Contents of /data/CVE/list

CVE-2006-4622 (PHP remote file inclusion vulnerability in annonce.php in AnnonceV ...)
        NOT-FOR-US: AnnonceV
CVE-2006-4621 (PHP remote file inclusion vulnerability in settings.php in Pheap 1.2, ...)
        NOT-FOR-US: Pheap
CVE-2006-4620 (The useredit_account.wdm module in Alt-N WebAdmin 3.2.5 running with ...)
        NOT-FOR-US: Alt-N WebAdmin
CVE-2006-4619 (The start update window in Avira AntiVir PersonalEdition Classic ...)
        NOT-FOR-US: Avira
CVE-2006-4618 (PHP remote file inclusion vulnerability in adodb-postgres7.inc.php in ...)
        - libphp-adodb <not-affected> (vulnerable code seems to be In-link specific)
        - egroupware <not-affected> (vulnerable code seems to be In-link specific)
        - moodle <not-affected> (vulnerable code seems to be In-link specific)
        - phppgadmin <not-affected> (vulnerable code seems to be In-link specific)
        - gallery2 <not-affected> (vulnerable code seems to be In-link specific)
        - phpwiki <not-affected> (vulnerable code seems to be In-link specific)
CVE-2006-4617 (Unrestricted file upload vulnerability in fileupload.html in vtiger ...)
        NOT-FOR-US: vtiger CRM
CVE-2006-4616 (SMTP service in MailEnable Standard, Professional, and Enterprise ...)
        NOT-FOR-US: MailEnable
CVE-2006-4615 (Shape Services IM+ Mobile Instant Messenger for Pocket PC 3.10 stores ...)
        NOT-FOR-US: Shape Services
CVE-2006-4614 (PDAapps Verichat for Pocket PC 1.30bh stores usernames and passwords ...)
        NOT-FOR-US: PDAapps Verichat
CVE-2006-4613 (Multiple unspecified vulnerabilities in SnapGear before 3.1.4u1 allow ...)
        NOT-FOR-US: SnapGear
CVE-2006-4612 (SQL injection vulnerability in ReplyNew.asp in ZIXForum 1.12 allows ...)
        NOT-FOR-US: ZIXForum
CVE-2006-4611 (Buffer overflow in the _tor_resolve function in dsocks.c in dsocks ...)
        NOT-FOR-US: dsocks
CVE-2006-4610 (PHP remote file inclusion vulnerability in index.php in GrapAgenda ...)
        NOT-FOR-US: GrapAgenda
CVE-2006-4609 (** DISPUTED ** ...)
        NOT-FOR-US: PHProjekt
CVE-2006-4608 (Multiple cross-site scripting (XSS) vulnerabilities in Longino Jacome ...)
        NOT-FOR-US: php-Revista
CVE-2006-4607 (admin/index.php in Longino Jacome php-Revista 1.1.2 allows remote ...)
        NOT-FOR-US: php-Revista
CVE-2006-4606 (Multiple SQL injection vulnerabilities in Longino Jacome php-Revista ...)
        NOT-FOR-US: php-Revista
CVE-2006-4605 (PHP remote file inclusion vulnerability in index.php in Longino Jacome ...)
        NOT-FOR-US: php-Revista
CVE-2006-4604 (PHP remote file inclusion vulnerability in LFXlib/access_manager.php ...)
        NOT-FOR-US:  Lanifex Database of Managed Objects (DMO)
CVE-2006-4603 (NCH Swift Sound Web Dictate 1.02 allows remote attackers to bypass ...)
        NOT-FOR-US: Swift Sound Web Dictate
CVE-2006-4601 (SQL injection vulnerability in index.php in Annuaire 1Two 2.2 allows ...)
        NOT-FOR-US: 1Two
CVE-2006-4600 (slapd in OpenLDAP before 2.3.25 allows remote authenticated users with ...)
        - openldap2.3 2.3.25-1
        - openldap2.2 <removed> (low)
        - openldap2 <not-affected> (low) (slapd not built from this version)
CVE-2006-4599 (SQL injection vulnerability in aut_verifica.inc.php in Autentificator ...)
        NOT-FOR-US: Autentificator
CVE-2006-4598 (Multiple SQL injection vulnerabilities in links.php in ssLinks 1.22 ...)
        NOT-FOR-US: ssLinks
CVE-2006-4597 (SQL injection vulnerability in devam.asp in ICBlogger 2.0 and earlier ...)
        NOT-FOR-US: ICBlogger
CVE-2006-4596 (PHP remote file inclusion in MyBace Light Skrip, when register_globals ...)
        NOT-FOR-US: MyBace Light Skrip
CVE-2006-4595 (muforum (&#181;forum) 0.4c stores membres/members.dat under the web ...)
        NOT-FOR-US: muforum
CVE-2006-4594 (Multiple PHP remote file inclusion vulnerabilities in PHP Advanced ...)
        NOT-FOR-US: phpAtm
CVE-2006-4593 (Cross-site scripting (XSS) vulnerability in index.php in SoftBB 0.1 ...)
        NOT-FOR-US: SoftBB
CVE-2006-4592 (Incomplete blacklist vulnerability in default.asp in 8pixel.net Simple ...)
        NOT-FOR-US: Simple Blog
CVE-2006-4591 (Multiple PHP remote file inclusion vulnerabilities in AlstraSoft ...)
        NOT-FOR-US: AltraSoft Template Seller
CVE-2006-4590 (SQL injection vulnerability in admin/default.asp in Jetstat.com JS ASP ...)
        NOT-FOR-US: Jetstat.com JS ASP Faq Manager
CVE-2006-4589 (PHP remote file inclusion vulnerability in ...)
        NOT-FOR-US: DynCMS
CVE-2006-4588 (vtiger CRM 4.2.4, and possibly earlier, allows remote attackers to ...)
        NOT-FOR-US: vtiger CRM
CVE-2006-4587 (Multiple cross-site scripting (XSS) vulnerabilities in vtiger CRM ...)
        NOT-FOR-US: vtiger CRM
CVE-2006-4586 (The admin panel in Tr Forum 2.0 accepts a username and password hash ...)
        NOT-FOR-US: Tr Forum
CVE-2006-4585 (SQL injection vulnerability in admin/editer.php in Tr Forum 2.0 allows ...)
        NOT-FOR-US: Tr Forum
CVE-2006-4584 (Tr Forum 2.0 allows remote attackers to bypass authentication and add ...)
        NOT-FOR-US: Tr Forum
CVE-2006-4583 (Multiple PHP remote file inclusion vulnerabilities in FlashChat before ...)
        NOT-FOR-US: FlashChat
CVE-2006-4582
        RESERVED
CVE-2006-4581
        RESERVED
CVE-2006-4580
        RESERVED
CVE-2006-4579
        RESERVED
CVE-2006-4578
        RESERVED
CVE-2006-4577
        RESERVED
CVE-2006-4576
        RESERVED
CVE-2006-4575
        RESERVED
CVE-2006-4574
        RESERVED
CVE-2006-4573
        RESERVED
CVE-2006-4572
        RESERVED
CVE-2006-4571
        RESERVED
CVE-2006-4570
        RESERVED
CVE-2006-4569
        RESERVED
CVE-2006-4568
        RESERVED
CVE-2006-4567
        RESERVED
CVE-2006-4566
        RESERVED
CVE-2006-4565
        RESERVED
CVE-2006-4564 (SQL injection vulnerability in Sources/ManageBoards.php in Simple ...)
        NOT-FOR-US: Simple Machines Forum
CVE-2006-4563 (Cross-site scripting (XSS) vulnerability in modules.php in PHP-Nuke ...)
        NOT-FOR-US: PHP-Nuke
CVE-2006-4562 (** DISPUTED ** ...)
        NOT-FOR-US: Symantec
CVE-2006-4561 (Mozilla Firefox 1.5.0.6 allows remote attackers to execute arbitrary ...)
        - xulrunner <unfixed> (low)
        - firefox <unfixed> (low>
        - mozilla <unfixed> (low>
        - mozilla-firefox <removed> (low)
CVE-2006-4560 (Internet Explorer 6 on Windows XP SP2 allows remote attackers to ...)
        NOT-FOR-US: Internet Explorer
CVE-2006-4559 (Multiple PHP remote file inclusion vulnerabilities in Yet Another ...)
        NOT-FOR-US: Yet Another Community System (YACS) CMS
CVE-2006-4558 (DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the ...)
        NOT-FOR-US: DeluxeBB
CVE-2006-4557 (** DISPUTED ** ...)
        NOT-FOR-US: Discloser
CVE-2006-4556 (** DISPUTED ** ...)
        NOT-FOR-US: JIM component for Mambo and Joomla!
CVE-2006-4555 (Buffer overflow in the Retro64 / Miniclip CR64Loader ActiveX control ...)
        NOT-FOR-US: Miniclip CR64Loader ActiveX control
CVE-2006-4554 (Stack-based buffer overflow in the ReadFile function in the ...)
        NOT-FOR-US: BeCubed Compression Plus
CVE-2006-4553 (PHP remote file inclusion vulnerability in plugin.class.php in the ...)
        NOT-FOR-US: com_comprofiler Components for Mambo and Joomla!
CVE-2006-4552 (Cross-site scripting (XSS) vulnerability in CHXO Feedsplitter ...)
        NOT-FOR-US: CHXO Feedsplitter
CVE-2006-4551 (Eval injection vulnerability in CHXO Feedsplitter 2006-01-21 allows ...)
        NOT-FOR-US: CHXO Feedsplitter
CVE-2006-4550 (Directory traversal vulnerability in CHXO Feedsplitter 2006-01-21 ...)
        NOT-FOR-US: CHXO Feedsplitter
CVE-2006-4549 (CHXO Feedsplitter 2006-01-21 allows remote attackers to read the ...)
        NOT-FOR-US: CHXO Feedsplitter
CVE-2006-4548 (e107 0.75 and earlier does not properly unset variables when the input ...)
        NOTE: this should be fixed in PHP (CVE-2006-3017)
CVE-2006-4547 (Lyris ListManager 8.95 allows remote authenticated users to obtain ...)
        NOT-FOR-US: Lyris ListManager
CVE-2006-4546 (Lyris ListManager 8.95 allows remote authenticated users, who have ...)
        NOT-FOR-US: Lyris ListManager
CVE-2006-4545 (** DISPUTED ** ...)
        NOT-FOR-US: ModuleBased CMS Pre-Alpha
CVE-2006-4544 (Multiple PHP remote file inclusion vulnerabilities in ExBB 1.9.1, when ...)
        NOT-FOR-US: ExBB
CVE-2006-4543 (Cross-site scripting (XSS) vulnerability in index.php in HLStats 1.34 ...)
        NOT-FOR-US: HLStats
CVE-2006-4542 (Webmin before 1.296 and Usermin before 1.226 do not properly handle a ...)
        TODO: check
CVE-2006-4541 (RapDrv.sys in BlackICE PC Protection 3.6.cpn, cpj, cpiE, and possibly ...)
        NOT-FOR-US: BlackICE PC Protection
CVE-2006-4540 (Cross-site scripting (XSS) vulnerability in learncenter.asp in ...)
        NOT-FOR-US: Learn.com LearnCenter
CVE-2006-4539 ((1) includes/widgets/module_company_tickets.php and (2) ...)
        NOT-FOR-US: Cerberus Helpdesk
CVE-2006-4538 (Linux kernel 2.6.17 and earlier, when running on IA64 or SPARC ...)
        TODO: check
CVE-2006-4537 (NET$SESSION_CONTROL.EXE before 20060825 in DECnet-Plus in OpenVMS ...)
        NOT-FOR-US: OpenVMS
CVE-2006-4536 (SQL injection vulnerability in module/rejestracja.php in CMS Frogss ...)
        NOT-FOR-US: CMS Frogss
CVE-2006-4535
        RESERVED
CVE-2006-4534 (Unspecified vulnerability in Microsoft Word 2000 allows remote ...)
        NOT-FOR-US: Microsoft
CVE-2006-4533 (Multiple PHP remote file inclusion vulnerabilities in Plume CMS 1.0.6 ...)
        NOT-FOR-US: Plume CMS
CVE-2006-4532 (PHP remote file inclusion vulnerability in articles/article.php in Yet ...)
        NOT-FOR-US: Yet Another Community System (YACS) CMS
CVE-2006-4531 (PHP remote file inclusion vulnerability in lib/config.php in Pheap CMS ...)
        NOT-FOR-US: Pheap CMS
CVE-2006-4530 (Direct static code injection vulnerability in include/change.php in ...)
        NOT-FOR-US: membrepass
CVE-2006-4529 (SQL injection vulnerability in recherchemembre.php in membrepass 1.5. ...)
        NOT-FOR-US: membrepass
CVE-2006-4528 (Multiple cross-site scripting (XSS) vulnerabilities in membrepass 1.5 ...)
        NOT-FOR-US: membrepass
CVE-2006-4527 (includes/content/gateway.inc.php in CubeCart 3.0.12 and earlier, when ...)
        NOT-FOR-US: CubeCart
CVE-2006-4526 (SQL injection vulnerability in includes/content/viewCat.inc.php in ...)
        NOT-FOR-US: CubeCart
CVE-2006-4525 (Cross-site scripting (XSS) vulnerability in CubeCart 3.0.12 and ...)
        NOT-FOR-US: CubeCart
CVE-2006-4524 (Multiple SQL injection vulnerabilities in login_verif.asp in Digiappz ...)
        NOT-FOR-US: Digiappz Freekot
CVE-2006-4523 (The web-based management interface in 2Wire, Inc. HomePortal and ...)
        NOT-FOR-US: 2Wire
CVE-2006-4522 (Unspecified vulnerability in dtterm in IBM AIX 5.2 and 5.3 allows ...)
        NOT-FOR-US: IBM AIX
CVE-2004-2664 (John Lim ADOdb Library for PHP before 4.23 allows remote attackers to ...)
        TODO: check
CVE-2006-XXXX [hostapd dos]
        - hostapd 1:0.5.4-1
        [sarge] - hostapd <not-affected> (Vulnerable code not present)
CVE-2006-4521
        RESERVED
CVE-2006-4520
        RESERVED
CVE-2006-4519
        RESERVED
CVE-2006-4518
        RESERVED
CVE-2006-4517
        RESERVED
CVE-2006-4516
        RESERVED
CVE-2006-4515
        RESERVED
CVE-2006-4514
        RESERVED
CVE-2006-4513
        RESERVED
CVE-2006-4512
        RESERVED
CVE-2006-4511
        RESERVED
CVE-2006-4510
        RESERVED
CVE-2006-4509
        RESERVED
CVE-2006-4508 (Unspecified vulnerability in (1) Tor 0.1.0.x before 0.1.0.18 and ...)
        - tor 0.1.1.23-1
CVE-2006-4507 (Unspecified vulnerability in the TIFF viewer (possibly libTIFF) in the ...)
        NOT-FOR-US: Sony
        NOTE: According to the original advisory, this is just CVE-2006-3459
CVE-2006-4506 (idmlib.sh in nxdrv in Novell Identity Manager (IDM) 3.0.1 allows local ...)
        NOT-FOR-US: Novell Identity Manager
CVE-2006-4505 (CRLF injection vulnerability in links.php in NX5Linx 1.0 allows remote ...)
        NOT-FOR-US: NX5Linx
CVE-2006-4504 (SQL injection vulnerability in NX5Linx 1.0 allows remote attackers to ...)
        NOT-FOR-US: NX5Linx
CVE-2006-4503 (Directory traversal vulnerability in link.php in NX5Linx 1.0 allows ...)
        NOT-FOR-US: NX5Linx
CVE-2006-4502 (ezPortal/ztml CMS 1.0 allows remote attackers to bypass authentication ...)
        NOT-FOR-US: ezPortal/ztml CMS
CVE-2006-4501 (SQL injection vulnerability in index.php in ezPortal/ztml CMS 1.0 ...)
        NOT-FOR-US: ezPortal/ztml CMS
CVE-2006-4500 (Cross-site scripting (XSS) vulnerability in index.php in ezPortal/ztml ...)
        NOT-FOR-US: ezPortal/ztml CMS
CVE-2006-4499 (ModernBill 5.0.4 and earlier uses cURL with insecure settings for ...)
        NOT-FOR-US: ModernBill
CVE-2006-4498 (PHP remote file inclusion vulnerability in sommaire_admin.php in ...)
        NOT-FOR-US: PortailPHP
CVE-2006-4497 (SQL injection vulnerability in comments.php in IwebNegar 1.1 allows ...)
        NOT-FOR-US: IwebNegar
CVE-2006-4496 (Cross-site scripting (XSS) vulnerability in comments.php in IwebNegar ...)
        NOT-FOR-US: IwebNegar
CVE-2006-4495 (Microsoft Internet Explorer allows remote attackers to cause a denial ...)
        NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-4494 (Microsoft Visual Studio 6.0 allows remote attackers to cause a denial ...)
        NOT-FOR-US: Microsoft
CVE-2006-4493 (xbiff2 1.9 creates $HOME/.xbiff2rc in a user's home directory with ...)
        NOT-FOR-US: xbiff2
        NOTE: xbase-clients contains xbiff, but it is not affected as it doesn't use a .xbiffrc
CVE-2006-4492 (Unspecified vulnerability in Cybozu Office 6.5 Build 1.2 for Windows ...)
        NOT-FOR-US: Cybozu Office
CVE-2006-4491 (Directory traversal vulnerability in Cybozu Collaborex, AG before ...)
        NOT-FOR-US: Cybozu Collaborex
CVE-2006-4490 (Multiple directory traversal vulnerabilities in Cybozu Office before ...)
        NOT-FOR-US: Cybozu Office
CVE-2006-4489 (Multiple PHP remote file inclusion vulnerabilities in MiniBill ...)
        NOT-FOR-US: MiniBill
CVE-2006-4488 (PHP remote file inclusion vulnerability in ...)
        NOT-FOR-US: ExBB Italia
CVE-2006-4487 (DUware DUpoll 3.0 and 3.1 stores _private/Dupoll.mdb under the web ...)
        NOT-FOR-US: DUpoll
CVE-2006-4486 (Unspecified vulnerability in PHP before 5.1.6, when running on a ...)
        - php5 5.1.6-1
        - php4 4:4.4.4-1
CVE-2006-4485 (The stripos function in PHP before 5.1.5 has unknown impact and attack ...)
        - php5 5.1.6-1
        - php4 <not-affected> (Vulnerable function doesn't exist)
CVE-2006-4484 (Buffer overflow in the LWZReadByte_ function in ...)
        - libgd2 <unfixed> (medium; bug #384838)
        - xloadimage <unfixed> (low; bug #384841)
CVE-2006-4483 (The cURL extension files (1) ext/curl/interface.c and (2) ...)
        - php5 5.1.6-1 (low)
        - php4 4:4.4.4-1 (low)
        [sarge] - php4 <no-dsa> (Safe mode violations not supported, insufficient measure)
CVE-2006-4482 (Multiple heap-based buffer overflows in the (1) str_repeat and (2) ...)
        - php5 5.1.6-1 (low)
        - php4 4:4.4.4-1 (low)
CVE-2006-4481 (The (1) file_exists and (2) imap_reopen functions in PHP before 5.1.5 ...)
        - php5 5.1.6-1 (low)
        - php4 4:4.4.4-1 (low)
        [sarge] - php4 <no-dsa> (Basedir violations not supported, insufficient measure)
CVE-2006-4480 (Incomplete blacklist vulnerability in the nk_CSS function in nuked.php ...)
        NOT-FOR-US: Nuked-Klan
CVE-2006-4479 (Cross-site scripting (XSS) vulnerability in loginreq2.php in Visual ...)
        NOT-FOR-US: ezContents
CVE-2006-4478 (SQL injection vulnerability in headeruserdata.php in Visual Shapers ...)
        NOT-FOR-US: ezContents
CVE-2006-4477 (Multiple PHP remote file inclusion vulnerabilities in Visual Shapers ...)
        NOT-FOR-US: ezContents
CVE-2006-4476 (Multiple unspecified vulnerabilities in Joomla! before 1.0.11, related ...)
        - joomla <itp> (bug #326398)
CVE-2006-4475 (Joomla! before 1.0.11 does not limit access to the Admin Popups ...)
        - joomla <itp> (bug #326398)
CVE-2006-4474 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before ...)
        - joomla <itp> (bug #326398)
CVE-2006-4473 (Unspecified vulnerability in com_content in Joomla! before 1.0.11, ...)
        - joomla <itp> (bug #326398)
CVE-2006-4472 (Multiple unspecified vulnerabilities in Joomla! before 1.0.11 allow ...)
        - joomla <itp> (bug #326398)
CVE-2006-4471 (The Admin Upload Image functionality in Joomla! before 1.0.11 allows ...)
        - joomla <itp> (bug #326398)
CVE-2006-4470 (Joomla! before 1.0.11 omits some checks for whether _VALID_MOS is ...)
        - joomla <itp> (bug #326398)
CVE-2006-4469 (Unspecified vulnerability in PEAR.php in Joomla! before 1.0.11 allows ...)
        - joomla <itp> (bug #326398)
CVE-2006-4468 (Multiple unspecified vulnerabilities in Joomla! before 1.0.11, related ...)
        - joomla <itp> (bug #326398)
CVE-2006-4467 (Simple Machines Forum (SMF) 1.1RCx before 1.1RC3, and 1.0.x before ...)
        NOT-FOR-US: Simple Machines Forum
CVE-2006-4466 (Joomla! before 1.0.11 does not properly unset variables when the input ...)
        - joomla <itp> (bug #326398)
CVE-2006-4465 (** DISPUTED ** ...)
        NOT-FOR-US: Microsoft
CVE-2006-4464 (The Nokia Browser, possibly Nokia Symbian 60 Browser 3rd edition, ...)
        NOT-FOR-US: Nokia
CVE-2006-4463 (SQL injection vulnerability in the administrator control panel in ...)
        NOT-FOR-US: JS ASP Faq Manager
CVE-2006-4462 (Gonafish.com LinksCaffe 2.0 and 3.0 do not properly restrict access to ...)
        NOT-FOR-US: LinksCaffe
CVE-2006-4461 (Paessler IPCheck Server Monitor before 5.3.3.639/640 does not properly ...)
        NOT-FOR-US: Paessler IPCheck Server Monitor (not related to ipcheck in Debian)
CVE-2006-4460 (Cross-site scripting (XSS) vulnerability in PHP iAddressBook before ...)
        NOT-FOR-US: iAddressBook
CVE-2006-4459 (Integer overflow in AnywhereUSB/5 1.80.00 allows local users to cause ...)
        NOT-FOR-US: AnywhereUSB/5
CVE-2006-4458 (Directory traversal vulnerability in ...)
        - phpgroupware <unfixed> (bug #386061; medium)
CVE-2006-4457 (PHP remote file inclusion vulnerability in index.php in phpECard 2.1.4 ...)
        NOT-FOR-US: phpECard
CVE-2006-4456 (PHP remote file inclusion vulnerability in functions.php in phpECard ...)
        NOT-FOR-US: phpECard
CVE-2006-4455 (** DISPUTED ** ...)
        - xchat <not-affected> (not reproducible)
CVE-2006-4454 (Cross-site scripting (XSS) vulnerability in hlstats.php in HLstats ...)
        NOT-FOR-US: HLstats
CVE-2006-4453 (Cross-site scripting (XSS) vulnerability in PmWiki before 2.1.18 ...)
        NOT-FOR-US: PmWiki
CVE-2006-4452 (PHP remote file inclusion vulnerability in ...)
        NOT-FOR-US: Web3news
CVE-2006-4451 (Direct static code injection vulnerability in CJ Tag Board 3.0 allows ...)
        NOT-FOR-US: Tag Board
CVE-2006-4450 (usercp_avatar.php in PHPBB 2.0.20, when avatar uploading is enabled, ...)
        - phpbb2 2.0.21-1 (low)
CVE-2006-4449 (Cross-site scripting (XSS) vulnerability in attachment.php in ...)
        NOT-FOR-US: MyBulletinBoard (MyBB)
CVE-2006-4448 (Multiple PHP remote file inclusion vulnerabilities in interact 2.2, ...)
        NOT-FOR-US: interact
CVE-2006-4447 (X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, ...)
        - xbase-clients 1:7.1.ds-2
        - xtrans 1.0.0-6
        - xorg-server 1:1.0.2-9
        - libx11 2:1.0.0-7
        - xdm 1:1.0.5-1
        - xterm <unfixed>
        [sarge] - xfree86 <unfixed>
CVE-2006-4446 (Heap-based buffer overflow in DirectAnimation.PathControl COM object ...)
        NOT-FOR-US: Microsoft
CVE-2006-4445 (** DISPUTED ** ...)
        NOT-FOR-US: CuteNews
CVE-2006-4444 (Multiple SQL injection vulnerabilities in Cybozu Garoon 2.1.0 for ...)
        NOT-FOR-US: Cybozu Garoon
CVE-2006-4443 (PHP remote file inclusion vulnerability in myajaxphp.php in AlstraSoft ...)
        NOT-FOR-US: AlstraSoft Video Share Enterprise
CVE-2006-4442 (Cross-site scripting (XSS) vulnerability in PHP iAddressBook before ...)
        NOT-FOR-US: iAddressBook
CVE-2006-4441 (Multiple PHP remote file inclusion vulnerabilities in Ay System ...)
        NOT-FOR-US: Ay System Solutions CMS
CVE-2006-4440 (PHP remote file inclusion vulnerability in main.php in Ay System ...)
        NOT-FOR-US: Ay System Solutions CMS
CVE-2006-4439 (pkgadd in Sun Solaris 10 before 20060825 installs files with insecure ...)
        NOT-FOR-US: Solaris
CVE-2006-4438
        RESERVED
CVE-2006-4437
        RESERVED
CVE-2005-4810 (Microsoft Internet Explorer 7.0 Beta3 and earlier allows remote ...)
        NOT-FOR-US: Microsoft
CVE-2005-4809 (Mozilla Firefox 1.0.1 and possibly other versions, including Mozilla ...)
        - mozilla <unfixed> (low)
        - firefox <not-affected> (at least 1.5.0.6 is not vulnerable)
        - xulrunner <not-affected>
        [sarge] - mozilla <no-dsa> (Conceptual problem, not fixable in a backport)
CVE-2003-1305 (Microsoft Internet Explorer allows remote attackers to cause a denial ...)
        NOT-FOR-US: Microsoft
CVE-2006-4602 (Unrestricted file upload vulnerability in jhot.php in TikiWiki 1.9.4 ...)
        - tikiwiki 1.9.4+dfsg2-3
CVE-2006-4436 (isakmpd in OpenBSD 3.8, 3.9, and possibly earlier versions, creates ...)
        - isakmpd 20041012-4 (bug #385894; medium)
CVE-2006-4435 (OpenBSD 3.8, 3.9, and possibly earlier versions allows ...)
        NOT-FOR-US: OpenBSD
CVE-2006-4434 (Use-after-free vulnerability in Sendmail before 8.13.8 allows remote ...)
        {DSA-1164}
        - sendmail 8.13.8-1 (bug #385054; medium)
CVE-2006-4433 (PHP before 4.4.3 and 5.x before 5.1.4 does not limit the character set ...)
        - php4 4:4.4.4-1 (low)
        - php5 5.1.4-0.1 (low)
CVE-2006-4432 (Directory traversal vulnerability in Zend Platform 2.2.1 and earlier ...)
        NOT-FOR-US: Zend Platform
CVE-2006-4431 (Multiple buffer overflows in the (a) Session Clustering Daemon and the ...)
        NOT-FOR-US: Zend Platform
CVE-2006-4430 (The Cisco Network Admission Control (NAC) 3.6.4.1 and earlier allows ...)
        NOT-FOR-US: Cisco
CVE-2006-4429 (** DISPUTED ** ...)
        NOT-FOR-US: PHlyMail Lite
CVE-2006-4428 (** DISPUTED ** ...)
        NOT-FOR-US: Jupiter CMS
CVE-2006-4427 (index.php in eFiction before 2.0.7 allows remote attackers to bypass ...)
        NOT-FOR-US: eFiction
CVE-2006-4426 (PHP remote file inclusion vulnerability in ...)
        NOT-FOR-US: AlberT-EasySite
CVE-2006-4425 (Multiple PHP remote file inclusion vulnerabilities in phpCOIN 1.2.3 ...)
        NOT-FOR-US: phpCOIN
CVE-2006-4424 (PHP remote file inclusion vulnerability in coin_includes/constants.php ...)
        NOT-FOR-US: phpCOIN
CVE-2006-4423 (Multiple PHP remote file inclusion vulnerabilities in Bigace 1.8.2 ...)
        NOT-FOR-US: Bigace
CVE-2006-4422 (** DISPUTED ** ...)
        NOT-FOR-US: Jetbox CMS
CVE-2006-4421 (Cross-site scripting (XSS) vulnerability in ...)
        NOT-FOR-US: Yet Another PHP Image Gallery
CVE-2006-4420 (Directory traversal vulnerability in include_lang.php in Phaos 0.9.2 ...)
        NOT-FOR-US: Phaos
CVE-2006-4419 (SQL injection vulnerability in note.php in ProManager 0.73 allows ...)
        NOT-FOR-US: ProManager
CVE-2006-4418 (Directory traversal vulnerability in index.php for Wikepage 2006.2a ...)
        NOT-FOR-US: Wikepage
CVE-2006-4417 (SQL injection vulnerability in edituser.php in Xoops before 2.0.15 ...)
        NOT-FOR-US: Xoops
CVE-2006-4416 (Untrusted search path vulnerability in the mkvg command in IBM AIX 5.2 ...)
        NOT-FOR-US: IBM AIX
CVE-2006-4415
        RESERVED
CVE-2006-4414
        RESERVED
CVE-2006-4413
        RESERVED
CVE-2006-4412
        RESERVED
CVE-2006-4411
        RESERVED
CVE-2006-4410
        RESERVED
CVE-2006-4409
        RESERVED
CVE-2006-4408
        RESERVED
CVE-2006-4407
        RESERVED
CVE-2006-4406
        RESERVED
CVE-2006-4405
        RESERVED
CVE-2006-4404
        RESERVED
CVE-2006-4403
        RESERVED
CVE-2006-4402
        RESERVED
CVE-2006-4401
        RESERVED
CVE-2006-4400
        RESERVED
CVE-2006-4399
        RESERVED
CVE-2006-4398
        RESERVED
CVE-2006-4397
        RESERVED
CVE-2006-4396
        RESERVED
CVE-2006-4395
        RESERVED
CVE-2006-4394
        RESERVED
CVE-2006-4393
        RESERVED
CVE-2006-4392
        RESERVED
CVE-2006-4391
        RESERVED
CVE-2006-4390
        RESERVED
CVE-2006-4389
        RESERVED
CVE-2006-4388
        RESERVED
CVE-2006-4387
        RESERVED
CVE-2006-4386
        RESERVED
CVE-2006-4385
        RESERVED
CVE-2006-4384
        RESERVED
CVE-2006-4383
        RESERVED
CVE-2006-4382
        RESERVED
CVE-2006-4381
        RESERVED
CVE-2006-4380 (MySQL before 4.1.13 allows local users to cause a denial of service ...)
        {DSA-1169}
        - mysql-dfsg-5.0 <not-affected> (only 4.1 affected)
        - mysql-dfsg <not-affected> (only 4.1 affected)
        - mysql-dfsg-4.1 <removed>
CVE-2006-4379
        RESERVED
CVE-2006-4378 (** DISPUTED ** ...)
        NOT-FOR-US: Rssxt component for Joomla! (com_rssxt)
CVE-2006-4377 (Multiple SQL injection vulnerabilities in Guder und Koch ...)
        NOT-FOR-US: Eichhorn Portal
CVE-2006-4376 (Multiple cross-site scripting (XSS) vulnerabilities in Guder und Koch ...)
        NOT-FOR-US: Eichhorn Portal
CVE-2006-4375 (** DISPUTED ** ...)
        NOT-FOR-US: Contacts XTD (ContXTD) component for Mambo (com_contxtd)
CVE-2006-4374 (IrfanView 3.98 (with plugins) allows user-assisted attackers to cause ...)
        NOT-FOR-US: IrfanView
CVE-2006-4373 (PHP remote file inclusion vulnerability in ...)
        NOT-FOR-US: pSlash
CVE-2006-4372 (PHP remote file inclusion vulnerability in admin.lurm_constructor.php ...)
        NOT-FOR-US: Lurm Constructor component (com_lurm_constructor) for Mambo
CVE-2006-4371 (Multiple directory traversal vulnerabilities in Alt-N WebAdmin 3.2.3 ...)
        NOT-FOR-US: Alt-N WebAdmin
CVE-2006-4370 (Alt-N WebAdmin 3.2.3 and 3.2.4 running with MDaemon 9.0.5, and ...)
        NOT-FOR-US: Alt-N WebAdmin
CVE-2006-4369 (Absolute path traversal vulnerability in includes/functions_portal.php ...)
        NOT-FOR-US: IntegraMOD Portal
CVE-2006-4368 (PHP remote file inclusion vulnerability in ...)
        NOT-FOR-US: IntegraMOD Portal
CVE-2006-4367 (SQL injection vulnerability in alltopics.php in the All Topics Hack ...)
        NOT-FOR-US: All Topics Hack for phpBB
CVE-2006-4366 (PHP remote file inclusion vulnerability in index.php in RedBLoG 0.5 ...)
        NOT-FOR-US: RedBLoG
CVE-2006-4365 (Multiple PHP remote file inclusion vulnerabilities in VistaBB 2.0.33 ...)
        NOT-FOR-US: VistaBB
CVE-2006-4364 (Multiple heap-based buffer overflows in the POP3 server in Alt-N ...)
        NOT-FOR-US: Alt-N Technologies MDaemon
CVE-2006-4363 (PHP remote file inclusion vulnerability in admin.cropcanvas.php in the ...)
        NOT-FOR-US: CropImage component (com_cropimage) for Mambo
CVE-2006-4362 (Cross-site scripting (XSS) vulnerability in getad.php in Diesel Paid ...)
        NOT-FOR-US: Diesel Paid Mail
CVE-2006-4361 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
        NOT-FOR-US: Diesel Job Site
CVE-2006-4360 (Cross-site scripting (XSS) vulnerability in E-commerce 4.7 for Drupal ...)
        NOT-FOR-US: E-commerce for Drupal
CVE-2006-4359 (Stack-based buffer overflow in Trident Software PowerZip 7.06 Build ...)
        NOT-FOR-US: PowerZip
CVE-2006-4358 (Cross-site scripting (XSS) vulnerability in index.php in Diesel Pay ...)
        NOT-FOR-US: Diesel Pay
CVE-2006-4357 (PHP remote file inclusion vulnerability in clients/index.php in Diesel ...)
        NOT-FOR-US: Diesel Smart Traffic
CVE-2006-4356 (SQL injection vulnerability in Drupal Easylinks Module ...)
        NOT-FOR-US: Easylinks Module for Drupal
CVE-2006-4355 (Cross-site scripting (XSS) vulnerability in Drupal Easylinks Module ...)
        NOT-FOR-US: Easylinks Module for Drupal
CVE-2006-4354 (PHP remote file inclusion vulnerability in e/class/CheckLevel.php in ...)
        NOT-FOR-US: Phome Empire CMS
CVE-2006-4353 (Unspecified vulnerability in Sun Java System Content Delivery Server ...)
        NOT-FOR-US: Sun Java System Content Delivery Server
CVE-2006-4352 (The ArrowPoint cookie functionality for Cisco 11000 series Content ...)
        NOT-FOR-US: Cisco
CVE-2006-4351 (Cross-site scripting (XSS) vulnerability in index.php in OneOrZero ...)
        NOT-FOR-US: OneOrZero
CVE-2006-4350 (SQL injection vulnerability in index.php in OneOrZero 1.6.4.1 allows ...)
        NOT-FOR-US: OneOrZero
CVE-2006-4349 (** DISPUTED ** ...)
        NOT-FOR-US: ToendaCMS
CVE-2006-4348 (PHP remote file inclusion vulnerability in config.kochsuite.php in the ...)
        NOT-FOR-US: Kochsuite (com_kochsuite) component for Mambo and Joomla!
CVE-2006-4347 (SQL injection vulnerability in user logon authentication request ...)
        NOT-FOR-US: Cool Manager
CVE-2006-4346 (Asterisk 1.2.10 supports the use of client-controlled variables to ...)
        - asterisk 1:1.2.11.dfsg-1 (medium; bug #385060)
CVE-2006-4345 (Stack-based buffer overflow in channels/chan_mgcp.c in MGCP in ...)
        - asterisk 1:1.2.11.dfsg-1 (medium; bug #385060)
CVE-2006-4344 (CRLF injection vulnerability in CGI-Rescue Mail F/W System (formd) ...)
        NOT-FOR-US: CGI-Rescue Mail F/W System
CVE-2006-4343
        RESERVED
CVE-2006-4342
        RESERVED
CVE-2006-4341
        RESERVED
CVE-2006-4340
        RESERVED
CVE-2006-4339 (OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, ...)
        - openssl 0.9.8b-3 (medium)
        - openssl097 0.9.7i-2 (medium)
        - openssl096 <removed>
CVE-2006-4338
        RESERVED
CVE-2006-4337
        RESERVED
CVE-2006-4336
        RESERVED
CVE-2006-4335
        RESERVED
CVE-2006-4334
        RESERVED
CVE-2006-4333 (The SSCOP dissector in Wireshark (formerly Ethereal) before 0.99.3 allows ...)
        {DSA-1171}
        - wireshark 0.99.2-5.1 (low; bug #384529)
        - ethereal <removed> (low; bug #384528)
CVE-2006-4332 (Unspecified vulnerability in the DHCP dissector in Wireshark (formerly ...)
        - wireshark <not-affected> (windows only)
        - ethereal <not-affected> (windows only)
CVE-2006-4331 (Multiple off-by-one errors in the IPSec ESP preference parser in ...)
        - wireshark 0.99.2-5.1 (medium; bug #384529)
        - ethereal <not-affected> (only wireshark 0.99.2 affected)
CVE-2006-4330 (Unspecified vulnerability in the SCSI dissector in Wireshark (formerly ...)
        - wireshark 0.99.2-5 (medium; bug #384529)
        - ethereal <not-affected> (only wireshark 0.99.2 affected)
CVE-2006-XXXX [zope Arbitrary file inclusion]
        TODO: check zope zope-2.7 zope2.8 zope2.9 zope3
        - zope2.8 2.8.8-2
CVE-2006-4329 (Multiple PHP remote file inclusion vulnerabilities in Shadows Rising ...)
        NOT-FOR-US: Shadows Rising
CVE-2006-4328 (SQL injection vulnerability in admin.php in CloudNine Interactive ...)
        NOT-FOR-US: CloudNine
CVE-2006-4327 (Multiple cross-site scripting (XSS) vulnerabilities in add_url.php in ...)
        NOT-FOR-US: CloudNine
CVE-2006-4326 (Stack-based buffer overflow in Justsystem Ichitaro 9.x through 13.x, ...)
        NOT-FOR-US: Ichitaro
CVE-2006-4325 (Cross-site scripting (XSS) vulnerability in gbook.php in Doika ...)
        NOT-FOR-US: Doika
CVE-2006-4324 (Cross-site scripting (XSS) vulnerability in add_url2.php in ...)
        NOT-FOR-US: CityForFree
CVE-2006-4323 (SQL injection vulnerability in list.php in CityForFree indexcity 1.0, ...)
        NOT-FOR-US: CityForFree
CVE-2006-4322 (PHP remote file inclusion vulnerability in estateagent.php in the ...)
        NOT-FOR-US: Mambo
CVE-2006-4321 (PHP remote file inclusion vulnerability in cpg.php in the Coppermine ...)
        NOT-FOR-US: Mambo
CVE-2006-4320 (PHP remote file inclusion vulnerability in sef.php in the OpenSEF ...)
        NOT-FOR-US: OpenSEF for Joomla
CVE-2006-4319 (Buffer overflow in the format command in Solaris 8, 9, and 10 allows ...)
        NOT-FOR-US: Solaris
CVE-2006-4318 (Buffer overflow in WFTPD Server 3.23 allows remote attackers to ...)
        NOT-FOR-US: WFTPD
CVE-2006-4317 (Cross-site scripting (XSS) vulnerability in attachment.php in WoltLab ...)
        NOT-FOR-US: WoltLab
CVE-2006-4316 (SSH Tectia Management Agent 2.1.2 allows local users to gain root ...)
        NOT-FOR-US: SSH Tectia Management Agent
CVE-2006-4315 (Unquoted Windows search path vulnerability in multiple SSH Tectia ...)
        NOT-FOR-US: SSH Tectia Management Agent
CVE-2006-4314 (The manager server in Symantec Enterprise Security Manager (ESM) 6 and ...)
        NOT-FOR-US: Symantec
CVE-2006-4313 (Multiple unspecified vulnerabilities in Cisco VPN 3000 series ...)
        NOT-FOR-US: Cisco
CVE-2006-4312 (Cisco PIX 500 Series Security Appliances and ASA 5500 Series Adaptive ...)
        NOT-FOR-US: Cisco
CVE-2006-4311 (PHP remote file inclusion vulnerability in Sonium Enterprise ...)
        NOT-FOR-US: Sonium Enterprise Adressbook
CVE-2006-4310 (Mozilla Firefox 1.5.0.6 allows remote attackers to cause a denial of ...)
        - xulrunner <unfixed>
        - firefox <unfixed>
        - mozilla <unfixed>
        - mozilla-firefox <unfixed>
CVE-2006-4309 (VNC server on the AK-Systems Windows Terminal 1.2.5 ExVLP is not ...)
        NOT-FOR-US: AK-Systems Windows Terminal
CVE-2006-4308 (Multiple cross-site scripting (XSS) vulnerabilities in Blackboard ...)
        NOT-FOR-US: Blackboard Learning System
CVE-2006-4307 (Unspecified vulnerability in the format command in Sun Solaris 8 and 9 ...)
        NOT-FOR-US: Solaris
CVE-2006-4306 (Unspecified vulnerability in Sun Solaris 8 and 9 before 20060821 ...)
        NOT-FOR-US: Solaris
CVE-2006-4305 (Buffer overflow in SAP DB and MaxDB before 7.6.00.30 allows remote ...)
        - maxdb-7.5.00 <unfixed> (high; bug #386182)
CVE-2006-4304 (Buffer overflow in the sppp driver in FreeBSD 4.11 through 6.1 and ...)
        NOT-FOR-US: FreeBSD NetBSD
CVE-2006-4303 (Race condition in (1) libnsl and (2) TLI/XTI API routines in Sun ...)
        NOT-FOR-US: Solaris
CVE-2006-4302 (The Java Plug-in J2SE 1.3.0_02 through 5.0 Update 5, and Java Web ...)
        TODO: check
CVE-2006-4301 (Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a ...)
        NOT-FOR-US: Microsoft
CVE-2006-4300 (SQL injection vulnerability in comments.asp in SimpleBlog 2.0 and ...)
        NOT-FOR-US: SimpleBlog
CVE-2006-4299 (Cross-site scripting (XSS) vulnerability in tiki-searchindex.php in ...)
        - tikiwiki 1.9.4+dfsg2-2 (low; bug #384796)
CVE-2006-4298 (Multiple directory traversal vulnerabilities in cache.php in ...)
        NOT-FOR-US: osCommerce
CVE-2006-4297 (SQL injection vulnerability in shopping_cart.php in osCommerce before ...)
        NOT-FOR-US: osCommerce
CVE-2006-4296 (PHP remote file inclusion vulnerability in classes/Tar.php in ...)
        NOT-FOR-US: bigAPE-Backup component (com_babackup) for Mambo
CVE-2006-4295 (Cross-site scripting (XSS) vulnerability in ascan_6.asp in Panda ...)
        NOT-FOR-US: Panda ActiveScan
CVE-2006-4294
        RESERVED
CVE-2006-4293 (Multiple cross-site scripting (XSS) vulnerabilities in cPanel 10 allow ...)
        NOT-FOR-US: cPanel
CVE-2006-4292 (Unspecified vulnerability in Niels Provos Honeyd before 1.5b allows ...)
        - honeyd <unfixed> (low; bug #384806)
CVE-2006-4291 (PHP remote file inclusion vulnerability in ...)
        NOT-FOR-US: PHlyMail Lite
CVE-2006-4290 (Directory traversal vulnerability in Sony VAIO Media Server 2.x, 3.x, ...)
        NOT-FOR-US: Sony
CVE-2006-4289 (Buffer overflow in Sony VAIO Media Server 2.x, 3.x, 4.x, and 5.x ...)
        NOT-FOR-US: Sony
CVE-2006-4288 (PHP remote file inclusion vulnerability in admin.a6mambocredits.php in ...)
        NOT-FOR-US: a6mambocredits component (com_a6mambocredits) for Mambo
CVE-2006-4287 (Multiple PHP remote file inclusion vulnerabilities in NES Game and NES ...)
        NOT-FOR-US: NES Game and NES System
CVE-2006-4286 (PHP remote file inclusion vulnerability in contentpublisher.php in the ...)
        NOT-FOR-US: contentpublisher component (com_contentpublisher) for Mambo
CVE-2006-4285 (PHP remote file inclusion vulnerability in news.php in Fantastic News ...)
        NOT-FOR-US: Fantastic News
CVE-2006-4284 (SQL injection vulnerability in comments.asp in LBlog 1.05 and earlier ...)
        NOT-FOR-US: LBlog
CVE-2006-4283 (Multiple PHP remote file inclusion vulnerabilities in SOLMETRA SPAW ...)
        NOT-FOR-US: SOLMETRA SPAW Editor
CVE-2006-4282 (PHP remote file inclusion vulnerability in MamboLogin.php in the ...)
        NOT-FOR-US: MamboWiki component (com_mambowiki) for Mambo and Joomla!
CVE-2006-4281 (PHP remote file inclusion vulnerability in akocomments.php in ...)
        NOT-FOR-US: AkoComment 1.1 module (com_akocomment) for Mambo
CVE-2006-4280 (PHP remote file inclusion vulnerability in anjel.index.php in ANJEL ...)
        NOT-FOR-US: ANJEL (formerly MaMML) Component (com_anjel) for Mambo
CVE-2006-4279 (SQL injection vulnerability in topic_post.php in XennoBB 2.2.1 and ...)
        NOT-FOR-US: XennoBB
CVE-2006-4278 (PHP remote file inclusion vulnerability in ...)
        NOT-FOR-US: SportsPHool
CVE-2006-4277 (Multiple PHP remote file inclusion vulnerabilities in Tutti Nova 1.6 ...)
        NOT-FOR-US: Tutti Nova
CVE-2006-4276 (PHP remote file inclusion vulnerability in Tutti Nova 1.6 and earlier ...)
        NOT-FOR-US: Tutti Nova
CVE-2006-4275 (PHP remote file inclusion vulnerability in catalogshop.php in the ...)
        NOT-FOR-US: CatalogShop component for Mambo (com_catalogshop)
CVE-2006-4274
        REJECTED
        NOT-FOR-US: Microsoft
CVE-2006-4273 (Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin 3.5.4 ...)
        NOT-FOR-US: Jelsoft vBulletin
CVE-2006-4272 (** DISPUTED ** ...)
        NOT-FOR-US: Jelsoft vBulletin
CVE-2006-4271 (** DISPUTED ** ...)
        NOT-FOR-US: Jelsoft vBulletin
CVE-2006-4270 (PHP remote file inclusion vulnerability in mambelfish.class.php in the ...)
        NOT-FOR-US: mambelfish component (com_mambelfish) for Mambo
CVE-2006-4269 (PHP remote file inclusion vulnerability in admin.x-shop.php in the ...)
        NOT-FOR-US: x-shop component (com_x-shop) for Mambo and Joomla!
CVE-2006-4268 (Multiple cross-site scripting (XSS) vulnerabilities in CubeCart 3.0.11 ...)
        NOT-FOR-US: CubeCart
CVE-2006-4267 (Multiple SQL injection vulnerabilities in CubeCart 3.0.11 and earlier ...)
        NOT-FOR-US: CubeCart
CVE-2006-4266 (Symantec Norton Personal Firewall 2006 9.1.0.33, and possibly earlier, ...)
        NOT-FOR-US: Symantec
CVE-2006-4265 (Kaspersky Anti-Hacker 1.8.180, when Stealth Mode is enabled, allows ...)
        NOT-FOR-US: Kaspersky
CVE-2006-4264 (** DISPUTED ** ...)
        NOT-FOR-US: lmtg_myhomepage Component (com_lmtg_myhomepage) for Mambo
CVE-2006-4263 (Multiple PHP remote file inclusion vulnerabilities in the Product ...)
        NOT-FOR-US: mambo-phpshop (com_phpshop) for Mambo and Joomla!
CVE-2006-4262 (Multiple buffer overflows in cscope 15.5 and earlier allow ...)
        - cscope 15.5+cvs20060902-1 (low; bug #385893)
CVE-2006-4261 (Mozilla Firefox 1.5.0.6 and earlier allows remote attackers to cause a ...)
        - xulrunner <unfixed>
        - firefox <unfixed>
        - mozilla <unfixed>
        - mozilla-firefox <unfixed>
CVE-2006-4260 (Directory traversal vulnerability in index.php in Fotopholder 1.8 ...)
        NOT-FOR-US: Fotopholder
CVE-2006-4259 (Cross-site scripting (XSS) vulnerability in index.php in Fotopholder ...)
        NOT-FOR-US: Fotopholder
CVE-2006-4258 (Absolute path traversal vulnerability in the get functionality in ...)
        NOT-FOR-US: Anti-Spam SMTP Proxy
CVE-2006-4257 (IBM DB2 Universal Database (UDB) before 8.1 FixPak 13 allows remote ...)
        NOT-FOR-US: IBM DB2
CVE-2006-4256 (index.php in Horde Application Framework before 3.1.2 allows remote ...)
        - horde3 3.1.3-1 (low; bug #383416)
CVE-2006-4255 (Cross-site scripting (XSS) vulnerability in horde/imp/search.php in ...)
        - imp4 4.1.3-1 (low; bug #383416)
CVE-2006-4254 (Unspecified vulnerability in setlocale in IBM AIX 5.1.0 through 5.3.0 ...)
        NOT-FOR-US: IBM AIX
CVE-2006-4253 (Mozilla Firefox 1.5.0.6 and earlier allows remote attackers to cause a ...)
