-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 # $NetBSD: pkg-vulnerabilities,v 1.2316 2008/05/13 06:36:27 obache Exp $ # #FORMAT 1.1.0 # # Note: If this file format changes, please do not forget to update # pkgsrc/mk/scripts/genreadme.awk which also parses this file. # # Note: NEVER remove entries from this file; this should document *all* # known package vulnerabilities so it is entirely appropriate to have # multiple entries in this file for a single package. # # New entries should be added at the end of this file. # # Run "make upload" after the commit, so that ftp.NetBSD.org # can have the latest copy of the file. # # If you have comments/additions/corrections, please contact # security-alert@NetBSD.org and/or pkgsrc-security@NetBSD.org. # # package type of exploit URL cfengine<1.5.3nb3 remote-root-shell ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2000-013.txt.asc navigator<4.75 remote-user-access http://www.cert.org/advisories/CA-2000-15.html navigator<4.74 remote-user-shell ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2000-011.txt.asc communicator<4.75 remote-user-access http://www.cert.org/advisories/CA-2000-15.html communicator<4.74 remote-user-shell ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2000-011.txt.asc pine<4.30 remote-user-shell http://www.securityfocus.com/bid/1709 pine<4.21nb1 denial-of-service http://www.securityfocus.com/advisories/2646 imap-uw<4.7c6 denial-of-service http://www.securityfocus.com/advisories/2646 screen<3.9.5nb1 local-root-shell http://www.securityfocus.com/advisories/2634 ntop<1.1 remote-root-shell http://www.securityfocus.com/advisories/2520 wu-ftpd<2.6.1 remote-root-shell ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2000-010.txt.asc wu-ftpd<2.4.2b18.2 remote-root-shell ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA1999-003.txt.asc xlockmore<4.17 local-root-file-view ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2000-003.txt.asc lsof<4.41 local-root-shell ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA1999-005.txt.asc wu-ftpd<2.6.0 remote-root-shell ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA1999-003.txt.asc racoon<20001004a local-root-file-view http://mail-index.NetBSD.org/tech-net/2000/09/24/0000.html global<3.56 remote-user-access http://www.NetBSD.org/cgi-bin/query-pr-single.pl?number=11165 apache<1.3.14 remote-user-access http://httpd.apache.org/dist/httpd/CHANGES_1.3 apache6<1.3.14 remote-user-access http://httpd.apache.org/dist/httpd/CHANGES_1.3 thttpd<2.20 remote-user-access http://www.dopesquad.net/security/advisories/20001002-thttpd-ssi.txt bind<8.2.2.7 denial-of-service http://www.isc.org/products/BIND/bind-security.html gnupg<1.0.4 weak-authentication http://www.gnupg.org/whatsnew.html#rn20001017 pine<=4.21 remote-root-shell ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:59.pine.asc navigator<4.76 remote-root-shell ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00%3A66.netscape.asc navigator3<4.76 remote-root-shell ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00%3A66.netscape.asc openssh<2.3.0 weak-authentication http://www.openbsd.org/errata27.html#sshforwarding ethereal<=0.8.13 remote-root-shell http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Ffromthread%3D1%26end%3D2000-11-25%26mid%3D145761%26start%3D2000-11-19%26list%3D1%26threads%3D0%26 php<3.0.17 remote-user-shell http://www.php.net/ChangeLog.php3 php-gd<3.0.17 remote-user-shell http://www.php.net/ChangeLog.php3 php-ldap<3.0.17 remote-user-shell http://www.php.net/ChangeLog.php3 php-mysql<3.0.17 remote-user-shell http://www.php.net/ChangeLog.php3 php-pgsql<3.0.17 remote-user-shell http://www.php.net/ChangeLog.php3 php-snmp<3.0.17 remote-user-shell http://www.php.net/ChangeLog.php3 racoon<20001211a denial-of-service http://www.kame.net/ LPRng<3.6.25 remote-root-shell http://www.cert.org/advisories/CA-2000-22.html jakarta-tomcat<3.1.1 remote-server-admin http://jakarta.apache.org/site/news.html jakarta-tomcat<3.2.3 cross-site-html http://www.securityfocus.com/bid/2982 fsh<1.1 local-root-file-view http://lists.debian.org/debian-security-announce-00/msg00091.html bitchx<1.0.3.17nb1 remote-user-shell http://www.securityfocus.com/bid/2087 namazu<1.3.0.11 remote-file-creation http://www.namazu.org/security.html.en zope<2.2.5 weak-authentication http://www.zope.org/Products/Zope/ bind<8.2.3 remote-root-shell http://www.cert.org/advisories/CA-2001-02.html suse_base<6.4nb2 local-root-shell http://www.suse.com/de/support/security/2001_001_glibc_txt.txt ja-micq<0.4.6.1 remote-user-shell http://www.freebsd.org/security/#adv micq<0.4.6.1 remote-user-shell http://www.freebsd.org/security/#adv ssh<1.2.27nb1 remote-root-shell http://razor.bindview.com/publish/advisories/adv_ssh1crc.html ssh6<=1.2.31 remote-root-shell http://razor.bindview.com/publish/advisories/adv_ssh1crc.html openssh<2.3.0 remote-root-shell http://razor.bindview.com/publish/advisories/adv_ssh1crc.html camediaplay<20010211 local-user-shell ftp://ftp.itojun.org/pub/digi-cam/C-400/unix/README analog<4.16 remote-user-shell http://www.analog.cx/security2.html gnupg<1.0.4nb3 weak-authentication http://www.gnupg.org/whatsnew.html#rn20001130 xemacs<21.1.14 remote-user-shell http://list-archive.xemacs.org/xemacs-announce/200102/msg00000.html sudo<1.6.3p6 local-root-shell http://www.openbsd.org/errata36.html#sudo Mesa-glx<=20000813 local-root-shell http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-029.php3?dis=7.2 apache<1.3.19 remote-user-access http://httpd.apache.org/dist/httpd/Announcement.html apache6<1.3.19 remote-user-access http://httpd.apache.org/dist/httpd/Announcement.html exmh<2.3 local-symlink-race http://www.beedub.com/exmh/symlink.html samba<2.0.8 local-symlink-race http://www.securityfocus.com/templates/archive.pike?list=1&mid=177370 hylafax<4.1b3 local-root-shell http://www.securityfocus.com/archive/1/176716 squirrelmail<1.0.5 remote-user-access http://www.geocrawler.com/lists/3/SourceForge/599/500/5567091/ kdelibs-2.1 local-root-shell http://dot.kde.org/988663144/ icecast<1.3.10 remote-user-access http://www.securityfocus.com/bid/2264 joe<2.8nb1 local-file-write http://www.securityfocus.com/bid/1959 joe<2.8nb1 local-user-shell http://www.securityfocus.com/bid/2437 openssh<2.9.2 remote-file-write http://www.openbsd.org/errata.html#sshcookie w3m<0.2.1.0.19nb1 remote-user-shell http://mi.med.tohoku.ac.jp/~satodai/w3m-dev-en/200106.month/537.html samba<2.0.10 local-root-shell http://www.samba.org/samba/whatsnew/macroexploit.html samba-2.2.0 local-root-shell http://www.samba.org/samba/whatsnew/macroexploit.html samba-2.2.0nb1 local-root-shell http://www.samba.org/samba/whatsnew/macroexploit.html fetchmail<5.8.8 remote-user-access http://www.securityfocus.com/vdb/?id=2877 openldap<1.2.12 denial-of-service http://www.cert.org/advisories/CA-2001-18.html horde<1.2.6 remote-user-shell http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26mid%3D198495 imp<1.2.6 remote-user-shell http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26mid%3D198495 fetchmail<5.8.17 remote-user-shell http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26mid%3D203165 windowmaker<0.65.1 remote-user-shell http://www.debian.org/security/2001/dsa-074 sendmail<8.11.6 local-root-shell ftp://ftp.sendmail.org/pub/sendmail/RELEASE_NOTES gnut<0.4.27 remote-script-inject http://www.gnutelliums.com/linux_unix/gnut/ screen<3.9.10 local-root-shell http://freshports.org/files.php3?id=31131 openssh<2.9.9.2 remote-user-access http://www.securityfocus.com/cgi-bin/archive.pl?id=1&mid=216702&start=2001-09-23&end=2001-09-29 w3m<0.2.1.0.19nb2 weak-authentication http://mi.med.tohoku.ac.jp/~satodai/w3m-dev/200109.month/2226.html procmail<3.20 local-root-shell http://www.somelist.com/mail.php/282/view/1200950 slrn<0.9.7.2nb1 remote-script-inject http://slrn.sourceforge.net/patches/index.html#subsect_decode nvi-m17n<1.79.19991117 local-user-shell http://www.securityfocus.com/archive/1/221880 mgetty<1.1.22 denial-of-service ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00%3A71.mgetty.asc kdeutils-2.2.1 local-root-shell http://lists.kde.org/?l=kde-announce&m=100535642201983&w=2 imp<2.2.7 remote-file-view http://www.securityfocus.com/archive/1/225686 libgtop<1.0.12nb1 remote-user-shell http://www.intexxia.com/ wu-ftpd<=2.6.1 remote-root-shell http://msgs.securepoint.com/cgi-bin/get/bugtraq0111/199.html radius-3.6B remote-user-shell http://xforce.iss.net/alerts/advise87.php exim<3.34 remote-user-shell http://www.exim.org/pipermail/exim-announce/2001q4/000048.html stunnel<3.22 remote-user-shell http://www.stunnel.org/patches/desc/formatbug_ml.html mutt<1.2.5.1 remote-user-shell http://www.mutt.org/announce/mutt-1.2.5.1-1.3.25.html mutt-1.3.1* remote-user-shell http://www.mutt.org/announce/mutt-1.2.5.1-1.3.25.html mutt-1.3.2[0-4]* remote-user-shell http://www.mutt.org/announce/mutt-1.2.5.1-1.3.25.html cyrus-sasl<1.5.27 remote-code-execution http://www.securityfocus.com/bid/3498 openldap<2.0.20 denial-of-service http://www.openldap.org/lists/openldap-announce/200201/msg00002.html xchat<1.8.7 remote-command-inject http://xchat.org/ enscript<1.6.1nb1 local-file-write http://www.securityfocus.com/bid/3920 rsync<2.5.2 remote-code-execution http://lists.samba.org/pipermail/rsync-announce/2002-January/000005.html squirrelmail-1.2.[0-3] remote-code-execution http://www.securityfocus.com/bid/3952 gnuchess<5.03 remote-user-shell http://linux.oreillynet.com/pub/a/linux/2002/01/28/insecurities.html ucd-snmp<4.2.3 weak-authentication http://www.cert.org/advisories/CA-2002-03.html ucd-snmp<4.2.3 denial-of-service http://www.cert.org/advisories/CA-2002-03.html ucd-snmp<4.2.3nb1 remote-user-shell http://www.securityfocus.com/archive/1/248141 squid<2.4.4 remote-user-shell http://www.squid-cache.org/Advisories/SQUID-2002_1.txt ap-php<3.0.18nb1 remote-code-execution http://security.e-matters.de/advisories/012002.html php<3.0.18nb1 remote-code-execution http://security.e-matters.de/advisories/012002.html ap-php-4.0.1pl2 remote-code-execution http://security.e-matters.de/advisories/012002.html ap-php-4.0.3pl1 remote-code-execution http://security.e-matters.de/advisories/012002.html ap-php-4.0.3pl1nb1 remote-code-execution http://security.e-matters.de/advisories/012002.html ap-php-4.0.4 remote-code-execution http://security.e-matters.de/advisories/012002.html ap-php-4.0.4.1 remote-code-execution http://security.e-matters.de/advisories/012002.html ap-php-4.0.4.1nb1 remote-code-execution http://security.e-matters.de/advisories/012002.html ap-php-4.0.5 remote-code-execution http://security.e-matters.de/advisories/012002.html ap-php-4.0.6 remote-code-execution http://security.e-matters.de/advisories/012002.html ap-php-4.1.0 remote-code-execution http://security.e-matters.de/advisories/012002.html ap-php-4.1.1 remote-code-execution http://security.e-matters.de/advisories/012002.html php-4.0.3pl1 remote-code-execution http://security.e-matters.de/advisories/012002.html php-4.0.4 remote-code-execution http://security.e-matters.de/advisories/012002.html php-4.0.4.1 remote-code-execution http://security.e-matters.de/advisories/012002.html php-4.0.4.1nb1 remote-code-execution http://security.e-matters.de/advisories/012002.html php-4.0.5 remote-code-execution http://security.e-matters.de/advisories/012002.html php-4.0.6 remote-code-execution http://security.e-matters.de/advisories/012002.html php-4.1.0 remote-code-execution http://security.e-matters.de/advisories/012002.html php-4.1.1 remote-code-execution http://security.e-matters.de/advisories/012002.html php-4.3.0 remote-code-execution http://www.php.net/release_4_3_1.php radiusd-cistron<1.6.6 denial-of-service http://www.kb.cert.org/vuls/id/936683 radiusd-cistron<1.6.6 remote-code-execution http://www.kb.cert.org/vuls/id/589523 openssh<3.0.2.1nb2 local-root-shell http://www.pine.nl/advisories/pine-cert-20020301.txt htdig<3.1.6 denial-of-service http://online.securityfocus.com/bid/3410 htdig<3.1.6 local-user-file-view http://online.securityfocus.com/bid/3410 fileutils<4.1.7 local-file-removal http://mail.gnu.org/pipermail/bug-fileutils/2002-March/002433.html zlib<1.1.4 denial-of-service http://www.zlib.org/advisory-2002-03-11.txt rsync<2.5.3 remote-user-file-view http://lists.samba.org/pipermail/rsync-announce/2002-March/000006.html suse_base<6.4nb5 denial-of-service http://www.zlib.org/advisory-2002-03-11.txt icecast<1.3.11 remote-root-shell http://www.debian.org/security/2001/dsa-089 sun-{jre,jdk}<1.3.1.0.2 remote-code-execution http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/218&type=0&nav=sec.sba analog<5.22 remote-script-inject http://www.analog.cx/docs/whatsnew.html jakarta-tomcat<3.2.3nb1 cross-site-scripting http://httpd.apache.org/info/css-security/ sudo<1.6.6 local-root-shell http://www.globalintersec.com/adv/sudo-2002041701.txt squirrelmail<1.2.6 remote-code-execution http://cert.uni-stuttgart.de/archive/bugtraq/2002/03/msg00414.html analog<5.23 denial-of-service http://www.analog.cx/security5.html icecast<1.3.12 denial-of-service http://online.securityfocus.com/bid/4415 qpopper<4.0.4 denial-of-service http://online.securityfocus.com/bid/4295 qpopper<4.0.4nb1 local-root-shell http://online.securityfocus.com/bid/4614 imap-uw<2001.1 local-root-shell http://online.securityfocus.com/bid/4713 fetchmail<5.9.10 remote-user-access http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0146 gaim<0.58 local-user-file-view http://online.securityfocus.com/archive/1/272180 mozilla<1.0rc3 remote-user-file-view http://groups.google.com/groups?as_umsgid=3CD095D4.9050003%40mozilla.org&hl=en ethereal<0.9.4 remote-user-access http://www.ethereal.com/appnotes/enpa-sa-00004.html bind-9.[01].* denial-of-service http://www.cert.org/advisories/CA-2002-15.html bind-9.2.0* denial-of-service http://www.cert.org/advisories/CA-2002-15.html bind-9.2.1rc* denial-of-service http://www.cert.org/advisories/CA-2002-15.html bind-8.3.0 denial-of-service http://www.isc.org/products/BIND/bind8.html xchat<1.8.9 remote-user-shell http://www.linuxsecurity.com/advisories/redhat_advisory-2107.html apache<1.3.26 remote-root-shell http://httpd.apache.org/info/security_bulletin_20020617.txt apache6<1.3.26 remote-root-shell http://httpd.apache.org/info/security_bulletin_20020617.txt apache-2.0.1? remote-root-shell http://httpd.apache.org/info/security_bulletin_20020617.txt apache-2.0.2? remote-root-shell http://httpd.apache.org/info/security_bulletin_20020617.txt apache-2.0.3[0-8]* remote-root-shell http://httpd.apache.org/info/security_bulletin_20020617.txt irssi<0.8.5 denial-of-service http://online.securityfocus.com/archive/1 #ap-ssl<2.8.10 remote-root-shell http://www.apache-ssl.org/advisory-20020620.txt ap-ssl<2.8.10 remote-root-shell http://www.modssl.org/news/changelog.html apache<1.3.26nb1 remote-root-shell http://www.apache-ssl.org/advisory-20020620.txt apache6<1.3.26nb1 remote-root-shell http://www.apache-ssl.org/advisory-20020620.txt bind<4.9.7nb1 remote-root-shell http://www.pine.nl/advisories/pine-cert-20020601.html #compat12<=1.2.1 remote-root-shell http://www.pine.nl/advisories/pine-cert-20020601.html #compat13<=1.3.3nb1 remote-root-shell http://www.pine.nl/advisories/pine-cert-20020601.html compat14<=1.4.3 remote-root-shell http://www.pine.nl/advisories/pine-cert-20020601.html openssh<3.4 remote-root-shell http://online.securityfocus.com/bid/5093 #bind<=9.2.1 remote-root-shell http://www.pine.nl/advisories/pine-cert-20020601.html bind<8.3.3 remote-root-shell http://www.pine.nl/advisories/pine-cert-20020601.html socks5<1.0.2nb2 remote-root-shell http://online.securityfocus.com/archive/1/9842 socks5-1.0.