CAN-2005-0032 NOTE: reserved CAN-2005-0031 NOTE: reserved CAN-2005-0030 NOTE: reserved CAN-2005-0029 NOTE: reserved CAN-2005-0028 NOTE: reserved CAN-2005-0027 NOTE: reserved CAN-2005-0026 NOTE: reserved CAN-2005-0025 NOTE: reserved CAN-2005-0024 NOTE: reserved CAN-2005-0023 NOTE: reserved CAN-2005-0022 (Buffer overflow in the spa_base64_to_bits function in Exim before ...) - exim4 4.34-10 CAN-2005-0021 (Buffer overflow in the host_aton function in Exim before 4.43 may ...) {DSA-635-1} CAN-2005-0020 NOTE: reserved CAN-2005-0019 NOTE: reserved CAN-2005-0018 NOTE: reserved CAN-2005-0017 NOTE: reserved CAN-2005-0016 NOTE: reserved CAN-2005-0015 NOTE: reserved CAN-2005-0014 NOTE: reserved CAN-2005-0013 NOTE: reserved CAN-2005-0012 NOTE: reserved - dillo 0.8.3-1 CAN-2005-0011 NOTE: reserved CAN-2005-0010 NOTE: reserved CAN-2005-0009 NOTE: reserved CAN-2005-0008 NOTE: reserved CAN-2005-0007 NOTE: reserved CAN-2005-0006 NOTE: reserved CAN-2005-0005 NOTE: reserved CAN-2005-0004 NOTE: reserved CAN-2005-0003 NOTE: reserved CAN-2005-0002 NOTE: reserved CAN-2005-0001 NOTE: reserved NOTE: bug in i386 SMP page fault handler, local root (bugtraq) TODO: check with kernel team CAN-2004-1339 (SQL injection vulnerability in the (1) MDSYS.SDO_GEOM_TRIG_INS1 and ...) NOTE: not-for-us (oracle) CAN-2004-1338 (The triggers in Oracle 9i and 10g allow local users to gain privileges ...) NOTE: not-for-us (oracle) CAN-2004-1337 (The POSIX Capability Linux Security Module (LSM) for Linux kernel 2.6 ...) NOTE: joeyh: we're mostly not vulnerable, because the module is generally loaded from the initrd (or very early on at some point) TODO: re-check with kernel team re fix NOTE: apparent it only affects 2.6 CAN-2004-1336 (The xdvizilla script in tetex-bin 2.0.2 creates temporary files with ...) - tetex-bin 2.0.2-25 CAN-2004-1335 (Memory leak in the ip_options_get function in the Linux kernel before ...) - kernel-source-2.6.8 2.6.8-11 TODO: what about 2.4? Vulnerable according to advisory. CAN-2004-1334 (Integer overflow in the ip_options_get function in the Linux kernel ...) TODO: re-check with kernel team (was unfixed before) CAN-2004-1333 (Integer overflow in the vc_resize function in the Linux kernel 2.4 and ...) - kernel-source-2.6.8 2.6.8-11 TODO: what about 2.4? CAN-2004-1332 (Stack-based buffer overflow in the FTP daemon in HP-UX 11.11i, with ...) NOTE: not-for-us (hpux) CAN-2004-1331 (The execCommand method in Microsoft Internet Explorer 6.0 SP2 allows ...) NOTE: not-for-us (microsoft) CAN-2004-1330 (Buffer overflow in paginit in AIX 5.1 through 5.3 allows local users ...) NOTE: not-for-us (AIX) CAN-2004-1329 (Untrusted execution path vulnerability in the diag commands (1) ...) NOTE: not-for-us (AIX) CAN-2004-1328 (Unknown vulnerability in newgrp in HP-UX B.11.00, B.11.04, and B.11.11 ...) NOTE: not-for-us (hpux) CAN-2004-1327 (Buffer overflow in Crystal FTP Client 2.8 allows remote malicious ...) NOTE: not-for-us (Crystal FTP client) CAN-2004-1326 (Buffer overflow in dxterm in Ultrix 4.5 allows local users to execute ...) NOTE: not-for-us (Ultrix) CAN-2004-1325 (The getItemInfoByAtom function in the ActiveX control for Microsoft ...) NOTE: not-for-us (Microsoft) CAN-2004-1324 (The Microsoft Windows Media Player 9.0 ActiveX control may allow ...) NOTE: not-for-us (Microsoft) CAN-2004-1323 (Multiple syscalls in the compat subsystem for NetBSD before 2.0 allow ...) NOTE: not-for-us (Netbsd) CAN-2004-1322 (Cisco Unity 2.x, 3.x, and 4.x, when integrated with Microsoft ...) NOTE: not-for-us (Microsoft/Cisco) CAN-2004-1321 (The configuration backup in Asante FM2008 running firmware 1.06 stores ...) NOTE: not-for-us (Asante FM2008) CAN-2004-1320 (Asante FM2008 running firmware 1.06 is shipped with a default username ...) NOTE: not-for-us (Asante FM2008) CAN-2004-1319 (The DHTML Edit Control (dhtmled.ocx) in Internet Explorer ...) NOTE: not-for-us (MSIE) CAN-2004-1318 (Cross-site scripting (XSS) vulnerability in namazu.cgi for Namazu ...) {DSA-627-1} - namuzu2 2.0.14 CAN-2004-1317 (Stack-based buffer overflow in doexec.c in Netcat for Windows 1.1, ...) NOTE: apparently only affects netcat in windows CAN-2004-1316 (Heap-based buffer overflow in MSG_UnEscapeSearchUrl in ...) - mozilla-browser 2:1.7.5-1 CAN-2004-1315 (viewtopic.php in phpBB 2.x before 2.0.11 improperly URL decodes the ...) - phpbb2 2.0.10-3 CAN-2004-1314 (Safari 1.x allows remote attackers to spoof arbitrary web sites by ...) NOTE: not-for-us (MacOS) CAN-2004-1313 (The Smc.exe process in My Firewall Plus 5.0 build 1117, and possibly ...) NOTE: not-for-us (My Firewall Plus) CAN-2004-1312 (A bug in the HTML parser in a certain Microsoft HTML library, as used ...) NOTE: not-for-us (Microsoft) CAN-2004-1311 (Integer overflow in the real_setup_and_get_header function in real.c ...) NOTE: not-for-us (mplayer) CAN-2004-1310 (Stack-based buffer overflow in the asf_mmst_streaming.c functionality ...) NOTE: not-for-us (mplayer) CAN-2004-1309 (Heap-based buffer overflow in the demux_open_bmp function in ...) NOTE: not-for-us (mplayer) CAN-2004-1308 (Integer overflow in (1) tif_dirread.c and (2) tif_fax3.c for libtiff ...) {DSA-617-1} - libtiff4 3.6.1-4 TODO: other packages containing libtiff code may be vulnerable (kfax?) CAN-2004-1307 NOTE: reserved CAN-2004-1306 NOTE: reserved CAN-2004-1305 (The Windows Animated Cursor (ANI) in Windows NT, Windows 2000 through ...) NOTE: not-for-us (Microsoft) CAN-2004-1304 (Stack-based buffer overflow in the ELF header parsing code in file ...) - file 4.12 CAN-2004-1303 (Buffer overflow in the get function in get.c for Yanf 0.4 allows ...) NOTE: not-for-us (Yanf) CAN-2004-1302 (The id3tag_sort function in id3tag.c for YAMT 0.5 allows remote ...) NOTE: not-for-us (YAMT) CAN-2004-1301 (Buffer overflow in the book_format_sql function in format.c for ...) NOTE: not-for-us (xlreader) CAN-2004-1300 (Buffer overflow in the open_aiff_file function in demux_aiff.c for ...) - xine-lib 1-rc8-1 CAN-2004-1299 (Buffer overflow in the get_attr function in html.c for vilistextum ...) NOTE: not-for-us (vilistextum) CAN-2004-1298 (Buffer overflow in the parse function in vb2c.c for vb2c 0.02 allows ...) NOTE: not-for-us (vb2c) CAN-2004-1297 (Buffer overflow in the process_font_table function in convert.c for ...) - unrtf 0.19.3-1.1 CAN-2004-1296 (The (1) eqn2graph and (2) pic2graph scripts in groff 1.18.1 allow ...) - groff 1.18.1.1-5 CAN-2004-1295 (The slip_down function in slip.c for the uml_net program in ...) NOTE: uml_net is only executable by users in group uml-net in Debian NOTE: uml-utilities-20040406 does not seem to be vulnerable, tried exploit CAN-2004-1294 (The mget function in cmds.c for tnftp 20030825 allows remote FTP ...) - tnftp (unfixed; bug #285902) CAN-2004-1293 (Buffer overflow in the ReadFontTbl function in reader.c for ...) NOTE: not-for-us (rtf2latex2e) CAN-2004-1292 (Buffer overflow in the parse_emelody function in parse_emelody.c for ...) NOTE: not-for-us (ringtonetools) CAN-2004-1291 (Buffer overflow in qwik-smtpd allows remote attackers to use the ...) NOTE: not-for-us (qwik-smtpd) CAN-2004-1290 (Buffer overflow in the process_moves function in pgn2web.c for pgn2web ...) NOTE: not-for-us (pgn2web) CAN-2004-1289 (Multiple buffer overflows in (1) the getline function in pcalutil.c ...) {DSA-625-1} - pcal 4.8.0-1 CAN-2004-1288 (Buffer overflow in the parse_html function in o3read.c for o3read ...) NOTE: not-for-us (o3read) CAN-2004-1287 (Buffer overflow in the error function in preproc.c for NASM 0.98.38 ...) {DSA-623-1} - nasm 0.98.38-1.1 CAN-2004-1286 (Buffer overflow in the auto_filter_extern function in auto.c for ...) NOTE: not-for-us (NapShare) CAN-2004-1285 (Buffer overflow in the get_header function in asf_mmst_streaming.c for ...) NOTE: not-for-us (mplayer) CAN-2004-1284 (Buffer overflow in the find_next_file function in playlist.c for ...) - mpg123 0.59r-18 CAN-2004-1283 (Buffer overflow in the Mesh::type method in mesh.c for the mview ...) NOTE: not-for-us (mview) CAN-2004-1282 (Buffer overflow in the strexpand function in string.c for LinPopUp ...) {DSA-632-1} - linpopup 1.2.0-7 CAN-2004-1281 (The ftp_retr function in junkie 0.3.1 allows remote malicious FTP ...) NOTE: not-for-us (junkie) CAN-2004-1280 (The gui_popup_view_fly function in gui_tview_popup.c for junkie 0.3.1 ...) NOTE: not-for-us (junkie) CAN-2004-1279 (Buffer overflow in the get_file_list_stdin function in jpegtoavi 1.5 ...) NOTE: not-for-us (jpegtoavi) CAN-2004-1278 (Buffer overflow in the switch_voice function in parse.c for jcabc2ps ...) NOTE: not-for-us (jcabc2ps) CAN-2004-1277 (The download_selection_recursive() function in ftplist.c for IglooFTP ...) NOTE: not-for-us (IglooFTP) CAN-2004-1276 (IglooFTP 0.6.1, when recursively uploading a directory, allows local ...) NOTE: not-for-us (IglooFTP) CAN-2004-1275 (Buffer overflow in the remove_quote function in convert.c for ...) NOTE: not-for-us (html2hdml) CAN-2004-1274 (The DownloadLoop function in main.c for greed 0.81p allows remote ...) NOTE: not-for-us (greed) NOTE: not the game in debian, the file download tool CAN-2004-1273 (Buffer overflow in the DownloadLoop function in main.c for greed 0.81p ...) NOTE: not-for-us (greed) NOTE: not the game in debian, the file download tool CAN-2004-1272 (Buffer overflow in the save_embedded_address function in filter.c for ...) - filter 2.4.2-1.1 CAN-2004-1271 (Buffer overflow in the dxfin function in d.c for dxfscope 0.2 allows ...) NOTE: not-for-us (dxfscope) CAN-2004-1270 (lppasswd in CUPS 1.1.22, when run in environments that do not ensure ...) - cupsys 1.1.22-2 CAN-2004-1269 (lppasswd in CUPS 1.1.22 does not remove the passwd.new file if it ...) - cupsys 1.1.22-2 CAN-2004-1268 (lppasswd in CUPS 1.1.22 ignores write errors when modifying the CUPS ...) - cupsys 1.1.22-2 CAN-2004-1267 (Buffer overflow in the ParseCommand function in hpgl-input.c in the ...) - cupsys 1.1.22-2 CAN-2004-1266 (Buffer overflow in the get_field_headers function in csv2xml.cpp for ...) NOTE: not-for-us (csv2xml) CAN-2004-1265 (Buffer overflow in the readObjectChunk function in 3dsimp.cpp for the ...) NOTE: not-for-us (Convex) CAN-2004-1264 (Buffer overflow in the simplify_path function in config.c for ChBg 1.5 ...) - chbg 1.5-4 CAN-2004-1263 (changepassword.cgi in ChangePassword 0.8, when installed setuid, ...) NOTE: not-for-us (ChangePassword):w CAN-2004-1262 (Buffer overflow in the bsb_open_header function in libbsb for bsb2ppm ...) NOTE: not-for-us (bsb2ppm) CAN-2004-1261 (Multiple buffer overflows in the preparse function in asp2php 0.76.23 ...) NOTE: not-for-us (asp2php) CAN-2004-1260 (Multiple buffer overflows in the (1) write_heading function in ...) NOTE: not-for-us (abctab2ps) CAN-2004-1259 (Multiple buffer overflows in the handle_directive function in abcpp.c ...) NOTE: not-for-us (abcpp) CAN-2004-1258 (Buffer overflow in the put_words function in subs.c for abcm2ps 3.7.20 ...) - abcm2ps 4.8.5-1 CAN-2004-1257 (Buffer overflow in the process_abc function in abc.c for abc2mtex ...) NOTE: not-for-us (abc2mtex) CAN-2004-1256 (Multiple buffer overflows in the (1) event_text and (2) event_specific ...) - abcmidi 20050101-1 CAN-2004-1255 (Buffer overflow in the expandtabs function in 2fax 3.04 allows remote ...) NOTE: not-for-us (2fax) CAN-2004-1254 (WinRAR 3.40, and possibly earlier versions, allows remote attackers to ...) NOTE: not-for-us (WinRAR) CAN-2004-1253 NOTE: reserved CAN-2004-1252 NOTE: reserved CAN-2004-1251 NOTE: reserved CAN-2004-1250 NOTE: reserved CAN-2004-1249 NOTE: reserved CAN-2004-1248 NOTE: reserved CAN-2004-1247 NOTE: reserved CAN-2004-1246 NOTE: reserved CAN-2004-1245 NOTE: reserved CAN-2004-1244 NOTE: reserved CAN-2004-1243 NOTE: reserved CAN-2004-1242 NOTE: reserved CAN-2004-1241 NOTE: reserved CAN-2004-1240 NOTE: reserved CAN-2004-1239 NOTE: reserved CAN-2004-1238 NOTE: reserved CAN-2004-1237 NOTE: reserved CAN-2004-1236 (Buffer overflow in the LDAP component for Netscape Directory Server ...) NOTE: not-for-us (Netscape Directory Server on HP-UX) CAN-2004-1235 NOTE: reserved - kernel-source-2.6.8 2.6.8-12 - kernel-source-2.4.27 2.4.27-8 NOTE: and binary packages built from them CAN-2004-1234 (load_elf_binary in Linux before 2.4.26 allows local users to cause a ...) NOTE: fixed after 2.4.25 CAN-2004-1233 (Integer overflow in Gadu-Gadu allows remote attackers to cause a ...) NOTE: not-for-us (Gadu-Gadu) CAN-2004-1232 (Stack-based buffer overflow in the code that sends images in Gadu-Gadu ...) NOTE: not-for-us (Gadu-Gadu) CAN-2004-1231 (Directory traversal vulnerability in Gadu-Gadu allows remote attackers ...) NOTE: not-for-us (Gadu-Gadu) CAN-2004-1230 (Gadu-Gadu allows remote attackers to gain sensitive information and ...) NOTE: not-for-us (Gadu-Gadu) CAN-2004-1229 (Cross-site scripting vulnerability in the parser for Gadu-Gadu allows ...) NOTE: not-for-us (Gadu-Gadu) CAN-2004-1228 (The install scripts in SugarCRM Sugar Sales 2.0.1c and earlier are not ...) NOTE: not-for-us (SugarCRM Sugar Sales) CAN-2004-1227 (Directory traversal vulnerability in SugarCRM Sugar Sales 2.0.1c and ...) NOTE: not-for-us (SugarCRM Sugar Sales) CAN-2004-1226 (SugarCRM Sugar Sales 2.0.1c and earlier allows remote attackers to ...) NOTE: not-for-us (SugarCRM Sugar Sales) CAN-2004-1225 (SQL injection vulnerability in SugarCRM Sugar Sales before 2.0.1a ...) NOTE: not-for-us (SugarCRM Sugar Sales) CAN-2004-1224 (Off-by-one error in the mtr_curses_keyaction function for mtr 0.55 ...) - mtr 0.67-1 CAN-2004-1223 (The Management Agent in F-Secure Policy Manager 5.11.2810 allows ...) NOTE: not-for-us (F-Secure Policy Manager) CAN-2004-1222 (weblibs.pl in WebLibs 1.0 allows remote attackers to execute arbitrary ...) NOTE: not-for-us (weblibs.pl) CAN-2004-1221 (Directory traversal vulnerability in weblibs.pl in WebLibs 1.0 allows ...) NOTE: not-for-us (weblibs.pl) CAN-2004-1220 (Battlefield 1942 1.6.19 and earlier, and Battlefield Vietnam 1.2 and ...) NOTE: not-for-us (Battlefield 1942, Battlefield Vietnam) CAN-2004-1219 (paFileDB 3.1, when using sessions authentication and while the ...) NOTE: not-for-us (paFileDB) CAN-2004-1218 (Remote Execute 2.30 allows remote attackers to cause a denial of ...) NOTE: not-for-us (Remote Execute) CAN-2004-1217 (Hosting Controller 6.1 Hotfix 1.4, and possibly other versions, allows ...) NOTE: not-for-us (Hosting Controller) CAN-2004-1216 (The scripts that handle players in Kreed 1.05 and earlier allow remote ...) NOTE: not-for-us (Kreed) CAN-2004-1215 (Kreed 1.05 and earlier allows remote attackers to cause a denial of ...) NOTE: not-for-us (Kreed) CAN-2004-1214 (Format string vulnerability in Kreed 1.05 and earlier allows remote ...) NOTE: not-for-us (Kreed) CAN-2004-1213 (Cross-site scripting (XSS) vulnerability in index.php in Advanced ...) NOTE: not-for-us (Advanced Guestbook) CAN-2004-1212 (Directory traversal vulnerability in btdownload.php in Blog Torrent ...) NOTE: not-for-us (Blog Torrent) CAN-2004-1211 (Multiple buffer overflows in Mercury/32 4.01a allow remote ...) NOTE: not-for-us (Mercury Mail) CAN-2004-1210 (Cross-site scripting (XSS) vulnerability in proxylog.dat in IPCop ...) NOTE: not-for-us (IpCop) CAN-2004-1209 (Verisign Payflow Link, when running with empty Accepted URL fields, ...) NOTE: not-for-us (Verisign Payflow Link) CAN-2004-1208 (Buffer overflow in Orbz 2.10 and earlier allows remote attackers to ...) NOTE: not-for-us (Orbz) CAN-2004-1207 (The Serious engine, as used in (1) Alpha Black Zero, (2) Nitro family, ...) NOTE: not-for-us (The Serious engine, as used in (1) Alpha Black Zero, (2) Nitro family, and (3) Serious Sam Second Encounter) CAN-2004-1206 (Directory traversal vulnerability in codebrowserpntm.php in ...) NOTE: not-for-us (pnTresMailer) CAN-2004-1205 (codebrowserpntm.php in PnTresMailer 6.03 allows remote attackers to ...) NOTE: not-for-us (pnTresMailer) CAN-2004-1204 (FluxBox 0.9.10 and earlier versions allows local users to cause a ...) NOTE: at best a local DOS by the user running fluxbox. NOTE: Where's the security hole? - fluxbox 0.9.11-1 CAN-2004-1203 (parser.php in phpCMS 1.2.1 and earlier, with non-stealth and debug ...) NOTE: not-for-us (phpCMS) CAN-2004-1202 (Cross-site scripting (XSS) vulnerability in parser.php in phpCMS 1.2.1 ...) NOTE: not-for-us (phpCMS) CAN-2004-1201 (Opera 7.54 allows remote attackers to cause a denial of service ...) NOTE: not-for-us (Opera) CAN-2004-1200 (Firefox and Mozilla allow remote attackers to cause a denial of ...) NOTE: memory leak, doubt it's usefully exploitable NOTE: did not followup CAN-2004-1199 (Safari 1.2.4 on Mac OS X 10.3.6 allows remote attackers to cause a ...) NOTE: not-for-us (Safari) CAN-2004-1198 (Microsoft Internet Explorer allows remote attackers to cause a denial ...) NOTE: not-for-us (MSIE) CAN-2004-1197 (Cross-site scripting (XSS) vulnerability in inshop.pl in Insite inShop ...) NOTE: not-for-us (inShop) CAN-2004-1196 (Cross-site scripting (XSS) vulnerability in inmail.pl in Insite Inmail ...) NOTE: not-for-us (Insite Inmail) CAN-2004-1195 (Star Wars Battlefront 1.11 and earlier allows remote attackers to ...) NOTE: not-for-us (Star Wars Battlefront) CAN-2004-1194 (Buffer overflow in Star Wars Battlefront 1.11 and earlier allows ...) NOTE: not-for-us (Star Wars Battlefront) CAN-2004-1193 (Prevx Home 1.0 allows local users with adminstrator privileges to ...) NOTE: not-for-us (Prevex Home) CAN-2004-1192 (Format string vulnerability in the lprintf function in Citadel/UX 6.27 ...) NOTE: not-for-us (Citadel/UX) CAN-2004-1191 (Race condition in SuSE Linux 8.1 through 9.2, when run on SMP systems ...) TODO: check with kernel team NOTE: looks like 2.4 is ok, 2.6.8 is vulnerable CAN-2004-1190 (SUSE Linux before 9.1 and SUSE Linux Enterprise Server before 9 do not ...) TODO: check with kernel team CAN-2004-1189 (The add_to_history function in svr_principal.c in libkadm5srv for MIT ...) {DSA-629-1} CAN-2004-1188 (The pnm_get_chunk function in xine 0.99.2 and earlier, and other ...) - xine-lib 1-rc8-1 CAN-2004-1187 (Heap-based buffer overflow in the pnm_get_chunk function for xine ...) - xine-lib 1-rc8-1 CAN-2004-1186 NOTE: reserved CAN-2004-1185 NOTE: reserved CAN-2004-1184 NOTE: reserved CAN-2004-1183 NOTE: reserved {DSA-626-1} - libtiff-tools 3.6.1-5 CAN-2004-1182 NOTE: reserved {DSA-634-1} CAN-2004-1181 NOTE: reserved {DSA-622-1} NOTE: htmlheadline not in unstable CAN-2004-1180 NOTE: reserved CAN-2004-1179 (The debstd script in debmake 3.6.x before 3.6.10 and 3.7.x before ...) {DSA-615-1} CAN-2004-1178 NOTE: reserved CAN-2004-1177 NOTE: reserved - mailman (unfixed; bug #287555) NOTE: there's also bug #285839, no CAN. CAN-2004-1176 NOTE: reserved CAN-2004-1175 NOTE: reserved CAN-2004-1174 NOTE: reserved CAN-2004-1173 (Internet Explorer 6 allows remote attackers to bypass the popup ...) NOTE: not-for-us (MSIE) CAN-2004-1172 (Stack-based buffer overflow in the Agent Browser in Veritas Backup ...) NOTE: not-for-us (Veritas Backup Exec) CAN-2004-1171 (KDE 3.2.x and 3.3.0 through 3.3.2, when saving credentials that are ...) - kdelibs 4:3.3.1-2 - kdebase 4:3.3.1-3 CAN-2004-1170 (a2ps 4.13 allows remote attackers to execute arbitrary commands via ...) {DSA-612-1} - a2ps 1:4.13b-4.2 CAN-2004-1169 (MaxDB WebTools 7.5.00.18 and earlier allows remote attackers to cause ...) - maxdb-webtools 7.5.00.19-1 CAN-2004-1168 (Stack-based buffer overflow in the WebDav handler in MaxDB WebTools ...) - maxdb-webtools 7.5.00.19-1 CAN-2004-1167 (mirrorselect before 0.89 creates temporary files in a world-writable ...) NOTE: not-for-us (gentoo mirrorselect) CAN-2004-1166 (Microsoft Internet Explorer 6.0.2800.1106 and earlier allows remote ...) NOTE: not-for-us (Microsoft) CAN-2004-1165 (Konqueror 3.3.1 allows remote attackers to execute arbitrary FTP ...) {DSA-631-1} CAN-2004-1164 (The lock manager in Cisco CNS Network Registrar 6.0 through 6.1.1.3 ...) NOTE: not-for-us (Cisco) CAN-2004-1163 (Cisco CNS Network Registrar Central Configuration Management (CCM) ...) NOTE: not-for-us (Cisco) CAN-2004-1162 (The unison command in scponly before 4.0 does not properly restrict ...) - scponly 4.0-1 CAN-2004-1161 (rssh 2.2.2 and earlier does not properly restrict programs that can be ...) - rssh (unfixed; bug #284207) CAN-2004-1160 (Netscape 7.x to 7.2, and possibly other versions, allows remote ...) NOTE: not-for-us (Netscape) CAN-2004-1159 NOTE: rejected CAN-2004-1158 (Konqueror 3.x up to 3.2.2-6, and possibly other versions, allows ...) - kdelibs 4:3.3.1-3 - kdebase (unfixed; bug #286516) CAN-2004-1157 (Opera 7.x up to 7.54, and possibly other versions, allows remote ...) NOTE: not-for-us (Opera) CAN-2004-1156 (Mozilla through 1.7.x, and Mozilla Firefox through 1.x, allows remote ...) TODO: check NOTE: unable to really reproduce it using their test page and NOTE: firefox.. but my setup is pretty nonstandard -- joey CAN-2004-1155 (Internet Explorer 5.01 through 6 allows remote attackers to spoof ...) NOTE: not-for-us (Microsoft MSIE) CAN-2004-1154 (Integer overflow in the Samba daemon (smbd) in Samba 2.x and 3.0.x ...) - samba 3.0.10-1 CAN-2004-1153 (Format string vulnerability in Adobe Acrobat Reader 6.0.0 through ...) NOTE: not-for-us (Adobe Acrobat Reader) CAN-2004-1152 (Buffer overflow in the mailListIsPd function in Adobe Acrobat Reader ...) NOTE: not-for-us (Adobe Acrobat Reader) CAN-2004-1151 (Multiple buffer overflows in the (1) sys32_ni_syscall and (2) ...) NOTE: fixed in kernel team svn (?) TODO: track fix CAN-2004-1150 NOTE: reserved CAN-2004-1149 (Computer Associates eTrust EZ Antivirus 7.0.0 to 7.0.4, including ...) NOTE: not-for-us (Computer Associates eTrust EZ Antivirus) CAN-2004-1148 (phpMyAdmin before 2.6.1, when configured with UploadDir functionality, ...) - phpmyadmin 2:2.6.1-rc1-1 CAN-2004-1147 (phpMyAdmin 2.6.0-pl2, and other versions before 2.6.1, with external ...) - phpmyadmin 2:2.6.1-rc1-1 CAN-2004-1146 (Multiple cross-site scripting (XSS) vulnerabilities in (1) main.c and ...) - cvstrac 1.1.5 CAN-2004-1145 (Multiple vulnerabilities in Konqueror in KDE 3.3.1 and earlier (1) ...) - kdelibs (unfixed; bug #286521) CAN-2004-1144 (Unknown vulnerability in the 32bit emulation code in Linux 2.4 on ...) NOTE: amd64 specific TODO: check with kernel team CAN-2004-1143 NOTE: reserved - mailman (unfixed; bug #286796) CAN-2004-1142 (Ethereal 0.9.0 through 0.10.7 allows remote attackers to cause a ...) - ethereal 0.10.8 CAN-2004-1141 (The HTTP dissector in Ethereal 0.10.1 through 0.10.7 allows remote ...) - ethereal 0.10.8 CAN-2004-1140 (Ethereal 0.9.0 through 0.10.7 allows remote attackers to cause a ...) - ethereal 0.10.8 CAN-2004-1139 (Unknown vulnerability in the DICOM dissector in Ethereal 0.10.4 ...) - ethereal 0.10.8 CAN-2004-1138 (VIM before 6.3 and gVim before 6.3 allow local users to execute ...) - vim 1:6.3-046+0sarge1 CAN-2004-1137 (Multiple vulnerabilities in the IGMP functionality for Linux kernel ...) - kernel-image-2.4.27-i386 2.4.27-7 CAN-2004-1136 (Buffer overflow in CuteFTP Professional 6.0, and possibly other ...) NOTE: not-for-us (CuteFTP) CAN-2004-1135 (Multiple buffer overflows in WS_FTP Server 5.03 2004.10.14 allow ...) NOTE: not-for-us (WS-Ftpd) CAN-2004-1134 (Buffer overflow in the Microsoft W3Who ISAPI (w3who.dll) allows remote ...) NOTE: not-for-us (Microsoft) CAN-2004-1133 (Multiple cross-site scripting (XSS) vulnerabilities in Microsoft W3Who ...) NOTE: not-for-us (Microsoft) CAN-2004-1132 NOTE: reserved CAN-2004-1131 NOTE: reserved CAN-2004-1130 (Cross-site scripting (XSS) vulnerability in admin.asp in CMailServer ...) NOTE: not-for-us (CMailServer) CAN-2004-1129 (SQL injection vulnerability in (1) fdelmail.asp, (2) addressc.asp, and ...) NOTE: not-for-us (CMailServer) CAN-2004-1128 (Buffer overflow in CMailCOM.dll in CMailServer 5.2 allows remote ...) NOTE: not-for-us (CMailServer) CAN-2004-1127 (Buffer overflow in Open Dc Hub 0.7.14 allows remote attackers, with ...) - opendchub 0.7.14-1.1 CAN-2004-1126 NOTE: reserved CAN-2004-1125 (Buffer overflow in the Gfx::doImage function in Gfx.cc for xpdf 3.00, ...) {DSA-621-1 DSA-619-1} - xpdf 3.00-11 - cupsys 1.1.22-2 - tetex-bin 2.0.2-25 CAN-2004-1124 NOTE: reserved CAN-2004-1123 (Darwin Streaming Server 5.0.1, and possibly earlier versions, allows ...) NOTE: not-for-us (Darwin Streaming Server) CAN-2004-1122 (Safari 1.x to 1.2.4, and possibly other versions, allows inactive ...) NOTE: not-for-us (Safari) CAN-2004-1121 NOTE: reserved CAN-2004-1120 (Mulitple buffer overflows in (1) http.c, (2) http-retr.c, (3) main.c ...) - prozilla (unfixed; bug #284117) CAN-2004-1119 (Stack-based buffer overflow in IN_CDDA.dll in Winamp 5.05, and ...) NOTE: not-for-us (Winamp) CAN-2004-1118 (Buffer overflow in the WodFtpDLX.ocx (WeOnlyDo!) ActiveX component ...) NOTE: not-for-us (WodFtpDLX.ocx ActiveX component) CAN-2004-1117 (The init scripts in ChessBrain 20407 and earlier execute user-owned ...) NOTE: not-for-us (ChessBrain) CAN-2004-1116 (The init scripts in Great Internet Mersenne Prime Search (GIMPS) 23.9 ...) NOTE: not-for-us (GIMPS) CAN-2004-1115 (The init scripts in Search for Extraterrestrial Intelligence (SETI) ...) NOTE: gentoo-specific permissions problems in setaiathome CAN-2004-1114 (Buffer overflow in the handling of command line arguments in Skype ...) NOTE: not-for-us (Skype) CAN-2004-1113 (SQL injection vulnerability in SQLgrey Postfix greylisting service ...) NOTE: not-for-us (SQLgrey Postfix greylisting serivce) CAN-2004-1112 (The buffer overflow trigger in Cisco Security Agent (CSA) before 4.0.3 ...) NOTE: not-for-us (Cisco) CAN-2004-1111 (Cisco IOS 2.2(18)EW, 12.2(18)EWA, 12.2(14)SZ, 12.2(18)S, 12.2(18)SE, ...) NOTE: not-for-us (Cisco) CAN-2004-1110 (The mtink status monitor before 1.0.5 for Epson printers allows local ...) - mtink 1.0.5 NOTE: debian not vulnerable except in edge case CAN-2004-1109 (The FWDRV.SYS driver in Kerio Personal Firewall 4.1.1 and earlier ...) NOTE: not-for-us (Kerio Personal Firewall) CAN-2004-1108 (qpkg in Gentoolkit 0.2.0_pre10 and earlier allows local users to ...) NOTE: not-for-us (Gentoolkit) CAN-2004-1107 (dispatch-conf in Portage 2.0.51-r2 and earlier allows local users to ...) NOTE: not-for-us (Portage) CAN-2004-1106 (Cross-site scripting (XSS) vulnerability in Gallery 1.4.4-pl3 and ...) - gallery 1.4.4-pl4-1 CAN-2004-1105 (Nortel Networks Contivity VPN Client displays a different error ...) NOTE: not-for-us (Nortel Networks Contivity VPN Client) CAN-2004-1104 (Microsoft Internet Explorer 6.0 SP2 allows remote attackers to spoof a ...) NOTE: not-for-us (Microsoft) CAN-2004-1103 (MailPost 5.1.1sv, and possibly earlier versions, when debug mode is ...) NOTE: not-for-us (MailPost) CAN-2004-1102 (MailPost 5.1.1sv, and possibly earlier versions, displays a different ...) NOTE: not-for-us (MailPost) CAN-2004-1101 (mailpost.exe in MailPost 5.1.1sv, and possibly earlier versions, ...) NOTE: not-for-us (MailPost) CAN-2004-1100 (Cross-site scripting (XSS) vulnerability in mailpost.exe in MailPost ...) NOTE: not-for-us (MailPost) CAN-2004-1099 (Cisco Secure Access Control Server for Windows (ACS Windows) and Cisco ...) NOTE: not-for-us (Cisco) CAN-2004-1098 (MIMEDefang in MIME-tools 5.414 allows remote attackers to bypass virus ...) - mime-tools 5.415-1 CAN-2004-1097 (Format string vulnerability in the cherokee_logger_ncsa_write_string ...) NOTE: not-for-us (Cherokee) CAN-2004-1096 (Archive::Zip Perl module before 1.14, when used by antivirus programs ...) - libarchive-zip-perl 1.14-1 CAN-2004-1095 (Multiple integer overflows in (1) readbmp.c, (2) readgif.c, (3) ...) {DSA-608-1} - zgv 5.7-1.3 CAN-2004-1094 (Buffer overflow in DUNZIP32.DLL in RealPlayer 10 through RealPlayer ...) NOTE: not-for-us (RealPlayer) CAN-2004-1093 NOTE: reserved CAN-2004-1092 NOTE: reserved CAN-2004-1091 NOTE: reserved CAN-2004-1090 NOTE: reserved CAN-2004-1089 NOTE: reserved CAN-2004-1088 NOTE: reserved CAN-2004-1087 NOTE: reserved CAN-2004-1086 NOTE: reserved CAN-2004-1085 NOTE: reserved CAN-2004-1084 NOTE: reserved CAN-2004-1083 NOTE: reserved CAN-2004-1082 NOTE: reserved CAN-2004-1081 NOTE: reserved CAN-2004-1080 (The WINS service (wins.exe) on Microsoft Windows NT Server 4.0, ...) NOTE: not-for-us (Microsoft) CAN-2004-1079 (Buffer overflow in (1) ncplogin and (2) ncpmap in nwclient.c for ncpfs ...) - ncpfs 2.2.5-2 CAN-2004-1078 NOTE: reserved CAN-2004-1077 NOTE: reserved CAN-2004-1076 (Multiple buffer overflows in the RtConfigLoad function in Atari800 ...) {DSA-609-1} - atari800 1.3.2-1 CAN-2004-1075 (Cross-site scripting (XSS) vulnerability in standard_error_message.dtml ...) - zope-zwiki 0.37.0-1 CAN-2004-1074 (The binfmt functionality in the Linux kernel, when "memory overcommit" ...) - kernel-source-2.6.8 2.6.8-11 - kernel-source-2.4.27 2.4.27-7 CAN-2004-1073 (The open_exec function in the execve functionality (exec.c) in Linux ...) NOTE: fixed in 2.6.8 and 2.4.27 CAN-2004-1072 (The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to ...) NOTE: fixed in 2.6.8 and 2.4.27 CAN-2004-1071 (The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to ...) NOTE: fixed in 2.6.8 and 2.4.27 CAN-2004-1070 (The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to ...) NOTE: fixed in 2.6.8 and 2.4.27 CAN-2004-1069 (Race condition in SELinux 2.6.x through 2.6.9 allows local users to ...) NOTE: 2.6 only issue - kernel-source-2.6.8 2.6.8-11 NOTE: and the binaries built from it CAN-2004-1068 (A "missing serialization" error in the unix_dgram_recvmsg function in ...) - kernel-source-2.4.27 2.4.27-7 - kernel-source-2.6.8 2.6.8-11 NOTE: and the binary packages built from them CAN-2004-1067 (Off-by-one error in the mysasl_canon_user function in Cyrus IMAP ...) NOTE: verified cyrus21-imapd 2.1.17-3 is not vulnerable, seems NOTE: to only affect 2.2 series. NOTE: 1.5.19 also seems ok CAN-2004-1066 (The cmdline pseudofiles in (1) procfs on FreeBSD 4.8 through 5.3, and ...) NOTE: not-for-us (FreeBSD) CAN-2004-1065 (Buffer overflow in the exif_read_data function in PHP before 4.3.10 ...) - php4 4:4.3.10-1 CAN-2004-1064 NOTE: rejected - php4 4:4.3.10-1 CAN-2004-1063 NOTE: rejected - php4 4:4.3.10-1 CAN-2004-1062 (Multiple cross-site scripting (XSS) vulnerabilities in ViewCVS 0.9.2 ...) - viewcvs 0.9.2+cvs.1.0.dev.2004.07.28-1.3 CAN-2004-1061 (Cross-site scripting (XSS) vulnerability in unknown versions of ...) TODO: check CAN-2004-1060 NOTE: reserved CAN-2004-1059 (Multiple cross-site scripting (XSS) vulnerabilities in mnoGoSearch ...) - mnogosearch 3.2.18-2.2 CAN-2004-1058 (Race condition in Linux kernel 2.6 allows local users to read the ...) TODO: check with kernel team CAN-2004-1057 NOTE: reserved CAN-2004-1056 (Direct Rendering Manager (DRM) driver in Linux kernel 2.6 does not ...) - kernel-source-2.4.27 2.4.27-8 - kernel-source-2.6.8 2.6.8-11 NOTE: and the binaries built from them CAN-2004-1055 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...) - phpmyadmin 2:2.6.0-pl3-1 CAN-2004-1054 (Untrusted execution path vulnerability in invscout in IBM AIX 5.1.0, ...) NOTE: not-for-us (AIX) CAN-2004-1053 (Integer overflow in fetch on FreeBSD 4.1 through 5.3 allows remote ...) NOTE: not-for-us (fetch on FreeBSD) CAN-2004-1052 (Buffer overflow in the getnickuserhost function in BNC 2.8.9, and ...) {DSA-595-1} NOTE: bnc is not in sarge or unstable (is in woody) CAN-2004-1051 (sudo before 1.6.8p2 allows local users to execute arbitrary commands ...) {DSA-596-2 DSA-596-1} - sudo 1.6.8p3-1 CAN-2004-1050 (Heap-based buffer overflow in Internet Explorer 6 allows remote ...) NOTE: not-for-us (Microsoft) CAN-2004-1049 NOTE: reserved CAN-2004-1048 NOTE: reserved CAN-2004-1047 NOTE: reserved CAN-2004-1046 NOTE: reserved CAN-2004-1045 NOTE: reserved CAN-2004-1044 NOTE: reserved CAN-2004-1043 (Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to ...) NOTE: not-for-us (MSIE) CAN-2004-1042 NOTE: reserved CAN-2004-1041 NOTE: reserved CAN-2004-1040 NOTE: reserved CAN-2004-1039 NOTE: reserved CAN-2004-1038 (A design error in the IEEE1394 specification allows attackers with ...) NOTE: not-for-us (IEEE1394 specification bug, physical security) CAN-2004-1037 (The search function in TWiki 20030201 allows remote attackers to ...) - twiki 20030201-6 CAN-2004-1036 (Cross-site scripting (XSS) vulnerability in the decoding of encoded ...) - squirrelmail 2:1.4.3a-3 CAN-2004-1035 (Multiple integer signedness errors in (1) imapcommon.c, (2) main.c, ...) - imapproxy 1.2.2+1.2.3rc2-1 CAN-2004-1034 (Buffer overflow in the http_open function in Kaffeine before 0.5, ...) - kaffeine 0.4.3.1-3 - gxine 0.4-rc1 CAN-2004-1033 (Fcron 2.0.1, 2.9.4, and possibly earlier versions leak file ...) - fcron 2.9.5.1-1 CAN-2004-1032 (fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions ...) - fcron 2.9.5.1-1 CAN-2004-1031 (fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions ...) - fcron 2.9.5.1-1 CAN-2004-1030 (fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions ...) - fcron 2.9.5.1-1 CAN-2004-1029 (The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) ...) NOTE: not-for-us (Sun JRE) CAN-2004-1028 (Untrusted execution path vulnerability in chcod on AIX IBM 5.1.0, ...) NOTE: not-for-us (AIX) CAN-2004-1027 (The -x command line option in unarj allows remote attackers to ...) NOTE: sarge's unarj is from a different code base, probably not vulnerable CAN-2004-1026 (Multiple integer overflows in the image handler for imlib 1.9.14 and ...) {DSA-628-1 DSA-618-1} - imlib 1.9.14-17.1 - imlib-png2 1.9.14-16.1 - imlib2 1.1.2-2.1 CAN-2004-1025 (Multiple heap-based buffer overflows in imlib 1.9.14 and earlier, ...) {DSA-618-1} NOTE: fixed in patches for CAN-2004-1026 CAN-2004-1024 NOTE: reserved CAN-2004-1023 (Kerio Winroute Firewall before 6.0.9, ServerFirewall before 1.0.1, and ...) NOTE: not-for-us (Kerio) CAN-2004-1022 (Kerio Winroute Firewall before 6.0.7, ServerFirewall before 1.0.1, and ...) NOTE: not-for-us (Kerio) CAN-2004-1021 (iCal before 1.5.4 on Mac OS X 10.2.3, and other later versions, does ...) NOTE: not-for-us (MacOS) CAN-2004-1020 NOTE: rejected - php4 4:4.3.10-1 CAN-2004-1019 (The deserialization code in PHP before 4.3.10 and PHP 5.x up to 5.0.2 ...) - php4 4:4.3.10-1 CAN-2004-1018 NOTE: rejected - php4 4:4.3.10-1 CAN-2004-1017 (Multiple "overflows" in the io_edgeport driver for Linux kernel 2.4.x ...) TODO: check with kernel team CAN-2004-1016 (The scm_send function in the scm layer for Linux kernel 2.4.x up to ...) - kernel-image-2.4.27-i386 2.4.27-7 CAN-2004-1015 (Buffer overflow in proxyd for Cyrus IMAP Server 2.2.9 and earlier, ...) NOTE: cyrus-imapd not vulnerable NOTE: cyrus21-imapd not vulnerable CAN-2004-1014 (statd in nfs-utils 1.257 and earlier does not ignore the SIGPIPE ...) {DSA-606-1} - nfs-utils 1:1.0.6-3.1 CAN-2004-1013 (The argument parser of the FETCH command in Cyrus IMAP Server 2.2.x ...) {DSA-597-1} - cyrus-imapd 1.5.19-20 - cyrus21-imapd 2.1.17-1 CAN-2004-1012 (The argument parser of the PARTIAL command in Cyrus IMAP Server 2.2.6 ...) {DSA-597-1} - cyrus-imapd 1.5.19-20 - cyrus21-imapd 2.1.17-1 CAN-2004-1011 (Stack-based buffer overflow in Cyrus IMAP Server 2.2.4 through 2.2.8, ...) NOTE: cyrus-imapd not vulnerable NOTE: cyrus21-imapd not vulnetale CAN-2004-1010 (Buffer overflow in Info-Zip 2.3 and possibly earlier versions, when ...) {DSA-624-1} - zip 2.30-8 CAN-2004-1009 NOTE: reserved CAN-2004-1008 (Integer signedness error in the ssh2_rdpkt function in PuTTY before ...) - putty 0.56-1 CAN-2004-1007 (The quoted-printable decoder in bogofilter 0.17.4 to 0.92.7 allows ...) - bogofilter 0.92.8-1 CAN-2004-1006 (Format string vulnerability in the log functions in dhcpd for dhcp 2.x ...) {DSA-584-1} - dhcp 2.0pl5-19.1 CAN-2004-1005 NOTE: reserved CAN-2004-1004 NOTE: reserved CAN-2004-1003 (Trend ScanMail allows remote attackers to obtain potentially sensitive ...) NOTE: not-for-us (Trend ScanMail) CAN-2004-1002 (Integer underflow in pppd in cbcp.c for ppp 2.4.1 allows remote ...) - ppp 2.4.2+20040428-3 CAN-2004-1001 (Unknown vulnerability in the passwd_check function in Shadow 4.0.4.1, ...) {DSA-585-1} - shadow 1:4.0.3-30.3 CAN-2004-1000 NOTE: reserved {DSA-630-1} - lintian 1.23.6 CAN-2004-0999 (zgv 5.5.3 allows remote attackers to cause a denial of service ...) {DSA-608-1} CAN-2004-0998 (Format string vulnerability in telnetd-ssl 0.17 and earlier allows ...) {DSA-616-1} CAN-2004-0997 NOTE: reserved CAN-2004-0996 (main.c in cscope 15-4 and 15-5 creates temporary files with ...) {DSA-610-1} - cscope 15.5-1.1 NOTE: Patch in debian bts from ubuntu is good. All other patches are crap. CAN-2004-0995 NOTE: reserved CAN-2004-0994 (Multiple integer overflows in xzgv 0.8 and earlier allow remote ...) {DSA-614-1 DSA-614-1} NOTE: only indication that it's this CAN is in the debian package changelog - xzgv 0.8-3 CAN-2004-0993 (Buffer overflow in hpsockd before 0.6 allows remote attackers to cause ...) {DSA-604-1} CAN-2004-0992 (Format string vulnerability in the -a option (daemon mode) in ...) NOTE: not-for-us (Proxytunnel) CAN-2004-0991 NOTE: reserved CAN-2004-0990 (Integer overflow in GD Graphics Library libgd 2.0.28 (libgd2), and ...) {DSA-602-1 DSA-601-1 DSA-591-1 DSA-589-1} - libgd2 2.0.30-1 - libgd 1.8.4-36.1 CAN-2004-0989 (Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and ...) {DSA-582-1} CAN-2004-0988 (Integer overflow on Apple QuickTime before 6.5.2, when running on ...) NOTE: not-for-us (Apple) CAN-2004-0987 (Buffer overflow in the process_menu function in yardradius 1.0.20 ...) {DSA-598-1} - yardradius 1.0.20-15 CAN-2004-0986 (Iptables before 1.2.11, under certain conditions, does not properly ...) {DSA-580-1} - iptables 1.2.11-4 CAN-2004-0985 (Internet Explorer 6.x on Windows XP SP2 allows remote attackers to ...) NOTE: not-for-us (windows) CAN-2004-0984 NOTE: reserved - mailutils 1:0.5-4 CAN-2004-0983 (The CGI module in Ruby 1.6 before 1.6.8, and 1.8 before 1.8.2, allows ...) {DSA-586-1} - ruby1.8 1.8.1+1.8.2pre2-4 - ruby1.6 1.6.8-12 CAN-2004-0982 (Buffer overflow in the getauthfromURL function in httpget.c in mpg123 ...) {DSA-578-1} - mpg123 0.59r-18 CAN-2004-0981 (Buffer overflow in the EXIF parsing routine in ImageMagick before ...) {DSA-593-1} - imagemagick 6:6.0.6.2-1.5 CAN-2004-0980 (Format string vulnerability in ez-ipupdate.c for ez-ipupdate 3.0.10 ...) {DSA-592-1} - ez-ipupdate 3.0.11b8-8 CAN-2004-0979 (Internet Explorer on Windows XP does not properly modify the "Drag and ...) NOTE: not-for-us (windows) CAN-2004-0978 (Unknown vulnerability in the Hrtbeat.ocx ActiveX control for Internet ...) NOTE: not-for-us (windows) CAN-2004-0977 (The make_oidjoins_check script in the postgresql package allows local ...) {DSA-577-1} - postgresql 7.4.6-1 CAN-2004-0976 (Multiple scripts in the perl package in Trustix Secure Linux 1.5 ...) {DSA-620-1} - perl 5.8.4-4 CAN-2004-0975 (The der_chop script in the openssl package in Trustix Secure Linux 1.5 ...) {DSA-603-1} - openssl 0.9.7e-1 NOTE: also includes other security fixes than this CAN CAN-2004-0974 (The netatalk package in Trustix Secure Linux 1.5 through 2.1, and ...) NOTE: local; low - netatalk 1.6.4a-1 CAN-2004-0973 NOTE: rejected CAN-2004-0972 (The lvmcreate_initrd script in the lvm package in Trustix Secure Linux ...) {DSA-583-1} NOTE: lvmcreate_initrd not in debian CAN-2004-0971 (The krb5-send-pr script in the kerberos5 (krb5) package in Trustix ...) - kbr5 (unfixed; bug #278271; not shipped in binary package) - arla 0.36.2-11 CAN-2004-0970 (The (1) gzexe, (2) zdiff, and (3) znew scripts in the gzip package in ...) {DSA-588-1} NOTE: sarge is not vulnerable as our version uses set -C CAN-2004-0969 (The groffer script in the Groff package 1.18 and later versions, as ...) - groff 1.18.1.1-2 CAN-2004-0968 (The catchsegv script in the glibc package in Trustix Secure Linux 1.5 ...) {DSA-636-1} - libc6 2.3.2.ds1-19 CAN-2004-0967 (The (1) pj-gs.sh, (2) ps2epsi , (3) pv.sh, and (4) sysvlp.sh scripts ...) - gs-common 0.3.6-0.1 CAN-2004-0966 (The (1) autopoint and (2) gettextize scripts in the GNU gettext ...) - gettext 0.14.1-6 CAN-2004-0965 (stmkfont in HP-UX B.11.00 through B.11.23 relies on the user-specified ...) NOTE: not-for-us (HP-UX) CAN-2004-0964 (Buffer overflow in Zinf 2.2.1 on Windows, and other older versions for ...) {DSA-587-1} NOTE: not vulnerable according to http://www.debian.org/security/nonvulns-sarge NOTE: DSA says zinf not vulnerable in sarge - zinf 2.2.5 CAN-2004-0963 (MS Word 2002 (10.6612.6714) SP3, and possibly other versions, allows ...) NOTE: not-for-us (windows) CAN-2004-0962 (Apple Remote Desktop Client 1.2.4 executes a GUI application as root ...) NOTE: not-for-us (Apple Remote Desktop Client) CAN-2004-0961 (Memory leak in FreeRADIUS before 1.0.1 allows remote attackers to ...) - freeradius 1.0.1 CAN-2004-0960 (FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of ...) - freeradius 1.0.1 CAN-2004-0959 (PHP before 5.0.2 allows local users to upload files to arbitrary ...) - php4 4.3.9 CAN-2004-0958 (PHP before 5.0.2 allows remote attackers to read sensitive memory ...) - php4 4.3.9 CAN-2004-0957 (Unknown vulnerability in MySQL 3.23.58 and earlier, when a local user ...) - mysql-dfsg 3.23.58 - mysql 3.23.58 CAN-2004-0956 (MySQL before 4.0.20 allows remote attackers to cause a denial of ...) NOTE: not vulnerable according to http://www.debian.org/security/nonvulns-sarge CAN-2004-0955 NOTE: rejected {DSA-571-1 DSA-570-1} NOTE: dup of CAN-2004-0599 CAN-2004-0954 NOTE: rejected CAN-2004-0953 (Buffer overflow in the C2S module in the open source Jabber 2.x server ...) NOTE: jabber version 2 is vulnerable, we have an older version that seems not CAN-2004-0952 NOTE: reserved CAN-2004-0951 NOTE: reserved CAN-2004-0950 (NetOp Host before 7.65 build 2004278 allows remote attackers to obtain ...) NOTE: not-for-us (NetOp Host) CAN-2004-0949 (The smb_recv_trans2 function call in the samba filesystem (smbfs) in ...) NOTE: fixed in 2.4.28, 2.6.9 NOTE: check with kernel people CAN-2004-0948 NOTE: reserved CAN-2004-0947 (Buffer overflow in unarj before 2.63a-r2 allows remote attackers to ...) NOTE: see http://lwn.net/Alerts/110733/ NOTE: sarge's unarj is from a different code base, probably not vulnerable CAN-2004-0946 (rquotad in nfs-utils (rquota_server.c) before 1.0.6-r6 on 64-bit ...) NOTE: does not apply per maintainer CAN-2004-0945 NOTE: reserved CAN-2004-0944 NOTE: reserved CAN-2004-0943 NOTE: reserved CAN-2004-0942 (Apache webserver 2.0.52 and earlier allows remote attackers to cause a ...) - apache2 2.0.52-2 CAN-2004-0941 (Multiple buffer overflows in the gd graphics library (libgd) 2.0.21 ...) {DSA-602-1 DSA-601-1} - libgd2 2.0.33-1.1 - libgd 1.8.4-36.1 CAN-2004-0940 (Buffer overflow in the get_tag function in mod_include for Apache ...) {DSA-594-1} - apache 1.3.33-2 CAN-2004-0939 (changepassword.cgi in Neoteris Instant Virtual Extranet (IVE) 3.x and ...) NOTE: not-for-us (Neoteris Instant Virtual Extranet) CAN-2004-0938 (FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of ...) - freeradius 1.0.1 CAN-2004-0937 (Sophos Anti-Virus before 3.87.0, and Sophos Anti-Virus for Windows 95, ...) NOTE: not-for-us (Sophos Anti-Virus) CAN-2004-0936 (RAV antivirus allows remote attackers to bypass antivirus protection ...) NOTE: not-for-us (RAV antivirus) CAN-2004-0935 (Eset Anti-Virus before 1.020 (16th September 2004) allows remote ...) NOTE: not-for-us (Eset anti-virus) CAN-2004-0934 (Kaspersky 3.x to 4.x allows remote attackers to bypass antivirus ...) NOTE: not-for-us (Kaspersky antivirus) NOTE: Kaspersky engine is supported by amavas-ng CAN-2004-0933 (Computer Associates (CA) InoculateIT 6.0, eTrust Antivirus r6.0 ...) NOTE: not-for-us (Computer Associates (CA) InoculateIT 6.0, eTrust Antivirus) CAN-2004-0932 (McAfee Anti-Virus Engine DATS drivers before 4398 released on Oct 13th ...) NOTE: not-for-us (McAfee Anti-Virus Engine DATS drivers) CAN-2004-0931 NOTE: reserved CAN-2004-0930 (The ms_fnmatch function in Samba 3.0.4 and 3.0.7 and possibly other ...) - samba 3.0.8-1 CAN-2004-0929 (Heap-based buffer overflow in the OJPEGVSetField function in ...) - tiff3g (unfixed; bug #283544) CAN-2004-0928 NOTE: reserved CAN-2004-0927 (ServerAdmin in Mac OS X 10.2.8 through 10.3.5 uses the same example ...) NOTE: not-for-us (MacOS) CAN-2004-0926 (Heap-based buffer overflow in Apple QuickTime on Mac OS 10.2.8 through ...) NOTE: not-for-us (MacOS) CAN-2004-0925 (Postfix on Mac OS X 10.3.x through 10.3.5, with SMTPD AUTH enabled, ...) NOTE: not-for-us (MacOS) CAN-2004-0924 (NetInfo Manager on Mac OS X 10.3.x through 10.3.5, after an initial ...) NOTE: not-for-us (MacOS) CAN-2004-0923 (CUPS 1.1.20 and earlier records authentication information for a ...) {DSA-566-1} CAN-2004-0922 (AFP Server on Mac OS X 10.3.x to 10.3.5, under certain conditions, ...) NOTE: not-for-us (MacOS) CAN-2004-0921 (AFP Server on Mac OS X 10.3.x to 10.3.5, when a guest has mounted an ...) NOTE: not-for-us (MacOS) CAN-2004-0920 (Symantec Norton AntiVirus 2004, and earlier versions, allows a virus ...) NOTE: not-for-us (norton) CAN-2004-0919 NOTE: reserved CAN-2004-0918 (The asn_parse_header function (asn1.c) in the SNMP module for Squid ...) {DSA-576-1} - squid 2.5.7 CAN-2004-0917 (The default installation of Vignette Application Portal installs the ...) NOTE: not-for-us (Vignette Application Portal) CAN-2004-0916 (Directory traversal vulnerability in cabextract before 1.1 allows ...) {DSA-574-1} - cabextract 1.1-1 CAN-2004-0915 (Multiple unknown vulnerabilities in viewcvs before 0.9.2, when ...) {DSA-605-1} - viewcvs 0.9.2+cvs.1.0.dev.2004.07.28-1.2 CAN-2004-0914 (Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in ...) {DSA-607-1} - xfree86 4.3.0.dfsg.1-9 CAN-2004-0913 NOTE: reserved {DSA-572-1} - squid 2.5.6-9 CAN-2004-0912 NOTE: reserved CAN-2004-0911 (telnetd for netkit 0.17 and earlier, and possibly other versions, on ...) {DSA-569-1 DSA-556-1} CAN-2004-0910 NOTE: rejected CAN-2004-0909 (Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and ...) - mozilla-firefox 0.10.1+1.0PR - mozilla 1.7.3 - mozilla-thunderbird 0.8 CAN-2004-0908 (Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and ...) - mozilla-firefox 0.10.1+1.0PR - mozilla 1.7.3 - mozilla-thunderbird 0.8 CAN-2004-0907 (The Linux install .tar.gz archives for Mozilla Firefox before the ...) NOTE: not-for-us (non-debian package issue) CAN-2004-0906 (The XPInstall installer in Mozilla Firefox before the Preview Release, ...) - mozilla-firefox 0.10.1+1.0PR - mozilla 1.7.3 - mozilla-thunderbird 0.8 CAN-2004-0905 (Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and ...) - mozilla-firefox 0.10.1+1.0PR - mozilla 1.7.3 - mozilla-thunderbird 0.8 CAN-2004-0904 (Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox ...) - mozilla-firefox 0.10.1+1.0PR - mozilla 1.7.3 - mozilla-thunderbird 0.8 CAN-2004-0903 (Stack-based buffer overflow in the writeGroup function in ...) - mozilla-firefox 0.10.1+1.0PR - mozilla 1.7.3 - mozilla-thunderbird 0.8 CAN-2004-0902 (Multiple heap-based buffer overflows in Mozilla Firefox before the ...) - mozilla-firefox 0.10.1+1.0PR - mozilla 1.7.3 - mozilla-thunderbird 0.8 CAN-2004-0901 (Microsoft Word for Windows 6.0 Converter (MSWRD632.WPC), as used in ...) NOTE: not-for-us (Microsoft) CAN-2004-0900 (The DHCP Server service for Microsoft Windows NT 4.0 Server and ...) NOTE: not-for-us (Microsoft) CAN-2004-0899 (The DHCP Server service for Microsoft Windows NT 4.0 Server and ...) NOTE: not-for-us (Microsoft) CAN-2004-0898 NOTE: reserved CAN-2004-0897 NOTE: reserved CAN-2004-0896 NOTE: reserved CAN-2004-0895 NOTE: reserved CAN-2004-0894 (LSASS (Local Security Authority Subsystem Service) of Windows 2000 ...) NOTE: not-for-us (Microsoft) CAN-2004-0893 (The Local Procedure Call (LPC) interface of the Windows Kernel for ...) NOTE: not-for-us (Microsoft) CAN-2004-0892 (Microsoft Proxy Server 2.0 and Microsoft ISA Server 2000 (which is ...) NOTE: not-for-us (Microsoft) CAN-2004-0891 (Buffer overflow in the MSN protocol handler for gaim 0.79 to 1.0.1 ...) - gaim 1.0.2 CAN-2004-0890 NOTE: rejected CAN-2004-0889 (Multiple integer overflows in xpdf 3.0, and other packages that use ...) {DSA-573-1} CAN-2004-0888 (Multiple integer overflows in xpdf 2.0 and 3.0, and other packages ...) {DSA-599-1 DSA-581-1 DSA-573-1} - koffice 1:1.3.4-1 CAN-2004-0887 (SUSE Linux Enterprise Server 9 on the S/390 platform does not properly ...) NOTE: waldi provided this info - linux-kernel-image-2.6.8-s390 2.6.8-3 - kernel-source-2.6.8 2.6.8-10 CAN-2004-0886 (Multiple integer overflows in libtiff 3.6.1 and earlier allow remote ...) {DSA-567-1} CAN-2004-0885 (The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the ...) - apache2 2.0.52-2 CAN-2004-0884 (The (1) libsasl and (2) libsasl2 libraries in Cyrus-SASL 2.1.18 and ...) {DSA-568-1 DSA-563-1} CAN-2004-0883 (Multiple vulnerabilities in the samba filesystem (smbfs) in Linux ...) TODO: check with kernel team CAN-2004-0882 (Buffer overflow in the QFILEPATHINFO request handler in Samba 3.0.x ...) NOTE: details http://security.e-matters.de/advisories/132004.html - samba 3.0.7 CAN-2004-0881 (getmail 4.x before 4.2.0, and other versions before 3.2.5, when run as ...) {DSA-553-1} CAN-2004-0880 (getmail 4.x before 4.2.0, when run as root, allows local users to ...) {DSA-553-1} CAN-2004-0879 NOTE: reserved CAN-2004-0878 NOTE: reserved CAN-2004-0877 NOTE: reserved CAN-2004-0876 NOTE: reserved CAN-2004-0875 (Multiple cross-site scripting (XSS) vulnerabilities in Phpgroupware ...) - phpgroupware 0.9.16.002 CAN-2004-0874 NOTE: rejected CAN-2004-0873 (Apple iChat AV 2.1, AV 2.0, and 1.0.1 allows remote attackers to ...) NOTE: not-for-us (apple) CAN-2004-0872 NOTE: reserved CAN-2004-0871 NOTE: reserved CAN-2004-0870 NOTE: reserved CAN-2004-0869 NOTE: reserved CAN-2004-0868 (Internet Explorer 6.0 allows web sites to set cookies for ...) NOTE: not-for-us (microsoft) CAN-2004-0867 (Mozilla Firefox 0.9.2 allows web sites to set cookies for ...) - mozilla-firefox 0.9.3 CAN-2004-0866 NOTE: reserved CAN-2004-0865 NOTE: reserved CAN-2004-0864 NOTE: reserved CAN-2004-0863 NOTE: reserved CAN-2004-0862 NOTE: reserved CAN-2004-0861 NOTE: reserved CAN-2004-0860 NOTE: reserved CAN-2004-0859 NOTE: reserved CAN-2004-0858 NOTE: reserved CAN-2004-0857 NOTE: reserved CAN-2004-0856 NOTE: reserved CAN-2004-0855 NOTE: reserved CAN-2004-0854 NOTE: reserved CAN-2004-0853 NOTE: reserved CAN-2004-0852 (Buffer overflow in htget 0.93 allows remote attackers to execute ...) {DSA-611-1} CAN-2004-0851 NOTE: reserved {DSA-559-1} CAN-2004-0850 (Star before 1.5_alpha46 does not drop the effective user ID (euid) ...) - star 1.5a46 CAN-2004-0849 (Integer overflow in the asn_decode_string() function defined in asn1.c ...) NOTE: not vulnerable according to http://www.debian.org/security/nonvulns-sarge HELP: which radius daemon in debian is "GNU Radius" (if any)? CAN-2004-0848 NOTE: reserved CAN-2004-0847 (The Microsoft .NET forms authentication capability allows remote ...) NOTE: not-for-us (microsoft) CAN-2004-0846 (Unknown vulnerability in Microsoft Excel 2000, 2002, 2001 for Mac, and ...) NOTE: not-for-us (microsoft) CAN-2004-0845 (Internet Explorer 5.01, 5.5, and 6 does not properly cache SSL ...) NOTE: not-for-us (microsoft) CAN-2004-0844 (Internet Explorer 6 on Double Byte Character Set (DBCS) systems allows ...) NOTE: not-for-us (microsoft) CAN-2004-0843 (Internet Explorer 5.5 and 6 does not properly handle plug-in ...) NOTE: not-for-us (microsoft) CAN-2004-0842 (Internet Explorer 6.1 SP1 and earlier, and possibly other versions, ...) NOTE: not-for-us (microsoft) CAN-2004-0841 (Internet Explorer 6.x allows remote attackers to install arbitrary ...) NOTE: not-for-us (microsoft) CAN-2004-0840 (The SMTP (Simple Mail Transfer Protocol) component of Microsoft ...) NOTE: not-for-us (microsoft) CAN-2004-0839 (Internet Explorer in Windows XP SP2, and other versions including 5.01 ...) NOTE: not-for-us (microsoft) CAN-2004-0838 NOTE: reserved CAN-2004-0837 (MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows attackers to ...) {DSA-562-2} CAN-2004-0836 (Buffer overflow in the mysql_real_connect function in MySQL 4.x before ...) {DSA-562-2} CAN-2004-0835 (MySQL 3.x before 3.23.59, 4.x before 4.0.19, 4.1.x before 4.1.2, and ...) {DSA-562-2} CAN-2004-0834 (Format string vulnerability in Speedtouch USB driver before 1.3.1 ...) - speedtouch 1.3.1 CAN-2004-0833 (Sendmail before 8.12.3 on Debian GNU/Linux, when using sasl and ...) {DSA-554-1} CAN-2004-0832 (The (1) ntlm_fetch_string and (2) ntlm_get_string functions in Squid ...) - squid 2.5.6-8 CAN-2004-0831 (McAfee VirusScan 4.5.1 does not drop SYSTEM privileges before allowing ...) NOTE: not-for-us (McAfee) CAN-2004-0830 (The Content Scanner Server in F-Secure Anti-Virus for Microsoft ...) NOTE: not-for-us (Microsoft) CAN-2004-0829 (smbd in Samba before 2.2.11 allows remote attackers to cause a denial ...) - smaba 2.2.11 CAN-2004-0828 (The ctstrtcasd program in RSCT 2.3.0.0 and earlier on IBM AIX 5.2 and ...) NOTE: not-fos-us (AIX) CAN-2004-0827 (Multiple buffer overflows in the ImageMagick graphics library 5.x ...) {DSA-547-1} - imagemagick 5:6.0.7.1-1 CAN-2004-0826 (Heap-based buffer overflow in Netscape Network Security Services (NSS) ...) NOTE: not-for-us (netscape NSS) CAN-2004-0825 (QuickTime Streaming Server in Mac OS X Server 10.2.8, 10.3.4, and ...) NOTE: not-for-us (Apple) CAN-2004-0824 NOTE: reserved CAN-2004-0823 NOTE: reserved CAN-2004-0822 (Buffer overflow in The Core Foundation framework ...) NOTE: not-for-us (Apple) CAN-2004-0821 (The CFPlugIn in Core Foundation framework in Mac OS X allows user ...) NOTE: not-for-us (Apple) CAN-2004-0820 (Winamp before 5.0.4 allows remote attackers to execute arbitrary ...) NOTE: not-for-us (winamp) CAN-2004-0819 (The bridge functionality in OpenBSD 3.4 and 3.5, when running a ...) NOTE: not-for-us (openbsd) CAN-2004-0818 NOTE: reserved NOTE: not vulnerable according to http://www.debian.org/security/nonvulns-sarge CAN-2004-0817 (Multiple heap-based buffer overflows in the imlib BMP image handler ...) {DSA-548-1} - imlib+png2 1.9.14-16.2 CAN-2004-0816 (Integer underflow in the firewall logging rules for iptables in Linux ...) NOTE: fixed in 2.6.8, does not affect 2.4 per dannf's notes CAN-2004-0815 (The unix_clean_name function in Samba 2.2.x through 2.2.11, and 3.0.x ...) {DSA-600-1} CAN-2004-0814 (Multiple race conditions in the terminal layer in Linux 2.4.x, and ...) - kernel-source-2.6.8 2.6.8-8 - kernel-source-2.4.27 2.4.27-7 NOTE: and all kernels build from it: CAN-2004-0813 (Unknown vulnerability in the SG_IO functionality in ide-cd allows ...) NOTE: ide-cd SG_IO vulnerability NOTE: fixed in recent 2.6 and 2.4 kernels CAN-2004-0812 NOTE: reserved CAN-2004-0811 (Unknown vulnerability in Apache 2.0.51 prevents "the merging of the ...) - apache2 2.0.52 CAN-2004-0810 (Buffer overflow in Netopia Timbuktu 7.0.3 allows remote attackers to ...) NOTE: not-for-us (Netopia Timbuktu) CAN-2004-0809 (The mod_dav module in Apache 2.0.50 and earlier allows remote ...) {DSA-558-1} - apache2 2.0.51-1 CAN-2004-0808 (The process_logon_packet function in the nmbd server for Samba 3.0.6 ...) - samba 3.0.7 CAN-2004-0807 (Samba 3.0.6 and earlier allows remote attackers to cause a denial of ...) - samba 3.0.7 CAN-2004-0806 (cdrecord in the cdrtools package before 2.01, when installed setuid ...) - cdrtools 4:2.0+a34-2 CAN-2004-0805 (Buffer overflow in layer2.c in mpg123 0.59r and possibly mpg123 0.59s ...) {DSA-564-1} - mpg123 0.59r-16 CAN-2004-0804 (Vulnerability in in tif_dirread.c for libtiff allows remote attackers ...) {DSA-567-1} NOTE: not vulnerable according to http://www.debian.org/security/nonvulns-sarge CAN-2004-0803 (Multiple vulnerabilities in the RLE (run length encoding) decoders for ...) {DSA-567-1} CAN-2004-0802 (Buffer overflow in the BMP loader in imlib2 before 1.1.2 allows remote ...) {DSA-552-1} CAN-2004-0801 (Unknown vulnerability in foomatic-rip in Foomatic before 3.0.2 allows ...) - foomatic-filters 3.0.2 CAN-2004-0800 (Format string vulnerability in CDE Mailer (dtmail) on Solaris 8 and 9 ...) NOTE: not-for-us (Solaris) CAN-2004-0799 (The HTTP daemon in Ipswitch WhatsUp Gold 8.03 and 8.03 Hotfix 1 allows ...) NOTE: not-for-us (Ipswitch WhatsUp Gold) CAN-2004-0798 (Buffer overflow in the _maincfgret.cgi script for Ipswitch WhatsUp ...) NOTE: not-for-us (Ipswitch WhatsUp Gold) CAN-2004-0797 (The error handling in the (1) inflate and (2) inflateBack functions in ...) - zlib 1:1.2.1.1-6 CAN-2004-0796 (SpamAssassin 2.5x, and 2.6x before 2.64, allows remote attackers to ...) - spamassassin 2.64 CAN-2004-0795 (DB2 8.1 remote command server (DB2RCMD.EXE) executes the db2rcmdc.exe ...) NOTE: not-for-us (IBM DB2 DB2RCMD.EXE) CAN-2004-0794 (Multiple signal handler race conditions in lukemftpd (aka tnftpd ...) {DSA-551-1} CAN-2004-0793 (The calendar program in bsdmainutils 6.0 through 6.0.14, when executed ...) - bsdmainutils 6.0.15 CAN-2004-0792 (Directory traversal vulnerability in the sanitize_path function in ...) - rsync 2.6.3 CAN-2004-0791 NOTE: reserved CAN-2004-0790 NOTE: reserved CAN-2004-0789 NOTE: reserved CAN-2004-0788 (Integer overflow in the ICO image decoder for (1) gdk-pixbuf before ...) {DSA-549-1 DSA-546-1} CAN-2004-0787 (Cross-site scripting (XSS) vulnerability in the web frontend in OpenCA ...) NOTE: not-for-us (seems OpenCA is not in Debian) CAN-2004-0786 (The IPv6 URI parsing routines in the apr-util library for Apache ...) NOTE: not vulnerable according to http://www.debian.org/security/nonvulns-sarge - apache2 2.0.51 CAN-2004-0785 (Multiple buffer overflows in Gaim before 0.82 allow remote attackers ...) - gaim 0.82 CAN-2004-0784 (The smiley theme functionality in Gaim before 0.82 allows remote ...) - gaim 0.82 CAN-2004-0783 (Stack-based buffer overflow in xpm_extract_color (io-xpm.c) in the XPM ...) {DSA-549-1} CAN-2004-0782 (Integer overflow in pixbuf_create_from_xpm (io-xpm.c) in the XPM image ...) {DSA-549-1 DSA-546-1} CAN-2004-0781 (Cross-site scripting (XSS) vulnerability in list.cgi in the Icecast ...) {DSA-541} CAN-2004-0780 NOTE: reserved CAN-2004-0779 (The (1) Mozilla 1.6, (2) Firebird 0.7 and (3) Firefox 0.8 web browsers ...) - mozilla 1.7 - mozilla-firefox 0.9 CAN-2004-0778 (CVS 1.11.x before 1.11.17, and 1.12.x before 1.12.9, allows remote ...) - cvs 1.12.9 CAN-2004-0777 (Format string vulnerability in the auth_debug function in Courier-IMAP ...) NOTE: not vulnerable according to http://www.debian.org/security/nonvulns-sarge - courier-imap 2.2.2 CAN-2004-0776 NOTE: reserved CAN-2004-0775 (Buffer overflow in WIDCOMM Bluetooth Connectivity Software, as used in ...) NOTE: not-for-us (Windows) CAN-2004-0774 (RealNetworks Helix Universal Server 9.0.2 for Linux and 9.0.3 for ...) NOTE: not-for-us (Real Helix server not in Debian) CAN-2004-0773 NOTE: reserved CAN-2004-0772 (Double-free vulnerabilities in error handling code in krb524d for MIT ...) {DSA-543-1} CAN-2004-0771 (Buffer overflow in the extract_one function from lhext.c in LHA may ...) - lha 1.14i-9 CAN-2004-0770 (romload.c in DGen Emulator 1.23 and earlier allows local users to ...) - dgen 1.23-6 CAN-2004-0769 (Buffer overflow in LHA allows remote attackers to execute arbitrary ...) - lha 1.14i-9 CAN-2004-0768 (libpng 1.2.5 and earlier does not properly calculate certain buffer ...) {DSA-536} CAN-2004-0767 (NGSEC StackDefender 1.10 allows attackers to cause a denial of service ...) NOTE: not-for-us (NGSEC StackDefender) CAN-2004-0766 (NGSEC StackDefender 2.0 allows attackers to cause a denial of service ...) NOTE: not-for-us (NGSEC StackDefender) CAN-2004-0765 (The cert_TestHostName function in Mozilla before 1.7, Firefox before ...) - mozilla 1.7 - mozilla-firefox 0.9 CAN-2004-0764 (Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, ...) - mozilla 1.7 - mozilla-firefox 0.9 CAN-2004-0763 (Mozilla Firefox 0.9.1 and 0.9.2 allows remote web sites to spoof ...) - mozilla-firefox 0.9.3 CAN-2004-0762 (Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, ...) - mozilla 1.7 - mozilla-firefox 0.9 CAN-2004-0761 (Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, ...) - mozilla 1.7 - mozilla-firefox 0.9 CAN-2004-0760 (Mozilla allows remote attackers to cause Mozilla to open a URI as a ...) - mozilla 1.7.2 - mozilla-firefox 0.9.3 CAN-2004-0759 (Mozilla before 1.7 allows remote web servers to read arbitrary files ...) - mozilla 1.7 CAN-2004-0758 (Mozilla 1.5 through 1.7 allows a CA certificate to be imported even ...) - mozilla 1.7.2 - mozilla-firefox 0.9.3 CAN-2004-0757 (Heap-based buffer overflow in the SendUidl in the POP3 capability for ...) - mozilla 1.7 - mozilla-firefox 0.9 CAN-2004-0756 NOTE: reserved CAN-2004-0755 (The FileStore capability in CGI::Session for Ruby before 1.8.1, and ...) {DSA-537} - gaim 1:0.82.1-1 CAN-2004-0754 (Integer overflow in Gaim before 0.82 allows remote attackers to cause ...) - gaim 1:0.82.1-1 CAN-2004-0753 (The BMP image processor for (1) gdk-pixbuf before 0.22 and (2) gtk2 ...) {DSA-546-1} CAN-2004-0752 (OpenOffice (OOo) 1.1.2 creates predictable directory names with ...) - openoffice.org 1.1.2-4 CAN-2004-0751 (The char_buffer_read function in the mod_ssl module for Apache 2.x, ...) - apache2 2.0.50-11 CAN-2004-0750 (Unknown vulnerability in redhat-config-nfs before 1.0.13, when shares ...) NOTE: not-for-us (Red Hat specific) CAN-2004-0749 (The mod_authz_svn module in Subversion 1.0.7 and earlier does not ...) - subversion 1.0.9-2 CAN-2004-0748 (mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause ...) - apache2 2.0.51 CAN-2004-0747 (Buffer overflow in Apache 2.0.50 and earlier allows local users to ...) NOTE: not vulnerable according to http://www.debian.org/security/nonvulns-sarge - apache2 2.0.51 