FreeBSD VuXML

Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Security issues that affect the FreeBSD operating system or applications in the FreeBSD Ports Collection are documented using the Vulnerabilities and Exposures Markup Language (VuXML). The current VuXML document that serves as the source for the content of this site can be found:

in the FreeBSD Ports Collection repository, path ports/security/vuxml/vuln.xml
as a local copy
as a local copy, compressed with bzip2

Please report security issues to the FreeBSD Security Team at <security-team@FreeBSD.org>. Full contact details, including information handling policies and PGP key, can be found on the FreeBSD Security page.

topic index

Topic	Entered
"Content-Type" XSS vulnerability affecting other webmail systems	2004-07-05
a2ps -- insecure command line argument handling	2004-10-20
a2ps -- insecure temporary file creation	2004-12-30
abiword, koffice -- stack based buffer overflow vulnerabilities	2006-02-20
acroread -- buffer overflow vulnerability	2005-07-06
acroread -- insecure temporary file creation	2005-07-06
acroread -- plug-in buffer overflow vulnerability	2005-08-16
acroread -- XML External Entity vulnerability	2005-06-18
acroread uudecoder input validation error	2004-08-12
acroread5 -- mailListIsPdf() buffer overflow vulnerability	2004-12-21
alsaplayer -- multiple vulnerabilities	2006-08-13
amarok -- multiple vulnerabilities	2009-03-23
amaya -- Attribute Value Buffer Overflow Vulnerabilities	2006-04-27
amaya -- multiple buffer overflow vulnerabilities	2009-02-09
ampache -- insecure temporary file usage	2008-12-26
apache -- ap_resolve_env buffer overflow	2004-09-15
apache -- apr_uri_parse IPv6 address handling vulnerability	2004-09-15
apache -- Certificate Revocation List (CRL) off-by-one vulnerability	2005-09-17
apache -- Cross-site scripting vulnerability	2009-03-11
apache -- heap overflow in mod_proxy	2004-09-19
apache -- http request smuggling	2005-07-26
apache -- mod_imap cross-site scripting flaw	2006-01-01
apache -- mod_rewrite buffer overflow vulnerability	2006-07-28
apache -- multiple vulnerabilities	2007-09-11
apache -- multiple vulnerabilities	2008-06-24
apache -- Prevent chunk-size integer overflow on platforms where sizeof(int) < sizeof(long)	2010-02-03
Apache 1.3 IP address access control failure on some 64-bit platforms	2004-03-08
Apache 2 mod_ssl denial-of-service	2004-03-08
apache mod_include buffer overflow vulnerability	2004-11-06
Apache-SSL optional client certificate vulnerability	2004-02-10
apache13-modssl -- format string vulnerability in proxy support	2004-10-17
apache2 -- SSL remote DoS	2004-10-21
apache2 multiple space header denial-of-service vulnerability	2004-11-10
apache22 -- several vulnerability	2009-08-25
apr -- multiple vulnerabilities	2009-06-08
Arbitrary code execution via a format string vulnerability in jftpgw	2004-08-13
asterisk -- denial of service vulnerability, local system access	2006-04-25
asterisk -- remote heap overwrite vulnerability	2006-10-20
awstats -- arbitrary code execution vulnerability	2005-08-14
awstats -- arbitrary command execution	2005-02-16
awstats -- arbitrary command execution vulnerability	2006-05-05
awstats -- multiple XSS vulnerabilities	2009-01-04
awstats -- remote command execution vulnerability	2005-01-18
axel -- remote buffer overflow	2005-04-17
base -- PHP SQL injection vulnerability	2005-10-31
bidwatcher -- format string vulnerability	2005-02-18
bind -- buffer overrun vulnerability	2005-09-03
BIND -- Dynamic update message remote DoS	2009-08-01
bind -- Multiple Denial of Service vulnerabilities	2007-02-27
bind8 negative cache poison attack	2003-12-12
bind9 -- denial of service	2005-09-03
bind9 -- Denial of Service in named(8)	2006-12-19
bitlbee -- account recreation security issues	2008-09-26
bmon -- unsafe set-user-ID application	2004-10-05
bnc -- remotely exploitable buffer overflow in getnickuserhost	2004-12-04
bogofilter -- heap corruption through excessively long words	2006-01-07
bogofilter -- heap corruption through malformed input	2006-01-07
bogofilter -- RFC 2047 decoder denial-of-service vulnerability	2004-10-26
Boundary checking errors in syscons	2004-10-04
buffer cache invalidation implementation issues	2004-05-26
Buffer overflow in INN control message handling	2004-01-08
Buffer overflow in Mutt 1.4	2004-02-12
Buffer overflow in pam_smb password handling	2003-10-25
Buffer overflow in Squid NTLM authentication helper	2004-06-09
Buffer overflows and format string bugs in Emil	2004-03-28
Buffer overflows in libmcrypt	2003-10-25
Buffer overflows in XFree86 servers	2004-02-12
bugzilla -- "createmailregexp" security bypass vulnerability	2007-09-20
bugzilla -- cross-site scripting vulnerability	2005-01-24
Bugzilla -- Directory Traversal in importxml.pl	2008-08-15
bugzilla -- information leak	2010-02-01
bugzilla -- information leak	2009-11-23
bugzilla -- multiple vulnerabilities	2006-11-11
bugzilla -- multiple vulnerabilities	2005-07-08
bugzilla -- multiple vulnerabilities	2007-09-21
bugzilla -- multiple vulnerabilities	2006-02-27
bugzilla -- product name information leak	2009-08-05
bugzilla -- two SQL injections, sensitive data exposure	2009-09-17
bzip2 -- crash with certain malformed archive files	2008-03-20
bzip2 -- denial of service and permission race vulnerabilities	2005-06-29
c-ares -- DNS Cache Poisoning Vulnerability	2007-06-09
cabextract -- insecure directory handling	2004-10-20
cacti -- ADOdb "server.php" Insecure Test Script Security Issue	2006-04-27
cacti -- cross-site scripting issues	2009-11-23
cacti -- Multiple security vulnerabilities have been discovered	2008-02-12
cacti -- multiple vulnerabilities	2005-07-05
cacti -- Multiple vulnerabilities	2007-01-12
cacti -- potential SQL injection and cross site scripting attacks	2005-06-21
cacti -- SQL injection	2004-10-17
CCE contains exploitable buffer overflows	2004-02-12
cdf3 -- Buffer overflow vulnerability	2008-08-19
cdrdao -- unspecified privilege escalation vulnerability	2005-05-19
cfengine -- arbitrary file overwriting vulnerability	2005-10-01
cgiwrap -- XSS Vulnerability	2009-01-13
ChiTeX/ChiLaTeX unsafe set-user-id root	2004-02-12
clamav -- arbitrary code execution and DoS vulnerabilities	2005-09-24
clamav -- cabinet file handling DoS vulnerability	2005-07-06
clamav -- CHM Processing Denial of Service	2008-09-12
clamav -- CHM unpacker and PE rebuilding vulnerabilities	2006-10-16
clamav -- ClamAV libclamav PE File Integer Overflow Vulnerability	2008-02-15
clamav -- Freshclam HTTP Header Buffer Overflow Vulnerability	2006-05-03
clamav -- heap overflow vulnerability	2006-08-08
clamav -- MS-Expand file handling DoS vulnerability	2005-07-06
clamav -- Multipart Nestings Denial of Service	2006-10-12
clamav -- multiple remote buffer overflows	2005-07-25
clamav -- multiple remote Denial of Service vulnerabilities	2007-09-21
clamav -- Multiple Vulnerabilities	2008-04-15
clamav -- Multiple Vulnerabilities	2006-04-06
clamav -- multiple vulnerabilities	2007-06-19
clamav -- off-by-one heap overflow in VBA project parser	2008-11-10
clamav -- possible heap overflow in the UPX code	2006-01-10
clamav -- zip handling DoS vulnerability	2005-03-26
clamav remote denial-of-service	2004-02-12
claws-mail -- APOP vulnerability	2007-04-19
claws-mail -- insecure temporary file creation	2008-01-22
claws-mail -- POP3 Format String Vulnerability	2007-08-27
codeigniter -- arbitrary script execution in the new Form Validation class	2009-02-11
coppermine - multiple vulnerabilities	2008-02-25
coppermine -- "file" Local File Inclusion Vulnerability	2006-05-22
coppermine -- File Inclusion Vulnerabilities	2006-05-22
coppermine -- IP spoofing and XSS vulnerability	2005-05-01
coppermine -- Multiple File Extensions Vulnerability	2006-05-22
coppermine -- multiple vulnerabilities	2007-09-20
Courier Authentication Library -- SQL Injection	2008-06-13
