before r51295, as used in Google Chrome before 4.0.249.78, ...) TODO: check CVE-2010-0657 (Google Chrome before 4.0.249.78 on Windows does not perform the ...) NOT-FOR-US: google chrome CVE-2010-0658 (Multiple integer overflows in Skia, as used in Google Chrome before ...) NOT-FOR-US: google chrome CVE-2010-0659 (The image decoder in WebKit before r52833, as used in Google Chrome ...) TODO: check CVE-2010-0660 (Google Chrome before 4.0.249.78 sends an https URL in the Referer ...) TODO: check CVE-2010-0661 (WebCore/bindings/v8/custom/V8DOMWindowCustom.cpp in WebKit before ...) TODO: check CVE-2010-0662 (The ParamTraits<SkBitmap>::Read function in ...) NOT-FOR-US: google chrome CVE-2010-0663 (The ParamTraits<SkBitmap>::Read function in ...) NOT-FOR-US: google chrome CVE-2010-0664 (Stack consumption vulnerability in the ...) NOT-FOR-US: google chrome CVE-2010-0665 (JAG (Just Another Guestbook) 1.14 stores sensitive information under ...) NOT-FOR-US: xs4all jag CVE-2010-0666 (Unspecified vulnerability in eMBox in Novell eDirectory 8.8 SP5 Patch ...) NOT-FOR-US: novell edirectory CVE-2010-0667 (MoinMoin 1.9 before 1.9.1 does not perform the expected clearing of ...) BUG: 305663 CVE-2010-0668 (Unspecified vulnerability in MoinMoin 1.5.x through 1.7.x, 1.8.x ...) BUG: 305663 CVE-2010-0669 (MoinMoin before 1.8.7 and 1.9.x before 1.9.2 does not properly ...) BUG: 305663 CVE-2010-0670 (Unspecified vulnerability in the IP-Tech JQuarks (com_jquarks) ...) NOT-FOR-US: iptechinside com_jquarks CVE-2010-0671 (SQL injection vulnerability in index.php in KR MEDIA Pogodny CMS ...) NOT-FOR-US: michalin kr_media_pogodny_cms CVE-2010-0672 (SQL injection vulnerability in index.php in WSN Guest 1.02 allows ...) NOT-FOR-US: webmastersite wsn_guest CVE-2010-0673 (SQL injection vulnerability in cplphoto.php in the Copperleaf Photolog ...) NOT-FOR-US: copperleaf photolog CVE-2010-0674 (StatCounteX 3.1 stores sensitive information under the web root with ...) NOT-FOR-US: 2enetworx statcountex CVE-2010-0675 (Cross-site scripting (XSS) vulnerability in index.php in BGSvetionik ...) NOT-FOR-US: bgsvetionik bgs_cms CVE-2010-0676 (Directory traversal vulnerability in index.php in the RWCards ...) NOT-FOR-US: weberr com_rwcards CVE-2010-0677 (SQL injection vulnerability in index.php in Katalog Stron Hurricane ...) NOT-FOR-US: katalog hurricane katalog_stron_hurricane CVE-2010-0678 (PHP remote file inclusion vulnerability in includes/moderation.php in ...) NOT-FOR-US: katalog hurricane katalog_stron_hurricane CVE-2010-0679 (Multiple stack-based buffer overflows in the HyleosChemView.HLChemView ...) NOT-FOR-US: hyleos chemview CVE-2010-0680 (Directory traversal vulnerability in index.php in ZeusCMS 0.2 allows ...) NOT-FOR-US: zeuscms CVE-2010-0681 (ZeusCMS 0.2 stores sensitive information under the web root with ...) NOT-FOR-US: zeuscms CVE-2010-0682 (WordPress 2.9 before 2.9.2 allows remote authenticated users to read ...) BUG: 307003 CVE-2010-0683 (Unspecified vulnerability in TIBRepoServer5.jar in TIBCO Administrator ...) NOT-FOR-US: tibco administrator CVE-2010-0684 (Cross-site scripting (XSS) vulnerability in createDestination.action ...) NOT-FOR-US: apache activemq CVE-2010-0685 (The design of the dialplan functionality in Asterisk Open Source ...) BUG: 308061 CVE-2010-0686 (WebAccess in VMware VirtualCenter 2.0.2 and 2.5, VMware Server 2.0, ...) BUG: 294215 CVE-2010-0687 RESERVED CVE-2010-0688 (Stack-based buffer overflow in Orbital Viewer 1.04 allows ...) NOT-FOR-US: orbitals orbital_viewer CVE-2010-0689 (The ExecuteExe method in the DVBSExeCall Control ActiveX control ...) NOT-FOR-US: datev base_system CVE-2010-0690 (SQL injection vulnerability in index.php in CommodityRentals Video ...) NOT-FOR-US: commodityrentals video_games_rentals CVE-2010-0691 (SQL injection vulnerability in druckansicht.php in JTL-Shop 2 allows ...) NOT-FOR-US: jtl software jtl shop CVE-2010-0692 (SQL injection vulnerability in the IP-Tech JQuarks (com_jquarks) ...) NOT-FOR-US: iptechinside com_jquarks CVE-2010-0693 (SQL injection vulnerability in products.php in CommodityRentals Trade ...) NOT-FOR-US: commodityrentals trade_manager_script CVE-2010-0694 (SQL injection vulnerability in the PerchaGallery (com_perchagallery) ...) NOT-FOR-US: com_perchagallery CVE-2010-0695 (Cross-site scripting (XSS) vulnerability in pages/index.php in ...) NOT-FOR-US: basic cms CVE-2010-0696 (Directory traversal vulnerability in includes/download.php in the ...) NOT-FOR-US: joomlaworks jw_allvideos CVE-2010-0697 (Cross-site scripting (XSS) vulnerability in the iTweak Upload module ...) NOT-FOR-US: ilya_ivanchenko itweak_upload CVE-2010-0698 (SQL injection vulnerability in backoffice/login.asp in Dynamicsoft WSC ...) NOT-FOR-US: dynamicsoft wsc_cms CVE-2010-0699 (Cross-site scripting (XSS) vulnerability in index.php in ...) NOT-FOR-US: videosearchscript_pro CVE-2010-0700 (Cross-site scripting (XSS) vulnerability in index.php in WampServer ...) NOT-FOR-US: wampserver CVE-2010-0701 (SQL injection vulnerability in ForceChangePassword.jsp in Newgen ...) NOT-FOR-US: newgensoft omnidocs CVE-2010-0702 (SQL injection vulnerability in cisco/services/PhonecDirectory.php in ...) NOT-FOR-US: fonality trixbox CVE-2010-0703 (Cross-site scripting (XSS) vulnerability in wa/auth in PortWise SSL ...) NOT-FOR-US: portwise ssl_vpn CVE-2010-0704 (Cross-site scripting (XSS) vulnerability in the Portlet Palette in IBM ...) NOT-FOR-US: ibm websphere_portal CVE-2010-0705 (Aavmker4.sys in avast! 4.8 through 4.8.1368.0 and 5.0 before 5.0.418.0 ...) NOT-FOR-US: avast_antivirus_professional CVE-2010-0706 (Cross-site scripting (XSS) vulnerability in the login/prompt component ...) NOT-FOR-US: subexworld nikira_fraud_management_system CVE-2010-0707 (Cross-site request forgery (CSRF) vulnerability in add_user.php in ...) NOT-FOR-US: timeclock software employee_timeclock_software CVE-2010-0708 (Multiple unspecified vulnerabilities in (1) ns-slapd and (2) slapd.exe ...) NOT-FOR-US: sun java_system_directory_server CVE-2010-0709 (Multiple cross-site request forgery (CSRF) vulnerabilities in Limny ...) NOT-FOR-US: limny CVE-2010-0710 (SQL injection vulnerability in default.asp in ASPCode CMS 1.5.8, 2.0.0 ...) NOT-FOR-US: aspcodecms aspcode_cms CVE-2010-0711 (Cross-site request forgery (CSRF) vulnerability in default.asp in ...) NOT-FOR-US: aspcodecms aspcode_cms CVE-2010-0712 (Multiple SQL injection vulnerabilities in ...) NOT-FOR-US: zenoss CVE-2010-0713 (Multiple cross-site request forgery (CSRF) vulnerabilities in Zenoss ...) NOT-FOR-US: zenoss CVE-2010-0714 (Cross-site scripting (XSS) vulnerability in login.jsp in IBM WebSphere ...) NOT-FOR-US: ibm websphere_portal CVE-2010-0715 (Open redirect vulnerability in login.jsp in IBM WebSphere Portal, IBM ...) NOT-FOR-US: ibm websphere_portal CVE-2010-0716 (_layouts/Upload.aspx in the Documents module in Microsoft SharePoint ...) NOT-FOR-US: microsoft sharepoint_server CVE-2010-0717 (The default configuration of cfg.packagepages_actions_excluded in ...) BUG: 305663 CVE-2010-0718 (Buffer overflow in Microsoft Windows Media Player 9 and 11.0.5721.5145 ...) NOT-FOR-US: microsoft windows_media_player CVE-2010-0719 (An unspecified API in Microsoft Windows 2000, Windows XP, Windows ...) NOT-FOR-US: microsoft windows_xp CVE-2010-0720 (SQL injection vulnerability in news.php in Erotik Auktionshaus allows ...) NOT-FOR-US: systemsoftware mobi erotik_auktionshaus CVE-2010-0721 (SQL injection vulnerability in news.php in Auktionshaus Gelb 3.0 ...) NOT-FOR-US: systemsoftware mobi auktionshaus_gelb CVE-2010-0722 (SQL injection vulnerability in news.php in Php Auktion Pro allows ...) NOT-FOR-US: mhproducts php_auktion_pro CVE-2010-0723 (SQL injection vulnerability in news.php in Ero Auktion 2.0 and 2010 ...) NOT-FOR-US: mhproducts ero_auktion CVE-2010-0724 (SQL injection vulnerability in showimg.php in Arab Cart 1.0.2.0 allows ...) NOT-FOR-US: mhd_zaher_ghaibeh arab_cart CVE-2010-0725 (Cross-site scripting (XSS) vulnerability in showimg.php in Arab Cart ...) NOT-FOR-US: mhd_zaher_ghaibeh arab_cart CVE-2010-0726 (Cross-site scripting (XSS) vulnerability in the tb-send.rb (TrackBack ...) NOT-FOR-US: tdiary CVE-2010-0727 (The gfs2_lock function in the Linux kernel before ...) NOT-FOR-US: redhat enterprise_linux CVE-2010-0728 (smbd in Samba 3.3.11, 3.4.6, and 3.5.0, when libcap support is ...) BUG: 310105 CVE-2010-0729 (A certain Red Hat patch for the Linux kernel in Red Hat Enterprise ...) NOT-FOR-US: redhat enterprise_linux CVE-2010-0730 (The MMIO instruction decoder in the Xen hypervisor in the Linux kernel ...) TODO: check CVE-2010-0731 (The gnutls_x509_crt_get_serial function in the GnuTLS library before ...) NOT-FOR-US: Obsolete CVE-2010-0732 (gdk/gdkwindow.c in GTK+ before 2.18.5, as used in gnome-screensaver ...) BUG: 316697 CVE-2010-0733 (Integer overflow in src/backend/executor/nodeHash.c in PostgreSQL ...) BUG: 313335 CVE-2010-0734 (content_encoding.c in libcurl 7.10.5 through 7.19.7, when zlib is ...) BUG: 308645 CVE-2010-0735 REJECTED CVE-2010-0736 (Cross-site scripting (XSS) vulnerability in the view_queryform ...) BUG: 309195 CVE-2010-0737 RESERVED CVE-2010-0738 (The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise ...) NOT-FOR-US: redhat jboss_enterprise_application_platform CVE-2010-0739 (Integer overflow in the predospecial function in dospecial.c in dvips ...) BUG: 324019 CVE-2010-0740 (The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through ...) BUG: 308011 CVE-2010-0741 (The virtio_net_bad_features function in hw/virtio-net.c in the ...) BUG: 332035 CVE-2010-0742 (The Cryptographic Message Syntax (CMS) implementation in ...) BUG: 322575 CVE-2010-0743 (Multiple format string vulnerabilities in isns.c in (1) Linux SCSI ...) BUG: 314187 CVE-2010-0744 (aMSN (aka Alvaro's Messenger) 0.98.3 and earlier, when SSL is used, ...) NOT-FOR-US: alvaros_messenger CVE-2010-0745 (Unspecified vulnerability in Dovecot 1.2.x before 1.2.11 allows remote ...) BUG: 314533 CVE-2010-0746 RESERVED CVE-2010-0747 RESERVED CVE-2010-0748 RESERVED CVE-2010-0749 RESERVED CVE-2010-0750 (pkexec.c in pkexec in libpolkit in PolicyKit 0.96 allows local users ...) BUG: 314535 CVE-2010-0751 (The ip_evictor function in ip_fragment.c in libnids 1.24, as used in ...) BUG: 312637 CVE-2010-0752 (The week_post_page function in the Weekly Archive by Node Type module ...) NOT-FOR-US: earl_dunovant week CVE-2010-0753 (SQL injection vulnerability in the SQL Reports (com_sqlreport) ...) NOT-FOR-US: componentslab com_sqlreport CVE-2010-0754 (Cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: wikyblog CVE-2010-0755 (PHP remote file inclusion vulnerability in include/WBmap.php in ...) NOT-FOR-US: wikyblog CVE-2010-0756 (Session fixation vulnerability in WikyBlog 1.7.3 rc2 allows remote ...) NOT-FOR-US: wikyblog CVE-2010-0757 (Unrestricted file upload vulnerability in index.php/Attach in WikyBlog ...) NOT-FOR-US: WikyBlog CVE-2010-0758 (SQL injection vulnerability in news_desc.php in Softbiz Jobs allows ...) NOT-FOR-US: softbizscripts softbiz_jobs_and_recruitment_script CVE-2010-0759 (Directory traversal vulnerability in ...) NOT-FOR-US: greatjoomla scriptegrator_plugin CVE-2010-0760 (Multiple directory traversal vulnerabilities in the Core Design ...) NOT-FOR-US: greatjoomla scriptegrator_plugin CVE-2010-0761 (SQL injection vulnerability in index.php in CommodityRentals ...) NOT-FOR-US: commodityrentals books ebooks_rentals_script CVE-2010-0762 (SQL injection vulnerability in index.php in CommodityRentals CD Rental ...) NOT-FOR-US: commodityrentals cd_rental_software CVE-2010-0763 (SQL injection vulnerability in index.php in CommodityRentals Vacation ...) NOT-FOR-US: commodityrentals vacation_rental_software CVE-2010-0764 (SQL injection vulnerability in index.php in KuwaitPHP eSmile allows ...) NOT-FOR-US: kuwaitphp esmile CVE-2010-0765 (fipsForum 2.6 stores sensitive information under the web root with ...) NOT-FOR-US: fipsasp fipsforum CVE-2010-0766 (Integer overflow in the Swap4 function in valet4.dll in Luxology Modo ...) NOT-FOR-US: Luxology Modo CVE-2010-0767 RESERVED CVE-2010-0768 (Cross-site scripting (XSS) vulnerability in the Administration Console ...) NOT-FOR-US: Administration Console in IBM WebSphere Application Server WAS CVE-2010-0769 (IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before ...) NOT-FOR-US: resources xml CVE-2010-0770 (IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before ...) NOT-FOR-US: IBM CVE-2010-0771 RESERVED CVE-2010-0772 (Unspecified vulnerability in the channel process in IBM WebSphere MQ ...) NOT-FOR-US: ibm websphere_mq CVE-2010-0773 RESERVED CVE-2010-0774 (The (1) JAX-RPC WS-Security 1.0 and (2) JAX-WS runtime implementations ...) NOT-FOR-US: ibm websphere_application_server CVE-2010-0775 (Unspecified vulnerability in IBM WebSphere Application Server (WAS) ...) NOT-FOR-US: ibm websphere_application_server CVE-2010-0776 (The Web Container in IBM WebSphere Application Server (WAS) 6.0 before ...) NOT-FOR-US: ibm websphere_application_server CVE-2010-0777 (The Web Container in IBM WebSphere Application Server (WAS) 6.0 before ...) NOT-FOR-US: ibm websphere_application_server CVE-2010-0778 (Cross-site scripting (XSS) vulnerability in the Administration Console ...) NOT-FOR-US: ibm websphere_application_server CVE-2010-0779 (Cross-site scripting (XSS) vulnerability in the Administration Console ...) NOT-FOR-US: ibm websphere_application_server CVE-2010-0780 RESERVED CVE-2010-0781 (Unspecified vulnerability in the administrative console in IBM ...) NOT-FOR-US: ibm websphere_application_server CVE-2010-0782 (IBM WebSphere MQ 6.x before 6.0.2.10 and 7.x before 7.0.1.3 allows ...) TODO: check CVE-2010-0783 (Cross-site scripting (XSS) vulnerability in the Administrative Console ...) TODO: check CVE-2010-0784 (Cross-site scripting (XSS) vulnerability in the Administrative Console ...) TODO: check CVE-2010-0785 (Cross-site request forgery (CSRF) vulnerability in the Administrative ...) TODO: check CVE-2010-0786 (The Web Services Security component in IBM WebSphere Application ...) TODO: check CVE-2010-0787 (client/mount.cifs.c in mount.cifs in smbfs in Samba 3.0.22, 3.0.28a, ...) BUG: 308067 CVE-2010-0788 (ncpfs 2.2.6 allows local users to cause a denial of service, obtain ...) BUG: 308071 CVE-2010-0789 (fusermount in FUSE before 2.7.5, and 2.8.x before 2.8.2, allows local ...) BUG: 308073 CVE-2010-0790 (sutil/ncpumount.c in ncpumount in ncpfs 2.2.6 produces certain ...) BUG: 308071 CVE-2010-0791 (The (1) ncpmount, (2) ncpumount, and (3) ncplogin programs in ncpfs ...) BUG: 308071 CVE-2010-0792 (fcrontab in fcron before 3.0.5 allows local users to read arbitrary ...) BUG: 308075 CVE-2010-0793 (Buffer overflow in BarnOwl before 1.5.1 allows remote attackers to ...) NOT-FOR-US: barnowl CVE-2010-0794 RESERVED CVE-2010-0795 (SQL injection vulnerability in the JE Event Calendars ...) NOT-FOR-US: harmistechnology com_jeeventcalendar CVE-2010-0796 (SQL injection vulnerability in the JE Quiz (com_jequizmanagement) ...) NOT-FOR-US: harmistechnology com_jeeventcalendar CVE-2010-0797 (Cross-site scripting (XSS) vulnerability in the T3BLOG extension 0.6.2 ...) NOT-FOR-US: snowflake t3blog CVE-2010-0798 (SQL injection vulnerability in the T3BLOG extension 0.6.2 and earlier ...) NOT-FOR-US: snowflake t3blog CVE-2010-0799 (Directory traversal vulnerability in misc/tell_a_friend/tell.php in ...) NOT-FOR-US: perlunity phpunity newsmanager CVE-2010-0800 (SQL injection vulnerability in the Ossolution Team Documents Seller ...) NOT-FOR-US: joomservices com_dms CVE-2010-0801 (Directory traversal vulnerability in the AutartiTarot ...) NOT-FOR-US: autartica com_autartitarot CVE-2010-0802 (SQL injection vulnerability in index.php in (nv2) Awards 1.1.0, a ...) NOT-FOR-US: aleinbeen nv2 _awards CVE-2010-0803 (SQL injection vulnerability in the jVideoDirect (com_jvideodirect) ...) NOT-FOR-US: com_jvideodirect CVE-2010-0804 (Cross-site scripting (XSS) vulnerability in index.php in iBoutique 4.0 ...) NOT-FOR-US: netartmedia iboutique CVE-2010-0805 (The Tabular Data Control (TDC) ActiveX control in Microsoft Internet ...) NOT-FOR-US: microsoft windows_xp CVE-2010-0806 (Use-after-free vulnerability in the Peer Objects component (aka ...) NOT-FOR-US: microsoft windows_xp CVE-2010-0807 (Microsoft Internet Explorer 7 does not properly handle objects in ...) NOT-FOR-US: microsoft windows_xp CVE-2010-0808 (Microsoft Internet Explorer 6 and 7 on Windows XP and Vista does not ...) NOT-FOR-US: microsoft ie CVE-2010-0809 RESERVED CVE-2010-0810 (The kernel in Microsoft Windows Vista Gold, SP1, and SP2, and Windows ...) NOT-FOR-US: microsoft windows_vista CVE-2010-0811 (Unspecified vulnerability in the Microsoft Internet Explorer 8 ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2010-0812 (Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, ...) NOT-FOR-US: microsoft windows_xp CVE-2010-0813 RESERVED CVE-2010-0814 (The Microsoft Access Wizard Controls in ACCWIZ.dll in Microsoft Office ...) NOT-FOR-US: microsoft access CVE-2010-0815 (VBE6.DLL in Microsoft Office XP SP3, Office 2003 SP3, 2007 Microsoft ...) NOT-FOR-US: microsoft visual_basic_sdk CVE-2010-0816 (Integer overflow in inetcomm.dll in Microsoft Outlook Express 5.5 SP2, ...) NOT-FOR-US: microsoft windows_mail CVE-2010-0817 (Cross-site scripting (XSS) vulnerability in _layouts/help.aspx in ...) NOT-FOR-US: microsoft sharepoint_server CVE-2010-0818 (The MPEG-4 codec in the Windows Media codecs in Microsoft Windows XP ...) NOT-FOR-US: microsoft windows_xp CVE-2010-0819 (Unspecified vulnerability in the Windows OpenType Compact Font Format ...) NOT-FOR-US: microsoft windows_xp CVE-2010-0820 (Heap-based buffer overflow in the Local Security Authority Subsystem ...) NOT-FOR-US: microsoft windows_xp CVE-2010-0821 (Unspecified vulnerability in Microsoft Office Excel 2002 SP3, 2003 ...) NOT-FOR-US: Microsoft Office Excel CVE-2010-0822 (Stack-based buffer overflow in Microsoft Office Excel 2002 SP3, Office ...) NOT-FOR-US: Microsoft Office CVE-2010-0823 (Unspecified vulnerability in Microsoft Office Excel 2002 SP3, 2003 ...) NOT-FOR-US: Microsoft Office Excel CVE-2010-0824 (Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and ...) NOT-FOR-US: Microsoft Office Excel CVE-2010-0825 (lib-src/movemail.c in movemail in emacs 22 and 23 allows local users ...) BUG: 325553 CVE-2010-0826 (The Free Software Foundation (FSF) Berkeley DB NSS module (aka ...) BUG: 324017 CVE-2010-0827 (Integer overflow in dvips in TeX Live 2009 and earlier, and teTeX, ...) BUG: 324019 CVE-2010-0828 (Cross-site scripting (XSS) vulnerability in action/Despam.py in the ...) BUG: 305663 CVE-2010-0829 (Multiple array index errors in set.c in dvipng 1.11 and 1.12, and ...) BUG: 320961 CVE-2010-0830 (Integer signedness error in the elf_get_dynamic_info function in ...) BUG: 325555 CVE-2010-0831 (Directory traversal vulnerability in the extract_jar function in ...) BUG: 325557 CVE-2010-0832 (pam_motd (aka the MOTD module) in libpam-modules before ...) NOT-FOR-US: ubuntu_linux CVE-2010-0833 (The pam_lsass library in Likewise Open 5.4 and CIFS 5.4 before build ...) NOT-FOR-US: likewise_open CVE-2010-0834 (The base-files package before 5.0.0ubuntu7.1 on Ubuntu 9.10 and before ...) NOT-FOR-US: ubuntu_linux CVE-2010-0835 (Unspecified vulnerability in the Wireless component in Oracle Fusion ...) NOT-FOR-US: oracle fusion_middleware CVE-2010-0836 (Unspecified vulnerability in the Oracle Knowledge Management component ...) NOT-FOR-US: oracle e business_suite CVE-2010-0837 (Unspecified vulnerability in the Pack200 component in Oracle Java SE ...) BUG: 306579 CVE-2010-0838 (Unspecified vulnerability in the Java 2D component in Oracle Java SE ...) BUG: 306579 CVE-2010-0839 (Unspecified vulnerability in the Sound component in Oracle Java SE and ...) BUG: 306579 CVE-2010-0840 (Unspecified vulnerability in the Java Runtime Environment component in ...) BUG: 306579 CVE-2010-0841 (Unspecified vulnerability in the ImageIO component in Oracle Java SE ...) BUG: 306579 CVE-2010-0842 (Unspecified vulnerability in the Sound component in Oracle Java SE and ...) BUG: 306579 CVE-2010-0843 (Unspecified vulnerability in the Sound component in Oracle Java SE and ...) BUG: 306579 CVE-2010-0844 (Unspecified vulnerability in the Sound component in Oracle Java SE and ...) BUG: 306579 CVE-2010-0845 (Unspecified vulnerability in the HotSpot Server component in Oracle ...) BUG: 306579 CVE-2010-0846 (Unspecified vulnerability in the ImageIO component in Oracle Java SE ...) BUG: 306579 CVE-2010-0847 (Unspecified vulnerability in the Java 2D component in Oracle Java SE ...) BUG: 306579 CVE-2010-0848 (Unspecified vulnerability in the Java 2D component in Oracle Java SE ...) BUG: 306579 CVE-2010-0849 (Unspecified vulnerability in the Java 2D component in Oracle Java SE ...) BUG: 306579 CVE-2010-0850 (Unspecified vulnerability in the Java 2D component in Oracle Java SE ...) BUG: 306579 CVE-2010-0851 (Unspecified vulnerability in the XML DB component in Oracle Database ...) NOT-FOR-US: oracle database_server CVE-2010-0852 (Unspecified vulnerability in the XML DB component in Oracle Database ...) NOT-FOR-US: oracle database_server CVE-2010-0853 (Unspecified vulnerability in the Oracle Internet Directory component ...) NOT-FOR-US: oracle fusion_middleware CVE-2010-0854 (Unspecified vulnerability in the Audit component in Oracle Database ...) NOT-FOR-US: oracle database_server CVE-2010-0855 (Unspecified vulnerability in the Portal component in Oracle Fusion ...) NOT-FOR-US: oracle fusion_middleware CVE-2010-0856 (Unspecified vulnerability in the Portal component in Oracle Fusion ...) NOT-FOR-US: oracle fusion_middleware CVE-2010-0857 (Unspecified vulnerability in the Oracle Workflow Cartridge component ...) NOT-FOR-US: oracle e business_suite CVE-2010-0858 (Unspecified vulnerability in the E-Business Intelligence component in ...) NOT-FOR-US: oracle e business_suite CVE-2010-0859 (Unspecified vulnerability in the Oracle Application Object Library ...) NOT-FOR-US: oracle e business_suite CVE-2010-0860 (Unspecified vulnerability in the Core RDBMS component in Oracle ...) NOT-FOR-US: oracle database_server CVE-2010-0861 (Unspecified vulnerability in the Oracle HRMS (Self Service) component ...) NOT-FOR-US: oracle e business_suite CVE-2010-0862 (Unspecified vulnerability in the Retail - Oracle Retail Markdown ...) NOT-FOR-US: oracle industry_product_suite CVE-2010-0863 (Unspecified vulnerability in the Retail - Oracle Retail Plan In-Season ...) NOT-FOR-US: oracle industry_product_suite CVE-2010-0864 (Unspecified vulnerability in the Retail - Oracle Retail Place ...) NOT-FOR-US: oracle industry_product_suite CVE-2010-0865 (Unspecified vulnerability in the Oracle Agile Engineering Data ...) NOT-FOR-US: oracle e business_suite CVE-2010-0866 (Unspecified vulnerability in the JavaVM component in Oracle Database ...) NOT-FOR-US: oracle database_server CVE-2010-0867 (Unspecified vulnerability in the JavaVM component in Oracle Database ...) NOT-FOR-US: oracle database_server CVE-2010-0868 (Unspecified vulnerability in the Oracle iStore component in Oracle ...) NOT-FOR-US: oracle e business_suite CVE-2010-0869 (Unspecified vulnerability in the Oracle Transportation Management ...) NOT-FOR-US: oracle e business_suite CVE-2010-0870 (Unspecified vulnerability in the Change Data Capture component in ...) NOT-FOR-US: oracle database_server CVE-2010-0871 (Unspecified vulnerability in the Oracle Application Object Library ...) NOT-FOR-US: oracle e business_suite CVE-2010-0872 (Unspecified vulnerability in the Oracle Internet Directory component ...) NOT-FOR-US: oracle fusion_middleware CVE-2010-0873 (Unspecified vulnerability in the Data Server component in Oracle ...) NOT-FOR-US: oracle timesten_in memory_database CVE-2010-0874 (Unspecified vulnerability in the Communications - Oracle ...) NOT-FOR-US: oracle industry_product_suite CVE-2010-0875 (Unspecified vulnerability in the Life Sciences - Oracle Thesaurus ...) NOT-FOR-US: oracle industry_product_suite CVE-2010-0876 (Unspecified vulnerability in the Life Sciences - Oracle Clinical ...) NOT-FOR-US: oracle industry_product_suite CVE-2010-0877 (Unspecified vulnerability in the PeopleTools component in Oracle ...) NOT-FOR-US: oracle peoplesoft_enterprise CVE-2010-0878 (Unspecified vulnerability in the PeopleTools component in Oracle ...) NOT-FOR-US: oracle peoplesoft_enterprise CVE-2010-0879 (Unspecified vulnerability in the PeopleTools component in Oracle ...) NOT-FOR-US: oracle peoplesoft_enterprise CVE-2010-0880 (Unspecified vulnerability in the PeopleTools component in Oracle ...) NOT-FOR-US: oracle peoplesoft_enterprise CVE-2010-0881 (Unspecified vulnerability in the User Interface Components in Oracle ...) NOT-FOR-US: oracle collaboration_suite CVE-2010-0882 (Unspecified vulnerability in the Solaris component in Oracle Sun ...) NOT-FOR-US: oracle opensolaris CVE-2010-0883 (Unspecified vulnerability in the Sun Cluster component in Oracle Sun ...) NOT-FOR-US: oracle sun_product_suite CVE-2010-0884 (Unspecified vulnerability in the Sun Cluster component in Oracle Sun ...) NOT-FOR-US: oracle sun_product_suite CVE-2010-0885 (Unspecified vulnerability in the Sun Java System Communications ...) NOT-FOR-US: oracle sun_product_suite CVE-2010-0886 (Unspecified vulnerability in the Java Deployment Toolkit component in ...) NOT-FOR-US: sun jre CVE-2010-0887 (Unspecified vulnerability in the New Java Plug-in component in Oracle ...) NOT-FOR-US: sun java CVE-2010-0888 (Unspecified vulnerability in the Sun Ray Server Software component in ...) NOT-FOR-US: oracle sun_product_suite CVE-2010-0889 (Unspecified vulnerability in the Solaris component in Oracle Sun ...) NOT-FOR-US: oracle opensolaris CVE-2010-0890 (Unspecified vulnerability in the Solaris component in Oracle Sun ...) NOT-FOR-US: oracle opensolaris CVE-2010-0891 (Unspecified vulnerability in the Sun Management Center component in ...) NOT-FOR-US: oracle sun_product_suite CVE-2010-0892 (Unspecified vulnerability in the Application Express component in ...) NOT-FOR-US: oracle database_server CVE-2010-0893 (Unspecified vulnerability in the Sun Convergence component in Oracle ...) NOT-FOR-US: oracle sun_product_suite CVE-2010-0894 (Unspecified vulnerability in the Sun Java System Access Manager ...) NOT-FOR-US: oracle sun_product_suite CVE-2010-0895 (Unspecified vulnerability in the Solaris component in Oracle Sun ...) NOT-FOR-US: oracle opensolaris CVE-2010-0896 (Unspecified vulnerability in the Sun Convergence component in Oracle ...) NOT-FOR-US: oracle sun_product_suite CVE-2010-0897 (Unspecified vulnerability in the Sun Java System Directory Server ...) NOT-FOR-US: oracle sun_product_suite CVE-2010-0898 (Unspecified vulnerability in Oracle Secure Backup 10.3.0.1 allows ...) NOT-FOR-US: oracle secure_backup CVE-2010-0899 (Unspecified vulnerability in Oracle Secure Backup 10.3.0.1 allows ...) NOT-FOR-US: oracle secure_backup CVE-2010-0900 (Unspecified vulnerability in the Network Layer component in Oracle ...) NOT-FOR-US: oracle database_server CVE-2010-0901 (Unspecified vulnerability in the Export component in Oracle Database ...) NOT-FOR-US: oracle database_server CVE-2010-0902 (Unspecified vulnerability in the Oracle OLAP component in Oracle ...) NOT-FOR-US: oracle database_server CVE-2010-0903 (Unspecified vulnerability in the Net Foundation Layer component in ...) NOT-FOR-US: oracle database_server CVE-2010-0904 (Unspecified vulnerability in Oracle Secure Backup 10.3.0.1 allows ...) NOT-FOR-US: oracle secure_backup CVE-2010-0905 (Unspecified vulnerability in the Oracle Applications Manager component ...) NOT-FOR-US: oracle e business_suite CVE-2010-0906 (Unspecified vulnerability in Oracle Secure Backup 10.3.0.1 allows ...) NOT-FOR-US: oracle secure_backup CVE-2010-0907 (Unspecified vulnerability in Oracle Secure Backup 10.3.0.1 allows ...) NOT-FOR-US: oracle secure_backup CVE-2010-0908 (Unspecified vulnerability in the Oracle Applications Framework ...) NOT-FOR-US: oracle e business_suite CVE-2010-0909 (Unspecified vulnerability in the Oracle Applications Framework ...) NOT-FOR-US: oracle e business_suite CVE-2010-0910 (Unspecified vulnerability in the Data Server component in Oracle ...) NOT-FOR-US: oracle timesten_in memory_database CVE-2010-0911 (Unspecified vulnerability in the Listener component in Oracle Database ...) NOT-FOR-US: oracle database_server CVE-2010-0912 (Unspecified vulnerability in the Oracle Applications Framework ...) NOT-FOR-US: oracle e business_suite CVE-2010-0913 (Unspecified vulnerability in the Oracle Applications Manager component ...) NOT-FOR-US: oracle e business_suite CVE-2010-0914 (Unspecified vulnerability in Oracle Sun Convergence 1.0 allows remote ...) NOT-FOR-US: oracle sun_convergence CVE-2010-0915 (Unspecified vulnerability in the Oracle Advanced Product Catalog ...) NOT-FOR-US: oracle e business_suite CVE-2010-0916 (Unspecified vulnerability in Oracle OpenSolaris 10 allows local users ...) NOT-FOR-US: oracle opensolaris CVE-2010-0917 (Stack-based buffer overflow in VBScript in Microsoft Windows 2000 SP4, ...) NOT-FOR-US: VBScript in Microsoft Windows CVE-2010-0918 (Multiple unspecified vulnerabilities in the UltraLite functionality in ...) NOT-FOR-US: UltraLite functionality in IBM Lotus iNotes aka Domino Web Access or DWA CVE-2010-0919 (Stack-based buffer overflow in the Lotus Domino Web Access ActiveX ...) NOT-FOR-US: Lotus Domino Web Access ActiveX control in IBM Lotus iNotes aka Domino Web Access or DWA CVE-2010-0920 (Cross-site scripting (XSS) vulnerability in IBM Lotus iNotes (aka ...) NOT-FOR-US: IBM Lotus iNotes aka Domino Web Access or DWA CVE-2010-0921 (Cross-site request forgery (CSRF) vulnerability in IBM Lotus iNotes ...) NOT-FOR-US: IBM Lotus iNotes aka Domino Web Access or DWA CVE-2010-0922 (Unspecified vulnerability in secldapclntd in IBM AIX 5.3 with SP ...) NOT-FOR-US: secldapclntd in IBM AIX CVE-2010-0923 (Race condition in workspace/krunner/lock/lockdlg.cc in the KRunner ...) BUG: 308077 CVE-2010-0924 (cfnetwork.dll 1.450.5.0 in CFNetwork, as used by safari.exe 531.21.10 ...) NOT-FOR-US: CFNetwork as used by safari exe CVE-2010-0925 (cfnetwork.dll 1.450.5.0 in CFNetwork, as used by safari.exe 531.21.10 ...) NOT-FOR-US: CFNetwork as used by safari exe CVE-2010-0926 (The default configuration of smbd in Samba before 3.3.11, 3.4.x before ...) BUG: 303767 CVE-2010-0927 (Cross-site scripting (XSS) vulnerability in help/readme.nsf/Header in ...) NOT-FOR-US: ibm lotus_domino CVE-2010-0928 (OpenSSL 0.9.8i on the Gaisler Research LEON3 SoC on the Xilinx ...) NOT-FOR-US: Obscure config CVE-2010-0929 (The Perforce service (p4s.exe) in Perforce Server 2008.1 allows remote ...) NOT-FOR-US: Perforce Server CVE-2010-0930 (The Perforce service (p4s.exe) in Perforce Server 2008.1 allows remote ...) NOT-FOR-US: Perforce Server CVE-2010-0931 (The Perforce service (p4s.exe) in Perforce Server 2008.1 allows remote ...) NOT-FOR-US: Perforce Server CVE-2010-0932 (The FTP server in Perforce Server 2008.1 allows remote attackers to ...) NOT-FOR-US: Perforce Server CVE-2010-0933 (Directory traversal vulnerability in Perforce Server 2008.1 allows ...) NOT-FOR-US: Perforce Server CVE-2010-0934 (The triggers functionality in Perforce Server 2008.1 allows remote ...) NOT-FOR-US: Perforce Server CVE-2010-0935 (Perforce Server 2009.2 and earlier, when the protection table is ...) NOT-FOR-US: Perforce CVE-2010-0936 (Cross-site scripting (XSS) vulnerability in auth.asp on the D-LINK ...) NOT-FOR-US: d link dkvm ip8 CVE-2010-0937 (Multiple unspecified vulnerabilities in Visualization Library before ...) NOT-FOR-US: visualizationlibrary visualization_library CVE-2010-0938 (Cross-site scripting (XSS) vulnerability in todooforum.php in Todoo ...) NOT-FOR-US: todoomasters todoo_forum CVE-2010-0939 (Visialis ABB Forum 1.1 stores sensitive information under the web root ...) NOT-FOR-US: visialis abb_forum CVE-2010-0940 (Cross-site scripting (XSS) vulnerability in guestbook.php in Simple ...) NOT-FOR-US: sanusart simple_php_guestbook CVE-2010-0941 (Multiple cross-site scripting (XSS) vulnerabilities in eTek Systems ...) NOT-FOR-US: web site development etek_systems_hit_counter CVE-2010-0942 (Directory traversal vulnerability in the jVideoDirect ...) NOT-FOR-US: com_jvideodirect CVE-2010-0943 (Directory traversal vulnerability in the JA Showcase (com_jashowcase) ...) NOT-FOR-US: joomlart com_jashowcase CVE-2010-0944 (Directory traversal vulnerability in the JCollection (com_jcollection) ...) NOT-FOR-US: thorsten_riess com_jcollection CVE-2010-0945 (SQL injection vulnerability in the HotBrackets Tournament Brackets ...) NOT-FOR-US: com_hotbrackets CVE-2010-0946 (SQL injection vulnerability in the Keep It Simple Stupid (KISS) ...) NOT-FOR-US: kiss software com_ksadvertiser CVE-2010-0947 (Cross-site scripting (XSS) vulnerability in post.aspx in Max Network ...) NOT-FOR-US: bbsmax CVE-2010-0948 (SQL injection vulnerability in profil.php in Bigforum 4.5, when ...) NOT-FOR-US: bfs kilu bigforum CVE-2010-0949 (Multiple cross-site scripting (XSS) vulnerabilities in Natychmiast CMS ...) NOT-FOR-US: natychmiast cms CVE-2010-0950 (Multiple SQL injection vulnerabilities in Natychmiast CMS allow remote ...) NOT-FOR-US: natychmiast cms CVE-2010-0951 (SQL injection vulnerability in go_target.php in dev4u CMS allows ...) NOT-FOR-US: dev4u_cms CVE-2010-0952 (SQL injection vulnerability in index.php in OneCMS 2.5, when ...) NOT-FOR-US: insanevisions onecms CVE-2010-0953 (Directory traversal vulnerability in mod.php in phpCOIN 1.2.1 allows ...) NOT-FOR-US: phpcoin CVE-2010-0954 (SQL injection vulnerability in search_result.asp in Pre Projects Pre ...) NOT-FOR-US: preprojects pre_e learning_portal CVE-2010-0955 (SQL injection vulnerability in index.php in Bild Flirt Community 2.0 ...) NOT-FOR-US: media products bild_flirt_community CVE-2010-0956 (SQL injection vulnerability in index.php in OpenCart 1.3.2 allows ...) NOT-FOR-US: opencart CVE-2010-0957 (Directory traversal vulnerability in content.php in Saskia's ...) NOT-FOR-US: saskia_bruckner saskias_shopsystem CVE-2010-0958 (Directory traversal vulnerability in modules/hayoo/index.php in ...) NOT-FOR-US: thomas_perez tribisur CVE-2010-0959 (Cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: ibm enovia_smarteam CVE-2010-0960 (Buffer overflow in qosmod in bos.net.tcp.server in IBM AIX 6.1 and ...) NOT-FOR-US: ibm aix CVE-2010-0961 (Buffer overflow in qoslist in bos.net.tcp.server in IBM AIX 6.1 and ...) NOT-FOR-US: ibm aix CVE-2010-0962 (The FTP proxy server in Apple AirPort Express, AirPort Extreme, and ...) NOT-FOR-US: apple time_capsule CVE-2010-0963 (Cross-site scripting (XSS) vulnerability in index.php in dl Download ...) NOT-FOR-US: yuri_d elia dl CVE-2010-0964 (SQL injection vulnerability in start.php in Eros Webkatalog allows ...) NOT-FOR-US: media products eros_webkatalog CVE-2010-0965 (Jevci Siparis Formu Scripti stores sensitive information under the web ...) NOT-FOR-US: jevci net jevci_siparis_formu_scripti CVE-2010-0966 (PHP remote file inclusion vulnerability in inc/config.php in deV!L`z ...) NOT-FOR-US: dzcp dev l z_clanportal CVE-2010-0967 (Multiple directory traversal vulnerabilities in Geekhelps ADMP 1.01, ...) NOT-FOR-US: geekhelps admp CVE-2010-0968 (SQL injection vulnerability in bannershow.php in Geekhelps ADMP 1.01 ...) NOT-FOR-US: geekhelps admp CVE-2010-0969 (Unbound before 1.4.3 does not properly align structures on 64-bit ...) BUG: 309117 CVE-2010-0970 (SQL injection vulnerability in phpmylogon.php in PhpMyLogon 2 allows ...) NOT-FOR-US: jorik_berkepas phpmylogon CVE-2010-0971 (Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.6.4 ...) NOT-FOR-US: atutor CVE-2010-0972 (Directory traversal vulnerability in the GCalendar (com_gcalendar) ...) NOT-FOR-US: g4j laoneo com_gcalendar CVE-2010-0973 (SQL injection vulnerability in index.php in phppool media Domain ...) NOT-FOR-US: scripteverkauf domain_verkaus_and_auktions_portal CVE-2010-0974 (Multiple SQL injection vulnerabilities in PHPCityPortal allow remote ...) NOT-FOR-US: phpcityportal CVE-2010-0975 (PHP remote file inclusion vulnerability in external.php in ...) NOT-FOR-US: phpcityportal CVE-2010-0976 (Acidcat CMS 3.5.x does not prevent access to install.asp after ...) NOT-FOR-US: acidcat_cms CVE-2010-0977 (PD PORTAL 4.0 stores sensitive information under the web root with ...) NOT-FOR-US: pordus pd_portal CVE-2010-0978 (KMSoft Guestbook (aka GBook) 1.0 stores sensitive information under ...) NOT-FOR-US: kmsoft guestbook CVE-2010-0979 (Cross-site scripting (XSS) vulnerability in display.php in ...) NOT-FOR-US: obsession design image gallery CVE-2010-0980 (SQL injection vulnerability in player.php in Left 4 Dead (L4D) Stats ...) NOT-FOR-US: mitchell_sleeper l4d_stats CVE-2010-0981 (SQL injection vulnerability in the TPJobs (com_tpjobs) component for ...) NOT-FOR-US: templateplazza com_tpjobs CVE-2010-0982 (Directory traversal vulnerability in the CARTwebERP (com_cartweberp) ...) NOT-FOR-US: joomlamo com_cartweberp CVE-2010-0983 (PHP remote file inclusion vulnerability in include/mail.inc.php in ...) NOT-FOR-US: utilo rezervi CVE-2010-0984 (Acidcat CMS 3.5.3 and earlier stores sensitive information under the ...) NOT-FOR-US: acidcat_cms CVE-2010-0985 (Directory traversal vulnerability in the Abbreviations Manager ...) NOT-FOR-US: chris_simon com_abbrev CVE-2010-0986 (Adobe Shockwave Player before 11.5.7.609 does not properly process ...) NOT-FOR-US: adobe shockwave_player CVE-2010-0987 (Heap-based buffer overflow in Adobe Shockwave Player before 11.5.7.609 ...) NOT-FOR-US: adobe shockwave_player CVE-2010-0988 (Multiple unspecified vulnerabilities in Pulse CMS before 1.2.3 allow ...) NOT-FOR-US: Pulse CMS CVE-2010-0989 (Directory traversal vulnerability in delete.php in Pulse CMS before ...) NOT-FOR-US: Pulse CMS CVE-2010-0990 (Stack-based buffer overflow in Creative Software AutoUpdate Engine ...) NOT-FOR-US: creative autoupdate_engine_activex_control CVE-2010-0991 (Multiple heap-based buffer overflows in imlib2 1.4.3 allow ...) BUG: 316699 CVE-2010-0992 (Multiple cross-site request forgery (CSRF) vulnerabilities in Pulse ...) NOT-FOR-US: Pulse CMS Basic CVE-2010-0993 (Unrestricted file upload vulnerability in Pulse CMS Basic 1.2.2 and ...) NOT-FOR-US: Pulse CMS Basic CVE-2010-0994 (Multiple buffer overflows in src/vl/vlDAT.cpp in Visualization Library ...) NOT-FOR-US: visualizationlibrary visualization_library CVE-2010-0995 (Stack-based buffer overflow in Internet Download Manager (IDM) before ...) NOT-FOR-US: tonec internet_download_manager CVE-2010-0996 (Unrestricted file upload vulnerability in e107 before 0.7.20 allows ...) NOT-FOR-US: e107 CVE-2010-0997 (Cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: e107 CVE-2010-0998 (Multiple stack-based buffer overflows in Free Download Manager (FDM) ...) NOT-FOR-US: freedownloadmanager free_download_manager CVE-2010-0999 (Directory traversal vulnerability in Free Download Manager (FDM) ...) NOT-FOR-US: freedownloadmanager free_download_manager CVE-2010-1000 (Directory traversal vulnerability in KGet in KDE SC 4.0.0 through ...) BUG: 319719 CVE-2010-1001 RESERVED CVE-2010-1002 RESERVED CVE-2010-1003 (Directory traversal vulnerability in ...) NOT-FOR-US: efrontlearning efront CVE-2010-1004 (SQL injection vulnerability in the Yet another TYPO3 search engine ...) NOT-FOR-US: mischa_heimann yatse CVE-2010-1005 (Cross-site scripting (XSS) vulnerability in the Yet another TYPO3 ...) NOT-FOR-US: mischa_heimann yatse CVE-2010-1006 (SQL injection vulnerability in the Brainstorming extension 0.1.8 and ...) NOT-FOR-US: typo3 brainstorming CVE-2010-1007 (Unspecified vulnerability in the Power Extension Manager (ch_lightem) ...) NOT-FOR-US: chi_hoang ch_lightem CVE-2010-1008 (Cross-site scripting (XSS) vulnerability in the Sellector.com Widget ...) NOT-FOR-US: christian_hennecke chsellector CVE-2010-1009 (SQL injection vulnerability in the Educator extension 0.1.5 for TYPO3 ...) NOT-FOR-US: joachim ruhs educator CVE-2010-1010 (SQL injection vulnerability in the MK Wastebasket (mk_wastebasket) ...) NOT-FOR-US: matthias_kall mk_wastebasket CVE-2010-1011 (Cross-site scripting (XSS) vulnerability in the myDashboard ...) NOT-FOR-US: tim_lochmueller mydashboard CVE-2010-1012 (SQL injection vulnerability in the CleanDB (nf_cleandb) extension ...) NOT-FOR-US: mathias_schreiber nf_cleandb CVE-2010-1013 (SQL injection vulnerability in the Diocese of Portsmouth Database ...) NOT-FOR-US: fr simon_rundell pd_diocesedatabase CVE-2010-1014 (Cross-site scripting (XSS) vulnerability in the Reports Logfile View ...) NOT-FOR-US: steffen_kamper reports_logview CVE-2010-1015 (SQL injection vulnerability in the SAV Filter Alphabetic ...) NOT-FOR-US: laurent_foulloy sav_filter_abc CVE-2010-1016 (SQL injection vulnerability in the SAV Filter Selectors ...) NOT-FOR-US: laurent_foulloy sav_filter_selectors CVE-2010-1017 (SQL injection vulnerability in the SAV Filter Months ...) NOT-FOR-US: laurent_foulloy sav_filter_months CVE-2010-1018 (SQL injection vulnerability in the Book Reviews (sk_bookreview) ...) NOT-FOR-US: jochen_rau sk_bookreview CVE-2010-1019 (SQL injection vulnerability in the Simple Gallery (sk_simplegallery) ...) NOT-FOR-US: sk typo3 sk_simplegallery CVE-2010-1020 (Cross-site scripting (XSS) vulnerability in the Simple Gallery ...) NOT-FOR-US: sk typo3 sk_simplegallery CVE-2010-1021 (Cross-site scripting (XSS) vulnerability in the Typo3 Quixplorer ...) NOT-FOR-US: mads_brunn t3quixplorer CVE-2010-1022 (The TYPO3 Security - Salted user password hashes (t3sec_saltedpw) ...) NOT-FOR-US: marcus_krause t3sec_saltedpw CVE-2010-1023 (Cross-site scripting (XSS) vulnerability in the UserTask Center, ...) NOT-FOR-US: georg_ringer _patrick_gaumond taskcent_recent CVE-2010-1024 (SQL injection vulnerability in the TGM-Newsletter (tgm_newsletter) ...) NOT-FOR-US: chris_wederka tgm_newsletter CVE-2010-1025 (Cross-site scripting (XSS) vulnerability in the TGM-Newsletter ...) NOT-FOR-US: chris_wederka tgm_newsletter CVE-2010-1026 (SQL injection