        - xulrunner <unfixed>
        - firefox <unfixed>
        - mozilla <unfixed>
        - mozilla-firefox <unfixed>
CVE-2006-4252
        RESERVED
CVE-2006-4251
        RESERVED
CVE-2006-4250
        RESERVED
CVE-2006-4249
        RESERVED
CVE-2006-4248
        RESERVED
CVE-2006-4247
        RESERVED
CVE-2006-4246
        RESERVED
CVE-2006-4245
        RESERVED
CVE-2006-4244 (Unspecified vulnerability in unspecified versions of SQL-Ledger, ...)
        - sql-ledger <unfixed> (medium)
CVE-2006-4243
        RESERVED
CVE-2006-4242 (PHP remote file inclusion vulnerability in install.jim.php in the JIM ...)
        NOT-FOR-US: JIM component for Joomla or Mambo
CVE-2006-4241 (PHP remote file inclusion vulnerability in processor/reporter.sql.php ...)
        NOT-FOR-US: Reporter Mambo component (com_reporter)
CVE-2006-4240 (PHP remote file inclusion vulnerability in index.php in Fusion News ...)
        NOT-FOR-US: Fusion News
CVE-2006-4239 (PHP remote file inclusion vulnerability in include/urights.php in ...)
        NOT-FOR-US: Outreach Project Tool
CVE-2006-4238 (SQL injection vulnerability in torrents.php in WebTorrent (WTcom) ...)
        NOT-FOR-US: WebTorrent (WTcom)
CVE-2006-4237 (PHP remote file inclusion vulnerability in pageheaderdefault.inc.php ...)
        NOT-FOR-US: Invisionix Roaming System Remote (IRSR)
CVE-2006-4236 (Multiple PHP remote file inclusion vulnerabilities in POWERGAP allow ...)
        NOT-FOR-US: POWERGAP
CVE-2006-4235 (Buffer overflow in the import project functionality in Sony SonicStage ...)
        NOT-FOR-US: Sony
CVE-2006-4234 (PHP remote file inclusion vulnerability in classes/query.class.php in ...)
        NOT-FOR-US: dotProject
CVE-2006-4233 (Globus Toolkit 3.2.x, 4.0.x, and 4.1.0 before 20060815 allow local ...)
        NOT-FOR-US: Globus Toolkit
CVE-2006-4232 (Race condition in the grid-proxy-init tool in Globus Toolkit 3.2.x, ...)
        NOT-FOR-US: Globus Toolkit
CVE-2006-4231 (IrfanView 3.98 (with plugins) allows remote attackers to cause a ...)
        NOT-FOR-US: IrfanView
CVE-2006-4230 (Multiple PHP remote file inclusion vulnerabilities in index.php in ...)
        NOT-FOR-US: Lizge Web Portal
CVE-2006-4229 (PHP remote file inclusion vulnerability in archive.php in the ...)
        NOT-FOR-US: mosListMessenger Component (com_lm) for Mambo and Joomla!
CVE-2006-4228 (Symantec Veritas NetBackup PureDisk Remote Office Edition 6.0 before ...)
        NOT-FOR-US: Symantec
CVE-2006-4227 (MySQL before 5.0.25 and 5.1 before 5.1.12 evaluates arguments of suid ...)
        - mysql-dfsg-5.0 5.0.24-3 (low; bug #384798)
CVE-2006-4226 (MySQL before 4.1.21, 5.0 before 5.0.25, and 5.1 before 5.1.12, when ...)
        {DSA-1169}
        - mysql-dfsg-5.0 5.0.24-3 (low; bug #384798)
        [sarge] - mysql-dfsg <not-affected> (Vulnerable code not present)
CVE-2006-4225
        REJECTED
CVE-2006-4224 (Cross-site scripting (XSS) vulnerability in calendar.php in Virtual ...)
        NOT-FOR-US: Virtual War
CVE-2006-4223 (IBM WebSphere Application Server before 6.0.2.13 allows ...)
        NOT-FOR-US: IBM WebSphere Application
CVE-2006-4222 (Multiple unspecified vulnerabilities in IBM WebSphere Application ...)
        NOT-FOR-US: IBM WebSphere Application
CVE-2006-4221 (Stack-based buffer overflow in the IBM Access Support eGatherer ...)
        NOT-FOR-US: IBM
CVE-2006-4220
        RESERVED
CVE-2006-4219 (The Terminal Services COM object (tsuserex.dll) allows remote ...)
        NOT-FOR-US: Terminal Services COM object
CVE-2006-4218 (Directory traversal vulnerability in Zen Cart 1.3.0.2 and earlier ...)
        NOT-FOR-US: Zen Cart
CVE-2006-4217 (PHP remote file inclusion vulnerability in ...)
        NOT-FOR-US: WEBInsta CMS
CVE-2006-4216
        REJECTED
        NOT-FOR-US: Chaussette
CVE-2006-4215 (PHP remote file inclusion vulnerability in index.php in Zen Cart ...)
        NOT-FOR-US: Zen Cart
CVE-2006-4214 (Multiple SQL injection vulnerabilities in Zen Cart 1.3.0.2 and earlier ...)
        NOT-FOR-US: Zen Cart
CVE-2006-4213 (PHP remote file inclusion vulnerability in config.php in David Kent ...)
        NOT-FOR-US: Thatware
CVE-2006-4212 (SQL injection vulnerability in b0zz and Chris Vincent Owl Intranet ...)
        NOT-FOR-US: Owl Intranet Engine
CVE-2006-4211 (Cross-site scripting (XSS) vulnerability in b0zz and Chris Vincent Owl ...)
        NOT-FOR-US: Owl Intranet Engine
CVE-2006-4210 (nu_mail.inc.php in Andreas Kansok phPay 2.02 and 2.02.1, when ...)
        NOT-FOR-US: phPay
CVE-2006-4209 (PHP remote file inclusion vulnerability in install3.php in WEBInsta ...)
        NOT-FOR-US: WEBInsta Mailing List Manager
CVE-2006-4208 (Directory traversal vulnerability in wp-db-backup.php in Skippy ...)
        - wordpress <unfixed> (low; bug #384800)
CVE-2006-4207 (Multiple PHP remote file inclusion vulnerabilities in Bob Jewell ...)
        NOT-FOR-US: Discloser
CVE-2006-4206 (Cross-site scripting (XSS) vulnerability in calendar.asp in ...)
        NOT-FOR-US: ASPPlayground.NET Forum Advanced Edition 
CVE-2006-4205 (Multiple PHP remote file inclusion vulnerabilities in WebDynamite ...)
        NOT-FOR-US: WebDynamite ProjectButler
CVE-2006-4204 (Multile PHP remote file inclusion vulnerabilities in PHProjekt 5.1 and ...)
        NOT-FOR-US: PHProjekt
CVE-2006-4203 (PHP remote file inclusion vulnerability in help.mmp.php in the MMP ...)
        NOT-FOR-US: MMP Component (com_mmp) for Mambo
CVE-2006-4202 (SQL injection vulnerability in proje_goster.php in Spidey Blog Script ...)
        NOT-FOR-US: Spidey Blog Script
CVE-2006-4201 (Unspecified vulnerability in the backup agent and Cell Manager in HP ...)
        NOT-FOR-US: HP OpenView Storage Data Protector
CVE-2006-4200 (Unspecified vulnerability in 04WebServer 1.83 and earlier allows ...)
        NOT-FOR-US: 04WebServer
CVE-2006-4199 (Cross-site scripting (XSS) vulnerability in Soft3304 04WebServer 1.83 ...)
        NOT-FOR-US: 04WebServer
CVE-2006-4198 (PHP remote file inclusion vulnerability in includes/session.php in ...)
        NOT-FOR-US: Wheatblog
CVE-2006-4197 (Multiple buffer overflows in libmusicbrainz (aka mb_client or ...)
        {DSA-1162}
        - libmusicbrainz-2.1 2.1.4-1 (medium; bug #383030)
        - libmusicbrainz-2.0 <removed> (medium; bug #383031)
CVE-2006-4196 (PHP remote file inclusion vulnerability in index.php in WEBInsta CMS ...)
        NOT-FOR-US: WEBInsta CMS
CVE-2006-4195 (PHP remote file inclusion vulnerability in param.peoplebook.php in the ...)
        NOT-FOR-US: Peoplebook Component for Mambo (com_peoplebook)
CVE-2005-4808 (Buffer overflow in reset_vars in config/tc-crx.c in the GNU as (gas) ...)
        - binutils 2.17-1 (low)
        [sarge] - binutils <no-dsa> (Only a security-problems in far-fetched configurations)
CVE-2005-4807 (Stack-based buffer overflow in the as_bad function in messages.c in ...)
        - binutils 2.17-1 (low)
        [sarge] - binutils <no-dsa> (Only a security-problems in far-fetched configurations)
CVE-2004-2663 (The (1) SetDebugging and (2) RunEgatherer methods in IBM Access ...)
        NOT-FOR-US: IBM
CVE-2004-2662 (Soft3304 04WebServer before 1.41 allows remote attackers to cause a ...)
        NOT-FOR-US: 04WebServer
CVE-2004-2661 (Soft3304 04WebServer before 1.41 does not properly check file names, ...)
        NOT-FOR-US: 04WebServer
CVE-2002-2216 (Soft3304 04WebServer before 1.20 does not properly process URL ...)
        NOT-FOR-US: 04WebServer
CVE-2006-XXXX [gallery2 session ID disclosure]
        - gallery2 2.1.2-1
CVE-2006-XXXX [insecure filehandling in mysql_upgrade]
        - mysql-dfsg-5.0 5.0.24-1
        TODO: check 4.x
CVE-2006-4194 (** DISPUTED ** ...)
        NOT-FOR-US: Cisco
CVE-2006-4193 (Microsoft Internet Explorer 6.0 SP1 and possibly other versions allows ...)
        NOT-FOR-US: MS IE
CVE-2006-4192 (Multiple buffer overflows in MODPlug Tracker (OpenMPT) 1.17.02.43 and ...)
        - libmodplug <unfixed> (medium; bug #383574)
CVE-2006-4191 (Directory traversal vulnerability in memcp.php in XMB (Extreme Message ...)
        NOT-FOR-US: XMB
CVE-2006-4190 (Directory traversal vulnerability in autohtml.php in the AutoHTML ...)
        NOT-FOR-US: PHP-Nuke module AutoHTML
CVE-2006-4189 (Multiple PHP remote file inclusion vulnerabilities in Dolphin 5.1 ...)
        NOT-FOR-US: Dolphin
CVE-2006-4188 (Unspecified vulnerability in the LP subsystem in HP-UX B.11.00, ...)
        NOT-FOR-US: HP-UX
CVE-2006-4187 (Unspecified vulnerability in HP-UX B.11.00, B.11.11 and B.11.23, when ...)
        NOT-FOR-US: HP-UX
CVE-2006-4186 (The iManager in eMBoxClient.jar in Novell eDirectory 8.7.3.8 writes ...)
        NOT-FOR-US: Novell eDirectory
CVE-2006-4185 (Unspecified vulnerability in the NCPENGINE in Novell eDirectory ...)
        NOT-FOR-US: Novell eDirectory
CVE-2006-4184 (SmartLine DeviceLock before 5.73 Build 305 does not properly enforce ...)
        NOT-FOR-US: SmartLine DeviceLock
CVE-2006-4183
        RESERVED
CVE-2006-4182
        RESERVED
CVE-2006-4181
        RESERVED
CVE-2006-4180
        RESERVED
CVE-2006-4179
        RESERVED
CVE-2006-4178
        RESERVED
CVE-2006-4177
        RESERVED
CVE-2006-4176
        RESERVED
CVE-2006-4175
        RESERVED
CVE-2006-4174
        RESERVED
CVE-2006-4173
        RESERVED
CVE-2006-4172
        RESERVED
CVE-2006-4171
        RESERVED
CVE-2006-4170
        RESERVED
CVE-2006-4169
        RESERVED
CVE-2006-4168
        RESERVED
CVE-2006-4167
        RESERVED
CVE-2006-4166 (PHP remote file inclusion vulnerability in TinyWebGallery 1.5 and ...)
        NOT-FOR-US: TinyWebGallery
CVE-2006-4165 (Cross-site scripting (XSS) vulnerability in NetCommons 1.0.8 and ...)
        NOT-FOR-US: NetCommons
CVE-2006-4164 (PHP remote file inclusion vulnerability in inc/header.inc.php in ...)
        NOT-FOR-US: phpPrintAnalyzer
CVE-2006-4163 (** DISPUTED ** ...)
        NOT-FOR-US: miniBloggie
CVE-2006-4162 (Cross-site scripting (XSS) vulnerability in Dragonfly CMS 9.0.6.1 and ...)
        NOT-FOR-US: Dragonfly CMS
CVE-2006-4161 (Directory traversal vulnerability in the avatar_gallery action in ...)
        NOT-FOR-US: XennoBB
CVE-2006-4160 (Multiple PHP remote file inclusion vulnerabilities in Tony Bibbs and ...)
        NOT-FOR-US: MVCnPHP 
CVE-2006-4159 (Multiple PHP remote file inclusion vulnerabilities in Chaussette ...)
        NOT-FOR-US: Chaussette
CVE-2006-4158 (PHP remote file inclusion vulnerability in Login.php in Spaminator 1.7 ...)
        NOT-FOR-US: Spaminator
CVE-2006-4157 (Cross-site scripting (XSS) vulnerability in index.php in Yet another ...)
        NOT-FOR-US: Yet another Bulletin Board (YaBB)
CVE-2006-4156 (** DISPUTED ** ...)
        NOT-FOR-US: pearlabs mafia moblog
CVE-2006-4155 (Unspecified vulnerability in func_topic_threaded.php (aka threaded ...)
        NOT-FOR-US: Invision Power Board (IPB)
CVE-2006-4154
        RESERVED
CVE-2006-4153
        RESERVED
CVE-2006-4152
        RESERVED
CVE-2006-4151
        RESERVED
CVE-2006-4150
        RESERVED
CVE-2006-4149
        RESERVED
CVE-2006-4148
        RESERVED
CVE-2006-4147
        RESERVED
CVE-2006-4146 (Buffer overflow in the (1) DWARF (dwarfread.c) and DWARF2 ...)
        - gdb <unfixed> (unimportant)
        NOTE: Every sensible use of gdb involves executing the debugged binary
        TODO: file bug
CVE-2006-4145 (The Universal Disk Format (UDF) filesystem driver in Linux kernel ...)
        - linux-2.6 2.6.17-7
        - linux-2.6.16 <unfixed>
CVE-2006-4143 (Netgear FVG318 running firmware 1.0.40 allows remote attackers to ...)
        NOT-FOR-US: Netgear
CVE-2006-4142 (SQL injection vulnerability in extra/online.php in Virtual War (VWar) ...)
        NOT-FOR-US: Virtual War (VWar)
CVE-2006-4141 (SQL injection vulnerability in news.php in Virtual War (VWar) 1.5.0 ...)
        NOT-FOR-US: Virtual War (VWar)
CVE-2006-4140 (Directory traversal vulnerability in IPCheck Server Monitor before ...)
        NOT-FOR-US: IPCheck Server Monitor
CVE-2006-4139 (Race condition in Sun Solaris 10 allows attackers to cause a denial of ...)
        NOT-FOR-US: Solaris
CVE-2006-4138 (Multiple unspecified vulnerabilities in Microsoft Windows Help File ...)
        NOT-FOR-US: Microsoft
CVE-2006-4137 (IBM WebSphere Application Server before 6.1.0.1 allows attackers to ...)
        NOT-FOR-US: IBM WebSphere
CVE-2006-4136 (Multiple unspecified vulnerabilities in IBM WebSphere Application ...)
        NOT-FOR-US: IBM WebSphere
CVE-2006-4135 (** DISPUTED ** ...)
        NOT-FOR-US: Calendarix
CVE-2006-4134 (Unspecified vulnerability related to a &quot;design flaw&quot; in SAP Internet ...)
        NOT-FOR-US: SAP
CVE-2006-4133 (Buffer overflow in SAP Internet Graphics Service (IGS) 6.40 and ...)
        NOT-FOR-US: SAP
CVE-2006-4132 (ArcSoft MMS Composer 1.5.5.6 and possibly earlier, and 2.0.0.13 and ...)
        NOT-FOR-US: ArcSoft MMS Composer
CVE-2006-4131 (Multiple buffer overflows in ArcSoft MMS Composer 1.5.5.6, and ...)
        NOT-FOR-US: ArcSoft MMS Composer
CVE-2006-4130 (PHP remote file inclusion vulnerability in admin.remository.php in the ...)
        NOT-FOR-US: Remository Component (com_remository) for Mambo and Joomla!
CVE-2006-4129 (PHP remote file inclusion vulnerability in admin.webring.docs.php in ...)
        NOT-FOR-US: Webring Component (com_webring) for Joomla! 
CVE-2006-4128 (Multiple heap-based buffer overflows in Symantec VERITAS Backup Exec ...)
        NOT-FOR-US: Symantec VERITAS
CVE-2006-4127 (Multiple format string vulnerabilities in DConnect Daemon 0.7.0 and ...)
        NOT-FOR-US: DConnect Daemon (dcd)
CVE-2006-4126 (The dc_chat function in cmd.dc.c in DConnect Daemon 0.7.0 and earlier ...)
        NOT-FOR-US: DConnect Daemon (dcd)
CVE-2006-4125 (Stack-based buffer overflow in main.c in DConnect Daemon 0.7.0 and ...)
        NOT-FOR-US: DConnect Daemon (dcd)
CVE-2006-4124 (The libXm library in LessTif 0.95.0 and earlier allows local users to ...)
        - lesstif2 <unfixed> (bug #382411; low)
CVE-2006-4123 (PHP remote file inclusion vulnerability in boitenews4/index.php in ...)
        NOT-FOR-US: Boite de News
CVE-2006-4122 (Simple one-file guestbook 1.0 and earlier allows remote attackers to ...)
        NOT-FOR-US: Simple one-file guestbook
CVE-2006-4121 (PHP remote file inclusion vulnerability in owimg.php3 in See-Commerce ...)
        NOT-FOR-US: See-Commerce
CVE-2006-4120 (Cross-site scripting (XSS) vulnerability in the Recipe module ...)
        NOT-FOR-US: Recipe module (recipe.module) for Drupal
CVE-2006-4119 (SQL injection vulnerability in gc.php in GeheimChaos 0.5 and earlier ...)
        NOT-FOR-US: GeheimChaos
CVE-2006-4118 (Multiple SQL injection vulnerabilities in GeheimChaos 0.5 and earlier ...)
        NOT-FOR-US: GeheimChaos
CVE-2006-4117 (The squeue_drain function in Sun Solaris 10, possibly only when run on ...)
        NOT-FOR-US: Solaris
CVE-2006-4116 (Multiple stack-based buffer overflows in Lhaz before 1.32 allow ...)
        NOT-FOR-US: Lhaz
CVE-2006-4115 (PHP remote file inclusion vulnerability in common.inc.php in PgMarket ...)
        NOT-FOR-US: PgMarket
CVE-2006-4114 (SQL injection vulnerability in view_com.php in Nicolas Grandjean ...)
        NOT-FOR-US: PHPMyRing
CVE-2006-4113 (PHP remote file inclusion vulnerability in genpage-cgi.php in Brian ...)
        NOT-FOR-US: hitweb
CVE-2006-4112 (Unspecified vulnerability in the &quot;dependency resolution mechanism&quot; in ...)
        - rails 1.1.6-1 (bug #382255; medium)
CVE-2006-4111 (Ruby on Rails before 1.1.5 allows remote attackers to execute Ruby ...)
        - rails 1.1.5-1 (bug #382255; medium)
CVE-2006-4110 (Apache 2.2.2, when running on Windows, allows remote attackers to read ...)
        - apache2 <not-affected> (Affects Apache on Windows only)
CVE-2006-4109 (Cross-site scripting (XSS) vulnerability in Bibliography ...)
        NOT-FOR-US: Bibliography (biblio.module) for Drupal
CVE-2006-4108 (SQL injection vulnerability in Bibliography (biblio.module) 4.6 before ...)
        NOT-FOR-US: Bibliography (biblio.module) for Drupal
CVE-2006-4107 (SQL injection vulnerability in the Job Search module (job.module) 4.6 ...)
        NOT-FOR-US: Job Search module (job.module) for Drupal
CVE-2006-4106 (Cross-site scripting (XSS) vulnerability in blursoft blur6ex 0.3 ...)
        NOT-FOR-US: blur6ex
CVE-2006-4105 (Cross-site scripting (XSS) vulnerability in Fill Threads Database ...)
        NOT-FOR-US: Fill Threads Database
CVE-2006-4104 (Cross-site scripting (XSS) vulnerability in admin.cgi in ...)
        NOT-FOR-US: mojoGallery
CVE-2006-4103 (PHP remote file inclusion vulnerability in article-raw.php in Jason ...)
        NOT-FOR-US: phNNTP
CVE-2006-4102 (PHP remote file inclusion vulnerability in tpl.inc.php in Falko Timme ...)
        NOT-FOR-US: SQLiteWebAdmin
CVE-2006-4101
        RESERVED
CVE-2006-4100
        RESERVED
CVE-2006-4099
        RESERVED
CVE-2006-4098
        RESERVED
CVE-2006-4097
        RESERVED
CVE-2006-4096 (BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers to ...)
        - bind <unfixed> (medium)
        - bind9 1:9.3.2-P1-1 (medium; bug #386245)
        NOTE: there is no info whether bind 8 is affected
CVE-2006-4095 (BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers ...)
        - bind <unfixed> (medium)
        - bind9 1:9.3.2-P1-1 (medium; bug #386245)
        NOTE: there is no info whether bind 8 is affected
CVE-2006-4094
        RESERVED
CVE-2006-4093 (Linux kernel 2.x.6 before 2.6.17.9 and 2.4.x before 2.4.33.1 on ...)
        - linux-2.6 2.6.17-7
        - linux-2.6.16 <unfixed>
CVE-2006-4092 (Simpliciti Locked Browser does not properly limit a user's actions to ...)
        NOT-FOR-US: Simpliciti Locked Browser
CVE-2006-4091 (Multiple cross-site scripting (XSS) vulnerabilities in Archangel ...)
        NOT-FOR-US: Archangel Weblog 
CVE-2006-4090 (Cross-site scripting (XSS) vulnerability in Webligo BlogHoster 2.2 ...)
        NOT-FOR-US: Webligo BlogHoster
CVE-2006-4089 (Multiple buffer overflows in Andy Lo-A-Foe AlsaPlayer 0.99.76 and ...)
        - alsaplayer <unfixed> (medium; bug #382842)
CVE-2006-4088 (Multiple cross-site scripting (XSS) vulnerabilities in CivicSpace ...)
        NOT-FOR-US: CivicSpace
CVE-2006-4087 (Cross-site scripting (XSS) vulnerability in admin.cgi in ...)
        NOT-FOR-US: mojoGallery
CVE-2006-4086 (Cross-site scripting (XSS) vulnerability in index.php in Elaine Aquino ...)
        NOT-FOR-US: Online Zone Journals (OZJournals)
CVE-2006-4085 (PHP remote file inclusion vulnerability in Olaf Noehring The Search ...)
        NOT-FOR-US: The Search Engine Project (TSEP)
CVE-2006-4084 (Unspecified vulnerability in phpAutoMembersArea (phpAMA) before 3.2.4 ...)
        NOT-FOR-US: phpAutoMembersArea (phpAMA)
CVE-2006-4083 (PHP remote file inclusion vulnerability in viewevent.php in myWebland ...)
        NOT-FOR-US: myEvent
CVE-2006-4082 (Barracuda Spam Firewall (BSF), possibly 3.3.03.053, contains a ...)
        NOT-FOR-US: Barracuda Spam Firewall
CVE-2006-4081 (preview_email.cgi in Barracuda Spam Firewall (BSF) 3.3.01.001 through ...)
        NOT-FOR-US: Barracuda Spam Firewall
CVE-2006-4080 (DeluxeBB 1.08, and possibly earlier, uses cookies that include the MD5 ...)
        NOT-FOR-US: DeluxeBB
CVE-2006-4079 (Cross-site scripting (XSS) vulnerability in newpost.php in DeluxeBB ...)
        NOT-FOR-US: DeluxeBB
CVE-2006-4078 (pm.php (aka the PM system) in DeluxeBB 1.08, and possibly earlier, ...)
        NOT-FOR-US: DeluxeBB
CVE-2006-4077 (PHP remote file inclusion vulnerability in CheckUpload.php in Vincenzo ...)
        NOT-FOR-US: Comet WebFileManager
CVE-2006-4076 (Multiple PHP remote file inclusion vulnerabilities in Wim Fleischhauer ...)
        NOT-FOR-US: docpile: wim's edition
CVE-2006-4075 (Multiple PHP remote file inclusion vulnerabilities in Wim Fleischhauer ...)
        NOT-FOR-US: docpile: wim's edition
CVE-2006-4074 (PHP remote file inclusion vulnerability in lib/tpl/default/main.php in ...)
        NOT-FOR-US: JD-Wiki Component (com_jd-wiki) for Joomla!
CVE-2006-4073 (Multiple PHP remote file inclusion vulnerabilities in Fabian Hainz ...)
        NOT-FOR-US: phpCC
CVE-2006-4072 (Multiple SQL injection vulnerabilities in Club-Nuke [XP] 2.0 LCID 2048 ...)
        NOT-FOR-US: Club-Nuke [XP]
CVE-2006-4144 (Integer overflow in the ReadSGIImage function in sgi.c in ImageMagick ...)
        - imagemagick <unfixed> (medium; bug #383314)
        - graphicsmagick 1.1.7-7 (medium; bug #383333)
CVE-2006-XXXX [crash in the certificate verification logic]
        NOTE: GNUTLS-SA-2006-2
        - gnutls11 <unfixed> (low)
        - gnutls12 1.2.11-3 (low)
        - gnutls13 1.4.2-1 (low)
CVE-2006-4071 (Sign extension vulnerability in the createBrushIndirect function in ...)
        NOT-FOR-US: Microsoft
CVE-2006-4070 (Format string vulnerability in Imendio Planner 0.13 allows ...)
        NOT-FOR-US: Imendio Planner
CVE-2006-4069 (Multiple cross-site scripting (XSS) vulnerabilities in Elaine Aquino ...)
        NOT-FOR-US: Online Zone Journals (OZJournals)
CVE-2006-4068 (The pswd.js script relies on the client to calculate whether a ...)
        NOT-FOR-US: pswd.js
CVE-2006-4067 (Cross-site scripting (XSS) vulnerability in cake/libs/error.php in ...)
        NOT-FOR-US: CakePHP
CVE-2006-4066 (The Graphical Device Interface Plus library (gdiplus.dll) in Microsoft ...)
        NOT-FOR-US: Microsoft
CVE-2006-4065 (Multiple PHP remote file inclusion vulnerabilities in Dmitry Sheiko ...)
        NOT-FOR-US: SAPID Gallery
CVE-2006-4064 (SQL injection vulnerability in default.asp in YenerTurk Haber Script ...)
        NOT-FOR-US: YenerTurk Haber Script
CVE-2006-4063 (Multiple PHP remote file inclusion vulnerabilities in Csaba Godor ...)
        NOT-FOR-US: SAPID Blog
CVE-2006-4062 (PHP remote file inclusion vulnerability in ...)
        NOT-FOR-US: SAPID Shop 
CVE-2006-4061 (PHP remote file inclusion vulnerability in index.php in Thomas Pequet ...)
        NOT-FOR-US: phpPrintAnalyzer
CVE-2006-4060 (PHP remote file inclusion vulnerability in calendar.php in Visual ...)
        NOT-FOR-US: Visual Events Calendar
CVE-2006-4059 (Multiple PHP remote file inclusion vulnerabilities in USOLVED ...)
        NOT-FOR-US: USOLVED NEWSolved Lite
CVE-2006-4058 (Cross-site scripting (XSS) vulnerability in archive.php in Simplog ...)
        NOT-FOR-US: Simplog
CVE-2006-4057 (Buffer overflow in the preview_create function in gui.cpp in Mitch ...)
        NOT-FOR-US: Eremove
CVE-2006-4056 (Multiple SQL injection vulnerabilities in the authentication process ...)
        NOT-FOR-US: katzlbt The Address Book
CVE-2006-4055 (Multiple PHP remote file inclusion vulnerabilities in Olaf Noehring ...)
        NOT-FOR-US: The Search Engine Project (TSEP)
CVE-2006-4054 (Multiple PHP remote file inclusion vulnerabilities in ME Download ...)
        NOT-FOR-US: ME Download System
CVE-2006-4053 (PHP remote file inclusion vulnerability in templates/header.php in ME ...)
        NOT-FOR-US: ME Download System
CVE-2006-4052 (Multiple PHP remote file inclusion vulnerabilities in Turnkey Web ...)
        NOT-FOR-US: Turnkey Web Tools PHP Simple Shop
CVE-2006-4051 (PHP remote file inclusion vulnerability in global.php in Turnkey Web ...)
        NOT-FOR-US: Turnkey Web Tools PHP Live Helper
CVE-2006-4050 (PHP remote file inclusion vulnerability in auto_check_renewals.php in ...)
        NOT-FOR-US: phpAutoMembersArea (phpAMA)
CVE-2006-4049 (Unspecified vulnerability in the utxconfig utility in Sun Ray Server ...)
        NOT-FOR-US: Sun
CVE-2006-4048 (Netious CMS 0.4 initializes session IDs based on the client IP ...)
        NOT-FOR-US: Netious CMS
CVE-2006-4047 (SQL injection vulnerability in index.php in Netious CMS 0.4 and ...)
        NOT-FOR-US: Netious CMS
CVE-2006-4045 (PHP remote file inclusion vulnerability in news.php in Torbstoff News ...)
        NOT-FOR-US: Torbstoff News
CVE-2006-4044 (PHP remote file inclusion vulnerability in Beautifier/Core.php in Brad ...)
        NOT-FOR-US: phpCodeCabinet
CVE-2006-4043 (index.php in myWebland myBloggie 2.1.4 and earlier allows remote ...)
        NOT-FOR-US: myWebland myBloggie
CVE-2006-4042 (Multiple SQL injection vulnerabilities in trackback.php in myWebland ...)
        NOT-FOR-US: myWebland myBloggie
CVE-2006-4041 (SQL injection vulnerability in Pike before 7.6.86, when using a ...)
        - pike7.6 7.6.86-1
        [sarge] - pike7.2 <unfixed> (bug #382607)
CVE-2006-4040 (PHP remote file inclusion vulnerability in myevent.php in myWebland ...)
        NOT-FOR-US: myWebland myEvent
CVE-2006-4039 (Multiple SQL injection vulnerabilities in eintragen.php in GaesteChaos ...)
        NOT-FOR-US: GaesteChaos
CVE-2006-4038 (Multiple cross-site scripting (XSS) vulnerabilities in eintragen.php ...)
        NOT-FOR-US: GaesteChaos
CVE-2006-4037 (Unspecified vulnerability in Fenestrae Faxination Server allows remote ...)
        NOT-FOR-US: Fenestrae Faxination Server
CVE-2006-4036 (PHP remote file inclusion vulnerability in ...)
        NOT-FOR-US: ZoneX Publishers
CVE-2006-4035 (SQL injection vulnerability in counterchaos.php in CounterChaos 0.48c ...)
        NOT-FOR-US: CounterChaos
CVE-2006-4034 (PHP remote file inclusion vulnerability in include/html/config.php in ...)
        NOT-FOR-US: ModernGigabyte ModernBill
CVE-2006-4033 (Heap-based buffer overflow in Lhaplus.exe in Lhaplus 1.52, and ...)
        NOT-FOR-US: Lhaplus
CVE-2006-4032 (Unspecified vulnerability in Cisco IOS CallManager Express (CME) ...)
        NOT-FOR-US: Cisco
CVE-2006-4031 (MySQL 4.1 before 4.1.21 and 5.0 before 5.0.24 allows a local user to ...)
        - mysql-dfsg-5.0 5.0.24-1 (bug #382415; low)
        - mysql-dfsg <removed> (bug #380271; low)
        [sarge] - mysql-dfsg-4.1 <no-dsa> (Now documented design error, no real fix feasible)
        [sarge] - mysql-dfsg <no-dsa> (Now documented design error, no real fix feasible)
CVE-2006-4030 (Unspecified vulnerability in the stats module in Gallery 1.5.1-RC2 and ...)
        {DSA-1148-1}
        - gallery 1.5.3-1
        TODO: check gallery2
CVE-2006-4029 (Stack-based buffer overflow in sipd.dll in AGEphone 1.24 and 1.38.1 ...)
        NOT-FOR-US: AGEphone
CVE-2006-4028 (Multiple unspecified vulnerabilities in WordPress before 2.0.4 have ...)
        - wordpress 2.0.4-1
CVE-2006-4027
        RESERVED
CVE-2006-XXXX [realtime-lsm-source: wrong permissions might lead to local root]
        - realtime-lsm 0.8.7-2 (bug #382161; low)
        [sarge] - realtime-lsm <not-affected>
        NOTE: only to user 1017 or group 1001 and only while root is building the module
CVE-2006-4026 (PHP remote file inclusion vulnerability in SAPID CMS 123 rc3 allows ...)
        NOT-FOR-US: SAPID CMS
CVE-2006-4025 (SQL injection vulnerability in profile.php in XennoBB 2.1.0 and ...)
        NOT-FOR-US: XennoBB
CVE-2006-4024 (The FESTAHES_Load function in pce/hes.c in Festalon 0.5.0 through ...)
        - festalon <not-affected> (vuln. code introduced in 0.5.0)
CVE-2006-4023 (The ip2long function in PHP 5.1.4 and earlier may incorrectly validate ...)
        - php5 <unfixed> (unimportant; bug #382257)
        - php4 <unfixed> (unimportant; bug #382270)
        NOTE: Not every lack of protection of programmer's flaws is a vulnerability
        NOTE: See notes by Sean for details
        NOTE: > the entry states that this is more likely a bug in any
        NOTE: > applications not performing further validation/sanitizing,
        NOTE: > and i tend to agree based on the php.net documentation, which
        NOTE: > states: "ip2long() should not be used as the sole form of IP
        NOTE: > validation. Combine it with long2ip()".
CVE-2006-4022 (Intel 2100 PRO/Wireless Network Connection driver PROSet before ...)
        NOT-FOR-US: Intel Windows driver
CVE-2006-4021 (The cryptographic module in ScatterChat 1.0.x allows attackers to ...)
        NOT-FOR-US: ScatterChat
CVE-2006-4020 (scanf.c in PHP 5.1.4 and earlier, and 4.4.3 and earlier, allows ...)
        - php5 5.1.6-1 (medium; bug #382256)
        - php4 4:4.4.4-1 (medium; bug #382261)
CVE-2006-4019 (Dynamic variable evaluation vulnerability in compose.php in ...)
        {DSA-1154}
        - squirrelmail 2:1.4.8-1
CVE-2006-4018 (Heap-based buffer overflow in the pefromupx function in ...)
        {DSA-1153}
        - clamav 0.88.4-1 (high; bug #382004; bug #382007)
CVE-2006-4017 (Cross-site scripting (XSS) vulnerability in the search module in Inter ...)
        NOT-FOR-US: Inter Network Marketing (INM) CMS G3
CVE-2006-4016 (Cross-site scripting (XSS) vulnerability in /toendaCMS in toendaCMS ...)
        NOT-FOR-US: toendaCMS
CVE-2006-4015 (Hewlett-Packard (HP) ProCurve 3500yl, 6200yl, and 5400zl switches with ...)
        NOT-FOR-US: Hewlett-Packard
CVE-2006-4014 (Symantec Brightmail AntiSpam (SBAS) before 6.0.4, when the Control ...)
        NOT-FOR-US: Symantec
CVE-2006-4013 (Multiple directory traversal vulnerabilities in Symantec Brightmail ...)
        NOT-FOR-US: Symantec
CVE-2006-4012 (Multiple PHP remote file inclusion vulnerabilities in circeOS SaveWeb ...)
        NOT-FOR-US: circeOS SaveWeb
CVE-2006-4011 (PHP remote file inclusion vulnerability in ...)
        NOT-FOR-US: Kayako eSupport
CVE-2006-4010 (SQL injection vulnerability in war.php in Virtual War (Vwar) 1.5.0 and ...)
        NOT-FOR-US: Virtual War
CVE-2006-4009 (Cross-site scripting (XSS) vulnerability in war.php in Virtual War ...)
        NOT-FOR-US: Virtual War
CVE-2006-4008 (PHP remote file inclusion vulnerability in index.php in Knusperleicht ...)
        NOT-FOR-US: Knusperleicht Guestbook
CVE-2006-4007 (PHP remote file inclusion vulnerability in index.php in Knusperleicht ...)
        NOT-FOR-US: Knusperleicht Faq
CVE-2006-4006 (The do_gameinfo functionin BomberClone 0.11.6 and earlier, and ...)
        - bomberclone 0.11.7-1 (bug #382082; medium)
CVE-2006-4005 (BomberClone 0.11.6 and earlier allows remote attackers to cause a ...)
        - bomberclone 0.11.7-1 (bug #382082; medium)
CVE-2006-4004 (Directory traversal vulnerability in index.php in vbPortal 3.0.2 ...)
        NOT-FOR-US: vbPortal
CVE-2006-4003 (The config method in Henrik Storner Hobbit monitor before 4.1.2p2 ...)
        NOT-FOR-US: Henrik Storner Hobbit monitor
CVE-2006-4002 (Cross-site scripting (XSS) vulnerability in user.module in Drupal 4.6 ...)
        {DSA-1147-1}
        - drupal 4.5.8-2 (bug #382087; medium)
CVE-2006-4001 (Login.pm in Barracuda Spam Firewall (BSF) 3.3.01.001 through ...)
        NOT-FOR-US: Barracuda Spam Firewall
CVE-2006-4000 (Directory traversal vulnerability in cgi-bin/preview_email.cgi in ...)
        NOT-FOR-US: Barracuda Spam Firewall
CVE-2006-3999 (ISS BlackICE PC Protection 3.6.cpj, 3.6.cpiE, and possibly earlier ...)
        NOT-FOR-US: ISS BlackICE
CVE-2006-3998 (PHP remote file inclusion vulnerability in conf.php in WoWRoster (aka ...)
        NOT-FOR-US: WoWRoster
CVE-2006-3997 (PHP remote file inclusion vulnerability in hsList.php in WoWRoster ...)
        NOT-FOR-US: WoWRoster
CVE-2006-3996 (SQL injection vulnerability in links/index.php in ATutor 1.5.3.1 and ...)
        NOT-FOR-US: ATutor
CVE-2006-3995 (Multiple PHP remote file inclusion vulnerabilities in (1) ...)
        NOT-FOR-US:  UHP (User Home Pages) 0.5 component (aka com_uhp) for Mambo
CVE-2006-3994 (SQL injection vulnerability in the u2u_send_recp function in ...)
        NOT-FOR-US: XMB (aka extreme message board)
CVE-2006-3993 (PHP remote file inclusion vulnerability in copyright.php in Olaf ...)
        NOT-FOR-US: The Search Engine Project
CVE-2006-3992 (Unspecified vulnerability in the Centrino (1) w22n50.sys, (2) ...)
        NOT-FOR-US: Intel
CVE-2006-3991 (PHP remote file inclusion vulnerability in index.php in Vlad Vostrykh ...)
        NOT-FOR-US: Voodoo chat
CVE-2006-3990 (Multiple PHP remote file inclusion vulnerabilities in Paul M. Jones ...)
        - egroupware <unfixed> (bug #382207; medium)
CVE-2006-3989 (PHP remote file inclusion vulnerability in index.php in Knusperleicht ...)
        NOT-FOR-US: Knusperleicht
CVE-2006-3988 (PHP remote file inclusion vulnerability in index.php in Knusperleicht ...)
        NOT-FOR-US: Knusperleicht
CVE-2006-3987 (Multiple PHP remote file inclusion vulnerabilities in index.php in ...)
        NOT-FOR-US: Knusperleicht
CVE-2006-3986 (PHP remote file inclusion vulnerability in index.php in Knusperleicht ...)
        NOT-FOR-US: Knusperleicht
CVE-2006-3985 (Stack-based buffer overflow in DZIPS32.DLL 6.0.0.4 in ConeXware ...)
        NOT-FOR-US: ConeXware
CVE-2006-3984 (PHP remote file inclusion vulnerability in phpAdsNew/view.inc.php in ...)
        NOT-FOR-US: Phpauction
CVE-2006-3983 (PHP remote file inclusion vulnerability in editprofile.php in ...)
        NOT-FOR-US: php(Reactor) 
CVE-2006-3982 (PHP remote file inclusion vulnerability in quickie.php in ...)
        NOT-FOR-US: Knusperleicht
CVE-2006-3981 (PHP remote file inclusion vulnerability in about.mgm.php in Mambo ...)
        NOT-FOR-US: Mambo Gallery Manager for Mambo
CVE-2006-3980 (PHP remote file inclusion vulnerability in ...)
        NOT-FOR-US: Mambo Gallery Manager for Mambo
CVE-2006-3979 (The AdminAPI of ColdFusion MX 7 allows attackers to bypass ...)
        NOT-FOR-US: ColdFusion MX
CVE-2006-3978
        RESERVED
CVE-2006-3977 (Unspecified vulnerability in CA eTrust Antivirus WebScan before ...)
        NOT-FOR-US: CA eTrust Antivirus WebScan
CVE-2006-3976 (Unspecified vulnerability in CA eTrust Antivirus WebScan before ...)
        NOT-FOR-US: CA eTrust Antivirus WebScan
CVE-2006-3975 (Unspecified vulnerability in CA eTrust Antivirus WebScan allows remote ...)
        NOT-FOR-US: CA eTrust Antivirus WebScan
CVE-2006-3974
        RESERVED
CVE-2006-3973
        RESERVED
CVE-2006-3972 (Directory traversal vulnerability in ...)
        NOT-FOR-US: Ajax Chat
CVE-2006-3971 (Cross-site scripting (XSS) vulnerability in ...)
        NOT-FOR-US: Ajax Chat
CVE-2006-XXXX [unspecified security issues in steam]
        - steam 2.2.16-1
CVE-2006-XXXX [Buffer overflow in XML::Parser::Expat triggered by utf8]
        - libxml-parser-perl <unfixed> (bug #378411; high)
CVE-2006-XXXX [Buffer overflow in XML::Parser::Expat triggered by deep nesting]
        - libxml-parser-perl 2.34-4.1 (bug #378412; high)
CVE-2006-3970 (PHP remote file inclusion vulnerability in lmo.php in the LMO ...)
        NOT-FOR-US: LMO for joomla
CVE-2006-3969 (PHP remote file inclusion vulnerability in ...)
        NOT-FOR-US: Colophon for joomla
CVE-2006-3968 (The crypto provider in Sun Solaris 10 3/05 HW2 without patch ...)
        NOT-FOR-US: Solaris
CVE-2006-3967 (PHP remote file inclusion vulnerability in ...)
        NOT-FOR-US: moskool
CVE-2006-3966 (PHP remote file inclusion vulnerability in ...)
        NOT-FOR-US: MyNewsGroups
CVE-2006-3965 (Banex PHP MySQL Banner Exchange 2.21 stores lib.inc under the web ...)
        NOT-FOR-US: Banex PHP MySQL Banner Exchange
CVE-2006-3964 (PHP remote file inclusion vulnerability in members.php in Banex PHP ...)
        NOT-FOR-US: Banex PHP MySQL Banner Exchange
CVE-2006-3963 (Multiple SQL injection vulnerabilities in Banex PHP MySQL Banner ...)
        NOT-FOR-US: Banex PHP MySQL Banner Exchange
CVE-2006-3962 (PHP remote file inclusion vulnerability in ...)
        NOT-FOR-US: com_bayesiannaivefilter for mambo
CVE-2006-3961 (Buffer overflow in McSubMgr ActiveX control (mcsubmgr.dll) in McAfee ...)
        NOT-FOR-US: McAfee
CVE-2006-3960 (SQL injection vulnerability in top.php in X-Scripts X-Poll, probably ...)
        NOT-FOR-US: X-Scripts X-Poll
CVE-2006-3959 (SQL injection vulnerability in protect.php in X-Scripts X-Protection ...)
        NOT-FOR-US: X-Scripts X-Protection
CVE-2006-3958 (Multiple unspecified cross-site scripting (XSS) vulnerabilities in ...)
        NOT-FOR-US: Taskjitsu
CVE-2006-3957 (PHP remote file inclusion vulnerability in payment.php in BosDev ...)
        NOT-FOR-US: BosDates
CVE-2006-3956 (Multiple cross-site scripting (XSS) vulnerabilities in contact.php in ...)
        NOT-FOR-US: Advanced Webhost Billing System
CVE-2006-3955 (Multiple PHP remote file inclusion vulnerabilities in MiniBB Forum ...)
        NOT-FOR-US: MiniBB Forum
CVE-2006-3954 (Directory traversal vulnerability in usercp.php in MyBB (aka ...)
        NOT-FOR-US: mybb
CVE-2006-3953 (Cross-site scripting (XSS) vulnerability in usercp.php in MyBB (aka ...)
        NOT-FOR-US: mybb
CVE-2006-3952 (Stack-based buffer overflow in EFS Software Easy File Sharing FTP ...)
        NOT-FOR-US: EFS Software Easy File Sharing FTP
CVE-2006-3951 (PHP remote file inclusion vulnerability in moodle.php in Mam-moodle ...)
        NOT-FOR-US: Mam-moodle alpha component (com_moodle) for Mambo
CVE-2006-3950 (SQL injection vulnerability in x-statistics.php in X-Scripts ...)
        NOT-FOR-US: X-Statistics
CVE-2006-3949 (PHP remote file inclusion vulnerability in artlinks.dispnew.php in the ...)
        NOT-FOR-US: com_artlinks for Mambo
CVE-2006-3948 (Cross-site scripting (XSS) vulnerability in modules.php in PHP-Nuke ...)
        NOT-FOR-US: php-nuke
CVE-2006-3947 (PHP remote file inclusion vulnerability in ...)
        NOT-FOR-US: Mambatstaff
CVE-2006-3946 (The KHTMLParser::popOneBlock function in Apple Safari 2.0.4 on Mac OS ...)
        NOT-FOR-US: Apple Safari 2.0.4
        NOTE: konqueror 3.5.x is not affected
        NOTE: PoC http://browserfun.blogspot.com/2006/07/mobb-31-safari-khtmlparserpoponeblock.html
        TODO: check sarge's konqueror (sf: pinged maintainers)
CVE-2006-3945 (The CSS functionality in Opera 9 on Windows XP SP2 allows remote ...)
        NOT-FOR-US: Opera
CVE-2006-3944 (Microsoft Internet Explorer 6 on Windows XP SP2 allows remote ...)
        NOT-FOR-US: Microsoft
CVE-2006-3943 (Stack-based buffer overflow in NDFXArtEffects in Microsoft Internet ...)
        NOT-FOR-US: Microsoft
CVE-2006-3942 (The server driver (srv.sys) in Microsoft Windows 2000 SP4, Server 2003 ...)
        NOT-FOR-US: Microsoft
CVE-2006-3941 (Unspecified vulnerability in the daemons for Sun N1 Grid Engine 5.3 ...)
        NOT-FOR-US: N1 Grid Engine 
CVE-2006-3940 (Multiple SQL injection vulnerabilities in phpbb-Auction allow remote ...)
        NOT-FOR-US: phpbb-Auction
CVE-2006-3939 (ScriptsCenter ezUpload Pro 2.2.0 allows remote attackers to perform ...)
        NOT-FOR-US: ScriptsCenter ezUpload Pro
CVE-2006-3938 (DotClear allows remote attackers to obtain sensitive information via a ...)
        NOT-FOR-US: DotClear
CVE-2006-3937 (post.php in x_atrix xGuestBook 1.02 allows remote attackers to obtain ...)
        NOT-FOR-US: x_atrix xGuestBook
CVE-2006-3936 (system/workplace/editors/editor.jsp in Alkacon OpenCms before 6.2.2 ...)
        NOT-FOR-US: Alkacon OpenCms
CVE-2006-3935 (system/workplace/views/admin/admin-main.jsp in Alkacon OpenCms before ...)
        NOT-FOR-US: Alkacon OpenCms
CVE-2006-3934 (Absolute path traversal vulnerability in downloadTrigger.jsp in ...)
        NOT-FOR-US: Alkacon OpenCms
CVE-2006-3933 (Cross-site scripting (XSS) vulnerability in Alkacon OpenCms before ...)
        NOT-FOR-US: OpenCms
CVE-2006-3932 (SQL injection vulnerability in links.php in Gonafish LinksCaffe 3.0 ...)
        NOT-FOR-US: LinksCaffe
CVE-2006-3931 (Buffer overflow in the daemon function in midirecord.cc in Tuomas ...)
        NOT-FOR-US: Midirecord
CVE-2006-3930 (PHP remote file inclusion vulnerability in admin.a6mambohelpdesk.php ...)
        NOT-FOR-US: a6mambohelpdesk Mambo Component 18RC1
CVE-2006-3929 (Cross-site scripting (XSS) vulnerability in the Forms/rpSysAdmin ...)
        NOT-FOR-US: Zyxel
CVE-2006-3928 (PHP remote file inclusion vulnerability in index.php in WMNews 0.2a ...)
        NOT-FOR-US: WMNews
CVE-2006-3927 (Cross-site scripting (XSS) vulnerability in auctionsearch.php in ...)
        NOT-FOR-US: PhpProBid
CVE-2006-3926 (Multiple SQL injection vulnerabilities in PhpProBid 5.24 allow remote ...)
        NOT-FOR-US: PhpProBid
CVE-2006-3925 (Stack-based buffer overflow in ITIRecorder.MicRecorder ActiveX control ...)
        NOT-FOR-US: ITIRecorder.MicRecorder ActiveX control
CVE-2006-3924 (Multiple cross-site scripting (XSS) vulnerabilities in Dokeos before ...)
        NOT-FOR-US: Dokeos
CVE-2006-3923 (Cross-site scripting (XSS) vulnerability in add.php in Fire-Mouse ...)
        NOT-FOR-US: Fire-Mouse Toplist
CVE-2006-3922 (PHP remote file inclusion vulnerability in mod_membre/inscription.php ...)
        NOT-FOR-US: PortailPHP
CVE-2006-3921 (Sun Java System Application Server (SJSAS) 7 through 8.1 and Web ...)
        NOT-FOR-US: Sun Java System Application Server
CVE-2006-3920 (The TCP implementation in Sun Solaris 8, 9, and 10 before 20060726 ...)
        NOT-FOR-US: Sun Solaris
CVE-2006-3919 (SQL injection vulnerability in index.php in SD Studio CMS allows ...)