[3-9]* remote-root-shell http://online.securityfocus.com/archive/2/9842 socks5-1.0.1[0-1]* remote-root-shell http://online.securityfocus.com/archive/2/9842 ipa<1.2.7 local-access http://www.NetBSD.org/cgi-bin/query-pr-single.pl?number=17434 ethereal<0.9.5 remote-root-shell http://www.ethereal.com/appnotes/enpa-sa-00005.html squid<2.4.7 remote-user-shell http://www.squid-cache.org/Advisories/SQUID-2002_3.txt nn<6.6.4 remote-user-shell http://online.securityfocus.com/bid/5160 inn<2.3.0 remote-user-shell http://online.securityfocus.com/bid/2620 cvsup-gui<=16.1.d remote-root-shell http://www.pine.nl/advisories/pine-cert-20020601.html cvsup<=16.1.d remote-root-shell http://www.pine.nl/advisories/pine-cert-20020601.html xpilot<4.5.1 remote-user-shell http://online.securityfocus.com/bid/4534 gnut<0.4.28 remote-user-shell http://online.securityfocus.com/bid/3267/ wwwoffle<2.7c denial-of-service http://bespin.org/~qitest1/adv/wwwoffle-2.7b.asc png<1.2.4 remote-user-shell ftp://swrinde.nde.swri.edu/pub/png-group/archives/png-list.200207 php-4.2.[01] remote-user-shell http://security.e-matters.de/advisories/022002.html ap-php-4.2.[01] remote-user-shell http://security.e-matters.de/advisories/022002.html srp_client<1.7.5 unknown http://www-cs-students.stanford.edu/~tjw/srp/download.html hylafax<4.1.3 remote-root-shell http://www.securityfocus.com/bid/3357 openssl<0.9.6e remote-root-shell http://www.openssl.org/news/secadv_20020730.txt libmm<1.2.1 local-root-shell http://online.securityfocus.com/bid/5352 openssl<0.9.6f denial-of-service http://www.openssl.org/news/secadv_20020730.txt png<=1.0.12 remote-user-shell http://online.securityfocus.com/bid/5409 kdelibs-2.1.* weak-ssl-authentication http://online.securityfocus.com/archive/1/286290/2002-08-08/2002-08-14/2 kdelibs-2.2.1* weak-ssl-authentication http://online.securityfocus.com/archive/1/286290/2002-08-08/2002-08-14/2 kdelibs-2.2.2{,nb1} weak-ssl-authentication http://online.securityfocus.com/archive/1/286290/2002-08-08/2002-08-14/2 kdelibs-3.0.[12] weak-ssl-authentication http://online.securityfocus.com/archive/1/286290/2002-08-08/2002-08-14/2 arla<=0.35.8 denial-of-service http://www.stacken.kth.se/lists/arla-drinkers/2002-08/msg00019.html arla<=0.35.8 remote-root-shell http://www.stacken.kth.se/lists/arla-drinkers/2002-08/msg00019.html ethereal<0.9.6 remote-root-shell http://www.ethereal.com/appnotes/enpa-sa-00006.html bind<4.9.10 remote-root-shell http://www.kb.cert.org/vuls/id/738331 compat14<1.4.3.2 remote-root-shell http://www.kb.cert.org/vuls/id/738331 compat14-crypto<1.4.3.2 remote-root-shell http://www.kb.cert.org/vuls/id/738331 netbsd32_compat14<1.4.3.2 remote-root-shell http://www.kb.cert.org/vuls/id/738331 compat15<1.5.3.1 remote-root-shell http://www.kb.cert.org/vuls/id/738331 netbsd32_compat15<1.5.3.1 remote-root-shell http://www.kb.cert.org/vuls/id/738331 postgresql-server<7.2.2 remote-code-execution http://online.securityfocus.com/archive/1/288998 gaim<0.59.1 remote-code-execution http://sourceforge.net/tracker/index.php?func=detail&aid=584252&group_id=235&atid=100235 gaim-gnome<0.59.1 remote-code-execution http://sourceforge.net/tracker/index.php?func=detail&aid=584252&group_id=235&atid=100235 mozilla<1.1 remote-file-read http://archives.neohapsis.com/archives/bugtraq/2002-07/0259.html mozilla<1.1 remote-file-read http://www.geocities.co.jp/SiliconValley/1667/advisory03e.html freebsd_lib<=2.2.7 remote-root-shell http://www.pine.nl/advisories/pine-cert-20020601.html opera<6.03 remote-user-shell http://www.opera.com/linux/changelog/log603.html wmnet<1.06nb3 local-root-shell http://www.securiteam.com/unixfocus/5HP0F1P8AM.html apache-2.0.3[0-9]* denial-of-service http://www.apacheweek.com/issues/02-09-27#apache2042 apache-2.0.4[0-1]* denial-of-service http://www.apacheweek.com/issues/02-09-27#apache2042 fetchmail<=6.0.0 remote-code-execution http://security.e-matters.de/advisories/032002.html unzip<=5.42 local-file-write http://online.securityfocus.com/archive/1/196445 apache-2.0.3[0-9]* remote-root-shell http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0840 apache-2.0.4[0-2]* remote-file-read http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0840 net-snmp<5.0.5 denial-of-service http://sourceforge.net/forum/forum.php?forum_id=215540 sendmail<8.12.6nb1 local-user-shell http://www.sendmail.org/smrsh.adv.txt apache<1.3.27 local-user-shell http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0843 apache<1.3.27 denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0839 apache<1.3.27 local-file-read http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0840 apache6<1.3.27 local-user-shell http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0843 apache6<1.3.27 denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0839 apache6<1.3.27 local-file-read http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0840 gv<3.5.8nb2 local-user-shell http://www.epita.fr/~bevand_m/asa/asa-0000 logsurfer<1.5.2 local-user-shell http://www.cert.dfn.de/eng/team/wl/logsurf/ suse_base<7.3nb1 remote-code-execution http://www.suse.com/de/security/2002_031_glibc.html suse_devel<7.3nb1 remote-code-execution http://www.suse.com/de/security/2002_031_glibc.html kdegraphics<2.2.2nb2 remote-code-execution http://www.kde.org/info/security/advisory-20021008-1.txt kdegraphics-3.0.[123]* remote-code-execution http://www.kde.org/info/security/advisory-20021008-1.txt kdenetwork-3.0.[123]* remote-file-read http://www.kde.org/info/security/advisory-20021008-2.txt gtar-base<1.13.25 local-file-write http://online.securityfocus.com/archive/1/196445 kth-krb4<1.2.1 remote-code-execution http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2002-002-kadm4.txt inn<2.3.3 local-user-shell http://online.securityfocus.com/bid/6049 inn<2.3.3 local-user-shell http://online.securityfocus.com/bid/4501 fetchmail<6.1.0 remote-user-shell http://online.securityfocus.com/bid/5825 fetchmail<6.1.0 denial-of-service http://online.securityfocus.com/bid/5826 fetchmail<6.1.0 remote-user-shell http://online.securityfocus.com/bid/5827 squirrelmail<1.2.8 remote-script-inject http://online.securityfocus.com/bid/5763 bind<4.9.10nb1 remote-root-shell http://www.isc.org/products/BIND/bind-security.html bind<8.3.3nb1 remote-root-shell http://www.isc.org/products/BIND/bind-security.html samba-2.2.[2-6]* remote-root-shell http://www.samba.org/samba/whatsnew/samba-2.2.7.html windowmaker<0.80.2 remote-user-shell http://www.windowmaker.org/ ssh<3.2.2 local-root-shell http://www.kb.cert.org/vuls/id/740619 w3m<0.3.2.1 remote-file-write http://mi.med.tohoku.ac.jp/%7Esatodai/w3m-dev/200211.month/3492.html w3m-img<0.3.2.1 remote-file-write http://mi.med.tohoku.ac.jp/%7Esatodai/w3m-dev/200211.month/3492.html Canna-server-bin<3.5.2nb3 remote-root-shell http://canna.sourceforge.jp/sec/Canna-2002-01.txt windowmaker<0.80.2 local-user-shell http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1277 kdelibs-2.1.* remote-user-shell http://www.kde.org/info/security/advisory-20021111-1.txt kdelibs-2.2.1* remote-user-shell http://www.kde.org/info/security/advisory-20021111-1.txt kdelibs-2.2.2{,nb[123]} remote-user-shell http://www.kde.org/info/security/advisory-20021111-1.txt kdelibs-3.0.[123]* remote-user-shell http://www.kde.org/info/security/advisory-20021111-1.txt kdelibs-3.0.4 remote-user-shell http://www.kde.org/info/security/advisory-20021111-1.txt kdenetwork-2.[12]* remote-root-shell http://www.kde.org/info/security/advisory-20021111-2.txt kdenetwork-3.0.[123]* remote-root-shell http://www.kde.org/info/security/advisory-20021111-2.txt kdenetwork-3.0.4{,nb1} remote-root-shell http://www.kde.org/info/security/advisory-20021111-2.txt cyrus-imapd<2.0.17 remote-code-execution http://www.securityfocus.com/bid/6298 cyrus-imapd-2.1.9{,nb1} remote-code-execution http://www.securityfocus.com/bid/6298 imap-uw<2002.1rc1 remote-code-execution http://www.kb.cert.org/vuls/id/961489 cyrus-sasl-2.1.9{,nb[12]} remote-code-execution http://online.securityfocus.com/archive/1/302603 fetchmail<6.2.0 remote-code-execution http://security.e-matters.de/advisories/052002.html mysql-client<3.23.49nb2 remote-code-execution http://security.e-matters.de/advisories/042002.html mysql-server<3.23.49nb1 remote-code-execution http://security.e-matters.de/advisories/042002.html pine<4.50 remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1320 w3m{,-img}<0.3.2.2 remote-file-read http://sourceforge.net/project/shownotes.php?group_id=39518&release_id=126233 ethereal<0.9.8 remote-code-execution http://www.ethereal.com/appnotes/enpa-sa-00007.html wget<1.8.2 local-file-write http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1344 wget<1.8.2 local-file-write http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1345 ssh<=3.2.2 denial-of-service http://www.rapid7.com/advisories/R7-0009.txt cups<1.1.18 remote-root-shell http://www.idefense.com/advisory/12.19.02.txt png<1.2.5nb2 unknown ftp://swrinde.nde.swri.edu/pub/png-group/archives/png-implement.200212 leafnode<1.9.30 denial-of-service http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0123.html cups<=1.1.17 local-code-execution http://online.securityfocus.com/bid/6475 xpdf<=2.01 local-code-execution http://online.securityfocus.com/bid/6475 mhonarc<2.5.14 cross-site-scripting http://www.mhonarc.org/archive/cgi-bin/mesg.cgi?a=mhonarc-users&i=200212220120.gBM1K8502180@mcguire.earlhood.com libmcrypt<2.5.5 remote-user-shell http://online.securityfocus.com/archive/1/305162/2003-01-01/2003-01-07/0 kdebase<3.0.5.1 remote-code-execution http://www.kde.org/info/security/advisory-20021220-1.txt kdegames<3.0.5.1 remote-code-execution http://www.kde.org/info/security/advisory-20021220-1.txt kdegraphics<3.0.5.1 remote-code-execution http://www.kde.org/info/security/advisory-20021220-1.txt kdelibs<3.0.5.1 remote-code-execution http://www.kde.org/info/security/advisory-20021220-1.txt kdemultimedia<3.0.5.1 remote-code-execution http://www.kde.org/info/security/advisory-20021220-1.txt kdenetwork<3.0.5.1 remote-code-execution http://www.kde.org/info/security/advisory-20021220-1.txt kdepim<3.0.5.1 remote-code-execution http://www.kde.org/info/security/advisory-20021220-1.txt kdesdk<3.0.5.1 remote-code-execution http://www.kde.org/info/security/advisory-20021220-1.txt kdeutils<3.0.5.1 remote-code-execution http://www.kde.org/info/security/advisory-20021220-1.txt cvs<1.11.4nb1 remote-file-write https://ccvs.cvshome.org/servlets/NewsItemView?newsItemID=51 gabber<0.8.7nb4 privacy-leak http://online.securityfocus.com/archive/1/307430 spamassassin<=2.43nb1 remote-code-execution http://cert.uni-stuttgart.de/archive/bugtraq/2003/01/msg00254.html p5-Mail-SpamAssassin<=2.43nb1 remote-code-execution http://cert.uni-stuttgart.de/archive/bugtraq/2003/01/msg00254.html squirrelmail<1.2.11 cross-site-scripting http://www.squirrelmail.org/ openssl<0.9.6gnb1 weak-encryption http://www.openssl.org/news/secadv_20030219.txt php-4.1.[3-9]* remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1396 php-4.2.[0-2]* remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1396 php-4.2.3{,nb1} remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1396 sendmail<8.11.6nb3 remote-code-execution http://www.cert.org/advisories/CA-2003-07.html sendmail-8.12.[0-7] remote-code-execution http://www.cert.org/advisories/CA-2003-07.html sendmail-8.12.[0-7]nb* remote-code-execution http://www.cert.org/advisories/CA-2003-07.html snort<1.9.1 remote-code-execution http://www.kb.cert.org/vuls/id/916785 snort-pgsql<1.9.1 remote-code-execution http://www.kb.cert.org/vuls/id/916785 snort-mysql<1.9.1 remote-code-execution http://www.kb.cert.org/vuls/id/916785 hypermail<2.1.7 remote-code-execution http://www.hypermail.org/mail-archive/2003/Feb/0025.html zlib<1.1.4nb1 remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0107 ethereal-0.8.[7-9] remote-code-execution http://www.ethereal.com/appnotes/enpa-sa-00008.html ethereal-0.9.[0-9] remote-code-execution http://www.ethereal.com/appnotes/enpa-sa-00008.html qpopper<4.0.5 remote-user-shell http://archives.neohapsis.com/archives/bugtraq/2003-03/0152.html ircII<20030313 remote-code-execution http://eterna.com.au/ircii/ samba<2.2.8 remote-code-execution http://us1.samba.org/samba/whatsnew/samba-2.2.8.html openssl<0.9.6gnb2 remote-key-theft http://www.openssl.org/news/secadv_20030317.txt openssl<0.9.6gnb2 remote-use-of-secret http://www.openssl.org/news/secadv_20030319.txt mutt<1.4.1 remote-code-execution http://www.securityfocus.com/archive/1/315771/2003-03-19/2003-03-25/0 rxvt<2.7.10 remote-code-execution http://marc.theaimsgroup.com/?l=bugtraq&m=104612710031920&w=2 eterm<0.9.2 remote-code-execution http://marc.theaimsgroup.com/?l=bugtraq&m=104612710031920&w=2 apcupsd<3.8.6 remote-user-shell http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0098 apcupsd-3.10.[0-4] remote-user-shell http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0098 ap-php-4.1.[3-9]* remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1396 ap-php-4.2.[0-2]* remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1396 ap-php-4.2.3 remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1396 ja-samba<2.2.7.1.1.1 remote-code-execution http://www.samba.gr.jp/news-release/2003/20030317-2.html bitchx<1.0.3.19nb1 remote-code-execution http://www.securityfocus.com/archive/1/315057 apache-2.0.[0-3][0-9] denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0132 apache-2.0.4[0-4] denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0132 apcupsd<3.8.6 denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0099 apcupsd-3.10.