vulnerability in the CleanDB - DBAL (tmsw_cleandb) ...) NOT-FOR-US: mathon_nicolas tmsw_cleandb CVE-2010-1027 (SQL injection vulnerability in the Meet Travelmates (travelmate) ...) NOT-FOR-US: dietmar_schffer travelmate CVE-2010-1028 (Integer overflow in the decompression functionality in the Web Open ...) BUG: 311021 CVE-2010-1029 (Stack consumption vulnerability in the WebCore::CSSSelector function ...) TODO: check CVE-2010-1030 (Unspecified vulnerability in HP-UX B.11.31, with AudFilter rules ...) NOT-FOR-US: HP UX CVE-2010-1031 (Unspecified vulnerability in HP Insight Control for Linux (aka ...) NOT-FOR-US: HP Insight Control for Linux aka IC Linux or ICE LX CVE-2010-1032 (Unspecified vulnerability in HP HP-UX B.11.11 allows local users to ...) NOT-FOR-US: HP CVE-2010-1033 (Multiple stack-based buffer overflows in a certain Tetradyne ActiveX ...) NOT-FOR-US: certain Tetradyne ActiveX control in HP Operations Manager CVE-2010-1034 (Unspecified vulnerability in HP System Management Homepage (SMH) 6.0 ...) NOT-FOR-US: HP System Management Homepage SMH CVE-2010-1035 (Multiple unspecified vulnerabilities in HP Virtual Machine Manager ...) NOT-FOR-US: HP Virtual Machine Manager VMM CVE-2010-1036 (Cross-site scripting (XSS) vulnerability in HP System Insight Manager ...) NOT-FOR-US: hp systems_insight_manager CVE-2010-1037 (Cross-site request forgery (CSRF) vulnerability in HP System Insight ...) NOT-FOR-US: hp systems_insight_manager CVE-2010-1038 (Unspecified vulnerability in HP System Insight Manager before 6.0 ...) NOT-FOR-US: hp systems_insight_manager CVE-2010-1039 (Format string vulnerability in the _msgout function in rpc.pcnfsd in ...) NOT-FOR-US: hp ux CVE-2010-1040 (The "IP address range limitation" function in OpenPNE 1.6 through 1.8, ...) NOT-FOR-US: tejimaya openpne CVE-2010-1041 (Unspecified vulnerability in the single sign-on functionality in the ...) NOT-FOR-US: ibm db2_content_manager CVE-2010-1042 (Microsoft Windows Media Player 11 does not properly perform colorspace ...) NOT-FOR-US: microsoft windows_media_player CVE-2010-1043 (Directory traversal vulnerability in index.php in jaxCMS 1.0 allows ...) NOT-FOR-US: jaxcms CVE-2010-1044 (SQL injection vulnerability in Login.do in ManageEngine OpUtils 5.0 ...) NOT-FOR-US: manageengine oputils CVE-2010-1045 (SQL injection vulnerability in the Productbook (com_productbook) ...) NOT-FOR-US: design cars com_productbook CVE-2010-1046 (Multiple SQL injection vulnerabilities in index.php in Rostermain 1.1 ...) NOT-FOR-US: ryan_marshall rostermain CVE-2010-1047 (SQL injection vulnerability in index.php in MASA2EL Music City 1.0 and ...) NOT-FOR-US: masa2el music_city CVE-2010-1048 (Cross-site scripting (XSS) vulnerability in blog/index.php in Uiga ...) NOT-FOR-US: uiga business_portal CVE-2010-1049 (Multiple SQL injection vulnerabilities in Uiga Business Portal allow ...) NOT-FOR-US: uiga business_portal CVE-2010-1050 (SQL injection vulnerability in index.php in AudiStat 1.3 allows remote ...) NOT-FOR-US: alexandre_dubus audistat CVE-2010-1051 (Multiple SQL injection vulnerabilities in index.php in AudiStat 1.3 ...) NOT-FOR-US: alexandre_dubus audistat CVE-2010-1052 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) NOT-FOR-US: alexandre_dubus audistat CVE-2010-1053 (Multiple SQL injection vulnerabilities in Zen Time Tracking 2.2 and ...) NOT-FOR-US: zentracking zen_time_tracking CVE-2010-1054 (Multiple SQL injection vulnerabilities in ParsCMS allow remote ...) NOT-FOR-US: parscms CVE-2010-1055 (Multiple PHP remote file inclusion vulnerabilities in osDate 2.1.9 and ...) NOT-FOR-US: tufat osdate CVE-2010-1056 (Directory traversal vulnerability in the RokDownloads ...) NOT-FOR-US: rockettheme com_rokdownloads CVE-2010-1057 (Multiple directory traversal vulnerabilities in Phpkobo AdFreely (aka ...) NOT-FOR-US: phpkobo adfreely CVE-2010-1058 (Directory traversal vulnerability in codelib/cfg/common.inc.php in ...) NOT-FOR-US: phpkobo address_book_script CVE-2010-1059 (Directory traversal vulnerability in staff/app/common.inc.php in ...) NOT-FOR-US: phpkobo address_book_script CVE-2010-1060 (Directory traversal vulnerability in staff/app/common.inc.php in ...) NOT-FOR-US: phpkobo short_url CVE-2010-1061 (Multiple directory traversal vulnerabilities in Phpkobo Short URL ...) NOT-FOR-US: phpkobo short_url CVE-2010-1062 (Directory traversal vulnerability in codelib/sys/common.inc.php in ...) NOT-FOR-US: phpkobo free_real_estate_contact_form_script CVE-2010-1063 (Multiple directory traversal vulnerabilities in Phpkobo Free Real ...) NOT-FOR-US: phpkobo free_real_estate_contact_form_script CVE-2010-1064 (Erolife AjxGaleri VT stores sensitive information under the web root ...) NOT-FOR-US: aspindir erolife_ajxgaleri_vt CVE-2010-1065 (Lebisoft Ziyaretci Defteri 7.4 and 7.5 stores sensitive information ...) NOT-FOR-US: lebisoft ziyaretci_defteri_7 5 CVE-2010-1066 (AR Web Content Manager (AWCM) 2.1 stores sensitive information under ...) NOT-FOR-US: AR CVE-2010-1067 (E-membres 1.0 stores sensitive information under the web root with ...) NOT-FOR-US: hasmir_alic e membres CVE-2010-1068 (Multiple cross-site scripting (XSS) vulnerabilities in surgeftpmgr.cgi ...) NOT-FOR-US: netwin surgeftp CVE-2010-1069 (SQL injection vulnerability in games/game.php in ProArcadeScript ...) NOT-FOR-US: proarcadescript CVE-2010-1070 (SQL injection vulnerability in index.php in ImagoScripts Deviant Art ...) NOT-FOR-US: imagoscripts deviant_art_clone CVE-2010-1071 (SQL injection vulnerability in profil.php in phpMDJ 1.0.3 allows ...) NOT-FOR-US: phpmdj CVE-2010-1072 (Cross-site scripting (XSS) vulnerability in search.php in Sniggabo CMS ...) NOT-FOR-US: sniggabo_cms CVE-2010-1073 (SQL injection vulnerability in the jEmbed-Embed Anything (com_jembed) ...) NOT-FOR-US: joshprakash com_jembed CVE-2010-1074 (Cross-site scripting (XSS) vulnerability in the Currency Exchange ...) NOT-FOR-US: 2bits currency CVE-2010-1075 (SQL injection vulnerability in index.php in Entry Level CMS (EL CMS) ...) NOT-FOR-US: entrylevelcms el_cms CVE-2010-1076 (Cross-site scripting (XSS) vulnerability in index.php in Entry Level ...) NOT-FOR-US: entrylevelcms el_cms CVE-2010-1077 (Directory traversal vulnerability in vbseo.php in Crawlability vBSEO ...) NOT-FOR-US: vbseo CVE-2010-1078 (SQL injection vulnerability in archive.php in XlentProjects SphereCMS ...) NOT-FOR-US: sphere xlentprojects spherecms CVE-2010-1079 (Cross-site scripting (XSS) vulnerability in Sawmill before 7.2.18 ...) NOT-FOR-US: sawmill CVE-2010-1080 (Cross-site scripting (XSS) vulnerability in view.php in Pulse CMS ...) NOT-FOR-US: pulsecms pulse_cms CVE-2010-1081 (Directory traversal vulnerability in the Community Polls ...) NOT-FOR-US: corejoomla com_communitypolls CVE-2010-1082 (Multiple directory traversal vulnerabilities in OI.Blogs 1.0.0, when ...) NOT-FOR-US: openinferno oi blogs CVE-2010-1083 (The processcompl_compat function in drivers/usb/core/devio.c in Linux ...) BUG: 314677 CVE-2010-1084 (Linux kernel 2.6.18 through 2.6.33, and possibly other versions, ...) BUG: 314679 CVE-2010-1085 (The azx_position_ok function in hda_intel.c in Linux kernel 2.6.33-rc4 ...) BUG: 314685 CVE-2010-1086 (The ULE decapsulation functionality in ...) BUG: 314687 CVE-2010-1087 (The nfs_wait_on_request function in fs/nfs/pagelist.c in Linux kernel ...) BUG: 314689 CVE-2010-1088 (fs/namei.c in Linux kernel 2.6.18 through 2.6.34 does not always ...) BUG: 314693 CVE-2010-1089 (SQL injection vulnerability in vedi_faq.php in PHP Trouble Ticket 2.2 ...) NOT-FOR-US: phptroubleticket php_trouble_ticket CVE-2010-1090 (SQL injection vulnerability in index.php in phpMySite allows remote ...) NOT-FOR-US: phpmysite CVE-2010-1091 (Multiple cross-site scripting (XSS) vulnerabilities in contact.php in ...) NOT-FOR-US: phpmysite CVE-2010-1092 (Multiple SQL injection vulnerabilities in login.php in ScriptsFeed ...) NOT-FOR-US: scriptsfeed business_directory_software CVE-2010-1093 (SQL injection vulnerability in rss.php in 1024 CMS 2.1.1, when ...) NOT-FOR-US: 1024cms 1024_cms CVE-2010-1094 (SQL injection vulnerability in news.php in DZ EROTIK Auktionshaus ...) NOT-FOR-US: miethner scripting dz_erotik_auktionshaus_v4rgo CVE-2010-1095 (Cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: jan_schutze truc CVE-2010-1096 (Multiple SQL injection vulnerabilities in searchmatch.php in ...) NOT-FOR-US: scriptsfeed dating_software CVE-2010-1097 (include/userlogin.class.php in DeDeCMS 5.5 GBK, when ...) NOT-FOR-US: dedecms CVE-2010-1098 (The ANI parser in Microsoft Windows before 7 on the x86 platform, as ...) NOT-FOR-US: microsoft windows_xp CVE-2010-1099 (Integer overflow in Apple Safari allows remote attackers to bypass ...) TODO: check CVE-2010-1100 (Integer overflow in Arora allows remote attackers to bypass intended ...) BUG: 314699 CVE-2010-1101 (Integer overflow in Alexander Clauss iCab allows remote attackers to ...) NOT-FOR-US: icab CVE-2010-1102 (Integer overflow in OmniWeb allows remote attackers to bypass intended ...) NOT-FOR-US: omnigroup omniweb CVE-2010-1103 (Integer overflow in Stainless allows remote attackers to bypass ...) NOT-FOR-US: mesadynamics stainless CVE-2010-1104 (Cross-site scripting (XSS) vulnerability in Zope 2.8.x before 2.8.12, ...) BUG: 313337 CVE-2010-1105 (Cross-site scripting (XSS) vulnerability in cgi/index.php in ...) NOT-FOR-US: advertisementmanager CVE-2010-1106 (PHP remote file inclusion vulnerability in cgi/index.php in ...) NOT-FOR-US: advertisementmanager CVE-2010-1107 (Cross-site scripting (XSS) vulnerability in the Recent Comments module ...) NOT-FOR-US: fourkitchens recent_comments CVE-2010-1108 (Cross-site scripting (XSS) vulnerability in the Control Panel module ...) NOT-FOR-US: hashmarkconsulting controlpanel CVE-2010-1109 (Multiple SQL injection vulnerabilities in index.php in phpMySport 1.4, ...) NOT-FOR-US: djayp phpmysport CVE-2010-1110 (Directory traversal vulnerability in index.php in phpMySport 1.4 ...) NOT-FOR-US: djayp phpmysport CVE-2010-1111 (Multiple cross-site scripting (XSS) vulnerabilities in Jokes Complete ...) NOT-FOR-US: easysitenetwork jokes_complete_website CVE-2010-1112 (Cross-site scripting (XSS) vulnerability in cat.php in KloNews 2.0 ...) NOT-FOR-US: tristan_barczyk klonews CVE-2010-1113 (Cross-site scripting (XSS) vulnerability in the forum page in Web ...) NOT-FOR-US: comscripts web_server_creator_web_portal CVE-2010-1114 (Multiple PHP remote file inclusion vulnerabilities in Web Server ...) NOT-FOR-US: comscripts web_server_creator_web_portal CVE-2010-1115 (Directory traversal vulnerability in news/include/customize.php in Web ...) NOT-FOR-US: comscripts web_server_creator_web_portal CVE-2010-1116 (LookMer Music Portal stores sensitive information under the web root ...) NOT-FOR-US: aspindir lookmer_muzik_portal CVE-2010-1117 (Heap-based buffer overflow in Internet Explorer 8 on Microsoft Windows ...) NOT-FOR-US: microsoft ie CVE-2010-1118 (Unspecified vulnerability in Internet Explorer 8 on Microsoft Windows ...) NOT-FOR-US: microsoft internet_explorer CVE-2010-1119 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on ...) NOT-FOR-US: apple safari CVE-2010-1120 (Unspecified vulnerability in Safari 4 on Apple Mac OS X 10.6 allows ...) NOT-FOR-US: apple safari CVE-2010-1121 (Mozilla Firefox 3.6.x before 3.6.3 does not properly manage the scopes ...) TODO: check CVE-2010-1122 (Unspecified vulnerability in Mozilla Firefox 3.5.x through 3.5.8 ...) TODO: check CVE-2010-1123 (Chip Salzenberg Deliver does not properly associate a lockfile with ...) NOT-FOR-US: Chip CVE-2010-1124 (bos.rte.libc 5.3.9.4 on IBM AIX 5.3 does not properly support reading ...) NOT-FOR-US: bos rte libc CVE-2010-1125 (The JavaScript implementation in Mozilla Firefox 3.x before 3.5.10 and ...) TODO: check CVE-2010-1126 (The JavaScript implementation in WebKit allows remote attackers to ...) TODO: check CVE-2010-1127 (Microsoft Internet Explorer 6 and 7 does not initialize certain data ...) NOT-FOR-US: microsoft ie CVE-2010-1128 (The Linear Congruential Generator (LCG) in PHP before 5.2.13 does not ...) BUG: 306939 CVE-2010-1129 (The safe_mode implementation in PHP before 5.2.13 does not properly ...) BUG: 306939 CVE-2010-1130 (session.c in the session extension in PHP before 5.2.13, and 5.3.1, ...) BUG: 306939 CVE-2010-1131 (JavaScriptCore.dll, as used in Apple Safari 4.0.5 on Windows XP SP3, ...) NOT-FOR-US: apple safari CVE-2010-1132 (The mlfi_envrcpt function in spamass-milter.cpp in SpamAssassin Milter ...) BUG: 310049 CVE-2010-1133 (Multiple SQL injection vulnerabilities in TikiWiki CMS/Groupware 4.x ...) BUG: 313339 CVE-2010-1134 (SQL injection vulnerability in the _find function in searchlib.php in ...) BUG: 313339 CVE-2010-1135 (The user_logout function in TikiWiki CMS/Groupware 4.x before 4.2 does ...) BUG: 313339 CVE-2010-1136 (The Standard Remember method in TikiWiki CMS/Groupware 3.x before 3.5 ...) BUG: 313339 CVE-2010-1137 (Cross-site scripting (XSS) vulnerability in WebAccess in VMware ...) BUG: 335866 CVE-2010-1138 (The virtual networking stack in VMware Workstation 7.0 before 7.0.1 ...) BUG: 335866 CVE-2010-1139 (Format string vulnerability in vmrun in VMware VIX API 1.6.x, VMware ...) BUG: 335866 CVE-2010-1140 (The USB service in VMware Workstation 7.0 before 7.0.1 build 227600 ...) BUG: 335866 CVE-2010-1141 (VMware Tools in VMware Workstation 6.5.x before 6.5.4 build 246459; ...) BUG: 335866 CVE-2010-1142 (VMware Tools in VMware Workstation 6.5.x before 6.5.4 build 246459; ...) BUG: 335866 CVE-2010-1143 (Cross-site scripting (XSS) vulnerability in VMware View (formerly ...) BUG: 335866 CVE-2010-1144 REJECTED CVE-2010-1145 REJECTED CVE-2010-1146 (The Linux kernel 2.6.33.2 and earlier, when a ReiserFS filesystem ...) BUG: 314617 CVE-2010-1147 (Stack-based buffer overflow in Open Direct Connect Hub (aka Open DC ...) NOT-FOR-US: roshan_singh open_direct_connect_hub CVE-2010-1148 (The cifs_create function in fs/cifs/dir.c in the Linux kernel 2.6.33.2 ...) BUG: 325559 CVE-2010-1149 (probers/udisks-dm-export.c in udisks before 1.0.1 exports ...) NOT-FOR-US: Obsolete CVE-2010-1150 (MediaWiki before 1.15.3, and 1.6.x before 1.16.0beta2, does not ...) BUG: 316701 CVE-2010-1151 (Race condition in the mod_auth_shadow module for the Apache HTTP ...) NOT-FOR-US: apache_http_server CVE-2010-1152 (memcached.c in memcached before 1.4.3 allows remote attackers to cause ...) BUG: 316703 CVE-2010-1153 (PHP remote file inclusion vulnerability in the autoloader in TYPO3 ...) NOT-FOR-US: typo3 CVE-2010-1154 RESERVED CVE-2010-1155 (Irssi before 0.8.15, when SSL is used, does not verify that the server ...) BUG: 314639 CVE-2010-1156 (core/nicklist.c in Irssi before 0.8.15 allows remote attackers to ...) BUG: 314639 CVE-2010-1157 (Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might ...) BUG: 320963 CVE-2010-1158 (Integer overflow in the regular expression engine in Perl 5.8.x allows ...) BUG: 313565 CVE-2010-1159 RESERVED CVE-2010-1160 (GNU nano before 2.2.4 does not verify whether a file has been changed ...) BUG: 315355 CVE-2010-1161 (Race condition in GNU nano before 2.2.4, when run by root to edit a ...) BUG: 315355 CVE-2010-1162 (The release_one_tty function in drivers/char/tty_io.c in the Linux ...) BUG: 320965 CVE-2010-1163 (The command matching functionality in sudo 1.6.8 through 1.7.2p5 does ...) BUG: 321697 CVE-2010-1164 (Multiple cross-site scripting (XSS) vulnerabilities in Atlassian JIRA ...) NOT-FOR-US: atlassian jira CVE-2010-1165 (Atlassian JIRA 3.12 through 4.1 allows remote authenticated ...) NOT-FOR-US: atlassian jira CVE-2010-1166 (The fbComposite function in fbpict.c in the Render extension in the X ...) TODO: check CVE-2010-1167 (fetchmail 4.6.3 through 6.3.16, when debug mode is enabled, does not ...) BUG: 318875 CVE-2010-1168 (The Safe (aka Safe.pm) module before 2.25 for Perl allows ...) BUG: 325563 CVE-2010-1169 (PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, ...) BUG: 320967 CVE-2010-1170 (The PL/Tcl implementation in PostgreSQL 7.4 before 7.4.29, 8.0 before ...) BUG: 320967 CVE-2010-1171 RESERVED CVE-2010-1172 (DBus-GLib 0.73 disregards the access flag of exported GObject ...) BUG: 332529 CVE-2010-1173 (The sctp_process_unk_param function in net/sctp/sm_make_chunk.c in the ...) BUG: 325565 CVE-2010-1174 (Cisco TFTP Server 1.1 allows remote attackers to cause a denial of ...) NOT-FOR-US: cisco tftp_server CVE-2010-1175 (Microsoft Internet Explorer 7.0 on Windows XP and Windows Server 2003 ...) NOT-FOR-US: microsoft ie CVE-2010-1176 (Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers ...) NOT-FOR-US: apple safari CVE-2010-1177 (Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers ...) NOT-FOR-US: apple safari CVE-2010-1178 (Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers ...) NOT-FOR-US: apple safari CVE-2010-1179 (Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers ...) NOT-FOR-US: apple safari CVE-2010-1180 (Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers ...) NOT-FOR-US: apple safari CVE-2010-1181 (Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers ...) NOT-FOR-US: apple safari CVE-2010-1182 (Multiple unspecified vulnerabilities in the administrative console in ...) NOT-FOR-US: ibm websphere_application_server CVE-2010-1183 (Certain patch-installation scripts in Oracle Solaris allow local users ...) NOT-FOR-US: sun solaris CVE-2010-1184 (The Microsoft wireless keyboard uses XOR encryption with a key derived ...) NOT-FOR-US: microsoft 27mhz_wireless_keyboard CVE-2010-1185 (Stack-based buffer overflow in serv.exe in SAP MaxDB 7.4.3.32, and ...) NOT-FOR-US: sap maxdb CVE-2010-1186 (Cross-site scripting (XSS) vulnerability in xml/media-rss.php in the ...) NOT-FOR-US: alex_rabe nextgen_gallery CVE-2010-1187 (The Transparent Inter-Process Communication (TIPC) functionality in ...) BUG: 312485 CVE-2010-1188 (Use-after-free vulnerability in net/ipv4/tcp_input.c in the Linux ...) BUG: 312487 CVE-2010-1189 (MediaWiki before 1.15.2 does not prevent wiki editors from linking to ...) BUG: 308573 CVE-2010-1190 (thumb.php in MediaWiki before 1.15.2, when used with ...) BUG: 308573 CVE-2010-1191 (Sahana disaster management system 0.6.2.2, and possibly other ...) NOT-FOR-US: an CVE-2010-1192 (libESMTP, probably 1.0.4 and earlier, does not properly handle a '\0' ...) BUG: 312489 CVE-2010-1193 (Cross-site scripting (XSS) vulnerability in WebAccess in VMware Server ...) BUG: 313347 CVE-2010-1194 (The match_component function in smtp-tls.c in libESMTP 1.0.3.r1, and ...) BUG: 312489 CVE-2010-1195 (Cross-site scripting (XSS) vulnerability in the htmlscrubber component ...) NOT-FOR-US: Not in the tree, notified in ebuild bug CVE-2010-1196 (Integer overflow in the nsGenericDOMDataNode::SetTextInternal function ...) TODO: check CVE-2010-1197 (Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and ...) TODO: check CVE-2010-1198 (Use-after-free vulnerability in Mozilla Firefox 3.5.x before 3.5.10 ...) TODO: check CVE-2010-1199 (Integer overflow in the XSLT node sorting implementation in Mozilla ...) TODO: check CVE-2010-1200 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) TODO: check CVE-2010-1201 (Unspecified vulnerability in the browser engine in Mozilla Firefox ...) TODO: check CVE-2010-1202 (Multiple unspecified vulnerabilities in the JavaScript engine in ...) TODO: check CVE-2010-1203 (The JavaScript engine in Mozilla Firefox 3.6.x before 3.6.4 allow ...) TODO: check CVE-2010-1204 (Search.pm in Bugzilla 2.17.1 through 3.2.6, 3.3.1 through 3.4.6, 3.5.1 ...) BUG: 329923 CVE-2010-1205 (Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before ...) BUG: 324153 CVE-2010-1206 (The startDocumentLoad function in browser/base/content/browser.js in ...) TODO: check CVE-2010-1207 (Mozilla Firefox before 3.6.7 and Thunderbird before 3.1.1 do not ...) TODO: check CVE-2010-1208 (Use-after-free vulnerability in the attribute-cloning functionality in ...) TODO: check CVE-2010-1209 (Use-after-free vulnerability in the NodeIterator implementation in ...) TODO: check CVE-2010-1210 (intl/uconv/util/nsUnicodeDecodeHelper.cpp in Mozilla Firefox before ...) TODO: check CVE-2010-1211 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) TODO: check CVE-2010-1212 (js/src/jstracer.cpp in the browser engine in Mozilla Firefox 3.6.x ...) TODO: check CVE-2010-1213 (The importScripts Web Worker method in Mozilla Firefox 3.5.x before ...) TODO: check CVE-2010-1214 (Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x ...) TODO: check CVE-2010-1215 (Mozilla Firefox 3.6.x before 3.6.7 and Thunderbird 3.1.x before 3.1.1 ...) TODO: check CVE-2010-1216 (PHP remote file inclusion vulnerability in templates/template.php in ...) NOT-FOR-US: notsoPureEdit CVE-2010-1217 (Directory traversal vulnerability in the JE Form Creator ...) NOT-FOR-US: JE CVE-2010-1218 (Cross-site scripting (XSS) vulnerability in the mm_forum extension ...) NOT-FOR-US: mm_forum extension CVE-2010-1219 (Directory traversal vulnerability in the JA News (com_janews) ...) NOT-FOR-US: JA News com_janews component CVE-2010-1220 RESERVED CVE-2010-1221 (CA XOsoft r12.0 and r12.5 does not properly perform authentication, ...) NOT-FOR-US: xosoft_replication CVE-2010-1222 (CA XOsoft r12.5 does not properly perform authentication, which allows ...) NOT-FOR-US: xosoft_replication CVE-2010-1223 (Multiple buffer overflows in CA XOsoft r12.0 and r12.5 allow remote ...) NOT-FOR-US: xosoft_replication CVE-2010-1224 (main/acl.c in Asterisk Open Source 1.6.0.x before 1.6.0.25, 1.6.1.x ...) BUG: 313341 CVE-2010-1225 (The memory-management implementation in the Virtual Machine Monitor ...) NOT-FOR-US: microsoft windows_virtual_pc CVE-2010-1226 (The HTTP client functionality in Apple iPhone OS 3.1 on the iPhone 2G ...) NOT-FOR-US: Apple iPhone OS CVE-2010-1227 (Cross-site scripting (XSS) vulnerability in Sun Java System ...) NOT-FOR-US: Sun CVE-2010-1228 (Multiple race conditions in the sandbox infrastructure in Google ...) TODO: check CVE-2010-1229 (The sandbox infrastructure in Google Chrome before 4.1.249.1036 does ...) TODO: check CVE-2010-1230 (Google Chrome before 4.1.249.1036 does not have the expected behavior ...) TODO: check CVE-2010-1231 (Google Chrome before 4.1.249.1036 processes HTTP headers before ...) TODO: check CVE-2010-1232 (Google Chrome before 4.1.249.1036 allows remote attackers to cause a ...) TODO: check CVE-2010-1233 (Multiple integer overflows in Google Chrome before 4.1.249.1036 allow ...) TODO: check CVE-2010-1234 (Unspecified vulnerability in Google Chrome before 4.1.249.1036 allows ...) TODO: check CVE-2010-1235 (Unspecified vulnerability in Google Chrome before 4.1.249.1036 allows ...) TODO: check CVE-2010-1236 (The protocolIs function in platform/KURLGoogle.cpp in WebCore in ...) TODO: check CVE-2010-1237 (Google Chrome 4.1 BETA before 4.1.249.1036 allows remote attackers to ...) TODO: check CVE-2010-1238 (MoinMoin 1.7.1 allows remote attackers to bypass the textcha ...) BUG: 305663 CVE-2010-1239 (Foxit Reader before 3.2.1.0401 allows remote attackers to (1) execute ...) NOT-FOR-US: foxitsoftware foxit_reader CVE-2010-1240 (Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on ...) NOT-FOR-US: Launch CVE-2010-1241 (Heap-based buffer overflow in the custom heap management system in ...) BUG: 313343 CVE-2010-1242 (Multiple cross-site scripting (XSS) vulnerabilities in the IBM Web ...) NOT-FOR-US: ibm webi CVE-2010-1243 (The IBM Web Interface for Content Management (aka WEBi) before 1.0.4 ...) NOT-FOR-US: ibm webi CVE-2010-1244 (Cross-site request forgery (CSRF) vulnerability in ...) NOT-FOR-US: apache activemq CVE-2010-1245 (Unspecified vulnerability in Microsoft Office Excel 2002 SP3, Office ...) NOT-FOR-US: Microsoft Office Excel CVE-2010-1246 (Stack-based buffer overflow in Microsoft Office Excel 2002 SP3 allows ...) NOT-FOR-US: Microsoft Office Excel CVE-2010-1247 (Unspecified vulnerability in Microsoft Office Excel 2002 SP3 allows ...) NOT-FOR-US: Microsoft Office Excel CVE-2010-1248 (Buffer overflow in Microsoft Office Excel 2002 SP3 and Office 2004 for ...) NOT-FOR-US: Microsoft Office Excel CVE-2010-1249 (Buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for ...) NOT-FOR-US: Microsoft Office Excel CVE-2010-1250 (Heap-based buffer overflow in Microsoft Office Excel 2002 SP3, Office ...) NOT-FOR-US: Microsoft Office Excel CVE-2010-1251 (Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and ...) NOT-FOR-US: Microsoft Office Excel CVE-2010-1252 (Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and ...) NOT-FOR-US: Microsoft Office Excel CVE-2010-1253 (Microsoft Office Excel 2002 SP3, 2007 SP1, and SP2; Office 2004 for ...) NOT-FOR-US: Microsoft Office Excel CVE-2010-1254 (The installation for Microsoft Open XML File Format Converter for Mac ...) NOT-FOR-US: installation for Microsoft Open XML File Format Converter for Mac CVE-2010-1255 (The Windows kernel-mode drivers in win32k.sys in Microsoft Windows ...) NOT-FOR-US: Microsoft Windows CVE-2010-1256 (Unspecified vulnerability in Microsoft IIS 6.0, 7.0, and 7.5, when ...) NOT-FOR-US: Microsoft IIS CVE-2010-1257 (Cross-site scripting (XSS) vulnerability in the toStaticHTML API, as ...) NOT-FOR-US: microsoft sharepoint_services CVE-2010-1258 (Microsoft Internet Explorer 6, 7, and 8 does not properly determine ...) NOT-FOR-US: microsoft ie CVE-2010-1259 (Microsoft Internet Explorer 6 SP1 and SP2, 7, and 8 allows remote ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2010-1260 (The IE8 Developer Toolbar in Microsoft Internet Explorer 8 SP1, SP2, ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2010-1261 (The IE8 Developer Toolbar in Microsoft Internet Explorer 8 SP1, SP2, ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2010-1262 (Microsoft Internet Explorer 6 SP1 and SP2, 7, and 8 allows remote ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2010-1263 (Windows Shell and WordPad in Microsoft Windows XP SP2 and SP3, Windows ...) NOT-FOR-US: Microsoft Office CVE-2010-1264 (Unspecified vulnerability in Microsoft Windows SharePoint Services 3.0 ...) NOT-FOR-US: Microsoft Windows SharePoint Services CVE-2010-1265 (SQL injection vulnerability in Adam Corley dcsFlashGames ...) NOT-FOR-US: ekith com_dcs_flashgames CVE-2010-1266 (Multiple PHP remote file inclusion vulnerabilities in WebMaid CMS ...) NOT-FOR-US: kjetiltroan webmaid_cms CVE-2010-1267 (Multiple directory traversal vulnerabilities in WebMaid CMS 0.2-6 Beta ...) NOT-FOR-US: kjetiltroan webmaid_cms CVE-2010-1268 (Directory traversal vulnerability in index.php in justVisual CMS 2.0, ...) NOT-FOR-US: fh54 justvisual CVE-2010-1269 (SQL injection vulnerability in auktion.php in phpscripte24 Niedrig ...) NOT-FOR-US: phpscripte24 niedrig_gebote_pro_auktions_system_ii CVE-2010-1270 (SQL injection vulnerability in auktion.php in Multi Auktions Komplett ...) NOT-FOR-US: phpscripte24 multi_suktions_komplett_system CVE-2010-1271 (SQL injection vulnerability in showplugs.php in smartplugs 1.3 allows ...) NOT-FOR-US: smart plugs smartplugs CVE-2010-1272 (PHP remote file inclusion vulnerability in includes/tgpinc.php in ...) NOT-FOR-US: komputer boo gnat tgp CVE-2010-1273 (Emweb Wt before 3.1.1 does not validate the UTF-8 encoding of (1) form ...) NOT-FOR-US: emweb wt CVE-2010-1274 (Cross-site scripting (XSS) vulnerability in Emweb Wt before 3.1.1 ...) NOT-FOR-US: webtoolkit wt CVE-2010-1275 (Cross-site scripting (XSS) vulnerability in ShowPost.asp in BBSXP 2008 ...) NOT-FOR-US: bbsxp CVE-2010-1276 (Multiple cross-site scripting (XSS) vulnerabilities in BBSXP 2008 SP2 ...) NOT-FOR-US: bbsxp CVE-2010-1277 (SQL injection vulnerability in the user.authenticate method in the API ...) BUG: 314673 CVE-2010-1278 (Buffer overflow in the Atlcom.get_atlcom ActiveX control in gp.ocx in ...) NOT-FOR-US: Adobe Download Manager as used in Adobe Reader and Acrobat CVE-2010-1279 (Multiple unspecified vulnerabilities in Adobe Photoshop CS4 11.x ...) NOT-FOR-US: adobe photoshop_cs4 CVE-2010-1280 (Adobe Shockwave Player before 11.5.7.609 allows remote attackers to ...) NOT-FOR-US: adobe shockwave_player CVE-2010-1281 (iml32.dll in Adobe Shockwave Player before 11.5.7.609 does not ...) NOT-FOR-US: adobe shockwave_player CVE-2010-1282 (Adobe Shockwave Player before 11.5.7.609 allows remote attackers to ...) NOT-FOR-US: adobe shockwave_player CVE-2010-1283 (Adobe Shockwave Player before 11.5.7.609 does not properly parse 3D ...) NOT-FOR-US: adobe shockwave_player CVE-2010-1284 (Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a ...) NOT-FOR-US: adobe shockwave_player CVE-2010-1285 (Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on ...) BUG: 322857 CVE-2010-1286 (Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a ...) NOT-FOR-US: adobe shockwave_player CVE-2010-1287 (Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a ...) NOT-FOR-US: adobe shockwave_player CVE-2010-1288 (Buffer overflow in Adobe Shockwave Player before 11.5.7.609 might ...) NOT-FOR-US: adobe shockwave_player CVE-2010-1289 (Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a ...) NOT-FOR-US: adobe shockwave_player CVE-2010-1290 (Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a ...) NOT-FOR-US: adobe shockwave_player CVE-2010-1291 (Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a ...) NOT-FOR-US: adobe shockwave_player CVE-2010-1292 (The implementation of pami RIFF chunk parsing in Adobe Shockwave ...) NOT-FOR-US: adobe shockwave_player CVE-2010-1293 (Cross-site scripting (XSS) vulnerability in the Administrator page in ...) NOT-FOR-US: adobe coldfusion CVE-2010-1294 (Unspecified vulnerability in Adobe ColdFusion 8.0, 8.0.1, and 9.0 ...) NOT-FOR-US: adobe coldfusion CVE-2010-1295 (Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on ...) BUG: 322857 CVE-2010-1296 (Multiple buffer overflows in Adobe Photoshop CS4 before 11.0.2 allow ...) NOT-FOR-US: adobe photoshop_cs4 CVE-2010-1297 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64; Adobe ...) BUG: 322855 CVE-2010-1298 (Directory traversal vulnerability in view.php in Pulse CMS 1.2.2 ...) NOT-FOR-US: pulsecms pulse_cms CVE-2010-1299 (Multiple PHP remote file inclusion vulnerabilities in DynPG CMS 4.1.0, ...) NOT-FOR-US: dynpg_cms CVE-2010-1300 (SQL injection vulnerability in index.php in Yamamah (aka Dove Photo ...) NOT-FOR-US: yamamah CVE-2010-1301 (SQL injection vulnerability in main.php in Centreon 2.1.5 allows ...) BUG: 329925 CVE-2010-1302 (Directory traversal vulnerability in dwgraphs.php in the DecryptWeb DW ...) NOT-FOR-US: decryptweb com_dwgraphs CVE-2010-1303 (Multiple cross-site scripting (XSS) vulnerabilities in the Taxonomy ...) NOT-FOR-US: jim_berry taxonomy_filter CVE-2010-1304 (Directory traversal vulnerability in userstatus.php in the User Status ...) NOT-FOR-US: joomlamo com_userstatus CVE-2010-1305 (Directory traversal vulnerability in jinventory.php in the JInventory ...) NOT-FOR-US: joomlamo com_jinventory CVE-2010-1306 (Directory traversal vulnerability in the Picasa (com_joomlapicasa2) ...) NOT-FOR-US: roberto_aloi com_joomlapicasa2 CVE-2010-1307 (Directory traversal vulnerability in the Magic Updater ...) NOT-FOR-US: software realtyna com_joomlaupdater CVE-2010-1308 (Directory traversal vulnerability in the SVMap (com_svmap) component ...) NOT-FOR-US: la souris verte com_svmap CVE-2010-1309 (Directory traversal vulnerability in Irmin CMS (formerly Pepsi CMS) ...) NOT-FOR-US: ermenegildo_fiorito irmin_cms CVE-2010-1310 (Opera 10.50 allows remote attackers to obtain sensitive information ...) BUG: 314675 CVE-2010-1311 (The qtm_decompress function in libclamav/mspack.c in ClamAV before ...) BUG: 314087 CVE-2010-1312 (Directory traversal vulnerability in the iJoomla News Portal ...) NOT-FOR-US: ijoomla com_news_portal CVE-2010-1313 (Directory traversal vulnerability in the Seber Cart (com_sebercart) ...) NOT-FOR-US: com_sebercart CVE-2010-1314 (Directory traversal vulnerability in the Highslide JS (com_hsconfig) ...) NOT-FOR-US: joomlanook com_hsconfig CVE-2010-1315 (Directory traversal vulnerability in weberpcustomer.php in the ...) NOT-FOR-US: joomlamo com_weberpcustomer CVE-2010-1316 (Multiple stack-based buffer overflows in Tembria Server Monitor before ...) NOT-FOR-US: tembria server_monitor CVE-2010-1317 (Heap-based buffer overflow in the NTLM authentication functionality in ...) NOT-FOR-US: realnetworks helix_server_mobile CVE-2010-1318 (Stack-based buffer overflow in the AgentX::receive_agentx function in ...) NOT-FOR-US: realnetworks helix_server_mobile CVE-2010-1319 (Integer overflow in the AgentX::receive_agentx function in AgentX++ ...) NOT-FOR-US: realnetworks helix_server_mobile CVE-2010-1320 (Double free vulnerability in do_tgs_req.c in the Key Distribution ...) BUG: 323525 CVE-2010-1321 (The kg_accept_krb5 function in krb5/accept_sec_context.c in the ...) BUG: 323525 CVE-2010-1322 (The merge_authdata function in kdc_authdata.c in the Key Distribution ...) TODO: check CVE-2010-1323 RESERVED CVE-2010-1324 RESERVED CVE-2010-1325 (Cross-site request forgery (CSRF) vulnerability in the apache2-slms ...) NOT-FOR-US: novell suse_lifecycle_management_server CVE-2010-1326 (perms.cpp in March Hare Software CVSNT 2.0.58, 2.5.01, 2.5.02, 2.5.03 ...) NOT-FOR-US: march hare cvsnt CVE-2010-1327 (Multiple SQL injection vulnerabilities in TornadoStore 1.4.3 and ...) NOT-FOR-US: tornadostore CVE-2010-1328 (Multiple cross-site scripting (XSS) vulnerabilities in TornadoStore ...) NOT-FOR-US: tornadostore CVE-2010-1329 (Imperva SecureSphere Web Application Firewall and Database Firewall ...) NOT-FOR-US: imperva securesphere_web_application_firewall CVE-2010-1330 RESERVED CVE-2010-1331 (SQL injection vulnerability in Heartlogic HL-SiteManager allows remote ...) NOT-FOR-US: Heartlogic CVE-2010-1332 (Cross-site scripting (XSS) vulnerability in PrettyBook PrettyFormMail ...) NOT-FOR-US: PrettyBook CVE-2010-1333 (Multiple cross-site scripting (XSS) vulnerabilities in Almas Inc. ...) NOT-FOR-US: Almas CVE-2010-1334 (Unrestricted file upload vulnerability in Pulse CMS Basic 1.2.4 allows ...) NOT-FOR-US: Pulse CMS Basic CVE-2010-1335 (Multiple PHP remote file inclusion vulnerabilities in Insky CMS ...) NOT-FOR-US: Insky CMS CVE-2010-1336 (Multiple SQL injection vulnerabilities in INVOhost 3.4 allow remote ...) NOT-FOR-US: INVOhost CVE-2010-1337 (Multiple PHP remote file inclusion vulnerabilities in definitions.php ...) NOT-FOR-US: Lussumo Vanilla CVE-2010-1338 (SQL injection vulnerability in ts_other.php in the Teamsite Hack ...) NOT-FOR-US: Teamsite Hack plugin CVE-2010-1339 (Cross-site scripting (XSS) vulnerability in ts_other.php in the ...) NOT-FOR-US: Teamsite Hack plugin CVE-2010-1340 (Directory traversal vulnerability in jresearch.php in the J!Research ...) NOT-FOR-US: J Research CVE-2010-1341 (SQL injection vulnerability in index.php in Systemsoftware Community ...) NOT-FOR-US: Systemsoftware CVE-2010-1342 (Multiple PHP remote file inclusion vulnerabilities in Direct News ...) NOT-FOR-US: Direct News CVE-2010-1343 (SQL injection vulnerability in photo.php in SiteX 0.7.4 beta allows ...) NOT-FOR-US: SiteX CVE-2010-1344 (SQL injection vulnerability in the Cookex Agency CKForms (com_ckforms) ...) NOT-FOR-US: Cookex Agency CKForms com_ckforms component CVE-2010-1345 (Directory traversal vulnerability in the Cookex Agency CKForms ...) NOT-FOR-US: Cookex Agency CKForms com_ckforms component CVE-2010-1346 (SQL injection vulnerability in admin/login.php in Mini CMS RibaFS 1.0, ...) NOT-FOR-US: Mini CMS RibaFS CVE-2010-1347 (Director Agent 6.1 before 6.1.2.3 in IBM Systems Director on AIX and ...) NOT-FOR-US: ibm director_agent CVE-2010-1348 (Unspecified vulnerability in the login process in IBM WebSphere Portal ...) NOT-FOR-US: ibm websphere_portal CVE-2010-1349 (Integer overflow in Opera 10.10 through 10.50 allows remote attackers ...) BUG: 324189 CVE-2010-1350 (SQL injection vulnerability in the JP Jobs (com_jp_jobs) component ...) NOT-FOR-US: joomlaprojects com_jp_jobs CVE-2010-1351 (Multiple PHP remote file inclusion vulnerabilities in Nodesforum 1.033 ...) NOT-FOR-US: nodesforum CVE-2010-1352 (Directory traversal vulnerability in the JOOFORGE Jutebox ...) NOT-FOR-US: jooforge com_jukebox CVE-2010-1353 (Directory traversal vulnerability in the LoginBox Pro (com_loginbox) ...) NOT-FOR-US: wowjoomla com_loginbox CVE-2010-1354 (Directory traversal vulnerability in the VJDEO (com_vjdeo) component ...) NOT-FOR-US: ternaria com_vjdeo CVE-2010-1355 (Cross-site scripting (XSS) vulnerability on the TANDBERG Video ...) NOT-FOR-US: vsecurity tandberg_video_communication_server CVE-2010-1356 (Unspecified vulnerability on the TANDBERG Video Communication Server ...) NOT-FOR-US: vsecurity tandberg_video_communication_server CVE-2010-1357 (Cross-site scripting (XSS) vulnerability in editors/logindialogue.php ...) NOT-FOR-US: sbddirectorysoftware sbd_directory_software CVE-2010-1358 (Cross-site scripting (XSS) vulnerability in the Bibliography (Biblio) ...) NOT-FOR-US: ron_jerome bibliography CVE-2010-1359 (SQL injection vulnerability in bluegate_seo.inc.php in the Direct URL ...) NOT-FOR-US: bluegate direct_url CVE-2010-1360 (Multiple PHP remote file inclusion vulnerabilities in FAQEngine ...) NOT-FOR-US: boesch it faqengine CVE-2010-1361 (Cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: glarotech phpeppershop CVE-2010-1362 (Cross-site scripting (XSS) vulnerability in the Own Term module ...) NOT-FOR-US: ben_jeavons ownterm CVE-2010-1363 (SQL injection vulnerability in the JProjects (com_j-projects) ...) NOT-FOR-US: extremejoomla com_j projects CVE-2010-1364 (SQL injection vulnerability in index.php in Uiga Personal Portal, as ...) NOT-FOR-US: uiga personal_portal CVE-2010-1365 (SQL injection vulnerability in index.php in Uiga Fan Club, as ...) NOT-FOR-US: uiga fan_club CVE-2010-1366 (Multiple SQL injection vulnerabilities in admin/admin_login.php in ...) NOT-FOR-US: uiga fan_club CVE-2010-1367 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: uiga fan_club CVE-2010-1368 (SQL injection vulnerability in index.php in GameScript (GS) 3.0 allows ...) NOT-FOR-US: gamescript CVE-2010-1369 (SQL injection vulnerability in signup.asp in Pre Classified Listings ...) NOT-FOR-US: preprojects pre_classified_listings_asp CVE-2010-1370 (SQL injection vulnerability in detailad.asp in Pre Classified Listings ...) NOT-FOR-US: preprojects pre_classified_listings_asp CVE-2010-1371 (Cross-site scripting (XSS) vulnerability in signup.asp in Pre ...) NOT-FOR-US: preprojects pre_classified_listings_asp CVE-2010-1372 (SQL injection vulnerability in the HD FLV Player (com_hdflvplayer) ...) NOT-FOR-US: com_hdflvplayer CVE-2010-1373 (Cross-site scripting (XSS) vulnerability in Help Viewer in Apple Mac ...) NOT-FOR-US: apple mac_os_x_server CVE-2010-1374 (Directory traversal vulnerability in iChat in Apple Mac OS X 10.5.8, ...) NOT-FOR-US: apple mac_os_x_server CVE-2010-1375 (NetAuthSysAgent in Network Authorization in Apple Mac OS X 10.5.8 does ...) NOT-FOR-US: apple mac_os_x_server CVE-2010-1376 (Multiple format string vulnerabilities in Network Authorization in ...) NOT-FOR-US: apple mac_os_x_server CVE-2010-1377 (Open Directory in Apple Mac OS X 10.6 before 10.6.4 creates an ...) NOT-FOR-US: apple mac_os_x_server CVE-2010-1378 RESERVED CVE-2010-1379 (Printer Setup in Apple Mac OS X 10.6 before 10.6.4 does not properly ...) NOT-FOR-US: apple mac_os_x_server CVE-2010-1380 (Integer overflow in the cgtexttops CUPS filter in Printing in Apple ...) NOT-FOR-US: apple mac_os_x_server CVE-2010-1381 (The default configuration of SMB File Server in Apple Mac OS X 10.5.8, ...) NOT-FOR-US: apple mac_os_x_server CVE-2010-1382 (Cross-site scripting (XSS) vulnerability in Wiki Server in Apple Mac ...) NOT-FOR-US: apple mac_os_x_server CVE-2010-1383 RESERVED CVE-2010-1384 (Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and ...) TODO: check CVE-2010-1385 (Use-after-free vulnerability in Apple Safari before 5.0 on Mac OS X ...) TODO: check CVE-2010-1386 (page/Geolocation.cpp in WebCore in WebKit before r56188 and before ...) TODO: check CVE-2010-1387 (Use-after-free vulnerability in JavaScriptCore in WebKit in Apple ...) NOT-FOR-US: apple itunes CVE-2010-1388 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6, and ...) TODO: check CVE-2010-1389 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...) TODO: check CVE-2010-1390 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...) TODO: check CVE-2010-1391 (Multiple directory traversal vulnerabilities in the (a) Local Storage ...) TODO: check CVE-2010-1392 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on ...) TODO: check CVE-2010-1393 (The Cascading Style Sheets (CSS) implementation in WebKit in Apple ...) TODO: check CVE-2010-1394 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...) TODO: check CVE-2010-1395 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...) TODO: check CVE-2010-1396 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on ...) TODO: check CVE-2010-1397 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on ...) TODO: check CVE-2010-1398 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and ...) TODO: check CVE-2010-1399 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and ...) TODO: check CVE-2010-1400 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on ...) TODO: check CVE-2010-1401 (Use-after-free vulnerability in the Cascading Style Sheets (CSS) ...) TODO: check CVE-2010-1402 (Double free vulnerability in WebKit in Apple Safari before 5.0 on Mac ...) TODO: check CVE-2010-1403 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and ...) TODO: check CVE-2010-1404 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on ...) TODO: check CVE-2010-1405 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on ...) TODO: check CVE-2010-1406 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and ...) TODO: check CVE-2010-1407 (WebKit in Apple iOS before 4 on the iPhone and iPod touch does not ...) NOT-FOR-US: apple iphone_os CVE-2010-1408 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and ...) TODO: check CVE-2010-1409 (Incomplete blacklist