        NOT-FOR-US: SD Studio CMS
CVE-2006-3918 (http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 ...)
        {DSA-1167-1}
        - apache2 2.0.55-4.1 (bug #381376; medium)
        - apache 1.3.34-3 (bug #381381; medium)
CVE-2006-3917 (PHP remote file inclusion vulnerability in inc/gabarits.php in R. ...)
        NOT-FOR-US: PHP Forge
CVE-2006-3916 (Cross-site scripting (XSS) vulnerability in snews.php in sNews (aka ...)
        NOT-FOR-US: Solucija News
CVE-2006-3915 (Microsoft Internet Explorer 6 on Windows XP SP2 allows remote ...)
        NOT-FOR-US: Microsoft
CVE-2006-3914 (Cross-site scripting (XSS) vulnerability in Blackboard Academic Suite ...)
        NOT-FOR-US: Academic Suite
CVE-2006-3913 (Buffer overflow in Freeciv 2.1.0-beta1 and earlier, and SVN 15 Jul ...)
        {DSA-1142-1}
        - freeciv 2.0.8-3 (bug #381378; medium)
CVE-2006-3912 (Stack-based buffer overflow in the SFX module in WinRAR before 3.60 ...)
        NOT-FOR-US: WinRAR
CVE-2006-3911 (PHP remote file inclusion vulnerability in OSI Codes PHP Live! 3.2.1 ...)
        NOT-FOR-US: PHP Live
CVE-2006-3910 (Internet Explorer 6 on Windows XP SP2, when Outlook is installed, ...)
        NOT-FOR-US: Microsoft
CVE-2006-3909 (Cross-site scripting (XSS) vulnerability in calendar.php in WWWthreads ...)
        NOT-FOR-US: WWWthreads
CVE-2006-3908 (Format string vulnerability in the flush_output function in ...)
        NOT-FOR-US: Game Network Engine (GNE)
CVE-2006-3907 (Siemens SpeedStream 2624 allows remote attackers to cause a denial of ...)
        NOT-FOR-US: Siemens
CVE-2006-3906 (Internet Key Exchange (IKE) version 1 protocol, as implemented on ...)
        NOT-FOR-US: Cisco
CVE-2006-3905 (SQL injection vulnerability in Webland MyBloggie 2.1.3 allows remote ...)
        NOT-FOR-US: Webland MyBloggie
CVE-2006-3904 (SQL injection vulnerability in manager/index.php in Etomite CMS 0.6.1 ...)
        NOT-FOR-US: Etomite CMS
CVE-2006-3903 (CRLF injection vulnerability in (1) index.php and (2) admin.php in ...)
        NOT-FOR-US: Webland MyBloggie
CVE-2006-3902 (Cross-site scripting (XSS) vulnerability in index.php in phpFaber ...)
        NOT-FOR-US: phpFaber TopSites
CVE-2006-3901 (Multiple stack-based buffer overflows in Tumbleweed Email Firewall ...)
        NOT-FOR-US: Tumbleweed Email Firewall
CVE-2006-3900 (Cross-site scripting (XSS) vulnerability in guestbook.php in TP-Book ...)
        NOT-FOR-US: TP-Book
CVE-2006-3899 (Microsoft Internet Explorer 6.0 on Windows XP SP2 allows remote ...)
        NOT-FOR-US: Microsoft
CVE-2006-3898 (Microsoft Internet Explorer 6.0 on Windows XP SP2 allows remote ...)
        NOT-FOR-US: Microsoft
CVE-2006-3897 (Stack overflow in Microsoft Internet Explorer 6 on Windows 2000 allows ...)
        NOT-FOR-US: Microsoft
CVE-2006-3896
        RESERVED
CVE-2006-3895
        RESERVED
CVE-2006-3894
        RESERVED
CVE-2006-3893
        RESERVED
CVE-2006-3892
        RESERVED
CVE-2006-3891
        RESERVED
CVE-2006-3890
        RESERVED
CVE-2006-3889
        RESERVED
CVE-2006-3888
        RESERVED
CVE-2006-3887
        RESERVED
CVE-2006-3886 (SQL injection vulnerability in Shalwan MusicBox 2.3.4 and earlier ...)
        NOT-FOR-US: Shalwan MusicBox
CVE-2006-3885 (Directory traversal vulnerability in Check Point Firewall-1 R55W ...)
        NOT-FOR-US: Check Point Firewall-1
CVE-2006-3884 (Multiple SQL injection vulnerabilities in links.php in Gonafish ...)
        NOT-FOR-US: Gonafish LinksCaffe
CVE-2006-3883 (Multiple cross-site scripting (XSS) vulnerabilities in Gonafish ...)
        NOT-FOR-US: Gonafish LinksCaffe
CVE-2006-3882 (Shalwan MusicBox 2.3.4 and earlier allows remote attackers to obtain ...)
        NOT-FOR-US: Shalwan MusicBox
CVE-2006-3881 (Cross-site scripting (XSS) vulnerability in Shalwan MusicBox 2.3.4 and ...)
        NOT-FOR-US: Shalwan MusicBox
CVE-2006-3880 (** DISPUTED ** ...)
        NOT-FOR-US: Zen Cart
CVE-2006-3879 (Integer overflow in the loadChunk function in loaders/load_gt2.c in ...)
        - libmikmod2 <unfixed> (bug #381379)
CVE-2006-3878 (Opsware Network Automation System (NAS) 6.0 installs /etc/init.d/mysql ...)
        NOT-FOR-US: Opsware Network Automation System
CVE-2006-3877
        RESERVED
CVE-2006-3876
        RESERVED
CVE-2006-3875
        RESERVED
CVE-2006-3874
        RESERVED
CVE-2006-3873
        RESERVED
CVE-2006-3872
        RESERVED
CVE-2006-3871
        RESERVED
CVE-2006-3870
        RESERVED
CVE-2006-3869 (Heap-based buffer overflow in URLMON.DLL in Microsoft Internet ...)
        NOT-FOR-US: Microsoft
CVE-2006-3868
        RESERVED
CVE-2006-3867
        RESERVED
CVE-2006-3866
        RESERVED
CVE-2006-3865
        RESERVED
CVE-2006-3864
        RESERVED
CVE-2006-3863
        RESERVED
CVE-2006-3862 (Buffer overflow in IBM Informix Dynamic Server (IDS) 9.40.TC5 through ...)
        NOT-FOR-US: IBM Informix Dynamic Server
CVE-2006-3861 (IBM Informix Dynamic Server (IDS) before 9.40.xC7 and 10.00 before ...)
        NOT-FOR-US: IBM Informix Dynamic Server
CVE-2006-3860 (IBM Informix Dynamic Server (IDS) before 9.40.xC7 and 10.00 before ...)
        NOT-FOR-US: IBM Informix Dynamic Server
CVE-2006-3859 (IBM Informix Dynamic Server (IDS) allows remote authenticated users to ...)
        NOT-FOR-US: IBM Informix Dynamic Server
CVE-2006-3858 (IBM Informix Dynamic Server (IDS) before 9.40.xC8 and 10.00 before ...)
        NOT-FOR-US: IBM Informix Dynamic Server
CVE-2006-3857 (Multiple buffer overflows in IBM Informix Dynamic Server (IDS) before ...)
        NOT-FOR-US: IBM Informix Dynamic Server
CVE-2006-3856 (IBM Informix Dynamic Server (IDS) before 9.40.xC7 and 10.00 before ...)
        NOT-FOR-US: IBM Informix Dynamic Server
CVE-2006-3855 (The ifx_load_internal function in IBM Informix Dynamic Server (IDS) ...)
        NOT-FOR-US: IBM Informix Dynamic Server
CVE-2006-3854 (Buffer overflow in IBM Informix Dynamic Server (IDS) 9.40.TC7, ...)
        NOT-FOR-US: IBM Informix Dynamic Server
CVE-2006-3853 (Buffer overflow in IBM Informix Dynamic Server (IDS) before 9.40.TC7 ...)
        NOT-FOR-US: IBM Informix Dynamic Server
CVE-2006-3852 (Cross-site scripting (XSS) vulnerability in index.php in Micro ...)
        NOT-FOR-US: Micro GuestBook
CVE-2006-3851 (SQL injection vulnerability in upgradev1.php in X7 Chat 2.0.4 and ...)
        NOT-FOR-US: X7 Chat
CVE-2006-3850 (** DISPUTED ** ...)
        NOT-FOR-US: Vanilla CMS
CVE-2006-3849 (Stack-based buffer overflow in Warzone 2100 and Warzone Resurrection ...)
        NOT-FOR-US: Warzone
CVE-2006-3848 (Cross-site scripting (XSS) vulnerability in CGI wrapper for IP ...)
        NOT-FOR-US: ipcalc <unfixed> (bug #381469; low)
CVE-2006-3847 (PHP remote file inclusion vulnerability in (1) admin.php, and possibly ...)
        NOT-FOR-US: MoSpray
CVE-2006-3846 (PHP remote file inclusion vulnerability in extadminmenus.class.php in ...)
        NOT-FOR-US: MultiBanners
CVE-2006-3845 (Stack-based buffer overflow in lzh.fmt in WinRAR 3.00 through 3.60 ...)
        NOT-FOR-US: WinRAR
CVE-2006-3844 (Buffer overflow in Quick 'n Easy FTP Server 3.0 allows remote ...)
        NOT-FOR-US: Quick 'n Easy FTP Server
CVE-2006-3843 (PHP remote file inclusion vulnerability in com_calendar.php in ...)
        NOT-FOR-US: Calendar Mambo Module
CVE-2006-3842 (Cross-site scripting (XSS) vulnerability in Zoho Virtual Office 3.2 ...)
        NOT-FOR-US: Zoho Virtual Office
CVE-2006-3841 (Cross-site scripting (XSS) vulnerability in WebScarab before ...)
        NOT-FOR-US: WebScarab
CVE-2006-3840 (The SMB Mailslot parsing functionality in PAM in multiple ISS products ...)
        NOT-FOR-US: various ISS products
CVE-2006-3839
        RESERVED
CVE-2006-3838 (Multiple stack-based buffer overflows in eIQnetworks Enterprise ...)
        NOT-FOR-US: eIQnetworks Enterprise
CVE-2006-XXXX [syslog-ng dos]
        - syslog-ng 2.0rc1-2 (low)
        [sarge] - syslog-ng <not-affected> (Vulnerable code not present)
CVE-2006-XXXX [courier-authdaemon: wrong socket permissions may lead to password disclosure]
        - courier-authlib 0.58-3.1 (bug #378571; medium)
        [sarge] - courier-authlib <not-affected> (bug #378571; medium)
CVE-2006-4046 (Multiple stack-based buffer overflows in Open Cubic Player 2.6.0pre6 ...)
        - ocp 0.1.10rc6-1 (medium; bug #381098)
CVE-2006-XXXX [uqwk buffer overflow]
        - uqwk 2.21-13 (bug #376577; medium)
CVE-2006-XXXX [Webalizer buffer overflows]
        - webalizer 2.01.10-30 (unknown)
        NOTE: 11_various_buffer_overflows should be reviewed for exploitability
CVE-2006-3837 (delcookie.php in Professional Home Page Tools Guestbook changes the ...)
        NOT-FOR-US: Professional Home Page Tools Guestbook
CVE-2006-3836 (Directory traversal vulnerability in index.php in UNIDOmedia Chameleon ...)
        NOT-FOR-US: UNIDOmedia Chameleon
CVE-2006-3835 (Apache Tomcat 5 before 5.5.17 allows remote attackers to list ...)
        - tomcat5 <not-affected> (bug #380361; maintainter can't reproduce)
        - tomcat5.5 <not-affected> (bug #380376; maintainer can't reproduce)
CVE-2006-3834 (EJ3 TOPo 2.2.178 includes the password in cleartext in the ID field to ...)
        NOT-FOR-US: EJ3 TOPo 
CVE-2006-3833 (index.php in EJ3 TOPo 2.2.178 allows remote attackers to overwrite ...)
        NOT-FOR-US: EJ3 TOPo
CVE-2006-3832 (SQL injection vulnerability in index.php in Gerrit van Aaken Loudblog ...)
        NOT-FOR-US: Gerrit van Aaken Loudblog
CVE-2006-3831 (The Backup selection in Kailash Nadh boastMachine (formerly bMachine) ...)
        NOT-FOR-US: Kailash Nadh boastMachine (formerly bMachine)
CVE-2006-3830 (The Languages selection in the admin interface in Kailash Nadh ...)
        NOT-FOR-US: Kailash Nadh boastMachine (formerly bMachine)
CVE-2006-3829 (Cross-site request forgery (CSRF) vulnerability in bmc/admin.php in ...)
        NOT-FOR-US: Kailash Nadh boastMachine (formerly bMachine)
CVE-2006-3828 (Incomplete blacklist vulnerability in Kailash Nadh boastMachine ...)
        NOT-FOR-US: Kailash Nadh boastMachine (formerly bMachine)
CVE-2006-3827 (SQL injection vulnerability in bmc/Inc/core/admin/search.inc.php in ...)
        NOT-FOR-US: Kailash Nadh boastMachine (formerly bMachine)
CVE-2006-3826 (Multiple cross-site scripting (XSS) vulnerabilities in Kailash Nadh ...)
        NOT-FOR-US: Kailash Nadh boastMachine (formerly bMachine)
CVE-2006-3825 (The IPv4 implementation in Sun Solaris 10 before 20060721 allows local ...)
        NOT-FOR-US: Solaris
CVE-2006-3824 (systeminfo.c for Sun Solaris allows local users to read kernel memory ...)
        NOT-FOR-US: Solaris
CVE-2006-3823 (SQL injection vulnerability in index.php in GeodesicSolutions (1) ...)
        NOT-FOR-US: GeodesicSolutions GeoAuctions Premier and GeoClassifieds Basic
CVE-2006-3822 (SQL injection vulnerability in index.php in GeodesicSolutions ...)
        NOT-FOR-US: GeodesicSolutions GeoAuctions
CVE-2006-3821 (Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.5.3 ...)
        NOT-FOR-US: ATutor
CVE-2006-3820 (Cross-site scripting (XSS) vulnerability in loudblog/index.php in ...)
        NOT-FOR-US: Loudblog
CVE-2006-3819 (Eval injection vulnerability in the configure script in TWiki 4.0.0 ...)
        - twiki <not-affected> (only 4.0.x is affected)
CVE-2006-3818 (Cross-site scripting (XSS) vulnerability in the login page in Novell ...)
        NOT-FOR-US: Novell GroupWise WebAccess
CVE-2006-3817 (Cross-site scripting (XSS) vulnerability in Novell GroupWise WebAccess ...)
        NOT-FOR-US: Novell GroupWise WebAccess
CVE-2006-3816 (Krusader 1.50-beta1 up to 1.70.0 stores passwords for remote ...)
        - krusader <not-affected> (bug #380063; file in directory with 0700 permissions)
CVE-2006-3815 (heartbeat.c in heartbeat before 2.0.6 sets insecure permissions in a ...)
        {DSA-1128}
        - heartbeat 1.2.4-13 (bug #379904)
CVE-2006-3814 (Buffer overflow in the Loader_XM::load_instrument_internal function in ...)
        {DSA-1166}
        - cheesetracker 0.9.9-6 (bug #380364; low)
CVE-2006-3813 (A regression error in the Perl package for Red Hat Enterprise Linux 4 ...)
        NOT-FOR-US: Perl in Red Hat Enterprise Linux 4
CVE-2006-3812 (Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and ...)
        NOTE: MFSA-2006-56
        [sarge] - mozilla <not-affected>
        - mozilla <unfixed> (medium)
        - xulrunner 1.8.0.5-1 (medium)
        [sarge] - mozilla-firefox <not-affected> (Only Firefox 1.5 is affected)
        - firefox 1.5.dfsg+1.5.0.5-1 (medium)
        - thunderbird <unfixed> (unimportant)
        [sarge] - mozilla-thunderbird <not-affected> (unimportant)
CVE-2006-3811 (Multiple vulnerabilities in Mozilla Firefox before 1.5.0.5, ...)
        {DSA-1161}
        NOTE: MFSA-2006-55
        - mozilla <unfixed> (high)
        - xulrunner 1.8.0.5-1 (high)
        - mozilla-firefox <removed> (high)
        - firefox 1.5.dfsg+1.5.0.5-1 (high)
        - thunderbird 1.5.0.5-1 (medium)
        - mozilla-thunderbird <removed> (medium)
CVE-2006-3810 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox 1.5 before ...)
        NOTE: MFSA-2006-54
        - mozilla <not-affected> (mozilla 1.7 not affected)
        - xulrunner 1.8.0.5-1 (high)
        - mozilla-firefox <not-affected> (only firefox >= 1.5)
        - firefox 1.5.dfsg+1.5.0.5-1 (high)
        - thunderbird 1.5.0.5-1 (medium)
        - mozilla-thunderbird <not-affected>
CVE-2006-3809 (Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and ...)
        {DSA-1161 DSA-1160 DSA-1159}
        NOTE: MFSA-2006-53
        - mozilla <unfixed> (medium)
        - xulrunner 1.8.0.5-1 (medium)
        - mozilla-firefox <removed> (medium)
        - firefox 1.5.dfsg+1.5.0.5-1 (medium)
        - thunderbird 1.5.0.5-1 (medium)
        - mozilla-thunderbird <removed> (medium)
CVE-2006-3808 (Mozilla Firefox before 1.5.0.5 and SeaMonkey before 1.0.3 allows ...)
        {DSA-1161 DSA-1160 DSA-1159}
        NOTE: MFSA-2006-52
        - mozilla <unfixed> (medium)
        - xulrunner 1.8.0.5-1 (medium)
        - mozilla-firefox <removed> (medium)
        - firefox 1.5.dfsg+1.5.0.5-1 (medium)
        - thunderbird 1.5.0.5-1
CVE-2006-3807 (Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and ...)
        {DSA-1161 DSA-1160 DSA-1159}
        NOTE: MFSA-2006-51
        - mozilla <unfixed> (high)
        - xulrunner 1.8.0.5-1 (high)
        - mozilla-firefox <removed> (high)
        - firefox 1.5.dfsg+1.5.0.5-1 (high)
        - thunderbird 1.5.0.5-1 (medium)
        - mozilla-thunderbird <removed> (medium)
CVE-2006-3806 (Multiple integer overflows in the Javascript engine in Mozilla Firefox ...)
        {DSA-1161 DSA-1160 DSA-1159}
        NOTE: MFSA-2006-50
        - mozilla <unfixed> (high)
        - xulrunner 1.8.0.5-1 (high)
        - mozilla-firefox <removed> (high)
        - firefox 1.5.dfsg+1.5.0.5-1 (high)
        - thunderbird 1.5.0.5-1 (medium)
        - mozilla-thunderbird <removed> (medium)
CVE-2006-3805 (The Javascript engine in Mozilla Firefox before 1.5.0.5, Thunderbird ...)
        {DSA-1161 DSA-1160 DSA-1159}
        NOTE: MFSA-2006-50
        - mozilla <unfixed> (high)
        - xulrunner 1.8.0.5-1 (high)
        - mozilla-firefox <removed> (high)
        - firefox 1.5.dfsg+1.5.0.5-1 (high)
        - thunderbird 1.5.0.5-1 (medium)
        - mozilla-thunderbird <removed> (medium)
CVE-2006-3804 (Heap-based buffer overflow in Mozilla Thunderbird before 1.5.0.5 and ...)
        NOTE: MFSA-2006-49
        - mozilla-firefox <not-affected> (only firefox >= 1.5)
        [sarge] - mozilla <not-affected> (mozilla 1.7 not affected)
        - mozilla <unfixed> (high)
        - thunderbird 1.5.0.5-1 (high)
        - mozilla-thunderbird <not-affected> (high)
CVE-2006-3803 (Race condition in the JavaScript garbage collection in Mozilla Firefox ...)
        NOTE: MFSA-2006-48
        - mozilla <not-affected> (mozilla 1.7 not affected)
        - xulrunner 1.8.0.5-1 (high)
        - mozilla-firefox <not-affected> (only firefox >= 1.5)
        - firefox 1.5.dfsg+1.5.0.5-1 (high)
        - thunderbird 1.5.0.5-1 (medium)
        - mozilla-thunderbird <not-affected>
CVE-2006-3802 (Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and ...)
        NOTE: MFSA-2006-47
        - mozilla <not-affected> (mozilla 1.7 not affected)
        - xulrunner 1.8.0.5-1 (medium)
        - mozilla-firefox <not-affected> (only firefox >= 1.5)
        - firefox 1.5.dfsg+1.5.0.5-1 (medium)
        - thunderbird 1.5.0.5-1 (medium)
        - mozilla-thunderbird <not-affected>
CVE-2006-3801 (Mozilla Firefox 1.5 before 1.5.0.5 and SeaMonkey before 1.0.3 does not ...)
        NOTE: MFSA-2006-44
        - mozilla-firefox <not-affected> (only firefox >= 1.5)
        - mozilla-thunderbird <not-affected> (only firefox >= 1.5)
        - mozilla <not-affected> (mozilla 1.7 not affected)
        - firefox 1.5.dfsg+1.5.0.5-1 (high)
        - xulrunner 1.8.0.5-1 (high)
        - thunderbird 1.5.0.5-1 (medium)
CVE-2006-3800 (Cross-site scripting (XSS) vulnerability in Amazing Flash AFCommerce ...)
        NOT-FOR-US: AFCommerce
CVE-2006-3799 (DeluxeBB 1.07 and earlier allows remote attackers to bypass SQL ...)
        NOT-FOR-US: DeluxeBB
CVE-2006-3798 (DeluxeBB 1.07 and earlier allows remote attackers to overwrite the (1) ...)
        NOT-FOR-US: DeluxeBB
CVE-2006-3797 (SQL injection vulnerability in DeluxeBB 1.07 and earlier allows remote ...)
        NOT-FOR-US: DeluxeBB
CVE-2006-3796 (DeluxeBB 1.07 and earlier does not properly handle a username composed ...)
        NOT-FOR-US: DeluxeBB
CVE-2006-3795 (Multiple cross-site scripting (XSS) vulnerabilities in DeluxeBB before ...)
        NOT-FOR-US: DeluxeBB
CVE-2006-3794 (** DISPUTED ** ...)
        NOT-FOR-US: AFCommerce
CVE-2006-3793 (PHP remote file inclusion vulnerability in constants.php in SiteDepth ...)
        NOT-FOR-US: SiteDepth
CVE-2006-3792 (SQL injection vulnerability in ServerClientUfo::recv_packet in ...)
        NOT-FOR-US: UFO2000
CVE-2006-3791 (The decode_stringmap function in server_transport.cpp for UFO2000 svn ...)
        NOT-FOR-US: UFO2000
CVE-2006-3790 (The decode_stringmap function in server_transport.cpp for UFO2000 svn ...)
        NOT-FOR-US: UFO2000
CVE-2006-3789 (Multiple array index errors in the (1) recv_rules, (2) ...)
        NOT-FOR-US: UFO2000
CVE-2006-3788 (Multiple buffer overflows in multiplay.cpp in UFO2000 svn 1057 allow ...)
        NOT-FOR-US: UFO2000
CVE-2006-3787 (kpf4ss.exe in Sunbelt Kerio Personal Firewall 4.3.x before 4.3.268 ...)
        NOT-FOR-US: Sunbelt Kerio Personal Firewall
CVE-2006-3786 (Symantec pcAnywhere 12.5 uses weak integrity protection for .cif (aka ...)
        NOT-FOR-US: Symantec pcAnywhere
CVE-2006-3785 (Symantec pcAnywhere 12.5 obfuscates the passwords in a GUI textbox ...)
        NOT-FOR-US: Symantec pcAnywhere
CVE-2006-3784 (Symantec pcAnywhere 12.5 uses weak default permissions for the ...)
        NOT-FOR-US: Symantec pcAnywhere
CVE-2006-3783 (Sun Solaris 10 allows local users to cause a denial of service (panic) ...)
        NOT-FOR-US: Solaris
CVE-2006-3782 (Unspecified vulnerability in the kernel debugger (kmdb) in Sun Solaris ...)
        NOT-FOR-US: Solaris
CVE-2006-3781 (Unspecified vulnerability in Sun Solaris 10 allows context-dependent ...)
        NOT-FOR-US: Solaris
CVE-2006-3780 (Keyifweb Keyif Portal 2.0 stores sensitive information under the web ...)
        NOT-FOR-US: Keyifweb Keyif Portal
CVE-2006-3779 (Citrix MetaFrame up to XP 1.0 Feature 1, except when running on ...)
        NOT-FOR-US: Citrix
CVE-2006-3778 (IBM Lotus Notes 6.0, 6.5, and 7.0 does not properly handle replies to ...)
        NOT-FOR-US: IBM
CVE-2006-3777 (PHP remote file inclusion vulnerability in index.php in IDevSpot ...)
        NOT-FOR-US: IDevSpot PhpLinkExchange
CVE-2006-3776 (PHP remote file inclusion vulnerability in order/index.php in IDevSpot ...)
        NOT-FOR-US: IDevSpot (1) PhpHostBot 1.0 and (2) AutoHost 3.0
CVE-2006-3775 (SQL injection vulnerability in class_session.php in MyBB (aka ...)
        NOT-FOR-US: MyBB
CVE-2006-3774 (PHP remote file inclusion vulnerability in performs.php in the ...)
        NOT-FOR-US: perForms component (com_performs) for Joomla!
CVE-2006-3773 (PHP remote file inclusion vulnerability in smf.php in the SMF-Forum ...)
        NOT-FOR-US: MF-Forum Bridge Component (com_smf) For Joomla! and Mambo 
CVE-2006-3772 (PHP-Post 0.21 and 1.0, and possibly earlier versions, when auto-login ...)
        NOT-FOR-US: PHP-Post
CVE-2006-3771 (Multiple PHP remote file inclusion vulnerabilities in component.php in ...)
        NOT-FOR-US: iManage CMS
CVE-2006-3770 (Multiple SQL injection vulnerabilities in index.php in phpFaber ...)
        NOT-FOR-US: phpFaber TopSites
CVE-2006-3769 (Multiple cross-site scripting (XSS) vulnerabilities in Top XL 1.1 and ...)
        NOT-FOR-US: Top XL
CVE-2006-3768 (Integer underflow in filecpnt.exe in FileCOPA FTP Server 1.01 before ...)
        NOT-FOR-US: FileCOPA FTP Server
CVE-2006-3767 (Cross-site scripting (XSS) vulnerability in showprofile.php in ...)
        NOT-FOR-US: Darren's $5 Script Archive osDate
CVE-2006-3766 (Darren's $5 Script Archive osDate 1.1.7 and earlier allows users to ...)
        NOT-FOR-US: Darren's $5 Script Archive osDate
CVE-2006-3765 (Multiple cross-site scripting (XSS) vulnerabilities in Huttenlocher ...)
        NOT-FOR-US: uttenlocher Webdesign hwdeGUEST
CVE-2006-3764 (Till Gerken phpPolls 1.0.3 allows remote attackers to create a new ...)
        NOT-FOR-US: phpPolls
CVE-2006-3763 (SQL injection vulnerability in category.php in Diesel Joke Site allows ...)
        NOT-FOR-US: Diesel Joke Site
CVE-2006-3762 (The Touch Control ActiveX control 2.0.0.55 allows remote attackers to ...)
        NOT-FOR-US: Touch Control ActiveX control
CVE-2006-3761 (Cross-site scripting (XSS) vulnerability in inc/function_post.php in ...)
        NOT-FOR-US: MyBB
CVE-2006-3760 (Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) ...)
        NOT-FOR-US: MyBB
CVE-2006-3759 (Unspecified vulnerability in MyBB (aka MyBulletinBoard) 1.1.4, related ...)
        NOT-FOR-US: MyBB
CVE-2006-3758 (inc/init.php in Archive Mode (Light) in MyBB (aka MyBulletinBoard) ...)
        NOT-FOR-US: MyBB
CVE-2006-3757 (index.php in Zen Cart 1.3.0.2 allows remote attackers to obtain ...)
        NOT-FOR-US: Zen Cart
CVE-2006-3756 (Cross-site scripting (XSS) vulnerability in Geeklog 1.4.0sr4 and ...)
        NOT-FOR-US: Geeklog
CVE-2006-3755 (PHP remote file inclusion vulnerability in ...)
        NOT-FOR-US: FlushCMS
CVE-2006-3754 (PHP remote file inclusion vulnerability in ...)
        NOT-FOR-US: FlushCMS
CVE-2006-3753 (setcookie.php for tthe administration login in Professional Home Page ...)
        NOT-FOR-US: Professional Home Page Tools Guestbook
CVE-2006-3752 (Multiple SQL injection vulnerabilities in class.php in Professional ...)
        NOT-FOR-US: Professional Home Page Tools Guestbook
CVE-2006-3751 (PHP remote file inclusion vulnerability in ...)
        NOT-FOR-US: HTMLArea3
CVE-2006-3750 (PHP remote file inclusion vulnerability in server.php in the Hashcash ...)
        NOT-FOR-US: Hashcash Component (com_hashcash) for Joomla
CVE-2006-3749 (PHP remote file inclusion vulnerability in sitemap.xml.php in Sitemap ...)
        NOT-FOR-US: Sitemap component (com_sitemap) for Mambo 
CVE-2006-3748 (PHP remote file inclusion vulnerability in ...)
        NOT-FOR-US: LoudMouth Component for Mambo
CVE-2006-3747 (Off-by-one error in the ldap scheme handling in the Rewrite module ...)
        {DSA-1132-1 DSA-1131-1}
        - apache 1.3.34-3 (medium; bug #380231)
        - apache2 2.0.55-4.1 (medium; bug #380182)
CVE-2006-3746 (Integer overflow in parse_comment in GnuPG (gpg) 1.4.4 allows remote ...)
        {DSA-1141-1 DSA-1140-1}
        - gnupg 1.4.5-1 (medium)
        - gnupg2 1.9.20-2 (medium)
CVE-2006-3745 (Unspecified vulnerability in the sctp_make_abort_user function in the ...)
        - linux-2.6 2.6.17-7
        - linux-2.6.16 <unfixed>
CVE-2006-3744 (Multiple integer overflows in ImageMagick before 6.2.9 allows ...)
        {DSA-1168-1}
        - imagemagick <unfixed> (bug #385062)
CVE-2006-3743 (Multiple buffer overflows in ImageMagick before 6.2.9 allow ...)
        {DSA-1168-1}
        - imagemagick <unfixed> (bug #385062)
CVE-2006-3742 (The KDE PAM configuration shipped with Fedora Core 5 causes KDM ...)
        TODO: check
CVE-2006-3741
        RESERVED
CVE-2006-3740
        RESERVED
CVE-2006-3739
        RESERVED
CVE-2006-3738
        RESERVED
CVE-2006-XXXX [htdig: several unspecified security problems]
        - htdig 1:3.2.0b6-1
CVE-2006-XXXX [ldap account manager sets trivial password instead of disabling it]
        - ldap-account-manager 1.0.2-1.1 (bug #368804; medium)
        [sarge] - ldap-account-manager <not-affected>
CVE-2006-XXXX [ldap account manager wrongly unlocks some passwords]
        - ldap-account-manager 1.0.3-1 (bug #375453; medium)
        [sarge] - ldap-account-manager <not-affected>
CVE-2006-3737 (Cross-site scripting (XSS) vulnerability in ...)
        NOT-FOR-US: Plesk
CVE-2006-3736 (PHP remote file inclusion vulnerability in core/videodb.class.xml.php ...)
        NOT-FOR-US: VideoDB for Mambo
CVE-2006-3735 (Multiple PHP remote file inclusion vulnerabilities in Mail2Forum ...)
        NOT-FOR-US: Mail2Forum
CVE-2006-3734 (Multiple unspecified vulnerabilities in the Command Line Interface ...)
        NOT-FOR-US: CS-MARS
CVE-2006-3733 (jmx-console/HtmlAdaptor in the jmx-console in the JBoss web ...)
        NOT-FOR-US: Cisco / JBoss
CVE-2006-3732 (Cisco Security Monitoring, Analysis and Response System (CS-MARS) ...)
        NOT-FOR-US: CS-MARS
CVE-2006-3731 (Mozilla Firefox 1.5.0.4 and earlier allows remote user-assisted ...)
        - firefox 1.5.dfsg+1.5.0.6-1 (bug #379050; low)
        [sarge] - mozilla-firefox <not-affected> (Unreproducible on Sarge)
CVE-2006-3730 (Microsoft Internet Explorer 6 on Windows XP SP2 allows remote ...)
        NOT-FOR-US: MSIE
CVE-2006-3729 (DataSourceControl in Internet Explorer 6 on Windows XP SP2 with Office ...)
        NOT-FOR-US: MSIE
CVE-2006-3728 (Unspecified vulnerability in the kernel in Solaris 10 with patch ...)
        NOT-FOR-US: Solaris
CVE-2006-3727 (Multiple SQL injection vulnerabilities in Eskolar CMS 0.9.0.0 allow ...)
        NOT-FOR-US: Eskolar CMS
CVE-2006-3726 (Buffer overflow in FileCOPA FTP Server before 1.01 released on 18th ...)
        NOT-FOR-US: FileCOPA FTP Server
CVE-2006-3725 (Norton Personal Firewall 2006 9.1.0.33 allows local users to cause a ...)
        NOT-FOR-US: Norton Personal Firewall
CVE-2006-3724 (Unspecified vulnerability in JD Edwards HTML Server for Oracle ...)
        NOT-FOR-US: Oracle
CVE-2006-3723 (Unspecified vulnerability in PeopleSoft Enterprise Portal for Oracle ...)
        NOT-FOR-US: Oracle
CVE-2006-3722 (Unspecified vulnerability in PeopleSoft Enterprise Portal for Oracle ...)
        NOT-FOR-US: Oracle
CVE-2006-3721 (Multiple unspecified vulnerabilities in Oracle Management Service for ...)
        NOT-FOR-US: Oracle
CVE-2006-3720 (Unspecified vulnerability in Enterprise Config Management for Oracle ...)
        NOT-FOR-US: Oracle
CVE-2006-3719 (Unspecified vulnerability in CORE: Repository for Oracle Enterprise ...)
        NOT-FOR-US: Oracle
CVE-2006-3718 (Multiple unspecified vulnerabilities in Oracle Exchange for Oracle ...)
        NOT-FOR-US: Oracle
CVE-2006-3717 (Multiple unspecified vulnerabilities in Oracle E-Business Suite and ...)
        NOT-FOR-US: Oracle
CVE-2006-3716 (Multiple unspecified vulnerabilities in Oracle E-Business Suite and ...)
        NOT-FOR-US: Oracle
CVE-2006-3715 (Unspecified vulnerability in Calendar for Oracle Collaboration Suite ...)
        NOT-FOR-US: Oracle
CVE-2006-3714 (Unspecified vulnerability in OC4J for Oracle Application Server ...)
        NOT-FOR-US: Oracle
CVE-2006-3713 (Unspecified vulnerability in OC4J for Oracle Application Server ...)
        NOT-FOR-US: Oracle
CVE-2006-3712 (Unspecified vulnerability in OC4J for Oracle Application Server ...)
        NOT-FOR-US: Oracle
CVE-2006-3711 (Unspecified vulnerability in OC4J for Oracle Application Server ...)
        NOT-FOR-US: Oracle
CVE-2006-3710 (Unspecified vulnerability in OC4J for Oracle Application Server ...)
        NOT-FOR-US: Oracle
CVE-2006-3709 (Unspecified vulnerability in OC4J for Oracle Application Server ...)
        NOT-FOR-US: Oracle
CVE-2006-3708 (Unspecified vulnerability in OC4J for Oracle Application Server ...)
        NOT-FOR-US: Oracle
CVE-2006-3707 (Unspecified vulnerability in OC4J for Oracle Application Server ...)
        NOT-FOR-US: Oracle
CVE-2006-3706 (Unspecified vulnerability in OC4J for Oracle Application Server ...)
        NOT-FOR-US: Oracle
CVE-2006-3705 (Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 have ...)
        NOT-FOR-US: Oracle
CVE-2006-3704 (Unspecified vulnerability in the Oracle ODBC Driver for Oracle ...)
        NOT-FOR-US: Oracle
CVE-2006-3703 (Unspecified vulnerability in InterMedia for Oracle Database 9.0.1.5, ...)
        NOT-FOR-US: Oracle
CVE-2006-3702 (Multiple unspecified vulnerabilities in Oracle Database 8.1.7.4, ...)
        NOT-FOR-US: Oracle
CVE-2006-3701 (Unspecified vulnerability in the Dictionary component in Oracle ...)
        NOT-FOR-US: Oracle
CVE-2006-3700 (Multiple unspecified vulnerabilities in Oracle Database 9.2.0.6 and ...)
        NOT-FOR-US: Oracle
CVE-2006-3699 (Unspecified vulnerability in the Core RDBMS component in Oracle ...)
        NOT-FOR-US: Oracle
CVE-2006-3698 (Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 have ...)
        NOT-FOR-US: Oracle
CVE-2006-3697 (Outpost Firewall Pro 3.51.759.6511 (462), as used in (1) Lavasoft ...)
        NOT-FOR-US: Outpost Firewall Pro
CVE-2006-3696 (filtnt.sys in Outpost Firewall Pro before 3.51.759.6511 (462) allows ...)
        NOT-FOR-US: Outpost Firewall Pro
CVE-2006-3694 (Multiple unspecified vulnerabilities in Ruby before 1.8.5 allow remote ...)
        {DSA-1157 DSA-1139-1}
        - ruby1.8 1.8.4-3 (bug #378029; medium)
        - ruby1.9 1.9.0+20060609-1 (medium)
CVE-2006-3693 (Rocks Clusters 4.1 and earlier allows local users to gain privileges ...)
        NOT-FOR-US: Rocks Clusters
CVE-2006-3692 (** DISPUTED ** ...)
        NOT-FOR-US: ListMessenger
CVE-2006-3691 (Multiple SQL injection vulnerabilities in VBZooM 1.11 and earlier ...)
        NOT-FOR-US: VBZooM
CVE-2006-3690 (Multiple PHP remote file inclusion vulnerabilities in MiniBB Forum ...)
        NOT-FOR-US: MiniBB
CVE-2006-3689 (** DISPUTED ** ...)
        NOT-FOR-US: Codeworks Gnomedia SubberZ[Lite]
CVE-2006-3688 (SQL injection vulnerability in Room.php in Francisco Charrua ...)
        NOT-FOR-US: Francisco Charrua Photo-Gallery
CVE-2006-3687 (Stack-based buffer overflow in the Universal Plug and Play (UPnP) ...)
        NOT-FOR-US: D-Link
CVE-2006-3686 (Unspecified vulnerability in [SYSEXE]SMPUTIL.EXE in HP OpenVMS 7.3-2 ...)
        NOT-FOR-US: HP OpenVMS
CVE-2006-3685 (PHP remote file inclusion vulnerability in CzarNews 1.12 through 1.14 ...)
        NOT-FOR-US: CzarNews
CVE-2006-3684 (PHP remote file inclusion vulnerability in calendar.php in SoftComplex ...)
        NOT-FOR-US: SoftComplex PHP Event Calendar
CVE-2006-3683 (PHP remote file inclusion vulnerability in poll.php in Flipper Poll ...)
        NOT-FOR-US: Flipper Poll
CVE-2006-3682 (awstats.pl in AWStats 6.5 build 1.857 and earlier allows remote ...)
        - awstats 6.5-2 (bug #378960; low)
        [sarge] - awstats 6.4-1sarge3
        NOTE: A previous DSA introduced a fix that renders this vulnerability in ineffective
CVE-2006-3681 (Multiple cross-site scripting (XSS) vulnerabilities in awstats.pl in ...)
        - awstats 6.5-2 (bug #378960; unimportant)
        NOTE: Path disclosure is not an issue for Debian
CVE-2006-3680 (Cross-site scripting (XSS) vulnerability in photocycle in Photocycle ...)
        NOT-FOR-US: Photocycle
CVE-2006-3679 (FatWire Content Server 5.5.0 allows remote attackers to bypass access ...)
        NOT-FOR-US: FatWire Content Server
CVE-2006-3678 (TippingPoint IPS running the TippingPoint Operating System (TOS) ...)
        NOT-FOR-US: TippingPoint
CVE-2006-3677 (Mozilla Firefox 1.5 before 1.5.0.5 and SeaMonkey before 1.0.3 allows ...)
        NOTE: MFSA-2006-45
        - mozilla <not-affected> (mozilla 1.7 not affected)
        - xulrunner 1.8.0.5-1 (high)
        - mozilla-firefox <not-affected> (only firefox >= 1.5)
        - firefox 1.5.dfsg+1.5.0.5-1 (high)
        - thunderbird <not-affected>
        - mozilla-thunderbird <not-affected>
CVE-2006-3676 (admin/gallery_admin.php in planetGallery before 14.07.2006 allows remote ...)
        NOT-FOR-US: planetGallery
CVE-2006-3675 (Password Safe 2.11, 2.16 and 3.0BETA1 does not respect the ...)
        TODO: check
CVE-2006-3674 (nNetObject.cpp in Armagetron Advanced 2.8.2 and earlier allows remote ...)
        - armagetron <unfixed> (bug #379062; medium)
CVE-2006-3673 (nNetObject.cpp in Armagetron Advanced 2.8.2 and earlier allows remote ...)
        - armagetron <unfixed> (bug #379062; medium)
CVE-2006-3672 (KDE Konqueror 3.5.1 and earlier allows remote attackers to cause a ...)
        - kdelibs 4:3.5.4-1 (bug #378962; low)
        [sarge] - kdelibs <not-affected> (Doesn't trigger a crash on Sarge)
CVE-2006-3671 (Cross-site request forgery (CSRF) vulnerability in the communicate ...)
        - hyperestraier 1.3.3-1 (bug #379060; low)
CVE-2006-3670 (Stack-based buffer overflow in Winlpd 1.26 allows remote attackers to ...)
        NOT-FOR-US: Winlpd
CVE-2006-3669 (Mercury Messenger, possibly 1.7.1.1 and other versions, when running ...)
        NOT-FOR-US: Mercury Messenger
CVE-2006-3668 (Heap-based buffer overflow in the it_read_envelope function in Dynamic ...)
        {DSA-1123}
        - libdumb 1:0.9.3-5 (bug #379064; medium)
CVE-2006-3667 (Unspecified vulnerability in Sybase/Financial Fusion Consumer Banking ...)
        NOT-FOR-US: Sybase/Financial Fusion Consumer Banking Suite
CVE-2006-3666 (SQL injection vulnerability in AjaxPortal 3.0, with magic_quotes_gpc ...)
        NOT-FOR-US: AjaxPortal
CVE-2006-3665 (SquirrelMail 1.4.6 and earlier, with register_globals enabled, allows ...)
        - squirrelmail 2:1.4.7-1 (low)
        [sarge] - squirrelmail <no-dsa> (Operation with registers_globals not supported)
CVE-2006-3664 (Unspecified vulnerability in NIS server on Sun Solaris 8, 9, and 10 ...)
        NOT-FOR-US: Sun Solaris
CVE-2006-3663 (Finjan Vital Security Appliance 5100/8100 NG 8.3.5 stores passwords in ...)
        NOT-FOR-US: Finjan Appliance
CVE-2006-3662 (** DISPUTED ** ...)
        NOT-FOR-US: ATutor
CVE-2006-3661 (Cross-site scripting (XSS) vulnerability in Index.PHP in CuteNews ...)
        NOT-FOR-US: CuteNews
CVE-2006-3660 (Unspecified vulnerability in Microsoft PowerPoint 2003 has unknown ...)
        NOT-FOR-US: Microsoft PowerPoint
CVE-2006-3659 (Microsoft Internet Explorer 6 allows remote attackers to cause a ...)
        NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-3658 (Microsoft Internet Explorer 6 allows remote attackers to cause a ...)
        NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-3657 (Microsoft Internet Explorer 6 allows remote attackers to cause a ...)
        NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-3656 (Unspecified vulnerability in Microsoft PowerPoint 2003 allows ...)
        NOT-FOR-US: Microsoft PowerPoint
CVE-2006-3655 (Unspecified vulnerability in mso.dll in Microsoft PowerPoint 2003 ...)
        NOT-FOR-US: Microsoft PowerPoint
CVE-2006-3654 (Buffer overflow in wksss.exe 8.4.702.0 in Microsoft Works Spreadsheet ...)
        NOT-FOR-US: Microsoft Works Spreadsheet
CVE-2006-3653 (wksss.exe 8.4.702.0 in Microsoft Works Spreadsheet 8.0 allows remote ...)
        NOT-FOR-US: Microsoft Works Spreadsheet
CVE-2006-3652 (Microsoft Internet Security and Acceleration (ISA) Server 2004 allows ...)
        NOT-FOR-US: Microsoft Internet Security and Acceleration Server
CVE-2006-3651
        RESERVED
CVE-2006-3650
        RESERVED
CVE-2006-3649 (Buffer overflow in Microsoft Visual Basic for Applications (VBA) SDK ...)
        NOT-FOR-US: Microsoft
CVE-2006-3648 (Unspecified vulnerability in Microsoft Windows 2000 SP4, XP SP1 and ...)
        NOT-FOR-US: Microsoft
CVE-2006-3647
        RESERVED
CVE-2006-3646
        RESERVED
CVE-2006-3645
        RESERVED
CVE-2006-3644
        RESERVED
CVE-2006-3643 (Cross-site scripting (XSS) vulnerability in Internet Explorer 5.01 and ...)
        NOT-FOR-US: Microsoft
CVE-2006-3642
        RESERVED
CVE-2006-3641
        RESERVED
CVE-2006-3640 (Microsoft Internet Explorer 5.01 and 6 allows certain script to ...)
        NOT-FOR-US: Microsoft
CVE-2006-3639 (Microsoft Internet Explorer 5.01 and 6 does not properly identify the ...)
        NOT-FOR-US: Microsoft
CVE-2006-3638 (Microsoft Internet Explorer 5.01 and 6 does not properly handle ...)
        NOT-FOR-US: Microsoft
CVE-2006-3637 (Microsoft Internet Explorer 5.01 SP4 and 6 does not properly handle ...)
        NOT-FOR-US: Microsoft
CVE-2006-3636 (Multiple cross-site scripting (XSS) vulnerabilities in Mailman before ...)
        TODO: check
CVE-2006-3635
        RESERVED
CVE-2006-3634 (The (1) __futex_atomic_op and (2) futex_atomic_cmpxchg_inatomic ...)
        - linux-2.6 2.6.17-1 (medium)
        - linux-2.6.16 <not-affected> (introduced in 2.6.17-rc4)
CVE-2006-3633 (OSSP shiela 1.1.5 and earlier allows remote authenticated users to ...)
        NOT-FOR-US: shiela
CVE-2006-3632 (Buffer overflow in Wireshark (aka Ethereal) 0.8.16 to 0.99.0 ...)
        {DSA-1127}
        - ethereal <removed> (bug #378745; high)
        - wireshark 0.99.2-1 (high)
CVE-2006-3631 (Unspecified vulnerability in the SSH dissector in Wireshark (aka ...)
        {DSA-1127}
        - ethereal <removed> (bug #378745; high)
        - wireshark 0.99.2-1 (high)
CVE-2006-3630 (Multiple off-by-one errors in Wireshark (aka Ethereal) 0.9.7 to ...)
        {DSA-1127}
        - ethereal <removed> (bug #378745; high)
        - wireshark 0.99.2-1 (high)
CVE-2006-3629 (Unspecified vulnerability in the MOUNT dissector in Wireshark ...)
        {DSA-1127}
        - ethereal <removed> (bug #378745; high)
        - wireshark 0.99.2-1 (high)
CVE-2006-3628 (Multiple format string vulnerabilities in Wireshark (aka Ethereal) ...)
        {DSA-1127}
        - ethereal <removed> (bug #378745; high)
        - wireshark 0.99.2-1 (high)
CVE-2006-3627 (Unspecified vulnerability in the GSM BSSMAP dissector in Wireshark ...)
        - ethereal <removed> (bug #378745; high)
        - wireshark 0.99.2-1 (high)
        [sarge] - ethereal <no-dsa> (Vulnerable code not present)
CVE-2006-3625 (FLV Players 8 allows remote attackers to obtain sensitive information ...)
        NOT-FOR-US: FLV Players
CVE-2006-3624 (Multiple cross-site scripting (XSS) vulnerabilities in FLV Players 8 ...)
        NOT-FOR-US: FLV Players
CVE-2006-3623 (Directory traversal vulnerability in Framework Service component in ...)
        NOT-FOR-US: McAfee ePolicy Orchestrator
CVE-2006-3622 (The showtopic module in Koobi Pro CMS 5.6 allows remote attackers to ...)
        NOT-FOR-US: Koobi Pro CMS
CVE-2006-3621 (SQL injection vulnerability in the showtopic module in Koobi Pro CMS ...)
        NOT-FOR-US: Koobi Pro CMS
CVE-2006-3620 (Cross-site scripting (XSS) vulnerability in the showtopic module in ...)
        NOT-FOR-US: Koobi Pro CMS
CVE-2006-3619 (Directory traversal vulnerability in FastJar 0.93, as used in Gnu GCC ...)
        {DSA-1170}
        - gcc-4.1 4.1.1-11 (bug #368397; low)
CVE-2006-3618 (SQL injection vulnerability in pblguestbook.php in Pixelated By Lev ...)
        NOT-FOR-US: Pixelated By Lev (PBL) Guestbook
CVE-2006-3617 (Cross-site scripting (XSS) vulnerability in pblguestbook.php in ...)
        NOT-FOR-US: Pixelated By Lev (PBL) Guestbook
CVE-2006-3616 (Multiple cross-site scripting (XSS) vulnerabilities in Carbonize ...)
        NOT-FOR-US: Carbonize Lazarus Guestbook
CVE-2006-3615 (Multiple PHP remote file inclusion vulnerabilities in Phorum 5.1.14, ...)
        NOT-FOR-US: Phorum
CVE-2006-3614 (index.php in Orbitcoders OrbitMATRIX 1.0 allows remote attackers to ...)
        NOT-FOR-US: Orbitcoders OrbitMATRIX
CVE-2006-3613 (Multiple cross-site scripting (XSS) vulnerabilities in Chamberland ...)
        NOT-FOR-US: Chamberland Technology ezWaiter
CVE-2006-3612 (Cross-site scripting (XSS) vulnerability in Phorum 5.1.14 allows ...)
        NOT-FOR-US: Phorum
CVE-2006-3611 (Directory traversal vulnerability in pm.php in Phorum 5 allows remote ...)
