FreeBSD VuXML

Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Security issues that affect the FreeBSD operating system or applications in the FreeBSD Ports Collection are documented using the Vulnerabilities and Exposures Markup Language (VuXML). The current VuXML document that serves as the source for the content of this site can be found:

in the FreeBSD Ports Collection repository, path ports/security/vuxml/vuln.xml
as a local copy
as a local copy, compressed with bzip2

Please report security issues to the FreeBSD Security Team at <security-team@FreeBSD.org>. Full contact details, including information handling policies and PGP key, can be found on the FreeBSD Security page.

modified date index

Modified	Topic
2010-09-03	wget -- multiple HTTP client download filename vulnerability
2010-09-03	lftp -- multiple HTTP client download filename vulnerability
2010-08-31	p5-libwww -- possibility to remote servers to create file with a .(dot) character
2010-08-25	quagga -- stack overflow and DoS vulnerabilities
2010-08-24	bugzilla -- information disclosure, denial of service
2010-08-22	OpenTTD -- Denial of service (server) via infinite loop
2010-08-21	corkscrew -- buffer overflow vulnerability
2010-08-21	phpmyadmin -- Several XSS vulnerabilities
2010-08-20	slim -- insecure PATH assignment
2010-08-20	ruby -- UTF-7 encoding XSS vulnerability in WEBrick
2010-08-14	vlc -- invalid id3v2 tags may lead to invalid memory dereferencing
2010-08-13	opera -- multiple vulnerabilities
	linux-flashplugin -- multiple vulnerabilities
	isolate -- local root exploit
2010-08-09	firefox -- Dangling pointer crash regression from plugin parameter array fix
2010-08-04	Piwik -- Local File Inclusion Vulnerability
2010-07-30	libmspack -- infinite loop denial of service
2010-07-26	apache -- Remote DoS bug in mod_cache and mod_dav
2010-07-23	git -- buffer overflow vulnerability
2010-07-21	mozilla -- multiple vulnerabilities
2010-07-21	codeigniter -- file upload class vulnerability
2010-07-18	vte -- Classic terminal title set+query attack
2010-07-18	webkit-gtk2 -- Multiple vulnabilities
2010-07-10	redmine -- multiple vulnerabilities
2010-07-06	bogofilter -- heap underrun on malformed base64 input
2010-07-05	bugzilla -- information disclosure
2010-06-30	kvirc -- multiple vulnerabilities
2010-06-28	png -- libpng decompression buffer overflow
2010-06-28	moodle -- multiple vulnerabilities
2010-06-27	mDNSResponder -- corrupted stack crash when parsing bad resolv.conf
2010-06-25	opera -- Data URIs can be used to allow cross-site scripting
2010-06-24	cacti -- multiple vulnerabilities
2010-06-23	mozilla -- multiple vulnerabilities
2010-06-17	gd -- '_gdGetColors' remote buffer overflow vulnerability
2010-06-16	tiff -- Multiple integer overflows
2010-06-15	ziproxy -- security vulnerability in PNG decoder
2010-06-14	linux-flashplugin -- multiple vulnerabilities
2010-06-12	tiff -- buffer overflow vulnerability
2010-06-02	mediawiki -- two security vulnerabilities
2010-06-02	sudo -- Secure path vulnerability
2010-05-28	ziproxy -- atypical huge picture files vulnerability
2010-05-14	redmine -- multiple vulnerabilities
2010-05-12	cacti -- SQL injection and command execution vulnerabilities
	wordpress -- remote privilege escalation
	drupal -- multiple vulnerabilities
	drupal -- multiple vulnerabilities
	opera -- multiple vulnerabilities
	proftpd -- Long Command Processing Vulnerability
	phpmyadmin -- Code execution vulnerability
	rubygem-rails -- SQL injection vulnerability
	opera -- multiple vulnerabilities
	cdf3 -- Buffer overflow vulnerability
	drupal -- multiple vulnerabilities
	ruby -- multiple vulnerabilities in safe level
	ruby -- DoS vulnerability in WEBrick
	Bugzilla -- Directory Traversal in importxml.pl
	drupal -- multiple vulnerabilities
	phpmyadmin -- Cross Site Scripting Vulnerabilities
	ikiwiki -- empty password security hole
	spamdyke -- open relay
	django -- XSS vulnerability
	ikiwiki -- cross site request forging
	suphp -- multiple local privilege escalation vulnerabilities
	opera -- multiple vulnerabilities
	phpmyadmin -- SQL injection vulnerability
	opera -- multiple vulnerabilities
	ikiwiki -- javascript insertion via uris
	drupal -- cross site request forgery
	drupal -- cross site scripting (utf8)
	drupal -- cross site scripting (register_globals)
	gallery2 -- multiple vulnerabilities
	peercast -- buffer overflow vulnerability
	phpmyadmin -- Cross Site Scripting
	phpmyadmin -- cross-site scripting vulnerability
	phpmyadmin -- cross-site scripting vulnerability
	bugzilla -- "createmailregexp" security bypass vulnerability
	coppermine -- multiple vulnerabilities
	claws-mail -- POP3 Format String Vulnerability
	joomla -- multiple vulnerabilities
	lighttpd -- multiple vulnerabilities
	opera -- multiple vulnerabilities
	wireshark -- Multiple problems
	vlc -- format string vulnerability and integer overflow
	c-ares -- DNS Cache Poisoning Vulnerability
	webmin -- cross site scripting vulnerability
	phppgadmin -- cross site scripting vulnerability
	p5-Imager - possibly exploitable buffer overflow
	freeradius -- EAP-TTLS Tunnel Memory Leak Remote DOS Vulnerability
	Squid -- TRACE method handling denial of service
	opera -- multiple vulnerabilities
	drupal -- multiple vulnerabilities
	tnftpd -- Remote root Exploit
	ruby -- cgi.rb library Denial of Service
	tdiary -- cross site scripting vulnerability
	ingo -- local arbitrary shell command execution
	clamav -- Multipart Nestings Denial of Service
	drupal-pubcookie -- authentication may be bypassed
	joomla -- multiple vulnerabilities
	globus -- Multiple tmpfile races
	alsaplayer -- multiple vulnerabilities
	trac -- reStructuredText breach of privacy and denial of service vulnerability
	horde -- various problems in dereferrer
2010-05-07	wireshark -- DOCSIS dissector denial of service
2010-05-07	piwik -- cross site scripting vulnerability
2010-05-06	spamass-milter -- remote command execution vulnerability
2010-05-06	squidGuard -- multiple vulnerabilities
2010-05-05	lxr -- multiple XSS vulnerabilities
	mediawiki -- authenticated CSRF vulnerability
	vlc -- unintended code execution with specially crafted data
2010-05-02	squid -- Denial of Service vulnerability in HTCP
	otrs -- SQL injection
	squid -- Denial of Service vulnerability in DNS handling
	dokuwiki -- multiple vulnerabilities
	drupal -- multiple cross-site scripting
	pligg -- Cross-Site Scripting and Cross-Site Request Forgery
	piwik -- php code execution
	opera -- multiple vulnerabilities
	libtool -- Library Search Path Privilege Escalation Issue
	cacti -- cross-site scripting issues
	wordpress -- multiple vulnerabilities
	opera -- multiple vulnerabilities
	django -- denial-of-service attack
	virtualbox -- privilege escalation
	fwbuilder -- security issue in temporary file handling
	wordpress -- remote admin password reset vulnerability
	silc-client -- Format string vulnerability
	mozilla -- corrupt JIT state after deep return from native function
	drupal -- multiple vulnerabilities
	phpmyadmin -- XSS vulnerability
	joomla -- multiple vulnerabilities
	git -- denial of service vulnerability
	ruby -- BigDecimal denial of service vulnerability
	dokuwiki -- Local File Inclusion with register_globals on
	wireshark -- PCNFSD Dissector Denial of Service Vulnerability
	php -- ini database truncation inside dba_replace() function
	openfire -- Openfire No Password Changes Security Bypass
	drupal -- cross site scripting
	phpmyadmin -- insufficient output sanitizing when generating configuration file
	drupal6-cck -- cross-site scripting
	phpmyadmin -- insufficient output sanitizing when generating configuration file
	wireshark -- multiple vulnerabilities
	opera -- multiple vulnerabilities
	typo3 -- cross-site scripting and information disclosure
	tor -- unspecified memory corruption vulnerability
	openfire -- multiple vulnerabilities
	imap-uw -- imap c-client buffer overflow
	imap-uw -- local buffer overflow vulnerabilities
	vinagre -- format string vulnerability
	drupal -- multiple vulnerabilities
	phpmyadmin -- cross-site request forgery vulnerability
	php5 -- potential magic_quotes_gpc vulnerability
	wordpress -- header rss feed script insertion vulnerability
	openfire -- multiple vulnerabilities
	vlc -- cue processing stack overflow
	emacs -- run-python vulnerability
	opera -- multiple vulnerabilities
	opera -- multiple vulnerabilities
2010-04-26	joomla -- multiple vulnerabilities
2010-04-24	tomcat -- information disclosure vulnerability
2010-04-24	moodle -- multiple vulnerabilities
2010-04-21	krb5 -- KDC double free vulnerability
2010-04-20	e107 -- code execution and XSS vulnerabilities
	pidgin -- multiple remote denial of service vulnerabilities
	fetchmail -- denial of service vulnerability
	png -- libpng decompression denial of service
2010-04-19	curl -- libcurl buffer overflow vulnerability
	ejabberd -- queue overload denial of service vulnerability
	irssi -- multiple vulnerabilities
2010-04-18	mahara -- sql injection vulnerability
	krb5 -- remote denial of service vulnerability
	krb5 -- multiple denial of service vulnerabilities
2010-04-15	sudo -- Privilege escalation with sudoedit
2010-04-14	KDM -- local privilege escalation vulnerability
2010-04-06	dojo -- cross-site scripting and other vulnerabilities
2010-04-06	Zend Framework -- security issues in bundled Dojo library
2010-04-05	firefox -- Re-use of freed object due to scope confusion
2010-03-30	mozilla -- multiple vulnerabilities
2010-03-25	postgresql -- bitsubstr overflow
2010-03-24	gtar -- buffer overflow in rmt client
2010-03-23	firefox -- WOFF heap corruption due to integer overflow
2010-03-22	zgv, xzgv -- heap overflow vulnerability
2010-03-19	mozilla -- multiple vulnerabilities
2010-03-11	egroupware -- two vulnerabilities
2010-03-08	drupal -- multiple vulnerabilities
2010-03-01	sudo -- Privilege escalation with sudoedit
2010-02-28	mozilla -- multiple vulnerabilities