CAN-2004-0746 (Konqueror in KDE 3.2.3 and earlier allows web sites to set cookies for ...) - kdelibs 4:3.2.3-3.sarge.1 NOTE: in t-p-u; 4.3.3 in unstable also fixes it CAN-2004-0745 (LHA 1.14 and earlier allows attackers to execute arbitrary commands ...) - lha 1.14i-10 CAN-2004-0744 (The TCP/IP Networking component in Mac OS X before 10.3.5 allows ...) NOTE: not-for-us (MacOS) CAN-2004-0743 (Safari in Mac OS X before 10.3.5, after sending form data using the ...) NOTE: not-for-us (MacOS) CAN-2004-0742 (Sun Java System Portal Server 6.2 (formerly Sun ONE) allows remote ...) NOTE: not-for-us (Sun Java System Portal Server) CAN-2004-0741 (LionMax Software WWW File Share Pro 2.60 allows remote attackers to ...) NOTE: not-for-us (LionMax Software WWW File Share Pro) CAN-2004-0740 (The HTTP server in Lexmark T522 and possibly other models allows ...) NOTE: not-for-us (Lexmark) CAN-2004-0739 (Buffer overflow in Whisper FTP Surfer 1.0.7 allows remote FTP servers ...) NOTE: not-for-us (Whisper FTP Surfer) CAN-2004-0738 (Multiple SQL injection vulnerabilities in the Search module in ...) NOTE: not-for-us (phpnuke) CAN-2004-0737 (Multiple cross-site scripting vulnerabilities in index.php in the ...) NOTE: not-for-us (phpnuke) CAN-2004-0736 (The search module in Php-Nuke allows remote attackers to gain ...) NOTE: not-for-us (phpnuke) CAN-2004-0735 (Buffer overflow in Medal of Honor (1) Allied Assault 1.11v9 and ...) NOTE: not-for-us (various windows games) CAN-2004-0734 (Web_Store.cgi allows remote attackers to execute arbitrary commands ...) NOTE: not-for-us (Web_Store.cgi) CAN-2004-0733 (Format string vulnerability in OllyDbg 1.10 allows remote attackers to ...) NOTE: not-for-us (OllyDbg) CAN-2004-0732 (SQL injection vulnerability in index.php in the Search module for ...) NOTE: not-for-us (phpnuke) CAN-2004-0731 (Cross-site scripting (XSS) vulnerability in index.php in the Search ...) NOTE: not-for-us (phpnuke) CAN-2004-0730 (Multiple cross-site scripting (XSS) vulnerabilities in PhpBB 2.0.8 ...) - phpbb2 2.0.10 CAN-2004-0729 (PhpBB 2.0.8 allows remote attackers to gain sensitive information via ...) - phpbb2 2.0.10 CAN-2004-0728 (The Remote Control Client service in Microsoft's Systems Management ...) NOTE: not-for-us (Microsoft) CAN-2004-0727 (Microsoft Internet Explorer 6.0.2800.1106 on Microsoft Windows XP SP2, ...) NOTE: not-for-us (Microsoft) CAN-2004-0726 (The Windows Media Player control in Microsoft Windows 2000 allows ...) NOTE: not-for-us (Microsoft) CAN-2004-0725 (Cross-site scripting (XSS) vulnerability in help.php in Moodle 1.3.2 ...) - moodle 1.4 CAN-2004-0724 (The Half-Life engine before July 7 2004 allows remote attackers to ...) NOTE: not-for-us (Half Life) CAN-2004-0723 (Microsoft Java virtual machine (VM) 5.0.0.3810 allows remote attackers ...) NOTE: not-for-us (Microsoft) CAN-2004-0722 (Integer overflow in the SOAPParameter object constructor in (1) ...) - mozilla 1.6 CAN-2004-0721 (Konqueror 3.1.3, 3.2.2, and possibly other versions does not properly ...) - konqueror 4:3.2.3-1.sarge.1 - kdelibs 4:3.2.3-3.sarge.1 NOTE: in t-p-u; also fixed in 4.3.3 in unstable CAN-2004-0720 (Safari 1.2.2 does not properly prevent a frame in one domain from ...) NOTE: not-for-us (Safari) CAN-2004-0719 (Internet Explorer for Mac 5.2.3, Internet Explorer 6 on Windows XP, ...) NOTE: not-fos-us (Microsoft) CAN-2004-0718 (The (1) Mozilla 1.6, (2) Firebird 0.7, (3) Firefox 0.8, and (4) ...) - mozilla 1.6 - mozilla-firefox 0.8 CAN-2004-0717 (Opera 7.51 for Windows and 7.50 for Linux does not properly prevent a ...) NOTE: not-for-us (opera 7.50) CAN-2004-0716 (Buffer overflow in the DCE daemon (DCED) for the DCE endpoint mapper ...) NOTE: not-for-us (HP-UX) CAN-2004-0715 (The WebLogic Authentication provider for BEA WebLogic Server and ...) NOTE: not-for-us (BEA WebLogic Server and WebLogic Express) CAN-2004-0714 (Cisco Internetwork Operating System (IOS) 12.0S through 12.3T attempts ...) NOTE: not-for-us (Cisco) CAN-2004-0713 (The remove method in a stateful Enterprise JavaBean (EJB) in BEA ...) NOTE: not-for-us (BEA WebLogic Server and WebLogic Express) CAN-2004-0712 (The configuration tools (1) config.sh in Unix or (2) config.cmd in ...) NOTE: not-for-us (BEA WebLogic Server) CAN-2004-0711 (The URL pattern matching feature in BEA WebLogic Server 6.x matches ...) NOTE: not-for-us (BEA WebLogic Server) CAN-2004-0710 (IP Security VPN Services Module (VPNSM) in Cisco Catalyst 6500 Series ...) NOTE: not-for-us (Cisco) CAN-2004-0709 (HP OpenView Select Access 5.0 through 6.0 does not correctly decode ...) NOTE: not-for-us (HP OpenView Select Access) CAN-2004-0708 (MoinMoin 1.2.1 and earlier allows remote attackers to gain privileges ...) - moin 1.2.2 CAN-2004-0707 (SQL injection vulnerability in editusers.cgi in Bugzilla 2.16.x before ...) - bugzilla 2.16.7-0.1 CAN-2004-0706 (Bugzilla 2.17.5 through 2.17.7 embeds the password in an image URL, ...) NOTE: bugzilla 2.16.x is not affected, only 2.17 which is not yet in Debian CAN-2004-0705 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...) - bugzilla 2.16.7-0.1 CAN-2004-0704 (Unknown vulnerability in (1) duplicates.cgi and (2) buglist.cgi in ...) - bugzilla 2.16.7-0.1 CAN-2004-0703 (Unknown vulnerability in the administrative controls in Bugzilla ...) NOTE: bugzilla 2.16.x is not affected, only 2.17 which is not yet in Debian CAN-2004-0702 (DBI in Bugzilla 2.17.1 through 2.17.7 displays the database password ...) NOTE: bugzilla 2.16.x is not affected, only 2.17 which is not yet in Debian CAN-2004-0701 (Sun Ray Server Software (SRSS) 1.3 and 2.0 for Solaris 2.6, 7 and 8 ...) NOTE: not-for-us (Solaris) CAN-2004-0700 (Format string vulnerability in the mod_proxy hook functions function ...) {DSA-532} CAN-2004-0699 (Heap-based buffer overflow in ASN.1 decoding library in Check Point ...) NOTE: not-for-us (Check Point VPN) CAN-2004-0698 (4D WebSTAR 5.3.2 and earlier allows local users to read and modify ...) NOTE: not-for-us (WebSTAR) CAN-2004-0697 (Unknown vulnerability in 4D WebSTAR 5.3.2 and earlier allows remote ...) NOTE: not-for-us (WebSTAR) CAN-2004-0696 (The ShellExample.cgi script in 4D WebSTAR 5.3.2 and earlier allows ...) NOTE: not-for-us (WebSTAR) CAN-2004-0695 (Stack-based buffer overflow in the FTP service for 4D WebSTAR 5.3.2 ...) NOTE: not-for-us (WebSTAR) CAN-2004-0694 NOTE: reserved - lha 1.14i-10 CAN-2004-0693 (The GIF parser in the QT library (qt3) before 3.3.3 allows remote ...) {DSA-542-1} CAN-2004-0692 (The XPM parser in the QT library (qt3) before 3.3.3 allows remote ...) {DSA-542-1} CAN-2004-0691 (Heap-based buffer overflow in the BMP image format parser for the QT ...) {DSA-542-1} CAN-2004-0690 (The DCOPServer in KDE 3.2.3 and earlier allows local users to gain ...) - kdelibs 4:3.2.3-3.sarge.1 NOTE: in t-p-u, 4.3.3 in unstable is also fixed CAN-2004-0689 (KDE before 3.3.0 does not properly handle when certain symbolic links ...) {DSA-539} CAN-2004-0688 (Multiple integer overflows in (1) the xpmParseColors function in ...) {DSA-561-1 DSA-560-1} CAN-2004-0687 (Multiple stack-based buffer overflows in (1) xpmParseColors in ...) {DSA-561-1 DSA-560-1} CAN-2004-0686 (Buffer overflow in Samba 2.2.x to 2.2.9, and 3.0.0 to 3.0.4, when the ...) - samba 3.0.5 CAN-2004-0685 (Certain USB drivers in the Linux 2.4 kernel use the copy_to_user ...) TODO: check with kernel team CAN-2004-0684 (WebSphere Edge Component Caching Proxy in WebSphere Edge Server 5.02, ...) NOTE: not-for-us (WebSphere Edge Server) CAN-2004-0683 (Symantec Norton AntiVirus 2002 and 2003 allows remote attackers to ...) NOTE: not-for-us (Norton) CAN-2004-0682 (comersus_gatewayPayPal.asp in Comersus Cart 5.09, and possibly other ...) NOTE: not-for-us (Comersus Cart) CAN-2004-0681 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...) NOTE: not-for-us (Comersus Cart) CAN-2004-0680 (Zoom X3 ADSL modem has a terminal running on port 254 that can be ...) NOTE: not-for-us (Zoom DSL modem) CAN-2004-0679 (The IP cloaking feature (cloak.c) in UnrealIRCd 3.2, and possibly ...) NOTE: not-for-us (UnrealIRCd) CAN-2004-0678 (Cross-site scripting (XSS) in one2planet.infolet.InfoServlet in ...) NOTE: not-for-us (12Planet Chat Server) CAN-2004-0677 (Fastream NETFile FTP Server 6.7.2.1085 and earlier allows remote ...) NOTE: not-for-us (Fastream NETFile FTP Server) CAN-2004-0676 (Directory traversal vulnerability in Fastream NETFile FTP/Web Server ...) NOTE: not-for-us (Fastream NETFile FTP Server) CAN-2004-0675 (Cross-site scripting (XSS) vulnerability in (1) cart32.exe or (2) ...) NOTE: not-for-us (c32web.exe) CAN-2004-0674 (Enterasys XSR-1800 series Security Routers, when running firmware ...) NOTE: not-for-us (Enterasys XSR-1800 series Security Routers) CAN-2004-0673 (Cross-site scripting (XSS) vulnerability in SCI Photo Chat Server ...) NOTE: not-for-us (SCI Photo Chat Server) CAN-2004-0672 (Multiple cross-site scripting (XSS) vulnerabilities in the primary and ...) NOTE: not-for-us (Netegrity IdentityMinder Web Edition) CAN-2004-0671 (Brightmail Spamfilter 6.0 and earlier beta releases allows remote ...) NOTE: not-for-us (Brightmail Spamfilter) CAN-2004-0670 (Prestige 650HW-31 running Rompager 4.7 software allows remote ...) NOTE: not-for-us (Rompager) CAN-2004-0669 (Lotus Domino 6.5.0 and 6.5.1, with IMAP enabled, allows remote ...) NOTE: not-for-us (Lotus) CAN-2004-0668 (Web Access in Lotus Domino 6.5.1 allows remote attackers to cause a ...) NOTE: not-for-us (Lotus) CAN-2004-0667 (Rule Set Based Access Control (RSBAC) 1.2.2 through 1.2.3 allows ...) TODO: kernel-patch-adamantix may contain the RSBAC patch, check CAN-2004-0666 (Off-by-one error in the POP3_readmsg function in popclient 3.0b6 ...) NOTE: not-for-us (popclient not in Debian) CAN-2004-0665 (csFAQ.cgi in csFAQ allows remote attackers to gain sensitive ...) NOTE: not-for-us (csFAQ not in Debian) CAN-2004-0664 (Directory traversal vulnerability in modules.php in PowerPortal 1.x ...) NOTE: not-for-us (PowerPortal) CAN-2004-0663 (Cross-site scripting (XSS) vulnerability in modules.php in PowerPortal ...) NOTE: not-for-us (PowerPortal) CAN-2004-0662 (PowerPortal 1.x allows remote attackers to gain sensitive information ...) NOTE: not-for-us (PowerPortal) CAN-2004-0661 (Integer signedness error in D-Link AirPlus DI-614+ running firmware ...) NOTE: not-for-us (D-Link AirPlus DI-614+) CAN-2004-0660 (Cross-site scripting (XSS) vulnerability in (1) show_archives.php, (2) ...) NOTE: not-for-us (CuteNews) CAN-2004-0659 (Buffer overflow in TranslateFilename for common.c in MPlayer 1.0pre4 ...) NOTE: not-for-us (mplayer) CAN-2004-0658 (Integer overflow in the hpsb_alloc_packet function (incorrectly ...) NOTE: invalid according to www.osvdb.org/7253 CAN-2004-0657 (Integer overflow in the NTP daemon (NTPd) before 4.0 causes the NTP ...) - ntp 4.0 CAN-2004-0656 (The accept_client function in PureFTPd 1.0.18 and earlier allows ...) - pure-ftpd 1.0.19-1 CAN-2004-0655 (eupdatedb in esearch 0.6.1 and earlier allows local users to create ...) NOTE: not-for-us (Gentoo specific) CAN-2004-0654 (Unknown vulnerability in the Basic Security Module (BSM), when ...) NOTE: not-for-us (Solaris) CAN-2004-0653 (Solaris 9, when configured as a Kerberos client with patch 112908-12 ...) NOTE: not-for-us (Solaris) CAN-2004-0652 (BEA WebLogic Server and WebLogic Express 7.0 through 7.0 Service Pack ...) NOTE: not-for-us (BEA WebLogic Server and WebLogic Express) CAN-2004-0651 (Unknown vulnerability in Sun Java Runtime Environment (JRE) 1.4.2 ...) NOTE: JRE is not in Debian, assuming the various wrappers handle NOTE the new version. Not worrying about upgrades. CAN-2004-0650 (UploadServlet in Cisco Collaboration Server (CCS) running ServletExec ...) NOTE: not-for-us (Cisco) CAN-2004-0649 (Buffer overflow in write_packet in control.c for l2tpd may allow ...) {DSA-530} CAN-2004-0648 (Mozilla (Suite) before 1.7.1, Firefox before 0.9.2, and Thunderbird ...) - mozilla 1.7.1 - mozilla-firefox 0.9.2 - mozilla-thunderbird 0.7.2 CAN-2004-0647 (shorewall 1.4.10c and earlier, and 2.0.x before 2.0.3a, allows local ...) - shorewall 2.0.3a CAN-2004-0646 (Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 ...) NOTE: not-for-us (JRun) CAN-2004-0645 (Buffer overflow in the wvHandleDateTimePicture function in wv library ...) {DSA-579-1 DSA-550-1} CAN-2004-0644 (The asn1buf_skiptail function in the ASN.1 decoder library for MIT ...) {DSA-543-1} CAN-2004-0643 (Double-free vulnerability in the krb5_rd_cred function for MIT ...) {DSA-543-1} CAN-2004-0642 (Double-free vulnerabilities in the error handling code for ASN.1 ...) {DSA-543-1} CAN-2004-0641 NOTE: reserved CAN-2004-0640 (Format string vulnerability in the SSL_set_verify function in ...) {DSA-529} CAN-2004-0639 (Multiple cross-site scripting (XSS) vulnerabilities in Squirrelmail ...) {DSA-535} CAN-2004-0638 NOTE: reserved CAN-2004-0637 NOTE: reserved CAN-2004-0636 (Buffer overflow in the goaway function in the aim:goaway URI handler ...) NOTE: not-for-us (AOL Instant Messenger) CAN-2004-0635 (The SNMP dissector in Ethereal 0.8.15 through 0.10.4 allows remote ...) {DSA-528} CAN-2004-0634 (The SMB SID snooping capability in Ethereal 0.9.15 to 0.10.4 allows ...) - ethereal 0.10.5 CAN-2004-0633 (The iSNS dissector for Ethereal 0.10.3 through 0.10.4 allows remote ...) - ethereal 0.10.5 CAN-2004-0632 (Adobe Reader 6.0 does not properly handle null characters when ...) NOTE: not-for-us (adobe reader) CAN-2004-0631 (Buffer overflow in the uudecoding feature for Adobe Acrobat Reader ...) NOTE: not-for-us (adobe acrobat) CAN-2004-0630 (The uudecoding feature in Adobe Acrobat Reader 5.0.5 and 5.0.6 for ...) NOTE: not-for-us (adobe acrobat) CAN-2004-0629 (Buffer overflow in the ActiveX component (pdf.ocx) for Adobe Acrobat ...) NOTE: not-for-us (adobe acrobat) CAN-2004-0628 (Stack-based buffer overflow in MySQL 4.1.x before 4.1.3, and 5.0, ...) NOTE: apparently only affects mysql-dfsg >= 4.1.x, debian has older version CAN-2004-0627 (The check_scramble_323 function in MySQL 4.1.x before 4.1.3, and 5.0, ...) NOTE: apparently only affects mysql-dfsg >= 4.1.x, debian has older version CAN-2004-0626 (The tcp_find_option function of the netfilter subsystem in Linux ...) NOTE: fixed after 2.6.6 kernel CAN-2004-0625 (SQL injection vulnerability in Infinity WEB 1.0 allows remote ...) NOTE: not-for-us (Infinity WEB) CAN-2004-0624 (PHP remote code injection vulnerability in index.php for Artmedic ...) NOTE: not-for-us (Artmedic links) CAN-2004-0623 (Format string vulnerability in misc.c in GNU GNATS 4.00 may allow ...) {DSA-590-1} - gnats 4.0-6.1 CAN-2004-0622 (Mac OS X 10.3.4 does not properly clear memory for user login, ...) NOTE: not-for-us (MacOS) CAN-2004-0621 (admin.php in Newsletter ZWS allows remote attackers to gain ...) NOTE: not-for-us (Newsletter ZWS) CAN-2004-0620 (Cross-site scripting (XSS) vulnerability in (1) newreply.php or (2) ...) NOTE: not-for-us (vBulletin) CAN-2004-0619 (Integer overflow in the ubsec_keysetup function for Linux Broadcom ...) NOTE: not-for-us (Linux Broadcom 5820 cryptonet driver) NOTE: does not seem to be part of linux kernel or other package CAN-2004-0618 (FreeBSD 5.1 for the Alpha processor allows local users to cause a ...) NOTE: not-for-us (freebsd) CAN-2004-0617 (Cross-site scripting (XSS) vulnerability in ArbitroWeb 0.6 allows ...) NOTE: not-for-us (ArbitroWeb) CAN-2004-0616 (The BT Voyager 2000 Wireless ADSL Router has a default public SNMP ...) NOTE: not-for-us (BT Voyager 2000 Wireless ADSL Router) CAN-2004-0615 (Cross-site scripting (XSS) vulnerability in D-Link DI-614+ SOHO router ...) NOTE: not-for-us (D-Link DI-614+ SOHO router) CAN-2004-0614 (osTicket trusts a hidden form field in the submit form to limit the ...) NOTE: not-for-us (osTicket) CAN-2004-0613 (osTicket allows remote attackers to view sensitive uploaded files and ...) NOTE: not-for-us (osTicket) CAN-2004-0612 (The Mobile Code filter in ZoneAlarm Pro 5.0.590.015 does not filter ...) NOTE: not-for-us (ZoneAlarm Pro) CAN-2004-0611 (Web-Based Administration in Netgear FVS318 VPN Router allows remote ...) NOTE: not-for-us (Netgear FVS318 VPN Router) CAN-2004-0610 (The Web administration interface in Microsoft MN-500 Wireless Router ...) NOTE: not-for-us (Microsoft MN-500 Wireless Router) CAN-2004-0609 (rssh 2.0 through 2.1.x expands command line arguments before entering ...) - rssh 2.2.1 CAN-2004-0608 (The Unreal Engine, as used in DeusEx 1.112fm and earlier, Devastation ...) NOTE: not-for-us (Unreal Engine) CAN-2004-0607 (The eay_check_x509cert function in KAME Racoon successfully verifies ...) - racoon 0.3.3-1 CAN-2004-0606 (Cross-site scripting (XSS) vulnerability in Infoblox DNS One running ...) NOTE: not-for-us (Infoblox DNS One) CAN-2004-0605 (Non-registered IRC users using (1) ircd-hybrid 7.0.1 and earlier, (2) ...) NOTE: Dossibly fixed in ircd-hybrid 7.0.2: "fixed flood limit bug". NOTE: Does not match posted patch. Mailed Debian maintainer. CAN-2004-0604 (The HTTP client and server in giFT-FastTrack 0.8.6 and earlier allows ...) NOTE: not-for-us (giFT-FastTrack not in debian) CAN-2004-0603 (gzexe in gzip 1.3.3 and earlier will execute an argument when the ...) NOTE: not-for-us (Gentoo-specific bug in gzip introduced by botched security fix) CAN-2004-0602 (The binary compatibility mode for FreeBSD 4.x and 5.x does not ...) NOTE: not-for-us (FreeBSD) CAN-2004-0601 (distcc before 2.16, when running on 64-bit platforms, does not ...) - disctcc 2.18.1-4 CAN-2004-0600 (Buffer overflow in the Samba Web Administration Tool (SWAT) in Samba ...) - samba 3.0.5 CAN-2004-0599 (Multiple integer overflows in the (1) png_read_png in pngread.c or (2) ...) {DSA-536} CAN-2004-0598 (The png_handle_iCCP function in libpng 1.2.5 and earlier allows remote ...) {DSA-536} CAN-2004-0597 (Multiple buffer overflows in libpng 1.2.5 and earlier allow remote ...) {DSA-536} CAN-2004-0596 (The Equalizer Load-balancer for serial network interfaces (eql.c) in ...) TODO: check with kernel team CAN-2004-0595 (The strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to ...) {DSA-531} CAN-2004-0594 (The memory_limit functionality in PHP 4.x up to 4.3.7, and 5.x up to ...) {DSA-531} CAN-2004-0593 (Sygate Enforcer 3.5MR1 and earlier passes broadcast traffic before ...) NOTE: not-for-us (Sygate Enforcer) CAN-2004-0592 NOTE: reserved CAN-2004-0591 (Cross-site scripting (XSS) vulnerability in the print_header_uc ...) {DSA-533} CAN-2004-0590 (FreeS/WAN 1.x and 2.x, and other related products including ...) - freeswan 2.04-10 - openswan 2.2.0 CAN-2004-0589 (Cisco IOS 11.1(x) through 11.3(x) and 12.0(x) through 12.2(x), when ...) NOTE: not-for-us (Cisco) CAN-2004-0588 (Cross-site scripting (XSS) vulnerability in the web mail module for ...) - usermin 1.090-1 CAN-2004-0587 (Insecure permissions for the /proc/scsi/qla2300/HbaApiNode file in ...) - qla2x00-source 7.01.01-1 CAN-2004-0586 (acpRunner ActiveX 1.2.5.0 allows remote attackers execute arbitrary ...) NOTE: not-for-us (Windows) CAN-2004-0585 NOTE: rejected CAN-2004-0584 (Unknown vulnerability in Horde-IMP 3.2.3 and earlier, before a ...) - imp 3.2.4 CAN-2004-0583 (The account lockout functionality in (1) Webmin 1.140 and (2) Usermin ...) {DSA-526} - usermin 1.090-1 - webmin 1.150-1 CAN-2004-0582 (Unknown vulnerability in Webmin 1.140 allows remote attackers to ...) {DSA-526} - usermin 1.090-1 CAN-2004-0581 (ksymoops-gznm script in Mandrake Linux 9.1 through 10.0, and Corporate ...) NOTE: not-for-us (Mandrake script) CAN-2004-0580 (DHCP on Linksys BEFSR11, BEFSR41, BEFSR81, and BEFSRU31 Cable/DSL ...) NOTE: not-for-us (Linksys routers) CAN-2004-0579 (Format string vulnerability in super before 3.23 allows local users to ...) {DSA-522} CAN-2004-0578 (WinGate 5.2.3 build 901 and 6.0 beta 2 build 942, and other versions ...) NOTE: not-for-us (Wingate) CAN-2004-0577 (WinGate 5.2.3 build 901 and 6.0 beta 2 build 942, and other versions ...) NOTE: not-for-us (Wingate) CAN-2004-0576 (The radius daemon (radiusd) for GNU Radius 1.1, when compiled with the ...) NOTE: not-for-us (GNU radius not in Debian) CAN-2004-0575 (Integer overflow in DUNZIP32.DLL for Microsoft Windows XP, Windows XP ...) NOTE: not-for-us (Windows) CAN-2004-0574 (The Network News Transfer Protocol (NNTP) component of Microsoft ...) NOTE: not-for-us (Windows) CAN-2004-0573 (Buffer overflow in the converter for Microsoft WordPerfect 5.x on ...) NOTE: not-for-us (Windows) CAN-2004-0572 (Buffer overflow in the Windows Program Group Converter (grpconv.exe) ...) NOTE: not-for-us (Windows) CAN-2004-0571 (Microsoft Word for Windows 6.0 Converter does not properly validate ...) NOTE: not-for-us (Microsoft) CAN-2004-0570 NOTE: reserved CAN-2004-0569 (The RPC Runtime Library for Microsoft Windows NT 4.0 allows remote ...) NOTE: not-for-us (Windows) CAN-2004-0568 (HyperTerminal application for Windows NT 4.0, Windows 2000, Windows ...) NOTE: not-for-us (HyperTerminal) CAN-2004-0567 (The Windows Internet Naming Service (WINS) in Windows NT Server 4.0 SP ...) NOTE: not-for-us (Windows) CAN-2004-0566 (Integer overflow in imgbmp.cxx for Windows 2000 allows remote ...) NOTE: not-for-us (Windows) CAN-2004-0565 (Floating point information leak in the context switch code for Linux ...) NOTE: ia64 only NOTE: appears fixed in 2.4.27/2.6.8 CAN-2004-0564 (Roaring Penguin pppoe (rp-ppoe), if installed or configured to run ...) {DSA-557-1} CAN-2004-0563 (The tspc.conf configuration file in freenet6 before 0.9.6 and before ...) {DSA-555-1} CAN-2004-0562 NOTE: reserved CAN-2004-0561 NOTE: reserved CAN-2004-0560 NOTE: reserved CAN-2004-0559 (The maketemp.pl script in Usermin 1.070 and 1.080 allows local users ...) {DSA-544-1} CAN-2004-0558 (The Internet Printing Protocol (IPP) implementation in CUPS before ...) {DSA-545-1} CAN-2004-0557 (Multiple buffer overflows in Sound eXchange (SoX) 12.17.2 through ...) {DSA-565-1} CAN-2004-0556 NOTE: reserved CAN-2004-0555 NOTE: reserved CAN-2004-0554 (Linux kernel 2.4.2x and 2.6.x for x86 allows local users to cause a ...) NOTE: this was a big deal and is fixed in all current kernels CAN-2004-0553 NOTE: reserved CAN-2004-0552 (Sophos Small Business Suite 1.00 on Windows does not properly handle ...) NOTE: not-for-us (Sophos Small Business Suite) CAN-2004-0551 (Cisco CatOS 5.x before 5.5(20) through 8.x before 8.2(2) and ...) NOTE: not-for-us (Cisco) CAN-2004-0550 (Buffer overflow in Real Networks RealPlayer 10 allows remote attackers ...) NOTE: not-for-us (Real Player) CAN-2004-0549 (The WebBrowser ActiveX control, or the Internet Explorer HTML ...) NOTE: not-for-us (Windows) CAN-2004-0548 (Multiple stack-based buffer overflows in the word-list-compress ...) - aspell 0.50.5-3 CAN-2004-0547 (Buffer overflow in the ODBC driver for PostgreSQL before 7.2.1 allows ...) {DSA-516} CAN-2004-0546 NOTE: reserved CAN-2004-0545 (LVM for AIX 5.1 and 5.2 allows local users to overwrite arbitrary ...) NOTE: not-for-us (AIX) CAN-2004-0544 (Multiple buffer overflows in LVM for AIX 5.1 and 5.2 allow local users ...) NOTE: not-for-us (AIX) CAN-2004-0543 (Multiple SQL injection vulnerabilities in Oracle Applications 11.0 and ...) NOTE: not-for-us (Oracle) CAN-2004-0542 (PHP before 4.3.7 on Win32 platforms does not properly filter all shell ...) NOTE: not-for-us (php4 bug only affects Windows) CAN-2004-0541 (Buffer overflow in the ntlm_check_auth (NTLM authentication) function ...) - squid 2.5.5-5 CAN-2004-0540 (Microsoft Windows 2000, when running in a domain whose Fully Qualified ...) NOTE: not-for-us (Windows) CAN-2004-0539 (The "Show in Finder" button in the Safari web browser in Mac OS X ...) NOTE: not-for-us (MacOS) CAN-2004-0538 (LaunchServices in Mac OS X 10.3.4 and 10.2.8 automatically registers ...) NOTE: not-for-us (MacOS) CAN-2004-0537 (Opera 7.50 and earlier allows remote web sites to provide a "Shortcut ...) NOTE: not-for-us (Opera) CAN-2004-0536 (Format string vulnerability in Tripwire commercial 4.0.1 and earlier, ...) - tripwire 2.3.1.2.0-2.1 CAN-2004-0535 (The e1000 driver for Linux kernel 2.4.26 and earlier does not properly ...) NOTE: fixed in 2.4.27 CAN-2004-0534 NOTE: reserved CAN-2004-0533 NOTE: reserved CAN-2004-0532 NOTE: reserved CAN-2004-0531 NOTE: reserved CAN-2004-0530 (The PHP package in Slackware 8.1, 9.0, and 9.1, when linked against a ...) NOTE: not-for-us (Slackware specific rpath issue) CAN-2004-0529 (The modified suexec program in cPanel, when configured for mod_php and ...) NOTE: not-for-us (cPanel is not our cpanel) CAN-2004-0528 (Netscape Navigator 7.1 allows remote attackers to spoof a legitimate ...) NOTE: not-for-us (Netscape Navigator 7.1) CAN-2004-0527 (KDE Konqueror 2.1.1 and 2.2.2 allows remote attackers to spoof a ...) NOTE: konquror 2.2.2 and earlier, later should not be vulnerale NOTE: but did not check in detail CAN-2004-0526 (Unknown versions of Internet Explorer and Outlook allow remote ...) NOTE: not-for-us (Windows) CAN-2004-0525 (HP Integrated Lights-Out (iLO) 1.10 and other versions before 1.55 ...) NOTE: not-for-us (iLO) CAN-2004-0524 (Buffer overflow in the chpasswd command in the Change_passwd plugin ...) NOTE: not-for-us (Change_passwd SquirrelMail plugin not present in debian) CAN-2004-0523 (Multiple buffer overflows in krb5_aname_to_localname for MIT Kerberos ...) {DSA-520} CAN-2004-0522 (Gallery 1.4.3 and earlier allows remote attackers to bypass ...) {DSA-512} CAN-2004-0521 (SQL injection vulnerability in SquirrelMail before 1.4.3 RC1 allows ...) {DSA-535} CAN-2004-0520 (Cross-site scripting (XSS) vulnerability in mime.php for SquirrelMail ...) {DSA-535} CAN-2004-0519 (Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail ...) {DSA-535} CAN-2004-0518 (Unknown vulnerability in AppleFileServer for Mac OS X 10.3.4, related ...) NOTE: not-for-us (MacOS) CAN-2004-0517 (Unknown vulnerability in Mac OS X 10.3.4, related to "handling of ...) NOTE: not-for-us (MacOS) CAN-2004-0516 (Unknown vulnerability in Mac OS X 10.3.4, related to "package ...) NOTE: not-for-us (MacOS) CAN-2004-0515 (Unknown vulnerability in LoginWindow for Mac OS X 10.3.4, related to ...) NOTE: not-for-us (MacOS) CAN-2004-0514 (Unknown vulnerability in LoginWindow for Mac OS X 10.3.4, related to ...) NOTE: not-for-us (MacOS) CAN-2004-0513 (Unknown vulnerability in Mac OS X 10.3.4, related to "logging when ...) NOTE: not-for-us (MacOS) CAN-2004-0512 (Multiple unknown vulnerabilities in MMDF on OpenServer 5.0.6 and ...) NOTE: not-for-us (SCO MMDF) CAN-2004-0511 (Multiple unknown vulnerabilities in MMDF on OpenServer 5.0.6 and ...) NOTE: not-for-us (SCO MMDF) CAN-2004-0510 (Multiple buffer overflows in MMDF on OpenServer 5.0.6 and 5.0.7, and ...) NOTE: not-for-us (SCO MMDF) CAN-2004-0509 NOTE: reserved CAN-2004-0508 NOTE: reserved CAN-2004-0507 (Buffer overflow in the MMSE dissector for Ethereal 0.10.1 to 0.10.3 ...) - ethereal 0.10.4 CAN-2004-0506 (The SPNEGO dissector in Ethereal 0.9.8 to 0.10.3 allows remote ...) - ethereal 0.10.4 CAN-2004-0505 (The AIM dissector in Ethereal 0.10.3 allows remote attackers to cause ...) - ethereal 0.10.4 CAN-2004-0504 (Ethereal 0.10.3 allows remote attackers to cause a denial of service ...) - ethereal 0.10.4 CAN-2004-0503 (Outlook 2003 allows remote attackers to bypass the default zone ...) NOTE: not-for-us (Microsoft) CAN-2004-0502 (Outlook 2003, when replying to an e-mail message, stores certain files ...) NOTE: not-for-us (Microsoft) CAN-2004-0501 (Outlook 2003 allows remote attackers to bypass intended access ...) NOTE: not-for-us (Microsoft) CAN-2004-0500 (Buffer overflow in the MSN protocol plugins (1) object.c and (2) slp.c ...) - gaim 1:0.81-3 CAN-2004-0499 NOTE: reserved CAN-2004-0498 NOTE: reserved CAN-2004-0497 (Unknown vulnerability in Linux kernel 2.x may allow local users to ...) NOTE: linux kernel fchown hole, fixed in all current kernels CAN-2004-0496 (Multiple unknown vulnerabilities in Linux kernel 2.6 allow local users ...) NOTE: fixed in 2.6.7 CAN-2004-0495 (Multiple unknown vulnerabilities in Linux kernel 2.4 and 2.6 allow ...) NOTE: fixed in 2.4.27-rc1 CAN-2004-0494 (Multiple extfs backend scripts for GNOME virtual file system (VFS) ...) - gnome-vfs 1.0.1 CAN-2004-0493 (The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows ...) - apache2 2.0.50-1 CAN-2004-0492 (Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache ...) {DSA-525} - apache 1.3.31-2 CAN-2004-0491 NOTE: reserved CAN-2004-0490 (cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec ...) NOTE: not-for-us (cPanel is not our cpanel) CAN-2004-0489 (Argument injection vulnerability in the SSH URI handler for Safari on ...) NOTE: not-for-us (MacOS) CAN-2004-0488 (Stack-based buffer overflow in the ssl_util_uuencode_binary function ...) {DSA-532} - apache2 2.0.50-1 CAN-2004-0487 (A certain ActiveX control in Symantec Norton AntiVirus 2004 allows ...) NOTE: not-for-us (Norton) CAN-2004-0486 (HelpViewer in Mac OS X 10.3.3 and 10.2.8 processes scripts that it did ...) NOTE: not-for-us (MacOS) CAN-2004-0485 (The default protocol helper for the disk: URI on Mac OS X 10.3.3 and ...) NOTE: not-for-us (MacOS) CAN-2004-0484 (Unknown vulnerability in mshtml.dll in Microsoft Internet Explorer ...) NOTE: not-for-us (Microsoft) CAN-2004-0483 (Unknown vulnerability in rpc.mountd for SGI IRIX 6.5.24 allows remote ...) NOTE: not-for-us (IRIX) CAN-2004-0482 (Multiple "incorrect bounds checking" errors in certain functions for ...) NOTE: not-for-us (OpenBSD) CAN-2004-0481 NOTE: reserved CAN-2004-0480 (Argument injection vulnerability in IBM Lotus Notes 6.0.3 and 6.5 ...) NOTE: not-for-us (Lotus Notes) CAN-2004-0479 (Internet Explorer 6 allows remote attackers to cause a denial of ...) NOTE: not-for-us (Microsoft) CAN-2004-0478 (Unknown versions of Mozilla allow remote attackers to cause a denial ...) NOTE: only a Mozilla DOS TODO: not even fixed upstream CAN-2004-0477 (Unknown vulnerability in 3Com OfficeConnect Remote 812 ADSL Router ...) NOTE: not-for-us (3Com OfficeConnect Remote 812 ADSL Router) CAN-2004-0476 (Buffer overflow in 3Com OfficeConnect Remote 812 ADSL Router 1.1.9.4 ...) NOTE: not-for-us (3Com OfficeConnect Remote 812 ADSL Router) CAN-2004-0475 (The showHelp function in Internet Explorer 6 on Windows XP Pro allows ...) NOTE: not-for-us (Microsoft) CAN-2004-0474 (Help Center (HelpCtr.exe) may allow remote attackers to read or ...) NOTE: not-for-us (Help Center (HelpCtr.exe)) CAN-2004-0473 (Opera before 7.50 does not properly filter "-" characters that begin a ...) NOTE: not-for-us (opera) CAN-2004-0472 NOTE: rejected CAN-2004-0471 (BEA WebLogic Server and WebLogic Express 7.0 through SP5 and 8.1 ...) NOTE: not-for-us (BEA WebLogic) CAN-2004-0470 (BEA WebLogic Server and WebLogic Express 7.0 through SP5 and 8.1 ...) NOTE: not-for-us (BEA WebLogic) CAN-2004-0469 (Buffer overflow in the ISAKMP functionality for Check Point VPN-1 and ...) NOTE: not-for-us (Check Point VPN) CAN-2004-0468 (Memory leak in Juniper JUNOS Packet Forwarding Engine (PFE) allows ...) NOTE: not-for-us (Juniper JUNOS) CAN-2004-0467 NOTE: reserved CAN-2004-0466 NOTE: reserved CAN-2004-0465 NOTE: reserved CAN-2004-0464 NOTE: reserved CAN-2004-0463 NOTE: reserved CAN-2004-0462 NOTE: reserved CAN-2004-0461 (The DHCP daemon (DHCPD) for ISC DHCP 3.0.1rc12 and 3.0.1rc13, when ...) NOTE: debian probably not vulnerable - dhcp3 3.0.1 CAN-2004-0460 (Buffer overflow in the logging capability for the DHCP daemon (DHCPD) ...) - dhcp3 3.0.1 CAN-2004-0459 (The Clear Channel Assessment (CCA) algorithm in the IEEE 802.11 ...) NOTE: not-for-us (DOS in 802.11 protocol) CAN-2004-0458 (mah-jong before 1.6.2 allows remote attackers to cause a denial of ...) {DSA-503} - mah-jong 1.6.2-1 CAN-2004-0457 (The mysqlhotcopy script in mysql 4.0.20 and earlier, when using the ...) {DSA-540} CAN-2004-0456 (Stack-based buffer overflow in pavuk 0.9pl28, 0.9pl27, and possibly ...) {DSA-527} CAN-2004-0455 (Buffer overflow in cgi.c in www-sql before 0.5.7 allows local users to ...) {DSA-523} CAN-2004-0454 (Buffer overflow in the msg function for rlpr daemon (rlprd) 2.04 ...) {DSA-524} CAN-2004-0453 (Format string vulnerability in the monitor "memory dump" command in ...) - vice 1.14-2 CAN-2004-0452 (Race condition in the rmtree function in the File::Path module in Perl ...) {DSA-620-1} CAN-2004-0451 (Multiple format string vulnerabilities in the (1) logquit, (2) logerr, ...) {DSA-521} CAN-2004-0450 (Format string vulnerability in the printlog function in log2mail ...) {DSA-513} CAN-2004-0449 NOTE: reserved CAN-2004-0448 (Format string vulnerability in the log function for jftpgw 0.13.4 and ...) {DSA-510} CAN-2004-0447 (Unknown vulnerability in Linux before 2.4.26 for IA64 allows local ...) NOTE: fixed in linux 2.4.26 CAN-2004-0446 NOTE: reserved CAN-2004-0445 (The SYMDNS.SYS driver in Symantec Norton Internet Security and ...) NOTE: not-for-us (Norton) CAN-2004-0444 (Multiple vulnerabilities in SYMDNS.SYS for Symantec Norton Internet ...) NOTE: not-for-us (Norton) CAN-2004-0443 NOTE: reserved CAN-2004-0442 NOTE: reserved CAN-2004-0441 NOTE: reserved CAN-2004-0440 NOTE: reserved CAN-2004-0439 NOTE: reserved CAN-2004-0438 NOTE: reserved CAN-2004-0437 (Titan FTP Server version 3.01 build 163, and possibly other versions ...) NOTE: not-for-us (Titan FTP Server) CAN-2004-0436 NOTE: reserved CAN-2004-0435 (Certain "programming errors" in the msync system call for FreeBSD ...) NOTE: not-for-us (FreeBSD) CAN-2004-0434 (k5admind (kadmind) for Heimdal allows remote attackers to execute ...) {DSA-504} CAN-2004-0433 (Multiple buffer overflows in the Real-Time Streaming Protocol (RTSP) ...) NOTE: mplayer not in Debian - xine-lib 1-rc4 CAN-2004-0432 (ProFTPD 1.2.9 treats the Allow and Deny directives for CIDR based ACL ...) - proftpd 1.2.9-4 CAN-2004-0431 (Integer overflow in Apple QuickTime (QuickTime.qts) before 6.5.1 ...) NOTE: not-for-us (Apple QuickTime) CAN-2004-0430 (Stack-based buffer overflow in AppleFileServer for Mac OS X 10.3.3 and ...) NOTE: not-for-us (MacOS) CAN-2004-0429 NOTE: reserved CAN-2004-0428 NOTE: reserved CAN-2004-0427 (The do_fork function in Linux 2.4.x before 2.4.26, and 2.6.x before ...) NOTE: fixed after 2.6.6/2.4.26 kernel CAN-2004-0426 (rsync before 2.6.1 does not properly sanitize paths when running a ...) {DSA-499} CAN-2004-0425 (Heap-based buffer overflow in SiteMinder Affiliate Agent 4.x allows ...) NOTE: not-for-us (windows) CAN-2004-0424 (Integer overflow in the ip_setsockopt function in Linux kernel 2.4.22 ...) NOTE: fixed after 2.6.4/2.4.26 kernel CAN-2004-0423 (The log_event function in ssmtp 2.50.6 and earlier allows local users ...) NOTE: bug still exists in the ssmtp source, but is only activated if NOTE: --enable-logfile is used in ./configure NOTE: The package doesn't enable that flag so it is safe. CAN-2004-0422 (flim before 1.14.3 creates temporary files insecurely, which allows ...) {DSA-500} CAN-2004-0421 (The Portable Network Graphics library (libpng) 1.0.15 and earlier ...) {DSA-498} CAN-2004-0420 (The Windows Shell application in Windows 98, Windows ME, Windows NT ...) NOTE: not-for-us (windows) CAN-2004-0419 (XDM in XFree86 opens a chooserFd TCP socket even when ...) NOTE: reserved (baruch) CAN-2004-0418 (serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, ...) {DSA-519} - cvs 1:1.12.9-1 CAN-2004-0417 (Integer overflow in the "Max-dotdot" CVS protocol command ...) {DSA-519} - cvs 1:1.12.9-1 CAN-2004-0416 (Double-free vulnerability for the error_prog_name string in CVS 1.12.x ...) {DSA-519} - cvs 1:1.12.9-1 CAN-2004-0415 (Linux kernel does not properly convert 64-bit file offset pointers to ...) NOTE: fixed in 2.4.27-rc6 CAN-2004-0414 (CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not ...) - cvs 1:1.12.9-1 CAN-2004-0413 (libsvn_ra_svn in Subversion 1.0.4 trusts the length field of (1) ...) - subversion 1.0.5-1 CAN-2004-0412 (Mailman before 2.1.5 allows remote attackers to obtain user passwords ...) - mailman 2.1.4-5 CAN-2004-0411 (The URI handlers in Konqueror for KDE 3.2.2 and earlier do not ...) {DSA-518} CAN-2004-0410 NOTE: reserved NOTE: An empty CAN, never published. CAN-2004-0409 (Stack-based buffer overflow in the Socks-5 proxy code for XChat 1.8.0 ...) {DSA-493} - chat 2.0.8-1 CAN-2004-0408 (Buffer overflow in the child_service function in the ident2 ident ...) {DSA-494} CAN-2004-0407 (The HTML form upload capability in ColdFusion MX 6.1 does not reclaim ...) NOTE: not-for-us (ColdFusion) CAN-2004-0406 NOTE: reserved CAN-2004-0405 (CVS before 1.11 allows CVS clients to read arbitrary files via .. (dot ...) {DSA-486} - cvs 1:1.12.5-4 CAN-2004-0404 (logcheck before 1.1.1 allows local users to overwrite arbitrary files, ...) {DSA-488} CAN-2004-0403 (Racoon before 20040408a allows remote attackers to cause a denial of ...) - racoon 0.3.1-3 CAN-2004-0402 (Buffer overflow in xpcd-svga in xpcd before 2.08, and possibly other ...) {DSA-508} CAN-2004-0401 (Vulnerability in libtasn1 0.1.x before 0.1.2, and 0.2.x before 0.2.7, ...) - libtasn1 0.1.2-2 CAN-2004-0400 (Stack-based buffer overflow in Exim 4 before 4.33, when the ...) {DSA-502 DSA-501} - exim 3.36-11 CAN-2004-0399 (Stack-based buffer overflow in Exim 3.35, and other versions before 4, ...) {DSA-502 DSA-501} - exim 3.36-11 CAN-2004-0398 (Heap-based buffer overflow in the ne_rfc1036_parse date parsing ...) {DSA-507 DSA-506} CAN-2004-0397 (Stack-based buffer overflow during the apr_time_t data conversion in ...) - subversion 1.0.3-1 NOTE: fix history: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=249791 CAN-2004-0396 (Heap-based buffer overflow in CVS 1.11.x up to 1.11.15, and 1.12.x up ...) {DSA-505} - cvs 1:1.12.5-6 CAN-2004-0395 (The xatitv program in the gatos package does not properly drop root ...) {DSA-509} CAN-2004-0394 (A "potential" buffer overflow exists in the panic() function in Linux ...) NOTE: apparently not very exploitable, does not affect 2.6 NOTE: patch: http://www.ultramonkey.org/bugs/cve-patch/CAN-2004-0394.patch NOTE: not fixed in 2.4.27 by inspection, didn't bother with a bug CAN-2004-0393 (Format string vulnerability in the msg function for rlpr daemon ...) {DSA-524} CAN-2004-0392 (racoon before 20040407b allows remote attackers to cause a denial of ...) - apache 1.3.31-2 CAN-2004-0391 (Cisco Wireless LAN Solution Engine (WLSE) 2.0 through 2.5 and Hosting ...) NOTE: not-for-us (Cisco Wireless LAN Solution Engine) CAN-2004-0390 NOTE: reserved CAN-2004-0389 (RealNetworks Helix Universal Server 9.0.1 and 9.0.2 allows remote ...) NOTE: not-for-us (RealNetworks Helix Universal Server) CAN-2004-0388 (The mysqld_multi script in MySQL allows local users to overwrite ...) {DSA-483} CAN-2004-0387 (Stack-based buffer overflow in the RT3 plugin, as used in RealPlayer ...) NOTE: not-for-us (RealPlayer plugin) CAN-2004-0386 (Buffer overflow in the HTTP parser for MPlayer 1.0pre3 and earlier, ...) NOTE: not-for-us (mplayer; not in the archive) CAN-2004-0385 (Heap-based buffer overflow in Oracle 9i Application Server Web Cache ...) NOTE: not-for-us (Oracle 9i Application Server Web Cache) CAN-2004-0384 NOTE: reserved CAN-2004-0383 (Unknown vulnerability in Mail for Mac OS X 10.3.3 and 10.2.8, with ...) NOTE: not-for-us (Mail for Mac OS X) CAN-2004-0382 (Unknown vulnerability in the CUPS printing system in Mac OS X 10.3.3 ...) NOTE: not-for-us (CUPS printing system in Mac OS X) CAN-2004-0381 (mysqlbug in MySQL allows local users to overwrite arbitrary files via ...) {DSA-483} CAN-2004-0380 (The MHTML protocol handler in Microsoft Outlook Express 5.5 SP2 ...) NOTE: not-for-us (Microsoft Outlook Express) CAN-2004-0379 (Multiple cross-site scripting (XSS) vulnerabilities in Microsoft ...) NOTE: not-for-us (Microsoft SharePoint Portal Server 2001) CAN-2004-0378 NOTE: reserved CAN-2004-0377 (Buffer overflow in the win32_stat function for (1) ActiveState's ...) NOTE: not-for-us (perl; Win32 is affected, UNIX systems not) CAN-2004-0376 (oftpd 0.3.6 and earlier allows remote attackers to cause a denial of ...) {DSA-473} CAN-2004-0375 (SYMNDIS.SYS in Symantec Norton Internet Security 2003 and 2004, Norton ...) NOTE: not-for-us (Symantec Norton Internet Security) CAN-2004-0374 (Unknown vulnerability in Interchange before 4.8.3 allows remote ...) {DSA-471} CAN-2004-0373 NOTE: reserved CAN-2004-0372 (xine allows local users to overwrite arbitrary files via a symlink ...) {DSA-477} CAN-2004-0371 (Heimdal 0.6.x before 0.6.1 and 0.5.x before 0.5.3 does not properly ...) {DSA-476} CAN-2004-0370 (The setsockopt call in the KAME Project IPv6 implementation, as used ...) NOTE: not-for-us (KAME) CAN-2004-0369 NOTE: reserved CAN-2004-0368 (Double-free vulnerability in dtlogin in CDE on Solaris, HP-UX, and ...) NOTE: not-for-us (CDE) CAN-2004-0367 (Ethereal 0.10.1 to 0.10.2 allows remote attackers to cause a denial of ...) - ethereal 0.10.3 CAN-2004-0366 (SQL injection vulnerability in the libpam-pgsql library before 0.5.2 ...) {DSA-469} CAN-2004-0365 (The dissect_attribute_value_pairs function in packet-radius.c for ...) - ethereal 0.10.3 CAN-2004-0364 (The WrapNISUM ActiveX component (WrapUM.dll) in Norton Internet ...) NOTE: not-for-us (WrapNISUM ActiveX) CAN-2004-0363 (Stack-based buffer overflow in the SymSpamHelper ActiveX component ...) NOTE: not-for-us (SymSpamHelper ActiveX) CAN-2004-0362 (Multiple stack-based buffer overflows in the ICQ parsing routines of ...) NOTE: not-for-us (ISS Protocol Analysis Module) CAN-2004-0361 (The Javascript engine in Safari 1.2 and earlier allows remote ...) NOTE: not-for-us (safari) CAN-2004-0360 (Unknown vulnerability in passwd(1) in Solaris 8.0 and 9.0 allows local ...) NOTE: not-for-us (solaris) CAN-2004-0359 (Cross-site scripting (XSS) vulnerability in index.php for Invision ...) NOTE: not-for-us (Invision Power Board) CAN-2004-0358 (Cross-site scripting (XSS) vulnerability in VirtuaNews Admin Panel Pro ...) NOTE: not-for-us (VirtuaNews Admin Panel) CAN-2004-0357 (Stack-based buffer overflows in SL Mail Pro 2.0.9 allow remote ...) NOTE: not-for-us (SL Mail Pro) CAN-2004-0355 (Invision Power Board 1.3 Final allows remote attackers to gain ...) NOTE: not-for-us (Invision Power Board) CAN-2004-0354 (Multiple format string vulnerabilities in GNU Anubis 3.6.0 through ...) NOTE: not-for-us (GNU Anubis) CAN-2004-0353 (Multiple buffer overflows in auth_ident() function in auth.c for GNU ...) NOTE: not-for-us (GNU Anubis) CAN-2004-0352 (Cisco 11000 Series Content Services Switches (CSS) running WebNS ...) NOTE: not-for-us (Cisco) CAN-2004-0351 (Spider Sales shopping cart stores the private key in the same database ...) NOTE: not-for-us (Spider Sales) CAN-2004-0350 (SpiderSales shopping cart does not enforce a minimum length for the ...) NOTE: not-for-us (Spider Sales) CAN-2004-0349 (Directory traversal vulnerability in GWeb HTTP Server 0.6 allows ...) NOTE: not-for-us (GWeb HTTP Server) CAN-2004-0348 (SQL injection vulnerability in viewCart.asp in SpiderSales shopping ...) NOTE: not-for-us (SpiderSales) CAN-2004-0346 (Off-by-one buffer overflow in _xlate_ascii_write() in ProFTPD 1.2.7 ...) - proftpd 1.2.9 CAN-2004-0345 (Buffer overflow in Red Faction client 1.20 and earlier allows remote ...) NOTE: not-for-us (Red Faction) CAN-2004-0344 (Directory traversal vulnerability in ModifyMessage.php in YaBB SE ...) NOTE: not-for-us (YaBB SE) CAN-2004-0343 (Multiple SQL injection vulnerabilities in YaBB SE 1.5.4 through 1.5.5b ...) NOTE: not-for-us (YaBB SE) CAN-2004-0342 (WFTPD Pro Server 3.21 Release 1 allows local users to cause a denial ...) NOTE: not-for-us (WFPTD) CAN-2004-0341 (WFTPD Pro Server 3.21 Release 1 allocates memory for a command until a ...) NOTE: not-for-us (WFPTD) CAN-2004-0340 (Stack-based buffer overflow in WFTPD Pro Server 3.21 Release 1, Pro ...) NOTE: not-for-us (WFPTD) CAN-2004-0339 (Cross-site scripting (XSS) vulnerability in ViewTopic.php in phpBB, ...) - phpbb2 2.0.6d CAN-2004-0338 (SQL injection vulnerability in search.php for Invision Board Forum ...) NOTE: not-for-us (Invision Board Forum) CAN-2004-0337 (Cross-site scripting (XSS) vulnerability in LAN SUITE Web Mail 602Pro ...) NOTE: not-for-us (602LAN SUITE) CAN-2004-0335 (LAN SUITE Web Mail 602Pro, when configured to use the "Directory ...) NOTE: not-for-us (602LAN SUITE) CAN-2004-0334 (AXIS 2100 Network Camera allows remote attackers to bypass Basic ...) NOTE: not-for-us (AXIS 2100) CAN-2004-0333 (Buffer overflow in the UUDeview package for WinZip 6.2 through WinZip ...) NOTE: not-for-us (WinZip) CAN-2004-0332 (Extremail 1.5.9 does not check passwords correctly when they are all ...) NOTE: not-for-us (extremail) CAN-2004-0331 (Heap-based buffer overflow in Dell OpenManage Web Server 3.4.0 allows ...) NOTE: not-for-us (Dell OpenManage Web Server) CAN-2004-0330 (Buffer overflow in Serv-U ftp before 5.0.0.4 allows remote ...) NOTE: not-for-us (Serv-U) CAN-2004-0329 (FreeChat 1.1.1a allows remote attackers to cause a denial of service ...) NOTE: not-for-us (FreeChat) CAN-2004-0328 (Gigabyte Gn-B46B 2.4Ghz wireless broadband router firmware 1.003.00 ...) NOTE: not-for-us (Gigabyte Broadband Router) CAN-2004-0327 (Directory traversal vulnerability in functions.php in PhpNewsManager ...) NOTE: not-for-us (PhpNewsManager) CAN-2004-0326 (Buffer overflow in the web proxy for GateKeeper Pro 4.7 allows remote ...) NOTE: not-for-us (GateKeeper Pro) CAN-2004-0325 (TYPSoft FTP Server 1.10 allows remote authenticated users to cause a ...) NOTE: not-for-us (TypSoft) CAN-2004-0324 (Confirm 0.62 and earlier could allow remote attackers to execute ...) NOTE: not-for-us (confirm 0.70) CAN-2004-0323 (Multiple SQL injection vulnerabilities in XMB 1.8 Final SP2 allow ...) NOTE: not-for-us (xmb 1.8 final sp2) CAN-2004-0322 (Cross-site scripting (XSS) vulnerability in XMB 1.8 Final SP2 allows ...) NOTE: not-for-us (xmb 1.8 final sp2) CAN-2004-0321 (Team Factor 1.25 and earlier allows remote attackers to cause a denial ...) NOTE: not-for-us (Team Factor) CAN-2004-0319 (Cross-site scripting (XSS) vulnerability in the font tag in ezBoard ...) NOTE: not-for-us (ezBoard) CAN-2004-0318 (Load Sharing Facility (LSF) 4.x, 5.x, and 6.x uses the LSF_EAUTH_UID ...) NOTE: not-for-us (Load Sharing Facility) CAN-2004-0317 (Buffer overflow in eauth in Load Sharing Facility 4.x, 5.x, and 6.x ...) NOTE: not-for-us (Load Sharing Facility) CAN-2004-0316 (Buffer overflow in Avirt Soho 4.3 allows remote attackers to cause a ...) NOTE: not-for-us (Avirt) CAN-2004-0315 (Buffer overflow in Avirt Voice 4.0 allows remote attackers to cause a ...) NOTE: not-for-us (Avirt) CAN-2004-0314 (Cross-site scripting (XSS) vulnerability in done.jsp in WebzEdit 1.9 ...) NOTE: not-for-us (WebzEdit) CAN-2004-0313 (Buffer overflow in PSOProxy 0.91 allows remote attackers to cause a ...) NOTE: not-for-us (PSOProxy) CAN-2004-0312 (Linksys WAP55AG 1.07 allows remote attackers with access to an SNMP ...) NOTE: not-for-us (LINKSYS) CAN-2004-0311 (American Power Conversion (APC) Web/SNMP Management SmartSlot Card 3.0 ...) NOTE: not-for-us (APC) CAN-2004-0310 (Cross-site scripting (XSS) vulnerability in LiveJournal 1.0 and 1.1 ...) NOTE: not-for-us (LiveJournal) CAN-2004-0308 (Unknown vulnerability in Cisco ONS 15327 before 4.1(3), ONS 15454 ...) NOTE: not-for-us (ZoneLabs) CAN-2004-0308 NOTE: not-for-us (cisco) CAN-2004-0305 (Cross-site scripting (XSS) vulnerability in error.asp in WebCortex ...) NOTE: not-for-us (WebCortex WebStores) CAN-2004-0304 (SQL injection vulnerability in browse_items.asp in WebCortex WebStores ...) NOTE: not-for-us (WebCortex WebStores) CAN-2004-0303 (OWLS 1.0 allows remote attackers to retrieve arbitrary files via ...) NOTE: not-for-us (OWLS 1.0) CAN-2004-0302 (Directory traversal vulnerability in OWLS 1.0 allows remote attackers ...) NOTE: not-for-us (OWLS 1.0) CAN-2004-0301 (Cross-site scripting (XSS) vulnerability in more.php for Online Store ...) NOTE: not-for-us (Online Store Kit) CAN-2004-0300 (SQL injection vulnerability in Online Store Kit 3.0 allows remote ...) NOTE: not-for-us (Online Store Kit) CAN-2004-0299 (Buffer overflow in smallftpd 0.99 allows local users to cause a denial ...) NOTE: not-for-us (smallftpd; not in Debian) CAN-2004-0298 (CesarFTP 0.99e allows remote attackers to cause a denial of service ...) NOTE: not-for-us (CesarFTP; Win32) CAN-2004-0296 (TsFtpSrv.exe in Broker FTP 6.1.0.0 allows remote attackers to cause a ...) NOTE: not-for-us (Broker FTP 6.1.0.0; Win32) CAN-2004-0295 (TsFtpSrv.exe in Broker FTP 6.1.0.0 allows remote attackers to cause a ...) NOTE: not-for-us (Broker FTP 6.1.0.0 again; Win32) CAN-2004-0294 (YaBB 1 SP 1.3.1 displays different error messages when a user exists ...) NOTE: not-for-us (yabb; not in Debian) CAN-2004-0293 (Directory traversal vulnerability in ShopCartCGI 2.3 allows remote ...) NOTE: not-for-us (ShopCartCGI 2.3; not in Debian) CAN-2004-0292 (Buffer overflow in KarjaSoft Sami HTTP Server 1.0.4 allows remote ...) NOTE: not-for-us (KarjaSoft Sami HTTP Server 1.0.4; Win32) CAN-2004-0291 (SQL injection vulnerability in post.php for YaBB SE 1.5.4 and 1.5.5 ...) NOTE: not-for-us (YaBB; not in Debian) CAN-2004-0290 (Buffer overflow in Purge Jihad 2.0.1 and earlier allows remote game ...) NOTE: not-for-us (Purge Jihad; not in Debian) CAN-2004-0289 (Buffer overflow in sdbscan in SignatureDB 0.1.1 allows local users to ...) NOTE: not-for-us (SignatureDB; not in Debian) CAN-2004-0288 (Buffer overflow in the UdmDocToTextBuf function in mnoGoSearch 3.2.13 ...) - mnogosearch 3.2.18 NOTE: it's not quite clear which version exactly fixes the problem; NOTE: I checked the source code of the most recent version and compared NOTE: it with the problematic section described in the advisory NOTE: (http://marc.theaimsgroup.com/?l=bugtraq&m=107695139930726&w=2) NOTE: and I can confirm the buffer overflow is fixed there CAN-2004-0287 (Xlight FTP server 1.52 allows remote authenticated users to cause a ...) NOTE: not-for-us (Xlight FTP server 1.52; not in Debian) CAN-2004-0286 (Buffer overflow in RobotFTP 1.0 and 2.0 beta 1 allows remote ...) NOTE: not-for-us (RobotFTP; not in Debian) CAN-2004-0285 (PHP remote code injection vulnerabilities in (1) AllMyVisitors, (2) ...) NOTE: not-for-us (PHP scripts not in Debian) CAN-2004-0284 (Microsoft Internet Explorer 6.0, Outlook 2002, and Outlook 2003 allow ...) NOTE: not-for-us (MSIE bugs) CAN-2004-0283 (Mailmgr 1.2.3 allows local users to overwrite arbitrary files via a ...) NOTE: not-for-us (mailmgr; not in Debian) CAN-2004-0282 (Crob FTP daemon 2.5.2 allows remote attackers to cause a denial of ...) NOTE: not-for-us (Crob FTP; not in Debian) CAN-2004-0281 (Caucho Technology Resin 2.1.12 allows remote attackers to gain ...) NOTE: not-for-us (Caucho Technology Resin; not in Debian) CAN-2004-0280 (Caucho Technology Resin 2.1.12 allows remote attackers to view JSP ...) NOTE: not-for-us (Caucho Technology Resin; not in Debian) CAN-2004-0279 (AIM Sniff (aimSniff.pl) 0.9b allows local users to overwrite arbitrary ...) NOTE: not-for-us (AIMSniff; not in Debian) CAN-2004-0278 (Ratbag game engine, as used in products such as Dirt Track Racing, ...) NOTE: not-for-us (Ratbag game engine; not in Debian) CAN-2004-0277 (Format string vulnerability in Dream FTP 1.02 allows remote attackers ...) NOTE: not-for-us (Dream FTP; not in Debian) CAN-2004-0275 (SQL injection vulnerability in calendar_download.php in BosDates 3.2 ...) NOTE: not-for-us (BosDates; not in Debian) CAN-2004-0272 (SQL injection vulnerability in MaxWebPortal allows remote attackers to ...) NOTE: not-for-us (MaxWebPortal; not in Debian) CAN-2004-0271 (Multiple cross-site scripting vulnerabilities (XSS) in MaxWebPortal ...) NOTE: not-for-us (MaxWebPortal; not in Debian) CAN-2004-0269 (SQL injection vulnerability in PHP-Nuke 6.9 and earlier, and possibly ...) NOTE: not-for-us (PHP-Nuke; not in Debian) CAN-2004-0268 (Multiple buffer overflows in EvolutionX 3921 and 3935 allow remote ...) NOTE: not-for-us (EvolutionX; not in Debian) CAN-2004-0267 (The (1) inoregupdate, (2) uniftest, or (3) unimove scripts in eTrust ...) NOTE: not-for-us (eTrust InoculateIT; not in Debian) CAN-2004-0266 (SQL injection vulnerability in the "public message" capability ...) NOTE: not-for-us (PHP-Nuke; not in Debian) CAN-2004-0265 (Cross-site scripting (XSS) vulnerability in modules.php for Php-Nuke ...) NOTE: not-for-us (PHP-Nuke; not in Debian) CAN-2004-0264 (palmhttpd for PalmOS allows remote attackers to cause a denial of ...) NOTE: not-for-us (PalmOS) CAN-2004-0262 (Stack-based buffer overflow in The Palace 3.5 and earlier client ...) NOTE: not-for-us (The Palace; not in Debian) CAN-2004-0260 (The AddToMailingList function in CactuSoft CactuShop 5.0 Lite contains ...) NOTE: not-for-us (CactuShop; not in Debian) CAN-2004-0259 (The check_referer() function in Formmail.php 5.0 and earlier allows ...) NOTE: not-for-us (formmail.php; not in Debian) CAN-2004-0258 (Multiple buffer overflows in RealOne Player, RealOne Player 2.0, ...) NOTE: not-for-us (RealPlayer) CAN-2004-0255 (Xlight 1.52, with log to screen enabled, allows remote attackers to ...) NOTE: not-for-us (Xlight; not in Debian) CAN-2004-0254 (Cross-site scripting (XSS) vulnerability in Discuz! Board 2.x and 3.x ...) NOTE: not-for-us (Discuz; not in Debian) CAN-2004-0253 (IBM Cloudscape 5.1 running jdk 1.4.2_03 allows remote attackers to ...) NOTE: not-for-us (IBM Cloudscape) CAN-2004-0252 (TYPSoft FTP Server 1.10 allows remote attackers to cause a denial of ...) NOTE: not-for-us (TYPSoft FTP Server) CAN-2004-0251 (Cross-site scripting (XSS) vulnerability in rxgoogle.cgi allows remote ...) NOTE: not-for-us (rxgoogle.cgi) CAN-2004-0250 (SQL injection vulnerability in PhotoPost PHP Pro 4.6 and earlier ...) NOTE: not-for-us (PhotoPost PHP Pro) CAN-2004-0249 (PHPX 3.2.3 allows remote attackers to gain access to other accounts by ...) NOTE: not-for-us (PHPX) CAN-2004-0248 (Cross-site scripting vulnerability (XSS) in PHPX 3.2.3 allows remote ...) NOTE: not-for-us (PHPX) CAN-2004-0247 (The client and server of Chaser 1.50 and earlier allow remote ...) NOTE: not-for-us (Chaser) CAN-2004-0246 (Multiple PHP remote code injection vulnerabilities in (1) ...) NOTE: not-for-us (Les Commentaires) CAN-2004-0245 (Web Crossing 4.x and 5.x allows remote attackers to cause a denial of ...) NOTE: not-for-us (Web Crossing) CAN-2004-0244 (Cisco 6000, 6500, and 7600 series systems with Multilayer Switch ...) NOTE: not-for-us (Cisco Systems) CAN-2004-0243 (AIX 4.3.3 through AIX 5.1, when direct remote login is disabled, ...) NOTE: not-for-us (AIX) CAN-2004-0242 (X-Cart 3.4.3 allows remote attackers to gain sensitive information via ...) NOTE: not-for-us (X-Cart 3.4.3) CAN-2004-0241 (X-Cart 3.4.3 allows remote attackers to execute arbitrary commands via ...) NOTE: not-for-us (X-Cart 3.4.3) CAN-2004-0240 (Directory traversal vulnerability in X-Cart 3.4.3 allows remote ...) NOTE: not-for-us (X-Cart 3.4.3) CAN-2004-0239 (SQL injection vulnerability in showphoto.php in PhotoPost PHP Pro 4.6 ...) NOTE: not-for-us (PhotoPost PHP Pro) CAN-2004-0238 (Buffer overflow in (1) load_cfg and (2) save_cfg in Overkill 0.15pre3 ...) - overkill 0.16-7 CAN-2004-0237 (Directory traversal vulnerability in index.php in Aprox PHP Portal ...) NOTE: not-for-us (Aprox PHP Portal) CAN-2004-0236 (SQL injection vulnerability in login.asp in thePHOTOtool allows remote ...) NOTE: not-for-us (thePHOTOtool) CAN-2004-0235 (Multiple directory traversal vulnerabilities in LHA 1.14 allow remote ...) {DSA-515} CAN-2004-0234 (Multiple stack-based buffer overflows in the get_header function in ...) {DSA-515} CAN-2004-0233 (Utempter allows device names that contain .. (dot dot) directory ...) NOTE: not-for-us (utempter) CAN-2004-0232 (Multiple format string vulnerabilities in Midnight Commander (mc) ...) {DSA-497} CAN-2004-0231 (Multiple vulnerabilities in Midnight Commander (mc) before 4.6.0, with ...) {DSA-497} CAN-2004-0230 (TCP, when using a large Window Size, makes it easier for remote ...) NOTE: not-for-us (famous TCP RST bug) CAN-2004-0229 (The framebuffer driver in Linux kernel 2.6.x does not properly use the ...) NOTE: not-for-us (Kernel 2.6 framebuffer bug) CAN-2004-0228 (Integer signedness error in the cpufreq proc handler (cpufreq_procctl) ...) NOTE: fixed in linux 2.4.27-pre3 CAN-2004-0227 (Buffer overflow in the zms script in ZoneMinder before 1.19.2 may ...) NOTE: not-for-us (ZoneMinder) CAN-2004-0226 (Multiple buffer overflows in Midnight Commander (mc) before 4.6.0 may ...) {DSA-497} CAN-2004-0225 NOTE: reserved CAN-2004-0224 (Multiple buffer overflows in (1) iso2022jp.c or (2) shiftjis.c for ...) - courier 0.45.1-1 CAN-2004-0223 NOTE: reserved CAN-2004-0222 (Multiple memory leaks in isakmpd in OpenBSD 3.4 and earlier allow ...) NOTE: not-for-us (isakmpd in OpenBSD) CAN-2004-0221 (isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a ...) NOTE: not-for-us (isakmpd in OpenBSD) CAN-2004-0220 (isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a ...) NOTE: not-for-us (isakmpd in OpenBSD) CAN-2004-0219 (isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a ...) NOTE: not-for-us (isakmpd in OpenBSD) CAN-2004-0218 (isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a ...) NOTE: not-for-us (isakmpd in OpenBSD) CAN-2004-0217 (The LiveUpdate capability (liveupdate.sh) in Symantec AntiVirus Scan ...) NOTE: not-for-us (Symantec AntiVirus Scan Engine for Red Hat) CAN-2004-0216 (Buffer overflow in the Install Engine (inseng.dll) for Internet ...) NOTE: not-for-us (MSIE bug) CAN-2004-0215 (Microsoft Outlook Express 5.5 and 6 allows attackers to cause a denial of ...) NOTE: not-for-us (MS-Outlook-Express) CAN-2004-0214 (Buffer overflow in Microsoft Internet Explorer and Explorer on Windows ...) NOTE: not-for-us (MSIE bug) CAN-2004-0213 (Utility Manager in Windows 2000 launches winhlp32.exe while Utility ...) NOTE: not-for-us (Windows bug) CAN-2004-0212 (Stack-based buffer overflow in the Task Scheduler for Windows 2000 and ...) NOTE: not-for-us (Windows bug) CAN-2004-0211 (The kernel for Microsoft Windows Server 2003 does not reset certain ...) NOTE: not-for-us (Windows bug) CAN-2004-0210 (The POSIX component of Microsoft Windows NT and Windows 2000 allows ...) NOTE: not-for-us (Windows bug) CAN-2004-0209 (Unknown vulnerability in the Graphics Rendering Engine processes of ...) NOTE: not-for-us (Windows bug) CAN-2004-0208 (The Virtual DOS Machine (VDM) subsystem of Microsoft Windows NT 4.0, ...) NOTE: not-for-us (Windows bug) CAN-2004-0207 ("Shatter" style vulnerability in the Window Management application ...) NOTE: not-for-us (Windows bug) CAN-2004-0206 (Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows ...) NOTE: not-for-us (Windows bug) CAN-2004-0205 (Buffer overflow in Microsoft Internet Information Server (IIS) 4.0 ...) NOTE: not-for-us (Windows bug) CAN-2004-0204 (Directory traversal vulnerability in the web viewers for Business ...) NOTE: not-for-us (Visual Studio bug) CAN-2004-0203 (Cross-site scripting (XSS) vulnerability in Outlook Web Access for ...) NOTE: not-for-us (Exchange bug) CAN-2004-0202 (IDirectPlay4 Application Programming Interface (API) of Microsoft ...) NOTE: not-for-us (DirectX) CAN-2004-0201 (Heap-based buffer overflow in the HtmlHelp program (hh.exe) in HTML ...) NOTE: not-for-us (Windows HTML Help) CAN-2004-0200 (Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft ...) NOTE: not-for-us (famous Windows GDI+ JPEG parsing bug) CAN-2004-0199 (Help and Support Center in Microsoft Windows XP and Windows Server ...) NOTE: not-for-us (Windows bug) CAN-2004-0198 NOTE: reserved CAN-2004-0197 (Buffer overflow in Microsoft Jet Database Engine 4.0 allows remote ...) NOTE: not-for-us (MSJet bug) CAN-2004-0196 NOTE: reserved CAN-2004-0195 NOTE: reserved CAN-2004-0192 (Cross-site scripting (XSS) vulnerability in the Management Service for ...) NOTE: not-for-us (Symantec Gateway Security) CAN-2004-0189 {DSA-474} CAN-2004-0188 {DSA-461} CAN-2004-0187 NOTE: rejected CAN-2004-0186 {DSA-463} CAN-2004-0184 (Integer underflow in the isakmp_id_print for TCPDUMP 3.8.1 and earlier ...) {DSA-478} - tcpdump 3.7.2-4 CAN-2004-0183 (TCPDUMP 3.8.1 and earlier allows remote attackers to cause a denial of ...) {DSA-478} - tcpdump 3.7.2-4 CAN-2004-0182 (Mailman before 2.0.13 allows remote attackers to cause a denial of ...) NOTE: not-for-us (mailman; RedHat specific bug) CAN-2004-0181 (The JFS file system code in Linux 2.4.x has an information leak in ...) NOTE: fixed in 2.4.26-pre5 CAN-2004-0180 (The client for CVS before 1.11 allows a remote malicious CVS server to ...) {DSA-486} CAN-2004-0179 (Multiple format string vulnerabilities in (1) neon 0.24.4 and earlier, ...) {DSA-487} CAN-2004-0178 (The OSS code for the Sound Blaster (sb16) driver in Linux 2.4.x before ...) {DSA-495 DSA-491 DSA-489 DSA-482 DSA-481 DSA-480 DSA-479} NOTE: fixed in 2.4.26-pre3 CAN-2004-0177 (The ext3 code in Linux 2.4.x before 2.4.26 does not properly ...) {DSA-495 DSA-491 DSA-489 DSA-482 DSA-481 DSA-480 DSA-479} NOTE: fixed in 2.4.26-pre4 CAN-2004-0176 (Multiple buffer overflows in Ethereal 0.8.13 to 0.10.2 allow remote ...) - ethereal 0.10.3-1 CAN-2004-0175 (Directory traversal vulnerability in scp for OpenSSH before 3.4p1 ...) NOTE: very low - openssh (unfixed; bug #270770) NOTE: this bug is old and known; see the bug discussion for further information. NOTE: apparently the security team thinks this is a minor issue; nevertheless, NOTE: the bug is still open, so they should close it if it really is neglectible. CAN-2004-0174 (Apache before 2.0.49, when using multiple listening sockets on certain ...) - apache 1.3.29.0.2-5 CAN-2004-0172 (Heap-based buffer overflow in the search_for_command function of ...) NOTE: not-for-us (ltrace; Debian (and no other distribution) installs this SUID root) CAN-2004-0170 NOTE: reserved CAN-2004-0168 (Unknown vulnerability in CoreFoundation for Mac OS X 10.3.2, related ...) NOTE: not-for-us (CoreFoundation for Mac OS X) CAN-2004-0166 (Unknown vulnerability in Safari web browser for Mac OS X 10.2.8 ...) NOTE: not-for-us (Safari) CAN-2004-0164 (KAME IKE daemon (racoon) does not properly handle hash values, which ...) - ipsec-tools 0.3.3-1 NOTE: not mentioned in the changelog, so I don't know which version exactly fixes NOTE: the problem, but the patch that fixes the bug is applied: NOTE: http://marc.theaimsgroup.com/?l=bugtraq&m=107411758202662&w=2 CAN-2004-0163 (Sygate Secure Enterprise (SSE) 3.5MR3 and earlier does not change the ...) NOTE: not-for-us (Sygate Secure Enterprise) CAN-2004-0162 (Multiple content security gateway and antivirus products allow remote ...) NOTE: not-for-us (general MIME bug with security gateways) CAN-2004-0161 (Multiple content security gateway and antivirus products allow remote ...) NOTE: not-for-us (general MIME bug with security gateways) CAN-2004-0160 {DSA-446} CAN-2004-0159 {DSA-447} CAN-2004-0158 (Buffer overflow in lbreakout2 allows local users to gain 'games' group ...) {DSA-445} CAN-2004-0157 (xonix 1.4 and earlier invokes an external program while running at ...) {DSA-484} CAN-2004-0156 (Format string vulnerabilities in the (1) die or (2) log_event ...) {DSA-485} CAN-2004-0155 (The KAME IKE Daemon Racoon, when authenticating a peer during Phase 1, ...) - racoon 0.2.5-2 CAN-2004-0154 (rpc.mountd in nfs-utils after 1.0.3 and before 1.0.6 allows attackers ...) - nfs-utils 1:1.0.5-3 CAN-2004-0153 (Multiple format string vulnerabilities in emil 2.1.0 and earlier may ...) {DSA-468} CAN-2004-0152 (Multiple stack-based buffer overflows in (1) the encode_mime function, ...) {DSA-468} CAN-2004-0151 (Unknown vulnerability in xitalk 1.1.11 and earlier allows local users ...) {DSA-462} CAN-2004-0150 {DSA-458-2 DSA-458} CAN-2004-0149 (Multiple buffer overflows in xboing before 2.4 allow local users to ...) {DSA-451} CAN-2004-0147 NOTE: reserved CAN-2004-0146 NOTE: reserved CAN-2004-0145 NOTE: reserved CAN-2004-0144 NOTE: reserved CAN-2004-0143 (Multiple vulnerabilities in Nokia 6310(i) Mobile phones allow remote ...) NOTE: not-for-us (Nokia mobile phones) CAN-2004-0142 NOTE: reserved CAN-2004-0141 NOTE: reserved CAN-2004-0140 NOTE: reserved CAN-2004-0139 (Unknown vulnerability in the bsd.a kernel networking for SGI IRIX ...) NOTE: not-for-us (SGI IRIX) CAN-2004-0138 NOTE: reserved CAN-2004-0137 (Unknown vulnerability in init for IRIX 6.5.20 through 6.5.24 allows ...) NOTE: not-for-us (IRIX init) CAN-2004-0136 (The mapelf32exec function call in IRIX 6.5.20 through 6.5.24 allows ...) NOTE: not-for-us (IRIX) CAN-2004-0135 (The syssgi SGI_IOPROBE system call in IRIX 6.5.20 through 6.5.24 ...) NOTE: not-for-us (IRIX) CAN-2004-0134 (cpr (libcpr) in SGI IRIX before 6.5.25 allows local users to gain ...) NOTE: not-for-us (IRIX) CAN-2004-0133 (The XFS file system code in Linux 2.4.x has an information leak in ...) NOTE: fixed in 2.4.26-pre2 CAN-2004-0132 (Multiple PHP remote code injection vulnerabilities in ezContents 2.0.2 ...) NOTE: not-for-us (ezContents) CAN-2004-0130 (login.php in phpGedView 2.65 and earlier allows remote attackers to ...) NOTE: not-for-us (phpGedView) CAN-2004-0127 (Directory traversal vulnerability in editconfig_gedcom.php for ...) NOTE: not-for-us (phpGedView) CAN-2004-0125 (The jail system call in FreeBSD 4.x before 4.10-RELEASE does not ...) NOTE: not-for-us (FreeBSD jail) CAN-2004-0124 (The DCOM RPC interface for Microsoft Windows NT 4.0, 2000, XP, and ...) NOTE: not-for-us (Windows bug) CAN-2004-0123 (Double-free vulnerability in the ASN.1 library as used in Windows NT ...) NOTE: not-for-us (Windows bug) CAN-2004-0120 (The Microsoft Secure Sockets Layer (SSL) library, as used in Windows ...) NOTE: not-for-us (Windows bug) CAN-2004-0119 (The Negotiate Security Software Provider (SSP) interface in Windows ...) NOTE: not-for-us (Windows bug) CAN-2004-0118 (The component for the Virtual DOS Machine (VDM) subsystem in Windows ...) NOTE: not-for-us (Windows bug) CAN-2004-0117 (Unknown vulnerability in the H.323 protocol implementation in Windows ...) NOTE: not-for-us (Windows bug) CAN-2004-0116 (An Activation function in the RPCSS Service involved with DCOM ...) NOTE: not-for-us (Windows bug) CAN-2004-0112 (The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, ...) - openssl 0.9.7d-1 CAN-2004-0111 {DSA-464} CAN-2004-0110 (Buffer overflow in the (1) nanohttp or (2) nanoftp modules in XMLSoft ...) {DSA-455} CAN-2004-0109 (Buffer overflow in the ISO9660 file system component for Linux kernel ...) {DSA-495 DSA-491 DSA-489 DSA-482 DSA-481 DSA-480 DSA-479} NOTE: fixed in 2.4.26-rc4 CAN-2004-0108 {DSA-460} CAN-2004-0107 (The (1) post and (2) trigger scripts in sysstat 4.0.7 and earlier ...) - sysstat 5.0.2-1 CAN-2004-0106 (Multiple unknown vulnerabilities in XFree86 4.1.0 to 4.3.0, related to ...) {DSA-443} CAN-2004-0105 (Multiple buffer overflows in Metamail 2.7 and earlier allow remote ...) {DSA-449} CAN-2004-0104 (Multiple format string vulnerabilities in Metamail 2.7 and earlier ...) {DSA-449} CAN-2004-0103 (crawl before 4.0.0 beta23 does not properly "apply a size check" when ...) {DSA-432} CAN-2004-0102 NOTE: reserved CAN-2004-0101 NOTE: reserved CAN-2004-0100 NOTE: reserved CAN-2004-0098 NOTE: reserved CAN-2004-0097 (Multiple vulnerabilities in PWLib before 1.6.0 allow remote attackers ...) {DSA-448} CAN-2004-0094 {DSA-443} CAN-2004-0093 {DSA-443} CAN-2004-0092 (Unknown vulnerability in Safari web browser in Mac OS X 10.2.8 and ...) NOTE: not-for-us (Safari) CAN-2004-0091 (Cross-site scripting (XSS) vulnerability in register.php for unknown ...) NOTE: not-for-us (vBulletin) CAN-2004-0090 NOTE: reserved CAN-2004-0088 (The System Configuration subsystem in Mac OS 10.2.8 allows local users ...) NOTE: not-for-us (MacOS) CAN-2004-0087 (The System Configuration subsystem in Mac OS 10.2.8 and 10.3.2 allows ...) NOTE: not-for-us (MacOS) CAN-2004-0086 (Unknown vulnerability in the Mail application for Mac OS X 10.3.2 with ...) NOTE: not-for-us (MacOS) CAN-2004-0085 (Unknown vulnerability in the Mail application for Mac OS X 10.1.5 and ...) NOTE: not-for-us (MacOS) CAN-2004-0084 (Buffer overflow in the ReadFontAlias function in XFree86 4.1.0 to ...) {DSA-443} CAN-2004-0083 (Buffer overflow in ReadFontAlias from dirfile.c of XFree86 4.1.0 ...) {DSA-443} CAN-2004-0081 (OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message ...) {DSA-465} CAN-2004-0079 (The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and ...) {DSA-465} - openssl096 0.9.6m-1 CAN-2004-0077 {DSA-514 DSA-475 DSA-470 DSA-466 DSA-456 DSA-454 DSA-453 DSA-450 DSA-444 DSA-442 DSA-441 DSA-440 DSA-439 DSA-438} NOTE: fixed in 2.4.26-pre3 CAN-2004-0076 NOTE: rejected CAN-2004-0074 (Multiple buffer overflows in xsok 1.02 allows local users to gain ...) NOTE: turned out not to be vulnerable. See bug #278777 CAN-2004-0073 (PHP remote code injection vulnerability in config.php for ...) NOTE: not-for-us (EasyDynamicPages) CAN-2004-0072 (Directory traversal vulnerability in Accipiter Direct Server 6.0 ...) NOTE: not-for-us (Accipiter Direct Server 6.0) CAN-2004-0071 (Directory traversal vulnerability in buildManPage in ...) NOTE: not-for-us (PHP Man Page Lookup 1.2.0) CAN-2004-0069 (Format string vulnerability in HD Soft Windows FTP Server 1.6 and ...) NOTE: not-for-us (HD Soft Windows FTP Server 1.6) CAN-2004-0067 (Multiple cross-site scripting (XSS) vulnerabilities in phpGedView ...) NOTE: not-for-us (phpGedView) CAN-2004-0066 (phpGedView before 2.65 allows remote attackers to obtain the absolute ...) NOTE: not-for-us (phpGedView) CAN-2004-0065 (Multiple SQL injection vulnerabilities in phpGedView before 2.65 allow ...) NOTE: not-for-us (phpGedView) CAN-2004-0064 (The SuSEconfig.gnome-filesystem script for YaST in SuSE 9.0 allows ...) NOTE: not-for-us (SuSE YaST) CAN-2004-0062 (Integer overflow in the rnd arithmetic rounding function for various ...) NOTE: not-for-us (FishCart) CAN-2004-0061 (WWW File Share Pro 2.42 and earlier allows remote attackers to bypass ...) NOTE: not-for-us (WWW File Share Pro 2.42) CAN-2004-0060 (WWW File Share Pro 2.42 and earlier allows remote attackers to cause a ...) NOTE: not-for-us (WWW File Share Pro 2.42) CAN-2004-0059 (Directory traversal vulnerability in upload capability of WWW File ...) NOTE: not-for-us (WWW File Share Pro 2.42) CAN-2004-0058 (Antivir / Linux 2.0.9-9, and possibly earlier versions, allows local ...) NOTE: not-for-us (Antivir) CAN-2004-0057 (The rawprint function in the ISAKMP decoding routines (print-isakmp.c) ...) {DSA-425} CAN-2004-0056 (Multiple vulnerabilities in the H.323 protocol implementation for ...) NOTE: not-for-us (Nortel Networks products) CAN-2004-0055 (The print_attr_string function in print-radius.c for tcpdump 3.8.1 and ...) {DSA-425} CAN-2004-0054 (Multiple vulnerabilities in the H.323 protocol implementation for ...) NOTE: not-for-us (Cisco IOS) CAN-2004-0053 (Multiple content security gateway and antivirus products allow remote ...) NOTE: not-for-us (Multiple security gateways MIME parsing stuff) CAN-2004-0052 (Multiple content security gateway and antivirus products allow remote ...) NOTE: not-for-us (Multiple security gateways MIME parsing stuff) CAN-2004-0051 (Multiple content security gateway and antivirus products allow remote ...) NOTE: not-for-us (Multiple security gateways MIME parsing stuff) CAN-2004-0050 (Verity Ultraseek before 5.2.2 allows remote attackers to obtain the ...) NOTE: not-for-us (Verity Ultraseek) CAN-2004-0048 NOTE: reserved CAN-2004-0047 (Multiple programs in trr19 1.0 do not properly drop privileges before ...) {DSA-430} CAN-2004-0046 (Cross-site scripting (XSS) vulnerability in SnapStream PVS LITE allows ...) NOTE: not-for-us (SnapStream PVS LITE) CAN-2004-0043 (Buffer overflow in Yahoo Instant Messenger 5.6.0.1351 and earlier ...) NOTE: not-for-us (Yahoo Instant Messenger) CAN-2004-0042 (vsftpd 1.1.3 generates different error messages depending on whether ...) - vsftpd 2.0.1-1 NOTE: can't find any mention of the bug being fixed, but vsftpd doesn't NOTE: show the beaviour described in http://www.securitytracker.com/alerts/2004/Jan/1008628.html CAN-2004-0041 (mod-auth-shadow 1.4 and earlier does not properly enforce the ...) {DSA-421} CAN-2004-0039 (Multiple format string vulnerabilities in HTTP Application ...) NOTE: not-for-us (Check Point Firewall) CAN-2004-0038 (McAfee ePolicy Orchestrator (ePO) 2.5.1 Patch 13 and 3.0 SP2a Patch 3 ...) NOTE: not-for-us (McAfee) CAN-2004-0037 (FirstClass Desktop Client 7.1 allows remote attackers to execute ...) NOTE: not-for-us (FistClass Desktop Client) CAN-2004-0034 (Multiple cross-site scripting (XSS) vulnerabilities in Phorum 3.4.5 ...) NOTE: not-for-us (Phorum) CAN-2004-0030 (PHP remote code injection vulnerability in (1) functions.php, (2) ...) NOTE: not-for-us (PHPGEDVIEW) CAN-2004-0029 (Lotus Notes Domino 6.0.2 on Linux installs the notes.ini configuration ...) NOTE: not-for-us (Lotus Notes Domino) CAN-2004-0028 {DSA-420} CAN-2004-0027 NOTE: reserved CAN-2004-0026 NOTE: reserved CAN-2004-0025 NOTE: reserved CAN-2004-0024 NOTE: reserved CAN-2004-0023 NOTE: reserved CAN-2004-0022 NOTE: reserved CAN-2004-0021 NOTE: reserved CAN-2004-0020 NOTE: reserved CAN-2004-0019 NOTE: reserved CAN-2004-0018 NOTE: reserved CAN-2004-0017 (Multiple SQL injection vulnerabilities in the (1) calendar and (2) ...) {DSA-419} CAN-2004-0016 {DSA-419} CAN-2004-0015 {DSA-418} CAN-2004-0014 (Multiple buffer overflows in the nd WebDAV interface 0.8.2 and earlier ...) {DSA-412} CAN-2004-0013 {DSA-414} CAN-2004-0012 NOTE: reserved CAN-2004-0011 {DSA-416} CAN-2004-0010 (Stack-based buffer overflow in the ncp_lookup function for ncpfs in ...) {DSA-495 DSA-491 DSA-489 DSA-482 DSA-481 DSA-480 DSA-479} NOTE: fixed in 2.4.25-pre7 CAN-2004-0008 (Integer overflow in Gaim 0.74 and earlier, and Ultramagnetic before ...) {DSA-434} - gaim 1:0.75-2 CAN-2004-0007 (Buffer overflow in the Extract Info Field Function for (1) MSN and (2) ...) {DSA-434} - gaim 1:0.75-2 CAN-2004-0006 (Multiple buffer overflows in Gaim 0.75 and earlier, and Ultramagnetic ...) {DSA-434} - gaim 1:0.75-2 CAN-2004-0005 (Multiple buffer overflows in Gaim 0.75 allow remote attackers to cause ...) {DSA-434} CAN-2004-0003 (Unknown vulnerability in Linux kernel before 2.4.22 allows local users ...) {DSA-495 DSA-491 DSA-489 DSA-482 DSA-481 DSA-480 DSA-479} NOTE: fixed in 2.4.26-rc4 CAN-2004-0002 (The TCP MSS (maximum segment size) functionality in netinet allows ...) NOTE: not-for-us (FreeBSD netinet) CAN-2003-1565 NOTE: rejected CAN-2003-1052 (IBM DB2 7.1 and 8.1 allow the bin user to gain root privileges by ...) NOTE: not-for-us (IBM DB2) CAN-2003-1051 (Multiple format string vulnerabilities in IBM DB2 Universal Database ...) NOTE: not-for-us (IBM DB2) CAN-2003-1050 (Multiple buffer overflows in IBM DB2 Universal Database 8.1 may allow ...) NOTE: not-for-us (IBM DB2) CAN-2003-1049 (IBM DB2 Universal Database 7 before FixPak 12 creates certain DMS ...) NOTE: not-for-us (IBM DB2) CAN-2003-1048 (Double-free vulnerability in mshtml.dll for certain versions of ...) NOTE: not-for-us (microsoft) CAN-2003-1047 NOTE: rejected CAN-2003-1046 (describecomponents.cgi in Bugzilla 2.17.3 and 2.17.4 does not properly ...) - bugzilla 2.16.4-1 CAN-2003-1045 (votes.cgi in Bugzilla 2.16.3 and earlier, and 2.17.1 through 2.17.4, ...) - bugzilla 2.16.4-1 CAN-2003-1044 (editproducts.cgi in Bugzilla 2.16.3 and earlier, when usebuggroups is ...) - bugzilla 2.16.4-1 CAN-2003-1043 (SQL injection vulnerability in Bugzilla 2.16.3 and earlier, and 2.17.1 ...) - bugzilla 2.16.4-1 CAN-2003-1042 (SQL injection vulnerability in collectstats.pl for Bugzilla 2.16.3 and ...) - bugzilla 2.16.4-1 CAN-2003-1041 (Internet Explorer 5.x and 6.0 allows remote attackers to execute ...) NOTE: not-for-us (microsoft) CAN-2003-1040 (kmod in the Linux kernel does not set its uid, suid, gid, or sgid to ...) NOTE: linux kernel kmod local DoS, fixed in all current kernels CAN-2003-1039 (Multiple buffer overflows in the mySAP.com architecture for SAP allow ...) NOTE: not-for-us (SAP) CAN-2003-1038 (The AGate component for SAP Internet Transaction Server (ITS) allows ...) NOTE: not-for-us (SAP) CAN-2003-1037 (Format string vulnerability in the WGate component for SAP Internet ...) NOTE: not-for-us (SAP) CAN-2003-1036 (Multiple buffer overflows in the AGate component for SAP Internet ...) NOTE: not-for-us (SAP) CAN-2003-1035 (The default installation of SAP R/3 46C/D allows remote attackers to ...) NOTE: not-for-us (SAP) CAN-2003-1034 (The RPM installation of SAP DB 7.x creates the (1) dbmsrv or (2) ...) NOTE: not-for-us (SAP) CAN-2003-1033 (The (1) instdbmsrv and (2) instlserver programs in SAP DB Development ...) NOTE: not-for-us (SAP) CAN-2003-1032 (Pi3Web web server 2.0.2 Beta 1, when the Directory Index is configured ...) NOTE: not-for-us (Pi3Web not in debian) CAN-2003-1031 (Cross-site scripting (XSS) vulnerability in register.php for vBulletin ...) NOTE: not-for-us (VBulletin) CAN-2003-1030 (Buffer overflow in DameWare Mini Remote Control before 3.73 allows ...) NOTE: not-for-us (Dameware) CAN-2003-1029 (The L2TP protocol parser in tcpdump 3.8.1 and earlier allows remote ...) {DSA-425} CAN-2003-1028 (The download function of Internet Explorer 6 SP1 allows remote ...) NOTE: not-for-us (microsoft) CAN-2003-1027 (Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct ...) NOTE: not-for-us (microsoft) CAN-2003-1026 (Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass ...) NOTE: not-for-us (microsoft) CAN-2003-1025 (Internet Explorer 5.01 through 6 SP1 allows remote attackers to spoof ...) NOTE: not-for-us (microsoft) CAN-2003-1024 (Unknown vulnerability in the ls-F builtin function in tcsh on Solaris ...) NOTE: not-for-us (solaris) CAN-2003-1023 (Stack-based buffer overflow in vfs_s_resolve_symlink of vfs/direntry.c ...) {DSA-424} CAN-2003-1022 {DSA-416} CAN-2003-1021 NOTE: reserved CAN-2003-1020 (The format_send_to_gui function in formats.c for irssi before 0.8.9 ...) - irssi-text 0.8.9-0.1 CAN-2003-1019 NOTE: reserved CAN-2003-1018 (Format string vulnerability in enq command in AIX 4.3, 5.1, and 5.2 ...) NOTE: not-for-us (AIX) CAN-2003-1017 (Macromedia Flash Player before 7,0,19,0 stores a Flash data file in a ...) - flashplugin-nonfree 7.0.25-1 CAN-2003-1016 (Multiple content security gateway and antivirus products allow remote ...) TODO: Multiple vendor MIME quote bypass filtering TODO: unchecked CAN-2003-1015 (Multiple content security gateway and antivirus products allow remote ...) - mime-tools 5.411-2 CAN-2003-1014 (Multiple content security gateway and antivirus products allow remote ...) TODO: Multiple vendor MIME RFC822 comment bypass filtering TODO: unchecked CAN-2003-1013 (The Q.931 dissector in Ethereal before 0.10.0, and Tethereal, allows ...) - ethereal 0.10.0-1 CAN-2003-1012 (The SMB dissector in Ethereal before 0.10.0 allows remote attackers to ...) - ethereal 0.10.0-1 CAN-2003-1011 (Apple Mac OS X 10.0 through 10.2.8 allows local users with a USB ...) NOTE: not-for-us (Apple) CAN-2003-1010 (Unknown vulnerability in fs_usage in Mac OS X 10.2.8 and 10.3.2 and ...) NOTE: not-for-us (Apple) CAN-2003-1009 (Directory Services in Apple Mac OS X 10.0.2, 10.0.3, 10.2.8, 10.3.2 ...) NOTE: not-for-us (Apple) CAN-2003-1008 (Unknown vulnerability in Mac OS X 10.2.8 and 10.3.2 allows local users ...) NOTE: not-for-us (Apple) CAN-2003-1007 (AppleFileServer (AFS) in Apple Mac OS X 10.2.8 and 10.3.2 does not ...) NOTE: not-for-us (Apple) CAN-2003-1006 (Buffer overflow in cd9660.util in Apple Mac OS X 10.0 through 10.3.2 ...) NOTE: not-for-us (Apple) CAN-2003-1005 NOTE: reserved CAN-2003-1004 (Cisco PIX firewall 6.2.x through 6.2.3, when configured as a VPN ...) NOTE: not-for-us (Cisco) CAN-2003-1003 (Cisco PIX firewall 5.x.x, and 6.3.1 and earlier, allows remote ...) NOTE: not-for-us (Cisco) CAN-2003-1002 (Cisco Firewall Services Module (FWSM) in Cisco Catalyst 6500 and 7600 ...) NOTE: not-for-us (Cisco) CAN-2003-1001 (Buffer overflow in the Cisco Firewall Services Module (FWSM) in Cisco ...) NOTE: not-for-us (Cisco) CAN-2003-1000 (xchat 2.0.6 allows remote attackers to cause a denial of service ...) - xchat 2.0.7 NOTE: apparently only DOS CAN-2003-0999 (Unknown multiple vulnerabilities in (1) lpstat and (2) the libprint ...) NOTE: not-for-us (Solaris) CAN-2003-0998 (Unknown "potential system security vulnerability" in Computer ...) NOTE: not-for-us (Computer Associates (CA) Unicenter Remote Control) CAN-2003-0997 (Unknown "Denial of Service Attack" vulnerability in Computer ...) NOTE: not-for-us (Computer Associates (CA) Unicenter Remote Control) CAN-2003-0995 (Buffer overflow in the Microsoft Message Queue Manager (MSQM) allows ...) NOTE: not-for-us (Microsoft) CAN-2003-0992 (Cross-site scripting (XSS) vulnerability in the create CGI script for ...) - mailman 2.1.3 CAN-2003-0990 (The parseAddress code in (1) SquirrelMail 1.4.0 and (2) GPG Plugin 1.1 ...) NOTE: apparenlty false/bad advisory NOTE: http://www.securityfocus.com/archive/1/348366 NOTE: possible problemsm before 1.4.2, 1.4.2 ok CAN-2003-0989 (tcpdump before 3.8.1 allows remote attackers to cause a denial of ...) {DSA-425} - tcpdump 3.8.1 CAN-2003-0987 (mod_digest for Apache does not properly verify the nonce of a client ...) - apache 1.3.29.0.2-5 CAN-2003-0986 NOTE: reserved CAN-2003-0985 {DSA-475 DSA-470 DSA-450 DSA-442 DSA-440 DSA-439 DSA-427 DSA-423 DSA-417 DSA-413} NOTE: fixed in 2.4.24-rc1 CAN-2003-0984 (Real time clock (RTC) routines in Linux kernel 2.4.23 and earlier do ...) NOTE: fixed in 2.4.24-rc1 CAN-2003-0983 (Cisco Unity on IBM servers is shipped with default settings that ...) NOTE: not-for-us (Cisco Unity on IBM servers) CAN-2003-0982 (Buffer overflow in the authentication module for Cisco ACNS 4.x before ...) NOTE: not-for-us (Cisco) CAN-2003-0981 (FreeScripts VisitorBook LE (visitorbook.pl) logs the reverse DNS name ...) NOTE: not-for-us (visitorbook.pl) CAN-2003-0980 (Cross-site scripting (XSS) vulnerability in FreeScripts VisitorBook LE ...) NOTE: not-for-us (visitorbook.pl) CAN-2003-0979 (FreeScripts VisitorBook LE (visitorbook.pl) does not properly escape ...) NOTE: not-for-us (visitorbook.pl) CAN-2003-0978 (Format string vulnerability in gpgkeys_hkp (experimental HKP ...) NOTE: not-for-us (gpgkeys_hkp) CAN-2003-0977 (CVS server before 1.11.10 may allow attackers to cause the CVS server ...) - cvs 1:1.11.10 CAN-2003-0976 (NFS Server (XNFS.NLM) for Novell NetWare 6.5 does not properly enforce ...) NOTE: not-for-us (netware) CAN-2003-0975 (Apple Safari 1.0 through 1.1 on Mac OS X 10.3.1 and Mac OS X 10.2.8 ...) NOTE: nor-for-us (MacOS) CAN-2003-0974 (Applied Watch Command Center allows remote attackers to conduct ...) NOTE: not-for-us (Applied Watch Command Center) CAN-2003-0973 (Unknown vulnerability in mod_python 3.0.x before 3.0.4, and 2.7.x ...) {DSA-452} CAN-2003-0972 (Integer signedness error in ansi.c for GNU screen 4.0.1 and earlier, ...) {DSA-408} - screen 4.0.2-0.1 CAN-2003-0971 (GnuPG (GPG) 1.0.2, and other versions up to 1.2.3, creates ElGamal ...) {DSA-429} CAN-2003-0970 (The Network Management Port on Sun Fire B1600 systems allows remote ...) NOTE: not-for-us (Sun Fire B1600) CAN-2003-0969 {DSA-411} CAN-2003-0968 (Stack-based buffer overflow in SMB_Logon_Server of the rlm_smb ...) NOTE: freeradius module in question is not built in debian package NOTE: buffer overflow apparently fixed in freeradius 1.0.1 CAN-2003-0967 (rad_decode in FreeRADIUS 0.9.2 and earlier allows remote attackers to ...) - freeradius 0.9.2-4 CAN-2003-0996 (Unknown "System Security Vulnerability" in Computer Associates (CA) ...) NOTE: not-for-us (Computer Associates (CA) Unicenter Remote Control) CAN-2003-0965 (Cross-site scripting (XSS) vulnerability in the admin CGI script for ...) {DSA-436} CAN-2003-0964 NOTE: rejected CAN-2003-0963 (Buffer overflows in (1) try_netscape_proxy and (2) try_squid_eplf for ...) - lftp 2.6.10 CAN-2003-0962 (Heap-based buffer overflow in rsync before 2.5.7, when running in ...) {DSA-404} CAN-2003-0961 (Integer overflow in the do_brk function for the brk system call in ...) {DSA-475 DSA-470 DSA-450 DSA-442 DSA-440 DSA-439 DSA-433 DSA-423 DSA-417 DSA-403} NOTE: do_brk hole NOTE: fixed in 2.4.23-pre7 CAN-2003-0960 (OpenCA before 0.9.1.4 does not use the correct certificate in a chain ...) NOTE: not-for-us (OpenCA) CAN-2003-0959 NOTE: reserved CAN-2003-0958 NOTE: reserved CAN-2003-0957 NOTE: reserved CAN-2003-0956 NOTE: reserved CAN-2003-0955 (OpenBSD kernel 3.3 and 3.4 allows local users to cause a denial of ...) NOTE: not-for-us (OpenBSD) CAN-2003-0954 NOTE: reserved CAN-2003-0953 NOTE: reserved CAN-2003-0952 NOTE: reserved CAN-2003-0951 (Partition Manager (parmgr) in HP-UX B.11.23 does not properly validate ...) NOTE: not-for-us (HP-UX) CAN-2003-0950 (PeopleSoft PeopleTools 8.1x, 8.2x, and 8.4x allows remote attackers to ...) NOTE: not-for-us (PeopleSoft PeopleTools) CAN-2003-0949 (xsok 1.02 does not properly drop privileges before finding and ...) {DSA-405} CAN-2003-0948 (Buffer overflow in iwconfig allows local users to execute arbitrary ...) NOTE: not vulnerable, iwconfig not setuid/setgid in Debian. CAN-2003-0947 (Buffer overflow in iwconfig, when installed setuid, allows local users ...) NOTE: not vulnerable, iwconfig not setuid/setgid in Debian. CAN-2003-0946 (Format string vulnerability in clamav-milter for Clam AntiVirus 0.60 ...) - clamav 0.65 CAN-2003-0945 (The Web Database Manager in web-tools for SAP DB before 7.4.03.30 ...) NOTE: not-for-us (Web Database Manager in web-tools for SAP DB) CAN-2003-0944 (Buffer overflow in the WAECHO default service in web-tools in SAP DB ...) NOTE: not-for-us (Web Database Manager in web-tools for SAP DB) CAN-2003-0943 (web-tools in SAP DB before 7.4.03.30 installs several services that ...) NOTE: not-for-us (Web Database Manager in web-tools for SAP DB) CAN-2003-0942 (Buffer overflow in Web Agent Administration service in web-tools for ...) NOTE: not-for-us (Web Database Manager in web-tools for SAP DB) CAN-2003-0941 (web-tools in SAP DB before 7.4.03.30 allows remote attackers to access ...) NOTE: not-for-us (Web Database Manager in web-tools for SAP DB) CAN-2003-0940 (Directory traversal vulnerability in sqlfopenc for web-tools in SAP DB ...) NOTE: not-for-us (Web Database Manager in web-tools for SAP DB) CAN-2003-0939 (eo420_GetStringFromVarPart in veo420.c for SAP database server (SAP DB) ...) NOTE: not-for-us (SAP database server (SAP DB)) CAN-2003-0938 (vos24u.c in SAP database server (SAP DB) 7.4.03.27 and earlier allows ...) NOTE: not-for-us (SAP database server (SAP DB)) CAN-2003-0937 (SCO UnixWare 7.1.1, 7.1.3, and Open UNIX 8.0.0 allows local users to ...) NOTE: not-for-us (UnixWare) CAN-2003-0936 (Symantec PCAnywhere 10.x and 11, when started as a service, allows ...) NOTE: not-for-us (PCAnywhere) CAN-2003-0935 (Net-SNMP before 5.0.9 allows a user or community to access data in MIB ...) - net-snmp 5.0.9 CAN-2003-0934 (Symbol Access Portable Data Terminal (PDT) 8100 does not hide the ...) NOTE: not-for-us (Symbol Access Portable Data Terminal) CAN-2003-0933 (Buffer overflow in conquest 7.2 and earlier may allow a local user to ...) {DSA-398} CAN-2003-0932 (Buffer overflow in omega-rpg 0.90 allows local users to execute ...) {DSA-400} CAN-2003-0931 (Sygate Enforcer 4.0 earlier allows remote attackers to cause a denial ...) NOTE: not-for-us (Sygate Enforcer) CAN-2003-0930 (Clearswift MAILsweeper before 4.3.15 does not properly detect ...) NOTE: not-for-us (Clearswift MAILsweeper) CAN-2003-0929 (Clearswift MAILsweeper before 4.3.15 does not properly detect and ...) NOTE: not-for-us (Clearswift MAILsweeper) CAN-2003-0928 (Clearswift MAILsweeper before 4.3.15 does not properly detect and ...) NOTE: not-for-us (Clearswift MAILsweeper) CAN-2003-0927 (Heap-based buffer overflow in Ethereal 0.9.15 and earlier allows ...) - ethereal 0.9.16-0.1 CAN-2003-0926 (Ethereal 0.9.15 and earlier, and Tethereal, allows remote attackers to ...) - ethereal 0.9.16-0.1 CAN-2003-0925 (Buffer overflow in Ethereal 0.9.15 and earlier allows remote attackers ...) - ethereal 0.9.16-0.1 CAN-2003-0924 {DSA-426} CAN-2003-0923 NOTE: reserved CAN-2003-0922 NOTE: reserved CAN-2003-0921 NOTE: reserved CAN-2003-0920 NOTE: reserved CAN-2003-0919 NOTE: reserved CAN-2003-0918 NOTE: reserved CAN-2003-0917 NOTE: reserved CAN-2003-0916 NOTE: reserved CAN-2003-0915 NOTE: reserved CAN-2003-0914 (ISC BIND 8.3.x before 8.3.7, and 8.4.x before 8.4.3, allows remote ...) {DSA-409} CAN-2003-0913 (Unknown vulnerability in the Terminal application for Mac OS X 10.3 ...) NOTE: not-for-us (MacOS) CAN-2003-0912 NOTE: reserved CAN-2003-0911 NOTE: reserved CAN-2003-0910 (The NtSetLdtEntries function in the programming interface for the ...) NOTE: not-for-us (Windows) CAN-2003-0909 (Windows XP allows local users to execute arbitrary programs by ...) NOTE: not-for-us (Windows) CAN-2003-0908 (The Utility Manager in Microsoft Windows 2000 executes winhlp32.exe ...) NOTE: not-for-us (Windows) CAN-2003-0907 (Help and Support Center in Microsoft Windows XP SP1 does not properly ...) NOTE: not-for-us (Windows) CAN-2003-0906 (Buffer overflow in the rendering for (1) Windows Metafile (WMF) or (2) ...) NOTE: not-for-us (Windows) CAN-2003-0904 (Microsoft Exchange 2003 and Outlook Web Access (OWA), when configured ...) NOTE: not-for-us (Windows) CAN-2003-0902 (Unknown vulnerability in minimalist mailing list manager 2.4, 2.2, and ...) {DSA-402} CAN-2003-0901 (Buffer overflow in to_ascii for PostgreSQL 7.2.x, and 7.3.x before ...) {DSA-397} CAN-2003-0900 NOTE: reserved CAN-2003-0899 (Buffer overflow in defang in libhttpd.c for thttpd 2.21 to 2.23b1 ...) {DSA-396} CAN-2003-0898 (IBM DB2 7.2 before FixPak 10a, and earlier versions including 7.1, ...) NOTE: not-for-us (IBM DB2) CAN-2003-0897 ("Shatter" vulnerability in CommCtl32.dll in Windows XP may allow local ...) NOTE: not-for-us (microsoft) CAN-2003-0896 (The loadClass method of the sun.applet.AppletClassLoader class in the ...) NOTE: not-for-us (Sun/Java) CAN-2003-0895 (Buffer overflow in the Mac OS X kernel 10.2.8 and earlier allows local ...) NOTE: not-for-us (Apple) CAN-2003-0894 (Buffer overflow in the (1) oracle and (2) oracleO programs in Oracle ...) NOTE: not-for-us (Oracle) CAN-2003-0893 NOTE: reserved CAN-2003-0892 NOTE: reserved CAN-2003-0891 NOTE: reserved CAN-2003-0890 NOTE: reserved CAN-2003-0889 NOTE: reserved CAN-2003-0888 NOTE: reserved CAN-2003-0887 NOTE: reserved CAN-2003-0886 (Format string vulnerability in hfaxd for Hylafax 4.1.7 and earlier ...) {DSA-401} CAN-2003-0885 NOTE: reserved CAN-2003-0884 NOTE: reserved CAN-2003-0883 (The System Preferences capability in Mac OS X before 10.3 allows local ...) NOTE: not-for-us (Apple) CAN-2003-0882 (Mac OS X before 10.3 initializes the TCP timestamp with a constant ...) NOTE: not-for-us (Apple) CAN-2003-0881 (Mail in Mac OS X before 10.3, when configured to use MD5 Challenge ...) NOTE: not-for-us (Apple) CAN-2003-0880 (Unknown vulnerability in Mac OS X before 10.3 allows local users to ...) NOTE: not-for-us (Apple) CAN-2003-0879 NOTE: rejected CAN-2003-0878 (slpd daemon in Mac OS X before 10.3 allows local users to overwrite ...) NOTE: not-for-us (Apple) CAN-2003-0877 (Mac OS X before 10.3 with core files enabled allows local users to ...) NOTE: not-for-us (Apple) CAN-2003-0876 (Finder in Mac OS X 10.2.8 and earlier sets global read/write/execute ...) NOTE: not-for-us (Apple) CAN-2003-0875 (Symbolic link vulnerability in the slpd script slpd.all_init for ...) NOTE: source package only NOTE: openslp: slpd.all_init symlink vuln NOTE: this file is not used in Debian, so it's not a problem for us. NOTE: source package still distributes the file, however. - openslp (unfixed; bug #279973; only problem in source package) CAN-2003-0874 (Multiple SQL injection vulnerabilities in DeskPRO 1.1.0 and earlier ...) NOTE: not-for-us (Deskpro) CAN-2003-0873 NOTE: reserved CAN-2003-0872 (Certain scripts in OpenServer before 5.0.6 allow local users to ...) NOTE: not-for-us (SCO) CAN-2003-0871 (Unknown vulnerability in QuickTime Java in Mac OS X v10.3 and Mac OS X ...) NOTE: not-for-us (Apple) CAN-2003-0870 (Heap-based buffer overflow in Opera 7.11 and 7.20 allows remote ...) NOTE: not-for-us (Opera) CAN-2003-0869 NOTE: reserved CAN-2003-0868 NOTE: reserved CAN-2003-0867 NOTE: rejected CAN-2003-0866 (The Catalina org.apache.catalina.connector.http package in Tomcat ...) {DSA-395} CAN-2003-0865 (Heap-based buffer overflow in readstring of httpget.c for mpg123 0.59r ...) {DSA-435} - mpg123 0.59r-15 CAN-2003-0864 (Buffer overflow in m_join in channel.c for IRCnet IRCD 2.10.x to ...) - ircd-irc2 2.10.3p5-1 CAN-2003-0863 (The php_check_safe_mode_include_dir function in fopen_wrappers.c of ...) NOTE: php4, this bug appears not to have been fixed. NOTE: submitted to BTS on libapache-mod-php4 NOTE: developer claims there is no problem CAN-2003-0862 NOTE: rejected CAN-2003-0861 (Integer overflows in (1) base64_encode and (2) the GD library for PHP ...) - php4 4:4.3.3-1 CAN-2003-0860 (Buffer overflows in PHP before 4.3.3 have unknown impact and unknown ...) - php4 4:4.3.3-1 CAN-2003-0859 (The getifaddrs function in GNU libc (glibc) 2.2.4 and earlier allows ...) NOTE: affects glibc 2.2.4, Debian uses 2.3.2 CAN-2003-0858 (Zebra 0.93b and earlier, and quagga before 0.95, allows local users to ...) {DSA-415} CAN-2003-0857 NOTE: reserved CAN-2003-0856 (iproute 2.4.7 and earlier allows local users to cause a denial of ...) {DSA-492} - iproute 20010824-13.1 CAN-2003-0855 (Pan 0.13.3 and earlier allows remote attackers to cause a denial of ...) - pan 0.13.4-1 CAN-2003-0854 (ls in the fileutils or coreutils packages allows local users to ...) - coreutils 5.2.1-1 CAN-2003-0853 (An integer overflow in ls in the fileutils or coreutils packages may ...) - coreutils 5.2.1-1 CAN-2003-0852 (Format string vulnerability in send_message.c for Sylpheed-claws 0.9.4 ...) - sylpheed-claws 0.9.8claws-1 CAN-2003-0851 (OpenSSL 0.9.6k allows remote attackers to cause a denial of service ...) NOTE: affects openssl 0.9.6. Testing uses 0.9.7. CAN-2003-0850 (The TCP reassembly functionality in libnids before 1.18 allows remote ...) {DSA-410} - libnids1 1.18-1 CAN-2003-0849 (Buffer overflow in net.c for cfengine 2.x before 2.0.8 allows remote ...) - cfengine2 2.0.9+2.1.0b3-1 CAN-2003-0848 (Heap-based buffer overflow in main.c of slocate 2.6, and possibly ...) {DSA-428} - slocate 2.7-3 CAN-2003-0847 (SuSEconfig.susewm in the susewm package on SuSE Linux 8.2Pro allows ...) NOTE: not-for-us (SuSE) CAN-2003-0846 (SuSEconfig.javarunt in the javarunt package on SuSE Linux 7.3Pro ...) NOTE: not-for-us (SuSE) CAN-2003-0845 (Unknown vulnerability in the HSQLDB component in JBoss 3.2.1 and 3.0.8 ...) NOTE: not-for-us (JBoss) CAN-2003-0844 (mod_gzip 1.3.26.1a and earlier, and possibly later official versions, ...) NOTE: libapache-mod-gzip, vulnerable only when compiled in debug mode NOTE: Debian doesn't enable MOD_GZIP_DEBUG1. CAN-2003-0843 (Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a ...) NOTE: libapache-mod-gzip, vulnerable only when compiled in debug mode NOTE: Debian doesn't enable MOD_GZIP_DEBUG1. CAN-2003-0842 (Stack-based buffer overflow in mod_gzip_printf for mod_gzip 1.3.26.1a ...) NOTE: libapache-mod-gzip, vulnerable only when compiled in debug mode NOTE: Debian doesn't enable MOD_GZIP_DEBUG1. CAN-2003-0841 (The grid option in PeopleSoft 8.42 stores temporary .xls files in ...) NOTE: not-for-us (Peoplesoft) CAN-2003-0840 (Buffer overflow in dtprintinfo on HP-UX 11.00, and possibly other ...) NOTE: not-for-us (HPUX) CAN-2003-0839 (Directory traversal vulnerability in the "Shell Folders" capability in ...) NOTE: not-for-us (microsoft) CAN-2003-0838 (Internet Explorer allows remote attackers to bypass zone restrictions ...) NOTE: not-for-us (microsoft) CAN-2003-0837 (Stack-based buffer overflow in IBM DB2 Universal Data Base 7.2 for ...) NOTE: not-for-us (IBM DB2) CAN-2003-0836 (Stack-based buffer overflow in IBM DB2 Universal Data Base 7.2 before ...) NOTE: not-for-us (IBM DB2) CAN-2003-0835 (Multiple buffer overflows in asf_http_request of MPlayer before 0.92 ...) NOTE: not-for-us (mplayer) CAN-2003-0834 (Buffer overflow in CDE libDtHelp library allows local users to execute ...) NOTE: not-for-us (CDE) CAN-2003-0833 (Stack-based buffer overflow in webfs before 1.20 allows attackers to ...) {DSA-392} - webfs 1.20 CAN-2003-0832 (Directory traversal vulnerability in webfs before 1.20 allows remote ...) {DSA-392} - webfs 1.20 CAN-2003-0831 (ProFTPD 1.2.7 through 1.2.9rc2 does not properly translate newline ...) - proftpd 1.2.9-1 CAN-2003-0830 (Buffer overflow in marbles 1.0.2 and earlier allows local users to ...) {DSA-390} NOTE: marbles package not in testing or unstable CAN-2003-0829 NOTE: reserved CAN-2003-0828 (Buffer overflow in freesweep in Debian GNU/Linux 3.0 allows local ...) {DSA-391} - freesweep 0.88-4.1 CAN-2003-0827 (The DB2 Discovery Service for IBM DB2 before FixPak 10a allows remote ...) NOTE: not-for-us (IBM DB2) CAN-2003-0826 (lsh daemon (lshd) does not properly return from certain functions in ...) - lsh-server 1.4.2-6 CAN-2003-0824 (Unknown vulnerability in the SmartHTML interpreter (shtml.dll) in ...) NOTE: not-for-us (microsoft) CAN-2003-0823 (Internet Explorer 6 SP1 and earlier allows remote attackers to direct ...) NOTE: not-for-us (microsoft) CAN-2003-0822 (Buffer overflow in the debug functionality in fp30reg.dll of Microsoft ...) NOTE: not-for-us (microsoft) CAN-2003-0821 (Microsoft Excel 97, 2000, and 2002 allows remote attackers to execute ...) NOTE: not-for-us (microsoft) CAN-2003-0820 (Microsoft Word 97, 98(J), 2000, and 2002, and Microsoft Works Suites ...) NOTE: not-for-us (microsoft) CAN-2003-0819 (Buffer overflow in the H.323 filter of Microsoft Internet Security and ...) NOTE: not-for-us (microsoft) CAN-2003-0818 (Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as ...) NOTE: not-for-us (microsoft) CAN-2003-0817 (Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass ...) NOTE: not-for-us (microsoft) CAN-2003-0816 (Internet Explorer 6 SP1 and earlier allows remote attackers to bypass ...) NOTE: not-for-us (microsoft) CAN-2003-0815 (Internet Explorer 6 SP1 and earlier allows remote attackers to bypass ...) NOTE: not-for-us (microsoft) CAN-2003-0814 (Internet Explorer 6 SP1 and earlier allows remote attackers to bypass ...) NOTE: not-for-us (microsoft) CAN-2003-0813 (A multi-threaded race condition in the Windows RPC DCOM functionality ...) NOTE: not-for-us (microsoft) CAN-2003-0812 (Stack-based buffer overflow in a logging function for Windows ...) NOTE: not-for-us (microsoft) CAN-2003-0811 NOTE: reserved CAN-2003-0810 NOTE: reserved CAN-2003-0809 (Internet Explorer 5.01 through 6.0 does not properly handle object ...) NOTE: not-for-us (microsoft) CAN-2003-0808 NOTE: reserved CAN-2003-0807 (Buffer overflow in the COM Internet Services and in the RPC over HTTP ...) NOTE: not-for-us (microsoft) CAN-2003-0806 (Buffer overflow in the Windows logon process (winlogon) in Microsoft ...) NOTE: not-for-us (microsoft) CAN-2003-0805 (Multiple buffer overflows in UMN gopher daemon (gopherd) 2.x and 3.x ...) {DSA-387} NOTE: gopherd not in testing or unstable (deprecated) CAN-2003-0804 (The arplookup function in FreeBSD 5.1 and earlier, Mac OS X before ...) NOTE: not-for-us (BSD) CAN-2003-0803 (Nokia Electronic Documentation (NED) 5.0 allows remote attackers to ...) NOTE: not-for-us (Nokia) CAN-2003-0802 (Nokia Electronic Documentation (NED) 5.0 allows remote attackers to ...) NOTE: not-for-us (Nokia) CAN-2003-0801 (Cross-site scripting (XSS) vulnerability in Nokia Electronic ...) NOTE: not-for-us (Nokia) CAN-2003-0800 NOTE: reserved CAN-2003-0799 NOTE: reserved CAN-2003-0798 NOTE: reserved CAN-2003-0797 (Unknown vulnerability in rpc.mountd in SGI IRIX 6.5 through 6.5.22 ...) NOTE: not-for-us (SGI IRIX) CAN-2003-0796 (Unknown vulnerability in rpc.mountd SGI IRIX 6.5.18 through 6.5.22 ...) NOTE: not-for-us (SGI IRIX) CAN-2003-0795 (The vty layer in Quagga before 0.96.4, and Zebra 0.93b and earlier, ...) {DSA-415} CAN-2003-0794 (GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not limit ...) - gdm 2.4.4.4 CAN-2003-0793 (GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not ...) - gdm 2.4.4.4 CAN-2003-0792 (Fetchmail 6.2.4 and earlier does not properly allocate memory for long ...) - fetchmail 6.2.5 CAN-2003-0791 NOTE: reserved CAN-2003-0790 NOTE: rejected CAN-2003-0789 (mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not ...) - apache2 2.0.48 CAN-2003-0788 (Unknown vulnerability in the Internet Printing Protocol (IPP) ...) - cupsys 1.1.19 CAN-2003-0787 (The PAM conversation function in OpenSSH 3.7.1 and 3.7.1p1 interprets ...) -ssh 1:3.7.1p2 CAN-2003-0786 (The SSH1 PAM challenge response authentication in OpenSSH 3.7.1 and ...) -ssh 1:3.7.1p2 CAN-2003-0785 (ipmasq before 3.5.12, in certain configurations, may forward packets ...) {DSA-389} CAN-2003-0784 (Format string vulnerability in tsm for the bos.rte.security fileset on ...) NOTE: not-for-us (IBM TSM) CAN-2003-0783 (Multiple buffer overflows in hztty 2.0 allow local users to gain root ...) {DSA-385} CAN-2003-0782 (Multiple buffer overflows in ecartis before 1.0.0 allow attackers to ...) {DSA-467} CAN-2003-0781 (Unknown vulnerability in ecartis before 1.0.0 does not properly ...) {DSA-467} CAN-2003-0780 (Buffer overflow in get_salt_from_password from sql_acl.cc for MySQL ...) {DSA-381} CAN-2003-0779 (SQL injection vulnerability in the Call Detail Record (CDR) logging ...) - asterisk 0.7.0 CAN-2003-0778 (saned in sane-backends 1.0.7 and earlier, and possibly later versions, ...) {DSA-379} CAN-2003-0777 (saned in sane-backends 1.0.7 and earlier, when debug messages are ...) {DSA-379} CAN-2003-0776 (saned in sane-backends 1.0.7 and earlier does not properly "check the ...) {DSA-379} CAN-2003-0775 (saned in sane-backends 1.0.7 and earlier calls malloc with an ...) {DSA-379} CAN-2003-0774 (saned in sane-backends 1.0.7 and earlier does not quickly handle ...) {DSA-379} CAN-2003-0773 (saned in sane-backends 1.0.7 and earlier does not check the IP address ...) {DSA-379} CAN-2003-0772 (Multiple buffer overflows in WS_FTP 3 and 4 allows remote ...) NOTE: not-for-us (WS_FTP server) CAN-2003-0771 (Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary ...) - libapache-gallery-perl 0.7 CAN-2003-0770 (FUNC.pm in IkonBoard 3.1.2a and earlier, including 3.1.1, does not ...) NOTE: not-for-us (IkonBoard not in Debian) CAN-2003-0769 (Cross-site scripting (XSS) vulnerability in the ICQ Web Front ...) NOTE: not-for-us (ICQ Web Front) CAN-2003-0768 (Microsoft ASP.Net 1.1 allows remote attackers to bypass the Cross-Site ...) NOTE: not-for-us (microsoft) CAN-2003-0767 (Buffer overflow in RogerWilco graphical server 1.4.1.6 and earlier, ...) NOTE: not-for-us (RogerWilco not in Debian) CAN-2003-0766 (Multiple heap-based buffer overflows in FTP Desktop client 3.5, and ...) NOTE: not-for-us (ftp desktop (windows)) CAN-2003-0765 (The IN_MIDI.DLL plugin 3.01 and earlier, as used in Winamp 2.91, ...) NOTE: not-for-us (winamp) CAN-2003-0764 (Escapade Scripting Engine (ESP) allows remote attackers to obtain ...) NOTE: not-for-us (Escapade Scripting Engine (ESP) not in Debian) CAN-2003-0763 (Cross-site scripting (XSS) vulnerability in Escapade Scripting Engine ...) NOTE: not-for-us (Escapade Scripting Engine (ESP) not in Debian) CAN-2003-0762 (Buffer overflow in (1) foxweb.dll and (2) foxweb.exe of Foxweb 2.5 ...) NOTE: not-for-us (foxweb) CAN-2003-0761 (Buffer overflow in the get_msg_text of chan_sip.c in the Session ...) - asterisk 0.5.0 CAN-2003-0760 (Blubster 2.5 allows remote attackers to cause a denial of service ...) NOTE: not-for-us (optisoft blubster) CAN-2003-0759 (Buffer overflow in db2licm in IBM DB2 Universal Data Base 7.2 before ...) NOTE: not-for-us (IBM DB2) CAN-2003-0758 (Buffer overflow in db2dart in IBM DB2 Universal Data Base 7.2 before ...) NOTE: not-for-us (IBM DB2) CAN-2003-0757 (Check Point FireWall-1 4.0 and 4.1 before SP5 allows remote attackers ...) NOTE: not-for-us (check point firewall) CAN-2003-0756 (Directory traversal vulnerability in sitebuilder.cgi in SiteBuilder ...) NOTE: not-for-us (sitebuilder not in Debian) CAN-2003-0755 (Buffer overflow in sys_cmd.c for gtkftpd 1.0.4 and earlier allows ...) NOTE: not-for-us (gtkftpd not in Debian) CAN-2003-0754 (nphpd.php in newsPHP 216 and earlier allows remote attackers to bypass ...) NOTE: not-for-us (newsPHP not in Debian) CAN-2003-0753 (nphpd.php in newsPHP 216 and earlier allows remote attackers to read ...) NOTE: not-for-us (newsPHP not in Debian) CAN-2003-0752 (SQL injection vulnerability in global.php3 of AttilaPHP 3.0, and ...) NOTE: not-for-us (AttilaPHP not in Debian) CAN-2003-0751 (SQL injection vulnerability in pass_done.php for PY-Membres 4.2 and ...) NOTE: not-for-us (PY-Membres not in Debian) CAN-2003-0750 (secure.php in PY-Membres 4.2 and earlier allows remote attackers to ...) NOTE: not-for-us (PY-Membres not in Debian) CAN-2003-0749 (Cross-site scripting (XSS) vulnerability in wgate.dll for SAP Internet ...) NOTE: not-for-us (SAP) CAN-2003-0748 (Directory traversal vulnerability in wgate.dll for SAP Internet ...) NOTE: not-for-us (SAP) CAN-2003-0747 (wgate.dll in SAP Internet Transaction Server (ITS) 4620.2.0.323011 ...) NOTE: not-for-us (SAP) CAN-2003-0746 (Various Distributed Computing Environment (DCE) implementations, ...) NOTE: not-for-us (Distributed Computing Environment (DCE) not in Deb) CAN-2003-0745 (SNMPc 6.0.8 and earlier performs authentication to the server on the ...) NOTE: not-for-us (castlerock SNMPc) CAN-2003-0744 (The fetchnews client in leafnode 1.9.3 to 1.9.41 allows remote ...) - leafnode 1.9.42 CAN-2003-0743 (Heap-based buffer overflow in smtp_in.c for Exim 3 (exim3) before 3.36 ...) {DSA-376} CAN-2003-0742 (SCO Internet Manager (mana) allows local users to execute arbitrary ...) NOTE: not-for-us (SCO) CAN-2003-0741 NOTE: reserved CAN-2003-0740 (Stunnel 4.00, and 3.24 and earlier, leaks a privileged file descriptor ...) - stunnel 2:3.26 - stunnel4 2:4.04 CAN-2003-0739 (VMware Workstation 4.0.1 for Linux, build 5289 and earlier, allows ...) NOTE: not-for-us (VMware) CAN-2003-0738 (The calendar module in phpWebSite 0.9.x and earlier allows remote ...) NOTE: not-for-us (phpWebSite not in Debian) CAN-2003-0737 (The calendar module in phpWebSite 0.9.x and earlier allows remote ...) NOTE: not-for-us (phpWebSite not in Debian) CAN-2003-0736 (Multiple cross-site scripting (XSS) vulnerabilities in phpWebSite ...) NOTE: not-for-us (phpWebSite not in Debian) CAN-2003-0735 (SQL injection vulnerability in the Calendar module of phpWebSite 0.9.x ...) NOTE: not-for-us (phpWebSite not in Debian) CAN-2003-0734 (Unknown vulnerability in the pam_filter mechanism in pam_ldap before ...) - libpam-ldap 164-1 - libnss-ldap 207-1 CAN-2003-0733 (Multiple cross-site scripting (XSS) vulnerabilities in WebLogic ...) NOTE: not-for-us (BEA weblogic) CAN-2003-0732 (CiscoWorks Common Management Foundation (CMF) 2.1 and earlier allows ...) NOTE: not-for-us (cisco) CAN-2003-0731 (CiscoWorks Common Management Foundation (CMF) 2.1 and earlier allows ...) NOTE: not-for-us (cisco) CAN-2003-0730 (Multiple integer overflows in the font libraries for XFree86 4.3.0 ...) {DSA-380} CAN-2003-0729 (Buffer overflow in Tellurian TftpdNT 1.8 allows remote attackers to ...) NOTE: not-for-us (tellurian tftpdNT) CAN-2003-0728 (Horde before 2.2.4 allows remote malicious web sites to steal session ...) - horde2 2.2.4 CAN-2003-0727 (Multiple buffer overflows in the XML Database (XDB) functionality for ...) NOTE: not-for-us (oracle) CAN-2003-0726 (RealOne player allows remote attackers to execute arbitrary script in ...) NOTE: not-for-us (RealOne player) CAN-2003-0725 (Buffer overflow in the RTSP protocol parser for the View Source ...) NOTE: not-for-us (Real Networks Server / Helix Server) CAN-2003-0724 (ssh on HP Tru64 UNIX 5.1B and 5.1A does not properly handle RSA ...) NOTE: not-for-us (HP Tru64) CAN-2003-0723 (Buffer overflow in gkrellmd for gkrellm 2.1.x before 2.1.14 may allow ...) - gkrellmd 2.1.14 CAN-2003-0722 (The default installation of sadmind on Solaris uses weak ...) NOTE: not-for-us (solaris) CAN-2003-0721 (Integer signedness error in rfc2231_get_param from strings.c in PINE ...) - pine 4.58 - pine-tracker 4.58 CAN-2003-0720 (Buffer overflow in PINE before 4.58 allows remote attackers to execute ...) - pine 4.58 - pine-tracker 4.58 CAN-2003-0719 (Buffer overflow in the Private Communications Transport (PCT) protocol ...) NOTE: not-for-us (microsoft) CAN-2003-0718 (The WebDAV Message Handler for Internet Information Services (IIS) ...) NOTE: not-for-us (microsoft) CAN-2003-0717 (The Messenger Service for Windows NT through Server 2003 does not ...) NOTE: not-for-us (microsoft) CAN-2003-0716 NOTE: reserved CAN-2003-0715 (Heap-based buffer overflow in the Distributed Component Object Model ...) NOTE: not-for-us (microsoft) CAN-2003-0714 (The Internet Mail Service in Exchange Server 5.5 and Exchange 2000 ...) NOTE: not-for-us (microsoft) CAN-2003-0713 NOTE: reserved CAN-2003-0712 (Cross-site scripting (XSS) vulnerability in the HTML encoding for the ...) NOTE: not-for-us (microsoft) CAN-2003-0711 (Stack-based buffer overflow in the PCHealth system in the Help and ...) NOTE: not-for-us (pchealth for windows) CAN-2003-0710 NOTE: reserved CAN-2003-0709 (Buffer overflow in the whois client, which is not setuid but is ...) - whois 4.6.7 CAN-2003-0708 (Format string vulnerability in LinuxNode (node) before 0.3.2 may allow ...) {DSA-375} CAN-2003-0707 (Buffer overflow in LinuxNode (node) before 0.3.2 allows remote ...) {DSA-375} CAN-2003-0706 (Unknown vulnerability in mah-jong 1.5.6 and earlier allows remote ...) {DSA-378} CAN-2003-0705 (Buffer overflow in mah-jong 1.5.6 and earlier allows remote attackers ...) {DSA-378} CAN-2003-0704 (KisMAC before 0.05d trusts user-supplied variables when chown'ing ...) NOTE: not-for-us (KisMAC for Mac OS X) CAN-2003-0703 (KisMAC before 0.05d trusts user-supplied variables to load arbitrary ...) NOTE: not-for-us (KisMAC for Mac OS X) CAN-2003-0702 (Unknown vulnerability in an ISAPI plugin for ISS Server Sensor 7.0 XPU ...) NOTE: not-for-us (microsoft) CAN-2003-0701 (Buffer overflow in Internet Explorer 6 SP1 for certain languages that ...) NOTE: not-for-us (microsoft) CAN-2003-0700 (The C-Media PCI sound driver in Linux before 2.4.22 does not use the ...) NOTE: fixed in 2.4.22-pre3 CAN-2003-0699 (The C-Media PCI sound driver in Linux before 2.4.21 does not use the ...) NOTE: fixed in 2.4.21-rc2 CAN-2003-0698 NOTE: reserved - exim 3.36-8 CAN-2003-0697 (Format string vulnerability in lpd in the bos.rte.printers fileset for ...) NOTE: not-for-us (AIX) CAN-2003-0696 (The getipnodebyname() API in AIX 5.1 and 5.2 does not properly close ...) NOTE: not-for-us (AIX) CAN-2003-0695 (Multiple "buffer management errors" in OpenSSH before 3.7.1 may allow ...) {DSA-383 DSA-382} CAN-2003-0694 (The prescan function in Sendmail 8.12.9 allows remote attackers to ...) {DSA-384} CAN-2003-0693 (A "buffer management error" in buffer_append_space of buffer.c for ...) {DSA-383 DSA-382} - openssh 1:3.6.1p2-6.0 CAN-2003-0692 (KDM in KDE 3.1.3 and earlier uses a weak session cookie generation ...) {DSA-388} CAN-2003-0691 NOTE: reserved CAN-2003-0690 (KDM in KDE 3.1.3 and earlier does not verify whether the pam_setcred ...) {DSA-443 DSA-388} CAN-2003-0689 (The getgrouplist function in GNU libc (glibc) 2.2.4 and earlier allows ...) - libc6 2.2.5 CAN-2003-0688 (The DNS map code in Sendmail 8.12.8 and earlier, when using the ...) - sendmail 8.12.9 CAN-2003-0687 NOTE: rejected CAN-2003-0686 (Buffer overflow in PAM SMB module (pam_smb) 1.1.6 and earlier, when ...) {DSA-374} CAN-2003-0685 (Buffer overflow in Netris 0.52 and earlier, and possibly other ...) {DSA-372} CAN-2003-0684 NOTE: reserved CAN-2003-0683 (NFS in SGI 6.5.21m and 6.5.21f does not perform access checks in ...) NOTE: not-for-us (SGI) CAN-2003-0682 ("Memory bugs" in OpenSSH 3.7.1 and earlier, with unknown impact, a ...) {DSA-383 DSA-382} - openssh 1:3.6.1p2-9 CAN-2003-0681 (A "potential buffer overflow in ruleset parsing" for Sendmail 8.12.9, ...) {DSA-384} CAN-2003-0680 (Unknown vulnerability in NFS for SGI IRIX 6.5.21 and earlier may allow ...) NOTE: not-for-us (SGI IRIX) CAN-2003-0679 (Unknown vulnerability in the libcpr library for the Checkpoint/Restart ...) NOTE: not-for-us (SGI IRIX) CAN-2003-0678 NOTE: reserved CAN-2003-0677 (Cisco CSS 11000 routers on the CS800 chassis allow remote attackers to ...) NOTE: not-for-us (Cisco) CAN-2003-0676 (Directory traversal vulnerability in ViewLog for iPlanet ...) NOTE: not-for-us (Sun iPlanet) CAN-2003-0672 (Format string vulnerability in pam-pgsql 0.5.2 and earlier allows ...) {DSA-370} CAN-2003-0671 (Format string vulnerability in tcpflow, when used in a setuid context, ...) NOTE: not-for-us (sustworks IPNetSentryX) CAN-2003-0670 (Sustworks IPNetSentryX and IPNetMonitorX allow local users to sniff ...) NOTE: not-for-us (sustworks IPNetSentryX) CAN-2003-0669 (Unknown vulnerability in Solaris 2.6 through 9 causes a denial of ...) NOTE: not-for-us (solaris) CAN-2003-0668 NOTE: reserved CAN-2003-0667 NOTE: reserved CAN-2003-0666 (Buffer overflow in Microsoft Wordperfect Converter allows remote ...) NOTE: not-for-us (microsoft) CAN-2003-0665 (Buffer overflow in the ActiveX control for Microsoft Access Snapshot ...) NOTE: not-for-us (microsoft) CAN-2003-0664 (Microsoft Word 2002, 2000, 97, and 98(J) does not properly check ...) NOTE: not-for-us (microsoft) CAN-2003-0663 (Unknown vulnerability in the Local Security Authority Subsystem ...) NOTE: not-for-us (microsoft) CAN-2003-0662 (Buffer overflow in Troubleshooter ActiveX Control (Tshoot.ocx) in ...) NOTE: not-for-us (microsoft) CAN-2003-0661 (The NetBT Name Service (NBNS) for NetBIOS in Windows NT 4.0, 2000, XP, ...) NOTE: not-for-us (microsoft) CAN-2003-0660 (The Authenticode capability in Microsoft Windows NT through Server ...) NOTE: not-for-us (microsoft) CAN-2003-0659 (Buffer overflow in a function in User32.dll on Windows NT through ...) NOTE: not-for-us (microsoft) CAN-2003-0658 (Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, ...) NOTE: not-for-us (docview / caldera) CAN-2003-0657 (Multiple SQL injection vulnerabilities in the infolog module for ...) {DSA-365} CAN-2003-0656 (eroaster before 2.2.0 allows local users to overwrite arbitrary files ...) {DSA-366} CAN-2003-0655 (rscsi in cdrtools 2.01 and earlier allows local users to overwrite ...) - cdrecord 4:2.0+a18-1 CAN-2003-0654 (Buffer overflow in autorespond may allow remote attackers to execute ...) {DSA-373} CAN-2003-0653 (The OSI networking kernel (sys/netiso) in NetBSD 1.6.1 and earlier ...) NOTE: not-for-us (NetBSD) CAN-2003-0652 (Buffer overflow in xtokkaetama allows local users to gain privileges ...) {DSA-367} CAN-2003-0651 (Buffer overflow in the mylo_log logging function for mod_mylo 0.2.1 ...) NOTE: not-for-us (mod_mylo for apache) not in debian CAN-2003-0650 (Directory traversal vulnerability in GSAPAK.EXE for GameSpy Arcade, ...) NOTE: not-for-us (gamespy) CAN-2003-0649 (Buffer overflow in xpcd-svga for xpcd 2.08 and earlier allows local ...) {DSA-368} CAN-2003-0648 (Multiple buffer overflows in vfte, based on fte, before 0.50, allow ...) {DSA-472} CAN-2003-0647 (Buffer overflow in the HTTP server for Cisco IOS 12.2 and earlier ...) NOTE: not-for-us (Cisco) CAN-2003-0646 (Multiple buffer overflows in ActiveX controls used by Trend Micro ...) NOTE: not-for-us (ActiveX) CAN-2003-0645 (man-db 2.3.12 and 2.3.18 to 2.4.1 uses certain user-controlled DEFINE ...) {DSA-364} CAN-2003-0644 NOTE: reserved CAN-2003-0643 NOTE: reserved {DSA-358} NOTE: fixed in 2.4.22-pre10 (Introduced in 2.4.3-pre3) CAN-2003-0642 (WatchGuard ServerLock for Windows 2000 before SL 2.0.4 allows local ...) NOTE: not-for-us (Watchguard / win) CAN-2003-0641 (WatchGuard ServerLock for Windows 2000 before SL 2.0.3 allows local ...) NOTE: not-for-us (Watchguard / win) CAN-2003-0640 (BEA WebLogic Server and Express, when using NodeManager to start ...) NOTE: not-for-us (BEA WebLogic) CAN-2003-0639 (Unknown vulnerability in Novell iChain 2.2 before Support Pack 1 ...) NOTE: not-for-us (novell ichain) CAN-2003-0638 (Multiple buffer overflows in Novell iChain 2.1 before Field Patch 3, ...) NOTE: not-for-us (novell ichain) CAN-2003-0637 (Novell iChain 2.2 before Support Pack 1 uses a shorter timeout for a ...) NOTE: not-for-us (novell ichain) CAN-2003-0636 (Novell iChain 2.2 before Support Pack 1 does not properly verify that ...) NOTE: not-for-us (novell ichain) CAN-2003-0635 (Unknown vulnerability or vulnerabilities in Novell iChain 2.2 before ...) NOTE: not-for-us (novell ichain) CAN-2003-0634 (Stack-based buffer overflow in the PL/SQL EXTPROC functionality for ...) NOTE: not-for-us (oracle) CAN-2003-0633 (Multiple vulnerabilities in aoljtest.jsp of Oracle Applications AOL/J ...) NOTE: not-for-us (oracle) CAN-2003-0632 (Buffer overflow in the Oracle Applications Web Report Review (FNDWRR) ...) NOTE: not-for-us (oracle) CAN-2003-0631 (VMware GSX Server 2.5.1 build 4968 and earlier, and Workstation 4.0 ...) NOTE: not-for-us (VMware) CAN-2003-0630 (Multiple buffer overflows in the atari800.svgalib setuid program of ...) {DSA-359} CAN-2003-0629 (Cross-site scripting (XSS) vulnerability in PeopleSoft IScript ...) NOTE: not-for-us (peoplesoft) CAN-2003-0628 (PeopleSoft Gateway Administration servlet (gateway.administration) in ...) NOTE: not-for-us (peoplesoft) CAN-2003-0627 NOTE: reserved CAN-2003-0626 NOTE: reserved CAN-2003-0625 (Off-by-one error in certain versions of xfstt allows remote attackers ...) {DSA-360} CAN-2003-0624 (Cross-site scripting (XSS) vulnerability in InteractiveQuery.jsp for ...) NOTE: not-for-us (BEA WebLogic) CAN-2003-0623 (Cross-site scripting (XSS) vulnerability in the Administration Console ...) NOTE: not-for-us (BEA Tuxedo) CAN-2003-0622 (The Administration Console for BEA Tuxedo 8.1 and earlier allows ...) NOTE: not-for-us (BEA Tuxedo) CAN-2003-0621 (The Administration Console for BEA Tuxedo 8.1 and earlier allows ...) NOTE: not-for-us (BEA Tuxedo) CAN-2003-0620 (Multiple buffer overflows in man-db 2.4.1 and earlier, when installed ...) {DSA-364} CAN-2003-0619 (Integer signedness error in the decode_fh function of nfs3xdr.c in ...) {DSA-358} NOTE: fixed in 2.4.21-pre3 CAN-2003-0618 (Multiple vulnerabilities in suidperl 5.6.1 and earlier allow a local ...) {DSA-431} CAN-2003-0617 (mindi 0.58 and earlier does not properly create temporary files, which ...) {DSA-362} CAN-2003-0616 (Format string vulnerability in ePO service for McAfee ePolicy ...) NOTE: not-for-us (McAfee) CAN-2003-0615 (Cross-site scripting (XSS) vulnerability in start_form() of CGI.pm ...) {DSA-371} CAN-2003-0614 (Cross-site scripting (XSS) vulnerability in search.php of Gallery 1.1 ...) {DSA-355} CAN-2003-0613 (Buffer overflow in zblast-svgalib of zblast 1.2.1 and earlier allows ...) {DSA-369} CAN-2003-0612 (Buffer overflow in main.c for Crafty 19.3 allows local users to gain ...) - crafty 19.3-1 CAN-2003-0611 (Multiple buffer overflows in xtokkaetama 1.0 allow local users to ...) {DSA-356} CAN-2003-0610 (Directory traversal vulnerability in ePO agent for McAfee ePolicy ...) NOTE: not-for-us (McAfee) CAN-2003-0609 (Stack-based buffer overflow in the runtime linker, ld.so.1, on Solaris ...) NOTE: not-for-us (Solaris) CAN-2003-0608 NOTE: reserved CAN-2003-0607 (Buffer overflow in xconq 7.4.1 allows local users to become part of ...) {DSA-354} CAN-2003-0606 (sup 1.8 and earlier does not properly create temporary files, which ...) {DSA-353} - sup 1.8-9 CAN-2003-0605 (The RPC DCOM interface in Windows 2000 SP3 and SP4 allows remote ...) NOTE: not-for-us (Microsoft) CAN-2003-0604 (Windows Media Player (WMP) 7 and 8, as running on Internet Explorer ...) NOTE: not-for-us (Microsoft) CAN-2003-0603 (Bugzilla 2.16.x before 2.16.3, 2.17.x before 2.17.4, and earlier ...) - bugzilla 2.16.3 NOTE: in 2.17.x : we need at least 2.17.4 CAN-2003-0602 (Multiple cross-site scripting vulnerabilities (XSS) in Bugzilla 2.16.x ...) - bugzilla 2.16.3 NOTE: in 2.17.x : we need at least 2.17.4 CAN-2003-0601 (Workgroup Manager in Apple Mac OS X Server 10.2 through 10.2.6 does ...) NOTE: not-for-us (Apple) CAN-2003-0600 NOTE: reserved CAN-2003-0599 (Unknown vulnerability in the Virtual File System (VFS) capability for ...) {DSA-365} CAN-2003-0598 NOTE: rejected CAN-2003-0597 (Unknown vulnerability in display of Merge before 5.3.23a in UnixWare ...) NOTE: not-for-us (Unixware) CAN-2003-0596 (FDclone 2.00a, and other versions before 2.02a, creates temporary ...) {DSA-352} - fdclone 2.02a CAN-2003-0595 (Buffer overflow in WiTango Application Server and Tango 2000 allows ...) NOTE: not-for-us (WiTango Application Server and Tango 2000) CAN-2003-0594 (Mozilla allows remote attackers to bypass intended cookie access ...) NOTE: cannot find reference to it being fixed. TODO: check CAN-2003-0593 (Opera allows remote attackers to bypass intended cookie access ...) NOTE: not-for-us (opera) CAN-2003-0592 (Konqueror in KDE 3.1.3 and earlier (kdelibs) allows remote attackers ...) {DSA-459} CAN-2003-0591 NOTE: rejected CAN-2003-0590 (Cross-site scripting (XSS) vulnerability in Splatt Forum allows remote ...) NOTE: not-for-us (Splatt Forum) CAN-2003-0589 (admin.php in Digi-ads 1.1 allows remote attackers to bypass ...) NOTE: not-for-us (Digi-ads) CAN-2003-0588 (admin.php in Digi-news 1.1 allows remote attackers to bypass ...) NOTE: not-for-us (Digi-news) CAN-2003-0587 (Cross-site scripting (XSS) vulnerability in Infopop Ultimate Bulletin ...) NOTE: not-for-us (Infopop Ultimate Bulletin Board (UBB)) CAN-2003-0586 (Brooky eStore 1.0.1 through 1.0.2b allows remote attackers to obtain ...) NOTE: not-for-us (Brooky eStore) CAN-2003-0585 (SQL injection vulnerability in login.asp of Brooky eStore 1.0.1 ...) NOTE: not-for-us (Brooky eStore) CAN-2003-0584 (Format string vulnerability in Backup and Restore Utility for Unix ...) NOTE: not-for-us (BRU) CAN-2003-0583 (Buffer overflow in Backup and Restore Utility for Unix (BRU) 17.0 and ...) NOTE: not-for-us (BRU) CAN-2003-0582 NOTE: rejected CAN-2003-0581 (X Fontserver for Truetype fonts (xfstt) 1.4 allows remote attackers to ...) {DSA-360} CAN-2003-0580 (Buffer overflow in uvadmsh in IBM U2 UniVerse 10.0.0.9 and earlier ...) NOTE: not-for-us (IBM U2 UniVerse) CAN-2003-0579 (uvadmsh in IBM U2 UniVerse 10.0.0.9 and earlier trusts the ...) NOTE: not-for-us (IBM U2 UniVerse) CAN-2003-0578 (cci_dir in IBM U2 UniVerse 10.0.0.9 and earlier creates hard links and ...) NOTE: not-for-us (IBM U2 UniVerse) CAN-2003-0577 (mpg123 0.59r allows remote attackers to cause a denial of service and ...) - mpg123 0.59r-1 CAN-2003-0576 (Unknown vulnerability in the NFS daemon (nfsd) in SGI IRIX 6.5.19f and ...) NOTE: not-for-us (IRIX) CAN-2003-0575 (Heap-based buffer overflow in the name services daemon (nsd) in SGI ...) NOTE: not-for-us (IRIX) CAN-2003-0574 (Unknown vulnerability in SGI IRIX 6.5.x through 6.5.20, and possibly ...) NOTE: not-for-us (IRIX) CAN-2003-0573 (The DNS callbacks in nsd in SGI IRIX 6.5.x through 6.5.20f, and ...) NOTE: not-for-us (IRIX) CAN-2003-0572 (Unknown vulnerability in nsd in SGI IRIX 6.5.x through 6.5.20f, and ...) NOTE: not-for-us (IRIX) CAN-2003-0571 NOTE: reserved CAN-2003-0570 NOTE: reserved CAN-2003-0569 NOTE: reserved CAN-2003-0568 NOTE: reserved CAN-2003-0567 (Cisco IOS 11.x and 12.0 through 12.2 allows remote attackers to cause ...) NOTE: not-for-us (Cisco) CAN-2003-0566 NOTE: reserved CAN-2003-0565 (Multiple vulnerabilities in multiple vendor implementations of the ...) NOTE: affects many implementations of the X.400 protocol TODO: see if anything in debian uses X.400 and is vulnerable. CAN-2003-0564 (Multiple vulnerabilities in multiple vendor implementations of the ...) NOTE: affects multiple S/MIME implementations NOTE: checked current mozilla, which contains safe NSS 3.9.1 - mozilla 2:1.7.3 TODO: see if anything else in debian uses S/MIME and is vulnerable. CAN-2003-0563 NOTE: reserved CAN-2003-0562 (Buffer overflow in the CGI2PERL.NLM PERL handler in Novell Netware 5.1 ...) NOTE: not-for-us (Novell Netware) CAN-2003-0561 (Multiple buffer overflows in IglooFTP PRO 3.8 allow remote FTP servers ...) NOTE: not-for-us (IglooFTP) CAN-2003-0560 (SQL injection vulnerability in shopexd.asp for VP-ASP allows remote ...) NOTE: not-for-us (VP-ASP) CAN-2003-0559 (mainfile.php in phpforum 2 RC-1, and possibly earlier versions, allows ...) NOTE: not-for-us (phpforum) CAN-2003-0558 (Buffer overflow in LeapFTP 2.7.3.600 allows remote FTP servers to ...) NOTE: not-for-us (LeapFTP) CAN-2003-0557 (SQL injection vulnerability in login.asp for StoreFront 6.0, and ...) NOTE: not-for-us (StoreFront) CAN-2003-0556 (Polycom MGC 25 allows remote attackers to cause a denial of service ...) NOTE: not-for-us (Polycom MGC) CAN-2003-0555 (ImageMagick 5.4.3.x and earlier allows attackers to cause a denial of ...) NOTE: imagemagick %x exploit failed with 6.0.6.2-1.5 CAN-2003-0554 (NeoModus Direct Connect 1.0 build 9, and possibly other versions, ...) NOTE: not-for-us (NeoModus Direct Connect) CAN-2003-0553 (Buffer overflow in the Client Detection Tool (CDT) plugin (npcdt.dll) ...) NOTE: not-for-us (Netscape) CAN-2003-0552 (Linux 2.4.x allows remote attackers to spoof the bridge Forwarding ...) {DSA-423 DSA-358} NOTE: fixed in 2.4.22-pre3 CAN-2003-0551 (The STP protocol implementation in Linux 2.4.x does not properly ...) {DSA-423 DSA-358} NOTE: fixed in 2.4.22-pre3 CAN-2003-0550 (The STP protocol, as enabled in Linux 2.4.x, does not provide ...) {DSA-423 DSA-358} NOTE: fixed in 2.4.22-pre3 CAN-2003-0549 (The X Display Manager Control Protocol (XDMCP) support for GDM before ...) - gdm 2.4.1.5 CAN-2003-0548 (The X Display Manager Control Protocol (XDMCP) support for GDM before ...) - gdm 2.4.1.5 CAN-2003-0547 (GDM before 2.4.1.6, when using the "examine session errors" feature, ...) - gdm 2.4.1.5 CAN-2003-0546 (up2date 3.0.7 and 3.1.23 does not properly verify RPM GPG signatures, ...) NOTE: not-for-us (up2date) CAN-2003-0545 (Double-free vulnerability in OpenSSL 0.9.7 allows remote attackers to ...) {DSA-394 DSA-393} CAN-2003-0544 (OpenSSL 0.9.6 and 0.9.7 does not properly track the number of ...) {DSA-394 DSA-393} CAN-2003-0543 (Integer overflow in OpenSSL 0.9.6 and 0.9.7 allows remote attackers to ...) {DSA-394 DSA-393} CAN-2003-0542 (Multiple stack-based buffer overflows in (1) mod_alias and (2) ...) - apache2 2.0.48 - apache 1.3.29 CAN-2003-0541 (gtkhtml before 1.1.10, as used in Evolution, allows remote attackers ...) NOTE: does not affect evolution on debian - gtkhtml 1.0.4-6.2 CAN-2003-0540 (The address parser code in Postfix 1.1.12 and earlier allows remote ...) {DSA-363} CAN-2003-0539 (skk (Simple Kana to Kanji conversion program) 12.1 and earlier, and ...) {DSA-343} CAN-2003-0538 (The mailcap file for mozart 1.2.5 and earlier causes Oz applications ...) {DSA-342} CAN-2003-0537 (The liece Emacs IRC client 2.0+0.20030527 and earlier creates ...) {DSA-341} CAN-2003-0536 (Directory traversal vulnerability in phpSysInfo 2.1 and earlier allows ...) {DSA-346} CAN-2003-0535 (Buffer overflow in xbl 1.0k and earlier allows local users to gain ...) {DSA-345} CAN-2003-0534 NOTE: reserved CAN-2003-0533 (Stack-based buffer overflow in certain Active Directory service ...) NOTE: not-for-us (Microsoft) CAN-2003-0532 (Internet Explorer 5.01 SP3 through 6.0 SP1 does not properly determine ...) NOTE: not-for-us (Microsoft) CAN-2003-0531 (Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to ...) NOTE: not-for-us (Microsoft) CAN-2003-0530 (Buffer overflow in the BR549.DLL ActiveX control for Internet Explorer ...) NOTE: not-for-us (Microsoft) CAN-2003-0529 NOTE: reserved CAN-2003-0528 (Heap-based buffer overflow in the Distributed Component Object Model ...) NOTE: not-for-us (Microsoft) CAN-2003-0527 NOTE: reserved CAN-2003-0526 (Cross-site scripting (XSS) vulnerability in Microsoft Internet ...) NOTE: not-for-us (Microsoft) CAN-2003-0525 (The getCanonicalPath function in Windows NT 4.0 may free memory that ...) NOTE: not-for-us (Microsoft) CAN-2003-0524 (Qt in Knoppix 3.1 Live CD allows local users to overwrite arbitrary ...) NOTE: appears specific to the knoppix CD CAN-2003-0523 (Cross-site scripting (XSS) vulnerability in msg.asp for certain ...) NOTE: not-for-us (ProductCart) CAN-2003-0522 (Multiple SQL injection vulnerabilities in ProductCart 1.5 through 2 ...) NOTE: not-for-us (ProductCart) CAN-2003-0521 (Cross-site scripting (XSS) vulnerability in cPanel 6.4.2 allows remote ...) NOTE: not-for-us (cPanel is not our cpanel) CAN-2003-0520 (Trillian 1.0 Pro and 0.74 Freeware allows remote attackers to cause a ...) NOTE: not-for-us (Trillian) CAN-2003-0519 (Certain versions of Internet Explorer 5 and 6, in certain Windows ...) NOTE: not-for-us (Microsoft) CAN-2003-0518 (The screen saver in MacOS X allows users with physical access to cause ...) NOTE: not-for-us (MacOS) CAN-2003-0517 (faxrunqd.in in mgetty 1.1.28 and earlier allows local users to ...) - mgetty 1.1.29 CAN-2003-0516 (cnd.c in mgetty 1.1.28 and earlier does not properly filter ...) - mgetty 1.1.29 CAN-2003-0515 (SQL injection vulnerabilities in the (1) PostgreSQL or (2) MySQL ...) {DSA-347} CAN-2003-0514 (Apple Safari allows remote attackers to bypass intended cookie access ...) NOTE: not-for-us (Safari) CAN-2003-0513 (Microsoft Internet Explorer allows remote attackers to bypass intended ...) NOTE: not-for-us (MSIE) CAN-2003-0512 (Cisco IOS 12.2 and earlier generates a "% Login invalid" message ...) NOTE: not-for-us (Cisco) CAN-2003-0511 (The web server for Cisco Aironet AP1x00 Series Wireless devices ...) NOTE not-for-us (Cisco Aironet AP1x00 Series Wireless devices) CAN-2003-0510 (Format string vulnerability in ezbounce 1.0 through 1.50 allows remote ...) NOTE: not-for-us (ezbounce) CAN-2003-0509 (SQL injection vulnerability in Cyberstrong eShop 4.2 and earlier ...) NOTE: not-for-us (Cyberstrong eShop) CAN-2003-0508 (Buffer overflow in the WWWLaunchNetscape function of Adobe Acrobat ...) NOTE: not-for-us (acroread) CAN-2003-0507 (Stack-based buffer overflow in Active Directory in Windows 2000 before ...) NOTE: not-for-us (Microsoft) CAN-2003-0506 (Microsoft NetMeeting 3.01 2000 before SP4 allows remote attackers to ...) NOTE: not-for-us (Microsoft) CAN-2003-0505 (Directory traversal vulnerability in Microsoft NetMeeting 3.01 2000 ...) NOTE: not-for-us (Microsoft) CAN-2003-0504 (Multiple cross-site scripting (XSS) vulnerabilities in Phpgroupware ...) {DSA-365} CAN-2003-0503 (Buffer overflow in the ShellExecute API function of SHELL32.DLL in ...) NOTE: not-for-us (Microsoft) CAN-2003-0502 (Apple QuickTime / Darwin Streaming Server before 4.1.3g allows remote ...) NOTE: not-for-us (Apple Quicktime) CAN-2003-0501 (The /proc filesystem in Linux allows local users to obtain sensitive ...) {DSA-423 DSA-358} NOTE: fixed in 2.4.22-pre10 CAN-2003-0500 (SQL injection vulnerability in the PostgreSQL authentication module ...) {DSA-338} CAN-2003-0499 (Mantis 0.17.5 and earlier stores its database password in cleartext in ...) {DSA-335} CAN-2003-0498 (Caché Database 5.x installs the /cachesys/csp directory with insecure ...) NOTE: not-for-us (Intersystems Cache database) CAN-2003-0497 (Caché Database 5.x installs /cachesys/bin/cache with world-writable ...) NOTE: not-for-us (Intersystems Cache database) CAN-2003-0496 (Microsoft SQL Server before Windows 2000 SP4 allows local users to ...) NOTE: not-for-us (Microsoft) CAN-2003-0495 (Cross-site scripting (XSS) vulnerability in LedNews 0.7 allows remote ...) NOTE: not-for-us (lednews; not in debian) CAN-2003-0494 (password.asp in Snitz Forums 3.4.03 and earlier allows remote ...) NOTE: not-for-us (snitz forums; not in debian) CAN-2003-0493 (Snitz Forums 3.4.03 and earlier allows attackers to gain privileges as ...) NOTE: not-for-us (snitz forums; not in debian) CAN-2003-0492 (Cross-site scripting (XSS) vulnerability in search.asp for Snitz ...) NOTE: not-for-us (snitz forums; not in debian) CAN-2003-0491 (The Tutorials 2.0 module in XOOPS and E-XOOPS allows remote attackers ...) NOTE: not-for-us (xoop; not in debian) CAN-2003-0490 (The installation of Dantz Retrospect Client 5.0.540 on MacOS X 10.2.6, ...) NOTE: not-for-us (Dantz Retrospect) CAN-2003-0489 (tcptraceroute 1.4 and earlier does not fully drop privileges after ...) {DSA-330} CAN-2003-0488 (Multiple cross-site scripting (XSS) vulnerabilities in Kerio ...) NOTE: not-for-us (Kerio Mail server) CAN-2003-0487 (Multiple buffer overflows in Kerio MailServer 5.6.3 allow remote ...) NOTE: not-for-us (Kerio Mail server) CAN-2003-0486 (SQL injection vulnerability in viewtopic.php for phpBB 2.0.5 and ...) - phpbb2 2.0.6 CAN-2003-0485 (Buffer overflow in Progress 4GL Compiler 9.1D06 and earlier allows ...) NOTE: not-for-us (Progress 4GL Compiler) CAN-2003-0484 (Cross-site scripting (XSS) vulnerability in viewtopic.php for phpBB ...) - phpbb2 2.0.6d-3 CAN-2003-0483 (Cross-site scripting (XSS) vulnerabilities in XMB Forum 1.8 Partagium ...) NOTE: not-for-us (XMB Forum) CAN-2003-0482 (TUTOS 1.1 allows remote attackers to execute arbitrary code by ...) - tutos 1.1.20030715-1 CAN-2003-0481 (Multiple cross-site scripting (XSS) vulnerabilities in TUTOS 1.1 allow ...) - tutos 1.1.20030715-1 CAN-2003-0480 (VMware Workstation 4.0 for Linux allows local users to overwrite ...) NOTE: not-for-us (VMware) CAN-2003-0479 (Cross-site scripting (XSS) vulnerability in the guestbook for WebBBS ...) NOTE: not-for-us (WebBBS; not in debian) CAN-2003-0478 (Format string vulnerability in (1) Bahamut IRCd 1.4.35 and earlier, ...) NOTE: not-for-us (bahamut and other irc daemons; not in debian) CAN-2003-0477 (wzdftpd 0.1rc4 and earlier allows remote attackers to cause a denial ...) - wzdftpd 0.2 CAN-2003-0476 (The execve system call in Linux 2.4.x records the file descriptor of ...) {DSA-423 DSA-358} NOTE: fixed in 2.4.22-pre4 CAN-2003-0475 (Directory traversal vulnerability in iWeb Server 2 allows remote ...) NOTE: not-for-us (iWeb server) CAN-2003-0474 (Directory traversal vulnerability in iWeb Server allows remote ...) NOTE: not-for-us (iWeb server) CAN-2003-0473 (Unknown vulnerability in the IPv6 capability in IRIX 6.5.19 causes ...) NOTE: not-for-us (SGI IRIX) CAN-2003-0472 (The IPv6 capability in IRIX 6.5.19 allows remote attackers to cause a ...) NOTE: not-for-us (SGI IRIX) CAN-2003-0471 (Buffer overflow in WebAdmin.exe for WebAdmin allows remote attackers ...) NOTE: not-for-us (webadmin / win) CAN-2003-0470 (Buffer overflow in the "RuFSI Utility Class" ActiveX control (aka ...) NOTE: not-for-us (symantec activex) CAN-2003-0469 (Buffer overflow in the HTML Converter (HTML32.cnv) on various Windows ...) NOTE: not-for-us (microsoft) CAN-2003-0468 (Postfix 1.1.11 and earlier allows remote attackers to use Postfix to ...) {DSA-363} CAN-2003-0467 (Unknown vulnerability in ip_nat_sack_adjust of Netfilter in Linux ...) NOTE: fixed in linux 2.4.21 CAN-2003-0466 (Off-by-one error in the fb_realpath() function, as derived from the ...) {DSA-357} CAN-2003-0465 strncpy in kernel does not pad with zeroes - kernel-source-2.4.27 (unfixed; bug #280492) NOTE: generic .c version fixed in 2.6.x but not in 2.4.x NOTE: arch specific asm versions: NOTE: x86 is not affected NOTE: ppc32 fixed in 2.4.22-rc4 CAN-2003-0464 (The RPC code in Linux kernel 2.4 sets the reuse flag when sockets are ...) NOTE: fixed in linux 2.4.22-pre8 CAN-2003-0463 NOTE: reserved CAN-2003-0462 (A race condition in the way env_start and env_end pointers are ...) {DSA-423 DSA-358} CAN-2003-0461 (/proc/tty/driver/serial in Linux 2.4.x reveals the exact number of ...) {DSA-423 DSA-358} CAN-2003-0460 (The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 ...) NOTE: not-for-us (apache for win and os/2) CAN-2003-0459 (KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication ...) {DSA-361} CAN-2003-0458 (Unknown vulnerability in HP NonStop Server D40.00 through D48.03, and ...) NOTE: not-for-us (HP) CAN-2003-0457 NOTE: reserved - mysql-dfsg 4.0.21-4 CAN-2003-0456 (VisNetic WebSite 3.5 allows remote attackers to obtain the full ...) NOTE: not-for-us (visnetic website) CAN-2003-0455 (The imagemagick libmagick library 5.5 and earlier creates temporary ...) {DSA-331} CAN-2003-0454 (Multiple buffer overflows in xgalaga 2.0.34 and earlier allow local ...) {DSA-334} CAN-2003-0453 (traceroute-nanog 6.1.1 allows local users to overwrite unauthorized ...) {DSA-348} CAN-2003-0452 (Buffer overflows in osh before 1.7-11 allow local users to execute ...) {DSA-329} CAN-2003-0451 (Multiple buffer overflows in xbl before 1.0k allow local users to gain ...) {DSA-327} CAN-2003-0450 (Cistron RADIUS daemon (radiusd-cistron) 1.6.6 and earlier allows ...) {DSA-321} CAN-2003-0449 (Progress Database 9.1 to 9.1D06 trusts user input to find and load ...) NOTE: not-for-us (progress database) CAN-2003-0448 (Portmon 1.7 and possibly earlier versions allows local users to read ...) NOTE: not-for-us (portmon; not in debian) CAN-2003-0447 (The Custom HTTP Errors capability in Internet Explorer 5.01, 5.5 and ...) NOTE: not-for-us (microsoft) CAN-2003-0446 (Cross-site scripting (XSS) in Internet Explorer 5.5 and 6.0, possibly ...) NOTE: not-for-us (microsoft) CAN-2003-0445 (Buffer overflow in webfs before 1.17.1 allows remote attackers to ...) {DSA-328} CAN-2003-0444 (Heap-based buffer overflow in GTKSee 0.5 and 0.5.1 allows remote ...) {DSA-337} CAN-2003-0443 NOTE: reserved CAN-2003-0442 (Cross-site scripting (XSS) vulnerability in the transparent SID ...) {DSA-351} CAN-2003-0441 (Multiple buffer overflows in Orville Write (orville-write) 2.53 and ...) {DSA-326} CAN-2003-0440 (The (1) semi MIME library 1.14.5 and earlier, and (2) wemi 1.14.0 and ...) {DSA-339} CAN-2003-0439 NOTE: reserved CAN-2003-0438 (eldav WebDAV client for Emacs, version 0.7.2 and earlier, allows local ...) {DSA-325} CAN-2003-0437 (Buffer overflow in search.cgi for mnoGoSearch 3.2.10 allows remote ...) - mnogosearch-common 3.2.11 CAN-2003-0436 (Buffer overflow in search.cgi for mnoGoSearch 3.1.20 allows remote ...) - mnogosearch-common 3.2.11 CAN-2003-0435 (Buffer overflow in net_swapscore for typespeed 0.4.1 and earlier ...) {DSA-322} CAN-2003-0434 (Various PDF viewers including Adobe Acrobat 5.06 and Xpdf 1.01 allow ...) NOTE: various pdf viewers NOTE: kpdf does not seem to support hyperlinks; so not vulnerable NOTE: gpdf 2.8.0 does not seem to be vulnerable - xpdf 2.02pl1-1 CAN-2003-0433 (Multiple buffer overflows in gnocatan 0.6.1 and earlier allow ...) {DSA-315} CAN-2003-0432 (Ethereal 0.9.12 and earlier does not handle certain strings properly, ...) {DSA-324} CAN-2003-0431 (The tvb_get_nstringz0 function in Ethereal 0.9.12 and earlier does not ...) {DSA-324} CAN-2003-0430 (The SPNEGO dissector in Ethereal 0.9.12 and earlier allows remote ...) - ethereal 0.9.13 CAN-2003-0429 (The OSI dissector in Ethereal 0.9.12 and earlier allows remote ...) {DSA-324} CAN-2003-0428 (Unknown vulnerability in the DCERPC dissector in Ethereal 0.9.12 and ...) {DSA-324} CAN-2003-0427 (Buffer overflow in mikmod 3.1.6 and earlier allows remote attackers to ...) {DSA-320} CAN-2003-0426 (The installation of Apple QuickTime / Darwin Streaming Server before ...) NOTE: not-for-us (Apple) CAN-2003-0425 (Directory traversal vulnerability in Apple QuickTime / Darwin ...) NOTE: not-for-us (Apple) CAN-2003-0424 (Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote ...) NOTE: not-for-us (Apple) CAN-2003-0423 (parse_xml.cgi in Apple QuickTime / Darwin Streaming Server before ...) NOTE: not-for-us (Apple) CAN-2003-0422 (Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote ...) NOTE: not-for-us (Apple) CAN-2003-0421 (Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote ...) NOTE: not-for-us (Apple) CAN-2003-0420 NOTE: reserved CAN-2003-0419 (SMC Networks Barricade Wireless Cable/DSL Broadband Router SMC7004VWBR ...) NOTE: not-for-us (SMC) CAN-2003-0418 (The Linux 2.0 kernel IP stack does not properly calculate the size of ...) NOTE: only linux 2.0.x CAN-2003-0417 (Directory traversal vulnerability in Son hServer 0.2 allows remote ...) NOTE: not-for-us (Son hServer) CAN-2003-0416 (Cross-site scripting (XSS) vulnerability in index.cgi for Bandmin 1.4 ...) NOTE: not-for-us (bandmin; not in Debian) CAN-2003-0415 (Remote PC Access Server 2.2 allows remote attackers to cause a denial ...) NOTE: not-for-us (Remote PC Access) CAN-2003-0414 (The installation of Sun ONE Application Server 7.0 for Windows 2000/XP ...) NOTE: not-for-us (Sun ONE) CAN-2003-0413 (Cross-site scripting (XSS) vulnerability in the webapps-simple sample ...) NOTE: not-for-us (Sun ONE) CAN-2003-0412 (Sun ONE Application Server 7.0 for Windows 2000/XP does not log the ...) NOTE: not-for-us (Sun ONE) CAN-2003-0411 (Sun ONE Application Server 7.0 for Windows 2000/XP allows remote ...) NOTE: not-for-us (Sun ONE) CAN-2003-0410 (Buffer overflow in AnalogX Proxy 4.13 allows remote attackers to ...) NOTE: not-for-us (AnalogX proxy) CAN-2003-0409 (Buffer overflow in BRS WebWeaver 1.04 and earlier allows remote ...) NOTE: not-for-us (BRS WebWeaver) CAN-2003-0408 (Buffer overflow in Uptime Client (UpClient) 5.0b7, and possibly other ...) NOTE: not-for-us (Uptimes Project upclient; not in Debian) CAN-2003-0407 (Buffer overflow in gbnserver for Gnome Batalla Naval 1.0.4 allows ...) - gbatnav 1.0.4-4 CAN-2003-0406 (PalmVNC 1.40 and earlier stores passwords in plaintext in the ...) NOTE: not-for-us (PalmVNC) CAN-2003-0405 (Vignette StoryServer 5 and Vignette V/6 allows remote attackers to ...) NOTE: not-for-us (Vignette) CAN-2003-0404 (Multiple Cross Site Scripting (XSS) vulnerabilities in Vignette ...) NOTE: not-for-us (Vignette) CAN-2003-0403 (Vignette StoryServer 5 and Vignette V/5 allows remote attackers to ...) NOTE: not-for-us (Vignette) CAN-2003-0402 (The default login template (/vgn/login) in Vignette StoryServer 5 and ...) NOTE: not-for-us (Vignette) CAN-2003-0401 (Vignette StoryServer and Vignette V/5 allows remote attackers to ...) NOTE: not-for-us (Vignette) CAN-2003-0400 (Vignette StoryServer and Vignette V/5 does not properly calculate the ...) NOTE: not-for-us (Vignette / AIX) CAN-2003-0399 (Vignette StoryServer 4 and 5, Vignette V/5, and possibly other ...) NOTE: not-for-us (Vignette StoryServer) CAN-2003-0398 (Vignette StoryServer 4 and 5, and Vignette V/5 and V/6, with the SSI ...) NOTE: not-for-us (Vignette StoryServer) CAN-2003-0397 (Buffer overflow in FastTrack (FT) network code, as used in Kazaa 2.0.2 ...) NOTE: not-for-us (FastTrack network code (Kazaa)) CAN-2003-0396 (Buffer overflow in les for ATM on Linux (linux-atm) before 2.4.1, if ...) - linux-arm 2.4.1 CAN-2003-0395 (Ultimate PHP Board (UPB) 1.9 allows remote attackers to execute ...) NOTE: not-for-us (Ultimate PHP Board) CAN-2003-0394 (objects.inc.php4 in BLNews 2.1.3 allows remote attackers to execute ...) NOTE: not-for-us (BLNews) CAN-2003-0393 (Privacyware Privatefirewall 3.0 does not block certain incoming ...) NOTE: not-for-us (Privacyware Privatefirewall) CAN-2003-0392 (Directory traversal vulnerability in ST FTP Service 3.0 allows remote ...) NOTE: not-for-us (ST FTP Service (DOS)) CAN-2003-0391 (Format string vulnerability in Magic WinMail Server 2.3, and possibly ...) NOTE: not-for-us (Magic WinMail Server) CAN-2003-0390 (Multiple buffer overflows in Options Parsing Tool (OPT) shared library ...) - opt 3.19 CAN-2003-0389 (Cross-site scripting (XSS) vulnerability in the secure redirect ...) NOTE: not-for-us (RSA ACE/Agent) CAN-2003-0388 (pam_wheel in Linux-PAM 0.78, with the trust option enabled and the ...) NOTE: pam is not vulnerable in default confuguration NOTE: pam is not vulnerable at all in sarge, according to maintainer CAN-2003-0387 NOTE: reserved CAN-2003-0386 (OpenSSH 3.6.1 and earlier, when restricting host access by numeric IP ...) NOTE: fixed in current openssh, which always does reverse mapping now CAN-2003-0385 (Buffer overflow in xaos 3.0-23 and earlier, when running setuid, ...) {DSA-310} - xaos 3.1r-4 CAN-2003-0384 NOTE: reserved CAN-2003-0382 (Buffer overflow in Eterm 0.9.2 allows local users to gain privileges ...) {DSA-309} CAN-2003-0381 (Multiple vulnerabilities in noweb 2.9 and earlier creates temporary ...) {DSA-323} CAN-2003-0380 (Buffer overflow in atftp daemon (atftpd) 0.6.1 and earlier, and ...) {DSA-314} CAN-2003-0379 (Unknown vulnerability in Apple File Service (AFP Server) for Mac OS X ...) NOTE: not-for-us (MaxOS) CAN-2003-0378 (The Kerberos login authentication feature in Mac OS X, when used with ...) NOTE: not-for-us (MaxOS) CAN-2003-0377 (SQL injection vulnerability in the web-based administration interface ...) NOTE: not-for-us (iisPROTECT) CAN-2003-0376 (Buffer overflow in Eudora 5.2.1 allows remote attackers to cause a ...) NOTE: not-for-us (Eudora) CAN-2003-0375 (Cross-site scripting (XSS) vulnerability in member.php of XMBforum XMB ...) NOTE: not-for-us (XMBforum aka Partagium)) CAN-2003-0374 (Multiple unknown vulnerabilities in Nessus before 2.0.6, in libnessus ...) - nessus 2.0.6 CAN-2003-0373 (Multiple buffer overflows in Nessus before 2.0.6 allow local users ...) - nessus 2.0.6 CAN-2003-0372 (Signed integer vulnerability in libnsl in Nessus before 2.0.6 allows ...) - nessus 2.0.6 CAN-2003-0371 (Buffer overflow in Prishtina FTP client 1.x allows remote FTP servers ...) NOTE: not-for-us (Prishtina FTP client) CAN-2003-0370 (Konqueror Embedded and KDE 2.2.2 and earlier does not validate the ...) {DSA-361} CAN-2003-0369 NOTE: reserved CAN-2003-0368 (Nokia Gateway GPRS support node (GGSN) allows remote attackers to ...) NOTE: not-for-us (Nokia Gateway GPRS) CAN-2003-0367 (znew in the gzip package allows local users to overwrite arbitrary ...) {DSA-308} CAN-2003-0366 (lyskom-server 2.0.7 and earlier allows unauthenticated users to cause ...) {DSA-318} CAN-2003-0365 (ICQLite 2003a creates the ICQ Lite directory with an ACE for "Full ...) NOTE: not-for-us (ICQLite) CAN-2003-0364 (The TCP/IP fragment reassembly handling in the Linux kernel 2.4 allows ...) {DSA-442 DSA-336 DSA-332 DSA-311} CAN-2003-0363 NOTE: reserved CAN-2003-0362 (Buffer overflow in gPS before 0.10.2 may allow local users to cause a ...) {DSA-307} CAN-2003-0361 (gPS before 1.1.0 does not properly follow the rgpsp connection source ...) {DSA-307} CAN-2003-0360 (Multiple buffer overflows in gPS before 1.0.0 allow attackers to cause ...) {DSA-307} CAN-2003-0359 (nethack 3.4.0 and earlier installs certain setgid binaries with ...) {DSA-316} CAN-2003-0358 (Buffer overflow in (1) nethack 3.4.0 and earlier, and (2) falconseye ...) {DSA-350 DSA-316} CAN-2003-0357 (Multiple integer overflow vulnerabilities in Ethereal 0.9.11 and ...) {DSA-313} CAN-2003-0356 (Multiple off-by-one vulnerabilities in Ethereal 0.9.11 and earlier ...) {DSA-313} CAN-2003-0355 (Safari 1.0 Beta 2 (v73) and earlier does not validate the Common Name ...) NOTE: not-for-us (Safari) CAN-2003-0354 (Unknown vulnerability in GNU Ghostscript before 7.07 allows attackers ...) - gs-gpl 7.07 CAN-2003-0353 (Buffer overflow in a component of SQL-DMO for Microsoft Data Access ...) NOTE: not-for-us (Microsoft) CAN-2003-0352 (Buffer overflow in a certain DCOM interface for RPC in Microsoft ...) NOTE: not-for-us (Microsoft) CAN-2003-0351 NOTE: rejected CAN-2003-0350 (The control for listing accessibility options in the Accessibility ...) NOTE: not-for-us (Microsoft) CAN-2003-0349 (Buffer overflow in the streaming media component for logging multicast ...) NOTE: not-for-us (Microsoft) CAN-2003-0348 (A certain Microsoft Windows Media Player 9 Series ActiveX control ...) NOTE: not-for-us (Microsoft) CAN-2003-0347 (Heap-based buffer overflow in VBE.DLL and VBE6.DLL of Microsoft Visual ...) NOTE: not-for-us (Microsoft) CAN-2003-0346 (Multiple integer overflows in a Microsoft Windows DirectX MIDI library ...) NOTE: not-for-us (Microsoft) CAN-2003-0345 (Buffer overflow in the SMB capability for Microsoft Windows XP, 2000, ...) NOTE: not-for-us (Microsoft) CAN-2003-0344 (Buffer overflow in Microsoft Internet Explorer 5.01, 5.5, and 6.0 ...) NOTE: not-for-us (Microsoft) CAN-2003-0343 (BlackMoon FTP Server 2.6 Free Edition, and possibly other ...) NOTE: not-for-us (BlackMoon FTP Server) CAN-2003-0342 (BlackMoon FTP Server 2.6 Free Edition, and possibly other ...) NOTE: not-for-us (BlackMoon FTP Server) CAN-2003-0341 (Cross-site scripting (XSS) vulnerability in Owl Intranet Engine 0.71 ...) NOTE: not-for-us (Owl Intranet Engine) CAN-2003-0340 (Demarc Puresecure 1.6 stores authentication information for the ...) NOTE: not-for-us (Puresecure) CAN-2003-0339 (Multiple heap-based buffer overflows in WsMp3 daemon (WsMp3d) 0.0.10 ...) NOTE: not-for-us (WsMp3) CAN-2003-0338 (Directory traversal vulnerability in WsMp3 daemon (WsMp3d) 0.0.10 and ...) NOTE: not-for-us (WsMp3) CAN-2003-0337 (The ckconfig command in lsadmin for Load Sharing Facility (LSF) 5.1 ...) NOTE: not-for-us (lsadmin) CAN-2003-0336 (Qualcomm Eudora 5.2.1 allows remote attackers to read arbitrary files ...) NOTE: not-for-us (Eudora) CAN-2003-0335 (rc.M in Slackware 9.0 calls quotacheck with the -M option, which ...) NOTE: not-for-us (Slaskware specific) CAN-2003-0334 (BitchX IRC client 1.0c20cvs and earlier allows attackers to cause a ...) - ircii-pana 1:1.0-0c19.20030512-1 CAN-2003-0333 (Multiple buffer overflows in kermit in HP-UX 10.20 and 11.00 (C-Kermit ...) NOTE: not-for-us (C-Kermit on HP-UX) CAN-2003-0332 (The ISAPI extension in BadBlue 1.7 through 2.2, and possibly earlier ...) NOTE: not-for-us (BadBlue) CAN-2003-0331 (SQL injection vulnerability in ttForum allows remote attackers to ...) NOTE: not-for-us (ttForum) CAN-2003-0330 (Buffer overflow in unknown versions of Maelstrom allows local users to ...) NOTE: maelstrom in sarge tests not vulnerable to exploit. Unsure when fixed. CAN-2003-0329 (CesarFTP 0.99g stores user names and passwords in plaintext in the ...) NOTE: not-for-us (CesarFTP) CAN-2003-0328 (EPIC IRC Client (EPIC4) pre2.002, pre2.003, and possibly later ...) {DSA-399 DSA-306} CAN-2003-0327 (Sybase Adaptive Server Enterprise (ASE) 12.5 allows remote attackers ...) NOTE: not-for-us (Sybase Adaptive Server Enterprise) CAN-2003-0326 (Integer overflow in parse_decode_path() of slocate may allow attackers ...) NOTE: bug does exist in slocate. NOTE: only impacts security if kernel has been recompiled to allow NOTE: an absurd 536870912 bytes of command line arguments. This is NOTE: very unlikely, and if you do exploit it, you get only slocate NOTE: gid. CAN-2003-0325 (Buffer overflow in Maelstrom 3.0.6, 3.0.5, and earlier allows local ...) NOTE: maelstrom in sarge tests not vulnerable to exploit. Unsure when fixed. CAN-2003-0324 (Buffer overflows in EPIC IRC Client (EPIC4) 1.0.1 allows remote ...) {DSA-287} CAN-2003-0323 (Multiple buffer overflows in ircII 20020912 allows remote malicious ...) {DSA-298 DSA-291} CAN-2003-0322 (Integer overflow in BitchX IRC client 1.0-0c19 and earlier allows ...) {DSA-306} CAN-2003-0321 (Multiple buffer overflows in BitchX IRC client 1.0-0c19 and earlier ...) {DSA-306} CAN-2003-0320 (header.php in ttCMS 2.3 and earlier allows remote attackers to inject ...) NOTE: not-for-us (ttCMS) CAN-2003-0319 (Buffer overflow in the IMAP server (IMAPMax) for SmartMax MailMax ...) NOTE: not-for-us (SmartMax MailMax) CAN-2003-0318 (Cross-site scripting (XSS) vulnerability in the Statistics module for ...) NOTE: not-for-us (PHP-Nuke) CAN-2003-0317 (iisPROTECT 2.1 and 2.2 allows remote attackers to bypass ...) NOTE: not-for-us (iisPROTECT) CAN-2003-0316 (Venturi Client before 2.2, as used in certain Fourelle and Venturi ...) NOTE: not-for-us (Venturi Client) CAN-2003-0315 (Snowblind Web Server 1.0 allows remote attackers to cause a denial of ...) NOTE: not-for-us (Snowblind Web Server) CAN-2003-0314 (Snowblind Web Server 1.0 allows remote attackers to cause a denial of ...) NOTE: not-for-us (Snowblind Web Server) CAN-2003-0313 (Directory traversal vulnerability in Snowblind Web Server 1.0 allows ...) NOTE: not-for-us (Snowblind Web Server) CAN-2003-0312 (Directory traversal vulnerability in Snowblind Web Server 1.0 allows ...) NOTE: not-for-us (Snowblind Web Server) CAN-2003-0311 NOTE: reserved CAN-2003-0310 (Cross-site scripting (XSS) vulnerability in articleview.php for eZ ...) NOTE: author apparently fixed hole by time vuln was reported, NOTE: and I guess that fix made it into new upstream versions, NOTE: but I did not check in detail CAN-2003-0309 (Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to bypass ...) NOTE: not-for-us (MSIE) CAN-2003-0308 (The Sendmail 8.12.3 package in Debian GNU/Linux 3.0 does not securely ...) {DSA-305} CAN-2003-0307 (Poster version.two allows remote authenticated users to gain ...) NOTE: not-for-us (Poster version.two) CAN-2003-0306 (Buffer overflow in EXPLORER.EXE on Windows XP allows attackers to ...) NOTE: not-for-us (Windows) CAN-2003-0305 (The Service Assurance Agent (SAA) in Cisco IOS 12.0 through 12.2, aka ...) NOTE: not-for-us (Cisco) CAN-2003-0304 (one||zero (aka One or Zero) Helpdesk 1.4 rc4 allows remote attackers ...) NOTE: not-for-us (one||zero (aka One or Zero) Helpdesk) CAN-2003-0303 (SQL injection vulnerability in one||zero (aka One or Zero) Helpdesk ...) NOTE: not-for-us (one||zero (aka One or Zero) Helpdesk) CAN-2003-0302 (The IMAP Client for Eudora 5.2.1 allows remote malicious IMAP servers ...) NOTE: not-for-us (Eudora) CAN-2003-0301 (The IMAP Client for Outlook Express 6.00.2800.1106 allows remote ...) NOTE: not-for-us (Microsort) CAN-2003-0300 (The IMAP Client for Sylpheed 0.8.11 allows remote malicious IMAP ...) NOTE: sylpheed and sylpheed-claws might still be vulnerable NOTE: but it's only a crasher CAN-2003-0299 (The IMAP Client, as used in mutt 1.4.1 and Balsa 2.0.10, allows remote ...) NOTE: mutt and balse might still be vulnerable NOTE: but it's only a crasher CAN-2003-0298 (The IMAP Client for Mozilla 1.3 and 1.4a allows remote malicious IMAP ...) - mozilla 1.4b CAN-2003-0297 (c-client IMAP Client, as used in imap-2002b and Pine 4.53, allows ...) - uw-imap 7:2002c NOTE: did not check pine CAN-2003-0296 (The IMAP Client for Evolution 1.2.4 allows remote malicious IMAP ...) - evolution 1.3.2 CAN-2003-0295 (Cross-site scripting (XSS) vulnerability in private.php for vBulletin ...) NOTE: not-for-us (vBulletin) CAN-2003-0294 (autohtml.php in php-proxima 6.0 and earlier allows remote attackers to ...) NOTE: not-for-us (php-proxima) CAN-2003-0293 (PalmOS allows remote attackers to cause a denial of service (CPU ...) NOTE: not-for-us (PalmOS) CAN-2003-0292 (Cross-site scripting (XSS) vulnerability in Inktomi Traffic-Server ...) NOTE: not-for-us (Inktomi) CAN-2003-0291 (3com OfficeConnect Remote 812 ADSL Router 1.1.7 does not properly ...) NOTE: not-for-us (3com OfficeConnect Remote 812 ADSL Router) CAN-2003-0290 (Memory leak in eServ 2.9x allows remote attackers to cause a denial of ...) NOTE: not-for-us (eServ) CAN-2003-0289 (Format string vulnerability in scsiopen.c of the cdrecord program in ...) - cdrtools 4:2.0+a14-1 CAN-2003-0288 (Buffer overflow in the file & folder transfer mechanism for IP ...) NOTE: not-for-us (IP Messenger for Win) CAN-2003-0287 (Cross-site scripting (XSS) vulnerability in Movable Type before 2.6, ...) NOTE: not-for-us (Movable Type) CAN-2003-0286 (SQL injection vulnerability in Snitz Forums 2000 before 3.3.03 and ...) NOTE: not-for-us (Snitz Forums) CAN-2003-0285 (IBM AIX 5.2 and earlier distributes Sendmail with a configuration file ...) NOTE: not-for-us (bad sendmail config on AIX) CAN-2003-0284 (Adobe Acrobat 5 does not properly validate JavaScript in PDF files, ...) NOTE: not-for-us (Adobe Acrobat) CAN-2003-0283 (Cross-site scripting (XSS) vulnerability in Phorum before 3.4.3 allows ...) NOTE: not-for-us (Phorum) CAN-2003-0282 (Directory traversal vulnerability in UnZip 5.50 allows attackers to ...) {DSA-344} CAN-2003-0281 (Buffer overflow in Firebird 1.0.2 allows local users to execute ...) - firebird2 1.5.1-1 NOTE: firebird (1) in debian is very insecure and vulnerable, but NOTE: the server is not included, just the libraries. See bug #251458 CAN-2003-0280 (Multiple buffer overflows in the SMTP Service for ESMTP CMailServer ...) NOTE: not-for-us (SMTP Service for ESMTP CMailServer ) CAN-2003-0279 (Multiple SQL injection vulnerabilities in the Web_Links module for ...) NOTE: not-for-us (PHP-Nuke) CAN-2003-0278 (Cross-site scripting (XSS) vulnerability in normal_html.cgi in ...) NOTE: not-for-us (HappyMail) CAN-2003-0277 (Directory traversal vulnerability in normal_html.cgi in Happycgi.com ...) NOTE: not-for-us (HappyMail) CAN-2003-0276 (Buffer overflow in Pi3Web 2.0.1 allows remote attackers to cause a ...) NOTE: not-for-us (Pi3Web) CAN-2003-0275 (SSI.php in YaBB SE 1.5.2 allows remote attackers to execute arbitrary ...) NOTE: not-for-us (YaBB SE) CAN-2003-0274 (Buffer overflow in catmail for ListProc 8.2.09 and earlier allows ...) NOTE: not-for-us (ListProc) CAN-2003-0273 (Cross-site scripting (XSS) vulnerability in the web interface for ...) NOTE: old version of Request Tracker not in debian. CAN-2003-0272 (admin.php in miniPortail allows remote attackers to gain ...) NOTE: not-for-us (miniPortail) CAN-2003-0271 (Buffer overflow in Personal FTP Server allows remote attackers to ...) NOTE: not-for-us (Personal FTP Server) CAN-2003-0270 (The administration capability for Apple AirPort 802.11 wireless access ...) NOTE: not-for-us (Apple Airport) CAN-2003-0269 (Buffer overflow in youbin allows local users to gain privileges via a ...) NOTE: not-for-us (youbin) CAN-2003-0268 (SLWebMail 3 on Windows systems allows remote attackers to identify the ...) NOTE: not-for-us (SLWebMail on Windows) CAN-2003-0267 (ShowGodLog.dll in SLWebMail 3 on Windows systems allows remote ...) NOTE: not-for-us (SLWebMail on Windows) CAN-2003-0266 (Multiple buffer overflows in SLWebMail 3 on Windows systems allows ...) NOTE: not-for-us (SLWebMail on Windows) CAN-2003-0265 (Race condition in SDBINST for SAP database 7.3.0.29 creates critical ...) NOTE: not-for-us (SDBINST for SAP database) CAN-2003-0264 (Multiple buffer overflows in SLMail 5.1.0.4420 allows remote attackers ...) NOTE: not-for-us (SLMail) CAN-2003-0263 (Multiple buffer overflows in Floosietek FTGate Pro Mail Server ...) NOTE: not-for-us (FTGatePro) CAN-2003-0262 (leksbot 1.2.3 in Debian GNU/Linux installs the KATAXWR as setuid root, ...) {DSA-299} CAN-2003-0261 (fuzz 0.6 and earlier creates temporary files insecurely, which could ...) {DSA-302} CAN-2003-0260 (Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client ...) NOTE: not-for-us (Cisco) CAN-2003-0259 (Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client ...) NOTE: not-for-us (Cisco) CAN-2003-0258 (Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client ...) NOTE: not-for-us (Cisco) CAN-2003-0257 (Format string vulnerability in the printer capability for IBM AIX .3, ...) NOTE: not-for-us (AIX) CAN-2003-0256 (The GnuPG plugin in kopete before 0.6.2 does not properly cleanse the ...) - kopete 3.2.0 CAN-2003-0255 (The key validation code in GnuPG before 1.2.2 does not properly ...) - gnupg 1.2.2 CAN-2003-0254 (Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers ...) - apache2 2.0.47 CAN-2003-0253 (The prefork MPM in Apache 2 before 2.0.47 does not properly handle ...) - apache2 2.0.47 CAN-2003-0252 (Off-by-one error in the xlog function of mountd in the Linux NFS utils ...) {DSA-349} CAN-2003-0251 (ypserv NIS server before 2.7 allows remote attackers to cause a denial ...) NOTE: actually, we need ypserv 2.7, nis 3.11 has ypserv 2.13 - nis 3.11 CAN-2003-0250 NOTE: reserved CAN-2003-0249 NOTE: reserved CAN-2003-0248 (The mxcsr code in Linux kernel 2.4 allows attackers to modify CPU ...) {DSA-442 DSA-336 DSA-332 DSA-312 DSA-311} CAN-2003-0247 (Unknown vulnerability in the TTY layer of the Linux kernel 2.4 allows ...) {DSA-442 DSA-336 DSA-332 DSA-312 DSA-311} CAN-2003-0246 (The ioperm system call in Linux kernel 2.4.20 and earlier does not ...) {DSA-442 DSA-336 DSA-332 DSA-312 DSA-311} CAN-2003-0245 (Vulnerability in the apr_psprintf function in the Apache Portable ...) - apache2 2.0.46 CAN-2003-0244 (The route cache implementation in Linux 2.4, and the Netfilter IP ...) {DSA-442 DSA-336 DSA-332 DSA-312 DSA-311} CAN-2003-0243 (Happycgi.com Happymall 4.3 and 4.4 allows remote attackers to execute ...) NOTE: not-for-us (Happycgi.com Happymall) CAN-2003-0242 (IPSec in Mac OS X before 10.2.6 does not properly handle certain ...) NOTE: not-for-us (MacOS) CAN-2003-0241 (FrontRange GoldMine mail agent 5.70 and 6.00 before 30503 directly ...) NOTE: not-for-us (FrontRange GoldMine / win) CAN-2003-0240 (The web-based administration capability for various Axis Network ...) NOTE: not-for-us (Axis Network Camera) CAN-2003-0239 (icqateimg32.dll parsing/rendering library in Mirabilis ICQ Pro 2003a ...) NOTE: not-for-us (Mirabilis ICQ / windows) CAN-2003-0238 (The Message Session window in Mirabilis ICQ Pro 2003a allows remote ...) NOTE: not-for-us (Mirabilis ICQ / windows) CAN-2003-0237 (The "ICQ Features on Demand" functionality for Mirabilis ICQ Pro 2003a ...) NOTE: not-for-us (Mirabilis ICQ / windows) CAN-2003-0236 (Integer signedness errors in the POP3 client for Mirabilis ICQ Pro ...) NOTE: not-for-us (Mirabilis ICQ / windows) CAN-2003-0235 (Format string vulnerability in POP3 client for Mirabilis ICQ Pro 2003a ...) NOTE: not-for-us (Mirabilis ICQ / windows) CAN-2003-0234 NOTE: reserved CAN-2003-0233 (Heap-based buffer overflow in plugin.ocx for Internet Explorer 5.01, ...) NOTE: not-for-us (microsoft) CAN-2003-0232 (Microsoft SQL Server 7, 2000, and MSDE allows local users to execute ...) NOTE: not-for-us (microsoft) CAN-2003-0231 (Microsoft SQL Server 7, 2000, and MSDE allows local or remote ...) NOTE: not-for-us (microsoft) CAN-2003-0230 (Microsoft SQL Server 7, 2000, and MSDE allows local users go gain ...) NOTE: not-for-us (microsoft) CAN-2003-0229 NOTE: reserved CAN-2003-0228 (Directory traversal vulnerability in Microsoft Windows Media Player ...) NOTE: not-for-us (microsoft) CAN-2003-0227 (The logging capability for unicast and multicast transmissions in the ...) NOTE: not-for-us (microsoft) CAN-2003-0226 (Microsoft Internet Information Services (IIS) 5.0 and 5.1 allows ...) NOTE: not-for-us (microsoft) CAN-2003-0225 (The ASP function Response.AddHeader in Microsoft Internet Information ...) NOTE: not-for-us (microsoft) CAN-2003-0224 (Buffer overflow in ssinc.dll for Microsoft Internet Information ...) NOTE: not-for-us (microsoft) CAN-2003-0223 (Cross-site scripting vulnerability (XSS) in the ASP function ...) NOTE: not-for-us (microsoft) CAN-2003-0222 (Stack-based buffer overflow in Oracle Net Services for Oracle Database ...) NOTE: not-for-us (oracle) CAN-2003-0221 (The (1) dupatch and (2) setld utilities in HP Tru64 UNIX 5.1B PK1 and ...) NOTE: not-for-us (HP tru64) CAN-2003-0220 (Buffer overflow in the administrator authentication process for Kerio ...) NOTE: not-for-us (Kerio Personal Firewall) CAN-2003-0219 (Kerio Personal Firewall (KPF) 2.1.4 and earlier allows remote ...) NOTE: not-for-us (Kerio Personal Firewall) CAN-2003-0218 (Buffer overflow in PostMethod() function for Monkey HTTP Daemon ...) NOTE: not-for-us (Monkey http daemon; not in debian) CAN-2003-0217 (Cross-site scripting (XSS) vulnerability in Neoteris Instant Virtual ...) NOTE: not-for-us (Neoteris Instant Virtual Extranet) CAN-2003-0216 (Unknown vulnerability in Cisco Catalyst 7.5(1) allows local users to ...) NOTE: not-for-us (cisco) CAN-2003-0215 (SQL injection vulnerability in bttlxeForum 2.0 beta 3 and earlier ...) NOTE: not-for-us (bttlxeForum / win) CAN-2003-0214 (run-mailcap in mime-support 3.22 and earlier allows local users to ...) {DSA-292} CAN-2003-0213 (ctrlpacket.c in PoPToP PPTP server before 1.1.4-b3 allows remote ...) {DSA-295} CAN-2003-0212 (handleAccept in rinetd before 0.62 does not properly resize the ...) {DSA-289} CAN-2003-0211 (Memory leak in xinetd 2.3.10 allows remote attackers to cause a denial ...) - xinetd 2.3.11 CAN-2003-0210 (Buffer overflow in the administration service (CSAdmin) for Cisco ...) NOTE: not-for-us (cisco) CAN-2003-0209 (Integer overflow in the TCP stream reassembly module (stream4) for ...) {DSA-297} CAN-2003-0208 (Cross-site scripting (XSS) vulnerability in Macromedia Flash ad user ...) NOTE: not-for-us (macromedia flash) CAN-2003-0207 (ps2epsi creates insecure temporary files when calling ghostscript, ...) {DSA-286} CAN-2003-0206 (gkrellm-newsticker gkrellm plugin before 0.3-3.1 allows remote ...) {DSA-294} CAN-2003-0205 (gkrellm-newsticker gkrellm plugin before 0.3-3.1 allows remote ...) {DSA-294} CAN-2003-0204 (KDE 2 and KDE 3.1.1 and earlier 3.x versions allows attackers to ...) {DSA-296 DSA-293 DSA-284} CAN-2003-0203 (Buffer overflow in moxftp 2.2 and earlier allows remote malicious FTP ...) {DSA-281} CAN-2003-0202 (The (1) halstead and (2) gather_stats scripts in metrics 1.0 allow ...) {DSA-279} CAN-2003-0201 (Buffer overflow in the call_trans2open function in trans2.c for Samba ...) {DSA-280} CAN-2003-0200 NOTE: reserved CAN-2003-0199 NOTE: reserved CAN-2003-0198 (Mac OS X before 10.2.5 allows guest users to modify the permissions of ...) NOTE: not-for-us (MacOS) CAN-2003-0197 (Buffer overflow gds_lock_mgr of Interbase Database 6.x allows local ...) NOTE: not-for-us (Interbase Database) CAN-2003-0196 (Multiple buffer overflows in Samba before 2.2.8a may allow remote ...) {DSA-280} CAN-2003-0195 (CUPS before 1.1.19 allows remote attackers to cause a denial of ...) {DSA-317} CAN-2003-0194 (tcpdump does not properly drop privileges to the pcap user when ...) NOTE: apparently a redhat specific compilation prolem of tcpdump CAN-2003-0193 (msxlsview.sh in xlsview for catdoc 0.91 and earlier allows local users ...) {DSA-575-1} - catdoc 0.91.5-2 CAN-2003-0192 (Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache ...) - apache2 2.0.47 CAN-2003-0190 (OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support ...) - ssh 1:3.8.1p1-8.sarge.4 CAN-2003-0189 (The authentication module for Apache 2.0.40 through 2.0.45 on Unix ...) - apache2 2.0.46 CAN-2003-0188 (lv reads a .lv file from the current working directory, which allows ...) {DSA-304} CAN-2003-0187 (The connection tracking core of Netfilter for Linux 2.4.20, with ...) NOTE: only affects kernel 2.4.19, 2.4.20. CAN-2003-0186 NOTE: reserved CAN-2003-0185 NOTE: reserved CAN-2003-0184 NOTE: reserved CAN-2003-0183 NOTE: reserved CAN-2003-0182 NOTE: reserved CAN-2003-0181 (Lotus Domino Web Server (nhttp.exe) before 6.0.1 allows remote ...) NOTE: not-for-us (Lotus Domino Web Server) CAN-2003-0180 (Lotus Domino Web Server (nhttp.exe) before 6.0.1 allows remote ...) NOTE: not-for-us (Lotus Domino Web Server) CAN-2003-0179 (Buffer overflow in the COM Object Control Handler for Lotus Domino ...) NOTE: not-for-us (Lotus Domino Web Server) CAN-2003-0178 (Multiple buffer overflows in Lotus Domino Web Server before 6.0.1 ...) NOTE: not-for-us (Lotus Domino Web Server) CAN-2003-0177 (SGI IRIX 6.5.x through 6.5.20f, and possibly earlier versions, does ...) NOTE: not-for-us (IRIX) CAN-2003-0176 (The Name Service Daemon (nsd), when running on an NIS master on SGI ...) NOTE: not-for-us (IRIX) CAN-2003-0175 (SGI IRIX before 6.5.21 allows local users to cause a denial of service ...) NOTE: not-for-us (IRIX) CAN-2003-0174 (The LDAP name service (nsd) in IRIX 6.5.19 and earlier does not ...) NOTE: not-for-us (IRIX) CAN-2003-0173 (xfsdq in xfsdump does not create quota information files securely, ...) {DSA-283} CAN-2003-0172 (Buffer overflow in openlog function for PHP 4.3.1 on Windows operating ...) NOTE: not belived to be vulnerable (http://marc.theaimsgroup.com/?l=bugtraq&m=104931415307111&w=2) CAN-2003-0171 (DirectoryServices in MacOS X trusts the PATH environment variable to ...) NOTE: not-for-us (MacOS) CAN-2003-0170 (Unknown vulnerability in ftpd in IBM AIX 5.2, when configured to use ...) NOTE: not-for-us (AIX) CAN-2003-0169 (hpnst.exe in the GoAhead-Webs webserver for HP Instant TopTools before ...) NOTE: not-for-us (HP Instant TopTools) CAN-2003-0168 (Buffer overflow in Apple QuickTime Player 5.x and 6.0 for Windows ...) NOTE: not-for-us (Apple QuickTime Player) CAN-2003-0167 (Multiple off-by-one buffer overflows in the IMAP capability for Mutt ...) {DSA-300 DSA-274} CAN-2003-0166 (Integer signedness error in emalloc() function for PHP before 4.3.2 ...) NOTE: not belived to be vulnerable (http://marc.theaimsgroup.com/?l=bugtraq&m=104931415307111&w=2) CAN-2003-0165 (Format string vulnerability in Eye Of Gnome (EOG) allows attackers to ...) - eog 2.2.1 CAN-2003-0164 NOTE: reserved CAN-2003-0163 (decrypt_msg for the Gaim-Encryption GAIM plugin 1.15 and earlier does ...) NOTE: Gaim-Encryption Plugin not in debian CAN-2003-0162 (Ecartis 1.0.0 (formerly listar) before snapshot 20030227 allows remote ...) {DSA-271} CAN-2003-0161 (The prescan() function in the address parser (parseaddr.c) in Sendmail ...) {DSA-290 DSA-278} CAN-2003-0160 (Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail ...) - squirrelmail 1:1.2.11 CAN-2003-0159 (Heap-based buffer overflow in the NTLMSSP code for Ethereal 0.9.9 and ...) - ethereal 0.9.10 CAN-2003-0158 NOTE: rejected CAN-2003-0157 NOTE: rejected CAN-2003-0156 (Directory traversal vulnerability in Cross-Referencing Linux (LXR) ...) {DSA-264} CAN-2003-0155 (bonsai Mozilla CVS query tool allows remote attackers to gain access ...) {DSA-265} CAN-2003-0154 (Cross-site scripting vulnerabilities (XSS) in bonsai Mozilla CVS query ...) {DSA-265} CAN-2003-0153 (bonsai Mozilla CVS query tool leaks the absolute pathname of the tool ...) {DSA-265} CAN-2003-0152 (Unknown vulnerability in bonsai Mozilla CVS query tool allows remote ...) {DSA-265} CAN-2003-0151 (BEA WebLogic Server and Express 6.0 through 7.0 does not properly ...) NOTE: not-for-us (BEA WebLogic Server) CAN-2003-0150 (MySQL 3.23.55 and earlier creates world-writeable files and allows ...) {DSA-303} CAN-2003-0149 (Heap-based buffer overflow in ePO agent for McAfee ePolicy ...) NOTE: not-for-us (McAfee ePolicy Orchestrator) CAN-2003-0148 (The default installation of MSDE via McAfee ePolicy Orchestrator 2.0 ...) NOTE: not-for-us (McAfee ePolicy Orchestrator) CAN-2003-0147 (OpenSSL does not use RSA blinding by default, which allows local and ...) {DSA-288} CAN-2003-0146 (Multiple vulnerabilities in NetPBM 9.20 and earlier, and possibly ...) {DSA-263} CAN-2003-0145 {DSA-261} CAN-2003-0144 (Buffer overflow in the lprm command in the lprold lpr package on SuSE ...) {DSA-275 DSA-267} CAN-2003-0143 {DSA-259} CAN-2003-0142 (Adobe Acrobat Reader (acroread) 6, under certain circumstances when ...) NOTE: not-for-us (acroread) CAN-2003-0141 (The PNG deflate algorithm in RealOne Player 6.0.11.x and earlier, ...) NOTE: not-for-us (Real) CAN-2003-0140 (Buffer overflow in Mutt 1.4.0 and possibly earlier versions, 1.5.x up ...) {DSA-268} CAN-2003-0139 (Certain weaknesses in the implementation of version 4 of the Kerberos ...) {DSA-273 DSA-266} CAN-2003-0138 (Version 4 of the Kerberos protocol (krb4), as used in Heimdal and ...) {DSA-273 DSA-269 DSA-266} CAN-2003-0137 (SNMP daemon in the DX200 based network element for Nokia Serving GPRS ...) NOTE: not-for-us (Nokia Serving GPRS support node) CAN-2003-0136 (psbanner in the LPRng package allows local users to overwrite ...) {DSA-285} CAN-2003-0135 (vsftpd FTP daemon in Red Hat Linux 9 is not compiled against TCP ...) NOTE: red-hat specific compilation problem of vsftpd CAN-2003-0134 (Unknown vulnerability in filestat.c for Apache running on OS2, ...) - apache2 2.0.46 CAN-2003-0133 (GtkHTML, as included in Evolution before 1.2.4, allows remote ...) - evolution 1.2.4 CAN-2003-0132 (A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to ...) - apache2 2.0.45 CAN-2003-0131 (The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and ...) {DSA-288} CAN-2003-0130 (The handle_image function in mail-format.c for Ximian Evolution Mail ...) - evolution 1.2.3 CAN-2003-0129 (Ximian Evolution Mail User Agent 1.2.2 and earlier allows remote ...) - evolution 1.2.3 CAN-2003-0128 (The try_uudecoding function in mail-format.c for Ximian Evolution Mail ...) - evolution 1.2.3 CAN-2003-0127 (The kernel module loader in Linux kernel 2.2.x before 2.2.25, and ...) {DSA-495 DSA-423 DSA-336 DSA-332 DSA-312 DSA-311 DSA-276 DSA-270} CAN-2003-0126 (The web interface for SOHO Routefinder 550 firmware 4.63 and earlier, ...) NOTE: not-for-us (SOHO Routefinder 550 firmware) CAN-2003-0121 (Clearswift MAILsweeper 4.x allows remote attackers to bypass ...) NOTE: not-for-us (Clearswift MAILsweeper) CAN-2003-0120 {DSA-256} CAN-2003-0119 (The secldapclntd daemon in AIX 4.3, 5.1 and 5.2 uses an Internet ...) NOTE: not-for-us (AIX) CAN-2003-0118 (SQL injection vulnerability in the Document Tracking and ...) NOTE: not-for-us (Microsoft) CAN-2003-0117 (Buffer overflow in the HTTP receiver function (BizTalkHTTPReceive.dll ...) NOTE: not-for-us (Microsoft) CAN-2003-0116 (Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check ...) NOTE: not-for-us (Microsoft) CAN-2003-0115 (Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check ...) NOTE: not-for-us (Microsoft) CAN-2003-0114 (The file upload control in Microsoft Internet Explorer 5.01, 5.5, and ...) NOTE: not-for-us (Microsoft) CAN-2003-0113 (Buffer overflow in URLMON.DLL in Microsoft Internet Explorer 5.01, 5.5 ...) NOTE: not-for-us (Microsoft) CAN-2003-0112 (Buffer overflow in Windows Kernel allows local users to gain ...) NOTE: not-for-us (Microsoft) CAN-2003-0111 (The ByteCode Verifier component of Microsoft Virtual Machine (VM) ...) NOTE: not-for-us (Microsoft) CAN-2003-0110 (The Winsock Proxy service in Microsoft Proxy Server 2.0 and the ...) NOTE: not-for-us (Microsoft) CAN-2003-0109 (Buffer overflow in ntdll.dll on Microsoft Windows NT 4.0, Windows NT ...) NOTE: not-for-us (Microsoft) CAN-2003-0108 {DSA-255} - tcpdump 3.7.1-1.2 CAN-2003-0106 (The HTTP proxy for Symantec Enterprise Firewall (SEF) 7.0 allows proxy ...) NOTE: not-for-us (Symantec Enterprise Firewall) CAN-2003-0105 (ServerMask 2.2 and earlier does not obfuscate (1) ETag, (2) HTTP ...) NOTE: not-for-us (ServerMask) CAN-2003-0102 {DSA-260} CAN-2003-0101 (miniserv.pl in (1) Webmin before 1.070 and (2) Usermin before 1.000 ...) {DSA-319} CAN-2003-0099 (Multiple buffer overflows in apcupsd before 3.8.6, and 3.10.x before ...) {DSA-277} CAN-2003-0098 (Unknown vulnerability in apcupsd before 3.8.6, and 3.10.x before ...) {DSA-277} CAN-2003-0096 (Multiple buffer overflows in Oracle 9i Database release 2, Release 1, ...) NOTE: not-for-us (Oracle) CAN-2003-0093 {DSA-261} CAN-2003-0092 (Heap-based buffer overflow in dtsession for Solaris 2.5.1 through ...) NOTE: not-for-us (Solaris) CAN-2003-0091 (Stack-based buffer overflow in the bsd_queue() function for lpq on ...) NOTE: not-for-us (Solaris) CAN-2003-0090 NOTE: rejected CAN-2003-0089 (Buffer overflow in the Software Distributor utilities for HP-UX ...) NOTE: not-for-us (HP-UX) CAN-2003-0086 (The code for writing reg files in Samba before 2.2.8 allows local ...) {DSA-262} CAN-2003-0085 (Buffer overflow in the SMB/CIFS packet fragment re-assembly code for ...) {DSA-262} CAN-2003-0084 (mod_auth_any package in Red Hat Enterprise Linux 2.1 and other ...) NOTE: mod_auth_any not in Debian CAN-2003-0083 (Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not ...) - apache2 2.0.46 - apache 1.3.25 CAN-2003-0082 (The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and ...) {DSA-266} CAN-2003-0081 {DSA-258} CAN-2003-0080 (The iptables ruleset in Gnome-lokkit in Red Hat Linux 8.0 does not ...) - gnome-lokkit 0.50.22-4 CAN-2003-0078 {DSA-253} CAN-2003-0076 (Unknown vulnerability in the directory parser for Direct Connect 4 ...) - dcgui 0.2.2 CAN-2003-0074 (Format string vulnerability in mpmain.c for plpnfsd of the plptools ...) - plptools 0.12-0 CAN-2003-0073 {DSA-303} CAN-2003-0072 (The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and ...) {DSA-266} CAN-2003-0071 {DSA-380} CAN-2003-0068 {DSA-496} CAN-2003-0063 {DSA-380} CAN-2003-0061 NOTE: reserved CAN-2003-0060 (Format string vulnerabilities in the logging routines for MIT Kerberos ...) - krb5 1.2.4 CAN-2003-0057 (Multiple buffer overflows in Hypermail 2 before 2.1.6 allows remote ...) {DSA-248} CAN-2003-0056 (Buffer overflow in secure locate (slocate) before 2.7 allows local ...) {DSA-252} CAN-2003-0049 (AFP in Mac OS X before 10.2.4 allows administrators to log in as other ...) NOTE: not-for-us (MacOS) CAN-2003-0048 (PuTTY 0.53b and earlier does not clear logon credentials from memory, ...) NOTE: apparently fixed upstream 2002-11-12 changelog CAN-2003-0047 (SSH2 clients for VanDyke (1) SecureCRT 4.0.2 and 3.4.7, (2) SecureFX ...) NOTE: not-for-us (commercial ssh clients) CAN-2003-0046 (AbsoluteTelnet SSH2 client does not clear logon credentials from ...) NOTE: not-for-us (commercial ssh clients) CAN-2003-0044 (Multiple cross-site scripting (XSS) vulnerabilities in the (1) ...) {DSA-246} CAN-2003-0043 {DSA-246} CAN-2003-0042 (Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, ...) {DSA-246} CAN-2003-0041 (Kerberos FTP client allows remote FTP sites to execute arbitrary code ...) NOTE: verified sarge version of krb5-clients not vulnerable NOTE: nothing in changelogs CAN-2003-0040 {DSA-247} CAN-2003-0039 {DSA-245} CAN-2003-0038 (Cross-site scripting (XSS) vulnerability in options.py for Mailman 2.1 ...) {DSA-436} CAN-2003-0037 (Buffer overflows in noffle news server 1.0.1 and earlier allow remote ...) {DSA-244} CAN-2003-0036 (ml85p, as included in the printer-drivers package for Mandrake Linux, ...) NOTE: not-for-us (ml85p, as included in the printer-drivers package for Mandrake Linux) CAN-2003-0035 (Buffer overflow in escputil, as included in the printer-drivers ...) NOTE: not-for-us (ml85p, as included in the printer-drivers package for Mandrake Linux) CAN-2003-0034 (Buffer overflow in the mtink status monitor, as included in the ...) NOTE: HOME overflow was fixed in mainSrc/rcfile.c, but not in NOTE: chooser/mtinkc.c's version, which goes into mtinkc NOTE: it's not installed setuid or setgid, so this is not exploitable CAN-2003-0033 {DSA-297} CAN-2003-0032 {DSA-228} CAN-2003-0031 (Multiple buffer overflows in libmcrypt before 2.5.5 allow attackers to ...) {DSA-228} CAN-2003-0030 (Buffer overflows in protegrity.dll of Protegrity Secure.Data Extension ...) NOTE: not-for-us (Protegrity Secure.Data Extension Feature) CAN-2003-0029 NOTE: reserved CAN-2003-0028 (Integer overflow in the xdrmem_getbytes() function, and possibly other ...) {DSA-282 DSA-272 DSA-266} CAN-2003-0026 (Multiple stack-based buffer overflows in the error handling routines ...) {DSA-231} CAN-2003-0025 (Multiple SQL injection vulnerabilities in IMP 2.2.8 and earlier allow ...) {DSA-229} CAN-2003-0020 - apache2 2.0.49 - apache 1.3.29.0.2-4 CAN-2003-0018 {DSA-423 DSA-358} CAN-2003-0017 - apache2 2.0.44 CAN-2003-0016 - apache2 2.0.44 CAN-2003-0015 {DSA-233} - cvs 1.11.2-5.1 CAN-2003-0014 NOTE: reserved {DSA-633-1} CAN-2003-0013 {DSA-230} CAN-2003-0012 {DSA-230} CAN-2003-0011 (Unknown vulnerability in the DNS intrusion detection application ...) NOTE: not-for-us (Microsoft) CAN-2003-0010 (Integer overflow in JsArrayFunctionHeapSort function used by Windows ...) NOTE: not-for-us (Windows Script Engine for JScript) CAN-2003-0008 NOTE: reserved CAN-2003-0006 NOTE: reserved CAN-2003-0005 NOTE: reserved CAN-2003-0001 (Multiple ethernet Network Interface Card (NIC) device drivers do not ...) {DSA-442 DSA-423 DSA-336 DSA-332 DSA-312 DSA-311} CAN-2002-1583 (Buffer overflow in sqllib/security/db2ckpw for IBM DB2 Universal ...) NOTE: not-for-us (IBM DB2) CAN-2002-1582 (compose.cgi in Mailreader.com 2.3.30 and 2.3.31, when using Sendmail ...) NOTE: mailreader. Affects 2.3.30 and 2.3.31. NOTE: Sarge uses 2.3.29. CAN-2002-1581 (Directory traversal vulnerability in nph-mr.cgi in Mailreader.com ...) {DSA-534} - mailreader 2.3.29-9 CAN-2002-1580 (Integer overflow in imapparse.c for Cyrus IMAP server 1.4 and 2.1.10 ...) {DSA-215} - cyrus-imapd 1.5.19-9.10 CAN-2002-1579 (SAP GUI (Sapgui) 4.6D allows remote attackers to cause a denial of ...) NOTE: not for us (SAP) CAN-2002-1578 (The default installation of SAP R/3, when using Oracle and SQL*net V2 ...) NOTE: not for us (SAP) CAN-2002-1577 (SAP R/3 2.0B to 4.6D installs several clients with default users and ...) NOTE: not for us (SAP) CAN-2002-1576 (lserver in SAP DB 7.3 and earlier uses the current working directory ...) NOTE: not for us (SAP) CAN-2002-1575 (cgiemail allows remote attackers to use cgiemail as a spam proxy via ...) {DSA-437} - cgiemail 1.6-20 CAN-2002-1573 NOTE: reserved CAN-2002-1572 NOTE: reserved CAN-2002-1571 NOTE: reserved CAN-2002-1570 (Heap-based buffer overflow in snmpnetstat for ucd-snmp 4.2.3 and ...) - ucd-snmp 4.2.3-2 CAN-2002-1569 (gv 3.5.8, and possibly earlier versions, allows remote attackers to ...) - gv 1:3.5.8-27 CAN-2002-1568 (OpenSSL 0.9.6e uses assertions when detecting buffer overflow attacks ...) - openssl 0.9.6g-1 CAN-2002-1567 (Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows ...) NOTE: tomcat4 cross-site scripting vuln NOTE: not sure if it's a problem or not NOTE: contacted package maintainers, they think it's not vulnerable. TODO: waiting for further information. CAN-2002-1566 (netris 0.5, and possibly other versions before 0.52, when running with ...) - netris 0.52-1 CAN-2002-1565 (Buffer overflow in url_filename function for wget 1.8.1 allows ...) - wget 1.8.1-6.1 CAN-2002-1564 (Internet Explorer 5.5 and 6.0 allows remote attackers to steal ...) NOTE: not-for-us (microsoft) CAN-2002-1563 (stunnel 4.0.3 and earlier allows attackers to cause a denial of ...) - stunnel4 4.04-1 - stunnel 2:3.24-1 CAN-2002-1562 (Directory traversal vulnerability in thttpd, when using virtual ...) {DSA-396} - thttpd 2.23beta1-2.3 CAN-2002-1561 (The RPC component in Windows 2000, Windows NT 4.0, and Windows XP ...) NOTE: not-for-us (microsoft) CAN-2002-1559 (Directory traversal vulnerability in ion-p.exe (aka ion-p) allows ...) NOTE: not-for-us (ion-p) CAN-2002-1558 (Cisco ONS15454 and ONS15327 running ONS before 3.4 have an account for ...) NOTE: not-for-us (cisco) CAN-2002-1557 (Cisco ONS15454 and ONS15327 running ONS before 3.4 allows attackers to ...) NOTE: not-for-us (cisco) CAN-2002-1556 (Cisco ONS15454 and ONS15327 running ONS before 3.4 allows attackers to ...) NOTE: not-for-us (cisco) CAN-2002-1555 (Cisco ONS15454 and ONS15327 running ONS before 3.4 uses a "public" ...) NOTE: not-for-us (cisco) CAN-2002-1554 (Cisco ONS15454 and ONS15327 running ONS before 3.4 stores usernames ...) NOTE: not-for-us (cisco) CAN-2002-1553 (Cisco ONS15454 and ONS15327 running ONS before 3.4 allows remote ...) NOTE: not-for-us (cisco) CAN-2002-1551 (Buffer overflow in nslookup in IBM AIX may allow attackers to cause a ...) NOTE: not-for-us (AIX) CAN-2002-1546 (BRS WebWeaver Web Server 1.01 allows remote attackers to bypass ...) NOTE: not-for-us (Webweaver) CAN-2002-1545 (CooolSoft Personal FTP Server 2.24 allows remote attackers to obtain ...) NOTE: not-for-us (Coolsoft) CAN-2002-1544 (Directory traversal vulnerability in CooolSoft Personal FTP Server ...) NOTE: not-for-us (Coolsoft) CAN-2002-1542 (SolarWinds TFTP server 5.0.55 and earlier allows remote attackers to ...) NOTE: not-for-us (SolarWinds) CAN-2002-1539 (Buffer overflow in MDaemon POP server 6.0.7 and earlier allows remote ...) NOTE: not-for-us (MDaemon) CAN-2002-1536 (Molly IRC bot 0.5 allows remote attackers to execute arbitrary ...) NOTE: not-for-us (Molly) CAN-2002-1535 (Secure Webserver 1.1 in Raptor 6.5 and Symantec Enterprise Firewall ...) NOTE: not-for-us (Symantec) CAN-2002-1533 (Cross-site scripting (XSS) vulnerability in Jetty JSP servlet engine ...) NOTE: problem in jetty 4.1.0, Debian started with 4.2 CAN-2002-1527 (emumail.cgi in EMU Webmail 5.0 allows remote attackers to determine ...) NOTE: not-for-us (EMU Webmail) CAN-2002-1526 (Cross-site scripting (XSS) vulnerability in emumail.cgi for EMU ...) NOTE: not-for-us (EMU Webmail) CAN-2002-1525 (Directory traversal vulnerability in ASTAware SearchDisk engine for ...) NOTE: not-for-us (Sun) CAN-2002-1523 (Directory traversal vulnerability in Daniel Arenz Mini Server 2.1.6 ...) NOTE: not-for-us (Miniserver) CAN-2002-1522 (Buffer overflow in PowerFTP FTP server 2.24, and possibly other ...) NOTE: not-for-us (PowerFTP) CAN-2002-1515 (Directory traversal vulnerability in avatar.php in CoolForum 0.5 beta ...) NOTE: not-for-us (Coolforum) CAN-2002-1512 (xbru in BRU Workstation 17.0 allows local users to overwrite arbitrary ...) NOTE: not-for-us (BRU) CAN-2002-1508 (slapd in OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier allows local users ...) {DSA-227} - openldap2 2.0.27-3 CAN-2002-1507 (Unreal Tournament 2003 (ut2003) clients and servers allow remote ...) NOTE: not-for-us (Unreal) CAN-2002-1506 (Buffer overflow in Linuxconf before 1.28r4 allows local users to ...) NOTE: linuxconf not in unstable or testing CAN-2002-1504 (Directory traversal vulnerability in WebServer 4 Everyone 1.22 allows ...) NOTE: not-for-us (webserver-4everyone) CAN-2002-1503 (Buffer overflow in Automatic File Distributor (AFD) 1.2.14 and earlier ...) NOTE: AFD not in debian CAN-2002-1500 (Buffer overflow in (1) mrinfo, (2) mtrace, and (3) pppd in NetBSD ...) NOTE: not-for-us (NetBSD) CAN-2002-1499 (Multiple SQL injection vulnerabilities in FactoSystem CMS allows ...) NOTE: not-for-us (FactoSystem) CAN-2002-1498 (Directory traversal vulnerability in SWServer 2.2 and earlier allows ...) NOTE: not-for-us (SWServer) CAN-2002-1495 (Cross-site scripting (XSS) vulnerability in JAWmail 1.0-rc1 allows ...) NOTE: not-for-us (Jawmail) CAN-2002-1492 (Buffer overflows in the Cisco VPN 5000 Client before 5.2.7 for Linux, ...) NOTE: not-for-us (Cisco) CAN-2002-1489 (Buffer overflow in PlanetDNS PlanetWeb 1.14 and earlier allows remote ...) NOTE: not-for-us (PlanetDNS) CAN-2002-1488 (The IRC component of Trillian 0.73 and 0.74 allows remote malicious ...) NOTE: not-for-us (Trillian) CAN-2002-1487 (The IRC component of Trillian 0.73 and 0.74 allows remote malicious ...) NOTE: not-for-us (Trillian) CAN-2002-1486 (Multiple buffer overflows in the IRC component of Trillian 0.73 and ...) NOTE: not-for-us (Trillian) CAN-2002-1485 (The AIM component of Trillian 0.73 and 0.74 allows remote attackers to ...) NOTE: not-for-us (Trillian) CAN-2002-1484 (DB4Web server, when configured to use verbose debug messages, allows ...) NOTE: not-for-us (db4web) CAN-2002-1483 (db4web_c and db4web_c.exe programs in DB4Web 3.4 and 3.6 allow remote ...) NOTE: not-for-us (db4web) CAN-2002-1482 (SQL injection vulnerability in login.php for phpGB 1.20 and earlier, ...) NOTE: phpGB not in Debian CAN-2002-1481 (savesettings.php in phpGB 1.20 and earlier does not require ...) NOTE: phpGB not in Debian CAN-2002-1480 (Cross-site scripting (XSS) vulnerability in phpGB before 1.20 allows ...) NOTE: phpGB not in Debian CAN-2002-1478 {DSA-164} - cacti 0.6.8a-2 CAN-2002-1477 {DSA-164} - cacti 0.6.8a-2 CAN-2002-1475 (Unknown vulnerability in the ARP component for HP Tru64 UNIX 4.0f, ...) NOTE: not-for-us (HPUX) CAN-2002-1474 (Unknown vulnerability or vulnerabilities in TCP/IP component for HP ...) NOTE: not-for-us (HPUX) CAN-2002-1473 (Multiple buffer overflows in lp subsystem for HP-UX 10.20 through ...) NOTE: not-for-us (HPUX) CAN-2002-1470 (SHOUTcast 1.8.9 and earlier allows local users to obtain the cleartext ...) NOTE: not-for-us (Shoutcase) CAN-2002-1467 (Macromedia Flash Plugin before 6,0,47,0 allows remote attackers to ...) - flashplugin-nonfree 6.0.61.0-1 CAN-2002-1466 (CafeLog b2 Weblog Tool 2.06pre4, with allow_fopen_url enabled, allows ...) NOTE: not-for-us (Cafelog) CAN-2002-1465 (SQL injection vulnerability in CafeLog b2 Weblog Tool allows remote ...) NOTE: not-for-us (Cafelog) CAN-2002-1464 (Cross-site scripting (XSS) vulnerability in CafeLog b2 Weblog Tool ...) NOTE: not-for-us (Cafelog) CAN-2002-1462 (details2.php in OrganicPHP PHP-affiliate 1.0, and possibly later ...) NOTE: not-for-us (Organic PHP) CAN-2002-1461 (Web Shop Manager 1.1 allows remote attackers to execute arbitrary ...) NOTE: not-for-us (Webshop Manager) CAN-2002-1460 (L-Forum 2.40 and earlier does not properly verify whether a file was ...) NOTE: L-Forum not in Debian CAN-2002-1459 (Cross-site scripting vulnerability in L-Forum 2.40 and earlier, when ...) NOTE: L-Forum not in Debian CAN-2002-1458 (Cross-site scripting vulnerability in L-Forum 2.40 and earlier, when ...) NOTE: L-Forum not in Debian CAN-2002-1457 (SQL injection vulnerability in search.php for L-Forum 2.40 allows ...) NOTE: L-Forum not in Debian CAN-2002-1456 (Buffer overflow in mIRC 6.0.2 and earlier allows remote attackers to ...) NOTE: not-for-us (mIRC) CAN-2002-1455 (Multiple cross-site scripting (XSS) vulnerabilities in OmniHTTPd allow ...) NOTE: not-for-us (OmniHTTPD) CAN-2002-1454 (MyWebServer 1.0.2 allows remote attackers to determine the absolute ...) NOTE: not-for-us (MyWebServer) CAN-2002-1453 (Cross-site scripting (XSS) vulnerability in MyWebServer 1.0.2 allows ...) NOTE: not-for-us (MyWebServer) CAN-2002-1452 (Buffer overflow in the search capability for MyWebServer 1.0.2 allows ...) NOTE: not-for-us (MyWebServer) CAN-2002-1451 (Blazix before 1.2.2 allows remote attackers to read source code of JSP ...) NOTE: Blazix not in Debian CAN-2002-1450 (IBM UniVerse with UV/ODBC allows attackers to cause a denial of ...) NOTE: not-for-us (IBM UniVerse) CAN-2002-1449 (eUpload 1.0 stores the password.txt password file in plaintext under ...) NOTE: eUpload not in Debian CAN-2002-1445 (Cross-site scripting (XSS) vulnerability in CERN Proxy Server allows ...) NOTE: CERN HTTPD not in Debian CAN-2002-1444 (The Google toolbar 1.1.60, when running on Internet Explorer 5.5 and ...) NOTE: not-for-us (Google Toolbar) CAN-2002-1442 (The Google toolbar 1.1.58 and earlier allows remote web sites to ...) NOTE: not-for-us (Google Toolbar) CAN-2002-1441 (Multiple buffer overflows in Tomahawk SteelArrow before 4.5 allow ...) NOTE: not-for-us (Tomahawk) CAN-2002-1440 (The Gateway GS-400 server has a default root password of "0001n" that ...) NOTE: not-for-us (Gateway) CAN-2002-1439 (Unknown vulnerability related to stack corruption in the TGA daemon ...) NOTE: not-for-us (HPUX) CAN-2002-1434 (Multiple cross-site scripting (XSS) vulnerabilities in the Web mail ...) NOTE: not-for-us (Kerio) CAN-2002-1433 (Kerio MailServer 5.0 allows remote attackers to cause a denial of ...) NOTE: not-for-us (Kerio) CAN-2002-1432 (MidiCart stores the midicart.mdb database file under the Web document ...) NOTE: not-for-us (MidiCart) CAN-2002-1431 (Belkin F5D5230-4 4-Port Cable/DSL Gateway Router 1.20.000 modifies the ...) NOTE: not-for-us (Belkin) CAN-2002-1429 (Cross-site scripting vulnerability in board.php of endity.com ShoutBOX ...) NOTE: not-for-us (ShoutBox) CAN-2002-1428 (index.php in dotProject 0.2.1.5 allows remote attackers to bypass ...) NOTE: dotproject not in Debian CAN-2002-1427 (The print_html_to_file function in edit.cgi for Easy Homepage Creator ...) NOTE: Easy Homepage Creator not in Debian CAN-2002-1426 (HP ProCurve Switch 4000M C.07.23 allows remote attackers to cause a ...) NOTE: not-for-us (HP) CAN-2002-1425 {DSA-141} - mpack 1.5-9 CAN-2002-1423 (tmp_view.php in FUDforum before 2.2.0 allows remote attackers to read ...) NOTE: vuln in fudforum before 2.2.0. fudforum in phpgroupware-fudforum NOTE: is version 2.5.x CAN-2002-1422 (admbrowse.php in FUDforum before 2.2.0 allows remote attackers to ...) NOTE: vuln in fudforum before 2.2.0. fudforum in phpgroupware-fudforum NOTE: is version 2.5.x CAN-2002-1421 (SQL injection vulnerabilities in FUDforum before 2.2.0 allow remote ...) NOTE: vuln in fudforum before 2.2.0. fudforum in phpgroupware-fudforum NOTE: is version 2.5.x CAN-2002-1416 (The POP3 service for WebEasyMail 3.4.2.2 and earlier generates ...) NOTE: not-for-us (Webeasymail) CAN-2002-1415 (Format string vulnerability in SMTP service for WebEasyMail 3.4.2.2 ...) NOTE: not-for-us (Webeasymail) CAN-2002-1412 {DSA-138} - gallery 1.3-1 CAN-2002-1411 (Directory traversal vulnerability in update.dpgs in Duma Photo Gallery ...) NOTE: not-for-us (Duma) CAN-2002-1410 (Easy Guestbook CGI programs do not authenticate the administrator, ...) NOTE: not-for-us (East Guestbook) CAN-2002-1409 (ptrace on HP-UX 11.00 through 11.11 allows local users to cause a ...) NOTE: not-for-us (HPUX) CAN-2002-1408 (Unknown vulnerability or vulnerabilities in HP OpenView EMANATE 14.2 ...) NOTE: not-for-us (HP Openview) CAN-2002-1406 (Unknown vulnerability in passwd for VVOS HP-UX 11.04, with unknown ...) NOTE: not-for-us (HPUX) CAN-2002-1405 {DSA-210} - lynx 2.8.4.1b-3.2 - lynx-ssl 1:2.8.4.1b-3.1 CAN-2002-1404 NOTE: rejected CAN-2002-1403 {DSA-219} NOTE: Debian sarge uses dhcp > 2.0 CAN-2002-1402 (Buffer overflows in the (1) TZ and (2) SET TIME ZONE enivronment ...) {DSA-165} - postgresql 7.2.2-2 CAN-2002-1401 (Buffer overflows in (1) circle_poly, (2) path_encode and (3) path_add ...) {DSA-165} - postgresql 7.2.2-2 CAN-2002-1400 (Heap-based buffer overflow in the repeat() function for PostgreSQL ...) {DSA-165} - postgresql 7.2.2-2 CAN-2002-1399 (Unknown vulnerability in cash_out and possibly other functions in ...) - postgresql 7.2.2-2 CAN-2002-1398 (Buffer overflow in the date parser for PostgreSQL before 7.2.2 allows ...) {DSA-165} - postgresql 7.2.2-2 CAN-2002-1397 (Vulnerability in the cash_words() function for PostgreSQL 7.2 and ...) - postgresql 7.2.2-2 CAN-2002-1395 (Internet Message (IM) 141-18 and earlier uses predictable file and ...) {DSA-202} - im 141-20 CAN-2002-1394 {DSA-225} NOTE: no problem in sarge packages CAN-2002-1393 (Multiple vulnerabilities in KDE 2 and KDE 3.x through 3.0.5 do not ...) {DSA-243 DSA-242 DSA-241 DSA-240 DSA-239 DSA-238 DSA-237 DSA-236 DSA-235 DSA-234} NOTE: KDE2 not in sarge CAN-2002-1390 {DSA-223} - geneweb 4.09-1 CAN-2002-1389 {DSA-217} - typespeed 0.4.2-2 CAN-2002-1388 {DSA-221} - mhonarc 2.5.14-1 CAN-2002-1387 (The spray mode in traceroute-nanog (aka traceroute-ng) may allow local ...) {DSA-254} - traceroute-nanog 6.3.0-1 CAN-2002-1386 (Buffer overflow in traceroute-nanog (aka traceroute-ng) may allow ...) {DSA-254} - traceroute-nanog 6.3.0-1 CAN-2002-1384 {DSA-232 DSA-226 DSA-222} - xpdf 3.00-9 CAN-2002-1383 (Multiple integer overflows in Common Unix Printing System (CUPS) ...) {DSA-232} - cupsys 1.1.18-1 CAN-2002-1380 {DSA-336} - kernel-source-2.2.25 2.2.25-2 CAN-2002-1379 (OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier allows remote or local ...) {DSA-227} - openldap2 2.0.27-3 CAN-2002-1378 (Multiple buffer overflows in OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier ...) {DSA-227} - openldap2 2.0.27-3 CAN-2002-1376 (libmysqlclient client library in MySQL 3.x to 3.23.54, and 4.x to ...) {DSA-212} NOTE: bug in mysql 3, sarge uses mysql 4 CAN-2002-1375 {DSA-212} NOTE: bug in mysql 3, sarge uses mysql 4 CAN-2002-1374 {DSA-212} NOTE: bug in mysql 3, sarge uses mysql 4 CAN-2002-1373 {DSA-212} NOTE: bug in mysql 3, sarge uses mysql 4 CAN-2002-1372 {DSA-232} - cupsys 1.1.18-1 CAN-2002-1371 {DSA-232} - cupsys 1.1.18-1 CAN-2002-1370 NOTE: reserved CAN-2002-1369 {DSA-232} - cupsys 1.1.18-1 CAN-2002-1368 (Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows remote ...) {DSA-232} - cupsys 1.1.18-1 CAN-2002-1367 {DSA-232} - cupsys 1.1.18-1 CAN-2002-1366 {DSA-232} - cupsys 1.1.18-1 CAN-2002-1365 {DSA-216} - fetchmail 6.2.0-1 CAN-2002-1364 {DSA-254} - traceroute-nanog 6.3.0-1 CAN-2002-1363 {DSA-213} - libpng3 1.2.5-8 CAN-2002-1362 {DSA-211} NOTE: micq not in sarge CAN-2002-1360 (Multiple SSH2 servers and clients do not properly handle strings with ...) NOTE: Debian uses openssh, not vulnerable CAN-2002-1359 (Multiple SSH2 servers and clients do not properly handle large packets ...) NOTE: Debian uses openssh, not vulnerable CAN-2002-1358 (Multiple SSH2 servers and clients do not properly handle lists with ...) NOTE: Debian uses openssh, not vulnerable CAN-2002-1357 (Multiple SSH2 servers and clients do not properly handle packets or ...) NOTE: Debian uses openssh, not vulnerable CAN-2002-1356 (Ethereal 0.9.7 and earlier allows remote attackers to cause a denial ...) - ethereal 0.9.8-1 CAN-2002-1355 (Multiple integer signedness errors in the BGP dissector in Ethereal ...) - ethereal 0.9.8-1 CAN-2002-1354 NOTE: reserved CAN-2002-1353 NOTE: reserved CAN-2002-1352 (Per Magne Knutsen's CartMan shopping cart (cartman.php) 1.04 and ...) NOTE: not-for-us (CartMan) CAN-2002-1351 NOTE: reserved CAN-2002-1350 {DSA-206} - tcpdump 3.6.2-2.2 CAN-2002-1348 {DSA-251 DSA-250 DSA-249} - w3mmee 0.3.p24.17-3 CAN-2002-1347 (Buffer overflows in Cyrus SASL library 2.1.9 and earlier allow remote ...) - libsasl2 2.1.10-1 CAN-2002-1346 NOTE: reserved CAN-2002-1345 (Directory traversal vulnerabilities in multiple FTP clients on UNIX ...) NOTE: multiple ftp client issues TODO: check wget, ftp, ncftp, etc. CAN-2002-1344 (Directory traversal vulnerability in wget before 1.8.2-4 allows a ...) {DSA-209} - wget 1.8.1-6.1 CAN-2002-1343 NOTE: reserved CAN-2002-1342 (Unknown vulnerability in smb2www 980804-16 and earlier allows remote ...) {DSA-203} - smb2www 980804-17 CAN-2002-1341 (Cross-site scripting (XSS) vulnerability in read_body.php for ...) {DSA-220} - squirrelmail 1:1.3.2-2 CAN-2002-1340 (The "ConnectionFile" property in the DataSourceControl component in ...) NOTE: not-for-us (Office Web Components) CAN-2002-1339 (The "XMLURL" property in the Spreadsheet component of Office Web ...) NOTE: not-for-us (Office Web Components) CAN-2002-1338 (The Load method in the Chart component of Office Web Components (OWC) ...) NOTE: not-for-us (Office Web Components) CAN-2002-1337 {DSA-257} NOTE: problem in sendmail 8.12, sarge uses 8.13 CAN-2002-1335 (Cross-site scripting (XSS) vulnerability in w3m 0.3.2 does not escape ...) {DSA-251 DSA-250 DSA-249} - w3mmee 0.3.p24.17-3 CAN-2002-1334 (Cross-site scripting (XSS) vulnerability in BizDesign ImageFolio 3.01 ...) NOTE: not-for-us (BizDesign) CAN-2002-1333 NOTE: reserved CAN-2002-1332 NOTE: reserved CAN-2002-1331 NOTE: reserved CAN-2002-1330 NOTE: reserved CAN-2002-1329 NOTE: reserved CAN-2002-1328 NOTE: reserved CAN-2002-1326 NOTE: reserved CAN-2002-1324 NOTE: reserved CAN-2002-1323 {DSA-208} - perl 5.8.0-14 CAN-2002-1322 (Rational ClearCase 4.1, 2002.05, and possibly other versions allows ...) NOTE: not-for-us (ClearCase) CAN-2002-1321 (Multiple buffer overflows in RealOne and RealPlayer allow remote ...) NOTE: Realplayer not in Sarge CAN-2002-1318 {DSA-200} NOTE: Problem in Samba 2, sarge uses Samba 3. CAN-2002-1316 (importInfo in the Admin Server for iPlanet WebServer 4.x, up to SP11, ...) NOTE: not-for-us (iPlanet) CAN-2002-1315 (Cross-site scripting (XSS) vulnerability in the Admin Server for ...) NOTE: not-for-us (iPlanet) CAN-2002-1314 NOTE: reserved CAN-2002-1313 {DSA-198} - nullmailer 1.00RC5-17 CAN-2002-1312 NOTE: reserved CAN-2002-1311 {DSA-197} - courier 0.40.0-1 CAN-2002-1310 (Heap-based buffer overflow in the error-handling mechanism for the IIS ...) NOTE: not-for-us (Macromedia) CAN-2002-1309 (Heap-based buffer overflow in the error-handling mechanism for the IIS ...) NOTE: not-for-us (Macromedia) CAN-2002-1307 {DSA-199} - mhonarc 2.5.13-1 CAN-2002-1306 (Multiple buffer overflows in LISa on KDE 2.x for 2.1 and later, and ...) {DSA-214} - kdenetwork 2.2.2-14.20 CAN-2002-1305 NOTE: reserved CAN-2002-1304 NOTE: reserved CAN-2002-1303 NOTE: reserved CAN-2002-1302 NOTE: reserved CAN-2002-1301 NOTE: reserved CAN-2002-1300 NOTE: reserved CAN-2002-1299 NOTE: reserved CAN-2002-1298 NOTE: reserved CAN-2002-1297 NOTE: reserved CAN-2002-1295 (The Microsoft Java implementation, as used in Internet Explorer, ...) NOTE: not-for-us (Microsoft) CAN-2002-1294 (The Microsoft Java implementation, as used in Internet Explorer, can ...) NOTE: not-for-us (Microsoft) CAN-2002-1293 (The Microsoft Java implementation, as used in Internet Explorer, ...) NOTE: not-for-us (Microsoft) CAN-2002-1292 (The Microsoft Java virtual machine (VM) build 5.0.3805 and earlier, as ...) NOTE: not-for-us (Microsoft) CAN-2002-1291 (The Microsoft Java implementation, as used in Internet Explorer, ...) NOTE: not-for-us (Microsoft) CAN-2002-1290 (The Microsoft Java implementation, as used in Internet Explorer, ...) NOTE: not-for-us (Microsoft) CAN-2002-1289 (The Microsoft Java implementation, as used in Internet Explorer, ...) NOTE: not-for-us (Microsoft) CAN-2002-1288 (The Microsoft Java implementation, as used in Internet Explorer, ...) NOTE: not-for-us (Microsoft) CAN-2002-1287 (Stack-based buffer overflow in the Microsoft Java implementation, as ...) NOTE: not-for-us (Microsoft) CAN-2002-1286 (The Microsoft Java implementation, as used in Internet Explorer, ...) NOTE: not-for-us (Microsoft) CAN-2002-1285 (runlpr in the LPRng package allows the local lp user to gain root ...) NOTE: not-for-us (SuSE-specific lprfilter package) CAN-2002-1283 (Buffer overflow in Novell iManager (eMFrame) before 1.5 allows remote ...) NOTE: not-for-us (Novell iManager (eMFrame)) CAN-2002-1282 (Unknown vulnerability in the telnet KIO subsystem (telnet.protocol) of ...) {DSA-204} CAN-2002-1281 (Unknown vulnerability in the rlogin KIO subsystem (rlogin.protocol) of ...) {DSA-204} CAN-2002-1280 NOTE: reserved CAN-2002-1279 (Multiple buffer overflows in conf.c for Masqmail 0.1.x before 0.1.17, ...) {DSA-194} CAN-2002-1277 {DSA-190} CAN-2002-1276 (An incomplete fix for a cross-site scripting (XSS) vulnerability in ...) {DSA-191} CAN-2002-1275 (Unknown vulnerability in html2ps HTML/PostScript converter 1.0, when ...) {DSA-192} CAN-2002-1274 NOTE: reserved CAN-2002-1273 NOTE: reserved CAN-2002-1271 {DSA-386} CAN-2002-1269 (Unknown vulnerability in NetInfo Manager application in Mac OS X ...) NOTE: not-for-us (MacOS) CAN-2002-1263 NOTE: rejected CAN-2002-1262 (Internet Explorer 5.5 and 6.0 does not perform complete security ...) NOTE: not-for-us (Microsoft) CAN-2002-1261 NOTE: rejected CAN-2002-1259 NOTE: rejected CAN-2002-1258 (Two vulnerabilities in Microsoft Virtual Machine (VM) up to and ...) NOTE: not-for-us (Microsoft) CAN-2002-1254 (Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the ...) NOTE: not-for-us (Microsoft) CAN-2002-1251 {DSA-186} CAN-2002-1249 NOTE: reserved CAN-2002-1247 (Buffer overflow in LISa allows local users to gain access to a raw ...) {DSA-193} CAN-2002-1246 NOTE: reserved CAN-2002-1245 {DSA-189} CAN-2002-1243 NOTE: reserved CAN-2002-1241 NOTE: reserved CAN-2002-1240 NOTE: reserved CAN-2002-1238 (Peter Sandvik's Simple Web Server 0.5.1 and earlier allows remote ...) NOTE: not-for-us (Peter Sandvik's Simple Web Server) CAN-2002-1237 NOTE: reserved CAN-2002-1235 (The kadm_ser_in function in (1) the Kerberos v4compatibility ...) {DSA-185 DSA-184 DSA-183} CAN-2002-1234 NOTE: rejected CAN-2002-1233 (A regression error in the Debian distributions of the apache-ssl ...) {DSA-195 DSA-188 DSA-187} CAN-2002-1232 {DSA-180} CAN-2002-1229 (Avaya Cajun switches P880, P882, P580, and P550R 5.2.14 and earlier ...) NOTE: not-for-us (Avaya Cajun switches) CAN-2002-1228 (Unknown vulnerability in NFS on Solaris 2.5.1 through Solaris 9 allows ...) NOTE: not-for-us (Solaris) CAN-2002-1227 {DSA-177} CAN-2002-1226 (Unknown vulnerabilities in Heimdal before 0.5 with unknown impact, ...) {DSA-178} CAN-2002-1225 (Multiple buffer overflows in Heimdal before 0.5, possibly in both the ...) {DSA-178} CAN-2002-1221 {DSA-196} CAN-2002-1220 {DSA-196} CAN-2002-1219 {DSA-196} CAN-2002-1218 NOTE: reserved CAN-2002-1217 (Cross-Frame scripting vulnerability in the WebBrowser control as used ...) NOTE: not-for-us (Microsoft) CAN-2002-1216 (GNU tar 1.13.19 and other versions before 1.13.25 allows remote ...) - tar 1.13.25 CAN-2002-1215 (Multiple format string vulnerabilities in heartbeat 0.4.9 and earlier ...) {DSA-174} CAN-2002-1213 (Directory traversal vulnerability in RadioBird Software WebServer 4 ...) NOTE: not-for-us (RadioBird Software WebServer 4 Everyone) CAN-2002-1212 (Buffer overflow in RadioBird Software WebServer 4 Everyone 1.23 and ...) NOTE: not-for-us (RadioBird Software WebServer 4 Everyone) CAN-2002-1210 (Qualcomm Eudora 5.1.1, 5.2, and possibly other versions stores email ...) NOTE: not-for-us (Eudora) CAN-2002-1209 (Directory traversal vulnerability in SolarWinds TFTP Server 5.0.55, ...) NOTE: not-for-us (SolarWinds TFTP Server) CAN-2002-1208 NOTE: reserved CAN-2002-1207 NOTE: reserved CAN-2002-1206 NOTE: reserved CAN-2002-1205 NOTE: reserved CAN-2002-1204 (Netscape Communicator 4.x allows attackers to use a link to steal a ...) NOTE: not-for-us (Netscape Communicator 4.x) CAN-2002-1203 (IBM SecureWay Firewall before 4.2.2 performs extra processing before ...) NOTE: not-for-us (IBM SecureWay Firewall) CAN-2002-1202 (Unknown vulnerability in routed for HP Tru64 UNIX V4.0F through V5.1A ...) NOTE: not-for-us (HP Tru64 UNIX) CAN-2002-1201 (IBM AIX 4.3.3 and AIX 5 allows remote attackers to cause a denial of ...) NOTE: not-for-us (AIX) CAN-2002-1200 {DSA-175} CAN-2002-1196 {DSA-173} CAN-2002-1195 {DSA-169} CAN-2002-1194 (Buffer overflow in talkd on NetBSD 1.6 and earlier, and possibly other ...) NOTE: not-for-us (NetBSD) CAN-2002-1193 {DSA-172} CAN-2002-1192 (Multiple buffer overflows in rogue on NetBSD 1.6 and earlier, FreeBSD ...) NOTE: not-for-us (NetBSD) CAN-2002-1191 (The Sabserv client component in Sabre Desktop Reservation Software 4.2 ...) NOTE: not-for-us (Sabre Desktop) CAN-2002-1190 (Cisco Unity 2.x and 3.x uses well-known default user accounts, which ...) NOTE: not-for-us (Cisco IOS) CAN-2002-1181 (Multiple cross-site scripting (XSS) vulnerabilities in the ...) NOTE: not-for-us (Microsoft IIS) CAN-2002-1177 (Multiple buffer overflows in Winamp 3.0, when displaying an MP3 in the ...) NOTE: not-for-us (Winamp) CAN-2002-1176 (Buffer overflow in Winamp 2.81 allows remote attackers to execute ...) NOTE: not-for-us (Winamp) CAN-2002-1175 (The getmxrecord function in Fetchmail 6.0.0 and earlier does not ...) {DSA-171} CAN-2002-1174 (Buffer overflows in Fetchmail 6.0.0 and earlier allow remote attackers ...) {DSA-171} CAN-2002-1173 NOTE: reserved CAN-2002-1172 NOTE: reserved CAN-2002-1171 NOTE: reserved CAN-2002-1168 (Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express ...) NOTE: not-for-us (IBM Websphere) CAN-2002-1167 (Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express ...) NOTE: not-for-us (IBM Websphere) CAN-2002-1166 (Buffer overflow in John Franks WN Server 1.18.2 through 2.0.0 allows ...) NOTE: wn not in Debian testing CAN-2002-1165 (Sendmail Consortium's Restricted Shell (SMRSH) in Sendmail 8.12.6, ...) NOTE: Debian uses sendmail 8.13, not vulnerable. CAN-2002-1161 NOTE: rejected CAN-2002-1159 {DSA-224} CAN-2002-1158 {DSA-224} CAN-2002-1157 {DSA-181} CAN-2002-1156 - apache2 2.0.43 CAN-2002-1155 (Buffer overflow in KON kon2 0.3.9b and earlier allows local users to ...) NOTE: kon2. patched, but I don't know when. TODO: check CAN-2002-1151 {DSA-167} CAN-2002-1150 (The Remote Desktop Sharing (RDS) Screen Saver Protection capability ...) NOTE: not-for-us (Microsoft Netmeeting) CAN-2002-1149 (The installation procedure for Invision Board suggests that users ...) NOTE: not-for-us (Invision Board) CAN-2002-1148 {DSA-170} CAN-2002-1145 (The xp_runwebtask stored procedure in the Web Tasks component of ...) NOTE: not-for-us (Microsoft SQL) CAN-2002-1144 NOTE: reserved CAN-2002-1143 (Microsoft Word and Excel allow remote attackers to steal sensitive ...) NOTE: not-for-us (Microsoft Word & Excel) CAN-2002-1136 NOTE: reserved CAN-2002-1134 (Unknown vulnerability in Compaq WEBES Service Tools 2.0 through WEBES ...) NOTE: not-for-us (HP Tru64) CAN-2002-1133 (Encoded directory traversal vulnerability in Dino's web server 2.1 ...) NOTE: not-for-us (Dino's Webserver) CAN-2002-1132 {DSA-191} CAN-2002-1131 (Cross-site scripting vulnerabilities in SquirrelMail 1.2.7 and ...) {DSA-191} CAN-2002-1130 NOTE: reserved CAN-2002-1129 (Buffer overflow in dxterm allows local users to execute arbitrary code ...) NOTE: not-for-us (HP Tru64) CAN-2002-1128 (Buffer overflow in inc mail utility for Compaq Tru64/OSF1 3.x allows ...) NOTE: not-for-us (HP Tru64) CAN-2002-1127 (Buffer overflow in uucp in Compaq Tru64/OSF1 3.x allows local users to ...) NOTE: not-for-us (HP Tru64) CAN-2002-1125 (FreeBSD port programs that use libkvm for FreeBSD 4.6.2-RELEASE and ...) NOTE: not-for-us (FreeBSD) CAN-2002-1124 (Multiple buffer overflows in purity 1-16 allow local users to gain ...) {DSA-166} CAN-2002-1121 (SMTP content filter engines, including (1) GFI MailSecurity for ...) NOTE: Some SMTP mailscanners can be bypassed by fragmenting NOTE: messages. TODO: check Debian mailscanners, if any. CAN-2002-1120 (Buffer overflow in Savant Web Server 3.1 and earlier allows remote ...) NOTE: not-for-us (Savant Web Server) CAN-2002-1119 {DSA-159} CAN-2002-1116 {DSA-161} CAN-2002-1115 (Mantis 0.17.4a and earlier allows remote attackers to view private ...) {DSA-161} CAN-2002-1114 (config_inc2.php in Mantis before 0.17.4 allows remote attackers to ...) {DSA-153} CAN-2002-1113 {DSA-153} CAN-2002-1112 {DSA-153} CAN-2002-1111 {DSA-153} CAN-2002-1110 (Multiple SQL injection vulnerabilities in Mantis 0.17.2 and earlier, ...) {DSA-153} CAN-2002-1103 (Cisco VPN 3000 Concentrator 2.2.x, 3.6(Rel), and 3.x before 3.5.5, ...) NOTE: not-for-us (Cisco) CAN-2002-1101 (Cisco VPN 3000 Concentrator 2.2.x, 3.6(Rel), and 3.x before 3.5.5, ...) NOTE: not-for-us (Cisco) CAN-2002-1100 (Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.3, allows remote ...) NOTE: not-for-us (Cisco) CAN-2002-1094 (Information leaks in Cisco VPN 3000 Concentrator 2.x.x and 3.x.x ...) NOTE: not-for-us (Cisco) CAN-2002-1090 (Buffer overflow in read_smtp_response of protocol.c in libesmtp before ...) - libesmtp5 0.8.11-1 CAN-2002-1089 (rwcgi60 CGI program in Oracle Reports Server, by design, provides ...) NOTE: not-for-us (Oracle) CAN-2002-1087 (The scripts (1) createdir.php, (2) removedir.php and (3) ...) NOTE: not-for-us (ezContents) CAN-2002-1086 (Multiple SQL injection vulnerabilities in ezContents 1.41 and earlier ...) NOTE: not-for-us (ezContents) CAN-2002-1085 (Multiple cross-site scripting vulnerabilities in ezContents 1.41 and ...) NOTE: not-for-us (ezContents) CAN-2002-1084 (The VerifyLogin function in ezContents 1.41 and earlier does not ...) NOTE: not-for-us (ezContents) CAN-2002-1083 (Directory traversal vulnerabilities in ezContents 1.41 and earlier ...) NOTE: not-for-us (ezContents) CAN-2002-1082 (The Image Upload capability for ezContents 1.40 and earlier allows ...) NOTE: not-for-us (ezContents) CAN-2002-1080 (The Administration console for Abyss Web Server 1.0.3 before Patch 2 ...) NOTE: not-for-us (Abyss) CAN-2002-1078 (Abyss Web Server 1.0.3 allows remote attackers to list directory ...) NOTE: not-for-us (Abyss) CAN-2002-1077 (IPSwitch IMail Web Calendaring service (iwebcal) allows remote ...) NOTE: not-for-us (IPSwitch) CAN-2002-1075 (Buffer overflow in Pegasus mail client 4.01 and earlier allows remote ...) NOTE: not-for-us (Pegasus) CAN-2002-1073 (Buffer overflow in the control service for MERCUR Mailserver 4.2 ...) NOTE: not-for-us (MERCUR Mailserver) CAN-2002-1072 (ZyXEL Prestige 642R 2.50(FA.1) and Prestige 310 V3.25(M.01), allows ...) NOTE: not-for-us (ZyXEL) CAN-2002-1071 (ZyXEL Prestige 642R allows remote attackers to cause a denial of ...) NOTE: not-for-us (ZyXEL) CAN-2002-1070 (Cross-site scripting vulnerability in PHPWiki Postnuke wiki module ...) TODO: check CAN-2002-1069 (The remote administration capability for the D-Link DI-804 router 4.68 ...) TODO: check CAN-2002-1068 (The web server for D-Link DP-300 print server allows remote attackers ...) TODO: check CAN-2002-1067 (Administrative web interface for IC9 Pocket Print Server Firmware ...) TODO: check CAN-2002-1066 (Thomas Hauck Jana Server 1.4.6 and earlier allows remote attackers to ...) TODO: check CAN-2002-1065 (Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and earlier, ...) TODO: check CAN-2002-1064 (Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and earlier, ...) TODO: check CAN-2002-1063 (Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and earlier, ...) TODO: check CAN-2002-1062 (Signedness error in Thomas Hauck Jana Server 2.x through 2.2.1, and ...) TODO: check CAN-2002-1061 (Multiple buffer overflows in Thomas Hauck Jana Server 2.x through ...) TODO: check CAN-2002-1058 (Directory traversal vulnerability in splashAdmin.php for Cobalt Qube ...) TODO: check CAN-2002-1055 (Buffer overflow in administrative web server for Brother NC-3100h ...) TODO: check CAN-2002-1052 (Jigsaw 2.2.1 on Windows systems allows remote attackers to use MS-DOS ...) TODO: check CAN-2002-1051 {DSA-254} CAN-2002-1048 (HP JetDirect printers allow remote attackers to obtain the ...) TODO: check CAN-2002-1047 (The FTP service in Watchguard Soho Firewall 5.0.35a allows remote ...) TODO: check CAN-2002-1045 (Ultrafunk Popcorn 1.20 allows remote attackers to cause a denial of ...) TODO: check CAN-2002-1044 (Buffer overflow in Ultrafunk Popcorn 1.20 allows remote attackers to ...) TODO: check CAN-2002-1043 (Ultrafunk Popcorn 1.20 allows remote attackers to cause a denial of ...) TODO: check CAN-2002-1042 (Directory traversal vulnerability in search engine for iPlanet web ...) TODO: check CAN-2002-1041 (Unknown vulnerability in DCE (1) SMIT panels and (2) configuration ...) TODO: check CAN-2002-1040 (Unknown vulnerability in the WebSecure (DFSWeb) configuration ...) TODO: check CAN-2002-1038 (Double Choco Latte (DCL) before 20020706 does not properly verify if a ...) TODO: check CAN-2002-1037 (Cross-site scripting vulnerability in Double Choco Latte (DCL) before ...) TODO: check CAN-2002-1036 (Cross-site scripting vulnerability in search.pl for Fluid Dynamics ...) TODO: check CAN-2002-1034 (none.php for SunPS iRunbook 2.5.2 allows remote attackers to read ...) TODO: check CAN-2002-1033 (Directory traversal vulnerability in none.php for SunPS iRunbook 2.5.2 ...) TODO: check CAN-2002-1032 (Buffer overflow in KeyFocus (KF) web server 1.0.5 and earlier allows ...) TODO: check CAN-2002-1029 (Res Manager in Worldspan for Windows Gateway 4.1 allows remote ...) TODO: check CAN-2002-1028 (Multiple buffer overflows in the CGI programs for Oddsock Song ...) TODO: check CAN-2002-1027 (Cross-site scripting vulnerability in the default HTTP 500 error ...) TODO: check CAN-2002-1026 (Macromedia Sitespring 1.2.0 (277.1) using Sybase runtime engine ...) TODO: check CAN-2002-1023 (BadBlue server allows remote attackers to cause a denial of service ...) TODO: check CAN-2002-1022 (BadBlue server stores passwords in plaintext in the ext.ini file, ...) TODO: check CAN-2002-1021 (BadBlue server allows remote attackers to read restricted files, such ...) TODO: check CAN-2002-1020 (The library feature for Adobe Content Server 3.0 allows a remote ...) TODO: check CAN-2002-1019 (The library feature for Adobe Content Server 3.0 allows a remote ...) TODO: check CAN-2002-1018 (The library feature for Adobe Content Server 3.0 does not verify if a ...) TODO: check CAN-2002-1017 (Adobe eBook Reader 2.1 and 2.2 allows a user to copy eBooks to other ...) TODO: check CAN-2002-1016 (Adobe eBook Reader allows a user to bypass restrictions for copy, ...) TODO: check CAN-2002-1012 (Buffer overflow in web server for Tivoli Management Framework (TMF) ...) TODO: check CAN-2002-1011 (Buffer overflow in web server for Tivoli Management Framework (TMF) ...) TODO: check CAN-2002-1010 (Lotus Domino R4 allows remote attackers to bypass access restrictions ...) TODO: check CAN-2002-1009 (Cross-site scripting vulnerability in PowerBASIC pbcgi.cgi, as ...) TODO: check CAN-2002-1008 (Cross-site scripting vulnerability in PowerBASIC urlcount.cgi, as ...) TODO: check CAN-2002-1007 (Cross-site scripting vulnerabilities in Blackboard 5 allow remote ...) TODO: check CAN-2002-1005 (ArGoSoft Mail Server 1.8.1.7 and earlier allows a webmail user to ...) TODO: check CAN-2002-1003 (Buffer overflow in MyWebServer 1.02 and earlier allows remote ...) TODO: check CAN-2002-1001 (Buffer overflows in AnalogX Proxy before 4.12 allows remote attackers ...) TODO: check CAN-2002-0999 (Multiple SQL injection vulnerabilities in CARE 2002 before beta 1.0.02 ...) TODO: check CAN-2002-0998 (Directory traversal vulnerability in cafenews.php for CARE 2002 before ...) TODO: check CAN-2002-0997 (Buffer overflows in IMAP Agent (imapd) for Novell NetMail (NIMS) 3.0.3 ...) TODO: check CAN-2002-0996 (Multiple buffer overflows in Novell NetMail (NIMS) 3.0.3 before 3.0.3C ...) TODO: check CAN-2002-0994 (SunPCi II VNC uses a weak authentication scheme, which allows remote ...) TODO: check CAN-2002-0993 (Unknown vulnerability in HP Instant Support Enterprise Edition (ISEE) ...) TODO: check CAN-2002-0992 (Unknown vulnerability in IPV6 functionality for DCE daemons (1) dced ...) TODO: check CAN-2002-0991 (Buffer overflows in the cifslogin command for HP CIFS/9000 Client ...) TODO: check CAN-2002-0986 {DSA-168} CAN-2002-0985 {DSA-168} CAN-2002-0983 (IRC client irssi in irssi-text before 0.8.4 allows remote attackers to ...) {DSA-157} CAN-2002-0982 (Microsoft SQL Server 2000 SP2, when configured as a distributor, ...) TODO: check CAN-2002-0980 (The Web Folder component for Internet Explorer 5.5 and 6.0 writes an ...) TODO: check CAN-2002-0979 (The Java logging feature for the Java Virtual Machine in Internet ...) TODO: check CAN-2002-0978 (Microsoft File Transfer Manager (FTM) ActiveX control before 4.0 ...) TODO: check CAN-2002-0977 (Buffer overflow in Microsoft File Transfer Manager (FTM) ActiveX ...) TODO: check CAN-2002-0976 (Internet Explorer 4.0 and later allows remote attackers to read ...) TODO: check CAN-2002-0975 (Buffer overflow in Microsoft DirectX Files Viewer ActiveX control ...) TODO: check CAN-2002-0973 (Integer signedness error in several system calls for FreeBSD 4.6.1 ...) TODO: check CAN-2002-0972 (Buffer overflows in PostgreSQL 7.2 allow attackers to cause a denial ...) {DSA-165} CAN-2002-0971 (Vulnerability in VNC, TightVNC, and TridiaVNC allows local users to ...) TODO: check CAN-2002-0970 {DSA-155} CAN-2002-0966 (Buffer overflow in 4D web server 6.7.3 allow remote attackers to cause ...) TODO: check CAN-2002-0963 (SQL injection vulnerability in comment.php for GeekLog 1.3.5 and ...) TODO: check CAN-2002-0962 (Cross-site scripting vulnerabilities in GeekLog 1.3.5 and earlier ...) TODO: check CAN-2002-0961 (Vulnerabilities in Voxel Dot Net CBMS 0.7 and earlier allow remote ...) TODO: check CAN-2002-0960 (Multiple cross-site scripting vulnerabilities in Voxel Dot Net CBMS ...) TODO: check CAN-2002-0959 (Cross-site scripting vulnerability in Splatt Forum 3.0 allows remote ...) TODO: check CAN-2002-0957 (The default configuration of BlackICE Agent 3.1.eal and 3.1.ebh has a ...) TODO: check CAN-2002-0956 (BlackICE Agent 3.1.eal does not always reactivate after a system ...) TODO: check CAN-2002-0955 (Cross-site scripting vulnerability in YaBB.cgi for Yet Another ...) TODO: check CAN-2002-0954 (The encryption algorithms for enable and passwd commands on Cisco PIX ...) TODO: check CAN-2002-0951 (SQL injection vulnerability in Ruslan <Body>Builder allows remote ...) TODO: check CAN-2002-0950 (Cross-site scripting vulnerability in TransWARE Active! mail 1.422 and ...) TODO: check CAN-2002-0949 (Telindus 1100 series ADSL router allows remote attackers to gain ...) TODO: check CAN-2002-0948 (Scripts For Educators MakeBook 2.2 CGI program allows remote attackers ...) TODO: check CAN-2002-0944 (Cross-site scripting vulnerability in DeepMetrix LiveStats 5.03 ...) TODO: check CAN-2002-0943 (MetaCart2.sql stores the user database under the web document root ...) TODO: check CAN-2002-0942 (Buffer overflows in Lugiment Log Explorer before 3.02 allow attackers ...) TODO: check CAN-2002-0940 (domesticinstall.exe for nCipher MSCAPI CSP 5.50 and 5.54 does not use ...) TODO: check CAN-2002-0939 (The Install Wizard for nCipher MSCAPI CSP 5.50 does not use Operator ...) TODO: check CAN-2002-0937 (The Java Server Pages (JSP) engine in JRun allows web page owners to ...) TODO: check CAN-2002-0936 (The Java Server Pages (JSP) engine in Tomcat allows web page owners to ...) TODO: check CAN-2002-0934 (Directory traversal vulnerability in Jon Hedley AlienForm2 (typically ...) TODO: check CAN-2002-0933 (Datalex PLC BookIt! Consumer before 2.2 stores usernames and passwords ...) TODO: check CAN-2002-0932 (SQL injection vulnerability in index.php for MyHelpDesk 20020509, and ...) TODO: check CAN-2002-0931 (Cross-site scripting vulnerabilities in MyHelpDesk 20020509, and ...) TODO: check CAN-2002-0930 (Format string vulnerability in the FTP server for Novell Netware 6.0 ...) TODO: check CAN-2002-0929 (Buffer overflows in the DHCP server for NetWare 6.0 SP1 allow remote ...) TODO: check CAN-2002-0928 (Buffer overflow in the Pirch 98 IRC client allows remote attackers to ...) TODO: check CAN-2002-0926 (Directory traversal vulnerability in Wolfram Research webMathematica ...) TODO: check CAN-2002-0925 (Format string vulnerability in mmsyslog function allows remote ...) TODO: check CAN-2002-0924 (CGIScript.net csNews.cgi allows remote authenticated users to execute ...) TODO: check CAN-2002-0923 (CGIScript.net csNews.cgi allows remote authenticated users to read ...) TODO: check CAN-2002-0922 (CGIScript.net csNews.cgi allows remote attackers to obtain database ...) TODO: check CAN-2002-0921 (CGIScript.net csNews.cgi allows remote attackers to obtain potentially ...) TODO: check CAN-2002-0920 (CGIScript.net csPassword.cgi stores usernames and unencrypted ...) TODO: check CAN-2002-0919 (CGIScript.net csPassword.cgi allows remote authenticated users to ...) TODO: check CAN-2002-0918 (CGIScript.net csPassword.cgi leaks sensitive information such as the ...) TODO: check CAN-2002-0917 (CGIScript.net csPassword.cgi stores .htpasswd files under the web ...) TODO: check CAN-2002-0915 (autorun in Xandros based Linux distributions allows local users to ...) TODO: check CAN-2002-0913 (Format string vulnerability in log_doit function of Slurp NNTP client ...) TODO: check CAN-2002-0912 (in.uucpd UUCP server in Debian GNU/Linux 2.2, and possibly other ...) TODO: check CAN-2002-0910 (Buffer overflows in netstd 3.07-17 package allows remote DNS servers ...) TODO: check CAN-2002-0909 (Multiple buffer overflows in mnews 1.22 and earlier allow (1) a remote ...) TODO: check CAN-2002-0908 (Directory traversal vulnerability in the web server for Cisco IDS ...) TODO: check CAN-2002-0907 (Buffer overflow in SHOUTcast 1.8.9 and other versions before 1.8.12 ...) TODO: check CAN-2002-0905 (Buffer overflow in sqlexec for Informix SE-7.25 allows local users to ...) TODO: check CAN-2002-0903 (register.php for WoltLab Burning Board (wbboard) 1.1.1 uses a small ...) TODO: check CAN-2002-0902 (Cross-site scripting vulnerability in phpBB 2.0.0 (phpBB2) allows ...) TODO: check CAN-2002-0901 (Multiple buffer overflows in Advanced Maryland Automatic Network Disk ...) TODO: check CAN-2002-0899 (Falcon web server 2.0.0.1021 and earlier allows remote attackers to ...) TODO: check CAN-2002-0896 (The throttle capability in Swatch may fail to report certain events if ...) TODO: check CAN-2002-0894 (NewAtlanta ServletExec ISAPI 4.1 allows remote attackers to cause a ...) TODO: check CAN-2002-0893 (Directory traversal vulnerability in NewAtlanta ServletExec ISAPI 4.1 ...) TODO: check CAN-2002-0888 (3Com OfficeConnect Remote 812 ADSL Router, firmware 1.1.9 and 1.1.7, ...) TODO: check CAN-2002-0886 (Cisco DSL CPE devices running CBOS 2.4.4 and earlier allows remote ...) TODO: check CAN-2002-0885 (Multiple buffer overflows in in.rarpd (ARP server) on Solaris, and ...) TODO: check CAN-2002-0884 (Multiple format string vulnerabilities in in.rarpd (ARP server) on ...) TODO: check CAN-2002-0883 (Vulnerability in Compaq ProLiant BL e-Class Integrated Administrator ...) TODO: check CAN-2002-0882 (The web server for Cisco IP Phone (VoIP) models 7910, 7940, and 7960 ...) TODO: check CAN-2002-0881 (Cisco IP Phone (VoIP) models 7910, 7940, and 7960 use a default ...) TODO: check CAN-2002-0880 (Cisco IP Phone (VoIP) models 7910, 7940, and 7960 allow remote ...) TODO: check CAN-2002-0879 (showtemp.cfm for Gafware CFXImage 1.6.6 allows remote attackers to ...) TODO: check CAN-2002-0878 (SQL injection vulnerability in the login form for LogiSense software ...) TODO: check CAN-2002-0877 (Directory traversal vulnerability in the FTP server for Shambala 4.5 ...) TODO: check CAN-2002-0876 (Web server for Shambala 4.5 allows remote attackers to cause a denial ...) TODO: check CAN-2002-0874 (Vulnerability in Interchange 4.8.6, 4.8.3, and other versions, when ...) {DSA-150} CAN-2002-0870 (The original patch for the Cisco Content Service Switch 11000 Series ...) TODO: check CAN-2002-0869 (Unknown vulnerability in the hosting process (dllhost.exe) for ...) TODO: check CAN-2002-0868 NOTE: reserved CAN-2002-0863 (Remote Data Protocol (RDP) version 5.0 in Microsoft Windows 2000 and ...) TODO: check CAN-2002-0862 (The (1) CertGetCertificateChain, (2) CertVerifyCertificateChainPolicy, ...) TODO: check CAN-2002-0861 (Microsoft Office Web Components (OWC) 2000 and 2002 allows remote ...) TODO: check CAN-2002-0858 (catsnmp in Oracle 9i and 8i is installed with a dbsnmp user with a ...) TODO: check CAN-2002-0857 (Format string vulnerabilities in Oracle Listener Control utility ...) TODO: check CAN-2002-0855 (Cross-site scripting vulnerability in Mailman before 2.0.12 allows ...) {DSA-147} CAN-2002-0854 (Buffer overflows in ISDN Point to Point Protocol (PPP) daemon (ipppd) ...) TODO: check CAN-2002-0852 (Buffer overflows in Cisco Virtual Private Network (VPN) Client 3.5.4 ...) TODO: check CAN-2002-0849 (Linux-iSCSI iSCSI implementation installs the iscsi.conf file with ...) TODO: check CAN-2002-0843 (Buffer overflows in the ApacheBench benchmark support program (ab.c) ...) {DSA-195 DSA-188 DSA-187} - apache 1.3.27-0.1 CAN-2002-0841 NOTE: rejected CAN-2002-0840 {DSA-195 DSA-188 DSA-187} - apache2 2.0.43-1 - apache 1.3.27-0.1 CAN-2002-0839 (The shared memory scoreboard in the HTTP daemon for Apache 1.3.x ...) {DSA-195 DSA-188 DSA-187} - apache 1.3.27-0.1 CAN-2002-0838 (Buffer overflow in (1) gv 3.5.8 and earlier, (2) gvv 1.0.2 and ...) {DSA-182 DSA-179 DSA-176} CAN-2002-0837 (wordtrans 1.1pre8 and earlier in the wordtrans-web package allows ...) TODO: check CAN-2002-0836 {DSA-207} CAN-2002-0834 (Buffer overflow in the ISIS dissector for Ethereal 0.9.5 and earlier ...) {DSA-162} CAN-2002-0833 (Buffer overflow in Eudora 5.1.1 and 5.0-J for Windows, and possibly ...) TODO: check CAN-2002-0832 (Internet Explorer 5, 5.6, and 6 allows remote attackers to bypass ...) TODO: check CAN-2002-0828 NOTE: rejected CAN-2002-0827 (Vulnerability in pppd on UnixWare 7.1.1 and Open UNIX 8.0.0 allows ...) TODO: check CAN-2002-0825 (Buffer overflow in the DNS SRV code for nss_ldap before nss_ldap-198 ...) TODO: check CAN-2002-0822 (Ethereal 0.9.4 and earlier allows remote attackers to cause a denial ...) TODO: check CAN-2002-0821 (Buffer overflows in Ethereal 0.9.4 and earlier allow remote attackers ...) TODO: check CAN-2002-0820 (FreeBSD kernel 4.6 and earlier closes the file descriptors 0, 1, and 2 ...) TODO: check CAN-2002-0819 (Format string vulnerability in artsd, when called by artswrapper, ...) TODO: check CAN-2002-0815 (The Javascript "Same Origin Policy" (SOP), as implemented in (1) ...) TODO: check CAN-2002-0812 (Information leak in Compaq WL310, and the Orinoco Residential Gateway ...) TODO: check CAN-2002-0811 (Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, may allow remote ...) TODO: check CAN-2002-0807 (Cross-site scripting vulnerabilities in Bugzilla 2.14 before 2.14.2, ...) TODO: check CAN-2002-0803 (Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, allows remote ...) TODO: check CAN-2002-0800 (BadBlue 1.7.0 allows remote attackers to list the contents of ...) TODO: check CAN-2002-0799 (Buffer overflow in YoungZSoft CMailServer 3.30 allows remote attackers ...) TODO: check CAN-2002-0798 (Vulnerability in swinstall for HP-UX 11.00 and 11.11 allows local ...) TODO: check CAN-2002-0797 (Buffer overflow in the MIB parsing component of mibiisa for Solaris ...) TODO: check CAN-2002-0796 (Format string vulnerability in the logging component of snmpdx for ...) TODO: check CAN-2002-0793 (Hard link and possibly symbolic link following vulnerabilities in QNX ...) TODO: check CAN-2002-0792 (The web management interface for Cisco Content Service Switch (CSS) ...) TODO: check CAN-2002-0791 (Novell Netware FTP server NWFTPD before 5.02r allows remote attackers ...) TODO: check CAN-2002-0787 (Cross-site scripting vulnerabilities in iCon administrative web server ...) TODO: check CAN-2002-0786 (iCon administrative web server for Critical Path inJoin Directory ...) TODO: check CAN-2002-0784 (Directory traversal vulnerability in Lysias Lidik web server 0.7b ...) TODO: check CAN-2002-0783 (Opera 6.01, 6.0, and 5.12 allows remote attackers to execute arbitrary ...) TODO: check CAN-2002-0782 (Novell BorderManager 3.5 with PAT (Port-Address Translate) enabled ...) TODO: check CAN-2002-0781 (RTSP proxy for Novell BorderManager 3.6 SP 1a allows remote attackers ...) TODO: check CAN-2002-0780 (IP/IPX gateway for Novell BorderManager 3.6 SP 1a allows remote ...) TODO: check CAN-2002-0779 (FTP proxy server for Novell BorderManager 3.6 SP 1a allows remote ...) TODO: check CAN-2002-0775 (browse.asp in Hosting Controller allows remote attackers to view ...) TODO: check CAN-2002-0774 (Hosting Controller creates a default user AdvWebadmin with a default ...) TODO: check CAN-2002-0773 (imp_rootdir.asp for Hosting Controller allows remote attackers to copy ...) TODO: check CAN-2002-0772 (Directory traversal vulnerability in dsnmanager.asp for Hosting ...) TODO: check CAN-2002-0771 (Cross-site scripting vulnerability in viewcvs.cgi for ViewCVS 0.9.2 ...) TODO: check CAN-2002-0770 (Quake 2 (Q2) server 3.20 and 3.21 allows remote attackers to obtain ...) TODO: check CAN-2002-0769 (The web-based configuration interface for the Cisco ATA 186 Analog ...) TODO: check CAN-2002-0767 (simpleinit on Linux systems does not close a read/write FIFO file ...) TODO: check CAN-2002-0764 (Phorum 3.3.2a allows remote attackers to execute arbitrary commands ...) TODO: check CAN-2002-0763 (Vulnerability in administration server for HP VirtualVault 4.5 on ...) TODO: check CAN-2002-0757 ((1) Webmin 0.96 and (2) Usermin 0.90 with password timeouts enabled ...) TODO: check CAN-2002-0756 (Cross-site scripting vulnerability in the authentication page for (1) ...) TODO: check CAN-2002-0753 (Buffer overflow in Talentsoft Web+ 5.0 allows remote attackers to ...) TODO: check CAN-2002-0752 (CGIscript.net csMailto.cgi program exports feedback to a file that is ...) TODO: check CAN-2002-0751 (CGIscript.net csMailto.cgi program allows remote attackers to use ...) TODO: check CAN-2002-0750 (CGIscript.net csMailto.cgi program allows remote attackers to read ...) TODO: check CAN-2002-0749 (CGIscript.net csMailto.cgi allows remote attackers to execute ...) TODO: check CAN-2002-0747 (Buffer overflow in lsmcode in AIX 4.3.3. ...) TODO: check CAN-2002-0746 (Vulnerability in template.dhcpo in AIX 4.3.3 related to an insecure ...) TODO: check CAN-2002-0745 (Buffer overflow in uucp in AIX 4.3.3. ...) TODO: check CAN-2002-0744 (namerslv in AIX 4.3.3 core dumps when called with a very long ...) TODO: check CAN-2002-0743 (mail and mailx in AIX 4.3.3 core dump when called with a very long ...) TODO: check CAN-2002-0742 (Buffer overflow in pioout on AIX 4.3.3. ...) TODO: check CAN-2002-0740 (Buffer overflow in slrnpull for the SLRN package, when installed ...) TODO: check CAN-2002-0739 (Cross-site scripting in PostCalendar 3.02 allows remote attackers to ...) TODO: check CAN-2002-0735 (Format string vulnerability in the logging() function in C-Note Squid ...) TODO: check CAN-2002-0732 (Cross-site scripting vulnerability in MyGuestbook 1.0 allows remote ...) NOTE: not-for-us (MyGuestbook) CAN-2002-0731 (Cross-site scripting vulnerability in demonstration scripts for ...) NOTE: not-for-us (vqServer) CAN-2002-0730 (Cross-site scripting vulnerability in guestbook.pl for Philip ...) NOTE: not-for-us (guestbook) begin claimed by djoume CAN-2002-0728 (Buffer overflow in the progressive reader for libpng 1.2.x before ...) {DSA-140} CAN-2002-0725 (NTFS file system in Windows NT 4.0 and Windows 2000 SP2 allows local ...) TODO: check CAN-2002-0724 (Buffer overflow in SMB (Server Message Block) protocol in Microsoft ...) TODO: check CAN-2002-0723 (Microsoft Internet Explorer 5.5 and 6.0 does not properly verify the ...) TODO: check CAN-2002-0721 (Microsoft SQL Server 7.0 and 2000 installs with weak permissions for ...) TODO: check CAN-2002-0717 (PHP 4.2.0 and 4.2.1 allows remote attackers to cause a denial of ...) TODO: check CAN-2002-0715 (Vulnerability in Squid before 2.4.STABLE6 related to proxy ...) TODO: check CAN-2002-0713 (Buffer overflows in Squid before 2.4.STABLE6 allow remote attackers to ...) TODO: check CAN-2002-0712 (Entrust Authority Security Manager (EASM) 6.0 does not properly ...) TODO: check CAN-2002-0711 (Unknown vulnerability in Cluster Interconnect for HP TruCluster Server ...) TODO: check CAN-2002-0709 (SQL injection vulnerabilities in the Web Reports Server for ...) TODO: check CAN-2002-0708 (Directory traversal vulnerability in the Web Reports Server for ...) TODO: check CAN-2002-0707 (The Web Reports Server for SurfControl SuperScout WebFilter allows ...) TODO: check CAN-2002-0706 (UserManager.js in the Web Reports Server for SurfControl SuperScout ...) TODO: check CAN-2002-0705 (The Web Reports Server for SurfControl SuperScout WebFilter stores the ...) TODO: check CAN-2002-0702 (Format string vulnerabilities in the logging routines for dynamic DNS ...) TODO: check CAN-2002-0699 (Unknown vulnerability in the Certificate Enrollment ActiveX Control in ...) TODO: check CAN-2002-0693 (Buffer overflow in the HTML Help ActiveX Control (hhctrl.ocx) in ...) TODO: check CAN-2002-0690 (Format string vulnerability in McAfee Security ePolicy Orchestrator ...) TODO: check CAN-2002-0689 NOTE: reserved CAN-2002-0686 (Buffer overflow in the search component for iPlanet Web Server (iWS) ...) TODO: check CAN-2002-0684 (Buffer overflow in DNS resolver functions that perform lookup of ...) TODO: check CAN-2002-0683 (Directory traversal vulnerability in Carello 1.3 allows remote ...) TODO: check CAN-2002-0681 (Cross-site scripting vulnerability in GoAhead Web Server 2.1 allows ...) TODO: check CAN-2002-0680 (Directory traversal vulnerability in GoAhead Web Server 2.1 allows ...) TODO: check CAN-2002-0677 (CDE ToolTalk database server (ttdbserver) allows remote attackers to ...) TODO: check CAN-2002-0675 (Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 ...) TODO: check CAN-2002-0670 (The web interface for Pingtel xpressa SIP-based voice-over-IP phone ...) TODO: check CAN-2002-0669 (The web interface for Pingtel xpressa SIP-based voice-over-IP phone ...) TODO: check CAN-2002-0667 (Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 ...) TODO: check CAN-2002-0666 (IPSEC implementations including (1) FreeS/WAN and (2) KAME do not ...) {DSA-201} CAN-2002-0664 (The default Access Control Lists (ACLs) of the administration database ...) TODO: check end claimed by djoume CAN-2002-0662 {DSA-160} CAN-2002-0661 (Directory traversal vulnerability in Apache 2.0 through 2.0.39 on ...) - apache2 2.0.40 CAN-2002-0660 (Buffer overflow in libpng 1.0.12-3.woody.2 and libpng3 ...) {DSA-140} CAN-2002-0659 (The ASN1 library in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and ...) {DSA-136} CAN-2002-0657 (Buffer overflow in OpenSSL 0.9.7 before 0.9.7-beta3, with Kerberos ...) {DSA-136} CAN-2002-0656 (Buffer overflows in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and ...) {DSA-136} CAN-2002-0655 (OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, does not ...) {DSA-136} STOP: this is approximatly the release of woody, so we can stop here CAN-2002-0654 (Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote ...) - apache2 2.0.40 CAN-2002-0652 (xfsmd for IRIX 6.5 through 6.5.16 allows remote attackers to execute ...) CAN-2002-0649 (Multiple buffer overflows in SQL Server 2000 Resolution Service allow ...) CAN-2002-0646 NOTE: rejected CAN-2002-0645 (SQL injection vulnerability in stored procedures for Microsoft SQL ...) CAN-2002-0644 (Buffer overflow in several Database Consistency Checkers (DBCCs) for ...) CAN-2002-0643 (The installation of Microsoft Data Engine 1.0 (MSDE 1.0), and ...) CAN-2002-0641 (Buffer overflow in bulk insert procedure of Microsoft SQL Server 2000, ...) CAN-2002-0637 (InterScan VirusWall 3.52 build 1462 allows remote attackers to bypass ...) CAN-2002-0636 NOTE: reserved CAN-2002-0635 NOTE: reserved CAN-2002-0634 NOTE: reserved CAN-2002-0633 NOTE: reserved CAN-2002-0632 (Vulnerability in SGI BDS (Bulk Data Service) BDSPro 2.4 and earlier ...) CAN-2002-0629 (The Telnet service for Polycom ViewStation before 7.2.4 allows remote ...) CAN-2002-0628 (The Telnet service for Polycom ViewStation before 7.2.4 does not ...) CAN-2002-0626 (Polycom ViewStation before 7.2.4 has a default null password for the ...) CAN-2002-0624 (Buffer overflow in the password encryption function of Microsoft SQL ...) CAN-2002-0620 (Buffer overflow in the Profile Service of Microsoft Commerce Server ...) CAN-2002-0614 (PHP-Survey 20000615 and earlier stores the global.inc file under the ...) CAN-2002-0612 (FileSeek.cgi allows remote attackers to execute arbitrary commands via ...) CAN-2002-0611 (Directory traversal vulnerability in FileSeek.cgi allows remote ...) CAN-2002-0610 (Vulnerability in FTPSRVR in HP MPE/iX 6.0 through 7.0 does not ...) CAN-2002-0609 (Vulnerability in HP MPE/iX 6.0 through 7.0 allows attackers to cause a ...) CAN-2002-0608 (Buffer overflow in Matu FTP client 1.74 allows remote FTP servers to ...) CAN-2002-0607 (members.asp in Snitz Forums 2000 version 3.3.03 and earlier allows ...) CAN-2002-0606 (Buffer overflow in 3Cdaemon 2.0 FTP server allows remote attackers to ...) CAN-2002-0604 (Snapgear Lite+ firewall 1.5.3 and 1.5.4 allows remote attackers to ...) CAN-2002-0603 (Snapgear Lite+ firewall 1.5.3 allows remote attackers to cause a ...) CAN-2002-0602 (Snapgear Lite+ firewall 1.5.4 and 1.5.3 allows remote attackers to ...) CAN-2002-0600 (Heap overflow in the KTH Kerberos 4 FTP client 4-1.1.1 allows remote ...) CAN-2002-0596 (WebTrends Reporting Center 4.0d allows remote attackers to determine ...) CAN-2002-0595 (Buffer overflow in WTRS_UI.EXE (WTX_REMOTE.DLL) for WebTrends ...) CAN-2002-0593 (Buffer overflow in Netscape 6 and Mozilla 1.0 RC1 and earlier allows ...) CAN-2002-0592 (AOL Instant Messenger (AIM) allows remote attackers to steal files ...) CAN-2002-0591 (Directory traversal vulnerability in AOL Instant Messenger (AIM) 4.8 ...) CAN-2002-0590 (Cross-site scripting (CSS) vulnerability in IcrediBB 1.1 Beta allows ...) CAN-2002-0589 (PVote before 1.9 allows remote attackers to change the administrative ...) CAN-2002-0588 (PVote before 1.9 does not authenticate users for restricted ...) CAN-2002-0587 (Buffer overflow in Ns_PdLog function for the external database driver ...) CAN-2002-0586 (Format string vulnerability in Ns_PdLog function for the external ...) CAN-2002-0585 (Vulnerability in ndd for HP-UX 11.11 with certain TRANSPORT patches ...) CAN-2002-0584 (WorkforceROI Xpede 4.1 allows remote attackers to read user timesheets ...) CAN-2002-0583 (WorkforceROI Xpede 4.1 uses a small random namespace (5 alphanumeric ...) CAN-2002-0582 (WorkforceROI Xpede 4.1 stores temporary expense claim reports in a ...) CAN-2002-0581 (WorkforceROI Xpede 4.1 allows remote attackers to execute arbitrary ...) CAN-2002-0580 (WorkforceROI Xpede 4.1 allows remote attackers to obtain the database ...) CAN-2002-0579 (WorkforceROI Xpede 4.1 allows remote attackers to gain privileges as ...) CAN-2002-0578 (Buffer overflow in 4D WebServer 6.7.3 allows remote attackers to cause ...) CAN-2002-0577 (Vulnerability in passwd for HP-UX 11.00 and 11.11 allows local users ...) CAN-2002-0572 (FreeBSD 4.5 and earlier, and possibly other BSD-based operating ...) CAN-2002-0570 (The encrypted loop device in Linux kernel 2.4.10 and earlier does not ...) CAN-2002-0568 (Oracle 9i Application Server stores XSQL and SOAP configuration files ...) CAN-2002-0566 (PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows ...) CAN-2002-0565 (Oracle 9iAS 1.0.2.x compiles JSP files in the _pages directory with ...) CAN-2002-0564 (PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows ...) CAN-2002-0563 (The default configuration of Oracle 9i Application Server 1.0.2.x ...) CAN-2002-0562 (The default configuration of Oracle 9i Application Server 1.0.2.x ...) CAN-2002-0561 (The default configuration of the PL/SQL Gateway web administration ...) CAN-2002-0560 (PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows ...) CAN-2002-0559 (Buffer overflows in PL/SQL module 3.0.9.8.2 in Oracle 9i Application ...) CAN-2002-0558 (Directory traversal vulnerability in TYPSoft FTP server 0.97.1 and ...) CAN-2002-0557 (Vulnerability in OpenBSD 3.0, when using YP with netgroups in the ...) CAN-2002-0556 (Directory traversal vulnerability in Quik-Serv HTTP server 1.1B allows ...) CAN-2002-0555 (IBM Informix Web DataBlade 4.12 unescapes user input even if an ...) CAN-2002-0554 (webdriver in IBM Informix Web DataBlade 4.12 allows remote attackers ...) CAN-2002-0552 (Multiple buffer overflows in Melange Chat server 2.02 allow remote or ...) CAN-2002-0551 (Cross-site scripting vulnerability in Dynamic Guestbook 3.0 allows ...) CAN-2002-0550 (Dynamic Guestbook 3.0 allows remote attackers to execute arbitrary ...) CAN-2002-0549 (Cross-site scripting vulnerabilities in Anthill allow remote attackers ...) CAN-2002-0548 (Anthill allows remote attackers to bypass authentication and file bug ...) CAN-2002-0547 (Buffer overflow in the mini-browser for Winamp 2.79 and earlier allows ...) CAN-2002-0544 (Aprelium Abyss Web Server (abyssws) before 1.0.3 stores the ...) CAN-2002-0541 (Buffer overflow in Tivoli Storage Manager TSM (1) Server or Storage ...) CAN-2002-0540 (Nortel CVX 1800 is installed with a default "public" community string, ...) CAN-2002-0537 (The admin.html file in StepWeb Search Engine (SWS) 2.5 stores ...) CAN-2002-0535 (Cross-site scripting vulnerabilities in PostBoard 2.0.1 and earlier ...) CAN-2002-0534 (PostBoard 2.0.1 and earlier with BBcode allows remote attackers to ...) CAN-2002-0533 (phpBB 1.4.4 and earlier with BBcode allows remote attackers to cause a ...) CAN-2002-0530 (Cross-site scripting vulnerability in Novell Web Search 2.0.1 allows ...) CAN-2002-0529 (HP Photosmart printer driver for Mac OS X installs the ...) CAN-2002-0528 (Watchguard SOHO firewall 5.0.35 unpredictably disables certain IP ...) CAN-2002-0527 (Watchguard SOHO firewall before 5.0.35 allows remote attackers to ...) CAN-2002-0526 (Vulnerability in (1) inews or (2) rnews for INN 2.2.3 and earlier, ...) CAN-2002-0525 (Format string vulnerabilities in (1) inews or (2) rnews for INN 2.2.3 ...) CAN-2002-0524 (ASP-Nuke RC2 and earlier allows remote attackers to determine the ...) CAN-2002-0523 (ASP-Nuke RC2 and earlier allows remote attackers to list all logged-in ...) CAN-2002-0522 (ASP-Nuke RC2 and earlier allows remote attackers to bypass ...) CAN-2002-0521 (Cross-site scripting vulnerabilities in ASP-Nuke RC2 and earlier allow ...) CAN-2002-0520 (Cross-site scripting vulnerability in functions-inc.asp for ASP-Nuke ...) CAN-2002-0518 (The SYN cache (syncache) and SYN cookie (syncookie) mechanism in ...) CAN-2002-0517 (Buffer overflow in X11 library (libX11) on Caldera Open UNIX 8.0.0, ...) CAN-2002-0515 (IPFilter 3.4.25 and earlier sets a different TTL when a port is being ...) CAN-2002-0514 (PF in OpenBSD 3.0 with the return-rst rule sets the TTL to 128 in the ...) CAN-2002-0510 (The UDP implementation in Linux 2.4.x kernels keeps the IP ...) CAN-2002-0509 (Transparent Network Substrate (TNS) Listener in Oracle 9i 9.0.1.1 ...) CAN-2002-0508 (wwwisis 3.45 and earlier allows remote attackers to execute arbitrary ...) CAN-2002-0507 (An interaction between Microsoft Outlook Web Access (OWA) with RSA ...) CAN-2002-0504 (Cross-site scripting vulnerability in Citrix NFuse 1.6 and earlier ...) CAN-2002-0503 (Directory traversal vulnerability in boilerplate.asp for Citrix NFuse ...) CAN-2002-0502 (Citrix NFuse 1.6 may allow remote attackers to list applications ...) CAN-2002-0500 (Internet Explorer 5.0 through 6.0 allows remote attackers to determine ...) CAN-2002-0499 (The d_path function in Linux kernel 2.2.20 and earlier, and 2.4.18 and ...) CAN-2002-0498 (Etnus TotalView 5.0.0-4 installs certain files with UID 5039 and GID ...) CAN-2002-0496 (The HTTP server for SouthWest Talker server 1.0.0 allows remote ...) CAN-2002-0492 (dcshop.cgi in DCShop 1.002 Beta allows remote attackers to delete ...) CAN-2002-0491 (admin.php in AlGuest 1.0 guestbook checks for the existence of the ...) CAN-2002-0489 (Linux Directory Penguin NsLookup CGI script (nslookup.pl) 1.0 allows ...) CAN-2002-0487 (Intellisol Xpede 4.1 stores passwords in plaintext in a Javascript ...) CAN-2002-0486 (Intellisol Xpede 4.1 uses weak encryption to store authentication ...) CAN-2002-0485 (Norton Anti-Virus (NAV) allows remote attackers to bypass content ...) CAN-2002-0483 (index.php for PHP-Nuke 5.4 and earlier allows remote attackers to ...) CAN-2002-0482 (Directory traversal vulnerability in PCI Netsupport Manager before ...) CAN-2002-0481 (An interaction between Windows Media Player (WMP) and Outlook 2002 ...) CAN-2002-0480 (ISS RealSecure for Nokia devices before IPSO build 6.0.2001.141d is ...) CAN-2002-0479 (Gravity Storm Service Pack Manager 2000 creates a hidden share ...) CAN-2002-0478 (The default configuration of Foundry Networks EdgeIron 4802F allows ...) CAN-2002-0477 (Standalone Macromedia Flash Player 5.0 before 5,0,30,2 allows remote ...) CAN-2002-0476 (Standalone Macromedia Flash Player 5.0 allows remote attackers to save ...) CAN-2002-0475 (Cross-site scripting vulnerability in phpBB 