        NOT-FOR-US: Phorum
CVE-2006-3610 (index.php in Orbitcoders OrbitMATRIX 1.0 allows remote attackers to ...)
        NOT-FOR-US: Orbitcoders OrbitMATRIX
CVE-2006-3609 (Cross-site scripting (XSS) vulnerability in index.php in Orbitcoders ...)
        NOT-FOR-US: Orbitcoders OrbitMATRIX
CVE-2006-3608 (The Gallery module in Simone Vellei Flatnuke 2.5.7 and earlier, when ...)
        NOT-FOR-US: Simone Vellei Flatnuke
CVE-2006-3607 (Multiple cross-site scripting (XSS) vulnerabilities in Softbiz Banner ...)
        NOT-FOR-US: Softbiz Banner Exchange Script (aka Banner Exchange Network Script)
CVE-2006-3606 (Unspecified vulnerability in Sun Solaris X Inter Client Exchange ...)
        NOTE: Debian has a libice - is it the same one?
        TODO: check
CVE-2006-3605 (Microsoft Internet Explorer 6 allows remote attackers to cause a ...)
        NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-3604 (Directory traversal vulnerability in FlexWATCH Network Camera 3.0 and ...)
        NOT-FOR-US: FlexWATCH Network Camera
CVE-2006-3603 (Cross-site scripting (XSS) vulnerability in index.php in FlexWATCH ...)
        NOT-FOR-US: FlexWATCH Network Camera
CVE-2006-3602 (Directory traversal vulnerability in ...)
        TODO: check wordpress, moodle
        - knowledgeroot <not-affected> (fixed before first upload; see bug #381912)
CVE-2006-3601 (** UNVERIFIABLE ** ...)
        NOT-FOR-US: DotNetNuke
CVE-2006-3600 (Multiple stack-based buffer overflows in the LookupTRM::lookup ...)
        {DSA-1135-1}
        - libtunepimp 0.4.2-3.0etch1 (bug #378091; medium)
CVE-2006-3599 (SQL injection vulnerability in the Nuke Advanced Classifieds module ...)
        NOT-FOR-US: Nuke Advanced Classifieds module for PHP-Nuke
CVE-2006-3598 (SQL injection vulnerability in the Sections module for PHP-Nuke allows ...)
        NOT-FOR-US: Sections module for PHP-Nuke 
CVE-2006-3597 (passwd before 1:4.0.13 on Ubuntu 6.06 LTS leaves the root password ...)
        - shadow <not-affected> (fix for a mistake in the Ubuntu installer)
CVE-2006-3596 (The device driver for Intel-based gigabit network adapters in Cisco ...)
        NOT-FOR-US: Cisco
CVE-2006-3595 (The default configuration of IOS HTTP server in Cisco Router Web Setup ...)
        NOT-FOR-US: Cisco
CVE-2006-3594 (Buffer overflow in Cisco Unified CallManager (CUCM) 5.0(1) through ...)
        NOT-FOR-US: Cisco
CVE-2006-3593 (The command line interface (CLI) in Cisco Unified CallManager (CUCM) ...)
        NOT-FOR-US: Cisco
CVE-2006-3592 (Unspecified vulnerability in the command line interface (CLI) in Cisco ...)
        NOT-FOR-US: Cisco
CVE-2006-3591 (Microsoft Internet Explorer 6 allows remote attackers to cause a ...)
        NOT-FOR-US: Microsoft Internet Explorer 
CVE-2006-3626 (Race condition in Linux kernel 2.6.17.4 and earlier allows local users ...)
        {DSA-1111}
        - linux-2.6.16 2.6.16-17 (high)
        - linux-2.6 2.6.17-4 (high)
CVE-2006-XXXX [insufficient form variable escaping]
        - webauth 3.5.2-1
CVE-2006-3590 (mso.dll, as used by Microsoft PowerPoint 2000 through 2003, allows ...)
        NOT-FOR-US: Microsoft PowerPoint
CVE-2006-3589 (vmware-config.pl in VMware for Linux, ESX Server 2.x, and Infrastructure ...)
        NOT-FOR-US: VMware
CVE-2006-3588 (Unspecified vulnerability in Macromedia Flash Player 8.0.24.0 allows ...)
        NOT-FOR-US: Macromedia Flash Player 8
CVE-2006-3587 (Unspecified vulnerability in Macromedia Flash Player 8.0.24.0 allows ...)
        NOT-FOR-US: Macromedia Flash Player 8
CVE-2006-3586 (SQL injection vulnerability in Jetbox CMS 2.1 SR1 allows remote ...)
        NOT-FOR-US: Jetbox CMS
CVE-2006-3585 (Multiple cross-site scripting (XSS) vulnerabilities in Jetbox CMS 2.1 ...)
        NOT-FOR-US: Jetbox CMS
CVE-2006-3584 (Dynamic variable evaluation vulnerability in index.php in Jetbox CMS ...)
        NOT-FOR-US: Jetbox CMS
CVE-2006-3583 (Session fixation vulnerability in Jetbox CMS 2.1 SR1 allows remote ...)
        NOT-FOR-US: Jetbox CMS
CVE-2006-3582 (Multiple heap-based buffer overflows in Audacious AdPlug 2.0 and ...)
        - adplug 2.0.1-1 (bug #378279; medium)
CVE-2006-3581 (Multiple stack-based buffer overflows in Audacious AdPlug 2.0 and ...)
        - adplug 2.0.1-1 (bug #378279; medium)
CVE-2006-3580 (SQL injection vulnerability in pages.asp in ASP Stats Generator before ...)
        NOT-FOR-US: ASP Stats Generator
CVE-2006-3579 (Cross-site scripting (XSS) vulnerability in Fujitsu ServerView 2.50 up ...)
        NOT-FOR-US: Fujitsu ServerView
CVE-2006-3578 (Directory traversal vulnerability in Fujitsu ServerView 2.50 up to ...)
        NOT-FOR-US: Fujitsu ServerView
CVE-2006-3577 (SQL injection vulnerability in index.php in LifeType 1.0.5 allows ...)
        NOT-FOR-US: LifeType
CVE-2006-3576 (SQL injection vulnerability in Search.PHP in SenseSites CommonSense ...)
        NOT-FOR-US: SenseSites CommonSense
CVE-2006-3575 (Unknown vulnerability in the Buffer Overflow Protection in McAfee ...)
        NOT-FOR-US: McAfee VirusScan Enterprise
CVE-2006-3574 (Multiple cross-site scripting (XSS) vulnerabilities in Hitachi ...)
        NOT-FOR-US: Hitachi Groupmax Collaboration Portal and Web Client and uCosminexus Collaboration Portal and Forum/File Sharing
CVE-2006-3573 (Format string vulnerability in agl_text.cpp in Milan Mimica Sparklet ...)
        NOT-FOR-US: Milan Mimica Sparklet
CVE-2006-3572 (SQL injection vulnerability in forumthread.php in Papoo 3 RC3 and ...)
        NOT-FOR-US: Papoo
CVE-2006-3571 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
        NOT-FOR-US: Papoo
CVE-2006-3570 (Cross-site scripting (XSS) vulnerability in the webform module in ...)
        - drupal <not-affected> (webform module is not in Debian Drupal 4.5 package)
CVE-2006-3569 (Unspecified vulnerability in NetApp Data ONTAP 7.0x through 7.0.4P8D9, ...)
        NOT-FOR-US: IBM Data ONTAP
CVE-2006-3568 (Multiple cross-site scripting (XSS) vulnerabilities in guestbook.php ...)
        NOT-FOR-US: Fantastic Guestbook
CVE-2006-3567 (Cross-site scripting (XSS) vulnerability in the web administration ...)
        NOT-FOR-US: Juniper
CVE-2006-3566 (search.results.php in HiveMail 3.1 and earlier allows remote attackers ...)
        NOT-FOR-US: HiveMail
CVE-2006-3565 (SQL injection vulnerability in search.results.php in HiveMail 1.3 and ...)
        NOT-FOR-US: HiveMail
CVE-2006-3564 (Multiple cross-site scripting (XSS) vulnerabilities in HiveMail 1.3 ...)
        NOT-FOR-US: HiveMail
CVE-2006-3563 (Cross-site scripting (XSS) vulnerability in gallery/thumb.php in ...)
        NOT-FOR-US: Winged Gallery
CVE-2006-3562 (PHP remote file inclusion vulnerabilities in plume cms 1.0.4 allow ...)
        NOT-FOR-US: Plume CMS
CVE-2006-3561 (BT Voyager 2091 Wireless firmware 2.21.05.08m_A2pB018c1.d16d and ...)
        NOT-FOR-US: BT Voyager
CVE-2006-3560 (SQL injection vulnerability in topics.php in Blue Dojo Graffiti Forums ...)
        NOT-FOR-US: Blue Dojo Graffiti Forums
CVE-2006-3559 (Multiple SQL injection vulnerabilities in Arif Supriyanto auraCMS 1.62 ...)
        NOT-FOR-US: auraCMS
CVE-2006-3558 (Multiple cross-site scripting (XSS) vulnerabilities in Arif Supriyanto ...)
        NOT-FOR-US: auraCMS
CVE-2006-3557 (MT Orumcek Toplist 2.2 stores DB/orumcektoplist.mdb under the web root ...)
        NOT-FOR-US: MT Orumcek Toplist
CVE-2006-3556 (PHP remote file inclusion vulnerability in extcalendar.php in Mohamed ...)
        NOT-FOR-US: Mohamed Moujami ExtCalendar
CVE-2006-3555 (Multiple cross-site scripting (XSS) vulnerabilities in submit.php in ...)
        NOT-FOR-US: PHP-Fusion
CVE-2006-3554 (Directory traversal vulnerability in index.php in MKPortal 1.0.1 Final ...)
        NOT-FOR-US: MKPortal
CVE-2006-3553 (PlaNet Concept planetNews allows remote attackers to bypass ...)
        NOT-FOR-US: planetNews
CVE-2006-3552 (Premium Anti-Spam in Ipswitch IMail Secure Server 2006 and ...)
        NOT-FOR-US: Ipswitch IMail Secure Server 2006 and Collaboration Suite 2006 Premium
CVE-2006-3551 (NCP Secure Enterprise Client (aka VPN/PKI client) 8.30 Build 59, and ...)
        NOT-FOR-US: NCP VPN/PKI Client (apparently nothing to do with Novell)
CVE-2006-3550 (Multiple cross-site scripting (XSS) vulnerabilities in F5 Networks ...)
        NOT-FOR-US: F5 Netowrks FirePass
CVE-2006-3549 (services/go.php in Horde Application Framework 3.0.0 through 3.0.10 ...)
        - horde3 3.1.2-1 (bug #378281; low)
CVE-2006-3548 (Multiple cross-site scripting (XSS) vulnerabilities in Horde ...)
        - horde3 3.1.2-1 (bug #378281; low)
CVE-2006-3547 (** DISPUTED ** ...)
        NOT-FOR-US: EMC VMware Player
CVE-2006-3546 (Patrice Freydiere ImgSvr (aka ADA Image Server) allows remote ...)
        NOT-FOR-US: Patrice Freydiere ImgSvr
CVE-2006-3545 (** DISPUTED ** Microsoft Internet Explorer 7.0 Beta allows remote ...)
        NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-3544 (** DISPUTED ** ...)
        NOT-FOR-US: Invision Power Board
CVE-2006-3543 (** DISPUTED ** ...)
        NOT-FOR-US: Invision Power Board
CVE-2006-3542 (Multiple cross-site scripting (XSS) vulnerabilities in Garry Glendown ...)
        NOT-FOR-US: Garry Glendown Shopping Cart
CVE-2006-3541 (SQL injection vulnerability in Meine Links (aka My Links) in Kyberna ...)
        NOT-FOR-US: Meine Links (aka My Links) in Kyberna ky2help
CVE-2006-3540 (Check Point Zone Labs ZoneAlarm Internet Security Suite 6.5.722.000, ...)
        NOT-FOR-US: Check Point Zone Labs ZoneAlarm Internet Security Suite
CVE-2006-3539 (Multiple cross-site scripting (XSS) vulnerabilities in DKScript.com ...)
        NOT-FOR-US: DKScript.com Dragon's Kingdom Script
CVE-2006-3538 (Multiple cross-site scripting (XSS) vulnerabilities in demo.php in ...)
        NOT-FOR-US: BeatificFaith Eprayer
CVE-2006-3537 (PHP remote file inclusion vulnerability in index.php in Randshop ...)
        NOT-FOR-US: Randshop
CVE-2006-3536 (Direct static code injection vulnerability in code/class_db_text.php ...)
        NOT-FOR-US: EJ3 TOPo
CVE-2006-3535 (Directory traversal vulnerability in Nullsoft SHOUTcast DSP before ...)
        NOT-FOR-US: Nullsoft SHOUTcast DSP
CVE-2006-3534 (Directory traversal vulnerability in Nullsoft SHOUTcast DSP before ...)
        NOT-FOR-US: Nullsoft SHOUTcast DSP
CVE-2006-3533 (Multiple cross-site scripting (XSS) vulnerabilities in Pivot 1.30 RC2 ...)
        NOT-FOR-US: Pivot
CVE-2006-3532 (PHP file inclusion vulnerability in includes/edit_new.php in Pivot ...)
        NOT-FOR-US: Pivot
CVE-2006-3531 (includes/editor/insert_image.php in Pivot 1.30 RC2 and earlier creates ...)
        NOT-FOR-US: Pivot
CVE-2006-3530 (PHP remote file inclusion vulnerability in ...)
        NOT-FOR-US: PccookBook Component for Mambo and Joomla
CVE-2003-1304 (EarlyImpact ProductCart 1.0 through 2.0 stores database/EIPC.mdb under ...)
        NOT-FOR-US: EarlyImpact ProductCart
CVE-2006-3529 (Memory leak in Juniper JUNOS 6.4 through 8.0, built before May 10, ...)
        NOT-FOR-US: Juniper JUNOS
CVE-2006-3528 (Multiple PHP remote file inclusion vulnerabilities in Simpleboard ...)
        NOT-FOR-US: Simpleboard Mambo module
CVE-2006-3527 (Multiple PHP remote file inclusion vulnerabilities in BosClassifieds ...)
        NOT-FOR-US: BosClassifieds Classified Ads
CVE-2006-3526 (Multiple cross-site scripting (XSS) vulnerabilities in guestbook.php ...)
        NOT-FOR-US: Sport-slo Advanced Guestbook
CVE-2006-3525 (SQL injection vulnerability in category.php in PHCDownload 1.0.0 Final ...)
        NOT-FOR-US: PHCDownload
CVE-2006-3524 (Buffer overflow in SIPfoundry sipXtapi released before 20060324 allows ...)
        NOT-FOR-US: SIPfoundry sipXtapi
CVE-2006-3523 (Clearswift MIMEsweeper for Web before 5.1.15 Hotfix allows remote ...)
        NOT-FOR-US: Clearswift MIMEsweeper
CVE-2006-3522 (Cross-site scripting (XSS) vulnerability in Clearswift MIMEsweeper for ...)
        NOT-FOR-US: Clearswift MIMEsweeper
CVE-2006-3521 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
        NOT-FOR-US: SiteForge Collaborative Development Platform
CVE-2006-3520 (PHP remote file inclusion vulnerability in ...)
        NOT-FOR-US: Sabdrimer Pro
CVE-2006-3519 (Multiple cross-site scripting (XSS) vulnerabilities in The Banner ...)
        NOT-FOR-US: The Banner Engine
CVE-2006-3518 (SQL injection vulnerability in SayfalaAltList.asp in Webvizyon Portal ...)
        NOT-FOR-US: Webvizyon Portal
CVE-2006-3517 (PHP remote file inclusion vulnerability in stats.php in RW::Download, ...)
        NOT-FOR-US: RW::Download
CVE-2006-3516 (Multiple SQL injection vulnerabilities in FreeHost allow remote ...)
        NOT-FOR-US: FreeHost
CVE-2006-3515 (SQL injection vulnerability in the loginADP function in ajaxp.php in ...)
        NOT-FOR-US: AjaxPortal 
CVE-2006-3514 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
        NOT-FOR-US: PHP-Blogger 
CVE-2006-3513 (danim.dll in Microsoft Internet Explorer 6 allows remote attackers to ...)
        NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-3512 (Internet Explorer 6 on Windows XP allows remote attackers to cause a ...)
        NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-3511 (Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause ...)
        NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-3510 (The Remote Data Service Object (RDS.DataControl) in Microsoft Internet ...)
        NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-3509
        RESERVED
CVE-2006-3508
        RESERVED
CVE-2006-3507
        RESERVED
CVE-2006-3506 (Buffer overflow in the Xsan Filesystem driver on Mac OS X 10.4.7 and ...)
        NOT-FOR-US: Mac OS X
CVE-2006-3505 (WebKit in Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to ...)
        NOT-FOR-US: Apple Mac OS
CVE-2006-3504 (The Download Validation in LaunchServices for Apple Mac OS X 10.4.7 ...)
        NOT-FOR-US: Apple Mac OS
CVE-2006-3503 (Integer overflow in ImageIO in Apple Mac OS X 10.4.7 allows ...)
        NOT-FOR-US: Apple Mac OS
CVE-2006-3502 (Unspecified vulnerability in ImageIO in Apple Mac OS X 10.4.7 allows ...)
        NOT-FOR-US: Apple Mac OS
CVE-2006-3501 (Integer overflow in ImageIO for Apple Mac OS X 10.4.7 allows ...)
        NOT-FOR-US: Apple Mac OS
CVE-2006-3500 (The dynamic linker (dyld) in Apple Mac OS X 10.4.7 allows local users ...)
        NOT-FOR-US: Apple Mac OS
CVE-2006-3499 (The dynamic linker (dyld) in Apple Mac OS X 10.3.9 allows local users ...)
        NOT-FOR-US: Apple Mac OS
CVE-2006-3498 (Stack-based buffer overflow in bootpd in the DHCP component for Apple ...)
        NOT-FOR-US: Apple Mac OS
CVE-2006-3497 (Unspecified vulnerability in the &quot;compression state handling&quot; in Bom ...)
        NOT-FOR-US: Apple Mac OS
CVE-2006-3496 (AFP Server in Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers ...)
        NOT-FOR-US: Apple Mac OS
CVE-2006-3495 (AFP Server in Apple Mac OS X 10.3.9 and 10.4.7 stores reconnect keys ...)
        NOT-FOR-US: Apple Mac OS
CVE-2006-3494 (Multiple cross-site scripting (XSS) vulnerabilities in Buddy Zone ...)
        NOT-FOR-US: Buddy Zone
CVE-2006-3493 (Buffer overflow in LsCreateLine function (mso_203) in mso.dll and ...)
        NOT-FOR-US: Microsoft Office
CVE-2006-3492 (The CORBA::ORBInvokeRec::set_answer_invoke function in orb.cc in MICO ...)
        NOT-FOR-US: MICO
CVE-2006-3491 (Stack-based buffer overflow in Kaillera Server 0.86 and earlier allows ...)
        NOT-FOR-US: Kaillera Server
CVE-2006-3490 (F-Secure Anti-Virus 2003 through 2006 and other versions, Internet ...)
        NOT-FOR-US: F-Secure Anti-Virus
CVE-2006-3489 (F-Secure Anti-Virus 2003 through 2006 and other versions, Internet ...)
        NOT-FOR-US: F-Secure Anti-Virus
CVE-2006-3488 (Absolute path traversal vulnerability in administrador.asp in ...)
        NOT-FOR-US: VirtuaStore
CVE-2006-3487 (VirtuaStore 2.0 stores sensitive files under the web root with ...)
        NOT-FOR-US: VirtuaStore
CVE-2006-3485 (Multiple SQL injection vulnerabilities in AstroDog Press Some Chess ...)
        NOT-FOR-US: AstroDog Press Some Chess
CVE-2006-3484 (Multiple cross-site scripting (XSS) vulnerabilities in ATutor before ...)
        NOT-FOR-US: ATutor
CVE-2006-3483 (PHPMailList 1.8.0 stores sensitive information under the web document ...)
        NOT-FOR-US: PHPMailList
CVE-2006-3482 (Cross-site scripting (XSS) vulnerability in maillist.php in ...)
        NOT-FOR-US: PHPMailList
CVE-2006-3481 (Multiple SQL injection vulnerabilities in Joomla! before 1.0.10 allow ...)
        - joomla <itp> (bug #326398)
CVE-2006-3480 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before ...)
        - joomla <itp> (bug #326398)
CVE-2006-3479 (Cross-site request forgery (CSRF) vulnerability in the del_block ...)
        NOT-FOR-US: Nuked-Klan
CVE-2006-3478 (PHP remote file inclusion vulnerability in ...)
        NOT-FOR-US: MyPHP CMS
CVE-2006-3477 (Unspecified vulnerability in the POP service in Stalker CommuniGate ...)
        NOT-FOR-US: Stalker CommuniGate Pro
CVE-2006-3476 (Cross-site scripting (XSS) vulnerability in comments.php in ...)
        NOT-FOR-US: PhpWebGallery
CVE-2006-3475 (Multiple PHP remote file inclusion vulnerabilities in free QBoard 1.1 ...)
        NOT-FOR-US: QBoard
CVE-2006-3474 (Multiple SQL injection vulnerabilities in Belchior Foundry vCard PRO ...)
        NOT-FOR-US: Belchior Foundry vCard PRO
CVE-2006-3473 (CRLF injection vulnerability in form_mail Drupal Module before 1.8.2.2 ...)
        - drupal <not-affected> (form_mail Module not in debian)
CVE-2006-3472 (Microsoft Internet Explorer 6.0 and 6.0 SP1 allows remote attackers to ...)
        NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-3471 (Microsoft Internet Explorer 6 on Windows XP allows remote attackers to ...)
        NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-3470 (The Dell Openmanage CD launches X11 and SSH daemons that do not ...)
        NOT-FOR-US: Dell Openmanage CD
CVE-2006-3469 (Format string vulnerability in time.cc in MySQL Server 4.1 before ...)
        {DSA-1112}
        - mysql-dfsg-5.0 5.0.22-1
CVE-2006-3468 (Linux kernel 2.6.x, when using both NFS and EXT3, allows remote ...)
        - linux-2.6 <unfixed>
        - linux-2.6.16 2.6.16-18
CVE-2006-3467 (Integer overflow in FreeType before 2.2 allows remote attackers to ...)
        - freetype 2.2.1-1 (bug #379920; medium)
        - libxfont 1:1.2.0-2 (medium; bug #383353)
        [sarge] - xfree86 <unfixed> (medium)
CVE-2006-3466
        REJECTED
CVE-2006-3465 (Unspecified vulnerability in the custom tag support for the TIFF ...)
        {DSA-1137-1}
        - tiff 3.8.2-6
CVE-2006-3464 (TIFF library (libtiff) before 3.8.2 allows context-dependent attackers ...)
        {DSA-1137-1}
        - tiff 3.8.2-6
CVE-2006-3463 (The EstimateStripByteCounts function in TIFF library (libtiff) before ...)
        {DSA-1137-1}
        - tiff 3.8.2-6
CVE-2006-3462 (Heap-based buffer overflow in the NeXT RLE decoder in the TIFF library ...)
        {DSA-1137-1}
        - tiff 3.8.2-6
CVE-2006-3461 (Heap-based buffer overflow in the PixarLog decoder in the TIFF library ...)
        {DSA-1137-1}
        - tiff 3.8.2-6
CVE-2006-3460 (Heap-based buffer overflow in the JPEG decoder in the TIFF library ...)
        {DSA-1137-1}
        - tiff 3.8.2-6
CVE-2006-3459 (Multiple stack-based buffer overflows in the TIFF library (libtiff) ...)
        {DSA-1137-1}
        - tiff 3.8.2-6
CVE-2006-3486 (** DISPUTED ** ...)
        - mysql-dfsg-5.0 5.0.22-4 (unimportant)
        [sarge] - mysql-dfsg-4.1 <not-affected> (Vulnerable code not present)
        [sarge] - mysql-dfsg <not-affected> (Vulnerable code not present)
        NOTE: Only DoS possible, only root can trigger this -> non-issue
CVE-2006-3457 (Symantec On-Demand Agent (SODA) before 2.5 MR2 Build 2157, and the ...)
        NOT-FOR-US: Symantec
CVE-2006-3456
        RESERVED
CVE-2006-3455
        RESERVED
CVE-2006-3454
        RESERVED
CVE-2006-3453 (Buffer overflow in Adobe Acrobat 6.0 to 6.0.4 allows remote attackers ...)
        NOT-FOR-US: Adobe acrobat
CVE-2006-3452 (Adobe Reader and Acrobat 6.0.4 and earlier, on Mac OSX, has insecure ...)
        NOT-FOR-US: Adobe acrobat
CVE-2006-3451 (Microsoft Internet Explorer 5 SP4 and 6 do not properly garbage ...)
        NOT-FOR-US: Microsoft
CVE-2006-3450 (Microsoft Internet Explorer 6 allows remote attackers to execute ...)
        NOT-FOR-US: Microsoft
CVE-2006-3449 (Unspecified vulnerability in Microsoft PowerPoint 2000 through 2003, ...)
        NOT-FOR-US: Microsoft
CVE-2006-3448
        RESERVED
CVE-2006-3447
        RESERVED
CVE-2006-3446
        RESERVED
CVE-2006-3445
        RESERVED
CVE-2006-3444 (Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, ...)
        NOT-FOR-US: Microsoft
CVE-2006-3443 (Untrusted search path vulnerability in Winlogon in Microsoft Windows ...)
        NOT-FOR-US: Microsoft
CVE-2006-3442
        RESERVED
CVE-2006-3441 (Buffer overflow in the DNS Client service in Microsoft Windows 2000 ...)
        NOT-FOR-US: Microsoft
CVE-2006-3440 (Buffer overflow in the Winsock API in Microsoft Windows 2000 SP4, XP ...)
        NOT-FOR-US: Microsoft
CVE-2006-3439 (Buffer overflow in the Server Service in Microsoft Windows 2000 SP4, ...)
        NOT-FOR-US: Microsoft
CVE-2006-3438 (Unspecified vulnerability in Microsoft Hyperlink Object Library ...)
        NOT-FOR-US: Microsoft
CVE-2006-3437
        RESERVED
CVE-2006-3436
        RESERVED
CVE-2006-3435
        RESERVED
CVE-2006-3434
        RESERVED
CVE-2006-3433
        RESERVED
CVE-2006-3432
        RESERVED
CVE-2006-3431 (Buffer overflow in certain Asian language versions of Microsoft Excel ...)
        NOT-FOR-US: Microsoft Excel
CVE-2006-3430 (SQL injection vulnerability in checkprofile.asp in (1) PatchLink ...)
        NOT-FOR-US: Novell PatchLink Update Server
CVE-2006-3429 (Cross-site scripting (XSS) vulnerability in TigerTom TTCalc 1.0 allows ...)
        NOT-FOR-US: TTCalc
CVE-2006-3428 (Cross-site scripting (XSS) vulnerability in TigerTom TTCalc 1.0 allows ...)
        NOT-FOR-US: TTCalc
CVE-2006-3427 (Microsoft Internet Explorer 6 allows remote attackers to cause a ...)
        NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-3426 (Directory traversal vulnerability in (a) PatchLink Update Server ...)
        NOT-FOR-US: Novell PatchLink Update Server
CVE-2006-3425 (FastPatch for (a) PatchLink Update Server (PLUS) before 6.1 P1 and ...)
        NOT-FOR-US: Novell PatchLink Update Server
CVE-2006-3424 (Multiple buffer overflows in WebEx Downloader ActiveX Control, ...)
        NOT-FOR-US: WebEx Downloader ActiveX Control
CVE-2006-3423 (WebEx Downloader ActiveX Control and WebEx Downloader Java before ...)
        NOT-FOR-US: WebEx Downloader ActiveX Control
CVE-2006-3422 (PHP remote file inclusion vulnerability in WonderEdit Pro CMS allows ...)
        NOT-FOR-US: WonderEdit Pro CMS
CVE-2006-3421 (PHP remote file inclusion vulnerability in SmartSiteCMS 1.0 and ...)
        NOT-FOR-US: SmartSiteCMS
CVE-2006-3420 (Cross-site request forgery (CSRF) vulnerability in editpost.php in ...)
        NOT-FOR-US: MyBB
CVE-2006-3419 (Tor before 0.1.1.20 uses OpenSSL pseudo-random bytes ...)
        - tor 0.1.1.20-1
CVE-2006-3418 (Tor before 0.1.1.20 does not validate that a server descriptor's ...)
        - tor 0.1.1.20-1
CVE-2006-3417 (Tor client before 0.1.1.20 prefers entry points based on is_fast or ...)
        - tor 0.1.1.20-1
CVE-2006-3416 (** DISPUTED ** ...)
        - tor 0.1.1.20-1
CVE-2006-3415 (Tor before 0.1.1.20 uses improper logic to validate the &quot;OR&quot; ...)
        - tor 0.1.1.20-1
CVE-2006-3414 (Tor before 0.1.1.20 supports server descriptors that contain hostnames ...)
        - tor 0.1.1.20-1
CVE-2006-3413 (The privoxy configuration file in Tor before 0.1.1.20, when run on ...)
        - tor 0.1.1.20-1
CVE-2006-3412 (Tor before 0.1.1.20 does not sufficiently obey certain firewall ...)
        - tor 0.1.1.20-1
CVE-2006-3411 (TLS handshakes in Tor before 0.1.1.20 generate public-private keys ...)
        - tor 0.1.1.20-1
CVE-2006-3410 (Tor before 0.1.1.20 creates &quot;internal circuits&quot; primarily consisting ...)
        - tor 0.1.1.20-1
CVE-2006-3409 (Integer overflow in Tor before 0.1.1.20 allows remote attackers to ...)
        - tor 0.1.1.20-1
CVE-2006-3408 (Unspecified vulnerability in the directory server (dirserver) in Tor ...)
        - tor 0.1.1.20-1
CVE-2006-3407 (Tor before 0.1.1.20 allows remote attackers to spoof log entries or ...)
        - tor 0.1.1.20-1
CVE-2006-3406 (Directory traversal vulnerability in qtofm.php in QTOFileManager 1.0 ...)
        NOT-FOR-US: QTOFileManager
CVE-2006-3405 (Cross-site scripting (XSS) vulnerability in qtofm.php in ...)
        NOT-FOR-US: QTOFileManager
CVE-2006-3403 (The smdb daemon (smbd/service.c) in Samba 3.0.1 through 3.0.22 allows remote ...)
        {DSA-1110}
        - samba 3.0.23a-1 (bug #378070)
CVE-2006-3402 (SQL injection vulnerability in VirtuaStore 2.0 allows remote attackers ...)
        NOT-FOR-US: VirtuaStore
CVE-2006-3401 (Stack-based buffer overflow in Quake 3 Engine as used by Quake 3: ...)
        - quake3 <itp> (bug #337937)
CVE-2006-3400 (Stack-based buffer overflow in the CG_ServerCommand function in Quake ...)
        NOT-FOR-US: Soldier of Fortune 2
CVE-2006-3399 (Cross-site scripting (XSS) vulnerability in wiki.php in MoniWiki ...)
        NOT-FOR-US: MoniWiki
CVE-2006-3398 (The &quot;change password forms&quot; in Taskjitsu before 2.0.1 includes ...)
        NOT-FOR-US: Taskjitsu
CVE-2006-3397 (Multiple cross-site scripting (XSS) vulnerabilities in Taskjitsu ...)
        NOT-FOR-US: Taskjitsu
CVE-2006-3396 (PHP remote file inclusion vulnerability in galleria.html.php in ...)
        NOT-FOR-US: Galleria Mambo Module
CVE-2006-3395 (PHP remote file inclusion vulnerability in top.php in SiteBuilder-FX ...)
        NOT-FOR-US: SiteBuilder-FX
CVE-2006-3394 (SQL injection vulnerability in the files mod in index.php in BXCP ...)
        NOT-FOR-US: BXCP
CVE-2006-3393 (Papyrus NASCAR Racing 4 4.1.3.1.6 and earlier, 2002 Season 1.1.0.2 and ...)
        NOT-FOR-US: Papyrus NASCAR Racing
CVE-2006-3392 (Webmin before 1.290 and Usermin before 1.220 calls the simplify_path ...)
        - webmin <removed> (medium; bug #381537)
CVE-2006-3391 (The Execute function in iMBCContents ActiveX Control before 2.0.0.59 ...)
        NOT-FOR-US: iMBCContents
CVE-2006-3390 (WordPress 2.0.3 allows remote attackers to obtain the installation ...)
        - wordpress <unfixed> (unimportant)
CVE-2006-3389 (index.php in WordPress 2.0.3 allows remote attackers to obtain ...)
        - wordpress <unfixed> (unimportant)
CVE-2006-3388 (Cross-site scripting (XSS) vulnerability in phpMyAdmin before 2.8.2 ...)
        - phpmyadmin 4:2.8.2-0.1 (bug #377748; low)
        [sarge] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2006-3387 (Directory traversal vulnerability in sources/post.php in Fusion News ...)
        NOT-FOR-US: Fusion News
CVE-2006-3386 (index.php in Vincent Leclercq News 5.2 allows remote attackers to ...)
        NOT-FOR-US: Vincent Leclercq News
CVE-2006-3385 (Cross-site scripting (XSS) vulnerability in divers.php in Vincent ...)
        NOT-FOR-US: Vincent Leclercq News
CVE-2006-3384 (SQL injection vulnerability in divers.php in Vincent Leclercq News 5.2 ...)
        NOT-FOR-US: Vincent Leclercq News
CVE-2006-3383 (Cross-site scripting (XSS) vulnerability in index.php in mAds 1.0 ...)
        NOT-FOR-US: mAds
CVE-2006-3382 (Cross-site scripting (XSS) vulnerability in search.php in mAds 1.0 ...)
        NOT-FOR-US: mAds
CVE-2006-3381 (SturGeoN Upload allows remote attackers to execute arbitrary PHP code ...)
        NOT-FOR-US: SturGeoN
CVE-2006-3380 (Algorithmic complexity vulnerability in FreeStyle Wiki before 3.6.2 ...)
        NOT-FOR-US: FreeStyle Wiki
CVE-2006-3379 (Algorithmic complexity vulnerability in Hiki Wiki 0.6.0 through 0.6.5 ...)
        {DSA-1119}
        - hiki 0.8.6-1 (bug #378059; low)
CVE-2006-3378 (passwd command in shadow in Ubuntu 5.04 through 6.06 LTS, when called ...)
        {DSA-1150-1}
        - shadow 1:4.0.14-1
CVE-2006-3377 (Cross-site scripting (XSS) vulnerability in JMB Software AutoRank PHP ...)
        NOT-FOR-US: JMB Software AutoRank PHP
CVE-2006-3376 (Integer overflow in player.c in libwmf 0.2.8.4, as used in multiple ...)
        - libwmf 0.2.8.4-2 (bug #381538; medium)
CVE-2006-3375 (PHP remote file inclusion vulnerability in includes/header.inc.php in ...)
        NOT-FOR-US: Randshop
CVE-2006-3374 (PHP remote file inclusion vulnerability in index.php in Randshop 1.2 ...)
        NOT-FOR-US: Randshop
CVE-2006-3373 (Unspecified vulnerability in the client/bin/logfetch script in Hobbit ...)
        NOT-FOR-US: Hobbit
CVE-2006-3372 (Apple Safari 2.0.4/419.3 allows remote attackers to cause a denial of ...)
        NOT-FOR-US: Apple Safari
CVE-2006-3371 (Eupla Foros 1.0 stores the inc/config.inc file under the web document ...)
        NOT-FOR-US: Eupla Foros
CVE-2006-3370 (Blueboy 1.0.3 stores bb_news_config.inc under the web document root ...)
        NOT-FOR-US: Blueboy
CVE-2006-3369 (Kamikaze-QSCM 0.1 stores config.inc under the web document root with ...)
        NOT-FOR-US: Kamikaze-QSCM
CVE-2006-3368 (Efone 20000723 stores config.inc under the web document root with ...)
        NOT-FOR-US: Efone
CVE-2006-3367 (Mp3 JudeBox Server (Mp3NetBox) Beta 1 stores config.inc under the web ...)
        NOT-FOR-US: Mp3NetBox
CVE-2006-3366 (Multiple cross-site scripting (XSS) vulnerabilities in V3 Chat allow ...)
        NOT-FOR-US: V3 Chat
CVE-2006-3365 (mail/index.php in V3 Chat allows remote attackers to obtain the ...)
        NOT-FOR-US: V3 Chat
CVE-2006-3364 (SQL injection vulnerability in index.php in the NP_SEO plugin in ...)
        NOT-FOR-US: BLOG:CMS
CVE-2006-3363 (PHP remote file inclusion vulnerability in index.php in the Glossaire ...)
        NOT-FOR-US: Glossaire for Xoops
CVE-2006-3362 (connectors/php/connector.php in FCKeditor mcpuk file manager, as used ...)
        - knowledgeroot <not-affected> (fixed before first upload; see bug #381912)
CVE-2006-3361 (PHP remote file inclusion vulnerability in Stud.IP 1.3.0-2 and ...)
        NOT-FOR-US: Stud.IP
CVE-2006-3360 (Directory traversal vulnerability in index.php in phpSysInfo 2.5.1 ...)
        - phpsysinfo <unfixed> (low)
        - egroupware <unfixed> (low)
        - phpgroupware <unfixed> (low)
CVE-2006-3359 (Multiple SQL injection vulnerabilities in index.php in NewsPHP 2006 ...)
        NOT-FOR-US: NewsPHP
CVE-2006-3358 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
        NOT-FOR-US: NewsPHP
CVE-2006-3357 (Heap-based buffer overflow in HTML Help ActiveX control (hhctrl.ocx) ...)
        NOT-FOR-US: HTML Help ActiveX control
CVE-2006-3356 (The TIFFFetchAnyArray function in ImageIO in Apple OS X 10.4.7 and ...)
        NOT-FOR-US: Apple
CVE-2006-3355 (Heap-based buffer overflow in httpdget.c in mpg123 before 0.59s-rll ...)
        - mpg123 <unfixed> (bug #377264; medium)
        [sarge] - mpg123 <no-dsa> (Non-free not supported)
CVE-2006-3354 (Microsoft Internet Explorer 6 allows remote attackers to cause a ...)
        NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-3353 (Opera 9 allows remote attackers to cause a denial of service (crash) ...)
        NOT-FOR-US: Opera
CVE-2006-3352 (** DISPUTED ** ...)
        NOTE: firefox, but invalid
CVE-2006-3351 (Buffer overflow in Windows Explorer (explorer.exe) on Windows XP and ...)
        NOT-FOR-US: Windows Explorer
CVE-2006-3695 (Trac before 0.9.6 does not disable the &quot;raw&quot; or &quot;include&quot; commands ...)
        {DSA-1152}
        - trac 0.9.6-1 (medium)
        [sarge] - trac 0.8.1-3sarge5
CVE-2006-3458 (Zope 2.7.0 to 2.7.8, 2.8.0 to 2.8.7, and 2.9.0 to 2.9.3 (Zope2) does ...)
        {DSA-1113}
        - zope2.7 <removed> (bug #377285; medium)
        - zope2.8 2.8.7-2 (bug #377277; medium)
        - zope2.9 2.9.3-3 (bug #377286; medium)
CVE-2006-3404 (Buffer overflow in the xcf_load_vector function in app/xcf/xcf-load.c ...)
        {DSA-1116}
        - gimp 2.2.11-3.1 (bug #377049; medium)
CVE-2006-3350 (Stack-based buffer overflow in AutoVue SolidModel Professional Desktop ...)
        NOT-FOR-US: AutoVue SolidModel Professional Desktop
CVE-2006-3349 (Multiple SQL injection vulnerabilities in SmS Script allow remote ...)
        NOT-FOR-US: SmS Script
CVE-2006-3348 (Multiple SQL injection vulnerabilities in HSPcomplete 3.2.2 and 3.3 ...)
        NOT-FOR-US: HSPcomplete
CVE-2006-3347 (SQL injection vulnerability in index.php in deV!Lz Clanportal DZCP ...)
        NOT-FOR-US: deV!Lz Clanportal DZCP
CVE-2006-3346 (SQL injection vulnerability in tree.php in MyNewsGroups 0.6 allows ...)
        NOT-FOR-US: MyNewsGroups
CVE-2006-3345 (Cross-site scripting (XSS) vulnerability in AliPAGER, possibly 1.5 and ...)
        NOT-FOR-US: AliPAGER
CVE-2006-3344 (Siemens Speedstream Wireless Router 2624 allows local users to bypass ...)
        NOT-FOR-US: Siemens Speedstream Wireless Router
CVE-2006-3343 (PHP remote file inclusion vulnerability in recipe/cookbook.php in ...)
        NOT-FOR-US: CrisoftRicette
CVE-2006-3342 (Cross-site scripting (XSS) vulnerability in index.php in Arctic 1.0.2 ...)
        NOT-FOR-US: Arctic
CVE-2006-3341 (SQL injection vulnerability in annonces-p-f.php in MyAds module 2.04jp ...)
        NOT-FOR-US: MyAds module for Xoops 
CVE-2006-3340 (Multiple PHP remote file inclusion vulnerabilities in Pearl For Mambo ...)
        NOT-FOR-US: Pearl For Mambo
CVE-2006-3339 (secure/ConfigureReleaseNote.jspa in Atlassian JIRA 3.6.2-#156 allows ...)
        NOT-FOR-US: Atlassian
CVE-2006-3338 (Cross-site scripting (XSS) vulnerability in Atlassian JIRA 3.6.2-#156 ...)
        NOT-FOR-US: Atlassian
CVE-2006-3337 (Cross-site scripting (XSS) vulnerability in ...)
        NOT-FOR-US: cPanel (not the Chinese language tool in Debian)
CVE-2006-3336 (TWiki 01-Dec-2000 up to 4.0.3 allows remote attackers to bypass the ...)
        - twiki <unfixed> (low; bug #381907)
        NOTE: only in some server configurations
CVE-2006-3335 (Unspecified vulnerability in mkdir in HP-UX B.11.00, B.11.04, B.11.11, ...)
        NOT-FOR-US: HP-UX
CVE-2006-3334 (Buffer overflow in the png_decompress_chunk function in pngrutil.c in ...)
        - libpng 1.2.8rel-5.2 (bug #377298; unimportant)
        NOTE: A static 50 char array consumes 13 machine words on 32bit archs, so the overflow
        NOTE: cannot overwrite other memory sections
CVE-2006-3333 (Cross-site scripting (XSS) vulnerability in index.php in Zorum Forum ...)
        NOT-FOR-US: Zorum Forum
CVE-2006-3332 (SQL injection vulnerability in index.php in Zorum Forum 3.5 allows ...)
        NOT-FOR-US: Zorum Forum
CVE-2006-3331 (Opera before 9.0 does not reset the SSL security bar after displaying ...)
        NOT-FOR-US: Opera
CVE-2006-3330 (Cross-site scripting (XSS) vulnerability in AddAsset1.php in PHP/MySQL ...)
        NOT-FOR-US: PHP/MySQL Classifieds
CVE-2006-3329 (SQL injection vulnerability in search.php in PHP/MySQL Classifieds ...)
        NOT-FOR-US: PHP/MySQL Classifieds
CVE-2006-3328 (new_ticket.cgi in Hostflow 2.2.1-15 allows remote attackers to steal ...)
        NOT-FOR-US: Hostflow
CVE-2006-3327 (Cross-site scripting (XSS) vulnerability in Custom dating biz dating ...)
        NOT-FOR-US: Custom dating biz dating script
CVE-2006-3326 (Directory traversal vulnerability in QuickZip 3.06.3 allows remote ...)
        NOT-FOR-US: QuickZip
CVE-2006-3325 (client/cl_parse.c in the id3 Quake 3 Engine 1.32c and the Icculus ...)
        - quake3 <itp> (bug #337937)
CVE-2006-3324 (The Automatic Downloading option in the id3 Quake 3 Engine and the ...)
        - quake3 <itp> (bug #337937)
CVE-2006-3323 (PHP remote file inclusion vulnerability in admin/admin.php in MF ...)
        NOT-FOR-US: MF Piadas
CVE-2006-3322 (SQL injection vulnerability in includes/functions_logging.php in ...)
        NOT-FOR-US: phpRaid
CVE-2006-3321 (Multiple cross-site scripting (XSS) vulnerabilities in openforum.asp ...)
        NOT-FOR-US: OpenForum
CVE-2006-3320 (Cross-site scripting (XSS) vulnerability in command.php in SiteBar ...)
        {DSA-1130-1}
        - sitebar 3.3.8-1.1 (bug #377299; low)
CVE-2006-3319 (Cross-site scripting (XSS) vulnerability in rss/index.php in PHP ...)
        NOT-FOR-US: PHP iCalendar
CVE-2006-3318 (SQL injection vulnerability in register.php for phpRaid 3.0.6 and ...)
        NOT-FOR-US: phpRaid
CVE-2006-3317 (PHP remote file inclusion vulnerability in phpRaid 3.0.6 allows remote ...)
        NOT-FOR-US: phpRaid
CVE-2006-3316 (Multiple PHP remote file inclusion vulnerabilities in phpRaid 3.0.5 ...)
        NOT-FOR-US: phpRaid
CVE-2006-3315 (PHP remote file inclusion vulnerability in page.php in an unspecified ...)
        NOT-FOR-US: "unspecified RahnemaCo.com product, possibly eShop"
CVE-2006-3314 (PHP remote file inclusion vulnerability in page.php in an unspecified ...)
        NOT-FOR-US: "unspecified RahnemaCo.com product, possibly eShop"
CVE-2006-3313 (Cross-site scripting (XSS) vulnerability in search.jsp in Netsoft ...)
        NOT-FOR-US: Netsoft smartNet
CVE-2006-3312 (Multiple cross-site scripting (XSS) vulnerabilities in ashmans and ...)
        NOT-FOR-US: QaTraq
CVE-2006-3311
        RESERVED
CVE-2006-3310
        RESERVED
CVE-2006-3309 (SQL injection vulnerability in SPT--ForumTopics.php in Scout Portal ...)
        NOT-FOR-US: Scout Portal
CVE-2006-3308 (Unspecified vulnerability in the wpprop code for Project EROS ...)
        NOT-FOR-US: bbsengine
CVE-2006-3307 (Multiple SQL injection vulnerabilities in Project EROS bbsengine ...)
        NOT-FOR-US: bbsengine
CVE-2006-3306 (Cross-site scripting (XSS) vulnerability in the preparestring funtion ...)
        NOT-FOR-US: bbsengine
CVE-2006-3305 (Multiple cross-site scripting (XSS) vulnerabilities in UebiMiau ...)
        NOT-FOR-US: UebiMiau
CVE-2006-3304 (SQL injection vulnerability in cp.php in DeluxeBB 1.07 and earlier ...)
        NOT-FOR-US: DeluxeBB
CVE-2006-3303 (Multiple cross-site scripting (XSS) vulnerabilities in pm.php in ...)
        NOT-FOR-US: DeluxeBB
CVE-2006-3302 (PHP remote file inclusion vulnerability in mod_cbsms.php in CBSMS ...)
        NOT-FOR-US: CBSMS Mambo module
CVE-2006-3301 (Multiple cross-site scripting (XSS) vulnerabilities in phpQLAdmin ...)
        - phpqladmin <unfixed> (bug #376442; low)
CVE-2006-3300 (PHP remote file inclusion vulnerability in sms_config/gateway.php in ...)
        NOT-FOR-US: phpmysms
CVE-2006-3299 (Cross-site scripting (XSS) vulnerability in index.php in Usenet Script ...)
        NOT-FOR-US: Usenet Script
CVE-2006-3298 (Yahoo! Messenger 7.5.0.814 and 7.0.438 allows remote attackers to ...)
        NOT-FOR-US: Offical Yahoo! Messenger client
CVE-2006-3297 (Cross-site scripting (XSS) vulnerability in error.php in UebiMiau ...)
        NOT-FOR-US: UebiMiau
CVE-2006-3296 (SQL injection vulnerability in view.php in Open Guestbook 0.5 allows ...)
        NOT-FOR-US: Open Guestbook
CVE-2006-3295 (Cross-site scripting (XSS) vulnerability in header.php in Open ...)
        NOT-FOR-US: Open Guestbook
CVE-2006-3294 (PHP remote file inclusion vulnerability in mod_cbsms_messages.php in ...)
        NOT-FOR-US: CBSMS Mambo module
CVE-2006-3293 (parse_notice (TiCPU) in EnergyMech (emech) before 3.0.2 allows remote ...)
        NOT-FOR-US: EnergyMech
CVE-2006-3292 (SQL injection vulnerability in the Search gadget in Jaws 0.6.2 allows ...)
        NOT-FOR-US: Jaws
CVE-2006-3291 (The web interface on Cisco IOS 12.3(8)JA and 12.3(8)JA1, as used on ...)
        NOT-FOR-US: Cisco
CVE-2006-3290 (HTTP server in Cisco Wireless Control System (WCS) for Linux and ...)
        NOT-FOR-US: Cisco
CVE-2006-3289 (Cross-site scripting (XSS) vulnerability in the login page of the HTTP ...)
        NOT-FOR-US: Cisco
CVE-2006-3288 (Unspecified vulnerability in the TFTP server in Cisco Wireless Control ...)
        NOT-FOR-US: Cisco
CVE-2006-3287 (Cisco Wireless Control System (WCS) for Linux and Windows 4.0(1) and ...)
        NOT-FOR-US: Cisco
CVE-2006-3286 (The internal database in Cisco Wireless Control System (WCS) for Linux ...)
        NOT-FOR-US: Cisco
CVE-2006-3285 (The internal database in Cisco Wireless Control System (WCS) for Linux ...)
        NOT-FOR-US: Cisco
CVE-2006-3284 (Cross-site scripting (XSS) vulnerability in Dating Agent PRO 4.7.1 ...)
        NOT-FOR-US: Dating Agent PRO
CVE-2006-3283 (SQL injection vulnerability in Dating Agent PRO 4.7.1 allows remote ...)
        NOT-FOR-US: Dating Agent PRO
CVE-2006-3282 (requirements.php in Dating Agent PRO 4.7.1 allows remote attackers to ...)
        NOT-FOR-US: Dating Agent PRO
CVE-2006-3281 (Microsoft Internet Explorer 6.0 does not properly handle Drag and Drop ...)
        NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-3280 (Cross-domain vulnerability in Microsoft Internet Explorer 6.0 allows ...)
        NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-3279 (Cross-site scripting (XSS) vulnerability in aeDating 4.1 allows remote ...)