vulnerability in WebKit in Apple Safari before ...) TODO: check CVE-2010-1410 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and ...) TODO: check CVE-2010-1411 (Multiple integer overflows in the Fax3SetupState function in ...) BUG: 324885 CVE-2010-1412 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on ...) TODO: check CVE-2010-1413 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and ...) TODO: check CVE-2010-1414 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on ...) TODO: check CVE-2010-1415 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and ...) TODO: check CVE-2010-1416 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and ...) TODO: check CVE-2010-1417 (The Cascading Style Sheets (CSS) implementation in WebKit in Apple ...) TODO: check CVE-2010-1418 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...) TODO: check CVE-2010-1419 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on ...) TODO: check CVE-2010-1420 RESERVED CVE-2010-1421 (The execCommand JavaScript function in WebKit in Apple Safari before ...) TODO: check CVE-2010-1422 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and ...) TODO: check CVE-2010-1423 (Argument injection vulnerability in the URI handler in (a) Java NPAPI ...) NOT-FOR-US: oracle jre CVE-2010-1424 (Unspecified vulnerability in JustSystems Ichitaro and Ichitaro ...) NOT-FOR-US: justsystems ichitaro CVE-2010-1425 (F-Secure Internet Security 2010 and earlier; Anti-Virus for Microsoft ...) NOT-FOR-US: f secure internet_gatekeeper CVE-2010-1426 (SQL injection vulnerability in MODx Evolution before 1.0.3 allows ...) NOT-FOR-US: modxcms CVE-2010-1427 (Cross-site scripting (XSS) vulnerability in the SearchHighlight plugin ...) NOT-FOR-US: modxcms evolution CVE-2010-1428 (The Web Console (aka web-console) in JBossAs in Red Hat JBoss ...) NOT-FOR-US: redhat jboss_enterprise_application_platform CVE-2010-1429 (Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) ...) NOT-FOR-US: redhat jboss_enterprise_application_platform CVE-2010-1430 RESERVED CVE-2010-1431 (SQL injection vulnerability in templates_export.php in Cacti 0.8.7e ...) BUG: 317615 CVE-2010-1432 RESERVED CVE-2010-1433 RESERVED CVE-2010-1434 RESERVED CVE-2010-1435 RESERVED CVE-2010-1436 (gfs2 in the Linux kernel 2.6.18, and possibly other versions, does not ...) BUG: 325567 CVE-2010-1437 (Race condition in the find_keyring_by_name function in ...) BUG: 325571 CVE-2010-1438 (Web Application Finger Printer (WAFP) 0.01-26c3 uses fixed pathnames ...) NOT-FOR-US: mytty webapplication_finger_printer CVE-2010-1439 (yum-rhn-plugin in Red Hat Network Client Tools (aka rhn-client-tools) ...) NOT-FOR-US: redhat yum rhn plugin CVE-2010-1440 (Multiple integer overflows in dvipsk/dospecial.c in dvips in TeX Live ...) BUG: 324019 CVE-2010-1441 RESERVED CVE-2010-1442 RESERVED CVE-2010-1443 RESERVED CVE-2010-1444 RESERVED CVE-2010-1445 RESERVED CVE-2010-1446 (arch/powerpc/mm/fsl_booke_mmu.c in KGDB in the Linux kernel 2.6.30 and ...) BUG: 325573 CVE-2010-1447 (The Safe (aka Safe.pm) module 2.26, and certain earlier versions, for ...) BUG: 320967 CVE-2010-1448 (Cross-site scripting (XSS) vulnerability in lib/LXR/Common.pm in LXR ...) BUG: 325575 CVE-2010-1449 (Integer overflow in rgbimgmodule.c in the rgbimg module in Python 2.5 ...) BUG: 335868 CVE-2010-1450 (Multiple buffer overflows in the RLE decoder in the rgbimg module in ...) BUG: 335868 CVE-2010-1451 (The TSB I-TLB load implementation in arch/sparc/kernel/tsb.S in the ...) BUG: 332037 CVE-2010-1452 (The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server ...) BUG: 330195 CVE-2010-1453 (Cross-site scripting (XSS) vulnerability in the Login form in Piwik ...) NOT-FOR-US: piwik CVE-2010-1454 (com.springsource.tcserver.serviceability.rmi.JmxSocketListener in ...) NOT-FOR-US: vmware tc_server CVE-2010-1455 (The DOCSIS dissector in Wireshark 0.9.6 through 1.0.12 and 1.2.0 ...) BUG: 318935 CVE-2010-1456 REJECTED CVE-2010-1457 (Tools/gdomap.c in gdomap in GNUstep Base before 1.20.0 allows local ...) BUG: 325579 CVE-2010-1458 (Stack-based buffer overflow in Create and Extract Zips TweakFS Zip ...) NOT-FOR-US: tweakfs_zip_utility CVE-2010-1459 (The default configuration of ASP.NET in Mono before 2.6.4 has a value ...) BUG: 335617 CVE-2010-1460 (The IBM BladeCenter with Advanced Management Module (AMM) firmware ...) NOT-FOR-US: IBM CVE-2010-1461 (Directory traversal vulnerability in the Photo Battle ...) NOT-FOR-US: Photo Battle com_photobattle component CVE-2010-1462 (Directory traversal vulnerability in WebAsyst Shop-Script FREE has ...) NOT-FOR-US: WebAsyst CVE-2010-1463 (Multiple SQL injection vulnerabilities in WebAsyst Shop-Script FREE ...) NOT-FOR-US: WebAsyst CVE-2010-1464 (Multiple cross-site scripting (XSS) vulnerabilities in WebAsyst ...) NOT-FOR-US: WebAsyst CVE-2010-1465 (Stack-based buffer overflow in Trellian FTP client 3.01, including ...) NOT-FOR-US: Trellian FTP client CVE-2010-1466 (Directory traversal vulnerability in scr/soustab.php in openUrgence ...) NOT-FOR-US: openUrgence Vaccin CVE-2010-1467 (Multiple PHP remote file inclusion vulnerabilities in openUrgence ...) NOT-FOR-US: openUrgence Vaccin CVE-2010-1468 (SQL injection vulnerability in the Multi-Venue Restaurant Menu Manager ...) NOT-FOR-US: focusdev com_mv_restaurantmenumanager CVE-2010-1469 (Directory traversal vulnerability in the Ternaria Informatica JProject ...) NOT-FOR-US: ternaria com_jprojectmanager CVE-2010-1470 (Directory traversal vulnerability in the Web TV (com_webtv) component ...) NOT-FOR-US: com_webtv CVE-2010-1471 (Directory traversal vulnerability in the AddressBook (com_addressbook) ...) NOT-FOR-US: b_elektro com_addressbook CVE-2010-1472 (Directory traversal vulnerability in the Daily Horoscope ...) NOT-FOR-US: kazulah com_horoscope CVE-2010-1473 (Directory traversal vulnerability in the Advertising (com_advertising) ...) NOT-FOR-US: com_advertising CVE-2010-1474 (Directory traversal vulnerability in the Sweety Keeper ...) NOT-FOR-US: supachai_teasakul com_sweetykeeper CVE-2010-1475 (Directory traversal vulnerability in the Preventive & Reservation ...) NOT-FOR-US: ternaria com_preventive CVE-2010-1476 (Directory traversal vulnerability in the AlphaUserPoints ...) NOT-FOR-US: alphaplug com_alphauserpoints CVE-2010-1477 (SQL injection vulnerability in the SermonSpeaker (com_sermonspeaker) ...) NOT-FOR-US: martin_hess com_sermonspeaker CVE-2010-1478 (Directory traversal vulnerability in the Ternaria Informatica ...) NOT-FOR-US: ternaria com_jfeedback CVE-2010-1479 (SQL injection vulnerability in the RokModule (com_rokmodule) component ...) NOT-FOR-US: rockettheme com_rokmodule CVE-2010-1480 (SQL injection vulnerability in the RokModule (com_rokmodule) component ...) NOT-FOR-US: rockettheme com_rokmodule CVE-2010-1481 (Cross-site scripting (XSS) vulnerability in the table feature in ...) NOT-FOR-US: pmwiki CVE-2010-1482 (Cross-site scripting (XSS) vulnerability in admin/editprefs.php in the ...) NOT-FOR-US: cmsmadesimple cms_made_simple CVE-2010-1483 RESERVED CVE-2010-1484 RESERVED CVE-2010-1485 RESERVED CVE-2010-1486 (Multiple cross-site scripting (XSS) vulnerabilities in _invoice.asp in ...) NOT-FOR-US: CactuShop CVE-2010-1487 (IBM Lotus Notes 7.0, 8.0, and 8.5 stores administrative credentials in ...) NOT-FOR-US: ibm lotus_notes CVE-2010-1488 (The proc_oom_score function in fs/proc/base.c in the Linux kernel ...) BUG: 325579 CVE-2010-1489 (The XSS Filter in Microsoft Internet Explorer 8 does not properly ...) NOT-FOR-US: microsoft ie CVE-2010-1490 (Unspecified vulnerability in IBM Cognos 8 Business Intelligence before ...) NOT-FOR-US: IBM Cognos CVE-2010-1491 (Directory traversal vulnerability in the MMS Blog (com_mmsblog) ...) NOT-FOR-US: MMS Blog com_mmsblog component CVE-2010-1492 (Directory traversal vulnerability in help/frameRight.php in Elastix ...) NOT-FOR-US: Elastix CVE-2010-1493 (SQL injection vulnerability in the AWDwall (com_awdwall) component ...) NOT-FOR-US: AWDwall com_awdwall component CVE-2010-1494 (Directory traversal vulnerability in the AWDwall (com_awdwall) ...) NOT-FOR-US: AWDwall com_awdwall component CVE-2010-1495 (Directory traversal vulnerability in the Matamko (com_matamko) ...) NOT-FOR-US: Matamko com_matamko component CVE-2010-1496 (SQL injection vulnerability in the JoltCard (com_joltcard) component ...) NOT-FOR-US: JoltCard com_joltcard component CVE-2010-1497 (Cross-site scripting (XSS) vulnerability in download_proc.php in ...) NOT-FOR-US: dl_stats CVE-2010-1498 (Multiple SQL injection vulnerabilities in dl_stats before 2.0 allow ...) NOT-FOR-US: dl_stats CVE-2010-1499 (SQL injection vulnerability in genre_artists.php in MusicBox 3.3 ...) NOT-FOR-US: MusicBox CVE-2010-1500 (Google Chrome before 4.1.249.1059 does not properly support forms, ...) TODO: check CVE-2010-1501 REJECTED NOT-FOR-US: this CVE-2010-1502 (Unspecified vulnerability in Google Chrome before 4.1.249.1059 allows ...) TODO: check CVE-2010-1503 (Cross-site scripting (XSS) vulnerability in Google Chrome before ...) TODO: check CVE-2010-1504 (Cross-site scripting (XSS) vulnerability in Google Chrome before ...) TODO: check CVE-2010-1505 (Google Chrome before 4.1.249.1059 does not prevent pages from loading ...) TODO: check CVE-2010-1506 (The Google V8 bindings in Google Chrome before 4.1.249.1059 allow ...) TODO: check CVE-2010-1507 (WebYaST in yast2-webclient in SUSE Linux Enterprise (SLE) 11 on the ...) NOT-FOR-US: novell suse_linux CVE-2010-1508 RESERVED CVE-2010-1509 (IrfanView before 4.27 does not properly handle an unspecified integer ...) NOT-FOR-US: irfanview CVE-2010-1510 (Heap-based buffer overflow in IrfanView before 4.27 allows remote ...) NOT-FOR-US: irfanview CVE-2010-1511 (KGet 2.4.2 in KDE SC 4.0.0 through 4.4.3 does not properly request ...) BUG: 319719 CVE-2010-1512 (Directory traversal vulnerability in aria2 before 1.9.3 allows remote ...) BUG: 320975 CVE-2010-1513 (Multiple integer overflows in src/image.c in Ziproxy before 3.0.1 ...) BUG: 324021 CVE-2010-1514 (Unrestricted file upload vulnerability in TomatoCMS 2.0.6 and earlier ...) NOT-FOR-US: tomatocms CVE-2010-1515 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) NOT-FOR-US: tomatocms CVE-2010-1516 (Multiple integer overflows in SWFTools 0.9.1 allow remote attackers to ...) BUG: 332649 CVE-2010-1517 (The GIGABYTE Dldrv2 ActiveX control 1.4.206.11 allows remote attackers ...) NOT-FOR-US: gigabyte dldrv2_activex_control CVE-2010-1518 (Array index error in the SetDLInfo method in the GIGABYTE Dldrv2 ...) NOT-FOR-US: gigabyte dldrv2_activex_control CVE-2010-1519 (Multiple integer overflows in glpng.c in glpng 1.45 allow ...) BUG: 332511 CVE-2010-1520 (Cross-site scripting (XSS) vulnerability in logout.php in TaskFreak! ...) NOT-FOR-US: taskfreak CVE-2010-1521 (SQL injection vulnerability in include/classes/tzn_user.php in ...) NOT-FOR-US: taskfreak CVE-2010-1522 (Multiple SQL injection vulnerabilities in the BookLibrary Basic ...) NOT-FOR-US: ordasoft com_booklibrary CVE-2010-1523 (Multiple heap-based buffer overflows in vp6.w5s (aka the VP6 codec) in ...) TODO: check CVE-2010-1524 (The SpreadSheet Lotus 123 reader (wkssr.dll) in Autonomy KeyView 10.4 ...) NOT-FOR-US: autonomy keyview_viewer_sdk CVE-2010-1525 (Integer underflow in the SpreadSheet Lotus 123 reader (wkssr.dll) in ...) NOT-FOR-US: autonomy keyview_viewer_sdk CVE-2010-1526 (Multiple integer overflows in libgdiplus 2.6.7, as used in Mono, allow ...) BUG: 334101 CVE-2010-1527 (Stack-based buffer overflow in Novell iPrint Client before 5.44 allows ...) NOT-FOR-US: novell iprint CVE-2010-1528 (PHP remote file inclusion vulnerability in include/template.php in ...) NOT-FOR-US: uiga proxy CVE-2010-1529 (SQL injection vulnerability in the Freestyle FAQs Lite (com_fsf) ...) NOT-FOR-US: freestyle faqs_lite CVE-2010-1530 (Multiple cross-site scripting (XSS) vulnerabilities in the ...) NOT-FOR-US: reyero i18n CVE-2010-1531 (Directory traversal vulnerability in the redSHOP (com_redshop) ...) NOT-FOR-US: redcomponent redshop CVE-2010-1532 (Directory traversal vulnerability in the givesight PowerMail Pro ...) NOT-FOR-US: givesight com_powermail CVE-2010-1533 (Directory traversal vulnerability in the TweetLA (com_tweetla) ...) NOT-FOR-US: peter_hocherl tweetla CVE-2010-1534 (Directory traversal vulnerability in the Shoutbox Pro (com_shoutbox) ...) NOT-FOR-US: joomla batjo com_shoutbox CVE-2010-1535 (Directory traversal vulnerability in the TRAVELbook (com_travelbook) ...) NOT-FOR-US: peter_hocherl travelbook CVE-2010-1536 (Cross-site scripting (XSS) vulnerability in the AddThis Button module ...) NOT-FOR-US: mearra addthis CVE-2010-1537 (Multiple directory traversal vulnerabilities in phpCDB 1.0 and earlier ...) NOT-FOR-US: francois_bissonnette phpcdb CVE-2010-1538 (SQL injection vulnerability in print_raincheck.php in phpRAINCHECK ...) NOT-FOR-US: bluestrikeweb phpraincheck CVE-2010-1539 (Cross-site scripting (XSS) vulnerability in the Workflow module ...) NOT-FOR-US: john_vandyk workflow CVE-2010-1540 (Directory traversal vulnerability in index.php in the MyBlog ...) NOT-FOR-US: myblog CVE-2010-1541 (Multiple cross-site scripting (XSS) vulnerabilities in DFD Cart 1.198, ...) NOT-FOR-US: dragonfrugal dfd_cart CVE-2010-1542 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...) NOT-FOR-US: dragonfrugal dfd_cart CVE-2010-1543 (Cross-site scripting (XSS) vulnerability in the eTracker module before ...) NOT-FOR-US: etracker CVE-2010-1544 (micro_httpd on the RCA DCM425 cable modem allows remote attackers to ...) NOT-FOR-US: rca digital_cable_modem CVE-2010-1545 RESERVED CVE-2010-1546 (Multiple eval injection vulnerabilities in the import functionality in ...) NOT-FOR-US: angrydonuts ctools CVE-2010-1547 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...) NOT-FOR-US: angrydonuts ctools CVE-2010-1548 (The auto-complete functionality in the Chaos Tool Suite (aka CTools) ...) NOT-FOR-US: angrydonuts ctools CVE-2010-1549 (Unspecified vulnerability in the Agent in HP LoadRunner before 9.50 ...) NOT-FOR-US: hp loadrunner CVE-2010-1550 (Format string vulnerability in ovet_demandpoll.exe in HP OpenView ...) NOT-FOR-US: hp openview_network_node_manager CVE-2010-1551 (Stack-based buffer overflow in the _OVParseLLA function in ov.dll in ...) NOT-FOR-US: hp openview_network_node_manager CVE-2010-1552 (Stack-based buffer overflow in the doLoad function in snmpviewer.exe ...) NOT-FOR-US: hp openview_network_node_manager CVE-2010-1553 (Stack-based buffer overflow in getnnmdata.exe in HP OpenView Network ...) NOT-FOR-US: hp openview_network_node_manager CVE-2010-1554 (Stack-based buffer overflow in getnnmdata.exe in HP OpenView Network ...) NOT-FOR-US: hp openview_network_node_manager CVE-2010-1555 (Stack-based buffer overflow in getnnmdata.exe in HP OpenView Network ...) NOT-FOR-US: hp openview_network_node_manager CVE-2010-1556 (Unspecified vulnerability in HP Systems Insight Manager (SIM) 5.3, 5.3 ...) NOT-FOR-US: hp systems_insight_manager CVE-2010-1557 (Multiple cross-site scripting (XSS) vulnerabilities in HP Insight ...) NOT-FOR-US: hp insight_control_server_migration_for_windows CVE-2010-1558 (Unspecified vulnerability in HP Multifunction Peripheral (MFP) Digital ...) NOT-FOR-US: hp multifunction_peripheral_digital_sending_software CVE-2010-1559 (SQL injection vulnerability in the SermonSpeaker (com_sermonspeaker) ...) NOT-FOR-US: martin_hess com_sermonspeaker CVE-2010-1560 (Buffer overflow in the REPEAT function in IBM DB2 9.1 before FP9 ...) NOT-FOR-US: ibm db2 CVE-2010-1561 (The SIP implementation on the Cisco PGW 2200 Softswitch with software ...) NOT-FOR-US: cisco pgw_2200_softswitch CVE-2010-1562 (The SIP implementation on the Cisco PGW 2200 Softswitch with software ...) NOT-FOR-US: cisco pgw_2200_softswitch CVE-2010-1563 (The SIP implementation on the Cisco PGW 2200 Softswitch with software ...) NOT-FOR-US: cisco pgw_2200_softswitch CVE-2010-1564 REJECTED NOT-FOR-US: this CVE-2010-1565 (Unspecified vulnerability in the SIP implementation on the Cisco PGW ...) NOT-FOR-US: cisco pgw_2200_softswitch CVE-2010-1566 RESERVED CVE-2010-1567 (The SIP implementation on the Cisco PGW 2200 Softswitch with software ...) NOT-FOR-US: cisco pgw_2200_softswitch CVE-2010-1568 (The Send Secure functionality in the Cisco IronPort Desktop Flag ...) NOT-FOR-US: cisco ironport_desktop_flag_plugin_for_outlook CVE-2010-1569 RESERVED CVE-2010-1570 (The computer telephony integration (CTI) server component in Cisco ...) NOT-FOR-US: cisco unified_ip_interactive_voice_response CVE-2010-1571 (Directory traversal vulnerability in the bootstrap service in Cisco ...) NOT-FOR-US: cisco unified_ip_interactive_voice_response CVE-2010-1572 (Unspecified vulnerability in the tech support diagnostic shell in ...) NOT-FOR-US: cisco application_extension_framework CVE-2010-1573 (Linksys WAP54Gv3 firmware 3.04.03 and earlier uses a hard-coded ...) NOT-FOR-US: linksys wap54gv3 CVE-2010-1574 (IOS 12.2(52)SE and 12.2(52)SE1 on Cisco Industrial Ethernet (IE) 3000 ...) NOT-FOR-US: cisco ios CVE-2010-1575 (The Cisco Content Services Switch (CSS) 11500 with software 08.20.1.01 ...) NOT-FOR-US: cisco content_services_switch_11500 CVE-2010-1576 (The Cisco Content Services Switch (CSS) 11500 with software before ...) NOT-FOR-US: cisco content_services_switch_11500 CVE-2010-1577 (Directory traversal vulnerability in Cisco Internet Streamer, as used ...) NOT-FOR-US: cisco internet_streamer CVE-2010-1578 (Unspecified vulnerability in the SunRPC inspection feature on Cisco ...) NOT-FOR-US: cisco adaptive_security_appliance CVE-2010-1579 (Unspecified vulnerability in the SunRPC inspection feature on Cisco ...) NOT-FOR-US: cisco adaptive_security_appliance CVE-2010-1580 (Unspecified vulnerability in the SunRPC inspection feature on Cisco ...) NOT-FOR-US: cisco adaptive_security_appliance CVE-2010-1581 (Unspecified vulnerability in the Transport Layer Security (TLS) ...) NOT-FOR-US: cisco adaptive_security_appliance CVE-2010-1582 RESERVED CVE-2010-1583 (SQL injection vulnerability in the loadByKey function in the ...) NOT-FOR-US: tirzen_framework CVE-2010-1584 (Cross-site scripting (XSS) vulnerability in the Context module before ...) NOT-FOR-US: steven_jones context CVE-2010-1585 (The nsIScriptableUnescapeHTML.parseFragment method in Mozilla Firefox ...) TODO: check CVE-2010-1586 (Open redirect vulnerability in red2301.html in HP System Management ...) NOT-FOR-US: hp system_management_homepage CVE-2010-1587 (The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and ...) NOT-FOR-US: apache activemq CVE-2010-1588 (SQL injection vulnerability in the Getwebsess function in ...) NOT-FOR-US: vpasp vp asp_shopping_cart CVE-2010-1589 (Directory traversal vulnerability in shopsessionsubs.asp in Rocksalt ...) NOT-FOR-US: vpasp vp asp_shopping_cart CVE-2010-1590 (Cross-site scripting (XSS) vulnerability in shopsessionsubs.asp in ...) NOT-FOR-US: vpasp vp asp_shopping_cart CVE-2010-1591 (Beijing Rising International Rising Antivirus 2008 through 2010 does ...) NOT-FOR-US: rising global rising_antivirus CVE-2010-1592 (sandra.sys 15.18.1.1 and earlier in the Sandra Device Driver in ...) NOT-FOR-US: sisoftware sandra CVE-2010-1593 (Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe ...) NOT-FOR-US: silverstripe CVE-2010-1594 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: ocsinventory ng ocs_inventory_ng CVE-2010-1595 (Multiple SQL injection vulnerabilities in ocsreports/index.php in OCS ...) NOT-FOR-US: ocsinventory ng ocs_inventory_ng CVE-2010-1596 (Support Incident Tracker before 3.51, when using LDAP authentication ...) NOT-FOR-US: sitracker support_incident_tracker CVE-2010-1597 (Stack-based buffer overflow in zgtips.dll in ZipGenius 6.3.1.2552 ...) NOT-FOR-US: zipgenius CVE-2010-1598 (phpThumb.php in phpThumb() 1.7.9 and possibly other versions, when ...) NOT-FOR-US: silisoftware phpthumb CVE-2010-1599 (SQL injection vulnerability in loadorder.php in NKInFoWeb 2.5 and ...) NOT-FOR-US: nkinfoweb CVE-2010-1600 (SQL injection vulnerability in the Media Mall Factory (com_mediamall) ...) NOT-FOR-US: thefactory com_mediamall CVE-2010-1601 (Directory traversal vulnerability in the JA Comment (com_jacomment) ...) NOT-FOR-US: joomlamart com_jacomment CVE-2010-1602 (Directory traversal vulnerability in the ZiMB Comment ...) NOT-FOR-US: zimbllc com_zimbcomment CVE-2010-1603 (Directory traversal vulnerability in the ZiMB Core (aka ZiMBCore or ...) NOT-FOR-US: zimbllc com_zimbcore CVE-2010-1604 (Multiple SQL injection vulnerabilities in admin_login.php in NCT Jobs ...) NOT-FOR-US: ncrypted nct_jobs_portal_script CVE-2010-1605 (Multiple SQL injection vulnerabilities in isearch.php in NCT Jobs ...) NOT-FOR-US: ncrypted nct_jobs_portal_script CVE-2010-1606 (Multiple cross-site scripting (XSS) vulnerabilities in NCT Jobs Portal ...) NOT-FOR-US: ncrypted nct_jobs_portal_script CVE-2010-1607 (Directory traversal vulnerability in wmi.php in the Webmoney Web ...) NOT-FOR-US: paysyspro com_wmi CVE-2010-1608 (Stack-based buffer overflow in IBM Lotus Notes 8.5 and 8.5fp1, and ...) NOT-FOR-US: ibm lotus_notes CVE-2010-1609 (Cross-site scripting (XSS) vulnerability in SAP NetWeaver 2004 before ...) NOT-FOR-US: sap netweaver CVE-2010-1610 (Cross-site request forgery (CSRF) vulnerability in index.php in ...) NOT-FOR-US: opencart CVE-2010-1611 (Cross-site request forgery (CSRF) vulnerability in AlegroCart 1.1 ...) NOT-FOR-US: alegrocart CVE-2010-1612 (The IBM WebSphere DataPower XML Accelerator XA35, Low Latency ...) NOT-FOR-US: ibm websphere_datapower_xml_security_gateway_xs40 CVE-2010-1613 (Moodle 1.8.x and 1.9.x before 1.9.8 does not enable the "Regenerate ...) NOT-FOR-US: moodle CVE-2010-1614 (Multiple cross-site scripting (XSS) vulnerabilities in Moodle 1.8.x ...) NOT-FOR-US: moodle CVE-2010-1615 (Multiple SQL injection vulnerabilities in Moodle 1.8.x before 1.8.12 ...) NOT-FOR-US: moodle CVE-2010-1616 (Moodle 1.8.x and 1.9.x before 1.9.8 can create new roles when ...) NOT-FOR-US: moodle CVE-2010-1617 (user/view.php in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 ...) NOT-FOR-US: moodle CVE-2010-1618 (Cross-site scripting (XSS) vulnerability in the phpCAS client library ...) NOT-FOR-US: moodle CVE-2010-1619 (Cross-site scripting (XSS) vulnerability in the ...) NOT-FOR-US: moodle CVE-2010-1620 (Integer overflow in the load_iface function in Tools/gdomap.c in ...) BUG: 325577 CVE-2010-1621 (The mysql_uninstall_plugin function in sql/sql_plugin.cc in MySQL ...) BUG: 321791 CVE-2010-1622 (SpringSource Spring Framework 2.5.x before 2.5.6.SEC02, 2.5.7 before ...) NOT-FOR-US: spring CVE-2010-1623 (Memory leak in the apr_brigade_split_line function in ...) BUG: 339527 CVE-2010-1624 (The msn_emoticon_msg function in slp.c in the MSN protocol plugin in ...) BUG: 324023 CVE-2010-1625 (Cross-site scripting (XSS) vulnerability in LXR Cross Referencer ...) BUG: 325575 CVE-2010-1626 (MySQL before 5.1.46 allows local users to delete the data and index ...) BUG: 321791 CVE-2010-1627 (feed.php in phpBB 3.0.7 before 3.0.7-PL1 does not properly check ...) BUG: 320977 CVE-2010-1628 (Ghostscript 8.64, 8.70, and possibly other versions allows ...) BUG: 332061 CVE-2010-1629 (Cross-site scripting (XSS) vulnerability in Phorum before 5.2.15 ...) NOT-FOR-US: phorum CVE-2010-1630 (Unspecified vulnerability in posting.php in phpBB before 3.0.5 has ...) BUG: 320977 CVE-2010-1631 RESERVED CVE-2010-1632 (Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server ...) TODO: check CVE-2010-1633 (RSA verification recovery in the EVP_PKEY_verify_recover function in ...) BUG: 322575 CVE-2010-1634 (Multiple integer overflows in audioop.c in the audioop module in ...) BUG: 325593 CVE-2010-1635 (The chain_reply function in process.c in smbd in Samba before 3.4.8 ...) BUG: 332063 CVE-2010-1636 (The btrfs_ioctl_clone function in fs/btrfs/ioctl.c in the btrfs ...) BUG: 325595 CVE-2010-1637 (The Mail Fetch plugin in SquirrelMail 1.4.20 and earlier allows remote ...) NOT-FOR-US: squirrel CVE-2010-1638 (The IMP plugin in Horde allows remote attackers to bypass firewall ...) BUG: 335874 CVE-2010-1639 (The cli_pdf function in libclamav/pdf.c in ClamAV before 0.96.1 allows ...) BUG: 321157 CVE-2010-1640 (Off-by-one error in the parseicon function in libclamav/pe_icons.c in ...) BUG: 321157 CVE-2010-1641 (The do_gfs2_set_flags function in fs/gfs2/file.c in the Linux kernel ...) BUG: 325597 CVE-2010-1642 (The reply_sesssetup_and_X_spnego function in sesssetup.c in smbd in ...) BUG: 332063 CVE-2010-1643 (mm/shmem.c in the Linux kernel before 2.6.28-rc3, when strict ...) BUG: 325599 CVE-2010-1644 (Multiple cross-site scripting (XSS) vulnerabilities in Cacti before ...) BUG: 324031 CVE-2010-1645 (Cacti before 0.8.7f, as used in Red Hat High Performance Computing ...) BUG: 324031 CVE-2010-1646 (The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22 and ...) BUG: 322517 CVE-2010-1647 (Cross-site scripting (XSS) vulnerability in MediaWiki 1.15 before ...) BUG: 324029 CVE-2010-1648 (Cross-site request forgery (CSRF) vulnerability in the login interface ...) BUG: 324029 CVE-2010-1649 (Multiple cross-site scripting (XSS) vulnerabilities in the back end in ...) BUG: 325601 CVE-2010-1650 (IBM WebSphere Application Server (WAS) 6.0.x before 6.0.2.41, 6.1.x ...) NOT-FOR-US: ibm websphere_application_server CVE-2010-1651 (IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.31 and 7.0.x ...) NOT-FOR-US: ibm websphere_application_server CVE-2010-1652 (Directory traversal vulnerability in the HelpCenter module in Help ...) NOT-FOR-US: helpcenterlive hcl CVE-2010-1653 (Directory traversal vulnerability in graphics.php in the Graphics ...) NOT-FOR-US: htmlcoderhelper com_graphics CVE-2010-1654 (Multiple SQL injection vulnerabilities in system_member_login.php in ...) NOT-FOR-US: instantrankingseo infocus_real_estate CVE-2010-1655 (Cross-site scripting (XSS) vulnerability in User/User_ChkLogin.asp in ...) NOT-FOR-US: powereasy siteweaver CVE-2010-1656 (SQL injection vulnerability in the Airiny ABC (com_abc) component ...) NOT-FOR-US: airiny com_abc CVE-2010-1657 (Directory traversal vulnerability in the SmartSite (com_smartsite) ...) NOT-FOR-US: recly com_smartsite CVE-2010-1658 (Directory traversal vulnerability in the Code-Garage NoticeBoard ...) NOT-FOR-US: code garage com_noticeboard CVE-2010-1659 (Directory traversal vulnerability in the Ultimate Portfolio ...) NOT-FOR-US: webkul com_ultimateportfolio CVE-2010-1660 (SQL injection vulnerability in help-details.php in CLScript ...) NOT-FOR-US: clscript_classifieds_script CVE-2010-1661 (Multiple SQL injection vulnerabilities in PHP-Quick-Arcade (PHPQA) ...) NOT-FOR-US: jcink php quick arcade CVE-2010-1662 (Cross-site scripting (XSS) vulnerability in acpmoderate.php in ...) NOT-FOR-US: jcink php quick arcade CVE-2010-1663 (The Google URL Parsing Library (aka google-url or GURL) in Google ...) NOT-FOR-US: google chrome CVE-2010-1664 (Google Chrome before 4.1.249.1064 does not properly handle HTML5 ...) TODO: check CVE-2010-1665 (Google Chrome before 4.1.249.1064 does not properly handle fonts, ...) TODO: check CVE-2010-1666 (Buffer overflow in Dan Pascu python-cjson 1.0.5, when UCS-4 encoding ...) NOT-FOR-US: dan_pascu python cjson CVE-2010-1667 (Multiple cross-site scripting (XSS) vulnerabilities in Mahara before ...) NOT-FOR-US: mahara CVE-2010-1668 (Multiple cross-site request forgery (CSRF) vulnerabilities in Mahara ...) NOT-FOR-US: mahara CVE-2010-1669 (SQL injection vulnerability in Mahara 1.1.x before 1.1.9 and 1.2.x ...) NOT-FOR-US: mahara CVE-2010-1670 (Mahara before 1.0.15, 1.1.x before 1.1.9, and 1.2.x before 1.2.5 has ...) NOT-FOR-US: mahara CVE-2010-1671 (hsolinkcontrol in hsolink 1.0.118 allows local users to gain ...) NOT-FOR-US: pharscape hsolink CVE-2010-1672 RESERVED CVE-2010-1673 RESERVED CVE-2010-1674 RESERVED CVE-2010-1675 RESERVED CVE-2010-1676 RESERVED CVE-2010-1677 RESERVED CVE-2010-1678 RESERVED CVE-2010-1679 RESERVED CVE-2010-1680 RESERVED CVE-2010-1681 (Buffer overflow in VISIODWG.DLL before 10.0.6880.4 in Microsoft Office ...) NOT-FOR-US: microsoft visio CVE-2010-1682 RESERVED CVE-2010-1683 RESERVED CVE-2010-1684 RESERVED CVE-2010-1685 (Stack-based buffer overflow in CursorArts ZipWrangler 1.20 allows ...) NOT-FOR-US: cursorarts zipwrangler CVE-2010-1686 (Stack-based buffer overflow in (1) Urgent Backup 3.20, and (2) ABC ...) NOT-FOR-US: internet soft urgent_backup CVE-2010-1687 (Stack-based buffer overflow in lpd.exe in Mocha W32 LPD 1.9 allows ...) NOT-FOR-US: mochasoft mocha_w32_lpd CVE-2010-1688 (Stack-based buffer overflow in 2BrightSparks SyncBack Freeware ...) NOT-FOR-US: 2brightsparks syncback CVE-2010-1689 (The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in ...) NOT-FOR-US: microsoft windows_xp CVE-2010-1690 (The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in ...) NOT-FOR-US: microsoft windows_xp CVE-2010-1691 RESERVED CVE-2010-1692 RESERVED CVE-2010-1693 (openibd in OpenFabrics Enterprise Distribution (OFED) 1.5.2 allows ...) TODO: check CVE-2010-1694 RESERVED CVE-2010-1695 RESERVED CVE-2010-1696 RESERVED CVE-2010-1697 RESERVED CVE-2010-1698 RESERVED CVE-2010-1699 RESERVED CVE-2010-1700 RESERVED CVE-2010-1701 (SQL injection vulnerability in browse.html in PHP Video Battle Script ...) NOT-FOR-US: rocky nu php_video_battle_script CVE-2010-1702 (SQL injection vulnerability in submitticket.php in WHMCompleteSolution ...) NOT-FOR-US: whmcs CVE-2010-1703 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: 2daybiz polls_script CVE-2010-1704 (Multiple SQL injection vulnerabilities in 2daybiz Polls (aka Advanced ...) NOT-FOR-US: 2daybiz polls_script CVE-2010-1705 (SQL injection vulnerability in casting_view.php in Modelbook allows ...) NOT-FOR-US: rocky nu modelbook CVE-2010-1706 (Multiple SQL injection vulnerabilities in login.php in 2daybiz Auction ...) NOT-FOR-US: 2daybiz auction_script CVE-2010-1707 (Multiple cross-site scripting (XSS) vulnerabilities in register.php in ...) NOT-FOR-US: piwigo CVE-2010-1708 (Multiple SQL injection vulnerabilities in agentadmin.php in Free ...) NOT-FOR-US: freerealty rwcinc free_realty CVE-2010-1709 (Multiple cross-site scripting (XSS) vulnerabilities in upload.cgi in ...) NOT-FOR-US: g5 scripts auto img gallery CVE-2010-1710 (Directory traversal vulnerability in login.php in Siestta 2.0, when ...) NOT-FOR-US: ramoncastro siestta CVE-2010-1711 (Cross-site scripting (XSS) vulnerability in carga_foto_al.php in ...) NOT-FOR-US: ramoncastro siestta CVE-2010-1712 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: webmobo wbnews CVE-2010-1713 (SQL injection vulnerability in modules.php in PostNuke 0.764 allows ...) NOT-FOR-US: postnuke CVE-2010-1714 (Directory traversal vulnerability in the Arcade Games ...) NOT-FOR-US: dev pucit edu pk com_arcadegames CVE-2010-1715 (Directory traversal vulnerability in the Online Examination (aka ...) NOT-FOR-US: pucit edu com_onlineexam CVE-2010-1716 (SQL injection vulnerability in the Agenda Address Book (com_agenda) ...) NOT-FOR-US: joomla com_agenda CVE-2010-1717 (Directory traversal vulnerability in the iF surfALERT ...) NOT-FOR-US: joomla com_if_surfalert CVE-2010-1718 (Directory traversal vulnerability in archeryscores.php in the Archery ...) NOT-FOR-US: lispeltuut com_archeryscores CVE-2010-1719 (Directory traversal vulnerability in the MT Fire Eagle ...) NOT-FOR-US: moto treks com_mtfireeagle CVE-2010-1720 (SQL injection vulnerability in the Q-Personel (com_qpersonel) ...) NOT-FOR-US: qproje com_qpersonel CVE-2010-1721 (SQL injection vulnerability in the Intellectual Property (aka ...) NOT-FOR-US: thethinkery com_iproperty CVE-2010-1722 (Directory traversal vulnerability in the Online Market (com_market) ...) NOT-FOR-US: dev pucit edu pk com_market CVE-2010-1723 (Directory traversal vulnerability in the iNetLanka Contact Us Draw ...) NOT-FOR-US: joomlacomponent inetlanka com_drawroot CVE-2010-1724 (Multiple cross-site scripting (XSS) vulnerabilities in Zikula ...) NOT-FOR-US: zikula_application_framework CVE-2010-1725 (SQL injection vulnerability in offers_buy.php in Alibaba Clone ...) NOT-FOR-US: alibabaclone alibaba_clone_platinum CVE-2010-1726 (SQL injection vulnerability in offers_buy.php in EC21 Clone 3.0 allows ...) NOT-FOR-US: alibabaclone ec21_clone CVE-2010-1727 (SQL injection vulnerability in type.asp in JobPost 1.0 allows remote ...) NOT-FOR-US: aspsiteware jobpost CVE-2010-1728 (Opera before 10.53 on Windows and Mac OS X does not properly handle a ...) TODO: check CVE-2010-1729 (WebKit.dll in WebKit, as used in Safari.exe 4.531.9.1 in Apple Safari, ...) TODO: check CVE-2010-1730 (Dolphin Browser 2.5.0 on the HTC Hero allows remote attackers to cause ...) NOT-FOR-US: dolphin_browser CVE-2010-1731 (Google Chrome on the HTC Hero allows remote attackers to cause a ...) TODO: check CVE-2010-1732 (Cross-site request forgery (CSRF) vulnerability in the users module in ...) NOT-FOR-US: zikula_application_framework CVE-2010-1733 (Multiple SQL injection vulnerabilities in OCS Inventory NG before ...) NOT-FOR-US: ocsinventory ng ocs_inventory_ng CVE-2010-1734 (The SfnINSTRING function in win32k.sys in the kernel in Microsoft ...) NOT-FOR-US: microsoft windows_xp CVE-2010-1735 (The SfnLOGONNOTIFY function in win32k.sys in the kernel in Microsoft ...) NOT-FOR-US: microsoft windows_xp CVE-2010-1736 (KrM Haber 1.0 stores sensitive information under the web root with ...) NOT-FOR-US: aspindir krm_haber CVE-2010-1737 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: carlos_eduardo_sotelo_pinto 0 1 0 CVE-2010-1738 REJECTED NOT-FOR-US: malcom_box lxr_cross_referencer CVE-2010-1739 (SQL injection vulnerability in the Newsfeeds (com_newsfeeds) component ...) NOT-FOR-US: joomla com_newsfeeds CVE-2010-1740 (SQL injection vulnerability in newsletter.php in GuppY 4.5.18 allows ...) NOT-FOR-US: freeguppy guppy CVE-2010-1741 (SQL injection vulnerability in request_account.php in Billwerx RC ...) NOT-FOR-US: billwerx_rc CVE-2010-1742 (Cross-site scripting (XSS) vulnerability in projects.php in Scratcher ...) NOT-FOR-US: satyadeep scratcher CVE-2010-1743 (SQL injection vulnerability in projects.php in Scratcher allows remote ...) NOT-FOR-US: satyadeep scratcher CVE-2010-1744 (SQL injection vulnerability in product.html in B2B Gold Script allows ...) NOT-FOR-US: alibabaclone b2b_gold_script CVE-2010-1745 REJECTED NOT-FOR-US: campware org campsite CVE-2010-1746 (Multiple cross-site scripting (XSS) vulnerabilities in the Table JX ...) NOT-FOR-US: toolsjx table_jx CVE-2010-1747 RESERVED CVE-2010-1748 (The cgi_initialize_string function in cgi-bin/var.c in the web ...) BUG: 325551 CVE-2010-1749 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on ...) TODO: check CVE-2010-1750 (Use-after-free vulnerability in Apple Safari before 5.0 on Windows ...) TODO: check CVE-2010-1751 (Application Sandbox in Apple iOS before 4 on the iPhone and iPod touch ...) NOT-FOR-US: apple iphone_os CVE-2010-1752 (Stack-based buffer overflow in CFNetwork in Apple iOS before 4 on the ...) NOT-FOR-US: apple iphone_os CVE-2010-1753 (ImageIO in Apple iOS before 4 on the iPhone and iPod touch allows ...) NOT-FOR-US: apple iphone_os CVE-2010-1754 (Passcode Lock in Apple iOS before 4 on the iPhone and iPod touch does ...) NOT-FOR-US: apple iphone_os CVE-2010-1755 (Safari in Apple iOS before 4 on the iPhone and iPod touch does not ...) NOT-FOR-US: apple iphone_os CVE-2010-1756 (The Settings application in Apple iOS before 4 on the iPhone and iPod ...) NOT-FOR-US: apple iphone_os CVE-2010-1757 (WebKit in Apple iOS before 4 on the iPhone and iPod touch does not ...) TODO: check CVE-2010-1758 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on ...) TODO: check CVE-2010-1759 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on ...) TODO: check CVE-2010-1760 (loader/DocumentThreadableLoader.cpp in the XMLHttpRequest ...) TODO: check CVE-2010-1761 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on ...) TODO: check CVE-2010-1762 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...) TODO: check CVE-2010-1763 (Unspecified vulnerability in WebKit in Apple iTunes before 9.2 on ...) NOT-FOR-US: apple itunes CVE-2010-1764 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and ...) TODO: check CVE-2010-1765 RESERVED CVE-2010-1766 (Off-by-one error in the WebSocketHandshake::readServerHandshake ...) TODO: check CVE-2010-1767 (Cross-site request forgery (CSRF) vulnerability in ...) TODO: check CVE-2010-1768 (Unspecified vulnerability in Apple iTunes before 9.1 allows local ...) NOT-FOR-US: apple itunes CVE-2010-1769 (WebKit in Apple iTunes before 9.2 on Windows, and Apple iOS before 4 ...) NOT-FOR-US: apple itunes CVE-2010-1770 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and ...) TODO: check CVE-2010-1771 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on ...) TODO: check CVE-2010-1772 (Use-after-free vulnerability in page/Geolocation.cpp in WebCore in ...) TODO: check CVE-2010-1773 (Off-by-one error in the toAlphabetic function in ...) TODO: check CVE-2010-1774 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and ...) TODO: check CVE-2010-1775 (Race condition in Passcode Lock in Apple iOS before 4 on the iPhone ...) NOT-FOR-US: apple iphone_os CVE-2010-1776 RESERVED CVE-2010-1777 (Buffer overflow in Apple iTunes before 9.2.1 allows remote attackers ...) NOT-FOR-US: apple itunes CVE-2010-1778 (Cross-site scripting (XSS) vulnerability in Apple Safari before 5.0.1 ...) TODO: check CVE-2010-1779 RESERVED CVE-2010-1780 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0.1 on ...) TODO: check CVE-2010-1781 (Double free vulnerability in WebKit in Apple iOS before 4.1 on the ...) TODO: check CVE-2010-1782 (WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and ...) TODO: check CVE-2010-1783 (WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and ...) TODO: check CVE-2010-1784 (The counters functionality in the Cascading Style Sheets (CSS) ...) TODO: check CVE-2010-1785 (WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and ...) TODO: check CVE-2010-1786 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0.1 on ...) TODO: check CVE-2010-1787 (WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and ...) TODO: check CVE-2010-1788 (WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and ...) TODO: check CVE-2010-1789 (Heap-based buffer overflow in WebKit in Apple Safari before 5.0.1 on ...) TODO: check CVE-2010-1790 (WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and ...) TODO: check CVE-2010-1791 (Integer signedness error in WebKit in Apple Safari before 5.0.1 on Mac ...) TODO: check CVE-2010-1792 (WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and ...) TODO: check CVE-2010-1793 (Multiple use-after-free vulnerabilities in WebKit in Apple Safari ...) TODO: check CVE-2010-1794 (The webdav_mount function in webdav_vfsops.c in the WebDAV kernel ...) NOT-FOR-US: apple mac_os_x CVE-2010-1795 (Untrusted search path vulnerability in Apple iTunes before 9.1, when ...) NOT-FOR-US: apple itunes CVE-2010-1796 (The AutoFill feature in Apple Safari before 5.0.1 on Mac OS X 10.5 ...) TODO: check CVE-2010-1797 (Multiple stack-based buffer overflows in the ...) TODO: check CVE-2010-1798 RESERVED CVE-2010-1799 (Stack-based buffer overflow in the error-logging functionality in ...) NOT-FOR-US: apple quicktime CVE-2010-1800 (CFNetwork in Apple Mac OS X 10.6.3 and 10.6.4 supports anonymous SSL ...) NOT-FOR-US: apple mac_os_x_server CVE-2010-1801 (Heap-based buffer overflow in CoreGraphics in Apple Mac OS X 10.5.8 ...) NOT-FOR-US: apple mac_os_x_server CVE-2010-1802 (libsecurity in Apple Mac OS X 10.5.8 and 10.6.4 does not properly ...) NOT-FOR-US: apple mac_os_x_server CVE-2010-1803 RESERVED CVE-2010-1804 RESERVED CVE-2010-1805 (Untrusted search path vulnerability in Apple Safari 4.x before 4.1.2 ...) TODO: check CVE-2010-1806 (Use-after-free vulnerability in Apple Safari 4.x before 4.1.2 and 5.x ...) TODO: check CVE-2010-1807 (WebKit in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2, and ...) TODO: check CVE-2010-1808 (Stack-based buffer overflow in Apple Type Services (ATS) in Apple Mac ...) NOT-FOR-US: apple mac_os_x_server CVE-2010-1809 (The Accessibility component in Apple iOS before 4.1 on the iPhone and ...) TODO: check CVE-2010-1810 (FaceTime in Apple iOS before 4.1 on the iPhone and iPod touch does not ...) TODO: check CVE-2010-1811 (ImageIO in Apple iOS before 4.1 on the iPhone and iPod touch allows ...) TODO: check CVE-2010-1812 (Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the ...) TODO: check CVE-2010-1813 (WebKit in Apple iOS before 4.1 on the iPhone and iPod touch allows ...) TODO: check CVE-2010-1814 (WebKit in Apple iOS before 4.1 on the iPhone and iPod touch allows ...) TODO: check CVE-2010-1815 (Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the ...) TODO: check CVE-2010-1816 RESERVED CVE-2010-1817 (Buffer overflow in ImageIO in Apple iOS before 4.1 on the iPhone and ...) TODO: check CVE-2010-1818 (The IPersistPropertyBag2::Read function in QTPlugin.ocx in Apple ...) NOT-FOR-US: apple quicktime CVE-2010-1819 RESERVED CVE-2010-1820 (Apple Filing Protocol (AFP) Server in Apple Mac OS X 10.6.x through ...) NOT-FOR-US: apple mac_os_x_server CVE-2010-1821 RESERVED CVE-2010-1822 (WebKit, as used in Google Chrome before 6.0.472.62, does not properly ...) TODO: check CVE-2010-1823 (Use-after-free vulnerability in WebKit before r65958, as used in ...) TODO: check CVE-2010-1824 (Use-after-free vulnerability in WebKit, as used in Google Chrome ...) TODO: check CVE-2010-1825 (Use-after-free vulnerability in WebKit, as used in Google Chrome ...) TODO: check CVE-2010-1826 RESERVED CVE-2010-1827 RESERVED CVE-2010-1828 RESERVED CVE-2010-1829 RESERVED CVE-2010-1830 RESERVED CVE-2010-1831 RESERVED CVE-2010-1832 RESERVED CVE-2010-1833 RESERVED CVE-2010-1834 RESERVED CVE-2010-1835 RESERVED CVE-2010-1836 RESERVED CVE-2010-1837 RESERVED CVE-2010-1838 RESERVED CVE-2010-1839 RESERVED CVE-2010-1840 RESERVED CVE-2010-1841 RESERVED CVE-2010-1842 RESERVED CVE-2010-1843 RESERVED CVE-2010-1844 RESERVED CVE-2010-1845 RESERVED CVE-2010-1846 RESERVED