2010-02-27	openoffice.org -- multiple vulnerabilities
2010-02-16	lighttpd -- denial of service vulnerability
2010-02-13	linux-flashplugin -- multiple vulnerabilities
2010-02-13	gnome-screensaver -- Multiple monitor hotplug issues
2010-02-12	fetchmail -- heap overflow on verbose X.509 display
2010-02-10	wireshark -- LWRES vulnerability
2010-02-03	apache -- Prevent chunk-size integer overflow on platforms where sizeof(int) < sizeof(long)
2010-02-01	bugzilla -- information leak
2010-01-28	irc-ratbox -- multiple vulnerabilities
2010-01-21	mozilla -- multiple vulnerabilities
2010-01-11	Zend Framework -- multiple vulnerabilities
2010-01-09	powerdns-recursor -- multiple vulnerabilities
2010-01-04	PEAR -- Net_Ping and Net_Traceroute remote arbitrary command injection
2009-12-21	monkey -- improper input validation vulnerability
	fuser -- missing user's privileges check
	openssl -- denial of service in DTLS implementation
2009-12-17	php -- multiple vulnerabilities
	tptest -- pwd Remote Stack Buffer Overflow
	postgresql -- multiple vulnerabilities
2009-12-14	freeradius -- remote packet of death vulnerability
2009-12-14	mozilla -- multiple vulnerabilities
2009-12-12	mozilla -- multiple vulnerabilities
	mozilla -- multiple vulnerabilities
	firefox -- multiple vulnerabilities
	mozilla -- multiple vulnerabilities
	firefox -- javascript garbage collector vulnerability
	mozilla -- multiple vulnerabilities
	mozilla -- multiple vulnerabilities
2009-12-10	dovecot -- Insecure directory permissions
2009-12-09	ruby -- heap overflow vulnerability
	linux-flashplugin -- multiple vulnerabilities
	rt -- Session fixation vulnerability
2009-12-08	expat2 -- buffer over-read and crash
2009-12-08	expat2 -- Parser crash with specially formatted UTF-8 sequences
2009-11-24	libvorbis -- multiple vulnerabilities
2009-11-23	bugzilla -- information leak
2009-11-06	p5-HTML-Parser -- denial of service
2009-11-05	typo3 -- multiple vulnerabilities in TYPO3 Core
2009-11-03	vlc -- stack overflow in MPA, AVI and ASF demuxer
2009-11-02	KDE -- multiple vulnerabilities
2009-10-29	opera -- multiple vulnerabilities
2009-10-28	Enhanced cTorrent -- stack-based overflow
2009-10-25	elinks -- buffer overflow vulnerability
2009-10-20	Xpdf -- Multiple Vulnerabilities
2009-10-13	phpmyadmin -- XSS and SQL injection vulnerabilities
2009-10-12	php5 -- Multiple security issues
2009-10-06	FreeBSD -- kqueue pipe race conditions
2009-10-06	FreeBSD -- Devfs / VFS NULL pointer race condition
2009-10-01	pango -- integer overflow
2009-09-30	mybb -- multiple vulnerabilities
2009-09-22	drupal -- multiple vulnerabilities
2009-09-22	horde-base -- multiple vulnerabilities
2009-09-17	bugzilla -- two SQL injections, sensitive data exposure
2009-09-15	nginx -- remote denial of service vulnerability
2009-09-14	cyrus-imapd -- Potential buffer overflow in Sieve
2009-09-13	xapian-omega -- cross-site scripting vulnerability
2009-09-13	ikiwiki -- insufficient blacklisting in teximg plugin
2009-09-10	mozilla firefox -- multiple vulnerabilities
2009-09-08	silc-toolkit -- Format string vulnerabilities
2009-09-04	mozilla -- multiple vulnerabilities
2009-09-02	dnsmasq -- TFTP server remote code injection vulnerability
2009-08-25	apache22 -- several vulnerability
2009-08-20	pidgin -- MSN overflow parsing SLP messages
2009-08-17	memcached -- memcached stats maps Information Disclosure Weakness
	GnuTLS -- multiple vulnerabilities
	GnuTLS -- improper SSL certificate verification
2009-08-13	fetchmail -- improper SSL certificate subject verification
2009-08-11	joomla15 -- com_mailto Timeout Issue
2009-08-07	subversion -- heap overflow vulnerability
2009-08-06	squid -- several remote denial of service vulnerabilities
2009-08-05	bugzilla -- product name information leak
2009-08-04	BIND -- Dynamic update message remote DoS
2009-08-02	SquirrelMail -- Plug-ins compromise
2009-07-29	mono -- XML signature HMAC truncation spoofing
2009-07-21	isc-dhcp-client -- Stack overflow vulnerability
2009-07-13	nagios -- Command Injection Vulnerability
2009-07-03	nfsen -- remote command execution
2009-07-01	syslog-ng2 -- startup directory leakage in the chroot environment
2009-06-23	tor-devel -- DNS resolution vulnerabiliity
2009-06-16	cscope -- multiple buffer overflows
	cscope -- buffer overflow
	pidgin -- multiple vulnerabilities
2009-06-08	apr -- multiple vulnerabilities
2009-05-30	eggdrop -- denial of service vulnerability
	libsndfile -- multiple vulnerabilities
	slim -- local disclosure of X authority magic cookie
2009-05-22	imap-uw -- University of Washington IMAP c-client Remote Format String Vulnerability
2009-05-22	nsd -- buffer overflow vulnerability
2009-05-20	ntp -- stack-based buffer overflow
2009-05-17	libxine -- multiple vulnerabilities
2009-05-17	libxine -- multiple vulnerabilities
2009-05-16	mod_perl -- cross-site scripting
	libwmf -- integer overflow vulnerability
	libwmf -- embedded GD library Use-After-Free vulnerability
	moinmoin -- cross-site scripting vulnerabilities
	drupal -- cross-site scripting
2009-05-15	cyrus-sasl -- buffer overflow vulnerability
2009-05-13	ghostscript -- buffer overflow vulnerability
	moinmoin -- multiple cross site scripting vulnerabilities
	wireshark -- multiple vulnerabilities
	FreeBSD -- remotely exploitable crash in OpenSSL
	cups -- remote code execution and DNS rebinding
2009-05-07	quagga -- Denial of Service
2009-04-29	xpdf -- stack based buffer overflow
2009-04-18	freetype2 -- multiple vulnerabilities
	poppler -- Poppler Multiple Vulnerabilities
	xpdf -- multiple vulnerabilities
2009-04-17	ejabberd -- cross-site scripting vulnerability
2009-04-15	ziproxy -- multiple vulnerability
2009-03-27	pivot-weblog -- file deletion vulnerability
2009-03-26	roundcube -- webmail script insertion and php code injection
2009-03-23	amarok -- multiple vulnerabilities
	zabbix -- php frontend multiple vulnerabilities
	net-snmp -- DoS for SNMP agent via crafted GETBULK request
2009-03-22	zope -- cross-site scripting vulnerability
2009-03-20	tor -- multiple vulnerabilites
2009-03-18	netatalk -- arbitrary command execution in papd daemon
2009-03-16	proftpd -- multiple sql injection vulnerabilities
	libsndfile -- CAF processing integer overflow vulnerability
	ffmpeg -- 4xm processing memory corruption vulnerability
	gstreamer-plugins-good -- multiple memory overflows
	phppgadmin -- directory traversal with register_globals enabled
	php-mbstring -- php mbstring buffer overflow vulnerability
2009-03-11	epiphany -- untrusted search path vulnerability
2009-03-11	apache -- Cross-site scripting vulnerability
2009-03-04	curl -- cURL/libcURL Location: Redirect URLs Security Bypass
2009-03-04	pngcrush -- libpng Uninitialised Pointer Arrays Vulnerability
2009-02-22	lighttpd -- multiple vulnerabilities
2009-02-18	Zend Framework -- Local File Inclusion vulnerability in Zend_View::render()
2009-02-17	dia -- remote command execution vulnerability
2009-02-15	pycrypto -- ARC2 module buffer overflow
2009-02-15	varnish -- Varnish HTTP Request Parsing Denial of Service
2009-02-11	pyblosxom -- atom flavor multiple XML injection vulnerabilities
2009-02-11	codeigniter -- arbitrary script execution in the new Form Validation class
2009-02-10	squid -- remote denial of service vulnerability
2009-02-09	phplist -- local file inclusion vulnerability
	websvn -- multiple vulnerabilities
	amaya -- multiple buffer overflow vulnerabilities
	typo3 -- multiple vulnerabilities
	ruby -- DNS spoofing vulnerability
2009-02-06	sudo -- certain authorized users could run commands as any user
2009-02-04	drupal -- multiple vulnerabilities
2009-02-04	php5-gd -- uninitialized memory information disclosure vulnerability
2009-02-03	perl -- Directory Permissions Race Condition
2009-01-30	ganglia -- buffer overflow vulnerability
2009-01-30	moinmoin -- multiple cross site scripting vulnerabilities
2009-01-28	glpi -- SQL Injection
2009-01-23	apache -- mod_imap cross-site scripting flaw
2009-01-23	apache -- http request smuggling
2009-01-21	ipset-tools -- Denial of Service Vulnerabilities
2009-01-20	Teamspeak Server -- Directory Traversal Vulnerability
2009-01-19	git -- gitweb privilege escalation
2009-01-19	optipng -- arbitrary code execution via crafted BMP image
2009-01-15	gtar -- GNU TAR safer_name_suffix Remote Denial of Service Vulnerability
	mplayer -- vulnerability in STR files processor
	nagios -- web interface privilege escalation vulnerability
2009-01-13	cgiwrap -- XSS Vulnerability
2009-01-11	libcdaudio -- remote buffer overflow and code execution
	pdfjam -- insecure temporary files
	verlihub -- insecure temporary file usage and arbitrary command execution
	mysql -- renaming of arbitrary tables by authenticated users
	mysql -- privilege escalation and overwrite of the system table information
	mysql -- empty bit-string literal denial of service
	mysql -- remote dos via malformed password packet
2009-01-06	xterm -- DECRQSS remote command execution vulnerability
2009-01-05	FreeBSD -- Cross-site request forgery in ftpd(8)
	FreeBSD -- netgraph / bluetooth privilege escalation
	FreeBSD -- IPv6 Neighbor Discovery Protocol routing vulnerability
	FreeBSD -- arc4random(9) predictable sequence vulnerability
2009-01-04	awstats -- multiple XSS vulnerabilities
2009-01-03	p5-File-Path -- rmtree allows creation of setuid files
2009-01-02	vim -- multiple vulnerabilities in the netrw module
2008-12-30	roundcube -- remote execution of arbitrary code
	twiki -- multiple vulnerabilities
	mplayer -- twinvq processing buffer overflow vulnerability
	mysql -- MyISAM table privileges security bypass vulnerability for symlinked paths
2008-12-26	ampache -- insecure temporary file usage
2008-12-25	cups -- potential buffer overflow in PNG reading code
2008-12-19	opera -- multiple vulnerabilities
	mediawiki -- multiple vulnerabilities
	mozilla -- multiple vulnerabilities
2008-12-07	wireshark -- SMTP Processing Denial of Service Vulnerability