        NOT-FOR-US: aeDating
CVE-2006-3278 (Cross-site scripting (XSS) vulnerability in H-Sphere 2.5.1 Beta 1 and ...)
        NOT-FOR-US: H-Sphere
CVE-2006-3277 (The SMTP service of MailEnable Standard 1.92 and earlier, Professional ...)
        NOT-FOR-US: MailEnable
CVE-2006-3276 (Heap-based buffer overflow in RealNetworks Helix DNA Server 10.0 and ...)
        NOT-FOR-US: Helix DNA Server
CVE-2006-3275 (SQL injection vulnerability in profile.php in YaBB SE 1.5.5 and ...)
        NOT-FOR-US: YaBB
CVE-2006-3274 (Directory traversal vulnerability in Webmin before 1.280, when run on ...)
        - webmin <not-affected> (only windows)
CVE-2006-3273 (Cross-site scripting (XSS) vulnerability in menu.php in Some Chess 1.5 ...)
        NOT-FOR-US: Some Chess
CVE-2006-3272 (Cross-site request forgery (CSRF) vulnerability in menu.php in Some ...)
        NOT-FOR-US: Some Chess
CVE-2006-3271 (Multiple SQL injection vulnerabilities in Softbiz Dating 1.0 allow ...)
        NOT-FOR-US: Softbiz Dating
CVE-2006-3270 (SQL injection vulnerability in cms_admin.php in THoRCMS 1.3.1 allows ...)
        NOT-FOR-US: THoRCMS
CVE-2006-3269 (PHP remote file inclusion vulnerability in includes/functions_cms.php ...)
        NOT-FOR-US: THoRCMS
CVE-2006-3268 (Unspecified vulnerability in the Windows Client API in Novell ...)
        NOT-FOR-US: Novell GroupWise
CVE-2006-3267 (SQL injection vulnerability in index.php in Infinite Core Technologies ...)
        NOT-FOR-US: Infinite Core Technologies
CVE-2006-3266 (Multiple PHP remote file inclusion vulnerabilities in Bee-hive Lite ...)
        NOT-FOR-US: Bee-hive
CVE-2006-3265 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
        NOT-FOR-US: Qdig
CVE-2006-3264 (Cross-site scripting (XSS) vulnerability in mclient.cgi in Namo ...)
        NOT-FOR-US: Namo DeepSearch
CVE-2006-3263 (SQL injection vulnerability in the Weblinks module (weblinks.php) in ...)
        - mambo 4.5.3h-2 (medium)
CVE-2006-3262 (SQL injection vulnerability in the Weblinks module (weblinks.php) in ...)
        - mambo 4.5.3h-2 (medium)
CVE-2006-3261 (Cross-site scripting (XSS) vulnerability in Trend Micro Control ...)
        NOT-FOR-US: Trend Micro Control Manager
CVE-2006-3260 (Cross-site scripting (XSS) vulnerability in index.php in vlbook 1.02 ...)
        NOT-FOR-US: vlbook
CVE-2006-3259 (Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.5 ...)
        NOT-FOR-US: e107
CVE-2006-3258 (Multiple cross-site scripting (XSS) vulnerabilities in index.html in ...)
        NOT-FOR-US: BNBT TrinEdit and EasyTracker
CVE-2006-3257 (Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.7.7 ...)
        NOT-FOR-US: Claroline
CVE-2006-3256 (SQL injection vulnerability in report.php in Woltlab Burning Board ...)
        NOT-FOR-US: Woltlab Burning Board
CVE-2006-3255 (SQL injection vulnerability in showmods.php in Woltlab Burning Board ...)
        NOT-FOR-US: Woltlab Burning Board
CVE-2006-3254 (SQL injection vulnerability in newthread.php in Woltlab Burning Board ...)
        NOT-FOR-US: Woltlab Burning Board
CVE-2006-3253 (** DISPUTED ** ...)
        NOT-FOR-US: vBulletin
CVE-2006-3252 (Buffer overflow in the Online Registration Facility for Algorithmic ...)
        NOT-FOR-US: Algorithmic Research PrivateWire VPN
CVE-2006-3251 (Heap-based buffer overflow in the array_push function in hashcash.c ...)
        {DSA-1114}
        - hashcash 1.21
CVE-2006-3250 (Heap-based buffer overflow in Windows Live Messenger 8.0 allows ...)
        NOT-FOR-US: Windows Live Messenger
CVE-2006-3249 (** DISPUTED ** ...)
        NOT-FOR-US: Phorum
CVE-2006-3248 (SQL injection vulnerability in calendar.php in Codewalkers PHP Event ...)
        NOT-FOR-US: PHP Event Calendar
CVE-2006-3247 (Multiple cross-site scripting (XSS) vulnerabilities in show.php in ...)
        NOT-FOR-US: GL-SH Deaf Forum
CVE-2006-3246 (Cross-site scripting (XSS) vulnerability in show.php in GL-SH Deaf ...)
        NOT-FOR-US: GL-SH Deaf Forum
CVE-2006-3245 (Multiple cross-site scripting (XSS) vulnerabilities in activatemember ...)
        NOT-FOR-US: mvnForum
CVE-2006-3244 (Multiple SQL injection vulnerabilities in Anthill 0.2.6 and earlier ...)
        NOT-FOR-US: Anthill
CVE-2006-3243 (SQL injection vulnerability in usercp.php in MyBB (MyBulletinBoard) ...)
        NOT-FOR-US: MyBB
CVE-2006-3242 (Stack-based buffer overflow in the browse_get_namespace function in ...)
        {DSA-1108}
        - mutt 1.5.11+cvs20060403-2 (low; bug #375828)
CVE-2006-3241 (Cross-site scripting (XSS) vulnerability in messages.php in XennoBB ...)
        NOT-FOR-US: XennoBB
CVE-2006-3240 (Cross-site scripting (XSS) vulnerability in classes/ui.class.php in ...)
        NOT-FOR-US: dotProject
CVE-2006-3239 (SQL injection vulnerability in message.php in VBZooM 1.11 and earlier ...)
        NOT-FOR-US: VBZooM
CVE-2006-3238 (Multiple SQL injection vulnerabilities in VBZooM 1.00 and earlier ...)
        NOT-FOR-US: VBZooM
CVE-2006-3237 (Cross-site scripting (XSS) vulnerability in index.php in Enterprise ...)
        NOT-FOR-US: Enterprise Groupware System
CVE-2006-3236 (Multiple SQL injection vulnerabilities in thinkWMS 1.0 and earlier ...)
        NOT-FOR-US: thinkWMS
CVE-2006-3235 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
        NOT-FOR-US: FineShop
CVE-2006-3234 (Multiple SQL injection vulnerabilities in index.php in FineShop 3.0 ...)
        NOT-FOR-US: FineShop
CVE-2006-3233 (Cross-site scripting (XSS) vulnerability in openwebmail-read.pl in ...)
        NOT-FOR-US: OpenWebMail
CVE-2006-3232 (Unspecified vulnerability in IBM WebSphere Application Server before ...)
        NOT-FOR-US: IBM WebSphere
CVE-2006-3231 (Unspecified vulnerability in IBM WebSphere Application Server before ...)
        NOT-FOR-US: IBM WebSphere
CVE-2006-3230 (Cross-site scripting (XSS) vulnerability in index.tmpl in Azureus ...)
        NOT-FOR-US: Azureus plugin that isn't distributed by default
CVE-2006-3229 (Cross-site scripting (XSS) vulnerability in OpenWebMail (OWM) 2.52, ...)
        NOT-FOR-US: OpenWebMail
CVE-2006-3228 (Buffer overflow in in_midi.dll for WinAmp 2.90 up to 5.23, including ...)
        NOT-FOR-US: WinAmp
CVE-2006-3227 (Interpretation conflict between Internet Explorer and other web ...)
        NOT-FOR-US: Internet Explorer
CVE-2006-3226 (Cisco Secure Access Control Server (ACS) 4.x for Windows uses the ...)
        NOT-FOR-US: Cisco Secure Access Control Server
CVE-2006-3225 (Cross-site scripting (XSS) vulnerability in Sun ONE Application Server ...)
        NOT-FOR-US: Sun ONE Application Server
CVE-2006-3224 (Apple Safari 2.0.3 (417.9.3) on Mac OS X 10.4.6 allows remote ...)
        NOT-FOR-US: Apple Safari
CVE-2006-3223 (Format string vulnerability in CA Integrated Threat Management (ITM), ...)
        NOT-FOR-US: CA Integrated Threat Management (ITM), eTrust Antivirus (eAV), and eTrust PestPatrol (ePP)
CVE-2006-3222 (The FTP proxy module in Fortinet FortiOS (FortiGate) before 2.80 MR12 ...)
        NOT-FOR-US: Fortinet FortiOS
CVE-2006-3221 (SQL injection vulnerability in index.php in DataLife Engine 4.1 and ...)
        NOT-FOR-US: DataLife
CVE-2006-3220 (SQL injection vulnerability in studienplatztausch.php in Woltlab ...)
        NOT-FOR-US: Woltlab Burning Board 
CVE-2006-3219 (SQL injection vulnerability in thread.php in Woltlab Burning Board ...)
        NOT-FOR-US: Woltlab Burning Board
CVE-2006-3218 (SQL injection vulnerability in profile.php in Woltlab Burning Board ...)
        NOT-FOR-US: Woltlab Burning Board
CVE-2006-3217 (JaguarEditControl (JEdit) ActiveX Control 1.1.0.20 and earlier allows ...)
        NOT-FOR-US: JaguarEditControl
CVE-2006-3216 (Clearswift MAILsweeper for SMTP before 4.3.20 and MAILsweeper for ...)
        NOT-FOR-US: MAILsweeper
CVE-2006-3215 (Clearswift MAILsweeper for SMTP before 4.3.20 and MAILsweeper for ...)
        NOT-FOR-US: MAILsweeper
CVE-2006-3214 (Unspecified vulnerability in Hitachi Groupmax Address Server 7 and ...)
        NOT-FOR-US: Hitachi Groupmax
CVE-2006-3213 (SQL injection vulnerability in WeBBoA Hosting 1.1 allows remote ...)
        NOT-FOR-US: WeBBoA Hosting
CVE-2006-3212 (Cross-site scripting (XSS) vulnerability in sign.php in cjGuestbook ...)
        NOT-FOR-US: cjGuestbook
CVE-2006-3211 (Cross-site scripting (XSS) vulnerability in sign.php in cjGuestbook ...)
        NOT-FOR-US: cjGuestbook
CVE-2006-3210 (Ralf Image Gallery (RIG) 0.7.4 and other versions before 1.0, when ...)
        NOT-FOR-US: Ralf Image Gallery
CVE-2006-3209 (** DISPUTED ** The Task scheduler (at.exe) on Microsoft Windows XP ...)
        NOT-FOR-US: Microsoft Windows
CVE-2006-3208 (Direct static code injection vulnerability in Ultimate PHP Board (UPB) ...)
        NOT-FOR-US: Ultimate PHP Board
CVE-2006-3207 (Directory traversal vulnerability in newpost.php in Ultimate PHP Board ...)
        NOT-FOR-US: Ultimate PHP Board
CVE-2006-3206 (register.php in Ultimate PHP Board (UPB) 1.9.6 and earlier allows ...)
        NOT-FOR-US: Ultimate PHP Board
CVE-2006-3205 (Ultimate PHP Board (UPB) 1.9.6 and earlier allows remote attackers to ...)
        NOT-FOR-US: Ultimate PHP Board
CVE-2006-3204 (Ultimate PHP Board (UPB) 1.9.6 and earlier uses a cryptographically ...)
        NOT-FOR-US: Ultimate PHP Board
CVE-2006-3203 (The installation of Ultimate PHP Board (UPB) 1.9.6 and earlier ...)
        NOT-FOR-US: Ultimate PHP Board
CVE-2006-3202 (The ip6_savecontrol function in NetBSD 2.0 through 3.0, under certain ...)
        NOT-FOR-US: NetBSD's KAME stack
CVE-2006-3201 (Unspecified vulnerability in the kernel in HP-UX B.11.00, B.11.11, and ...)
        NOT-FOR-US: HP-UX
CVE-2006-3200 (Unspecified versions of Internet Explorer allow remote attackers to ...)
        NOT-FOR-US: Internet Explorer
CVE-2006-3199 (Opera 9 allows remote attackers to cause a denial of service (crash) ...)
        NOT-FOR-US: Opera
CVE-2006-3198 (Integer overflow in Opera 8.54 and earlier allows remote attackers to ...)
        NOT-FOR-US: Opera
CVE-2006-3197 (Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB) ...)
        NOT-FOR-US: Invision Power Board
CVE-2006-3196 (index.php in singapore 0.10.0 and earlier allows remote attackers to ...)
        NOT-FOR-US: singapore
CVE-2006-3195 (Cross-site scripting (XSS) vulnerability in index.php in singapore ...)
        NOT-FOR-US: singapore
CVE-2006-3194 (Directory traversal vulnerability in index.php in singapore 0.10.0 and ...)
        NOT-FOR-US: singapore
CVE-2006-3193 (Multiple PHP remote file inclusion vulnerabilities in Grayscale ...)
        NOT-FOR-US: BandSite
CVE-2006-3192 (PHP remote file inclusion vulnerability in Ad Manager Pro 2.6 allows ...)
        NOT-FOR-US: Ad Manager
CVE-2006-3191 (Cross-site scripting (XSS) vulnerability in comment.php in MPCS 0.2 ...)
        NOT-FOR-US: MPCS
CVE-2006-3190 (SQL injection vulnerability in administration/includes/login/auth.php ...)
        NOT-FOR-US: HotPlug CMS
CVE-2006-3189 (Cross-site scripting (XSS) vulnerability in ...)
        NOT-FOR-US: HotPlug CMS
CVE-2006-3188 (Multiple SQL injection vulnerabilities in Sharky e-shop 3.05 and ...)
        NOT-FOR-US: Sharky e-shop
CVE-2006-3187 (Multiple cross-site scripting (XSS) vulnerabilities in Sharky e-shop ...)
        NOT-FOR-US: Sharky e-shop
CVE-2006-3186 (Multiple cross-site scripting (XSS) vulnerabilities in CMS Faethon ...)
        NOT-FOR-US: CMS Faethon
CVE-2006-3185 (PHP remote file inclusion vulnerability in data/header.php in CMS ...)
        NOT-FOR-US: CMS Faethon
CVE-2006-3184 (Direct static code injection vulnerability in ASP Stats Generator ...)
        NOT-FOR-US: ASP Stats Generator
CVE-2006-3183 (Cross-site scripting (XSS) vulnerability in index.php in MobeScripts ...)
        NOT-FOR-US: Mobile Space Community
CVE-2006-3182 (Directory traversal vulnerability in index.php in MobeScripts Mobile ...)
        NOT-FOR-US: Mobile Space Community
CVE-2006-3181 (SQL injection vulnerability in index.php in MobeScripts Mobile Space ...)
        NOT-FOR-US: Mobile Space Community
CVE-2006-3180 (Cross-site scripting (XSS) vulnerability in ftp_index.php in Confixx ...)
        NOT-FOR-US: Confixx Pro
CVE-2006-3179 (Cross-site scripting (XSS) vulnerability in tools_ftp_pwaendern.php in ...)
        NOT-FOR-US: Confixx Pro
CVE-2006-3178 (Directory traversal vulnerability in extract_chmLib example program in ...)
        {DSA-1144-1}
        - chmlib 0.38-1 (bug #374085; low)
CVE-2006-3177 (PHP remote file inclusion vulnerability in Admin/rtf_parser.php in The ...)
        NOT-FOR-US: The Bible Portal Project
CVE-2006-3176 (SQL injection vulnerability in xarancms_haupt.php in xarancms 2.0 ...)
        NOT-FOR-US: xarancms
CVE-2006-3175 (Multiple PHP remote file inclusion vulnerabilities in mcGuestbook 1.3 ...)
        NOT-FOR-US: mcGuestbook
CVE-2006-3174 (Cross-site scripting (XSS) vulnerability in search.php in SquirrelMail ...)
        - squirrelmail 2:1.4.7-1 (bug #375782; low)
        [sarge] - squirrelmail <no-dsa> (Operation with registers_globals not supported)
CVE-2006-3173 (Multiple PHP remote file inclusion vulnerabilities in Content*Builder ...)
        NOT-FOR-US: Content*Builder
CVE-2006-3172 (Multiple PHP remote file inclusion vulnerabilities in Content*Builder ...)
        NOT-FOR-US: Content*Builder
CVE-2006-3171 (CRLF injection vulnerability in CS-Forum before 0.82 allows remote ...)
        NOT-FOR-US: CS-Forum
CVE-2006-3170 (CS-Forum before 0.82 allows remote attackers to obtain sensitive ...)
        NOT-FOR-US: CS-Forum
CVE-2006-3169 (Multiple cross-site scripting (XSS) vulnerabilities in CS-Forum 0.81 ...)
        NOT-FOR-US: CS-Forum
CVE-2006-3168 (SQL injection vulnerability in CS-Forum before 0.82 allows remote ...)
        NOT-FOR-US: CS-Forum
CVE-2006-3167 (Free Realty before 2.9 allows remote attackers to obtain the full path ...)
        NOT-FOR-US: Free Realty
CVE-2006-3166 (Cross-site scripting (XSS) vulnerability in propview.php in Free ...)
        NOT-FOR-US: Free Realty
CVE-2006-3165 (SQL injection vulnerability in propview.php in Free Realty 2.9-0.7 and ...)
        NOT-FOR-US: Free Realty
CVE-2006-3164 (SQL injection vulnerability in category.php in TPL Design tplShop 2.0 ...)
        NOT-FOR-US: tplShop
CVE-2006-3163 (Multiple SQL injection vulnerabilities in galeria.php in IMGallery 2.4 ...)
        NOT-FOR-US: IMGallery
CVE-2006-3162 (PHP remote file inclusion vulnerability in include/inc_foot.php in ...)
        NOT-FOR-US: SmartSiteCMS
CVE-2006-3161 (SQL injection vulnerability in misc.php in SaphpLesson 1.1 and earlier ...)
        NOT-FOR-US: SaphpLesson
CVE-2006-3160 (Cross-site scripting (XSS) vulnerability in fm.php in ONEdotOH Simple ...)
        NOT-FOR-US: Simple File Manager
CVE-2006-3159 (pipe_master in Sun ONE/iPlanet Messaging Server 5.2 HotFix 1.16 (built ...)
        NOT-FOR-US: Sun ONE/iPlanet Messaging Server
CVE-2006-3158 (index.php in Eduha Meeting does not properly restrict file extensions ...)
        NOT-FOR-US: Eduha Meeting
CVE-2006-3157 (Cross-site scripting (XSS) vulnerability in index.php in Thinkfactory ...)
        NOT-FOR-US: UltimateGoogle
CVE-2006-3156 (Cross-site scripting (XSS) vulnerability in index.cgi in Ultimate ...)
        NOT-FOR-US: Ultimate eShop
CVE-2006-3155 (Multiple cross-site scripting (XSS) vulnerabilities in Ultimate ...)
        NOT-FOR-US: Ultimate Auction
CVE-2006-3154 (SQL injection vulnerability in index.pl in Ultimate Estate 1.0 and ...)
        NOT-FOR-US: Ultimate Estate
CVE-2006-3153 (Cross-site scripting (XSS) vulnerability in index.pl in Ultimate ...)
        NOT-FOR-US: Ultimate Estate
CVE-2006-3152 (Multiple SQL injection vulnerabilities in phpTRADER 4.9 SP5 and ...)
        NOT-FOR-US: phpTRADER
CVE-2006-3151 (Cross-site scripting (XSS) vulnerability in index.php in AssoCIateD ...)
        NOT-FOR-US: AssoCIateD
CVE-2006-3150 (SQL injection vulnerability in index.php in CavoxCms 1.0.16 and ...)
        NOT-FOR-US: CavoxCms
CVE-2006-3149 (Cross-site scripting (XSS) vulnerability in topic.php in phpMyForum ...)
        NOT-FOR-US: phpMyForum
CVE-2006-3148 (SQL injection vulnerability, possibly in search.inc.php, in ...)
        NOT-FOR-US: Open-Realty
CVE-2006-3147 (Unspecified vulnerability in Hosting Controller before 6.1 (aka Hotfix ...)
        NOT-FOR-US: Hosting Controller
CVE-2006-3146 (The TOSRFBD.SYS driver for Toshiba Bluetooth Stack 4.00.23 and earlier ...)
        NOT-FOR-US: Toshiba drivers for Windows
CVE-2006-3145 (Buffer overflow in pamtofits of NetPBM 10.30 through 10.33 allows ...)
        - netpbm-free <not-affected> (Debian's version is too old; affects 10.30 to 10.33 only)
CVE-2006-3144 (PHP remote file inclusion vulnerability in microcms-include.php in IBD ...)
        NOT-FOR-US: IBD Micro CMS
CVE-2006-3143 (Cross-site scripting (XSS) vulnerability in icue_login.asp in Maximus ...)
        NOT-FOR-US: Maximus SchoolMAX
CVE-2006-3142 (SQL injection vulnerability in Forum.php in VBZooM 1.11 allows remote ...)
        NOT-FOR-US: VBZooM
CVE-2006-3141 (Cross-site scripting (XSS) vulnerability in details.cfm in Tradingeye ...)
        NOT-FOR-US: Tradingeye Shop
CVE-2006-3140 (SQL injection vulnerability in index.php in openCI 1.0 BETA 0.20.1 and ...)
        NOT-FOR-US: openCI
CVE-2006-3139 (Multiple SQL injection vulnerabilities in war.php in Virtual War 1.5.0 ...)
        NOT-FOR-US: Virtual War
CVE-2006-3138 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyDirectory ...)
        NOT-FOR-US: phpMyDirectory
CVE-2006-3137 (Cross-site scripting (XSS) vulnerability in productDetail.asp in Edge ...)
        NOT-FOR-US: Edge eCommerce Shop
CVE-2006-3136 (** DISPUTED ** ...)
        NOT-FOR-US: Nucleus
CVE-2006-3135 (Multiple SQL injection vulnerabilities in CMS Mundo 1.0 build 008, and ...)
        NOT-FOR-US: CMS Mundo
CVE-2006-3134 (Buffer overflow in GraceNote CDDBControl ActiveX Control, as used by ...)
        NOT-FOR-US: GraceNote ActiveX Control
CVE-2006-3133
        RESERVED
CVE-2006-3132 (Cross-site scripting (XSS) vulnerability in qtofm.php4 in ...)
        NOT-FOR-US: QTOFileManager
CVE-2006-3131 (Multiple cross-site scripting (XSS) vulnerabilities in Clubpage allow ...)
        NOT-FOR-US: Clubpage
CVE-2006-3130 (SQL injection vulnerability in index.php in Clubpage allows remote ...)
        NOT-FOR-US: Clubpage
CVE-2006-3129 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in NC ...)
        NOT-FOR-US: LinkList
CVE-2006-3128 (choose_file.php in easy-CMS 0.1.2, when mod_mime is installed, does ...)
        NOT-FOR-US: easy-CMS
CVE-2006-3127 (Memory leak in Network Security Services (NSS) 3.11, as used in Sun ...)
        - mozilla <not-affected> (SunSolve claims it is only in 3.11; latest released is 3.10)
CVE-2006-3126 (c2faxrecv in capi4hylafax 01.02.03 allows remote attackers to execute ...)
        {DSA-1165}
        - capi4hylafax 1:01.03.00.99.svn.300-3
CVE-2006-3125 (Array index error in tetrinet.c in gtetrinet 0.7.8 and earlier allows ...)
        {DSA-1163}
        - getrinet 0.7.10-1
CVE-2006-3124 (Buffer overflow in the HTTP header parsing in Streamripper before ...)
        {DSA-1158}
        - streamripper 1.61.25-2
CVE-2006-3123 (Multiple integer overflows in the (1) dodecrypt and (2) doencrypt ...)
        {DSA-1138-1}
        - cfs 1.4.1-17
CVE-2006-3122 (The supersede_lease function in memory.c in ISC DHCP (dhcpd) server ...)
        {DSA-1143-1}
CVE-2006-3121 (The peel_netstring function in cl_netstring.c in the heartbeat ...)
        {DSA-1151-1}
        - heartbeat-2 2.0.6-2
        - heartbeat 1.2.4-14
CVE-2006-3120 (Format string vulnerability in Brian Wotring Osiris before 4.2.1 ...)
        {DSA-1129}
        - osiris 4.2.0-2 (medium)
CVE-2006-3119 (The fbgs framebuffer Postscript/PDF viewer in fbi before 2.01 has a ...)
        {DSA-1124}
        - fbi 2.05-1
CVE-2006-3118 (spread uses a temporary file with a static filename based on the port ...)
        - spread <unfixed> (bug #375617; low)
        [sarge] - spread <no-dsa> (Minimal security implications)
CVE-2006-3117 (Heap-based buffer overflow in OpenOffice.org (aka StarOffice) 1.1.x up ...)
        {DSA-1104}
        - openoffice.org 2.0.3-1
CVE-2006-3116 (Multiple PHP remote file inclusion vulnerabilities in phpRaid 3.0.4 ...)
        NOT-FOR-US: phpRaid
CVE-2006-3115 (SQL injection vulnerability in view.php in phpRaid 3.0.4, and possibly ...)
        NOT-FOR-US: phpRaid
CVE-2006-3114 (PC Tools AntiVirus 2.1.0.51 uses insecure default permissions on the ...)
        NOT-FOR-US: PC Tools AntiVirus
CVE-2006-3113 (Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and ...)
        NOTE: MFSA-2006-46
        - mozilla <not-affected> (mozilla 1.7 not affected)
        - xulrunner 1.8.0.5-1 (high)
        - mozilla-firefox <not-affected> (only firefox >= 1.5)
        - firefox 1.5.dfsg+1.5.0.5-1 (high)
        - thunderbird 1.5.0.5-1 (medium)
        - mozilla-thunderbird <not-affected>
CVE-2006-3112 (Chipmailer 1.09 allows remote attackers to obtain sensitive ...)
        NOT-FOR-US: Chipmailer
CVE-2006-3111 (Multiple SQL injection vulnerabilities in main.php in Chipmailer 1.09 ...)
        NOT-FOR-US: Chipmailer
CVE-2006-3110 (Cross-site scripting (XSS) vulnerability in main.php in Chipmailer ...)
        NOT-FOR-US: Chipmailer
CVE-2006-3109 (Cross-site scripting (XSS) vulnerability in Cisco CallManager 3.3 ...)
        NOT-FOR-US: Cisco CallManager
CVE-2006-3108 (Cross-site scripting (XSS) vulnerability in EmailArchitect Email ...)
        NOT-FOR-US: EmailArchitect
CVE-2006-3107 (Multiple PHP remote file inclusion vulnerabilities in Docebo 3.0.3 and ...)
        NOT-FOR-US: Docebo
CVE-2006-3106 (Cross-site scripting (XSS) vulnerability in index.php in ...)
        NOT-FOR-US: phpMyDesktop
CVE-2006-3105 (CRLF injection vulnerability in Bitweaver 1.3 allows remote attackers ...)
        NOT-FOR-US: Bitweaver
CVE-2006-3104 (users/index.php in Bitweaver 1.3 allows remote attackers to obtain ...)
        NOT-FOR-US: Bitweaver
CVE-2006-3103 (Cross-site scripting (XSS) vulnerability in Bitweaver 1.3 allows ...)
        NOT-FOR-US: Bitweaver
CVE-2006-3102 (Race condition in articles/BitArticle.php in Bitweaver 1.3, when run ...)
        NOT-FOR-US: Bitweaver
CVE-2006-3101 (Cross-site scripting (XSS) vulnerability in LogonProxy.cgi in Cisco ...)
        NOT-FOR-US: Cisco Secure ACS
CVE-2006-3099
        RESERVED
CVE-2006-3098
        RESERVED
CVE-2006-3097 (Unspecified vulnerability in Support Tools Manager (xstm, cstm, and ...)
        NOT-FOR-US: HP-UX Support Tools Manager
CVE-2006-3096 (Multiple SQL injection vulnerabilities in iPostMX 2005 2.0 and earlier ...)
        NOT-FOR-US: iPostMX
CVE-2006-3095 (Multiple cross-site scripting (XSS) vulnerabilities in iPostMX 2005 ...)
        NOT-FOR-US: iPostMX
CVE-2006-3094 (Multiple SQL injection vulnerabilities in Calendarix Basic ...)
        NOT-FOR-US: Calendarix Basic
CVE-2006-3093 (Multiple unspecified vulnerabilities in Adobe Acrobat Reader ...)
        NOT-FOR-US: Adobe Reader
CVE-2006-3092 (PhpMyFactures 1.2 and earlier allows remote attackers to bypass ...)
        NOT-FOR-US: PhpMyFactures
CVE-2006-3091 (PhpMyFactures 1.0, and possibly 1.2 and earlier, allows remote ...)
        NOT-FOR-US: PhpMyFactures
CVE-2006-3090 (Multiple SQL injection vulnerabilities in PhpMyFactures 1.0, and ...)
        NOT-FOR-US: PhpMyFactures
CVE-2006-3089 (Multiple cross-site scripting (XSS) vulnerabilities in PhpMyFactures ...)
        NOT-FOR-US: PhpMyFactures
CVE-2006-3088 (Cross-site scripting (XSS) vulnerability in index.php in Car ...)
        NOT-FOR-US: Car Classifieds
CVE-2006-3087 (Multiple cross-site scripting (XSS) vulnerabilities in EZGallery 1.5 ...)
        NOT-FOR-US: EZGallery
CVE-2006-3086 (Stack-based buffer overflow in the HrShellOpenWithMonikerDisplayName ...)
        NOT-FOR-US: Microsoft
CVE-2006-3084 (The (1) ftpd and (2) ksu programs in MIT Kerberos 5 (krb5) up to 1.5, ...)
        {DSA-1146-1}
        - krb5 1.4.3-9 (medium)
CVE-2006-3083 (The (1) krshd and (2) v4rcp applications in MIT Kerberos 5 (krb5) up ...)
        {DSA-1146-1}
        - krb5 1.4.3-9 (medium)
CVE-2006-3082 (parse-packet.c in GnuPG (gpg) 1.4.3 and 1.9.20, and earlier versions, ...)
        {DSA-1115 DSA-1107}
        - gnupg 1.4.3-2 (bug #375052; low)
        - gnupg2 1.9.20-1.1 (bug #375053; low)
CVE-2006-3081 (mysqld in MySQL 4.1.x before 4.1.18, 5.0.x before 5.0.19, and 5.1.x ...)
        {DSA-1112}
        - mysql-server-5.0 5.0.19-1 (bug #373913; high)
CVE-2006-3100 [termnetd buffer overflow]
        RESERVED
        - termnetd 3.3-7 (bug #358028; medium)
CVE-2006-3085 (xt_sctp in netfilter for Linux kernel before 2.6.17.1 allows attackers ...)
        - linux-2.6 2.6.16-15
CVE-2006-XXXX [webalizer-stonesteps XSS]
        - webalizer-stonesteps 2.4.1.2-1
CVE-2006-3080 (Cross-site scripting (XSS) vulnerability in viewposts.cfm in ...)
        NOT-FOR-US: aXentForum
CVE-2006-3079 (Cross-site scripting (XSS) vulnerability in index.cfm in SSPwiz Plus ...)
        NOT-FOR-US: SSPwiz Plus
CVE-2006-3078 (Multiple SQL injection vulnerabilities in APBoard 2.2-r3 and earlier ...)
        NOT-FOR-US: APBoard
CVE-2006-3077 (Cross-site scripting (XSS) vulnerability in guestbook.cfm in ...)
        NOT-FOR-US: aXentGuestbook
CVE-2006-3076 (PHP remote file inclusion vulnerability in ...)
        NOT-FOR-US: PhpBlueDragon
CVE-2006-3075 (Multiple PHP remote file inclusion vulnerabilities in PictureDis ...)
        NOT-FOR-US: PictureDis Professional
CVE-2006-3074 (klif.sys in Kaspersky Anti-Virus 6.0.0.300 and earlier, Internet ...)
        NOT-FOR-US: Several Kaspersky products
CVE-2006-3073 (Multiple cross-site scripting (XSS) vulnerabilities in the WebVPN ...)
        NOT-FOR-US: Cisco VPN products
CVE-2006-3072 (M4 Macro Library in Symantec Security Information Manager before ...)
        NOT-FOR-US: Symantec Security Information Manager
CVE-2006-3071 (Cross-site scripting (XSS) vulnerability in index.php in MP3 ...)
        NOT-FOR-US: MP3 Search/Archive
CVE-2006-3070 (write_ok.php in Zeroboard 4.1 pl8, when installed on Apache with ...)
        NOT-FOR-US: Zeroboard
CVE-2006-3069 (PHP remote file inclusion vulnerability in DoubleSpeak 0.1, when ...)
        NOT-FOR-US: DoubleSpeak
CVE-2006-3068 (IBM DB2 Universal Database (UDB) before 8.2 FixPak 12 allows remote ...)
        NOT-FOR-US: IBM DB2
CVE-2006-3067 (Multiple unspecified vulnerabilities in IBM DB2 Universal Database ...)
        NOT-FOR-US: IBM DB2
CVE-2006-3066 (Buffer overflow in the TCP/IP listener in IBM DB2 Universal Database ...)
        NOT-FOR-US: IBM DB2
CVE-2006-3065 (SQL injection vulnerability in engine/shards/blog.php in blur6ex ...)
        NOT-FOR-US: blur6ex
CVE-2006-3064 (SQL injection vulnerability in include/function.inc.php in Coppermine ...)
        NOT-FOR-US: Coppermine Photo Gallery
CVE-2006-3063 (Multiple cross-site scripting (XSS) vulnerabilities in myPHP Guestbook ...)
        NOT-FOR-US: myPHP Guestbook
CVE-2006-3062 (Cross-site scripting (XSS) vulnerability in index.php in myPHP ...)
        NOT-FOR-US: myPHP Guestbook
CVE-2006-3061 (Multiple cross-site scripting (XSS) vulnerabilities in 5 Star Review ...)
        NOT-FOR-US: 5 Star Review
CVE-2006-3060 (Cross-site scripting (XSS) vulnerability in P.A.I.D 2.2 allows remote ...)
        NOT-FOR-US: P.A.I.D
CVE-2006-3059 (Unspecified vulnerability in Microsoft Excel 2000 through 2004 allows ...)
        NOT-FOR-US: Microsoft Excel
CVE-2006-3058
        RESERVED
CVE-2006-3057 (Unspecified vulnerability in NetworkManager daemon for DHCP (dhcdbd) ...)
        - dhcdbd 1.14-1
CVE-2006-3056 (SQL injection vulnerability in language.php in VBZooM 1.01 allows ...)
        NOT-FOR-US: VBZooM
CVE-2006-3055 (Multiple SQL injection vulnerabilities in VBZooM 1.02 allow remote ...)
        NOT-FOR-US: VBZooM
CVE-2006-3054 (Multiple SQL injection vulnerabilities in VBZooM 1.11 allow remote ...)
        NOT-FOR-US: VBZooM
CVE-2006-3053 (** DISPUTED ** ...)
        NOT-FOR-US: PHORUM
CVE-2006-3052 (Cross-site scripting (XSS) vulnerability in Event Registration allows ...)
        NOT-FOR-US: Event Registration
CVE-2006-3051 (Cross-site scripting (XSS) vulnerability in list.php in SixCMS 6.0, ...)
        NOT-FOR-US: SixCMS
CVE-2006-3050 (Directory traversal vulnerability in detail.php in SixCMS 6.0, and ...)
        NOT-FOR-US: SixCMS
CVE-2006-3049 (Multiple cross-site scripting (XSS) vulnerabilities in booking3.php in ...)
        NOT-FOR-US: Mole Group Ticket Booking Script
CVE-2006-3048 (SQL injection vulnerability in TikiWiki 1.9.3.2 and possibly earlier ...)
        - tikiwiki 1.9.4-1 (medium)
CVE-2006-3047 (Cross-site scripting (XSS) vulnerability in TikiWiki 1.9.3.2 and ...)
        - tikiwiki 1.9.4-1 (medium)
CVE-2006-3046 (Unspecified vulnerability in the admin login feature in Subtext 1.5, ...)
        NOT-FOR-US: Subtext
CVE-2006-3045 (PHP remote file inclusion vulnerability in manage_songs.php in Foing ...)
        NOT-FOR-US: Foing
CVE-2006-3044 (Cross-site scripting (XSS) vulnerability in LogiSphere 1.6.0 allows ...)
        NOT-FOR-US: LogiSphere
CVE-2006-3043 (Cross-site scripting (XSS) vulnerability in search.cfm in CreaFrameXe ...)
        NOT-FOR-US: CFXe-CMS
CVE-2006-3042 (** DISPUTED ** ...)
        NOT-FOR-US: ISPConfig
CVE-2006-3041 (** DISPUTED ** ...)
        NOT-FOR-US: Codewalkers Ltwcalendar
CVE-2006-3040 (** DISPUTED ** ...)
        NOT-FOR-US: Amr Talkbox
CVE-2006-3039 (Cross-site scripting (XSS) vulnerability in index.php in Cescripts ...)
        NOT-FOR-US: Cescripts Realty Home Rent 
CVE-2006-3038 (Cross-site scripting (XSS) vulnerability in index.php in Cescripts ...)
        NOT-FOR-US: Cescripts Realty Home Rent 
CVE-2006-3037 (Multiple cross-site scripting (XSS) vulnerabilities in publish.php in ...)
        NOT-FOR-US: ST AdManager Lite
CVE-2006-3036 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
        NOT-FOR-US: 35mmslidegallery
CVE-2006-3035 (Multiple cross-site scripting (XSS) vulnerabilities in addwords.php in ...)
        NOT-FOR-US: MyScrapbook
CVE-2006-3034 (MyScrapbook 3.1 allows remote attackers to obtain sensitive ...)
        NOT-FOR-US: MyScrapbook
CVE-2006-3033 (Cross-site scripting (XSS) vulnerability in MyScrapbook 3.1 allows ...)
        NOT-FOR-US: MyScrapbook
CVE-2006-3032 (Multiple cross-site scripting (XSS) vulnerabilities in Xtreme ASP ...)
        NOT-FOR-US: Xtreme ASP Photo Gallery
CVE-2006-3031 (Multiple cross-site scripting (XSS) vulnerabilities in index.asp in ...)
        NOT-FOR-US: fipsCMS
CVE-2006-3030 (Multiple cross-site scripting (XSS) vulnerabilities in DwZone Shopping ...)
        NOT-FOR-US: DwZone Shopping Cart 
CVE-2006-3029 (Cross-site scripting (XSS) vulnerability in default.asp in ClickTech ...)
        NOT-FOR-US: ClickTech Clickcart
CVE-2006-3028 (PHP remote file inclusion vulnerability in ...)
        NOT-FOR-US: Minerva
CVE-2006-3027 (Multiple SQL injection vulnerabilities in Enthrallwebe ePhotos 2.2 and ...)
        NOT-FOR-US: Enthrallwebe ePhotos
CVE-2006-3026 (Multiple cross-site scripting (XSS) vulnerabilities in ClickGallery ...)
        NOT-FOR-US: ClickGallery
CVE-2006-3025 (Cross-site scripting (XSS) vulnerability in Cal.PHP3 in Chris Lea ...)
        NOT-FOR-US: Chris Lea Lucid Calendar
CVE-2006-3024 (Multiple cross-site scripting (XSS) vulnerabilities in EvGenius ...)
        NOT-FOR-US: EvGenius Counter
CVE-2006-3023 (Multiple cross-site scripting (XSS) vulnerabilities in thumbnails.asp ...)
        NOT-FOR-US: Uapplication Uphotogallery
CVE-2006-3022 (Cross-site scripting (XSS) vulnerability in zoom.php in fipsGallery ...)
        NOT-FOR-US: fipsGallery
CVE-2006-3021 (Multiple cross-site scripting (XSS) vulnerabilities in BlueCollar ...)
        NOT-FOR-US: BlueCollar i-Gallery
CVE-2006-3020 (Multiple cross-site scripting (XSS) vulnerabilities in FullPhoto.asp ...)
        NOT-FOR-US: WS-Album
CVE-2006-3019 (Multiple PHP remote file inclusion vulnerabilities in phpCMS 1.2.1pl2 ...)
        NOT-FOR-US: phpCMS
CVE-2006-3018 (Unspecified vulnerability in the session extension functionality in ...)
        - php5 5.1.4-0.1 (medium)
        - php4 <unfixed> (medium)
CVE-2006-3017 (zend_hash_del_key_or_index in zend_hash.c in PHP before 4.4.3 and 5.x ...)
        - php5 5.1.4-0.1 (medium)
        - php4 4:4.4.4-1 (medium; bug #381998)
CVE-2006-3016 (Unspecified vulnerability in session.c in PHP before 5.1.3 has unknown ...)
        - php5 5.1.4-0.1 (medium)
        - php4 4:4.4.4-1 (medium; bug #382259)
CVE-2006-3015 (Argument injection vulnerability in WinSCP 3.8.1 build 328 allows ...)
        NOT-FOR-US: WinSCP
CVE-2006-3014 (Microsoft Excel allows user-assisted attackers to execute arbitrary ...)
        NOT-FOR-US: Microsoft Excel
CVE-2006-3013 (Interpretation conflict in resetpw.php in phpBannerExchange before 2.0 ...)
        NOT-FOR-US: phpBannerExchange
CVE-2006-3012 (SQL injection vulnerability in phpBannerExchange before 2.0 Update 6 ...)
        NOT-FOR-US: phpBannerExchange
CVE-2006-3011 (The error_log function in basic_functions.c in PHP before 4.4.4 and ...)
        - php4 4:4.4.4-1 (low)
        - php5 5.1.6-1 (low)
        [sarge] - php4 <no-dsa> (Safe mode not supported)
        NOTE: only safe mode bypass
CVE-2003-1303 (Buffer overflow in the imap_fetch_overview function in the IMAP ...)
        NOT-FOR-US: Microsoft Internet Explore
CVE-2003-1302 (The IMAP functionality in PHP before 4.3.1 allows remote attackers to ...)
        - php4 4:4.3.2+rc3-1
CVE-2002-2215 (The imap_header function in the IMAP functionality for PHP before ...)
        - php4 4:4.3.2+rc3-1
CVE-2002-2214 (The php_if_imap_mime_header_decode function in the IMAP functionality ...)
        - php4 4:4.3.2+rc3-1
CVE-1999-1589 (Unspecified vulnerability in crontab in IBM AIX 3.2 allows local users ...)
        NOT-FOR-US: IBM AIX
CVE-2006-3010 (Multiple SQL injection vulnerabilities in Open Business Management ...)
        NOT-FOR-US: not packaged for Debian
CVE-2006-3009 (Multiple cross-site scripting (XSS) vulnerabilities in Open Business ...)
        NOT-FOR-US: not packaged for Debian
CVE-2006-3008 (SQL injection vulnerability in index.php in Particle Links 1.2.2 ...)
        NOT-FOR-US: Particle Links
CVE-2006-3007 (Multiple cross-site scripting (XSS) vulnerabilities in SHOUTcast 1.9.5 ...)
        NOT-FOR-US: not packaged for Debian
CVE-2006-3006 (Cross-site scripting (XSS) vulnerability in iFoto 0.20, and possibly ...)
        NOT-FOR-US: iFoto
CVE-2006-3005 (The JPEG library in media-libs/jpeg before 6b-r7 on Gentoo Linux is ...)
        - libjpeg62 <not-affected> (--maxmem is set during configure)
        - libjpeg-mmx <removed> (bug #373672; low)
        [sarge] - libjpeg-mmx <no-dsa> (If this poses a threat, the admin can apply resource limits)
CVE-2006-3004 (Multiple cross-site scripting (XSS) vulnerabilities in Ez Ringtone ...)
        NOT-FOR-US: Ez Ringtone
CVE-2006-3003 (details.php in Easy Ad-Manager allows remote attackers to obtain the ...)
        NOT-FOR-US: not packaged for Debian
CVE-2006-3002 (Cross-site scripting (XSS) vulnerability in details.php in Easy ...)
        NOT-FOR-US: not packaged for Debian
CVE-2006-3001 (Cross-site scripting (XSS) vulnerability in search.php in OkScripts ...)
        NOT-FOR-US: not packaged for Debian
CVE-2006-3000 (Cross-site scripting (XSS) vulnerability in search.php in OkScripts ...)
        NOT-FOR-US: not packaged for Debian
CVE-2006-2999 (Cross-site scripting (XSS) vulnerability in search.php in OkScripts ...)
        NOT-FOR-US: not packaged for Debian
CVE-2006-2998 (PHP remote file inclusion vulnerability in board/post.php in free ...)
        NOT-FOR-US: not packaged for Debian
CVE-2006-2997 (Cross-site scripting (XSS) vulnerability in ZMS 2.9 and earlier, when ...)
        - zope-zms <unfixed> (bug #373667; unimportant)
        [sarge] - zope-zms <no-dsa> (Only exploitable with register_globals)
        NOTE: register_globals is an unsupported mode of operation in Debian
CVE-2006-2996 (PHP remote file inclusion vulnerability in inc/design.inc.php in ...)
        NOT-FOR-US: aePartner
CVE-2006-2995 (Multiple PHP remote file inclusion vulnerabilities in WebprojectDB ...)
        NOT-FOR-US: WebprojectDB
CVE-2006-2994 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
        NOT-FOR-US: phazizGuestbook
CVE-2006-2993 (Multiple SQL injection vulnerabilities in My Photo Scrapbook 1.0 and ...)
        NOT-FOR-US: My Photo Scrapbook
CVE-2006-2992 (Cross-site scripting (XSS) vulnerability in display.asp in My Photo ...)
        NOT-FOR-US: My Photo Scrapbook
CVE-2006-2991 (Multiple cross-site scripting (XSS) vulnerabilities in Ringlink 3.2 ...)
        NOT-FOR-US: Ringlink
CVE-2006-2990 (Cross-site scripting (XSS) vulnerability in default.asp in VanillaSoft ...)
        NOT-FOR-US: VanillaSoft
CVE-2006-2989 (Cross-site scripting (XSS) vulnerability in listpics.asp in ASP ...)
        NOT-FOR-US: ASP ListPics
CVE-2006-2988 (Cross-site scripting (XSS) vulnerability in dictionary.php in Chemical ...)
        NOT-FOR-US: Chemical Dictionary
CVE-2006-2987 (Multiple SQL injection vulnerabilities in Dominios Europa PICRATE (aka ...)
        NOT-FOR-US: PICRATE
CVE-2006-2986 (Multiple cross-site scripting (XSS) vulnerabilities in Baby Katie ...)
        NOT-FOR-US: vSCAL and vsREAL
CVE-2006-2985 (SQL injection vulnerability in index.php in IntegraMOD 1.4.0 and ...)
        NOT-FOR-US: IntegraMOD
CVE-2006-2984 (Cross-site scripting (XSS) vulnerability in index.php in IntegraMOD ...)
        NOT-FOR-US: IntegraMOD
CVE-2006-2983 (PHP remote file inclusion vulnerability in Enterprise Timesheet and ...)
        NOT-FOR-US: Enterprise Timesheet and Payroll Systems (EPS)
CVE-2006-2982 (Multiple PHP remote file inclusion vulnerabilities in Enterprise ...)
        NOT-FOR-US: Enterprise Timesheet and Payroll Systems (EPS)
CVE-2006-2981 (SQL injection vulnerability in vs_search.php in Arantius Vice Stats ...)
        NOT-FOR-US: Arantius Vice Stats
CVE-2006-2980 (SQL injection vulnerability in block_forum_topic_new.php in ViArt Shop ...)
        NOT-FOR-US: ViArt
CVE-2006-2979 (Multiple cross-site scripting (XSS) vulnerabilities in ViArt Shop Free ...)
        NOT-FOR-US: ViArt
CVE-2006-2978 (Mafia Moblog 0.6M1 and earlier allows remote attackers to obtain the ...)
        NOT-FOR-US: Moblog
CVE-2006-2977 (SQL injection vulnerability in big.php in Mafia Moblog 0.6M1 and ...)
        NOT-FOR-US: Moblog 
CVE-2006-2976 (Unspecified vulnerability in usermgr.php in Coppermine Photo Gallery ...)
        NOT-FOR-US: Coppermine
CVE-2006-2975 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
        NOT-FOR-US: PBL Guestbook
CVE-2006-2974 (Multiple cross-site scripting (XSS) vulnerabilities in EmailArchitect ...)
        NOT-FOR-US: EmailArchitect
CVE-2006-2973 (Multiple SQL injection vulnerabilities in month.php in PHP Lite ...)
        NOT-FOR-US: PHP Lite Calendar
CVE-2006-2972 (SQL injection vulnerability in vs_resource.php in Arantius Vice Stats ...)
        NOT-FOR-US: Arantius Vice Stats
CVE-2006-2971 (Integer overflow in the recv_packet function in 0verkill 0.16 allows ...)
        - overkill 0.16-9 (bug #373687; medium)
CVE-2006-2970 (videoPage.php in L0j1k tinyMuw 0.1.0 allows remote attackers to obtain ...)
        NOT-FOR-US: tinyMuw
CVE-2006-2969 (Cross-site scripting (XSS) vulnerability in L0j1k tinyMuw 0.1.0 allow ...)
        NOT-FOR-US: tinyMuw
CVE-2006-2968 (Cross-site scripting (XSS) vulnerability in search.php in PHP Labware ...)
        NOT-FOR-US: LabWiki
CVE-2006-2967 (Syworks SafeNET allows local users to bypass restrictions on network ...)
        NOT-FOR-US: SafeNET
CVE-2006-2966 (Cross-site scripting (XSS) vulnerability in Particle Soft Particle ...)
        NOT-FOR-US: Particle Wiki
CVE-2006-2965 (Multiple cross-site scripting (XSS) vulnerabilities in Particle Soft ...)
        NOT-FOR-US: Particle Whois
CVE-2006-2964 (Multiple PHP remote file inclusion vulnerabilities in Xtreme Scripts ...)
        NOT-FOR-US: Xtreme Downloads
CVE-2006-2963 (Cross-site scripting (XSS) vulnerability in Suchergebnisse.asp in ...)
        NOT-FOR-US: Cabacos Web CMS
CVE-2006-2962 (PHP remote file inclusion vulnerability in sql_fcnsOLD.php in ...)
        NOT-FOR-US: Empris
CVE-2006-2961 (Stack-based buffer overflow in CesarFTP 0.99g and earlier allows ...)
        NOT-FOR-US: CesarFTP
CVE-2006-2960 (PHP remote file inclusion vulnerability in includes/joomla.php in ...)