Courier mail services: remotely exploitable buffer overflows	2004-03-31
courier-imap -- format string vulnerability in debug mode	2004-08-22
cpio -- multiple vulnerabilities	2006-01-27
Critical SQL injection in phpBB	2004-03-28
crossfire-server -- denial of service and remote code execution vulnerability	2006-04-23
cscope -- buffer overflow	2009-06-16
cscope -- Buffer Overflow Vulnerabilities	2006-10-02
cscope -- buffer overflow vulnerabilities	2006-05-23
cscope -- multiple buffer overflows	2009-06-16
cscope -- symlink attack vulnerability	2004-12-07
cups -- Incomplete SSL Negotiation Denial of Service	2007-06-12
CUPS -- local information disclosure	2004-10-13
cups -- multiple vulnerabilities	2008-10-10
cups -- off-by-one buffer overflow	2007-11-09
cups -- potential buffer overflow in PNG reading code	2008-11-29
cups -- print queue browser denial-of-service	2004-09-15
cups -- remote code execution and DNS rebinding	2009-05-07
cups-base -- CUPS server remote DoS vulnerability	2005-01-18
cups-base -- HPGL buffer overflow vulnerability	2005-01-17
cups-lpr -- lppasswd multiple vulnerabilities	2005-01-17
curl -- authentication buffer overflow vulnerability	2005-02-27
curl -- cURL/libcURL Location: Redirect URLs Security Bypass	2009-03-04
curl -- TFTP packet buffer overflow vulnerability	2006-03-20
curl -- URL buffer overflow vulnerability	2005-12-09
cvs -- numerous vulnerabilities	2004-08-17
CVS path validation errors	2004-04-14
cvs pserver remote heap buffer overflow	2004-05-19
cvsbug -- race condition	2006-01-27
Cyrus IMAP pre-authentication heap overflow vulnerability	2004-05-12
Cyrus IMAPd -- APPEND command uses undefined programming construct	2004-11-22
Cyrus IMAPd -- FETCH command out of bounds memory corruption	2004-11-22
Cyrus IMAPd -- IMAPMAGICPLUS preauthentification overflow	2004-11-22
Cyrus IMAPd -- PARTIAL command out of bounds memory corruption	2004-11-22
Cyrus IMSPd multiple vulnerabilities	2004-05-12
cyrus-imapd -- multiple buffer overflow vulnerabilities	2005-02-27
cyrus-imapd -- Potential buffer overflow in Sieve	2009-09-09
cyrus-sasl -- buffer overflow vulnerability	2009-05-15
cyrus-sasl -- DIGEST-MD5 Pre-Authentication Denial of Service	2006-04-22
cyrus-sasl -- dynamic library loading and set-user-ID applications	2004-10-08
cyrus-sasl -- potential buffer overflow in DIGEST-MD5 plugin	2004-10-12
Darwin Streaming Server denial-of-service vulnerability	2004-02-25
dbus -- match_rule_equal() Weakness	2006-12-14
devfs -- ruleset bypass	2005-08-05
dia -- remote command execution vulnerability	2009-02-17
dia -- XFig Import Plugin Buffer Overflow	2006-04-05
dillo -- format string vulnerability	2005-01-08
dircproxy -- remote denial of service	2007-11-04
distcc -- incorrect parsing of IP access control rules	2004-10-03
django -- denial-of-service attack	2009-10-16
django -- XSS vulnerability	2008-05-14
dnrd -- remote buffer and stack overflow vulnerabilities	2005-07-21
dnsmasq -- TFTP server remote code injection vulnerability	2009-09-02
dokuwiki -- Local File Inclusion with register_globals on	2009-06-04
dokuwiki -- multiple vulnerabilities	2006-09-30
dokuwiki -- multiple vulnerabilities	2006-09-30
dokuwiki -- multiple vulnerabilities	2006-06-11
dokuwiki -- multiple vulnerabilities	2010-01-18
dokuwiki -- spellchecker remote PHP code execution	2006-06-05
dokuwiki -- XSS vulnerability in spellchecker backend	2007-07-24
dovecot -- ACL plugin bypass vulnerabilities	2008-11-19
dovecot -- Insecure directory permissions	2009-12-10
dovecot -- security hole in blocking passdbs	2008-03-10
dovecot -- Specific LDAP + auth cache configuration may mix up user logins	2007-12-29
dovecot-managesieve -- Script Name Directory Traversal Vulnerability	2008-12-07
drupal -- cross site request forgeries	2006-10-18
drupal -- Cross site request forgeries	2007-07-28
drupal -- cross site request forgery	2008-01-11
drupal -- cross site scripting	2009-04-30
drupal -- cross site scripting (register_globals)	2008-01-11
drupal -- cross site scripting (utf8)	2008-01-11
drupal -- cross-site scripting	2009-05-14
drupal -- HTML attribute injection	2006-10-18
drupal -- multiple cross-site scripting	2009-12-25
drupal -- Multiple cross-site scripting vulnerabilities	2007-07-28
drupal -- multiple vulnerabilities	2008-10-12
drupal -- multiple vulnerabilities	2008-10-22
drupal -- multiple vulnerabilities	2008-12-19
drupal -- multiple vulnerabilities	2008-08-18
drupal -- multiple vulnerabilities	2008-07-13
drupal -- multiple vulnerabilities	2010-03-08
drupal -- multiple vulnerabilities	2009-02-04
drupal -- multiple vulnerabilities	2006-07-13
drupal -- multiple vulnerabilities	2005-12-01
drupal -- multiple vulnerabilities	2006-03-17
drupal -- multiple vulnerabilities	2009-09-22
drupal -- multiple vulnerabilities	2007-01-05
drupal -- multiple vulnerabilities	2006-06-05
drupal -- multiple vulnerabilities	2009-07-13
drupal -- multiple XSS vulnerabilities	2006-10-18
drupal -- PHP code execution vulnerabilities	2005-07-16
drupal -- SQL injection vulnerability	2007-12-12
drupal -- XSS vulnerability	2006-08-02
drupal --- multiple vulnerabilities	2007-10-24
drupal-pubcookie -- authentication may be bypassed	2006-09-13
drupal6-cck -- cross-site scripting	2009-04-11
e2fsprogs -- heap buffer overflow	2007-12-20
ecartis -- unauthorised access to admin interface	2004-12-21
ecartis buffer overflows and input validation bugs	2004-03-29
ee -- temporary file privilege escalation	2006-01-27
eggdrop -- denial of service vulnerability	2009-05-30
egroupware -- arbitrary file download in JiNN	2005-01-21
egroupware -- multiple cross-site scripting (XSS) and SQL injection vulnerabilities	2005-07-23
egroupware -- two vulnerabilities	2010-03-11
ejabberd -- cross-site scripting vulnerability	2009-04-17
ekg -- insecure temporary file creation	2005-07-08
ElGamal sign+encrypt keys created by GnuPG can be compromised	2003-12-12
elinks -- buffer overflow vulnerability	2009-10-25
elm -- remote buffer overflow in Expires header	2005-08-23
emacs -- movemail format string vulnerability	2005-02-14
emacs -- run-python vulnerability	2008-11-07
Enhanced cTorrent -- stack-based overflow	2009-10-28
enscript -- arbitrary code execution vulnerability	2008-11-18
enscript -- multiple vulnerabilities	2005-02-11
epiphany -- untrusted search path vulnerability	2009-03-11
ethereal -- Multiple Protocol Dissector Vulnerabilities	2006-04-27
ethereal -- multiple protocol dissectors vulnerabilities	2005-06-24
ethereal -- multiple protocol dissectors vulnerabilities	2005-03-14
ethereal -- multiple protocol dissectors vulnerabilities	2005-02-08
ethereal -- multiple protocol dissectors vulnerabilities	2005-07-30
ethereal -- multiple vulnerabilities	2004-12-23
evince -- Buffer Overflow Vulnerability	2006-12-14
evolution -- arbitrary code execution vulnerability	2005-01-25
evolution -- remote format string vulnerabilities	2005-08-27
evolution-data-server -- remote execution of arbitrary code vulnerability	2007-06-25
exim -- two buffer overflow vulnerabilities	2005-01-05
exim buffer overflow when verify = header_syntax is used	2004-05-06
expat2 -- buffer over-read and crash	2009-12-08
expat2 -- Parser crash with specially formatted UTF-8 sequences	2009-12-08
extman -- password bypass vulnerability	2008-04-25
eyeOS -- multiple XSS security bugs	2006-09-25
ez-ipupdate -- format string vulnerability	2004-11-11
ezbounce remote format string vulnerability	2004-03-26
f2c -- insecure temporary files	2006-04-10
faad2 -- heap overflow vulnerability	2008-11-12
fcron -- multiple vulnerabilities	2005-01-21
fd_set -- bitmap index overflow in multiple applications	2005-06-17
fetchmail -- crash when bouncing a message	2006-01-23
fetchmail -- crashes when refusing a message bound for an MDA	2007-01-06
fetchmail -- denial of service on reject of local warning message	2007-09-02
fetchmail -- denial of service/crash from malicious POP3 server	2005-07-22