	habari -- Cross-Site Scripting Vulnerability
	php -- multiple vulnerabilities
	dovecot-managesieve -- Script Name Directory Traversal Vulnerability
	mgetty+sendfax -- symlink attack via insecure temporary files
	vlc -- arbitrary code execution in the RealMedia processor
2008-12-06	mantis -- php code execution vulnerability
2008-12-06	mantis -- multiple vulnerabilities
2008-12-04	squirrelmail -- Cross site scripting vulnerability
2008-11-29	hplip -- hpssd Denial of Service
	openoffice -- arbitrary code execution vulnerabilities
	samba -- potential leakage of arbitrary memory contents
2008-11-24	imlib2 -- XPM processing buffer overflow vulnerability
2008-11-23	streamripper -- multiple buffer overflows
2008-11-23	mozilla -- multiple vulnerabilities
2008-11-22	mantis -- session hijacking vulnerability
2008-11-19	dovecot -- ACL plugin bypass vulnerabilities
2008-11-19	libxml2 -- multiple vulnerabilities
2008-11-18	enscript -- arbitrary code execution vulnerability
2008-11-16	gnutls -- X.509 certificate chain validation vulnerability
2008-11-13	faad2 -- heap overflow vulnerability
2008-11-10	clamav -- off-by-one heap overflow in VBA project parser
2008-11-09	trac -- potential DOS vulnerability
2008-11-02	qemu -- Heap overflow in Cirrus emulation
2008-10-31	phpmyadmin -- Cross-Site Scripting Vulnerability
2008-10-27	libspf2 -- Buffer overflow
2008-10-25	openx -- sql injection vulnerability
2008-10-25	flyspray -- multiple vulnerabilities
2008-10-24	wordpress -- snoopy "_httpsrequest()" shell command execution vulnerability
2008-10-20	libxml2 -- two vulnerabilities
2008-10-19	libxine -- denial of service vulnerability
2008-10-17	linux-flashplugin -- multiple vulnerabilities
2008-10-10	cups -- multiple vulnerabilities
	mysql -- command line client input validation vulnerability
	mysql -- MyISAM table privileges security bypass vulnerability
2008-10-03	bitlbee -- account recreation security issues
	phpmyadmin -- Cross-Site Scripting Vulnerability
	gallery -- multiple vulnerabilities
	horde -- multiple vulnerabilities
	tikiwiki -- multiple vulnerabilities
2008-10-02	mplayer -- multiple integer overflows
2008-09-26	samba -- buffer overflow vulnerability
	samba -- multiple vulnerabilities
	samba -- nss_info plugin privilege escalation vulnerability
	samba -- multiple vulnerabilities
	samba -- integer overflow vulnerability
	smbd -- buffer-overrun vulnerability
	samba -- potential remote DoS vulnerability
	samba -- remote file disclosure
	samba3 DoS attack
	Multiple Potential Buffer Overruns in Samba
2008-09-23	squirrelmail -- Session hijacking vulnerability
2008-09-17	phpmyadmin -- cross site request forgery vulnerabilites
	phpmyadmin -- Username/Password Session File Information Disclosure
	phpmyadmin -- Shared Host Information Disclosure
2008-09-14	twiki -- Arbitrary code execution in session files
2008-09-12	clamav -- CHM Processing Denial of Service
2008-09-12	neon -- NULL pointer dereference in Digest domain support
2008-09-10	python -- multiple vulnerabilities
2008-09-08	Nagios -- Cross Site Scripting Vulnerability
2008-09-05	FreeBSD -- amd64 swapgs local privilege escalation
	FreeBSD -- nmount(2) local arbitrary code execution
	FreeBSD -- Remote kernel panics on IPv6 connections
2008-09-04	php -- input validation error in safe_mode
2008-08-21	gnutls -- "gnutls_handshake()" Denial of Service
2008-08-20	joomla -- flaw in the reset token validation
2008-08-07	openvpn-devel -- arbitrary code execution
2008-08-04	kdewebdev -- kommander untrusted code execution vulnerability
2008-07-13	FreeBSD -- DNS cache poisoning
2008-07-09	poppler -- uninitialized pointer
2008-07-04	py-pylons -- Path traversal bug
2008-07-03	FreeType 2 -- Multiple Vulnerabilities
2008-07-01	fetchmail -- potential crash in -v -v verbose mode (revised patch)
2008-06-28	squid -- SNMP module denial-of-service vulnerability
2008-06-24	apache -- multiple vulnerabilities
2008-06-21	vim -- Vim Shell Command Injection Vulnerabilities
	ruby -- multiple integer and buffer overflow vulnerabilities
	mozilla -- multiple vulnerabilities
2008-06-20	fetchmail -- potential crash in -v -v verbose mode
2008-06-15	xorg -- multiple vulnerabilities
2008-06-15	moinmoin -- superuser privilege escalation
2008-06-13	Courier Authentication Library -- SQL Injection
2008-06-01	ikiwiki -- cleartext passwords
2008-05-30	linux-flashplugin -- unspecified remote code execution vulnerability
2008-05-21	peercast -- arbitrary code execution
2008-05-17	libvorbis -- various security issues
2008-05-11	vorbis-tools -- Speex header processing vulnerability
2008-05-08	qemu -- "drive_init()" Disk Format Security Bypass
2008-05-07	swfdec -- exposure of sensitive information
2008-05-02	sdl_image -- buffer overflow vulnerabilities
	mt-daapd -- integer overflow
	php -- integer overflow vulnerability
2008-04-29	gnupg -- memory corruption vulnerability
2008-04-29	png -- unknown chunk processing uninitialized memory access
2008-04-28	python -- Integer Signedness Error in zlib Module
2008-04-25	mailman -- script insertion vulnerability
	mksh -- TTY attachment privilege escalation
	openfire -- unspecified denial of service
	extman -- password bypass vulnerability
	serendipity -- multiple cross site scripting vulnerabilities
2008-04-24	libxine -- array index vulnerability
2008-04-24	postgresql -- multiple vulnerabilities
2008-04-15	clamav -- Multiple Vulnerabilities
2008-04-13	lighttpd -- OpenSSL Error Queue Denial of Service Vulnerability
2008-04-06	postfix-policyd-weight -- working directory symlink vulnerability
2008-04-05	powerdns-recursor -- DNS cache poisoning
2008-03-26	silc -- pkcs_decode buffer overflow
2008-03-20	bzip2 -- crash with certain malformed archive files
2008-03-11	qemu -- unchecked block read/write vulnerability
2008-03-10	dovecot -- security hole in blocking passdbs
2008-03-06	mplayer -- multiple vulnerabilities
2008-03-05	ghostscript -- zseticcspace() function buffer overflow vulnerability
2008-02-29	pcre -- buffer overflow vulnerability
2008-02-27	up-imapproxy -- multiple vulnerabilities
2008-02-26	libxine -- buffer overflow vulnerability
2008-02-26	moinmoin - multiple vulnerabilities
2008-02-25	coppermine - multiple vulnerabilities
2008-02-22	openldap -- modrdn Denial of Service vulnerability
2008-02-15	clamav -- ClamAV libclamav PE File Integer Overflow Vulnerability
2008-02-13	xfce -- multiple vulnerabilities
2008-02-12	cacti -- Multiple security vulnerabilities have been discovered
2008-02-12	claws-mail -- insecure temporary file creation
2008-02-09	zenphoto -- XSS vulnerability
2008-02-04	jetty -- multiple vulnerability
2008-01-31	dircproxy -- remote denial of service
2008-01-29	libxine -- buffer overflow vulnerability
2008-01-23	xorg -- multiple vulnerabilities
2008-01-20	freeradius -- sql injection and denial of service vulnerability
2008-01-19	IRC Services-- Denial of Service Vulnerability
2008-01-19	libxine -- buffer overflow vulnerability
2008-01-15	geeklog xss vulnerability
2008-01-14	php -- multiple vulnerabilities
2008-01-10	maradns -- CNAME record resource rotation denial of service
2008-01-07	lsh -- multiple vulnerabilities
2008-01-04	linux-realplayer -- multiple vulnerabilities
2008-01-03	linux-flashplugin -- multiple vulnerabilities
2007-12-31	tcl/tk -- buffer overflow in ReadImage function
2007-12-29	dovecot -- Specific LDAP + auth cache configuration may mix up user logins
2007-12-29	opera -- multiple vulnerabilities
2007-12-22	wireshark -- multiple vulnerabilities
2007-12-20	e2fsprogs -- heap buffer overflow
2007-12-18	ganglia-webfrontend -- XSS vulnerabilities
2007-12-14	qemu -- Translation Block Local Denial of Service Vulnerability
	firefox -- multiple remote unspecified memory corruption vulnerabilities
	mozilla -- code execution via Quicktime media-link files
2007-12-12	drupal -- SQL injection vulnerability
2007-12-12	smbftpd -- format string vulnerability
2007-12-10	jetty -- multiple vulnerabilities
2007-12-09	liveMedia -- DoS vulnerability
2007-12-07	Squid -- Denial of Service Vulnerability
2007-12-05	GNU finger vulnerability
2007-12-01	rubygem-rails -- JSON XSS vulnerability
2007-11-27	rubygem-rails -- session-fixation vulnerability
2007-11-27	ikiwiki -- improper symlink verification vulnerability
2007-11-17	postnuke -- admin section SQL injection
2007-11-16	php -- multiple security vulnerabilities
2007-11-16	jdk/jre -- Applet Caching May Allow Network Access Restrictions to be Circumvented
2007-11-14	net-snmp -- denial of service via GETBULK request
2007-11-14	xpdf -- multiple remote Stream.CC vulnerabilities
2007-11-13	flac -- media file processing integer overflow vulnerabilities
2007-11-12	plone -- unsafe data interpreted as pickles
	mt-daapd -- denial of service vulnerability
	cups -- off-by-one buffer overflow
2007-11-11	gftp -- multiple vulnerabilities
2007-11-09	gallery2 -- multiple vulnerabilities
2007-11-07	perl -- regular expressions unicode data buffer overflow
	perl -- vulnerabilities in PERLIO_DEBUG handling
	perl -- File::Path insecure file/directory permissions
2007-11-06	pcre -- arbitrary code execution
2007-11-05	perdition -- str_vwrite format string vulnerability
2007-11-01	wordpress -- cross-site scripting
2007-10-31	openldap -- multiple remote denial of service vulnerabilities
2007-10-31	mod_jk -- information disclosure
2007-10-27	py-django -- denial of service vulnerability
2007-10-25	opera -- multiple vulnerabilities
2007-10-24	drupal --- multiple vulnerabilities
2007-10-23	ldapscripts -- Command Line User Credentials Disclosure
2007-10-23	firefox -- OnUnload Javascript browser entrapment vulnerability
2007-10-20	phpmyadmin -- cross-site scripting vulnerability
2007-10-16	phpmyadmin -- cross site scripting vulnerability
2007-10-11	nagios-plugins -- Long Location Header Buffer Overflow Vulnerability
2007-10-11	png -- multiple vulnerabilities
2007-10-10	ImageMagick -- multiple vulnerabilities