CVE-2010-1847 RESERVED CVE-2010-1848 (Directory traversal vulnerability in MySQL 5.0 through 5.0.91 and 5.1 ...) BUG: 321791 CVE-2010-1849 (The my_net_skip_rest function in sql/net_serv.cc in MySQL 5.0 through ...) BUG: 321791 CVE-2010-1850 (Buffer overflow in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 ...) BUG: 321791 CVE-2010-1851 (Google Chrome, when the Invisible Hand extension is enabled, uses ...) TODO: check CVE-2010-1852 (Microsoft Internet Explorer, when the Invisible Hand extension is ...) NOT-FOR-US: microsoft ie CVE-2010-1853 (Multiple stack-based buffer overflows in the tr_magnetParse function ...) BUG: 309831 CVE-2010-1854 (Cross-site scripting (XSS) vulnerability in auktion.php in Pay Per ...) NOT-FOR-US: phpscripte24 pay_per_watch_ _bid_auktions_system CVE-2010-1855 (SQL injection vulnerability in auktion.php in Pay Per Watch & Bid ...) NOT-FOR-US: phpscripte24 pay_per_watch_ _bid_auktions_system CVE-2010-1856 (Cross-site scripting (XSS) vulnerability in index.php in RepairShop2 ...) NOT-FOR-US: realitymedias repairshop2 CVE-2010-1857 (SQL injection vulnerability in index.php in RepairShop2 1.9.023 Trial, ...) NOT-FOR-US: realitymedias repairshop2 CVE-2010-1858 (Directory traversal vulnerability in the SMEStorage (com_smestorage) ...) NOT-FOR-US: gelembjuk com_smestorage CVE-2010-1859 (SQL injection vulnerability in newpost.php in DeluxeBB 1.3 and ...) NOT-FOR-US: deluxebb CVE-2010-1860 (The html_entity_decode function in PHP 5.2 through 5.2.13 and 5.3 ...) BUG: 332039 CVE-2010-1861 (The sysvshm extension for PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 ...) BUG: 332039 CVE-2010-1862 (The chunk_split function in PHP 5.2 through 5.2.13 and 5.3 through ...) BUG: 332039 CVE-2010-1863 (SQL injection vulnerability in the shoutbox module ...) NOT-FOR-US: clantiger CVE-2010-1864 (The addcslashes function in PHP 5.2 through 5.2.13 and 5.3 through ...) BUG: 332039 CVE-2010-1865 (Multiple SQL injection vulnerabilities in ClanSphere 2009.0.3 and ...) NOT-FOR-US: csphere clansphere CVE-2010-1866 (The dechunk filter in PHP 5.3 through 5.3.2, when decoding an HTTP ...) BUG: 332039 CVE-2010-1867 (SQL injection vulnerability in the ...) NOT-FOR-US: campware org campsite CVE-2010-1868 (The (1) sqlite_single_query and (2) sqlite_array_query functions in ...) BUG: 332039 CVE-2010-1869 (Stack-based buffer overflow in the parser function in GhostScript 8.70 ...) BUG: 300192 CVE-2010-1870 (The OGNL extensive expression evaluation capability in XWork in Struts ...) TODO: check CVE-2010-1871 (JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application ...) NOT-FOR-US: JBoss Enterprise Application Platform CVE-2010-1872 (Cross-site scripting (XSS) vulnerability in cPlayer.php in FlashCard ...) NOT-FOR-US: tufat flashcard CVE-2010-1873 (SQL injection vulnerability in the Jvehicles (com_jvehicles) component ...) NOT-FOR-US: com_jvehicles CVE-2010-1874 (SQL injection vulnerability in the Real Estate Property ...) NOT-FOR-US: com property com_properties CVE-2010-1875 (Directory traversal vulnerability in the Real Estate Property ...) NOT-FOR-US: com property com_properties CVE-2010-1876 (SQL injection vulnerability in index.php in AJ Shopping Cart 1.0 ...) NOT-FOR-US: ajsquare aj_shopping_cart CVE-2010-1877 (SQL injection vulnerability in the JTM Reseller (com_jtm) component ...) NOT-FOR-US: jtmreseller com_jtm CVE-2010-1878 (Directory traversal vulnerability in the OrgChart (com_orgchart) ...) NOT-FOR-US: blueflyingfish no ip com_orgchart CVE-2010-1879 (Unspecified vulnerability in Quartz.dll for DirectShow; Windows Media ...) NOT-FOR-US: Quartz dll for DirectShow Windows Media Format Runtime CVE-2010-1880 (Unspecified vulnerability in Quartz.dll for DirectShow on Microsoft ...) NOT-FOR-US: Quartz dll for DirectShow on Microsoft Windows CVE-2010-1881 (The FieldList ActiveX control in the Microsoft Access Wizard Controls ...) NOT-FOR-US: microsoft access CVE-2010-1882 (Multiple buffer overflows in the MPEG Layer-3 Audio Codec for ...) NOT-FOR-US: microsoft windows_xp CVE-2010-1883 (Integer overflow in the Embedded OpenType (EOT) Font Engine in ...) NOT-FOR-US: microsoft windows_xp CVE-2010-1884 RESERVED CVE-2010-1885 (The MPC::HexToNum function in helpctr.exe in Microsoft Windows Help ...) NOT-FOR-US: microsoft windows_xp CVE-2010-1886 (Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows ...) NOT-FOR-US: microsoft windows_xp CVE-2010-1887 (The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP ...) NOT-FOR-US: microsoft windows_xp CVE-2010-1888 (Race condition in the kernel in Microsoft Windows XP SP3 allows local ...) NOT-FOR-US: microsoft windows_xp CVE-2010-1889 (Double free vulnerability in the kernel in Microsoft Windows Vista SP1 ...) NOT-FOR-US: microsoft windows_vista CVE-2010-1890 (The kernel in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 ...) NOT-FOR-US: microsoft windows_vista CVE-2010-1891 (The Client/Server Runtime Subsystem (aka CSRSS) in the Win32 subsystem ...) NOT-FOR-US: microsoft windows_xp CVE-2010-1892 (The TCP/IP stack in Microsoft Windows Vista SP1 and SP2, Windows ...) NOT-FOR-US: microsoft windows_vista CVE-2010-1893 (Integer overflow in the TCP/IP stack in Microsoft Windows Vista SP1, ...) NOT-FOR-US: microsoft windows_vista CVE-2010-1894 (The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP ...) NOT-FOR-US: microsoft windows_xp CVE-2010-1895 (The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP ...) NOT-FOR-US: microsoft windows_xp CVE-2010-1896 (The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP ...) NOT-FOR-US: microsoft windows_xp CVE-2010-1897 (The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP ...) NOT-FOR-US: microsoft windows_xp CVE-2010-1898 (The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP1, ...) NOT-FOR-US: microsoft silverlight CVE-2010-1899 (Stack consumption vulnerability in the ASP implementation in Microsoft ...) NOT-FOR-US: microsoft iis CVE-2010-1900 (Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2; Microsoft ...) NOT-FOR-US: microsoft works CVE-2010-1901 (Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2; Microsoft ...) NOT-FOR-US: microsoft word CVE-2010-1902 (Buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 ...) NOT-FOR-US: microsoft word CVE-2010-1903 (Microsoft Office Word 2002 SP3 and 2003 SP3, and Office Word Viewer, ...) NOT-FOR-US: microsoft word CVE-2010-1904 (SQL injection vulnerability in EMC RSA Key Manager Client 1.5.x allows ...) NOT-FOR-US: emc rsa_key_manager_client CVE-2010-1905 (Multiple cross-site scripting (XSS) vulnerabilities in Consona Live ...) NOT-FOR-US: consona_subscriber_assistance CVE-2010-1906 (tgsrv.exe in the Repair Service in Consona Dynamic Agent, Repair ...) NOT-FOR-US: consona_subscriber_agent CVE-2010-1907 (The SdcUser.TgConCtl ActiveX control in tgctlcm.dll in Consona Live ...) NOT-FOR-US: consona_subscriber_assistance CVE-2010-1908 (The SdcUser.TgConCtl ActiveX control in tgctlcm.dll in Consona Live ...) NOT-FOR-US: consona_subscriber_assistance CVE-2010-1909 (Buffer overflow in the RunCmd method in the SdcUser.TgConCtl ActiveX ...) NOT-FOR-US: consona_subscriber_assistance CVE-2010-1910 (The Forgot Password implementation in Consona Live Assistance, Dynamic ...) NOT-FOR-US: consona_subscriber_assistance CVE-2010-1911 (The site-locking implementation in the SdcWebSecureBase interface in ...) NOT-FOR-US: consona_subscriber_assistance CVE-2010-1912 (The SdcWebSecureBase interface in tgctlcm.dll in Consona Live ...) NOT-FOR-US: consona_subscriber_assistance CVE-2010-1913 (The default configuration of pluginlicense.ini for the ...) NOT-FOR-US: consona_subscriber_assistance CVE-2010-1914 (The Zend Engine in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows ...) BUG: 332039 CVE-2010-1915 (The preg_quote function in PHP 5.2 through 5.2.13 and 5.3 through ...) BUG: 332039 CVE-2010-1916 (The dynamic configuration feature in Xinha WYSIWYG editor 0.96 Beta 2 ...) NOT-FOR-US: xinha wysiwyg_editor CVE-2010-1917 (Stack consumption vulnerability in PHP 5.2 through 5.2.13 and 5.3 ...) BUG: 332039 CVE-2010-1918 (SQL injection vulnerability in ask_chat.php in eFront 3.6.2 and ...) NOT-FOR-US: efrontlearning efront CVE-2010-1919 (Unspecified vulnerability in EMC Avamar 4.1.x and 5.0 before SP1 ...) NOT-FOR-US: emc avamar CVE-2010-1920 (Directory traversal vulnerability in scr/soustab.php in OpenMairie ...) NOT-FOR-US: openmairie openannuaire CVE-2010-1921 (Multiple PHP remote file inclusion vulnerabilities in OpenMairie ...) NOT-FOR-US: openmairie openannuaire CVE-2010-1922 (Multiple PHP remote file inclusion vulnerabilities in 29o3 CMS 0.1 ...) NOT-FOR-US: 29o3_cms CVE-2010-1923 (SQL injection vulnerability in user.php in Hi Web Wiesbaden Web 2.0 ...) NOT-FOR-US: phpscripte24 web_social_network_freunde_community CVE-2010-1924 (SQL injection vulnerability in index.php in Hi Web Wiesbaden Live ...) NOT-FOR-US: phpscripte24 live_shopping_multi_portal_system CVE-2010-1925 (SQL injection vulnerability in makale.php in tekno.Portal 0.1b allows ...) NOT-FOR-US: rifat_kurban tekno portal CVE-2010-1926 (Directory traversal vulnerability in scr/soustab.php in openMairie ...) NOT-FOR-US: openmairie opencourrier CVE-2010-1927 (Multiple PHP remote file inclusion vulnerabilities in openMairie ...) NOT-FOR-US: openmairie opencourrier CVE-2010-1928 (Directory traversal vulnerability in scr/soustab.php in openMairie ...) NOT-FOR-US: openmairie openplanning CVE-2010-1929 (Multiple stack-based buffer overflows in the ...) NOT-FOR-US: novell imanager CVE-2010-1930 (Off-by-one error in Novell iManager 2.7, 2.7.3, and 2.7.3 FTF2 allows ...) NOT-FOR-US: novell imanager CVE-2010-1931 (SQL injection vulnerability in includes/content/cart.inc.php in ...) NOT-FOR-US: cubecart CVE-2010-1932 (Heap-based buffer overflow in XnView 1.97.4 and possibly earlier ...) NOT-FOR-US: xnview CVE-2010-1933 RESERVED CVE-2010-1934 (Multiple PHP remote file inclusion vulnerabilities in openMairie ...) NOT-FOR-US: openmairie openplanning CVE-2010-1935 (Directory traversal vulnerability in scr/soustab.php in openMairie ...) NOT-FOR-US: openmairie openpresse CVE-2010-1936 (Directory traversal vulnerability in scr/soustab.php in openMairie ...) NOT-FOR-US: openmairie opencominterne CVE-2010-1937 (Heap-based buffer overflow in httpAdapter.c in httpAdapter in SBLIM ...) BUG: 335876 CVE-2010-1938 (Off-by-one error in the __opiereadrec function in readrec.c in libopie ...) NOT-FOR-US: opie CVE-2010-1939 (Use-after-free vulnerability in Apple Safari 4.0.5 on Windows allows ...) TODO: check CVE-2010-1940 (Apple Safari 4.0.5 on Windows sends the "Authorization: Basic" header ...) TODO: check CVE-2010-1941 (Unspecified vulnerability in NEC WebSAM DeploymentManager 5.13 and ...) NOT-FOR-US: nec websam_deploymentmanager CVE-2010-1942 (Unspecified vulnerability in the Servlet service in Fujitsu Limited ...) NOT-FOR-US: fujitsu interstage_application_server CVE-2010-1943 (Unspecified vulnerability in NEC CapsSuite Small Edition PatchMeister ...) NOT-FOR-US: nec capsuite_patchmeister CVE-2010-1944 (Multiple PHP remote file inclusion vulnerabilities in openMairie ...) NOT-FOR-US: openmairie opencimetiere CVE-2010-1945 (Multiple PHP remote file inclusion vulnerabilities in openMairie ...) NOT-FOR-US: openmairie openfoncier CVE-2010-1946 (Multiple PHP remote file inclusion vulnerabilities in openMairie ...) NOT-FOR-US: openmairie openregistrecil CVE-2010-1947 (Directory traversal vulnerability in scr/soustab.php in openMairie ...) NOT-FOR-US: openmairie openregistrecil CVE-2010-1948 (Directory traversal vulnerability in scr/soustab.php in openMairie ...) NOT-FOR-US: openmairie openfoncier CVE-2010-1949 (SQL injection vulnerability in the Online News Paper Manager ...) NOT-FOR-US: emultisoft com_jnewspaper CVE-2010-1950 (SQL injection vulnerability in the Online News Paper Manager ...) NOT-FOR-US: emultisoft com_jnewspaper CVE-2010-1951 (Multiple directory traversal vulnerabilities in 60cycleCMS allow ...) NOT-FOR-US: 60cyclecms CVE-2010-1952 (Directory traversal vulnerability in the BeeHeard (com_beeheard) and ...) NOT-FOR-US: cmstactics com_beeheardlite CVE-2010-1953 (Directory traversal vulnerability in the iNetLanka Multiple Map ...) NOT-FOR-US: joomlacomponent inetlanka com_multimap CVE-2010-1954 (Directory traversal vulnerability in the iNetLanka Multiple root ...) NOT-FOR-US: joomlacomponent inetlanka com_multiroot CVE-2010-1955 (Directory traversal vulnerability in the Deluxe Blog Factory ...) NOT-FOR-US: thefactory com_blogfactory CVE-2010-1956 (Directory traversal vulnerability in the Gadget Factory ...) NOT-FOR-US: thefactory com_gadgetfactory CVE-2010-1957 (Directory traversal vulnerability in the Love Factory ...) NOT-FOR-US: thefactory com_lovefactory CVE-2010-1958 (Cross-site scripting (XSS) vulnerability in the FileField module 5.x ...) NOT-FOR-US: quicksketch filefield CVE-2010-1959 (Unspecified vulnerability in HP TestDirector for Quality Center 9.2 ...) NOT-FOR-US: hp mercury_testdirector_for_quality_center CVE-2010-1960 (Buffer overflow in the error handling functionality in ...) NOT-FOR-US: hp openview_network_node_manager CVE-2010-1961 (Buffer overflow in ovutil.dll in ovwebsnmpsrv.exe in HP OpenView ...) NOT-FOR-US: hp openview_network_node_manager CVE-2010-1962 (Unspecified vulnerability in HP StorageWorks Storage Mirroring 5 ...) NOT-FOR-US: hp storageworks_storage_mirroring CVE-2010-1963 (Cross-site scripting (XSS) vulnerability in HP ServiceCenter allows ...) NOT-FOR-US: hp servicecenter CVE-2010-1964 (Buffer overflow in ovwebsnmpsrv.exe in HP OpenView Network Node ...) NOT-FOR-US: hp openview_network_node_manager CVE-2010-1965 (Unspecified vulnerability in HP Insight Orchestration for Windows ...) NOT-FOR-US: hp insight_orchestration CVE-2010-1966 (Unspecified vulnerability in HP Insight Control power management for ...) NOT-FOR-US: hp insight_control CVE-2010-1967 (Unspecified vulnerability in HP Insight Software Installer for Windows ...) NOT-FOR-US: hp insight_software_installer CVE-2010-1968 (Cross-site request forgery (CSRF) vulnerability in HP Insight Software ...) NOT-FOR-US: hp insight_software_installer CVE-2010-1969 (Cross-site scripting (XSS) vulnerability in HP Virtual Connect ...) NOT-FOR-US: hp virtual_connect_enterprise_manager CVE-2010-1970 (Unspecified vulnerability in HP Insight Software Installer for Windows ...) NOT-FOR-US: hp insight_software_installer CVE-2010-1971 (Cross-site request forgery (CSRF) vulnerability in HP Insight Software ...) NOT-FOR-US: hp insight_software_installer CVE-2010-1972 (The default configuration of HP Client Automation (HPCA) Enterprise ...) NOT-FOR-US: hp client_automation_enterprise_infrastructure CVE-2010-1973 (Unspecified vulnerability in the Auditing subsystem in HP OpenVMS 8.3, ...) NOT-FOR-US: hp openvms CVE-2010-1974 REJECTED NOT-FOR-US: rafael_garcia suarez safe CVE-2010-1975 (PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, ...) BUG: 320967 CVE-2010-1976 (Cross-site scripting (XSS) vulnerability in the Taxonomy Breadcrumb ...) NOT-FOR-US: michael_nichols taxonomy_breadcrumb CVE-2010-1977 (Directory traversal vulnerability in the J!WHMCS Integrator ...) NOT-FOR-US: gohigheris j whmcs_integrator CVE-2010-1978 (PHP remote file inclusion vulnerability in default_theme.php in ...) NOT-FOR-US: freephpblogsoftware CVE-2010-1979 (Directory traversal vulnerability in the Affiliate Datafeeds ...) NOT-FOR-US: affiliatefeeds com_datafeeds CVE-2010-1980 (Directory traversal vulnerability in joomlaflickr.php in the Joomla ...) NOT-FOR-US: roberto_aloi com_joomlaflickr CVE-2010-1981 (Directory traversal vulnerability in the Fabrik (com_fabrik) component ...) NOT-FOR-US: com_fabrikar CVE-2010-1982 (Directory traversal vulnerability in the JA Voice (com_javoice) ...) NOT-FOR-US: joomlart com_javoice CVE-2010-1983 (Directory traversal vulnerability in the redTWITTER (com_redtwitter) ...) NOT-FOR-US: redcomponent redtwitter CVE-2010-1984 (Cross-site scripting (XSS) vulnerability in the Taxonomy Breadcrumb ...) NOT-FOR-US: michael_nichols taxonomy_breadcrumb CVE-2010-1985 (Multiple cross-site scripting (XSS) vulnerabilities in the ...) NOT-FOR-US: sixapart movable_type CVE-2010-1986 (Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to ...) NOT-FOR-US: mozilla firefox CVE-2010-1987 (Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to ...) NOT-FOR-US: mozilla firefox CVE-2010-1988 (Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to ...) NOT-FOR-US: mozilla firefox CVE-2010-1989 (Opera 9.52 executes a mail application in situations where an IMG ...) TODO: check CVE-2010-1990 (Mozilla Firefox 3.6.x, 3.5.x, 3.0.19, and earlier, and SeaMonkey, ...) TODO: check CVE-2010-1991 (Microsoft Internet Explorer 6.0.2900.2180, 7, and 8.0.7600.16385 ...) NOT-FOR-US: microsoft ie CVE-2010-1992 (Google Chrome 1.0.154.48 executes a mail application in situations ...) TODO: check CVE-2010-1993 (Opera 9.52 does not properly handle an IFRAME element with a mailto: ...) TODO: check CVE-2010-1994 (SQL injection vulnerability in index.php in TomatoCMS before 2.0.5 ...) NOT-FOR-US: tomatocms CVE-2010-1995 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) NOT-FOR-US: tomatocms CVE-2010-1996 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) NOT-FOR-US: tomatocms CVE-2010-1997 (Cross-site scripting (XSS) vulnerability in admin/edit.php in Saurus ...) NOT-FOR-US: saurus_cms CVE-2010-1998 (Cross-site scripting (XSS) vulnerability in the CCK TableField module ...) NOT-FOR-US: kevinhankens tablefield CVE-2010-1999 (Directory traversal vulnerability in scr/soustab.php in OpenMairie ...) NOT-FOR-US: openmairie opencatalogue CVE-2010-2000 (Cross-site scripting (XSS) vulnerability in the Bibliography (Biblio) ...) NOT-FOR-US: ron_jerome bibliography CVE-2010-2001 (Cross-site scripting (XSS) vulnerability in the CiviRegister module ...) NOT-FOR-US: ninjitsuweb civiregister CVE-2010-2002 (Cross-site scripting (XSS) vulnerability in the Wordfilter module 5.x ...) NOT-FOR-US: jeff_warrington wordfilter CVE-2010-2003 (Cross-site scripting (XSS) vulnerability in misc/get_admin.php in ...) NOT-FOR-US: proxy2 advanced_poll CVE-2010-2004 (Stack-based buffer overflow in BS.Global BS.Player 2.51 Build 1022 ...) NOT-FOR-US: bsplayer bs player CVE-2010-2005 (Multiple PHP remote file inclusion vulnerabilities in DataLife Engine ...) NOT-FOR-US: datalifecms datalife_engine CVE-2010-2006 (Directory traversal vulnerability in op/op.Login.php in LetoDMS ...) NOT-FOR-US: letodms CVE-2010-2007 (Multiple cross-site request forgery (CSRF) vulnerabilities in LetoDMS ...) NOT-FOR-US: letodms CVE-2010-2008 (MySQL before 5.1.48 allows remote authenticated users with alter ...) BUG: 321791 CVE-2010-2009 (Stack-based buffer overflow in the media library in BS.Global ...) NOT-FOR-US: media library in BS Global BS Player CVE-2010-2010 (Multiple cross-site scripting (XSS) vulnerabilities in the Chaos Tool ...) NOT-FOR-US: angrydonuts ctools CVE-2010-2011 (Microsoft Dynamics GP uses a substitution cipher to encrypt the system ...) NOT-FOR-US: microsoft dynamics_gp CVE-2010-2012 (SQL injection vulnerability in function.php in MigasCMS 1.1, when ...) NOT-FOR-US: sebrac webcindario migascms CVE-2010-2013 (Cross-site scripting (XSS) vulnerability in cp/edit_email.php in LiSK ...) NOT-FOR-US: createch group lisk_cms CVE-2010-2014 (Cross-site scripting (XSS) vulnerability in cp/list_content.php in ...) NOT-FOR-US: createch group lisk_cms CVE-2010-2015 (Multiple SQL injection vulnerabilities in LiSK CMS 4.4 allow remote ...) NOT-FOR-US: createch group lisk_cms CVE-2010-2016 (SQL injection vulnerability in details.php in Iceberg CMS allows ...) NOT-FOR-US: imagetraders iceberg_cms CVE-2010-2017 (Cross-site scripting (XSS) vulnerability in hasil-pencarian.html in ...) NOT-FOR-US: bukulokomedia lokomedia_cms CVE-2010-2018 (Directory traversal vulnerability in downlot.php in Lokomedia CMS ...) NOT-FOR-US: bukulokomedia lokomedia_cms CVE-2010-2019 (SQL injection vulnerability in downlot.php in Lokomedia CMS 1.4.1, ...) NOT-FOR-US: bukulokomedia lokomedia_cms CVE-2010-2020 (sys/nfsclient/nfs_vfsops.c in the NFS client in the kernel in FreeBSD ...) BUG: 335877 CVE-2010-2021 RESERVED CVE-2010-2022 (jail.c in jail in FreeBSD 8.0 and 8.1-PRERELEASE, when the "-l -U ...) BUG: 335879 CVE-2010-2023 (transports/appendfile.c in Exim before 4.72, when a world-writable ...) BUG: 322665 CVE-2010-2024 (transports/appendfile.c in Exim before 4.72, when MBX locking is ...) BUG: 322665 CVE-2010-2025 (Multiple cross-site request forgery (CSRF) vulnerabilities in the web ...) NOT-FOR-US: cisco scientific_atlanta_webstar_dpc2100r2 CVE-2010-2026 (The web interface on the Cisco Scientific Atlanta WebSTAR DPC2100R2 ...) NOT-FOR-US: cisco scientific_atlanta_webstar_dpc2100r2 CVE-2010-2027 (Mathematica 7, when running on Linux, allows local users to overwrite ...) NOT-FOR-US: wolfram_research mathematica CVE-2010-2028 (Buffer overflow in k23productions TFTPUtil GUI (aka TFTPGUI) 1.4.5 ...) NOT-FOR-US: mgenti tftputil_gui CVE-2010-2029 (Cybozu Office 7 Ktai and Dotsales do not properly restrict access to ...) NOT-FOR-US: cybozu_office CVE-2010-2030 (Cross-site scripting (XSS) vulnerability in the External Link Page ...) NOT-FOR-US: alan_palazzolo external_link_page CVE-2010-2031 (KAVSafe.sys 2010.4.14.609 and earlier, as used in Kingsoft Webshield ...) NOT-FOR-US: kingsoft webshield CVE-2010-2032 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: caucho resin CVE-2010-2033 (Directory traversal vulnerability in the Percha Multicategory Article ...) NOT-FOR-US: com_perchacategoriestree CVE-2010-2034 (Directory traversal vulnerability in the Percha Image Attach ...) NOT-FOR-US: com_perchaimageattach CVE-2010-2035 (Directory traversal vulnerability in the Percha Gallery ...) NOT-FOR-US: com_perchagallery CVE-2010-2036 (Directory traversal vulnerability in the Percha Fields Attach ...) NOT-FOR-US: com_perchafieldsattach CVE-2010-2037 (Directory traversal vulnerability in the Percha Downloads Attach ...) NOT-FOR-US: com_perchadownloadsattach CVE-2010-2038 (Cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: gpeasy_cms CVE-2010-2039 (Cross-site request forgery (CSRF) vulnerability in gpEasy CMS 1.6.2, ...) NOT-FOR-US: gpeasy_cms CVE-2010-2040 (Cross-site scripting (XSS) vulnerability in search.php in V-EVA ...) NOT-FOR-US: v eva shopzilla_affiliate_script_php CVE-2010-2041 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) NOT-FOR-US: php calendar CVE-2010-2042 (SQL injection vulnerability in search.php in ECShop 2.7.2 allows ...) NOT-FOR-US: shopex ecshop CVE-2010-2043 (Cross-site scripting (XSS) vulnerability in Home.aspx in DataTrack ...) NOT-FOR-US: DataTrack System CVE-2010-2044 (SQL injection vulnerability in the Konsultasi (com_konsultasi) ...) NOT-FOR-US: Konsultasi com_konsultasi component CVE-2010-2045 (Directory traversal vulnerability in the Dione Form Wizard (aka FDione ...) NOT-FOR-US: Dione Form Wizard aka FDione or com_dioneformwizard component CVE-2010-2046 (Multiple cross-site scripting (XSS) vulnerabilities in the ...) NOT-FOR-US: ActiveHelper LiveHelp com_activehelper_livehelp component CVE-2010-2047 (SQL injection vulnerability in index.php in JE CMS 1.0.0 and 1.1 ...) NOT-FOR-US: JE CMS CVE-2010-2048 (Multiple cross-site scripting (XSS) vulnerabilities in the Heartbeat ...) NOT-FOR-US: Heartbeat module CVE-2010-2049 (Cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: ManageEngine ADAudit Plus CVE-2010-2050 (Directory traversal vulnerability in the Moron Solutions MS Comment ...) NOT-FOR-US: Moron Solutions MS Comment com_mscomment component CVE-2010-2051 (SQL injection vulnerability in article.php in Debliteck DBCart allows ...) NOT-FOR-US: Debliteck CVE-2010-2052 REJECTED CVE-2010-2053 (emesenelib/ProfileManager.py in emesene before 1.6.2 allows local ...) NOT-FOR-US: emesene CVE-2010-2054 (Integer overflow in httpAdapter.c in httpAdapter in SBLIM SFCB 1.3.4 ...) BUG: 335876 CVE-2010-2055 (Ghostscript 8.71 and earlier reads initialization files from the ...) BUG: 332061 CVE-2010-2056 (GNU gv before 3.7.0 allows local users to overwrite arbitrary files ...) BUG: 329125 CVE-2010-2057 (shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, ...) NOT-FOR-US: apache myfaces CVE-2010-2058 (setup.py in Prewikka 0.9.14 installs prewikka.conf with world-readable ...) BUG: 270056 CVE-2010-2059 (lib/fsm.c in RPM 4.8.0 and unspecified 4.7.x and 4.6.x versions, and ...) BUG: 335880 CVE-2010-2060 (The put command functionality in beanstalkd 1.4.5 and earlier allows ...) BUG: 322457 CVE-2010-2061 RESERVED CVE-2010-2062 RESERVED CVE-2010-2063 (Buffer overflow in the SMB1 packet chaining implementation in the ...) NOT-FOR-US: Obsolete CVE-2010-2064 RESERVED CVE-2010-2065 (Integer overflow in the TIFFroundup macro in LibTIFF before 3.9.3 ...) TODO: check CVE-2010-2066 (The mext_check_arguments function in fs/ext4/move_extent.c in the ...) TODO: check CVE-2010-2067 (Stack-based buffer overflow in the TIFFFetchSubjectDistance function ...) TODO: check CVE-2010-2068 (mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 ...) NOT-FOR-US: Windows only CVE-2010-2069 RESERVED CVE-2010-2070 (arch/ia64/xen/faults.c in Xen 3.4 and 4.0 in Linux kernel 2.6.18, and ...) TODO: check CVE-2010-2071 (The btrfs_xattr_set_acl function in fs/btrfs/acl.c in btrfs in the ...) BUG: 325603 CVE-2010-2072 (Pyftpd 0.8.4 creates log files with predictable names in a temporary ...) NOT-FOR-US: radovan_garabik pyftpd CVE-2010-2073 (auth_db_config.py in Pyftpd 0.8.4 contains hard-coded usernames and ...) NOT-FOR-US: radovan_garabik pyftpd CVE-2010-2074 (istream.c in w3m 0.5.2 and possibly other versions, when ...) BUG: 325431 CVE-2010-2075 (UnrealIRCd 3.2.8.1, as distributed on certain mirror sites from ...) BUG: 323691 CVE-2010-2076 (Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before ...) NOT-FOR-US: apache cxf CVE-2010-2077 REJECTED NOT-FOR-US: this CVE-2010-2078 (DataTrack System 3.5 allows remote attackers to list the root ...) NOT-FOR-US: DataTrack CVE-2010-2079 (DataTrack System 3.5 allows remote attackers to bypass intended ...) NOT-FOR-US: URI CVE-2010-2080 (Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket ...) BUG: 337755 CVE-2010-2081 RESERVED CVE-2010-2082 (The web interface on the Cisco Scientific Atlanta WebSTAR DPC2100R2 ...) NOT-FOR-US: cisco scientific_atlanta_webstar_dpc2100r2 CVE-2010-2083 (Microsoft Dynamics GP has a default value of ACCESS for the system ...) NOT-FOR-US: microsoft dynamics_gp CVE-2010-2084 (Microsoft ASP.NET 2.0 does not prevent setting the InnerHtml property ...) NOT-FOR-US: microsoft asp net CVE-2010-2085 (The default configuration of ASP.NET in Microsoft .NET before 1.1 has ...) NOT-FOR-US: microsoft net_framework CVE-2010-2086 (Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application ...) NOT-FOR-US: apache myfaces CVE-2010-2087 (Oracle Mojarra 1.2_14 and 2.0.2, as used in IBM WebSphere Application ...) BUG: 322889 CVE-2010-2088 (ASP.NET in Microsoft .NET 3.5 does not properly handle an unencrypted ...) NOT-FOR-US: microsoft asp net CVE-2010-2089 (The audioop module in Python 2.7 and 3.2 does not verify the ...) BUG: 325593 CVE-2010-2090 (The npb_protocol_error function in sna V5router64 in IBM ...) NOT-FOR-US: ibm communications_server CVE-2010-2091 (Microsoft Outlook Web Access (OWA) 8.2.254.0, when Internet Explorer 7 ...) NOT-FOR-US: microsoft exchange_server CVE-2010-2092 (SQL injection vulnerability in graph.php in Cacti 0.8.7e and earlier ...) BUG: 324031 CVE-2010-2093 (Use-after-free vulnerability in the request shutdown functionality in ...) BUG: 332039 CVE-2010-2094 (Multiple format string vulnerabilities in the phar extension in PHP ...) BUG: 332039 CVE-2010-2095 (SQL injection vulnerability in index.php in CMSQlite 1.2 and earlier ...) NOT-FOR-US: cmsqlite CVE-2010-2096 (Directory traversal vulnerability in index.php in CMSQlite 1.2 and ...) NOT-FOR-US: cmsqlite CVE-2010-2097 (The (1) iconv_mime_decode, (2) iconv_substr, and (3) iconv_mime_encode ...) BUG: 332039 CVE-2010-2098 (Incomplete blacklist vulnerability in usersettings.php in e107 0.7.20 ...) NOT-FOR-US: e107 CVE-2010-2099 (bbcode/php.bb in e107 0.7.20 and earlier does not perform access ...) NOT-FOR-US: e107 CVE-2010-2100 (The (1) htmlentities, (2) htmlspecialchars, (3) str_getcsv, (4) ...) BUG: 332039 CVE-2010-2101 (The (1) strip_tags, (2) setcookie, (3) strtok, (4) wordwrap, (5) ...) BUG: 332039 CVE-2010-2102 (Buffer overflow in Webby Webserver 1.01 allows remote attackers to ...) NOT-FOR-US: timo_gaik webby_webserver CVE-2010-2103 (Cross-site scripting (XSS) vulnerability in ...) TODO: check CVE-2010-2104 (Directory traversal vulnerability in Orbit Downloader 3.0.0.4 and ...) NOT-FOR-US: orbitdownloader orbit_downloader CVE-2010-2105 (Google Chrome before 5.0.375.55 does not properly follow the Safe ...) TODO: check CVE-2010-2106 (Unspecified vulnerability in Google Chrome before 5.0.375.55 might ...) NOT-FOR-US: google chrome CVE-2010-2107 (Unspecified vulnerability in Google Chrome before 5.0.375.55 allows ...) NOT-FOR-US: google chrome CVE-2010-2108 (Unspecified vulnerability in Google Chrome before 5.0.375.55 allows ...) NOT-FOR-US: google chrome CVE-2010-2109 (Unspecified vulnerability in Google Chrome before 5.0.375.55 allows ...) NOT-FOR-US: google chrome CVE-2010-2110 (Google Chrome before 5.0.375.55 does not properly execute JavaScript ...) NOT-FOR-US: google chrome CVE-2010-2111 (Cross-site request forgery (CSRF) vulnerability in user/user-set.do in ...) NOT-FOR-US: pacifictimesheet pacific_timesheet CVE-2010-2112 (Directory traversal vulnerability in the FTP service in FileCOPA ...) NOT-FOR-US: intervations filecopa CVE-2010-2113 (Multiple cross-site request forgery (CSRF) vulnerabilities in The ...) NOT-FOR-US: uniformserver CVE-2010-2114 (Cross-site request forgery (CSRF) vulnerability in pbx/gate in Brekeke ...) NOT-FOR-US: brekeke pbx CVE-2010-2115 (SolarWinds TFTP Server 10.4.0.10 allows remote attackers to cause a ...) NOT-FOR-US: solarwinds tftp_server CVE-2010-2116 (The web interface in McAfee Email Gateway (formerly IronMail) 6.7.1 ...) NOT-FOR-US: mcafee secure_mail CVE-2010-2117 (Mozilla Firefox 3.0.19, 3.5.x, and 3.6.x allows remote attackers to ...) TODO: check CVE-2010-2118 (Microsoft Internet Explorer 6.0.2900.2180 and 8.0.7600.16385 allows ...) NOT-FOR-US: microsoft ie CVE-2010-2119 (Microsoft Internet Explorer 6.0.2900.2180 allows remote attackers to ...) NOT-FOR-US: microsoft ie CVE-2010-2120 (Google Chrome 1.0.154.48 allows remote attackers to cause a denial of ...) NOT-FOR-US: google chrome CVE-2010-2121 (Opera 9.52 allows remote attackers to cause a denial of service ...) TODO: check CVE-2010-2122 (Directory traversal vulnerability in the SimpleDownload ...) NOT-FOR-US: joelrowley com_simpledownload CVE-2010-2123 (Multiple cross-site scripting (XSS) vulnerabilities in the Storm ...) NOT-FOR-US: speedtech storm CVE-2010-2124 (SQL injection vulnerability in firma.php in Bartels Schone ConPresso ...) NOT-FOR-US: bartels schoene conpresso CVE-2010-2125 (Multiple cross-site scripting (XSS) vulnerabilities in the Rotor ...) NOT-FOR-US: systemseed rotor CVE-2010-2126 (Multiple PHP remote file inclusion vulnerabilities in Snipe Gallery ...) NOT-FOR-US: snipegallery snipe_gallery CVE-2010-2127 (PHP remote file inclusion vulnerability in gallery.php in JV2 Folder ...) NOT-FOR-US: jv2design jv2_folder_gallery CVE-2010-2128 (Directory traversal vulnerability in the JE Quotation Form ...) NOT-FOR-US: harmistechnology com_jequoteform CVE-2010-2129 (Directory traversal vulnerability in the JE Ajax Event Calendar ...) NOT-FOR-US: harmistechnology com_jeajaxeventcalendar CVE-2010-2130 (Cross-site scripting (XSS) vulnerability in wflogin.jsp in Aris Global ...) NOT-FOR-US: arisglobal arisg CVE-2010-2131 (SQL injection vulnerability in the Calendar Base (cal) extension ...) NOT-FOR-US: mario_matzulla cal CVE-2010-2132 (Multiple PHP remote file inclusion vulnerabilities in Open Education ...) NOT-FOR-US: danny_ho oes CVE-2010-2133 (SQL injection vulnerability in contact.php in My Little Forum allows ...) NOT-FOR-US: mylittleforum my_little_forum CVE-2010-2134 (Multiple SQL injection vulnerabilities in login.php in Project Man 1.0 ...) NOT-FOR-US: http solution project_man CVE-2010-2135 (Multiple SQL injection vulnerabilities in login.php in HazelPress Lite ...) NOT-FOR-US: hazelpress CVE-2010-2136 (Directory traversal vulnerability in admin/index.php in Article ...) NOT-FOR-US: articlefriendly article_friendly CVE-2010-2137 (PHP remote file inclusion vulnerability in _center.php in ProMan 0.1.1 ...) NOT-FOR-US: giaard proman CVE-2010-2138 (Multiple directory traversal vulnerabilities in ProMan 0.1.1 and ...) NOT-FOR-US: giaard proman CVE-2010-2139 (SQL injection vulnerability in pages.php in Multishop CMS allows ...) NOT-FOR-US: multishopcms multishop_cms CVE-2010-2140 (SQL injection vulnerability in itemdetail.php in Multishop CMS allows ...) NOT-FOR-US: multishopcms multishop_cms CVE-2010-2141 (SQL injection vulnerability in index.php in NITRO Web Gallery allows ...) NOT-FOR-US: nitropowered nitro_web_gallery CVE-2010-2142 (SQL injection vulnerability in default.asp in Cyberhost allows remote ...) NOT-FOR-US: murat_ersoy cyberhost CVE-2010-2143 (Directory traversal vulnerability in index.php in Symphony CMS 2.0.7 ...) NOT-FOR-US: symphony cms symphony_cms CVE-2010-2144 (Cross-site scripting (XSS) vulnerability in signinform.php in Zeeways ...) NOT-FOR-US: zeeways ebay_clone_auction_script CVE-2010-2145 (Multiple PHP remote file inclusion vulnerabilities in ClearSite Beta ...) NOT-FOR-US: richrumble clearsite CVE-2010-2146 (PHP remote file inclusion vulnerability in banned.php in Visitor ...) NOT-FOR-US: graviton mediatech visitor_logger CVE-2010-2147 (Cross-site scripting (XSS) vulnerability in the My Car (com_mycar) ...) NOT-FOR-US: unisoft com_mycar CVE-2010-2148 (SQL injection vulnerability in the My Car (com_mycar) component 1.0 ...) NOT-FOR-US: unisoft com_mycar CVE-2010-2149 (Session fixation vulnerability in Fujitsu e-Pares V01 L01, L03, L10, ...) NOT-FOR-US: fujitsu e pares CVE-2010-2150 (Cross-site scripting (XSS) vulnerability Fujitsu e-Pares V01 L01 ...) NOT-FOR-US: fujitsu e pares CVE-2010-2151 (Cross-site request forgery (CSRF) vulnerability in Fujitsu e-Pares V01 ...) NOT-FOR-US: fujitsu e pares CVE-2010-2152 (Unspecified vulnerability in JustSystems Ichitaro 2004 through 2009, ...) NOT-FOR-US: justsystems just_school CVE-2010-2153 (Unrestricted file upload vulnerability in ...) NOT-FOR-US: tecnick tcexam CVE-2010-2154 (Cross-site scripting (XSS) vulnerability in the Search Site in CMScout ...) NOT-FOR-US: cmscout CVE-2010-2155 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: zonecheck CVE-2010-2156 (ISC DHCP 4.1 before 4.1.1-P1 and 4.0 before 4.0.2-P1 allows remote ...) BUG: 325605 CVE-2010-2157 (Unspecified vulnerability in CA ARCserve Backup r11.5 SP4, r12.0 SP2, ...) NOT-FOR-US: ca arcserve_backup CVE-2010-2158 (Multiple cross-site scripting (XSS) vulnerabilities in the Storm ...) NOT-FOR-US: speedtech storm CVE-2010-2159 (Dameng DM Database Server allows remote authenticated users to cause a ...) NOT-FOR-US: dameng dm_database_server CVE-2010-2160 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and ...) BUG: 322855 CVE-2010-2161 (Array index error in Adobe Flash Player before 9.0.277.0 and 10.x ...) BUG: 322855 CVE-2010-2162 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and ...) BUG: 322855 CVE-2010-2163 (Multiple unspecified vulnerabilities in Adobe Flash Player before ...) BUG: 322855 CVE-2010-2164 (Use-after-free vulnerability in Adobe Flash Player before 9.0.277.0 ...) BUG: 322855 CVE-2010-2165 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and ...) BUG: 322855 CVE-2010-2166 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and ...) BUG: 322855 CVE-2010-2167 (Multiple heap-based buffer overflows in Adobe Flash Player before ...) BUG: 322855 CVE-2010-2168 (Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on ...) BUG: 322857 CVE-2010-2169 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and ...) BUG: 322855 CVE-2010-2170 (Integer overflow in Adobe Flash Player before 9.0.277.0 and 10.x ...) BUG: 322855 CVE-2010-2171 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and ...) BUG: 322855 CVE-2010-2172 (Adobe Flash Player 9 before 9.0.277.0 on unspecified UNIX platforms ...) BUG: 322855 CVE-2010-2173 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and ...) BUG: 322855 CVE-2010-2174 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and ...) BUG: 322855 CVE-2010-2175 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and ...) BUG: 322855 CVE-2010-2176 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and ...) BUG: 322855 CVE-2010-2177 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and ...) BUG: 322855 CVE-2010-2178 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and ...) BUG: 322855 CVE-2010-2179 (Cross-site scripting (XSS) vulnerability in Adobe Flash Player before ...) BUG: 322855 CVE-2010-2180 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and ...) BUG: 322855 CVE-2010-2181 (Integer overflow in Adobe Flash Player before 9.0.277.0 and 10.x ...) BUG: 322855 CVE-2010-2182 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and ...) BUG: 322855 CVE-2010-2183 (Integer overflow in Adobe Flash Player before 9.0.277.0 and 10.x ...) BUG: 322855 CVE-2010-2184 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and ...) BUG: 322855 CVE-2010-2185 (Buffer overflow in Adobe Flash Player before 9.0.277.0 and 10.x before ...) BUG: 322855 CVE-2010-2186 (Unspecified vulnerability in Adobe Flash Player before 9.0.277.0 and ...) BUG: 322855 CVE-2010-2187 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and ...) BUG: 322855 CVE-2010-2188 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and ...) BUG: 322855 CVE-2010-2189 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and ...) BUG: 322855 CVE-2010-2190 (The (1) trim, (2) ltrim, (3) rtrim, and (4) substr_replace functions ...) BUG: 332039 CVE-2010-2191 (The (1) parse_str, (2) preg_match, (3) unpack, and (4) pack functions; ...) BUG: 332039 CVE-2010-2192 (The make_lockdir_name function in policy.c in pmount 0.9.18 allow ...) BUG: 325507 CVE-2010-2193 (Multiple unspecified vulnerabilities in the CA (1) PSFormX and (2) ...) NOT-FOR-US: webscan_active_x_control CVE-2010-2194 RESERVED CVE-2010-2195 (bozotic HTTP server (aka bozohttpd) 20090522 through 20100512 allows ...) BUG: 332065 CVE-2010-2196 RESERVED CVE-2010-2197 (rpmbuild in RPM 4.8.0 and earlier does not properly parse the syntax ...) BUG: 335880 CVE-2010-2198 (lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the ...) BUG: 335880 CVE-2010-2199 (lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the ...) BUG: 335880 CVE-2010-2200 RESERVED CVE-2010-2201 (Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on ...) BUG: 322857 CVE-2010-2202 (Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on ...) BUG: 322857 CVE-2010-2203 (Adobe Reader and Acrobat 9.x before 9.3.3 on UNIX allow attackers to ...) BUG: 322857 CVE-2010-2204 (Unspecified vulnerability in Adobe Reader and Acrobat 9.x before ...) BUG: 322857 CVE-2010-2205 (Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on ...) BUG: 322857 CVE-2010-2206 (Array index error in AcroForm.api in Adobe Reader and Acrobat 9.x ...) BUG: 322857 CVE-2010-2207 (Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on ...) BUG: 322857 CVE-2010-2208 (Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on ...) BUG: 322857 CVE-2010-2209 (Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on ...) BUG: 322857 CVE-2010-2210 (Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on ...) BUG: 322857 CVE-2010-2211 (Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on ...) BUG: 322857 CVE-2010-2212 (Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x ...) BUG: 322857 CVE-2010-2213 (Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and ...) BUG: 332205 CVE-2010-2214 (Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and ...) BUG: 332205 CVE-2010-2215 (Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and ...) BUG: 332205 CVE-2010-2216 (Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and ...) BUG: 332205 CVE-2010-2217 (Adobe Flash Media Server (FMS) before 3.0.6, and 3.5.x before 3.5.4, ...) NOT-FOR-US: adobe flash_media_server_2 CVE-2010-2218 (Adobe Flash Media Server (FMS) before 3.0.6, and 3.5.x before 3.5.4, ...) NOT-FOR-US: adobe flash_media_server_2 CVE-2010-2219 (Unspecified vulnerability in Adobe Flash Media Server (FMS) before ...) NOT-FOR-US: adobe flash_media_server_2 CVE-2010-2220 (Adobe Flash Media Server (FMS) before 3.0.6, and 3.5.x before 3.5.4, ...) NOT-FOR-US: adobe flash_media_server_2 CVE-2010-2221 (Multiple buffer overflows in the iSNS implementation in isns.c in (1) ...) BUG: 329933 CVE-2010-2222 RESERVED CVE-2010-2223 (Virtual Desktop Server Manager (VDSM) in Red Hat Enterprise ...) NOT-FOR-US: redhat enterprise_virtualization_hypervisor CVE-2010-2224 (The snapshot merging functionality in Red Hat Enterprise ...) NOT-FOR-US: redhat enterprise_virtualization_manager CVE-2010-2225 (Use-after-free vulnerability in the SplObjectStorage unserializer in ...) BUG: 332039 CVE-2010-2226 (The xfs_swapext function in fs/xfs/xfs_dfrag.c in the Linux kernel ...) TODO: check CVE-2010-2227 (Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 ...) BUG: 329937 CVE-2010-2228 (Cross-site scripting (XSS) vulnerability in the MNET access-control ...) NOT-FOR-US: We have 1.9.9 already CVE-2010-2229 (Multiple cross-site scripting (XSS) vulnerabilities in blog/index.php ...) NOT-FOR-US: We have 1.9.9 already. CVE-2010-2230 (The KSES text cleaning filter in lib/weblib.php in Moodle before ...) NOT-FOR-US: We have 1.9.9 already. CVE-2010-2231 (Cross-site request forgery (CSRF) vulnerability in ...) NOT-FOR-US: We have 1.9.9 already. CVE-2010-2232 RESERVED CVE-2010-2233 (tif_getimage.c in LibTIFF 3.9.0 and 