fetchmail -- fetchmailconf local password exposure	2005-10-30
fetchmail -- heap overflow on verbose X.509 display	2010-02-12
fetchmail -- improper SSL certificate subject verification	2009-08-11
fetchmail -- insecure APOP authentication	2007-04-09
fetchmail -- null pointer dereference in multidrop mode with headerless email	2005-12-19
fetchmail -- potential crash in -v -v verbose mode	2008-06-20
fetchmail -- potential crash in -v -v verbose mode (revised patch)	2008-07-01
fetchmail -- remote root/code injection from malicious POP3 server	2005-07-20
fetchmail -- TLS enforcement problem/MITM attack/password exposure	2007-01-06
Fetchmail address parsing vulnerability	2003-10-25
fetchmail denial-of-service vulnerability	2004-02-25
ffmpeg -- 4xm processing memory corruption vulnerability	2009-03-16
ffmpeg -- libavcodec buffer overflow vulnerability	2005-12-07
fidogate -- write files as `news' user	2004-08-22
file disclosure in phpMyAdmin	2004-02-22
findutils -- GNU locate heap buffer overrun	2007-06-01
firebird -- multiple remote buffer overflow vulnerabilities	2007-10-04
firefox & mozilla -- buffer overflow vulnerability	2005-09-10
firefox & mozilla -- command line URL shell command injection	2005-09-22
firefox & mozilla -- multiple vulnerabilities	2005-09-23
firefox & mozilla -- multiple vulnerabilities	2005-07-16
firefox -- arbitrary code execution from sidebar panel	2005-03-24
firefox -- arbitrary code execution in sidebar panel	2005-04-16
firefox -- denial of service vulnerability	2006-05-03
firefox -- javascript garbage collector vulnerability	2008-04-25
firefox -- multiple remote unspecified memory corruption vulnerabilities	2007-11-27
firefox -- multiple vulnerabilities	2009-02-11
firefox -- OnUnload Javascript browser entrapment vulnerability	2007-10-22
firefox -- PLUGINSPAGE privileged javascript execution	2005-04-16
flac -- media file processing integer overflow vulnerabilities	2007-11-13
flac123 -- stack overflow in comment parsing	2007-06-28
flyspray -- authentication bypass	2007-09-19
flyspray -- cross-site scripting vulnerabilities	2005-11-10
flyspray -- multiple vulnerabilities	2008-10-25
Format string vulnerability in SSLtelnet	2004-07-05
FreeBSD -- amd64 swapgs local privilege escalation	2008-09-05
FreeBSD -- arc4random(9) predictable sequence vulnerability	2009-01-05
FreeBSD -- Buffer overflow in tcpdump(1)	2007-08-02
FreeBSD -- Cross-site request forgery in ftpd(8)	2009-01-05
FreeBSD -- Devfs / VFS NULL pointer race condition	2009-10-06
FreeBSD -- DNS cache poisoning	2008-07-13
FreeBSD -- FPU information disclosure	2006-04-19
FreeBSD -- heap overflow in file(1)	2007-05-23
FreeBSD -- Infinite loop in SACK handling	2006-02-14
FreeBSD -- IPv6 Neighbor Discovery Protocol routing vulnerability	2009-01-05
FreeBSD -- IPv6 Routing Header 0 is dangerous	2007-04-28
FreeBSD -- Jail rc.d script privilege escalation	2007-02-27
FreeBSD -- Kernel memory disclosure in firewire(4)	2007-02-27
FreeBSD -- kqueue pipe race conditions	2009-10-06
FreeBSD -- Local kernel memory disclosure	2006-02-14
FreeBSD -- netgraph / bluetooth privilege escalation	2009-01-05
FreeBSD -- nmount(2) local arbitrary code execution	2008-09-05
FreeBSD -- Predictable query ids in named(8)	2007-08-02
FreeBSD -- Remote kernel panics on IPv6 connections	2008-09-05
FreeBSD -- remotely exploitable crash in OpenSSL	2009-05-07
freeciv -- Denial of Service Vulnerabilities	2006-09-26
freeciv -- Packet Parsing Denial of Service Vulnerability	2006-09-26
freeradius -- authentication bypass vulnerability	2006-06-08
freeradius -- denial-of-service vulnerability	2004-10-13
freeradius -- EAP-MSCHAPv2 Authentication Bypass	2006-03-29
freeradius -- EAP-TTLS Tunnel Memory Leak Remote DOS Vulnerability	2007-04-13
freeradius -- multiple vulnerabilities	2006-06-08
freeradius -- remote packet of death vulnerability	2009-12-14
freeradius -- sql injection and denial of service vulnerability	2005-05-22
freetype -- LWFN Files Buffer Overflow Vulnerability	2006-10-02
FreeType 2 -- Heap overflow vulnerability	2007-05-24
FreeType 2 -- Multiple Vulnerabilities	2008-07-03
freetype2 -- multiple vulnerabilities	2009-04-18
frontpage -- cross site scripting vulnerability	2006-05-23
fsp buffer overflow and directory traversal vulnerabilities	2004-01-19
fsplib -- multiple vulnerabilities	2007-08-02
fswiki - command injection vulnerability	2005-08-29
fswiki -- XSS problem in file upload form	2005-05-29
fswiki -- XSS vulnerability	2006-05-06
fuser -- missing user's privileges check	2009-12-21
fwbuilder -- security issue in temporary file handling	2009-09-18
gaim -- AIM/ICQ away message buffer overflow	2005-08-12
gaim -- AIM/ICQ non-UTF-8 filename crash	2005-08-12
gaim -- AIM/ICQ remote denial of service vulnerability	2005-04-25
gaim -- buffer overflow in MSN protocol support	2004-10-25
gaim -- Content-Length header denial-of-service vulnerability	2004-10-25
gaim -- heap overflow exploitable by malicious GroupWise server	2004-10-25
gaim -- jabber remote crash	2005-04-10
gaim -- malicious smiley themes	2004-10-25
gaim -- MSN denial-of-service vulnerabilities	2004-10-25
gaim -- MSN remote DoS vulnerability	2005-05-14
gaim -- MSN Remote DoS vulnerability	2005-06-17
gaim -- multiple buffer overflows	2004-10-25
gaim -- remote crash on some protocols	2005-05-14
gaim -- remote DoS on receiving certain messages over IRC	2005-04-10
gaim -- remote DoS on receiving malformed HTML	2005-04-10
gaim -- remote DoS on receiving malformed HTML	2005-04-25
gaim -- Yahoo! remote crash vulnerability	2005-06-17
gaim remotely exploitable vulnerabilities in MSN component	2004-08-12
gallery -- cross-site scripting	2005-06-17
gallery -- multiple vulnerabilities	2008-09-19
gallery -- remote code injection via HTTP_POST_VARS	2005-06-17
Gallery 1.4.3 and ealier user authentication bypass	2004-06-24
gallery2 -- file disclosure vulnerability	2005-10-15
gallery2 -- multiple vulnerabilities	2007-12-25
gallery2 -- multiple vulnerabilities	2007-11-09
ganglia -- buffer overflow vulnerability	2009-01-30
ganglia-webfrontend -- XSS vulnerabilities	2007-12-17
gd -- '_gdGetColors' remote buffer overflow vulnerability	2009-11-05
gd -- integer overflow	2004-11-05
gd -- multiple vulnerabilities	2007-06-29
gdk-pixbuf -- image decoding vulnerabilities	2004-09-15
gedit -- format string vulnerability	2006-02-20
geeklog xss vulnerability	2008-01-15
getmail -- symlink vulnerability during maildir delivery	2004-10-04
gforge -- directory traversal vulnerability	2005-06-03
gforge -- XSS and email flood vulnerabilities	2005-08-09
gftp -- directory traversal vulnerability	2005-02-18
gftp -- multiple vulnerabilities	2007-11-05
ghostscript -- buffer overflow vulnerability	2009-05-13
ghostscript -- insecure temporary file creation vulnerability	2005-11-27
ghostscript -- zseticcspace() function buffer overflow vulnerability	2008-03-05
git -- denial of service vulnerability	2009-06-15
git -- gitweb privilege escalation	2009-01-19
gld -- format string and buffer overflow vulnerabilities	2005-04-19
globus -- Multiple tmpfile races	2006-08-15
glpi -- SQL Injection	2009-01-28
gnats -- format string vulnerability	2004-11-12
GNATS local privilege elevation	2004-07-02
gnome-screensaver -- Multiple monitor hotplug issues	2010-02-13
gnomevfs -- unsafe URI handling	2004-08-26
GNU Anubis buffer overflows and format string vulnerabilities	2004-03-06
GNU finger vulnerability	2007-12-05
GNU libtool insecure temporary file handling	2004-02-13
gnu-radius -- SNMP-related denial-of-service	2004-09-20
gnupg -- 2 more possible memory allocation attacks	2006-08-02
gnupg -- buffer overflow	2006-11-27
gnupg -- false positive signature verification	2006-02-17
gnupg -- memory corruption vulnerability	2008-04-26
gnupg -- OpenPGP symmetric encryption vulnerability	2005-07-31
gnupg -- remotely controllable function pointer	2006-12-07