[0-4] denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0099 setiathome<3.08 remote-code-execution http://spoor12.edup.tudelft.nl/SkyLined%20v4.2/?Advisories/Seti@home samba<=2.2.8 remote-root-access http://lists.samba.org/pipermail/samba-announce/2003-April/000065.html mgetty+sendfax<1.1.29 file-permissions http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1392 mgetty+sendfax<1.1.29 denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1391 ja-samba<2.2.7.2.1.0 remote-code-execution http://www.samba.gr.jp/news-release/2003/20030409-2.html kde<3.1.1nb1 remote-code-execution http://www.kde.org/info/security/advisory-20030409-1.txt kdelibs<3.1.1nb1 remote-code-execution http://www.kde.org/info/security/advisory-20030409-1.txt kdebase<3.1.1nb1 remote-code-execution http://www.kde.org/info/security/advisory-20030409-1.txt kdegraphics<3.1.1nb2 remote-code-execution http://www.kde.org/info/security/advisory-20030409-1.txt snort<2.0.0 remote-code-execution http://www.securityfocus.com/archive/1/318669 snort-pgsql<2.0.0 remote-code-execution http://www.securityfocus.com/archive/1/318669 snort-mysql<2.0.0 remote-code-execution http://www.securityfocus.com/archive/1/318669 poppassd<4.0.5nb1 local-root-shell http://www.securityfocus.com/archive/1/319811/2003-04-26/2003-05-02/0 ethereal<0.9.12 remote-code-execution http://www.ethereal.com/appnotes/enpa-sa-00009.html gnupg<1.2.2 weak-authentication http://www.securityfocus.com/archive/1/320444 lv<4.49.5 local-code-execution http://bugs.debian.org/cgi-bin/bugreport.cgi?archive=no&bug=190941 bitchx<1.0.3.19nb2 denial-of-service http://www.securityfocus.com/archive/1/321093 suse_libpng<7.3nb1 remote-user-shell http://www.suse.com/de/security/2003_004_libpng.html apache-2.0.3[7-9] denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0245 apache-2.0.4[0-5] denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0245 suse_base<7.3nb4 remote-code-execution http://www.suse.com/de/security/2003_027_glibc.html suse_devel<7.3nb2 remote-code-execution http://www.suse.com/de/security/2003_027_glibc.html cups<1.1.19 denial-of-service http://www.cups.org/str.php?L75 speakfreely<=7.5 remote-code-execution http://www.securityfocus.com/archive/1/324257/2003-06-06/2003-06-12/0 ethereal<0.9.13 remote-code-execution http://www.ethereal.com/appnotes/enpa-sa-00010.html xpdf<2.02pl1 remote-code-execution http://lists.netsys.com/pipermail/full-disclosure/2003-June/010397.html acroread5<5.07 remote-code-execution http://lists.netsys.com/pipermail/full-disclosure/2003-June/010397.html acroread5<5.08 remote-user-shell http://lists.netsys.com/pipermail/full-disclosure/2003-July/006342.html ImageMagick<5.5.7.1 local-symlink-race http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0455 apache-2.0.3[7-9] denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0253 apache-2.0.4[0-6] denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0253 falcons-eye<1.9.3nb3 local-user-shell http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0358 xconq<7.4.1nb1 local-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0607 mhonarc<2.6.4 cross-site-scripting http://savannah.nongnu.org/bugs/?func=detailbug&bug_id=3128&group_id=1968 wu-ftpd<=2.6.2 remote-root-shell http://isec.pl/vulnerabilities/isec-0011-wu-ftpd.txt lftp<2.5.3 remote-user-shell http://freshmeat.net/releases/87364/ postfix<=1.1.11 denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0468 postfix<=1.1.12 denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0540 xfstt<1.5 denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0581 xfstt<1.5.1 privacy-leak http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0625 stunnel<3.25 denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1563 stunnel-4.0[0-3]* denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1563 ssh2<3.2.5 weak-authentication http://www.ssh.com/company/newsroom/article/454/ horde<2.2.4rc1 privacy-leak http://www.securityfocus.com/archive/1/333114/2003-08-13/2003-08-19/0 imp<3.2.2rc1 privacy-leak http://www.securityfocus.com/archive/1/333114/2003-08-13/2003-08-19/0 gopher<3.0.6 remote-root-shell http://www.securityfocus.com/archive/1/328843/2003-08-18/2003-08-24/2 unzip<5.50nb2 weak-path-validation http://www.securityfocus.com/archive/1/334070/2003-08-18/2003-08-24/2 xmule<=1.4.3 remote-user-shell http://lists.netsys.com/pipermail/full-disclosure/2003-August/008449.html sendmail-8.12.[0-8]nb* denial-of-service http://www.sendmail.org/dnsmap1.html exim<3.36 remote-code-execution http://www.exim.org/pipermail/exim-announce/2003q3/000094.html exim>=4<4.22 remote-code-execution http://www.exim.org/pipermail/exim-announce/2003q3/000094.html leafnode<1.9.42 denial-of-service http://www.securityfocus.com/archive/1/336186 p5-Apache-Gallery<0.7 local-user-shell http://www.securityfocus.com/archive/1/336583/2003-09-06/2003-09-12/0 pine<4.58 remote-code-execution http://www.idefense.com/advisory/09.10.03.txt net-snmp<5.0.9 privacy-leak http://sourceforge.net/forum/forum.php?forum_id=308015 gtkhtml<1.1.10 denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0541 sane-backends<1.0.11 weak-authentication http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0773 sane-backends<1.0.11 denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0774 sane-backends<1.0.11 denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0775 sane-backends<1.0.11 unknown http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0776 sane-backends<1.0.11 denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0777 sane-backends<1.0.11 denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0778 apache<1.3.28 denial-of-service http://www.kb.cert.org/vuls/id/379828 apache6<1.3.28 denial-of-service http://www.kb.cert.org/vuls/id/379828 mysql-server<3.23.49nb5 remote-code-execution http://lists.netsys.com/pipermail/full-disclosure/2003-September/009819.html openssh<3.7.1 denial-of-service http://www.openssh.org/txt/buffer.adv openssh+gssapi<3.6.1.2.20030430nb2 denial-of-service http://www.openssh.org/txt/buffer.adv sendmail<8.12.10 unknown http://www.sendmail.org/8.12.10.html thttpd<2.23.0.1nb1 remote-code-execution http://marc.theaimsgroup.com/?l=thttpd&m=106402145912879&w=2 openssh<3.7.1.2 remote-code-execution http://www.openssh.com/txt/sshpam.adv proftpd<1.2.8nb2 remote-root-shell http://xforce.iss.net/xforce/alerts/id/154 cfengine-2.0.[0-7]* remote-code-execution http://www.securityfocus.com/archive/1/339083/2003-09-22/2003-09-28/0 mplayer<1.0rc1nb1 remote-code-execution http://www.mplayerhq.hu/homepage/news.html#vuln01 gmplayer<1.0rc1nb1 remote-code-execution http://www.mplayerhq.hu/homepage/news.html#vuln01 marbles<1.0.2nb3 local-user-shell http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0830 ncftp3<3.1.6 remote-file-write http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1345 openssl<0.9.6k remote-root-shell http://www.openssl.org/news/secadv_20030930.txt vmware3<3.2.1pl1 local-root-shell http://marc.theaimsgroup.com/?l=gentoo-announce&m=106181867621048&w=2 fetchmail<6.2.4nb2 denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0790 kdelibs<2.2.2 denial-of-service http://www.kde.org/info/security/ kdebase<2.2.2 remote-code-execution http://www.kde.org/info/security/ kdebase<2.2.2 denial-of-service http://www.kde.org/info/security/ kdebase<2.2.2 remote-code-execution http://www.kde.org/info/security/ silc-client<0.9.13 denial-of-service http://silcnet.org/txt/security_20031016_1.txt silc-server<0.9.14 denial-of-service http://silcnet.org/txt/security_20031016_1.txt sylpheed-claws-0.9.4{,nb1} denial-of-service http://www.guninski.com/sylph.html vtun<2.6nb1 privacy-leak ftp://ftp.netbsd.org/pub/NetBSD/packages/distfiles/LOCAL_PORTS/vtun-26to30.patch libnids<=1.17 remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0850 apache<1.3.28nb2 remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0542 apache6<1.3.28nb2 remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0542 apache-2.0.[0-3][0-9] remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0254 apache-2.0.4[0-7] remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0254 sun-{jre,jdk}13<1.0.9 privilege-escalation http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57221&zone_32=category%3Asecurity sun-{jre,jdk}14<2.0 privilege-escalation http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57221&zone_32=category%3Asecurity thttpd<2.24 remote-code-execution http://www.texonet.com/advisories/TEXONET-20030908.txt coreutils<5.0nb3 remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0853 coreutils<5.0nb3 denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0854 hylafax<4.1.8 remote-code-execution http://www.securiteam.com/unixfocus/6O00D0K8UI.html quagga<0.96.3nb1 denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0795 zebra<0.93bnb1 denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0795 pan<0.13.4 denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0855 ethereal<0.9.15 remote-code-execution http://www.ethereal.com/appnotes/enpa-sa-00011.html mozilla{,-bin}<1.5 remote-code-execution http://www.mozilla.org/projects/security/known-vulnerabilities.html screen<4.0.1nb1 remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0972 gnupg<1.2.3nb2 weak-authentication http://lists.gnupg.org/pipermail/gnupg-announce/2003q4/000276.html rsync<2.5.7 remote-user-shell http://www.mail-archive.com/rsync@lists.samba.org/msg08782.html audit-packages<1.26 no-exploit-but-less-integrity-so-please-upgrade http://mail-index.netbsd.org/tech-pkg/2003/11/30/0001.html cvs<1.11.10 remote-file-write https://ccvs.cvshome.org/servlets/NewsItemView?newsItemID=84 lftp<2.6.10 remote-code-execution http://lists.netsys.com/pipermail/full-disclosure/2003-December/014824.html opera<7.23 remote-file-delete http://opera.rainyblue.org/modules/cjaycontent/index.php?id=1 mgetty+sendfax<=1.1.30 file-permissions http://mail-index.netbsd.org/tech-pkg/2003/11/18/0003.html cvs<1.11.11 privilege-escalation https://ccvs.cvshome.org/servlets/NewsItemView?newsItemID=88 ethereal<0.10.0 denial-of-service http://www.ethereal.com/appnotes/enpa-sa-00012.html bind<8.4.3 cache-poisoning http://www.kb.cert.org/vuls/id/734644 mpg321<0.2.10nb3 remote-user-shell http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0969 mailman<2.1.4 cross-site-scripting http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0965 racoon<20040116a remote-sa-delete http://www.securityfocus.com/archive/1/349756 gaim<0.75nb1 remote-code-execution http://security.e-matters.de/advisories/012004.html freeradius<0.9.3 denial-of-service http://www.freeradius.org/security.html#0.9.2 libtool-base<1.5.2nb3 local-symlink-race http://www.securityfocus.com/archive/1/352519 jitterbug<1.6.2nb1 privilege-escalation http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0028 mpg123<0.59.18nb3 remote-user-shell http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0865 mpg123-esound<0.59.18nb1 remote-user-shell http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0865 mpg123-nas<0.59.18nb3 remote-user-shell http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0865 clamav<0.66 denial-of-service http://www.securityfocus.com/archive/1/353186 mutt<1.4.2 remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0078 metamail<2.7nb2 remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0104 xboing<2.4nb2 privilege-escalation http://www.debian.org/security/2004/dsa-451 libxml2<2.6.6 remote-user-shell http://lists.gnome.org/archives/xml/2004-February/msg00070.html automake<1.8.3 privilege-escalation http://www.securityfocus.com/archive/1/356574/2004-03-05/2004-03-11/2 apache-2.0.? denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0113 apache-2.0.[0-3][0-9] denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0113 apache-2.0.4[0-8] denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0113 apache-2.0.? denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0174 apache-2.0.[0-3][0-9] denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0174 apache-2.0.4[0-8] denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0174 apache-2.0.? remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0020 apache-2.0.[0-3][0-9] remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0020 apache-2.0.4[0-8] remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0020 apache<1.3.29nb2 remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0020 apache6<1.3.29nb2 remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0020 gdk-pixbuf<0.20 denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0111 openssl<0.9.6l denial-of-service http://www.openssl.org/news/secadv_20031104.txt openssl<0.9.6m denial-of-service http://www.openssl.org/news/secadv_20040317.txt isakmpd<=20030903nb1 denial-of-service http://www.rapid7.com/advisories/R7-0018.html ghostscript-gnu<7.07 privilege-escalation http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0354 ghostscript-gnu-nox11<7.07 privilege-escalation http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0354 ghostscript-gnu-x11<7.07 privilege-escalation http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0354 python22<2.2.2 remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0150 python22-pth<2.2.2 remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0150 squid<2.5.5 weak-acl-enforcement http://www.squid-cache.org/Advisories/SQUID-2004_1.txt ethereal<0.10.3 remote-code-execution http://www.ethereal.com/appnotes/enpa-sa-00013.html mplayer<1.0rc3nb2 remote-code-execution http://www.securityfocus.com/archive/1/359025 gmplayer<1.0rc3nb2 remote-code-execution http://www.securityfocus.com/archive/1/359025 mencoder<1.0rc3nb2 remote-code-execution http://www.securityfocus.com/archive/1/359025 heimdal<0.6.1 remote-trust http://www.pdc.kth.se/heimdal/advisory/2004-04-01/ uulib<0.5.20 archive-code-execution http://www.securityfocus.com/bid/9758 racoon<20040408a weak-authentication http://www.vuxml.org/freebsd/d8769838-8814-11d8-90d1-0020ed76ef5a.html xchat<1.8.11nb7 remote-code-execution http://mail.nl.linux.org/xchat-announce/2004-04/msg00000.html xchat-2.0.[0-7] remote-code-execution http://mail.nl.linux.org/xchat-announce/2004-04/msg00000.html xchat-2.0.[0-7]nb* remote-code-execution http://mail.nl.linux.org/xchat-announce/2004-04/msg00000.html xchat-2.0.8 remote-code-execution http://mail.nl.linux.org/xchat-announce/2004-04/msg00000.html xchat-2.0.8nb1 remote-code-execution http://mail.nl.linux.org/xchat-announce/2004-04/msg00000.html xchat-gnome<1.8.11nb7 remote-code-execution http://mail.nl.linux.org/xchat-announce/2004-04/msg00000.html cvs<1.11.15 remote-file-write https://ccvs.cvshome.org/servlets/NewsItemView?newsItemID=102 neon<0.24.5 unknown http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0179 tla<1.2.1rc1 remote-code-execution http://marc.theaimsgroup.com/?l=openpkg-announce&m=108213423102539&w=2 cadaver<0.22.1 remote-code-execution http://marc.theaimsgroup.com/?l=openpkg-announce&m=108213423102539&w=2 lha<1.14i local-code-execution http://www2m.biglobe.ne.jp/~dolphin/lha/lha-unix.htm mplayer>=1.0rc0<1.0rc4 remote-code-execution http://www.mplayerhq.hu/homepage/design6/news.html xine-lib-1rc[0-2]* remote-file-write http://www.xinehq.de/index.php/security/XSA-2004-1 xine-lib-1rc3[ab]* remote-file-write http://www.xinehq.de/index.php/security/XSA-2004-1 rsync<2.6.1 remote-file-write http://rsync.samba.org/#security_apr04 exim<3.36nb2 remote-code-execution http://www.guninski.com/exim1.html exim>=4<4.30 remote-code-execution http://www.guninski.com/exim1.html exim-exiscan-4.