3.9.2 on 64-bit platforms, as used ...) TODO: check CVE-2010-2234 (Cross-site request forgery (CSRF) vulnerability in Apache CouchDB ...) BUG: 335881 CVE-2010-2235 RESERVED CVE-2010-2236 RESERVED CVE-2010-2237 (Red Hat libvirt, possibly 0.6.1 through 0.8.2, looks up disk backing ...) BUG: 334137 CVE-2010-2238 (Red Hat libvirt, possibly 0.7.2 through 0.8.2, recurses into ...) BUG: 334137 CVE-2010-2239 (Red Hat libvirt, possibly 0.6.0 through 0.8.2, creates new images ...) BUG: 334137 CVE-2010-2240 (The do_anonymous_page function in mm/memory.c in the Linux kernel ...) TODO: check CVE-2010-2241 (The (1) setup-ds.pl and (2) setup-ds-admin.pl setup scripts for Red ...) NOT-FOR-US: redhat directory_server CVE-2010-2242 (Red Hat libvirt 0.2.0 through 0.8.2 creates iptables rules with ...) BUG: 334137 CVE-2010-2243 RESERVED CVE-2010-2244 (The AvahiDnsPacket function in avahi-core/socket.c in avahi-daemon in ...) BUG: 335885 CVE-2010-2245 RESERVED CVE-2010-2246 RESERVED CVE-2010-2247 RESERVED CVE-2010-2248 (fs/cifs/cifssmb.c in the CIFS implementation in the Linux kernel ...) TODO: check CVE-2010-2249 (Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before ...) BUG: 335887 CVE-2010-2250 RESERVED CVE-2010-2251 (The get1 command, as used by lftpget, in LFTP before 4.0.6 does not ...) BUG: 329939 CVE-2010-2252 (GNU Wget 1.12 and earlier uses a server-provided filename instead of ...) BUG: 329941 CVE-2010-2253 (lwp-download in libwww-perl before 5.835 does not reject downloads to ...) BUG: 329943 CVE-2010-2254 (SQL injection vulnerability in the Shape5 Bridge of Hope template for ...) NOT-FOR-US: shape5 bridge_of_hope_template CVE-2010-2255 (SQL injection vulnerability in the BF Survey Pro (com_bfsurvey_pro) ...) NOT-FOR-US: tamlyncreative com_bfsurvey_profree CVE-2010-2256 (Multiple cross-site scripting (XSS) vulnerabilities in Pay Per Minute ...) NOT-FOR-US: payperviewvideosoftware pay_per_minute_video_chat_script CVE-2010-2257 (SQL injection vulnerability in index_ie.php in Pay Per Minute Video ...) NOT-FOR-US: payperviewvideosoftware pay_per_minute_video_chat_script CVE-2010-2258 (Cross-site scripting (XSS) vulnerability in signupconfirm.php in ...) NOT-FOR-US: eschew phpbannerexchange CVE-2010-2259 (Directory traversal vulnerability in the BF Survey (com_bfsurvey) ...) NOT-FOR-US: tamlyncreative com_bfsurvey_profree CVE-2010-2260 (Multiple cross-site scripting (XSS) vulnerabilities in Gambit Design ...) NOT-FOR-US: gambitdesign bandwidth_meter CVE-2010-2261 (Linksys WAP54Gv3 firmware 3.04.03 and earlier allows remote attackers ...) NOT-FOR-US: linksys wap54gv3 CVE-2010-2262 (Galileo Students Team Weborf before 0.12.1 allows remote attackers to ...) NOT-FOR-US: galileo_students team_weborf CVE-2010-2263 (nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on ...) NOT-FOR-US: nginx CVE-2010-2264 (The Cascading Style Sheets (CSS) implementation in WebKit in Apple ...) TODO: check CVE-2010-2265 (Cross-site scripting (XSS) vulnerability in the GetServerName function ...) NOT-FOR-US: microsoft windows_xp CVE-2010-2266 (nginx 0.8.36 allows remote attackers to cause a denial of service ...) NOT-FOR-US: nginx CVE-2010-2267 (Multiple cross-site scripting (XSS) vulnerabilities in Accoria Web ...) NOT-FOR-US: accoria rock_web_server CVE-2010-2268 (Cross-site request forgery (CSRF) vulnerability in authcfg.cgi in ...) NOT-FOR-US: accoria rock_web_server CVE-2010-2269 (Directory traversal vulnerability in loadstatic.cgi in Accoria Web ...) NOT-FOR-US: accoria rock_web_server CVE-2010-2270 (Accoria Web Server (aka Rock Web Server) 1.4.7 uses a predictable ...) NOT-FOR-US: accoria rock_web_server CVE-2010-2271 (Format string vulnerability in authcfg.cgi in Accoria Web Server (aka ...) NOT-FOR-US: accoria rock_web_server CVE-2010-2272 (Unspecified vulnerability in iframe_history.html in Dojo 0.4.x before ...) NOT-FOR-US: dojotoolkit dojo CVE-2010-2273 (Multiple cross-site scripting (XSS) vulnerabilities in Dojo 1.0.x ...) NOT-FOR-US: dojotoolkit dojo CVE-2010-2274 (Multiple open redirect vulnerabilities in Dojo 1.0.x before 1.0.3, ...) NOT-FOR-US: dojotoolkit dojo CVE-2010-2275 (Cross-site scripting (XSS) vulnerability in dijit/tests/_testCommon.js ...) NOT-FOR-US: dojotoolkit dojo CVE-2010-2276 (The default configuration of the build process in Dojo 0.4.x before ...) NOT-FOR-US: dojotoolkit dojo CVE-2010-2277 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus ...) NOT-FOR-US: ibm lotus_connections CVE-2010-2278 (The bookmarklet pop-up in the Bookmarks component in IBM Lotus ...) NOT-FOR-US: ibm lotus_connections CVE-2010-2279 (The Top Updates implementation in the Homepage component in IBM Lotus ...) NOT-FOR-US: ibm lotus_connections CVE-2010-2280 (Open redirect vulnerability in the Mobile component in IBM Lotus ...) NOT-FOR-US: ibm lotus_connections CVE-2010-2281 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) NOT-FOR-US: tomatocms CVE-2010-2282 (Cross-site request forgery (CSRF) vulnerability in TomatoCMS 2.0.6 ...) NOT-FOR-US: tomatocms CVE-2010-2283 (The SMB dissector in Wireshark 0.99.6 through 1.0.13, and 1.2.0 ...) BUG: 323859 CVE-2010-2284 (Buffer overflow in the ASN.1 BER dissector in Wireshark 0.10.13 ...) BUG: 330479 CVE-2010-2285 (The SMB PIPE dissector in Wireshark 0.8.20 through 1.0.13 and 1.2.0 ...) BUG: 330479 CVE-2010-2286 (The SigComp Universal Decompressor Virtual Machine dissector in ...) BUG: 330479 CVE-2010-2287 (Buffer overflow in the SigComp Universal Decompressor Virtual Machine ...) BUG: 330479 CVE-2010-2288 (Cross-site scripting (XSS) vulnerability in dana/nc/ncrun.cgi in ...) NOT-FOR-US: juniper secure_access CVE-2010-2289 (Open redirect vulnerability in dana/home/homepage.cgi in Juniper ...) NOT-FOR-US: juniper secure_access CVE-2010-2290 (Cross-site scripting (XSS) vulnerability in cgi-bin/cgix/help in ...) NOT-FOR-US: mcafee unified_threat_management_firewall_firmware CVE-2010-2291 (Unspecified vulnerability in the web interface in snom VoIP Phone ...) NOT-FOR-US: snom voip_phone_firmware CVE-2010-2292 (Cross-site scripting (XSS) vulnerability in the Ping tools web ...) NOT-FOR-US: d link di 604 CVE-2010-2293 (The Ping tools web interface in Dlink Di-604 router allows remote ...) NOT-FOR-US: d link di 604 CVE-2010-2294 (Cross-site request forgery (CSRF) vulnerability in Plume CMS 1.2.4 and ...) NOT-FOR-US: pxsystem plume cms CVE-2010-2295 (page/EventHandler.cpp in WebCore in WebKit in Google Chrome before ...) TODO: check CVE-2010-2296 (The implementation of unspecified DOM methods in Google Chrome before ...) TODO: check CVE-2010-2297 (rendering/FixedTableLayout.cpp in WebCore in WebKit in Google Chrome ...) TODO: check CVE-2010-2298 (browser/renderer_host/database_dispatcher_host.cc in Google Chrome ...) TODO: check CVE-2010-2299 (The Clipboard::DispatchObject function in app/clipboard/clipboard.cc ...) TODO: check CVE-2010-2300 (Use-after-free vulnerability in the Element::normalizeAttributes ...) TODO: check CVE-2010-2301 (Cross-site scripting (XSS) vulnerability in editing/markup.cpp in ...) TODO: check CVE-2010-2302 (Use-after-free vulnerability in WebCore in WebKit in Google Chrome ...) TODO: check CVE-2010-2303 REJECTED NOT-FOR-US: this CVE-2010-2304 REJECTED NOT-FOR-US: this CVE-2010-2305 (Buffer overflow in an ActiveX control in SSHelper.dll for Symantec ...) NOT-FOR-US: symantec sygate_personal_firewall CVE-2010-2306 (The default installation of Sourcefire 3D Sensor 1000, 2000, and 9900; ...) NOT-FOR-US: sourcefire dc1000 CVE-2010-2307 (Multiple directory traversal vulnerabilities in the web server for ...) NOT-FOR-US: motorola surfboard_sbv6120e CVE-2010-2308 (Unspecified vulnerability in the filter driver (savonaccessfilter.sys) ...) NOT-FOR-US: sophos anti virus CVE-2010-2309 (Buffer overflow in the web server for EvoLogical EvoCam 3.6.6 and ...) NOT-FOR-US: evological evocam CVE-2010-2310 (SolarWinds TFTP Server 10.4.0.13 allows remote attackers to cause a ...) NOT-FOR-US: solarwinds tftp_server CVE-2010-2311 (Stack-based buffer overflow in Power Tab Editor 1.7 build 80 allows ...) NOT-FOR-US: power tab power_tab_editor CVE-2010-2312 (SQL injection vulnerability in index.php in HauntmAx Haunted House ...) NOT-FOR-US: hauntmax haunted_house_directory_listing_cms CVE-2010-2313 (Directory traversal vulnerability in index.php in Anodyne Productions ...) NOT-FOR-US: anodyne productions simm_management_system CVE-2010-2314 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: nucleu CVE-2010-2315 (PHP remote file inclusion vulnerability in picturelib.php in ...) NOT-FOR-US: smartisoft phpbazar CVE-2010-2316 (Multiple cross-site scripting (XSS) vulnerabilities in default.asp in ...) NOT-FOR-US: wmsdesign wmscms CVE-2010-2317 (Multiple SQL injection vulnerabilities in WmsCms 2.0 and earlier allow ...) NOT-FOR-US: wmsdesign wmscms CVE-2010-2318 (Cross-site scripting (XSS) vulnerability in cms_data.php in ...) NOT-FOR-US: phpcityportal CVE-2010-2319 (SQL injection vulnerability in index.php in IDevSpot TextAds 2.08 ...) NOT-FOR-US: idevspot textads CVE-2010-2320 (bozotic HTTP server (aka bozohttpd) before 20100621 allows remote ...) BUG: 332065 CVE-2010-2321 (Buffer overflow in Adobe InDesign CS3 10.0 allows user-assisted remote ...) NOT-FOR-US: adobe indesign_cs3 CVE-2010-2322 (Absolute path traversal vulnerability in the extract_jar function in ...) BUG: 325557 CVE-2010-2323 (IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11 on z/OS ...) NOT-FOR-US: ibm websphere_application_server CVE-2010-2324 (IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11 on z/OS ...) NOT-FOR-US: ibm websphere_application_server CVE-2010-2325 (Cross-site scripting (XSS) vulnerability in the administrative console ...) NOT-FOR-US: ibm websphere_application_server CVE-2010-2326 (IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11, when ...) NOT-FOR-US: ibm websphere_application_server CVE-2010-2327 (mod_ibm_ssl in IBM HTTP Server 6.0 before 6.0.2.43, 6.1 before ...) NOT-FOR-US: ibm websphere_application_server CVE-2010-2328 (The HTTP Channel in IBM WebSphere Application Server (WAS) 7.0 before ...) NOT-FOR-US: ibm websphere_application_server CVE-2010-2329 (Buffer overflow in Rosoft Audio Converter 4.4.4 allows remote ...) NOT-FOR-US: rosoftengineering rosoft_audio_converter CVE-2010-2330 (Stack-based buffer overflow in iSharer File Sharing Wizard 1.5.0 ...) NOT-FOR-US: upredsun isharer_file_sharing_wizard CVE-2010-2331 (Stack-based buffer overflow in iSharer File Sharing Wizard 1.5.0 ...) NOT-FOR-US: upredsun isharer_file_sharing_wizard CVE-2010-2332 (Impact Financials, Inc. Impact PDF Reader 2.0, 1.2, and other versions ...) NOT-FOR-US: impactfinancials impact_pdf_reader CVE-2010-2333 (LiteSpeed Technologies LiteSpeed Web Server 4.0.x before 4.0.15 allows ...) NOT-FOR-US: litespeed CVE-2010-2334 (Directory traversal vulnerability in themes/default/download.php in ...) NOT-FOR-US: yamamah CVE-2010-2335 (SQL injection vulnerability in index.php in Yamamah Photo Gallery ...) NOT-FOR-US: yamamah CVE-2010-2336 (index.php in Yamamah Photo Gallery 1.00 allows remote attackers to ...) NOT-FOR-US: yamamah CVE-2010-2337 (Open redirect vulnerability in RSA Federated Identity Manager 4.0 ...) NOT-FOR-US: rsa federated_identity_manager CVE-2010-2338 (Multiple SQL injection vulnerabilities in redir.asp in VU Web Visitor ...) NOT-FOR-US: vunet vu_web_visitor_analyst CVE-2010-2339 (SQL injection vulnerability in admin/pages.php in Subdreamer CMS 3.x.x ...) NOT-FOR-US: subdreamer CVE-2010-2340 (SQL injection vulnerability in members.php in Arab Portal 2.2, when ...) NOT-FOR-US: arabportal arab_portal CVE-2010-2341 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: ezpx_photoblog CVE-2010-2342 (SQL injection vulnerability in onlinenotebookmanager.asp in DMXReady ...) NOT-FOR-US: dmxready online_notebook_manager CVE-2010-2343 (Stack-based buffer overflow in D.R. Software Audio Converter 8.1, ...) NOT-FOR-US: dennisre audio_converter CVE-2010-2344 (Multiple cross-site scripting (XSS) vulnerabilities in odCMS 1.06, and ...) NOT-FOR-US: odcms CVE-2010-2345 (Cross-site request forgery (CSRF) vulnerability in odCMS 1.06, and ...) NOT-FOR-US: odcms CVE-2010-2346 RESERVED CVE-2010-2347 (The Telnet interface in the SAP J2EE Engine Core (SAP-JEECOR) 6.40 ...) NOT-FOR-US: sap server_core CVE-2010-2348 (Stack-based buffer overflow in Batch Audio Converter Lite Edition ...) NOT-FOR-US: freesoftwaretoolbox batch_audio_converter CVE-2010-2349 (H264WebCam 3.7 allows remote attackers to cause a denial of service ...) NOT-FOR-US: timhillone h264webcam CVE-2010-2350 (Heap-based buffer overflow in the PNG decoder in Ziproxy 3.1.0 allows ...) BUG: 335581 CVE-2010-2351 (Stack-based buffer overflow in the CIFS.NLM driver in Netware SMB 1.0 ...) NOT-FOR-US: novell netware CVE-2010-2352 (The Node Reference module in Content Construction Kit (CCK) module 5.x ...) NOT-FOR-US: yves_chedemois cck CVE-2010-2353 (The Node Reference module in Content Construction Kit (CCK) module 6.x ...) NOT-FOR-US: yves_chedemois cck CVE-2010-2354 (SQL injection vulnerability in subscribe.php in Pilot Group (PG) eLMS ...) NOT-FOR-US: pilotgroup elms_pro CVE-2010-2355 (Cross-site scripting (XSS) vulnerability in error.php in Pilot Group ...) NOT-FOR-US: pilotgroup elms_pro CVE-2010-2356 (Cross-site scripting (XSS) vulnerability in subscribe.php in Pilot ...) NOT-FOR-US: pilotgroup elms_pro CVE-2010-2357 (SQL injection vulnerability in index.php in Eicra Realestate Script ...) NOT-FOR-US: eicrasoft eicra_realestate_script CVE-2010-2358 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: jeffkilroy nakid_cms CVE-2010-2359 (SQL injection vulnerability in eWebQuiz.asp in ActiveWebSoftwares.com ...) NOT-FOR-US: activewebsoftwares ewebquiz CVE-2010-2360 (Multiple buffer overflows in Winny 2.0b7.1 and earlier might allow ...) NOT-FOR-US: isamu_kaneko winny CVE-2010-2361 (Winny 2.0b7.1 and earlier does not properly process BBS information, ...) NOT-FOR-US: winny CVE-2010-2362 (Winny 2.0b7.1 and earlier does not properly process node information, ...) NOT-FOR-US: winny CVE-2010-2363 (The IPv6 Unicast Reverse Path Forwarding (RPF) implementation on the ...) NOT-FOR-US: iij seil x2_firmware CVE-2010-2364 (Cross-site scripting (XSS) vulnerability in Free CGI Moo moobbs before ...) NOT-FOR-US: common1 moobbs CVE-2010-2365 (Cross-site scripting (XSS) vulnerability in Free CGI Moo moobbs2 ...) NOT-FOR-US: common1 moobbs2 CVE-2010-2366 (Cross-site scripting (XSS) vulnerability in futomi CGI Cafe Access ...) NOT-FOR-US: futomi access_analyzer_cgi CVE-2010-2367 (Cross-site scripting (XSS) vulnerability in search.cgi in AD-EDIT2 ...) TODO: check CVE-2010-2368 (Untrusted search path vulnerability in Lhaplus before 1.58 allows ...) TODO: check CVE-2010-2369 (Untrusted search path vulnerability in Lhasa 0.19 and earlier allows ...) TODO: check CVE-2010-2370 (Unspecified vulnerability in the Oracle Business Process Management ...) NOT-FOR-US: oracle fusion_middleware CVE-2010-2371 (Unspecified vulnerability in the Oracle Transportation Management ...) NOT-FOR-US: oracle supply_chain_products_suite CVE-2010-2372 (Unspecified vulnerability in the Oracle Transportation Management ...) NOT-FOR-US: oracle supply_chain_products_suite CVE-2010-2373 (Unspecified vulnerability in the Console component in Oracle ...) NOT-FOR-US: oracle enterprise_manager_grid_control CVE-2010-2374 (Unspecified vulnerability in Solaris Studio 12 update 1 allows local ...) NOT-FOR-US: oracle solaris_studio CVE-2010-2375 (Package/Privilege: Plugins for Apache, Sun and IIS web servers ...) NOT-FOR-US: oracle weblogic_server CVE-2010-2376 (Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows local ...) NOT-FOR-US: oracle solaris CVE-2010-2377 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...) NOT-FOR-US: oracle peoplesoft_and_jdedwards_product_suite CVE-2010-2378 (Unspecified vulnerability in the PeopleSoft Enterprise CRM component ...) NOT-FOR-US: oracle peoplesoft_and_jdedwards_suite_crm CVE-2010-2379 (Unspecified vulnerability in the PeopleSoft Enterprise HCM - Time & ...) NOT-FOR-US: oracle peoplesoft_and_jdedwards_suite_hcm CVE-2010-2380 (Unspecified vulnerability in the PeopleSoft Enterprise FSCM component ...) NOT-FOR-US: oracle peoplesoft_and_jdedwards_suite_scm CVE-2010-2381 (Unspecified vulnerability in the Application Server Control component ...) NOT-FOR-US: oracle fusion_middleware CVE-2010-2382 (Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows local ...) NOT-FOR-US: oracle solaris CVE-2010-2383 (Unspecified vulnerability in Oracle Solaris 8, 9, and 10, and ...) NOT-FOR-US: oracle solaris CVE-2010-2384 (Unspecified vulnerability in Oracle Solaris 9 and 10 allows local ...) NOT-FOR-US: oracle solaris CVE-2010-2385 (Unspecified vulnerability in Oracle Sun Java System Web Proxy Server ...) NOT-FOR-US: oracle sun_java_system_web_proxy_server CVE-2010-2386 (Unspecified vulnerability in Oracle Solaris 8, 9, and 10, and ...) NOT-FOR-US: oracle solaris CVE-2010-2387 RESERVED CVE-2010-2388 (Unspecified vulnerability in the Oracle Applications Manager component ...) TODO: check CVE-2010-2389 (Unspecified vulnerability in the Perl component in Oracle Database ...) TODO: check CVE-2010-2390 (Unspecified vulnerability in the Database Control component in EM ...) TODO: check CVE-2010-2391 (Unspecified vulnerability in the Core RDBMS component in Oracle ...) TODO: check CVE-2010-2392 (Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris allows ...) NOT-FOR-US: oracle solaris CVE-2010-2393 (Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris allows ...) NOT-FOR-US: oracle solaris CVE-2010-2394 (Unspecified vulnerability in Oracle Solaris 10 allows local users to ...) NOT-FOR-US: oracle solaris CVE-2010-2395 (Unspecified vulnerability in the Cabo/UIX component in Oracle Fusion ...) TODO: check CVE-2010-2396 (Unspecified vulnerability in the Forms component in Oracle Fusion ...) TODO: check CVE-2010-2397 (Unspecified vulnerability in Oracle Sun Java System Application Server ...) NOT-FOR-US: oracle sun_glassfish_enterprise_server CVE-2010-2398 (Unspecified vulnerability in the PeopleSoft Enterprise HCM component ...) NOT-FOR-US: oracle peoplesoft_and_jdedwards_suite_hcm CVE-2010-2399 (Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris allows ...) NOT-FOR-US: oracle solaris CVE-2010-2400 (Unspecified vulnerability in Oracle Solaris 9 and 10, and OpenSolaris, ...) NOT-FOR-US: oracle solaris CVE-2010-2401 (Unspecified vulnerability in the PeopleSoft Enterprise HCM - eProfile ...) NOT-FOR-US: oracle peoplesoft_and_jdedwards_suite_hcm CVE-2010-2402 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...) NOT-FOR-US: oracle peoplesoft_and_jdedwards_product_suite CVE-2010-2403 (Unspecified vulnerability in the PeopleSoft Enterprise Campus ...) NOT-FOR-US: oracle peoplesoft_and_jdedwards_suite_campus_solutions CVE-2010-2404 (Unspecified vulnerability in the Oracle iRecruitment component in ...) TODO: check CVE-2010-2405 (Unspecified vulnerability in the Siebel Core - Highly Interactive ...) TODO: check CVE-2010-2406 (Unspecified vulnerability in the Siebel Core - Highly Interactive ...) TODO: check CVE-2010-2407 (Unspecified vulnerability in the XDK component in Oracle Database ...) TODO: check CVE-2010-2408 (Unspecified vulnerability in the Oracle iRecruitment component in ...) TODO: check CVE-2010-2409 (Unspecified vulnerability in the Cabo/UIX component in Oracle Fusion ...) TODO: check CVE-2010-2410 (Unspecified vulnerability in the Cabo/UIX component in Oracle Fusion ...) TODO: check CVE-2010-2411 (Unspecified vulnerability in the Job Queue component in Oracle ...) TODO: check CVE-2010-2412 (Unspecified vulnerability in the OLAP component in Oracle Database ...) TODO: check CVE-2010-2413 (Unspecified vulnerability in the BI Publisher component in Oracle ...) TODO: check CVE-2010-2414 (Unspecified vulnerability in the (1) Sun Convergence 1 and (2) Sun ...) TODO: check CVE-2010-2415 (Unspecified vulnerability in the Change Data Capture component in ...) TODO: check CVE-2010-2416 (Unspecified vulnerability in the Oracle E-Business Intelligence ...) TODO: check CVE-2010-2417 (Unspecified vulnerability in the Agile PLM component in Oracle Supply ...) TODO: check CVE-2010-2418 (Unspecified vulnerability in the Oracle Territory Management component ...) TODO: check CVE-2010-2419 (Unspecified vulnerability in the Java Virtual Machine component in ...) TODO: check CVE-2010-2420 (Multiple unspecified vulnerabilities in Fenrir Inc. ActiveGeckoBrowser ...) NOT-FOR-US: fenrir inc activegeckobrowser CVE-2010-2421 (Multiple unspecified vulnerabilities in Opera before 10.54 have ...) TODO: check CVE-2010-2422 (Cross-site scripting (XSS) vulnerability in PortalTransforms in Plone ...) BUG: 325609 CVE-2010-2423 RESERVED CVE-2010-2424 RESERVED CVE-2010-2425 (Directory traversal vulnerability in TitanFTPd in South River ...) NOT-FOR-US: southrivertech titan_ftp_server CVE-2010-2426 (Directory traversal vulnerability in TitanFTPd in South River ...) NOT-FOR-US: southrivertech titan_ftp_server CVE-2010-2427 (VMware Studio 2.0 does not properly write to temporary files, which ...) NOT-FOR-US: vmware studio CVE-2010-2428 (Cross-site scripting (XSS) vulnerability in admin_loginok.html in the ...) NOT-FOR-US: wftpserver wing_ftp_server CVE-2010-2429 (Cross-site scripting (XSS) vulnerability in Splunk 4.0 through 4.1.2, ...) NOT-FOR-US: splunk CVE-2010-2430 RESERVED CVE-2010-2431 (The cupsFileOpen function in CUPS before 1.4.4 allows local users, ...) BUG: 325551 CVE-2010-2432 (The cupsDoAuthentication function in auth.c in the client in CUPS ...) BUG: 325551 CVE-2010-2433 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: ibm websphere_ilog_jrules CVE-2010-2434 (Buffer overflow in Arcext.dll 2.16.1 and earlier in pon software ...) NOT-FOR-US: ponsoftware explzh CVE-2010-2435 (Weborf HTTP Server 0.12.1 and earlier allows remote attackers to cause ...) NOT-FOR-US: salvo_tomaselli weborf_http_server CVE-2010-2436 (SQL injection vulnerability in modules/blog/index.php in AneCMS Blog ...) NOT-FOR-US: anecms_blog CVE-2010-2437 (Cross-site scripting (XSS) vulnerability in class/tools.class.php in ...) NOT-FOR-US: anecms_blog CVE-2010-2438 (SQL injection vulnerability in G.CMS generator allows remote attackers ...) NOT-FOR-US: laubrotel g cms_generator CVE-2010-2439 (Stack-based buffer overflow in MoreAmp allows remote attackers to ...) NOT-FOR-US: moreforge moreamp CVE-2010-2440 (Stack-based buffer overflow in st-wizard.exe in Subtitle Translation ...) NOT-FOR-US: Subtitle Translation Wizard CVE-2010-2441 (WebKit does not properly restrict focus changes, which allows remote ...) TODO: check CVE-2010-2442 (Microsoft Internet Explorer, possibly 8, does not properly restrict ...) NOT-FOR-US: Microsoft CVE-2010-2443 (The OJPEGReadBufferFill function in tif_ojpeg.c in LibTIFF before ...) TODO: check CVE-2010-2444 (parse/Csv2_parse.c in MaraDNS 1.3.03, and other versions before ...) BUG: 329947 CVE-2010-2445 (freeciv 2.2 before 2.2.1 and 2.3 before 2.3.0 allows attackers to read ...) BUG: 329949 CVE-2010-2446 RESERVED CVE-2010-2447 RESERVED CVE-2010-2448 (znc.cpp in ZNC before 0.092 allows remote authenticated users to cause ...) BUG: 329951 CVE-2010-2449 RESERVED CVE-2010-2450 RESERVED CVE-2010-2451 (Multiple format string vulnerabilities in the DCC functionality in ...) BUG: 326149 CVE-2010-2452 (Directory traversal vulnerability in the DCC functionality in KVIrc ...) BUG: 326149 CVE-2010-2453 (Multiple cross-site scripting (XSS) vulnerabilities in Synology Disk ...) NOT-FOR-US: Synology Disk Station CVE-2010-2454 (Apple Safari does not properly manage the address bar between the ...) TODO: check CVE-2010-2455 (Opera does not properly manage the address bar between the request to ...) TODO: check CVE-2010-2456 (Multiple directory traversal vulnerabilities in index.php in Linker ...) NOT-FOR-US: codelib linker_img CVE-2010-2457 (Cross-site scripting (XSS) vulnerability in index.php in K-Search ...) NOT-FOR-US: qsoft inc k search CVE-2010-2458 (Cross-site scripting (XSS) vulnerability in video.php in 2daybiz Video ...) NOT-FOR-US: 2daybiz video_community_portal_script CVE-2010-2459 (SQL injection vulnerability in video.php in 2daybiz Video Community ...) NOT-FOR-US: 2daybiz video_community_portal_script CVE-2010-2460 (SQL injection vulnerability in merchant_product_list.php in JCE-Tech ...) NOT-FOR-US: jce tech shareasale_script CVE-2010-2461 (SQL injection vulnerability in storecat.php in JCE-Tech Overstock 1 ...) NOT-FOR-US: jce tech overstock_script CVE-2010-2462 (SQL injection vulnerability in withdraw_money.php in Toma Cero OroHYIP ...) NOT-FOR-US: tomacero orohyip CVE-2010-2463 (Cross-site scripting (XSS) vulnerability in forum.php in Jamroom ...) NOT-FOR-US: jamroom CVE-2010-2464 (Multiple cross-site scripting (XSS) vulnerabilities in the RSComments ...) NOT-FOR-US: rsjoomla com_rscomments CVE-2010-2465 (The S2 Security NetBox 2.5, 3.3, and 4.0, as used in the Linear eMerge ...) NOT-FOR-US: sonitrol eaccess CVE-2010-2466 (The S2 Security NetBox, possibly 2.x and 3.x, as used in the Linear ...) NOT-FOR-US: sonitrol eaccess CVE-2010-2467 (The S2 Security NetBox, possibly 2.x and 3.x, as used in the Linear ...) NOT-FOR-US: sonitrol eaccess CVE-2010-2468 (The S2 Security NetBox 2.x and 3.x, as used in the Linear eMerge 50 ...) NOT-FOR-US: sonitrol eaccess CVE-2010-2469 (The Linear eMerge 50 and 5000 uses a default password of eMerge for ...) NOT-FOR-US: linearcorp emerge_5000 CVE-2010-2470 (Install/Filesystem.pm in Bugzilla 3.5.1 through 3.6.1 and 3.7 through ...) BUG: 329923 CVE-2010-2471 RESERVED CVE-2010-2472 RESERVED CVE-2010-2473 RESERVED CVE-2010-2474 (JBoss Enterprise Service Bus (ESB) before 4.7 CP02 in JBoss Enterprise ...) NOT-FOR-US: redhat jboss_enterprise_soa_platform CVE-2010-2475 RESERVED CVE-2010-2476 RESERVED CVE-2010-2477 (Multiple cross-site scripting (XSS) vulnerabilities in the ...) TODO: check CVE-2010-2478 (Integer overflow in the ethtool_get_rxnfc function in ...) TODO: check CVE-2010-2479 (Cross-site scripting (XSS) vulnerability in HTML Purifier before ...) NOT-FOR-US: mahara CVE-2010-2480 (Mako before 0.3.4 relies on the cgi.escape function in the Python ...) BUG: 329953 CVE-2010-2481 (The TIFFExtractData macro in LibTIFF before 3.9.4 does not properly ...) TODO: check CVE-2010-2482 (LibTIFF 3.9.4 and earlier does not properly handle an invalid ...) TODO: check CVE-2010-2483 (The TIFFRGBAImageGet function in LibTIFF 3.9.0 allows remote attackers ...) TODO: check CVE-2010-2484 (The strrchr function in PHP 5.2 before 5.2.14 allows context-dependent ...) BUG: 335889 CVE-2010-2485 RESERVED CVE-2010-2486 RESERVED CVE-2010-2487 (Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.7.3 ...) BUG: 305663 CVE-2010-2488 RESERVED CVE-2010-2489 (Buffer overflow in Ruby 1.9.x before 1.9.1-p429 on Windows might allow ...) NOT-FOR-US: ruby lang ruby CVE-2010-2490 RESERVED CVE-2010-2491 (Cross-site scripting (XSS) vulnerability in cgi/client.py in Roundup ...) BUG: 326395 CVE-2010-2492 (Buffer overflow in the ecryptfs_uid_hash macro in ...) TODO: check CVE-2010-2493 (The default configuration of the deployment descriptor (aka web.xml) ...) NOT-FOR-US: redhat jboss_enterprise_soa_platform CVE-2010-2494 (Multiple buffer underflows in the base64 decoder in base64.c in (1) ...) BUG: 327657 CVE-2010-2495 (The pppol2tp_xmit function in drivers/net/pppol2tp.c in the L2TP ...) TODO: check CVE-2010-2496 RESERVED CVE-2010-2497 (Integer underflow in glyph handling in FreeType before 2.4.0 allows ...) TODO: check CVE-2010-2498 (The psh_glyph_find_strong_points function in pshinter/pshalgo.c in ...) TODO: check CVE-2010-2499 (Buffer overflow in the Mac_Read_POST_Resource function in ...) TODO: check CVE-2010-2500 (Integer overflow in the gray_render_span function in smooth/ftgrays.c ...) TODO: check CVE-2010-2501 RESERVED CVE-2010-2502 (Multiple directory traversal vulnerabilities in Splunk 4.0 through ...) NOT-FOR-US: splunk CVE-2010-2503 (Multiple cross-site scripting (XSS) vulnerabilities in Splunk 4.0 ...) NOT-FOR-US: splunk CVE-2010-2504 (Splunk 4.0 through 4.0.10 and 4.1 through 4.1.1 allows remote ...) NOT-FOR-US: splunk CVE-2010-2505 (Soft SaschArt SasCAM Webcam Server 2.6.5, 2.7, and earlier allows ...) NOT-FOR-US: saschart sascam_webcam_server CVE-2010-2506 (Cross-site scripting (XSS) vulnerability in debug.cgi in Linksys ...) NOT-FOR-US: cisco linksys_firmware CVE-2010-2507 (Directory traversal vulnerability in the Picasa2Gallery ...) NOT-FOR-US: masselink com_picasa2gallery CVE-2010-2508 (SQL injection vulnerability in user-profile.php in 2daybiz Video ...) NOT-FOR-US: 2daybiz video_community_portal_script CVE-2010-2509 (Multiple cross-site scripting (XSS) vulnerabilities in 2daybiz Web ...) NOT-FOR-US: 2daybiz web_template_software CVE-2010-2510 (SQL injection vulnerability in customize.php in 2daybiz Web Template ...) NOT-FOR-US: 2daybiz web_template_software CVE-2010-2511 (SQL injection vulnerability in viewnews.php in 2daybiz Multi Level ...) NOT-FOR-US: 2daybiz multi_level_marketing_software CVE-2010-2512 (SQL injection vulnerability in customprofile.php in 2daybiz ...) NOT-FOR-US: 2daybiz matrimonial_script CVE-2010-2513 (SQL injection vulnerability in the JE Ajax Event Calendar ...) NOT-FOR-US: harmistechnology com_jeajaxeventcalendar CVE-2010-2514 (Cross-site scripting (XSS) vulnerability in the JFaq (com_jfaq) ...) NOT-FOR-US: dacian_strain com_jfaq CVE-2010-2515 (Multiple SQL injection vulnerabilities in index.php in the JFaq ...) NOT-FOR-US: dacian_strain com_jfaq CVE-2010-2516 (Multiple SQL injection vulnerabilities in 2daybiz Multi Level ...) NOT-FOR-US: 2daybiz multi_level_marketing_software CVE-2010-2517 (Multiple unspecified vulnerabilities in IBM Rational ClearQuest before ...) NOT-FOR-US: ibm rational_clearquest CVE-2010-2518 (Unspecified vulnerability in the P8 Content Engine (P8CE) 4.5.1 before ...) NOT-FOR-US: ibm p8_content_search_engine CVE-2010-2519 (Heap-based buffer overflow in the Mac_Read_POST_Resource function in ...) TODO: check CVE-2010-2520 (Heap-based buffer overflow in the Ins_IUP function in ...) TODO: check CVE-2010-2521 (Multiple buffer overflows in fs/nfsd/nfs4xdr.c in the XDR ...) TODO: check CVE-2010-2522 (The mipv6 daemon in UMIP 0.4 does not verify that netlink messages ...) NOT-FOR-US: linux ipv6 umip CVE-2010-2523 (Multiple buffer overflows in ha.c in the mipv6 daemon in UMIP 0.4 ...) NOT-FOR-US: linux ipv6 umip CVE-2010-2524 (The DNS resolution functionality in the CIFS implementation in the ...) TODO: check CVE-2010-2525 RESERVED CVE-2010-2526 (The cluster logical volume manager daemon (clvmd) in lvm2-cluster in ...) BUG: 334087 CVE-2010-2527 (Multiple buffer overflows in demo programs in FreeType before 2.4.0 ...) TODO: check CVE-2010-2528 (The clientautoresp function in family_icbm.c in the oscar protocol ...) BUG: 328667 CVE-2010-2529 (Unspecified vulnerability in ping.c in iputils 20020927, 20070202, ...) BUG: 332527 CVE-2010-2530 (Multiple integer signedness errors in smb_subr.c in the netsmb module ...) TODO: check CVE-2010-2531 (The var_export function in PHP 5.2 before 5.2.14 and 5.3 before 5.3.3 ...) BUG: 332039 CVE-2010-2532 (** DISPUTED ** ...) NOT-FOR-US: novell opensuse CVE-2010-2533 REJECTED CVE-2010-2534 (The NetworkSyncCommandQueue function in network/network_command.cpp in ...) BUG: 320955 CVE-2010-2535 (Multiple cross-site scripting (XSS) vulnerabilities in the Back End in ...) TODO: check CVE-2010-2536 (Multiple cross-site scripting (XSS) vulnerabilities in rekonq 0.5 and ...) BUG: 332069 CVE-2010-2537 (The btrfs_ioctl_clone function in fs/btrfs/ioctl.c in the Linux kernel ...) TODO: check CVE-2010-2538 (Integer overflow in the btrfs_ioctl_clone function in fs/btrfs/ioctl.c ...) TODO: check CVE-2010-2539 (Buffer overflow in the msTmpFile function in maputil.c in mapserv in ...) BUG: 335063 CVE-2010-2540 (mapserv.c in mapserv in MapServer before 4.10.6 and 5.x before 5.6.4 ...) BUG: 335063 CVE-2010-2541 (Buffer overflow in ftmulti.c in the ftmulti demo program in FreeType ...) TODO: check CVE-2010-2542 (Stack-based buffer overflow in the is_git_directory function in ...) BUG: 335891 CVE-2010-2543 (Cross-site scripting (XSS) vulnerability in ...) BUG: 324031 CVE-2010-2544 (Cross-site scripting (XSS) vulnerability in utilities.php in Cacti ...) BUG: 324031 CVE-2010-2545 (Multiple cross-site scripting (XSS) vulnerabilities in Cacti before ...) BUG: 324031 CVE-2010-2546 (Multiple heap-based buffer overflows in loaders/load_it.c in ...) BUG: 335892 CVE-2010-2547 (Use-after-free vulnerability in kbx/keybox-blob.c in GPGSM in GnuPG ...) BUG: 329583 CVE-2010-2548 RESERVED CVE-2010-2549 (Use-after-free vulnerability in the kernel-mode drivers in Microsoft ...) NOT-FOR-US: microsoft windows_vista CVE-2010-2550 (The SMB Server in Microsoft Windows XP SP2 and SP3, Windows Server ...) NOT-FOR-US: microsoft windows_xp CVE-2010-2551 (The SMB Server in Microsoft Windows Vista SP1 and SP2, Windows Server ...) NOT-FOR-US: microsoft windows_vista CVE-2010-2552 (Stack consumption vulnerability in the SMB Server in Microsoft Windows ...) NOT-FOR-US: microsoft windows_vista CVE-2010-2553 (The Cinepak codec in Microsoft Windows XP SP2 and SP3, Windows Vista ...) NOT-FOR-US: microsoft windows_xp CVE-2010-2554 (The Tracing Feature for Services in Microsoft Windows Vista SP1 and ...) NOT-FOR-US: microsoft windows_vista CVE-2010-2555 (The Tracing Feature for Services in Microsoft Windows Vista SP1 and ...) NOT-FOR-US: microsoft windows_vista CVE-2010-2556 (Microsoft Internet Explorer 6, 7, and 8 does not properly handle ...) NOT-FOR-US: microsoft ie CVE-2010-2557 (Microsoft Internet Explorer 6 does not properly handle objects in ...) NOT-FOR-US: microsoft ie CVE-2010-2558 (Race condition in Microsoft Internet Explorer 6, 7, and 8 allows ...) NOT-FOR-US: microsoft ie CVE-2010-2559 (Microsoft Internet Explorer 8 does not properly handle objects in ...) NOT-FOR-US: microsoft ie CVE-2010-2560 (Microsoft Internet Explorer 6, 7, and 8 does not properly handle ...) NOT-FOR-US: microsoft ie CVE-2010-2561 (Microsoft XML Core Services (aka MSXML) 3.0 does not properly handle ...) NOT-FOR-US: microsoft xml_core_services CVE-2010-2562 (Microsoft Office Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for ...) NOT-FOR-US: microsoft open_xml_file_format_converter CVE-2010-2563 (The Word 97 text converter in the WordPad Text Converters in Microsoft ...) NOT-FOR-US: microsoft windows_xp CVE-2010-2564 (Buffer overflow in Microsoft Windows Movie Maker (WMM) 2.1, 2.6, and ...) NOT-FOR-US: microsoft windows_movie_maker CVE-2010-2565 RESERVED CVE-2010-2566 (The Secure Channel (aka SChannel) security package in Microsoft ...) NOT-FOR-US: microsoft windows_xp CVE-2010-2567 (The RPC client implementation in Microsoft Windows XP SP2 and SP3 and ...) NOT-FOR-US: microsoft windows_xp CVE-2010-2568 (Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 ...) NOT-FOR-US: microsoft windows_xp CVE-2010-2569 RESERVED CVE-2010-2570 RESERVED CVE-2010-2571 RESERVED CVE-2010-2572 (Buffer overflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3 allows ...) TODO: check CVE-2010-2573 (Integer underflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3, ...) TODO: check CVE-2010-2574 (Cross-site scripting (XSS) vulnerability in manage_proj_cat_add.php in ...) BUG: 335850 CVE-2010-2575 (Heap-based buffer overflow in the RLE decompression functionality in ...) BUG: 334469 CVE-2010-2576 (Opera before 10.61 does not properly suppress clicks on download ...) TODO: check CVE-2010-2577 (Multiple SQL injection vulnerabilities in Pligg before 1.1.1 allow ...) NOT-FOR-US: pligg CVE-2010-2578 (Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through ...) TODO: check CVE-2010-2579 RESERVED CVE-2010-2580 (The SMTP service (MESMTPC.exe) in MailEnable 3.x and 4.25 does not ...) NOT-FOR-US: mailenable CVE-2010-2581 (dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows remote ...) TODO: check CVE-2010-2582 (An unspecified function in TextXtra.x32 in Adobe Shockwave Player ...) TODO: check CVE-2010-2583 (Stack-based buffer overflow in SonicWALL SSL-VPN End-Point ...) TODO: check CVE-2010-2584 (The Upload method in the RealPage Module Upload ActiveX control in ...) TODO: check CVE-2010-2585 (Multiple buffer overflows in the RealPage Module Upload ActiveX ...) TODO: check CVE-2010-2586 RESERVED CVE-2010-2587 RESERVED CVE-2010-2588 RESERVED CVE-2010-2589 RESERVED CVE-2010-2590 RESERVED CVE-2010-2591 RESERVED CVE-2010-2592 RESERVED CVE-2010-2593 RESERVED CVE-2010-2594 (Multiple cross-site request forgery (CSRF) vulnerabilities in the web ...) NOT-FOR-US: intersect_alliance snare_epilog CVE-2010-2595 (The TIFFYCbCrtoRGB function in LibTIFF 3.9.0 and 3.9.2, as used in ...) TODO: check CVE-2010-2596 (The OJPEGPostDecode function in tif_ojpeg.c in LibTIFF 3.9.0 and ...) TODO: check CVE-2010-2597 (The TIFFVStripSize function in tif_strip.c in LibTIFF 3.9.0 and 3.9.2 ...) TODO: check CVE-2010-2598 (LibTIFF in Red Hat Enterprise Linux (RHEL) 3 on x86_64 platforms, as ...) TODO: check CVE-2010-2599 RESERVED CVE-2010-2600 (Untrusted search path vulnerability in BlackBerry Desktop Software ...) NOT-FOR-US: rim blackberry_desktop_software CVE-2010-2601 (Multiple buffer overflows in the PDF distiller in the Attachment ...) TODO: check CVE-2010-2602 RESERVED CVE-2010-2603 RESERVED CVE-2010-2604 RESERVED CVE-2010-2605 RESERVED CVE-2010-2606 RESERVED CVE-2010-2607 RESERVED CVE-2010-2608 RESERVED CVE-2010-2609 (SQL injection vulnerability in show_search_result.php in 2daybiz Job ...) NOT-FOR-US: 2daybiz job_search_engine_script CVE-2010-2610 (Multiple SQL injection vulnerabilities in 2daybiz Job Site Script ...) NOT-FOR-US: 2daybiz job_site_script CVE-2010-2611 (SQL injection vulnerability in show_search_result.php in i-netsolution ...) NOT-FOR-US: i netsolution job_search_engine_script CVE-2010-2612 (Unspecified vulnerability in the HP OpenVMS Auditing feature in ...) NOT-FOR-US: hp openvms_for_integrity_servers CVE-2010-2613 (Cross-site scripting (XSS) vulnerability in the JExtensions JE Awd ...) NOT-FOR-US: harmistechnology com_awd_song CVE-2010-2614 (SQL injection vulnerability in admin/admin.php in Grafik CMS 1.1.2, ...) NOT-FOR-US: grafik power grafik_cms CVE-2010-2615 (Multiple cross-site scripting (XSS) vulnerabilities in admin/admin.php ...) NOT-FOR-US: grafik power grafik_cms CVE-2010-2616 (SQL injection vulnerability in bible.php in PHP Bible Search, probably ...) NOT-FOR-US: paul_mcenery php_bible_search CVE-2010-2617 (Cross-site scripting (XSS) vulnerability in bible.php in PHP Bible ...) NOT-FOR-US: paul_mcenery php_bible_search CVE-2010-2618 (PHP remote file inclusion vulnerability in inc/smarty/libs/init.php in ...) NOT-FOR-US: insanevisions adapcms CVE-2010-2619 (Citrix XenServer 5.0 Update 2 and earlier, and 5.5 Update 1 and ...) NOT-FOR-US: citrix xenserver CVE-2010-2620 (Open&Compact FTP Server (Open-FTPD) 1.2 and earlier allows remote ...) NOT-FOR-US: open ftpd CVE-2010-2621 (The QSslSocketBackendPrivate::transmit function in ...) BUG: 335734 CVE-2010-2622 (SQL injection vulnerability in the Joomanager component, possibly ...) NOT-FOR-US: joomanager CVE-2010-2623 (SQL injection vulnerability in pages.php in Internet DM Specialist Bed ...) NOT-FOR-US: internetdm bed_and_breakfast CVE-2010-2624 (Multiple SQL injection vulnerabilities in iScripts EasySnaps 2.0 allow ...) NOT-FOR-US: iscripts easysnaps CVE-2010-2625 (Unspecified vulnerability in the Client Service for DPM in Hitachi ...) NOT-FOR-US: hitachi serverconductor_ _deployment_manager CVE-2010-2626 (index.pl in Miyabi CGI Tools SEO Links 1.02 allows remote attackers to ...) NOT-FOR-US: miyabi seo cgi_tools_seo_links CVE-2010-2627 (Multiple directory traversal vulnerabilities in the Refractor 2 ...) NOT-FOR-US: ea battlefield_2142 CVE-2010-2628 (The IKE daemon in strongSwan 4.3.x before 4.3.7 and 4.4.x before 4.4.1 ...) NOT-FOR-US: Only ~arch, and we do not have vulnerable versions anymore. CVE-2010-2629 (The Cisco Content Services Switch (CSS) 11500 with software 8.20.4.02 ...) NOT-FOR-US: cisco content_services_switch_11500 CVE-2010-2630 (The TIFFReadDirectory function in LibTIFF 3.9.0 does not properly ...) TODO: check CVE-2010-2631 (LibTIFF 3.9.0 ignores tags in certain situations during the first ...) TODO: check CVE-2010-2632 RESERVED CVE-2010-2633 (Unspecified vulnerability in EMC Disk Library (EDL) before 3.2.7, ...) NOT-FOR-US: emc disk_library CVE-2010-2634 (RSA enVision before 3.7 SP1 allows remote authenticated users to cause ...) NOT-FOR-US: rsa envision CVE-2010-2635 (SQL injection vulnerability in IBM WebSphere Commerce 6.0 before ...) TODO: check CVE-2010-2636 (Multiple cross-site scripting (XSS) vulnerabilities in sample store ...) TODO: check CVE-2010-2637 RESERVED CVE-2010-2638 RESERVED CVE-2010-2639 RESERVED CVE-2010-2640 RESERVED CVE-2010-2641 RESERVED CVE-2010-2642 RESERVED CVE-2010-2643 RESERVED CVE-2010-2644 RESERVED CVE-2010-2645 (Unspecified vulnerability in Google Chrome before 5.0.375.99, when ...) TODO: check CVE-2010-2646 (Google Chrome before 5.0.375.99 does not properly isolate sandboxed ...) TODO: check CVE-2010-2647 (Google Chrome before 5.0.375.99 allows remote attackers to cause a ...) TODO: check CVE-2010-2648 (The implementation of the Unicode Bidirectional Algorithm (aka Bidi ...) TODO: check CVE-2010-2649 (Unspecified vulnerability in Google Chrome before 5.0.375.99 allows ...) TODO: check CVE-2010-2650 (Unspecified vulnerability in Google Chrome before 5.0.375.99 has ...) TODO: check CVE-2010-2651 (The Cascading Style Sheets (CSS) implementation in Google Chrome ...) TODO: check CVE-2010-2652 (Google Chrome before 5.0.375.99 does not properly implement modal ...) TODO: check CVE-2010-2653 (Race condition in the hvc_close function in drivers/char/hvc_console.c ...) TODO: check CVE-2010-2654 (Multiple cross-site scripting (XSS) vulnerabilities on the IBM ...) NOT-FOR-US: ibm advanced_management_module CVE-2010-2655 (Directory traversal vulnerability