gnupg -- user id integer overflow vulnerability	2006-06-25
GnuPG does not detect injection of unsigned data	2006-03-10
gnutls -- "gnutls_handshake()" Denial of Service	2008-08-21
gnutls -- certificate chain verification DoS	2004-10-05
GnuTLS -- improper SSL certificate verification	2009-08-17
GnuTLS -- multiple vulnerabilities	2009-08-17
gnutls -- RSA Signature Forgery Vulnerability	2006-10-02
gnutls -- X.509 certificate chain validation vulnerability	2008-11-16
golddig -- local buffer overflow vulnerabilities	2005-01-03
google-earth -- heap overflow in the KML engine	2006-10-14
greed -- insecure GRX file processing	2005-01-03
grip -- CDDB response multiple matches buffer overflow vulnerability	2005-03-14
groff -- groffer uses temporary files unsafely	2005-05-09
groff -- pic2graph and eqn2graph are vulnerable to symlink attack through temporary files	2005-05-09
gstreamer-plugins-good -- multiple memory overflows	2009-03-16
gtar -- Directory traversal vulnerability	2007-09-01
gtar -- GNU TAR safer_name_suffix Remote Denial of Service Vulnerability	2009-01-15
gtar -- GNUTYPE_NAMES directory traversal vulnerability	2006-11-30
gtar -- invalid headers buffer overflow	2006-03-03
gtar -- name mangling symlink vulnerability	2007-02-27
gtetrinet -- remote code execution	2006-09-02
gzip -- directory traversal and permission race vulnerabilities	2005-06-18
gzip -- multiple vulnerabilities	2006-12-19
habari -- Cross-Site Scripting Vulnerability	2008-12-07
hafiye -- lack of terminal escape sequence filtering	2004-11-11
hashcash -- format string vulnerability	2005-04-02
hashcash -- heap overflow vulnerability	2006-06-27
heartbeat -- insecure temporary file creation vulnerability	2006-02-16
heimdal -- Multiple vulnerabilities	2006-03-20
heimdal kadmind remote heap buffer overflow	2004-05-05
helvis -- arbitrary file deletion problem	2005-01-10
helvis -- information leak vulnerabilities	2005-01-10
hlstats -- multiple cross site scripting vulnerabilities	2006-09-02
horde -- "url" disclosure of sensitive information vulnerability	2006-03-15
horde -- Cross site scripting vulnerabilities in MIME viewers	2005-11-22
horde -- Cross site scripting vulnerabilities in several of Horde's templates	2005-12-11
horde -- cross-site scripting vulnerability in help window	2004-10-27
horde -- Horde Page Title Cross-Site Scripting Vulnerability	2005-04-05
horde -- multiple parameter cross site scripting vulnerabilities	2006-06-17
horde -- multiple vulnerabilities	2008-09-11
horde -- Phishing and Cross-Site Scripting Vulnerabilities	2006-08-17
horde -- remote code execution vulnerability in the help viewer	2006-03-28
horde -- various problems in dereferrer	2006-07-05
horde -- XSS vulnerabilities	2005-01-22
horde-base -- multiple vulnerabilities	2009-09-14
hplip -- hpssd Denial of Service	2008-11-29
hsftp format string vulnerabilities	2004-02-25
htdig -- cross site scripting vulnerability	2005-09-04
hylafax -- unauthorized login vulnerability	2005-01-11
icecast -- Cross-Site Scripting Vulnerability	2004-10-13
icecast -- HTTP header overflow	2004-10-13
icecast 1.x multiple vulnerabilities	2004-02-12
id3lib -- insecure temporary file creation	2007-10-01
ident2 double byte buffer overflow	2004-04-23
IEEE 802.11 -- buffer overflow	2006-02-14
ifmail -- unsafe set-user-ID application	2004-10-19
ikiwiki -- cleartext passwords	2008-06-01
ikiwiki -- cross site request forging	2008-04-13
ikiwiki -- empty password security hole	2008-05-31
ikiwiki -- improper symlink verification vulnerability	2007-11-27
ikiwiki -- insufficient blacklisting in teximg plugin	2009-09-13
ikiwiki -- javascript insertion via uris	2008-02-11
ImageMagick -- BMP decoder buffer overflow	2004-08-31
ImageMagick -- EXIF parser buffer overflow	2004-11-11
ImageMagick -- format string vulnerability	2005-03-03
ImageMagick -- multiple vulnerabilities	2007-10-10
ImageMagick -- PSD handler heap overflow vulnerability	2005-01-18
ImageMagick -- ReadPNMImage() heap overflow vulnerability	2005-04-27
ImageMagick -- SGI Image File heap overflow vulnerability	2006-12-02
ImageMagick png vulnerability fix	2004-08-04
imap-uw -- authentication bypass when CRAM-MD5 is enabled	2005-06-03
imap-uw -- imap c-client buffer overflow	2009-01-11
imap-uw -- local buffer overflow vulnerabilities	2009-01-11
imap-uw -- mailbox name handling remote buffer vulnerability	2005-10-05
imap-uw -- University of Washington IMAP c-client Remote Format String Vulnerability	2009-05-21
imlib -- BMP decoder heap buffer overflow	2004-08-31
imlib -- xpm heap buffer overflows and integer overflows	2005-01-21
imlib2 -- BMP decoder buffer overflow	2004-08-31
Imlib2 -- multiple image file processing vulnerabilities	2006-11-08
imlib2 -- XPM processing buffer overflow vulnerability	2008-11-24
imp3 -- XSS hole in the HTML viewer	2004-10-05
imwheel -- insecure handling of PID file	2004-10-19
Incorrect cross-realm trust handling in Heimdal	2004-04-02
ingo -- local arbitrary shell command execution	2006-10-18
insecure temporary file creation in xine-check, xine-bugreport	2004-03-26
ipfw -- IP fragment denial of service	2006-02-14
ipsec -- Incorrect key usage in AES-XCBC-MAC	2005-08-05
ipsec -- reply attack vulnerability	2006-03-24
ipset-tools -- Denial of Service Vulnerabilities	2009-01-21
IRC Services-- Denial of Service Vulnerability	2008-01-19
irc-ratbox -- multiple vulnerabilities	2010-01-28
isakmpd payload handling denial-of-service vulnerabilities	2004-03-31
isc-dhcp-client -- Stack overflow vulnerability	2009-07-15
isc-dhcp3-server buffer overflow in logging mechanism	2004-06-25
isc-dhcpd -- format string vulnerabilities	2005-07-23
jabberd -- 3 buffer overflows	2005-07-30
jabberd -- denial-of-service vulnerability	2004-12-26
jabberd -- remote buffer overflow vulnerability	2004-11-30
jabberd -- SASL Negotiation Denial of Service Vulnerability	2006-05-01
jailed processes can attach to other jails	2004-04-07
jailed processes can manipulate host routing tables	2004-06-07
jdk -- jar directory traversal vulnerability	2005-04-16
jdk/jre -- Applet Caching May Allow Network Access Restrictions to be Circumvented	2007-10-08
jdk/jre -- Security Vulnerability With Java Plugin	2004-11-25
jetty -- multiple vulnerabilities	2007-12-10
jetty -- multiple vulnerability	2008-02-04
joomla -- flaw in the reset token validation	2008-08-20
joomla -- multiple remote vulnerabilities	2007-01-17
joomla -- multiple vulnerabilities	2009-06-16
Joomla -- multiple vulnerabilities	2006-06-30
joomla -- multiple vulnerabilities	2007-08-02
joomla -- multiple vulnerabilities	2006-08-30
joomla15 -- com_mailto Timeout Issue	2009-08-07
junkbuster -- heap corruption vulnerability and configuration modification vulnerability	2005-04-22
kaffeine -- buffer overflow vulnerability	2006-04-07
KDE -- multiple vulnerabilities	2009-11-02
kdebase -- Kate backup file permission leak	2005-07-18
kdelibs -- insecure temporary file creation	2005-02-18
kdelibs -- integer overflow in khtml	2006-10-22
kdelibs -- kimgio input validation errors	2005-04-22
kdelibs -- konqueror cross-domain cookie injection	2004-08-26
kdelibs -- local DCOP denial of service vulnerability	2005-03-21
kdelibs insecure temporary file handling	2004-08-12
kdelibs3 -- konqueror FTP command injection vulnerability	2005-01-01
kdepim exploitable buffer overflow in VCF reader	2004-04-15
kdewebdev -- kommander untrusted code execution vulnerability	2005-04-23
kdm -- passwordless login vulnerability	2007-09-19
kernel -- information disclosure when using HTT	2005-05-13
kernel -- ipfw packet matching errors with address tables	2005-06-29
kernel -- TCP connection stall denial of service	2005-06-29
konquerer -- address bar spoofing	2007-09-19
konqueror -- Password Disclosure for SMB Shares	2004-12-12
konversation -- shell script command injection	2005-01-19
kpdf -- heap based buffer overflow	2006-02-15