2007-10-10	mediawiki -- cross site scripting vulnerability
2007-10-08	xfs -- multiple vulnerabilites
2007-10-04	firebird -- multiple remote buffer overflow vulnerabilities
2007-10-01	id3lib -- insecure temporary file creation
2007-09-21	bugzilla -- multiple vulnerabilities
	wordpress -- remote sql injection vulnerability
	clamav -- multiple remote Denial of Service vulnerabilities
2007-09-20	openoffice -- arbitrary command execution vulnerability
2007-09-19	flyspray -- authentication bypass
	kdm -- passwordless login vulnerability
	konquerer -- address bar spoofing
2007-09-11	apache -- multiple vulnerabilities
2007-09-10	lighttpd -- FastCGI header overrun in mod_fastcgi
2007-09-05	rkhunter -- insecure temporary file creation
2007-09-02	fetchmail -- denial of service on reject of local warning message
2007-09-01	gtar -- Directory traversal vulnerability
2007-08-25	opera -- Vulnerability in javascript handling
2007-08-23	rsync -- off by one stack overflow
2007-08-16	wordpress -- unmoderated comments disclosure
2007-08-10	flac123 -- stack overflow in comment parsing
2007-08-02	fsplib -- multiple vulnerabilities
	FreeBSD -- Buffer overflow in tcpdump(1)
	FreeBSD -- Predictable query ids in named(8)
	FreeBSD -- heap overflow in file(1)
	FreeBSD -- Jail rc.d script privilege escalation
2007-08-01	phpsysinfo -- url Cross-Site Scripting
2007-07-29	mutt -- buffer overflow vulnerability
2007-07-28	p5-Net-DNS -- multiple Vulnerabilities
	drupal -- Cross site request forgeries
	drupal -- Multiple cross-site scripting vulnerabilities
2007-07-27	vim -- Command Format String Vulnerability
2007-07-26	libvorbis -- Multiple memory corruption flaws
2007-07-24	tomcat -- XSS vulnerability in sample applications
	tomcat -- multiple vulnerabilities
	dokuwiki -- XSS vulnerability in spellchecker backend
2007-07-18	linux-flashplugin -- critical vulnerabilities
2007-07-09	typespeed -- arbitrary code execution
2007-06-29	gd -- multiple vulnerabilities
2007-06-28	evolution-data-server -- remote execution of arbitrary code vulnerability
2007-06-27	mod_perl -- remote DoS in PATH_INFO parsing
2007-06-24	wordpress -- XMLRPC SQL Injection
2007-06-21	xpcd -- buffer overflow
2007-06-19	clamav -- multiple vulnerabilities
2007-06-18	p5-Mail-SpamAssassin -- local user symlink-attack DoS vulnerability
2007-06-12	cups -- Incomplete SSL Negotiation Denial of Service
2007-06-07	mplayer -- cddb stack overflow
2007-06-05	gzip -- multiple vulnerabilities
2007-06-04	typo3 -- email header injection
2007-06-01	findutils -- GNU locate heap buffer overrun
2007-05-24	FreeType 2 -- Heap overflow vulnerability
2007-05-21	squirrelmail -- Cross site scripting in HTML filter
2007-05-16	png -- DoS crash vulnerability
2007-05-10	php -- multiple vulnerabilities
2007-05-02	qemu - several vulnerabilities
2007-04-28	FreeBSD -- IPv6 Routing Header 0 is dangerous
2007-04-23	gnupg -- OpenPGP symmetric encryption vulnerability
2007-04-19	claws-mail -- APOP vulnerability
2007-04-19	mozilla -- multiple vulnerabilities
2007-04-14	lighttpd -- Remote DOS in CRLF parsing
2007-04-14	lighttpd -- DOS when access files with mtime 0
2007-04-13	google-earth -- heap overflow in the KML engine
2007-04-09	fetchmail -- insecure APOP authentication
2007-04-08	mcweject -- exploitable buffer overflow
2007-04-08	webcalendar -- "noSet" variable overwrite vulnerability
2007-03-16	samba -- format string bug in afsacl.so VFS plugin
	sql-ledger -- security bypass vulnerability
	samba -- potential Denial of Service bug in smbd
	tdiary -- injection vulnerability
2007-03-14	ktorrent -- multiple vulnerabilities
2007-03-12	php -- multiple vulnerabilities
2007-03-09	mplayer -- DMO File Parsing Buffer Overflow Vulnerability
2007-03-09	trac -- cross site scripting vulnerability
2007-03-06	mod_jk -- long URL stack overflow vulnerability
2007-02-27	gtar -- name mangling symlink vulnerability
	FreeBSD -- Kernel memory disclosure in firewire(4)
	bind -- Multiple Denial of Service vulnerabilities
2007-02-26	libarchive -- Infinite loop in corrupt archives handling in libarchive
2007-02-26	OpenSSL -- Multiple problems in crypto(3)
2007-02-21	snort -- DCE/RPC preprocessor vulnerability
2007-02-17	rar -- password prompt buffer overflow vulnerability
2007-01-17	joomla -- multiple remote vulnerabilities
2007-01-15	sircd -- remote reverse DNS buffer overflow
2007-01-15	sircd -- remote operator privilege escalation vulnerability
2007-01-12	cacti -- Multiple vulnerabilities
2007-01-08	mplayer -- buffer overflow in the code for RealMedia RTSP streams.
2007-01-06	fetchmail -- crashes when refusing a message bound for an MDA
2007-01-06	fetchmail -- TLS enforcement problem/MITM attack/password exposure
2007-01-03	w3m -- format string vulnerability
2006-12-27	plone -- user can masquerade as a group
2006-12-27	zope -- restructuredText "csv_table" Information Disclosure
2006-12-24	phpbb -- NULL byte injection vulnerability
2006-12-21	proftpd -- remote code execution vulnerabilities
2006-12-19	bind9 -- Denial of Service in named(8)
2006-12-19	openssl -- Incorrect PKCS#1 v1.5 padding validation in crypto(3)
2006-12-18	sql-ledger -- multiple vulnerabilities
2006-12-15	gnupg -- remotely controllable function pointer
	unzoo -- Directory Traversal Vulnerability
	ruby -- cgi.rb library Denial of Service
2006-12-14	evince -- Buffer Overflow Vulnerability
2006-12-14	dbus -- match_rule_equal() Weakness
2006-12-13	wv -- Multiple Integer Overflow Vulnerabilities
2006-12-13	wv2 -- Integer Overflow Vulnerability
2006-12-09	libxine -- multiple buffer overflow vulnerabilities
2006-12-02	libmusicbrainz -- multiple buffer overflow vulnerabilities
2006-12-02	ImageMagick -- SGI Image File heap overflow vulnerability
2006-11-30	gtar -- GNUTYPE_NAMES directory traversal vulnerability
2006-11-30	kronolith -- arbitrary local file inclusion vulnerability
2006-11-27	gnupg -- buffer overflow
2006-11-15	proftpd -- Remote Code Execution Vulnerability
2006-11-15	awstats -- arbitrary command execution vulnerability
2006-11-11	bugzilla -- multiple vulnerabilities
2006-11-11	bugzilla -- multiple vulnerabilities
2006-11-08	Imlib2 -- multiple image file processing vulnerabilities
2006-11-08	cvsbug -- race condition
2006-11-02	mozilla -- multiple vulnerabilities
2006-11-02	mozilla -- multiple vulnerabilities
2006-11-01	apache -- mod_rewrite buffer overflow vulnerability
2006-10-30	mysql -- database suid privilege escalation
2006-10-29	screen -- combined UTF-8 characters vulnerability
2006-10-29	mysql -- database "case-sensitive" privilege escalation
2006-10-22	kdelibs -- integer overflow in khtml
2006-10-21	Serendipity -- XSS Vulnerabilities
2006-10-21	nvidia-driver -- arbitrary root code execution vulnerability
2006-10-20	asterisk -- remote heap overwrite vulnerability
	opera -- URL parsing heap overflow vulnerability
	plone -- unprotected MembershipTool methods
2006-10-18	drupal -- HTML attribute injection
	drupal -- cross site request forgeries
	drupal -- multiple XSS vulnerabilities
2006-10-17	php -- _ecalloc Integer Overflow Vulnerability
2006-10-17	win32-codecs -- multiple vulnerabilities
2006-10-16	clamav -- CHM unpacker and PE rebuilding vulnerabilities
2006-10-16	php -- open_basedir Race Condition Vulnerability
2006-10-15	tkdiff -- temporary file symlink privilege escalation
	vtiger -- multiple remote file inclusion vulnerabilities
	torrentflux -- User-Agent XSS Vulnerability
	MT -- Search Unspecified XSS
	plans -- multiple vulnerabilities
	eyeOS -- multiple XSS security bugs
2006-10-11	cscope -- Buffer Overflow Vulnerabilities
2006-10-08	python -- buffer overrun in repr() for unicode strings
2006-10-08	python -- SimpleXMLRPCServer.py allows unrestricted traversal
2006-10-05	mono -- "System.CodeDom.Compiler" Insecure Temporary Creation
	tin -- buffer overflow vulnerabilities
	mambo -- multiple SQL injection vulnerabilities
	openldap -- slapd acl selfwrite Security Issue
	mambo -- SQL injection vulnerabilities
	curl -- TFTP packet buffer overflow vulnerability
	lynx -- remote buffer overflow
2006-10-04	mailman -- Multiple Vulnerabilities
2006-10-03	phpmyadmin -- XSRF vulnerabilities
2006-10-02	freetype -- LWFN Files Buffer Overflow Vulnerability
	gnutls -- RSA Signature Forgery Vulnerability
	dokuwiki -- multiple vulnerabilities
	dokuwiki -- multiple vulnerabilities
2006-10-01	gtetrinet -- remote code execution
2006-09-30	tikiwiki -- multiple vulnerabilities
	punbb -- NULL byte injection vulnerability
	openssh -- multiple vulnerabilities
2006-09-26	freeciv -- Denial of Service Vulnerabilities
	freeciv -- Packet Parsing Denial of Service Vulnerability
	unace -- multiple vulnerabilities
2006-09-22	opera -- RSA Signature Forgery
2006-09-22	libmms -- stack-based buffer overflow
2006-09-14	php -- multiple vulnerabilities
2006-09-12	linux-flashplugin7 -- arbitrary code execution vulnerabilities
	tomcat -- Tomcat Manager cross-site scripting
	jdk -- jar directory traversal vulnerability
2006-09-03	fd_set -- bitmap index overflow in multiple applications
2006-09-02	hlstats -- multiple cross site scripting vulnerabilities
2006-08-30	sppp -- buffer overflow vulnerability
2006-08-17	horde -- Phishing and Cross-Site Scripting Vulnerabilities
2006-08-15	f2c -- insecure temporary files
2006-08-13	x11vnc -- authentication bypass vulnerability
	postgresql -- encoding based SQL injection
	postgresql -- multiple vulnerabilities
	mysql -- format string vulnerability
	postgresql81-server -- SET ROLE privilege escalation
2006-08-12	squirrelmail -- random variable overwrite vulnerability
2006-08-10	rubygem-rails -- evaluation of ruby code
2006-08-08	clamav -- heap overflow vulnerability
2006-08-08	drupal -- XSS vulnerability
2006-08-02	gnupg -- 2 more possible memory allocation attacks
2006-07-30	ruby - multiple vulnerabilities
2006-07-14	zope -- information disclosure vulnerability
2006-07-14	drupal -- multiple vulnerabilities