        - joomla <itp> (bug #326398)
CVE-2006-2959 (SQL injection vulnerability in inc_header.asp in Snitz Forum 3.4.05 ...)
        NOT-FOR-US: Snitz Forum
CVE-2006-2958 (Directory traversal vulnerability in FilZip 3.05 allows remote ...)
        NOT-FOR-US: FilZip
CVE-2006-2957 (Cross-site scripting (XSS) vulnerability in i.List 1.5 beta and ...)
        NOT-FOR-US: i.List
CVE-2006-2956 (Multiple cross-site scripting (XSS) vulnerabilities in i.List 1.5 beta ...)
        NOT-FOR-US: i.List
CVE-2006-2955 (Multiple cross-site scripting (XSS) vulnerabilities in KAPhotoservice ...)
        NOT-FOR-US: KAPhotoservice
CVE-2006-2954 (SQL injection vulnerability in files.asp in OfficeFlow 2.6 and earlier ...)
        NOT-FOR-US: OfficeFlow
CVE-2006-2953 (Cross-site scripting (XSS) vulnerability in default.asp in OfficeFlow ...)
        NOT-FOR-US: OfficeFlow
CVE-2006-2952 (Directory traversal vulnerability in Net Portal Dynamic System (NPDS) ...)
        NOT-FOR-US: NPDS
CVE-2006-2951 (Multiple cross-site scripting (XSS) vulnerabilities in Net Portal ...)
        NOT-FOR-US: NPDS
CVE-2006-2950 (Net Portal Dynamic System (NPDS) 5.10 and earlier allows remote ...)
        NOT-FOR-US: NPDS
CVE-2006-2949 (Cross-site scripting (XSS) vulnerability in private.php in MyBB 1.1.2 ...)
        NOT-FOR-US: MyBB
CVE-2006-2948 (A-CART 2.0 stores the acart2_0.mdb file under the web document root ...)
        NOT-FOR-US: A-CART
CVE-2006-2947 (Dmx Forum 2.1a allows remote attackers to obtain username and password ...)
        NOT-FOR-US: Dmx Forum
CVE-2006-2946 (Dmx Forum 2.1a stores _includes/bd.inc under the web root with ...)
        NOT-FOR-US: Dmx Forum
CVE-2006-2945 (Unspecified vulnerability the user profile change functionality in ...)
        - dokuwiki 0.0.20060309-4 (bug #373689; low)
CVE-2006-2944 (Unspecified vulnerability in CGI-RESCUE FORM2MAIL 1.21 and earlier ...)
        NOT-FOR-US: FORM2MAIL
CVE-2006-2943 (Unspecified vulnerability in CGI-RESCUE WebFORM 4.1 and earlier allows ...)
        NOT-FOR-US: WebFORM
CVE-2006-2942 (TWiki 4.0.0, 4.0.1, and 4.0.2 allows remote attackers to gain Twiki ...)
        - twiki <not-affected> (Debian's version is old and does not include affected file)
CVE-2006-2941 (Mailman before 2.1.9rc1 allows remote attackers to cause a denial of ...)
        TODO: check
CVE-2006-2940
        RESERVED
CVE-2006-2939
        RESERVED
CVE-2006-2938
        RESERVED
CVE-2006-2937
        RESERVED
CVE-2006-2936 (The ftdi_sio driver (usb/serial/ftdi_sio.c) in Linux kernel 2.6.x up ...)
        - linux-2.6 2.6.17-5 (low)
        - linux-2.6.16 <unfixed> (low)
CVE-2006-2935 (The dvd_read_bca function in the DVD handling code in ...)
        - linux-2.6 2.6.17-5 (low)
        - linux-2.6.16 <unfixed> (low)
CVE-2006-2934 (SCTP conntrack (ip_conntrack_proto_sctp.c) in netfilter for Linux ...)
        - linux-2.6 2.6.17-3
        - linux-2.6.16 2.6.16-17
CVE-2006-2933 (kdesktop_lock in kdebase before 3.1.3-5.11 for KDE in Red Hat ...)
        [sarge] - kdebase <not-affected> (Only KDE < 3.2 vulnerable)
CVE-2006-2932 (A regression error in the restore_all code path of the 4/4GB split ...)
        TODO: check
CVE-2006-2931 (CMS Mundo before 1.0 build 008 does not properly verify uploaded image files, ...)
        NOT-FOR-US: CMS Mundo
CVE-2006-2930 (Unspecified vulnerability in Sun Grid Engine 5.3 and Sun N1 Grid ...)
        NOT-FOR-US: Sun
CVE-2006-2929 (PHP remote file inclusion vulnerability in ...)
        NOT-FOR-US: OpenEMR
CVE-2006-2928 (Multiple PHP remote file inclusion vulnerabilities in CMS-Bandits 2.5 ...)
        NOT-FOR-US: CMS-Bandits
CVE-2006-2927 (Multiple cross-site scripting (XSS) vulnerabilities in post.asp in ...)
        NOT-FOR-US: CAForum
CVE-2006-2926 (Stack-based buffer overflow in the WWW Proxy Server of Qbik WinGate ...)
        NOT-FOR-US: Qbik
CVE-2006-2925 (Cross-site scripting (XSS) vulnerability in the web interface in ...)
        NOT-FOR-US: Ingate
CVE-2006-2924 (Ingate Firewall in the SIP module before 4.4.1 and SIParator before ...)
        NOT-FOR-US: Ingate
CVE-2006-2923 (The iax_net_read function in the iaxclient open source library, as ...)
        - iaxclient 0.0+svn20060520-2
CVE-2006-2922 (Multiple PHP remote file inclusion vulnerabilities in MiraksGalerie ...)
        NOT-FOR-US: MiraksGalerie
CVE-2006-2921 (PHP remote file inclusion vulnerability in cmpro_header.inc.php in ...)
        NOT-FOR-US: CMPro
CVE-2006-2920 (Sylpheed-Claws before 2.2.2 and Sylpheed before 2.2.6 allow remote ...)
        - sylpheed 2.2.6-1 (low)
        - sylpheed-gtk1 1.0.6-3 (bug #373187; low)
        - sylpheed-claws 1.0.5-3 (bug #372891; low)
        - sylpheed-claws-gtk2 2.3.0-1 (bug #372889; low)
CVE-2006-2919 (Unspecified vulnerability in Microsoft NetMeeting 3.01 allows remote ...)
        NOT-FOR-US: Microsoft
CVE-2006-2918 (The Lanap BotDetect APS.NET CAPTCHA component before 1.5.4.0 stores ...)
        NOT-FOR-US: Lanap BotDetect APS.NET CAPTCHA component
CVE-2006-2917 (Directory traversal vulnerability in the IMAP server in WinGate ...)
        NOT-FOR-US: WinGate
CVE-2006-2916 (artswrapper in aRts, when running setuid root on Linux 2.6.0 or later ...)
        - arts 1.5.3-2 (bug #374003; low)
        [sarge] - arts <not-affected> (Not setuid root in Debian)
        NOTE: artswrapper is not suid root by default, but README.Debian describes it
CVE-2006-2915 (Multiple SQL injection vulnerabilities in DeluxeBB 1.06 allow remote ...)
        NOT-FOR-US: DeluxeBB
CVE-2006-2914 (PHP remote file inclusion vulnerability in DeluxeBB 1.06 allows remote ...)
        NOT-FOR-US: DeluxeBB
CVE-2006-2913 (Cross-site scripting (XSS) vulnerability in SelectaPix 1.31 allows ...)
        NOT-FOR-US: SelectaPix
CVE-2006-2912 (Multiple SQL injection vulnerabilities in SelectaPix 1.31 allow remote ...)
        NOT-FOR-US: SelectaPix
CVE-2006-2911 (SQL injection vulnerability in controlpanel/index.php in CMS Mundo before 1.0 ...)
        NOT-FOR-US: CMS Mundo
CVE-2006-2910 (Buffer overflow in jetAudio 6.2.6.8330 (Basic), and possibly other ...)
        NOT-FOR-US: jetAudio
CVE-2006-2909 (Stack-based buffer overflow in the info tip shell extension ...)
        NOT-FOR-US: PicoZip
CVE-2006-2908 (The domecode function in inc/functions_post.php in MyBulletinBoard ...)
        NOT-FOR-US: MyBB
CVE-2006-2907
        RESERVED
CVE-2006-2906 (The LZW decoding in the gdImageCreateFromGifPtr function in the Thomas ...)
        {DSA-1117}
        - libgd2 2.0.33-5 (bug #372912; low)
CVE-2006-2905 (Partial Links 1.2.2 allows remote attackers to obtain sensitive ...)
        NOT-FOR-US: Partial Links
CVE-2006-2904 (SQL injection vulnerability in index.php in Partial Links 1.2.2 allows ...)
        NOT-FOR-US: Partial Links
CVE-2006-2903 (Cross-site scripting (XSS) vulnerability in admin.php in Particle ...)
        NOT-FOR-US: Partial Links
CVE-2006-2902 (Directory traversal vulnerability in Particle Links 1.2.2 might allow ...)
        NOT-FOR-US: Partial Links
CVE-2006-2901 (The web server for D-Link Wireless Access-Point (DWL-2100ap) firmware ...)
        NOT-FOR-US: D-Link
CVE-2006-2900 (Internet Explorer 6 allows user-assisted remote attackers to read ...)
        NOT-FOR-US: Microsoft
CVE-2006-2899 (Unspecified vulnerability in ESTsoft InternetDISK versions before ...)
        NOT-FOR-US: ESTsoft InternetDISK
CVE-2006-2898 (The IAX2 channel driver (chan_iax2) for Asterisk 1.2.x before 1.2.9 ...)
        {DSA-1126}
        - asterisk 1:1.2.10.dfsg-2 (bug #380054)
        - iax 0.2.2-5
        [sarge] - iax <not-affected> (Vulnerable code not present)
        - iaxmodem 0.1.8.dfsg-2
CVE-2006-2897 (Cross-site scripting (XSS) vulnerability in FunkBoard 0.71 allows ...)
        NOT-FOR-US: Funkboard
CVE-2006-2896 (profile.php in FunkBoard CF0.71 allows remote attackers to change ...)
        NOT-FOR-US: Funkboard
CVE-2006-2895 (Cross-site scripting (XSS) vulnerability in MediaWiki 1.6.0 up to ...)
        - mediawiki <not-affected> (Affects only 1.6.0-1.6.6)
CVE-2006-2894 (Mozilla Firefox 1.5.0.4, Mozilla Suite 1.7.13, Mozilla SeaMonkey ...)
        NOTE: There are very few scenarios, where this could be exploited
        NOTE: We can probably ignore this
        TODO: check further
CVE-2006-2893 (index.php in GANTTy 1.0.3 allows remote attackers to obtain the full ...)
        NOT-FOR-US: GANTTy
CVE-2006-2892 (Cross-site scripting (XSS) vulnerability in index.php in GANTTy 1.0.3 ...)
        NOT-FOR-US: GANTTy
CVE-2006-2891 (Cross-site scripting (XSS) vulnerability in admin/index.php for ...)
        NOT-FOR-US: Pixelpost
CVE-2006-2890 (Pixelpost 1-5rc1-2 and earlier, when register_globals is enabled, ...)
        NOT-FOR-US: Pixelpost
CVE-2006-2889 (Multiple SQL injection vulnerabilities in index.php in Pixelpost ...)
        NOT-FOR-US: Pixelpost
CVE-2006-2888 (PHP remote file inclusion vulnerability in _wk/wk_lang.php in Wikiwig ...)
        NOT-FOR-US: Wikiwig
CVE-2006-2887 (Multiple SQL injection vulnerabilities in myNewsletter 1.1.2 and ...)
        NOT-FOR-US: myNewsletter
CVE-2006-2886 (view.php in KnowledgeTree Open Source 3.0.3 and earlier allows remote ...)
        - knowledgetree <unfixed> (bug #373137; low)
CVE-2006-2885 (Multiple cross-site scripting (XSS) vulnerabilities in KnowledgeTree ...)
        - knowledgetree <unfixed> (bug #373137; low)
CVE-2006-2884 (SQL injection vulnerability in index.php in Kmita FAQ 1.0 allows ...)
        NOT-FOR-US: Kmita
CVE-2006-2883 (Cross-site scripting (XSS) vulnerability in search.php in Kmita FAQ ...)
        NOT-FOR-US: Kmita
CVE-2006-2882 (Multiple cross-site scripting (XSS) vulnerabilities submit.asp in ...)
        NOT-FOR-US: ASPScriptz
CVE-2006-2881 (Multiple PHP remote file inclusion vulnerabilities in DreamAccount 3.1 ...)
        NOT-FOR-US: DreamAccount
CVE-2006-2880 (Cross-site scripting (XSS) vulnerability in the Contributed Packages ...)
        NOT-FOR-US: pyblosxom package doesn't ship plugins
CVE-2006-2879 (SQL injection vulnerability in newscomments.php in Alex News-Engine ...)
        NOT-FOR-US: Alex News-Engine
CVE-2006-2878 (The spellchecker (spellcheck.php) in DokuWiki 2006/06/04 and earlier ...)
        - dokuwiki 0.0.20060309-4 (bug #370369; high)
CVE-2006-2877 (PHP remote file inclusion vulnerability in Bookmark4U 2.0.0 and ...)
        NOT-FOR-US: Bookmark4U
CVE-2006-2876 (Cross-site scripting (XSS) vulnerability in cat.php in PHP Pro Publish ...)
        NOT-FOR-US: PHP Pro Publish
CVE-2006-2875 (Stack-based buffer overflow in the CL_ParseDownload function of Quake ...)
        - quake3 <itp> (bug #337937)
CVE-2006-2874 (Unspecified vulnerability in OSADS Alliance Database before 1.4 has ...)
        NOT-FOR-US: OSADS
CVE-2006-2873 (Cross-site scripting (XSS) vulnerability in hava.asp in Enigma Haber ...)
        NOT-FOR-US: Enigma Haber
CVE-2006-2872 (PHP remote file inclusion vulnerability in config.php in Rumble 1.02 ...)
        NOT-FOR-US: Rumble
CVE-2006-2871 (PHP remote file inclusion vulnerability in include/common.php in ...)
        NOT-FOR-US: CyBoards
CVE-2006-2870 (Cross-site scripting (XSS) vulnerability in forum_search.asp in ...)
        NOT-FOR-US: Intelligent Solutions Inc.
CVE-2006-2869 (Unspecified vulnerability in the CHM unpacker in avast! before 4.7.844 ...)
        NOT-FOR-US: Avast
CVE-2006-2868 (Multiple PHP remote file inclusion vulnerabilities in Claroline 1.7.6 ...)
        NOT-FOR-US: Claroline
CVE-2006-2867 (SQL injection vulnerability in editpost.php in CoolForum 0.8.3 beta ...)
        NOT-FOR-US: CoolForum
CVE-2006-2866 (PHP remote file inclusion vulnerability in layout/prepend.php in ...)
        NOT-FOR-US: DotClear
CVE-2006-2865 (** DISPUTED ** ...)
        NOTE: phpbb2, but invalid
CVE-2006-2864 (Multiple PHP remote file inclusion vulnerabilities in BlueShoes ...)
        NOT-FOR-US: BlueShoes 
CVE-2006-2863 (PHP remote file inclusion vulnerability in class.cs_phpmailer.php in ...)
        NOT-FOR-US: CS-Cart
CVE-2006-2862 (SQL injection vulnerability in viewimage.php in Particle Gallery 1.0.0 ...)
        NOT-FOR-US: Particle Gallery
CVE-2006-2861 (SQL injection vulnerability in index.php in Particle Wiki 1.0.2 and ...)
        NOT-FOR-US: Particle Wiki
CVE-2006-2860 (PHP remote file inclusion vulnerability in Webspotblogging 3.0.1 ...)
        NOT-FOR-US: Webspotblogging
CVE-2006-2859 (** DISPUTED ** ...)
        NOT-FOR-US: MyBloggie
CVE-2006-2858 (SQL injection vulnerability in viewmsg.asp in LocazoList Classifieds ...)
        NOT-FOR-US: LocazoList
CVE-2006-2857 (SQL injection vulnerability in index.php in LifeType 1.0.4 allows ...)
        NOT-FOR-US: LifeType
CVE-2006-2856 (ActiveState ActivePerl 5.8.8.817 for Windows configures the site/lib ...)
        NOT-FOR-US: ActiveState
CVE-2006-2855 (SQL injection vulnerability in index.php in xueBook 1.0 allows remote ...)
        NOT-FOR-US: xueBook
CVE-2006-2854 (SQL injection vulnerability in index.php in iBWd Guestbook 1.0 allows ...)
        NOT-FOR-US: iBWd
CVE-2006-2853 (SQL injection vulnerability in content.php in abarcar Realty Portal ...)
        NOT-FOR-US: abarcar 
CVE-2006-2852 (PHP remote file inclusion vulnerability in dotWidget CMS 1.0.6 and ...)
        NOT-FOR-US: dotWidget
CVE-2006-2851 (Cross-site scripting (XSS) vulnerability in index.php in dotProject ...)
        NOT-FOR-US: dotProject
CVE-2006-2850 (Cross-site scripting (XSS) vulnerability in recentchanges.php in PHP ...)
        NOT-FOR-US: LabWiki
CVE-2006-2849 (PHP remote file inclusion vulnerability in includes/webdav/server.php ...)
        NOT-FOR-US: Bytehoard
CVE-2006-2848 (links.asp in aspWebLinks 2.0 allows remote attackers to change the ...)
        NOT-FOR-US: aspWebLinks
CVE-2006-2847 (SQL injection vulnerability in links.asp in aspWebLinks 2.0 allows ...)
        NOT-FOR-US: aspWebLinks
CVE-2006-2846 (Cross-site scripting (XSS) vulnerability in Print.PHP in VisionGate ...)
        NOT-FOR-US: VisionGate
CVE-2006-2845 (PHP remote file inclusion vulnerability in Redaxo 3.0 up to 3.2 allows ...)
        NOT-FOR-US: Redaxo
CVE-2006-2844 (Multiple PHP remote file inclusion vulnerabilities in Redaxo 3.0 allow ...)
        NOT-FOR-US: Redaxo
CVE-2006-2843 (PHP remote file inclusion vulnerability in Redaxo 2.7.4 allows remote ...)
        NOT-FOR-US: Redaxo
CVE-2006-2841 (Multiple PHP remote file inclusion vulnerabilities in AssoCIateD (aka ...)
        NOT-FOR-US: AssoCIateD
CVE-2006-2840 (Cross-site scripting (XSS) vulnerability in (1) uploads.php and (2) ...)
        NOT-FOR-US: PmWiki
CVE-2006-2839 (Directory traversal vulnerability in PG Problem Editor module ...)
        NOT-FOR-US: WeBWorK 
CVE-2006-2838 (Buffer overflow in the web console in F-Secure Anti-Virus for ...)
        NOT-FOR-US: F-Secure
CVE-2006-2837 (Cross-site scripting (XSS) vulnerability in Techno Dreams Guest Book ...)
        NOT-FOR-US: Techno Dreams
CVE-2006-2836 (SQL injection vulnerability in comment.php in Pineapple Technologies ...)
        NOT-FOR-US: Pineapple Technologies Lore
CVE-2006-2835 (SQL injection vulnerability in saphplesson 2.0 allows remote attackers ...)
        NOT-FOR-US: saphplesson
CVE-2006-2834 (PHP remote file inclusion vulnerability in includes/common.php in ...)
        NOT-FOR-US: gnopaste
CVE-2006-2833 (Cross-site scripting (XSS) vulnerability in the taxonomy module in ...)
        {DSA-1125}
        - drupal 4.5.8-1.1 (medium)
CVE-2006-2832 (Cross-site scripting (XSS) vulnerability in the upload module ...)
        {DSA-1125}
        - drupal 4.5.8-1.1 (medium)
CVE-2006-2831 (Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under ...)
        {DSA-1125}
        NOTE: Although not in the changelog, sesse@ (responsible for 4.5.8-1.1)
        NOTE: says he pulled in the entire patch for DRUPAL-SA-2006-007, which
        NOTE: fixes CVE-2006-2831.
        - drupal 4.5.8-1.1 (medium)
CVE-2006-2830 (Buffer overflow in TIBCO Rendezvous before 7.5.1, TIBCO Runtime Agent ...)
        NOT-FOR-US: TIBCO
CVE-2006-2829 (Buffer overflow in Hawk Monitoring Agent (HMA) for TIBCO Hawk before ...)
        NOT-FOR-US: TIBCO
CVE-2006-2828 (Global variable overwrite vulnerability in PHP-Nuke allows remote ...)
        NOT-FOR-US: PHP-Nuke
CVE-2006-2827 (** DISPUTED ** ...)
        NOT-FOR-US: X-Cart
CVE-2006-2826 (SQL injection vulnerability in sessions.inc in PHP Base Library ...)
        NOT-FOR-US: PHPLIB
CVE-2006-2825 (cPanel does not automatically synchronize the PHP open_basedir ...)
        NOT-FOR-US: cPanel the vhost manager, not cpanel the Chinese desktop configuration tool
CVE-2006-2824 (Logicalware MailManager before 2.0.10 does not remove 0xc8 0x27 (0xc8 ...)
        NOT-FOR-US: Logicalware
CVE-2006-2823 (Katrien De Graeve a.shopKart 2.0 (aka ashopKart20) stores sensitive ...)
        NOT-FOR-US: ashopKart
CVE-2006-2822 (SQL injection vulnerability in admin/default.asp in Dusan Drobac ...)
        NOT-FOR-US: cforum
CVE-2006-2821 (Multiple cross-site scripting (XSS) vulnerabilities in DeltaScripts ...)
        NOT-FOR-US: DeltaScripts
CVE-2006-2820 (Cross-site scripting (XSS) vulnerability in HotWebScripts.com Weblog ...)
        NOT-FOR-US: HotWebScripts
CVE-2006-2819 (PHP remote file inclusion vulnerability in Wiki.php in Barnraiser ...)
        NOT-FOR-US: Barnraiser Igloo
CVE-2006-2818 (PHP remote file inclusion vulnerability in common-menu.php in Cameron ...)
        NOT-FOR-US: Cameron McKay Informium
CVE-2006-2817 (SQL injection vulnerability in bolum.php in tekno.Portal allows remote ...)
        NOT-FOR-US: tekno.Portal
CVE-2006-2816 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
        NOT-FOR-US: CoolPHP
CVE-2006-2815 (Multiple cross-site scripting (XSS) vulnerabilities in Two Shoes ...)
        NOT-FOR-US: SimpleBoard 
CVE-2006-2814 (Multiple buffer overflows in the (1) vGetPost and (2) main functions ...)
        NOT-FOR-US: iShopCart
CVE-2006-2813 (Directory traversal vulnerability in easy-scart.cgi in iShopCart ...)
        NOT-FOR-US: iShopCart
CVE-2006-2812 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
        NOT-FOR-US: PICRATE
CVE-2006-2811 (Multiple PHP remote file inclusion vulnerabilities in Cantico ...)
        NOT-FOR-US: Ovidentia
CVE-2006-2810 (Multiple cross-site scripting (XSS) vulnerabilities in Belchior ...)
        NOT-FOR-US: Belchior vCard
CVE-2006-2809 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
        NOT-FOR-US: ar-blog
CVE-2006-2808 (Cross-site scripting (XSS) vulnerability in Lycos Tripod htmlGEAR ...)
        NOT-FOR-US: Lycos
CVE-2006-2807 (ASPwebSoft Speedy Asp Discussion Forum allows remote attackers to ...)
        NOT-FOR-US: ASPwebSoft
CVE-2006-2806 (The SMTP server in Apache Java Mail Enterprise Server (aka Apache ...)
        NOT-FOR-US: Apache James
CVE-2005-2468 (Multiple SQL injection vulnerabilities in MySQL Eventum 1.5.5 and ...)
        NOT-FOR-US: MySQL Eventum
CVE-2005-2467 (Multiple cross-site scripting (XSS) vulnerabilities in MySQL Eventum ...)
        NOT-FOR-US: MySQL Eventum
CVE-2005-2466 (Multiple SQL injection vulnerabilities in the auth_user function in ...)
        NOT-FOR-US: OpenBook 
CVE-2005-2465 (Cross-site scripting (XSS) vulnerability in pm.php in PCXP/TOPPE CMS ...)
        NOT-FOR-US: PC-EXPERIENCE/TOPPE CMS
CVE-2005-2464 (login.php in PCXP/TOPPE CMS allows remote attackers to bypass ...)
        NOT-FOR-US: PC-EXPERIENCE/TOPPE CMS
CVE-2005-2463 (Kayako liveResponse 2.x allows remote attackers to obtain sensitive ...)
        NOT-FOR-US: Kayako liveResponse
CVE-2005-2462 (Kayako liveResponse 2.x, when logging in a user, records the password ...)
        NOT-FOR-US: Kayako liveResponse
CVE-2005-2461 (Multiple SQL injection vulnerabilities in the calendar feature in ...)
        NOT-FOR-US: Kayako liveResponse
CVE-2005-2460 (Multiple cross-site scripting (XSS) vulnerabilities in Kayako ...)
        NOT-FOR-US: Kayako liveResponse
CVE-2006-2842 (** DISPUTED ** ...)
        - squirrelmail 2:1.4.7-1 (unimportant)
        NOTE: Only exploitable with register_globals enabled
CVE-2006-XXXX [XSS vulnerability in dokuwikis's "Fullname" and "E-Mail" fields]
        - dokuwiki <unfixed> (medium)
CVE-2006-XXXX [PHP injection vulnerability in dokuwiki via curly braces]
        - dokuwiki <unfixed> (medium)
CVE-2006-XXXX [webalizer: symlink vulnerability]
        - webalizer 2.01.10-29
CVE-2006-2805 (SQL injection vulnerability in VBulletin 3.0.10 allows remote ...)
        NOT-FOR-US: vBulletin
CVE-2006-2804 (Cross-site scripting (XSS) vulnerability in index.cfm in Goss ...)
        NOT-FOR-US: Goss iCM
CVE-2006-2803 (Multiple cross-site scripting (XSS) vulnerabilities in PHP ManualMaker ...)
        NOT-FOR-US: PHP ManualMaker
CVE-2006-2802 (Buffer overflow in the HTTP Plugin (xineplug_inp_http.so) for xine-lib ...)
        {DSA-1105}
        - xine-lib 1.1.1-2 (bug #369876; medium)
CVE-2006-2801 (Multiple SQL injection vulnerabilities in Unak CMS 1.5 RC2 and earlier ...)
        NOT-FOR-US: Unak CMS
CVE-2006-2800 (Multiple cross-site scripting (XSS) vulnerabilities in Unak CMS 1.5 ...)
        NOT-FOR-US: Unak CMS
CVE-2006-2799 (Cross-site scripting (XSS) vulnerability in content_footer.php in ...)
        NOT-FOR-US: toendaCMS
CVE-2006-2798 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
        NOT-FOR-US: phpCommunityCalendar
CVE-2006-2797 (Multiple SQL injection vulnerabilities in phpCommunityCalendar 4.0.3 ...)
        NOT-FOR-US: phpCommunityCalendar
CVE-2006-2796 (Cross-site scripting (XSS) vulnerability in gallery.php in Captivate ...)
        NOT-FOR-US: Captivate gallery.php
CVE-2006-2795 (Multiple cross-site scripting (XSS) vulnerabilities in XiTi Tracking ...)
        NOT-FOR-US: XiTi Tracking Script
CVE-2006-2794 (Hesabim.asp in ASPSitem 2.0 and earlier allows remote attackers to ...)
        NOT-FOR-US: ASPSitem
CVE-2006-2793 (SQL injection vulnerability in Anket.asp in ASPSitem 2.0 and earlier ...)
        NOT-FOR-US: ASPSitem
CVE-2006-2792 (SQL injection vulnerability in misc.php in Woltlab Burning Board (WBB) ...)
        NOT-FOR-US: wbboard
CVE-2006-2791 (Directory traversal vulnerability in index.php in iBoutique.MALL and ...)
        NOT-FOR-US: iBoutique.MALL
CVE-2006-2790 (A package component in Sun Storage Automated Diagnostic Environment ...)
        NOT-FOR-US: Sun StorADE
CVE-2006-2789 (Evolution 2.2.x and 2.3.x in GNOME 2.7 and 2.8, when &quot;load images if ...)
        - evolution 2.4.0-1 (low)
        [sarge] - evolution <not-affected> (Not reproducible on Sarge's evolution)
        NOTE: Verified that the patch has been applied in 2.4.0-1,
        NOTE: may have been fixed earlier.
CVE-2006-2788 (Double-free vulnerability in the getRawDER function for nsIX509Cert in ...)
        - mozilla <unfixed> (high)
        - mozilla-firefox <unfixed> (high)
        - firefox 1.5.dfsg+1.5.0.4 (high)
        - xulrunner 1.8.0.4-1 (high)
CVE-2006-2787 (EvalInSandbox in Mozilla Firefox and Thunderbird before 1.5.0.4 allows ...)
        {DSA-1134-1 DSA-1120 DSA-1118}
        NOTE: MFSA-2006-31
        - firefox 1.5.dfsg+1.5.0.4-1 (medium)
        - thunderbird 1.5.0.4-1 (medium)
        [sarge] - mozilla-thunderbird <unfixed> (medium)
        - mozilla 2:1.7.13-0.3 (medium)
        - xulrunner 1.8.0.4-1 (medium)
CVE-2006-2786 (HTTP response smuggling vulnerability in Mozilla Firefox and ...)
        {DSA-1134-1 DSA-1120 DSA-1118}
        NOTE: MFSA-2006-33
        - firefox 1.5.dfsg+1.5.0.4-1 (medium)
        - thunderbird 1.5.0.4-1 (medium)
        [sarge] - mozilla-thunderbird <unfixed> (medium)
        - mozilla 2:1.7.13-0.3 (medium)
        - xulrunner 1.8.0.4-1 (medium)
CVE-2006-2785 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox before ...)
        {DSA-1134-1 DSA-1120 DSA-1118}
        NOTE: MFSA-2006-34
        - firefox 1.5.dfsg+1.5.0.4-1 (medium)
        - mozilla 2:1.7.13-0.3 (medium)
        - xulrunner 1.8.0.4-1 (medium)
CVE-2006-2784 (The PLUGINSPAGE functionality in Mozilla Firefox before 1.5.0.4 allows ...)
        {DSA-1134-1 DSA-1120 DSA-1118}
        NOTE: MFSA-2006-36
        - firefox 1.5.dfsg+1.5.0.4-1 (medium)
        - mozilla <unfixed> (medium)
        - xulrunner 1.8.0.4-1 (medium)
CVE-2006-2783 (Mozilla Firefox and Thunderbird before 1.5.0.4 strips the Unicode ...)
        {DSA-1134-1 DSA-1120 DSA-1118}
        NOTE: MFSA-2006-42
        - firefox 1.5.dfsg+1.5.0.4-1 (medium)
        - thunderbird 1.5.0.4-1 (medium)
        - mozilla 2:1.7.13-0.3 (medium)
        - xulrunner 1.8.0.4-1 (medium)
CVE-2006-2782 (Firefox 1.5.0.2 does not fix all test cases associated with ...)
        {DSA-1134-1 DSA-1120 DSA-1118}
        NOTE: MFSA-2006-41
        - firefox 1.5.dfsg+1.5.0.4-1 (medium)
        - mozilla 2:1.7.13-0.3 (medium)
        - xulrunner 1.8.0.4-1 (medium)
CVE-2006-2781 (Double-free vulnerability in Mozilla Thunderbird before 1.5.0.4 and ...)
        {DSA-1134-1 DSA-1118}
        NOTE: MFSA-2006-40
        - thunderbird 1.5.0.4-1 (high)
        - mozilla 2:1.7.13-0.3 (high)
        - xulrunner <unfixed> (high)
CVE-2006-2780 (Integer overflow in Mozilla Firefox and Thunderbird before 1.5.0.4 ...)
        {DSA-1134-1 DSA-1120 DSA-1118}
        NOTE: MFSA-2006-32
        - firefox 1.5.dfsg+1.5.0.4-1 (high)
        - thunderbird 1.5.0.4-1 (high)
        - mozilla 2:1.7.13-0.3 (high)
        - xulrunner 1.8.0.4-1 (high)
CVE-2006-2779 (Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote attackers ...)
        {DSA-1160 DSA-1159 DSA-1134-1 DSA-1120 DSA-1118}
        NOTE: MFSA-2006-32
        - firefox 1.5.dfsg+1.5.0.4-1 (high)
        - thunderbird 1.5.0.4-1 (high)
        - mozilla 2:1.7.13-0.3 (high)
        - xulrunner <unfixed> (high)
CVE-2006-2778 (The crypto.signText function in Mozilla Firefox and Thunderbird before ...)
        {DSA-1134-1 DSA-1120 DSA-1118}
        NOTE: MFSA-2006-38
        - firefox 1.5.dfsg+1.5.0.4-1 (high)
        - thunderbird 1.5.0.4-1 (high)
        - mozilla 2:1.7.13-0.3 (high)
        - xulrunner 1.8.0.4-1 (high)
CVE-2006-2777 (Unspecified vulnerability in Mozilla Firefox before 1.5.0.4 and ...)
        {DSA-1134-1 DSA-1120 DSA-1118}
        NOTE: MFSA-2006-43
        - firefox 1.5.dfsg+1.5.0.4-1 (high)
        - mozilla 2:1.7.13-0.3 (high)
        - xulrunner <unfixed> (high)
CVE-2006-2776 (Certain privileged UI code in Mozilla Firefox and Thunderbird before ...)
        {DSA-1134-1 DSA-1120 DSA-1118}
        NOTE: MFSA-2006-37
        - firefox 1.5.dfsg+1.5.0.4-1 (high)
        - thunderbird 1.5.0.4-1 (high)
        - mozilla 2:1.7.13-0.3 (high)
        - xulrunner 1.8.0.4-1 (high)
CVE-2006-2775 (Mozilla Firefox and Thunderbird before 1.5.0.4 associates XUL ...)
        {DSA-1134-1 DSA-1120 DSA-1118}
        NOTE: MFSA-2006-35
        - firefox 1.5.dfsg+1.5.0.4-1 (high)
        - thunderbird 1.5.0.4-1 (high)
        - mozilla 2:1.7.13-0.3 (high)
        - xulrunner 1.8.0.4-1 (high)
CVE-2006-2774 (Cross-site scripting (XSS) vulnerability in search.php in QontentOne ...)
        NOT-FOR-US: QontentOne
CVE-2006-2773 (admin/redigera/redigera2.asp in Hogstorps hogstorp Guestbook 2.0 does ...)
        NOT-FOR-US: Hogstorps
CVE-2006-2772 (Cross-site scripting (XSS) vulnerability in add.asp in Hogstorps ...)
        NOT-FOR-US: Hogstorps
CVE-2006-2771 (admin/radera/tabort.asp in Hogstorps hogstorp guestbook 2.0 does not ...)
        NOT-FOR-US: Hogstorps
CVE-2006-2770 (Directory traversal vulnerability in randompic.php in pppBLOG 0.3.8 ...)
        NOT-FOR-US: pppBLOG
CVE-2006-2769 (The HTTP Inspect preprocessor (http_inspect) in Snort 2.4.0 through ...)
        - snort 2.3.3-8 (low; bug #381726)
        [sarge] - snort <no-dsa> (Minor impact)
CVE-2006-2768 (PHP remote file inclusion vulnerability in METAjour 2.1, when ...)
        NOT-FOR-US: METAjour
CVE-2006-2767 (PHP remote file inclusion vulnerability in Ottoman 1.1.2, when ...)
        NOT-FOR-US: Ottoman
CVE-2006-2766 (Buffer overflow in INETCOMM.DLL, as used in Microsoft Internet ...)
        NOT-FOR-US: Microsoft
CVE-2006-2765 (Cross-site scripting (XSS) vulnerability in news_information.php in ...)
        NOT-FOR-US: Interlink
CVE-2006-2764 (Cross-site scripting (XSS) vulnerability in GuestbookXL 1.3 allows ...)
        NOT-FOR-US: GuestbookXL
CVE-2006-2763 (SQL injection vulnerability in Pre News Manager 1.0 allows remote ...)
        NOT-FOR-US: Pre News Manager
CVE-2006-2762 (PHP remote file inclusion vulnerability in includes/config.php in ...)
        {DSA-1096-1}
        - webcalendar 1.0.4-1 (medium)
CVE-2006-2761 (SQL injection vulnerability in Hitachi HITSENSER3 HITSENSER3/PRP, ...)
        NOT-FOR-US: Hitachi
CVE-2006-2760 (SQL injection vulnerability in modules.php in 4nNukeWare 4nForum 0.91 ...)
        NOT-FOR-US: 4nForum
CVE-2006-2759 (jetty 6.0.x (jetty6) beta16 allows remote attackers to read arbitrary ...)
        TODO: check
        NOTE: sf: pinged maintainers about jetty 5
CVE-2006-2758 (Directory traversal vulnerability in jetty 6.0.x (jetty6) beta16 ...)
        TODO: check
        NOTE: sf: pinged maintainers about jetty 5
CVE-2006-2757 (Cross-site scripting (XSS) vulnerability in Chipmunk guestbook allows ...)
        NOT-FOR-US: Chipmunk guestbook
CVE-2006-2756 (Eitsop My Web Server 1.0 allows remote attackers to cause a denial of ...)
        NOT-FOR-US: Eitsop
CVE-2006-2755 (Cross-site scripting (XSS) vulnerability in index.php in UBBThreads ...)
        NOT-FOR-US: UBBThreads
CVE-2006-2754 (Stack-based buffer overflow in st.c in slurpd for OpenLDAP before ...)
        - openldap2.3 <unfixed> (bug #375494; bug #377047; unimportant)
        NOTE: File is only written and read by slurpd, only editable by root
CVE-2006-2752 (The RedCarpet /etc/ximian/rcd.conf configuration file in Novell Linux ...)
        NOT-FOR-US: RedCarpet
CVE-2006-2751 (Cross-site scripting (XSS) vulnerability in Open Searchable Image ...)
        NOT-FOR-US: OSIC
CVE-2006-2750 (Cross-site scripting (XSS) vulnerability in the do_mysql_query ...)
        NOT-FOR-US: OSIC
CVE-2006-2749 (SQL injection vulnerability in search.php in Open Searchable Image ...)
        NOT-FOR-US: OSIC
CVE-2006-2748 (SQL injection vulnerability in the do_mysql_query function in core.php ...)
        NOT-FOR-US: OSIC
CVE-2006-2747 (Directory traversal vulnerability in index.php in PhpMyDesktop|arcade ...)
        NOT-FOR-US: PhpMyDesktop
CVE-2006-2746 (Multiple cross-site scripting (XSS) vulnerabilities in F@cile ...)
        NOT-FOR-US: F@cile
CVE-2006-2745 (Multiple PHP remote file inclusion vulnerabilities in F@cile ...)
        NOT-FOR-US: F@cile
CVE-2006-2744 (PHP remote file inclusion vulnerability in p-popupgallery.php in ...)
        NOT-FOR-US: F@cile
CVE-2006-2743 (Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with ...)
        {DSA-1125}
        - drupal 4.5.8-1.1 (bug #368835; medium)
CVE-2006-2742 (SQL injection vulnerability in Drupal 4.6.x before 4.6.7 and 4.7.0 ...)
        {DSA-1125}
        - drupal 4.5.8-1.1 (medium)
CVE-2006-2741 (Cross-site scripting (XSS) vulnerability in Epicdesigns tinyBB 0.3 ...)
        NOT-FOR-US: tinyBB
CVE-2006-2740 (Multiple SQL injection vulnerabilities in Epicdesigns tinyBB 0.3 allow ...)
        NOT-FOR-US: tinyBB
CVE-2006-2739 (PHP remote file inclusion vulnerability in footers.php in Epicdesigns ...)
        NOT-FOR-US: tinyBB
CVE-2006-2738 (The open source version of Open-Xchange 0.8.2 and earlier uses a ...)
        NOT-FOR-US: Open-Xchange 
CVE-2006-2737 (utilities/register.asp in Nukedit 4.9.6 and earlier allows remote ...)
        NOT-FOR-US: Nukedit
CVE-2006-2736 (PHP remote file inclusion vulnerability in blend_data/blend_common.php ...)
        NOT-FOR-US: Blend Portal
CVE-2006-2735 (PHP remote file inclusion vulnerability in ...)
        NOT-FOR-US: Amod
CVE-2006-2734 (enter.asp in Mini-Nuke 2.3 and earlier makes it easier for remote ...)
        NOT-FOR-US: Mini-Nuke
CVE-2006-2733 (membership.asp in Mini-Nuke 2.3 and earlier uses plaintext security ...)
        NOT-FOR-US: Mini-Nuke
CVE-2006-2732 (SQL injection vulnerability in Your_Account.asp in Mini-Nuke 2.3 and ...)
        NOT-FOR-US: Mini-Nuke
CVE-2006-2731 (Multiple SQL injection vulnerabilities in Enigma Haber 4.3 and earlier ...)
        NOT-FOR-US: Enigma Haber
CVE-2006-2730 (PHP remote file inclusion vulnerability in admin/lib_action_step.php ...)
        NOT-FOR-US: Hot Open Tickets
CVE-2006-2729 (Cross-site scripting (XSS) vulnerability in superalbum/index.php in ...)
        NOT-FOR-US: Photoalbum
CVE-2006-2728 (Cross-site scripting (XSS) vulnerability in superalbum/index.php in ...)
        NOT-FOR-US: Photoalbum
CVE-2006-2727 (home/register.php in Eggblog before 3.0 allows remote attackers to ...)
        NOT-FOR-US: Eggblog
CVE-2006-2726 (PHP remote file inclusion vulnerability in Fastpublish CMS 1.6.9.d ...)
        NOT-FOR-US: Fastpublish
CVE-2006-2725 (SQL injection vulnerability in rss/posts.php in Eggblog before 3.07 ...)
        NOT-FOR-US: Eggblog
CVE-2006-2724 (Cross-site scripting (XSS) vulnerability in PunBB 1.2.11 allows remote ...)
        NOT-FOR-US: PunBB
CVE-2006-2723 (Unspecified versions of Mozilla Firefox allow remote attackers to ...)
        - firefox <unfixed> (unimportant)
        - mozilla <unfixed> (unimportant)
        - mozilla-firefox <unfixed> (unimportant)
        - xulrunner <unfixed> (unimportant)
        NOTE: Non-issue
CVE-2006-2722 (SQL injection vulnerability in view_album.php in SelectaPix 1.4 allows ...)
        NOT-FOR-US: SelectaPix
CVE-2006-2721 (Cross-site scripting (XSS) vulnerability in news.php in VARIOMAT ...)
        NOT-FOR-US: VARIOMAT
CVE-2006-2720 (SQL injection vulnerability in news.php in VARIOMAT allows remote ...)
        NOT-FOR-US: VARIOMAT
CVE-2006-2719 (JIWA Financials 6.4.14 stores usernames and passwords for all accounts ...)
        NOT-FOR-US: JIWA
CVE-2006-2718 (JIWA Financials 6.4.14 passes a Microsoft SQL Server account's ...)
        NOT-FOR-US: JIWA
CVE-2006-2717 (Unspecified vulnerability in Secure Elements Class 5 AVR client and ...)
        NOT-FOR-US: C5 EVM
CVE-2006-2716 (Secure Elements Class 5 AVR server (aka C5 EVM) before 2.8.1 uses a ...)
        NOT-FOR-US: C5 EVM
CVE-2006-2715 (The Administration Console in Secure Elements Class 5 AVR (aka C5 EVM) ...)
        NOT-FOR-US: C5 EVM
CVE-2006-2714 (Secure Elements Class 5 AVR client (aka C5 EVM) before 2.8.1 does not ...)
        NOT-FOR-US: C5 EVM
CVE-2006-2713 (Secure Elements Class 5 AVR client (aka C5 EVM) before 2.8.1 generates ...)
        NOT-FOR-US: C5 EVM
CVE-2006-2712 (Secure Elements Class 5 AVR (aka C5 EVM) client and server before ...)
        NOT-FOR-US: C5 EVM
CVE-2006-2711 (Secure Elements Class 5 AVR (aka C5 EVM) 2.8.1 and earlier, and ...)
        NOT-FOR-US: C5 EVM
CVE-2006-2710 (Secure Elements Class 5 AVR (aka C5 EVM) before 2.8.1 uses the same ...)
        NOT-FOR-US: C5 EVM
CVE-2006-2709 (Secure Elements Class 5 AVR (aka C5 EVM) before 2.8.1 do not validate ...)
        NOT-FOR-US: C5 EVM
CVE-2006-2708 (Secure Elements Class 5 AVR client (aka C5 EVM) before 2.8.1 allows ...)
        NOT-FOR-US: C5 EVM
CVE-2006-2707 (Secure Elements Class 5 AVR server (aka C5 EVM) before 2.8.1 does not ...)
        NOT-FOR-US: C5 EVM
CVE-2006-2706 (Secure Elements Class 5 AVR server (aka C5 EVM) before 2.8.1 allows ...)
        NOT-FOR-US: C5 EVM
CVE-2006-2705 (Secure Elements Class 5 AVR server (aka C5 EVM) before 2.8.1 allows ...)
        NOT-FOR-US: C5 EVM
CVE-2006-2704 (Secure Elements Class 5 AVR server and client (aka C5 EVM) before ...)
        NOT-FOR-US: C5 EVM
CVE-2006-2703 (The RedCarpet command-line client (rug) does not verify SSL ...)
        NOT-FOR-US: RedCarpet
CVE-2006-2702 (vars.php in WordPress 2.0.2, possibly when running on Mac OS X, allows ...)
        - wordpress 2.0.3-1 (bug #369014; medium)
CVE-2006-2701 (SQL injection vulnerability in Geeklog 1.4.0sr2 and earlier allows ...)
        NOT-FOR-US: Geeklog
CVE-2006-2700 (SQL injection vulnerability in admin/auth.inc.php in Geeklog 1.4.0sr2 ...)
        NOT-FOR-US: Geeklog
CVE-2006-2699 (Cross-site scripting (XSS) vulnerability in getimage.php in Geeklog ...)
        NOT-FOR-US: Geeklog
CVE-2006-2698 (Geeklog 1.4.0sr2 and earlier allows remote attackers to obtain the ...)
        NOT-FOR-US: Geeklog
CVE-2006-2697 (Multiple SQL injection vulnerabilities in Easy-Content Forums 1.0 ...)
        NOT-FOR-US: Easy-Content
CVE-2006-2696 (Cross-site scripting (XSS) vulnerabilities in Easy-Content Forums 1.0 ...)
        NOT-FOR-US: Easy-Content
CVE-2006-2695 (admin/upprocess.php in DGNews 1.5 and earlier allows remote attackers ...)
        NOT-FOR-US: DGNews
CVE-2006-2694 (Multiple PHP remote file inclusion vulnerabilities in EzUpload Pro ...)
        NOT-FOR-US: EzUpload
CVE-2006-2693 (Directory traversal vulnerability in admin_hacks_list.php in Nivisec ...)
        NOT-FOR-US: Nivisec
CVE-2006-2692 (Multiple unspecified vulnerabilities in aMuleWeb for AMule before ...)
        - amule 2.1.2-1 (medium)
CVE-2006-2691 (Unspecified &quot;information leakage&quot; vulnerabilities in aMuleWeb for ...)
        - amule 2.1.2-1 (medium)
CVE-2006-2690 (An unspecified script in EVA-Web 2.1.2 and earlier, probably ...)
        NOT-FOR-US: EVA-Web
CVE-2006-2689 (Multiple cross-site scripting (XSS) vulnerabilities in EVA-Web 2.1.2 ...)
        NOT-FOR-US: EVA-Web
CVE-2006-2688 (SQL injection vulnerability in the employees node (class.employee.inc) ...)
        NOT-FOR-US: Achievo
CVE-2006-2687 (Cross-site scripting (XSS) vulnerability in adduser.php in PHP-AGTC ...)
        NOT-FOR-US: AGTC
CVE-2006-2686 (PHP remote file inclusion vulnerabilities in ActionApps 2.8.1 allow ...)
        NOT-FOR-US: ActionApps
CVE-2006-2685 (PHP remote file inclusion vulnerability in Basic Analysis and Security ...)
        - acidbase 1.2.5-1 (bug #370576; low)
CVE-2006-2684 (Cross-site scripting (XSS) vulnerability in the search module in CMS ...)
        NOT-FOR-US: Mundo
CVE-2006-2683 (PHP remote file inclusion vulnerability in 404.php in open-medium.CMS ...)
        NOT-FOR-US: open-medium
CVE-2006-2682 (PHP remote file inclusion vulnerability in BE_config.php in Back-End ...)
        NOT-FOR-US: Back-End
CVE-2006-2681 (PHP remote file inclusion vulnerability in SocketMail Lite and Pro ...)
        NOT-FOR-US: SocketMail
CVE-2006-2680 (Cross-site scripting (XSS) vulnerability in index.php in AZ Photo ...)
        NOT-FOR-US: AZ Photo Album
CVE-2006-2679 (Unspecified vulnerability in the VPN Client for Windows Graphical User ...)
        NOT-FOR-US: Cisco VPN Client
CVE-2006-2678 (Multiple cross-site scripting (XSS) vulnerabilities in Pre News ...)
        NOT-FOR-US: Pre News Manager 
CVE-2006-2677 (SiteScape Forum 7.2 and possibly earlier stores the avf.rc ...)
        NOT-FOR-US: SiteScape Forum
CVE-2006-2676 (Dispatch.cgi/_user/uservCard/ in SiteScape Forum 7.2 and possibly ...)
        NOT-FOR-US: SiteScape Forum
CVE-2006-2675 (PHP remote file inclusion vulnerability in ubbt.inc.php in UBBThreads ...)
        NOT-FOR-US: UBBThreads
CVE-2006-2674 (Multiple SQL injection vulnerabilities in Tamber Forum 1.9.13 and ...)
        NOT-FOR-US: Tamber Forum
CVE-2006-2673 (Cross-site scripting (XSS) vulnerability in search.html in Bulletin ...)
        NOT-FOR-US: Elite-Board
CVE-2006-2672 (Multiple cross-site scripting (XSS) vulnerabilities in Realty Pro One ...)
        NOT-FOR-US: Realty Pro One
CVE-2006-2671 (SQL injection vulnerability in ChatPat 1.0 allows remote attackers to ...)
        NOT-FOR-US: ChatPat
CVE-2006-2670 (Multiple cross-site scripting (XSS) vulnerabilities in ChatPat 1.0 ...)