kpopup -- local root exploit and local denial of service	2006-02-07
krb5 -- ASN.1 decoder denial-of-service vulnerability	2004-08-31
krb5 -- double-free vulnerabilities	2004-08-31
krb5 -- heap buffer overflow vulnerability in libkadm5srv	2004-12-21
kronolith -- arbitrary local file inclusion vulnerability	2006-11-30
kronolith -- Cross site scripting vulnerabilities in several of the calendar name and event data fields	2005-12-11
kstars -- exploitable set-user-ID application fliccd	2005-06-17
ktorrent -- multiple vulnerabilities	2007-03-11
L2TP, ISAKMP, and RADIUS parsing vulnerabilities in tcpdump	2004-01-19
lbreakout2 vulnerability in environment variable handling	2004-02-25
ldapscripts -- Command Line User Credentials Disclosure	2007-10-23
leafnode -- denial of service vulnerability	2005-06-09
leafnode -- fetchnews denial-of-service triggered by transmission abort/timeout	2005-05-13
leafnode denial-of-service triggered by article request	2004-05-21
leafnode fetchnews denial-of-service triggered by missing header	2004-05-21
leafnode fetchnews denial-of-service triggered by truncated transmission	2004-05-21
lftp HTML parsing vulnerability	2003-12-12
lha -- numerous vulnerabilities when extracting archives	2004-09-23
lha buffer overflows and path traversal issues	2004-05-02
libarchive -- Infinite loop in corrupt archives handling in libarchive	2007-02-26
libcdaudio -- remote buffer overflow and code execution	2009-01-11
libexif -- buffer overflow vulnerability	2005-03-08
libgadu -- multiple vulnerabilities	2005-08-12
libmms -- stack-based buffer overflow	2006-09-22
libmusicbrainz -- multiple buffer overflow vulnerabilities	2006-12-02
libpng denial-of-service	2004-05-02
libpng stack-based buffer overflow and other code concerns	2004-08-04
libsndfile -- CAF processing integer overflow vulnerability	2009-03-16
libsndfile -- multiple vulnerabilities	2009-05-30
libspf2 -- Buffer overflow	2008-10-27
libtomcrypt -- weak signature scheme with ECC keys	2006-02-16
libtool -- Library Search Path Privilege Escalation Issue	2009-11-28
libvorbis -- Multiple memory corruption flaws	2007-07-26
libvorbis -- multiple vulnerabilities	2009-11-24
libvorbis -- various security issues	2008-05-17
libwmf -- embedded GD library Use-After-Free vulnerability	2009-05-16
libwmf -- integer overflow vulnerability	2009-05-16
libxine -- array index vulnerability	2008-04-24
libxine -- buffer overflow vulnerability	2008-02-26
libxine -- buffer overflow vulnerability	2008-01-29
libxine -- buffer overflow vulnerability	2008-01-19
libxine -- buffer overflow vulnerability	2006-06-11
libxine -- buffer-overflow vulnerability in aiff support	2004-12-29
libxine -- denial of service vulnerability	2008-10-19
libxine -- DVD subpicture decoder heap overflow	2005-01-12
libxine -- format string vulnerability	2005-10-09
libxine -- multiple buffer overflow vulnerabilities	2006-12-07
libxine -- multiple buffer overflows in RTSP	2005-01-12
libxine -- multiple vulnerabilities	2009-05-17
libxine -- multiple vulnerabilities	2009-05-17
libxine -- multiple vulnerabilities in VideoCD handling	2005-01-12
libxml -- remote buffer overflows	2004-11-09
libxml2 -- multiple vulnerabilities	2008-11-19
libxml2 -- two vulnerabilities	2008-10-15
libxml2 stack buffer overflow in URI parsing	2004-02-25
lifetype -- ADOdb "server.php" Insecure Test Script Security Issue	2006-04-27
lighttpd -- denial of service vulnerability	2010-02-16
lighttpd -- DOS when access files with mtime 0	2007-04-14
lighttpd -- FastCGI header overrun in mod_fastcgi	2007-09-10
lighttpd -- multiple vulnerabilities	2007-07-21
lighttpd -- multiple vulnerabilities	2008-09-27
lighttpd -- OpenSSL Error Queue Denial of Service Vulnerability	2008-04-13
lighttpd -- Remote DOS in CRLF parsing	2007-04-14
lighttpd -- script source disclosure vulnerability	2005-03-01
Linux binary compatibility mode input validation error	2004-06-30
linux-flashplugin -- arbitrary code execution vulnerability	2006-03-15
linux-flashplugin -- critical vulnerabilities	2007-07-18
linux-flashplugin -- multiple vulnerabilities	2008-01-03
linux-flashplugin -- multiple vulnerabilities	2009-12-09
linux-flashplugin -- multiple vulnerabilities	2008-10-17
linux-flashplugin -- multiple vulnerabilities	2010-02-13
linux-flashplugin -- unspecified remote code execution vulnerability	2008-05-30
linux-flashplugin7 -- arbitrary code execution vulnerabilities	2006-09-12
linux-realplayer -- buffer overrun	2006-03-27
linux-realplayer -- heap overflow	2006-03-27
linux-realplayer -- multiple vulnerabilities	2008-01-04
linux-realplayer -- RealText parsing heap overflow	2005-06-24
linux_base -- vulnerabilities in Red Hat 7.1 libraries	2005-06-01
liveMedia -- DoS vulnerability	2007-12-08
lsh -- multiple vulnerabilities	2007-09-05
lynx -- remote buffer overflow	2005-10-30
Macromedia flash player -- swf file handling arbitrary code	2005-11-13
mail-notification -- denial-of-service vulnerability	2004-10-12
mailman -- directory traversal vulnerability	2005-02-12
mailman -- generated passwords are poor quality	2005-06-01
mailman -- Multiple Vulnerabilities	2006-09-04
mailman -- password disclosure	2005-06-01
mailman -- Private Archive Script Cross-Site Scripting	2006-04-16
mailman -- script insertion vulnerability	2008-04-25
mailman denial-of-service vulnerability in MailCommandHandler	2004-02-25
mailman XSS in admin script	2004-02-25
mailman XSS in create script	2004-02-25
mailman XSS in user options page	2004-02-25
mambo -- "register_globals" emulation layer overwrite vulnerability	2005-11-30
mambo -- multiple SQL injection vulnerabilities	2006-10-05
mambo -- multiple vulnerabilities	2005-08-05
mambo -- SQL injection vulnerabilities	2006-07-05
mantis -- "t_core_path" file inclusion vulnerability	2005-12-14
mantis -- "view_filters_page.php" cross site scripting vulnerability	2006-02-16
mantis -- "view_filters_page.php" cross-site scripting vulnerability	2005-12-14
mantis -- multiple vulnerabilities	2008-12-06
mantis -- php code execution vulnerability	2008-12-06
mantis -- session hijacking vulnerability	2008-11-22
many out-of-sequence TCP packets denial-of-service	2004-04-07
maradns -- CNAME record resource rotation denial of service	2008-01-10
Mathopd buffer overflow	2003-12-12
mc -- multiple vulnerabilities	2005-01-21
mcweject -- exploitable buffer overflow	2007-04-08
mediawiki -- cross site scripting vulnerability	2006-04-05
mediawiki -- cross site scripting vulnerability	2007-09-21
mediawiki -- hardcoded placeholder string security bypass vulnerability	2006-04-05
mediawiki -- multiple vulnerabilities	2008-12-19
memcached -- memcached stats maps Information Disclosure Weakness	2009-08-17
metamail format string bugs and buffer overflows	2004-02-18
mgetty+sendfax -- symlink attack via insecure temporary files	2008-12-07
Midnight Commander buffer overflow during symlink resolution	2004-04-03
Midnight Commander buffer overflows, format string bugs, and insecure temporary file handling	2004-05-02
milter-bogom -- headerless message crash	2006-01-09
mkbold-mkitalic -- format string vulnerability	2005-02-24
mksh -- TTY attachment privilege escalation	2008-04-25
mksnap_ffs clears file system options	2004-04-07
mnemo -- Cross site scripting vulnerabilities in several of the notepad name and note data fields	2005-12-11
mnGoSearch buffer overflow in UdmDocToTextBuf()	2004-02-15
mod_access_referer -- null pointer dereference vulnerability	2004-12-11
mod_dav -- lock related denial-of-service	2004-09-15
mod_dosevasive -- insecure temporary file creation	2005-01-24
mod_jk -- information disclosure	2007-06-05
mod_jk -- long URL stack overflow vulnerability	2007-03-05
mod_perl -- cross-site scripting	2009-05-16
mod_perl -- remote DoS in PATH_INFO parsing	2007-04-24
mod_pubcookie -- cross site scripting vulnerability	2006-04-05
mod_python -- information leakage vulnerability	2005-02-13