[0-2]* remote-code-execution http://www.guninski.com/exim1.html pine<4.58nb4 local-symlink-race http://www.NetBSD.org/cgi-bin/query-pr-single.pl?number=22226 xine-lib-1rc[0-3]* remote-file-write http://www.xinehq.de/index.php/security/XSA-2004-3 global<4.6 remote-exec http://savannah.gnu.org/forum/forum.php?forum_id=2029 opera<7.50 remote-file-write http://www.idefense.com/application/poi/display?id=104&type=vulnerabilities&flashstatus=true lha<114.9nb2 remote-code-execution http://www.securityfocus.com/bid/10243 apache<1.3.31 weak-authentication http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0987 apache<1.3.31 weak-acl-enforcement http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0993 apache<1.3.31 denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0174 apache6<1.3.31 weak-authentication http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0987 apache6<1.3.31 weak-acl-enforcement http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0993 apache6<1.3.31 denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0174 kdelibs<3.2.2nb2 remote-file-write http://www.kde.org/info/security/advisory-20040517-1.txt subversion-base<1.0.3 denial-of-service http://subversion.tigris.org/servlets/ReadMsg?list=announce&msgNo=125 subversion-base<1.0.3 remote-code-execution http://subversion.tigris.org/servlets/ReadMsg?list=announce&msgNo=125 ap2-subversion<1.0.3 denial-of-service http://subversion.tigris.org/servlets/ReadMsg?list=announce&msgNo=125 ap2-subversion<1.0.3 remote-code-execution http://subversion.tigris.org/servlets/ReadMsg?list=announce&msgNo=125 neon<0.24.6 remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0398 cvs-1.11.[0-9] remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0396 cvs-1.11.1[0-5] remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0396 cadaver<0.22.2 remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0398 ap-ssl<2.8.18 remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0488 squirrelmail<1.4.3 cross-site-scripting http://www.securityfocus.com/bid/10246/ ethereal<0.10.4 remote-code-execution http://www.ethereal.com/appnotes/enpa-sa-00014.html apache-2.0.49{,nb1} remote-code-execution http://www.securityfocus.com/bid/10355 roundup<0.7.3 remote-file-read http://cvs.sourceforge.net/viewcvs.py/*checkout*/roundup/roundup/CHANGES.txt?rev=1.533.2.21 cvs-1.11.[0-9] remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0416 cvs-1.11.[0-9]nb* remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0416 cvs-1.11.1[0-6]* remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0416 subversion-base<1.0.5 denial-of-service http://www.contactor.se/~dast/svn/archive-2004-06/0331.shtml racoon<20040617a weak-authentication http://www.securitytracker.com/alerts/2004/Jun/1010495.html mit-krb5<1.3.4 remote-code-execution http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2004-001-an_to_ln.txt imp<3.2.4 cross-site-scripting http://securityfocus.com/bid/10501/info/ gmplayer<1.0rc4nb2 remote-code-execution http://www.open-security.org/advisories/5 ethereal<0.10.5 remote-code-execution http://www.ethereal.com/appnotes/enpa-sa-00015.html courier-auth<0.45 remote-code-execution http://www.securityfocus.com/bid/9845 courier-imap<3.0.0 remote-code-execution http://www.securityfocus.com/bid/9845 sqwebmail<4.0.0 remote-code-execution http://www.securityfocus.com/bid/9845 ap-ssl<2.8.19 remote-code-execution http://www.mail-archive.com/modssl-users@modssl.org/msg16853.html ap2-subversion<1.0.6 weak-acl-enforcement http://www.contactor.se/~dast/svn/archive-2004-07/0814.shtml samba<2.2.10 remote-code-execution http://www.samba.org/samba/whatsnew/samba-2.2.10.html samba-3.0.[0-4]{,a*,nb?} remote-code-execution http://www.samba.org/samba/whatsnew/samba-3.0.5.html ja-samba<2.2.9.1.0nb1 remote-code-execution http://www.samba.org/samba/whatsnew/samba-2.2.10.html acroread5<5.0.9 unknown notfoundyet png<1.2.6rc1 remote-code-execution http://scary.beasts.org/security/CESA-2004-001.txt suse_libpng-7.3{,nb1} remote-code-execution http://scary.beasts.org/security/CESA-2004-001.txt suse_libpng-9.1 remote-code-execution http://scary.beasts.org/security/CESA-2004-001.txt suse_libpng<=6.4 remote-code-execution http://scary.beasts.org/security/CESA-2004-001.txt mozilla{,-gtk2}{,-bin}<1.7.2 ssl-certificate-spoofing http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0763 mozilla{,-gtk2}{,-bin}<1.7.2 denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0758 MozillaFirebird{,-gtk2}{,-bin}<0.9.3 ssl-certificate-spoofing http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0763 firefox{,-gtk2}{,-bin}<0.9.3 ssl-certificate-spoofing http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0763 MozillaFirebird{,-gtk2}{,-bin}<0.9.3 denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0758 firefox{,-gtk2}{,-bin}<0.9.3 denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0758 thunderbird{,-gtk2}{,-bin}<0.7.2 ssl-certificate-spoofing http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0763 thunderbird{,-gtk2}{,-bin}<0.7.2 denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0758 cfengine-2.0.* remote-code-execution http://www.securityfocus.org/advisories/7045 cfengine-2.1.[0-7] remote-code-execution http://www.securityfocus.org/advisories/7045 spamassassin<2.64 denial-of-service http://marc.theaimsgroup.com/?l=spamassassin-announce&m=109168121628767&w=2 kdelibs<3.2.3nb2 denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0689 kdelibs<3.2.3nb2 local-account-compromise http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0690 kdelibs<3.2.3nb2 http-frame-spoof http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0721 kdebase<3.2.3nb1 http-frame-spoof http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0721 opera<7.54 remote-file-read http://www.greymagic.com/security/advisories/gm008-op/ opera<7.54 www-address-spoof http://secunia.com/advisories/12162 rsync<2.6.2nb1 remote-file-access http://samba.org/rsync/#security_aug04 lukemftpd-[0-9]* remote-root-access ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2004-009.txt.asc tnftpd<20040810 remote-root-access ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2004-009.txt.asc demime<1.1d denial-of-service http://scifi.squawk.com/demime.html kdelibs<3.2.3nb2 www-session-fixation http://www.kde.org/info/security/advisory-20040823-1.txt fidogate<4.4.9nb1 local-file-write http://sourceforge.net/tracker/index.php?func=detail&aid=1013726&group_id=10739&atid=310739 qt3-libs<3.3.3 remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0691 gaim<0.82 remote-code-execution http://gaim.sourceforge.net/security/index.php?id=0 gaim<0.82 remote-code-execution http://gaim.sourceforge.net/security/index.php?id=1 gaim<0.82 remote-code-execution http://gaim.sourceforge.net/security/index.php?id=2 gaim<0.82 remote-code-execution http://gaim.sourceforge.net/security/index.php?id=3 gaim<0.82 remote-code-execution http://gaim.sourceforge.net/security/index.php?id=4 gaim<0.82 remote-code-execution http://gaim.sourceforge.net/security/index.php?id=5 gaim<0.82 denial-of-service http://gaim.sourceforge.net/security/index.php?id=6 zlib<1.2.1nb2 denial-of-service http://www.openpkg.org/security/OpenPKG-SA-2004.038-zlib.html imlib2<1.1.2 remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0802 mit-krb5<1.3.4nb2 remote-code-execution http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2004-002-dblfree.txt mit-krb5<1.3.4nb2 denial-of-service http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2004-003-asn1.txt mpg123<0.59.18nb4 remote-user-shell http://www.securityfocus.com/archive/1/374433 mpg123-esound<0.59.18nb2 remote-user-shell http://www.securityfocus.com/archive/1/374433 mpg123-nas<0.59.18nb4 remote-user-shell http://www.securityfocus.com/archive/1/374433 apache-2.0.[0-4]* denial-of-service http://issues.apache.org/bugzilla/show_bug.cgi?id=29964 apache-2.0.50 denial-of-service http://issues.apache.org/bugzilla/show_bug.cgi?id=29964 apache-2.0.[0-4]* denial-of-service http://issues.apache.org/bugzilla/show_bug.cgi?id=30134 apache-2.0.50 denial-of-service http://issues.apache.org/bugzilla/show_bug.cgi?id=30134 samba-3.0.[0-6]{,nb*} denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0807 samba-3.0.[0-6]{,nb*} denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0808 heimdal<0.6.3 remote-root-access http://www.pdc.kth.se/heimdal/advisory/2004-09-13/ MozillaFirebird{,-gtk2}{,-bin}<0.10 remote-code-execution http://secunia.com/advisories/12526/ firefox<0.10 remote-code-execution http://secunia.com/advisories/12526/ firefox-bin<0.10 remote-code-execution http://secunia.com/advisories/12526/ firefox-gtk2<0.10 remote-code-execution http://secunia.com/advisories/12526/ firefox-gtk2-bin<0.10 remote-code-execution http://secunia.com/advisories/12526/ mozilla<1.7.3 remote-code-execution http://secunia.com/advisories/12526/ mozilla-bin<1.7.3 remote-code-execution http://secunia.com/advisories/12526/ mozilla-gtk2<1.7.3 remote-code-execution http://secunia.com/advisories/12526/ thunderbird<0.8 remote-code-execution http://secunia.com/advisories/12526/ thunderbird-bin<0.8 remote-code-execution http://secunia.com/advisories/12526/ thunderbird-gtk2<0.8 remote-code-execution http://secunia.com/advisories/12526/ xpm<3.4knb2 denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0687 xpm<3.4knb2 denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0688 XFree86-libs<4.4.0nb2 denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0687 XFree86-libs<4.4.0nb2 denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0688 xorg-libs<6.7.0nb2 denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0687 xorg-libs<6.7.0nb2 denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0688 openmotif<2.1.30nb3 denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0687 openmotif<2.1.30nb3 denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0688 sudo-1.6.8 local-file-read http://www.sudo.ws/sudo/alerts/sudoedit.html apache-2.0.[0-4]* remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0747 apache-2.0.50 remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0747 apache-2.0.50nb1 remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0747 gdk-pixbuf<0.22 denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0753 gtk2+<2.4.10 denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0753 gdk-pixbuf<0.22 remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0782 gtk2+<2.4.10 remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0782 gdk-pixbuf<0.22 remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0783 gtk2+<2.4.10 remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0783 gdk-pixbuf<0.22 denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0788 gtk2+<2.4.10 denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0788 wv<=1.0.0nb1 remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0645 apache-2.0.51 weak-acl-enforcement http://nagoya.apache.org/bugzilla/show_bug.cgi?id=31315 apache-1.3.2[5-9]* denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0492 apache-1.3.30* denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0492 apache-1.3.31{,nb[1-4]} denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0492 apache<1.3.33 remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0940 apache6-1.3.2[5-9]* denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0492 apache6-1.3.30* denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0492 apache6-1.3.31{,nb[1-4]} denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0492 apache6<1.3.33 remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0940 ImageMagick<6.0.6.2 remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0827 ap2-subversion<1.0.8 metadata-leak http://subversion.tigris.org/security/CAN-2004-0749-advisory.txt squid<2.5.6 denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0832 MozillaFirebird{,-gtk2}{,-bin}<0.10.1 local-file-write http://www.mozilla.org/press/mozilla-2004-10-01-02.html firefox<0.10.1 local-file-write http://www.mozilla.org/press/mozilla-2004-10-01-02.html firefox-bin<0.10.1 local-file-write http://www.mozilla.org/press/mozilla-2004-10-01-02.html firefox-gtk2<0.10.1 local-file-write http://www.mozilla.org/press/mozilla-2004-10-01-02.html firefox-gtk2-bin<0.10.1 local-file-write http://www.mozilla.org/press/mozilla-2004-10-01-02.html gzip-base<1.2.4b remote-code-execution http://www.securityfocus.com/bid/3712 squid<2.5.7 denial-of-service http://www.idefense.com/application/poi/display?id=152&type=vulnerabilities tiff<3.6.1nb4 remote-code-execution http://scary.beasts.org/security/CESA-2004-006.txt tiff<3.6.1nb4 denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0804 tiff<3.6.1nb4 denial-of-service http://securitytracker.com/id?1011674 ap-ssl<2.8.20 weak-acl-enforcement http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0885 sox<12.17.6 remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0557 ssmtp<2.61 remote-user-access http://lists.debian.org/debian-security-announce-2004/msg00084.html kdegraphics-3.2.* denial-of-service http://www.kde.org/info/security/advisory-20041021-1.txt kdegraphics-3.3.{0,0nb1,1} denial-of-service http://www.kde.org/info/security/advisory-20041021-1.txt samba-2.2.[1-9] denial-of-service http://us1.samba.org/samba/history/samba-2.2.11.html samba-2.2.10 denial-of-service http://us1.samba.org/samba/history/samba-2.2.11.html samba-2.2.[1-9] remote-file-access http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0815 samba-2.2.{10,11} remote-file-access http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0815 ja-samba<2.2.12.0.9.1 remote-file-access http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0815 postgresql-server-7.3.[1-7]{,nb*} local-symlink-race http://www.postgresql.org/about/news.234 postgresql73-server-7.3.[1-7]{,nb*} local-symlink-race http://www.postgresql.org/about/news.234 postgresql74-server-7.4.[1-5]{,nb*} local-symlink-race http://www.postgresql.org/about/news.234 cabextract<1.1 local-file-write http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0916 mpg123<=0.59.18nb4 remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0982 mpg123-esound<=0.59.18nb3 remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0982 mpg123-nas<=0.59.18nb4 remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0982 socat<=1.4.0.2 privilege-escalation http://www.nosystem.com.ar/advisories/advisory-07.txt ruby-base<1.6.8nb7 denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0983 gnats<4 privilege-escalation http://www.securityfocus.com/archive/1/326337 mozilla<1.7.3nb2 local-file-write http://secunia.com/advisories/12956/ mozilla-bin<1.7.3nb1 local-file-write http://secunia.com/advisories/12956/ mozilla-gtk2<1.7.3nb2 local-file-write http://secunia.com/advisories/12956/ MozillaFirebird{,-gtk2}{,-bin}<1.0 local-file-write http://secunia.com/advisories/12956/ firefox<1.0 local-file-write http://secunia.com/advisories/12956/ firefox-bin<1.0 local-file-write http://secunia.com/advisories/12956/ firefox-gtk2<1.0 local-file-write http://secunia.com/advisories/12956/ firefox-gtk2-bin<1.0 local-file-write http://secunia.com/advisories/12956/ thunderbird<0.8nb1 local-file-write http://secunia.com/advisories/12956/ thunderbird-gtk2<0.8nb1 local-file-write http://secunia.com/advisories/12956/ thunderbird-bin<0.8nb1 local-file-write http://secunia.com/advisories/12956/ sudo<1.6.8pl3 privilege-escalation http://www.gratisoft.us/sudo/alerts/bash_functions.html gnats<4.0.1 remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0623 freeradius<1.0.1 denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0938 freeradius<1.0.1 denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0960 freeradius<1.0.1 denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0961 samba<2.2.12nb2 denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0930 samba<2.2.12nb2 remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0882 samba<2.2.12nb2 remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1154 samba-3.0.