2006-07-11	shoutcast -- cross-site scripting, information exposure
2006-07-10	twiki -- multiple file extensions file upload vulnerability
2006-07-10	samba -- memory exhaustion DoS in smbd
2006-07-02	webmin, usermin -- arbitrary file disclosure vulnerability
2006-06-30	Joomla -- multiple vulnerabilities
2006-06-30	mutt -- Remote Buffer Overflow Vulnerability
2006-06-27	hashcash -- heap overflow vulnerability
2006-06-25	gnupg -- user id integer overflow vulnerability
2006-06-17	horde -- multiple parameter cross site scripting vulnerabilities
2006-06-17	webcalendar -- information disclosure vulnerability
2006-06-14	sendmail -- Incorrect multipart message handling
2006-06-12	dokuwiki -- multiple vulnerabilities
2006-06-11	libxine -- buffer overflow vulnerability
2006-06-09	smbfs -- chroot escape
	ypserv -- Inoperative access controls in ypserv
	FreeBSD -- FPU information disclosure
	OPIE -- arbitrary password change
	ipsec -- reply attack vulnerability
	sendmail -- race condition vulnerability
	nfs -- remote denial of service
	openssh -- remote denial of service
	pf -- IP fragment handling panic
	FreeBSD -- Infinite loop in SACK handling
	FreeBSD -- Local kernel memory disclosure
	IEEE 802.11 -- buffer overflow
	ipfw -- IP fragment denial of service
2006-06-08	freeradius -- multiple vulnerabilities
	freeradius -- authentication bypass vulnerability
	opera -- image dragging vulnerability
	tiff -- buffer overflow vulnerability
	tiff -- divide-by-zero denial-of-service
	tiff -- directory entry count integer overflow vulnerability
	tiff -- multiple integer overflows
	tiff -- RLE decoder heap overflows
2006-06-06	squirrelmail -- plugin.php local file inclusion vulnerability
2006-06-05	drupal -- multiple vulnerabilities
2006-06-05	dokuwiki -- spellchecker remote PHP code execution
2006-06-01	MySQL -- SQL-injection security vulnerability
2006-06-01	MySQL -- Information Disclosure and Buffer Overflow Vulnerabilities
2006-05-23	cscope -- buffer overflow vulnerabilities
2006-05-23	frontpage -- cross site scripting vulnerability
2006-05-22	coppermine -- File Inclusion Vulnerabilities
	coppermine -- Multiple File Extensions Vulnerability
	coppermine -- "file" Local File Inclusion Vulnerability
2006-05-21	phpmyadmin -- XSRF vulnerabilities
2006-05-18	vnc - authentication bypass vulnerability
2006-05-14	phpldapadmin -- Cross-Site Scripting and Script Insertion vulnerabilities
2006-05-11	p5-DBI -- insecure temporary file creation vulnerability
2006-05-06	fswiki -- XSS vulnerability
2006-05-06	mysql50-server -- COM_TABLE_DUMP arbitrary code execution
2006-05-05	firefox -- denial of service vulnerability
2006-05-03	phpwebftp -- "language" Local File Inclusion
2006-05-03	clamav -- Freshclam HTTP Header Buffer Overflow Vulnerability
2006-05-02	trac -- Wiki Macro Script Insertion Vulnerability
2006-05-01	jabberd -- SASL Negotiation Denial of Service Vulnerability
2006-04-27	cacti -- ADOdb "server.php" Insecure Test Script Security Issue
	lifetype -- ADOdb "server.php" Insecure Test Script Security Issue
	amaya -- Attribute Value Buffer Overflow Vulnerabilities
	ethereal -- Multiple Protocol Dissector Vulnerabilities
	mozilla -- multiple vulnerabilities
2006-04-25	asterisk -- denial of service vulnerability, local system access
2006-04-23	wordpress -- full path disclosure
	crossfire-server -- denial of service and remote code execution vulnerability
	xine -- multiple remote string vulnerabilities
2006-04-22	cyrus-sasl -- DIGEST-MD5 Pre-Authentication Denial of Service
2006-04-18	plone -- "member_id" Parameter Portrait Manipulation Vulnerability
2006-04-16	mailman -- Private Archive Script Cross-Site Scripting
2006-04-16	heartbeat -- insecure temporary file creation vulnerability
2006-04-07	mplayer -- Multiple integer overflows
	thunderbird -- javascript execution
	kaffeine -- buffer overflow vulnerability
	phpmyadmin -- XSS vulnerabilities
2006-04-06	phpmyadmin -- 'set_theme' Cross-Site Scripting
	clamav -- Multiple Vulnerabilities
	zoo -- stack based buffer overflow
	openvpn -- LD_PRELOAD code execution on client through malicious or compromised server
2006-04-05	mediawiki -- cross site scripting vulnerability
	mediawiki -- hardcoded placeholder string security bypass vulnerability
	netpbm -- buffer overflow in pnmtopng
	dia -- XFig Import Plugin Buffer Overflow
	mod_pubcookie -- cross site scripting vulnerability
	pubcookie-login-server -- cross site scripting vulnerability
	samba -- Exposure of machine account credentials in winbind log files
2006-03-30	horde -- remote code execution vulnerability in the help viewer
2006-03-29	freeradius -- EAP-MSCHAPv2 Authentication Bypass
2006-03-27	linux-realplayer -- buffer overrun
2006-03-27	linux-realplayer -- heap overflow
2006-03-24	evolution -- remote format string vulnerabilities
2006-03-21	xorg-server -- privilege escalation
2006-03-20	heimdal -- Multiple vulnerabilities
2006-03-17	drupal -- multiple vulnerabilities
2006-03-15	horde -- "url" disclosure of sensitive information vulnerability
2006-03-15	linux-flashplugin -- arbitrary code execution vulnerability
2006-03-11	GnuPG does not detect injection of unsigned data
2006-03-09	mplayer -- heap overflow in the ASF demuxer
2006-03-06	SSH.COM SFTP server -- format string vulnerability
2006-03-03	gtar -- invalid headers buffer overflow
2006-02-24	squirrelmail -- multiple vulnerabilities
2006-02-20	gedit -- format string vulnerability
	WebCalendar -- unauthorized access vulnerability
	abiword, koffice -- stack based buffer overflow vulnerabilities
2006-02-17	gnupg -- false positive signature verification
2006-02-16	rssh -- privilege escalation vulnerability
	libtomcrypt -- weak signature scheme with ECC keys
	mantis -- "view_filters_page.php" cross site scripting vulnerability
	tor -- malicious tor server can locate a hidden service
	sudo -- arbitrary command execution
	postgresql -- character conversion and tsearch2 vulnerabilities
	phpbb -- multiple vulnerabilities
2006-02-15	kpdf -- heap based buffer overflow
	phpicalendar -- file disclosure vulnerability
	perl, webmin, usermin -- perl format string integer wrap vulnerability
	phpicalendar -- cross site scripting vulnerability
2006-02-07	kpopup -- local root exploit and local denial of service
2006-01-27	texindex -- temporary file privilege escalation
2006-01-27	ee -- temporary file privilege escalation
2006-01-23	sge -- local root exploit in bundled rsh executable
2006-01-23	fetchmail -- crash when bouncing a message
2006-01-15	clamav -- possible heap overflow in the UPX code
2006-01-11	cpio -- multiple vulnerabilities
2006-01-09	milter-bogom -- headerless message crash
2006-01-07	bogofilter -- heap corruption through excessively long words
2006-01-07	bogofilter -- heap corruption through malformed input
2006-01-04	rxvt-unicode -- restore permissions on tty devices
2006-01-02	squid -- possible cache-poisoning via malformed HTTP responses
2006-01-01	curl -- URL buffer overflow vulnerability
2005-12-25	nbd-server -- buffer overflow vulnerability
	phpSysInfo -- "register_globals" emulation layer overwrite vulnerability
	phpSysInfo -- cross site scripting vulnerability
2005-12-22	scponly -- local privilege escalation exploits
2005-12-19	fetchmail -- null pointer dereference in multidrop mode with headerless email
2005-12-14	mantis -- "view_filters_page.php" cross-site scripting vulnerability
2005-12-14	mantis -- "t_core_path" file inclusion vulnerability
2005-12-11	mnemo -- Cross site scripting vulnerabilities in several of the notepad name and note data fields
	nag -- Cross site scripting vulnerabilities in several of the tasklist name and task data fields
	turba -- Cross site scripting vulnerabilities in several of the address book name and contact data fields
	horde -- Cross site scripting vulnerabilities in several of Horde's templates
	kronolith -- Cross site scripting vulnerabilities in several of the calendar name and event data fields
2005-12-07	phpmyadmin -- register_globals emulation "import_blacklist" manipulation
	phpmyadmin -- XSS vulnerabilities
	trac -- search module SQL injection vulnerability
	ffmpeg -- libavcodec buffer overflow vulnerability
2005-12-01	drupal -- multiple vulnerabilities
2005-11-30	mambo -- "register_globals" emulation layer overwrite vulnerability
	opera -- command line URL shell command injection
	opera -- multiple vulnerabilities
2005-11-29	flyspray -- cross-site scripting vulnerabilities
2005-11-28	zope -- expose RestructuredText functionality to untrusted users
2005-11-27	ghostscript -- insecure temporary file creation vulnerability
2005-11-26	horde -- Cross site scripting vulnerabilities in MIME viewers
2005-11-26	qpopper -- multiple privilege escalation vulnerabilities
2005-11-16	phpmyadmin -- HTTP Response Splitting vulnerability
2005-11-14	sudo -- local race condition vulnerability
2005-11-13	Macromedia flash player -- swf file handling arbitrary code
2005-11-10	p5-Mail-SpamAssassin -- long message header denial of service
2005-11-08	gallery2 -- file disclosure vulnerability
2005-11-08	webcalendar -- remote file inclusion vulnerability
2005-11-06	ruby -- arbitrary command execution on XMLRPC server
2005-11-04	pear-PEAR -- PEAR installer arbitrary code execution vulnerability
	openvpn -- potential denial-of-service on servers in TCP mode
	openvpn -- arbitrary code execution on client through malicious or compromised server
2005-11-02	skype -- multiple buffer overflow vulnerabilities
2005-11-01	PHP -- multiple vulnerabilities
2005-11-01	squid -- FTP server response handling denial of service
2005-10-31	base -- PHP SQL injection vulnerability
2005-10-30	fetchmail -- fetchmailconf local password exposure
2005-10-27	ruby -- vulnerability in the safe level settings
2005-10-26	firefox & mozilla -- multiple vulnerabilities
	firefox & mozilla -- command line URL shell command injection
	firefox & mozilla -- buffer overflow vulnerability