mod_python denial-of-service vulnerability in parse_qs	2004-03-03
mod_ssl -- SSLCipherSuite bypass	2004-10-23
ModSecurity for Apache 2.x remote off-by-one overflow	2004-03-17
moinmoin - multiple vulnerabilities	2008-02-25
moinmoin -- ACL group bypass	2004-08-26
moinmoin -- cross-site scripting vulnerabilities	2009-05-16
moinmoin -- multiple cross site scripting vulnerabilities	2009-01-30
moinmoin -- multiple cross site scripting vulnerabilities	2009-05-13
moinmoin -- superuser privilege escalation	2008-06-14
MoinMoin administrative group name privilege escalation vulnerability	2004-06-28
monkey -- improper input validation vulnerability	2009-12-21
mono -- "System.CodeDom.Compiler" Insecure Temporary Creation	2006-10-05
mono -- XML signature HMAC truncation spoofing	2009-07-29
mozilla -- "Wrapped" javascript: urls bypass security checks	2005-05-12
mozilla -- arbitrary code execution vulnerability	2005-02-26
mozilla -- automated file upload	2004-09-22
mozilla -- BMP decoder vulnerabilities	2004-09-28
mozilla -- built-in CA certificates may be overridden	2004-09-22
mozilla -- code execution through javascript: favicons	2005-04-16
mozilla -- code execution via javascript: IconURL vulnerability	2005-05-11
mozilla -- code execution via Quicktime media-link files	2007-09-19
mozilla -- corrupt JIT state after deep return from native function	2009-07-17
mozilla -- heap buffer overflow in GIF image processing	2005-03-24
mozilla -- heap overflow in NNTP handler	2005-01-13
mozilla -- hostname spoofing bug	2004-09-30
mozilla -- insecure permissions for some downloaded files	2005-01-18
mozilla -- insecure temporary directory vulnerability	2005-02-26
mozilla -- javascript "lambda" replace exposes memory contents	2005-04-16
mozilla -- multiple heap buffer overflows	2004-09-28
mozilla -- multiple vulnerabilities	2007-07-19
mozilla -- multiple vulnerabilities	2009-04-22
mozilla -- multiple vulnerabilities	2010-02-18
mozilla -- multiple vulnerabilities	2009-10-28
mozilla -- multiple vulnerabilities	2006-07-27
mozilla -- multiple vulnerabilities	2007-02-24
mozilla -- multiple vulnerabilities	2008-09-24
mozilla -- multiple vulnerabilities	2009-12-16
mozilla -- multiple vulnerabilities	2008-12-19
mozilla -- multiple vulnerabilities	2008-11-13
mozilla -- multiple vulnerabilities	2008-03-30
mozilla -- multiple vulnerabilities	2009-08-04
mozilla -- multiple vulnerabilities	2006-09-15
mozilla -- multiple vulnerabilities	2009-06-12
mozilla -- multiple vulnerabilities	2008-02-22
mozilla -- multiple vulnerabilities	2006-04-16
mozilla -- NULL bytes in FTP URLs	2004-09-22
mozilla -- POP client heap overflow	2004-09-14
mozilla -- privilege escalation via DOM property overrides	2005-04-16
mozilla -- privilege escalation via non-DOM property overrides	2005-05-12
mozilla -- scripting vulnerabilities	2004-09-30
mozilla -- security icon spoofing	2004-09-22
mozilla -- SOAPParameter integer overflow	2004-09-14
mozilla -- users may be lured into bypassing security dialogs	2004-09-30
mozilla -- vCard stack buffer overflow	2004-09-28
Mozilla / Firefox user interface spoofing vulnerability	2004-07-30
Mozilla certificate spoofing	2004-07-30
mozilla firefox -- multiple vulnerabilities	2009-09-10
mpg123 -- buffer overflow in URL handling	2004-10-23
mpg123 -- buffer overflow vulnerability	2005-01-13
mpg123 -- playlist processing buffer overflow vulnerability	2005-01-03
mpg123 buffer overflow	2004-09-14
mpg123 vulnerabilities	2004-03-07
mplayer & libxine -- MMS and Real RTSP buffer overflow vulnerabilities	2005-04-25
mplayer -- buffer overflow in the code for RealMedia RTSP streams.	2007-01-08
mplayer -- cddb stack overflow	2007-06-07
mplayer -- DMO File Parsing Buffer Overflow Vulnerability	2007-03-09
mplayer -- heap overflow in the ASF demuxer	2006-03-09
mplayer -- multiple integer overflows	2008-10-01
mplayer -- Multiple integer overflows	2006-04-07
mplayer -- multiple vulnerabilities	2004-12-21
mplayer -- multiple vulnerabilities	2008-03-06
mplayer -- twinvq processing buffer overflow vulnerability	2008-12-30
mplayer -- vulnerability in STR files processor	2009-01-15
mplayer heap overflow in http requests	2004-03-31
MT -- Search Unspecified XSS	2006-10-02
mt-daapd -- denial of service vulnerability	2007-11-12
mt-daapd -- integer overflow	2008-05-02
multiple buffer overflows in xboing	2004-03-05
Multiple Potential Buffer Overruns in Samba	2004-07-21
multiple vulnerabilities in ethereal	2004-03-26
multiple vulnerabilities in ethereal	2004-07-11
multiple vulnerabilities in ethereal	2004-07-11
multiple vulnerabilities in phpBB	2004-03-26
Mutiple browser frame injection vulnerability	2004-08-12
mutt -- buffer overflow vulnerability	2007-07-29
mutt -- Remote Buffer Overflow Vulnerability	2006-06-30
mybb -- multiple vulnerabilities	2009-09-30
mysql -- ALTER MERGE denial of service vulnerability	2004-12-16
mysql -- command line client input validation vulnerability	2008-10-01
mysql -- database "case-sensitive" privilege escalation	2006-10-29
mysql -- database suid privilege escalation	2006-10-29
mysql -- empty bit-string literal denial of service	2009-01-11
mysql -- erroneous access restrictions applied to table renames	2004-12-16
mysql -- format string vulnerability	2006-08-13
mysql -- FTS request denial of service vulnerability	2004-12-16
mysql -- GRANT access restriction problem	2004-12-16
mysql -- heap buffer overflow with prepared statements	2004-09-23
MySQL -- Information Disclosure and Buffer Overflow Vulnerabilities	2006-06-01
mysql -- MyISAM table privileges security bypass vulnerability	2008-09-10
mysql -- MyISAM table privileges security bypass vulnerability for symlinked paths	2008-12-30
mysql -- mysql_real_connect buffer overflow vulnerability	2004-12-16
mysql -- mysqlhotcopy insecure temporary file creation	2004-08-22
mysql -- privilege escalation and overwrite of the system table information	2009-01-11
mysql -- remote dos via malformed password packet	2009-01-11
mysql -- renaming of arbitrary tables by authenticated users	2009-01-11
MySQL -- SQL-injection security vulnerability	2006-06-01
MySQL authentication bypass / buffer overflow	2004-07-05
MySQL insecure temporary file creation (mysqlbug)	2004-04-16
mysql-scripts -- mysqlaccess insecure temporary file creation	2005-01-16
mysql-server -- insecure temporary file creation	2005-07-09
mysql-server -- multiple remote vulnerabilities	2005-03-14
mysql50-server -- COM_TABLE_DUMP arbitrary code execution	2006-05-06
nag -- Cross site scripting vulnerabilities in several of the tasklist name and task data fields	2005-12-11
nagios -- Command Injection Vulnerability	2009-06-30
Nagios -- Cross Site Scripting Vulnerability	2008-05-28
nagios -- web interface privilege escalation vulnerability	2009-01-12
nagios-plugins -- Long Location Header Buffer Overflow Vulnerability	2007-10-11
nap allows arbitrary file access	2004-02-12
nbd-server -- buffer overflow vulnerability	2005-12-22
nbsmtp -- format string vulnerability	2005-08-01
neon -- NULL pointer dereference in Digest domain support	2008-09-12
neon date parsing vulnerability	2004-05-19
neon format string vulnerabilities	2004-04-15
net-snmp -- denial of service via GETBULK request	2007-11-13
net-snmp -- DoS for SNMP agent via crafted GETBULK request	2008-11-14
net-snmp -- fixproc insecure temporary file creation	2005-07-09
net-snmp -- remote DoS vulnerability	2005-07-05
netatalk -- arbitrary command execution in papd daemon	2009-03-18
netpbm -- buffer overflow in pnmtopng	2006-04-05
newsfetch -- server response buffer overflow vulnerability	2005-02-01
newsgrab -- directory traversal vulnerability	2005-02-01
newsgrab -- insecure file and directory creation	2005-02-01
newspost -- server response buffer overflow vulnerability	2005-02-01
nfs -- remote denial of service	2006-03-12
nfsen -- remote command execution	2009-07-03
nginx -- remote denial of service vulnerability	2009-09-14