in private/file_management.php on ...) NOT-FOR-US: ibm advanced_management_module CVE-2010-2656 (The IBM BladeCenter with Advanced Management Module (AMM) firmware ...) NOT-FOR-US: ibm advanced_management_module CVE-2010-2657 (Opera before 10.60 on Windows and Mac OS X does not properly prevent ...) TODO: check CVE-2010-2658 (Opera before 10.60 does not properly restrict certain interaction ...) TODO: check CVE-2010-2659 (Opera before 10.50 on Windows, before 10.52 on Mac OS X, and before ...) TODO: check CVE-2010-2660 (Opera before 10.54 on Windows and Mac OS X, and before 10.60 on UNIX ...) TODO: check CVE-2010-2661 (Opera before 10.54 on Windows and Mac OS X, and before 10.60 on UNIX ...) TODO: check CVE-2010-2662 (Opera before 10.60 allows remote attackers to bypass the popup blocker ...) TODO: check CVE-2010-2663 (Opera before 10.60 allows remote attackers to cause a denial of ...) TODO: check CVE-2010-2664 (Opera before 10.60 allows remote attackers to cause a denial of ...) TODO: check CVE-2010-2665 (Cross-site scripting (XSS) vulnerability in Opera before 10.54 on ...) TODO: check CVE-2010-2666 (Opera before 10.54 on Windows and Mac OS X does not properly enforce ...) TODO: check CVE-2010-2667 (Multiple unspecified vulnerabilities in the Virtual Appliance ...) NOT-FOR-US: vmware studio CVE-2010-2668 (Unspecified vulnerability in Adaptive Micro Systems ALPHA Ethernet ...) NOT-FOR-US: adaptivedisplays alpha_ethernet_adapter_ii CVE-2010-2669 (Cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: novo ws orbis_cms CVE-2010-2670 (SQL injection vulnerability in recipedetail.php in BrotherScripts ...) NOT-FOR-US: brotherscripts recipe_website CVE-2010-2671 (Cross-site scripting (XSS) vulnerability in advancedsearch.php in eZ ...) NOT-FOR-US: ez_publish CVE-2010-2672 (Multiple SQL injection vulnerabilities in eZ Publish 3.7.0 through ...) NOT-FOR-US: ez_publish CVE-2010-2673 (SQL injection vulnerability in profile_view.php in Devana 1.6.6 and ...) NOT-FOR-US: devana CVE-2010-2674 (SQL injection vulnerability in index.php in TSOKA:CMS 1.1, 1.9, and ...) NOT-FOR-US: alanzard tsoka cms CVE-2010-2675 (Cross-site scripting (XSS) vulnerability in index.php in TSOKA:CMS ...) NOT-FOR-US: alanzard tsoka cms CVE-2010-2676 (Multiple directory traversal vulnerabilities in index.php in Open Web ...) NOT-FOR-US: openwebanalytics open_web_analytics CVE-2010-2677 (PHP remote file inclusion vulnerability in mw_plugin.php in Open Web ...) NOT-FOR-US: openwebanalytics open_web_analytics CVE-2010-2678 (SQL injection vulnerability in xmap (com_xmap) component for Joomla! ...) NOT-FOR-US: guillermo_vargas com_xmap CVE-2010-2679 (SQL injection vulnerability in the Weblinks (com_weblinks) component ...) NOT-FOR-US: joomla CVE-2010-2680 (Directory traversal vulnerability in the JExtensions JE ...) NOT-FOR-US: harmistechnology com_jesectionfinder CVE-2010-2681 (PHP remote file inclusion vulnerability in the SEF404x (com_sef) ...) NOT-FOR-US: joomla com_sef CVE-2010-2682 (Directory traversal vulnerability in the Realtyna Translator ...) NOT-FOR-US: com_realtyna CVE-2010-2683 (SQL injection vulnerability in result.php in Customer Paradigm ...) NOT-FOR-US: customerparadigm pagedirector_cms CVE-2010-2684 (SQL injection vulnerability in index.php in Customer Paradigm ...) NOT-FOR-US: customerparadigm pagedirector_cms CVE-2010-2685 (siteadmin/adduser.php in Customer Paradigm PageDirector CMS does not ...) NOT-FOR-US: customerparadigm pagedirector_cms CVE-2010-2686 (Multiple SQL injection vulnerabilities in clientes.asp in TopManage ...) NOT-FOR-US: topmanage olk_module CVE-2010-2687 (SQL injection vulnerability in printdetail.asp in Site2Nite Boat ...) NOT-FOR-US: site2nite boat_classifieds CVE-2010-2688 (SQL injection vulnerability in detail.asp in Site2Nite Boat ...) NOT-FOR-US: site2nite boat_classifieds CVE-2010-2689 (SQL injection vulnerability in cont_form.php in Internet DM WebDM CMS ...) NOT-FOR-US: internetdm webdm_cms CVE-2010-2690 (SQL injection vulnerability in the JOOFORGE Gamesbox (com_gamesbox) ...) NOT-FOR-US: jooforge com_gamesbox CVE-2010-2691 (Multiple SQL injection vulnerabilities in 2daybiz Custom T-Shirt ...) NOT-FOR-US: 2daybiz custom_t shirt_design_script CVE-2010-2692 (Cross-site scripting (XSS) vulnerability in 2daybiz Custom T-Shirt ...) NOT-FOR-US: 2daybiz custom_t shirt_design_script CVE-2010-2693 (FreeBSD 7.1 through 8.1-PRERELEASE does not copy the read-only flag ...) NOT-FOR-US: freebsd CVE-2010-2694 (SQL injection vulnerability in the redSHOP Component (com_redshop) 1.0 ...) NOT-FOR-US: redcomponent com_redshop CVE-2010-2695 (Directory traversal vulnerability in the SFTP/SSH2 virtual server in ...) NOT-FOR-US: xlightftpd xlight_ftp_server CVE-2010-2696 (SQL injection vulnerability in gallery/index.php in Sijio Community ...) NOT-FOR-US: sijio community_software CVE-2010-2697 (Cross-site scripting (XSS) vulnerability in Sijio Community Software ...) NOT-FOR-US: sijio community_software CVE-2010-2698 (Multiple cross-site scripting (XSS) vulnerabilities in Sijio Community ...) NOT-FOR-US: sijio community_software CVE-2010-2699 (SQL injection vulnerability in index.php in Edge PHP Clickbank ...) NOT-FOR-US: edgephp clickbank_affiliate_marketplace_script CVE-2010-2700 (Cross-site scripting (XSS) vulnerability in index.php in Edge PHP ...) NOT-FOR-US: edgephp clickbank_affiliate_marketplace_script CVE-2010-2701 (Multiple buffer overflows in the FathFTP ActiveX control 1.7 allow ...) NOT-FOR-US: fathsoft fathftp CVE-2010-2702 (Buffer overflow in the UGameEngine::UpdateConnectingMessage function ...) TODO: check CVE-2010-2703 (Stack-based buffer overflow in the execvp_nc function in the ov.dll ...) NOT-FOR-US: hp openview_network_node_manager CVE-2010-2704 (Buffer overflow in HP OpenView Network Node Manager (OV NNM) 7.51 and ...) NOT-FOR-US: hp openview_network_node_manager CVE-2010-2705 (Unspecified vulnerability on the HP ProCurve 1800-24G switch with ...) NOT-FOR-US: hp procurve_switch_software CVE-2010-2706 (Unspecified vulnerability in the In-band Agent on the HP ProCurve 2610 ...) NOT-FOR-US: hp procurve_switch_software CVE-2010-2707 (Unspecified vulnerability on the HP ProCurve 2626 and 2650 switches ...) NOT-FOR-US: hp procurve_switch_software CVE-2010-2708 (Unspecified vulnerability on the HP ProCurve 2610 switch before ...) NOT-FOR-US: hp procurve_switch_software CVE-2010-2709 (Stack-based buffer overflow in webappmon.exe in HP OpenView Network ...) NOT-FOR-US: HP OpenView Network Node Manager OV NNM CVE-2010-2710 (Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) ...) NOT-FOR-US: hp openview_network_node_manager CVE-2010-2711 (Unspecified vulnerability in the HP MagCloud app before 1.0.5 for the ...) NOT-FOR-US: hp magcloud CVE-2010-2712 (Unspecified vulnerability in Software Distributor (sd) in HP HP-UX ...) NOT-FOR-US: hp ux CVE-2010-2713 (The vte_sequence_handler_window_manipulation function in vteseq.c in ...) NOT-FOR-US: nalin_dahyabhai vte CVE-2010-2714 (SQL injection vulnerability in photos/index.php in TCW PHP Album 1.0 ...) NOT-FOR-US: tcwonline tcw_php_album CVE-2010-2715 (Cross-site scripting (XSS) vulnerability in photos/index.php in TCW ...) NOT-FOR-US: tcwonline tcw_php_album CVE-2010-2716 (Multiple SQL injection vulnerabilities in PsNews 1.3 allow remote ...) NOT-FOR-US: rich_kavanagh psnews CVE-2010-2717 (Cross-site scripting (XSS) vulnerability in manager/login.php in ...) NOT-FOR-US: cruxsoftware cruxcms CVE-2010-2718 (Multiple cross-site scripting (XSS) vulnerabilities in CruxSoftware ...) NOT-FOR-US: cruxsoftware cruxpa CVE-2010-2719 (SQL injection vulnerability in show.php in phpaaCms 0.3.1 UTF-8, and ...) NOT-FOR-US: phpaacms CVE-2010-2720 (SQL injection vulnerability in list.php in phpaaCms 0.3.1 UTF-8, and ...) NOT-FOR-US: phpaacms CVE-2010-2721 (SQL injection vulnerability in index.php in RightInPoint Lyrics Script ...) NOT-FOR-US: rightinpoint lyrics_engine CVE-2010-2722 (Cross-site scripting (XSS) vulnerability in index.php in RightInPoint ...) NOT-FOR-US: rightinpoint lyrics_engine CVE-2010-2723 (Cross-site scripting (XSS) vulnerability in LISTSERV 15 and 16 allows ...) NOT-FOR-US: lsoft listserv CVE-2010-2724 (Cross-site scripting (XSS) vulnerability in the Hierarchical Select ...) NOT-FOR-US: wimleers hierarchical_select CVE-2010-2725 (BarnOwl before 1.6.2 does not check the return code of calls to the ...) NOT-FOR-US: libzephyr CVE-2010-2726 RESERVED CVE-2010-2727 RESERVED CVE-2010-2728 (Heap-based buffer overflow in Microsoft Outlook 2002 SP3, 2003 SP3, ...) NOT-FOR-US: microsoft outlook CVE-2010-2729 (The Print Spooler service in Microsoft Windows XP SP2 and SP3, Windows ...) NOT-FOR-US: microsoft windows_xp CVE-2010-2730 (Buffer overflow in Microsoft Internet Information Services (IIS) 7.5, ...) NOT-FOR-US: microsoft iis CVE-2010-2731 (Unspecified vulnerability in Microsoft Internet Information Services ...) NOT-FOR-US: microsoft iis CVE-2010-2732 (Open redirect vulnerability in the web interface in Microsoft ...) TODO: check CVE-2010-2733 (Cross-site scripting (XSS) vulnerability in the Web Monitor in ...) TODO: check CVE-2010-2734 (Cross-site scripting (XSS) vulnerability in the mobile portal in ...) TODO: check CVE-2010-2735 RESERVED CVE-2010-2736 RESERVED CVE-2010-2737 RESERVED CVE-2010-2738 (The Uniscribe (aka new Unicode Script Processor) implementation in ...) NOT-FOR-US: microsoft windows_xp CVE-2010-2739 (Buffer overflow in the CreateDIBPalette function in win32k.sys in ...) NOT-FOR-US: microsoft windows_xp CVE-2010-2740 (The OpenType Font (OTF) format driver in Microsoft Windows XP SP2 and ...) TODO: check CVE-2010-2741 (The OpenType Font (OTF) format driver in Microsoft Windows XP SP2 and ...) TODO: check CVE-2010-2742 RESERVED CVE-2010-2743 RESERVED CVE-2010-2744 (The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows ...) TODO: check CVE-2010-2745 (Microsoft Windows Media Player (WMP) 9 through 12 does not properly ...) TODO: check CVE-2010-2746 (Heap-based buffer overflow in Comctl32.dll (aka the common control ...) TODO: check CVE-2010-2747 (Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly handle ...) TODO: check CVE-2010-2748 (Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly check ...) TODO: check CVE-2010-2749 RESERVED CVE-2010-2750 (Array index error in Microsoft Word 2002 SP3 and Office 2004 for Mac ...) TODO: check CVE-2010-2751 (The nsDocShell::OnRedirectStateChange function in ...) TODO: check CVE-2010-2752 (Integer overflow in an array class in Mozilla Firefox 3.5.x before ...) TODO: check CVE-2010-2753 (Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x ...) TODO: check CVE-2010-2754 (dom/base/nsJSEnvironment.cpp in Mozilla Firefox 3.5.x before 3.5.11 ...) TODO: check CVE-2010-2755 (layout/generic/nsObjectFrame.cpp in Mozilla Firefox 3.6.7 does not ...) TODO: check CVE-2010-2756 (Search.pm in Bugzilla 2.19.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 ...) BUG: 332193 CVE-2010-2757 (The sudo feature in Bugzilla 2.22rc1 through 3.2.7, 3.3.1 through ...) BUG: 332193 CVE-2010-2758 (Bugzilla 2.17.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through ...) BUG: 332193 CVE-2010-2759 (Bugzilla 2.23.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through ...) BUG: 332193 CVE-2010-2760 (Use-after-free vulnerability in the nsTreeSelection function in ...) TODO: check CVE-2010-2761 RESERVED CVE-2010-2762 (The XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper (aka SJOW) ...) TODO: check CVE-2010-2763 (The XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper (aka SJOW) ...) TODO: check CVE-2010-2764 (Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird ...) TODO: check CVE-2010-2765 (Integer overflow in the FRAMESET element implementation in Mozilla ...) TODO: check CVE-2010-2766 (The normalizeDocument function in Mozilla Firefox before 3.5.12 and ...) TODO: check CVE-2010-2767 (The navigator.plugins implementation in Mozilla Firefox before 3.5.12 ...) TODO: check CVE-2010-2768 (Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird ...) TODO: check CVE-2010-2769 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox before ...) TODO: check CVE-2010-2770 (Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird ...) TODO: check CVE-2010-2771 (solid.exe in IBM solidDB before 6.5 FP2 allows remote attackers to ...) NOT-FOR-US: ibm soliddb CVE-2010-2772 (Siemens Simatic WinCC and PCS 7 SCADA system uses a hard-coded ...) NOT-FOR-US: siemens simatic_wincc CVE-2010-2773 RESERVED CVE-2010-2774 RESERVED CVE-2010-2775 RESERVED CVE-2010-2776 RESERVED CVE-2010-2777 RESERVED CVE-2010-2778 RESERVED CVE-2010-2779 RESERVED CVE-2010-2780 RESERVED CVE-2010-2781 RESERVED CVE-2010-2782 RESERVED CVE-2010-2783 RESERVED CVE-2010-2784 (The subpage MMIO initialization functionality in the subpage_register ...) BUG: 335872 CVE-2010-2785 (The IRC Protocol component in KVIrc 3.x and 4.x before r4693 does not ...) BUG: 330111 CVE-2010-2786 (Directory traversal vulnerability in Piwik 0.6 through 0.6.3 allows ...) NOT-FOR-US: piwik CVE-2010-2787 RESERVED CVE-2010-2788 RESERVED CVE-2010-2789 RESERVED CVE-2010-2790 (Multiple cross-site scripting (XSS) vulnerabilities in the formatQuery ...) BUG: 335893 CVE-2010-2791 (mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, ...) BUG: 330195 CVE-2010-2792 (Race condition in the SPICE (aka spice-xpi) plug-in 2.2 for Firefox ...) NOT-FOR-US: redhat spice xpi CVE-2010-2793 RESERVED CVE-2010-2794 (The SPICE (aka spice-xpi) plug-in 2.2 for Firefox allows local users ...) NOT-FOR-US: redhat spice xpi CVE-2010-2795 (phpCAS before 1.1.2 allows remote authenticated users to hijack ...) NOT-FOR-US: phpCAS CVE-2010-2796 (Cross-site scripting (XSS) vulnerability in phpCAS before 1.1.2, when ...) NOT-FOR-US: phpCAS CVE-2010-2797 (Directory traversal vulnerability in lib/translation.functions.php in ...) TODO: check CVE-2010-2798 (The gfs2_dirent_find_space function in fs/gfs2/dir.c in the Linux ...) TODO: check CVE-2010-2799 (Stack-based buffer overflow in the nestlex function in nestlex.c in ...) BUG: 330785 CVE-2010-2800 (The MS-ZIP decompressor in cabextract before 1.3 allows remote ...) BUG: 329891 CVE-2010-2801 (Integer signedness error in the Quantum decompressor in cabextract ...) BUG: 329891 CVE-2010-2802 (Cross-site scripting (XSS) vulnerability in MantisBT before 1.2.2 ...) BUG: 330481 CVE-2010-2803 (The drm_ioctl function in drivers/gpu/drm/drm_drv.c in the Direct ...) TODO: check CVE-2010-2804 RESERVED CVE-2010-2805 (The FT_Stream_EnterFrame function in base/ftstream.c in FreeType ...) TODO: check CVE-2010-2806 (Array index error in the t42_parse_sfnts function in type42/t42parse.c ...) TODO: check CVE-2010-2807 (FreeType before 2.4.2 uses incorrect integer data types during bounds ...) TODO: check CVE-2010-2808 (Buffer overflow in the Mac_Read_POST_Resource function in ...) TODO: check CVE-2010-2809 (The default configuration of the <Button2> binding in Uzbl before ...) BUG: 331421 CVE-2010-2810 (Heap-based buffer overflow in the convert_to_idna function in ...) BUG: 335894 CVE-2010-2811 (Virtual Desktop Server Manager (VDSM) in Red Hat Enterprise ...) NOT-FOR-US: redhat enterprise_virtualization CVE-2010-2812 (Client.cpp in ZNC 0.092 allows remote attackers to cause a denial of ...) BUG: 332535 CVE-2010-2813 (functions/imap_general.php in SquirrelMail before 1.4.21 does not ...) BUG: 329863 CVE-2010-2814 (Unspecified vulnerability in the Transport Layer Security (TLS) ...) NOT-FOR-US: cisco adaptive_security_appliance CVE-2010-2815 (Unspecified vulnerability in the Transport Layer Security (TLS) ...) NOT-FOR-US: cisco adaptive_security_appliance CVE-2010-2816 (Unspecified vulnerability in the SIP inspection feature on Cisco ...) NOT-FOR-US: cisco adaptive_security_appliance CVE-2010-2817 (Unspecified vulnerability in the IKE implementation on Cisco Adaptive ...) NOT-FOR-US: cisco adaptive_security_appliance CVE-2010-2818 (Unspecified vulnerability in the SunRPC inspection feature on the ...) NOT-FOR-US: cisco firewall_services_module_software CVE-2010-2819 (Unspecified vulnerability in the SunRPC inspection feature on the ...) NOT-FOR-US: cisco firewall_services_module_software CVE-2010-2820 (Unspecified vulnerability in the SunRPC inspection feature on the ...) NOT-FOR-US: cisco firewall_services_module_software CVE-2010-2821 (Unspecified vulnerability on the Cisco Firewall Services Module (FWSM) ...) NOT-FOR-US: cisco firewall_services_module_software CVE-2010-2822 (Unspecified vulnerability in the RTSP inspection feature on the Cisco ...) NOT-FOR-US: cisco ace_module CVE-2010-2823 (Unspecified vulnerability in the deep packet inspection feature on the ...) NOT-FOR-US: cisco ace_4710 CVE-2010-2824 (Unspecified vulnerability on the Cisco Application Control Engine ...) NOT-FOR-US: cisco ace_module CVE-2010-2825 (Unspecified vulnerability in the SIP inspection feature on the Cisco ...) NOT-FOR-US: cisco ace_module CVE-2010-2826 (SQL injection vulnerability in Cisco Wireless Control System (WCS) ...) NOT-FOR-US: cisco wireless_control_system_software CVE-2010-2827 (Cisco IOS 15.1(2)T allows remote attackers to cause a denial of ...) NOT-FOR-US: cisco ios CVE-2010-2828 (Unspecified vulnerability in the H.323 implementation in Cisco IOS ...) NOT-FOR-US: cisco ios_xe CVE-2010-2829 (Unspecified vulnerability in the H.323 implementation in Cisco IOS ...) NOT-FOR-US: cisco ios_xe CVE-2010-2830 (The IGMPv3 implementation in Cisco IOS 12.2, 12.3, 12.4, and 15.0 and ...) NOT-FOR-US: Cisco IOS CVE-2010-2831 (Unspecified vulnerability in the NAT for SIP implementation in Cisco ...) NOT-FOR-US: NAT for SIP implementation in Cisco IOS CVE-2010-2832 (Unspecified vulnerability in the NAT for H.323 implementation in Cisco ...) NOT-FOR-US: Cisco IOS CVE-2010-2833 (Unspecified vulnerability in the NAT for H.225.0 implementation in ...) NOT-FOR-US: Cisco IOS CVE-2010-2834 (Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x ...) NOT-FOR-US: Cisco CVE-2010-2835 (Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x ...) NOT-FOR-US: Cisco CVE-2010-2836 (Memory leak in the SSL VPN feature in Cisco IOS 12.4, 15.0, and 15.1, ...) NOT-FOR-US: SSL VPN feature in Cisco IOS CVE-2010-2837 (The SIPStationInit implementation in Cisco Unified Communications ...) NOT-FOR-US: cisco unified_communications_manager CVE-2010-2838 (The SendCombinedStatusInfo implementation in Cisco Unified ...) NOT-FOR-US: cisco unified_communications_manager CVE-2010-2839 (SIPD in Cisco Unified Presence 6.x before 6.0(7) and 7.x before 7.0(8) ...) NOT-FOR-US: cisco unified_presence_server CVE-2010-2840 (The Presence Engine (PE) service in Cisco Unified Presence 6.x before ...) NOT-FOR-US: cisco unified_presence_server CVE-2010-2841 (Unspecified vulnerability in Cisco Wireless LAN Controller (WLC) ...) NOT-FOR-US: cisco wireless_lan_controller_software CVE-2010-2842 (Cisco Wireless LAN Controller (WLC) software, possibly 4.2 through ...) NOT-FOR-US: cisco wireless_lan_controller_software CVE-2010-2843 (Cisco Wireless LAN Controller (WLC) software, possibly 4.2 through ...) NOT-FOR-US: cisco wireless_lan_controller_software CVE-2010-2844 (Cross-site scripting (XSS) vulnerability in news_show.php in Newanz ...) NOT-FOR-US: newanz newsoffice CVE-2010-2845 (SQL injection vulnerability in the QuickFAQ (com_quickfaq) component ...) NOT-FOR-US: schlu net com_quickfaq CVE-2010-2846 (Cross-site scripting (XSS) vulnerability in the InterJoomla ArtForms ...) NOT-FOR-US: gonzalo_maser com_artforms CVE-2010-2847 (Multiple SQL injection vulnerabilities in the InterJoomla ArtForms ...) NOT-FOR-US: InterJoomla ArtForms com_artforms component CVE-2010-2848 (Directory traversal vulnerability in ...) NOT-FOR-US: InterJoomla ArtForms com_artforms component CVE-2010-2849 (Cross-site scripting (XSS) vulnerability in productionnu2/nuedit.php ...) NOT-FOR-US: n CVE-2010-2850 (Directory traversal vulnerability in productionnu2/fileuploader.php in ...) NOT-FOR-US: nuBuilder CVE-2010-2851 (SQL injection vulnerability in the BookLibrary From Same Author ...) NOT-FOR-US: BookLibrary From Same Author com_booklibrary module CVE-2010-2852 (Cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: RunCms CVE-2010-2853 (SQL injection vulnerability in flashPlayer/playVideo.php in iScripts ...) NOT-FOR-US: iScripts CVE-2010-2854 (Multiple cross-site scripting (XSS) vulnerabilities in modfile.php in ...) NOT-FOR-US: Event Horizon EVH CVE-2010-2855 (Multiple SQL injection vulnerabilities in modfile.php in Event Horizon ...) NOT-FOR-US: Event Horizon EVH CVE-2010-2856 (Cross-site scripting (XSS) vulnerability in admin/currencies.php in ...) NOT-FOR-US: osCSS CVE-2010-2857 (Directory traversal vulnerability in the Music Manager component for ...) NOT-FOR-US: Music CVE-2010-2858 (Multiple cross-site scripting (XSS) vulnerabilities in news.php in ...) NOT-FOR-US: SimpNews CVE-2010-2859 (news.php in SimpNews 2.47.3 and earlier allows remote attackers to ...) NOT-FOR-US: SimpNews CVE-2010-2860 (The EMC Celerra Network Attached Storage (NAS) appliance accepts ...) NOT-FOR-US: emc celerra_network_attached_storage CVE-2010-2861 (Multiple directory traversal vulnerabilities in the administrator ...) NOT-FOR-US: adobe coldfusion CVE-2010-2862 (Integer overflow in CoolType.dll in Adobe Reader 8.2.3 and 9.3.3, and ...) TODO: check CVE-2010-2863 (Adobe Shockwave Player before 11.5.8.612 allows attackers to cause a ...) NOT-FOR-US: adobe shockwave_player CVE-2010-2864 (IML32.dll in Adobe Shockwave Player before 11.5.8.612 does not ...) NOT-FOR-US: adobe shockwave_player CVE-2010-2865 (Unspecified vulnerability in Adobe Shockwave Player before 11.5.8.612 ...) NOT-FOR-US: adobe shockwave_player CVE-2010-2866 (Integer signedness error in the DIRAPI module in Adobe Shockwave ...) NOT-FOR-US: adobe shockwave_player CVE-2010-2867 (DIRAPIX.dll in Adobe Shockwave Player before 11.5.8.612 does not ...) NOT-FOR-US: adobe shockwave_player CVE-2010-2868 (IML32.dll in Adobe Shockwave Player before 11.5.8.612 does not ...) NOT-FOR-US: adobe shockwave_player CVE-2010-2869 (IML32.dll in Adobe Shockwave Player before 11.5.8.612 does not ...) NOT-FOR-US: adobe shockwave_player CVE-2010-2870 (DIRAPIX.dll in Adobe Shockwave Player before 11.5.8.612 does not ...) NOT-FOR-US: adobe shockwave_player CVE-2010-2871 (Integer overflow in the 3D object functionality in Adobe Shockwave ...) NOT-FOR-US: adobe shockwave_player CVE-2010-2872 (Adobe Shockwave Player before 11.5.8.612 does not properly validate an ...) NOT-FOR-US: adobe shockwave_player CVE-2010-2873 (Adobe Shockwave Player before 11.5.8.612 does not properly validate ...) NOT-FOR-US: adobe shockwave_player CVE-2010-2874 (Unspecified vulnerability in Adobe Shockwave Player before 11.5.8.612 ...) NOT-FOR-US: adobe shockwave_player CVE-2010-2875 (Integer signedness error in Adobe Shockwave Player before 11.5.8.612 ...) NOT-FOR-US: adobe shockwave_player CVE-2010-2876 (Adobe Shockwave Player before 11.5.8.612 does not properly validate ...) NOT-FOR-US: adobe shockwave_player CVE-2010-2877 (Adobe Shockwave Player before 11.5.8.612 does not properly validate a ...) NOT-FOR-US: adobe shockwave_player CVE-2010-2878 (DIRAPIX.dll in Adobe Shockwave Player before 11.5.8.612 does not ...) NOT-FOR-US: adobe shockwave_player CVE-2010-2879 (Multiple integer overflows in the allocator in the TextXtra.x32 module ...) NOT-FOR-US: adobe shockwave_player CVE-2010-2880 (DIRAPI.dll in Adobe Shockwave Player before 11.5.8.612 does not ...) NOT-FOR-US: adobe shockwave_player CVE-2010-2881 (IML32.dll in Adobe Shockwave Player before 11.5.8.612 does not ...) NOT-FOR-US: adobe shockwave_player CVE-2010-2882 (DIRAPI.dll in Adobe Shockwave Player before 11.5.8.612 does not ...) NOT-FOR-US: adobe shockwave_player CVE-2010-2883 (Stack-based buffer overflow in CoolType.dll in Adobe Reader and ...) TODO: check CVE-2010-2884 (Adobe Flash Player 10.1.82.76 and earlier on Windows, Mac OS X, Linux, ...) BUG: 337204 CVE-2010-2885 (Cross-site scripting (XSS) vulnerability in Adobe RoboHelp 7 and 8, ...) TODO: check CVE-2010-2886 (Multiple cross-site scripting (XSS) vulnerabilities in Adobe RoboHelp ...) TODO: check CVE-2010-2887 (Multiple unspecified vulnerabilities in Adobe Reader and Acrobat 9.x ...) TODO: check CVE-2010-2888 (Multiple unspecified vulnerabilities in an ActiveX control in Adobe ...) TODO: check CVE-2010-2889 (Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, ...) TODO: check CVE-2010-2890 (Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on ...) TODO: check CVE-2010-2891 (Buffer overflow in the smiGetNode function in lib/smi.c in libsmi ...) TODO: check CVE-2010-2892 RESERVED CVE-2010-2893 RESERVED CVE-2010-2894 RESERVED CVE-2010-2895 RESERVED CVE-2010-2896 (IBM FileNet Content Manager (CM) 4.0.0, 4.0.1, 4.5.0, and 4.5.1 before ...) NOT-FOR-US: ibm filenet_content_manager CVE-2010-2897 (Google Chrome before 5.0.375.125 does not properly mitigate an ...) TODO: check CVE-2010-2898 (Google Chrome before 5.0.375.125 does not properly mitigate an ...) TODO: check CVE-2010-2899 (Unspecified vulnerability in the layout implementation in Google ...) TODO: check CVE-2010-2900 (Google Chrome before 5.0.375.125 does not properly handle a large ...) TODO: check CVE-2010-2901 (The rendering implementation in Google Chrome before 5.0.375.125 ...) TODO: check CVE-2010-2902 (The SVG implementation in Google Chrome before 5.0.375.125 allows ...) TODO: check CVE-2010-2903 (Google Chrome before 5.0.375.125 performs unexpected truncation and ...) TODO: check CVE-2010-2904 (Multiple cross-site scripting (XSS) vulnerabilities in the System ...) NOT-FOR-US: sap system_landscape_directory CVE-2010-2905 (SQL injection vulnerability in info.php in ScriptsFeed and ...) NOT-FOR-US: scriptsfeed scripts_directory CVE-2010-2906 (SQL injection vulnerability in articlesdetails.php in ScriptsFeed and ...) NOT-FOR-US: scriptsfeed scripts_directory CVE-2010-2907 (SQL injection vulnerability in the Huru Helpdesk (com_huruhelpdesk) ...) NOT-FOR-US: com_huruhelpdesk CVE-2010-2908 (SQL injection vulnerability in the Joomdle (com_joomdle) component ...) NOT-FOR-US: com_joomdle CVE-2010-2909 (SQL injection vulnerability in ttvideo.php in the TTVideo ...) NOT-FOR-US: toughtomato com_ttvideo CVE-2010-2910 (SQL injection vulnerability in the Ozio Gallery (com_oziogallery) ...) NOT-FOR-US: alexred com_oziogallery CVE-2010-2911 (SQL injection vulnerability in index.php in Kayako eSupport 3.70.02 ...) NOT-FOR-US: kayako esupport CVE-2010-2912 (SQL injection vulnerability in index.php in Kayako eSupport 3.70.02 ...) NOT-FOR-US: kayako esupport CVE-2010-2913 (The Citibank Citi Mobile app before 2.0.3 for iOS stores account data ...) NOT-FOR-US: citibank citi_mobile CVE-2010-2914 (Cross-site scripting (XSS) vulnerability in nessusd_www_server.nbin in ...) TODO: check CVE-2010-2915 (SQL injection vulnerability in welcome.php in AJ Square AJ HYIP PRIME ...) NOT-FOR-US: ajsquare aj_hyip CVE-2010-2916 (SQL injection vulnerability in news.php in AJ Square AJ HYIP MERIDIAN ...) NOT-FOR-US: ajsquare aj_hyip CVE-2010-2917 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in AJ ...) NOT-FOR-US: ajsquare aj_article CVE-2010-2918 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: visocrea com_joomla_visites CVE-2010-2919 (SQL injection vulnerability in the StaticXT (com_staticxt) component ...) NOT-FOR-US: joomlaxt com_staticxt CVE-2010-2920 (Directory traversal vulnerability in the Foobla Suggestions ...) NOT-FOR-US: com_foobla_suggestions CVE-2010-2921 (SQL injection vulnerability in the Golf Course Guide ...) NOT-FOR-US: photoindochina com_golfcourseguide CVE-2010-2922 (SQL injection vulnerability in default.asp in AKY Blog allows remote ...) NOT-FOR-US: ali_kenan aky_blog CVE-2010-2923 (SQL injection vulnerability in the YouTube (com_youtube) component 1.5 ...) NOT-FOR-US: prasanna com_youtube CVE-2010-2924 (SQL injection vulnerability in myLDlinker.php in the myLinksDump ...) NOT-FOR-US: silvercover mylinksdump_plugin CVE-2010-2925 (SQL injection vulnerability in index.php in Freeway CMS 1.4.3.210 ...) NOT-FOR-US: openfreeway freeway CVE-2010-2926 (SQL injection vulnerability in index.php in sNews 1.7 allows remote ...) NOT-FOR-US: solucija snews CVE-2010-2927 (The slapi_printmessage function in IBM Tivoli Directory Server (ITDS) ...) NOT-FOR-US: ibm tivoli_directory_server CVE-2010-2928 RESERVED CVE-2010-2929 (Untrusted search path vulnerability in hsolinkcontrol in hsolink ...) NOT-FOR-US: pharscape hsolink CVE-2010-2930 (Multiple stack-based buffer overflows in hsolinkcontrol in hsolink ...) NOT-FOR-US: pharscape hsolink CVE-2010-2931 (Stack-based buffer overflow in SigPlus Pro 3.74 ActiveX control allows ...) NOT-FOR-US: SigPlus Pro CVE-2010-2932 (Buffer overflow in BarCodeWiz BarCode 3.29 ActiveX control ...) NOT-FOR-US: BarCodeWiz BarCode CVE-2010-2933 (SQL injection vulnerability in AV Scripts AV Arcade 3 allows remote ...) NOT-FOR-US: AV Scripts AV Arcade CVE-2010-2934 (Multiple unspecified vulnerabilities in ZNC 0.092 allow remote ...) BUG: 332535 CVE-2010-2935 (simpress.bin in the Impress module in OpenOffice.org (OOo) 3.2.1 on ...) NOT-FOR-US: Windows only. CVE-2010-2936 (Integer overflow in simpress.bin in the Impress module in ...) NOT-FOR-US: Windows only. CVE-2010-2937 (The ReadMetaFromId3v2 function in taglib.cpp in the TagLib plugin in ...) BUG: 332361 CVE-2010-2938 (arch/x86/hvm/vmx/vmcs.c in the virtual-machine control structure ...) TODO: check CVE-2010-2939 (Double free vulnerability in the ssl3_get_key_exchange function in the ...) BUG: 332027 CVE-2010-2940 (The auth_send function in providers/ldap/ldap_auth.c in System ...) NOT-FOR-US: fedoraproject sssd CVE-2010-2941 (ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate ...) TODO: check CVE-2010-2942 (The actions implementation in the network queueing functionality in ...) TODO: check CVE-2010-2943 (The xfs implementation in the Linux kernel before 2.6.35 does not look ...) TODO: check CVE-2010-2944 (The authenticate function in LDAPUserFolder/LDAPUserFolder.py in ...) TODO: check CVE-2010-2945 (The default configuration of SLiM before 1.3.2 places ./ (dot slash) ...) NOT-FOR-US: simone_rota slim_simple_login_manager CVE-2010-2946 (fs/jfs/xattr.c in the Linux kernel before 2.6.35.2 does not properly ...) TODO: check CVE-2010-2947 (Heap-based buffer overflow in the HX_split function in string.c in ...) NOT-FOR-US: jan_engelhardt libhx CVE-2010-2948 (Stack-based buffer overflow in the bgp_route_refresh_receive function ...) BUG: 334303 CVE-2010-2949 (bgpd in Quagga before 0.99.17 does not properly parse AS paths, which ...) BUG: 334303 CVE-2010-2950 (Format string vulnerability in stream.c in the phar extension in PHP ...) TODO: check CVE-2010-2951 (dns_internal.cc in Squid 3.1.6, when IPv6 DNS resolution is not ...) TODO: check CVE-2010-2952 (Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, ...) NOT-FOR-US: apache traffic_server CVE-2010-2953 (Untrusted search path vulnerability in a certain Debian GNU/Linux ...) TODO: check CVE-2010-2954 (The irda_bind function in net/irda/af_irda.c in the Linux kernel ...) TODO: check CVE-2010-2955 (The cfg80211_wext_giwessid function in net/wireless/wext-compat.c in ...) TODO: check CVE-2010-2956 (Sudo 1.7.0 through 1.7.4p3, when a Runas group is configured, does not ...) BUG: 335381 CVE-2010-2957 (Cross-site scripting (XSS) vulnerability in Serendipity before 1.5.4, ...) NOT-FOR-US: s9y serendipity CVE-2010-2958 (Cross-site scripting (XSS) vulnerability in libraries/Error.class.php ...) BUG: 335490 CVE-2010-2959 (Integer overflow in net/can/bcm.c in the Controller Area Network (CAN) ...) TODO: check CVE-2010-2960 (The keyctl_session_to_parent function in security/keys/keyctl.c in the ...) TODO: check CVE-2010-2961 (mountall.c in mountall before 2.15.2 uses 0666 permissions for the ...) NOT-FOR-US: scott_james_remnant mountall CVE-2010-2962 RESERVED CVE-2010-2963 RESERVED CVE-2010-2964 RESERVED CVE-2010-2965 (The WDB target agent debug service in Wind River VxWorks 6.x, 5.x, and ...) NOT-FOR-US: windriver vxworks CVE-2010-2966 (The INCLUDE_SECURITY functionality in Wind River VxWorks 6.x, 5.x, and ...) NOT-FOR-US: windriver vxworks CVE-2010-2967 (The loginDefaultEncrypt algorithm in loginLib in Wind River VxWorks ...) NOT-FOR-US: windriver vxworks CVE-2010-2968 (The FTP daemon in Wind River VxWorks does not close the TCP connection ...) NOT-FOR-US: windriver vxworks CVE-2010-2969 (Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.7.3 ...) BUG: 305663 CVE-2010-2970 (Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.9.x ...) BUG: 305663 CVE-2010-2971 (loaders/load_it.c in libmikmod, possibly 3.1.12, does not properly ...) BUG: 335892 CVE-2010-2972 REJECTED NOT-FOR-US: An CVE-2010-2973 (Integer overflow in IOSurface in Apple iOS before 4.0.2 on the iPhone ...) NOT-FOR-US: Apple CVE-2010-2974 (Stack-based buffer overflow in the IConfigurationAccess interface in ...) NOT-FOR-US: IConfigurationAccess interface in the Invensys Wonderware Archestra ConfigurationAccessComponent ActiveX control in Wonderware Application Server WAS CVE-2010-2975 (Cisco Unified Wireless Network (UWN) Solution 7.x through 7.0.98.0 ...) NOT-FOR-US: cisco unified_wireless_network_solution_software CVE-2010-2976 (The controller in Cisco Unified Wireless Network (UWN) Solution 7.x ...) NOT-FOR-US: cisco unified_wireless_network_solution_software CVE-2010-2977 (Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 does ...) NOT-FOR-US: cisco unified_wireless_network_solution_software CVE-2010-2978 (Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 does ...) NOT-FOR-US: cisco unified_wireless_network_solution_software CVE-2010-2979 (Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 on ...) NOT-FOR-US: cisco unified_wireless_network_solution_software CVE-2010-2980 (Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 on ...) NOT-FOR-US: cisco unified_wireless_network_solution_software CVE-2010-2981 (Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 ...) NOT-FOR-US: cisco unified_wireless_network_solution_software CVE-2010-2982 (Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 ...) NOT-FOR-US: cisco unified_wireless_network_solution_software CVE-2010-2983 (The workgroup bridge (aka WGB) functionality in Cisco Unified Wireless ...) NOT-FOR-US: cisco unified_wireless_network_solution_software CVE-2010-2984 (Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 on ...) NOT-FOR-US: cisco unified_wireless_network_solution_software CVE-2010-2985 (Multiple cross-site scripting (XSS) vulnerabilities in IBM WebSphere ...) NOT-FOR-US: ibm websphere_service_registry_and_repository CVE-2010-2986 (Cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: cisco wireless_control_system_software CVE-2010-2987 (Multiple cross-site scripting (XSS) vulnerabilities in Cisco Wireless ...) NOT-FOR-US: cisco wireless_control_system_software CVE-2010-2988 (Cross-site scripting (XSS) vulnerability in Cisco Unified Wireless ...) NOT-FOR-US: cisco unified_wireless_network_solution_software CVE-2010-2989 (nessusd_www_server.nbin in the Nessus Web Server plugin 1.2.4 for ...) TODO: check CVE-2010-2990 (Citrix Online Plug-in for Windows for XenApp & XenDesktop before 11.2, ...) NOT-FOR-US: citrix receiver_for_windows_mobile CVE-2010-2991 (The IICAClient interface in the ICAClient library in the ICA Client ...) NOT-FOR-US: citrix online_plug in_for_windows_for_xenapp_ _xendesktop CVE-2010-2992 (packet-gsm_a_rr.c in the GSM A RR dissector in Wireshark 1.2.2 through ...) TODO: check CVE-2010-2993 (The IPMI dissector in Wireshark 1.2.0 through 1.2.9 allows remote ...) TODO: check CVE-2010-2994 (Stack-based buffer overflow in the ASN.1 BER dissector in Wireshark ...) TODO: check CVE-2010-2995 (The SigComp Universal Decompressor Virtual Machine (UDVM) in Wireshark ...) TODO: check CVE-2010-2996 (Array index error in RealNetworks RealPlayer 11.0 through 11.1 on ...) NOT-FOR-US: realnetworks realplayer CVE-2010-2997 RESERVED CVE-2010-2998 (Array index error in RealNetworks RealPlayer 11.0 through 11.1 and ...) TODO: check CVE-2010-2999 RESERVED CVE-2010-3000 (Multiple integer overflows in the ParseKnownType function in ...) NOT-FOR-US: realnetworks realplayer_sp CVE-2010-3001 (Unspecified vulnerability in an ActiveX control in the Internet ...) NOT-FOR-US: realnetworks realplayer_sp CVE-2010-3002 (Unspecified vulnerability in RealNetworks RealPlayer 11.0 through 11.1 ...) NOT-FOR-US: realnetworks realplayer CVE-2010-3003 (Cross-site scripting (XSS) vulnerability in HP Insight Diagnostics ...) NOT-FOR-US: hp insight_diagnostics CVE-2010-3004 (Unspecified vulnerability in HP Operations Agent 7.36 and 8.6 on ...) NOT-FOR-US: hp operations_agent CVE-2010-3005 (Unspecified vulnerability in HP Operations Agent 7.36 and 8.6 on ...) NOT-FOR-US: hp operations_agent CVE-2010-3006 (Unspecified vulnerability on the HP ProLiant G6 Lights-Out 100 Remote ...) NOT-FOR-US: hp proliant_g6_lights out_100_remote_management CVE-2010-3007 (Unspecified vulnerability in HP Data Protector Express, and Data ...) NOT-FOR-US: hp data_protector_express CVE-2010-3008 (Unspecified vulnerability in HP Data Protector Express, and Data ...) NOT-FOR-US: hp data_protector_express CVE-2010-3009 (Unspecified vulnerability in HP System Management Homepage (SMH) for ...) NOT-FOR-US: hp system_management_homepage CVE-2010-3010 (Cross-site scripting (XSS) vulnerability on the HP 3Com OfficeConnect ...) NOT-FOR-US: hp 3com_officeconnect_gigabit_vpn_firewall_software CVE-2010-3011 (CRLF injection vulnerability in HP System Management Homepage (SMH) ...) NOT-FOR-US: hp system_management_homepage CVE-2010-3012 (Cross-site scripting (XSS) vulnerability in HP System Management ...) NOT-FOR-US: hp system_management_homepage CVE-2010-3013 (SQL injection vulnerability in groupadmin.php in Pligg before 1.1.1 ...) NOT-FOR-US: pligg_cms CVE-2010-3014 (The Coda filesystem kernel module, as used in NetBSD and FreeBSD, when ...) NOT-FOR-US: netbsd CVE-2010-3015 (Integer overflow in the ext4_ext_get_blocks function in ...) TODO: check CVE-2010-3016 REJECTED NOT-FOR-US: this CVE-2010-3017 (Unspecified vulnerability in RSA Access Manager Agent 4.7.1 before ...) NOT-FOR-US: rsa access_manager_agent CVE-2010-3018 (RSA Access Manager Server 5.5.3 before 5.5.3.172, 6.0.4 before ...) NOT-FOR-US: rsa access_manager_server CVE-2010-3019 (Heap-based buffer overflow in Opera before 10.61 allows remote ...) TODO: check CVE-2010-3020 (The news-feed preview feature in Opera before 10.61 does not properly ...) TODO: check CVE-2010-3021 (Unspecified vulnerability in Opera before 10.61 allows remote ...) TODO: check CVE-2010-3022 (Cross-site scripting (XSS) vulnerability in the Performance logging ...) NOT-FOR-US: drupal devel_module CVE-2010-3023 (Multiple cross-site scripting (XSS) vulnerabilities in DiamondList ...) NOT-FOR-US: ehulihanapplications diamondlist CVE-2010-3024 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...) NOT-FOR-US: ehulihanapplications diamondlist CVE-2010-3025 (Multiple cross-site scripting (XSS) vulnerabilities in Tomaz Muraus ...) NOT-FOR-US: tomaz muraus open_blog CVE-2010-3026 (Cross-site request forgery (CSRF) vulnerability in ...) NOT-FOR-US: tomaz muraus open_blog CVE-2010-3027 (SQL injection vulnerability in index.php in Tycoon Baseball Script ...) NOT-FOR-US: tycoon baseball_script CVE-2010-3028 (The Aardvertiser component before 2.2.1 for Joomla! uses insecure ...) NOT-FOR-US: simon_philips aardvertiser CVE-2010-3029 (SQL injection vulnerability in statistics.php in PHPKick 0.8 allows ...) NOT-FOR-US: phpkick CVE-2010-3030 (Cross-site request forgery (CSRF) vulnerability in Tomaz Muraus Open ...) NOT-FOR-US: tomaz muraus open_blog CVE-2010-3031 (Buffer overflow in Wyse ThinOS HF 4.4.079i, and possibly other ...) NOT-FOR-US: wyse thinos_hf CVE-2010-3032 (Integer overflow in the OBGIOPServerWorker::extractHeader function in ...) NOT-FOR-US: sap crystal_reports CVE-2010-3033 (Cisco Wireless LAN Controller (WLC) software, possibly 4.2 through ...) NOT-FOR-US: cisco wireless_lan_controller_software CVE-2010-3034 (Cisco Wireless LAN Controller (WLC) software, possibly 6.0.x or ...) NOT-FOR-US: cisco wireless_lan_controller_software CVE-2010-3035 (Cisco IOS XR 3.4.0 through 3.9.1, when BGP is enabled, does not ...) NOT-FOR-US: cisco ios_xr CVE-2010-3036 (Multiple buffer overflows in the authentication functionality in the ...) TODO: check CVE-2010-3037 RESERVED CVE-2010-3038 RESERVED CVE-2010-3039 (/usr/local/cm/bin/pktCap_protectData in Cisco Unified Communications ...) TODO: check CVE-2010-3040 (Multiple stack-based buffer overflows in agent.exe in Setup Manager in ...) TODO: check CVE-2010-3041 RESERVED CVE-2010-3042 RESERVED CVE-2010-3043 RESERVED CVE-2010-3044 RESERVED CVE-2010-3045 RESERVED CVE-2010-3046 RESERVED CVE-2010-3047 RESERVED CVE-2010-3048 RESERVED CVE-2010-3049 RESERVED CVE-2010-3050 RESERVED CVE-2010-3051 RESERVED CVE-2010-3052 RESERVED CVE-2010-3053 (bdf/bdflib.c in FreeType before 2.4.2 allows remote attackers to cause ...) TODO: check CVE-2010-3054 (Unspecified vulnerability in FreeType 2.3.9, and other versions before ...) TODO: check CVE-2010-3055 (The configuration setup script (aka scripts/setup.php) in phpMyAdmin ...) BUG: 302745 CVE-2010-3056 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...) BUG: 335490 CVE-2010-3057 RESERVED CVE-2010-3058 (The Mount service in IBM Tivoli Storage Manager (TSM) FastBack 5.x.x ...) NOT-FOR-US: ibm tivoli_storage_manager_fastback CVE-2010-3059 (Buffer overflow in the message-protocol implementation in the Server ...) NOT-FOR-US: ibm tivoli_storage_manager_fastback CVE-2010-3060 (Unspecified vulnerability in the message-protocol implementation in ...) NOT-FOR-US: ibm tivoli_storage_manager_fastback CVE-2010-3061 (Unspecified vulnerability in the message-protocol implementation in ...) NOT-FOR-US: ibm tivoli_storage_manager_fastback CVE-2010-3062 (mysqlnd_wireprotocol.c in the Mysqlnd extension in PHP 5.3 through ...) TODO: check CVE-2010-3063 (The