        NOT-FOR-US: ChatPat
CVE-2006-2669 (Multiple cross-site scripting (XSS) vulnerabilities in Pre Shopping ...)
        NOT-FOR-US: Pre Shopping Mall
CVE-2006-2668 (Multiple PHP remote file inclusion vulnerabilities in Docebo LMS 2.05 ...)
        NOT-FOR-US: Docebo LMS
CVE-2006-2667 (Direct static code injection vulnerability in WordPress 2.0.2 and ...)
        - wordpress 2.0.3-1 (bug #369014; medium)
CVE-2006-2666 (PHP remote file inclusion vulnerability in ...)
        NOT-FOR-US: V-Webmail
CVE-2006-2665 (PHP remote file inclusion vulnerability in ...)
        NOT-FOR-US: V-Webmail
CVE-2006-2664 (Cross-site scripting (XSS) vulnerability in iFdate 1.2 allows remote ...)
        NOT-FOR-US: iFdate
CVE-2006-2663 (Multiple cross-site scripting (XSS) vulnerabilities in iFlance 1.1 ...)
        NOT-FOR-US: iFlance
CVE-2006-2662 (VMware Server before RC1 does not clear user credentials from memory ...)
        NOT-FOR-US: VMware Server
CVE-2006-2661 (ftutil.c in Freetype before 2.2 allows remote attackers to cause a ...)
        {DSA-1095-1}
        - freetype 2.2.1-1 (medium)
CVE-2006-2660 (Buffer consumption vulnerability in the tempnam function in PHP 5.1.4 ...)
        - php4 4:4.4.4-1 (low)
        [sarge] - php4 <no-dsa> (not worth an update, see NOTE by Sean)
        NOTE: using a long enough path (>MAXPATHLEN) allows you to have
        NOTE: tempnam create a file without the temp extension.  sounds like
        NOTE: another shoot yourself in the foot issue, since the local user
        NOTE: could just as easily create the file manually, and if the
        NOTE: tempnam function is taking unsanitized input, it's an
        NOTE: application error
        - php5 5.1.6-1 (low)
CVE-2006-2658
        RESERVED
CVE-2006-2657
        REJECTED
CVE-2006-2655 (The build process for ypserv in FreeBSD 5.3 up to 6.1 accidentally ...)
        NOT-FOR-US: FreeBSD
CVE-2006-2654 (Directory traversal vulnerability in smbfs smbfs on FreeBSD 4.10 up to ...)
        NOT-FOR-US: FreeBSD-specific (see CVE-2006-1864 for Linux-specific CVE)
CVE-2006-2653 (Cross-site scripting (XSS) vulnerability in login_error.shtml for ...)
        NOT-FOR-US: D-Link
CVE-2006-2652 (Cross-site scripting (XSS) vulnerability in WikiNi 0.4.2 and earlier ...)
        NOT-FOR-US: WikiNi
CVE-2006-2651 (Cross-site scripting (XSS) vulnerability in index.php in Vacation ...)
        NOT-FOR-US: Vacation Rental Script
CVE-2006-2650 (SQL injection vulnerability in cosmicshop/search.php in ...)
        NOT-FOR-US: CosmicShoppingCart 
CVE-2006-2649 (Multiple cross-site scripting (XSS) vulnerabilities in (a) search.php, ...)
        NOT-FOR-US: CosmicShoppingCart
CVE-2006-2648 (Cross-site scripting (XSS) vulnerability in perform_search.asp for ...)
        NOT-FOR-US: ASPBB
CVE-2006-2647 (Untrusted search path vulnerability in update_flash for IBM AIX 5.1, ...)
        NOT-FOR-US: IBM AIX
CVE-2006-2646 (Buffer overflow in Alt-N MDaemon, possibly 9.0.1 and earlier, allows ...)
        NOT-FOR-US: Alt-N MDaemon
CVE-2006-2645 (PHP remote file inclusion vulnerability in ...)
        NOT-FOR-US: Plume
CVE-2006-2644 (AWStats 6.5, and possibly other versions, allows remote authenticated ...)
        {DSA-1075-1}
        - awstats 6.5-2 (bug #365910)
CVE-2006-XXXX [libxine1 overflow via a specially-crafted AVI file]
        - xine-lib 1.1.1-2 (bug #369876; medium)
CVE-2006-XXXX [specialy crafted WAV turns mkvmerge into a malloc bomb]
        - mkvtoolnix 1.7.0-2 (bug #370144; low)
CVE-2006-XXXX ['Cache' shell injection vulnerability]
        - wordpress 2.0.3-1 (high; bug #369014)
CVE-2006-2753 (SQL injection vulnerability in MySQL 4.1.x before 4.1.20 and 5.0.x ...)
        {DSA-1092-1}
        - mysql-dfsg <not-affected> (Vulnerable code was introduced in 4.1)
        - mysql <not-affected> (Vulnerable code was introduced in 4.1)
        - mysql-dfsg-5.0 5.0.22-1 (bug #369735; medium)
        - mysql-dfsg-4.1 <unfixed> (medium)
CVE-2006-2659 (libs/comverp.c in Courier MTA before 0.53.2 allows attackers to cause ...)
        {DSA-1101}
        - courier 0.53.2-1 (bug #368834)
CVE-2006-2656 (Stack-based buffer overflow in the tiffsplit command in libtiff 3.8.2 ...)
        {DSA-1091-1}
        - tiff 3.8.2-3 (bug #369819; low)
CVE-2006-2643 (Cross-site scripting (XSS) vulnerability in index.php in Monster Top ...)
        NOT-FOR-US: Monster Top List
CVE-2006-2642 (** UNVERIFIABLE ** ...)
        NOT-FOR-US: Php-residence
CVE-2006-2641 (** UNVERIFIABLE ** ...)
        NOT-FOR-US: John Frank Asset Manager
CVE-2006-2640 (Cross-site scripting (XSS) vulnerability in OmegaMw7a.ASP in OMEGA ...)
        NOT-FOR-US: OMEGA INterneSErvicesLosungen (INSEL)
CVE-2006-2639 (Cross-site scripting (XSS) vulnerability in the input forms in ...)
        NOT-FOR-US: PHPSimpleChoose
CVE-2006-2638 (SQL injection vulnerability in member.asp in qjForum allows remote ...)
        NOT-FOR-US: qjForum
CVE-2006-2637 (Cross-site scripting (XSS) vulnerability in view.php in TuttoPhp (1) ...)
        NOT-FOR-US: TuttoPhp
CVE-2006-2636 (newsadmin.asp in Katy Whitton NewsCMSLite allows remote attackers to ...)
        NOT-FOR-US: Katy Whitton NewsCMSLite
CVE-2006-2635 (Multiple cross-site scripting (XSS) vulnerabilities in Tikiwiki (aka ...)
        - tikiwiki 1.9.4-1 (medium)
CVE-2006-2634 (Cross-site scripting (XSS) vulnerability in Neocrome Land Down Under ...)
        NOT-FOR-US: Neocrome Seditio
CVE-2006-2633 (Absolute path traversal vulnerability in the copy action in index.php ...)
        NOT-FOR-US: Andrew Godwin ByteHoard
CVE-2006-2632 (Cross-site scripting (XSS) vulnerability in Andrew Godwin ByteHoard ...)
        NOT-FOR-US: Andrew Godwin ByteHoard
CVE-2006-2631 (phpFoX allows remote authenticated users to modify arbitrary accounts ...)
        NOT-FOR-US: phpFoX
CVE-2006-2630 (Stack-based buffer overflow in Symantec Antivirus 10.1 and Client ...)
        NOT-FOR-US: Symantec
CVE-2006-2629 (Race condition in Linux kernel 2.6.15 to 2.6.17, when running on SMP ...)
        - linux-2.6 <unfixed> (low)
        - linux-2.6.16 <unfixed> (low)
CVE-2006-2628
        RESERVED
CVE-2006-2627
        RESERVED
CVE-2006-2626
        RESERVED
CVE-2006-2625
        RESERVED
CVE-2006-2624
        RESERVED
CVE-2006-2623
        RESERVED
CVE-2006-2622
        RESERVED
CVE-2006-2621
        RESERVED
CVE-2006-2620
        RESERVED
CVE-2006-2619
        RESERVED
CVE-2006-2618 (Cross-site scripting (XSS) vulnerability in (1) AlstraSoft Web Host ...)
        NOT-FOR-US: AlstraSoft Web Host Directory
CVE-2006-2617 ((1) AlstraSoft Web Host Directory 1.2, aka (2) HyperStop WebHost ...)
        NOT-FOR-US: AlstraSoft Web Host Directory
CVE-2006-2616 (SQL injection vulnerability in the search script in (1) AlstraSoft Web ...)
        NOT-FOR-US: AlstraSoft Web Host Directory
CVE-2006-2615 (ping.php in Russcom.Ping allows remote attackers to execute arbitrary ...)
        NOT-FOR-US: Russcom.Ping
CVE-2006-2614 (Sun N1 System Manager 1.1 for Solaris 10 before patch 121161-01 ...)
        NOT-FOR-US: Sun Solaris
CVE-2006-2613 (Mozilla Suite 1.7.13, Mozilla Firefox 1.5.0.3 and possibly other ...)
        NOTE: Installation path disclosure is uninteresting on Debian systems.
        NOTE: The profile path might be more sensitive, but exploit that
        NOTE: requires another, real security bug.
CVE-2006-2612 (Novell Client for Windows 4.8 and 4.9 does not restrict access to the ...)
        NOT-FOR-US: Novell Client for Windows
        NOTE: The Windows clipboard is a public resource anyway.
CVE-2006-2611 (Cross-site scripting (XSS) vulnerability in includes/Sanitizer.php in ...)
        - mediawiki <unfixed> (medium)
CVE-2006-2610 (Cross-site scripting (XSS) vulnerability in view.php in phpRaid 2.9.5 ...)
        NOT-FOR-US: phpRaid
CVE-2006-2609 (artmedic newsletter 4.1.2 and possibly other versions, when ...)
        NOT-FOR-US: artmedic newsletter
CVE-2006-2608 (artmedic newsletter 4.1 and possibly other versions, when ...)
        NOT-FOR-US: artmedic newsletter
CVE-2004-2660 (Memory leak in direct-io.c in Linux kernel 2.6.x before 2.6.10 allows ...)
        - linux-2.6 <not-affected> (fixed before the first upload)
CVE-2003-1301 (Sun Java Runtime Environment (JRE) 1.x before 1.4.2_11 and 1.5.x ...)
        - sun-java5 1.5.0-06-1 (low; bug #384734)
CVE-2006-XXXX [mono xsp file disclosure]
        - xsp 1.1.15-1 (medium)
CVE-2006-2607 (do_command.c in Vixie cron (vixie-cron) 4.1 does not check the return ...)
        - cron 3.0pl1-64 (bug #85609; bug #86775; medium)
CVE-2006-2606 (Cross-site scripting (XSS) vulnerability in Chatty, possibly 1.0.2 and ...)
        NOT-FOR-US: Chatty
CVE-2006-2605 (Cross-site scripting (XSS) vulnerability in DSChat 1.0 and earlier ...)
        NOT-FOR-US: DSChat
CVE-2006-2604
        REJECTED
CVE-2006-2603
        REJECTED
CVE-2006-2602
        REJECTED
CVE-2006-2601
        REJECTED
CVE-2006-2600
        REJECTED
CVE-2006-2599
        REJECTED
CVE-2006-2598
        REJECTED
CVE-2006-2597
        REJECTED
CVE-2006-2596
        REJECTED
CVE-2006-2595
        REJECTED
CVE-2006-2594
        REJECTED
CVE-2006-2593
        REJECTED
CVE-2006-2592 (Unspecified vulnerability in DSChat 1.0 allows remote attackers to ...)
        NOT-FOR-US: DSChat
CVE-2006-2591 (Unspecified vulnerability in e107 before 0.7.5 has unknown impact and ...)
        NOT-FOR-US: e107
CVE-2006-2590 (SQL injection vulnerability in e107 before 0.7.5 allows remote ...)
        NOT-FOR-US: e107
CVE-2006-2589 (SQL injection vulnerability in rss.php in MyBB (aka MyBulletinBoard) ...)
        NOT-FOR-US: MyBB
CVE-2006-2588 (Russcom PHPImages allows remote attackers to upload files of arbitrary ...)
        NOT-FOR-US: Russcom PHPImages
CVE-2006-2587 (Buffer overflow in the WebTool HTTP server component in (1) PunkBuster ...)
        NOT-FOR-US: WebTool HTTP server
CVE-2006-2586 (Cross-site scripting (XSS) vulnerability in IpLogger 1.7 and earlier ...)
        NOT-FOR-US: IpLogger
CVE-2006-2585 (SQL injection vulnerability in Destiney Links Script 2.1.2 allows ...)
        NOT-FOR-US: Destiney Links Script
CVE-2006-2584 (Multiple cross-site scripting (XSS) vulnerabilities in post.php in ...)
        NOT-FOR-US: SkyeBox
CVE-2006-2583 (PHP remote file inclusion vulnerability in ...)
        NOT-FOR-US: Nucleus
CVE-2006-2582 (The editing form in RWiki 2.1.0pre1 through 2.1.0 allows remote ...)
        NOT-FOR-US: RWiki
CVE-2006-2581 (Cross-site scripting (XSS) vulnerability in Wiki content in RWiki ...)
        NOT-FOR-US: RWiki
CVE-2005-4806 (Multiple unspecified vulnerabilities in Sun Java System Web Proxy ...)
        NOT-FOR-US: Sun Java System Web Proxy Server 
CVE-2005-4805 (Unspecified vulnerability in Sun Java System Application Server 7 ...)
        NOT-FOR-US: Sun Java System Application Server
CVE-2005-4804 (Unspecified vulnerability in Sun Java System Application Server ...)
        NOT-FOR-US: Sun Java System Application Server
CVE-2006-2580 (Multiple unspecified vulnerabilities in HP OpenView Network Node ...)
        NOT-FOR-US: HP OpenView Network Node Manager
CVE-2006-2579 (Unspecified vulnerability in HP OpenView Storage Data Protector 5.1 ...)
        NOT-FOR-US: HP OpenView Storage Data Protector
CVE-2006-2578 (admin/cron.php in eSyndicat Directory 1.2, when register_globals is ...)
        NOT-FOR-US: eSyndicat Directory
CVE-2006-2577 (Multiple PHP remote file inclusion vulnerabilities in Docebo 3.0.3 and ...)
        NOT-FOR-US: Docebo
CVE-2006-2576 (Multiple PHP remote file inclusion vulnerabilities in Docebo 3.0.3 and ...)
        NOT-FOR-US: Docebo
CVE-2006-2575 (The setFrame function in Lib/2D/Surface.hpp for NetPanzer 0.8 and ...)
        - netpanzer 0.8+svn20060319-2 (bug #370146; low)
CVE-2006-2574 (Multiple unspecified vulnerabilities in Software Distributor in HP-UX ...)
        NOT-FOR-US: Software Distributor in HP-UX
CVE-2006-2573 (SQL injection vulnerability in index.php in DGBook 1.0, with ...)
        NOT-FOR-US: DGBook
CVE-2006-2572 (Cross-site scripting (XSS) vulnerability in index.php in DGBook 1.0 ...)
        NOT-FOR-US: DGBook
CVE-2006-2571 (Cross-site scripting (XSS) vulnerability in search.html in Alkacon ...)
        NOT-FOR-US: Alkacon OpenCms
CVE-2006-2570 (PHP remote file inclusion vulnerability in CaLogic Calendars 1.2.2 ...)
        NOT-FOR-US: CaLogic Calendars
CVE-2006-2569 (SQL injection vulnerability in links.php in 4R Linklist 1.0 RC2 and ...)
        NOT-FOR-US: Linklist
CVE-2006-2568 (PHP remote file inclusion vulnerability in addpost_newpoll.php in ...)
        NOT-FOR-US: UBB.threads
CVE-2006-2567 (Cross-site scripting (XSS) vulnerability in submit_article.php in ...)
        NOT-FOR-US: Alstrasoft Article Manager Pro
CVE-2006-2566 (Alstrasoft Article Manager Pro 1.6 allows remote attackers to obtain ...)
        NOT-FOR-US: Alstrasoft Article Manager Pro
CVE-2006-2565 (SQL injection vulnerability in Alstrasoft Article Manager Pro 1.6 ...)
        NOT-FOR-US: Alstrasoft Article Manager Pro
CVE-2006-2564 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
        NOT-FOR-US: Alstrasoft Article Manager Pro
CVE-2006-2563 (The cURL library (libcurl) in PHP 4.4.2 and 5.1.4 allows attackers to ...)
        - php4 4:4.4.4-1 (bug #370166; low)
        [sarge] - php4 <no-dsa> (Safe mode violations not supported)
        - php5 5.1.6-1 (bug #370165; low)
CVE-2006-2562 (ZyXEL P-335WT router allows remote attackers to bypass access ...)
        NOT-FOR-US: ZyXEL P-335WT router
CVE-2006-2561 (Edimax BR-6104K router allows remote attackers to bypass access ...)
        NOT-FOR-US: Edimax BR-6104K router
CVE-2006-2560 (Sitecom WL-153 router firmware before 1.38 allows remote attackers to ...)
        NOT-FOR-US: Sitecom WL-153 router
CVE-2006-2559 (Linksys WRT54G Wireless-G Broadband Router allows remote attackers to ...)
        NOT-FOR-US: Linksys WRT54G router
CVE-2006-2558 (Cross-site scripting (XSS) vulnerability in IpLogger 1.7 and earlier ...)
        NOT-FOR-US: IpLogger
CVE-2006-2557 (PHP remote file inclusion vulnerability in extras/poll/poll.php in ...)
        NOT-FOR-US: newsportal
        NOTE: RFP #149069 closed after no activity since too long time
CVE-2006-2556 (Cross-site scripting (XSS) vulnerability in Florian Amrhein NewsPortal ...)
        NOT-FOR-US: newsportal
        NOTE: RFP #149069 closed after no activity since too long time
CVE-2006-2555 (The parse_command function in Genecys 0.2 and earlier allows remote ...)
        NOT-FOR-US: Genecys
CVE-2006-2554 (Buffer overflow in the tell_player_surr_changes function in Genecys ...)
        NOT-FOR-US: Genecys
CVE-2006-2553 (Cross-site scripting (XSS) vulnerability in Jemscripts DownloadControl ...)
        NOT-FOR-US: DownloadControl
CVE-2006-2552 (Jemscripts DownloadControl 1.0 allows remote attackers to obtain ...)
        NOT-FOR-US: DownloadControl
CVE-2006-2551 (Unspecified vulnerability in the kernel in HP-UX B.11.00 allows local ...)
        NOT-FOR-US: HP-UX
CVE-2002-2213 (The DNS resolver in unspecified versions of Infoblox DNS One, when ...)
        NOT-FOR-US: Infoblox DNS One
CVE-2002-2212 (The DNS resolver in unspecified versions of Fujitsu UXP/V, when ...)
        NOT-FOR-US: Fujitsu UXP/V
CVE-2002-2211 (BIND 4 and BIND 8, when resolving recursive DNS queries for arbitrary ...)
        - bind <unfixed> (medium)
        [sarge] - bind <no-dsa> (Upgrade to BIND 9 as a fix)
        - bind9 <not-affected> (does not send parallel queries)
        NOTE: Disabling recursion does not close all attack vectors.
        NOTE: Browser reflection attacks will still work.
CVE-2006-2550 (perlpodder before 0.5 allows remote attackers to execute arbitrary ...)
        NOT-FOR-US: perlpodder
CVE-2006-2549 (Stack-based buffer overflow in PDF Form Filling and Flattening Tool ...)
        NOT-FOR-US: PDF Form Filling and Flattening Tool
CVE-2006-2548 (Prodder before 0.5, and perlpodder before 0.5, allows remote attackers ...)
        NOT-FOR-US: prodder/perlpodder
CVE-2006-2547 (Unspecified vulnerability in the sapdba command in SAP with Informix ...)
        NOT-FOR-US: Sap
CVE-2006-2546 (A recommended admin password reset mechanism for BEA WebLogic Server ...)
        NOT-FOR-US: BEA
CVE-2006-2545 (Multiple cross-site scripting (XSS) vulnerabilities in Xtreme Topsites ...)
        NOT-FOR-US: Xtreme Topsites
CVE-2006-2544 (Multiple SQL injection vulnerabilities in Xtreme Topsites 1.1, with ...)
        NOT-FOR-US: Xtreme Topsites
CVE-2006-2543 (Xtreme Topsites 1.1 allows remote attackers to trigger MySQL errors ...)
        NOT-FOR-US: Xtreme Topsites
CVE-2006-2542 (xmcdconfig in xmcd for Debian GNU/Linux 2.6-17.1 creates /var/lib/cddb ...)
        {DSA-1086-1}
        - xmcd 2.6-17.2 (bug #366816; medium)
CVE-2006-2541 (SQL injection vulnerability in settings.asp in Zixforum 1.12 allows ...)
        NOT-FOR-US: Zixforum
CVE-2006-2540 (Privacy leak in install.php for Diesel PHP Job Site sends sensitive ...)
        NOT-FOR-US: Diesel
CVE-2006-2539 (Sybase EAServer 5.0 for HP-UX Itanium, 5.2 for IBM AIX, HP-UX PA-RISC, ...)
        NOT-FOR-US: Sybase
CVE-2006-2538 (IE Tab 1.0.9 plugin for Mozilla Firefox 1.5.0.3 allows remote ...)
        NOT-FOR-US: Windows-only Firefox plugin
CVE-2006-2537 (Multiple format string vulnerabilities in (a) OpenBOR 2.0046 and ...)
        NOT-FOR-US: *BOR
CVE-2006-2536 (Cross-site scripting (XSS) vulnerability in Destiney Links Script ...)
        NOT-FOR-US: Destiney
CVE-2006-2535 (index.php in Destiney Links Script 2.1.2 allows remote attackers to ...)
        NOT-FOR-US: Destiney
CVE-2006-2534 (Destiney Links Script 2.1.2 does not protect library and other support ...)
        NOT-FOR-US: Destiney
CVE-2006-2533 (Cross-site scripting (XSS) vulnerability in (1) addWeblog.php and (2) ...)
        NOT-FOR-US: Destiney
CVE-2006-2532 (stats.php in Destiney Rated Images Script 0.5.0 allows remote ...)
        NOT-FOR-US: Destiney
CVE-2006-2531 (Ipswitch WhatsUp Professional 2006 only verifies the users identity ...)
        NOT-FOR-US: Ipswitch
CVE-2006-2530 (avatar_upload.asp in Avatar MOD 1.3 for Snitz Forums 3.4, and possibly ...)
        NOT-FOR-US: Snitz mod
CVE-2006-2529 (editor/filemanager/upload/php/upload.php in FCKeditor before 2.3 Beta, ...)
        - knowledgeroot <not-affected> (fixed before first upload; see bug #381912)
CVE-2006-2528 (PHP remote file inclusion vulnerability in classified_right.php in ...)
        NOT-FOR-US: phpBazar
CVE-2006-2527 (Admin/admin.php in phpBazar 2.1.0 and earlier allows remote attackers ...)
        NOT-FOR-US: phpBazar
CVE-2006-2526 (PHP remote file inclusion vulnerability in index.php in PHP Easy ...)
        NOT-FOR-US: PHP Easy Galerie
CVE-2006-2525 (SQL injection vulnerability in UseBB 1.0 RC1 and earlier allows remote ...)
        NOT-FOR-US: UseBB
CVE-2006-2524 (Cross-site scripting (XSS) vulnerability in UseBB 1.0 RC1 and earlier ...)
        NOT-FOR-US: UseBB
CVE-2006-2523 (PHP remote file inclusion vulnerability in config.php in phpListPro ...)
        NOT-FOR-US: phpListPro
CVE-2006-2522 (Dayfox Blog 2.0 and earlier stores user credentials in ...)
        NOT-FOR-US: Dayfox
CVE-2006-2521 (PHP remote file inclusion vulnerability in cron.php in phpMyDirectory ...)
        NOT-FOR-US: phpMyDirectory
CVE-2006-2520 (Directory traversal vulnerability in BitZipper 4.1.2 SR-1 and earlier ...)
        NOT-FOR-US: BitZipper
CVE-2006-2519 (Directory traversal vulnerability in ...)
        NOT-FOR-US: phpwcms
CVE-2006-2518 (Cross-site scripting (XSS) vulnerability in phpwcms 1.2.5-DEV allows ...)
        NOT-FOR-US: phpwcms
CVE-2006-2517 (SQL injection vulnerability in MyWeb Portal Office, Standard Edition, ...)
        NOT-FOR-US: MyWeb
CVE-2006-2516 (mainfile.php in XOOPS 2.0.13.2 and earlier, when register_globals is ...)
        NOT-FOR-US: XOOPS
CVE-2006-2515 (Cross-site scripting (XSS) vulnerability in index.php in Hiox ...)
        NOT-FOR-US: Hiox
CVE-2006-2514 (Coppermine galleries before 1.4.6, when running on Apache with ...)
        NOT-FOR-US: Coppermine
CVE-2006-2513 (Unspecified vulnerability in the installation process in Sun Java ...)
        NOT-FOR-US: Sun
CVE-2006-2512 (SQL injection vulnerability in Hitachi EUR Professional Edition, EUR ...)
        NOT-FOR-US: Hitachi
CVE-2006-2511 (The ActiveX version of FrontRange iHEAT allows remote authenticated ...)
        NOT-FOR-US: FrontRange
CVE-2006-2510 (Cross-site scripting (XSS) vulnerability in the URL submission form in ...)
        NOT-FOR-US: YourFreeWorld.com
CVE-2006-2509 (SQL injection vulnerability in login.php in YourFreeWorld.com Short ...)
        NOT-FOR-US: YourFreeWorld.com
CVE-2006-2508 (SQL injection vulnerability in tr1.php in YourFreeWorld.com Stylish ...)
        NOT-FOR-US: YourFreeWorld.com
CVE-2006-2507 (Multiple PHP remote file inclusion vulnerabilities in Teake Nutma ...)
        NOT-FOR-US: phpbb2 mod
CVE-2006-2506 (Multiple cross-site scripting (XSS) vulnerabilities in search.php in ...)
        NOT-FOR-US: Sphider
CVE-2006-2505 (Oracle Database Server 10g Release 2 allows local users to execute ...)
        NOT-FOR-US: Oracle
CVE-2006-2504 (Multiple SQL injection vulnerabilities in mono AZBOARD 1.0 and earlier ...)
        NOT-FOR-US: AZBOARD
CVE-2006-2503 (SQL injection vulnerability in misc.php in DeluxeBB 1.06 allows remote ...)
        NOT-FOR-US: DeluxeBB
CVE-2006-2502 (Stack-based buffer overflow in pop3d in Cyrus IMAPD (cyrus-imapd) ...)
        - cyrus-imapd-2.2 <not-affected> (Vulnerable code not present)
CVE-2006-2501 (Cross-site scripting (XSS) vulnerability in Sun ONE Web Server 6.0 SP9 ...)
        NOT-FOR-US: Sun
CVE-2006-2500 (Cross-site scripting (XSS) vulnerability in add_news.asp in ...)
        NOT-FOR-US: CodeAvalanche News
CVE-2006-2499 (SQL injection vulnerability in default.asp in CodeAvalanche News ...)
        NOT-FOR-US: CodeAvalanche News
CVE-2006-2498 (Invision Power Board (IPB) before 2.1.6 allows remote attackers to ...)
        NOT-FOR-US: Invision
CVE-2006-2497 (Multiple cross-site scripting (XSS) vulnerabilities in AspBB 0.5.2 ...)
        NOT-FOR-US: AspBB
CVE-2006-2496 (Buffer overflow in iMonitor 2.4 in Novell eDirectory 8.8 allows remote ...)
        NOT-FOR-US: Novell
CVE-2006-2495 (Cross-site request forgery (CSRF) vulnerability in the Entry Manager ...)
        - serendipity 1.0-1
CVE-2006-2494 (Stack-based buffer overflow in IntelliTamper 2.07 allows remote ...)
        NOT-FOR-US: IntelliTampe
CVE-2006-2493
        REJECTED
CVE-2005-1755 (PHP remote code injection vulnerability in poll_vote.php in PHP Poll ...)
        NOT-FOR-US: PHP Poll Creator
CVE-2005-1754 (JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, ...)
        NOT-FOR-US: JavaMail API
        NOTE: vulnerable file not in Debian
CVE-2005-1753 (ReadMessage.jsp in JavaMail API 1.1.3 through 1.3, as used by Apache ...)
        NOT-FOR-US: JavaMail API
        NOTE: vulnerable file not in Debian
CVE-2005-1752 (viewFile.php in the scm component of Gforge before 4.0 allows remote ...)
        - gforge 3.1-30
        NOTE: viewFile.php disabled in 3.1-30
CVE-2006-2492 (Buffer overflow in Microsoft Word in Office 2000 SP3, Office XP SP3, ...)
        NOT-FOR-US: Microsoft
CVE-2006-2491 (Cross-site scripting (XSS) vulnerability in (1) index.php and (2) ...)
        NOT-FOR-US: BoastMachine
CVE-2006-2490 (Multiple cross-site scripting (XSS) vulnerabilities in Mobotix IP ...)
        NOT-FOR-US: Mobotix
CVE-2006-2489 (Integer overflow in CGI scripts in Nagios 1.x before 1.4.1 and 2.x ...)
        {DSA-1072-1}
        - nagios 2:1.4-1 (bug #366682; bug #366803; high)
        - nagios2 2.3-1 (bug #366683; high)
CVE-2006-2488 (Multiple cross-site scripting (XSS) vulnerabilities in Spymac WebOS ...)
        NOT-FOR-US: Spymac 
CVE-2006-2487 (Multiple PHP remote file inclusion vulnerabilities in ScozNews 1.2.1 ...)
        NOT-FOR-US: ScozNews
CVE-2006-2486 (SQL injection vulnerability in find.php in YapBB 1.2 Beta2 and earlier ...)
        NOT-FOR-US: YapBB
CVE-2006-2485 (PHP remote file inclusion vulnerability in includes/class_template.php ...)
        NOT-FOR-US: Quezza
CVE-2006-2484 (Cross-site scripting (XSS) vulnerability in index.html in IceWarp ...)
        NOT-FOR-US: IceWarp
CVE-2006-2483 (PHP remote file inclusion vulnerability in cart_content.php in ...)
        NOT-FOR-US: Squirrelcart
CVE-2006-2482
        RESERVED
CVE-2006-2481 (VMware ESX Server 2.0.x before 2.0.2 and 2.x before 2.5.2 patch 4 ...)
        NOT-FOR-US: VMware ESX 
CVE-2006-2480 (Format string vulnerability in Dia 0.94 allows user-assisted ...)
        - dia 0.95.0-4 (bug #368202; low)
        [sarge] - dia <no-dsa> (Hardly exploitable, would require obviously malformed file names)
CVE-2006-2479 (The Update functionality in Bitrix Site Manager 4.1.x does not verify ...)
        NOT-FOR-US: Bitrix
CVE-2006-2478 (Bitrix Site Manager 4.1.x allows remote attackers to redirect users to ...)
        NOT-FOR-US: Bitrix
CVE-2006-2477 (Cross-site scripting (XSS) vulnerability in the administrative ...)
        NOT-FOR-US: Bitrix
CVE-2006-2476 (Bitrix Site Manager 4.1.x stores updater.log under the web document ...)
        NOT-FOR-US: Bitrix
CVE-2006-2475 (Directory traversal vulnerability in (1) edit_mailtexte.cgi and (2) ...)
        NOT-FOR-US: Cosmoshop
CVE-2006-2474 (SQL injection vulnerability in lshop.cgi in Cosmoshop 8.11.106 and ...)
        NOT-FOR-US: Cosmoshop
CVE-2006-2473 (Cross-site scripting (XSS) vulnerability in ow.asp in OpenWiki 0.78 ...)
        NOT-FOR-US: OpenWiki
CVE-2006-2472 (Unspecified vulnerability in BEA WebLogic Server 9.1 and 9.0, 8.1 ...)
        NOT-FOR-US: BEA
CVE-2006-2471 (Multiple vulnerabilities in BEA WebLogic Server 8.1 through SP4, 7.0 ...)
        NOT-FOR-US: BEA
CVE-2006-2470 (Unspecified vulnerability in the WebLogic Server Administration ...)
        NOT-FOR-US: BEA
CVE-2006-2469 (The HTTP handlers in BEA WebLogic Server 9.0, 8.1 up to SP5, 7.0 up to ...)
        NOT-FOR-US: BEA
CVE-2006-2468 (The WebLogic Server Administration Console in BEA WebLogic Server 8.1 ...)
        NOT-FOR-US: BEA
CVE-2006-2467 (BEA WebLogic Server 8.1 up to SP4, 7.0 up to SP6, and 6.1 up to SP7 ...)
        NOT-FOR-US: BEA
CVE-2006-2466 (BEA WebLogic Server 8.1 up to SP4 and 7.0 up to SP6 allows remote ...)
        NOT-FOR-US: BEA
CVE-2006-2465 (Buffer overflow in MP3Info 0.8.4 allows attackers to execute arbitrary ...)
        - mp3info 0.8.4-9.1 (bug #368207; low)
        [sarge] - mp3info <no-dsa> (Hardly exploitable)
CVE-2006-2464 (stopWebLogic.sh in BEA WebLogic Server 8.1 before Service Pack 4 and ...)
        NOT-FOR-US: BEA
CVE-2006-2463 (view_album.php in SelectaPix 1.31 and earlier allows remote attackers ...)
        NOT-FOR-US: SelectaPix
CVE-2006-2462 (BEA WebLogic Server 8.1 before Service Pack 4 and 7.0 before Service ...)
        NOT-FOR-US: BEA
CVE-2006-2461 (BEA WebLogic Server before 8.1 Service Pack 4 does not properly set ...)
        NOT-FOR-US: BEA
CVE-2006-2460 (Sugar Suite Open Source (SugarCRM) 4.2 and earlier, when ...)
        NOT-FOR-US: SugarCRM
CVE-2006-2459 (SQL injection vulnerability in messages.php in PHP-Fusion 6.00.307 and ...)
        NOT-FOR-US: PHP-Fusion
CVE-2006-2458 (Multiple heap-based buffer overflows in Libextractor 0.5.13 and ...)
        {DSA-1081-1}
        - libextractor 0.5.14-1
CVE-2006-2457
        RESERVED
CVE-2006-2456
        RESERVED
CVE-2006-2455
        RESERVED
CVE-2006-2454
        RESERVED
CVE-2006-2453 (Multiple unspecified format string vulnerabilities in Dia have ...)
        - dia 0.95.0-4 (bug #368202; medium)
        [sarge] - dia <no-dsa> (Hardly exploitable, would require obviously malformed file names)
CVE-2006-2452 (GNOME GDM 2.8, 2.12, 2.14, and 2.15, when the &quot;face browser&quot; feature ...)
        - gdm <unfixed> (bug #375281; medium)
        [sarge] - gdm <not-affected> (Vulnerable code has only been introduced with 2.8)
CVE-2006-2451 (The suid_dumpable support in Linux kernel 2.6.13 up to versions before ...)
        - linux-2.6 2.6.17-3 (high)
        - linux-2.6.16 2.6.16-17 (high)
CVE-2006-2450 (auth.c in LibVNCServer 0.7.1 allows remote attackers to bypass ...)
        - libvncserver 0.8.2-1 (high; bug #376824)
CVE-2006-2449 (KDE Display Manager (KDM) in KDE 3.2.0 up to 3.5.3 allows local users ...)
        {DSA-1156}
        - kdebase 4:3.5.2-2 (bug #374002; medium)
CVE-2006-2448 (Linux kernel before 2.6.16.21 and 2.6.17, when running on PowerPC, ...)
        - linux-2.6 2.6.16-15
CVE-2006-2447 (SpamAssassin before 3.1.3, when running with vpopmail and the paranoid ...)
        {DSA-1090-1}
        - spamassassin 3.1.3-1 (medium)
CVE-2006-2446 (Race condition between the kfree_skb and __skb_unlink functions in the ...)
        TODO: check
CVE-2006-2445 (Race condition in run_posix_cpu_timers in Linux kernel before ...)
        - linux-2.6 2.6.16-15
CVE-2006-2444 (The snmp_trap_decode function in the SNMP NAT helper for Linux kernel ...)
        - linux-2.6 2.6.16-15
CVE-2006-2442 (kphone 4.2 creates .qt/kphonerc with world-readable permissions, which ...)
        {DSA-1062-1}
        - kphone 1:4.2-3 (bug #337830; medium)
CVE-2006-2439 (Stack-based buffer overflow in ZipCentral 4.01 allows remote ...)
        NOT-FOR-US: ZipCentral
CVE-2006-2438 (Directory traversal vulnerability in the viewfile servlet in the ...)
        NOT-FOR-US: Caucho
CVE-2006-2437 (The viewfile servlet in the documentation package (resin-doc) for ...)
        NOT-FOR-US: Caucho
CVE-2006-2436 (WebSphere Application Server 5.0.2 (or any earlier cumulative fix) ...)
        NOT-FOR-US: IBM
CVE-2006-2435 (Unspecified vulnerability in IBM WebSphere Application Server 5.0.2 ...)
        NOT-FOR-US: IBM
CVE-2006-2434 (Unspecified vulnerability in WebSphere 5.1.1 (or any earlier ...)
        NOT-FOR-US: IBM
CVE-2006-2433 (Unspecified vulnerability in IBM WebSphere Application Server 6.0.2, ...)
        NOT-FOR-US: IBM
CVE-2006-2432 (IBM WebSphere Application Server 5.0.2 (or any earlier cumulative fix) ...)
        NOT-FOR-US: IBM
CVE-2006-2431 (Unspecified vulnerability in IBM WebSphere Application Server 5.0.2 ...)
        NOT-FOR-US: IBM
CVE-2006-2430 (IBM WebSphere Application Server 5.0.2 and earlier, 5.1.1 and earlier, ...)
        NOT-FOR-US: IBM
CVE-2006-2429 (Unspecified vulnerability in IBM WebSphere Application Server 6.0.2, ...)
        NOT-FOR-US: IBM
CVE-2006-2428 (add.asp in DUware DUbanner 3.1 allows remote attackers to execute ...)
        NOT-FOR-US: Duware
CVE-2006-2427 (freshclam in (1) Clam Antivirus (ClamAV) 0.88 and (2) ClamXav 1.0.3h ...)
        - clamav <not-affected> (clamav-freshclam doesn't ship freshclam setuid or setgid)
CVE-2006-2426 (Sun Java Runtime Environment (JRE) 1.5.0_6 and earlier, JDK 1.5.0_6 ...)
        - sun-java5 <unfixed>
CVE-2006-2425 (Multiple cross-site scripting (XSS) vulnerabilities in PRV.php in ...)
        NOT-FOR-US: phpRemoteView
CVE-2006-2424 (PHP remote file inclusion vulnerability in ezUserManager 1.6 and ...)
        NOT-FOR-US: ezUserManager
CVE-2006-2423 (Cross-site scripting (XSS) vulnerability in ftplogin/index.php in ...)
        NOT-FOR-US: Confixx
CVE-2006-2422 (phpCOIN 1.2.3 and earlier stores messages based upon e-mail addresses, ...)
        NOT-FOR-US: phpCOIN
CVE-2006-2421 (Stack-based buffer overflow in Pragma FortressSSH 4.0.7.20 allows ...)
        NOT-FOR-US: Pragma
CVE-2006-2420 (Bugzilla 2.20rc1 through 2.20 and 2.21.1, when using RSS 1.0, allows ...)
        NOTE: "this issue normally would not be included in CVE, it is being identified since the Bugzilla developers have addressed it."
        - bugzilla <unfixed> (unimportant)
CVE-2006-2419 (Cross-site scripting (XSS) vulnerability in index.php in Directory ...)
        NOT-FOR-US: Directory Listing Script
CVE-2006-2418 (Cross-site scripting (XSS) vulnerabilities in certain versions of ...)
        - phpmyadmin 4:2.8.1-1 (bug #368082; medium)
CVE-2006-2417 (Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.0.x before ...)
        - phpmyadmin 4:2.8.1-1 (bug #368082; medium)
        [sarge] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2006-2416 (SQL injection vulnerability in class2.php in e107 0.7.2 and earlier ...)
        NOT-FOR-US: e107
CVE-2006-2415 (Multiple cross-site scripting (XSS) vulnerabilities in FlexChat 2.0 ...)
        NOT-FOR-US: FlexChat
CVE-2006-2414 (Directory traversal vulnerability in Dovecot 1.0 beta and 1.0 allows ...)
        {DSA-1080-1}
        - dovecot 1.0.beta8-1 (low)
        [sarge] - dovecot <not-affected> (vulnerability introduced in 1.0)
CVE-2006-2413 (GNUnet before SVN revision 2781 allows remote attackers to cause a ...)
        - gnunet 0.7.0e-1 (bug #368159; medium)
        [sarge] - gnunet <not-affected> (according to maintainer)
CVE-2006-2412 (The raydium_network_read function in network.c in Raydium SVN revision ...)
        NOT-FOR-US: Raydium
CVE-2006-2411 (Buffer overflow in raydium_network_read function in network.c in ...)
        NOT-FOR-US: Raydium
CVE-2006-2410 (raydium_network_netcall_exec function in network.c in Raydium SVN ...)
        NOT-FOR-US: Raydium
CVE-2006-2409 (Format string vulnerability in the raydium_log function in console.c ...)
        NOT-FOR-US: Raydium
CVE-2006-2408 (Multiple buffer overflows in Raydium before SVN revision 310 allow ...)
        NOT-FOR-US: Raydium
CVE-2006-2407 (Stack-based buffer overflow in (1) WeOnlyDo wodSSHServer ActiveX ...)
        NOT-FOR-US: ActiveX component
CVE-2006-2406 (Directory traversal vulnerability in bb_lib/abbc.css.php in ...)
        NOT-FOR-US: Unclassified NewsBoard
CVE-2006-2405 (Directory traversal vulnerability in unb_lib/abbc.conf.php in ...)
        NOT-FOR-US: Unclassified NewsBoard
CVE-2006-2404 (Directory traversal vulnerability in popup.php in RadScripts RadLance ...)
        NOT-FOR-US: RadScripts
CVE-2006-2403 (Buffer overflow in FileZilla before 2.2.23 allows remote attackers to ...)
        NOT-FOR-US: FileZilla
CVE-2006-2402 (Buffer overflow in the changeRegistration function in servernet.cpp ...)
        NOT-FOR-US: Outgun
CVE-2006-2401 (The leetnet functions (leetnet/rudp.cpp) in Outgun 1.0.3 bot 2 and ...)
        NOT-FOR-US: Outgun
CVE-2006-2400 (The leetnet functions (leetnet/rudp.cpp) in Outgun 1.0.3 bot 2 and ...)
        NOT-FOR-US: Outgun
CVE-2006-2399 (Stack-based buffer overflow in the ...)
        NOT-FOR-US: Outgun
CVE-2006-2398 (Directory traversal vulnerability in index.php in GPhotos 1.5 and ...)
        NOT-FOR-US: GPhotos web gallery
CVE-2006-2397 (Multiple cross-site scripting (XSS) vulnerabilities in GPhotos 1.5 and ...)
        NOT-FOR-US: GPhotos web gallery
CVE-2006-2396 (Cross-site scripting (XSS) vulnerability in phpODP 1.5h allows remote ...)
        NOT-FOR-US: phpODP
CVE-2006-2395 (PHP remote file inclusion vulnerability in ...)
        NOT-FOR-US: PopPhoto
CVE-2006-2394 (Cross-site scripting (XSS) vulnerability in chat.php in PHP Live ...)
        NOT-FOR-US: PHP Live Support
CVE-2006-2393 (The client_cmd function in Empire 4.3.2 and earlier allows remote ...)
        NOT-FOR-US: Debian's 'empire' is a different game
CVE-2006-2392 (PHP remote file inclusion vulnerability in ...)
        NOT-FOR-US: PHP Blue Dragon Platinum
CVE-2006-2391 (Buffer overflow in EMC Retrospect Client 5.1 through 7.5 allows remote ...)
        NOT-FOR-US: EMC Retrospect
CVE-2006-2390 (Cross-site scripting (XSS) vulnerability in OZJournals 1.2 allows ...)
        NOT-FOR-US: OZJournals
CVE-2006-2389 (Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office ...)
        NOT-FOR-US: Microsoft
CVE-2006-2388 (Microsoft Office Excel 2000 through 2004 allows user-assisted ...)
        NOT-FOR-US: Microsoft
CVE-2006-2387
        RESERVED
CVE-2006-2386
        RESERVED
CVE-2006-2385 (Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4 and ...)
        NOT-FOR-US: Microsoft
CVE-2006-2384 (Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows ...)
        NOT-FOR-US: Microsoft
CVE-2006-2383 (Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4 and ...)
        NOT-FOR-US: Microsoft
CVE-2006-2382 (Heap-based buffer overflow in Microsoft Internet Explorer 5.01 SP4 and ...)
        NOT-FOR-US: Microsoft
CVE-2006-2381
        RESERVED
CVE-2006-2380 (Microsoft Windows 2000 SP4 does not properly validate an RPC server ...)
        NOT-FOR-US: Microsoft
CVE-2006-2379 (Buffer overflow in the TCP/IP Protocol driver in Microsoft Windows ...)
        NOT-FOR-US: Microsoft
CVE-2006-2378 (Buffer overflow in the ART Image Rendering component (jgdw400.dll) in ...)
        NOT-FOR-US: Microsoft
CVE-2006-2377
        RESERVED
CVE-2006-2376 (Heap-based buffer overflow in the PolyPolygon function in Graphics ...)
        NOT-FOR-US: Microsoft
CVE-2006-2375
        RESERVED
CVE-2006-2374 (The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft ...)
        NOT-FOR-US: Microsoft
CVE-2006-2373 (The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft ...)
        NOT-FOR-US: Microsoft
CVE-2006-2372 (Buffer overflow in the DHCP Client service for Microsoft Windows 2000 ...)
        NOT-FOR-US: Microsoft
CVE-2006-2371 (Buffer overflow in the Remote Access Connection Manager service ...)
        NOT-FOR-US: Microsoft
CVE-2006-2370 (Buffer overflow in the Routing and Remote Access service (RRAS) in ...)
        NOT-FOR-US: Microsoft
CVE-2006-2369 (RealVNC 4.1.1, and other products that use RealVNC such as AdderLink ...)
        - vnc4 4.1.1+X4.3.0-10 (high)
        [sarge] - vnc4 <not-affected> (vuln not in 4.0)
CVE-2006-2368 (Cross-site scripting (XSS) vulnerability in index.php in Clansys (aka ...)
        NOT-FOR-US: Clansys
CVE-2006-2367 (Cross-site scripting (XSS) vulnerability in index.php in Clansys (aka ...)
        NOT-FOR-US: Clansys
CVE-2006-2366 (ircp_io.c in libopenobex for ircp 1.2, when ircp is run with the -r ...)
        - libopenobex 1.2-3 (bug #366484)
CVE-2006-2365 (Cross-site scripting (XSS) vulnerability in a_login.php in Vizra ...)
        NOT-FOR-US: Vizra
CVE-2006-2364 (Cross-site scripting (XSS) vulnerability in the validation feature in ...)
        NOT-FOR-US: Macromedia
CVE-2006-2363 (SQL injection vulnerability in the weblinks option (weblinks.html.php) ...)
        NOT-FOR-US: Limbo
CVE-2006-2362 (Buffer overflow in getsym in tekhex.c in libbfd in Free Software ...)
        - binutils 2.17-1 (bug #368237)
CVE-2006-2361 (PHP remote file inclusion vulnerability in pafiledb_constants.php in ...)
        NOT-FOR-US: phpbb mod
CVE-2006-2360 (SQL injection vulnerability in charts.php in the Chart mod for phpBB ...)
        NOT-FOR-US: phpbb mod
CVE-2006-2359 (Cross-site scripting (XSS) vulnerability in charts.php in the Chart ...)
        NOT-FOR-US: phpbb mod
CVE-2006-2192
        RESERVED
CVE-2005-4803 (graphviz before 2.2.1 allows local users to overwrite arbitrary files ...)
        {DSA-857-1}
        - graphviz 2.2.1-1sarge1 (bug #336985; low) 
CVE-2005-4802 (Flexbackup 1.2.1 and earlier allows local users to overwrite files and ...)
        - flexbackup <unfixed> (bug #334350; low)
CVE-2005-4801 (Multiple cross-site request forgery (CSRF) vulnerabilities in Yet ...)
        NOT-FOR-US: YaPIG
CVE-2005-4800 (Direct static code injection vulnerability in Yet Another PHP Image ...)
        NOT-FOR-US: YaPIG
CVE-2005-4799 (Multiple cross-site scripting (XSS) vulnerabilities in Yet Another PHP ...)
        NOT-FOR-US: YaPIG
CVE-2006-2358 (Multiple cross-site scripting (XSS) vulnerabilities in various scripts ...)
        NOT-FOR-US: Web Labs CMS
CVE-2006-2357 (Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 ...)
        NOT-FOR-US: Ipswitch WhatsUp
CVE-2006-2356 (NmConsole/utility/RenderMap.asp in Ipswitch WhatsUp Professional 2006 ...)
        NOT-FOR-US: Ipswitch WhatsUp
CVE-2006-2355 (Ipswitch WhatsUp Professional 2006 and Ipswitch WhatsUp Professional ...)
        NOT-FOR-US: Ipswitch WhatsUp
CVE-2006-2354 (NmConsole/Login.asp in Ipswitch WhatsUp Professional 2006 and Ipswitch ...)
        NOT-FOR-US: Ipswitch WhatsUp
CVE-2006-2353 (NmConsole/DeviceSelection.asp in Ipswitch WhatsUp Professional 2006 ...)
        NOT-FOR-US: Ipswitch WhatsUp
CVE-2006-2352 (Multiple cross-site scripting (XSS) vulnerabilities in IPswitch ...)
        NOT-FOR-US: Ipswitch WhatsUp
CVE-2006-2351 (Multiple cross-site scripting (XSS) vulnerabilities in IPswitch ...)
        NOT-FOR-US: Ipswitch WhatsUp
CVE-2006-2350 (SQL injection vulnerability in the inc/elementz.php script in AliPAGER ...)
        NOT-FOR-US: AliPAGER
CVE-2006-2349 (E-Business Designer (eBD) 3.1.4 and earlier allows remote attackers to ...)