ngircd -- buffer overflow vulnerability	2005-02-13
ngircd -- format string vulnerability	2005-02-13
nsd -- buffer overflow vulnerability	2009-05-19
nss -- exploitable buffer overflow in SSLv2 protocol handler	2004-08-27
ntp -- stack-based buffer overflow	2009-05-20
nvidia-driver -- arbitrary root code execution vulnerability	2006-10-16
nwclient -- multiple vulnerabilities	2005-07-08
oftpd denial-of-service vulnerability (PORT command)	2004-03-28
oops -- format string vulnerability	2005-05-22
Open DC Hub -- remote buffer overflow vulnerability	2004-11-27
openfire -- multiple vulnerabilities	2008-11-19
openfire -- multiple vulnerabilities	2009-01-25
openfire -- Openfire No Password Changes Security Bypass	2009-05-04
openfire -- unspecified denial of service	2008-04-25
openldap -- modrdn Denial of Service vulnerability	2008-02-22
openldap -- multiple remote denial of service vulnerabilities	2007-10-30
openldap -- slapd acl selfwrite Security Issue	2006-10-05
openoffice -- arbitrary code execution vulnerabilities	2008-11-29
openoffice -- arbitrary command execution vulnerability	2007-09-20
openoffice -- DOC document heap overflow vulnerability	2005-04-13
openoffice -- document disclosure	2004-09-14
openoffice.org -- multiple vulnerabilities	2010-02-25
openssh -- multiple vulnerabilities	2006-09-30
openssh -- remote denial of service	2006-03-12
openssl -- denial of service in DTLS implementation	2009-05-30
openssl -- Incorrect PKCS#1 v1.5 padding validation in crypto(3)	2006-12-19
OpenSSL -- Multiple problems in crypto(3)	2007-02-26
openssl -- potential SSL 2.0 rollback	2005-10-12
OpenSSL ChangeCipherSpec denial-of-service vulnerability	2004-03-17
openvpn -- arbitrary code execution on client through malicious or compromised server	2005-11-01
openvpn -- denial of service: client certificate validation can disconnect unrelated clients	2005-08-19
openvpn -- denial of service: malicious authenticated "tap" client can deplete server virtual memory	2005-08-19
openvpn -- denial of service: undecryptable packet from authorized client can disconnect unrelated clients	2005-08-19
openvpn -- LD_PRELOAD code execution on client through malicious or compromised server	2006-04-05
openvpn -- multiple TCP clients connecting with the same certificate at the same time can crash the server	2005-08-19
openvpn -- potential denial-of-service on servers in TCP mode	2005-11-01
openvpn-devel -- arbitrary code execution	2008-08-07
openx -- sql injection vulnerability	2008-10-25
opera -- "data:" URI handler spoofing vulnerability	2005-02-18
opera -- "javascript:" URL cross-site scripting vulnerability	2005-06-20
opera -- command line URL shell command injection	2005-11-30
opera -- download dialog spoofing vulnerability	2005-07-30
opera -- image dragging vulnerability	2005-07-30
opera -- kfmclient exec command execution vulnerability	2005-02-18
opera -- multiple vulnerabilities	2007-07-19
opera -- multiple vulnerabilities	2005-11-30
opera -- multiple vulnerabilities	2009-09-04
opera -- multiple vulnerabilities	2008-12-19
opera -- multiple vulnerabilities	2008-08-25
opera -- multiple vulnerabilities	2007-10-25
opera -- multiple vulnerabilities	2009-03-15
opera -- multiple vulnerabilities	2009-12-01
opera -- multiple vulnerabilities	2008-02-22
opera -- multiple vulnerabilities	2007-01-05
opera -- multiple vulnerabilities	2007-12-19
opera -- multiple vulnerabilities	2008-04-05
opera -- multiple vulnerabilities	2008-10-28
opera -- multiple vulnerabilities	2009-10-31
opera -- multiple vulnerabilities	2008-11-03
opera -- multiple vulnerabilities	2008-10-10
opera -- multiple vulnerabilities in Java implementation	2005-01-24
opera -- redirection cross-site scripting vulnerability	2005-06-20
opera -- RSA Signature Forgery	2006-09-22
opera -- URL parsing heap overflow vulnerability	2006-10-20
opera -- Vulnerability in javascript handling	2007-08-15
opera -- XMLHttpRequest security bypass	2005-06-20
OPIE -- arbitrary password change	2006-03-24
optipng -- arbitrary code execution via crafted BMP image	2009-01-19
otrs -- SQL injection	2010-02-08
Overflow error in fetch	2004-11-18
p5-Archive-Zip -- virus detection evasion	2004-11-08
p5-DBI -- insecure temporary file creation vulnerability	2006-04-23
p5-File-Path -- rmtree allows creation of setuid files	2009-01-03
p5-HTML-Parser -- denial of service	2009-11-06
p5-Imager - possibly exploitable buffer overflow	2007-04-30
p5-Mail-SpamAssassin -- denial of service vulnerability	2005-06-18
p5-Mail-SpamAssassin -- local user symlink-attack DoS vulnerability	2007-06-18
p5-Mail-SpamAssassin -- long message header denial of service	2005-11-10
p5-Net-DNS -- multiple Vulnerabilities	2007-07-28
pam_ldap -- authentication bypass vulnerability	2005-08-27
pango -- integer overflow	2009-05-13
Pavuk HTTP Location header overflow	2004-07-03
pcal -- buffer overflow vulnerabilities	2005-01-06
pcre -- arbitrary code execution	2007-11-06
pcre -- buffer overflow vulnerability	2008-02-29
pcre -- regular expression buffer overflow	2005-08-26
pdfjam -- insecure temporary files	2009-01-11
PEAR -- Net_Ping and Net_Traceroute remote arbitrary command injection	2010-01-04
pear-PEAR -- PEAR installer arbitrary code execution vulnerability	2005-11-04
pear-XML_RPC -- arbitrary remote code execution	2005-07-03
pear-XML_RPC -- information disclosure vulnerabilities	2005-07-08
pear-XML_RPC -- remote PHP code injection vulnerability	2005-08-15
peercast -- arbitrary code execution	2008-05-21
peercast -- buffer overflow vulnerability	2007-12-19
perdition -- str_vwrite format string vulnerability	2007-11-05
perl -- Directory Permissions Race Condition	2009-02-03
perl -- File::Path insecure file/directory permissions	2005-01-21
perl -- regular expressions unicode data buffer overflow	2007-11-06
perl -- vulnerabilities in PERLIO_DEBUG handling	2005-02-02
perl, webmin, usermin -- perl format string integer wrap vulnerability	2006-02-15
pf -- IP fragment handling panic	2006-02-14
php -- _ecalloc Integer Overflow Vulnerability	2006-10-06
php -- ini database truncation inside dba_replace() function	2009-05-16
php -- input validation error in safe_mode	2008-06-22
php -- integer overflow vulnerability	2008-04-25
php -- memory_limit related vulnerability	2004-09-27
php -- multiple security vulnerabilities	2007-11-16
php -- multiple vulnerabilities	2009-12-17
PHP -- multiple vulnerabilities	2005-11-01
php -- multiple vulnerabilities	2006-09-13
php -- multiple vulnerabilities	2008-12-07
php -- multiple vulnerabilities	2007-05-07
php -- multiple vulnerabilities	2007-09-11
php -- multiple vulnerabilities	2004-12-17
php -- multiple vulnerabilities	2007-02-17
php -- open_basedir Race Condition Vulnerability	2006-10-05
php -- php_variables memory disclosure	2004-10-05
php -- readfile() DoS vulnerability	2005-04-10
php -- strip_tags cross-site scripting vulnerability	2004-09-27
php -- vulnerability in RFC 1867 file upload processing	2004-09-15
php-mbstring -- php mbstring buffer overflow vulnerability	2009-03-16
php5 -- Multiple security issues	2009-10-12
php5 -- potential magic_quotes_gpc vulnerability	2008-12-08
php5-gd -- uninitialized memory information disclosure vulnerability	2009-01-05
phpbb - Insuffient check against HTML code in usercp_register.php	2005-03-05
phpbb -- arbitrary command execution and other vulnerabilities	2004-12-22
phpbb -- multiple information disclosure vulnerabilities	2005-02-23
phpbb -- multiple vulnerabilities	2006-02-16
phpbb -- multiple vulnerabilities	2005-07-09
phpbb -- NULL byte injection vulnerability	2006-10-04
phpbb -- privilege elevation and path disclosure	2005-02-28
phpbb -- remote PHP code execution vulnerability	2005-07-03
phpBB IP address spoofing	2004-04-23
phpBB session table exhaustion	2004-05-06
phpicalendar -- cross site scripting vulnerability	2006-02-15
phpicalendar -- file disclosure vulnerability	2006-02-15