php_mysqlnd_read_error_from_line function in the Mysqlnd extension ...) TODO: check CVE-2010-3064 (Stack-based buffer overflow in the php_mysqlnd_auth_write function in ...) TODO: check CVE-2010-3065 (The default session serializer in PHP 5.2 through 5.2.13 and 5.3 ...) TODO: check CVE-2010-3066 RESERVED CVE-2010-3067 (Integer overflow in the do_io_submit function in fs/aio.c in the Linux ...) TODO: check CVE-2010-3068 RESERVED CVE-2010-3069 (Stack-based buffer overflow in the (1) sid_parse and (2) dom_sid_parse ...) TODO: check CVE-2010-3070 (Cross-site scripting (XSS) vulnerability in NuSOAP 0.9.5, as used in ...) TODO: check CVE-2010-3071 (bip before 0.8.6 allows remote attackers to cause a denial of service ...) TODO: check CVE-2010-3072 (The string-comparison functions in String.cci in Squid 3.x before ...) BUG: 334263 CVE-2010-3073 (SSL_Cipher.cpp in EncFS before 1.7.0 does not properly handle integer ...) TODO: check CVE-2010-3074 (SSL_Cipher.cpp in EncFS before 1.7.0 uses an improper combination of ...) TODO: check CVE-2010-3075 (EncFS before 1.7.0 encrypts multiple blocks by means of the CFB cipher ...) TODO: check CVE-2010-3076 (The filter function in php/src/include.php in Simple Management for ...) TODO: check CVE-2010-3077 (Cross-site scripting (XSS) vulnerability in util/icon_browser.php in ...) TODO: check CVE-2010-3078 (The xfs_ioc_fsgetxattr function in fs/xfs/linux-2.6/xfs_ioctl.c in the ...) TODO: check CVE-2010-3079 (kernel/trace/ftrace.c in the Linux kernel before 2.6.35.5, when ...) TODO: check CVE-2010-3080 (Double free vulnerability in the snd_seq_oss_open function in ...) TODO: check CVE-2010-3081 (The compat_alloc_user_space functions in include/asm/compat.h files in ...) TODO: check CVE-2010-3082 (Cross-site scripting (XSS) vulnerability in Django 1.2.x before 1.2.2 ...) BUG: 336594 CVE-2010-3083 (sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat ...) TODO: check CVE-2010-3084 (Buffer overflow in the niu_get_ethtool_tcam_all function in ...) TODO: check CVE-2010-3085 (The network-play implementation in Mednafen before 0.8.D might allow ...) TODO: check CVE-2010-3086 RESERVED CVE-2010-3087 (LibTIFF before 3.9.2-5.2.1 in SUSE openSUSE 11.3 allows remote ...) TODO: check CVE-2010-3088 (The notify function in pidgin-knotify.c in the pidgin-knotify plugin ...) TODO: check CVE-2010-3089 (Multiple cross-site scripting (XSS) vulnerabilities in GNU Mailman ...) BUG: 337095 CVE-2010-3090 RESERVED CVE-2010-3091 (The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x ...) TODO: check CVE-2010-3092 (The upload module in Drupal 5.x before 5.23 and 6.x before 6.18 does ...) TODO: check CVE-2010-3093 (The comment module in Drupal 5.x before 5.23 and 6.x before 6.18 ...) TODO: check CVE-2010-3094 (Multiple cross-site scripting (XSS) vulnerabilities in Drupal 6.x ...) TODO: check CVE-2010-3095 RESERVED CVE-2010-3096 (Directory traversal vulnerability in SoftX FTP Client 3.3 and possibly ...) NOT-FOR-US: softx ftp_client CVE-2010-3097 (Directory traversal vulnerability in WinFrigate Frigate 3 FTP client ...) NOT-FOR-US: winfrigate frigate_3 CVE-2010-3098 (Directory traversal vulnerability in IoRush Software FTP Rush 1.1.3 ...) NOT-FOR-US: ftprush CVE-2010-3099 (Directory traversal vulnerability in SmartSoft Ltd SmartFTP Client ...) NOT-FOR-US: smartftp CVE-2010-3100 (Directory traversal vulnerability in Porta+ FTP Client 4.1, and ...) NOT-FOR-US: portaplus porta _ftp_client CVE-2010-3101 (Directory traversal vulnerability in FTPx Corp FTP Explorer 10.5.19.1 ...) NOT-FOR-US: ftpx ftp_explorer CVE-2010-3102 (Directory traversal vulnerability in SiteDesigner Technologies, Inc. ...) NOT-FOR-US: 3dftp 3d ftp_client CVE-2010-3103 (Directory traversal vulnerability in FTPGetter Team FTPGetter ...) NOT-FOR-US: ftpgetter CVE-2010-3104 (Directory traversal vulnerability in DeskShare AutoFTP Manager 4.31, ...) NOT-FOR-US: deskshare auto_ftp_manager CVE-2010-3105 (The PluginGetDriverFile function in Novell iPrint Client before 5.44 ...) NOT-FOR-US: novell iprint CVE-2010-3106 (The ienipp.ocx ActiveX control in the browser plugin in Novell iPrint ...) NOT-FOR-US: novell iprint CVE-2010-3107 (A certain ActiveX control in ienipp.ocx in the browser plugin in ...) NOT-FOR-US: novell iprint CVE-2010-3108 (Buffer overflow in the browser plugin in Novell iPrint Client before ...) NOT-FOR-US: novell iprint CVE-2010-3109 (Stack-based buffer overflow in the browser plugin in Novell iPrint ...) NOT-FOR-US: novell iprint CVE-2010-3110 (Multiple buffer overflows in the Novell Client novfs module for the ...) TODO: check CVE-2010-3111 (Google Chrome before 6.0.472.53 does not properly mitigate an ...) TODO: check CVE-2010-3112 (Google Chrome before 5.0.375.127 does not properly implement file ...) TODO: check CVE-2010-3113 (Google Chrome before 5.0.375.127 does not properly handle SVG ...) TODO: check CVE-2010-3114 (The text-editing implementation in Google Chrome before 5.0.375.127 ...) TODO: check CVE-2010-3115 (Google Chrome before 5.0.375.127 does not properly implement the ...) TODO: check CVE-2010-3116 (Google Chrome before 5.0.375.127 does not properly process MIME types, ...) TODO: check CVE-2010-3117 (Google Chrome before 5.0.375.127 does not properly implement the ...) TODO: check CVE-2010-3118 (The autosuggest feature in the Omnibox implementation in Google Chrome ...) TODO: check CVE-2010-3119 (Google Chrome before 5.0.375.127 does not properly support the Ruby ...) TODO: check CVE-2010-3120 (Google Chrome before 5.0.375.127 does not properly implement the ...) TODO: check CVE-2010-3121 (Buffer overflow in tm-console-bin in the DevonIT thin-client ...) NOT-FOR-US: devonit thin client_management_tool CVE-2010-3122 (The DevonIT thin-client management tool relies on a shared secret for ...) NOT-FOR-US: devonit thin client_management_tool CVE-2010-3123 RESERVED CVE-2010-3124 (Untrusted search path vulnerability in bin/winvlc.c in VLC Media ...) TODO: check CVE-2010-3125 (Untrusted search path vulnerability in TeamMate Audit Management ...) NOT-FOR-US: wolterskluwer teammate_audit_management_software_suite CVE-2010-3126 (Untrusted search path vulnerability in avast! Free Antivirus version ...) NOT-FOR-US: avast_antivirus_free CVE-2010-3127 (Untrusted search path vulnerability in Adobe PhotoShop CS2 through CS5 ...) NOT-FOR-US: adobe photoshop CVE-2010-3128 (Untrusted search path vulnerability in TeamViewer 5.0.8703 and earlier ...) NOT-FOR-US: teamviewer CVE-2010-3129 (Untrusted search path vulnerability in uTorrent 2.0.3 and earlier ...) NOT-FOR-US: 3128 CVE-2010-3130 (Untrusted search path vulnerability in TechSmith Snagit 10 (Build 788) ...) NOT-FOR-US: techsmith snagit CVE-2010-3131 (Untrusted search path vulnerability in Mozilla Firefox before 3.5.12 ...) TODO: check CVE-2010-3132 (Untrusted search path vulnerability in Adobe Dreamweaver CS5 11.0 ...) NOT-FOR-US: adobe dreamweaver CVE-2010-3133 (Untrusted search path vulnerability in Wireshark 0.8.4 through 1.0.15 ...) BUG: 330479 CVE-2010-3134 (Untrusted search path vulnerability in Google Earth 5.1.3535.3218 ...) NOT-FOR-US: google earth CVE-2010-3135 (Untrusted search path vulnerability in Cisco Packet Tracer 5.2 allows ...) NOT-FOR-US: cisco packet_tracer CVE-2010-3136 (Untrusted search path vulnerability in Skype 4.2.0.169 and earlier ...) NOT-FOR-US: skype CVE-2010-3137 (Untrusted search path vulnerability in Nullsoft Winamp 5.581, and ...) NOT-FOR-US: nullsoft winamp CVE-2010-3138 (Untrusted search path vulnerability in the Indeo filter (iac25_32.ax) ...) NOT-FOR-US: microsoft windows CVE-2010-3139 (Untrusted search path vulnerability in Microsoft Windows Progman Group ...) NOT-FOR-US: microsoft windows CVE-2010-3140 (Untrusted search path vulnerability in Microsoft Windows Internet ...) NOT-FOR-US: microsoft windows_xp CVE-2010-3141 (Untrusted search path vulnerability in Microsoft PowerPoint 2010 ...) NOT-FOR-US: microsoft powerpoint CVE-2010-3142 (Untrusted search path vulnerability in Microsoft Office PowerPoint ...) NOT-FOR-US: microsoft powerpoint CVE-2010-3143 (Untrusted search path vulnerability in Microsoft Windows Contacts ...) NOT-FOR-US: microsoft windows CVE-2010-3144 (Untrusted search path vulnerability in Microsoft Internet Connection ...) NOT-FOR-US: microsoft windows CVE-2010-3145 (Untrusted search path vulnerability in the Microsoft Vista BitLocker ...) NOT-FOR-US: microsoft windows_vista CVE-2010-3146 (Untrusted search path vulnerability in Microsoft Office Groove 2007 ...) NOT-FOR-US: microsoft groove CVE-2010-3147 (Untrusted search path vulnerability in Microsoft Address Book ...) NOT-FOR-US: microsoft outlook_express CVE-2010-3148 (Untrusted search path vulnerability in Microsoft Visio 2003 allows ...) NOT-FOR-US: microsoft visio CVE-2010-3149 (Untrusted search path vulnerability in Adobe Device Central CS5 ...) NOT-FOR-US: adobe device_central_cs5 CVE-2010-3150 (Untrusted search path vulnerability in Adobe Premier Pro CS4 4.0.0 ...) NOT-FOR-US: adobe premier_pro_cs4 CVE-2010-3151 (Untrusted search path vulnerability in Adobe On Location CS4 Build 315 ...) NOT-FOR-US: adobe onlocation_cs4 CVE-2010-3152 (Untrusted search path vulnerability in Adobe Illustrator CS4 14.0.0, ...) NOT-FOR-US: adobe illustrator CVE-2010-3153 (Untrusted search path vulnerability in Adobe InDesign CS4 6.0, ...) NOT-FOR-US: adobe indesign_cs4 CVE-2010-3154 (Untrusted search path vulnerability in Adobe Extension Manager CS5 ...) NOT-FOR-US: adobe extension_manager_cs5 CVE-2010-3155 (Untrusted search path vulnerability in Adobe ExtendScript Toolkit ...) NOT-FOR-US: adobe extendedscript_toolkit_cs5 CVE-2010-3156 (Untrusted search path vulnerability in K2 K2Editor before 1.5.9 allows ...) TODO: check CVE-2010-3157 (Untrusted search path vulnerability in XacRett before 50 allows ...) TODO: check CVE-2010-3158 (Untrusted search path vulnerability in Lhaplus before 1.58 allows ...) TODO: check CVE-2010-3159 (Untrusted search path vulnerability in Explzh 5.67 and earlier allows ...) TODO: check CVE-2010-3160 (Untrusted search path vulnerability in Archive Decoder 1.23 and ...) TODO: check CVE-2010-3161 (Untrusted search path vulnerability in TeraPad before 1.00 allows ...) TODO: check CVE-2010-3162 (Untrusted search path vulnerability in Apsaly before 3.74 allows local ...) TODO: check CVE-2010-3163 (Untrusted search path vulnerability in Fenrir Sleipnir before 2.9.5 ...) TODO: check CVE-2010-3164 (Untrusted search path vulnerability in Fenrir Sleipnir 2.9.4 and ...) TODO: check CVE-2010-3165 (Untrusted search path vulnerability in Yokka NoEditor 1.33.1.1 and ...) TODO: check CVE-2010-3166 (Heap-based buffer overflow in the nsTextFrameUtils::TransformText ...) TODO: check CVE-2010-3167 (The nsTreeContentView function in Mozilla Firefox before 3.5.12 and ...) TODO: check CVE-2010-3168 (Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird ...) TODO: check CVE-2010-3169 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) TODO: check CVE-2010-3170 (Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird ...) TODO: check CVE-2010-3171 (The Math.random function in the JavaScript implementation in Mozilla ...) TODO: check CVE-2010-3172 (CRLF injection vulnerability in Bugzilla before 3.2.9, 3.4.x before ...) TODO: check CVE-2010-3173 (The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x ...) TODO: check CVE-2010-3174 (Unspecified vulnerability in the browser engine in Mozilla Firefox ...) TODO: check CVE-2010-3175 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) TODO: check CVE-2010-3176 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) TODO: check CVE-2010-3177 (Multiple cross-site scripting (XSS) vulnerabilities in the Gopher ...) TODO: check CVE-2010-3178 (Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird ...) TODO: check CVE-2010-3179 (Stack-based buffer overflow in the text-rendering functionality in ...) TODO: check CVE-2010-3180 (Use-after-free vulnerability in the nsBarProp function in Mozilla ...) TODO: check CVE-2010-3181 (Untrusted search path vulnerability in Mozilla Firefox before 3.5.14 ...) TODO: check CVE-2010-3182 (A certain application-launch script in Mozilla Firefox before 3.5.14 ...) TODO: check CVE-2010-3183 (The LookupGetterOrSetter function in Mozilla Firefox before 3.5.14 and ...) TODO: check CVE-2010-3184 RESERVED CVE-2010-3185 RESERVED CVE-2010-3186 (IBM WebSphere Application Server (WAS) 7.x before 7.0.0.13, and ...) NOT-FOR-US: ibm websphere_application_server CVE-2010-3187 (Buffer overflow in ftpd in IBM AIX 5.3 and earlier allows remote ...) NOT-FOR-US: ibm aix CVE-2010-3188 (SQL injection vulnerability in search.aspx in BugTracker.NET 3.4.3 and ...) NOT-FOR-US: ifdefined bugtracker net CVE-2010-3189 (The extSetOwner function in the UfProxyBrowserCtrl ActiveX control ...) NOT-FOR-US: trendmicro internet_security CVE-2010-3190 (Untrusted search path vulnerability in ATL MFC Trace Tool ...) NOT-FOR-US: microsoft visual_studio CVE-2010-3191 (Untrusted search path vulnerability in Adobe Captivate 5.0.0.596, and ...) NOT-FOR-US: adobe captivate CVE-2010-3192 (Certain run-time memory protection mechanisms in the GNU C Library ...) TODO: check CVE-2010-3193 (Unspecified vulnerability in the DB2STST program in IBM DB2 9.1 before ...) NOT-FOR-US: ibm db2 CVE-2010-3194 (The DB2DART program in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 ...) NOT-FOR-US: ibm db2 CVE-2010-3195 (Unspecified vulnerability in IBM DB2 9.1 before FP9, 9.5 before FP6, ...) NOT-FOR-US: ibm db2 CVE-2010-3196 (IBM DB2 9.7 before FP2, when AUTO_REVAL is IMMEDIATE, allows remote ...) NOT-FOR-US: ibm db2 CVE-2010-3197 (IBM DB2 9.7 before FP2 does not perform the expected access control on ...) NOT-FOR-US: ibm db2 CVE-2010-3198 (ZServer in Zope 2.10.x before 2.10.12 and 2.11.x before 2.11.7 allows ...) TODO: check CVE-2010-3199 (Untrusted search path vulnerability in TortoiseSVN 1.6.10, Build 19898 ...) NOT-FOR-US: windows only CVE-2010-3200 (MSO.dll in Microsoft Word 2003 SP3 11.8326.11.8324 allows remote ...) NOT-FOR-US: microsoft word CVE-2010-3201 RESERVED CVE-2010-3202 (Cross-site scripting (XSS) vulnerability in Flock Browser 3.0.0.3989 ...) NOT-FOR-US: flock CVE-2010-3203 (Directory traversal vulnerability in the PicSell (com_picsell) ...) NOT-FOR-US: xmlswf com_picsell CVE-2010-3204 (Multiple PHP remote file inclusion vulnerabilities in Pecio CMS 2.0.5 ...) NOT-FOR-US: pecio cms pecio_cms CVE-2010-3205 (PHP remote file inclusion vulnerability in index.php in Textpattern ...) NOT-FOR-US: textpattern CVE-2010-3206 (Multiple PHP remote file inclusion vulnerabilities in DiY-CMS 1.0 ...) NOT-FOR-US: diy cms CVE-2010-3207 (SQL injection vulnerability in index.php in GaleriaSHQIP 1.0, when ...) NOT-FOR-US: galeriashqip CVE-2010-3208 (Cross-site scripting (XSS) vulnerability in ajax.php in Wiccle Web ...) NOT-FOR-US: wiccle_web_builder CVE-2010-3209 (Multiple PHP remote file inclusion vulnerabilities in Seagull 0.6.7 ...) NOT-FOR-US: seagullproject org seagull CVE-2010-3210 (Multiple PHP remote file inclusion vulnerabilities in Multi-lingual ...) NOT-FOR-US: martin_lee multi lingual_e commerce_system CVE-2010-3211 (Multiple SQL injection vulnerabilities in the JE FAQ Pro ...) NOT-FOR-US: jextn com_jefaqpro CVE-2010-3212 (SQL injection vulnerability in index.php in Seagull 0.6.7 and earlier ...) NOT-FOR-US: seagullproject org seagull CVE-2010-3213 (Cross-site request forgery (CSRF) vulnerability in Microsoft Outlook ...) NOT-FOR-US: microsoft outlook_web_access CVE-2010-3214 (Stack-based buffer overflow in Microsoft Word 2002 SP3, 2003 SP3, 2007 ...) TODO: check CVE-2010-3215 (Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly handle ...) TODO: check CVE-2010-3216 (Microsoft Word 2002 SP3 and Office 2004 for Mac allow remote attackers ...) TODO: check CVE-2010-3217 (Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary ...) TODO: check CVE-2010-3218 (Heap-based buffer overflow in Microsoft Word 2002 SP3 allows remote ...) TODO: check CVE-2010-3219 (Array index vulnerability in Microsoft Word 2002 SP3 allows remote ...) TODO: check CVE-2010-3220 (Unspecified vulnerability in Microsoft Word 2002 SP3 and Office 2004 ...) TODO: check CVE-2010-3221 (Microsoft Word 2002 SP3 and 2003 SP3, Office 2004 for Mac, and Word ...) TODO: check CVE-2010-3222 (Stack-based buffer overflow in the Remote Procedure Call Subsystem ...) TODO: check CVE-2010-3223 (The user interface in Microsoft Cluster Service (MSCS) in Microsoft ...) TODO: check CVE-2010-3224 RESERVED CVE-2010-3225 (Use-after-free vulnerability in the Media Player Network Sharing ...) TODO: check CVE-2010-3226 RESERVED CVE-2010-3227 (Stack-based buffer overflow in the UpdateFrameTitleForDocument method ...) TODO: check CVE-2010-3228 (The JIT compiler in Microsoft .NET Framework 4.0 on 64-bit platforms ...) TODO: check CVE-2010-3229 (The Secure Channel (aka SChannel) security package in Microsoft ...) TODO: check CVE-2010-3230 (Integer overflow in Microsoft Excel 2002 SP3 allows remote attackers ...) TODO: check CVE-2010-3231 (Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML ...) TODO: check CVE-2010-3232 (Microsoft Excel 2003 SP3 and 2007 SP2; Office 2004 and 2008 for Mac; ...) TODO: check CVE-2010-3233 (Microsoft Excel 2002 SP3 and 2003 SP3 does not properly validate ...) TODO: check CVE-2010-3234 (Microsoft Excel 2002 SP3 does not properly validate formula ...) TODO: check CVE-2010-3235 (Microsoft Excel 2002 SP3 does not properly validate formula ...) TODO: check CVE-2010-3236 (Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, ...) TODO: check CVE-2010-3237 (Microsoft Excel 2002 SP3 and Office 2004 for Mac do not properly ...) TODO: check CVE-2010-3238 (Microsoft Excel 2002 SP3 and 2003 SP3, and Office 2004 for Mac, does ...) TODO: check CVE-2010-3239 (Microsoft Excel 2002 SP3 does not properly validate record ...) TODO: check CVE-2010-3240 (Microsoft Excel 2002 SP3 and 2007 SP2; Excel Viewer SP2; and Office ...) TODO: check CVE-2010-3241 (Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML ...) TODO: check CVE-2010-3242 (Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML ...) TODO: check CVE-2010-3243 (Cross-site scripting (XSS) vulnerability in the toStaticHTML function ...) TODO: check CVE-2010-3244 (BbtsConnection_Edit.exe in Blackboard Transact Suite (formerly ...) NOT-FOR-US: blackboard transact_suite CVE-2010-3245 (The automated-backup functionality in Blackboard Transact Suite ...) NOT-FOR-US: Blackboard CVE-2010-3246 (Google Chrome before 6.0.472.53 does not properly handle the _blank ...) TODO: check CVE-2010-3247 (Google Chrome before 6.0.472.53 does not properly restrict the ...) TODO: check CVE-2010-3248 (Google Chrome before 6.0.472.53 does not properly restrict copying to ...) TODO: check CVE-2010-3249 (Google Chrome before 6.0.472.53 does not properly implement SVG ...) TODO: check CVE-2010-3250 (Unspecified vulnerability in Google Chrome before 6.0.472.53 allows ...) TODO: check CVE-2010-3251 (The WebSockets implementation in Google Chrome before 6.0.472.53 ...) TODO: check CVE-2010-3252 (Use-after-free vulnerability in the Notifications presenter in Google ...) TODO: check CVE-2010-3253 (The implementation of notification permissions in Google Chrome before ...) TODO: check CVE-2010-3254 (The WebSockets implementation in Google Chrome before 6.0.472.53 does ...) TODO: check CVE-2010-3255 (Google Chrome before 6.0.472.53 does not properly handle counter ...) TODO: check CVE-2010-3256 (Google Chrome before 6.0.472.53 does not properly limit the number of ...) TODO: check CVE-2010-3257 (Google Chrome before 6.0.472.53 does not properly perform focus ...) TODO: check CVE-2010-3258 (The sandbox implementation in Google Chrome before 6.0.472.53 does not ...) TODO: check CVE-2010-3259 (Google Chrome before 6.0.472.53 does not properly restrict read access ...) TODO: check CVE-2010-3260 RESERVED CVE-2010-3261 (Directory traversal vulnerability in RSA Authentication Agent 7.0 ...) NOT-FOR-US: rsa authentication_agent_for_web CVE-2010-3262 (Cross-site scripting (XSS) vulnerability in Flock Browser 3.x before ...) NOT-FOR-US: flock CVE-2010-3263 (Cross-site scripting (XSS) vulnerability in setup/frames/index.inc.php ...) TODO: check CVE-2010-3264 (The engine installer in Novell Identity Manager (aka IDM) 3.6.1 stores ...) NOT-FOR-US: novell identity_manager CVE-2010-3265 RESERVED CVE-2010-3266 RESERVED CVE-2010-3267 RESERVED CVE-2010-3268 RESERVED CVE-2010-3269 RESERVED CVE-2010-3270 RESERVED CVE-2010-3271 RESERVED CVE-2010-3272 RESERVED CVE-2010-3273 RESERVED CVE-2010-3274 RESERVED CVE-2010-3275 RESERVED CVE-2010-3276 RESERVED CVE-2010-3277 (The installer in VMware Workstation 7.x before 7.1.2 build 301548 and ...) TODO: check CVE-2010-3278 REJECTED NOT-FOR-US: novell suse_linux_enterprise_server CVE-2010-3279 (The default configuration of the CCAgent option before 9.0.8.4 in the ...) NOT-FOR-US: management CVE-2010-3280 (The CCAgent option 9.0.8.4 and earlier in the management server (aka ...) NOT-FOR-US: management CVE-2010-3281 (Stack-based buffer overflow in the HTTP proxy service in ...) NOT-FOR-US: HTTP proxy service in Alcatel Lucent OmniVista CVE-2010-3282 RESERVED CVE-2010-3283 (Open redirect vulnerability in HP System Management Homepage (SMH) ...) NOT-FOR-US: hp system_management_homepage CVE-2010-3284 (Unspecified vulnerability in HP System Management Homepage (SMH) ...) NOT-FOR-US: hp system_management_homepage CVE-2010-3285 (Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) ...) NOT-FOR-US: hp openview_network_node_manager CVE-2010-3286 (Unspecified vulnerability in HP Systems Insight Manager (SIM) 6.0 and ...) TODO: check CVE-2010-3287 (Unspecified vulnerability on HP ProCurve Access Points, Access ...) TODO: check CVE-2010-3288 (Cross-site request forgery (CSRF) vulnerability in HP Systems Insight ...) TODO: check CVE-2010-3289 (Cross-site scripting (XSS) vulnerability in HP Systems Insight Manager ...) TODO: check CVE-2010-3290 (Unspecified vulnerability in HP Systems Insight Manager (SIM) before ...) TODO: check CVE-2010-3291 (Cross-site scripting (XSS) vulnerability in HP AssetCenter 5.0x ...) TODO: check CVE-2010-3292 RESERVED CVE-2010-3293 RESERVED CVE-2010-3294 (Cross-site scripting (XSS) vulnerability in apc.php in the Alternative ...) NOT-FOR-US: pecl php alternative_php_cache CVE-2010-3295 RESERVED CVE-2010-3296 (The cxgb_extension_ioctl function in drivers/net/cxgb3/cxgb3_main.c in ...) TODO: check CVE-2010-3297 (The eql_g_master_cfg function in drivers/net/eql.c in the Linux kernel ...) TODO: check CVE-2010-3298 (The hso_get_count function in drivers/net/usb/hso.c in the Linux ...) TODO: check CVE-2010-3299 RESERVED CVE-2010-3300 RESERVED CVE-2010-3301 (The IA32 system call emulation functionality in ...) BUG: 337645 CVE-2010-3302 (Buffer overflow in programs/pluto/xauth.c in the client in Openswan ...) TODO: check CVE-2010-3303 (Multiple cross-site scripting (XSS) vulnerabilities in MantisBT before ...) TODO: check CVE-2010-3304 (The ACL plugin in Dovecot 1.2.x before 1.2.13 propagates INBOX ACLs to ...) TODO: check CVE-2010-3305 RESERVED CVE-2010-3306 (Directory traversal vulnerability in the modURL function in instance.c ...) NOT-FOR-US: salvo_g _tomaselli weborf CVE-2010-3307 (Multiple PHP remote file inclusion vulnerabilities in ...) TODO: check CVE-2010-3308 (Buffer overflow in programs/pluto/xauth.c in the client in Openswan ...) TODO: check CVE-2010-3309 RESERVED CVE-2010-3310 (Multiple integer signedness errors in net/rose/af_rose.c in the Linux ...) TODO: check CVE-2010-3311 RESERVED CVE-2010-3312 (Epiphany 2.28 and 2.29, when WebKit and LibSoup are used, ...) TODO: check CVE-2010-3313 (phpgwapi/js/fckeditor/editor/dialog/fck_spellerpages/spellerpages/serverscripts/spellchecker.php ...) TODO: check CVE-2010-3314 (Cross-site scripting (XSS) vulnerability in login.php in EGroupware ...) TODO: check CVE-2010-3315 (authz.c in the mod_dav_svn module for the Apache HTTP Server, as ...) TODO: check CVE-2010-3316 RESERVED CVE-2010-3317 (Cross-site scripting (XSS) vulnerability in IBM Records Manager (RM) ...) NOT-FOR-US: ibm filenet_content_manager CVE-2010-3318 (IBM Records Manager (RM) 4.5.x before 4.5.1.1-IER-FP001 transmits ...) NOT-FOR-US: ibm filenet_content_manager CVE-2010-3319 (IBM Records Manager (RM) 4.5.x before 4.5.1.1-IER-FP001 places a ...) NOT-FOR-US: ibm filenet_content_manager CVE-2010-3320 (Open redirect vulnerability in IBM Records Manager (RM) 4.5.x before ...) NOT-FOR-US: ibm filenet_content_manager CVE-2010-3321 (RSA Authentication Client 2.0.x, 3.0, and 3.5.x before 3.5.3 does not ...) TODO: check CVE-2010-3322 (The XML parser in Splunk 4.0.0 through 4.1.4 allows remote ...) NOT-FOR-US: splunk CVE-2010-3323 (Splunk 4.0.0 through 4.1.4 allows remote attackers to conduct session ...) NOT-FOR-US: splunk CVE-2010-3324 (The toStaticHTML function in Microsoft Internet Explorer 8, and the ...) NOT-FOR-US: microsoft ie CVE-2010-3325 (Microsoft Internet Explorer 6 through 8 does not properly handle ...) TODO: check CVE-2010-3326 (Microsoft Internet Explorer 6 does not properly handle objects in ...) TODO: check CVE-2010-3327 (The implementation of HTML content creation in Microsoft Internet ...) TODO: check CVE-2010-3328 (Use-after-free vulnerability in the CAttrArray::PrivateFind function ...) TODO: check CVE-2010-3329 (mshtmled.dll in Microsoft Internet Explorer 7 and 8 allows remote ...) TODO: check CVE-2010-3330 (Microsoft Internet Explorer 6 through 8 does not properly restrict ...) TODO: check CVE-2010-3331 (Microsoft Internet Explorer 6 through 8 does not properly handle ...) TODO: check CVE-2010-3332 (Microsoft .NET Framework 1.1 SP1, 2.0 SP1 and SP2, 3.5, 3.5 SP1, ...) NOT-FOR-US: microsoft net_framework CVE-2010-3333 (Stack-based buffer overflow in Microsoft Office XP SP3, Office 2003 ...) TODO: check CVE-2010-3334 (Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office ...) TODO: check CVE-2010-3335 (Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office ...) TODO: check CVE-2010-3336 (Microsoft Office XP SP3, Office 2004 and 2008 for Mac, Office for Mac ...) TODO: check CVE-2010-3337 (Untrusted search path vulnerability in Microsoft Office 2007 SP2 and ...) TODO: check CVE-2010-3338 RESERVED CVE-2010-3339 RESERVED CVE-2010-3340 RESERVED CVE-2010-3341 RESERVED CVE-2010-3342 RESERVED CVE-2010-3343 RESERVED CVE-2010-3344 RESERVED CVE-2010-3345 RESERVED CVE-2010-3346 RESERVED CVE-2010-3347 RESERVED CVE-2010-3348 RESERVED CVE-2010-3349 (Ardour 2.8.11 places a zero-length directory name in the ...) TODO: check CVE-2010-3350 (bareFTP 0.3.4 places a zero-length directory name in the ...) TODO: check CVE-2010-3351 (startBristol in Bristol 0.60.5 places a zero-length directory name in ...) TODO: check CVE-2010-3352 RESERVED CVE-2010-3353 (Cowbell 0.2.7.1 places a zero-length directory name in the ...) TODO: check CVE-2010-3354 (dropboxd in Dropbox 0.7.110 places a zero-length directory name in the ...) TODO: check CVE-2010-3355 (Ember 0.5.7 places a zero-length directory name in the ...) TODO: check CVE-2010-3356 RESERVED CVE-2010-3357 (gnome-subtitles 1.0 places a zero-length directory name in the ...) TODO: check CVE-2010-3358 (HenPlus JDBC SQL-Shell 0.9.7 places a zero-length directory name in ...) TODO: check CVE-2010-3359 RESERVED CVE-2010-3360 (Hipo 0.6.1 places a zero-length directory name in the LD_LIBRARY_PATH, ...) TODO: check CVE-2010-3361 (The (1) iked, (2) ikea, and (3) ikec scripts in Shrew Soft IKE 2.1.5 ...) TODO: check CVE-2010-3362 (lastfm 1.5.4 places a zero-length directory name in the ...) TODO: check CVE-2010-3363 (roarify in roaraudio 0.3 places a zero-length directory name in the ...) TODO: check CVE-2010-3364 (The vips-7.22 script in VIPS 7.22.2 places a zero-length directory ...) TODO: check CVE-2010-3365 (Mistelix 0.31 places a zero-length directory name in the ...) TODO: check CVE-2010-3366 (Mn_Fit 5.13 places a zero-length directory name in the ...) TODO: check CVE-2010-3367 RESERVED CVE-2010-3368 RESERVED CVE-2010-3369 (The (1) mdb and (2) mdb-symbolreader scripts in mono-debugger 2.4.3 ...) TODO: check CVE-2010-3370 RESERVED CVE-2010-3371 RESERVED CVE-2010-3372 RESERVED CVE-2010-3373 RESERVED CVE-2010-3374 (Qt Creator before 2.0.1 places a zero-length directory name in the ...) TODO: check CVE-2010-3375 RESERVED CVE-2010-3376 (The (1) proofserv, (2) xrdcp, (3) xrdpwdadmin, and (4) xrd scripts in ...) TODO: check CVE-2010-3377 (The (1) runSalome, (2) runTestMedCorba, (3) runLightSalome, and (4) ...) TODO: check CVE-2010-3378 (The (1) scilab, (2) scilab-cli, and (3) scilab-adv-cli scripts in ...) TODO: check CVE-2010-3379 RESERVED CVE-2010-3380 (The (1) init.d/slurm and (2) init.d/slurmdbd scripts in SLURM before ...) TODO: check CVE-2010-3381 (The (1) tangerine and (2) tangerine-properties scripts in Tangerine ...) TODO: check CVE-2010-3382 (tauex in Tuning and Analysis Utilities (TAU) 2.16.4 places a ...) TODO: check CVE-2010-3383 (The (1) teamspeak and (2) teamspeak-server scripts in TeamSpeak 2.0.32 ...) TODO: check CVE-2010-3384 (The (1) torcs, (2) nfsperf, (3) accc, (4) texmapper, (5) trackgen, and ...) TODO: check CVE-2010-3385 (TuxGuitar 1.2 places a zero-length directory name in the ...) TODO: check CVE-2010-3386 (usttrace in LTTng Userspace Tracer (aka UST) 0.7 places a zero-length ...) TODO: check CVE-2010-3387 (** DISPUTED ** ...) TODO: check CVE-2010-3388 RESERVED CVE-2010-3389 (The (1) SAPDatabase and (2) SAPInstance scripts in OCF Resource Agents ...) TODO: check CVE-2010-3390 RESERVED CVE-2010-3391 RESERVED CVE-2010-3392 RESERVED CVE-2010-3393 (magics-config in Magics++ 2.10.0 places a zero-length directory name ...) TODO: check CVE-2010-3394 (The (1) texmacs and (2) tm_mupad_help scripts in TeXmacs 1.0.7.4 place ...) TODO: check CVE-2010-3395 RESERVED CVE-2010-3396 (Buffer overflow in kavfm.sys in Kingsoft Antivirus 2010.04.26.648 and ...) NOT-FOR-US: kingsoftsecurity kingsoft_antivirus CVE-2010-3397 (Untrusted search path vulnerability in PGP Desktop 9.9.0 Build 397, ...) TODO: check CVE-2010-3398 (Unspecified vulnerability in the webcontainer implementation in IBM ...) NOT-FOR-US: ibm lotus_sametime CVE-2010-3399 (The js_InitRandom function in the JavaScript implementation in Mozilla ...) TODO: check CVE-2010-3400 (The js_InitRandom function in the JavaScript implementation in Mozilla ...) TODO: check CVE-2010-3401 RESERVED CVE-2010-3402 (Untrusted search path vulnerability in IDM Computer Solutions ...) NOT-FOR-US: dm_computer_solutions ultraedit CVE-2010-3403 (Untrusted search path vulnerability in Qualcomm eXtensible Diagnostic ...) NOT-FOR-US: qualcomm extensible_diagnostic_monitor CVE-2010-3404 (Multiple SQL injection vulnerabilities in eshtery CMS (aka ...) NOT-FOR-US: eshtery she7ata eshtery_cms CVE-2010-3405 (Buffer overflow in sa_snap in the bos.esagent fileset in IBM AIX 6.1, ...) NOT-FOR-US: ibm aix CVE-2010-3406 (Unspecified vulnerability in sa_snap in the bos.esagent fileset in IBM ...) NOT-FOR-US: ibm aix CVE-2010-3407 (Stack-based buffer overflow in the MailCheck821Address function in ...) NOT-FOR-US: ibm lotus_domino CVE-2010-3408 REJECTED NOT-FOR-US: this CVE-2010-3409 REJECTED NOT-FOR-US: this CVE-2010-3410 REJECTED NOT-FOR-US: this CVE-2010-3411 (Google Chrome before 6.0.472.59 on Linux does not properly handle ...) TODO: check CVE-2010-3412 (Race condition in the console implementation in Google Chrome before ...) TODO: check CVE-2010-3413 (Unspecified vulnerability in the pop-up blocking functionality in ...) TODO: check CVE-2010-3414 (Google Chrome before 6.0.472.59 on Mac OS X does not properly ...) TODO: check CVE-2010-3415 (Google Chrome before 6.0.472.59 does not properly implement ...) TODO: check CVE-2010-3416 (Google Chrome before 6.0.472.59 on Linux does not properly implement ...) TODO: check CVE-2010-3417 (Google Chrome before 6.0.472.59 does not prompt the user before ...) TODO: check CVE-2010-3418 (Multiple cross-site scripting (XSS) vulnerabilities in NetArt Media ...) NOT-FOR-US: netartmedia car_portal CVE-2010-3419 (Multiple PHP remote file inclusion vulnerabilities in Haudenschilt ...) NOT-FOR-US: haudenschilt family_connections_cms CVE-2010-3420 (Cross-site scripting (XSS) vulnerability in Products_Results.php in ...) NOT-FOR-US: webassist powerstore CVE-2010-3421 (Cross-site scripting (XSS) vulnerability in AffiliateLogin.asp in ...) NOT-FOR-US: productcart CVE-2010-3422 (SQL injection vulnerability in the JGen (com_jgen) component 0.9.33 ...) NOT-FOR-US: solventus com_jgen CVE-2010-3423 (SQL injection vulnerability in the Yr Weatherdata module for Drupal ...) NOT-FOR-US: freka yr_verdata CVE-2010-3424 (Cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: invisionpower invision_power_board CVE-2010-3425 (Cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: smartertools smarterstats CVE-2010-3426 (Directory traversal vulnerability in jphone.php in the JPhone ...) NOT-FOR-US: 4you studio com_jphone CVE-2010-3427 (Multiple cross-site scripting (XSS) vulnerabilities in Open ...) NOT-FOR-US: open classifieds open_classifieds CVE-2010-3428 (SQL injection vulnerability in modules/notes/json.php in Intermesh ...) NOT-FOR-US: intermesh group office CVE-2010-3429 (flicvideo.c in libavcodec 0.6 and earlier in FFmpeg, as used in ...) TODO: check CVE-2010-3430 RESERVED CVE-2010-3431 RESERVED CVE-2010-3432 RESERVED CVE-2010-3433 (The PL/perl and PL/Tcl implementations in PostgreSQL 7.4 before ...) TODO: check CVE-2010-3434 (Buffer overflow in the find_stream_bounds function in pdf.c in ...) TODO: check CVE-2010-3435 RESERVED CVE-2010-3436 (fopen_wrappers.c in PHP 5.3.x through 5.3.3 might allow remote ...) TODO: check CVE-2010-3437 (Integer signedness error in the pkt_find_dev_from_minor function in ...) TODO: check CVE-2010-3438 RESERVED CVE-2010-3439 RESERVED CVE-2010-3440 RESERVED CVE-2010-3441 RESERVED CVE-2010-3442 (Multiple integer overflows in the snd_ctl_new function in ...) TODO: check CVE-2010-3443 RESERVED CVE-2010-3444 RESERVED CVE-2010-3445 RESERVED CVE-2010-3446 RESERVED CVE-2010-3447 RESERVED CVE-2010-3448 RESERVED CVE-2010-3449 RESERVED CVE-2010-3450 RESERVED CVE-2010-3451 RESERVED CVE-2010-3452 RESERVED CVE-2010-3453 RESERVED CVE-2010-3454 RESERVED CVE-2010-3455 (Cross-site scripting (XSS) vulnerability in index.php in AChecker 1.0 ...) NOT-FOR-US: atutor achecker CVE-2010-3456 (Directory traversal vulnerability in download.php in EnergyScripts ...) NOT-FOR-US: energyscripts simple_download CVE-2010-3457 (Multiple cross-site scripting (XSS) vulnerabilities in Symphony CMS ...) NOT-FOR-US: symphony cms symphony_cms CVE-2010-3458 (SQL injection vulnerability in lib/toolkit/events/event.section.php in ...) NOT-FOR-US: symphony cms symphony_cms CVE-2010-3459 (Cross-site scripting (XSS) vulnerability in the Ajax WebMail interface ...) NOT-FOR-US: gecad axigen_mail_server CVE-2010-3460 (Directory traversal vulnerability in the HTTP interface in AXIGEN Mail ...) NOT-FOR-US: gecad axigen_mail_server CVE-2010-3461 (SQL injection vulnerability in the Publisher module in eNdonesia 8.4 ...) NOT-FOR-US: endonesia CVE-2010-3462 (Cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: mollify CVE-2010-3463 (Cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: santafox CVE-2010-3464 (Cross-site request forgery (CSRF) vulnerability in ...) NOT-FOR-US: santafox CVE-2010-3465 (Multiple cross-site scripting (XSS) vulnerabilities in XSE Shopping ...) NOT-FOR-US: ecommercesoft xse_shopping_cart CVE-2010-3466 (Cross-site scripting (XSS) vulnerability in index.php in the ...) NOT-FOR-US: netartmedia iboutique mall CVE-2010-3467 (SQL injection vulnerability in modules/sections/index.php in ...) NOT-FOR-US: e xoopport samsara CVE-2010-3468 (Directory traversal vulnerability in fileManager.cfc in Mura CMS 5.1 ...) NOT-FOR-US: Mura CMS CVE-2010-3469 RESERVED CVE-2010-3470 (Multiple cross-site scripting (XSS) vulnerabilities in the Workplace ...) NOT-FOR-US: ibm filenet_p8_application_engine CVE-2010-3471 (Session fixation vulnerability in the Workplace (aka WP) component in ...) NOT-FOR-US: ibm filenet_p8_application_engine CVE-2010-3472 (Multiple cross-site scripting (XSS) vulnerabilities in the Workplace ...) NOT-FOR-US: ibm filenet_p8_application_engine CVE-2010-3473 (Open redirect vulnerability in the Workplace (aka WP) component in IBM ...) NOT-FOR-US: ibm filenet_p8_application_engine CVE-2010-3474 (IBM DB2 9.7 before FP3 does not perform the expected drops or ...) NOT-FOR-US: ibm db2 CVE-2010-3475 (IBM DB2 9.7 before FP3 does not properly enforce privilege ...) NOT-FOR-US: ibm db2 CVE-2010-3476 (Open Ticket Request System (OTRS) 2.3.x before 2.3.6 and 2.4.x before ...) TODO: check CVE-2010-3477 (The tcf_act_police_dump function in net/sched/act_police.c in the ...) TODO: check CVE-2010-3478 RESERVED CVE-2010-3479 (SQL injection vulnerability in list.php in BoutikOne 1.0 allows remote ...) NOT-FOR-US: boutikone CVE-2010-3480 (Directory traversal vulnerability in index.php in ApPHP PHP MicroCMS ...) NOT-FOR-US: apphp php_microcms CVE-2010-3481 (Multiple SQL injection vulnerabilities in login.php in ApPHP PHP ...) NOT-FOR-US: apphp php_microcms CVE-2010-3482 (Multiple SQL injection vulnerabilities in cms_write.php in Primitive ...) NOT-FOR-US: bouzouste primitive_cms CVE-2010-3483 (cms_write.php in Primitive CMS 1.0.9 does not properly restrict ...) NOT-FOR-US: bouzouste primitive_cms CVE-2010-3484 (SQL injection vulnerability in common.php in LightNEasy 3.2.1 allows ...) NOT-FOR-US: lightneasy CVE-2010-3485 (SQL injection vulnerability in common.php in LightNEasy 3.2.1 allows ...) NOT-FOR-US: lightneasy CVE-2010-3486 (Directory traversal vulnerability in FileStorageUpload.ashx in ...) NOT-FOR-US: smartertools smartermail CVE-2010-3487 (Directory traversal vulnerability in YelloSoft Pinky 1.0 for Windows ...) NOT-FOR-US: yellosoft pinky CVE-2010-3488 (Directory traversal vulnerability in QuickShare 1.0 allows remote ...) NOT-FOR-US: houbysoft quickshare CVE-2010-3489 (Cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: digitalworkroom cms_digital_workroom CVE-2010-3490 (Directory traversal vulnerability in page.recordings.php in the System ...) NOT-FOR-US: freepbx CVE-2010-3491 (The (1) ActiveMatrix Runtime and (2) ActiveMatrix Administrator ...) TODO: check CVE-2010-3492 (The asyncore module in Python before 3.2 does not properly handle ...) TODO: check CVE-2010-3493 (Multiple race conditions in smtpd.py in the smtpd module in Python ...) TODO: check CVE-2010-3494 (Race condition in the FTPHandler class in ftpserver.py in pyftpdlib ...) TODO: check CVE-2010-3495 (Race condition in ZEO/StorageServer.py in Zope Object Database (ZODB) ...) TODO: check CVE-2010-3496 RESERVED CVE-2010-3497 RESERVED CVE-2010-3498 RESERVED CVE-2010-3499 RESERVED CVE-2010-3500 (Unspecified vulnerability in the Siebel Core - Highly Interactive ...) NOT-FOR-US: oracle siebel_suite CVE-2010-3501 (Unspecified vulnerability in the OID component in Oracle Fusion ...) NOT-FOR-US: oracle fusion_middleware CVE-2010-3502 (Unspecified vulnerability in the Siebel Core component in Oracle ...) NOT-FOR-US: oracle siebel_suite CVE-2010-3503 (Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris allows ...) NOT-FOR-US: oracle solaris CVE-2010-3504 (Unspecified vulnerability in the Oracle Applications Technology Stack ...) NOT-FOR-US: oracle e business_suite CVE-2010-3505 RESERVED CVE-2010-3506 (Unspecified vulnerability in the Oracle Explorer (Sun Explorer) ...) NOT-FOR-US: oracle sun_products_suite CVE-2010-3507 (Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows local ...) NOT-FOR-US: oracle solaris CVE-2010-3508 (Unspecified vulnerability in Oracle Solaris 10 allows local users to ...) NOT-FOR-US: oracle solaris CVE-2010-3509 (Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows remote ...) NOT-FOR-US: oracle solaris CVE-2010-3510 RESERVED CVE-2010-3511 (Unspecified vulnerability in Oracle OpenSolaris allows local users to ...) NOT-FOR-US: oracle opensolaris CVE-2010-3512 (Unspecified vulnerability in the Oracle iPlanet Web Server (Sun Java ...) NOT-FOR-US: oracle sun_products_suite CVE-2010-3513 (Unspecified vulnerability in Oracle Solaris 9 and 10, and OpenSolaris, ...) NOT-FOR-US: oracle solaris CVE-2010-3514 (Unspecified vulnerability in the Oracle iPlanet Web Server (Sun Java ...) NOT-FOR-US: oracle sun_products_suite CVE-2010-3515 (Unspecified vulnerability in the Solaris component in Oracle Solaris 9 ...) NOT-FOR-US: oracle solaris CVE-2010-3516 (Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris allows ...) NOT-FOR-US: oracle solaris CVE-2010-3517 (Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris allows ...) NOT-FOR-US: oracle solaris CVE-2010-3518 (Unspecified vulnerability in the PeopleSoft Enterprise HCM GP - Japan ...) NOT-FOR-US: oracle peoplesoft_and_jdedwards_product_suite CVE-2010-3519 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...) NOT-FOR-US: oracle peoplesoft_and_jdedwards_product_suite CVE-2010-3520 (Unspecified vulnerability in the PeopleSoft Enterprise HCM - GP France ...) NOT-FOR-US: oracle peoplesoft_and_jdedwards_product_suite CVE-2010-3521 (Unspecified vulnerability in the PeopleSoft Enterprise HCM ePay ...) NOT-FOR-US: oracle peoplesoft_and_jdedwards_product_suite CVE-2010-3522 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...) NOT-FOR-US: oracle peoplesoft_and_jdedwards_product_suite CVE-2010-3523 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...) NOT-FOR-US: oracle peoplesoft_and_jdedwards_product_suite CVE-2010-3524 (Unspecified vulnerability in the PeopleSoft Enterprise SCM - Strategic ...) NOT-FOR-US: oracle peoplesoft_and_jdedwards_product_suite CVE-2010-3525 (Unspecified vulnerability in the (1) PeopleSoft Enterprise FMS, (2) ...) NOT-FOR-US: oracle peoplesoft_and_jdedwards_product_suite CVE-2010-3526 (Unspecified vulnerability in the PeopleSoft Enterprise SCM - PO ...) NOT-FOR-US: oracle peoplesoft_and_jdedwards_product_suite CVE-2010-3527 (Unspecified vulnerability in the PeopleSoft Enterprise FMS - AM ...) NOT-FOR-US: oracle