1.4.4 and earlier allows ...) CAN-2002-0474 (Cross-site scripting vulnerability in ZeroForum allows remote ...) CAN-2002-0472 (MSN Messenger Service 3.6, and possibly other versions, uses weak ...) CAN-2002-0471 (PHPNetToolpack 0.1 allows remote attackers to execute arbitrary code ...) CAN-2002-0470 (PHPNetToolpack 0.1 relies on its environment's PATH to find and ...) CAN-2002-0469 (Ecartis (formerly Listar) 1.0.0 in snapshot 20020125 and earlier does ...) CAN-2002-0468 (Buffer overflows in Ecartis (formerly Listar) 1.0.0 in snapshot ...) CAN-2002-0467 (Buffer overflows in Ecartis (formerly Listar) 1.0.0 before snapshot ...) CAN-2002-0466 (Hosting Controller 1.4.1 and earlier allows remote attackers to browse ...) CAN-2002-0465 (Directory traversal vulnerability in filemanager.asp for Hosting ...) CAN-2002-0461 (Internet Explorer 5.01 through 6 allows remote attackers to cause a ...) CAN-2002-0460 (Bitvise WinSSHD before 2002-03-16 allows remote attackers to cause a ...) CAN-2002-0459 (Cross-site scripting vulnerability in Board-TNK 1.3.1 and earlier ...) CAN-2002-0458 (Cross-site scripting vulnerability in News-TNK 1.2.1 and earlier ...) CAN-2002-0457 (Cross-site scripting vulnerability in signgbook.php for BG GuestBook ...) CAN-2002-0456 (Eudora 5.1 and earlier versions stores attachments in a directory with ...) CAN-2002-0455 (IncrediMail stores attachments in a directory with a fixed name, which ...) CAN-2002-0453 (The account lockout capability in Oblix NetPoint 5.2 and earlier only ...) CAN-2002-0452 (Foundry Networks ServerIron switches do not decode URIs when applying ...) CAN-2002-0450 (Buffer overflow in Talentsoft Web+ 5.0 and earlier allows remote ...) CAN-2002-0449 (Buffer overflow in webpsvc.exe for Talentsoft Web+ 5.0 and earlier ...) CAN-2002-0448 (Xerver Free Web Server 2.10 and earlier allows remote attackers to ...) CAN-2002-0447 (Directory traversal vulnerability in Xerver Free Web Server 2.10 and ...) CAN-2002-0446 (categorie.php3 in Black Tie Project (BTP) 0.4b through 0.5b allows ...) CAN-2002-0440 (Trend Micro InterScan VirusWall HTTP proxy 3.6 with the "Skip scanning ...) CAN-2002-0439 (Cross-site scripting vulnerability in CaupoShop 1.30a and earlier, and ...) CAN-2002-0438 (ZyXEL ZyWALL 10 before 3.50 allows remote attackers to cause a denial ...) CAN-2002-0436 (sscd_suncourier.pl CGI script in the Sun Sunsolve CD pack allows ...) CAN-2002-0434 (Marcus S. Xenakis directory.php script allows remote attackers to ...) CAN-2002-0433 (Pi3Web 2.0.0 allows remote attackers to view restricted files via an ...) CAN-2002-0432 (Buffer overflow in (1) lprintf and (2) cprintf in sysdep.c of ...) CAN-2002-0430 (MultiFileUploadHandler.php in the Sun Cobalt RaQ XTR administration ...) CAN-2002-0428 (Check Point FireWall-1 SecuRemote/SecuClient 4.0 and 4.1 allows ...) CAN-2002-0427 (Buffer overflows in fpexec in mod_frontpage before 1.6.1 may allow ...) CAN-2002-0426 (VPN Server module in Linksys EtherFast BEFVP41 Cable/DSL VPN Router ...) CAN-2002-0422 (IIS 5 and 5.1 supporting WebDAV methods allows remote attackers to ...) CAN-2002-0421 (IIS 4.0 allows local users to bypass the "User cannot change password" ...) CAN-2002-0420 (Vulnerability in PureTLS before 0.9b2 related to injection attacks, ...) CAN-2002-0419 (Information leaks in IIS 4 through 5.1 allow remote attackers to ...) CAN-2002-0418 (Directory traversal vulnerability in the ...) CAN-2002-0417 (Directory traversal vulnerability in Endymion MailMan before 3.1 ...) CAN-2002-0416 (Buffer overflow in SH39 MailServer 1.21 and earlier allows remote ...) CAN-2002-0415 (Directory traversal vulnerability in the web server used in RealPlayer ...) CAN-2002-0413 (Cross-site scripting vulnerability in ReBB allows remote attackers to ...) CAN-2002-0411 (Cross-site scripting vulnerability in message.php for AeroMail before ...) CAN-2002-0410 (send_message.php in AeroMail before 1.45 allows remote attackers to ...) CAN-2002-0409 (orderdetails.aspx, as made available to Microsoft .NET developers as ...) CAN-2002-0408 (htcgibin.exe in Lotus Domino server 5.0.9a and earlier, when ...) CAN-2002-0407 (htcgibin.exe in Lotus Domino server 5.0.9a and earlier allows remote ...) CAN-2002-0405 (Buffer overflow in Transsoft Broker FTP Server 5.0 evaluation allows ...) CAN-2002-0399 (Directory traversal vulnerability in GNU tar 1.13.19 through 1.13.25, ...) CAN-2002-0392 - apache2 2.0.37 CAN-2002-0393 (Buffer overflow in Red-M 1050 (Bluetooth Access Point) management web ...) CAN-2002-0390 NOTE: reserved CAN-2002-0388 (Cross-site scripting vulnerabilities in Mailman before 2.0.11 allow ...) {DSA-147} CAN-2002-0386 (The administration module for Oracle Web Cache in Oracle9iAS (9i ...) CAN-2002-0385 (Vignette Story Server 4.1 and 6.0 allows remote attackers to obtain ...) CAN-2002-0383 NOTE: reserved CAN-2002-0380 {DSA-255} CAN-2002-0378 (The default configuration of LPRng print spooler in Red Hat Linux 7.0 ...) CAN-2002-0375 (Cross-site scripting vulnerability in sgdynamo.exe for Sgdynamo allows ...) CAN-2002-0371 (Buffer overflow in gopher client for Microsoft Internet Explorer 5.1 ...) CAN-2002-0370 (Buffer overflow in the ZIP capability for multiple products allows ...) CAN-2002-0365 NOTE: reserved CAN-2002-0361 NOTE: reserved CAN-2002-0360 (Buffer overflow in Sun AnswerBook2 1.4 through 1.4.3 allows remote ...) CAN-2002-0354 (The XMLHttpRequest object (XMLHTTP) in Netscape 6.1 and Mozilla 0.9.7 ...) CAN-2002-0353 (The ASN.1 parser in Ethereal 0.9.2 and earlier allows remote attackers ...) CAN-2002-0352 (Phorum 3.3.2 allows remote attackers to determine the email addresses ...) CAN-2002-0351 (Buffer overflows in CFS daemon (cfsd) before 1.3.3-8.1, and 1.4x ...) CAN-2002-0350 (HP Procurve Switch 4000M running firmware C.08.22 and C.09.09 allows ...) CAN-2002-0349 (Tiny Personal Firewall (TPF) 2.0.15, under certain configurations, ...) CAN-2002-0348 (service.cgi in Cobalt RAQ 4 allows remote attackers to cause a denial ...) CAN-2002-0347 (Directory traversal vulnerability in Cobalt RAQ 4 allows remote ...) CAN-2002-0346 (Cross-site scripting vulnerability in Cobalt RAQ 4 allows remote ...) CAN-2002-0345 (Symantec Ghost 7.0 stores usernames and passwords in plaintext in the ...) CAN-2002-0344 (Symantec LiveUpdate 1.5 and earlier in Norton Antivirus stores ...) CAN-2002-0343 (Hotline Client 1.8.5 stores sensitive user information, including ...) CAN-2002-0342 (Kmail 1.2 on KDE 2.1.1 allows remote attackers to cause a denial of ...) CAN-2002-0341 (GWWEB.EXE in GroupWise Web Access 5.5, and possibly other versions, ...) CAN-2002-0340 (Windows Media Player (WMP) 8.00.00.4477, and possibly other versions, ...) CAN-2002-0338 (The Bat! 1.53d and 1.54beta, and possibly other versions, allows ...) CAN-2002-0337 (RealPlayer 8 allows remote attackers to cause a denial of service (CPU ...) CAN-2002-0336 (Buffer overflow in Galacticomm Worldgroup FTP server 3.20 and earlier ...) CAN-2002-0335 (Buffer overflow in Galacticomm Worldgroup web server 3.20 and earlier ...) CAN-2002-0334 (xtell (xtelld) 1.91.1 and earlier, and 2.x before 2.7, allows local ...) CAN-2002-0333 (Directory traversal vulnerability in xtell (xtelld) 1.91.1 and ...) CAN-2002-0332 (Buffer overflows in xtell (xtelld) 1.91.1 and earlier, and 2.x before ...) CAN-2002-0331 (Directory traversal vulnerability in the HTTP server for BPM Studio ...) CAN-2002-0328 (Cross-site scripting vulnerability in Ikonboard 3.0.1 allows remote ...) CAN-2002-0327 (Buffer overflow in Century Software TERM allows local users to gain ...) CAN-2002-0326 (Cross-site scripting vulnerability in BadBlue before 1.6.1 beta allows ...) CAN-2002-0325 (Directory traversal vulnerability in BadBlue before 1.6.1 allows ...) CAN-2002-0324 (Greymatter 1.21c and earlier with the Bookmarklet feature enabled ...) CAN-2002-0323 (comment2.jse in ScriptEase:WebServer allows remote attackers to read ...) CAN-2002-0322 (Yahoo! Messenger 4.0 sends user passwords in cleartext, which could ...) CAN-2002-0321 (Yahoo! Messenger 5.0 allows remote attackers to spoof other users by ...) CAN-2002-0320 (Buffer overflow in Yahoo! Messenger 5.0 allows remote attackers to ...) CAN-2002-0319 (Cross-site scripting vulnerability in edituser.php for pforum 1.14 and ...) CAN-2002-0317 (Gator ActiveX component (IEGator.dll) 3.0.6.1 allows remote web sites ...) CAN-2002-0316 (Cross-site scripting vulnerability in eXtreme message board (XMB) 1.6x ...) CAN-2002-0315 (fasttrack p2p, as used in (1) KaZaA, (2) grokster, and (3) morpheus ...) CAN-2002-0314 (fasttrack p2p, as used in (1) KaZaA before 1.5, (2) grokster, and (3) ...) CAN-2002-0312 (Directory traversal vulnerability in Essentia Web Server 2.1 allows ...) CAN-2002-0311 (Vulnerability in webtop in UnixWare 7.1.1 and Open UNIX 8.0.0 allows ...) CAN-2002-0310 (Netwin WebNews 1.1k CGI program includes several default usernames and ...) CAN-2002-0308 (admin.asp in AdMentor 2.11 allows remote attackers to bypass ...) CAN-2002-0307 (Directory traversal vulnerability in ans.pl in Avenger's News System ...) CAN-2002-0306 (ans.pl in Avenger's News System (ANS) 2.11 and earlier allows remote ...) CAN-2002-0305 (Zero One Tech (ZOT) P100s print server does not properly disable the ...) CAN-2002-0304 (Lil HTTP Server 2.1 allows remote attackers to read password-protected ...) CAN-2002-0303 (GroupWise 6, when using LDAP authentication and when Post Office has a ...) CAN-2002-0301 (Citrix NFuse 1.6 allows remote attackers to bypass authentication and ...) CAN-2002-0298 (ScriptEase MiniWeb Server 0.95 allows remote attackers to cause a ...) CAN-2002-0297 (Buffer overflow in ScriptEase MiniWeb Server 0.95 allows remote ...) CAN-2002-0296 (The installation of Tarantella Enterprise 3 allows local users to ...) CAN-2002-0295 (Alcatel OmniPCX 4400 installs files with world-writable permissions, ...) CAN-2002-0294 (Alcatel 4400 installs the /chetc/shutdown command with setgid ...) CAN-2002-0293 (FTP service in Alcatel OmniPCX 4400 allows the "halt" user to gain ...) CAN-2002-0291 (Dino's Webserver 1.2 allows remote attackers to cause a denial of ...) CAN-2002-0289 (Buffer overflow in Phusion web server 1.0 allows remote attackers to ...) CAN-2002-0288 (Directory traversal vulnerability in Phusion web server 1.0 allows ...) CAN-2002-0286 (The GetPassword function in function.php of SiteNews 0.10 and 0.11 ...) CAN-2002-0285 (Outlook Express 5.5 and 6.0 on Windows treats a carriage return ("CR") ...) CAN-2002-0284 (Winamp 2.78 and 2.77, when opening a wma file that requires a license, ...) CAN-2002-0283 (Windows XP with port 445 open allows remote attackers to cause a ...) CAN-2002-0282 (DCP-Portal 3.7 through 4.5 allows remote attackers to obtain the ...) CAN-2002-0281 (Cross-site scripting vulnerability in DCP-Portal 4.2 and earlier ...) CAN-2002-0280 (Buffer overflow in CodeBlue 4 and earlier, and possibly other ...) CAN-2002-0279 (The kernel in HP-UX 11.11 does not properly provide arguments for ...) CAN-2002-0278 (Directory traversal vulnerability in Add2it Mailman Free 1.73 and ...) CAN-2002-0277 (Add2it Mailman Free 1.73 and earlier allows remote attackers to ...) CAN-2002-0273 (Buffer overflow in CWMail.exe in NetWin before 2.8a allows remote ...) CAN-2002-0272 (Buffer overflows in mpg321 before 0.2.9 allows local and possibly ...) CAN-2002-0271 (Runtime library in GNU Ada compiler (GNAT) 3.12p through 3.14p allows ...) CAN-2002-0270 (Opera, when configured with the "Determine action by MIME type" option ...) CAN-2002-0269 (Internet Explorer 5.x and 6 interprets an object as an HTML document ...) CAN-2002-0268 (Identix BioLogon 3 allows users with physical access to the system to ...) CAN-2002-0266 (Thunderstone Texis CGI script allows remote attackers to obtain the ...) CAN-2002-0264 (PowerFTP Personal FTP Server 2.03 through 2.10 stores sensitive ...) CAN-2002-0263 (Buffer overflow in EasyBoard 2000 1.27 (aka EZboard) allows remote ...) CAN-2002-0262 (Directory traversal vulnerability in netget for Sybex E-Trainer web ...) CAN-2002-0261 (Directory traversal vulnerability in InstantServers MiniPortal 1.1.5 ...) CAN-2002-0260 (Buffer overflow in InstantServers MiniPortal 1.1.5 and earlier allows ...) CAN-2002-0259 (InstantServers MiniPortal 1.1.5 and earlier stores sensitive login and ...) CAN-2002-0258 (Merak Mail IceWarp Web Mail uses a static identifier as a user session ...) CAN-2002-0257 (Cross-site scripting vulnerability in auction.pl of MakeBid Auction ...) CAN-2002-0256 (The telnet port in Arescom NetDSL 1000 router allows remote attackers ...) CAN-2002-0255 (The default configuration of Arescom NetDSL 800 does not require ...) CAN-2002-0254 (ICQ 2001b Build 3659 allows remote attackers to cause a denial of ...) CAN-2002-0253 (PHP, when not configured with the "display_errors = Off" setting in ...) CAN-2002-0252 (Buffer overflow in Apple QuickTime Player 5.01 and 5.02 allows remote ...) CAN-2002-0249 (PHP for Windows, when installed on Apache 2.0.28 beta as a standalone ...) CAN-2002-0248 (wmtv 0.6.5 and earlier allows local users to modify arbitrary files ...) CAN-2002-0247 (Buffer overflows in wmtv 0.6.5 and earlier may allow local users to ...) CAN-2002-0245 (Lotus Domino server 5.0.8 with NoBanner enabled allows remote ...) CAN-2002-0244 (Directory traversal vulnerability in chroot function in AtheOS 0.3.7 ...) CAN-2002-0243 (Cross-site scripting vulnerability in Opera 6.0 and earlier allows ...) CAN-2002-0242 (Cross-site scripting vulnerability in Internet Explorer 6 earlier ...) CAN-2002-0240 (PHP, when installed with Apache and configured to search for index.php ...) CAN-2002-0239 (Buffer overflow in hanterm 3.3.1 and earlier allows local users to ...) CAN-2002-0238 (Cross-site scripting vulnerability in web administration interface for ...) CAN-2002-0236 (Lucent VitalSuite 8.0 through 8.2, including VitalNet, VitalEvent, and ...) CAN-2002-0235 (Castelle FaxPress, possibly 6.3 and other versions, when configured to ...) CAN-2002-0234 (NetScreen ScreenOS before 2.6.1 does not support a maximum number of ...) CAN-2002-0233 (Directory traversal vulnerability in eshare Expressions 4 Web server ...) CAN-2002-0232 (Directory traversal vulnerability in Multi Router Traffic Grapher ...) CAN-2002-0231 (Buffer overflow in mIRC 5.91 and earlier allows a remote server to ...) CAN-2002-0230 (Cross-site scripting vulnerability in fom.cgi of Faq-O-Matic 2.712 ...) CAN-2002-0229 (Safe Mode feature (safe_mode) in PHP 3.0 through 4.1.0 allows ...) CAN-2002-0228 (Microsoft MSN Messenger allows remote attackers to use Javascript that ...) CAN-2002-0227 (KICQ 2.0.0b1 allows remote attackers to cause a denial of service ...) CAN-2002-0225 (tac_plus Tacacs+ daemon F4.0.4.alpha, originally maintained by Cisco, ...) CAN-2002-0224 (The MSDTC (Microsoft Distributed Transaction Service Coordinator) for ...) CAN-2002-0223 (Infopop UBB.Threads 5.4 and Wired Community Software WWWThreads 5.0 ...) CAN-2002-0222 (Etype Eserv 2.97 allows remote attackers to to redirect traffic to ...) CAN-2002-0221 (Etype Eserv 2.97 allows remote attackers to cause a denial of service ...) CAN-2002-0220 (phpsmssend.php in PhpSmsSend 1.0 allows remote attackers to execute ...) CAN-2002-0219 (Buffer overflow in (1) sastcpd in SAS/Base 8.0 and 8.1 or (2) objspawn ...) CAN-2002-0218 (Format string vulnerability in (1) sastcpd in SAS/Base 8.0 and 8.1 or ...) CAN-2002-0217 (Cross-site scripting (CSS) vulnerabilities in the Private Message ...) CAN-2002-0216 (userinfo.php in XOOPS 1.0 RC1 allows remote attackers to obtain ...) CAN-2002-0215 (Agora.cgi 3.2r through 4.0 while in debug mode allows remote attackers ...) CAN-2002-0214 (Compaq Intel PRO/Wireless 2011B LAN USB Device Driver 1.5.16.0 through ...) CAN-2002-0212 (The login for Hosting Controller 1.1 through 1.4.1 returns different ...) CAN-2002-0210 (setlicense for TOLIS Group Backup and Restore Utility (BRU) 17.0 ...) CAN-2002-0208 (PGP Security PGPfire 7.1 for Windows alters the system's TCP/IP stack ...) CAN-2002-0206 (index.php in Francisco Burzi PHP-Nuke 5.3.1 and earlier allows remote ...) CAN-2002-0205 (Cross-site scripting (CSS) vulnerability in error.asp for Plumtree ...) CAN-2002-0204 (Buffer overflow in GNU Chess (gnuchess) 5.02 and earlier, if modified ...) CAN-2002-0203 (ttawebtop.cgi in Tarantella Enterprise 3.20 on SPARC Solaris and ...) CAN-2002-0202 (PaintBBS 1.2 installs certain files and directories with insecure ...) CAN-2002-0201 (Cyberstop Web Server for Windows 0.1 allows remote attackers to cause ...) CAN-2002-0200 (Cyberstop Web Server for Windows 0.1 allows remote attackers to cause ...) CAN-2002-0199 (Buffer overflow in admin.cgi for Nullsoft Shoutcast Server 1.8.3 ...) CAN-2002-0198 (Buffer overflow in plDaniels ripMime 1.2.6 and earlier, as used in ...) CAN-2002-0195 NOTE: reserved CAN-2002-0194 NOTE: reserved CAN-2002-0192 NOTE: rejected CAN-2002-0189 (Cross-site scripting vulnerability in Internet Explorer 6.0 allows ...) CAN-2002-0182 NOTE: reserved CAN-2002-0180 (Buffer overflow in Webalizer 2.01-06, when configured to use reverse ...) CAN-2002-0177 (Buffer overflows in icecast 1.3.11 and earlier allows remote attackers ...) CAN-2002-0165 (LogWatch 2.5 allows local users to gain root privileges via a symlink ...) CAN-2002-0164 (Vulnerability in the MIT-SHM extension of the X server on Linux ...) {DSA-380} CAN-2002-0162 (LogWatch before 2.5 allows local users to execute arbitrary code via a ...) CAN-2002-0161 NOTE: reserved CAN-2002-0154 (Buffer overflows in extended stored procedures for Microsoft SQL ...) CAN-2002-0145 (chuid 1.2 and earlier does not properly verify the ownership of files ...) CAN-2002-0144 (Directory traversal vulnerability in chuid 1.2 and earlier allows ...) CAN-2002-0142 (CGI handler in John Roy Pi3Web for Windows 2.0 beta 1 and 2 allows ...) CAN-2002-0141 (Maelstrom GPL 3.0.1 allows local users to overwrite arbitrary files of ...) CAN-2002-0140 (Domain Name Relay Daemon (dnrd) 2.10 and earlier allows remote ...) CAN-2002-0138 (CDRDAO 1.1.4 and 1.1.5 allows local users to read arbitrary files via ...) CAN-2002-0137 (CDRDAO 1.1.4 and 1.1.5 allows local users to overwrite arbitrary files ...) CAN-2002-0136 (Microsoft Internet Explorer 5.5 on Windows 98 allows remote web pages ...) CAN-2002-0135 (Netopia Timbuktu Pro 6.0.1 and earlier allows remote attackers to ...) CAN-2002-0134 (Telnet proxy in Avirt Gateway Suite 4.2 does not require ...) CAN-2002-0133 (Buffer overflows in Avirt Gateway Suite 4.2 allow remote attackers to ...) CAN-2002-0132 (Buffer overflow in Chinput 3.0 allows local users to execute arbitrary ...) CAN-2002-0131 (ActivePython ActiveX control for Python, when used in Internet ...) CAN-2002-0130 (Buffer overflow in efax 0.9 and earlier, when installed setuid root, ...) CAN-2002-0129 (efax 0.9 and earlier, when installed setuid root, allows local users ...) CAN-2002-0127 (Netgear RP114 Cable/DSL Web Safe Router Firmware 3.26, when configured ...) CAN-2002-0126 (Buffer overflow in BlackMoon FTP Server 1.0 through 1.5 allows remote ...) CAN-2002-0125 (Buffer overflow in ClanLib library 0.5 may allow local users to ...) CAN-2002-0124 (MDG Computer Services Web Server 4D/eCommerce 3.5.3 allows remote ...) CAN-2002-0122 (Siemens 3568i WAP mobile phones allows remote attackers to cause a ...) CAN-2002-0119 (Alcatel Speed Touch Home ADSL Modem allows remote attackers to cause a ...) CAN-2002-0118 (Cross-site scripting vulnerability in Infopop Ultimate Bulletin Board ...) CAN-2002-0116 (Palm OS 3.5h and possibly other versions, as used in Handspring Visor ...) CAN-2002-0114 (Legato NetWorker 6.1 stores passwords in plaintext in the daemon.log ...) CAN-2002-0113 (Legato NetWorker 6.1 stores log files in the /nsr/logs/ directory with ...) CAN-2002-0112 (Etype Eserv 2.97 allows remote attackers to view password protected ...) CAN-2002-0110 (Nevrona Designs MiraMail 1.04 and earlier stores authentication ...) CAN-2002-0109 (Linksys EtherFast BEFN2PS4, BEFSR41, and BEFSR81 Routers, and possibly ...) CAN-2002-0108 (Allaire Forums 2.0.4 and 2.0.5 and Forums! 3.0 and 3.1 allows remote ...) CAN-2002-0106 (BEA Systems Weblogic Server 6.1 allows remote attackers to cause a ...) CAN-2002-0105 (CDE dtlogin in Caldera UnixWare 7.1.0, and possibly other operating ...) CAN-2002-0104 (AFTPD 5.4.4 allows remote attackers to gain sensitive information via ...) CAN-2002-0103 (An installer program for Oracle9iAS Web Cache 2.0.0.x creates ...) CAN-2002-0102 (Oracle9iAS Web Cache 2.0.0.x allows remote attackers to cause a denial ...) CAN-2002-0101 (Microsoft Internet Explorer 6.0 and earlier allows local users to ...) CAN-2002-0100 (AOL AOLserver 3.4.2 Win32 allows remote attackers to bypass ...) CAN-2002-0099 (Buffer overflow in Michael Lamont Savant Web Server 3.0 allows remote ...) CAN-2002-0093 (Buffer overflow in ipcs for HP Tru64 UNIX 4.0f through 5.1a may allow ...) CAN-2002-0091 (Multiple CGI scripts in CIDER SHADOW 1.5 and 1.6 allows remote ...) CAN-2002-0089 (Buffer overflow in admintool in Solaris 2.5 through 8 allows local ...) CAN-2002-0088 (Buffer overflow in admintool in Solaris 2.6, 7, and 8 allows local ...) CAN-2002-0087 (bindsock in Lotus Domino 5.07 on Solaris allows local users to create ...) CAN-2002-0086 (Buffer overflow in bindsock in Lotus Domino 5.0.4 and 5.0.7 on Linux ...) CAN-2002-0085 (cachefsd in Solaris 2.6, 7, and 8 allows remote attackers to cause a ...) CAN-2002-0084 (Buffer overflow in the fscache_setup function of cachefsd in Solaris ...) CAN-2002-0077 (Microsoft Internet Explorer 5.01, 5.5 and 6.0 treats objects invoked ...) CAN-2002-0058 (Vulnerability in Java Runtime Environment (JRE) allows remote ...) CAN-2002-0056 (Buffer overflow in SQL Server 7.0 and 2000 allows remote attackers to ...) CAN-2002-0053 (Buffer overflow in SNMP agent service in Windows 95/98/98SE, Windows ...) CAN-2002-0048 (Multiple signedness errors (mixed signed and unsigned numbers) in the ...) CAN-2002-0041 (Vulnerability in Mail for SGI IRIX 6.5 through 6.5.15f, and possibly ...) CAN-2002-0039 (rpcbind in SGI IRIX 6.5 through 6.5.15f, and possibly earlier ...) CAN-2002-0037 (Lotus Domino Servers 5.x, 4.6x, and 4.5x allows attackers to bypass ...) CAN-2002-0035 NOTE: reserved CAN-2002-0034 (The Microsoft CONVERT.EXE program, when used on Windows 2000 and ...) CAN-2002-0031 (Buffer overflows in Yahoo! Messenger 5,0,0,1064 and earlier allows ...) CAN-2002-0030 (The digital signature mechanism for the Adobe Acrobat PDF viewer only ...) CAN-2002-0029 (Buffer overflows in the DNS stub resolver library in ISC BIND 4.9.2 ...) {DSA-196} CAN-2002-0019 NOTE: reserved CAN-2002-0016 NOTE: reserved CAN-2002-0015 NOTE: reserved CAN-2002-0013 (Vulnerabilities in the SNMPv1 request handling of a large number of ...) CAN-2002-0012 (Vulnerabilities in a large number of SNMP implementations allow ...) CAN-2002-0010 (Bugzilla before 2.14.1 allows remote attackers to inject arbitrary SQL ...) CAN-2002-0008 (Bugzilla before 2.14.1 allows remote attackers to (1) spoof a user ...) CAN-2002-0001 (Vulnerability in RFC822 address parser in mutt before 1.2.5.1 and mutt ...) CAN-2001-1413 (Stack-based buffer overflow in the comprexx function for ncompress ...) NOTE: not vulnerable according to http://www.debian.org/security/nonvulns-sarge CAN-2001-1412 (nidump on MacOS X before 10.3 allows local users to read the encrypted ...) CAN-2001-1411 (Format string vulnerability in gm4 (aka m4) on Mac OS X may allow ...) CAN-2001-1410 (Internet Explorer 6 and earlier allows remote attackers to create ...) CAN-2001-1409 (dexconf in XFree86 Xserver 4.1.0-2 creates the /dev/dri directory with ...) CAN-2001-1408 (Directory traversal vulnerability in readmsg.php in WebMail 2.0.1 in ...) CAN-2001-1405 (Bugzilla before 2.14 does not restrict access to sanitycheck.cgi, ...) CAN-2001-1404 (Bugzilla before 2.14 stores user passwords in plaintext and sends ...) CAN-2001-1403 (Bugzilla before 2.14 includes the username and password in URLs, which ...) CAN-2001-1402 (Bugzilla before 2.14 does not properly escape untrusted parameters, ...) CAN-2001-1401 (Bugzilla before 2.14 does not properly restrict access to confidential ...) CAN-2001-1400 (Unknown vulnerabilities in the UDP port allocation for Linux kernel ...) CAN-2001-1399 (Certain operations in Linux kernel before 2.2.19 on the x86 ...) CAN-2001-1398 (Masquerading code for Linux kernel before 2.2.19 does not fully check ...) CAN-2001-1397 (The System V (SYS5) shared memory implementation for Linux kernel ...) CAN-2001-1396 (Unknown vulnerabilities in strnlen_user for Linux kernel before ...) CAN-2001-1395 (Unknown vulnerability in sockfilter for Linux kernel before 2.2.19 ...) CAN-2001-1394 (Signedness error in (1) getsockopt and (2) setsockopt for Linux kernel ...) CAN-2001-1393 (Unknown vulnerability in classifier code for Linux kernel before ...) CAN-2001-1392 (The Linux kernel before 2.2.19 does not have unregister calls for (1) ...) CAN-2001-1390 (Unknown vulnerability in binfmt_misc in the Linux kernel before ...) CAN-2001-1389 (Multiple vulnerabilities in xinetd 2.3.0 and earlier, and additional ...) CAN-2001-1388 (iptables before 1.2.4 does not accurately convert rate limits that are ...) CAN-2001-1387 (iptables-save in iptables before 1.2.4 records the "--reject-with ...) CAN-2001-1384 (ptrace in Linux 2.2.x through 2.2.19, and 2.4.x through 2.4.9, allows ...) CAN-2001-1379 (The PostgreSQL authentication modules (1) mod_auth_pgsql 0.9.5, and ...) CAN-2001-1377 (Multiple RADIUS implementations do not properly validate the ...) CAN-2001-1376 (Buffer overflow in digest calculation function of multiple RADIUS ...) CAN-2001-1368 (Vulnerability in iPlanet Web Server 4 included in Virtualvault ...) CAN-2001-1366 (netscript before 1.6.3 parses dynamic variables, which could allow ...) CAN-2001-1365 (Vulnerability in IntraGnat before 1.4. ...) CAN-2001-1364 (Vulnerability in autodns.pl for AutoDNS before 0.0.4 related to domain ...) CAN-2001-1363 (Vulnerability in phpWebSite before 0.7.9 related to running multiple ...) CAN-2001-1362 (Vulnerability in the server for nPULSE before 0.53p4. ...) CAN-2001-1361 (Vulnerability in The Web Information Gateway (TWIG) 2.7.1, possibly ...) CAN-2001-1360 (Vulnerability in Scanner Access Now Easy (SANE) before 1.0.5, related ...) CAN-2001-1358 (Vulnerabilities in phpMyChat before 0.14.4 allow local and possibly ...) CAN-2001-1357 (Multiple vulnerabilities in phpMyChat before 0.14.5 exist in (1) ...) CAN-2001-1356 (NetWin SurgeFTP 2.0f and earlier encrypts passwords using weak ...) CAN-2001-1355 (Buffer overflows in NetWin Authentication Module (NWAuth) 3.0b and ...) CAN-2001-1354 (NetWin Authentication module (NWAuth) 2.0 and 3.0b, as implemented in ...) CAN-2001-1353 (ghostscript before 6.51 allows local users to read and write arbitrary ...) CAN-2001-1348 (TWIG 2.6.2 and earlier allows remote attackers to perform unauthorized ...) CAN-2001-1346 (Computer Associates ARCserveIT 6.61 and 6.63 (also called ARCservIT) ...) CAN-2001-1344 (WSSecurity.pl in WebStore allows remote attackers to bypass ...) CAN-2001-1343 (ws_mail.cgi in WebStore 400/400CS 4.14 allows remote authenticated ...) CAN-2001-1341 (The Beck GmbH IPC@Chip embedded web server installs the chipcfg.cgi ...) CAN-2001-1340 (Beck GmbH IPC@Chip TelnetD service supports only one connection and ...) CAN-2001-1339 (Beck IPC GmbH IPC@CHIP telnet service does not delay or disconnect ...) CAN-2001-1338 (Beck IPC GmbH IPC@CHIP TelnetD server generates different responses ...) CAN-2001-1337 (Beck IPC GmbH IPC@CHIP Embedded-Webserver allows remote attackers to ...) CAN-2001-1336 (CesarFTP 0.98b and earlier stores usernames and passwords in plaintext ...) CAN-2001-1335 (Directory traversal vulnerability in CesarFTP 0.98b and earlier allows ...) CAN-2001-1333 (Linux CUPS before 1.1.6 does not securely handle temporary files, ...) CAN-2001-1332 (Buffer overflows in Linux CUPS before 1.1.6 may allow remote attackers ...) CAN-2001-1331 (mandb in the man-db package before 2.3.16-3 allows local users to ...) CAN-2001-1330 (Buffer overflow in rsh on AIX 4.2.0.0 may allow local users to gain ...) CAN-2001-1329 (Buffer overflow in rsh on AIX 4.2.0.0 may allow local users to gain ...) CAN-2001-1326 (Eudora 5.1 allows remote attackers to execute arbitrary code when the ...) CAN-2001-1325 (Internet Explorer 5.0 and 5.5, and Outlook Express 5.0 and 5.5, allow ...) CAN-2001-1324 (cvmlogin and statfile in Paul Jarc idtools before 2001.06.27 do not ...) CAN-2001-1323 (Buffer overflow in MIT Kerberos 5 (krb5) 1.2.2 and earlier allows ...) CAN-2001-1321 (Oracle Internet Directory Server 2.1.1.x and 3.0.1 allows remote ...) CAN-2001-1320 (Network Associates PGP Keyserver 7.0 allows remote attackers to cause ...) CAN-2001-1319 (Microsoft Exchange 5.5 2000 allows remote attackers to cause a denial ...) CAN-2001-1318 (Vulnerabilities in Qualcomm Eudora WorldMail Server may allow remote ...) CAN-2001-1317 (Teamware Office Enterprise Directory allows remote attackers to cause ...) CAN-2001-1316 (Buffer overflows in Teamware Office Enterprise Directory allows remote ...) CAN-2001-1315 (Critical Path (1) InJoin Directory Server or (2) LiveContent Directory ...) CAN-2001-1314 (Buffer overflows in Critical Path (1) InJoin Directory Server or (2) ...) CAN-2001-1313 (Lotus Domino R5 before R5.0.7a allows remote attackers to cause a ...) CAN-2001-1312 (Format string vulnerabilities in Lotus Domino R5 before R5.0.7a allow ...) CAN-2001-1311 (Buffer overflows in Lotus Domino R5 before R5.0.7a allow remote ...) CAN-2001-1310 (IBM SecureWay 3.2.1 allow remote attackers to cause a denial of ...) CAN-2001-1309 (Buffer overflows in IBM SecureWay 3.2.1 allow remote attackers to ...) CAN-2001-1308 (Format string vulnerabilities in iPlanet Directory Server 4.1.4 and ...) CAN-2001-1307 (Buffer overflows in iPlanet Directory Server 4.1.4 and earlier (LDAP) ...) CAN-2001-1306 (iPlanet Directory Server 4.1.4 and earlier (LDAP) allows remote ...) CAN-2001-1305 (ICQ 2001a Alpha and earlier allows remote attackers to automatically ...) CAN-2001-1304 (Buffer overflow in SHOUTcast Server 1.8.2 allows remote attackers to ...) CAN-2001-1300 (Directory traversal vulnerability in Dynu FTP server 1.05 and earlier ...) CAN-2001-1298 (Webodex PHP script 1.0 and earlier allows remote attackers to include ...) CAN-2001-1294 (Buffer overflow in A-V Tronics Inetserv 3.2.1 and earlier allows ...) CAN-2001-1293 (Buffer overflow in web server of 3com HomeConnect Cable Modem External ...) CAN-2001-1292 (Sambar Telnet Proxy/Server allows remote attackers to cause a denial ...) CAN-2001-1290 (admin.cgi in Active Classifieds Free Edition 1.0, and possibly ...) CAN-2001-1289 (Quake 3 arena 1.29f and 1.29g allows remote attackers to cause a ...) CAN-2001-1288 (Windows 2000 and Windows NT allows local users to cause a denial of ...) CAN-2001-1287 (Buffer overflow in Web Calendar in Ipswitch IMail 7.04 and earlier ...) CAN-2001-1286 (Ipswitch IMail 7.04 and earlier stores a user's session ID in a URL, ...) CAN-2001-1285 (Directory traversal vulnerability in readmail.cgi for Ipswitch IMail ...) CAN-2001-1284 (Ipswitch IMail 7.04 and earlier uses predictable session IDs for ...) CAN-2001-1283 (The webmail interface for Ipswitch IMail 7.04 and earlier allows ...) CAN-2001-1282 (Ipswitch IMail 7.04 and earlier records the physical path of ...) CAN-2001-1281 (Web Messaging Server for Ipswitch IMail 7.04 and earlier allows remote ...) CAN-2001-1280 (POP3 Server for Ipswitch IMail 7.04 and earlier generates different ...) CAN-2001-1278 (Zope before 2.2.4 allows partially trusted users to bypass security ...) CAN-2001-1275 (MySQL before 3.23.31 allows users with a MySQL account to use the SHOW ...) CAN-2001-1274 (Buffer overflow in MySQL before 3.23.31 allows attackers to cause a ...) CAN-2001-1273 (The "mxcsr P4" vulnerability in the Linux kernel before 2.2.17-14, ...) CAN-2001-1272 (wmtv 0.6.5 and earlier does not properly drop privileges, which allows ...) CAN-2001-1271 (Directory traversal vulnerability in rar 2.02 and earlier allows ...) CAN-2001-1270 (Directory traversal vulnerability in the console version of PKZip ...) CAN-2001-1269 (Info-ZIP UnZip 5.42 and earlier allows attackers to overwrite ...) CAN-2001-1268 (Directory traversal vulnerability in Info-ZIP UnZip 5.42 and earlier ...) CAN-2001-1265 (Directory traversal vulnerability in IBM alphaWorks Java TFTP server ...) CAN-2001-1264 (Vulnerability in mkacct in HP-UX 11.04 running Virtualvault Operating ...) CAN-2001-1263 (telnet95.exe in Pragma InterAccess 4.0 build 5 allows remote attackers ...) CAN-2001-1262 (Avaya Argent Office 2.1 compares a user-provided SNMP community string ...) CAN-2001-1261 (Avaya Argent Office 2.1 may allow remote attackers to change hold ...) CAN-2001-1260 (Avaya Argent Office uses weak encryption (trivial encoding) for ...) CAN-2001-1259 (Avaya Argent Office allows remote attackers to cause a denial of ...) CAN-2001-1258 (Horde Internet Messaging Program (IMP) before 2.2.6 allows local users ...) CAN-2001-1257 (Cross-site scripting vulnerability in Horde Internet Messaging Program ...) CAN-2001-1256 (kmmodreg in HP-UX 11.11, 11.04 and 11.00 allows local users to create ...) CAN-2001-1255 (WinMySQLadmin 1.1 stores the MySQL password in plain text in the ...) CAN-2001-1254 (Web Access component for COM2001 Alexis 2.0 and 2.1 in InternetPBX ...) CAN-2001-1253 (Alexis 2.0 and 2.1 in COM2001 InternetPBX stores voicemail passwords ...) CAN-2001-1250 (vWebServer 1.2.0 allows remote attackers to cause a denial of service ...) CAN-2001-1249 (vWebServer 1.2.0 allows remote attackers to cause a denial of service ...) CAN-2001-1248 (vWebServer 1.2.0 allows remote attackers to view arbitrary ASP scripts ...) CAN-2001-1245 (Opera 5.0 for Linux does not properly handle malformed HTTP headers, ...) CAN-2001-1244 (Multiple TCP implementations could allow remote attackers to cause a ...) CAN-2001-1243 (Scripting.FileSystemObject in asp.dll for Microsoft IIS 4.0 and 5.0 ...) CAN-2001-1242 (Directory traversal vulnerability in Un-CGI 1.9 and earlier allows ...) CAN-2001-1241 (Un-CGI 1.9 and earlier does not verify that a CGI script has the ...) CAN-2001-1239 (PowerNet IX allows remote attackers to cause a denial of service via a ...) CAN-2001-1238 (Task Manager in Windows 2000 does not allow local users to end ...) CAN-2001-1233 (Netware Enterprise Web Server 5.1 running GroupWise WebAccess 5.5 with ...) CAN-2001-1232 (GroupWise WebAccess 5.5 with directory indexing enabled allows a ...) CAN-2001-1230 (Buffer overflows in Icecast before 1.3.10 allow remote attackers to ...) CAN-2001-1229 (Buffer overflows in (1) Icecast before 1.3.9 and (2) libshout before ...) CAN-2001-1228 (Buffer overflows in gzip 1.3x, 1.2.4, and other versions might allow ...) CAN-2001-1226 (AdCycle 1.17 and earlier allow remote attackers to modify SQL queries, ...) CAN-2001-1225 (Hughes Technology Mini SQL 2.0.10 through 2.0.12 allows local users to ...) CAN-2001-1224 (get_input in adrotate.pm for Les VanBrunt AdRotate Pro 2.0 allows ...) CAN-2001-1223 (The web administration server for ELSA Lancom 1100 Office does not ...) CAN-2001-1222 (Plesk Server Administrator (PSA) 1.0 allows remote attackers to obtain ...) CAN-2001-1221 (D-Link DWL-1000AP Firmware 3.2.28 #483 Wireless LAN Access Point uses ...) CAN-2001-1220 (D-Link DWL-1000AP Firmware 3.2.28 #483 Wireless LAN Access Point ...) CAN-2001-1219 (Microsoft Internet Explorer 6.0 and earlier allows malicious website ...) CAN-2001-1218 (Microsoft Internet Explorer for Unix 5.0SP1 allows local users to ...) CAN-2001-1217 (Directory traversal vulnerability in PL/SQL Apache module in Oracle ...) CAN-2001-1216 (Buffer overflow in PL/SQL Apache module in Oracle 9i Application ...) CAN-2001-1214 (manual.php in Marcus S. Xenakis Unix Manual 1.0 allows remote ...) CAN-2001-1213 (The default configuration of DataWizard FtpXQ 2.0 and 2.1 includes a ...) CAN-2001-1212 (Cross-site scripting vulnerability in catgy.cgi for Aktivate 1.03 ...) CAN-2001-1211 (Ipswitch IMail 7.0.4 and earlier allows attackers with administrator ...) CAN-2001-1210 (Cisco ubr900 series routers that conform to the Data-over-Cable ...) CAN-2001-1209 (Directory traversal vulnerability in zml.cgi allows remote attackers ...) CAN-2001-1208 (Format string vulnerability in DayDream BBS allows remote attackers to ...) CAN-2001-1207 (Buffer overflows in DayDream BBS 2.9 through 2.13 allow remote ...) CAN-2001-1206 (Matrix CGI vault Last Lines 2.0 allows remote attackers to execute ...) CAN-2001-1205 (Directory traversal vulnerability in lastlines.cgi for Last Lines 2.0 ...) CAN-2001-1204 (Directory traversal vulnerability in phprocketaddin in Total PC ...) CAN-2001-1202 (Cross-site scripting vulnerability in DeleGate 7.7.0 and 7.7.1 does ...) CAN-2001-1198 (RLPDaemon in HP-UX 10.20 and 11.0 allows local users to overwrite ...) CAN-2001-1197 (klprfax_filter in KDE2 KDEUtils allows local users to overwrite ...) CAN-2001-1196 (Directory traversal vulnerability in edit_action.cgi of Webmin ...) CAN-2001-1195 (Novell Groupwise 5.5 and 6.0 Servlet Gateway is installed with a ...) CAN-2001-1194 (Zyxel Prestige 681 and 1600 SDSL Routers allow remote attackers to ...) CAN-2001-1192 (Citrix Independent Computing Architecture (ICA) Client for Windows 6.1 ...) CAN-2001-1191 (WebSeal in IBM Tivoli SecureWay Policy Director 3.8 allows remote ...) CAN-2001-1190 (The default PAM files included with passwd in Mandrake Linux 8.1 do ...) CAN-2001-1189 (IBM Websphere Application Server 3.5.3 and earlier stores a password ...) CAN-2001-1188 (mailto.exe in Brian Dorricott MAILTO 1.0.9 and earlier allows remote ...) CAN-2001-1187 (csvform.pl 0.1 allows remote attackers to execute arbitrary commands ...) CAN-2001-1184 (wrshdsp.exe in Denicomp Winsock RSHD/NT 2.21.00 and earlier allows ...) CAN-2001-1182 (Vulnerability in login in HP-UX 11.00, 11.11, and 10.20 allows ...) CAN-2001-1181 (Dynamically Loadable Kernel Module (dlkm) static kernel symbol table ...) CAN-2001-1179 (xman allows local users to gain privileges by modifying the MANPATH to ...) CAN-2001-1178 (Buffer overflow in xman allows local users to gain privileges via a ...) CAN-2001-1173 (Vulnerability in MasqMail before 0.1.15 allows local users to gain ...) CAN-2001-1171 (Check Point Firewall-1 3.0b through 4.0 SP1 follows symlinks and ...) CAN-2001-1170 (AmTote International homebet program stores the homebet.log file in ...) CAN-2001-1169 (keyinit in S/Key does not require authentication to initialize a ...) CAN-2001-1168 (Directory traversal vulnerability in index.php in PhpMyExplorer before ...) CAN-2001-1167 (Vulnerability in /opt/prm/bin of HP Process Resource Manager (PRM) ...) CAN-2001-1165 (Intego FileGuard 4.0 uses weak encryption to store user information ...) CAN-2001-1164 (Buffer overflow in uucp utilities in UnixWare 7 allows local users to ...) CAN-2001-1163 (Buffer overflow in Munica Corporation NetSQL 1.0 allows remote ...) CAN-2001-1159 (load_prefs.php and supporting include files in SquirrelMail 1.0.4 and ...) CAN-2001-1157 (Baltimore Technologies WEBsweeper 4.0 and 4.02 does not properly ...) CAN-2001-1156 (TYPSoft FTP 0.95 allows remote attackers to cause a denial of service ...) CAN-2001-1154 (Cyrus 2.0.15, 2.0.16, and 1.6.24 on BSDi 4.2, with IMAP enabled, ...) CAN-2001-1152 (Baltimore Technologies WEBsweeper 4.02, when used to manage URL ...) CAN-2001-1151 (Trend Micro OfficeScan Corporate Edition (aka Virus Buster) 3.53 ...) CAN-2001-1150 (Vulnerability in cgiWebupdate.exe in Trend Micro OfficeScan Corporate ...) CAN-2001-1148 (Buffer overflows in programs used by scoadmin and sysadmsh in SCO ...) CAN-2001-1143 (IBM DB2 7.0 allows a remote attacker to cause a denial of service ...) CAN-2001-1142 (ArGoSoft FTP Server 1.2.2.2 uses weak encryption for user passwords, ...) CAN-2001-1140 (BadBlue Personal Edition v1.02 beta allows remote attackers to read ...) CAN-2001-1139 (Directory traversal vulnerability in ASCII NT WinWrapper Professional ...) CAN-2001-1138 (Directory traversal vulnerability in r.pl (aka r.cgi) of Randy Parker ...) CAN-2001-1137 (D-Link DI-704 Internet Gateway firmware earlier than V2.56b6 allows ...) CAN-2001-1136 (The libsecurity library in HP-UX 11.04 (VVOS) allows attackers to ...) CAN-2001-1135 (ZyXEL Prestige 642R and 642R-I routers do not filter the routers' ...) CAN-2001-1134 (Xerox DocuPrint N40 Printers allow remote attackers to cause a denial ...) CAN-2001-1133 (Vulnerability in a system call in BSDI 3.0 and 3.1 allows local users ...) CAN-2001-1131 (Directory traversal vulnerability in WhitSoft Development SlimFTPd 2.2 ...) CAN-2001-1129 (Format string vulnerabilities in (1) _probuild, (2) _dbutil, (3) ...) CAN-2001-1128 (Buffer overflow in Progress database 8.3D and 9.1C allows local users ...) CAN-2001-1127 (Buffer overflow in Progress database 8.3D and 9.1C could allow a local ...) CAN-2001-1126 (Symantec LiveUpdate 1.4 through 1.6, and possibly later versions, ...) CAN-2001-1125 (Symantec LiveUpdate before 1.6 does not use cryptography to ensure the ...) CAN-2001-1124 (rpcbind in HP-UX 11.00, 11.04 and 11.11 allows remote attackers to ...) CAN-2001-1123 (Vulnerability in Network Node Manager (NNM) 6.2 and earlier in HP ...) CAN-2001-1122 (Windows NT 4.0 SP 6a allows a local user with write access to ...) CAN-2001-1120 (Vulnerabilities in ColdFusion 2.0 through 4.5.1 SP 2 allow remote ...) CAN-2001-1115 (generate.cgi in SIX-webboard 2.01 and before allows remote attackers ...) CAN-2001-1114 (book.cgi in NetCode NC Book 0.2b allows remote attackers to execute ...) CAN-2001-1112 (Buffer overflow in EFTP 2.0.7.337 allows remote attackers to execute ...) CAN-2001-1111 (EFTP 2.0.7.337 stores user passwords in plaintext in the ...) CAN-2001-1110 (EFTP 2.0.7.337 allows remote attackers to obtain NETBIOS credentials ...) CAN-2001-1109 (Directory traversal vulnerability in EFTP 2.0.7.337 allows remote ...) CAN-2001-1107 (SnapStream PVS 1.2a stores its passwords in plaintext in the file ...) CAN-2001-1105 (RSA BSAFE SSL-J 3.0, 3.0.1 and 3.1, as used in Cisco iCND 2.0, caches ...) CAN-2001-1104 (SonicWALL SOHO uses easily predictable TCP sequence numbers, which ...) CAN-2001-1102 (Check Point FireWall-1 3.0b through 4.1 for Solaris allows local users ...) CAN-2001-1101 (The Log Viewer function in the Check Point FireWall-1 GUI for Solaris ...) CAN-2001-1097 (Cisco routers and switches running IOS 12.0 through 12.2.1 allows a ...) CAN-2001-1094 (NetOp School 1.5 allows local users to bypass access restrictions on ...) CAN-2001-1093 (Buffer overflow in msgchk in Digital UNIX 4.0G and earlier allows ...) CAN-2001-1092 (msgchk in Digital UNIX 4.0G and earlier allows a local user to read ...) CAN-2001-1091 (The (1) dump and (2) dump_lfs commands in NetBSD 1.4.x through 1.5.1 ...) CAN-2001-1090 (nss_postgresql 0.6.1 and before allows a remote attacker to execute ...) CAN-2001-1087 (The default configuration of the config.http.tunnel.allow_ports option ...) CAN-2001-1086 (XDM in XFree86 3.3 and 3.3.3 generates easily guessable cookies using ...) CAN-2001-1082 (Directory traversal vulnerability in Livingston/Lucent RADIUS before ...) CAN-2001-1078 (Format string vulnerability in flog function of eXtremail 1.1.9 and ...) CAN-2001-1077 (Buffer overflow in tt_printf function of rxvt 2.6.2 allows local users ...) CAN-2001-1076 (Buffer overflow in whodo in Solaris SunOS 5.5.1 through 5.8 allows ...) CAN-2001-1073 (Webridge PX Application Suite allows remote attackers to obtain ...) CAN-2001-1070 (Sage Software MAS 200 allows remote attackers to cause a denial of ...) CAN-2001-1068 (qpopper 4.01 with PAM based authentication on Red Hat systems ...) CAN-2001-1065 (Web-based configuration utility in Cisco 600 series routers running ...) CAN-2001-1064 (Cisco 600 series routers running CBOS 2.0.1 through 2.4.2ap allows ...) CAN-2001-1061 (Vulnerability in lsmcode in unknown versions of AIX, possibly related ...) CAN-2001-1060 (phpMyAdmin 2.2.0rc3 and earlier allows remote attackers to execute ...) CAN-2001-1058 (The License Manager (mathlm) for Mathematica 4.0 and 4.1 allows remote ...) CAN-2001-1057 (The License Manager (mathlm) for Mathematica 4.0 and 4.1 allows remote ...) CAN-2001-1052 (Empris PHP script allows remote attackers to include arbitrary files ...) CAN-2001-1051 (Dark Hart Portal (darkportal) PHP script allows remote attackers to ...) CAN-2001-1050 (CCCSoftware CCC PHP script allows remote attackers to include ...) CAN-2001-1047 (Race condition in OpenBSD VFS allows local users to cause a denial of ...) CAN-2001-1045 (Directory traversal vulnerability in basilix.php3 in Basilix Webmail ...) CAN-2001-1044 (Basilix Webmail 0.9.7beta, and possibly other versions, stores *.class ...) CAN-2001-1042 (Transsoft Broker 5.9.5.0 allows remote attackers to read arbitrary ...) CAN-2001-1041 (oracle program in Oracle 8.0.x, 8.1.x and 9.0.1 allows local users to ...) CAN-2001-1040 (HP LaserJet, and possibly other JetDirect devices, resets the admin ...) CAN-2001-1039 (The JetAdmin web interface for HP JetDirect does not set a password ...) CAN-2001-1034 (Format string vulnerability in Hylafax on FreeBSD allows local users ...) {DSA-148} CAN-2001-1033 (Compaq TruCluster 1.5 allows remote attackers to cause a denial of ...) CAN-2001-1031 (Directory traversal vulnerability in Meteor FTP 1.0 allows remote ...) CAN-2001-1026 (Trend Micro InterScan AppletTrap 2.0 does not properly filter URLs ...) CAN-2001-1025 (PHP-Nuke 5.x allows remote attackers to perform arbitrary SQL ...) CAN-2001-1024 (login.gas.bat and other CGI scripts in Entrust getAccess allow remote ...) CAN-2001-1023 (Xcache 2.1 allows remote attackers to determine the absolute path of ...) CAN-2001-1021 (Buffer overflows in WS_FTP 2.02 allow remote attackers to execute ...) CAN-2001-1019 (Directory traversal vulnerability in view_item CGI program in ...) CAN-2001-1018 (Lotus Domino web server 5.08 allows remote attackers to determine the ...) CAN-2001-1015 (Buffer overflow in Snes9x 1.37, when installed setuid root, allows ...) CAN-2001-1014 (eshop.pl in WebDiscount(e)shop allows remote attackers to execute ...) CAN-2001-1013 (Apache on Red Hat Linux with with the UserDir directive enabled ...) CAN-2001-1012 (Vulnerability in screen before 3.9.10, related to a multi-attach error, ...) CAN-2001-1009 (Fetchmail (aka fetchmail-ssl) before 5.8.17 allows a remote malicious ...) CAN-2001-1007 (Starfish Truesync Desktop 2.0b as used on the REX 5000 PDA uses a ...) CAN-2001-1006 (Starfish Truesync Desktop 2.0b as used on the REX 5000 PDA does not ...) CAN-2001-1005 (Starfish Truesync Desktop 2.0b as used on the REX 5000 PDA uses weak ...) CAN-2001-1004 (Cross-site scripting (CSS) vulnerability in gnut Gnutella client ...) CAN-2001-1003 (Respondus 1.1.2 for WebCT uses weak encryption to remember usernames ...) CAN-2001-1000 (rlmadmin RADIUS management utility in Merit AAA Server 3.8M, 5.01, and ...) CAN-2001-0999 (Outlook Express 6.00 allows remote attackers to execute arbitrary ...) CAN-2001-0997 (Textor Webmasters Ltd listrec.pl CGI program allows remote attackers ...) CAN-2001-0996 (POP3Lite before 0.2.4 does not properly quote a . (dot) in an email ...) CAN-2001-0994 (Marconi ForeThought 7.1 allows remote attackers to cause a denial of ...) CAN-2001-0992 (shopplus.cgi in ShopPlus shopping cart allows remote attackers to ...) CAN-2001-0991 (Cross-site scripting vulnerability in Proxomitron Naoko-4 BetaFour and ...) CAN-2001-0990 (Inter7 vpopmail 4.10.35 and earlier, when using the MySQL module, ...) CAN-2001-0989 (Buffer overflows in Pileup before 1.2 allows local users to gain root ...) CAN-2001-0988 (Arkeia backup server 4.2.8-2 and earlier creates its database files ...) CAN-2001-0986 (SQLQHit.asp sample file in Microsoft Index Server 2.0 allows remote ...) CAN-2001-0985 (shop.pl in Hassan Consulting Shopping Cart 1.23 allows remote ...) CAN-2001-0984 (Password Safe 1.7(1) leaves cleartext passwords in memory when a user ...) CAN-2001-0983 (UltraEdit uses weak encryption to record FTP passwords in the ...) CAN-2001-0979 (Buffer overflow in swverify in HP-UX 11.0, and possibly other ...) CAN-2001-0976 (Vulnerability in HP Process Resource Manager (PRM) C.01.08.2 and ...) CAN-2001-0975 (Buffer overflow vulnerabilities in Oracle Internet Directory Server ...) CAN-2001-0974 (Format string vulnerabilities in Oracle Internet Directory Server ...) CAN-2001-0972 (Surf-Net ASP Forum before 2.30 uses easily guessable cookies based on ...) CAN-2001-0971 (Directory traversal vulnerability in ACI 4d webserver allows remote ...) CAN-2001-0970 (Cross-site scripting vulnerability in TDForum 1.2 CGI script ...) CAN-2001-0968 (Knox Arkeia server 4.2, and possibly other versions, installs its root ...) CAN-2001-0967 (Knox Arkeia server 4.2, and possibly other versions, uses a constant ...) CAN-2001-0966 (Directory traversal vulnerability in Nudester 1.10 and earlier allows ...) CAN-2001-0964 (Buffer overflow in client for Half-Life 1.1.0.8 and earlier allows ...) CAN-2001-0958 (Buffer overflows in eManager plugin for Trend Micro InterScan ...) CAN-2001-0956 (speechd 0.54 and earlier, with the Festival or rsynth speech synthesis ...) CAN-2001-0955 (Buffer overflow in fbglyph.c in XFree86 before 4.2.0, related to glyph ...) CAN-2001-0953 (Kebi WebMail allows remote attackers to access the administrator menu ...) CAN-2001-0952 (THQ Volition Red Faction Game allows remote attackers to cause a ...) CAN-2001-0950 (ValiCert Enterprise Validation Authority (EVA) Administration Server ...) CAN-2001-0949 (Buffer overflows in forms.exe CGI program in ValiCert Enterprise ...) CAN-2001-0948 (Cross-site scripting (CSS) vulnerability in ValiCert Enterprise ...) CAN-2001-0947 (Forms.exe CGI program in ValiCert Enterprise Validation Authority ...) CAN-2001-0945 (Buffer overflow in Outlook Express 5.0 through 5.02 for Macintosh ...) CAN-2001-0944 (DDE in mIRC allows local users to launch applications under another ...) CAN-2001-0943 (dbsnmp in Oracle 8.0.5 and 8.1.5, under certain conditions, trusts the ...) CAN-2001-0942 (dbsnmp in Oracle 8.1.6 and 8.1.7 uses the ORACLE_HOME environment ...) CAN-2001-0941 (Buffer overflow in dbsnmp in Oracle 8.0.6 through 9.0.1 allows local ...) CAN-2001-0938 (Directory traversal vulnerability in AspUpload 2.1, in certain ...) CAN-2001-0937 (PGPMail.pl 1.31 allows remote attackers to execute arbitrary commands ...) CAN-2001-0935 (Vulnerability in wu-ftpd 2.6.0, and possibly earlier versions, which ...) CAN-2001-0934 (Cooolsoft PowerFTP Server 2.03 allows remote attackers to obtain the ...) CAN-2001-0933 (Cooolsoft PowerFTP Server 2.03 allows remote attackers to list the ...) CAN-2001-0932 (Buffer overflow in Cooolsoft PowerFTP Server 2.03 allows remote ...) CAN-2001-0931 (Directory traversal vulnerability in Cooolsoft PowerFTP Server 2.03 ...) CAN-2001-0930 (Sendpage.pl allows remote attackers to execute arbitrary commands via ...) CAN-2001-0928 (Buffer overflow in the permitted function of GNOME libgtop_daemon in ...) {DSA-301} CAN-2001-0927 (Format string vulnerability in the permitted function of GNOME ...) CAN-2001-0926 (SSIFilter in Allaire JRun 3.1, 3.0 and 2.3.3 allows remote attackers ...) CAN-2001-0925 (The default installation of Apache before 1.3.19 allows remote ...) CAN-2001-0924 (Directory traversal vulnerability in ifx CGI program in Informix Web ...) CAN-2001-0923 (RPM Package Manager 4.0.x through 4.0.2.x allows an attacker to ...) CAN-2001-0922 (ndcgi.exe in Netdynamics 4.x through 5.x, and possibly earlier ...) CAN-2001-0919 (Internet Explorer 5.50.4134.0100 on Windows ME with "Prompt to allow ...) CAN-2001-0916 (Buffer overflow in Berkeley parallel make (pmake) 2.1.33 and earlier ...) CAN-2001-0915 (Format string vulnerability in Berkeley parallel make (pmake) 2.1.33 ...) CAN-2001-0913 (Format string vulnerability in Network Solutions Rwhoisd 1.5.7.2 and ...) CAN-2001-0911 (PHP-Nuke 5.1 stores user and administrator passwords in a base-64 ...) CAN-2001-0910 (Legato Networker before 6.1 allows remote attackers to bypass access ...) CAN-2001-0908 (CITRIX Metaframe 1.8 logs the Client Address (IP address) that is ...) CAN-2001-0904 (Internet Explorer 5.5 and 6 with the Q312461 (MS01-055) patch modifies ...) CAN-2001-0903 (Linear key exchange process in High-bandwidth Digital Content ...) CAN-2001-0898 (Opera 6.0 and earlier allows remote attackers to access sensitive ...) CAN-2001-0897 (Cross-site scripting vulnerability in Infopop Ultimate Bulletin Board ...) CAN-2001-0893 (Acme mini_httpd before 1.16 allows remote attackers to view sensitive ...) CAN-2001-0892 (Acme Thttpd Secure Webserver before 2.22, with the chroot option ...) CAN-2001-0890 (Certain backend drivers in the SANE library 1.0.3 and earlier, as used ...) CAN-2001-0885 NOTE: reserved CAN-2001-0883 NOTE: reserved CAN-2001-0882 NOTE: reserved CAN-2001-0881 NOTE: reserved CAN-2001-0880 NOTE: reserved CAN-2001-0878 NOTE: reserved CAN-2001-0871 (Directory traversal vulnerability in HTTP server for Alchemy Eye and ...) CAN-2001-0870 (HTTP server in Alchemy Eye and Alchemy Network Monitor 1.9x through ...) CAN-2001-0868 (Red Hat Stronghold 2.3 to 3.0 allows remote attackers to retrieve ...) CAN-2001-0858 (Buffer overflow in pppattach and other linked PPP utilities in Caldera ...) CAN-2001-0856 (Common Cryptographic Architecture (CCA) in IBM 4758 allows an attacker ...) CAN-2001-0855 (Buffer overflow in db_loader in ClearCase 4.2 and earlier allows local ...) CAN-2001-0854 (PHP-Nuke 5.2 allows remote attackers to copy and delete arbitrary ...) CAN-2001-0853 (Directory traversal vulnerability in Entrust GetAccess allows remote ...) CAN-2001-0849 (viralator CGI script in Viralator 0.9pre1 and earlier allows remote ...) CAN-2001-0848 (join.cfm in e-Zone Media Fuse Talk allows a local user to execute ...) CAN-2001-0847 (Lotus Domino Web Server 5.x allows remote attackers to gain sensitive ...) CAN-2001-0845 (Vulnerability in DECwindows Motif Server on OpenVMS VAX or Alpha 6.2 ...) CAN-2001-0844 (Vulnerability in (1) Book of guests and (2) Post it! allows remote ...) CAN-2001-0842 (Directory traversal vulnerability in Search.cgi in LB5000 LB5000II ...) CAN-2001-0841 (Directory traversal vulnerability in Search.cgi in Ikonboard ib219 and ...) CAN-2001-0840 (Buffer overflow in Compaq Insight Manager XE 2.1b and earlier allows ...) CAN-2001-0839 (ibillpm.pl in iBill password management system generates weak ...) CAN-2001-0838 (Format string vulnerability in Network Solutions Rwhoisd 1.5.x allows ...) CAN-2001-0835 (Cross-site scripting vulnerability in Webalizer 2.01-06, and possibly ...) CAN-2001-0832 (Vulnerability in Oracle 8.0.x through 9.0.1 on Unix allows local users ...) CAN-2001-0831 (Vulnerability in Oracle Label Security in Oracle 8.1.7 and 9.0.1, when ...) CAN-2001-0829 (A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a ...) CAN-2001-0827 (Cerberus FTP server 1.0 - 1.5 allows remote attackers to cause a ...) CAN-2001-0826 (Buffer overflows in CesarFTPD 0.98b allows remote attackers to execute ...) CAN-2001-0824 (Cross-site scripting vulnerability in IBM WebSphere 3.02 and 3.5 FP2 ...) CAN-2001-0821 (The default configuration of DCShop 1.002 beta places sensitive files ...) CAN-2001-0820 (Buffer overflows in GazTek ghttpd 1.4 allows a remote attacker to ...) CAN-2001-0818 (A buffer overflow the '\s' console command in MDBMS 0.99b9 and earlier ...) CAN-2001-0817 (Vulnerability in HP-UX line printer daemon (rlpdaemon) in HP-UX 10.01 ...) CAN-2001-0814 NOTE: reserved CAN-2001-0813 NOTE: reserved CAN-2001-0812 NOTE: reserved CAN-2001-0811 NOTE: reserved CAN-2001-0810 NOTE: reserved CAN-2001-0809 (Vulnerability in CIFS/9000 Server (SAMBA) A.01.06 and earlier in HP-UX ...) CAN-2001-0808 (gnatsweb.pl in GNATS GnatsWeb 2.7 through 3.95 allows remote attackers ...) CAN-2001-0807 (Internet Explorer 5.0, and possibly other versions, may allow remote ...) CAN-2001-0802 NOTE: reserved CAN-2001-0800 (lpsched in IRIX 6.5.13f and earlier allows remote attackers to execute ...) CAN-2001-0799 (Buffer overflows in lpsched in IRIX 6.5.13f and earlier allow remote ...) CAN-2001-0798 NOTE: reserved CAN-2001-0795 (Perception LiteServe 1.25 allows remote attackers to obtain source ...) CAN-2001-0794 (Buffer overflow in A-FTP Anonymous FTP Server allows remote attackers ...) CAN-2001-0791 (Trend Micro InterScan VirusWall for Windows NT allows remote attackers ...) CAN-2001-0790 (Specter IDS version 4.5 and 5.0 allows a remote attacker to cause a ...) CAN-2001-0789 (Format string vulnerability in avpkeeper in Kaspersky KAV 3.5.135.2 ...) CAN-2001-0788 (Internet Software Solutions Air Messenger LAN Server (AMLServer) 3.4.2 ...) CAN-2001-0786 (Internet Software Solutions Air Messenger LAN Server (AMLServer) 3.4.2 ...) CAN-2001-0785 (Directory traversal in Webpaging interface in Internet Software ...) CAN-2001-0783 (Cisco TFTP server 1.1 allows remote attackers to read arbitrary files ...) CAN-2001-0782 (KDE ktvision 0.1.1-271 and earlier allows local attackers to gain root ...) CAN-2001-0781 (Buffer overflow in SpoonFTP 1.0.0.12 allows remote attacker to execute ...) CAN-2001-0780 (Directory traversal vulnerability in cosmicpro.cgi in Cosmicperl ...) CAN-2001-0778 (OmniHTTPd 2.0.8 and earlier allow remote attackers to obtain source ...) CAN-2001-0777 (Omnicron OmniHTTPd 2.0.8 allows remote attackers to cause a denial of ...) CAN-2001-0776 (Buffer overflow in DynFX MailServer version 2.10 allows remote ...) CAN-2001-0775 (Buffer overflow in xloadimage 4.1 (aka xli 1.16 and 1.17) in Linux ...) CAN-2001-0772 (Buffer overflows and other vulnerabilities in multiple Common Desktop ...) CAN-2001-0771 (Spytech SpyAnywhere 1.50 allows remote attackers to gain administrator ...) CAN-2001-0768 (GuildFTPd 0.9.7 stores user names and passwords in plaintext in the ...) CAN-2001-0767 (Directory traversal vulnerability in GuildFTPd 0.9.7 allows attackers ...) CAN-2001-0766 (Apache on MacOS X Client 10.0.3 with the HFS+ file system allows ...) CAN-2001-0762 (Buffer overflow in su-wrapper 1.1.1 allows local users to execute ...) CAN-2001-0761 (Buffer overflow in HttpSave.dll in Trend Micro InterScan WebManager ...) CAN-2001-0759 (Buffer overflow in bctool in Jetico BestCrypt 0.8.1 and earlier allows ...) CAN-2001-0758 (Directory traversal vulnerability in Shambala 4.5 allows remote ...) CAN-2001-0756 (CatalogMgr.pl in VirtualCatalog (incorrectly claimed to be in ...) CAN-2001-0755 (Buffer overflow in ftp daemon (ftpd) 6.2 in Debian GNU/Linux allows ...) CAN-2001-0753 (Cisco CBOS 2.3.8 and earlier stores the passwords for (1) exec and (2) ...) CAN-2001-0747 (Buffer overflow in iPlanet Web Server (iWS) Enterprise Edition 4.1, ...) CAN-2001-0746 (Buffer overflow in Web Publisher in iPlanet Web Server Enterprise ...) CAN-2001-0744 (Horde IMP 2.2.4 and earlier allows local users to overwrite files via ...) CAN-2001-0743 (Paging function in O'Reilly WebBoard Pager 4.10 allows remote ...) CAN-2001-0742 (Buffer overflow in Computalynx CMail POP3 mail server 2.4.9 allows ...) CAN-2001-0737 (A long 'synch' delay in Logitech wireless mice and keyboard receivers ...) CAN-2001-0736 (Vulnerability in (1) pine before 4.33 and (2) the pico editor, ...) CAN-2001-0735 (Buffer overflow in cfingerd 1.4.3 and earlier with the ...) CAN-2001-0734 (Hitachi Super-H architecture in NetBSD 1.5 and 1.4.1 allows a local ...) CAN-2001-0729 (Apache 1.3.20 on Windows servers allows remote attackers to bypass the ...) CAN-2001-0725 NOTE: reserved CAN-2001-0721 (Universal Plug and Play (UPnP) in Windows 98, 98SE, ME, and XP allows ...) CAN-2001-0715 (Sendmail before 8.12.1, without the RestrictQueueRun option enabled, ...) CAN-2001-0714 (Sendmail before 8.12.1, without the RestrictQueueRun option enabled, ...) CAN-2001-0713 (Sendmail before 8.12.1 does not properly drop privileges when the -C ...) CAN-2001-0712 (The rendering engine in Internet Explorer determines the MIME type ...) CAN-2001-0711 (Cisco IOS 11.x and 12.0 with ATM support allows attackers to cause a ...) CAN-2001-0709 (Microsoft IIS 4.0 and before, when installed on a FAT partition, ...) CAN-2001-0708 (Denicomp REXECD 1.05 and earlier allows a remote attacker to cause a ...) CAN-2001-0707 (Denicomp RSHD 2.18 and earlier allows a remote attacker to cause a ...) CAN-2001-0705 (Directory traversal vulnerability in tradecli.dll in Arcadia Internet ...) CAN-2001-0704 (tradecli.dll in Arcadia Internet Store 1.0 allows a remote attacker to ...) CAN-2001-0703 (tradecli.dll in Arcadia Internet Store 1.0 allows a remote attacker to ...) CAN-2001-0702 (Cerberus FTP 1.5 and earlier allows remote attackers to cause a denial ...) CAN-2001-0695 (WFTPD 3.00 R5 allows a remote attacker to cause a denial of service by ...) CAN-2001-0694 (Directory traversal vulnerability in WFTPD 3.00 R5 allows a remote ...) CAN-2001-0693 (WebTrends HTTP Server 3.1c and 3.5 allows a remote attacker to view ...) CAN-2001-0691 (Buffer overflows in Washington University imapd 2000a through 2000c ...) CAN-2001-0689 (Vulnerability in TrendMicro Virus Control System 1.8 allows a remote ...) CAN-2001-0688 (Broker FTP Server 5.9.5.0 allows a remote attacker to cause a denial ...) CAN-2001-0687 (Broker FTP server 5.9.5 for Windows NT and 9x allows a remote attacker ...) CAN-2001-0684 (Netscape Collabra Server 3.5.4 and earlier allows a remote attacker to ...) CAN-2001-0683 (Memory leak in Netscape Collabra Server 3.5.4 and earlier allows a ...) CAN-2001-0681 (Buffer overflow in ftpd in QPC QVT/Net 5.0 and QVT/Term 5.0 allows a ...) CAN-2001-0679 (A buffer overflow in InterScan VirusWall 3.23 and 3.3 allows a remote ...) CAN-2001-0678 (A buffer overflow in reggo.dll file used by Trend Micro InterScan ...) CAN-2001-0674 (Directory traversal vulnerability in RobTex Viking Web server before ...) CAN-2001-0673 NOTE: reserved CAN-2001-0672 NOTE: reserved CAN-2001-0671 (Buffer overflows in (1) send_status, (2) kill_print, and (3) chk_fhost ...) CAN-2001-0669 (Various Intrusion Detection Systems (IDS) including (1) Cisco Secure ...) CAN-2001-0661 NOTE: reserved CAN-2001-0657 NOTE: reserved CAN-2001-0656 NOTE: reserved CAN-2001-0655 NOTE: reserved CAN-2001-0654 NOTE: reserved CAN-2001-0649 (Personal Web Sharing 1.5.5 allows a remote attacker to cause a denial ...) CAN-2001-0647 (Orange Web Server 2.1, based on GoAhead, allows a remote attacker to ...) CAN-2001-0645 (Symantec/AXENT NetProwler 3.5.x contains several default passwords, ...) CAN-2001-0642 (Directory traversal vulnerability in IncrediMail version 1400185 and ...) CAN-2001-0636 (Buffer overflows in Raytheon SilentRunner allow remote attackers to ...) CAN-2001-0633 (Directory traversal vulnerability in Sun Chili!Soft ASP on multiple ...) CAN-2001-0632 (Sun Chili!Soft 3.5.2 on Linux and 3.6 on AIX creates a default admin ...) CAN-2001-0624 (QNX 2.4 allows a local user to read arbitrary files by directly ...) CAN-2001-0623 (sendfiled, as included with Simple Asynchronous File Transfer (SAFT), ...) CAN-2001-0620 (iPlanet Calendar Server 5.0p2 and earlier allows a local attacker to ...) CAN-2001-0619 (The Lucent Closed Network protocol can allow remote attackers to join ...) CAN-2001-0618 (Orinoco RG-1000 wireless Residential Gateway uses the last 5 digits of ...) CAN-2001-0617 (Allied Telesyn AT-AR220e cable/DSL router firmware 1.08a RC14 with the ...) CAN-2001-0614 (Carello E-Commerce 1.2.1 and earlier allows a remote attacker to gain ...) CAN-2001-0610 (kfm as included with KDE 1.x can allow a local attacker to gain ...) CAN-2001-0609 (Format string vulnerability in Infodrom cfingerd 1.4.3 and earlier ...) CAN-2001-0608 (HP architected interface facility (AIF) as includes with MPE/iX 5.5 ...) CAN-2001-0607 (asecure as included with HP-UX 10.01 through 11.00 can allow a local ...) CAN-2001-0606 (Vulnerability in iPlanet Web Server 4.X in HP-UX 11.04 (VVOS) with ...) CAN-2001-0605 (Headlight Software MyGetright prior to 1.0b allows a remote attacker ...) CAN-2001-0604 (Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a ...) CAN-2001-0603 (Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a ...) CAN-2001-0602 (Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a ...) CAN-2001-0601 (Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a ...) CAN-2001-0600 (Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a ...) CAN-2001-0599 (Sybase Adaptive Server Anywhere Database Engine 6.0.3.2747 and earlier ...) CAN-2001-0598 (Symantec Ghost 6.5 and earlier allows a remote attacker to create a ...) CAN-2001-0597 (Zetetic Secure Tool for Recalling Important Passwords (STRIP) 0.5 and ...) CAN-2001-0592 (Watchguard Firebox II prior to 4.6 allows a remote attacker to create ...) CAN-2001-0588 (sendmail 8.9.3, as included with the MMDF 2.43.3b package in SCO ...) CAN-2001-0587 (deliver program in MMDF 2.43.3b in SCO OpenServer 5.0.6 can allow a ...) CAN-2001-0584 (IMAP server in Alt-N Technologies MDaemon 3.5.6 allows a local user to ...) CAN-2001-0583 (Alt-N Technologies MDaemon 3.5.4 allows a remote attacker to create a ...) CAN-2001-0582 (Ben Spink CrushFTP FTP Server 2.1.6 and earlier allows a local ...) CAN-2001-0581 (Spytech Spynet Chat Server 6.5 allows a remote attacker to create a ...) CAN-2001-0580 (Hughes Technologies Virtual DNS (VDNS) Server 1.0 allows a remote ...) CAN-2001-0579 (lpadmin in SCO OpenServer 5.0.6 can allow a local attacker to gain ...) CAN-2001-0578 (Buffer overflow in lpforms in SCO OpenServer 5.0-5.0.6 can allow a ...) CAN-2001-0577 (recon in SCO OpenServer 5.0 through 5.0.6 can allow a local attacker ...) CAN-2001-0576 (lpusers as included with SCO OpenServer 5.0 through 5.0.6 allows a ...) CAN-2001-0575 (Buffer overflow in lpshut in SCO OpenServer 5.0.6 can allow a local ...) CAN-2001-0572 (The SSH protocols 1 and 2 (aka SSH-2) as implemented in OpenSSH and ...) CAN-2001-0571 (Directory traversal vulnerability in the web server for (1) Elron ...) CAN-2001-0570 (minicom 1.83.1 and earlier allows a local attacker to gain additional ...) CAN-2001-0569 (Digital Creations Zope 2.3.1 b1 and earlier contains a problem in the ...) CAN-2001-0568 (Digital Creations Zope 2.3.1 b1 and earlier allows a local attacker ...) CAN-2001-0566 (Cisco Catalyst 2900XL switch allows a remote attacker to create a denial ...) CAN-2001-0562 (a1disp.cgi program in Drummond Miles A1Stats prior to 1.6 allows a ...) CAN-2001-0561 (Directory traversal vulnerability in Drummond Miles A1Stats prior to ...) CAN-2001-0557 (T. Hauck Jana Webserver 1.46 and earlier allows a remote attacker to ...) CAN-2001-0556 (The Nirvana Editor (NEdit) 5.1.1 and earlier allows a local attacker ...) CAN-2001-0555 (ScreamingMedia SITEWare versions 2.5 through 3.1 allows a remote ...) CAN-2001-0552 (ovactiond in HP OpenView Network Node Manager (NNM) 6.1 and Tivoli ...) CAN-2001-0551 (Buffer overflow in CDE Print Viewer (dtprintinfo) allows local users ...) CAN-2001-0542 (Buffer overflows in Microsoft SQL Server 7.0 and 2000 allow attackers ...) CAN-2001-0539 NOTE: reserved CAN-2001-0535 (Example applications (Exampleapps) in ColdFusion Server 4.x do not ...) CAN-2001-0534 (Multiple buffer overflows in RADIUS daemon radiusd in (1) Merit 3.6b ...) CAN-2001-0532 NOTE: reserved CAN-2001-0531 NOTE: reserved CAN-2001-0524 (eEye SecureIIS versions 1.0.3 and earlier does not perform length ...) CAN-2001-0523 (eEye SecureIIS versions 1.0.3 and earlier allows a remote attacker to ...) CAN-2001-0521 (Aladdin eSafe Gateway versions 3.0 and earlier allows a remote ...) CAN-2001-0520 (Aladdin eSafe Gateway versions 3.0 and earlier allows a remote ...) CAN-2001-0519 (Aladdin eSafe Gateway versions 2.x allows a remote attacker to ...) CAN-2001-0516 (Oracle listener between Oracle 9i and Oracle 8.0 allows remote ...) CAN-2001-0515 (Oracle Listener in Oracle 7.3 and 8i allows remote attackers to cause ...) CAN-2001-0509 (Vulnerabilities in RPC servers in (1) Microsoft Exchange Server 2000 ...) CAN-2001-0505 (Memory leaks in Microsoft Services for Unix 2.0 allows remote ...) CAN-2001-0499 (Buffer overflow in Transparent Network Substrate (TNS) Listener in ...) CAN-2001-0498 (Transparent Network Substrate (TNS) over Net8 (SQLNet) in Oracle 8i ...) CAN-2001-0496 (kdesu in kdelibs package creates world readable temporary files ...) CAN-2001-0492 (Netcruiser Web server version 0.1.2.8 and earlier allows remote ...) CAN-2001-0491 (Directory traversal vulnerability in RaidenFTPD Server 2.1 before ...) CAN-2001-0490 (Buffer overflow in WINAMP 2.6x and 2.7x allows attackers to execute ...) CAN-2001-0484 (Tektronix PhaserLink 850 does not require authentication for access to ...) CAN-2001-0483 (Configuration error in Axent Raptor Firewall 6.5 allows remote ...) CAN-2001-0480 (Directory traversal vulnerability in Alex's FTP Server 0.7 allows ...) CAN-2001-0479 (Directory traversal vulnerability in phpPgAdmin 2.2.1 and earlier ...) CAN-2001-0478 (Directory traversal vulnerability in phpMyAdmin 2.2.0 and earlier ...) CAN-2001-0477 (Vulnerability in WebCalendar 0.9.26 allows remote command execution. ...) CAN-2001-0476 (Multiple buffer overflows in s.cgi program in Aspseek search engine ...) CAN-2001-0472 (Hursley Software Laboratories Consumer Transaction Framework (HSLCTF) ...) CAN-2001-0471 (SSH daemon version 1 (aka SSHD-1 or SSH-1) 1.2.30 and earlier does not ...) CAN-2001-0470 (Buffer overflow in SNMP proxy agent snmpd in Solaris 8 may allow local ...) CAN-2001-0468 (Buffer overflow in FTPFS allows local users to gain root privileges ...) CAN-2001-0466 (Directory traversal vulnerability in ustorekeeper 1.61 allows remote ...) CAN-2001-0464 (Buffer overflow in websync.exe in Cyberscheduler allows remote ...) CAN-2001-0460 (Websweeper 4.0 does not limit the length of certain HTTP headers, ...) CAN-2001-0459 (Buffer overflows in ascdc Afterstep while running setuid allows local ...) CAN-2001-0458 (Multiple buffer overflows in ePerl before 2.2.14-0.7 allow local and ...) CAN-2001-0454 (Directory traversal vulnerability in SlimServe HTTPd 1.1a allows ...) CAN-2001-0453 (Directory traversal vulnerability in BRS WebWeaver HTTP server ...) CAN-2001-0452 (BRS WebWeaver FTP server before 0.64 Beta allows remote attackers to ...) CAN-2001-0451 (INDEXU 2.0 beta and earlier allows remote attackers to bypass ...) CAN-2001-0450 (Directory traversal vulnerability in Transsoft FTP Broker before 5.5 ...) CAN-2001-0448 (Web configuration server in 602Pro LAN SUITE allows remote attackers ...) CAN-2001-0447 (Web configuration server in 602Pro LAN SUITE allows remote attackers ...) CAN-2001-0446 (IBM WCS (WebSphere Commerce Suite) 4.0.1 with Application Server 3.0.2 ...) CAN-2001-0443 (Buffer overflow in QPC QVT/Net Popd 4.20 in QVT/Net 5.0 allows remote ...) CAN-2001-0441 (Buffer overflow in (1) wrapping and (2) unwrapping functions of slrn ...) CAN-2001-0438 (Preview version of Timbuktu for Mac OS X allows local users to modify ...) CAN-2001-0437 (upload_file.pl in DCForum 2000 1.0 allows remote attackers to upload ...) CAN-2001-0436 (dcboard.cgi in DCForum 2000 1.0 allows remote attackers to execute ...) CAN-2001-0435 (The split key mechanism used by PGP 7.0 allows a key share holder to ...) CAN-2001-0433 (Buffer overflow in Savant 3.0 web server allows remote attackers to ...) CAN-2001-0432 (Buffer overflows in various CGI programs in the remote administration ...) CAN-2001-0431 (Vulnerability in iPlanet Web Server Enterprise Edition 4.x. ...) CAN-2001-0426 (Buffer overflow in dtsession on Solaris, and possibly other operating ...) CAN-2001-0425 (AdLibrary.pm in AdCycle 0.78b allows remote attackers to gain ...) CAN-2001-0424 (BubbleMon 1.31 does not properly drop group privileges before ...) CAN-2001-0421 (FTP server in Solaris 8 and earlier allows local and remote attackers ...) CAN-2001-0420 (Directory traversal vulnerability in talkback.cgi program allows ...) CAN-2001-0419 (Buffer overflow in shared library ndwfn4.so for iPlanet Web Server ...) CAN-2001-0418 (content.pl script in NCM Content Management System allows remote ...) CAN-2001-0417 (Kerberos 4 (aka krb4) allows local users to overwrite arbitrary files ...) CAN-2001-0415 (REDIPlus program, REDI.exe, stores passwords and user names in ...) CAN-2001-0411 (Reliant Unix 5.44 and earlier allows remote attackers to cause a ...) CAN-2001-0410 (Buffer overflow in Trend Micro Virus Buster 2001 8.02 allows remote ...) CAN-2001-0406 (Samba before 2.2.0 allows local attackers to overwrite arbitrary files ...) CAN-2001-0404 (Directory traversal vulnerability in JavaServer Web Dev Kit (JSWDK) ...) CAN-2001-0403 (/opt/JSparm/bin/perfmon program in Solaris allows local users to ...) CAN-2001-0401 (Buffer overflow in tip in Solaris 8 and earlier allows local users to ...) CAN-2001-0400 (nph-maillist.pl allows remote attackers to execute arbitrary commands ...) CAN-2001-0399 (Caucho Resin 1.3b1 and earlier allows remote attackers to read source ...) CAN-2001-0398 (The BAT! mail client allows remote attackers to bypass user warnings ...) CAN-2001-0397 (Buffer overflow in Silent Runner Collector (SRC) 1.6.1 allows remote ...) CAN-2001-0396 (The pre-login mode in the System Administrator interface of Lightwave ...) CAN-2001-0395 (Lightwave ConsoleServer 3200 does not disconnect users after ...) CAN-2001-0393 (Navision Financials Server 2.0 allows remote attackers to cause a ...) CAN-2001-0392 (Navision Financials Server 2.60 and earlier allows remote attackers to ...) CAN-2001-0391 (Xitami 2.5d4 and earlier allows remote attackers to crash the server ...) CAN-2001-0390 (IBM Websphere/NetCommerce3 3.1.2 allows remote attackers to cause a ...) CAN-2001-0389 (IBM Websphere/NetCommerce3 3.1.2 allows remote attackers to determine ...) CAN-2001-0385 (GoAhead webserver 2.1 allows remote attackers to cause a denial of ...) CAN-2001-0384 (ppd in Reliant Sinix allows local users to corrupt arbitrary files via ...) CAN-2001-0382 (Computer Associates CCC\Harvest 5.0 for Windows NT/2000 uses weak ...) CAN-2001-0381 (The OpenPGP PGP standard allows an attacker to determine the private ...) CAN-2001-0380 (Crosscom/Olicom XLT-F running XL 80 IM Version 5.5 Build Level 2 ...) CAN-2001-0376 (SonicWALL Tele2 and SOHO firewalls with 6.0.0.0 firmware using IPSEC ...) CAN-2001-0374 (The HTTP server in Compaq web-enabled management software for (1) ...) CAN-2001-0372 (Akopia Interchange 4.5.3 through 4.6.3 installs demo stores with a ...) CAN-2001-0370 (fcheck prior to 2.57.59 calls the file signature checking program ...) CAN-2001-0369 (Buffer overflow in lpsched on DGUX version R4.20MU06 and MU02 allows a ...) CAN-2001-0367 (Mirabilis ICQ WebFront Plug-in ICQ2000b Build 3278 allows a remote ...) CAN-2001-0360 (Directory traversal vulnerability in help.cgi in Ikonboard 2.1.7b and ...) CAN-2001-0359 (Format string vulnerability in Sierra Half-Life build 1573 and earlier ...) CAN-2001-0358 (Buffer overflows in Sierra Half-Life build 1573 and earlier allow ...) CAN-2001-0357 (FormMail.pl in FormMail 1.6 and earlier allows a remote attacker to ...) CAN-2001-0355 (Novell Groupwise 5.5 (sp1 and sp2) allows a remote user to access ...) CAN-2001-0354 (TheNet CheckBO 1.56 allows remote attackers to cause a denial of ...) CAN-2001-0352 (SNMP agents in 3Com AirConnect AP-4111 and Symbol 41X1 Access Point ...) CAN-2001-0350 (Microsoft Windows 2000 telnet service creates named pipes with ...) CAN-2001-0349 (Microsoft Windows 2000 telnet service creates named pipes with ...) CAN-2001-0343 NOTE: reserved CAN-2001-0342 NOTE: reserved CAN-2001-0337 (The Microsoft MS01-014 and MS01-016 patches for IIS 5.0 and earlier ...) CAN-2001-0332 (Internet Explorer 5.5 and earlier does not properly verify the domain ...) CAN-2001-0329 (Bugzilla 2.10 allows remote attackers to execute arbitrary commands ...) CAN-2001-0328 (TCP implementations that use random increments for initial sequence ...) CAN-2001-0325 (Buffer overflow in QNX RTP 5.60 allows remote attackers to cause a ...) CAN-2001-0324 (Windows 98 and Windows 2000 Java clients allow remote attackers to ...) CAN-2001-0323 (The ICMP path MTU (PMTU) discovery feature in various UNIX systems ...) CAN-2001-0322 (MSHTML.DLL HTML parser in Internet Explorer 4.0, and other versions, ...) CAN-2001-0320 (bb_smilies.php and bbcode_ref.php in PHP-Nuke 4.4 allows remote ...) CAN-2001-0315 (The locking feature in mIRC 5.7 allows local users to bypass the ...) CAN-2001-0314 (Buffer overflow in www.tol module in America Online (AOL) 5.0 may ...) CAN-2001-0313 (Borderware Firewall Server 6.1.2 allows remote attackers to cause a ...) CAN-2001-0312 (IBM WebSphere plugin for Netscape Enterprise server allows remote ...) CAN-2001-0308 (UploadServlet in Bajie HTTP JServer 0.78 allows remote attackers to ...) CAN-2001-0307 (Bajie HTTP JServer 0.78 allows remote attackers to execute arbitrary ...) CAN-2001-0306 (Directory traversal vulnerability in ITAfrica WEBactive HTTP Server ...) CAN-2001-0305 (Directory traversal vulnerability in store.cgi in Thinking Arts ES.One ...) CAN-2001-0304 (Directory traversal vulnerability in Caucho Resin 1.2.2 allows remote ...) CAN-2001-0303 (tstisapi.dll in Pi3Web 1.0.1 web server allows remote attackers to ...) CAN-2001-0302 (Buffer overflow in tstisapi.dll in Pi3Web 1.0.1 web server allows ...) CAN-2001-0300 (oidldapd 2.1.1.1 in Oracle 8.1.7 records log files in a directory ...) CAN-2001-0298 (Buffer overflow in WebReflex 1.55 HTTPd allows remote attackers to ...) CAN-2001-0297 (Directory traversal vulnerability in Simple Server HTTPd 1.0 ...) CAN-2001-0296 (Buffer overflow in WFTPD Pro 3.00 allows remote attackers to execute ...) CAN-2001-0294 (Directory traversal vulnerability in TYPSoft FTP Server 0.85 allows ...) CAN-2001-0293 (Directory traversal vulnerability in FtpXQ FTP server 2.0.93 allows ...) CAN-2001-0292 (PHP-Nuke 4.4.1a allows remote attackers to modify a user's email ...) CAN-2001-0291 (Buffer overflow in post-query sample CGI program allows remote ...) CAN-2001-0286 (Directory traversal vulnerability in A1 HTTP server 1.0a allows remote ...) CAN-2001-0285 (Buffer overflow in A1 HTTP server 1.0a allows remote attackers to ...) CAN-2001-0283 (Directory traversal vulnerability in SunFTP build 9 allows remote ...) CAN-2001-0282 (SEDUM 2.1 HTTP server allows remote attackers to cause a denial of ...) CAN-2001-0281 (Format string vulnerability in DbgPrint function, used in debug ...) CAN-2001-0277 (Buffer overflow in ext.dll in BadBlue 1.02.07 Personal Edition allows ...) CAN-2001-0275 (Moby Netsuite Web Server 1.02 allows remote attackers to cause a ...) CAN-2001-0273 (pgp4pine Pine/PGP interface version 1.75-6 does not properly check to ...) CAN-2001-0272 (Directory traversal vulnerability in sendtemp.pl in W3.org Anaya Web ...) CAN-2001-0271 (mailnews.cgi 1.3 and earlier allows remote attackers to execute ...) CAN-2001-0270 (Marconi ASX-1000 ASX switches allow remote attackers to cause a denial ...) CAN-2001-0264 (Gene6 G6 FTP Server 2.0 (aka BPFTP Server 2.10) allows remote ...) CAN-2001-0263 (Gene6 G6 FTP Server 2.0 (aka BPFTP Server 2.10) allows attackers to ...) CAN-2001-0262 (Buffer overflow in Netscape SmartDownload 1.3 allows remote attackers ...) CAN-2001-0261 (Microsoft Windows 2000 Encrypted File System does not properly destroy ...) CAN-2001-0258 (The Easycom/Safecom Print Server (firmware 404.590) PrintGuide server ...) CAN-2001-0257 (Buffer overflow in Easycom/Safecom Print Server Web service, version ...) CAN-2001-0256 (FaSTream FTP++ Server 2.0 allows remote attackers to cause a denial of ...) CAN-2001-0255 (FaSTream FTP++ Server 2.0 allows remote attackers to list arbitrary ...) CAN-2001-0254 (FaSTream FTP++ Server 2.0 allows remote attackers to obtain the real ...) CAN-2001-0253 (Directory traversal vulnerability in hsx.cgi program in iWeb Hyperseek ...) CAN-2001-0251 (The Web Publishing feature in Netscape Enterprise Server 3.x allows ...) CAN-2001-0250 (The Web Publishing feature in Netscape Enterprise Server 4.x and ...) CAN-2001-0249 (Heap overflow in FTP daemon in Solaris 8 allows remote attackers to ...) CAN-2001-0248 (Buffer overflow in FTP server in HPUX 11 allows remote attackers to ...) CAN-2001-0247 (Buffer overflows in BSD-based FTP servers allows remote attackers to ...) CAN-2001-0246 (Internet Explorer 5.5 and earlier does not properly verify the domain ...) CAN-2001-0242 (Buffer overflows in Microsoft Windows Media Player 7 and earlier allow ...) CAN-2001-0232 (newsdesk.cgi in News Desk 1.2 allows remote attackers to read ...) CAN-2001-0231 (Directory traversal vulnerability in newsdesk.cgi in News Desk 1.2 allows ...) CAN-2001-0229 (Chili!Soft ASP for Linux before 3.6 does not properly set group ...) CAN-2001-0228 (Directory traversal vulnerability in GoAhead web server 2.1 and ...) CAN-2001-0227 (Buffer overflow in BiblioWeb web server 2.0 allows remote attackers to ...) CAN-2001-0226 (Directory traversal vulnerability in BiblioWeb web server 2.0 allows ...) CAN-2001-0225 (fortran math component in Infobot 0.44.5.3 and earlier allows remote ...) CAN-2001-0224 (Muscat Empower CGI program allows remote attackers to obtain the ...) CAN-2001-0223 (Buffer overflow in wwwwais allows remote attackers to execute ...) CAN-2001-0220 (Buffer overflow in ja-elvis and ko-helvis ports of elvis allow local ...) CAN-2001-0217 (Directory traversal vulnerability in PALS Library System pals-cgi ...) CAN-2001-0216 (PALS Library System pals-cgi program allows remote attackers to ...) CAN-2001-0214 (Way-board CGI program allows remote attackers to read arbitrary files ...) CAN-2001-0213 (Buffer overflow in pi program in PlanetIntra 2.5 allows remote ...) CAN-2001-0212 (Directory traversal vulnerability in HIS Auktion 1.62 allows remote ...) CAN-2001-0211 (Directory traversal vulnerability in WebSPIRS 3.1 allows remote ...) CAN-2001-0210 (Directory traversal vulnerability in commerce.cgi CGI program allows ...) CAN-2001-0209 (Buffer overflow in Shoutcast Distributed Network Audio Server (DNAS) ...) CAN-2001-0208 (MicroFocus Cobol 4.1, with the AppTrack feature enabled, installs the ...) CAN-2001-0206 (Directory traversal vulnerability in Soft Lite ServerWorx 3.00 allows ...) CAN-2001-0205 (Directory traversal vulnerability in AOLserver 3.2 and earlier allows ...) CAN-2001-0202 (Picserver web server allows remote attackers to read arbitrary files ...) CAN-2001-0201 (The Postaci frontend for PostgreSQL does not properly filter ...) CAN-2001-0200 (HSWeb 2.0 HTTP server allows remote attackers to obtain the physical ...) CAN-2001-0199 (Directory traversal vulnerability in SEDUM HTTP Server 2.0 allows ...) CAN-2001-0198 (Buffer overflow in QuickTime Player plugin 4.1.2 (Japanese) allows ...) CAN-2001-0192 (Buffer overflows in CTRLServer in XMail allows attackers to execute ...) CAN-2001-0188 (GoodTech FTP server 3.0.1.2.1.0 and earlier allows remote attackers to ...) CAN-2001-0186 (Directory traversal vulnerability in Free Java Web Server 1.0 allows ...) CAN-2001-0184 (eEye Iris 1.01 beta allows remote attackers to cause a denial of ...) CAN-2001-0181 (Format string vulnerability in the error logging code of DHCP server ...) CAN-2001-0180 (Lars Ellingsen guestserver.cgi allows remote attackers to execute ...) CAN-2001-0177 (WebMaster ConferenceRoom 1.8.1 allows remote attackers to cause a ...) CAN-2001-0173 (Buffer overflow in qDecoder library 5.08 and earlier, as used in ...) CAN-2001-0172 (Buffer overflow in ReiserFS 3.5.28 in SuSE Linux allows local users to ...) CAN-2001-0171 (Buffer overflow in SlimServe HTTPd 1.0 allows remote attackers to ...) CAN-2001-0168 (Buffer overflow in AT&T WinVNC (Virtual Network Computing) server ...) CAN-2001-0167 (Buffer overflow in AT&T WinVNC (Virtual Network Computing) client ...) CAN-2001-0163 NOTE: reserved CAN-2001-0162 NOTE: reserved CAN-2001-0161 NOTE: reserved CAN-2001-0160 NOTE: reserved CAN-2001-0159 NOTE: reserved CAN-2001-0158 NOTE: reserved CAN-2001-0146 (IIS 5.0 and Microsoft Exchange 2000 allow remote attackers to cause a ...) CAN-2001-0145 (Buffer overflow in VCard handler in Outlook 2000 and 98, and Outlook ...) CAN-2001-0135 (The default installation of Ultraboard 2000 2.11 creates the Skins, ...) CAN-2001-0134 (Buffer overflow in cpqlogin.htm in web-enabled agents for various ...) CAN-2001-0133 (The web administration interface for Interscan VirusWall 3.6.x and ...) CAN-2001-0132 (Interscan VirusWall 3.6.x and earlier follows symbolic links when ...) CAN-2001-0131 (htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local ...) {DSA-195 DSA-188 DSA-187} CAN-2001-0127 (Buffer overflow in Olivier Debon Flash plugin (not the Macromedia ...) CAN-2001-0114 (statsconfig.pl in OmniHTTPd 2.07 allows remote attackers to overwrite ...) CAN-2001-0113 (statsconfig.pl in OmniHTTPd 2.07 allows remote attackers to execute ...) CAN-2001-0112 (Multiple buffer overflows in splitvt before 1.6.5 allow local users ...) CAN-2001-0107 (Veritas Backup agent on Linux allows remote attackers to cause a denial of ...) CAN-2001-0104 (MDaemon Pro 3.5.1 and earlier allows local users to bypass the "lock ...) CAN-2001-0103 (CoffeeCup Direct and Free FTP clients useas weak encryption to store ...) CAN-2001-0102 ("Multiple Users" Control Panel in Mac OS 9 allows Normal users to gain ...) CAN-2001-0101 (Vulnerability in fetchmail 5.5.0-2 and earlier in the AUTHENTICATE ...) CAN-2001-0098 (Buffer overflow in Bea WebLogic Server before 5.1.0 allows remote ...) CAN-2001-0097 (The Web interface for Infinite Interchange 3.6.1 allows remote ...) CAN-2001-0093 (Vulnerability in telnetd in FreeBSD 1.5 allows local users to gain ...) CAN-2001-0088 (common.inc.php in phpWebLog 0.4.2 does not properly initialize the ...) CAN-2001-0087 (itetris/xitetris 1.6.2 and earlier trusts the PATH environmental ...) CAN-2001-0086 (CGI Script Center Subscribe Me LITE 2.0 and earlier allows remote ...) CAN-2001-0084 (GTK+ library allows local users to specify arbitrary modules via the ...) CAN-2001-0082 (Check Point VPN-1/FireWall-1 4.1 SP2 with Fastmode enabled allows ...) CAN-2001-0079 (Support Tools Manager (STM) A.22.00 for HP-UX allows local users to ...) CAN-2001-0076 (register.cgi in Ikonboard 2.1.7b and earlier allows remote attackers ...) CAN-2001-0075 (Directory traversal vulnerability in main.cgi in Technote allows ...) CAN-2001-0074 (Directory traversal vulnerability in print.cgi in Technote allows ...) CAN-2001-0073 (Buffer overflow in the find_default_type function in libsecure in NSA ...) CAN-2001-0070 (Buffer overflow in 1st Up Mail Server 4.1 allows remote attackers to ...) CAN-2001-0068 (Mac OS Runtime for Java (MRJ) 2.2.3 allows remote attackers to use ...) CAN-2001-0067 (The installation of J-Pilot creates the .jpilot directory with the ...) CAN-2001-0065 (Buffer overflow in bftpd 1.0.13 allows remote attackers to cause a ...) CAN-2001-0064 (Webconfig, IMAP, and other services in MDaemon 3.5.0 and earlier ...) CAN-2001-0052 (IBM DB2 Universal Database version 6.1 allows users to cause a denial ...) CAN-2001-0051 (IBM DB2 Universal Database version 6.1 creates an account with a ...) CAN-2001-0049 (WatchGuard SOHO FireWall 2.2.1 and earlier allows remote attackers to ...) CAN-2001-0048 (The "Configure Your Server" tool in Microsoft 2000 domain controllers ...) CAN-2001-0047 (The default permissions for the MTS Package Administration registry ...) CAN-2001-0046 (The default permissions for the SNMP Parameters registry key in ...) CAN-2001-0045 (The default permissions for the RAS Administration key in Windows NT ...) CAN-2001-0044 (Multiple buffer overflows in Lexmark MarkVision printer driver ...) CAN-2001-0038 (Offline Explorer 1.4 before Service Release 2 allows remote attackers ...) CAN-2001-0037 (Directory traversal vulnerability in HomeSeer before 1.4.29 allows ...) CAN-2001-0032 (Format string vulnerability in ssldump possibly allows remote ...) CAN-2001-0031 (BroadVision One-To-One Enterprise allows remote attackers to determine ...) CAN-2001-0030 (FoolProof 3.9 allows local users to bypass program execution ...) CAN-2001-0029 (Buffer overflow in oops WWW proxy server 1.4.6 (and possibly other ...) CAN-2001-0027 (mod_sqlpw module in ProFTPD does not reset a cached password when a ...) CAN-2001-0025 (ad.cgi CGI program by Leif Wright allows remote attackers to execute ...) CAN-2001-0024 (simplestmail.cgi CGI program by Leif Wright allows remote attackers to ...) CAN-2001-0023 (everythingform.cgi CGI program by Leif Wright allows remote attackers to ...) CAN-2001-0022 (simplestguest.cgi CGI program by Leif Wright allows remote attackers to ...) CAN-2001-0019 (Arrowpoint (aka Cisco Content Services, or CSS) allows local users to ...) CAN-2000-1214 (Buffer overflows in the (1) outpack or (2) buf variables of ping in ...) CAN-2000-1213 (ping in iputils before 20001010, as distributed on Red Hat Linux 6.2 ...) CAN-2000-1209 (The "sa" account is installed with a default null password on (1) ...) CAN-2000-1208 (Format string vulnerability in startprinting() function of printjob.c ...) CAN-2000-1207 (userhelper in the usermode package on Red Hat Linux executes ...) CAN-2000-1206 (Vulnerability in Apache httpd before 1.3.11, when configured for mass ...) CAN-2000-1205 (Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 ...) CAN-2000-1204 (Vulnerability in the mod_vhost_alias virtual hosting module for Apache ...) CAN-2000-1202 (ikeyman in IBM IBMHSSSB 1.0 sets the CLASSPATH environmental variable ...) CAN-2000-1201 (Check Point FireWall-1 allows remote attackers to cause a denial of ...) CAN-2000-1199 (PostgreSQL stores usernames and passwords in plaintext in (1) ...) CAN-2000-1198 (qpopper POP server creates lock files with predictable names, which ...) CAN-2000-1197 (POP2 or POP3 server (pop3d) in imap-uw IMAP package on FreeBSD and ...) CAN-2000-1194 (Argosoft FRP server 1.0 allows remote attackers to cause a denial of ...) CAN-2000-1192 (Buffer overflow in BTT Software SNMP Trap Watcher 1.16 allows remote ...) CAN-2000-1191 (htsearch program in htDig 3.2 beta, 3.1.5, and earlier allows remote ...) CAN-2000-1188 (Directory traversal vulnerability in Quikstore shopping cart program ...) CAN-2000-1186 (Buffer overflow in phf CGI program allows remote attackers to execute ...) CAN-2000-1185 (The telnet proxy in RideWay PN proxy server allows remote attackers to ...) CAN-2000-1183 (Buffer overflow in socks5 server on Linux allows attackers to execute ...) CAN-2000-1177 (bb-hist.sh, bb-histlog.sh, bb-hostsvc.sh, bb-rep.sh, bb-replog.sh, and ...) CAN-2000-1176 (Directory traversal vulnerability in YaBB search.pl CGI script allows ...) CAN-2000-1175 (Buffer overflow in Koules 1.4 allows local users to execute arbitrary ...) CAN-2000-1173 (Microsys CyberPatrol uses weak encryption (trivial encoding) for ...) CAN-2000-1172 (Buffer overflow in Gaim 0.10.3 and earlier using the OSCAR protocol ...) CAN-2000-1168 (IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to ...) CAN-2000-1161 (The installation of AdCycle banner management system leaves the ...) CAN-2000-1160 (NAI Sniffer Agent allows remote attackers to cause a denial of service ...) CAN-2000-1159 (NAI Sniffer Agent allows remote attackers to gain privileges on the agent ...) CAN-2000-1158 (NAI Sniffer Agent uses base64 encoding for authentication, which ...) CAN-2000-1157 (Buffer overflow in NAI Sniffer Agent allows remote attackers to ...) CAN-2000-1156 (StarOffice 5.2 follows symlinks and sets world-readable permissions ...) CAN-2000-1155 (RHDaemon in RobinHood 1.1 web server in BeOS r5 pro and earlier allows ...) CAN-2000-1154 (RHConsole in RobinHood 1.1 web server in BeOS r5 pro and earlier allows ...) CAN-2000-1153 (PostMaster 1.0 in BeOS r5 pro and earlier allows remote attackers to ...) CAN-2000-1152 (Browser IRC client in BeOS r5 pro and earlier allows remote attackers ...) CAN-2000-1151 (Baxter IRC client in BeOS r5 pro and earlier allows remote attackers ...) CAN-2000-1150 (Felix IRC client in BeOS r5 pro and earlier allows remote attackers to ...) CAN-2000-1147 (Buffer overflow in IIS ISAPI .ASP parsing mechanism allows attackers ...) CAN-2000-1138 (Lotus Notes R5 client R5.0.5 and earlier does not properly warn users ...) CAN-2000-1134 (tcsh, csh, sh, and bash on various Unix systems follow symlinks when ...) CAN-2000-1133 (Authentix Authentix100 allows remote attackers to bypass ...) CAN-2000-1130 (McAfee WebShield SMTP 4.5 allows remote attackers to bypass email ...) CAN-2000-1129 (McAfee WebShield SMTP 4.5 allows remote attackers to cause a denial of ...) CAN-2000-1128 (The default configuration of McAfee VirusScan 4.5 does not quote the ...) CAN-2000-1127 (registrar in the HP resource monitor service allows local users to ...) CAN-2000-1126 (Vulnerability in auto_parms and set_parms in HP-UX 11.00 and earlier ...) CAN-2000-1125 (restore 0.4b15 and earlier in Red Hat Linux 6.2 trusts the pathname ...) CAN-2000-1118 (24Link 1.06 web server allows remote attackers to bypass access ...) CAN-2000-1117 (The Extended Control List (ECL) feature of the Java Virtual Machine ...) CAN-2000-1116 (Buffer overflow in TransSoft Broker FTP Server before 4.3.0.1 allows ...) CAN-2000-1114 (Unify ServletExec AS v3.0C allows remote attackers to read source code ...) CAN-2000-1110 (document.d2w CGI program in the IBM Net.Data db2www package allows ...) CAN-2000-1105 (The ixsso.query ActiveX Object is marked as safe for scripting, which ...) CAN-2000-1104 (Variant of the "IIS Cross-Site Scripting" vulnerability as originally ...) CAN-2000-1103 (rcvtty in BSD 3.0 and 4.0 does not properly drop privileges before ...) CAN-2000-1102 (PTlink IRCD 3.5.3 and PTlink Services 1.8.1 allow remote attackers to ...) CAN-2000-1100 (The default configuration for PostACI webmail system installs the ...) CAN-2000-1098 (The web server for the SonicWALL SOHO firewall allows remote attackers ...) CAN-2000-1093 (Buffer overflow in AOL Instant Messenger before 4.3.2229 allows remote ...) CAN-2000-1092 (loadpage.cgi CGI program in EZshopper 3.0 and 2.0 allows remote ...) CAN-2000-1090 (Microsoft IIS for Far East editions 4.0 and 5.0 allows remote attackers ...) CAN-2000-1088 (The xp_SetSQLSecurity function in Microsoft SQL Server 2000 and SQL ...) CAN-2000-1087 (The xp_proxiedmetadata function in Microsoft SQL Server 2000 and SQL ...) CAN-2000-1086 (The xp_printstatements function in Microsoft SQL Server 2000 and SQL ...) CAN-2000-1085 (The xp_peekqueue function in Microsoft SQL Server 2000 and SQL Server ...) CAN-2000-1084 (The xp_updatecolvbm function in SQL Server and Microsoft SQL Server ...) CAN-2000-1083 (The xp_showcolv function in SQL Server and Microsoft SQL Server ...) CAN-2000-1082 (The xp_enumresultset function in SQL Server and Microsoft SQL Server ...) CAN-2000-1081 (The xp_displayparamstmt function in SQL Server and Microsoft SQL ...) CAN-2000-1079 (Interactions between the CIFS Browser Protocol and NetBIOS as ...) CAN-2000-1078 (ICQ Web Front HTTPd allows remote attackers to cause a denial of ...) CAN-2000-1076 (Netscape (iPlanet) Certificate Management System 4.2 and Directory ...) CAN-2000-1066 (The getnameinfo function in FreeBSD 4.1.1 and earlier, and possibly ...) CAN-2000-1065 (Vulnerability in IP implementation of HP JetDirect printer card ...) CAN-2000-1064 (Buffer overflow in the LPD service in HP JetDirect printer card ...) CAN-2000-1063 (Buffer overflow in the Telnet service in HP JetDirect printer card ...) CAN-2000-1062 (Buffer overflow in the FTP service in HP JetDirect printer card ...) CAN-2000-1053 (Allaire JRun 2.3.3 server allows remote attackers to compile and ...) CAN-2000-1052 (Allaire JRun 2.3 server allows remote attackers to obtain source code ...) CAN-2000-1048 (Directory traversal vulnerability in the logfile service of Wingate ...) CAN-2000-1046 (Multiple buffer overflows in the ESMTP service of Lotus Domino 5.0.2c ...) CAN-2000-1039 (Various TCP/IP stacks and network applications allow remote attackers ...) CAN-2000-1037 (Check Point Firewall-1 session agent 3.0 through 4.1 generates ...) CAN-2000-1035 (Buffer overflows in TYPSoft FTP Server 0.78 and earlier allows remote ...) CAN-2000-1033 (Serv-U FTP Server allows remote attackers to bypass its anti-hammering ...) CAN-2000-1030 (CS&T CorporateTime for the Web returns different error messages for ...) CAN-2000-1029 (Buffer overflow in host command allows a remote attacker to execute ...) CAN-2000-1028 (Buffer overflow in cu program in HP-UX 11.0 may allow local users to ...) CAN-2000-1025 (eWave ServletExec JSP/Java servlet engine, versions 3.0C and earlier, ...) CAN-2000-1023 (The Alabanza Control Panel does not require passwords to access ...) CAN-2000-1021 (Heap overflow in WebConfig in Mdaemon 3.1.1 and earlier allows remote ...) CAN-2000-1020 (Heap overflow in Worldclient in Mdaemon 3.1.1 and earlier allows ...) CAN-2000-1017 (Webteachers Webdata allows remote attackers with valid Webdata ...) CAN-2000-1015 (The default configuration of Slashcode before version 2.0 Alpha has a ...) CAN-2000-1013 (The setlocale function in FreeBSD 5.0 and earlier, and possibly other ...) CAN-2000-1012 (The catopen function in FreeBSD 5.0 and earlier, and possibly other ...) CAN-2000-1009 (dump in Red Hat Linux 6.2 trusts the pathname specified by the RSH ...) CAN-2000-1008 (PalmOS 3.5.2 and earlier uses weak encryption to store the user ...) CAN-2000-0999 (Format string vulnerabilities in OpenBSD ssh program (and possibly ...) CAN-2000-0998 (Format string vulnerability in top program allows local attackers to ...) CAN-2000-0997 (Format string vulnerabilities in eeprom program in OpenBSD, NetBSD, ...) CAN-2000-0988 (WinU 1.0 through 5.1 has a backdoor password that allows remote ...) CAN-2000-0987 (Buffer overflow in oidldapd in Oracle 8.1.6 allow local users to gain ...) CAN-2000-0986 (Buffer overflow in Oracle 8.1.5 applications such as names, namesctl, ...) CAN-2000-0985 (Buffer overflow in All-Mail 1.1 allows remote attackers to execute ...) CAN-2000-0971 (Avirt Mail 4.0 and 4.2 allows remote attackers to cause a denial of ...) CAN-2000-0963 (Buffer overflow in ncurses library allows local users to execute ...) CAN-2000-0955 (Cisco Virtual Central Office 4000 (VCO/4K) uses weak encryption to ...) CAN-2000-0954 (Shambala Server 4.5 stores passwords in plaintext, which could allow ...) CAN-2000-0950 (Format string vulnerability in x-gw in TIS Firewall Toolkit (FWTK) ...) CAN-2000-0940 (Directory traversal vulnerability in Metertek pagelog.cgi allows ...) CAN-2000-0939 (Samba Web Administration Tool (SWAT) in Samba 2.0.7 allows remote ...) CAN-2000-0931 (Buffer overflow in Pegasus Mail 3.11 allows remote attackers to cause ...) CAN-2000-0918 (Format string vulnerability in kvt in KDE 1.1.2 may allow local users ...) CAN-2000-0916 (FreeBSD 4.1.1 and earlier, and possibly other BSD-based OSes, uses an ...) CAN-2000-0907 (EServ 2.92 Build 2982 allows remote attackers to cause a denial of ...) CAN-2000-0906 (Directory traversal vulnerability in Moreover.com cached_feed.cgi ...) CAN-2000-0905 (QNX Embedded Resource Manager in Voyager web server 2.01B in the demo ...) CAN-2000-0904 (Voyager web server 2.01B in the demo disks for QNX 405 stores ...) CAN-2000-0903 (Directory traversal vulnerability in Voyager web server 2.01B in the ...) CAN-2000-0902 (getalbum.php in PhotoAlbum before 0.9.9 allows remote attackers to read ...) CAN-2000-0899 (Small HTTP Server 2.01 allows remote attackers to cause a denial of ...) CAN-2000-0898 (Small HTTP Server 2.01 does not properly process Server Side Includes ...) CAN-2000-0893 (The presence of the Distributed GL Daemon (dgld) service on port 5232 ...) CAN-2000-0889 (Two Sun security certificates have been compromised, which could allow ...) CAN-2000-0885 (Buffer overflows in Microsoft Network Monitor (Netmon) allow remote ...) CAN-2000-0882 (Intel Express 500 series switches allow a remote attacker to cause a ...) CAN-2000-0881 (The dccscan setuid program in LPPlus does not properly check if the ...) CAN-2000-0880 (LPPlus creates the lpdprocess file with world-writeable permissions, ...) CAN-2000-0879 (LPPlus programs dccsched, dcclpdser, dccbkst, dccshut, dcclpdshut, and ...) CAN-2000-0872 (explorer.php in PhotoAlbum 0.9.9 allows remote attackers to read ...) CAN-2000-0866 (Interbase 6 SuperServer for Linux allows an attacker to cause a denial ...) CAN-2000-0857 (The logging capability in muh 2.05d IRC server does not properly ...) CAN-2000-0855 (SunFTP build 9(1) allows remote attackers to cause a denial of service ...) CAN-2000-0845 (kdebug daemon (kdebugd) in Digital Unix 4.0F allows remote attackers to ...) CAN-2000-0843 (Buffer overflow in pam_smb and pam_ntdom pluggable authentication modules ...) CAN-2000-0842 (The search97cgi/vtopic" in the UnixWare 7 scohelphttp webserver allows ...) CAN-2000-0841 (Buffer overflow in XMail POP3 server before version 0.59 allows remote ...) CAN-2000-0840 (Buffer overflow in XMail POP3 server before version 0.59 allows remote ...) CAN-2000-0836 (Buffer overflow in CamShot WebCam Trial2.6 allows remote attackers to ...) CAN-2000-0835 (search.dll Sambar ISAPI Search utility in Sambar Server 4.4 Beta 3 ...) CAN-2000-0833 (Buffer overflow in WinSMTP 1.06f and 2.X allows remote attackers to ...) CAN-2000-0832 (Htgrep CGI program allows remote attackers to read arbitrary files by ...) CAN-2000-0831 (Buffer overflow in Fastream FTP++ 2.0 allows remote attackers to cause ...) CAN-2000-0828 (Buffer overflow in ddicgi.exe in Mobius DocumentDirect for the ...) CAN-2000-0827 (Buffer overflow in the web authorization form of Mobius DocumentDirect ...) CAN-2000-0826 (Buffer overflow in ddicgi.exe program in Mobius DocumentDirect for the ...) CAN-2000-0817 (Buffer overflow in the HTTP protocol parser for Microsoft Network ...) CAN-2000-0812 (The administration module in Sun Java web server allows remote ...) CAN-2000-0802 (The BAIR program does not properly restrict access to the Internet ...) CAN-2000-0801 (Buffer overflow in bdf program in HP-UX 11.00 may allow local users to ...) CAN-2000-0800 (String parsing error in rpc.kstatd in the linuxnfs or knfsd packages ...) CAN-2000-0798 (The truncate function in IRIX 6.x does not properly check for ...) CAN-2000-0794 (Buffer overflow in IRIX libgl.so library allows local users to gain ...) CAN-2000-0793 (Norton AntiVirus 5.00.01C with the Novell Netware client does not ...) CAN-2000-0791 (Trustix installs the httpsd program for Apache-SSL with ...) CAN-2000-0789 (WinU 5.x and earlier uses weak encryption to store its configuration ...) CAN-2000-0785 (WircSrv IRC Server 5.07s allows IRC operators to read arbitrary files ...) CAN-2000-0784 (sshd program in the Rapidstream 2.1 Beta VPN appliance has a ...) CAN-2000-0775 (Buffer overflow in RobTex Viking server earlier than 1.06-370 allows ...) CAN-2000-0774 (The sample Java servlet "test" in Bajie HTTP web server 0.30a reveals ...) CAN-2000-0772 (The installation of Tumbleweed Messaging Management System (MMS) 4.6 ...) CAN-2000-0769 (O'Reilly WebSite Pro 2.3.7 installs the uploader.exe program with ...) CAN-2000-0760 (The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals ...) CAN-2000-0759 (Jakarta Tomcat 3.1 under Apache reveals physical path information when ...) CAN-2000-0757 (The sysgen service in Aptis Totalbill does not perform authentication, ...) CAN-2000-0756 (Microsoft Outlook 2000 does not properly process long or malformed ...) CAN-2000-0755 (Vulnerability in the newgrp command in HP-UX 11.00 allows local users ...) CAN-2000-0752 (Buffer overflows in brouted in FreeBSD and possibly other OSes allows ...) CAN-2000-0748 (OpenLDAP 1.2.11 and earlier improperly installs the ud binary with ...) CAN-2000-0746 (Vulnerabilities in IIS 4.0 and 5.0 do not properly protect against ...) CAN-2000-0736 (Buffer overflow in Becky! Internet Mail client 1.26.04 and earlier ...) CAN-2000-0735 (Buffer overflow in Becky! Internet Mail client 1.26.03 and earlier ...) CAN-2000-0734 (eEye IRIS 1.01 beta allows remote attackers to cause a denial of ...) CAN-2000-0724 (The go-gnome Helix GNOME pre-installer allows local users to overwrite ...) CAN-2000-0723 (Helix GNOME Updater helix-update 0.5 and earlier does not properly ...) CAN-2000-0722 (Helix GNOME Updater helix-update 0.5 and earlier allows local users to ...) CAN-2000-0721 (The FSserial, FlagShip_c, and FlagShip_p programs in the FlagShip ...) CAN-2000-0719 (VariCAD 7.0 is installed with world-writeable files, which allows ...) CAN-2000-0715 (DiskCheck script diskcheck.pl in Red Hat Linux allows local users to ...) CAN-2000-0714 (umb-scheme 3.2-11 for Red Hat Linux is installed with world-writeable ...) CAN-2000-0713 (Buffer overflow in Adobe Acrobat 4.05, Reader, Business Tools, and ...) CAN-2000-0710 (The shtml.exe component of Microsoft FrontPage 2000 Server Extensions ...) CAN-2000-0709 (The shtml.exe component of Microsoft FrontPage 2000 Server Extensions ...) CAN-2000-0704 (Buffer overflow in SGI Omron WorldView Wnn allows remote attackers to ...) CAN-2000-0701 (The wrapper program in mailman 2.0beta3 and 2.0beta4 does not properly ...) CAN-2000-0697 (The administration interface for the dwhttpd web server in Solaris ...) CAN-2000-0696 (The administration interface for the dwhttpd web server in Solaris ...) CAN-2000-0695 (Buffer overflows in pgxconfig in the Raptor GFX configuration tool ...) CAN-2000-0692 (ISS RealSecure 3.2.1 and 3.2.2 allows remote attackers to cause a ...) - kdebase 4:2.2.2-14.6 CAN-2000-0691 (The faxrunq and faxrunqd in the mgetty package allows local users to ...) CAN-2000-0690 (Auction Weaver CGI script 1.02 and earlier allows remote attackers to ...) CAN-2000-0689 (Account Manager LITE does not properly authenticate attempts to change ...) CAN-2000-0688 (Subscribe Me LITE does not properly authenticate attempts to change ...) CAN-2000-0687 (Auction Weaver CGI script 1.03 and earlier allows remote attackers to ...) CAN-2000-0686 (Auction Weaver CGI script 1.03 and earlier allows remote attackers to ...) CAN-2000-0680 (The CVS 1.10.8 server does not properly restrict users from creating ...) CAN-2000-0667 (Vulnerability in gpm in Caldera Linux allows local users to delete ...) CAN-2000-0659 (Buffer overflow in AnalogX proxy server 4.04 and earlier allows remote ...) CAN-2000-0658 (Buffer overflow in AnalogX proxy server 4.04 and earlier allows remote ...) CAN-2000-0657 (Buffer overflow in AnalogX proxy server 4.04 and earlier allows remote ...) CAN-2000-0656 (Buffer overflow in AnalogX proxy server 4.04 and earlier allows remote ...) CAN-2000-0653 (Microsoft Outlook Express allows remote attackers to monitor a user's ...) CAN-2000-0649 (IIS 4.0 allows remote attackers to obtain the internal IP address of ...) CAN-2000-0648 (WFTPD and WFTPD Pro 2.41 allows local users to cause a denial of ...) CAN-2000-0647 (WFTPD and WFTPD Pro 2.41 allows remote attackers to cause a denial of ...) CAN-2000-0646 (WFTPD and WFTPD Pro 2.41 allows remote attackers to obtain the real ...) CAN-2000-0645 (WFTPD and WFTPD Pro 2.41 allows remote attackers to cause a denial of ...) CAN-2000-0629 (The default configuration of the Sun Java web server 2.0 and earlier ...) CAN-2000-0626 (Buffer overflow in Alibaba web server allows remote attackers to cause ...) CAN-2000-0625 (NetZero 3.0 and earlier uses weak encryption for storing a user's ...) CAN-2000-0623 (Buffer overflow in O'Reilly WebSite Professional web server 2.4 and ...) CAN-2000-0618 (Buffer overflow in xconq and cconq game programs on Red Hat Linux ...) CAN-2000-0617 (Buffer overflow in xconq and cconq game programs on Red Hat Linux ...) CAN-2000-0614 (Tnef program in Linux systems allows remote attackers to overwrite ...) CAN-2000-0612 (Windows 95 and Windows 98 do not properly process spoofed ARP packets, ...) CAN-2000-0609 (NetWin dMailWeb and cwMail 2.6g and earlier allows remote attackers to ...) CAN-2000-0608 (NetWin dMailWeb and cwMail 2.6i and earlier allows remote attackers to ...) CAN-2000-0607 (Buffer overflow in fld program in Kanji on Console (KON) package on ...) CAN-2000-0606 (Buffer overflow in kon program in Kanji on Console (KON) package on ...) CAN-2000-0605 (Blackboard CourseInfo 4.0 stores the local and SQL administrator user ...) CAN-2000-0592 (Buffer overflows in POP3 service in WinProxy 2.0 and 2.0.1 allow ...) CAN-2000-0589 (SawMill 5.0.21 uses weak encryption to store passwords, which allows ...) CAN-2000-0580 (Windows 2000 Server allows remote attackers to cause a denial of ...) CAN-2000-0578 (SGI MIPSPro compilers C, C++, F77 and F90 generate temporary files in ...) CAN-2000-0574 (FTP servers such as OpenBSD ftpd, NetBSD ftpd, ProFTPd and Opieftpd do ...) CAN-2000-0572 (The Razor configuration management tool uses weak encryption for its ...) CAN-2000-0564 (The guestbook CGI program in ICQ Web Front service for ICQ 2000a, 99b, ...) CAN-2000-0563 (The URLConnection function in MacOS Runtime Java (MRJ) 2.1 and earlier ...) CAN-2000-0562 (BlackIce Defender 2.1 and earlier, and BlackIce Pro 2.0.23 and ...) CAN-2000-0559 (eTrust Intrusion Detection System (formerly SessionWall-3) uses weak ...) CAN-2000-0554 (Ceilidh allows remote attackers to obtain the real path of the Ceilidh ...) CAN-2000-0547 (Buffer overflow in Kerberos 4 KDC program allows remote attackers to ...) CAN-2000-0546 (Buffer overflow in Kerberos 4 KDC program allows remote attackers to ...) CAN-2000-0545 (Buffer overflow in mailx mail command (aka Mail) on Linux systems ...) CAN-2000-0544 (Windows NT and Windows 2000 hosts allow a remote attacker to cause a ...) CAN-2000-0543 (The command port for PGP Certificate Server 2.5.0 and 2.5.1 allows ...) CAN-2000-0535 (OpenSSL 0.9.4 and OpenSSH for FreeBSD do not properly check for the ...) CAN-2000-0531 (Linux gpm program allows local users to cause a denial of service by ...) CAN-2000-0527 (userreg.cgi CGI program in MailStudio 2000 2.0 and earlier allows ...) CAN-2000-0526 (mailview.cgi CGI program in MailStudio 2000 2.0 and earlier allows ...) CAN-2000-0524 (Microsoft Outlook and Outlook Express allow remote attackers to cause ...) CAN-2000-0520 (Buffer overflow in restore program 0.4b17 and earlier in dump package ...) CAN-2000-0509 (Buffer overflows in the finger and whois demonstration scripts in ...) CAN-2000-0503 (The IFRAME of the WebBrowser control in Internet Explorer 5.01 allows ...) CAN-2000-0492 (PassWD 1.2 uses weak encryption (trivial encoding) to store passwords, ...) CAN-2000-0491 (Buffer overflow in the XDMCP parsing code of GNOME gdm, KDE kdm, and ...) CAN-2000-0487 (The Protected Store in Windows 2000 does not properly select the ...) CAN-2000-0480 (Dragon telnet server allows remote attackers to cause a denial of service ...) CAN-2000-0479 (Dragon FTP server allows remote attackers to cause a denial of service ...) CAN-2000-0476 (xterm, Eterm, and rxvt allow an attacker to cause a denial of service ...) CAN-2000-0473 (Buffer overflow in AnalogX SimpleServer 1.05 allows a remote attacker ...) CAN-2000-0450 (Vulnerability in bbd server in Big Brother System and Network Monitor ...) CAN-2000-0449 (Omnis Studio 2.4 uses weak encryption (trivial encoding) for ...) CAN-2000-0444 (HP Web JetAdmin 6.0 allows remote attackers to cause a denial of ...) CAN-2000-0434 (The administrative password for the Allmanage web site administration ...) CAN-2000-0433 (The SuSE aaa_base package installs some system accounts with home ...) CAN-2000-0429 (A backdoor password in Cart32 3.0 and earlier allows remote attackers ...) CAN-2000-0423 (Buffer overflow in Netwin DNEWSWEB CGI program allows remote attackers ...) CAN-2000-0422 (Buffer overflow in Netwin DMailWeb CGI program allows remote attackers ...) CAN-2000-0420 (The default configuration of SYSKEY in Windows 2000 stores the startup ...) CAN-2000-0415 (Buffer overflow in Outlook Express 4.x allows attackers to cause a ...) CAN-2000-0413 (The shtml.exe program in the FrontPage extensions package of IIS 4.0 ...) CAN-2000-0412 (The gnapster and knapster clients for Napster do not properly restrict ...) CAN-2000-0401 (Buffer overflows in redirect.exe and changepw.exe in PDGSoft shopping ...) CAN-2000-0400 (The Microsoft Active Movie ActiveX Control in Internet Explorer 5 does ...) CAN-2000-0386 (FileMaker Pro 5 Web Companion allows remote attackers to send ...) CAN-2000-0385 (FileMaker Pro 5 Web Companion allows remote attackers to bypass ...) CAN-2000-0384 (NetStructure 7110 and 7180 have undocumented accounts (servnow, root, ...) CAN-2000-0383 (The file transfer component of AOL Instant Messenger (AIM) reveals the ...) CAN-2000-0365 (Red Hat Linux 6.0 installs the /dev/pts file system with insecure ...) CAN-2000-0364 (screen and rxvt in Red Hat Linux 6.0 do not properly set the modes of ...) CAN-2000-0358 (ORBit and gnome-session in Red Hat Linux 6.1 allows remote attackers ...) CAN-2000-0357 (ORBit and esound in Red Hat Linux 6.1 do not use sufficiently random ...) CAN-2000-0355 (pg and pb in SuSE pbpg 1.x package allows an attacker to read ...) CAN-2000-0345 (The on-line help system options in Cisco routers allows non-privileged ...) CAN-2000-0343 (Buffer overflow in Sniffit 0.3.x with the -L logging option enabled ...) CAN-2000-0333 (tcpdump, Ethereal, and other sniffer packages allow remote attackers ...) CAN-2000-0326 (Meeting Maker uses weak encryption (a polyalphabetic substitution ...) CAN-2000-0325 (The Microsoft Jet database engine allows an attacker to execute ...) CAN-2000-0321 (Buffer overflow in IC Radius package allows a remote attacker to cause ...) CAN-2000-0317 (Buffer overflow in Solaris 7 lpset allows local users to gain root ...) CAN-2000-0312 (cron in OpenBSD 2.5 allows local users to gain root privileges via an ...) CAN-2000-0300 (The default encryption method of PcAnywhere 9.x uses weak encryption, ...) CAN-2000-0299 (Buffer overflow in WebObjects.exe in the WebObjects Developer 4.5 ...) CAN-2000-0295 (Buffer overflow in LCDproc allows remote attackers to gain root ...) CAN-2000-0293 (aaa_base in SuSE Linux 6.3, and cron.daily in earlier versions, allow ...) CAN-2000-0291 (Buffer overflow in Star Office 5.1 allows attackers to cause a denial ...) CAN-2000-0288 (Infonautics getdoc.cgi allows remote attackers to bypass the payment ...) CAN-2000-0286 (X fontserver xfs allows local users to cause a denial of service via ...) CAN-2000-0284 (Buffer overflow in University of Washington imapd version 4.7 allows ...) CAN-2000-0281 (Buffer overflow in the Napster client beta 5 allows remote attackers ...) CAN-2000-0280 (Buffer overflow in the RealNetworks RealPlayer client versions 6 and 7 ...) CAN-2000-0275 (CRYPTOCard CryptoAdmin for PalmOS uses weak encryption to store a ...) CAN-2000-0271 (read-passwd and other Lisp functions in Emacs 20 do not properly clear ...) CAN-2000-0270 (The make-temp-name Lisp function in Emacs 20 creates temporary files ...) CAN-2000-0269 (Emacs 20 does not properly set permissions for a slave PTY device when ...) CAN-2000-0266 (Internet Explorer 5.01 allows remote attackers to bypass the cross ...) CAN-2000-0259 (The default permissions for the Cryptography\Offload registry key used ...) CAN-2000-0256 (Buffer overflows in htimage.exe and Imagemap.exe in FrontPage 97 and ...) CAN-2000-0250 (The crypt function in QNX uses weak encryption, which allows local ...) CAN-2000-0248 (The web GUI for the Linux Virtual Server (LVS) software in the Red Hat ...) CAN-2000-0244 (The Citrix ICA (Independent Computing Architecture) protocol uses weak ...) CAN-2000-0242 (WindMail allows remote attackers to read arbitrary files or execute ...) CAN-2000-0241 (vqSoft vqServer stores sensitive information such as passwords in ...) CAN-2000-0239 (Buffer overflow in the MERCUR WebView WebMail server allows remote ...) CAN-2000-0227 (The Linux 2.2.x kernel does not restrict the number of Unix domain ...) CAN-2000-0220 (ZoneAlarm sends sensitive system and network information in cleartext ...) CAN-2000-0219 (Red Hat 6.0 allows local users to gain root access by booting single ...) CAN-2000-0216 (Microsoft email clients in Outlook, Exchange, and Windows Messaging ...) CAN-2000-0214 (FTP Explorer uses weak encryption for storing the username, password, ...) CAN-2000-0213 (The Sambar server includes batch files ECHO.BAT and HELLO.BAT in the ...) CAN-2000-0205 (Trend Micro OfficeScan allows remote attackers to replay ...) CAN-2000-0204 (The Trend Micro OfficeScan client allows remote attackers to cause a ...) CAN-2000-0203 (The Trend Micro OfficeScan client tmlisten.exe allows remote attackers ...) CAN-2000-0199 (When a new SQL Server is registered in Enterprise Manager for ...) CAN-2000-0198 (Buffer overflow in POP3 and IMAP servers in the MERCUR mail server ...) CAN-2000-0197 (The Windows NT scheduler uses the drive mapping of the interactive ...) CAN-2000-0190 (AOL Instant Messenger (AIM) client allows remote attackers to cause a ...) CAN-2000-0188 (EZShopper 3.0 search.cgi CGI script allows remote attackers to read ...) CAN-2000-0187 (EZShopper 3.0 loadpage.cgi CGI script allows remote attackers to read ...) CAN-2000-0177 (DNSTools CGI applications allow remote attackers to execute arbitrary ...) CAN-2000-0176 (The default configuration of Serv-U 2.5d and earlier allows remote ...) CAN-2000-0173 (Vulnerability in the EELS system in SCO UnixWare 7.1.x allows remote ...) CAN-2000-0167 (IIS Inetinfo.exe allows local users to cause a denial of service by ...) CAN-2000-0163 (asmon and ascpu in FreeBSD allow local users to gain root privileges ...) CAN-2000-0160 (The Microsoft Active Setup ActiveX component in Internet Explorer 4.x ...) CAN-2000-0158 (Buffer overflow in MMDF server allows remote attackers to gain ...) CAN-2000-0155 (Windows NT Autorun executes the autorun.inf file on non-removable ...) CAN-2000-0154 (The ARCserve agent in UnixWare allows local attackers to modify ...) CAN-2000-0153 (FrontPage Personal Web Server (PWS) allows remote attackers to read ...) CAN-2000-0151 (GNU make follows symlinks when it reads a Makefile from stdin, which ...) CAN-2000-0147 (snmpd in SCO OpenServer has an SNMP community string that is writable ...) CAN-2000-0143 (The SSH protocol server sshd allows local users without shell access ...) CAN-2000-0142 (The authentication protocol in Timbuktu Pro 2.0b650 allows remote ...) CAN-2000-0138 (A system has a distributed denial of service (DDOS) attack master, ...) CAN-2000-0137 (The CartIt shopping cart application allows remote users to modify ...) CAN-2000-0136 (The Cart32 shopping cart application allows remote users to modify ...) CAN-2000-0135 (The @Retail shopping cart application allows remote users to modify ...) CAN-2000-0134 (The Check It Out shopping cart application allows remote users to ...) CAN-2000-0133 (Buffer overflows in Tiny FTPd 0.52 beta3 FTP server allows users to ...) CAN-2000-0132 (Microsoft Java Virtual Machine allows remote attackers to read ...) CAN-2000-0129 (Buffer overflow in the SHGetPathFromIDList function of the Serv-U FTP ...) CAN-2000-0126 (Sample Internet Data Query (IDQ) scripts in IIS 3 and 4 allow remote ...) CAN-2000-0125 (wwwthreads does not properly cleanse numeric data or table names that ...) CAN-2000-0124 (surfCONTROL SuperScout does not properly asign a category to web sites ...) CAN-2000-0123 (The shopping cart application provided with Filemaker allows remote ...) CAN-2000-0122 (Frontpage Server Extensions allows remote attackers to determine the ...) CAN-2000-0119 (The default configurations for McAfee Virus Scan and Norton Anti-Virus ...) CAN-2000-0118 (The Red Hat Linux su program does not log failed password guesses if ...) CAN-2000-0115 (IIS allows local users to cause a denial of service via invalid ...) CAN-2000-0114 (Frontpage Server Extensions allows remote attackers to determine the ...) CAN-2000-0110 (The WebSiteTool shopping cart application allows remote users to ...) CAN-2000-0109 (The mcsp Client Site Processor system (MultiCSP) in Standard and ...) CAN-2000-0108 (The Intellivend shopping cart application allows remote users to ...) CAN-2000-0106 (The EasyCart shopping cart application allows remote users to ...) CAN-2000-0105 (Outlook Express 5.01 and Internet Explorer 5.01 allow remote attackers ...) CAN-2000-0104 (The Shoptron shopping cart application allows remote users to ...) CAN-2000-0103 (The SmartCart shopping cart application allows remote users to ...) CAN-2000-0102 (The SalesCart shopping cart application allows remote users to modify ...) CAN-2000-0101 (The Make-a-Store OrderPage shopping cart application allows remote ...) CAN-2000-0096 (Buffer overflow in qpopper 3.0 beta versions allows local users to ...) CAN-2000-0093 (An installation of Red Hat uses DES password encryption with crypt() ...) CAN-2000-0086 (Netopia Timbuktu Pro sends user IDs and passwords in cleartext, which ...) CAN-2000-0085 (Hotmail does not properly filter JavaScript code from a user's ...) CAN-2000-0084 (CuteFTP uses weak encryption to store password information in its ...) CAN-2000-0082 (WebTV email client allows remote attackers to force the client to send ...) CAN-2000-0081 (Hotmail does not properly filter JavaScript code from a user's ...) CAN-2000-0079 (The W3C CERN httpd HTTP server allows remote attackers to determine ...) CAN-2000-0078 (The June 1999 version of the HP-UX aserver program allows local users ...) CAN-2000-0077 (The October 1998 version of the HP-UX aserver program allows local ...) CAN-2000-0074 (PowerScripts PlusMail CGI program allows remote attackers to execute ...) CAN-2000-0071 (IIS 4.0 allows a remote attacker to obtain the real pathname of the ...) CAN-2000-0069 (The recover program in Solstice Backup allows local users to restore ...) CAN-2000-0068 (daynad program in Intel InBusiness E-mail Station does not require ...) CAN-2000-0067 (CyberCash Merchant Connection Kit (MCK) allows local users to modify ...) CAN-2000-0066 (WebSite Pro allows remote attackers to determine the real pathname of ...) CAN-2000-0061 (Internet Explorer 5 does not modify the security zone for a document ...) CAN-2000-0059 (PHP3 with safe_mode enabled does not properly filter shell ...) CAN-2000-0058 (Network HotSync program in Handspring Visor does not have ...) CAN-2000-0055 (Buffer overflow in Solaris chkperm command allows local users to ...) CAN-2000-0054 (search.cgi in the SolutionScripts Home Free package allows remote ...) CAN-2000-0049 (Buffer overflow in Winamp client allows remote attackers to execute ...) CAN-2000-0047 (Buffer overflow in Yahoo Pager/Messenger client allows remote ...) CAN-2000-0046 (Buffer overflow in ICQ 99b 1.1.1.1 client allows remote attackers to ...) CAN-2000-0038 (glFtpD includes a default glftpd user account with a default password ...) CAN-2000-0035 (resend command in Majordomo allows local users to gain privileges via ...) CAN-2000-0028 (Internet Explorer 5.0 and 5.01 allows remote attackers to bypass the ...) CAN-2000-0021 (Lotus Domino HTTP server allows remote attackers to determine the real ...) CAN-2000-0019 (IMail POP3 daemon uses weak encryption, which