[0-6]{,nb*} denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0930 samba-3.0.[0-7]{,nb*} remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0882 samba-3.0.[0-9]{,nb*} remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1154 ja-samba-[0-9]* denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0930 ja-samba<2.2.12.0.9.1 remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0882 ja-samba<2.2.12.0.9.1 remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1154 squirrelmail<1.4.3anb1 cross-site-scripting http://article.gmane.org/gmane.mail.squirrelmail.user/21169 ja-squirrelmail<1.4.3anb3 cross-site-scripting http://article.gmane.org/gmane.mail.squirrelmail.user/21169 snownews<1.5 unsafe-umask http://kiza.kcore.de/software/snownews/changes#150 liferea<0.6.2 unsafe-umask http://sourceforge.net/project/shownotes.php?release_id=282434 libxml2<2.6.14 remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0989 libxml<1.8.17nb3 remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0989 sun-{jre,jdk}14<2.6 remote-code-execution http://sunsolve.sun.com/search/document.do?assetkey=1-26-57591-1 sun-{jre,jdk}13<1.0.12nb1 remote-code-execution http://sunsolve.sun.com/search/document.do?assetkey=1-26-57591-1 xpdf<3.00pl1 remote-code-execution http://www.gentoo.org/security/en/glsa/glsa-200410-20.xml php-curl<=4.3.1 local-file-read http://www.securityfocus.com/bid/11557 jabberd-2.0s[23]* remote-code-execution http://www.securityfocus.com/archive/1/382250 jabberd-2.0s4 remote-code-execution http://www.securityfocus.com/archive/1/382250 jabberd<1.4.2nb4 denial-of-service http://www.securityfocus.com/archive/1/375955 imlib<1.9.15 remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1025 imlib<1.9.15nb1 remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1026 kdelibs<3.3.2nb1 plain-text-password-exposure http://www.kde.org/info/security/advisory-20041209-1.txt kdegraphics<3.3.2 denial-of-service http://www.kde.org/info/security/advisory-20041209-2.txt kdelibs<3.3.2nb2 cross-site-scripting http://www.kde.org/info/security/advisory-20041213-1.txt kdebase<3.3.2nb1 cross-site-scripting http://www.kde.org/info/security/advisory-20041213-1.txt phpmyadmin-2.6.0-pl2 remote-code-execution http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2004-4 phpmyadmin-2.6.0pl2 remote-code-execution http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2004-4 phpmyadmin-2.[4-5]* remote-file-read http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2004-4 phpmyadmin-2.6.0 remote-file-read http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2004-4 phpmyadmin-2.6.0pl2 remote-file-read http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2004-4 phpmyadmin-2.6.0-pl* remote-file-read http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2004-4 namazu<2.0.14 cross-site-scripting http://www.namazu.org/security.html.en {ap-,}php<4.3.10 remote-code-execution http://www.hardened-php.net/advisories/012004.txt {ap-,}php-5.0.2* remote-code-execution http://www.hardened-php.net/advisories/012004.txt {ap-,}php<4.3.10 local-code-execution http://www.hardened-php.net/advisories/012004.txt {ap-,}php-5.0.2* local-code-execution http://www.hardened-php.net/advisories/012004.txt cyrus-imapd-2.2.[4-8]{,nb*} remote-code-execution http://security.e-matters.de/advisories/152004.txt cyrus-imapd-2.2.[0-5]{,nb*} remote-code-execution http://security.e-matters.de/advisories/152004.txt cyrus-imapd-2.2.[0-7]{,nb*} remote-code-execution http://security.e-matters.de/advisories/152004.txt cyrus-imapd-2.2.[7-8]{,nb*} remote-code-execution http://security.e-matters.de/advisories/152004.txt cyrus-imapd-2.2.[0-9]{,nb*} remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0546 cyrus-imapd-2.2.1[0-1]{,nb*} remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0546 cyrus-imapd<2.1.18 remote-code-execution http://security.e-matters.de/advisories/152004.txt cyrus-imapd<2.1.18 remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0546 ethereal-0.9.* remote-code-execution http://www.ethereal.com/appnotes/enpa-sa-00016.html ethereal-0.10.[0-7]{,nb*} remote-code-execution http://www.ethereal.com/appnotes/enpa-sa-00016.html tcpdump<3.8.1 remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0989 tcpdump<=3.8.1 remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0057 tcpdump<3.8.2 remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0183 tcpdump<3.8.2 remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0184 mc<4.6.1rc2 privilege-escalation http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0226 gmc<4.6.1rc2 privilege-escalation http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0226 mc<4.6.1rc2 privilege-escalation http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0231 gmc<4.6.1rc2 privilege-escalation http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0231 mc<4.6.1rc2 privilege-escalation http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0232 gmc<4.6.1rc2 privilege-escalation http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0232 netpbm<9.26 local-file-write http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0924 pwlib<1.6.0 denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0097 leafnode<1.9.48 denial-of-service http://leafnode.sourceforge.net/leafnode-SA-2004-01 lbreakout<2.4beta2 privilege-escalation http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0158 ap-python<2.7.9 denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0973 logcheck<1.1.1 local-file-write http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0404 zope<2.5.2 privilege-escalation http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0688 flim<1.14.3 local-file-write http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0422 gnome-vfs<1.0.1 remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0494 cups<1.1.21 denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0558 openoffice<1.1.3 privilege-escalation http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0752 openoffice-linux<1.1.3 privilege-escalation http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0752 imlib<1.9.15 remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0817 apache-2.0.51* privilege-escalation http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0811 mysql-server<3.23.59 privilege-escalation http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0835 mysql-server-4.0.[0-9] privilege-escalation http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0835 mysql-server-4.0.[0-9]nb* privilege-escalation http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0835 mysql-server-4.0.1[0-8] privilege-escalation http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0835 mysql-server-4.0.1[0-8]nb* privilege-escalation http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0835 mysql-server-4.1.[01] privilege-escalation http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0835 mysql-server-4.1.[01]nb* privilege-escalation http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0835 mysql-server<3.23.49 remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0836 mysql-server-4.0.[0-9] remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0836 mysql-server-4.0.[0-9]nb* remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0836 mysql-server-4.0.1[0-9] remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0836 mysql-server-4.0.1[0-9]nb* remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0836 mysql-server-4.0.20 remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0836 mysql-server-4.0.20nb* remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0836 mysql-server<3.23.49 denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0837 mysql-server-4.0.[0-9] denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0837 mysql-server-4.0.[0-9]nb* denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0837 mysql-server-4.0.1[0-9] denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0837 mysql-server-4.0.1[0-9]nb* denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0837 mysql-server-4.0.20 denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0837 mysql-server-4.0.20nb* denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0837 cyrus-sasl<2.1.19 privilege-escalation http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0884 cups<1.1.21 remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0888 cups<1.1.21 remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0889 cups<1.1.21 privilege-escalation http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0923 apache-2.0.3[5-9] privilege-escalation http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0885 apache-2.0.3[5-9]nb* privilege-escalation http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0885 apache-2.0.4[0-9] privilege-escalation http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0885 apache-2.0.4[0-9]nb* privilege-escalation http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0885 apache-2.0.5[0-2] privilege-escalation http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0885 apache-2.0.5[0-2]nb[1-4] weak-cryptography http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0885 openmotif<2.1.30nb3 denial-of-service http://www.ics.com/developers/index.php?cont=xpm_security_alert catdoc<=0.91 local-file-write http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0193 gd<2.0.22 remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0941 gd<2.0.28 denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0990 ImageMagick<6.1.0 remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0981 lesstif<0.93.96 remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0687 lesstif<0.93.96 remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0688 lesstif<0.94.0 remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0914 xorg-libs<6.8.1nb4 remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0914 XFree86-libs<4.4.1 remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0914 xpm<3.4nb4 remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0914 groff<1.19.1nb2 local-file-write http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0969 zip<2.3nb3 buffer-overrun http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1010 openssl<0.9.6mnb2 local-file-write http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0975 mplayer<1.0rc5pl2 remote-code-execution http://www.idefense.com/application/poi/display?id=166&type=vulnerabilities mplayer<1.0rc5pl2 remote-code-execution http://www.idefense.com/application/poi/display?id=167&type=vulnerabilities mplayer<1.0rc5pl2 remote-code-execution http://www.idefense.com/application/poi/display?id=168&type=vulnerabilities cscope<15.4nb4 local-file-write http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0996 acroread5<5.10 remote-code-execution http://www.adobe.com/support/techdocs/331153.html a2ps<4.13.0.2nb5 unsafe-shell-escape http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1170 a2ps<4.13.0.2nb7 local-symlink-race http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1377 mc<4.6.1rc2 privilege-escalation http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-1023 tiff<3.6.1nb6 buffer-overrun http://www.idefense.com/application/poi/display?id=173&type=vulnerabilities xpdf<3.00pl2 remote-code-execution http://www.idefense.com/application/poi/display?id=172&type=vulnerabilities xzgv<0.8.0.1 buffer-overrun http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0994 xine-lib-1rc[2-5]* remote-code-execution http://www.xinehq.de/index.php/security/XSA-2004-4 xine-lib<1rc6 remote-code-execution http://www.xinehq.de/index.php/security/XSA-2004-5 gpdf<2.8.1 buffer-overrun http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0888 koffice<1.3.5 integer-overflow http://kde.org/areas/koffice/releases/1.3.4-release.php pdfTexinteTexbin=4<4.43nb2 remote-code-execution http://www.exim.org/mail-archives/exim-announce/2005/msg00000.html exim-exiscan<4.43nb2 remote-code-execution http://www.exim.org/mail-archives/exim-announce/2005/msg00000.html vim<6.3.045 local-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1138 vim-gtk<6.3.045 local-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1138 vim-gtk2<6.3.045 local-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1138 vim-kde<6.3.045 local-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1138 vim-motif<6.3.045 local-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1138 vim-xaw<6.3.045 local-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1138 pcal<4.7nb1 buffer-overrun http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1289 tnftp<20050103 remote-code-execution http://tigger.uic.edu/~jlongs2/holes/tnftp.txt napshare<1.3 remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1286 yamt<0.5 remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1302 cups-1.1.2[12]* denial-of-service http://www.cups.org/str.php?L1042+P0+S-1+C0+I0+E0+Q1042 dillo<0.8.3nb2 remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0012 tiff<3.6.1nb6 remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1308 mpg123<0.59.18nb7 remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1284 mpg123-esound<0.59.18nb5 remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1284 mpg123-nas<0.59.18nb6 remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1284 mpg123<0.59.18nb7 remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0991 mpg123-esound<0.59.18nb5 remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0991 mpg123-nas<0.59.18nb6 remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0991 hylafax<4.2.1 weak-acl-enforcement http://www.hylafax.org/4.2.1.html teTeX-bin<2.0.2nb3 remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1125 teTeX-bin<2.0.2nb4 remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0888 awstats<6.3 local-code-execution http://www.idefense.com/application/poi/display?id=185&type=vulnerabilities ImageMagick<6.1.8.8 remote-code-execution http://www.idefense.com/application/poi/display?id=184&type=vulnerabilities xpdf<3.00pl3 remote-code-execution http://www.idefense.com/application/poi/display?id=186&type=vulnerabilities cups<1.1.23nb1 remote-code-execution http://www.idefense.com/application/poi/display?id=186&type=vulnerabilities kdegraphics<3.3.2nb3 remote-code-execution http://www.kde.org/info/security/advisory-20050119-1.txt mysql-client<3.23.58nb3 local-file-write http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0004 mysql-client-4.0.