	net-snmp -- remote DoS vulnerability
2005-10-25	openssl -- potential SSL 2.0 rollback
2005-10-23	xloadimage -- buffer overflows in NIFF image title handling
2005-10-23	libgadu -- multiple vulnerabilities
2005-10-22	clamav -- arbitrary code execution and DoS vulnerabilities
2005-10-18	snort -- Back Orifice preprocessor buffer overflow vulnerability
2005-10-13	phpmyadmin -- local file inclusion vulnerability
2005-10-09	libxine -- format string vulnerability
2005-10-09	kdebase -- Kate backup file permission leak
2005-10-07	cfengine -- arbitrary file overwriting vulnerability
2005-10-05	imap-uw -- mailbox name handling remote buffer vulnerability
2005-10-02	weex -- remote format string vulnerability
	picasm -- buffer overflow vulnerability
	squid -- possible denial of service condition regarding NTLM authentication
	squid -- Possible Denial Of Service Vulnerability in store.c
	squid -- Denial Of Service Vulnerability in sslConnectTimeout
2005-10-01	uim -- privilege escalation vulnerability
	zlib -- buffer overflow vulnerability
	ProZilla -- server response buffer overflow vulnerabilities
2005-09-29	phpmyfaq -- SQL injection, takeover, path disclosure, remote code execution
2005-09-24	zlib -- buffer overflow vulnerability
2005-09-22	urban -- stack overflow vulnerabilities
2005-09-21	bind -- buffer overrun vulnerability
	tor -- diffie-hellman handshake flaw
	cups-base -- CUPS server remote DoS vulnerability
2005-09-19	squirrelmail -- _$POST variable handling allows for various attacks
2005-09-17	apache -- Certificate Revocation List (CRL) off-by-one vulnerability
2005-09-15	X11 server -- pixmap allocation vulnerability
2005-09-13	unzip -- permission race vulnerability
2005-09-13	htdig -- cross site scripting vulnerability
2005-09-07	xpdf -- disk fill DoS vulnerability
2005-09-04	pear-XML_RPC -- remote PHP code injection vulnerability
2005-09-03	bind9 -- denial of service
2005-08-29	fswiki - command injection vulnerability
2005-08-28	acroread -- XML External Entity vulnerability
2005-08-27	pam_ldap -- authentication bypass vulnerability
2005-08-26	pcre -- regular expression buffer overflow
2005-08-23	elm -- remote buffer overflow in Expires header
2005-08-23	awstats -- arbitrary code execution vulnerability
2005-08-19	openvpn -- multiple TCP clients connecting with the same certificate at the same time can crash the server
	openvpn -- denial of service: malicious authenticated "tap" client can deplete server virtual memory
	openvpn -- denial of service: undecryptable packet from authorized client can disconnect unrelated clients
	openvpn -- denial of service: client certificate validation can disconnect unrelated clients
2005-08-16	acroread -- plug-in buffer overflow vulnerability
2005-08-12	gaim -- AIM/ICQ non-UTF-8 filename crash
2005-08-12	gaim -- AIM/ICQ away message buffer overflow
2005-08-09	gforge -- XSS and email flood vulnerabilities
2005-08-08	postnuke -- multiple vulnerabilities
2005-08-05	ipsec -- Incorrect key usage in AES-XCBC-MAC
	mambo -- multiple vulnerabilities
	devfs -- ruleset bypass
2005-08-03	proftpd -- format string vulnerabilities
2005-08-01	nbsmtp -- format string vulnerability
2005-07-31	sylpheed -- MIME-encoded file name buffer overflow vulnerability
	vim -- vulnerabilities in modeline handling: glob, expand
	phpmyadmin -- cross site scripting vulnerability
	ekg -- insecure temporary file creation
2005-07-30	opera -- download dialog spoofing vulnerability
	ethereal -- multiple protocol dissectors vulnerabilities
	jabberd -- 3 buffer overflows
2005-07-25	clamav -- multiple remote buffer overflows
2005-07-23	isc-dhcpd -- format string vulnerabilities
2005-07-23	egroupware -- multiple cross-site scripting (XSS) and SQL injection vulnerabilities
2005-07-22	fetchmail -- denial of service/crash from malicious POP3 server
2005-07-21	dnrd -- remote buffer and stack overflow vulnerabilities
	PowerDNS -- LDAP backend fails to escape all queries
	fetchmail -- remote root/code injection from malicious POP3 server
	phppgadmin -- "formLanguage" local file inclusion vulnerability
2005-07-18	bugzilla -- multiple vulnerabilities
2005-07-16	drupal -- PHP code execution vulnerabilities
2005-07-16	firefox & mozilla -- multiple vulnerabilities
2005-07-13	net-snmp -- fixproc insecure temporary file creation
2005-07-09	phpbb -- multiple vulnerabilities
	mysql-server -- insecure temporary file creation
	shtool -- insecure temporary file creation
2005-07-08	pear-XML_RPC -- information disclosure vulnerabilities
2005-07-08	nwclient -- multiple vulnerabilities
2005-07-07	phpbb -- remote PHP code execution vulnerability
2005-07-06	acroread -- insecure temporary file creation
	clamav -- cabinet file handling DoS vulnerability
	clamav -- MS-Expand file handling DoS vulnerability
	acroread -- buffer overflow vulnerability
	kernel -- ipfw packet matching errors with address tables
	bzip2 -- denial of service and permission race vulnerabilities
	kernel -- TCP connection stall denial of service
	gzip -- directory traversal and permission race vulnerabilities
2005-07-05	wordpress -- multiple vulnerabilities
	cacti -- multiple vulnerabilities
	wordpress -- multiple vulnerabilities
2005-07-03	pear-XML_RPC -- arbitrary remote code execution
2005-06-24	tor -- information disclosure
	linux-realplayer -- RealText parsing heap overflow
	ethereal -- multiple protocol dissectors vulnerabilities
	ethereal -- multiple protocol dissectors vulnerabilities
2005-06-21	cacti -- potential SQL injection and cross site scripting attacks
2005-06-20	trac -- file upload/download vulnerability
	opera -- "javascript:" URL cross-site scripting vulnerability
	opera -- XMLHttpRequest security bypass
	opera -- redirection cross-site scripting vulnerability
	razor-agents -- denial of service vulnerability
	tcpdump -- infinite loops in protocol decoding
2005-06-18	p5-Mail-SpamAssassin -- denial of service vulnerability
2005-06-18	squirrelmail -- Several cross site scripting vulnerabilities
2005-06-17	gallery -- remote code injection via HTTP_POST_VARS
	gallery -- cross-site scripting
	gaim -- Yahoo! remote crash vulnerability
	gaim -- MSN Remote DoS vulnerability
	kstars -- exploitable set-user-ID application fliccd
2005-06-09	leafnode -- denial of service vulnerability
2005-06-03	squid -- denial-of-service vulnerabilities
	gforge -- directory traversal vulnerability
	imap-uw -- authentication bypass when CRAM-MD5 is enabled
	racoon -- remote denial-of-service
	xli -- integer overflows in image size calculations
	xloadimage -- arbitrary command execution when handling compressed files
	xloadimage -- buffer overflow in FACES image handling
	yamt -- buffer overflow and directory traversal issues
2005-06-01	sympa -- buffer overflow in "queue"
	linux_base -- vulnerabilities in Red Hat 7.1 libraries
	mailman -- generated passwords are poor quality
	xview -- multiple buffer overflows in xv_parse_one
	xtrlock -- X display locking bypass
	squirrelmail -- XSS and remote code injection vulnerabilities
	mailman -- password disclosure
	fswiki -- XSS problem in file upload form
2005-05-22	ppxp -- local root exploit
2005-05-22	oops -- format string vulnerability
2005-05-19	cdrdao -- unspecified privilege escalation vulnerability
	squid -- DNS lookup spoofing vulnerability
	squid -- possible abuse of cachemgr.cgi
2005-05-14	gaim -- MSN remote DoS vulnerability
2005-05-14	gaim -- remote crash on some protocols
2005-05-13	kernel -- information disclosure when using HTT
	leafnode -- fetchnews denial-of-service triggered by transmission abort/timeout
	leafnode fetchnews denial-of-service triggered by missing header
	leafnode fetchnews denial-of-service triggered by truncated transmission
	leafnode denial-of-service triggered by article request
2005-05-12	mozilla -- privilege escalation via non-DOM property overrides
2005-05-12	mozilla -- "Wrapped" javascript: urls bypass security checks
2005-05-11	mozilla -- code execution via javascript: IconURL vulnerability
2005-05-09	groff -- groffer uses temporary files unsafely
2005-05-09	groff -- pic2graph and eqn2graph are vulnerable to symlink attack through temporary files
2005-05-03	gnu-radius -- SNMP-related denial-of-service
2005-05-01	coppermine -- IP spoofing and XSS vulnerability
	rsnapshot -- local privilege escalation
	sharutils -- unshar insecure temporary file creation
2005-04-27	ImageMagick -- ReadPNMImage() heap overflow vulnerability
2005-04-27	jdk/jre -- Security Vulnerability With Java Plugin
2005-04-25	mplayer & libxine -- MMS and Real RTSP buffer overflow vulnerabilities
	gaim -- AIM/ICQ remote denial of service vulnerability
	gaim -- remote DoS on receiving malformed HTML
2005-04-22	junkbuster -- heap corruption vulnerability and configuration modification vulnerability
2005-04-22	kdelibs -- kimgio input validation errors
2005-04-20	openoffice -- DOC document heap overflow vulnerability
2005-04-19	gld -- format string and buffer overflow vulnerabilities
2005-04-17	axel -- remote buffer overflow
2005-04-16	firefox -- arbitrary code execution in sidebar panel
	firefox -- PLUGINSPAGE privileged javascript execution
	mozilla -- code execution through javascript: favicons
	mozilla -- javascript "lambda" replace exposes memory contents
	mozilla -- privilege escalation via DOM property overrides
2005-04-15	wget -- multiple vulnerabilities
2005-04-12	portupgrade -- insecure temporary file handling vulnerability
2005-04-10	gaim -- jabber remote crash
	gaim -- remote DoS on receiving certain messages over IRC
	gaim -- remote DoS on receiving malformed HTML
	squid -- DoS on failed PUT/POST requests vulnerability
	php -- readfile() DoS vulnerability
2005-04-09	clamav -- zip handling DoS vulnerability
2005-04-05	horde -- Horde Page Title Cross-Site Scripting Vulnerability
2005-04-05	cyrus-imapd -- multiple buffer overflow vulnerabilities
2005-04-04	wu-ftpd -- remote globbing DoS vulnerability