allows local users to ...) CAN-2000-0017 (Buffer overflow in Linux linuxconf package allows remote attackers to ...) CAN-2000-0016 (Buffer overflow in Internet Anywhere POP3 Mail Server allows remote ...) CAN-2000-0008 (FTPPro allows local users to read sensitive information, which is ...) CAN-2000-0005 (HP-UX aserver program allows local users to gain privileges via a ...) CAN-1999-1571 (Buffer overflow in sar for SCO OpenServer 5.0.0 through 5.0.5 may ...) CAN-1999-1570 (Buffer overflow in sar for OpenServer 5.0.5 allows local users to gain ...) CAN-1999-1569 (Quake 1 and NetQuake servers allow remote attackers to cause a denial ...) CAN-1999-1567 (Seapine Software TestTrack server allows a remote attacker to cause a ...) CAN-1999-1566 (Buffer overflow in iParty server 1.2 and earlier allows remote ...) CAN-1999-1564 (FreeBSD 3.2 and possibly other versions allows a local user to cause a ...) CAN-1999-1563 (Nachuatec D435 and D445 printer allows remote attackers to cause a ...) CAN-1999-1562 (gFTP FTP client 1.13, and other versions before 2.0.0, records a ...) CAN-1999-1561 (Nullsoft SHOUTcast server stores the administrative password in ...) CAN-1999-1560 (Vulnerability in a script in Texas A&M University (TAMU) Tiger allows ...) CAN-1999-1559 (Xylan OmniSwitch before 3.2.6 allows remote attackers to bypass the ...) CAN-1999-1558 (Vulnerability in loginout in Digital OpenVMS 7.1 and earlier allows ...) CAN-1999-1557 (Buffer overflow in the login functions in IMAP server (imapd) in ...) CAN-1999-1555 (Cheyenne InocuLAN Anti-Virus Server in Inoculan 4.0 before Service ...) CAN-1999-1554 (/usr/sbin/Mail on SGI IRIX 3.3 and 3.3.1 does not properly set the ...) CAN-1999-1553 (Buffer overflow in XCmail 0.99.6 with autoquote enabled allows remote ...) CAN-1999-1552 (dpsexec (DPS Server) when running under XDM in IBM AIX 3.2.5 and ...) CAN-1999-1551 (Buffer overflow in Ipswitch IMail Service 5.0 allows an attacker to ...) CAN-1999-1549 (Lynx 2.x does not properly distinguish between internal and external ...) CAN-1999-1548 (Cabletron SmartSwitch Router (SSR) 8000 firmware 2.x can only handle ...) CAN-1999-1547 (Oracle Web Listener 2.1 allows remote attackers to bypass access ...) CAN-1999-1546 (netstation.navio-com.rte 1.1.0.1 configuration script for Navio NC on ...) CAN-1999-1545 (Joe's Own Editor (joe) 2.8 sets the world-readable permission on its ...) CAN-1999-1544 (Buffer overflow in FTP server in Microsoft IIS 3.0 and 4.0 allows ...) CAN-1999-1543 (MacOS uses weak encryption for passwords that are stored in the Users ...) CAN-1999-1541 (shell-lock in Cactus Software Shell Lock allows local users to read or ...) CAN-1999-1540 (shell-lock in Cactus Software Shell Lock uses weak encryption (trivial ...) CAN-1999-1539 (Buffer overflow in FTP server in QPC Software's QVT/Term Plus versions ...) CAN-1999-1538 (When IIS 2 or 3 is upgraded to IIS 4, ism.dll is inadvertently left in ...) CAN-1999-1536 (.sbstart startup script in AcuShop Salesbuilder is world writable, ...) CAN-1999-1534 (Buffer overflow in (1) nlservd and (2) rnavc in Knox Software Arkeia ...) CAN-1999-1533 (Eicon Technology Diva LAN ISDN modem allows a remote attacker to cause ...) CAN-1999-1532 (Netscape Messaging Server 3.54, 3.55, and 3.6 allows a remote attacker ...) CAN-1999-1529 (A buffer overflow exists in the HELO command in Trend Micro ...) CAN-1999-1528 (ProSoft Netware Client 5.12 on Macintosh MacOS 9 does not ...) CAN-1999-1527 (Internal HTTP server in Sun Netbeans Java IDE in Netbeans Developer ...) CAN-1999-1526 (Auto-update feature of Macromedia Shockwave 7 transmits a user's ...) CAN-1999-1525 (Macromedia Shockwave before 6.0 allows a malicious webmaster to read a ...) CAN-1999-1524 (FlowPoint DSL router firmware versions prior to 3.0.8 allows a remote ...) CAN-1999-1523 (Buffer overflow in Sambar Web Server 4.2.1 allows remote attackers to ...) CAN-1999-1522 (Vulnerability in htmlparse.pike in Roxen Web Server 1.3.11 and ...) CAN-1999-1521 (Computalynx CMail 2.4 and CMail 2.3 SP2 SMTP servers are vulnerable to ...) CAN-1999-1519 (Gene6 G6 FTP Server 2.0 allows a remote attacker to cause a denial of ...) CAN-1999-1518 (Operating systems with shared memory implementations based on BSD 4.4 ...) CAN-1999-1517 (runtar in the Amanda backup system used in various UNIX operating ...) CAN-1999-1516 (A buffer overflow in TenFour TFS Gateway SMTP mail server 3.2 allows ...) CAN-1999-1515 (A non-default configuration in TenFour TFS Gateway 4.0 allows an ...) CAN-1999-1514 (Buffer overflow in Celtech ExpressFS FTP server 2.x allows remote ...) CAN-1999-1513 (Management information base (MIB) for a 3Com SuperStack II hub running ...) CAN-1999-1511 (Buffer overflows in Xtramail 1.11 allow attackers to cause a denial of ...) CAN-1999-1510 (Buffer overflows in Bisonware FTP server prior to 4.1 allow remote ...) CAN-1999-1509 (Directory traversal vulnerability in Etype Eserv 2.50 web server ...) CAN-1999-1508 (Web server in Tektronix PhaserLink Printer 840.0 and earlier allows a ...) CAN-1999-1506 (Vulnerability in SMI Sendmail 4.0 and earlier, on SunOS up to 4.0.3, ...) CAN-1999-1505 (Buffer overflow in QuakeWorld 2.10 allows remote attackers to cause a ...) CAN-1999-1504 (Stalker Internet Mail Server 1.6 allows a remote attacker to cause a ...) CAN-1999-1503 (Network Flight Recorder (NFR) 1.5 and 1.6 allows remote attackers to ...) CAN-1999-1502 (Buffer overflows in Quake 1.9 client allows remote malicious servers ...) CAN-1999-1501 ((1) ipxchk and (2) ipxlink in SGI OS2 IRIX 6.3 does not properly clear ...) CAN-1999-1500 (Internet Anywhere POP3 Mail Server 2.3.1 allows remote attackers to ...) CAN-1999-1499 (named in ISC BIND 4.9 and 8.1 allows local users to destroy files via ...) CAN-1999-1498 (Slackware Linux 3.4 pkgtool allows local attacker to read and write to ...) CAN-1999-1497 (Ipswitch IMail 5.0 and 6.0 uses weak encryption to store passwords in ...) CAN-1999-1496 (Sudo 1.5 in Debian Linux 2.1 and Red Hat 6.0 allows local users to ...) CAN-1999-1495 (xtvscreen in SuSE Linux 6.0 allows local users to overwrite arbitrary ...) CAN-1999-1493 (Vulnerability in crp in Hewlett Packard Apollo Domain OS SR10 through ...) CAN-1999-1492 (Vulnerability in (1) diskperf and (2) diskalign in IRIX 6.4 allows ...) CAN-1999-1491 (abuse.console in Red Hat 2.1 uses relative pathnames to find and ...) CAN-1999-1489 (Buffer overflow in TestChip function in XFree86 SuperProbe in ...) CAN-1999-1487 (Vulnerability in digest in AIX 4.3 allows printq users to gain root ...) CAN-1999-1485 (nsd in IRIX 6.5 through 6.5.2 exports a virtual filesystem on a UDP ...) CAN-1999-1484 (Buffer overflow in MSN Setup BBS 4.71.0.10 ActiveX control ...) CAN-1999-1483 (Buffer overflow in zgv in svgalib 1.2.10 and earlier allows local ...) CAN-1999-1482 (SVGAlib zgv 3.0-7 and earlier allows local users to gain root access ...) CAN-1999-1480 ((1) acledit and (2) aclput in AIX 4.3 allow local users to create or ...) CAN-1999-1479 (The textcounter.pl by Matt Wright allows remote attackers to execute ...) CAN-1999-1477 (Buffer overflow in GNOME libraries 1.0.8 allows local user to gain ...) CAN-1999-1475 (ProFTPd 1.2 compiled with the mod_sqlpw module records user passwords ...) CAN-1999-1474 (PowerPoint 95 and 97 allows remote attackers to cause an application ...) CAN-1999-1471 (Buffer overflow in passwd in BSD based operating systems 4.3 and ...) CAN-1999-1470 (Eastman Work Management 3.21 stores passwords in cleartext in the ...) CAN-1999-1469 (Buffer overflow in w3-auth CGI program in miniSQL package allows ...) CAN-1999-1467 (Vulnerability in rcp on SunOS 4.0.x allows remote attackers from ...) CAN-1999-1466 (Vulnerability in Cisco routers versions 8.2 through 9.1 allows remote ...) CAN-1999-1465 (Vulnerability in Cisco IOS 11.1 through 11.3 with distributed fast ...) CAN-1999-1464 (Vulnerability in Cisco IOS 11.1CC and 11.1CT with distributed fast ...) CAN-1999-1463 (Windows NT 4.0 before SP3 allows remote attackers to bypass firewall ...) CAN-1999-1462 (Vulnerability in bb-hist.sh CGI History module in Big Brother 1.09b ...) CAN-1999-1461 (inpview in InPerson on IRIX 5.3 through IRIX 6.5.10 trusts the PATH ...) CAN-1999-1460 (BMC PATROL SNMP Agent before 3.2.07 allows local users to create ...) CAN-1999-1459 (BMC PATROL Agent before 3.2.07 allows local users to gain root ...) CAN-1999-1458 (Buffer overflow in at program in Digital UNIX 4.0 allows local users ...) CAN-1999-1457 (Buffer overflow in thttpd HTTP server before 2.04-31 allows remote ...) CAN-1999-1454 (Macromedia "The Matrix" screen saver on Windows 95 with the "Password ...) CAN-1999-1453 (Internet Explorer 4 allows remote attackers (malicious web site ...) CAN-1999-1451 (The Winmsdp.exe sample file in IIS 4.0 and Site Server 3.0 allows ...) CAN-1999-1450 (Vulnerability in (1) rlogin daemon rshd and (2) scheme on SCO UNIX ...) CAN-1999-1449 (SunOS 4.1.4 on a Sparc 20 machine allows local users to cause a denial ...) CAN-1999-1448 (Eudora and Eudora Light before 3.05 allows remote attackers to cause a ...) CAN-1999-1447 (Internet Explorer 4.0 allows remote attackers to cause a denial of ...) CAN-1999-1446 (Internet Explorer 3 records a history of all URL's that are visited by ...) CAN-1999-1445 (Vulnerability in imapd and ipop3d in Slackware 3.4 and 3.3 with ...) CAN-1999-1444 (genkey utility in Alibaba 2.0 generates RSA key pairs with an exponent ...) CAN-1999-1443 (Micah Software Full Armor Network Configurator and Zero Administration ...) CAN-1999-1442 (Bug in AMD K6 processor on Linux 2.0.x and 2.1.x kernels allows local ...) CAN-1999-1441 (Linux 2.0.34 does not properly prevent users from sending SIGIO ...) CAN-1999-1440 (Win32 ICQ 98a 1.30, and possibly other versions, does not display the ...) CAN-1999-1439 (gcc 2.7.2 allows local users to overwrite arbitrary files via a ...) CAN-1999-1438 (Vulnerability in /bin/mail in SunOS 4.1.1 and earlier allows local ...) CAN-1999-1436 (Ray Chan WWW Authorization Gateway 0.1 CGI program allows remote ...) CAN-1999-1435 (Buffer overflow in libsocks5 library of Socks 5 (socks5) 1.0r5 allows ...) CAN-1999-1434 (login in Slackware Linux 3.2 through 3.5 does not properly check for ...) CAN-1999-1431 (ZAK in Appstation mode allows users to bypass the "Run only allowed ...) CAN-1999-1430 (PIM software for Royal daVinci does not properly password-protext ...) CAN-1999-1429 (DIT TransferPro installs devices with world-readable and ...) CAN-1999-1428 (Solaris Solstice AdminSuite (AdminSuite) 2.1 and 2.2 allows local ...) CAN-1999-1427 (Solaris Solstice AdminSuite (AdminSuite) 2.1 and 2.2 create lock files ...) CAN-1999-1426 (Solaris Solstice AdminSuite (AdminSuite) 2.1 follows symbolic links ...) CAN-1999-1425 (Solaris Solstice AdminSuite (AdminSuite) 2.1 incorrectly sets write ...) CAN-1999-1424 (Solaris Solstice AdminSuite (AdminSuite) 2.1 uses unsafe permissions ...) CAN-1999-1422 (The default configuration of Slackware 3.4, and possibly other ...) CAN-1999-1421 (NBase switches NH208 and NH215 run a TFTP server which allows remote ...) CAN-1999-1420 (NBase switches NH2012, NH2012R, NH2015, and NH2048 have a back door ...) CAN-1999-1418 (ICQ99 ICQ web server build 1701 with "Active Homepage" enabled ...) CAN-1999-1417 (Format string vulnerability in AnswerBook2 (AB2) web server dwhttpd ...) CAN-1999-1416 (AnswerBook2 (AB2) web server dwhttpd 3.1a4 allows remote attackers to ...) CAN-1999-1415 (Vulnerability in /usr/bin/mail in DEC ULTRIX before 4.2 allows local ...) CAN-1999-1413 (Solaris 2.4 before kernel jumbo patch -35 allows set-gid programs to ...) CAN-1999-1412 (A possible interaction between Apple MacOS X release 1.0 and Apache ...) CAN-1999-1410 (addnetpr in IRIX 5.3 and 6.2 allows local users to overwrite arbitrary ...) CAN-1999-1408 (Vulnerability in AIX 4.1.4 and HP-UX 10.01 and 9.05 allows local users ...) CAN-1999-1406 (dumpreg in Red Hat Linux 5.1 opens /dev/mem with O_RDWR access, which ...) CAN-1999-1405 (snap command in AIX before 4.3.2 creates the /tmp/ibmsupt directory ...) CAN-1999-1404 (IBM/Tivoli OPC Tracker Agent version 2 release 1 allows remote ...) CAN-1999-1403 (IBM/Tivoli OPC Tracker Agent version 2 release 1 creates files, ...) CAN-1999-1401 (Vulnerability in Desktop searchbook program in IRIX 5.0.x through 6.2 ...) CAN-1999-1400 (The Economist screen saver 1999 with the "Password Protected" option ...) CAN-1999-1399 (spaceball program in SpaceWare 7.3 v1.0 in IRIX 6.2 allows local users ...) CAN-1999-1398 (Vulnerability in xfsdump in SGI IRIX may allow local users to obtain ...) CAN-1999-1396 (Vulnerability in integer multiplication emulation code on SPARC ...) CAN-1999-1395 (Vulnerability in Monitor utility (SYS$SHARE:SPISHR.EXE) in VMS 5.0 ...) CAN-1999-1394 (BSD 4.4 based operating systems, when running at security level 1, ...) CAN-1999-1393 (Control Panel "Password Security" option for Apple Powerbooks allows ...) CAN-1999-1392 (Vulnerability in restore0.9 installation script in NeXT 1.0a and 1.0 ...) CAN-1999-1391 (Vulnerability in NeXT 1.0a and 1.0 with publicly accessible printers ...) CAN-1999-1390 (suidexec in suidmanager 0.18 on Debian 2.0 allows local users to gain ...) CAN-1999-1389 (US Robotics/3Com Total Control Chassis with Frame Relay between 3.6.22 ...) CAN-1999-1388 (passwd in SunOS 4.1.x allows local users to overwrite arbitrary files ...) CAN-1999-1387 (Windows NT 4.0 SP2 allows remote attackers to cause a denial of ...) CAN-1999-1383 ((1) bash before 1.14.7, and (2) tcsh 6.05 allow local users to gain ...) CAN-1999-1381 (Buffer overflow in dbadmin CGI program 1.0.1 on Linux allows remote ...) CAN-1999-1378 (dbmlparser.exe CGI guestbook program does not perform a chroot ...) CAN-1999-1377 (Matt Wright's download.cgi 1.0 allows remote attackers to read ...) CAN-1999-1376 (Buffer overflow in fpcount.exe in IIS 4.0 with FrontPage Server ...) CAN-1999-1375 (FileSystemObject (FSO) in the showfile.asp Active Server Page (ASP) ...) CAN-1999-1374 (perlshop.cgi shopping cart program stores sensitive customer ...) CAN-1999-1373 (FORE PowerHub before 5.0.1 allows remote attackers to cause a denial ...) CAN-1999-1372 (Triactive Remote Manager with Basic authentication enabled stores the ...) CAN-1999-1371 (Buffer overflow in /usr/bin/write in Solaris 2.6 and 7 allows local ...) CAN-1999-1370 (The setup wizard (ie5setup.exe) for Internet Explorer 5.0 disables (1) ...) CAN-1999-1369 (Real Media RealServer (rmserver) 6.0.3.353 stores a password in ...) CAN-1999-1368 (AV Option for MS Exchange Server option for InoculateIT 4.53, and ...) CAN-1999-1367 (Internet Explorer 5.0 does not properly reset the username/password ...) CAN-1999-1366 (Pegasus e-mail client 3.0 and earlier uses weak encryption to store ...) CAN-1999-1364 (Windows NT 4.0 allows local users to cause a denial of service (crash) ...) CAN-1999-1361 (Windows NT 3.51 and 4.0 running WINS (Windows Internet Name Service) ...) CAN-1999-1357 (Netscape Communicator 4.04 through 4.7 (and possibly other versions) ...) CAN-1999-1355 (BMC Patrol component, when installed with Compaq Insight Management ...) CAN-1999-1354 (E-mail client in Softarc FirstClass Internet Server 5.506 and earlier ...) CAN-1999-1353 (Nosque MsgCore 2.14 stores passwords in cleartext: (1) the ...) CAN-1999-1352 (mknod in Linux 2.2 follows symbolic links, which could allow local ...) CAN-1999-1350 (ARCAD Systemhaus 0.078-5 installs critical programs and files with ...) CAN-1999-1349 (NFS daemon (nfsd.exe) for Omni-NFS/X 6.1 allows remote attackers to ...) CAN-1999-1348 (Linuxconf on Red Hat Linux 6.0 and earlier does not properly disable ...) CAN-1999-1347 (Xsession in Red Hat Linux 6.1 and earlier can allow local users with ...) CAN-1999-1346 (PAM configuration file for rlogin in Red Hat Linux 6.1 and earlier ...) CAN-1999-1345 (Auto_FTP.pl script in Auto_FTP 0.2 uses the /tmp/ftp_tmp as a shared ...) CAN-1999-1344 (Auto_FTP.pl script in Auto_FTP 0.2 stores usernames and passwords in ...) CAN-1999-1343 (HTTP server for Xerox DocuColor 4 LP allows remote attackers to cause ...) CAN-1999-1342 (ICQ ActiveList Server allows remote attackers to cause a denial of ...) CAN-1999-1340 (Buffer overflow in faxalter in hylafax 4.0.2 allows local users to ...) CAN-1999-1338 (Delegate proxy 5.9.3 and earlier creates files and directories in the ...) CAN-1999-1334 (Multiple buffer overflows in filter command in Elm 2.4 allows ...) CAN-1999-1323 (Norton AntiVirus for Internet Email Gateways (NAVIEG) 1.0.1.7 and ...) CAN-1999-1322 (The installation of 1ArcServe Backup and Inoculan AV client modules ...) CAN-1999-1319 (Vulnerability in object server program in SGI IRIX 5.2 through 6.1 ...) CAN-1999-1315 (Vulnerabilities in DECnet/OSI for OpenVMS before 5.8 on DEC Alpha AXP ...) CAN-1999-1314 (Vulnerability in union file system in FreeBSD 2.2 and earlier, and ...) CAN-1999-1313 (Manual page reader (man) in FreeBSD 2.2 and earlier allows local users ...) CAN-1999-1312 (Vulnerability in DEC OpenVMS VAX 5.5-2 through 5.0, and OpenVMS AXP ...) CAN-1999-1311 (Vulnerability in dtlogin and dtsession in HP-UX 10.20 and 10.10 allows ...) CAN-1999-1310 NOTE: rejected CAN-1999-1308 (Certain programs in HP-UX 10.20 do not properly handle large user IDs ...) CAN-1999-1307 (Vulnerability in urestore in Novell UnixWare 1.1 allows local users to ...) CAN-1999-1306 (Cisco IOS 9.1 and earlier does not properly handle extended IP access ...) CAN-1999-1305 (Vulnerability in "at" program in SCO UNIX 4.2 and earlier allows local ...) CAN-1999-1304 (Vulnerability in login in SCO UNIX 4.2 and earlier allows local users ...) CAN-1999-1303 (Vulnerability in prwarn in SCO UNIX 4.2 and earlier allows local users ...) CAN-1999-1302 (Vulnerability in pt_chmod in SCO UNIX 4.2 and earlier allows local ...) CAN-1999-1300 (Vulnerability in accton in Cray UNICOS 6.1 and 6.0 allows local users ...) CAN-1999-1299 (rcp on various Linux systems including Red Hat 4.0 allows a "nobody" ...) CAN-1999-1296 (Buffer overflow in Kerberos IV compatibility libraries as used in ...) CAN-1999-1295 (Transarc DCE Distributed File System (DFS) 1.1 for Solaris 2.4 and 2.5 ...) CAN-1999-1293 (mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause ...) CAN-1999-1292 (Buffer overflow in web administration feature of Kolban Webcam32 4.8.3 ...) CAN-1999-1291 (TCP/IP implementation in Microsoft Windows 95, Windows NT 4.0, and ...) CAN-1999-1289 (ICQ 98 beta on Windows NT leaks the internal IP address of a client in ...) CAN-1999-1287 (Vulnerability in Analog 3.0 and earlier allows remote attackers to ...) CAN-1999-1286 (addnetpr in SGI IRIX 6.2 and earlier allows local users to modify ...) CAN-1999-1285 (Linux 2.1.132 and earlier allows local users to cause a denial of ...) CAN-1999-1283 (Opera 3.2.1 allows remote attackers to cause a denial of service ...) CAN-1999-1282 (RealSystem G2 server stores the administrator password in cleartext in ...) CAN-1999-1281 (Development version of Breeze Network Server allows remote attackers ...) CAN-1999-1280 (Hummingbird Exceed 6.0.1.0 inadvertently includes a DLL that was meant ...) CAN-1999-1278 (nlog CGI scripts do not properly filter shell metacharacters from the ...) CAN-1999-1277 (BackWeb client stores the username and password in cleartext for proxy ...) CAN-1999-1275 (Lotus cc:Mail release 8 stores the postoffice password in plaintext in ...) CAN-1999-1274 (iPass RoamServer 3.1 creates temporary files with world-writable ...) CAN-1999-1273 (Squid Internet Object Cache 1.1.20 allows users to bypass access ...) CAN-1999-1272 (Buffer overflows in CDROM Confidence Test program (cdrom) allow local ...) CAN-1999-1271 (Macromedia Dreamweaver uses weak encryption to store FTP passwords, ...) CAN-1999-1270 (KMail in KDE 1.0 provides a PGP passphrase as a command line argument ...) CAN-1999-1269 (Screen savers in KDE beta 3 allows local users to overwrite arbitrary ...) CAN-1999-1268 (Vulnerability in KDE konsole allows local users to hijack or observe ...) CAN-1999-1267 (KDE file manager (kfm) uses a TCP server for certain file operations, ...) CAN-1999-1266 (rsh daemon (rshd) generates different error messages when a valid ...) CAN-1999-1265 (SMTP server in SLmail 3.1 and earlier allows remote attackers to cause ...) CAN-1999-1264 (WebRamp M3 router does not disable remote telnet or HTTP access to ...) CAN-1999-1261 (Buffer overflow in Rainbow Six Multiplayer allows remote attackers to ...) CAN-1999-1260 (mSQL (Mini SQL) 2.0.6 allows remote attackers to obtain sensitive ...) CAN-1999-1257 (Xyplex terminal server 6.0.1S1, and possibly other versions, allows ...) CAN-1999-1256 (Oracle Database Assistant 1.0 in Oracle 8.0.3 Enterprise Edition ...) CAN-1999-1255 (Hyperseek allows remote attackers to modify the hyperseek ...) CAN-1999-1254 (Windows 95, 98, and NT 4.0 allow remote attackers to cause a denial of ...) CAN-1999-1253 (Vulnerability in a kernel error handling routine in SCO OpenServer ...) CAN-1999-1252 (Vulnerability in a certain system call in SCO UnixWare 2.0.x and 2.1.0 ...) CAN-1999-1251 (Vulnerability in direct audio user space code on HP-UX 10.20 and 10.10 ...) CAN-1999-1250 (Vulnerability in CGI program in the Lasso application by Blue World, ...) CAN-1999-1248 (Vulnerability in Support Watch (aka SupportWatch) in HP-UX 8.0 through ...) CAN-1999-1247 (Vulnerability in HP Camera component of HP DCE/9000 in HP-UX 9.x ...) CAN-1999-1245 (vacm ucd-snmp SNMP server, version 3.52, does not properly disable ...) CAN-1999-1244 (IPFilter 3.2.3 through 3.2.10 allows local users to modify arbitrary ...) CAN-1999-1242 (Vulnerability in subnetconfig in HP-UX 9.01 and 9.0 allows local users ...) CAN-1999-1241 (Internet Explorer, with a security setting below Medium, allows remote ...) CAN-1999-1240 (Buffer overflow in cddbd CD database server allows remote attackers to ...) CAN-1999-1239 (HP-UX 9.x does not properly enable the Xauthority mechanism in certain ...) CAN-1999-1238 (Vulnerability in CORE-DIAG fileset in HP message catalog in HP-UX 9.05 ...) CAN-1999-1237 (Multiple buffer overflows in smbvalid/smbval SMB authentication ...) CAN-1999-1236 (Internet Anywhere Mail Server 2.3.1 stores passwords in plaintext in ...) CAN-1999-1235 (Internet Explorer 5.0 records the username and password for FTP ...) CAN-1999-1234 (LSA (LSASS.EXE) in Windows NT 4.0 allows remote attackers to cause a ...) CAN-1999-1232 (day5datacopier in SGI IRIX 6.2 trusts the PATH environmental variable ...) CAN-1999-1231 (ssh 2.0.12, and possibly other versions, allows valid user names to ...) CAN-1999-1230 (Quake 2 server allows remote attackers to cause a denial of service ...) CAN-1999-1229 (Quake 2 server 3.13 on Linux does not properly check file permissions ...) CAN-1999-1228 (Various modems that do not implement a guard time, or are configured ...) CAN-1999-1227 (Ethereal allows local users to overwrite arbitrary files via a symlink ...) CAN-1999-1225 (rpc.mountd on Linux, Ultrix, and possibly other operating systems, ...) CAN-1999-1224 (IMAP 4.1 BETA, and possibly other versions, does not properly handle ...) CAN-1999-1221 (dxchpwd in Digital Unix (OSF/1) 3.x allows local users to modify ...) CAN-1999-1220 (Majordomo 1.94.3 and earlier allows remote attackers to execute ...) CAN-1999-1219 (Vulnerability in sgihelp in the SGI help system and print manager in ...) CAN-1999-1218 (Vulnerability in finger in Commodore Amiga UNIX 2.1p2a and earlier ...) CAN-1999-1216 (Cisco routers 9.17 and earlier allow remote attackers to bypass ...) CAN-1999-1213 (Vulnerability in telnet service in HP-UX 10.30 allows attackers to ...) CAN-1999-1212 (Vulnerability in in.rlogind in SunOS 4.0.3 and 4.0.3c allows local ...) CAN-1999-1211 (Vulnerability in in.telnetd in SunOS 4.1.1 and earlier allows local ...) CAN-1999-1210 (xterm in Digital UNIX 4.0B *with* patch kit 5 allows local users to ...) CAN-1999-1207 (Buffer overflow in web-admin tool in NetXRay 2.6 allows remote ...) CAN-1999-1206 (SystemSoft SystemWizard package in HP Pavilion PC with Windows 98, and ...) CAN-1999-1202 (StarTech (1) POP3 proxy server and (2) telnet server allows remote ...) CAN-1999-1200 (Vintra SMTP MailServer allows remote attackers to cause a denial of ...) CAN-1999-1196 (Hummingbird Exceed X version 5 allows remote attackers to cause a ...) CAN-1999-1195 (NAI VirusScan NT 4.0.2 does not properly modify the scan.dat virus ...) CAN-1999-1190 (Buffer overflow in POP3 server of Admiral Systems EmailClub 1.05 ...) CAN-1999-1187 (Pine before version 3.94 allows local users to gain privileges via a ...) CAN-1999-1186 (rxvt, when compiled with the PRINT_PIPE option in various Linux ...) CAN-1999-1185 (Buffer overflow in SCO mscreen allows local users to gain root ...) CAN-1999-1184 (Buffer overflow in Elm 2.4 and earlier allows local users to gain ...) CAN-1999-1183 (System Manager sysmgr GUI in SGI IRIX 6.4 and 6.3 allows remote ...) CAN-1999-1182 (Buffer overflow in run-time linkers (1) ld.so or (2) ld-linux.so for ...) CAN-1999-1180 (O'Reilly WebSite 1.1e and Website Pro 2.0 allows remote attackers to ...) CAN-1999-1179 (Vulnerability in man.sh CGI script, included in May 1998 issue of ...) CAN-1999-1178 (Sambar Server 4.1 beta allows remote attackers to obtain sensitive ...) CAN-1999-1176 (Buffer overflow in cidentd ident daemon allows local users to gain ...) CAN-1999-1174 (ZIP drive for Iomega ZIP-100 disks allows attackers with physical ...) CAN-1999-1173 (Corel Word Perfect 8 for Linux creates a temporary working directory ...) CAN-1999-1172 (By design, Maximizer Enterprise 4 calendar and address book program ...) CAN-1999-1171 (IPswitch WS_FTP allows local users to gain additional privileges and ...) CAN-1999-1170 (IPswitch IMail allows local users to gain additional privileges and ...) CAN-1999-1169 (nobo 1.2 allows remote attackers to cause a denial of service (crash) ...) CAN-1999-1168 (install.iss installation script for Internet Security Scanner (ISS) ...) CAN-1999-1166 (Linux 2.0.37 does not properly encode the Custom segment limit, which ...) CAN-1999-1165 (GNU fingerd 1.37 does not properly drop privileges before accessing ...) CAN-1999-1164 (Microsoft Outlook client allows remote attackers to cause a denial of ...) CAN-1999-1158 (Buffer overflow in (1) pluggable authentication module (PAM) on ...) CAN-1999-1155 (LakeWeb Mail List CGI script allows remote attackers to execute ...) CAN-1999-1154 (LakeWeb Filemail CGI script allows remote attackers to execute ...) CAN-1999-1153 (HAMcards Postcard CGI script 1.0 allows remote attackers to execute ...) CAN-1999-1152 (Compaq/Microcom 6000 Access Integrator does not disconnect a client ...) CAN-1999-1151 (Compaq/Microcom 6000 Access Integrator does not cause a session ...) CAN-1999-1150 (Livingston Portmaster routers running ComOS use the same initial ...) CAN-1999-1149 (Buffer overflow in CSM Proxy 4.1 allows remote attackers to cause a ...) CAN-1999-1141 (Ascom Timeplex router allows remote attackers to obtain sensitive ...) CAN-1999-1135 (Vulnerability in VUE 3.0 in HP 9.x allows local users to gain root ...) CAN-1999-1134 (Vulnerability in Vue 3.0 in HP 9.x allows local users to gain root ...) CAN-1999-1133 (HP-UX 9.x and 10.x running X windows may allow local attackers to gain ...) CAN-1999-1130 (Default configuration of the search engine in Netscape Enterprise ...) CAN-1999-1129 (Cisco Catalyst 2900 Virtual LAN (VLAN) switches allow remote attackers ...) CAN-1999-1128 (Internet Explorer 3.01 on Windows 95 allows remote malicious web sites ...) CAN-1999-1126 (Cisco Resource Manager (CRM) 1.1 and earlier creates certain files ...) CAN-1999-1125 (Oracle Webserver 2.1 and earlier runs setuid root, but the ...) CAN-1999-1124 (HTTP Client application in ColdFusion allows remote attackers to ...) CAN-1999-1123 (The installation of Sun Source (sunsrc) tapes allows local users to ...) CAN-1999-1113 (Buffer overflow in Eudora Internet Mail Server (EIMS) 2.01 and earlier ...) CAN-1999-1112 (Buffer overflow in IrfanView32 3.07 and earlier allows attackers to ...) CAN-1999-1110 (Windows Media Player ActiveX object as used in Internet Explorer 5.0 ...) CAN-1999-1108 NOTE: rejected CAN-1999-1107 (Buffer overflow in kppp in KDE allows local users to gain root access ...) CAN-1999-1106 (Buffer overflow in kppp in KDE allows local users to gain root access ...) CAN-1999-1101 (Kabsoftware Lydia utility uses weak encryption to store user passwords ...) CAN-1999-1097 (Microsoft NetMeeting 2.1 allows one client to read the contents of ...) CAN-1999-1096 (Buffer overflow in kscreensaver in KDE klock allows local users to ...) CAN-1999-1095 (sort creates temporary files and follows symbolic links, which allows ...) CAN-1999-1092 (tin 1.40 creates the .tin directory with insecure permissions, which ...) CAN-1999-1091 (UNIX news readers tin and rtin create the /tmp/.tin_log file with ...) CAN-1999-1089 (Buffer overflow in chfn command in HP-UX 9.X through 10.20 allows ...) CAN-1999-1088 (Vulnerability in chsh command in HP-UX 9.X through 10.20 allows local ...) CAN-1999-1086 (Novell 5 and earlier, when running over IPX with a packet signature ...) CAN-1999-1084 (The "AEDebug" registry key is installed with insecure permissions, ...) CAN-1999-1083 (Directory traversal vulnerability in Jana proxy web server 1.45 allows ...) CAN-1999-1082 (Directory traversal vulnerability in Jana proxy web server 1.40 allows ...) CAN-1999-1081 (Vulnerability in files.pl script in Novell WebServer Examples Toolkit ...) CAN-1999-1079 (Vulnerability in ptrace in AIX 4.3 allows local users to gain ...) CAN-1999-1078 (WS_FTP Pro 6.0 uses weak encryption for passwords in its ...) CAN-1999-1077 (Idle locking function in MacOS 9 allows local attackers to bypass the ...) CAN-1999-1076 (Idle locking function in MacOS 9 allows local users to bypass the ...) CAN-1999-1075 (inetd in AIX 4.1.5 dynamically assigns a port N when starting ...) CAN-1999-1073 (Excite for Web Servers (EWS) 1.1 records the first two characters of a ...) CAN-1999-1072 (Excite for Web Servers (EWS) 1.1 allows local users to gain privileges ...) CAN-1999-1071 (Excite for Web Servers (EWS) 1.1 installs the Architext.conf ...) CAN-1999-1070 (Buffer overflow in ping CGI program in Xylogics Annex terminal service ...) CAN-1999-1069 (Directory traversal vulnerability in carbo.dll in iCat Carbo Server ...) CAN-1999-1068 (Oracle Webserver 2.1, when serving PL/SQL stored procedures, allows ...) CAN-1999-1067 (SGI MachineInfo CGI program, installed by default on some web servers, ...) CAN-1999-1066 (Quake 1 server responds to an initial UDP game connection request with ...) CAN-1999-1065 (Palm Pilot HotSync Manager 3.0.4 in Windows 98 allows remote attackers ...) CAN-1999-1064 (Multiple buffer overflows in WindowMaker 0.52 through 0.60.0 allow ...) CAN-1999-1063 (CDomain whois_raw.cgi whois CGI script allows remote attackers to ...) CAN-1999-1062 (HP Laserjet printers with JetDirect cards, when configured with ...) CAN-1999-1061 (HP Laserjet printers with JetDirect cards, when configured with ...) CAN-1999-1060 (Buffer overflow in Tetrix TetriNet daemon 1.13.16 allows remote ...) CAN-1999-1058 (Buffer overflow in Vermillion FTP Daemon VFTPD 1.23 allows remote ...) CAN-1999-1056 NOTE: rejected CAN-1999-1054 (The default configuration of FLEXlm license manager 6.0d, and possibly ...) CAN-1999-1053 (guestbook.pl cleanses user-inserted SSI commands by removing text ...) CAN-1999-1052 (Microsoft FrontPage stores form results in a default location in ...) CAN-1999-1051 (Default configuration in Matt Wright FormHandler.cgi script allows ...) CAN-1999-1050 (Directory traversal vulnerability in Matt Wright FormHandler.cgi ...) CAN-1999-1049 (ARCserve NT agents use weak encryption (XOR) for passwords, which ...) CAN-1999-1046 (Buffer overflow in IMonitor in IMail 5.0 allows remote attackers to ...) CAN-1999-1043 (Microsoft Exchange Server 5.5 and 5.0 does not properly handle (1) ...) CAN-1999-1042 (Cisco Resource Manager (CRM) 1.0 and 1.1 creates world-readable log ...) CAN-1999-1041 (Buffer overflow in mscreen on SCO OpenServer 5.0 and SCO UNIX 3.2v4 ...) CAN-1999-1040 (Vulnerabilities in (1) ipxchk and (2) ipxlink in NetWare Client 1.0 on ...) CAN-1999-1039 (Vulnerability in (1) diskalign and (2) diskperf in IRIX 6.4 patches ...) CAN-1999-1038 (Tiger 2.2.3 allows local users to overwrite arbitrary files via a ...) CAN-1999-1036 (COPS 1.04 allows local users to overwrite or create arbitrary files ...) CAN-1999-1033 (Microsoft Outlook Express before 4.72.3612.1700 allows a malicious ...) CAN-1999-1031 (counter.exe 2.70 allows a remote attacker to cause a denial of service ...) CAN-1999-1030 (counter.exe 2.70 allows a remote attacker to cause a denial of ...) CAN-1999-1029 (SSH server (sshd2) before 2.0.12 does not properly record login ...) CAN-1999-1026 (aspppd on Solaris 2.5 x86 allows local users to modify arbitrary files ...) CAN-1999-1025 (CDE screen lock program (screenlock) on Solaris 2.6 does not properly ...) CAN-1999-1024 (ip_print procedure in Tcpdump 3.4a allows remote attackers to cause a ...) CAN-1999-1023 (useradd in Solaris 7.0 does not properly interpret certain date ...) CAN-1999-1022 (serial_ports administrative program in IRIX 4.x and 5.x trusts the ...) CAN-1999-1020 (The installation of Novell Netware NDS 5.99 provides an ...) CAN-1999-1018 (IPChains in Linux kernels 2.2.10 and earlier does not reassemble IP ...) CAN-1999-1017 (Seattle Labs Emurl 2.0, and possibly earlier versions, stores e-mail ...) CAN-1999-1016 (Microsoft HTML control as used in (1) Internet Explorer 5.0, (2) ...) CAN-1999-1015 (Buffer overflow in Apple AppleShare Mail Server 5.0.3 on MacOS 8.1 and ...) CAN-1999-1013 (named-xfer in AIX 4.1.5 and 4.2.1 allows members of the system group ...) CAN-1999-1012 (SMTP component of Lotus Domino 4.6.1 on AS/400, and possibly other ...) CAN-1999-1009 (The Disney Go Express Search allows remote attackers to access and ...) CAN-1999-1006 (Groupwise web server GWWEB.EXE allows remote attackers to determine ...) CAN-1999-1003 (War FTP Daemon 1.70 allows remote attackers to cause a denial of ...) CAN-1999-1002 (Netscape Navigator uses weak encryption for storing a user's Netscape ...) CAN-1999-0993 (Modifications to ACLs (Access Control Lists) in Microsoft Exchange ...) CAN-1999-0990 (Error messages generated by gdm with the VerboseAuth setting allows an ...) CAN-1999-0988 (UnixWare pkgtrans allows local users to read arbitrary files via a ...) CAN-1999-0985 (CC Whois program whois.cgi allows remote attackers to execute commands ...) CAN-1999-0984 (Matt's Whois program whois.cgi allows remote attackers to ...) CAN-1999-0983 (Whois Internic Lookup program whois.cgi allows remote attackers to ...) CAN-1999-0970 (The OmniHTTPD visadmin.exe program allows a remote attacker to conduct ...) CAN-1999-0952 (Buffer overflow in Solaris lpstat via class argument allows local ...) CAN-1999-0949 (Buffer overflow in canuum program for Canna input system allows local ...) CAN-1999-0948 (Buffer overflow in uum program for Canna input system allows local ...) CAN-1999-0944 (IBM WebSphere ikeyman tool uses weak encryption to store ...) CAN-1999-0941 (Mutt mail client allows a remote attacker to execute commands via ...) CAN-1999-0929 (Novell NetWare with Novell-HTTP-Server or YAWN web servers allows ...) CAN-1999-0926 (Apache allows remote attackers to conduct a denial of service via a ...) CAN-1999-0925 (UnityMail allows remote attackers to conduct a denial of service via a ...) CAN-1999-0923 (Sample runnable code snippets in ColdFusion Server 4.0 allow remote ...) CAN-1999-0919 (A memory leak in a Motorola CableRouter allows remote attackers to ...) CAN-1999-0913 (dfire.cgi script in Dragon-Fire IDS allows remote users to execute ...) CAN-1999-0911 (Buffer overflow in ProFTPD, wu-ftpd, and beroftpd allows remote ...) CAN-1999-0910 (Microsoft Site Server and Commercial Internet System (MCIS) do not set ...) CAN-1999-0885 (Alibaba web server allows remote attackers to execute commands via a ...) CAN-1999-0882 (Falcon web server allows remote attackers to determine the absolute ...) CAN-1999-0872 (Buffer overflow in Vixie cron allows local users to gain root access ...) CAN-1999-0863 (Buffer overflow in FreeBSD seyon via HOME environmental variable, ...) CAN-1999-0862 (Insecure directory permissions in RPM distribution for PostgreSQL ...) CAN-1999-0860 (Solaris chkperm allows local users to read files owned by bin via ...) CAN-1999-0857 (FreeBSD gdc program allows local users to modify files via a symlink ...) CAN-1999-0855 (Buffer overflow in FreeBSD gdc program. ...) CAN-1999-0852 (IBM WebSphere sets permissions that allow a local user to modify a ...) CAN-1999-0850 (The default permissions for Endymion MailMan allow local users to read ...) CAN-1999-0846 (Denial of service in MDaemon 2.7 via a large number of connection ...) CAN-1999-0845 (Buffer overflow in SCO su program allows local users to gain root ...) CAN-1999-0844 (Denial of service in MDaemon WorldClient and WebConfig services via ...) CAN-1999-0843 (Denial of service in Cisco routers running NAT via a PORT command from ...) CAN-1999-0841 (Buffer overflow in CDE mailtool allows local users to gain root ...) CAN-1999-0840 (Buffer overflow in CDE dtmail and dtmailpr programs via the -f ...) CAN-1999-0830 (Buffer overflow in SCO UnixWare Xsco command via a long argument. ...) CAN-1999-0829 (HP Secure Web Console uses weak encryption. ...) CAN-1999-0828 (UnixWare pkg commands such as pkginfo, pkgcat, and pkgparam ...) CAN-1999-0827 (By default, Internet Explorer 5.0 and other versions enables the ...) CAN-1999-0825 (The default permissions for UnixWare /var/mail allow local users to ...) CAN-1999-0822 (Buffer overflow in Qpopper (qpop) 3.0 allows remote root access via ...) CAN-1999-0821 (FreeBSD seyon allows local users to gain privileges by providing a ...) CAN-1999-0818 (Buffer overflow in Solaris kcms_configure via a long NETPATH ...) CAN-1999-0816 (The Motorola CableRouter allows any remote user to connect to and ...) CAN-1999-0808 (Multiple buffer overflows in ISC DHCP Distribution server (dhcpd) 1.0 ...) CAN-1999-0805 (Novell NetWare Transaction Tracking System (TTS) in Novell 4.11 and ...) CAN-1999-0798 (Buffer overflow in bootpd on OpenBSD, FreeBSD, and Linux systems via ...) CAN-1999-0795 (The NIS+ rpc.nisd server allows remote attackers to execute certain ...) CAN-1999-0792 (ROUTERmate has a default SNMP community name which allows remote ...) CAN-1999-0784 (Denial of service in Oracle TNSLSNR SQL*Net Listener via a malformed ...) CAN-1999-0776 (Alibaba HTTP server allows remote attackers to read files via a ...) CAN-1999-0767 (Buffer overflow in Solaris libc, ufsrestore, and rcp via LC_MESSAGES ...) CAN-1999-0757 (The ColdFusion CFCRYPT program for encrypting CFML templates has weak ...) CAN-1999-0750 (Hotmail allows Javascript to be executed via the HTML STYLE tag, ...) CAN-1999-0748 (Buffer overflows in Red Hat net-tools package. ...) CAN-1999-0741 (QMS CrownNet Unix Utilities for 2060 allows root to log on without a ...) CAN-1999-0739 (The codebrws.asp sample file in IIS and Site Server allows remote ...) CAN-1999-0738 (The code.asp sample file in IIS and Site Server allows remote ...) CAN-1999-0737 (The viewcode.asp sample file in IIS and Site Server allows remote ...) CAN-1999-0736 (The showcode.asp sample file in IIS and Site Server allows remote ...) CAN-1999-0712 (A vulnerability in Caldera Open Administration System (COAS) allows ...) CAN-1999-0698 (Denial of service in IP protocol logger (ippl) on Red Hat and Debian ...) CAN-1999-0684 (Denial of service in Sendmail 8.8.6 in HPUX. ...) CAN-1999-0677 (The WebRamp web administration utility has a default password. ...) CAN-1999-0673 (Buffer overflow in ALMail32 POP3 client via From: or To: headers. ...) CAN-1999-0670 (Buffer overflow in the Eyedog ActiveX control allows a remote attacker ...) CAN-1999-0669 (The Eyedog ActiveX control is marked as "safe for scripting" for ...) CAN-1999-0667 (The ARP protocol allows any host to spoof ARP replies and poison the ...) CAN-1999-0665 (An application-critical Windows NT registry key has an inappropriate ...) CAN-1999-0664 (An application-critical Windows NT registry key has inappropriate ...) CAN-1999-0663 (A system-critical program, library, or file has a checksum or other ...) CAN-1999-0662 (A system-critical program or library does not have the appropriate ...) CAN-1999-0661 (A system is running a version of software that was replaced with a ...) CAN-1999-0660 (A hacker utility, back door, or Trojan Horse is installed on a system, ...) CAN-1999-0659 (A Windows NT Primary Domain Controller (PDC) or Backup Domain ...) CAN-1999-0658 (DCOM is running. ...) CAN-1999-0657 (WinGate is being used. ...) CAN-1999-0656 (The ugidd service is running. ...) CAN-1999-0655 (A service may include useful information in its banner or help ...) CAN-1999-0654 (The OS/2 or POSIX subsystem in NT is enabled. ...) CAN-1999-0653 (A component service related to NIS+ is running. ...) CAN-1999-0652 (A database service is running, e.g. a SQL server, Oracle, or mySQL. ...) CAN-1999-0651 (The rsh/rlogin service is running. ...) CAN-1999-0650 (The netstat service is running. ...) CAN-1999-0649 (The FSP service is running. ...) CAN-1999-0648 (The X25 service is running. ...) CAN-1999-0647 (The bootparam (bootparamd) service is running. ...) CAN-1999-0646 (The LDAP service is running. ...) CAN-1999-0645 (The IRC service is running. ...) CAN-1999-0644 (The NNTP news service is running. ...) CAN-1999-0643 (The IMAP service is running. ...) CAN-1999-0642 (A POP service is running. ...) CAN-1999-0641 (The UUCP service is running. ...) CAN-1999-0640 (The Gopher service is running. ...) CAN-1999-0639 (The chargen service is running. ...) CAN-1999-0638 (The daytime service is running. ...) CAN-1999-0637 (The systat service is running. ...) CAN-1999-0636 (The discard service is running. ...) CAN-1999-0635 (The echo service is running. ...) CAN-1999-0634 (The SSH service is running. ...) CAN-1999-0633 (The HTTP/WWW service is running. ...) CAN-1999-0632 (The RPC portmapper service is running. ...) CAN-1999-0631 (The NFS service is running. ...) CAN-1999-0630 (The NT Alerter and Messenger services are running. ...) CAN-1999-0629 (The ident/identd service is running. ...) CAN-1999-0625 (The rpc.rquotad service is running. ...) CAN-1999-0624 (The rstat/rstatd service is running. ...) CAN-1999-0623 (The X Windows service is running. ...) CAN-1999-0622 (A component service related to DNS service is running. ...) CAN-1999-0621 (A component service related to NETBIOS is running. ...) CAN-1999-0620 (A component service related to NIS is running. ...) CAN-1999-0619 (The Telnet service is running. ...) CAN-1999-0618 (The rexec service is running. ...) CAN-1999-0617 (The SMTP service is running. ...) CAN-1999-0616 (The TFTP service is running. ...) CAN-1999-0615 (The SNMP service is running. ...) CAN-1999-0614 (The FTP service is running. ...) CAN-1999-0613 (The rpc.sprayd service is running. ...) CAN-1999-0611 (A system-critical Windows NT registry key has an inappropriate value. ...) CAN-1999-0610 (An incorrect configuration of the Webcart CGI program ...) CAN-1999-0609 (An incorrect configuration of the SoftCart CGI program ...) CAN-1999-0607 (An incorrect configuration of the QuikStore shopping cart ...) CAN-1999-0606 (An incorrect configuration of the EZMall 2000 shopping cart ...) CAN-1999-0605 (An incorrect configuration of the Order Form 1.0 shopping cart ...) CAN-1999-0604 (An incorrect configuration of the WebStore 1.0 shopping cart ...) CAN-1999-0603 (In Windows NT, an inappropriate user is a member of a group, ...) CAN-1999-0602 (A network intrusion detection system (IDS) does not properly ...) CAN-1999-0601 (A network intrusion detection system (IDS) does not properly handle ...) CAN-1999-0600 (A network intrusion detection system (IDS) does not verify the ...) CAN-1999-0599 (A network intrusion detection system (IDS) does not properly handle ...) CAN-1999-0598 (A network intrusion detection system (IDS) does not properly handle ...) CAN-1999-0597 (A Windows NT account policy does not forcibly disconnect remote users ...) CAN-1999-0596 (A Windows NT log file has an inappropriate maximum size or retention ...) CAN-1999-0595 (A Windows NT system does not clear the system page file during ...) CAN-1999-0594 (A Windows NT system does not restrict access to removable media drives ...) CAN-1999-0593 (A user is allowed to shut down a Windows NT system without logging in. ...) CAN-1999-0592 (The Logon box of a Windows NT system displays the name of the last ...) CAN-1999-0591 (An event log in Windows NT has inappropriate access permissions. ...) CAN-1999-0590 (A system does not present an appropriate legal message or warning to a ...) CAN-1999-0589 (A system-critical Windows NT registry key has inappropriate ...) CAN-1999-0588 (A filter in a router or firewall allows unusual fragmented packets. ...) CAN-1999-0587 (A WWW server is not running in a restricted file system, e.g. through ...) CAN-1999-0586 (A network service is running on a nonstandard port. ...) CAN-1999-0585 (A Windows NT administrator account has the default name of ...) CAN-1999-0584 (A Windows NT file system is not NTFS. ...) CAN-1999-0583 (There is a one-way or two-way trust relationship between Windows NT ...) CAN-1999-0582 (A Windows NT account policy has inappropriate, security-critical ...) CAN-1999-0581 (The HKEY_CLASSES_ROOT key in a Windows NT system has inappropriate, ...) CAN-1999-0580 (The HKEY_LOCAL_MACHINE key in a Windows NT system has inappropriate, ...) CAN-1999-0579 (A Windows NT system's registry audit policy does not log an event ...) CAN-1999-0578 (A Windows NT system's registry audit policy does not log an event ...) CAN-1999-0577 (A Windows NT system's file audit policy does not log an event success ...) CAN-1999-0576 (A Windows NT system's file audit policy does not log an event success ...) CAN-1999-0575 (A Windows NT system's user audit policy does not log an event success ...) CAN-1999-0572 (.reg files are associated with the Windows NT registry editor ...) CAN-1999-0571 (A router's configuration service or management interface (such as a ...) CAN-1999-0570 (Windows NT is not using a password filter utility, e.g. PASSFILT.DLL. ...) CAN-1999-0569 (A URL for a WWW directory allows auto-indexing, which provides a list ...) CAN-1999-0568 (rpc.admind in Solaris is not running in a secure mode. ...) CAN-1999-0565 (A Sendmail alias allows input to be piped to a program. ...) CAN-1999-0564 (An attacker can force a printer to print arbitrary documents (e.g. if ...) CAN-1999-0562 (The registry in Windows NT can be accessed remotely by users who are ...) CAN-1999-0561 (IIS has the #exec function enabled for Server Side Include (SSI) files. ...) CAN-1999-0560 (A system-critical Windows NT file or directory has inappropriate ...) CAN-1999-0559 (A system-critical Unix file or directory has inappropriate ...) - webmin 1.160-1 CAN-1999-0556 (Two or more Unix accounts have the same UID. ...) CAN-1999-0555 (A Unix account with a name other than "root" has UID 0, i.e. root ...) CAN-1999-0554 (NFS exports system-critical data to the world, e.g. / or a password ...) CAN-1999-0550 (A router's routing tables can be obtained from arbitrary hosts. ...) CAN-1999-0549 (Windows NT automatically logs in an administrator upon rebooting. ...) CAN-1999-0548 (A superfluous NFS server is running, but it is not importing or exporting ...) CAN-1999-0547 (An SSH server allows authentication through the .rhosts file. ...) CAN-1999-0546 (The Windows NT guest account is enabled. ...) CAN-1999-0541 (A password for accessing a WWW URL is guessable. ...) CAN-1999-0539 (A trust relationship exists between two Unix hosts. ...) CAN-1999-0537 (A configuration in a web browser such as Internet Explorer or Netscape ...) CAN-1999-0535 (A Windows NT account policy for passwords has inappropriate, ...) CAN-1999-0534 (A Windows NT user has inappropriate rights or privileges, e.g. Act as ...) CAN-1999-0533 (A DNS server allows inverse queries. ...) CAN-1999-0532 (A DNS server allows zone transfers. ...) CAN-1999-0531 (An SMTP service supports EXPN, VRFY, HELP, ESMTP, and/or EHLO. ...) CAN-1999-0530 (A system is operating in "promiscuous" mode which allows it to perform ...) CAN-1999-0529 (A router or firewall forwards packets that claim to come from IANA ...) CAN-1999-0528 (A router or firewall forwards external packets that claim to come from ...) CAN-1999-0527 (The permissions for system-critical data in an anonymous FTP account ...) CAN-1999-0525 (IP traceroute is allowed from arbitrary hosts. ...) CAN-1999-0524 (ICMP information such as netmask and timestamp is allowed from ...) CAN-1999-0523 (ICMP echo (ping) is allowed from arbitrary hosts. ...) CAN-1999-0522 (The permissions for a system-critical NIS+ table (e.g. passwd) are ...) CAN-1999-0521 (An NIS domain name is easily guessable. ...) CAN-1999-0520 (A system-critical NETBIOS/SMB share has inappropriate access control. ...) CAN-1999-0519 (A NETBIOS/SMB share password is the default, null, or missing. ...) CAN-1999-0518 (A NETBIOS/SMB share password is guessable. ...) CAN-1999-0517 (An SNMP community name is the default (e.g. public), null, or ...) CAN-1999-0516 (An SNMP community name is guessable. ...) CAN-1999-0515 (An unrestricted remote trust relationship for Unix systems has been ...) CAN-1999-0512 (A mail server is explicitly configured to allow SMTP mail relay, which ...) CAN-1999-0511 (IP forwarding is enabled on a machine which is not a router or ...) CAN-1999-0510 (A router or firewall allows source routed packets from arbitrary ...) CAN-1999-0509 (Perl, sh, csh, or other shell interpreters are installed in the ...) CAN-1999-0508 (An account on a router, firewall, or other network device has a ...) CAN-1999-0507 (An account on a router, firewall, or other network device has a guessable ...) CAN-1999-0506 (A Windows NT domain user or administrator account has a default, null, ...) CAN-1999-0505 (A Windows NT domain user or administrator account has a guessable ...) CAN-1999-0504 (A Windows NT local user or administrator account has a default, null, ...) CAN-1999-0503 (A Windows NT local user or administrator account has a guessable ...) CAN-1999-0502 (A Unix account has a default, null, blank, or missing password. ...) CAN-1999-0501 (A Unix account has a guessable password. ...) CAN-1999-0499 (NETBIOS share information may be published through SNMP registry keys ...) CAN-1999-0498 (TFTP is not running in a restricted directory, allowing a remote ...) CAN-1999-0497 (Anonymous FTP is enabled. ...) CAN-1999-0495 (A remote attacker can gain access to a file system using .. (dot dot) ...) CAN-1999-0492 (The ffingerd 1.19 allows remote attackers to identify users on the ...) CAN-1999-0490 (MSHTML.DLL in Internet Explorer 5.0 allows a remote attacker to learn ...) CAN-1999-0489 (MSHTML.DLL in Internet Explorer 5.0 allows a remote attacker to paste ...) CAN-1999-0488 (Internet Explorer 4.0 and 5.0 allows a remote attacker to execute ...) CAN-1999-0486 (Denial of service in AOL Instant Messenger when a remote attacker ...) CAN-1999-0480 (Local attackers can conduct a denial of service in Midnight Commander ...) CAN-1999-0477 (The Expression Evaluator in the ColdFusion Application Server allows a ...) CAN-1999-0476 (A weak encryption algorithm is used for passwords in SCO TermVision, ...) CAN-1999-0469 (Internet Explorer 5.0 allows window spoofing, allowing a remote ...) CAN-1999-0467 (The Webcom CGI Guestbook programs wguest.exe and rguest.exe allow a ...) CAN-1999-0465 (Remote attackers can crash Lynx and Internet Explorer using an IMG tag ...) CAN-1999-0462 (suidperl in Linux Perl does not check the nosuid mount option on file ...) CAN-1999-0461 (Versions of rpcbind including Linux, IRIX, and Wietse Venema's rpcbind ...) CAN-1999-0460 (Buffer overflow in Linux autofs module through long directory names ...) CAN-1999-0459 (Local users can perform a denial of service in Alpha Linux, using MILO ...) CAN-1999-0455 (The Expression Evaluator sample application in ColdFusion allows ...) CAN-1999-0454 (A remote attacker can sometimes identify the operating system of a ...) CAN-1999-0453 (An attacker can identify a CISCO device by sending a SYN packet to ...) CAN-1999-0452 (A service or application has a backdoor password that was placed there ...) CAN-1999-0451 (Denial of service in Linux 2.0.36 allows local users to prevent ...) CAN-1999-0450 (In IIS, an attacker could determine a real path using a request for a ...) CAN-1999-0444 (Remote attackers can perform a denial of service in Windows machines ...) CAN-1999-0443 (Patrol management software allows a remote attacker to conduct a ...) CAN-1999-0435 (MC/ServiceGuard and MC/LockManager in HP-UX allows local users to gain ...) CAN-1999-0434 (XFree86 xfs command is vulnerable to a symlink attack, allowing ...) CAN-1999-0431 (Linux 2.2.3 and earlier allow a remote attacker to perform an IP ...) CAN-1999-0427 (Eudora 4.1 allows remote attackers to perform a denial of service by ...) CAN-1999-0426 (The default permissions of /dev/kmem in Linux versions before 2.0.36 ...) CAN-1999-0419 (When the Microsoft SMTP service attempts to send a message to a server ...) CAN-1999-0418 (Denial of service in SMTP applications such as Sendmail, when a ...) CAN-1999-0411 (Several startup scripts in SCO OpenServer Enterprise System v 5.0.4p, ...) CAN-1999-0406 (Digital Unix Networker program nsralist has a buffer overflow which ...) CAN-1999-0401 (A race condition in Linux 2.2.1 allows local users to read arbitrary ...) CAN-1999-0400 (Denial of service in Linux 2.2.0 running the ldd command on a core ...) CAN-1999-0399 (The DCC server command in the Mirc 5.5 client doesn't filter ...) CAN-1999-0398 (In some instances of SSH 1.2.27 and 2.0.11 on Linux systems, SSH will ...) CAN-1999-0397 (The demo version of the Quakenbush NT Password Appraiser sends ...) CAN-1999-0394 (DPEC Online Courseware allows an attacker to change another user's ...) CAN-1999-0389 (Buffer overflow in the bootp server in the Debian Linux netstd ...) CAN-1999-0381 (super 3.11.6 and other versions have a buffer overflow in the syslog ...) CAN-1999-0370 (In Sun Solaris and SunOS, man and catman contain vulnerabilities ...) CAN-1999-0364 (Microsoft Access 97 stores a database password as plaintext in a ...) CAN-1999-0361 (NetWare version of LaserFiche stores usernames and passwords ...) CAN-1999-0360 (MS Site Server 2.0 with IIS 4 can allow users to upload content, ...) CAN-1999-0359 (ptylogin in Unix systems allows users to perform a denial of service ...) CAN-1999-0356 (ControlIT v4.5 and earlier uses weak encryption to store ...) CAN-1999-0354 (Internet Explorer 4.x or 5.x with Word 97 allows arbitrary execution ...) CAN-1999-0352 (ControlIT 4.5 and earlier (aka Remotely Possible) has weak password ...) CAN-1999-0347 (Javascript bug in Internet Explorer 4.01 by adding %01URL allows ...) CAN-1999-0345 (Jolt ICMP attack causes a denial of service in Windows 95 and Windows ...) CAN-1999-0336 (Buffer overflow in mstm in HP-UX allows local users to gain root ...) CAN-1999-0333 (HP OpenView Omniback allows remote execution of commands as root via ...) CAN-1999-0331 (Buffer overflow in Internet Explorer 4.0(1). ...) CAN-1999-0330 (Linux bdash game has a buffer overflow that allows local users to ...) CAN-1999-0319 (Buffer overflow in xmcd 2.1 allows local users to gain access ...) CAN-1999-0317 (Buffer overflow in Linux su command gives root access to local ...) CAN-1999-0307 (Buffer overflow in HP-UX cstm program allows local users to gain ...) CAN-1999-0306 (buffer overflow in HP xlock program. ...) CAN-1999-0298 (ypbind with -ypset and -ypsetme options activated in Linux Slackware ...) CAN-1999-0287 (Vulnerability in the Wguest CGI program. ...) CAN-1999-0286 (In some NT web servers, appending a space at the end of a URL may ...) CAN-1999-0285 (Denial of service in telnet from the Windows NT Resource Kit, by ...) CAN-1999-0284 (Denial of service to NT mail servers including Ipswitch, Mdaemon, and ...) CAN-1999-0283 (The Java Web Server would allow remote users to obtain the source ...) CAN-1999-0282 (Vulnerabilities in loadmodule and modload programs in SunOS and ...) CAN-1999-0271 (Progressive Networks Real Video server (pnserver) can be crashed remotely. ...) CAN-1999-0261 (Netmanager Chameleon SMTPd has several buffer overflows that cause a crash. ...) CAN-1999-0258 (Bonk variation of teardrop IP fragmentation denial of service. ...) CAN-1999-0257 (Nestea variation of teardrop IP fragmentation denial of service. ...) CAN-1999-0255 (Buffer overflow in ircd allows arbitrary command execution. ...) CAN-1999-0254 (A hidden SNMP community string in HP OpenView allows remote attackers ...) CAN-1999-0253 (IIS 3.0 with the iis-fix hotfix installed allows remote intruders to ...) CAN-1999-0250 (Denial of service in Qmail through long SMTP commands. ...) CAN-1999-0249 (Windows NT RSHSVC program allows remote users to execute arbitrary ...) CAN-1999-0246 (HP Remote Watch allows a remote user to gain root access. ...) CAN-1999-0243 (Linux cfingerd could be exploited to gain root access. ...) CAN-1999-0242 (Remote attackers can access mail files via POP3 in some Linux systems ...) CAN-1999-0241 (Guessable magic cookies in X Windows allows remote attackers to ...) CAN-1999-0240 (Some filters or firewalls allow fragmented SYN packets with IP ...) CAN-1999-0238 (php.cgi allows attackers to read any file on the system. ...) CAN-1999-0235 (Buffer overflow in NCSA WebServer (1.4.1 and below) gives remote access. ...) CAN-1999-0232 (Buffer overflow in NCSA WebServer (version 1.5c) gives remote access. ...) CAN-1999-0231 (Buffer overflow in IP-Switch IMail and Seattle Labs Slmail 2.6 ...) CAN-1999-0229 (Denial of service in Windows NT IIS server using ..\.. ...) CAN-1999-0226 (Windows NT TCP/IP processes fragmented IP packets improperly, causing ...) CAN-1999-0222 (Denial of service in Cisco IOS web server allows attackers to reboot ...) CAN-1999-0220 (Attackers can do a denial of service of IRC by crashing the server. ...) CAN-1999-0216 (Denial of service of inetd on Linux through SYN and RST packets. ...) CAN-1999-0213 (libnsl in Solaris allowed an attacker to perform a denial of service ...) CAN-1999-0205 (Denial of service in Sendmail 8.6.11 and 8.6.12. ...) CAN-1999-0200 (Windows NT FTP server (WFTP) with the guest account enabled without a ...) CAN-1999-0198 (finger .@host on some systems may print information on some user accounts. ...) CAN-1999-0197 (finger 0@host on some systems may print information on some user accounts. ...) CAN-1999-0195 (Denial of service in RPC portmapper allows attackers to register or ...) CAN-1999-0193 (Denial of service in Ascend and 3com routers, which can be rebooted by ...) CAN-1999-0187 NOTE: rejected CAN-1999-0186 (In Solaris, an SNMP subagent has a default community string that allows remote ...) CAN-1999-0171 (Denial of service in syslog by sending it a large number of ...) CAN-1999-0169 (NFS allows attackers to read and write any file on the system by ...) CAN-1999-0165 (NFS cache poisoning. ...) CAN-1999-0163 (In older versions of Sendmail, an attacker could use a pipe character ...) CAN-1999-0156 (wu-ftpd FTP daemon allows any user and password combination. ...) CAN-1999-0154 (IIS 2.0 and 3.0 allows remote attackers to read the source code for ...) CAN-1999-0144 (Denial of service in Qmail by specifying a large number of recipients ...) CAN-1999-0140 (Denial of service in RAS/PPTP on NT systems. ...) CAN-1999-0127 (swinstall and swmodify commands in SD-UX package in HP-UX systems ...) CAN-1999-0123 (Race condition in Linux mailx command allows local users to ...) CAN-1999-0121 (Buffer overflow in dtaction command gives root access. ...) CAN-1999-0119 (Windows NT 4.0 beta allows users to read and delete shares. ...) CAN-1999-0114 (Local users can execute commands as other users, and read other users' ...) CAN-1999-0110 NOTE: rejected CAN-1999-0107 (Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker ...) CAN-1999-0106 (Finger redirection allows finger bombs. ...) CAN-1999-0105 (finger allows recursive searches by using a long string of @ symbols. ...) CAN-1999-0104 (A later variation on the Teardrop IP denial of service attack, ...) CAN-1999-0098 (Buffer overflow in SMTP HELO command in Sendmail allows a remote ...) CAN-1999-0092 (Various vulnerabilities in the AIX portmir command allows ...) CAN-1999-0089 (Buffer overflow in AIX libDtSvc library can allow local users ...) CAN-1999-0088 (IRIX and AIX automountd services (autofsd) allow remote users to ...) CAN-1999-0086 (AIX routed allows remote users to modify sensitive files. ...) CAN-1999-0078 (pcnfsd (aka rpc.pcnfsd) allows local users to change file permissions, ...) CAN-1999-0076 (Buffer overflow in wu-ftp from PASV command causes a core dump. ...) CAN-1999-0061 (File creation and deletion, and remote execution, in the BSD ...) CAN-1999-0033 (Command execution in Sun systems via buffer overflow in the at ...) CAN-1999-0030 (root privileges via buffer overflow in xlock command on SGI IRIX ...) CAN-1999-0020 NOTE: rejected CAN-1999-0015 (Teardrop IP denial of service. ...) CAN-1999-0004 (MIME buffer overflow in email clients, e.g. Solaris mailtool ...) CAN-1999-0001 (Denial of service in BSD-derived TCP/IP implementations, as described ...)