peoplesoft_and_jdedwards_product_suite CVE-2010-3528 (Unspecified vulnerability in the PeopleSoft Enterprise CRM - Common ...) NOT-FOR-US: oracle peoplesoft_and_jdedwards_product_suite CVE-2010-3529 (Unspecified vulnerability in the PeopleSoft Enterprise FMS - Cash ...) NOT-FOR-US: oracle peoplesoft_and_jdedwards_product_suite CVE-2010-3530 (Unspecified vulnerability in the PeopleSoft Enterprise HCM - HR ...) NOT-FOR-US: oracle peoplesoft_and_jdedwards_product_suite CVE-2010-3531 (Unspecified vulnerability in the PeopleSoft Enterprise FMS ESA - RM ...) NOT-FOR-US: oracle peoplesoft_and_jdedwards_product_suite CVE-2010-3532 (Unspecified vulnerability in the PeopleSoft Enterprise CRM - Order ...) NOT-FOR-US: oracle peoplesoft_and_jdedwards_product_suite CVE-2010-3533 (Unspecified vulnerability in the PeopleSoft Enterprise SCM OM and CRM ...) NOT-FOR-US: oracle peoplesoft_and_jdedwards_product_suite CVE-2010-3534 (Unspecified vulnerability in the Primavera P6 Enterprise Project ...) NOT-FOR-US: oracle primavera_product_suite CVE-2010-3535 (Unspecified vulnerability in the Directory Server Enterprise Edition ...) NOT-FOR-US: oracle sun_product_suite CVE-2010-3536 (Unspecified vulnerability in the PeopleSoft Enterprise SCM component ...) NOT-FOR-US: oracle peoplesoft_and_jdedwards_product_suite CVE-2010-3537 (Unspecified vulnerability in the PeopleSoft Enterprise FMS - AM ...) NOT-FOR-US: oracle peoplesoft_and_jdedwards_product_suite CVE-2010-3538 (Unspecified vulnerability in the PeopleSoft Enterprise FMS - GL ...) NOT-FOR-US: oracle peoplesoft_and_jdedwards_product_suite CVE-2010-3539 (Unspecified vulnerability in the PeopleSoft Enterprise FMS - GL ...) NOT-FOR-US: oracle peoplesoft_and_jdedwards_product_suite CVE-2010-3540 (Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris allows ...) NOT-FOR-US: oracle solaris CVE-2010-3541 (Unspecified vulnerability in the Networking component in Oracle Java ...) TODO: check CVE-2010-3542 (Unspecified vulnerability in Oracle Solaris 8, 9, and 10, and ...) NOT-FOR-US: oracle solaris CVE-2010-3543 RESERVED CVE-2010-3544 (Unspecified vulnerability in the Oracle iPlanet Web Server (Sun Java ...) NOT-FOR-US: oracle sun_product_suite CVE-2010-3545 (Unspecified vulnerability in the Oracle iPlanet Web Server (Sun Java ...) NOT-FOR-US: oracle sun_product_suite CVE-2010-3546 (Unspecified vulnerability in the Sun Java System Identity Manager ...) NOT-FOR-US: oracle sun_product_suite CVE-2010-3547 (Unspecified vulnerability in the PeopleSoft FMS ESA - EX component in ...) NOT-FOR-US: oracle peoplesoft_and_jdedwards_product_suite CVE-2010-3548 (Unspecified vulnerability in the Java Naming and Directory Interface ...) TODO: check CVE-2010-3549 (Unspecified vulnerability in the Networking component in Oracle Java ...) TODO: check CVE-2010-3550 (Unspecified vulnerability in the Java Web Start component in Oracle ...) TODO: check CVE-2010-3551 (Unspecified vulnerability in the Networking component in Oracle Java ...) TODO: check CVE-2010-3552 (Unspecified vulnerability in the New Java Plug-in component in Oracle ...) TODO: check CVE-2010-3553 (Unspecified vulnerability in the Swing component in Oracle Java SE and ...) TODO: check CVE-2010-3554 (Unspecified vulnerability in the CORBA component in Oracle Java SE and ...) TODO: check CVE-2010-3555 (Unspecified vulnerability in the Deployment component in Oracle Java ...) TODO: check CVE-2010-3556 (Unspecified vulnerability in the 2D component in Oracle Java SE and ...) TODO: check CVE-2010-3557 (Unspecified vulnerability in the Swing component in Oracle Java SE and ...) TODO: check CVE-2010-3558 (Unspecified vulnerability in the Java Web Start component in Oracle ...) TODO: check CVE-2010-3559 (Unspecified vulnerability in the Sound component in Oracle Java SE and ...) TODO: check CVE-2010-3560 (Unspecified vulnerability in the Networking component in Oracle Java ...) TODO: check CVE-2010-3561 (Unspecified vulnerability in the CORBA component in Oracle Java SE and ...) TODO: check CVE-2010-3562 (Unspecified vulnerability in the 2D component in Oracle Java SE and ...) TODO: check CVE-2010-3563 (Unspecified vulnerability in the Deployment component in Oracle Java ...) TODO: check CVE-2010-3564 (Unspecified vulnerability in the Oracle Communications Messaging ...) TODO: check CVE-2010-3565 (Unspecified vulnerability in the 2D component in Oracle Java SE and ...) TODO: check CVE-2010-3566 (Unspecified vulnerability in the 2D component in Oracle Java SE and ...) TODO: check CVE-2010-3567 (Unspecified vulnerability in the 2D component in Oracle Java SE and ...) TODO: check CVE-2010-3568 (Unspecified vulnerability in the Java Runtime Environment component in ...) TODO: check CVE-2010-3569 (Unspecified vulnerability in the Java Runtime Environment component in ...) TODO: check CVE-2010-3570 (Unspecified vulnerability in the Deployment Toolkit component in ...) TODO: check CVE-2010-3571 (Unspecified vulnerability in the 2D component in Oracle Java SE and ...) TODO: check CVE-2010-3572 (Unspecified vulnerability in the Sound component in Oracle Java SE and ...) TODO: check CVE-2010-3573 (Unspecified vulnerability in the Networking component in Oracle Java ...) TODO: check CVE-2010-3574 (Unspecified vulnerability in the Networking component in Oracle Java ...) TODO: check CVE-2010-3575 (Unspecified vulnerability in the Oracle Communications Messaging ...) NOT-FOR-US: oracle sun_product_suite CVE-2010-3576 (Unspecified vulnerability in Oracle Solaris 8, 9, and 10, and ...) NOT-FOR-US: oracle solaris CVE-2010-3577 (Unspecified vulnerability in Oracle OpenSolaris allows remote ...) NOT-FOR-US: oracle opensolaris CVE-2010-3578 (Unspecified vulnerability in Oracle OpenSolaris allows remote ...) NOT-FOR-US: oracle opensolaris CVE-2010-3579 (Unspecified vulnerability in the (1) Sun Convergence 1 and (2) Sun ...) NOT-FOR-US: oracle sun_product_suite CVE-2010-3580 (Unspecified vulnerability in Oracle OpenSolaris allows local users to ...) NOT-FOR-US: oracle opensolaris CVE-2010-3581 (Unspecified vulnerability in the BPEL Console component in Oracle ...) NOT-FOR-US: oracle fusion_middleware CVE-2010-3582 (Unspecified vulnerability in the OracleVM component in Oracle VM 2.2.1 ...) NOT-FOR-US: oracle vm CVE-2010-3583 (Unspecified vulnerability in the OracleVM component in Oracle VM 2.2.1 ...) NOT-FOR-US: oracle vm CVE-2010-3584 (Unspecified vulnerability in the Oracle VM component in Oracle VM ...) NOT-FOR-US: oracle vm CVE-2010-3585 (Unspecified vulnerability in the OracleVM component in Oracle VM 2.2.1 ...) NOT-FOR-US: oracle vm CVE-2010-3586 RESERVED CVE-2010-3587 RESERVED CVE-2010-3588 RESERVED CVE-2010-3589 RESERVED CVE-2010-3590 RESERVED CVE-2010-3591 RESERVED CVE-2010-3592 RESERVED CVE-2010-3593 RESERVED CVE-2010-3594 RESERVED CVE-2010-3595 RESERVED CVE-2010-3596 RESERVED CVE-2010-3597 RESERVED CVE-2010-3598 RESERVED CVE-2010-3599 RESERVED CVE-2010-3600 RESERVED CVE-2010-3601 (SQL injection vulnerability in index.php in ibPhotohost 1.1.2 allows ...) NOT-FOR-US: invisionpower ibphotohost CVE-2010-3602 (Cross-site scripting (XSS) vulnerability in ProfileView.aspx in ...) NOT-FOR-US: sourcetreesolutions mojoportal CVE-2010-3603 (Cross-site request forgery (CSRF) vulnerability in the file manager ...) NOT-FOR-US: sourcetreesolutions mojoportal CVE-2010-3604 (SQL injection vulnerability in the powermail extension 1.5.3 and ...) NOT-FOR-US: alex_kellner powermail CVE-2010-3605 (Cross-site scripting (XSS) vulnerability in the powermail extension ...) NOT-FOR-US: alex_kellner powermail CVE-2010-3606 (Multiple directory traversal vulnerabilities in AGENTS/index.php in ...) NOT-FOR-US: netartmedia real_estate_portal CVE-2010-3607 (Cross-site scripting (XSS) vulnerability in AGENTS/index.php in NetArt ...) NOT-FOR-US: netartmedia real_estate_portal CVE-2010-3608 (Multiple SQL injection vulnerabilities in wpQuiz 2.7 allow remote ...) NOT-FOR-US: wire_plastic_design wpquiz CVE-2010-3609 RESERVED CVE-2010-3610 RESERVED CVE-2010-3611 (ISC DHCP server 4.0 before 4.0.2, 4.1 before 4.1.2, and 4.2 before ...) TODO: check CVE-2010-3612 RESERVED CVE-2010-3613 RESERVED CVE-2010-3614 RESERVED CVE-2010-3615 RESERVED CVE-2010-3616 RESERVED CVE-2010-3617 RESERVED CVE-2010-3618 RESERVED CVE-2010-3619 (Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on ...) TODO: check CVE-2010-3620 (Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, ...) TODO: check CVE-2010-3621 (Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on ...) TODO: check CVE-2010-3622 (Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on ...) TODO: check CVE-2010-3623 (Adobe Reader and Acrobat 8.x before 8.2.5 and 9.x before 9.4 on Mac OS ...) TODO: check CVE-2010-3624 (Unspecified vulnerability in Adobe Reader and Acrobat 8.x before 8.2.5 ...) TODO: check CVE-2010-3625 (Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on ...) TODO: check CVE-2010-3626 (Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, ...) TODO: check CVE-2010-3627 (Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, ...) TODO: check CVE-2010-3628 (Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on ...) TODO: check CVE-2010-3629 (Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, ...) TODO: check CVE-2010-3630 (Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, ...) TODO: check CVE-2010-3631 (Array index error in Adobe Reader and Acrobat 8.x before 8.2.5 and 9.x ...) TODO: check CVE-2010-3632 (Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on ...) TODO: check CVE-2010-3633 (Memory leak in Adobe Flash Media Server (FMS) 3.0.x before 3.0.7, ...) TODO: check CVE-2010-3634 (Unspecified vulnerability in the edge process in Adobe Flash Media ...) TODO: check CVE-2010-3635 (Adobe Flash Media Server (FMS) 3.0.x before 3.0.7, 3.5.x before 3.5.5, ...) TODO: check CVE-2010-3636 (Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on ...) TODO: check CVE-2010-3637 (An unspecified ActiveX control in Adobe Flash Player before 9.0.289.0 ...) TODO: check CVE-2010-3638 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and ...) TODO: check CVE-2010-3639 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and ...) TODO: check CVE-2010-3640 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and ...) TODO: check CVE-2010-3641 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and ...) TODO: check CVE-2010-3642 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and ...) TODO: check CVE-2010-3643 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and ...) TODO: check CVE-2010-3644 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and ...) TODO: check CVE-2010-3645 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and ...) TODO: check CVE-2010-3646 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and ...) TODO: check CVE-2010-3647 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and ...) TODO: check CVE-2010-3648 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and ...) TODO: check CVE-2010-3649 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and ...) TODO: check CVE-2010-3650 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and ...) TODO: check CVE-2010-3651 RESERVED CVE-2010-3652 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and ...) TODO: check CVE-2010-3653 (The Director module (dirapi.dll) in Adobe Shockwave Player before ...) TODO: check CVE-2010-3654 (Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on ...) TODO: check CVE-2010-3655 (Stack-based buffer overflow in dirapi.dll in Adobe Shockwave Player ...) TODO: check CVE-2010-3656 (Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, ...) TODO: check CVE-2010-3657 (Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, ...) TODO: check CVE-2010-3658 (Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on ...) TODO: check CVE-2010-3659 RESERVED CVE-2010-3660 RESERVED CVE-2010-3661 RESERVED CVE-2010-3662 RESERVED CVE-2010-3663 RESERVED CVE-2010-3664 RESERVED CVE-2010-3665 RESERVED CVE-2010-3666 RESERVED CVE-2010-3667 RESERVED CVE-2010-3668 RESERVED CVE-2010-3669 RESERVED CVE-2010-3670 RESERVED CVE-2010-3671 RESERVED CVE-2010-3672 RESERVED CVE-2010-3673 RESERVED CVE-2010-3674 RESERVED CVE-2010-3675 RESERVED CVE-2010-3676 RESERVED CVE-2010-3677 RESERVED CVE-2010-3678 RESERVED CVE-2010-3679 RESERVED CVE-2010-3680 RESERVED CVE-2010-3681 RESERVED CVE-2010-3682 RESERVED CVE-2010-3683 RESERVED CVE-2010-3684 (The FTP authentication module in Synology Disk Station 2.x logs ...) NOT-FOR-US: Synology Disk Station CVE-2010-3685 (The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x ...) TODO: check CVE-2010-3686 (The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x ...) TODO: check CVE-2010-3687 (Unspecified vulnerability in the powermail extension 1.5.3 and earlier ...) NOT-FOR-US: powermail extension CVE-2010-3688 (Directory traversal vulnerability in ADMIN/login.php in NetArtMEDIA ...) NOT-FOR-US: websiteadmin CVE-2010-3689 RESERVED CVE-2010-3690 (Multiple cross-site scripting (XSS) vulnerabilities in phpCAS before ...) TODO: check CVE-2010-3691 (PGTStorage/pgt-file.php in phpCAS before 1.1.3, when proxy mode is ...) TODO: check CVE-2010-3692 (Directory traversal vulnerability in the callback function in ...) NOT-FOR-US: jasig phpcas CVE-2010-3693 RESERVED CVE-2010-3694 (Cross-site request forgery (CSRF) vulnerability in the Horde ...) TODO: check CVE-2010-3695 RESERVED CVE-2010-3696 (The fr_dhcp_decode function in lib/dhcp.c in FreeRADIUS 2.1.9, in ...) TODO: check CVE-2010-3697 (The wait_for_child_to_die function in main/event.c in FreeRADIUS 2.1.x ...) TODO: check CVE-2010-3698 RESERVED CVE-2010-3699 RESERVED CVE-2010-3700 (VMware SpringSource Spring Security 2.x before 2.0.6 and 3.x before ...) TODO: check CVE-2010-3701 (lib/MessageStoreImpl.cpp in Red Hat Enterprise MRG before 1.2.2 allows ...) TODO: check CVE-2010-3702 (The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, ...) TODO: check CVE-2010-3703 (The PostScriptFunction::PostScriptFunction function in ...) TODO: check CVE-2010-3704 (The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser ...) TODO: check CVE-2010-3705 RESERVED CVE-2010-3706 (plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and ...) TODO: check CVE-2010-3707 (plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and ...) TODO: check CVE-2010-3708 RESERVED CVE-2010-3709 (The ZipArchive::getArchiveComment function in PHP 5.2.x through 5.2.14 ...) TODO: check CVE-2010-3710 (Stack consumption vulnerability in the filter_var function in PHP ...) TODO: check CVE-2010-3711 (libpurple in Pidgin before 2.7.4 does not properly validate the return ...) TODO: check CVE-2010-3712 (Cross-site scripting (XSS) vulnerability in Joomla! 1.5.x before ...) TODO: check CVE-2010-3713 (rss.php in UseBB before 1.0.11 does not properly handle forum ...) TODO: check CVE-2010-3714 (The jumpUrl (aka access tracking) implementation in ...) TODO: check CVE-2010-3715 (Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 4.2.x ...) TODO: check CVE-2010-3716 (The be_user_creation task in TYPO3 4.2.x before 4.2.15 and 4.3.x ...) TODO: check CVE-2010-3717 (The t3lib_div::validEmail function in TYPO3 4.2.x before 4.2.15, 4.3.x ...) TODO: check CVE-2010-3718 RESERVED CVE-2010-3719 RESERVED CVE-2010-3720 RESERVED CVE-2010-3721 RESERVED CVE-2010-3722 RESERVED CVE-2010-3723 RESERVED CVE-2010-3724 RESERVED CVE-2010-3725 RESERVED CVE-2010-3726 RESERVED CVE-2010-3727 RESERVED CVE-2010-3728 RESERVED CVE-2010-3729 (The SPDY protocol implementation in Google Chrome before 6.0.472.62 ...) TODO: check CVE-2010-3730 (Google Chrome before 6.0.472.62 does not properly use information ...) TODO: check CVE-2010-3731 (Buffer overflow in the Administration Server component in IBM DB2 UDB ...) NOT-FOR-US: ibm db2 CVE-2010-3732 (The DRDA Services component in IBM DB2 UDB 9.5 before FP6a allows ...) NOT-FOR-US: ibm db2 CVE-2010-3733 (The Engine Utilities component in IBM DB2 UDB 9.5 before FP6a uses ...) TODO: check CVE-2010-3734 (The Install component in IBM DB2 UDB 9.5 before FP6a on Linux, UNIX, ...) NOT-FOR-US: ibm db2 CVE-2010-3735 (The "Query Compiler, Rewrite, Optimizer" component in IBM DB2 UDB 9.5 ...) NOT-FOR-US: ibm db2 CVE-2010-3736 (Memory leak in the Relational Data Services component in IBM DB2 UDB ...) NOT-FOR-US: ibm db2 CVE-2010-3737 (Memory leak in the Relational Data Services component in IBM DB2 UDB ...) NOT-FOR-US: ibm db2 CVE-2010-3738 (The Security component in IBM DB2 UDB 9.5 before FP6a logs AUDIT ...) NOT-FOR-US: ibm db2 CVE-2010-3739 (The audit facility in the Security component in IBM DB2 UDB 9.5 before ...) NOT-FOR-US: ibm db2_universal_database CVE-2010-3740 (The Net Search Extender (NSE) implementation in the Text Search ...) NOT-FOR-US: ibm db2 CVE-2010-3741 (The offline backup mechanism in Research In Motion (RIM) BlackBerry ...) NOT-FOR-US: rim blackberry_desktop_software CVE-2010-3742 (Multiple PHP remote file inclusion vulnerabilities in ...) NOT-FOR-US: dustincowell free_simple_cms CVE-2010-3743 (Directory traversal vulnerability in Visual Synapse HTTP Server 1.0 ...) NOT-FOR-US: rene_tegel visual_synapse CVE-2010-3744 RESERVED CVE-2010-3745 RESERVED CVE-2010-3746 RESERVED CVE-2010-3747 (An ActiveX control in RealNetworks RealPlayer 11.0 through 11.1, ...) NOT-FOR-US: realnetworks realplayer_sp CVE-2010-3748 (Stack-based buffer overflow in the RichFX component in RealNetworks ...) NOT-FOR-US: realnetworks realplayer_sp CVE-2010-3749 (The browser-plugin implementation in RealNetworks RealPlayer 11.0 ...) NOT-FOR-US: realnetworks realplayer_sp CVE-2010-3750 (rjrmrpln.dll in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer ...) NOT-FOR-US: realnetworks realplayer_sp CVE-2010-3751 (Multiple heap-based buffer overflows in an ActiveX control in ...) NOT-FOR-US: realnetworks realplayer_sp CVE-2010-3752 (programs/pluto/xauth.c in the client in Openswan 2.6.25 through 2.6.28 ...) TODO: check CVE-2010-3753 (programs/pluto/xauth.c in the client in Openswan 2.6.26 through 2.6.28 ...) TODO: check CVE-2010-3754 (The FXCLI_OraBR_Exec_Command function in FastBackServer.exe in the ...) NOT-FOR-US: ibm tivoli_storage_manager_fastback CVE-2010-3755 (The _DAS_ReadBlockReply function in FastBackServer.exe in the Server ...) NOT-FOR-US: ibm tivoli_storage_manager_fastback CVE-2010-3756 (The _CalcHashValueWithLength function in FastBackServer.exe in the ...) NOT-FOR-US: ibm tivoli_storage_manager_fastback CVE-2010-3757 (Format string vulnerability in the _Eventlog function in ...) NOT-FOR-US: ibm tivoli_storage_manager_fastback CVE-2010-3758 (Multiple stack-based buffer overflows in FastBackServer.exe in the ...) NOT-FOR-US: ibm tivoli_storage_manager_fastback CVE-2010-3759 (FastBackMount.exe in the Mount service in IBM Tivoli Storage Manager ...) NOT-FOR-US: ibm tivoli_storage_manager_fastback CVE-2010-3760 (FastBackMount.exe in the Mount service in IBM Tivoli Storage Manager ...) NOT-FOR-US: ibm tivoli_storage_manager_fastback CVE-2010-3761 (Unspecified vulnerability in IBM Tivoli Storage Manager (TSM) FastBack ...) NOT-FOR-US: ibm tivoli_storage_manager_fastback CVE-2010-3762 (ISC BIND before 9.7.2-P2, when DNSSEC validation is enabled, does not ...) TODO: check CVE-2010-3763 (Cross-site scripting (XSS) vulnerability in core/summary_api.php in ...) TODO: check CVE-2010-3764 (The Old Charts implementation in Bugzilla 2.12 through 3.2.8, 3.4.8, ...) TODO: check CVE-2010-3765 (Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, ...) TODO: check CVE-2010-3766 RESERVED CVE-2010-3767 RESERVED CVE-2010-3768 RESERVED CVE-2010-3769 RESERVED CVE-2010-3770 RESERVED CVE-2010-3771 RESERVED CVE-2010-3772 RESERVED CVE-2010-3773 RESERVED CVE-2010-3774 RESERVED CVE-2010-3775 RESERVED CVE-2010-3776 RESERVED CVE-2010-3777 RESERVED CVE-2010-3778 RESERVED CVE-2010-3779 (Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.beta2 grants the ...) TODO: check CVE-2010-3780 (Dovecot 1.2.x before 1.2.15 allows remote authenticated users to cause ...) TODO: check CVE-2010-3781 (The PL/php add-on 1.4 and earlier for PostgreSQL does not properly ...) NOT-FOR-US: alvaro_herrera pl php CVE-2010-3782 RESERVED CVE-2010-3783 RESERVED CVE-2010-3784 RESERVED CVE-2010-3785 RESERVED CVE-2010-3786 RESERVED CVE-2010-3787 RESERVED CVE-2010-3788 RESERVED CVE-2010-3789 RESERVED CVE-2010-3790 RESERVED CVE-2010-3791 RESERVED CVE-2010-3792 RESERVED CVE-2010-3793 RESERVED CVE-2010-3794 RESERVED CVE-2010-3795 RESERVED CVE-2010-3796 RESERVED CVE-2010-3797 RESERVED CVE-2010-3798 RESERVED CVE-2010-3799 RESERVED CVE-2010-3800 RESERVED CVE-2010-3801 RESERVED CVE-2010-3802 RESERVED CVE-2010-3803 RESERVED CVE-2010-3804 RESERVED CVE-2010-3805 RESERVED CVE-2010-3806 RESERVED CVE-2010-3807 RESERVED CVE-2010-3808 RESERVED CVE-2010-3809 RESERVED CVE-2010-3810 RESERVED CVE-2010-3811 RESERVED CVE-2010-3812 RESERVED CVE-2010-3813 RESERVED CVE-2010-3814 RESERVED CVE-2010-3815 RESERVED CVE-2010-3816 RESERVED CVE-2010-3817 RESERVED CVE-2010-3818 RESERVED CVE-2010-3819 RESERVED CVE-2010-3820 RESERVED CVE-2010-3821 RESERVED CVE-2010-3822 RESERVED CVE-2010-3823 RESERVED CVE-2010-3824 RESERVED CVE-2010-3825 RESERVED CVE-2010-3826 RESERVED CVE-2010-3827 RESERVED CVE-2010-3828 RESERVED CVE-2010-3829 RESERVED CVE-2010-3830 RESERVED CVE-2010-3831 RESERVED CVE-2010-3832 RESERVED CVE-2010-3833 RESERVED CVE-2010-3834 RESERVED CVE-2010-3835 RESERVED CVE-2010-3836 RESERVED CVE-2010-3837 RESERVED CVE-2010-3838 RESERVED CVE-2010-3839 RESERVED CVE-2010-3840 RESERVED CVE-2010-3841 (Multiple cross-site scripting (XSS) vulnerabilities in lib/TWiki.pm in ...) TODO: check CVE-2010-3842 (Absolute path traversal vulnerability in curl 7.20.0 through 7.21.1, ...) TODO: check CVE-2010-3843 RESERVED CVE-2010-3844 RESERVED CVE-2010-3845 RESERVED CVE-2010-3846 (Array index error in the apply_rcs_change function in rcs.c in CVS ...) TODO: check CVE-2010-3847 RESERVED CVE-2010-3848 RESERVED CVE-2010-3849 RESERVED CVE-2010-3850 RESERVED CVE-2010-3851 (libguestfs before 1.5.23, as used in virt-v2v, virt-inspector 1.5.3 ...) TODO: check CVE-2010-3852 (The default configuration of Luci 0.22.4 and earlier in Red Hat Conga ...) TODO: check CVE-2010-3853 RESERVED CVE-2010-3854 RESERVED CVE-2010-3855 RESERVED CVE-2010-3856 RESERVED CVE-2010-3857 RESERVED CVE-2010-3858 RESERVED CVE-2010-3859 RESERVED CVE-2010-3860 RESERVED CVE-2010-3861 RESERVED CVE-2010-3862 RESERVED CVE-2010-3863 (Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize ...) TODO: check CVE-2010-3864 RESERVED CVE-2010-3865 RESERVED CVE-2010-3866 REJECTED CVE-2010-3867 (Multiple directory traversal vulnerabilities in the mod_site_misc ...) TODO: check CVE-2010-3868 RESERVED CVE-2010-3869 RESERVED CVE-2010-3870 RESERVED CVE-2010-3871 (Cross-site scripting (XSS) vulnerability in ...) TODO: check CVE-2010-3872 RESERVED CVE-2010-3873 RESERVED CVE-2010-3874 RESERVED CVE-2010-3875 RESERVED CVE-2010-3876 RESERVED CVE-2010-3877 RESERVED CVE-2010-3878 RESERVED CVE-2010-3879 RESERVED CVE-2010-3880 RESERVED CVE-2010-3881 RESERVED CVE-2010-3882 (Multiple cross-site scripting (XSS) vulnerabilities in CMS Made Simple ...) TODO: check CVE-2010-3883 (Cross-site request forgery (CSRF) vulnerability in the Change Group ...) TODO: check CVE-2010-3884 (Cross-site request forgery (CSRF) vulnerability in CMS Made Simple ...) TODO: check CVE-2010-3885 REJECTED TODO: check CVE-2010-3886 (The CTimeoutEventList::InsertIntoTimeoutList function in Microsoft ...) TODO: check CVE-2010-3887 (The Limit Mail feature in the Parental Controls functionality in Mail ...) TODO: check CVE-2010-3888 (Unspecified vulnerability in Microsoft Windows on 32-bit platforms ...) TODO: check CVE-2010-3889 (Unspecified vulnerability in Microsoft Windows on 32-bit platforms ...) TODO: check CVE-2010-3890 RESERVED CVE-2010-3891 RESERVED CVE-2010-3892 RESERVED CVE-2010-3893 RESERVED CVE-2010-3894 RESERVED CVE-2010-3895 RESERVED CVE-2010-3896 RESERVED CVE-2010-3897 RESERVED CVE-2010-3898 RESERVED CVE-2010-3899 RESERVED CVE-2010-3900 (Midori before 0.2.5, when WebKitGTK+ before 1.1.14 or LibSoup before ...) TODO: check CVE-2010-3901 (OpenConnect before 2.25 does not properly validate X.509 certificates, ...) TODO: check CVE-2010-3902 (OpenConnect before 2.26 places the webvpn cookie value in the ...) TODO: check CVE-2010-3903 (Unspecified vulnerability in OpenConnect before 2.23 allows remote ...) TODO: check CVE-2010-3904 RESERVED CVE-2010-3905 RESERVED CVE-2010-3906 RESERVED CVE-2010-3907 RESERVED CVE-2010-3908 RESERVED CVE-2010-3909 RESERVED CVE-2010-3910 RESERVED CVE-2010-3911 RESERVED CVE-2010-3912 RESERVED CVE-2010-3913 (CRLF injection vulnerability in TransWARE Active! mail 6 build ...) TODO: check CVE-2010-3914 (Untrusted search path vulnerability in VIM Development Group GVim ...) TODO: check CVE-2010-3915 (Unspecified vulnerability in JustSystems Ichitaro and Ichitaro ...) TODO: check CVE-2010-3916 (Unspecified vulnerability in JustSystems Ichitaro and Ichitaro ...) TODO: check CVE-2010-3917 RESERVED CVE-2010-3918 RESERVED CVE-2010-3919 RESERVED CVE-2010-3920 RESERVED CVE-2010-3921 RESERVED CVE-2010-3922 RESERVED CVE-2010-3923 RESERVED CVE-2010-3924 RESERVED CVE-2010-3925 RESERVED CVE-2010-3926 RESERVED CVE-2010-3927 RESERVED CVE-2010-3928 RESERVED CVE-2010-3929 RESERVED CVE-2010-3930 RESERVED CVE-2010-3931 RESERVED CVE-2010-3932 RESERVED CVE-2010-3933 (Ruby on Rails 2.3.9 and 3.0.0 does not properly handle nested ...) TODO: check CVE-2010-3934 (The browser in Research In Motion (RIM) BlackBerry Device Software ...) TODO: check CVE-2010-3935 RESERVED CVE-2010-3936 (Cross-site scripting (XSS) vulnerability in Signurl.asp in Microsoft ...) TODO: check CVE-2010-3937 RESERVED CVE-2010-3938 RESERVED CVE-2010-3939 RESERVED CVE-2010-3940 RESERVED CVE-2010-3941 RESERVED CVE-2010-3942 RESERVED CVE-2010-3943 RESERVED CVE-2010-3944 RESERVED CVE-2010-3945 RESERVED CVE-2010-3946 RESERVED CVE-2010-3947 RESERVED CVE-2010-3948 RESERVED CVE-2010-3949 RESERVED CVE-2010-3950 RESERVED CVE-2010-3951 RESERVED CVE-2010-3952 RESERVED CVE-2010-3953 RESERVED CVE-2010-3954 RESERVED CVE-2010-3955 RESERVED CVE-2010-3956 RESERVED CVE-2010-3957 RESERVED CVE-2010-3958 RESERVED CVE-2010-3959 RESERVED CVE-2010-3960 RESERVED CVE-2010-3961 RESERVED CVE-2010-3962 (Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and ...) TODO: check CVE-2010-3963 RESERVED CVE-2010-3964 RESERVED CVE-2010-3965 RESERVED CVE-2010-3966 RESERVED CVE-2010-3967 RESERVED CVE-2010-3968 RESERVED CVE-2010-3969 RESERVED CVE-2010-3970 RESERVED CVE-2010-3971 RESERVED CVE-2010-3972 RESERVED CVE-2010-3973 RESERVED CVE-2010-3974 RESERVED CVE-2010-3975 (Untrusted search path vulnerability in Adobe Flash Player 9 allows ...) TODO: check CVE-2010-3976 (Untrusted search path vulnerability in Adobe Flash Player before ...) TODO: check CVE-2010-3977 (Multiple cross-site scripting (XSS) vulnerabilities in ...) TODO: check CVE-2010-3978 RESERVED CVE-2010-3979 (Dswsbobje in SAP BusinessObjects Enterprise XI 3.2 generates different ...) NOT-FOR-US: sap businessobjects CVE-2010-3980 (Dswsbobje in SAP BusinessObjects Enterprise XI 3.2 does not limit the ...) NOT-FOR-US: sap businessobjects CVE-2010-3981 (Cross-site scripting (XSS) vulnerability in SAP BusinessObjects ...) NOT-FOR-US: sap businessobjects CVE-2010-3982 (SAP BusinessObjects Enterprise XI 3.2 allows remote attackers to ...) NOT-FOR-US: sap businessobjects CVE-2010-3983 (CmcApp in SAP BusinessObjects Enterprise XI 3.2 allows remote ...) NOT-FOR-US: sap businessobjects CVE-2010-3984 RESERVED CVE-2010-3985 (Cross-site scripting (XSS) vulnerability in HP Operations ...) TODO: check CVE-2010-3986 (Unspecified vulnerability in HP Virtual Connect Enterprise Manager ...) TODO: check CVE-2010-3987 (Cross-site scripting (XSS) vulnerability in HP Insight Control Virtual ...) TODO: check CVE-2010-3988 (Unspecified vulnerability in HP Insight Control Virtual Machine ...) TODO: check CVE-2010-3989 (Cross-site request forgery (CSRF) vulnerability in HP Insight Control ...) TODO: check CVE-2010-3990 (Unspecified vulnerability in HP Virtual Server Environment before 6.2 ...) TODO: check CVE-2010-3991 (Cross-site scripting (XSS) vulnerability in HP Insight Control Server ...) TODO: check CVE-2010-3992 (Unspecified vulnerability in HP Insight Control Server Migration ...) TODO: check CVE-2010-3993 (Unspecified vulnerability in HP Insight Control Server Migration ...) TODO: check CVE-2010-3994 (Cross-site scripting (XSS) vulnerability in HP Version Control ...) TODO: check CVE-2010-3995 RESERVED CVE-2010-3996 (festival_server in Centre for Speech Technology Research (CSTR) ...) TODO: check CVE-2010-3997 RESERVED CVE-2010-3998 (The (1) banshee-1 and (2) muinshee scripts in Banshee 1.8.0 and ...) TODO: check CVE-2010-3999 (gnc-test-env in GnuCash 2.3.15 and earlier places a zero-length ...) TODO: check CVE-2010-4000 (gnome-shell in GNOME Shell 2.31.5 places a zero-length directory name ...) TODO: check CVE-2010-4001 (** DISPUTED ** GMXRC.bash in Gromacs 4.5.1 and earlier places a ...) TODO: check CVE-2010-4002 RESERVED CVE-2010-4003 RESERVED CVE-2010-4004 RESERVED CVE-2010-4005 (The (1) tomboy and (2) tomboy-panel scripts in GNOME Tomboy 1.5.2 and ...) TODO: check CVE-2010-4006 (Multiple SQL injection vulnerabilities in search.php in WSN Links ...) TODO: check CVE-2010-4007 (Oracle Mojarra uses an encrypted View State without a Message ...) NOT-FOR-US: oracle mojarra CVE-2010-4008 RESERVED CVE-2010-4009 RESERVED CVE-2010-4010 RESERVED CVE-2010-4011 RESERVED CVE-2010-4012 RESERVED CVE-2010-4013 RESERVED CVE-2010-4014 RESERVED CVE-2010-4015 RESERVED CVE-2010-4016 RESERVED CVE-2010-4017 RESERVED CVE-2010-4018 RESERVED CVE-2010-4019 RESERVED CVE-2010-4020 RESERVED CVE-2010-4021 RESERVED CVE-2010-4022 RESERVED CVE-2010-4023 (Cross-site scripting (XSS) vulnerability in HP Insight Control Power ...) TODO: check CVE-2010-4024 (Cross-site request forgery (CSRF) vulnerability in HP Insight Control ...) TODO: check CVE-2010-4025 (Unspecified vulnerability in Doc Viewer in HP Palm webOS 1.4.1 allows ...) TODO: check CVE-2010-4026 (Unspecified vulnerability in the service API in HP Palm webOS 1.4.1 ...) TODO: check CVE-2010-4027 (Unspecified vulnerability in the camera application in HP Palm webOS ...) TODO: check CVE-2010-4028 (Unspecified vulnerability in LoadRunner Web Tours 9.10 in HP ...) TODO: check CVE-2010-4029 (Unspecified vulnerability in HP Storage Essentials before 6.3.0, when ...) TODO: check CVE-2010-4030 (Cross-site scripting (XSS) vulnerability in HP Insight Control ...) TODO: check CVE-2010-4031 (Unspecified vulnerability in HP Insight Control Performance Management ...) TODO: check CVE-2010-4032 (Cross-site request forgery (CSRF) vulnerability in HP Insight Control ...) TODO: check CVE-2010-4033 (Google Chrome before 7.0.517.41 does not properly implement the ...) TODO: check CVE-2010-4034 (Google Chrome before 7.0.517.41 does not properly handle forms, which ...) TODO: check CVE-2010-4035 (Google Chrome before 7.0.517.41 does not properly perform autofill ...) TODO: check CVE-2010-4036 (Google Chrome before 7.0.517.41 does not properly handle the unloading ...) TODO: check CVE-2010-4037 (Unspecified vulnerability in Google Chrome before 7.0.517.41 allows ...) TODO: check CVE-2010-4038 (The Web Sockets implementation in Google Chrome before 7.0.517.41 does ...) TODO: check CVE-2010-4039 (Google Chrome before 7.0.517.41 on Linux does not properly set the ...) TODO: check CVE-2010-4040 (Google Chrome before 7.0.517.41 does not properly handle animated GIF ...) TODO: check CVE-2010-4041 (The sandbox implementation in Google Chrome before 7.0.517.41 on Linux ...) TODO: check CVE-2010-4042 (Google Chrome before 7.0.517.41 does not properly handle element maps, ...) TODO: check CVE-2010-4043 (Opera before 10.63 does not prevent interpretation of a cross-origin ...) TODO: check CVE-2010-4044 (Opera before 10.63 does not ensure that the portion of a URL shown in ...) TODO: check CVE-2010-4045 (Opera before 10.63 does not properly restrict web script in ...) TODO: check CVE-2010-4046 (Opera before 10.63 does not properly verify the origin of video ...) TODO: check CVE-2010-4047 (Opera before 10.63 does not properly select the security context of ...) TODO: check CVE-2010-4048 (Opera before 10.63 allows user-assisted remote web servers to cause a ...) TODO: check CVE-2010-4049 (Opera before 10.63 allows remote attackers to cause a denial of ...) TODO: check CVE-2010-4050 (Opera before 10.63 allows remote attackers to cause a denial of ...) TODO: check CVE-2010-4051 RESERVED CVE-2010-4052 RESERVED CVE-2010-4053 (Stack-based buffer overflow in an unspecified logging function in ...) TODO: check CVE-2010-4054 (The gs_type2_interpret function in Ghostscript allows remote attackers ...) TODO: check CVE-2010-4055 (Stack consumption vulnerability in solid.exe in IBM solidDB 6.5.0.3 ...) TODO: check CVE-2010-4056 (solid.exe in IBM solidDB 6.5.0.3 and earlier does not properly perform ...) TODO: check CVE-2010-4057 (solid.exe in IBM solidDB 6.5.0.3 and earlier does not properly perform ...) TODO: check CVE-2010-4058 RESERVED CVE-2010-4059 RESERVED CVE-2010-4060 RESERVED CVE-2010-4061 RESERVED CVE-2010-4062 RESERVED CVE-2010-4063 RESERVED CVE-2010-4064 RESERVED CVE-2010-4065 RESERVED CVE-2010-4066 RESERVED CVE-2010-4067 RESERVED CVE-2010-4068 (Unspecified vulnerability in the Extension Manager in TYPO3 4.2.x ...) TODO: check CVE-2010-4069 (Stack-based buffer overflow in IBM Informix Dynamic Server (IDS) 7.x ...) TODO: check CVE-2010-4070 (Integer overflow in librpc.dll in portmap.exe (aka the ISM Portmapper ...) TODO: check CVE-2010-4071 RESERVED CVE-2010-4072 RESERVED CVE-2010-4073 RESERVED CVE-2010-4074 RESERVED CVE-2010-4075 RESERVED CVE-2010-4076 RESERVED CVE-2010-4077 RESERVED CVE-2010-4078 RESERVED CVE-2010-4079 RESERVED CVE-2010-4080 RESERVED CVE-2010-4081 RESERVED CVE-2010-4082 RESERVED CVE-2010-4083 RESERVED CVE-2010-4084 (dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows ...) TODO: check CVE-2010-4085 (dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows ...) TODO: check CVE-2010-4086 (dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows ...) TODO: check CVE-2010-4087 (IML32.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers ...) TODO: check CVE-2010-4088 (dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows ...) TODO: check CVE-2010-4089 (IML32.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers ...) TODO: check CVE-2010-4090 (Adobe Shockwave Player before 11.5.9.615 allows attackers to execute ...) TODO: check CVE-2010-4091 (The EScript.api plugin in Adobe Acrobat Reader 9.4.0, 8.1.7, and ...) TODO: check CVE-2010-4092 (Use-after-free vulnerability in an unspecified compatibility component ...) TODO: check CVE-2010-4093 RESERVED CVE-2010-4094 (The Tomcat server in IBM Rational Quality Manager and Rational Test ...) TODO: check CVE-2010-4095 (Directory traversal vulnerability in the FTP client in Serengeti ...) TODO: check CVE-2010-4096 (share/ma/keys_for_user in Monkeysphere 0.31 and 0.32 allows local ...) TODO: check CVE-2010-4097 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) TODO: check CVE-2010-4098 (monotone before 0.48.1, when configured to allow remote commands, ...) TODO: check CVE-2010-4099 (ess.pm in NitroSecurity NitroView ESM 8.4.0a, when ESSPMDebug is ...) TODO: check CVE-2010-4100 (Unspecified vulnerability in HP Insight Control Performance Management ...) TODO: check CVE-2010-4101 (Cross-site scripting (XSS) vulnerability in HP Insight Recovery before ...) TODO: check CVE-2010-4102 (Unspecified vulnerability in HP Insight Recovery before 6.2 allows ...) TODO: check CVE-2010-4103 (Unspecified vulnerability in HP Insight Managed System Setup Wizard ...) TODO: check CVE-2010-4104 (Unspecified vulnerability in HP Insight Orchestration before 6.2 ...) TODO: check CVE-2010-4105 (Unspecified vulnerability in HP Insight Orchestration before 6.2 ...) TODO: check CVE-2010-4106 (Cross-site request forgery (CSRF) vulnerability in HP Insight Control ...) TODO: check CVE-2010-4107 RESERVED CVE-2010-4108 RESERVED CVE-2010-4109 RESERVED CVE-2010-4110 RESERVED CVE-2010-4111 RESERVED CVE-2010-4112 RESERVED CVE-2010-4113 RESERVED CVE-2010-4114 RESERVED CVE-2010-4115 RESERVED CVE-2010-4116 RESERVED CVE-2010-4117 RESERVED CVE-2010-4118 RESERVED CVE-2010-4119 RESERVED CVE-2010-4120 (Multiple cross-site scripting (XSS) vulnerabilities in the TAM console ...) TODO: check CVE-2010-4121 (** DISPUTED ** The TCP-to-ODBC gateway in IBM Tivoli Provisioning ...) TODO: check CVE-2010-4122 RESERVED CVE-2010-4123 RESERVED CVE-2010-4124 RESERVED CVE-2010-4125 RESERVED CVE-2010-4126 RESERVED CVE-2010-4127 RESERVED CVE-2010-4128 RESERVED CVE-2010-4129 RESERVED CVE-2010-4130 RESERVED CVE-2010-4131 RESERVED CVE-2010-4132 RESERVED CVE-2010-4133 RESERVED CVE-2010-4134 RESERVED CVE-2010-4135 RESERVED CVE-2010-4136 RESERVED CVE-2010-4137 RESERVED CVE-2010-4138 RESERVED CVE-2010-4139 RESERVED CVE-2010-4140 RESERVED CVE-2010-4141 RESERVED CVE-2010-4142 (Multiple stack-based buffer overflows in DATAC RealWin 2.0 Build ...) TODO: check CVE-2010-4143 (SQL injection vulnerability in chart.php in phpCheckZ 1.1.0, when ...) TODO: check CVE-2010-4144 (SQL injection vulnerability in radyo.asp in Kisisel Radyo Script ...) TODO: check CVE-2010-4145 (Kisisel Radyo Script stores sensitive information under the web root ...) TODO: check CVE-2010-4146 (Cross-site scripting (XSS) vulnerability in Attachmate Reflection for ...) TODO: check CVE-2010-4147 (Multiple SQL injection vulnerabilities in Pentasoft Avactis Shopping ...) TODO: check CVE-2010-4148 (Directory traversal vulnerability in AnyConnect 1.2.3.0, and possibly ...) TODO: check CVE-2010-4149 (Directory traversal vulnerability in FreshWebMaster Fresh FTP 5.36, ...) TODO: check CVE-2010-4150 RESERVED CVE-2010-4151 (SQL injection vulnerability in misc.php in DeluxeBB 1.3, and possibly ...) TODO: check CVE-2010-4152 (SQL injection vulnerability in catalog/index.shtml in 4site CMS 2.6, ...) TODO: check CVE-2010-4153 (Directory traversal vulnerability in CrossFTP Pro 1.65a, and probably ...) TODO: check CVE-2010-4154 (Directory traversal vulnerability in Rhino Software, Inc. FTP Voyager ...) TODO: check CVE-2010-4155 (Multiple cross-site scripting (XSS) vulnerabilities in eXV2 CMS 2.10 ...) TODO: check CVE-2010-4156 (The mb_strcut function in Libmbfl 1.1.0, as used in PHP 5.3.x through ...) TODO: check CVE-2010-4157 RESERVED CVE-2010-4158 RESERVED CVE-2010-4159 RESERVED CVE-2010-4160 RESERVED CVE-2010-4161 RESERVED CVE-2010-4162 RESERVED CVE-2010-4163 RESERVED CVE-2010-4164 RESERVED CVE-2010-4165 RESERVED CVE-2010-4166 RESERVED CVE-2010-4167 RESERVED CVE-2010-4168 RESERVED CVE-2010-4169 RESERVED CVE-2010-4170 RESERVED CVE-2010-4171 RESERVED CVE-2010-4172 RESERVED CVE-2010-4173 RESERVED CVE-2010-4174 RESERVED CVE-2010-4175 RESERVED CVE-2010-4176 RESERVED CVE-2010-4177 RESERVED CVE-2010-4178 RESERVED CVE-2010-4179 RESERVED CVE-2010-4180 RESERVED CVE-2010-4181 (Directory traversal vulnerability in Yaws 1.89 allows remote attackers ...) TODO: check CVE-2010-4182 (Untrusted search path vulnerability in the Data Access Objects (DAO) ...) TODO: check CVE-2010-4183 (Multiple cross-site scripting (XSS) vulnerabilities in HTML Purifier ...) TODO: check CVE-2010-4184 (NetSupport Manager (NSM) before 11.00.0005 sends HTTP headers with ...) TODO: check CVE-2010-4185 (SQL injection vulnerability in index.php in Energine, possibly 2.3.8 ...) TODO: check CVE-2010-4186 (SQL injection vulnerability in process.asp in OnlineTechTools Online ...) TODO: check CVE-2010-4187 RESERVED CVE-2010-4188 RESERVED CVE-2010-4189 RESERVED CVE-2010-4190 RESERVED CVE-2010-4191 RESERVED CVE-2010-4192 RESERVED CVE-2010-4193 RESERVED CVE-2010-4194 RESERVED CVE-2010-4195 RESERVED CVE-2010-4196 RESERVED CVE-2010-4197 (Use-after-free vulnerability in Google Chrome before 7.0.517.44 allows ...) TODO: check CVE-2010-4198 (Google Chrome before 7.0.517.44 does not properly handle large text ...) TODO: check CVE-2010-4199 (Google Chrome before 7.0.517.44 does not properly perform a cast of an ...) TODO: check CVE-2010-4200 (Google Chrome before 7.0.517.44 reads from invalid memory locations ...) TODO: check CVE-2010-4201 (Use-after-free vulnerability in Google Chrome before 7.0.517.44 allows ...) TODO: check CVE-2010-4202 (Multiple integer overflows in Google Chrome before 7.0.517.44 on Linux ...) TODO: check CVE-2010-4203 (WebM libvpx (aka the VP8 Codec SDK), as used in Google Chrome before ...) TODO: check CVE-2010-4204 (Google Chrome before 7.0.517.44 accesses a frame object after this ...) TODO: check CVE-2010-4205 (Google Chrome before 7.0.517.44 does not properly handle the data ...) TODO: check CVE-2010-4206 (Google Chrome before 7.0.517.44 accesses memory at an out-of-bounds ...) TODO: check CVE-2010-4207 (Cross-site scripting (XSS) vulnerability in the Flash component ...) TODO: check CVE-2010-4208 (Cross-site scripting (XSS) vulnerability in the Flash component ...) TODO: check CVE-2010-4209 (Cross-site scripting (XSS) vulnerability in the Flash component ...) TODO: check CVE-2010-4210 RESERVED CVE-2010-4211 (The PayPal app before 3.0.1 for iOS does not verify that the server ...) TODO: check CVE-2010-4212 (The USAA application 3.0 for Android stores a mirror image of each ...) TODO: check CVE-2010-4213 (The Bank of America application 2.12 for Android stores a security ...) TODO: check CVE-2010-4214 (The Wells Fargo Mobile application 1.1 for Android stores a username ...) TODO: check CVE-2010-4215 RESERVED CVE-2010-4216 (IBM Tivoli Directory Server (TDS) 6.0.0.x before ...) TODO: check CVE-2010-4217 (Use-after-free vulnerability in the proxy server in IBM Tivoli ...) TODO: check CVE-2010-4218 (Unspecified vulnerability in Web Services in IBM ENOVIA 6 has unknown ...) TODO: check CVE-2010-4219 (Cross-site scripting (XSS) vulnerability in SemanticTagService.js in ...) TODO: check CVE-2010-4220 (Cross-site scripting (XSS) vulnerability in the Integrated Solution ...) TODO: check CVE-2010-4221 (Multiple stack-based buffer overflows in the pr_netio_telnet_gets ...) TODO: check