2005-04-03	hashcash -- format string vulnerability
2005-03-24	wine -- information disclosure due to insecure temporary file handling
	firefox -- arbitrary code execution from sidebar panel
	mozilla -- heap buffer overflow in GIF image processing
2005-03-23	sylpheed -- buffer overflow in header processing
2005-03-21	kdelibs -- local DCOP denial of service vulnerability
2005-03-21	xv -- filename handling format string vulnerability
2005-03-18	grip -- CDDB response multiple matches buffer overflow vulnerability
2005-03-15	phpmyadmin -- increased privilege vulnerability
	quake2 -- multiple critical vulnerabilities
	mysql -- erroneous access restrictions applied to table renames
	mysql -- ALTER MERGE denial of service vulnerability
	mysql -- GRANT access restriction problem
	mysql -- mysql_real_connect buffer overflow vulnerability
2005-03-14	mysql-server -- multiple remote vulnerabilities
2005-03-13	rxvt-unicode -- buffer overflow vulnerability
2005-03-08	phpmyadmin -- information disclosure vulnerability
	libexif -- buffer overflow vulnerability
	phpmyadmin -- arbitrary file include and XSS vulnerabilities
2005-03-07	phpbb - Insuffient check against HTML code in usercp_register.php
2005-03-05	phpbb -- privilege elevation and path disclosure
2005-03-04	postnuke -- SQL injection vulnerabilities
	postnuke -- cross-site scripting (XSS) vulnerabilities
	realplayer -- remote heap overflow
2005-03-03	ImageMagick -- format string vulnerability
2005-03-01	uim -- privilege escalation vulnerability
	lighttpd -- script source disclosure vulnerability
	tiff -- tiffdump integer overflow vulnerability
2005-02-27	sup -- format string vulnerability
2005-02-27	curl -- authentication buffer overflow vulnerability
2005-02-26	mozilla -- arbitrary code execution vulnerability
	mozilla -- insecure temporary directory vulnerability
	web browsers -- window injection vulnerabilities
2005-02-25	phpbb -- multiple information disclosure vulnerabilities
2005-02-24	mkbold-mkitalic -- format string vulnerability
2005-02-23	putty -- pscp/psftp heap corruption vulnerabilities
	awstats -- arbitrary command execution
	awstats -- remote command execution vulnerability
2005-02-22	mod_dosevasive -- insecure temporary file creation
2005-02-22	bnc -- remotely exploitable buffer overflow in getnickuserhost
2005-02-20	kdelibs -- insecure temporary file creation
2005-02-19	postgresql -- multiple buffer overflows in PL/PgSQL parser
2005-02-18	bidwatcher -- format string vulnerability
	gftp -- directory traversal vulnerability
	opera -- "data:" URI handler spoofing vulnerability
	opera -- kfmclient exec command execution vulnerability
2005-02-14	powerdns -- DoS vulnerability
2005-02-14	emacs -- movemail format string vulnerability
2005-02-13	ngircd -- buffer overflow vulnerability
	ngircd -- format string vulnerability
	mod_python -- information leakage vulnerability
	squid -- buffer overflow in WCCP recvfrom() call
	Open DC Hub -- remote buffer overflow vulnerability
2005-02-12	mailman -- directory traversal vulnerability
2005-02-11	enscript -- multiple vulnerabilities
2005-02-11	unrtf -- buffer overflow vulnerability
2005-02-08	squid -- correct handling of oversized HTTP reply headers
	postgresql -- privilege escalation vulnerability
	ethereal -- multiple protocol dissectors vulnerabilities
	squid -- no sanity check of usernames in squid_ldap_auth
	squid -- confusing results on empty acl declarations
2005-02-07	squid -- HTTP response splitting cache pollution attack
2005-02-03	xpdf -- makeFileKey2() buffer overflow vulnerability
2005-02-02	evolution -- arbitrary code execution vulnerability
2005-02-01	newspost -- server response buffer overflow vulnerability
	newsfetch -- server response buffer overflow vulnerability
	newsgrab -- insecure file and directory creation
	newsgrab -- directory traversal vulnerability
2005-01-25	zhcon -- unauthorized file access
2005-01-25	yamt -- arbitrary command execution vulnerability
2005-01-24	bugzilla -- cross-site scripting vulnerability
	opera -- multiple vulnerabilities in Java implementation
	phpbb -- arbitrary command execution and other vulnerabilities
2005-01-22	horde -- XSS vulnerabilities
	squid -- buffer overflow vulnerability in gopherToHTML
	squid -- denial of service with forged WCCP messages
2005-01-21	sudo -- environmental variable CDPATH is not cleared
	egroupware -- arbitrary file download in JiNN
	mc -- multiple vulnerabilities
	imlib -- xpm heap buffer overflows and integer overflows
	fcron -- multiple vulnerabilities
	realplayer -- arbitrary file deletion and other vulnerabilities
	konversation -- shell script command injection
	zgv -- exploitable heap overflows
2005-01-19	libxine -- DVD subpicture decoder heap overflow
	xshisen -- local buffer overflows
	helvis -- information leak vulnerabilities
	helvis -- arbitrary file deletion problem
	golddig -- local buffer overflow vulnerabilities
	a2ps -- insecure temporary file creation
	jabberd -- denial-of-service vulnerability
	mod_access_referer -- null pointer dereference vulnerability
	putty -- buffer overflow vulnerability in ssh2 support
2005-01-18	ImageMagick -- PSD handler heap overflow vulnerability
	mozilla -- insecure permissions for some downloaded files
	exim -- two buffer overflow vulnerabilities
2005-01-17	cups-lpr -- lppasswd multiple vulnerabilities
	cups-base -- HPGL buffer overflow vulnerability
	mysql-scripts -- mysqlaccess insecure temporary file creation
2005-01-13	mpg123 -- buffer overflow vulnerability
	mozilla -- heap overflow in NNTP handler
	tnftp -- mget does not check for directory escapes
	vim -- vulnerabilities in modeline handling
	mpg123 -- playlist processing buffer overflow vulnerability
	greed -- insecure GRX file processing
	xpdf -- buffer overflow vulnerability
	konqueror -- Password Disclosure for SMB Shares
2005-01-12	libxine -- multiple vulnerabilities in VideoCD handling
	libxine -- multiple buffer overflows in RTSP
	libxine -- buffer-overflow vulnerability in aiff support
	mplayer -- multiple vulnerabilities
2005-01-11	hylafax -- unauthorized login vulnerability
2005-01-08	dillo -- format string vulnerability
2005-01-06	pcal -- buffer overflow vulnerabilities
	acroread5 -- mailListIsPdf() buffer overflow vulnerability
	acroread uudecoder input validation error
2005-01-04	kdelibs3 -- konqueror FTP command injection vulnerability
2005-01-03	xpm -- image decoding vulnerabilities
2004-12-30	mpg123 -- buffer overflow in URL handling
2004-12-30	a2ps -- insecure command line argument handling
2004-12-23	ethereal -- multiple vulnerabilities
2004-12-21	krb5 -- heap buffer overflow vulnerability in libkadm5srv
2004-12-21	ecartis -- unauthorised access to admin interface
2004-12-19	phpmyadmin -- command execution vulnerability
2004-12-19	phpmyadmin -- file disclosure vulnerability
2004-12-18	php -- multiple vulnerabilities
2004-12-16	mysql -- FTS request denial of service vulnerability
2004-12-12	viewcvs -- information leakage
	rssh & scponly -- arbitrary command execution
	zip -- long path buffer overflow
	ImageMagick -- EXIF parser buffer overflow
2004-12-09	squid -- possible information disclosure
2004-12-07	cscope -- symlink attack vulnerability
2004-12-02	rockdodger -- buffer overflows
2004-12-01	sudoscript -- signal delivery vulnerability
2004-11-30	jabberd -- remote buffer overflow vulnerability
2004-11-26	unarj -- long filename buffer overflow
2004-11-26	unarj -- directory traversal vulnerability
2004-11-25	ruby -- CGI DoS
2004-11-24	Cyrus IMAPd -- FETCH command out of bounds memory corruption
2004-11-24	Cyrus IMAPd -- PARTIAL command out of bounds memory corruption
2004-11-23	twiki -- arbitrary shell command execution
2004-11-22	Cyrus IMAPd -- APPEND command uses undefined programming construct
2004-11-22	Cyrus IMAPd -- IMAPMAGICPLUS preauthentification overflow
2004-11-20	phpMyAdmin -- cross-site scripting vulnerabilities
2004-11-18	Overflow error in fetch
2004-11-15	proxytunnel -- format string vulnerability
2004-11-13	sudo -- privilege escalation with bash scripts
2004-11-12	gnats -- format string vulnerability
2004-11-12	squirrelmail -- cross site scripting vulnerability
2004-11-11	ez-ipupdate -- format string vulnerability
	hafiye -- lack of terminal escape sequence filtering
	apache2 multiple space header denial-of-service vulnerability
2004-11-10	socat -- format string vulnerability
2004-11-10	libxml -- remote buffer overflows
2004-11-09	gdk-pixbuf -- image decoding vulnerabilities
2004-11-08	p5-Archive-Zip -- virus detection evasion
2004-11-06	postgresql-contrib -- insecure temporary file creation
2004-11-06	apache mod_include buffer overflow vulnerability
2004-11-05	gd -- integer overflow
2004-11-03	wzdftpd -- remote DoS
2004-11-03	bogofilter -- RFC 2047 decoder denial-of-service vulnerability
2004-10-27	horde -- cross-site scripting vulnerability in help window
2004-10-25	gaim -- malicious smiley themes
	gaim -- heap overflow exploitable by malicious GroupWise server
	gaim -- buffer overflow in MSN protocol support
	gaim -- multiple buffer overflows
	rssh -- format string vulnerability
	gaim -- MSN denial-of-service vulnerabilities
	xpdf -- integer overflow vulnerabilities
	gaim -- Content-Length header denial-of-service vulnerability
	gaim remotely exploitable vulnerabilities in MSN component
	Several remotely exploitable buffer overflows in gaim
2004-10-23	mod_ssl -- SSLCipherSuite bypass
2004-10-22	cabextract -- insecure directory handling
2004-10-21	apache2 -- SSL remote DoS
2004-10-21	Buffer overflow in INN control message handling
2004-10-20	phpmyadmin -- remote command execution vulnerability
2004-10-19	ifmail -- unsafe set-user-ID application
	imwheel -- insecure handling of PID file
	freeradius -- denial-of-service vulnerability
2004-10-17	cacti -- SQL injection
2004-10-17	apache13-modssl -- format string vulnerability in proxy support
2004-10-15	tor -- remote DoS and loss of anonymity