[0-9]{,nb*} local-file-write http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0004 mysql-client-4.0.1[0-9]* local-file-write http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0004 mysql-client-4.0.2[0-2]* local-file-write http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0004 mysql-client-4.0.23 local-file-write http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0004 mysql-client-4.1.[0-8]{,nb*} local-file-write http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0004 mysql-client-4.1.9 local-file-write http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0004 ethereal<0.10.9 denial-of-service http://ethereal.com/appnotes/enpa-sa-00017.html ethereal<0.10.9 remote-code-execution http://ethereal.com/appnotes/enpa-sa-00017.html koffice<1.3.5nb4 remote-code-execution http://www.kde.org/info/security/advisory-20050120-1.txt squid<2.5.7nb5 buffer-overrun http://www.squid-cache.org/Advisories/SQUID-2005_1.txt squid<2.5.7nb6 buffer-overrun http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0094 squid<2.5.7nb7 denial-of-service http://www.squid-cache.org/Advisories/SQUID-2005_2.txt squid<2.5.7nb8 denial-of-service http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-response_splitting unarj<2.65nb1 remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0947 unarj<2.65nb1 local-file-write http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1027 suse_libtiff<9.1nb1 remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1308 suse_x11<9.1nb1 remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0914 suse_gtk2<9.1nb3 denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0753 suse_gtk2<9.1nb3 remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0782 suse_gtk2<9.1nb3 remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0783 suse_gtk2<9.1nb3 denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0788 webmin<1.160 local-file-write http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0559 teTeX-bin<2.0.2nb5 remote-code-execution http://www.idefense.com/application/poi/display?id=186&type=vulnerabilities sun-{jre,jdk}14<2.6 remote-code-execution http://sunsolve.sun.com/search/document.do?assetkey=1-26-57708-1 sun-{jre,jdk}13<1.0.13 remote-code-execution http://sunsolve.sun.com/search/document.do?assetkey=1-26-57708-1 evolution12<1.2.4nb4 remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0102 evolution14<1.4.6nb3 remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0102 evolution<2.0.3nb1 remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0102 enscript<1.6.3nb1 remote-code-execution http://www.securityfocus.org/advisories/7879 bind-8.4.[4-5]{,nb*} denial-of-service http://www.kb.cert.org/vuls/id/327633 bind-9.3.0 denial-of-service http://www.kb.cert.org/vuls/id/938617 squid<2.5.7nb9 cache-poisoning http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-response_splitting p5-DBI<1.46nb2 local-file-write http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0077 f2c<20001205nb8 local-file-write http://www.debian.org/security/2005/dsa-661 squid<2.5.7nb10 buffer-overrun http://www.squid-cache.org/Advisories/SQUID-2005_3.txt zope25-Silva<0.9.2.8 privilege-escalation http://mail.zope.org/pipermail/zope-announce/2005-February/001653.html postgresql-server-7.3.[1-8]{,nb*} privilege-escalation http://archives.postgresql.org/pgsql-bugs/2005-01/msg00269.php postgresql73-server-7.3.[1-8]{,nb*} privilege-escalation http://archives.postgresql.org/pgsql-bugs/2005-01/msg00269.php postgresql74-server-7.4.[1-6]{,nb*} privilege-escalation http://archives.postgresql.org/pgsql-bugs/2005-01/msg00269.php postgresql80-server-8.0.0* privilege-escalation http://archives.postgresql.org/pgsql-bugs/2005-01/msg00269.php perl{,-thread}-5.8.{[0-4]{,nb*},5{,nb[1-7]},6{,nb[12]}} local-root-exploit http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0155 perl{,-thread}-5.8.{[0-4]{,nb*},5{,nb[1-7]},6{,nb[12]}} buffer-overrun http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0156 gpdf<2.8.3 remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1125 gpdf<2.8.3 remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0064 python22<2.2.3nb5 remote-code-execution http://www.python.org/security/PSF-2005-001/ python22-pth<2.2.3nb5 remote-code-execution http://www.python.org/security/PSF-2005-001/ python23<2.3.4nb7 remote-code-execution http://www.python.org/security/PSF-2005-001/ python23-pth<2.3.4nb7 remote-code-execution http://www.python.org/security/PSF-2005-001/ python23-nth<2.3.4nb2 remote-code-execution http://www.python.org/security/PSF-2005-001/ python24<2.4nb4 remote-code-execution http://www.python.org/security/PSF-2005-001/ python24-pth<2.4nb4 remote-code-execution http://www.python.org/security/PSF-2005-001/ py{15,20,21,22,23,24}-xmlrpc<=0.9.8 remote-code-execution http://www.python.org/security/PSF-2005-001/ opera<7.54pl2 remote-code-execution http://secunia.com/advisories/13818/ opera<=7.54pl2 www-address-spoof http://secunia.com/advisories/14154/ firefox{,-bin,-gtk2,-gtk2-bin}<=1.0 www-address-spoof http://secunia.com/advisories/14163/ mozilla{,-bin,-gtk2,-gtk2-bin}<=1.7.5 www-address-spoof http://secunia.com/advisories/14163/ kdebase<=3.3.2nb1 www-address-spoof http://secunia.com/advisories/14162/ apache-2.0.5[0-2]{,nb*} denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0942 fprot-workstation-bin<4.5.3 local-code-execution http://www.f-secure.com/security/fsc-2005-1.shtml mailman<2.1.4nb3 remote-file-read http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0202 awstats<=6.3nb3 denial-of-service http://www.securityfocus.com/archive/1/390368 awstats<=6.3nb3 remote-code-execution http://www.securityfocus.com/archive/1/390368 sympa<=4.1.2nb1 remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0073 bidwatcher<1.3.17 remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0158 kdeedu<=3.3.2 privilege-escalation http://www.kde.org/info/security/advisory-20050215-1.txt emacs-21.[0-2]* remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0100 emacs-21.3 remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0100 emacs-21.3nb[0-6] remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0100 emacs-nox11-21.[0-2]* remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0100 emacs-nox11-21.3 remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0100 emacs-nox11-21.3nb[0-1] remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0100 emacs<20.7nb5 remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0100 xemacs<21.4.17 remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0100 xemacs-nox11<21.4.17 remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0100 xview-lib<3.2.1nb4 privilege-escalation http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0076 clamav<0.82 denial-of-service http://www.securityfocus.com/bid/12408?ref=rss phpmyadmin<2.6.1pl1 cross-site-scripting http://sourceforge.net/tracker/index.php?func=detail&aid=1149383&group_id=23067&atid=377408 phpmyadmin<2.6.1pl1 privacy-leak http://sourceforge.net/tracker/index.php?func=detail&aid=1149381&group_id=23067&atid=377408 curl<7.12.2nb1 remote-code-execution http://www.idefense.com/application/poi/display?id=202&type=vulnerabilities curl-7.1{2.3,2.3nb1,3.0} remote-code-execution http://www.idefense.com/application/poi/display?id=202&type=vulnerabilities gaim<1.0.2 denial-of-service http://gaim.sourceforge.net/security/index.php?id=7 gaim<1.0.2 denial-of-service http://gaim.sourceforge.net/security/index.php?id=8 gaim<1.0.2 buffer-overrun http://gaim.sourceforge.net/security/index.php?id=9 gaim<1.1.3 denial-of-service http://gaim.sourceforge.net/security/index.php?id=10 gaim<1.1.3 denial-of-service http://gaim.sourceforge.net/security/index.php?id=11 gaim<1.1.4 denial-of-service http://gaim.sourceforge.net/security/index.php?id=12 unzip<5.52 privilege-escalation http://www.securityfocus.com/archive/1/391677 kdebase<3.3.2 command-injection http://www.kde.org/info/security/advisory-20050101-1.txt kdebase<3.0.5 privilege-escalation http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0078 squid<2.5.8nb2 denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0446 squirrelmail<1.4.4 cross-site-scripting http://www.squirrelmail.org/security/issue/2005-01-20 ja-squirrelmail<1.4.4 cross-site-scripting http://www.squirrelmail.org/security/issue/2005-01-20 squirrelmail-1.2.6* remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0152 ja-squirrelmail-1.2.6* remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0152 gcpio<2.5nb1 local-file-write http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1572 squid<2.5.8 weak-acl-enforcement http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0173 squid<2.5.8 information-disclosure http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-2479 squid<2.5.7nb4 weak-acl-enforcement http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0194 squid<2.5.7nb12 denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0718 php<3.0.19 remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0594 php<3.0.19 cross-site-scripting http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0595 mailman<2.1.5 cross-site-scripting http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1177 ap-python<2.7.9 weak-acl-enforcement http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0088 squirrelmail<1.4.4 cross-site-scripting http://www.squirrelmail.org/security/issue/2005-01-19 ja-squirrelmail<1.4.4 cross-site-scripting http://www.squirrelmail.org/security/issue/2005-01-19 squirrelmail-1.4.3* cross-site-scripting http://www.squirrelmail.org/security/issue/2005-01-14 ja-squirrelmail-1.4.3* cross-site-scripting http://www.squirrelmail.org/security/issue/2005-01-14 mailman<2.1.5 weak-password-generator http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1143 htdig<3.1.6nb2 cross-site-scripting http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0085 postgresql-lib<7.3.9 remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0245 postgresql73-lib<7.3.9 remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0245 postgresql74-lib<7.4.7 remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0245 postgresql80-lib<8.0.1 remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0245 # intagg not installed #postgresql73-lib-7.3.[0-9]* denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0246 #postgresql74-lib-7.4.[0-9]* denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0246 #postgresql80-lib-8.0.[0-9]* denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0246 postgresql-lib-7.3.[0-9]* remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0247 postgresql73-lib<7.3.9nb1 remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0247 postgresql74-lib<7.4.7nb1 remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0247 postgresql80-lib<8.0.1nb1 remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0247 gftp<2.0.18 remote-file-read http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0372 gftp-gtk1<2.0.18 remote-file-read http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0372 vim-share<6.3.046 local-file-write http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0069 imap-uw<2004b remote-user-access http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0198 unace<1.2.2nb1 buffer-overflow http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0160 unace<1.2.2nb1 no-path-validation http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0161 wu-ftpd<2.6.2nb3 denial-of-service http://www.idefense.com/application/poi/display?id=207&type=vulnerabilities cups<1.1.23nb2 remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0206 ImageMagick<6.2.0.3 local-user-shell http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0397 cyrus-sasl<2.1.19 remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0373 kdenetwork<=3.1.5 local-domain-spoofing http://www.kde.org/info/security/advisory-20050228-1.txt realplayer<10.6 remote-code-execution http://service.real.com/help/faq/security/050224_player RealPlayerGold<10.0.2 remote-code-execution http://service.real.com/help/faq/security/050224_player firefox{,-bin,-gtk2,-gtk2-bin}<1.0.1 window-injection-spoofing http://www.mozilla.org/security/announce/mfsa2005-13.html firefox{,-bin,-gtk2,-gtk2-bin}<1.0.1 ssl-icon-spoofing http://www.mozilla.org/security/announce/mfsa2005-14.html firefox{,-bin,-gtk2,-gtk2-bin}<1.0.1 heap-overflow http://www.mozilla.org/security/announce/mfsa2005-15.html firefox{,-bin,-gtk2,-gtk2-bin}<1.0.1 dialog-spoofing http://www.mozilla.org/security/announce/mfsa2005-16.html firefox{,-bin,-gtk2,-gtk2-bin}<1.0.1 source-spoofing http://www.mozilla.org/security/announce/mfsa2005-17.html firefox{,-bin,-gtk2,-gtk2-bin}<1.0.1 remote-code-execution http://www.mozilla.org/security/announce/mfsa2005-18.html firefox{,-bin,-gtk2,-gtk2-bin}<1.0.1 data-leak http://www.mozilla.org/security/announce/mfsa2005-19.html firefox{,-bin,-gtk2,-gtk2-bin}<1.0.1 possible-data-leak http://www.mozilla.org/security/announce/mfsa2005-20.html firefox{,-bin,-gtk2,-gtk2-bin}<1.0.1 download-source-spoofing http://www.mozilla.org/security/announce/mfsa2005-23.html firefox{,-bin,-gtk2,-gtk2-bin}<1.0.1 cross-site-scripting http://www.mozilla.org/security/announce/mfsa2005-26.html firefox{,-bin,-gtk2,-gtk2-bin}<1.0.1 remote-code-execution http://www.mozilla.org/security/announce/mfsa2005-27.html firefox{,-bin,-gtk2,-gtk2-bin}<1.0.1 local-file-delete http://www.mozilla.org/security/announce/mfsa2005-28.html firefox{,-bin,-gtk2,-gtk2-bin}<1.0.1 domain-name-spoofing http://www.mozilla.org/security/announce/mfsa2005-29.html mozilla{,-bin,-gtk2,-gtk2-bin}<1.7.6 window-injection-spoofing http://www.mozilla.org/security/announce/mfsa2005-13.html mozilla{,-bin,-gtk2,-gtk2-bin}<1.7.6 ssl-icon-spoofing http://www.mozilla.org/security/announce/mfsa2005-14.html mozilla{,-bin,-gtk2,-gtk2-bin}<1.7.6 heap-overflow http://www.mozilla.org/security/announce/mfsa2005-15.html mozilla{,-bin,-gtk2,-gtk2-bin}<1.7.6 source-spoofing http://www.mozilla.org/security/announce/mfsa2005-17.html mozilla{,-bin,-gtk2,-gtk2-bin}<1.7.6 remote-code-execution http://www.mozilla.org/security/announce/mfsa2005-18.html mozilla{,-bin,-gtk2,-gtk2-bin}<1.7.6 possible-data-leak http://www.mozilla.org/security/announce/mfsa2005-20.html mozilla{,-bin,-gtk2,-gtk2-bin}<1.7.6 cross-site-scripting http://www.mozilla.org/security/announce/mfsa2005-26.html mozilla{,-bin,-gtk2,-gtk2-bin}<1.7.6 remote-code-execution http://www.mozilla.org/security/announce/mfsa2005-27.html mozilla{,-bin,-gtk2,-gtk2-bin}<1.7.6 local-file-delete http://www.mozilla.org/security/announce/mfsa2005-28.html mozilla{,-bin,-gtk2,-gtk2-bin}<1.7.6 domain-name-spoofing http://www.mozilla.org/security/announce/mfsa2005-29.html thunderbird{,-bin,-gtk2}<1.0.1 source-spoofing http://www.mozilla.org/security/announce/mfsa2005-17.html thunderbird{,-bin,-gtk2}<1.0.1 remote-code-execution http://www.mozilla.org/security/announce/mfsa2005-18.html sylpheed<1.0.3 buffer-overflow http://www.tmtm.org/cgi-bin/w3ml/sylpheed/msg/24250 sylpheed-claws<1.0.3 buffer-overflow http://www.tmtm.org/cgi-bin/w3ml/sylpheed/msg/24250 sylpheed-gtk2-[01].