        NOT-FOR-US: E-Business Designer
CVE-2006-2348 (Cross-site scripting (XSS) vulnerability in form_grupo.html in ...)
        NOT-FOR-US: E-Business Designer
CVE-2006-2347 (E-Business Designer (eBD) 3.1.4 and earlier allows remote attackers to ...)
        NOT-FOR-US: E-Business Designer
CVE-2006-2346 (vpopmail 5.4.14 and 5.4.15, with cleartext passwords enabled, allows ...)
        - vpopmail <not-affected> (vulnerability introduced in 5.4.14)
        NOTE: Unable to reach CVS to determine if prior versions are affected
        NOTE: Micah will return to this one
CVE-2006-2345 (Cross-site scripting (XSS) vulnerability in inc/elementz.php in ...)
        NOT-FOR-US: AliPAGER
CVE-2006-2344 (SQL injection vulnerability in inc/elementz.php in AliPAGER 1.5, with ...)
        NOT-FOR-US: AliPAGER
CVE-2006-2343 (Cross-site scripting (XSS) vulnerability in Search.do in ManageEngine ...)
        NOT-FOR-US: ManageEngine OpManager
CVE-2006-2342 (IBM WebSphere Application Server 6.0.2 before FixPack 3 allows remote ...)
        NOT-FOR-US: IBM WebSphere Application Server
CVE-2006-2341 (The HTTP proxy in Symantec Gateway Security 5000 Series 2.0.1 and 3.0, ...)
        NOT-FOR-US: Symantec Gateway Security
CVE-2006-2340 (Cross-site scripting (XSS) vulnerability in PassMasterFlex and ...)
        NOT-FOR-US: PassMasterFlex
CVE-2006-2339 (SQL injection vulnerability in index.php in evoTopsites 2.x and ...)
        NOT-FOR-US: evoTopsites
CVE-2006-2338 (PlaNet Concept plaNetStat 20050127 allows remote attackers to gain ...)
        NOT-FOR-US: PlaNet
CVE-2006-2337 (Directory traversal vulnerability in webcm in the D-Link DSL-G604T ...)
        NOT-FOR-US: D-Link
CVE-2006-2336 (SQL injection vulnerability in showthread.php in MyBB (aka ...)
        NOT-FOR-US: MyBB
CVE-2006-2335 (Jelsoft vBulletin accepts uploads of Cascading Style Sheets (CSS) and ...)
        NOT-FOR-US: vBulletin
CVE-2006-2334 (The RtlDosPathNameToNtPathName_U API function in NTDLL.DLL in ...)
        NOT-FOR-US: Windows
CVE-2006-2333 (Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) ...)
        NOT-FOR-US: MyBB
CVE-2006-2332 (Mozilla Firefox 1.5.0.3 allows remote attackers to cause a denial of ...)
        NOTE: 1.5.dfsg+1.5.0.3-2 didn't crash or do anything but stutter on the sample pages, marking it fixed in there
        - firefox 1.5.dfsg+1.5.0.3-2
CVE-2006-2331 (Multiple directory traversal vulnerabilities in PHP-Fusion 6.00.306 ...)
        NOT-FOR-US: PHP-Fusion
CVE-2006-2330 (PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server ...)
        NOT-FOR-US: PHP-Fusion
CVE-2006-2329 (AngelineCMS 0.6.5 and earlier allow remote attackers to obtain ...)
        NOT-FOR-US: AngelineCMS
CVE-2006-2328 (SQL injection vulnerability in lib/adodb/server.php in AngelineCMS ...)
        NOT-FOR-US: AngelineCMS
CVE-2006-2327 (Multiple integer overflows in the DPRPC library (DPRPCNLM.NLM) ...)
        NOT-FOR-US: Novell
CVE-2006-2326 (Directory traversal vulnerability in index.php in OnlyScript.info ...)
        NOT-FOR-US: OnlyScript.info
CVE-2006-2325 (Cross-site scripting (XSS) vulnerability in index.php in ...)
        NOT-FOR-US: OnlyScript.info
CVE-2006-2324 (180solutions Zango downloads &quot;required Adware components&quot; without ...)
        NOT-FOR-US: 180solutions
CVE-2006-2323 (Multiple PHP remote file inclusion vulnerabilities in SmartISoft ...)
        NOT-FOR-US: SmartISoft
CVE-2006-2322 (The transparent proxy feature of the Cisco Application Velocity System ...)
        NOT-FOR-US: Cisco
CVE-2006-2321 (Multiple cross-site scripting (XSS) vulnerabilities in Ideal Science ...)
        NOT-FOR-US: Ideal Science
CVE-2006-2320 (Multiple SQL injection vulnerabilities in Ideal Science Ideal BB ...)
        NOT-FOR-US: Ideal Science
CVE-2006-2319 (Ideal Science Ideal BB 1.5.4a and earlier does not properly check file ...)
        NOT-FOR-US: Ideal Science
CVE-2006-2318 (Incomplete blacklist vulnerability in Ideal Science Ideal BB 1.5.4a ...)
        NOT-FOR-US: Ideal Science
CVE-2006-2317 (Unspecified vulnerability in Ideal Science Ideal BB 1.5.4a and earlier ...)
        NOT-FOR-US: Ideal Science
CVE-2006-2316 (S24EvMon.exe in the Intel PROset/Wireless software, possibly ...)
        NOT-FOR-US: Intel Windows software
CVE-2006-2315 (PHP remote file inclusion vulnerability in session.inc.php in ...)
        NOT-FOR-US: ISPConfig
CVE-2006-2314 (PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before ...)
        {DSA-1087-1}
        - postgresql 7.5.4 (medium; bug #368645)
        - postgresql-7.4 1:7.4.13-1 (medium)
        - postgresql-8.1 8.1.4-1 (medium)
        [sarge] - pygresql <not-affected> (Already includes proper quoting)
        NOTE: Beginning with version 7.5.4, postgresql is a transition
        NOTE: package which does not contain actual code.  That's why
        NOTE: it's marked as fixed here.  (Previous versions are vulnerable.)
        NOTE: The following packages needed to adapted to cope with the new system:
        NOTE: psycopg 1.1.21-5 (bug #369230)
        NOTE: python-pgsql 2.4.0-8 (bug #369250)
        NOTE: pygresql 1:3.8-1.1 (bug #369239)
        NOTE: dovecot 1.0.beta8-3 (bug #369359)
        NOTE: postfix 2.2.10-2 (bug #369349)
CVE-2006-2313 (PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before ...)
        {DSA-1087-1}
        - postgresql 7.5.4 (high; bug #368645)
        - postgresql-7.4 1:7.4.13-1 (high)
        - postgresql-8.1 8.1.4-1 (high)
        NOTE: Beginning with version 7.5.4, postgresql is a transition
        NOTE: package which does not contain actual code.  That's why
        NOTE: it's marked as fixed here.  (Previous versions are vulnerable.)
CVE-2006-2312 (Unspecified vulnerability in the URI handler in Skype 2.0.*.104 and ...)
        NOT-FOR-US: Skype
CVE-2006-2311 (Cross-site scripting (XSS) vulnerability in BlueDragon Server and ...)
        NOT-FOR-US: BlueDragon Server and Server JX 
CVE-2006-2310 (BlueDragon Server and Server JX 6.2.1.286 for Windows allows remote ...)
        NOT-FOR-US: BlueDragon Server and Server JX 
CVE-2006-2309 (The HTTP service in EServ/3 3.25 allows remote attackers to obtain ...)
        NOT-FOR-US: EServ
CVE-2006-2308 (Directory traversal vulnerability in the IMAP service in EServ/3 3.25 ...)
        NOT-FOR-US: EServ
CVE-2006-2307 (Cross-site scripting (XSS) vulnerability in Website Baker CMS before ...)
        NOT-FOR-US: Webiste Banker
CVE-2006-2306 (Cross-site scripting (XSS) vulnerability in moreinfo.asp in ...)
        NOT-FOR-US: EPublisherPro
CVE-2006-2305 (Multiple cross-site scripting (XSS) vulnerabilities in Jadu CMS allow ...)
        NOT-FOR-US: Jadu
CVE-2006-2304 (Multiple integer overflows in the DPRPC library (DPRPCW32.DLL) in ...)
        NOT-FOR-US: Novell software for Windows
CVE-2006-2303 (Cross-Application Scripting (XAS) vulnerability in ICQ Client 5.04 ...)
        NOT-FOR-US: Windows ICQ client
CVE-2006-2302 (SQL injection vulnerability in admin_default.asp in DUGallery 2.x ...)
        NOT-FOR-US: DUGallery
CVE-2006-2301 (SQL injection vulnerability in admin_default.asp in OzzyWork Galeri ...)
        NOT-FOR-US: OzzyWork
CVE-2006-2300 (Multiple SQL injection vulnerabilities in EImagePro allow remote ...)
        NOT-FOR-US: EImagePro
CVE-2006-2299
        RESERVED
CVE-2006-2298 (The Internet Key Exchange version 1 (IKEv1) implementation in the ...)
        NOT-FOR-US: Solaris
CVE-2006-2297 (Heap-based buffer overflow in Microsoft Infotech Storage System ...)
        NOT-FOR-US: Microsoft Infotech Storage System
CVE-2006-2296 (SQL injection vulnerability in search_result.asp in EDirectoryPro 2.0 ...)
        NOT-FOR-US: EDirectoryPro
CVE-2006-2295 (Directory traversal vulnerability in Dynamic Galerie 1.0 allows remote ...)
        NOT-FOR-US: Dynamic Galerie
CVE-2006-2294 (Cross-site scripting (XSS) vulnerability in Dynamic Galerie 1.0 allows ...)
        NOT-FOR-US: Dynamic Galerie
CVE-2006-2293 (SQL injection vulnerability in all_calendars.asp in MultiCalendars 3.0 ...)
        NOT-FOR-US: MultiCalendars
CVE-2006-2292 (Multiple SQL injection vulnerabilities in IA-Calendar allow remote ...)
        NOT-FOR-US: IA-Calendar
CVE-2006-2291 (Cross-site scripting (XSS) vulnerability in calendar_new.asp in ...)
        NOT-FOR-US: IA-Calendar
CVE-2006-2290 (Multiple cross-site scripting (XSS) vulnerabilities in kommentar.php ...)
        NOT-FOR-US: 2005-Comments-Script
CVE-2006-2289 (Buffer overflow in avahi-core in Avahi before 0.6.10 allows local ...)
        - avahi 0.6.10-1 (medium)
CVE-2006-2288 (Avahi before 0.6.10 allows local users to cause a denial of service ...)
        - avahi 0.6.10-1 (low)
CVE-2006-2287 (Multiple cross-site scripting (XSS) vulnerabilities in Vision Source ...)
        NOT-FOR-US: Vision Source
CVE-2006-2286 (Multiple PHP remote file inclusion vulnerabilities in ...)
        NOT-FOR-US: Dokeos
CVE-2006-2285 (PHP remote file inclusion vulnerability in authldap.php in Dokeos ...)
        NOT-FOR-US: Dokeos
CVE-2006-2284 (Multiple PHP remote file inclusion vulnerabilities in Claroline 1.7.5 ...)
        NOT-FOR-US: Claroline
CVE-2006-2283 (Multiple PHP remote file inclusion vulnerabilities in SpiffyJr phpRaid ...)
        NOT-FOR-US: phpRaid
CVE-2006-2282 (Cross-site scripting (XSS) vulnerability in X7 Chat 2.0.2 and earlier ...)
        NOT-FOR-US: X7 Chat
CVE-2006-2281 (X-Scripts X-Poll (xpoll) 2.30 allows remote attackers to execute ...)
        NOT-FOR-US: X-Scripts X-Poll
CVE-2006-2280 (Directory traversal vulnerability in website.php in openEngine 1.8 ...)
        NOT-FOR-US: openEngine
CVE-2006-2279 (Multiple SQL injection vulnerabilities in SaphpLesson 3.0 allow remote ...)
        NOT-FOR-US: SaphpLesson
CVE-2006-2278 (SaphpLesson 3.0 does not initialize array variables, which allows ...)
        NOT-FOR-US: SaphpLesson
CVE-2006-2277 (Multiple Apple Mac OS X 10.4 applications might allow ...)
        NOT-FOR-US: Apple Mac OS X
CVE-2006-2276 (bgpd in Quagga 0.98 and 0.99 before 20060504 allows local users to ...)
        {DSA-1059-1}
        - quagga 0.99.4-1 (bug #366980; low)
CVE-2006-2275 (Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a ...)
        - linux-2.6 2.6.16-13
CVE-2006-2274 (Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a ...)
        {DSA-1103 DSA-1097-1}
        - linux-2.6 2.6.16-13
CVE-2006-2273 (The InstallProduct routine in the Verisign VUpdater.Install (aka ...)
        NOT-FOR-US: Verisign
CVE-2006-2272 (Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a ...)
        {DSA-1103 DSA-1097-1}
        - linux-2.6 2.6.16-13
CVE-2006-2271 (The ECNE chunk handling in Linux SCTP (lksctp) before 2.6.17 allows ...)
        {DSA-1103 DSA-1097-1}
        - linux-2.6 2.6.16-13
CVE-2005-4798 (Buffer overflow in NFS readlink handling in the Linux Kernel 2.4 up to ...)
        - linux-2.6 <not-affected>
CVE-2006-2270 (PHP remote file inclusion vulnerability in includes/config.php in ...)
        NOT-FOR-US: Jetbox CMS
CVE-2006-2269 (Cross-site scripting (XSS) vulnerability in myWebland MyBloggie 2.1.3 ...)
        NOT-FOR-US: myWebland MyBloggie
CVE-2006-2268 (SQL injection vulnerability in FlexCustomer 0.0.4 and earlier allows ...)
        NOT-FOR-US: FlexCustomer
CVE-2006-2267 (Kerio WinRoute Firewall before 6.2.1 allows remote attackers to cause ...)
        NOT-FOR-US: Kerio WinRoute Firewall
CVE-2006-2266 (SQL injection vulnerability in Chirpy! 0.1 allows remote attackers to ...)
        NOT-FOR-US: Chirpy!
CVE-2006-2265 (Cross-site scripting vulnerability in admin/main.asp in Ocean12 ...)
        NOT-FOR-US: Ocean12 Calendar Manager Pro 
CVE-2006-2264 (Multiple SQL injection vulnerabilities in Ocean12 Calendar Manager Pro ...)
        NOT-FOR-US: Ocean12 Calendar Manager Pro
CVE-2006-2263 (SQL injection vulnerability in shopcurrency.asp in VP-ASP 6.00 allows ...)
        NOT-FOR-US: VP-ASP
CVE-2006-2262 (Cross-site scripting (XSS) vulnerability in index.php in singapore ...)
        NOT-FOR-US: singapore
CVE-2006-2261 (PHP remote file inclusion vulnerability in day.php in ACal 2.2.6 ...)
        NOT-FOR-US: ACal
CVE-2006-2260 (Cross-site scripting (XSS) vulnerability in the project module ...)
        - drupal <not-affected> (bug #366947)
CVE-2006-2259 (SQL injection vulnerability in Logon.asp in MaxxSchedule 1.0 allows ...)
        NOT-FOR-US: MaxxSchedule
CVE-2006-2258 (Cross-site scripting (XSS) vulnerability in Logon.asp in MaxxSchedule ...)
        NOT-FOR-US: MaxxSchedule
CVE-2006-2257 (Cross-site scripting (XSS) vulnerability in index.php in easyEvent 1.2 ...)
        NOT-FOR-US: easyEvent
CVE-2006-2256 (PHP remote file inclusion vulnerability in includes/dbal.php in EQdkp ...)
        NOT-FOR-US: EQdkp
CVE-2006-2255 (Multiple SQL injection vulnerabilities in Creative Community Portal ...)
        NOT-FOR-US: Creative Community Portal
CVE-2006-2254 (Buffer overflow in filecpnt.exe in FileCOPA 1.01 allows remote ...)
        NOT-FOR-US: FileCOPA
CVE-2006-2253 (PHP remote file inclusion vulnerability in visible_count_inc.php in ...)
        NOT-FOR-US: Statit
CVE-2006-2252 (Cross-site scripting vulnerability in submit.php in OpenFAQ 0.4.0 ...)
        NOT-FOR-US: OpenFAQ
CVE-2006-2251 (SQL injection vulnerability in the do_mmod function in mod.php in ...)
        NOT-FOR-US: Invision Community Blog
CVE-2006-2250 (CuteNews 1.4.1 allows remote attackers to obtain sensitive information ...)
        NOT-FOR-US: CuteNews
CVE-2006-2249 (Multiple cross-site scripting (XSS) vulnerabilities in search.php in ...)
        NOT-FOR-US: CuteNews
CVE-2006-2248 (Xeneo Web Server 2.2.22.0 allows remote attackers to obtain the source ...)
        NOT-FOR-US: Xeneo Web Server
CVE-2006-2247 (WebCalendar 1.0.1 to 1.0.3 generates different error messages ...)
        {DSA-1056-1}
        - webcalendar 1.0.2-2.2 (medium; bug #366927)
CVE-2006-2246 (Cross-site scripting (XSS) vulnerability in UBlog 1.6 Access Edition ...)
        NOT-FOR-US: UBlog
CVE-2006-2245 (PHP remote file inclusion vulnerability in auction\auction_common.php ...)
        NOT-FOR-US: Auction mod 1.3m for phpBB
CVE-2006-2244 (Multiple SQL injection vulnerabilities in Web4Future News Portal allow ...)
        NOT-FOR-US: Web4Future News Portal
CVE-2006-2243 (Multiple cross-site scripting (XSS) vulnerabilities in Web4Future News ...)
        NOT-FOR-US: Web4Future News Portal
CVE-2006-2242 (acFTP 1.4 allows remote attackers to cause a denial of service ...)
        NOT-FOR-US: acFTP
CVE-2006-2241 (PHP remote file inclusion vulnerability in show.php in Fast Click SQL ...)
        NOT-FOR-US: Fast Click SQL Lite
CVE-2006-2240 (Unspecified vulnerability in the (1) web cache or (2) web proxy in ...)
        NOT-FOR-US: Fujitsu NetShelter/FW
CVE-2006-2239 (SQL injection vulnerability in readarticle.php in Newsadmin 1.1 allows ...)
        NOT-FOR-US: Newsadmin
CVE-2006-2238 (Heap-based buffer overflow in Apple QuickTime before 7.1 allows remote ...)
        NOT-FOR-US: Apple
CVE-2006-2237 (The web interface for AWStats 6.4 and 6.5, when statistics updates are ...)
        {DSA-1058-1}
        - awstats 6.5-2 (bug #365909; bug #365910; medium)
CVE-2006-2236 (Buffer overflow in the Quake 3 Engine, as used by (1) ET 2.60, (2) ...)
        - quake3 <itp> (bug #337937)
CVE-2006-2235 (CodeMunkyX (aka free-php.net) Simple Poll 1.0, when authentication is ...)
        NOT-FOR-US: Simple Poll
CVE-2006-2234 (Multiple cross-site scripting (XSS) vulnerabilities in TyroCMS beta ...)
        NOT-FOR-US: TyroCMS
CVE-2006-2233 (Buffer overflow in BankTown Client Control (aka BtCxCtl20Com) ...)
        NOT-FOR-US: BankTown Client Control
CVE-2006-2232 (Cross-site scripting (XSS) vulnerability in Scriptsez Cute Guestbook ...)
        NOT-FOR-US: Scriptsez Cute Guestbook
CVE-2006-2231 (Multiple cross-site scripting (XSS) vulnerabilities in addguest.cgi in ...)
        NOT-FOR-US: Big Webmaster Guestbook Script
CVE-2006-2230 (Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine ...)
        {DSA-1093-1}
        - xine-ui 0.99.4-2 (medium; bug #363370)
CVE-2006-2229 (OpenVPN 2.0.7 and earlier, when configured to use the --management ...)
        - openvpn <unfixed> (unimportant)
        NOTE: One needs to explicitly set the IP to something else than 127.0.0.1
        NOTE: in order to be vulnerable. The man page recommends not to do it.
CVE-2006-2228 (Cross-site scripting (XSS) vulnerability in w-Agora (aka Web-Agora) ...)
        NOT-FOR-US: Web-Agora
CVE-2006-2227 (Cross-site scripting (XSS) vulnerability in misc.php in PunBB 1.2.11 ...)
        NOT-FOR-US: PunBB
CVE-2006-2226 (Buffer overflow in XM Easy Personal FTP Server 4.2 allows remote ...)
        NOT-FOR-US: Easy Personal FTP Server
CVE-2006-2225 (Buffer overflow in XM Easy Personal FTP Server 4.3 and earlier allows ...)
        NOT-FOR-US: Easy Personal FTP Server
CVE-2006-2224 (RIPd in Quagga 0.98 and 0.99 before 20060503 does not properly enforce ...)
        {DSA-1059-1}
        - quagga 0.99.3-2 (bug #365940; medium)
CVE-2006-2223 (RIPd in Quagga 0.98 and 0.99 before 20060503 does not properly ...)
        {DSA-1059-1}
        - quagga 0.99.3-2 (bug #365940; medium)
CVE-2006-2222 (Buffer overflow in zawhttpd 0.8.23, and possibly previous versions, ...)
        NOT-FOR-US: zawhttpd
CVE-2006-2221 (A third-party installer generation tool, possibly BitRock ...)
        - ejabberd <not-affected> (only binary distribution is affected)
CVE-2006-2220
        RESERVED
CVE-2006-2219
        RESERVED
CVE-2006-2218 (Unspecified vulnerability in Internet Explorer 6.0 on Microsoft ...)
        NOT-FOR-US: MS IE
CVE-2006-2217 (SQL injection vulnerability in index.php in Invision Power Board ...)
        NOT-FOR-US: Invision Power Board
CVE-2006-2216 (Open Bulletin Board (OpenBB) 1.0.8 allows remote attackers to obtain ...)
        NOT-FOR-US: OpenBB
CVE-2006-2215 (Multiple cross-site scripting (XSS) vulnerabilities in Albinator 2.x ...)
        NOT-FOR-US: Albinator
CVE-2005-4797 (Directory traversal vulnerability in printd line printer daemon (lpd) ...)
        NOT-FOR-US: Solaris
CVE-2005-4796 (Unspecified vulnerability in the XView library (libxview.so) in ...)
        - xview <unfixed> (unimportant)
        NOTE: Is only relevant for suid binaries, but xview is not really suitable for
        NOTE: those anyway. Exact information is not available, but a similar problem
        NOTE: is already fixed in the Debian package.
CVE-2005-4795 (Unspecified vulnerability in the multi-language environment library ...)
        NOT-FOR-US: Solaris
CVE-2006-XXXX [pstotext insufficient filename sanitizing]
        - pstotext 1.9-3 (bug #356988; medium)
CVE-2006-XXXX [cyrus-imapd allows user probes]
        - cyrus-imapd-2.2 2.2.13-3
CVE-2006-2214 (Multiple SQL injection vulnerabilities in 4images 1.7.1 and earlier ...)
        NOT-FOR-US: 4images
CVE-2006-2213 (Hostapd 0.3.7-2 allows remote attackers to cause a denial of service ...)
        {DSA-1065-1}
        - hostapd 1:0.5.0-1 (bug #365897; high)
CVE-2006-2212 (Buffer overflow in KarjaSoft Sami FTP Server 2.0.2 and earlier allows ...)
        NOT-FOR-US: KarjaSoft Sami FTP Server
CVE-2006-2211 (Absolute path traversal vulnerability in index.php in 321soft ...)
        NOT-FOR-US: 321soft PhP-Gallery
CVE-2006-2210 (Cross-site scripting (XSS) vulnerability in index.php in 321soft ...)
        NOT-FOR-US: 321soft PhP-Gallery
CVE-2006-2209 (Multiple SQL injection vulnerabilities in index.php in PHP Arena ...)
        NOT-FOR-US: paCheckBook
CVE-2006-2208 (Multiple cross-site scripting (XSS) vulnerabilities in mynews.inc.php ...)
        NOT-FOR-US: paCheckBook
CVE-2006-2207
        RESERVED
CVE-2006-2206 (The MS-Logon authentication scheme in UltraVNC (aka Ultr@VNC) 1.0.1 ...)
        NOT-FOR-US: UltraVNC
CVE-2006-2205 (The audio_write function in NetBSD 3.0 allows local users to cause a ...)
        NOT-FOR-US: NetBSD kernel
CVE-2006-2204 (SQL injection vulnerability in the topic deletion functionality ...)
        NOT-FOR-US: Invision Power Board 
CVE-2006-2203 (Unspecified vulnerability in Kerio MailServer before 6.1.4 has unknown ...)
        NOT-FOR-US: Kerio MailServer
CVE-2006-2202 (SQL injection vulnerability in post.php in Invision Gallery 2.0.6 ...)
        NOT-FOR-US: Invision Gallery
CVE-2006-2201 (Unspecified vulnerability in CA Resource Initialization Manager ...)
        NOT-FOR-US: CA Resource Initialization Manager
CVE-2006-2200 (Stack-based buffer overflow in libmms, as used by (a) MiMMS 0.0.9 and ...)
        - libmms 0.2-7 (bug #374577; medium)
        - mimms 2.0.0-1 (bug #374577; medium)
        - xine-lib 1.1.2-2 (bug #374577; medium)
CVE-2006-2199 (Unspecified vulnerability in Java Applets in OpenOffice.org 1.1.x (aka ...)
        {DSA-1104}
        - openoffice.org 2.0.3-1
CVE-2006-2198 (OpenOffice.org (aka StarOffice) 1.1.x up to 1.1.5 and 2.0.x before ...)
        {DSA-1104}
        - openoffice.org 2.0.3-1
CVE-2006-2197 (Integer overflow in wv2 before 0.2.3 might allow context-dependent ...)
        {DSA-1100}
        - wv2 0.2.2-6 (medium)
CVE-2006-2196 (Unspecified vulnerability in pinball 0.3.1 allows local users to gain ...)
        {DSA-1102}
        - pinball 0.3.1-6
CVE-2006-2195 (Cross-site scripting (XSS) vulnerability in horde 3 (horde3) before ...)
        {DSA-1099-1 DSA-1098-1}
        - horde3 3.1.1-3
CVE-2006-2194 (The winbind plugin in pppd for ppp 2.4.4 and earlier does not check ...)
        {DSA-1106}
        - ppp 2.4.4rel-1 (medium)
CVE-2006-2193 (Buffer overflow in the t2p_write_pdf_string function in tiff2pdf in libtiff ...)
        {DSA-1091-1}
        - tiff 3.8.2-4 (bug #371064; medium)
CVE-2006-2191
        RESERVED
CVE-2006-2190 (Cross-site scripting (XSS) vulnerability in ow-shared.pl in ...)
        NOT-FOR-US: OpenWebMail
CVE-2006-2189 (SQL injection vulnerability in search.php in Servous sBLOG 0.7.2 ...)
        NOT-FOR-US: Servous sBLOG
CVE-2006-2188 (Multiple cross-site scripting (XSS) vulnerabilities in CMScout 1.10 ...)
        NOT-FOR-US: CMScout
CVE-2006-2187 (Multiple cross-site scripting (XSS) vulnerabilities in zenphoto 1.0.1 ...)
        NOT-FOR-US: zenphoto
CVE-2006-2186 (zenphoto 1.0.1 beta and earlier allow remote attackers to obtain ...)
        NOT-FOR-US: zenphoto
CVE-2006-2185 (PORTAL.NLM in Novell Netware 6.5 SP5 writes the username and password ...)
        NOT-FOR-US: Novell
CVE-2006-2184 (Cross-site scripting (XSS) vulnerability in search.php in PHPKB ...)
        NOT-FOR-US: PHPKB Knowledge Base
CVE-2006-2183 (Untrusted search path vulnerability in Truecrypt 4.1, when running ...)
        NOT-FOR-US: Truecrypt
CVE-2006-2182 (Multiple PHP remote file inclusion vulnerabilities in (1) eday.php, ...)
        NOT-FOR-US: albinator
CVE-2006-2181 (Multiple cross-site scripting (XSS) vulnerabilities in albinator 2.0.8 ...)
        NOT-FOR-US: albinator
CVE-2006-2180 (Buffer overflow in Golden FTP Server Pro 2.70 allows remote attackers ...)
        NOT-FOR-US: Golden FTP Server Pro
CVE-2006-2179 (Multiple SQL injection vulnerabilities in CyberBuild allow remote ...)
        NOT-FOR-US: CyberBuild
CVE-2006-2178 (Multiple cross-site scripting (XSS) vulnerabilities in CyberBuild ...)
        NOT-FOR-US: CyberBuild
CVE-2006-2177 (Cross-site scripting (XSS) vulnerability in viewcat.php in geoBlog 1.0 ...)
        NOT-FOR-US: geoBlog
CVE-2006-2176 (Multiple cross-site scripting (XSS) vulnerabilities in links.php in ...)
        NOT-FOR-US: PHP Linkliste
CVE-2006-2175 (PHP remote file inclusion vulnerability in FtrainSoft Fast Click 2.3.8 ...)
        NOT-FOR-US: Fast Click
CVE-2006-2174 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
        NOT-FOR-US: Virtual Hosting Control System (VHCS)
CVE-2006-2173 (Buffer overflow in FileZilla FTP Server allows remote authenticated ...)
        NOT-FOR-US: FileZilla FTP Server
CVE-2006-2172 (Buffer overflow in Gene6 FTP Server 3.1.0 allows remote authenticated ...)
        NOT-FOR-US: Gene6 FTP Server
CVE-2006-2171 (Buffer overflow in WDM.exe in WarFTPD allows remote attackers to ...)
        NOT-FOR-US: WarFTPD
CVE-2006-2170 (Buffer overflow in ArgoSoft FTP Server allows remote attackers to ...)
        NOT-FOR-US: ArgoSoft FTP Server
CVE-2006-2169 (RT: Request Tracker 3.5.HEAD allows remote attackers to obtain ...)
        - request-tracker3.4 <not-affected> (file not included in 3.4)
CVE-2006-2168 (FileProtection Express 1.0.1 and earlier allows remote attackers to ...)
        NOT-FOR-US: FileProtection Express
CVE-2006-2167 (Cross-site scripting (XSS) vulnerability in SloughFlash SF-Users 1.0, ...)
        NOT-FOR-US: SloughFlash
CVE-2006-2166 (Unspecified vulnerability in the HTTP management interface in Cisco ...)
        NOT-FOR-US: Cisco
CVE-2006-2165 (Multiple cross-site scripting (XSS) vulnerabilities in Avactis ...)
        NOT-FOR-US: Avactis
CVE-2006-2164 (Multiple SQL injection vulnerabilities in Avactis Shopping Cart 0.1.2 ...)
        NOT-FOR-US: Avactis
CVE-2006-2163 (Cross-site scripting (XSS) vulnerability in index.php in Pinnacle Cart ...)
        NOT-FOR-US: Pinnacle
CVE-2006-2162 (Buffer overflow in CGI scripts in Nagios 1.x before 1.4 and 2.x before ...)
        {DSA-1072-1}
        - nagios 2:1.4-1 (bug #366682; bug #366803; medium)
        - nagios2 2.3-1 (bug #366683; medium)
CVE-2006-2161 (Buffer overflow in (1) TZipBuilder 1.79.03.01, (2) Abakt 0.9.2 and ...)
        NOT-FOR-US: TZipBuilder/Abakt
CVE-2006-2160 (Cross-site scripting (XSS) vulnerability in Russcom Network Loginphp ...)
        NOT-FOR-US: Russcom
CVE-2006-2159 (CRLF injection vulnerability in help.php in Russcom Network Loginphp ...)
        NOT-FOR-US: Russcom
CVE-2006-2158 (Dynamic variable evaluation vulnerability in index.php in Stadtaus ...)
        NOT-FOR-US: Stadtaus
CVE-2006-2157 (SQL injection vulnerability in gallery.php in Plogger Beta 2.1 and ...)
        NOT-FOR-US: Plogger
CVE-2006-2156 (Directory traversal vulnerability in help/index.php in X7 Chat 2.0 and ...)
        NOT-FOR-US: X7 Chat
CVE-2006-2155 (EMC Retrospect for Windows 6.5 before 6.5.382, 7.0 before 7.0.344, and ...)
        NOT-FOR-US: EMC Retrospect
CVE-2006-2154 (EMC Retrospect for Windows 6.5 before 6.5.382, 7.0 before 7.0.344, and ...)
        NOT-FOR-US: EMC Retrospect
CVE-2006-2153 (Cross-site scripting (XSS) vulnerability in HTM_PASSWD in DirectAdmin ...)
        NOT-FOR-US: DirectAdmin
CVE-2006-2152 (PHP remote file inclusion vulnerability in admin/addentry.php in phpBB ...)
        NOT-FOR-US: phpBB Advanced Guestbook
CVE-2006-2151 (PHP remote file inclusion vulnerability in toplist.php in phpBB ...)
        NOT-FOR-US: phpBB TopList
CVE-2006-2150 (PHP remote file inclusion vulnerability in top/list.php in phpBB ...)
        NOT-FOR-US: phpBB TopList
CVE-2006-2149 (PHP remote file inclusion vulnerability in sources/lostpw.php in ...)
        NOT-FOR-US: Aardvark Topsites
CVE-2006-2147 (resmgrd in resmgr for SUSE Linux and other distributions does not ...)
        {DSA-1047-1}
        - resmgr 1.0-4 (low)
CVE-2006-2146 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
        NOT-FOR-US: HB-NS
CVE-2006-2145 (Multiple SQL injection vulnerabilities in index.php in HB-NS 1.1.6 ...)
        NOT-FOR-US: HB-NS
CVE-2006-2144 (PHP remote file inclusion vulnerability in kopf.php in DMCounter ...)
        NOT-FOR-US: DMCounter
CVE-2006-2143 (Multiple cross-site scripting (XSS) vulnerabilities in TextFileBB ...)
        NOT-FOR-US: TextFileBB
CVE-2006-2142 (PHP remote file inclusion vulnerability in classes/adodbt/sql.php in ...)
        NOT-FOR-US: Limbo
CVE-2006-2141 (Cross-site scripting (XSS) vulnerability in popup_image in ...)
        NOT-FOR-US: Collaborative Portal Server
CVE-2006-2140 (Multiple cross-site scripting (XSS) vulnerabilities in OrbitHYIP 2.0 ...)
        NOT-FOR-US: OrbitHYIP
CVE-2006-2139 (Multiple SQL injection vulnerabilities in PHP Newsfeed 20040723 allow ...)
        NOT-FOR-US: PHP Newsfeed
CVE-2006-2138 (Cross-site scripting (XSS) vulnerability in neomail.pl in NeoMail 1.29 ...)
        NOT-FOR-US: NeoMail
CVE-2006-2137 (PHP remote file inclusion vulnerability in master.php in OpenPHPNuke ...)
        NOT-FOR-US: OpenPHPNuke
CVE-2006-2136 (SQL injection vulnerability in news.php in AZNEWS allows remote ...)
        NOT-FOR-US: AZNEWS
CVE-2006-2135 (SQL injection vulnerability in login.php in Ruperts News allows remote ...)
        NOT-FOR-US: Ruperts News
CVE-2006-2134 (PHP remote file inclusion vulnerability in /includes/kb_constants.php ...)
        NOT-FOR-US: phpbb2 mod
CVE-2005-4794 (Cisco IP Phones 7902/7905/7912, ATA 186/188, Unity Express, ACNS, and ...)
        NOT-FOR-US: Cisco
CVE-2006-2148 (Multiple buffer overflows in client.c in CGI:IRC (CGIIRC) before 0.5.8 ...)
        {DSA-1052-1}
        - cgiirc 0.5.9-1 (bug #365680; medium)
        [sarge] - cgiirc 0.5.4-6sarge1 (bug #365680; medium)
CVE-2006-2133 (SQL injection vulnerability in index.php in BoonEx Barracuda 1.1 and ...)
        NOT-FOR-US: BoonEx Barracuda
CVE-2006-2132 (SQL injection vulnerability in detail.asp in DUclassified allows ...)
        NOT-FOR-US: DUclassified
CVE-2006-2131 (include/class_poll.php in Advanced Poll 2.0.4 uses the ...)
        NOT-FOR-US: Advanced Poll
CVE-2006-2130 (SQL injection vulnerability in include/class_poll.php in Advanced Poll ...)
        NOT-FOR-US: Advanced Poll
CVE-2006-2129 (Direct static code injection vulnerability in Pro Publish 2.0 allows ...)
        NOT-FOR-US: Pro Publish
CVE-2006-2128 (Multiple SQL injection vulnerabilities in Pro Publish 2.0 allow remote ...)
        NOT-FOR-US: Pro Publish
CVE-2006-2127 (SQL injection vulnerability in weblog_posting.php in Blog Mod 0.2.x ...)
        NOT-FOR-US: Blog Mod
CVE-2006-2126 (SQL injection vulnerability in pocategories.php in MaxTrade 1.0.1 and ...)
        NOT-FOR-US: MaxTrade
CVE-2006-2125
        REJECTED
CVE-2006-2124 (Multiple cross-site scripting (XSS) vulnerabilities in SunShop 3.5 and ...)
        NOT-FOR-US: SunShop
CVE-2006-2123 (Multiple SQL injection vulnerabilities in the report interface in ...)
        NOT-FOR-US: Network Administration Visualiazed
CVE-2006-2122 (PHP remote file inclusion vulnerability in index.php in CoolMenus allows ...)
        NOT-FOR-US: CoolMenus
CVE-2006-2121 (PHP remote file include vulnerability in admin/config_settings.tpl.php ...)
        NOT-FOR-US: I-RATER Platinum
CVE-2006-2120 (The TIFFToRGB function in libtiff before 3.8.1 allows remote attackers ...)
        {DSA-1078-1}
        - tiff 3.8.1 (bug #366588; medium)
CVE-2006-2119 (PHP remote file inclusion vulnerability in event/index.php in Artmedic ...)
        NOT-FOR-US: Artmedic
CVE-2006-2118 (JMK's Picture Gallery allows remote attackers to bypass authentication ...)
        NOT-FOR-US: JMK
CVE-2006-2117 (Cross-site scripting (XSS) vulnerability in Thyme 1.3 allows remote ...)
        NOT-FOR-US: Thyme
CVE-2006-2116 (planetGallery allows remote attackers to gain administrator privileges ...)
        NOT-FOR-US: planetGallery
CVE-2006-2115 (Format string vulnerability in SWS web Server 0.1.7 allows remote ...)
        NOT-FOR-US: SWS
CVE-2006-2114 (Buffer overflow in SWS web Server 0.1.7 allows remote attackers to ...)
        NOT-FOR-US: SWS
CVE-2006-2113 (The embedded HTTP server in Fuji Xerox Printing Systems (FXPS) print ...)
        NOT-FOR-US: Fuji Xerox Printing Systems
CVE-2006-2112 (Fuji Xerox Printing Systems (FXPS) print engine, as used in products ...)
        NOT-FOR-US: Fuji Xerox Printing Systems
CVE-2006-2111 (Microsoft Internet Explorer 6.0 on Windows XP SP2, and possibly other ...)
        NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-2110 (Virtual Private Server (Vserver) 2.0.x before 2.0.2-rc18 and 2.1.x ...)
        {DSA-1060-1}
        - kernel-patch-vserver 2:2.0.1-4 (low)
        - linux-2.6 2.6.16-11 (low)
CVE-2006-2109 (Cross-site scripting (XSS) vulnerability in the parse_query_str ...)
        NOTE: #357204: request for removal
        - jsboard 2.0.10-2 (bug #368305; low)
CVE-2006-2108 (parser.exe in Oc&#233; (OCE) 3121/3122 Printer allows remote attackers to ...)
        NOT-FOR-US: OCE
CVE-2006-2107 (Buffer overflow in BL4 SMTP Server 0.1.4 and earlier allows remote ...)
        NOT-FOR-US: BL4
CVE-2006-2106 (Cross-site scripting (XSS) vulnerability in Edgewall Software Trac ...)
        - trac 0.9.5-1 (medium)
        [sarge] - trac <unfixed> (medium)
        NOTE: http://trac.edgewall.org/changeset/3201
        NOTE: http://trac.edgewall.org/changeset/3287
        NOTE: the second reference fixes a regression in the first.  i *believe*
        NOTE: that these correctly solve the problem, though we really ought
        NOTE: to run this by upstream or the reporter.
CVE-2006-2105 (Directory traversal vulnerability in index.php in Jupiter CMS 1.1.4 ...)
        NOT-FOR-US: Jupiter
CVE-2006-2104 (Multiple cross-site scripting (XSS) vulnerabilities in Kamgaing Email ...)
        NOT-FOR-US: Kamgaing 
CVE-2006-2103 (SQL injection vulnerability in MyBB (MyBulletinBoard) 1.1.1 allows ...)
        NOT-FOR-US: MyBB
CVE-2006-2102 (Directory traversal vulnerability in PowerISO 2.9 allows remote ...)
        NOT-FOR-US: PowerISO
CVE-2006-2101 (Directory traversal vulnerability in WinISO 5.3 allows remote ...)
        NOT-FOR-US: WinISO
CVE-2006-2100 (Directory traversal vulnerability in Magic ISO 5.0 Build 0166 allows ...)
        NOT-FOR-US: Magic ISO
CVE-2006-2099 (Directory traversal vulnerability in UltraISO 8.0.0.1392 allows remote ...)
        NOT-FOR-US: UltraISO
CVE-2006-2098 (PHP remote file inclusion vulnerability in Thumbnail AutoIndex before ...)
        NOT-FOR-US: Thumbnail AutoIndex
CVE-2006-2097 (SQL injection vulnerability in func_msg.php in Invision Power Board ...)
        NOT-FOR-US: Invision
CVE-2006-2096 (plug.php in Land Down Under (LDU) 802 and earlier allows remote ...)
        NOT-FOR-US: LDU
CVE-2006-2095 (Phex before 2.8.6 allows remote attackers to cause a denial of service ...)
        NOT-FOR-US: Phex
CVE-2006-2094 (Microsoft Internet Explorer before Windows XP Service Pack 2 and ...)
        NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-2093 (Nessus before 2.2.8, and 3.x before 3.0.3, allows user-assisted ...)
        - libnasl 2.2.8-1 (bug #365898; low)
        [sarge] - libnasl <no-dsa> (Hardly exploitable, see #365898)
CVE-2006-2092 (Unspecified vulnerability in HP StorageWorks Secure Path for Windows ...)
        NOT-FOR-US: HP
CVE-2006-2091 (admin.php in Virtual War (VWar) 1.5 and versions before 1.2 allows ...)
        NOT-FOR-US: Virtual War
CVE-2006-2090 (Multiple SQL injection vulnerabilities in misc.php in MySmartBB 1.1.x ...)
        NOT-FOR-US: MySmartBB
CVE-2006-2089 (Multiple cross-site scripting (XSS) vulnerabilities in misc.php in ...)
        NOT-FOR-US: OpenBB
CVE-2006-2088 (Multiple cross-site scripting (XSS) vulnerabilities in Devsyn Open ...)
        NOT-FOR-US: OpenBB
CVE-2006-2087 (The Gmax Mail client in Hitachi Groupmax before 20060426 allows remote ...)
        NOT-FOR-US: Hitachi Groupmax
CVE-2006-2086 (Buffer overflow in JuniperSetupDLL.dll, loaded from JuniperSetup.ocx ...)
        NOT-FOR-US: juniper SSL-VPN
CVE-2006-2085 (Multiple buffer overflows in (1) CxAce60.dll and (2) CxAce60u.dll in ...)
        NOT-FOR-US: SpeedProject Squeez
CVE-2006-2084 (Multiple cross-site scripting (XSS) vulnerabilities in FarsiNews 2.5.3 ...)
        NOT-FOR-US: FarsiNews
CVE-2006-2083 (Integer overflow in the receive_xattr function in the extended ...)
        - rsync 2.6.8-1 (bug #365614; high)
        [sarge] - rsync <not-affected> (xattr patch appeared in 2.6.7)
        [woody] - rsync <not-affected> (xattr patch appeared in 2.6.7)
CVE-2006-2082 (Directory traversal vulnerability in Quake 3 engine, as used in ...)
        - quake3 <itp> (bug #337937)
CVE-2006-2081 (Oracle Database Server 10g Release 2 allows local users to execute ...)
        NOT-FOR-US: Oracle
CVE-2006-2080 (SQL injection vulnerability in portfolio_photo_popup.php in Verosky ...)
        NOT-FOR-US: Verosky
CVE-2006-2079 (Cross-site scripting (XSS) vulnerability in portfolio.php in Verosky ...)
        NOT-FOR-US: Verosky
CVE-2006-2078 (Multiple unspecified vulnerabilities in multiple FITELnet products, ...)
        NOT-FOR-US: FITELnet
CVE-2006-2077 (Buffer overflow in Paul Rombouts pdnsd before 1.2.4 has unknown impact ...)
        - pdnsd 1.2.4par-0.1 (bug #368268; high)
CVE-2006-2076 (Memory leak in Paul Rombouts pdnsd before 1.2.4 allows remote ...)
        - pdnsd 1.2.4par-0.1 (bug #368268; high)
CVE-2006-2075 (Unspecified vulnerability in MyDNS 1.1.0 allows remote attackers to ...)
        [sarge] - mydns 1.0.0-4sarge1
        - mydns 1.1.0+pre-3 (medium; bug #348826)       
CVE-2006-2074 (Unspecified vulnerability in Juniper Networks JUNOSe E-series routers ...)
        NOT-FOR-US: Juniper Networks JUNOSe
CVE-2006-2073 (Unspecified vulnerability in ISC BIND allows remote attackers to cause ...)
        - bind9 <unfixed> (low)
        [sarge] - bind9 <no-dsa> (Only exploitable by trusted users after TSIG transaction)
CVE-2006-2072 (Multiple unspecified vulnerabilities in DeleGate 9.x before 9.0.6 and ...)
        NOT-FOR-US: DeleGate
CVE-2005-4793 (Multiple unspecified vulnerabilities in the web utility function in ...)
        NOT-FOR-US: Hitachi
CVE-2005-4792 (SQL injection vulnerability in index.php in Appalachian State ...)
        NOT-FOR-US: phpWebSite
CVE-2004-2659 (Opera offers an Open button to verify that a user wishes to execute a ...)
        NOT-FOR-US: Opera
CVE-2006-2071 (Linux kernel 2.4.x and 2.6.x up to 2.6.16 allows local users to bypass ...)
        - linux-2.6 2.6.16-8
CVE-2006-2070 (Cross-site scripting (XSS) vulnerability in member.php in DevBB 1.0.0 ...)
        NOT-FOR-US: DevBB
CVE-2006-2069 (The recursor in PowerDNS before 3.0.1 allows remote attackers to cause ...)
        - pdns-recursor 3.0.1-1 (medium)
CVE-2006-2068 (Unspecified vulnerability in Hitachi JP1 products allow remote ...)
        NOT-FOR-US: Hitachi JP1
CVE-2006-2067 (SQL injection vulnerability in vb_board_functions.php in MKPortal 1.1, ...)
        NOT-FOR-US: MKPortal
CVE-2006-2066 (Multiple cross-site scripting (XSS) vulnerabilities pm_popup.php in ...)
        NOT-FOR-US: MKPortal
CVE-2006-2065 (SQL injection vulnerability in save.php in PHPSurveyor 0.995 and ...)
        NOT-FOR-US: PHPSurveyor
CVE-2006-2064 (Unspecified vulnerability in the libpkcs11 library in Sun Solaris 10 ...)
        NOT-FOR-US: Sun
CVE-2006-2063 (Multiple cross-site scripting (XSS) vulnerabilities in Leadhound Full ...)
        NOT-FOR-US: Leadhound
CVE-2006-2062 (Multiple SQL injection vulnerabilities in Leadhound Full and LITE 2.1, ...)
        NOT-FOR-US: Leadhound
CVE-2006-2061 (SQL injection vulnerability in lib/func_taskmanager.php in Invision ...)
        NOT-FOR-US: Invision
CVE-2006-2060 (Directory traversal vulnerability in action_admin/paysubscriptions.php ...)
        NOT-FOR-US: Invision
CVE-2006-2059 (action_public/search.php in Invision Power Board (IPB) 2.1.x and 2.0.x ...)
        NOT-FOR-US: Invision
CVE-2006-2058 (Argument injection vulnerability in Avant Browser 10.1 Build 17 allows ...)
        NOT-FOR-US: Avant
CVE-2006-2057 (Argument injection vulnerability in Mozilla Firefox 1.0.6 allows ...)
        NOT-FOR-US: Only on Windows
CVE-2006-2056 (Argument injection vulnerability in Internet Explorer 6 for Windows XP ...)
        NOT-FOR-US: Microsoft
CVE-2006-2055 (Argument injection vulnerability in Micrsoft Outlook 2003 SP1 allows ...)
        NOT-FOR-US: Micrsoft Outlook
CVE-2006-2054 (3Com Baseline Switch 2848-SFP Plus Model #3C16486 with firmware before ...)
        NOT-FOR-US: 3Com
CVE-2006-2053 (Multiple SQL injection vulnerabilities in QuickEStore 7.9 and earlier ...)
        NOT-FOR-US: QuickEStore
CVE-2006-2052 (Cross-site scripting (XSS) vulnerability in Verosky Media Instant ...)
        NOT-FOR-US: Verosky
CVE-2006-2051 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
        NOT-FOR-US: NextAge
CVE-2006-2050 (SQL injection vulnerability in dcboard.cgi in DCScripts DCForumLite ...)
        NOT-FOR-US: DCScripts
CVE-2006-2049 (Cross-site scripting (XSS) vulnerability in dcboard.cgi in DCScripts ...)
        NOT-FOR-US: DCScripts
CVE-2006-2048 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
        NOT-FOR-US: phpWebFTP
CVE-2006-2047 (Application Dynamics Cartweaver ColdFusion 2.16.11 and earlier allows ...)
        NOT-FOR-US: ColdFusion
CVE-2006-2046 (Multiple SQL injection vulnerabilities in Application Dynamics ...)
        NOT-FOR-US: ColdFusion
CVE-2006-2045 (The (1) shadow password file in na-img-4.0.34.bin for the IP3 Networks ...)
        NOT-FOR-US: IP3
CVE-2006-2044 (na-img-4.0.34.bin for the IP3 Networks NetAccess NA75 has a default ...)
        NOT-FOR-US: IP3
CVE-2006-2043 (na-img-4.0.34.bin for the IP3 Networks NetAccess NA75 allows local ...)
        NOT-FOR-US: IP3
CVE-2006-2042 (Adobe Dreamweaver 8 before 8.0.2 and MX 2004 can generate code that ...)