2004-10-14	xerces-c2 -- Attribute blowup denial-of-service
2004-10-13	sharutils -- buffer overflows
	CUPS -- local information disclosure
	wordpress -- XSS in administration panel
	icecast -- HTTP header overflow
	icecast -- Cross-Site Scripting Vulnerability
2004-10-12	cyrus-sasl -- potential buffer overflow in DIGEST-MD5 plugin
	zinf -- potential buffer overflow playlist support
	mail-notification -- denial-of-service vulnerability
	xv -- exploitable buffer overflows
	php -- vulnerability in RFC 1867 file upload processing
2004-10-08	cyrus-sasl -- dynamic library loading and set-user-ID applications
2004-10-05	bmon -- unsafe set-user-ID application
	imp3 -- XSS hole in the HTML viewer
	gnutls -- certificate chain verification DoS
	php -- php_variables memory disclosure
	apache -- heap overflow in mod_proxy
2004-10-04	getmail -- symlink vulnerability during maildir delivery
2004-10-04	Boundary checking errors in syscons
2004-10-03	racoon -- improper certificate handling
2004-10-03	distcc -- incorrect parsing of IP access control rules
2004-10-02	php -- memory_limit related vulnerability
2004-10-02	php -- strip_tags cross-site scripting vulnerability
2004-09-30	mozilla -- users may be lured into bypassing security dialogs
	mozilla -- scripting vulnerabilities
	mozilla -- hostname spoofing bug
	mozilla -- vCard stack buffer overflow
	mozilla -- BMP decoder vulnerabilities
2004-09-28	mozilla -- multiple heap buffer overflows
	Several vulnerabilities found in PHPNuke
	Remote code injection in phpMyAdmin
2004-09-26	subversion -- WebDAV fails to protect metadata
2004-09-26	mozilla -- automated file upload
2004-09-24	mozilla -- NULL bytes in FTP URLs
2004-09-23	mysql -- heap buffer overflow with prepared statements
2004-09-23	lha -- numerous vulnerabilities when extracting archives
2004-09-22	mozilla -- security icon spoofing
	mozilla -- built-in CA certificates may be overridden
	mozilla -- SOAPParameter integer overflow
2004-09-21	rssh -- file name disclosure bug
2004-09-20	sudo -- sudoedit information disclosure
2004-09-19	cvs -- numerous vulnerabilities
2004-09-15	apache -- ap_resolve_env buffer overflow
	cups -- print queue browser denial-of-service
	apache -- apr_uri_parse IPv6 address handling vulnerability
	mod_dav -- lock related denial-of-service
	webmin -- insecure temporary file creation at installation time
2004-09-14	mpg123 buffer overflow
	mozilla -- POP client heap overflow
	openoffice -- document disclosure
	ImageMagick -- BMP decoder buffer overflow
	Mutiple browser frame injection vulnerability
	isakmpd payload handling denial-of-service vulnerabilities
2004-09-02	imlib -- BMP decoder heap buffer overflow
2004-08-31	krb5 -- ASN.1 decoder denial-of-service vulnerability
	imlib2 -- BMP decoder buffer overflow
	krb5 -- double-free vulnerabilities
2004-08-28	SpamAssassin -- denial-of-service in tokenize_headers
	tnftpd -- remotely exploitable vulnerability
	Ruby insecure file permissions in the CGI session management
	MySQL authentication bypass / buffer overflow
2004-08-27	ripMIME -- decoding bug allowing content filter bypass
2004-08-27	nss -- exploitable buffer overflow in SSLv2 protocol handler
2004-08-26	moinmoin -- ACL group bypass
	rsync -- path sanitizing vulnerability
	gnomevfs -- unsafe URI handling
	SoX buffer overflows when handling .WAV files
	kdelibs -- konqueror cross-domain cookie injection
2004-08-23	fidogate -- write files as `news' user
2004-08-23	Arbitrary code execution via a format string vulnerability in jftpgw
2004-08-22	courier-imap -- format string vulnerability in debug mode
	qt -- image loader vulnerabilities
	mysql -- mysqlhotcopy insecure temporary file creation
2004-08-16	squid -- NTLM authentication denial-of-service vulnerability
2004-08-15	libpng stack-based buffer overflow and other code concerns
2004-08-15	Mozilla / Firefox user interface spoofing vulnerability
2004-08-12	kdelibs insecure temporary file handling
	popfile file disclosure
	ImageMagick png vulnerability fix
	Mozilla certificate spoofing
	isc-dhcp3-server buffer overflow in logging mechanism
	libpng denial-of-service
2004-07-16	Courier mail services: remotely exploitable buffer overflows
2004-07-11	multiple vulnerabilities in ethereal
	multiple vulnerabilities in ethereal
	multiple vulnerabilities in ethereal
2004-07-05	Format string vulnerability in SSLtelnet
2004-07-05	"Content-Type" XSS vulnerability affecting other webmail systems
2004-07-03	Pavuk HTTP Location header overflow
2004-07-02	GNATS local privilege elevation
2004-06-30	Linux binary compatibility mode input validation error
2004-06-29	Remote Denial of Service of HTTP server and client
2004-06-28	XFree86 opens a chooserFd TCP socket even when DisplayManager.requestPort is 0
2004-06-28	MoinMoin administrative group name privilege escalation vulnerability
2004-06-27	Cyrus IMSPd multiple vulnerabilities
	Cyrus IMAP pre-authentication heap overflow vulnerability
	mplayer heap overflow in http requests
	ecartis buffer overflows and input validation bugs
	ModSecurity for Apache 2.x remote off-by-one overflow
	clamav remote denial-of-service
2004-06-25	neon date parsing vulnerability
2004-06-25	neon format string vulnerabilities
2004-06-24	Gallery 1.4.3 and ealier user authentication bypass
2004-06-14	Midnight Commander buffer overflows, format string bugs, and insecure temporary file handling
2004-06-09	Buffer overflow in Squid NTLM authentication helper
2004-06-08	Vulnerabilities in H.323 implementations
2004-06-07	jailed processes can manipulate host routing tables
2004-05-26	buffer cache invalidation implementation issues
2004-05-21	MySQL insecure temporary file creation (mysqlbug)
2004-05-19	cvs pserver remote heap buffer overflow
	subversion date parsing vulnerability
	Apache 2 mod_ssl denial-of-service
2004-05-18	URI handler vulnerabilities in several browsers
2004-05-17	fsp buffer overflow and directory traversal vulnerabilities
2004-05-15	proftpd IP address access control list breakage
2004-05-09	insecure temporary file creation in xine-check, xine-bugreport
2004-05-06	exim buffer overflow when verify = header_syntax is used
2004-05-06	phpBB session table exhaustion
2004-05-05	heimdal kadmind remote heap buffer overflow
	CVS path validation errors
	many out-of-sequence TCP packets denial-of-service
	shmat reference counting bug
	mksnap_ffs clears file system options
	jailed processes can attach to other jails
	Incorrect cross-realm trust handling in Heimdal
	setsockopt(2) IPv6 sockets input validation error
	OpenSSL ChangeCipherSpec denial-of-service vulnerability
	bind8 negative cache poison attack
2004-05-03	lha buffer overflows and path traversal issues
2004-05-03	xchat remotely exploitable buffer overflow (Socks5)
2004-05-02	rsync path traversal issue
	pound remotely exploitable vulnerability
	xine-lib arbitrary file overwrite
2004-04-23	ident2 double byte buffer overflow
	phpBB IP address spoofing
	TCP denial-of-service attacks against long lived connections
2004-04-15	kdepim exploitable buffer overflow in VCF reader
2004-04-14	racoon remote denial of service vulnerability (ISAKMP header length field)
	racoon remote denial of service vulnerability (IKE Generic Payload Header)
	tcpdump ISAKMP payload handling remote denial-of-service
2004-04-13	Midnight Commander buffer overflow during symlink resolution
2004-04-07	racoon fails to verify signature during Phase 1
2004-04-05	oftpd denial-of-service vulnerability (PORT command)
2004-03-30	squid ACL bypass due to URL decoding bug
2004-03-29	zebra/quagga denial of service vulnerability
	multiple vulnerabilities in phpBB
	ezbounce remote format string vulnerability
	racoon security association deletion vulnerability
	wu-ftpd ftpaccess `restricted-uid'/`restricted-gid' directive may be bypassed
	GNU Anubis buffer overflows and format string vulnerabilities
	multiple buffer overflows in xboing
	metamail format string bugs and buffer overflows
	Buffer overflows in XFree86 servers
2004-03-28	Critical SQL injection in phpBB
2004-03-28	Buffer overflows and format string bugs in Emil
2004-03-25	uudeview buffer overflows
2004-03-12	Apache 1.3 IP address access control failure on some 64-bit platforms
2004-03-11	mod_python denial-of-service vulnerability in parse_qs
2004-03-07	mpg123 vulnerabilities
2004-03-05	fetchmail denial-of-service vulnerability
2004-02-25	mailman XSS in admin script
	mailman denial-of-service vulnerability in MailCommandHandler
	mailman XSS in create script
	mailman XSS in user options page
	lbreakout2 vulnerability in environment variable handling
	hsftp format string vulnerabilities
	SQL injection vulnerability in phpnuke
	libxml2 stack buffer overflow in URI parsing
	Darwin Streaming Server denial-of-service vulnerability
2004-02-22	file disclosure in phpMyAdmin
2004-02-15	mnGoSearch buffer overflow in UdmDocToTextBuf()
2004-02-13	GNU libtool insecure temporary file handling
2004-02-12	seti@home remotely exploitable buffer overflow
	icecast 1.x multiple vulnerabilities
	CCE contains exploitable buffer overflows
	nap allows arbitrary file access
	pine insecure URL handling
	ChiTeX/ChiLaTeX unsafe set-user-id root
	pine remotely exploitable buffer overflow in newmail.c
	pine remote denial-of-service attack
	pine remotely exploitable vulnerabilities
	rsync buffer overflow in server mode
	Buffer overflow in Mutt 1.4
	Samba 3.0.x password initialization bug
2004-02-10	Apache-SSL optional client certificate vulnerability
2004-01-19	L2TP, ISAKMP, and RADIUS parsing vulnerabilities in tcpdump
2004-01-05	ProFTPD ASCII translation bug resulting in remote root compromise
2003-12-12	lftp HTML parsing vulnerability
	Mathopd buffer overflow
	ElGamal sign+encrypt keys created by GnuPG can be compromised
	qpopper format string vulnerability
2003-10-25	Buffer overflow in pam_smb password handling
	Fetchmail address parsing vulnerability
	Buffer overflows in libmcrypt