* buffer-overflow http://www.tmtm.org/cgi-bin/w3ml/sylpheed/msg/24250 ethereal<0.10.10 remote-code-execution http://ethereal.com/appnotes/enpa-sa-00018.html xpm<3.4knb3 buffer-overflow http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0605 openmotif<2.1.30nb4 buffer-overflow http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0605 lesstif<0.94.0nb1 buffer-overflow http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0605 libexif<0.6.11nb1 buffer-overflow http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0664 putty<0.57 remote-code-execution http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-sftp-readdir.html putty<0.57 remote-code-execution http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-sftp-string.html mysql-server<4.0.24 remote-privilege-escalation http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0709 mysql-server<4.0.24 remote-privilege-escalation http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0710 mysql-server<4.0.24 local-privilege-escalation http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0711 mysql-server-4.1.[0-9]{nb*,} remote-privilege-escalation http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0709 mysql-server-4.1.[0-9]{nb*,} remote-privilege-escalation http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0710 mysql-server-4.1.[0-9]{nb*,} local-privilege-escalation http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0711 mysql-server-4.1.10{nb*,} remote-privilege-escalation http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0709 mysql-server-4.1.10{nb*,} remote-privilege-escalation http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0710 mysql-server-4.1.10{nb*,} local-privilege-escalation http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0711 kdelibs<3.3.2nb8 denial-of-service http://www.kde.org/info/security/advisory-20050316-1.txt kdelibs<3.3.2nb8 domain-name-spoofing http://www.kde.org/info/security/advisory-20050316-2.txt kdelibs<3.3.2nb8 local-file-write http://www.kde.org/info/security/advisory-20050316-3.txt sun-{jre,jdk}14<2.7 remote-code-execution http://sunsolve.sun.com/search/document.do?assetkey=1-26-57740-1 xli<1.17.0nb2 local-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0638 xli<1.17.0nb2 buffer-overflow http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0639 xli<1.17.0nb4 buffer-overflow http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0775 wine>20000000<20050419 insecure-temp-file http://www.securityfocus.com/archive/1/393150/2005-03-14/2005-03-20/0 ImageMagick<6.1.8 local-user-shell http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0005 ImageMagick<6.0 local-user-shell http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0759 ImageMagick<6.0 local-user-shell http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0760 ImageMagick<6.1.8 local-user-shell http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0761 ImageMagick<6.0 local-user-shell http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0762 ipsec-tools<0.6 denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0398 firefox{,-bin,-gtk1,-gtk2,-gtk2-bin}<1.0.2 remote-code-execution http://www.mozilla.org/security/announce/mfsa2005-30.html firefox{,-bin,-gtk1,-gtk2,-gtk2-bin}<1.0.2 remote-code-execution http://www.mozilla.org/security/announce/mfsa2005-31.html firefox{,-bin,-gtk1,-gtk2,-gtk2-bin}<1.0.2 privilege-escalation http://www.mozilla.org/security/announce/mfsa2005-32.html sylpheed<1.0.4 buffer-overflow http://www.tmtm.org/cgi-bin/w3ml/sylpheed/msg/24429 sylpheed-claws<1.0.4 buffer-overflow http://www.tmtm.org/cgi-bin/w3ml/sylpheed/msg/24429 sylpheed-gtk2-[01].* buffer-overflow http://www.tmtm.org/cgi-bin/w3ml/sylpheed/msg/24429 gnupg<1.4.1 information-leak http://lists.gnupg.org/pipermail/gnupg-announce/2005q1/000191.html mit-krb5<1.4nb1 remote-code-execution http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2005-001-telnet.txt {g,}mc<4.5.56 buffer-overflow http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0763 {g,}mc<4.5.56 remote-unknown http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1004 {g,}mc<4.5.56 buffer-overflow http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1005 {g,}mc<4.5.56 denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1009 {g,}mc<4.5.56 denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1090 {g,}mc<4.5.56 denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1091 {g,}mc<4.5.56 denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1092 {g,}mc<4.5.56 denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1093 {g,}mc<4.5.56 denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1174 {g,}mc<4.5.56 remote-unknown http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1175 {g,}mc<4.5.56 denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1176 horde-3.0.[0-3]* cross-site-scripting http://secunia.com/advisories/14730/ gsharutils<4.2.1nb5 buffer-overflow http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1772 gsharutils<4.2.1nb5 buffer-overflow http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1773 squid<2.5.9nb1 privacy-leak http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0626 gtk2+<2.6.4nb1 denial-of-service http://secunia.com/advisories/14775/ gdk-pixbuf<0.22.0nb5 denial-of-service http://secunia.com/advisories/14776/ phpmyadmin<2.6.2rc1 cross-site-scripting http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-3 gaim<1.2.1 denial-of-service http://gaim.sourceforge.net/security/?id=13 gaim<1.2.1 denial-of-service http://gaim.sourceforge.net/security/?id=14 gaim<1.2.1 denial-of-service http://gaim.sourceforge.net/security/?id=15 xorg-libs<6.8.2nb1 buffer-overflow http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0605 XFree86-libs<=4.5.0 buffer-overflow http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0605 {ap-,}php<4.3.11 denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0524 {ap-,}php<4.3.11 denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0525 {ap-,}php-5.0.[0123]* denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0524 {ap-,}php-5.0.[0123]* denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0525 netscape7-[0-9]* privacy-leak http://secunia.com/advisories/14804/ netscape7-[0-9]* remote-code-execution http://secunia.com/advisories/14996/ gsharutils<4.2.1nb6 privilege-escalation http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0990 mysql-server<3.23.59 privilege-escalation http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0957 sun-{jre,jdk}15-* local-file-write http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1080 sun-{jre,jdk}14-* local-file-write http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1080 kdelibs-3.4.0{,nb1,nb2} buffer-overflow http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1046 kdelibs<3.3.2nb10 buffer-overflow http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1046 gnome-vfs2-cdda-2.10.0 remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0706 gnome-vfs2<2.6.0nb1 remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0706 gnome-vfs2-cdda<2.8.4nb1 remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0706 gnome-vfs<1.0.5nb8 remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0706 libcdaudio<0.99.12nb1 remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0706 gld<1.5 remote-code-execution http://archives.neohapsis.com/archives/vulnwatch/2005-q2/0005.html pine<4.62nb2 local-file-write http://secunia.com/advisories/14899/ openoffice<1.1.4nb2 remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0941 openoffice-linux<1.1.5 remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0941 openoffice-bin<1.1.4nb1 remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0941 postgrey<1.21 denial-of-service http://secunia.com/advisories/14958/ php-exif<4.3.11 remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1042 php-exif<4.3.11 denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1043 cvs<1.11.20 remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0753 realplayer<10.6 remote-code-execution http://www.service.real.com/help/faq/security/security041905.html RealPlayerGold<10.0.4 remote-code-execution http://www.service.real.com/help/faq/security/security041905.html heimdal<0.6.4 remote-code-execution http://www.pdc.kth.se/heimdal/advisory/2005-04-20/ mplayer<1.0rc6nb2 remote-code-execution http://www.mplayerhq.hu/homepage/design7/news.html#vuln10 mplayer<1.0rc6nb2 remote-code-execution http://www.mplayerhq.hu/homepage/design7/news.html#vuln11 gmplayer<1.0rc6nb3 remote-code-execution http://www.mplayerhq.hu/homepage/design7/news.html#vuln10 gmplayer<1.0rc6nb3 remote-code-execution http://www.mplayerhq.hu/homepage/design7/news.html#vuln11 quanta-3.1.* remote-code-execution http://www.kde.org/info/security/advisory-20050420-1.txt kdewebdev<3.3.2nb1 remote-code-execution http://www.kde.org/info/security/advisory-20050420-1.txt kdewebdev-3.4.0 remote-code-execution http://www.kde.org/info/security/advisory-20050420-1.txt firefox{-bin,-gtk2,-gtk2-bin}<1.0.3 privacy-leak http://www.mozilla.org/security/announce/mfsa2005-33.html firefox{,-gtk1}<1.0.2nb1 privacy-leak http://www.mozilla.org/security/announce/mfsa2005-33.html firefox{,-bin,-gtk1,-gtk2,-gtk2-bin}<1.0.3 privilege-escalation http://www.mozilla.org/security/announce/mfsa2005-34.html firefox{,-bin,-gtk1,-gtk2,-gtk2-bin}<1.0.3 privilege-escalation http://www.mozilla.org/security/announce/mfsa2005-35.html mozilla{,-bin,-gtk2,-gtk2-bin}<1.7.7 privilege-escalation http://www.mozilla.org/security/announce/mfsa2005-35.html firefox{,-bin,-gtk1,-gtk2,-gtk2-bin}<1.0.3 cross-site-scripting http://www.mozilla.org/security/announce/mfsa2005-36.html mozilla{,-bin,-gtk2,-gtk2-bin}<1.7.7 cross-site-scripting http://www.mozilla.org/security/announce/mfsa2005-36.html firefox{,-bin,-gtk1,-gtk2,-gtk2-bin}<1.0.3 privilege-escalation http://www.mozilla.org/security/announce/mfsa2005-37.html mozilla{,-bin,-gtk2,-gtk2-bin}<1.7.7 privilege-escalation http://www.mozilla.org/security/announce/mfsa2005-37.html firefox{,-bin,-gtk1,-gtk2,-gtk2-bin}<1.0.3 cross-site-scripting http://www.mozilla.org/security/announce/mfsa2005-38.html mozilla{,-bin,-gtk2,-gtk2-bin}<1.7.7 cross-site-scripting http://www.mozilla.org/security/announce/mfsa2005-38.html firefox{,-bin,-gtk1,-gtk2,-gtk2-bin}<1.0.3 privilege-escalation http://www.mozilla.org/security/announce/mfsa2005-39.html firefox{,-bin,-gtk1,-gtk2,-gtk2-bin}<1.0.3 missing-argument-check http://www.mozilla.org/security/announce/mfsa2005-40.html mozilla{,-bin,-gtk2,-gtk2-bin}<1.7.7 missing-argument-check http://www.mozilla.org/security/announce/mfsa2005-40.html firefox{,-bin,-gtk1,-gtk2,-gtk2-bin}<1.0.3 privilege-escalation http://www.mozilla.org/security/announce/mfsa2005-41.html mozilla{,-bin,-gtk2,-gtk2-bin}<1.7.7 privilege-escalation http://www.mozilla.org/security/announce/mfsa2005-41.html gzip-base<1.2.4anb1 local-file-write http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1228 gzip-base<1.2.4anb1 privilege-escalation http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0988 xine-lib<1.0nb2 remote-code-execution http://xinehq.de/index.php/security/XSA-2004-8 imp<3.2.8 cross-site-scripting http://secunia.com/advisories/15077/ lsh<1.4.3 remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0826 lsh<1.4.3nb2 denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0814 ImageMagick<6.2.2 heap-overflow http://www.overflow.pl/adv/imheapoverflow.txt netscape7-[0-9]* remote-code-execution http://secunia.com/advisories/15103/ ethereal<0.10.10nb1 denial-of-service http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2005-04/0447.html tcpdump-3.9.[0-1]* denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1280 tcpdump-3.9.[0-1]* denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1279 tcpdump<3.8.3nb1 denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1280 tcpdump<3.8.3nb1 denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1279 sqwebmail<6 cross-site-scripting http://secunia.com/advisories/15119/ php-curl<4.3.11 local-security-bypass http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1392 horde<2.2.8 cross-site-scripting http://secunia.com/advisories/14730/ netscape7-[0-9]* remote-code-execution http://www.networksecurity.fi/advisories/netscape-dom.html netscape7-[0-9]* authentication-spoofing http://secunia.com/advisories/15267/ p5-Convert-UUlib<1.05 buffer-overflow http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1349 gnutls<1.2.3 denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1431 kdewebdev<3.3.2nb2 remote-code-execution http://www.kde.org/info/security/advisory-20050504-1.txt kdewebdev-3.4.0{,nb1} remote-code-execution http://www.kde.org/info/security/advisory-20050504-1.txt nasm<0.98.39nb1 remote-code-execution https://bugzilla.redhat.com/beta/show_bug.cgi?id=152963 leafnode<1.11.2 denial-of-service http://leafnode.sourceforge.net/leafnode-SA-2005-01.txt ethereal<0.10.11 denial-of-service http://www.ethereal.com/appnotes/enpa-sa-00019.html ethereal<0.10.11 remote-code-execution http://www.ethereal.com/appnotes/enpa-sa-00019.html gaim<1.3.0 buffer-overflow http://gaim.sourceforge.net/security/index.php?id=16 gaim<1.3.0 denial-of-service http://gaim.sourceforge.net/security/index.php?id=17 squid<2.5.9nb11 domain-name-spoofing http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-dns_query firefox{,-bin,-gtk1,-gtk2,-gtk2-bin}<1.0.4 remote-code-execution http://www.mozilla.org/security/announce/mfsa2005-42.html firefox{,-bin,-gtk1,-gtk2,-gtk2-bin}<1.0.4 remote-code-execution http://www.mozilla.org/security/announce/mfsa2005-43.html firefox{,-bin,-gtk1,-gtk2,-gtk2-bin}<1.0.4 privilege-escalation http://www.mozilla.org/security/announce/mfsa2005-44.html mozilla{,-bin,-gtk2,-gtk2-bin}<1.7.8 remote-code-execution http://www.mozilla.org/security/announce/mfsa2005-42.html mozilla{,-bin,-gtk2,-gtk2-bin}<1.7.8 remote-code-execution http://www.mozilla.org/security/announce/mfsa2005-43.html mozilla{,-bin,-gtk2,-gtk2-bin}<1.7.8 privilege-escalation http://www.mozilla.org/security/announce/mfsa2005-44.html tiff<3.7.2nb1 buffer-overflow http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1544 bugzilla<2.18.1 information-leak http://www.bugzilla.org/security/2.16.8/ libexif<0.6.12nb1 denial-of-service http://secunia.com/advisories/15259/ maradns<1.0.27 weak-rng-source http://www.maradns.org/download/patches/maradns-1.0.26-rekey_rng.patch p5-Net-SSLeay<1.25 file-permissions http://secunia.com/advisories/15207/ evolution<2.0.4 denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0806 postgresql-server<7.3.10 privilege-escalation http://www.postgresql.org/about/news.322 postgresql73-server<7.3.10 privilege-escalation http://www.postgresql.org/about/news.322 postgresql74-server<7.4.8 privilege-escalation http://www.postgresql.org/about/news.322 postgresql80-server<8.0.3 privilege-escalation http://www.postgresql.org/about/news.322 freeradius<=1.0.2nb1 remote-code-execution http://www.securityfocus.com/bid/13540/ freeradius<=1.0.2nb1 buffer-overflow http://www.securityfocus.com/bid/13541/ mysql-server-4.1.{[0-9],10,11}{,nb*} sql-injection http://secunia.com/advisories/15369/ ImageMagick<6.2.2.3 denial-of-service http://www.gentoo.org/security/en/glsa/glsa-200505-16.xml netscape7-[0-9]* cross-site-scripting http://secunia.com/advisories/15437/ gxine<0.4.5 remote-code-execution http://secunia.com/advisories/15451/ net-snmp<5.1.2nb4 privilege-escalation http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1740 net-snmp-5.2.1 privilege-escalation http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1740 gedit<2.10.3 remote-code-execution http://secunia.com/advisories/15454/ squid<2.5.9nb2 weak-acl-enforcement http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1345 qpopper<4.0.6 privilege-escalation http://secunia.com/advisories/15475/ bzip2<1.0.3 denial-of-service http://scary.beasts.org/security/CESA-2005-002.txt openslp<1.2.1 remote-code-execution http://www.securityfocus.com/advisories/8224 mhonarc<2.6.11 cross-site-scripting https://savannah.nongnu.org/bugs/index.php?func=detailitem&item_id=12930 clamav<0.84 osx-privilege-escalation http://www.sentinelchicken.com/advisories/clamav/ ettercap-0.7.2 remote-code-execution http://secunia.com/advisories/15535/ qmail<=1.03 64bit-remote-code-execution http://secunia.com/advisories/15533/ gdb>6<6.2.1nb4 arbitrary-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1704 gdb<5.3nb5 arbitrary-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1704 gdb>6<6.2.1nb4 arbitrary-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1705 gdb<5.3nb5 arbitrary-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1705 binutils<2.16.1 privilege-escalation http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1704 kdbg<1.2.9 privilege-escalation http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0644 mozilla{,-bin,-gtk2,-gtk2-bin}<1.7.10 http-frame-spoof http://secunia.com/advisories/15601/ mozilla{,-bin,-gtk2,-gtk2-bin}<1.7.10 dialog-spoofing http://secunia.com/advisories/15489/ firefox{,-bin,-gtk1,-gtk2,-gtk2-bin}<1.0.5 http-frame-spoof http://secunia.com/advisories/15601/ firefox{,-bin,-gtk1,-gtk2,-gtk2-bin}<1.0.5 dialog-spoofing http://secunia.com/advisories/15489/ leafnode<1.11.3 denial-of-service http://leafnode.sourceforge.net/leafnode-SA-2005-02.txt xmysqladmin-[0-9]* remote-shell http://www.zataz.net/adviso/xmysqladmin-05292005.txt dbus<0.23.1 local-session-hijacking http://secunia.com/advisories/14119/ gaim<1.3.1 denial-of-service http://gaim.sourceforge.net/security/index.php?id=18 gaim<1.3.1 denial-of-service http://gaim.sourceforge.net/security/index.php?id=19 libextractor<0.3.11nb1 remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0064 libextractor<0.4.2 remote-code-execution http://secunia.com/advisories/15651/ tcpdump<3.8.3nb2 denial-of-service http://secunia.com/advisories/15634/ mikmod<3.1.7 buffer-overflow http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0427 postfix<2.1.5nb5 linux-unauthorised-mail-relaying http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0337 squirrelmail<1.4.4nb1 remote-code-execution http://www.squirrelmail.org/security/issue/2005-06-15 opera<8.01 cross-site-scripting http://secunia.com/advisories/15423/ opera<8.01 remote-security-bypass http://secunia.com/secunia_research/2005-4/advisory/ opera<8.01 cross-site-scripting http://secunia.com/secunia_research/2005-5/advisory/ opera<8.01 dialog-spoofing http://secunia.com/advisories/15488/ sun-{jdk,jre}15<5.0.2 remote-user-access http://secunia.com/advisories/15671/ acroread7<7.0.1 remote-information-exposure http://www.adobe.com/support/techdocs/331710.html acroread7<7.0.1 buffer-overflow http://www.adobe.com/support/techdocs/321644.html p5-razor-agents<2.72 denial-of-service http://secunia.com/advisories/15739/ spamassassin<3.0.4 denial-of-service http://secunia.com/advisories/15704/ heimdal<0.6.5 buffer-overflow http://www.pdc.kth.se/heimdal/advisory/2005-06-20/ trac<0.8.4 remote-code-execution http://secunia.com/advisories/15752/ sudo<1.6.8pl9 privilege-escalation http://www.courtesan.com/sudo/alerts/path_race.html gcpio<2.6nb1 local-file-write http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1111 gcpio<2.6nb1 directory-traversal http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1229 tor<0.0.9.10 information-leak http://archives.seul.org/or/announce/Jun-2005/msg00001.html ruby18-base<1.8.2nb2 remote-security-bypass http://secunia.com/advisories/15767/ ruby1{6,8}-xmlrpc4r<1.7.16nb2 remote-security-bypass http://secunia.com/advisories/15767/ asterisk<1.0.8 remote-code-execution http://www.bindshell.net/voip/advisory-05-013.txt p5-CGI<2.94 cross-site-scripting http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0615 perl{,-thread}-5.6.[0-9]* cross-site-scripting http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0615 perl{,-thread}-5.6.[0-9]* access-validation-bypass http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1323 realplayer-[0-9]* remote-code-execution http://service.real.com/help/faq/security/050623_player/EN/ RealPlayerGold<10.0.5 remote-code-execution http://service.real.com/help/faq/security/050623_player/EN/ clamav<0.86.1 denial-of-service http://secunia.com/advisories/15811/ clamav<0.86 denial-of-service http://secunia.com/advisories/15835/ clamav<0.86 denial-of-service http://secunia.com/advisories/15859/ dillo<0.8.5 remote-code-execution http://www.dillo.org/ChangeLog.html p5-Net-Server<0.88 denial-of-service http://www.derkeiler.com/Mailing-Lists/Securiteam/2005-04/0147.html zlib<1.2.2nb1 denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2096 net-snmp<5.2.1.2 denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2177 bugzilla<2.18.2 information-leak http://www.bugzilla.org/security/2.18.1/ unalz<0.40 buffer-overflow http://www.kipple.pe.kr/win/unalz/ mit-krb5<1.4.2 denial-of-service http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2005-002-kdc.txt mit-krb5<1.4.2 remote-code-execution http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2005-003-recvauth.txt squirrelmail<1.4.5 remote-file-write http://www.squirrelmail.org/security/issue/2005-07-13 polsms<2.0.2 privilege-escalation http://secunia.com/advisories/16038/ elmo<1.3.2 local-file-write http://secunia.com/advisories/15977/ audit-packages<1.35 no-vulnerability-but-missing-file-format-check-support http://mail-index.netbsd.org/pkgsrc-changes/2005/06/07/0036.html centericq<=4.20.0 local-file-write http://secunia.com/advisories/15913/ phppgadmin<3.5.4 remote-information-exposure http://secunia.com/advisories/15941/ cups<1.1.21rc1 acl-bypass http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-2154 firefox{,-bin,-gtk1,-gtk2,-gtk2-bin}<1.0.5 cross-site-scripting http://secunia.com/advisories/15549/ firefox{,-bin,-gtk1,-gtk2,-gtk2-bin}<1.0.5 multiple-vulnerabilities http://secunia.com/advisories/16043/ ekg<1.6nb2 local-symlink-race http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1916 ekg<1.6nb2 insecure-temp-files http://www.debian.org/security/2005/dsa-760 ekg<1.6nb2 shell-command-injection http://www.debian.org/security/2005/dsa-760 kdebase-3.[2-3].[0-9]{,nb*} local-information-exposure http://www.kde.org/info/security/advisory-20050718-1.txt kdebase-3.4.0{,nb*} local-information-exposure http://www.kde.org/info/security/advisory-20050718-1.txt php<4.3.11nb1 remote-command-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1921 php<4.3.11nb1 remote-command-execution http://www.hardened-php.net/advisory_142005.66.html fetchmail<6.2.5nb5 remote-user-shell http://fetchmail.berlios.de/fetchmail-SA-2005-01.txt kdenetwork-3.3.* remote-code-execution http://www.kde.org/info/security/advisory-20050721-1.txt kdenetwork-3.4.{0,0nb*,1} remote-code-execution http://www.kde.org/info/security/advisory-20050721-1.txt rsnapshot<1.1.7 privilege-escalation http://www.rsnapshot.org/security/2005/001.html zlib<1.2.3 denial-of-service http://secunia.com/advisories/16137/ clamav<0.86.2 denial-of-service http://secunia.com/advisories/16180/ clamav<0.86.2 buffer-overflow http://secunia.com/advisories/16180/ vim{,-gtk,-gtk2,-kde,-motif,-xaw,-share}<6.3.082 local-code-execution http://secunia.com/advisories/16206/ vim<6.3.082 local-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2368 ethereal<0.10.12 denial-of-service http://www.ethereal.com/appnotes/enpa-sa-00020.html ethereal<0.10.12 remote-code-execution http://www.ethereal.com/appnotes/enpa-sa-00020.html p5-Compress-Zlib<1.35 denial-of-service http://secunia.com/advisories/16137/ unzip<5.52nb2 local-symlink-race http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2475 rsync<2.6.6 null-pointer-bug http://lists.samba.org/archive/rsync-announce/2005/000032.html msf<2.4nb2 remote-security-bypass http://secunia.com/advisories/16318/ proftpd<1.2.10nb4 format-string http://secunia.com/advisories/16181/ jabberd-2.0s[2-8]{,nb*} buffer-overflows http://secunia.com/advisories/16291/ gopher<3.0.8 privilege-escalation http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1853 gaim<1.4.0nb1 denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2370 kadu<0.4.1 denial-of-service http://secunia.com/advisories/16238/ opera<8.02 dialog-spoofing http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2405 opera<8.02 cross-site-scripting http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2406 suse_base<9.1nb6 denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1849 suse_base<9.1nb6 denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2096 netpbm<10.28 local-code-execution http://secunia.com/advisories/16184/ acroread5<5.0.11 buffer-overflow http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1625 acroread5<5.0.11 insecure-temp-files http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1841 apache-2.0.[0-4][0-9]* cache-poisoning http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2088 apache-2.0.5[0-3]* cache-poisoning http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2088 apache-2.0.54{,nb[12]} cache-poisoning http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2088 awstats<6.4nb1 remote-command-execution http://www.idefense.com/application/poi/display?id=290&type=vulnerabilities inkscape<0.42 insecure-temp-files http://secunia.com/advisories/16343/ mysql-server<4.0.25 local-code-execution http://www.appsecinc.com/resources/alerts/mysql/2005-001.html mysql-server<4.0.25 buffer-overflow http://www.appsecinc.com/resources/alerts/mysql/2005-002.html mysql-server-4.1.{0,1,2,3,4,5,6,7,8,9,10,11,12}{,nb*} local-code-execution http://www.appsecinc.com/resources/alerts/mysql/2005-001.html mysql-server-4.1.{0,1,2,3,4,5,6,7,8,9,10,11,12}{,nb*} buffer-overflow http://www.appsecinc.com/resources/alerts/mysql/2005-002.html xpdf<3.00pl3nb1 denial-of-service http://secunia.com/advisories/16374/ kdegraphics-3.3.[0-9]{,nb*} denial-of-service http://www.kde.org/info/security/advisory-20050809-1.txt kdegraphics-3.4.0{,nb*} denial-of-service http://www.kde.org/info/security/advisory-20050809-1.txt kdegraphics-3.4.1 denial-of-service http://www.kde.org/info/security/advisory-20050809-1.txt gaim<1.4.0nb2 denial-of-service http://secunia.com/advisories/16379/ gaim<1.4.0nb2 remote-command-execution http://secunia.com/advisories/16379/ cups<1.1.23nb3 denial-of-service http://secunia.com/advisories/16380/ wine>20000000<20050524nb1 insecure-temp-files http://secunia.com/advisories/16352/ wine-20050725 insecure-temp-files http://secunia.com/advisories/16352/ xv<3.10anb10 privilege-escalation http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1725 xv<3.10anb10 privilege-escalation http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1726 xv<3.10anb10 privilege-escalation http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0665 kdeedu-3.[0-3].* privilege-escalation http://www.kde.org/info/security/advisory-20050815-1.txt kdeedu-3.4.{0*,1,2} privilege-escalation http://www.kde.org/info/security/advisory-20050815-1.txt thunderbird{,-bin,-gtk1}<1.0.5 disabled-scripting-bypass http://www.mozilla.org/security/announce/mfsa2005-46.html netscape7-7.2{,nb*} cross-site-scripting http://secunia.com/advisories/15553/ netscape8<8.0.3.3 cross-site-scripting http://secunia.com/advisories/15553/ netscape8<8.0.3.3 arbitrary-code-execution http://secunia.com/advisories/16185/ netscape7-7.2{,nb*} arbitrary-code-execution http://secunia.com/advisories/16044/ netscape8<8.0.3.3 arbitrary-code-execution http://secunia.com/advisories/16044/ netscape7-7.2{,nb*} local-security-bypass http://secunia.com/advisories/16044/ netscape8<8.0.3.3 local-security-bypass http://secunia.com/advisories/16044/ centericq<4.20.0nb2 denial-of-service http://secunia.com/advisories/16240/ centericq<4.20.0nb2 shell-command-injection http://secunia.com/advisories/16240/ evolution<2.2.2nb2 arbitrary-code-execution http://www.sitic.se/eng/advisories_and_recommendations/sa05-001.html evolution-2.2.3 arbitrary-code-execution http://www.sitic.se/eng/advisories_and_recommendations/sa05-001.html gpdf-2.10.0 denial-of-service http://secunia.com/advisories/16400/ mantis<0.19.2 cross-site-scripting http://secunia.com/advisories/16506/ mantis<0.19.2 sql-injection http://secunia.com/advisories/16506/ elm<2.5.8 remote-user-shell http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2005-08/0692.html pcre<6.2 arbitrary-code-execution http://secunia.com/advisories/16502/ mplayer<1.0rc7nb2 remote-code-execution http://www.sven-tantau.de/public_files/mplayer/mplayer_20050824.txt gmplayer<1.0rc7nb1 remote-code-execution http://www.sven-tantau.de/public_files/mplayer/mplayer_20050824.txt tor<0.1.0.14 information-disclosure http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2643 cvs<1.11.20nb2 local-privilege-escalation http://secunia.com/advisories/16553/ apache-2.0.[1-4][0-9]* remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2491 apache-2.0.5[0-3]* remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2491 apache-2.0.54{,nb[123]} remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2491 pam-ldap-169{,nb*} authentication-bypass http://secunia.com/advisories/16518/ pam-ldap-17[0-9]{,nb*} authentication-bypass http://secunia.com/advisories/16518/ gnats<4.1.0nb1 local-file-write http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2180 apache-2.0.[1-4][0-9]* denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2728 apache-2.0.5[0-3]* denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2728 apache-2.0.54{,nb[123]} denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2728 phpmyadmin<2.6.4rc1 cross-site-scripting http://secunia.com/advisories/16605/ sqwebmail<5.0.4nb1 cross-site-scripting http://secunia.com/advisories/16539/ sqwebmail<5.0.4nb1 cross-site-scripting http://secunia.com/advisories/16600/ ntp<4.2.0nb7 listener-permissions http://secunia.com/advisories/16602/ phpldapadmin<0.9.6cnb