phpldapadmin -- Cross-Site Scripting and Script Insertion vulnerabilities	2006-05-14
phplist -- local file inclusion vulnerability	2009-02-09
phpmyadmin -- 'set_theme' Cross-Site Scripting	2006-04-06
phpmyadmin -- arbitrary file include and XSS vulnerabilities	2005-03-08
phpmyadmin -- Code execution vulnerability	2008-09-17
phpmyadmin -- command execution vulnerability	2004-12-15
phpmyadmin -- cross site request forgery vulnerabilites	2008-07-18
phpmyadmin -- Cross Site Scripting	2007-11-21
phpmyadmin -- Cross Site Scripting Vulnerabilities	2008-06-28
phpmyadmin -- cross site scripting vulnerability	2005-07-31
phpmyadmin -- cross site scripting vulnerability	2006-07-03
phpmyadmin -- cross-site request forgery vulnerability	2008-12-11
phpMyAdmin -- cross-site scripting vulnerabilities	2004-11-20
phpmyadmin -- cross-site scripting vulnerability	2007-10-17
phpmyadmin -- cross-site scripting vulnerability	2007-10-16
phpmyadmin -- Cross-Site Scripting Vulnerability	2008-09-23
phpmyadmin -- cross-site scripting vulnerability	2007-11-11
phpmyadmin -- Cross-Site Scripting Vulnerability	2008-10-31
phpmyadmin -- file disclosure vulnerability	2004-12-15
phpmyadmin -- HTTP Response Splitting vulnerability	2005-11-16
phpmyadmin -- increased privilege vulnerability	2005-03-15
phpmyadmin -- information disclosure vulnerability	2005-03-08
phpmyadmin -- insufficient output sanitizing when generating configuration file	2009-04-15
phpmyadmin -- insufficient output sanitizing when generating configuration file	2009-03-25
phpmyadmin -- local file inclusion vulnerability	2005-10-11
phpmyadmin -- register_globals emulation "import_blacklist" manipulation	2005-12-07
phpmyadmin -- remote command execution vulnerability	2004-10-20
phpmyadmin -- Shared Host Information Disclosure	2008-04-24
phpmyadmin -- SQL injection vulnerability	2008-03-04
phpmyadmin -- Username/Password Session File Information Disclosure	2008-04-24
phpmyadmin -- XSRF vulnerabilities	2006-05-21
phpmyadmin -- XSRF vulnerabilities	2006-10-02
phpmyadmin -- XSS and SQL injection vulnerabilities	2009-10-13
phpmyadmin -- XSS vulnerabilities	2006-04-06
phpmyadmin -- XSS vulnerabilities	2005-12-07
phpmyadmin -- XSS vulnerability	2009-06-30
phpmyfaq -- SQL injection, takeover, path disclosure, remote code execution	2005-09-29
phppgadmin -- "formLanguage" local file inclusion vulnerability	2005-07-08
phppgadmin -- cross site scripting vulnerability	2007-06-04
phppgadmin -- directory traversal with register_globals enabled	2009-03-16
phpSysInfo -- "register_globals" emulation layer overwrite vulnerability	2005-11-13
phpSysInfo -- cross site scripting vulnerability	2005-07-09
phpsysinfo -- url Cross-Site Scripting	2007-07-28
phpwebftp -- "language" Local File Inclusion	2006-05-03
picasm -- buffer overflow vulnerability	2005-10-02
pidgin -- MSN overflow parsing SLP messages	2009-08-20
pidgin -- multiple vulnerabilities	2009-06-16
pine insecure URL handling	2004-02-12
pine remote denial-of-service attack	2004-02-12
pine remotely exploitable buffer overflow in newmail.c	2004-02-12
pine remotely exploitable vulnerabilities	2004-02-12
pivot-weblog -- file deletion vulnerability	2009-03-27
piwik -- php code execution	2009-12-11
plans -- multiple vulnerabilities	2006-09-26
pligg -- Cross-Site Scripting and Cross-Site Request Forgery	2009-12-12
plone -- "member_id" Parameter Portrait Manipulation Vulnerability	2006-04-18
plone -- unprotected MembershipTool methods	2006-10-19
plone -- unsafe data interpreted as pickles	2007-11-12
plone -- user can masquerade as a group	2006-12-27
png -- DoS crash vulnerability	2007-05-16
png -- multiple vulnerabilities	2007-10-11
png -- unknown chunk processing uninitialized memory access	2008-04-25
pngcrush -- libpng Uninitialised Pointer Arrays Vulnerability	2009-03-04
popfile file disclosure	2004-08-12
poppler -- Poppler Multiple Vulnerabilities	2009-04-18
poppler -- uninitialized pointer	2008-07-09
portupgrade -- insecure temporary file handling vulnerability	2005-04-12
postfix-policyd-weight -- working directory symlink vulnerability	2008-04-06
postgresql -- character conversion and tsearch2 vulnerabilities	2006-02-16
postgresql -- encoding based SQL injection	2006-08-13
postgresql -- multiple buffer overflows in PL/PgSQL parser	2005-02-17
postgresql -- multiple vulnerabilities	2009-12-17
postgresql -- multiple vulnerabilities	2006-08-13
postgresql -- multiple vulnerabilities	2008-04-24
postgresql -- privilege escalation vulnerability	2005-02-08
postgresql-contrib -- insecure temporary file creation	2004-11-06
postgresql81-server -- SET ROLE privilege escalation	2006-02-18
postnuke -- admin section SQL injection	2006-10-03
postnuke -- cross-site scripting (XSS) vulnerabilities	2005-03-04
postnuke -- multiple vulnerabilities	2005-08-08
postnuke -- SQL injection vulnerabilities	2005-03-04
pound remotely exploitable vulnerability	2004-05-02
powerdns -- DoS vulnerability	2005-02-14
PowerDNS -- LDAP backend fails to escape all queries	2005-07-21
powerdns-recursor -- DNS cache poisoning	2008-04-05
powerdns-recursor -- multiple vulnerabilities	2010-01-09
ppxp -- local root exploit	2005-05-22
proftpd -- format string vulnerabilities	2005-08-03
proftpd -- Long Command Processing Vulnerability	2008-09-23
proftpd -- multiple sql injection vulnerabilities	2009-03-16
proftpd -- remote code execution vulnerabilities	2006-12-21
proftpd -- Remote Code Execution Vulnerability	2006-11-14
ProFTPD ASCII translation bug resulting in remote root compromise	2004-01-05
proftpd IP address access control list breakage	2004-05-02
proxytunnel -- format string vulnerability	2004-11-15
ProZilla -- server response buffer overflow vulnerabilities	2004-11-25
pubcookie-login-server -- cross site scripting vulnerability	2006-04-05
punbb -- NULL byte injection vulnerability	2006-09-30
putty -- buffer overflow vulnerability in ssh2 support	2004-11-04
putty -- pscp/psftp heap corruption vulnerabilities	2005-02-20
py-django -- denial of service vulnerability	2007-10-27
py-pylons -- Path traversal bug	2008-07-04
pyblosxom -- atom flavor multiple XML injection vulnerabilities	2009-02-11
pycrypto -- ARC2 module buffer overflow	2009-02-15
python -- buffer overrun in repr() for unicode strings	2006-10-07
python -- Integer Signedness Error in zlib Module	2008-04-25
python -- multiple vulnerabilities	2008-09-10
python -- SimpleXMLRPCServer.py allows unrestricted traversal	2005-02-03
qemu - several vulnerabilities	2007-05-01
qemu -- "drive_init()" Disk Format Security Bypass	2008-05-08
qemu -- Heap overflow in Cirrus emulation	2008-11-02
qemu -- Translation Block Local Denial of Service Vulnerability	2007-12-12
qemu -- unchecked block read/write vulnerability	2008-03-11
qpopper -- multiple privilege escalation vulnerabilities	2005-11-07
qpopper format string vulnerability	2003-12-12
qt -- image loader vulnerabilities	2004-08-22
quagga -- Denial of Service	2009-05-06
quake2 -- multiple critical vulnerabilities	2005-01-21
racoon -- improper certificate handling	2004-10-03
racoon -- remote denial-of-service	2005-06-03
racoon fails to verify signature during Phase 1	2004-04-07
racoon remote denial of service vulnerability (IKE Generic Payload Header)	2004-04-07
racoon remote denial of service vulnerability (ISAKMP header length field)	2004-04-14
racoon security association deletion vulnerability	2004-03-25
rar -- password prompt buffer overflow vulnerability	2007-02-17
razor-agents -- denial of service vulnerability	2005-06-20
realplayer -- arbitrary file deletion and other vulnerabilities	2005-01-21
realplayer -- remote heap overflow	2005-03-04
Remote code injection in phpMyAdmin	2004-07-02
Remote Denial of Service of HTTP server and client	2004-06-25
ripMIME -- decoding bug allowing content filter bypass	2004-08-27
rkhunter -- insecure temporary file creation	2007-09-05
rockdodger -- buffer overflows	2004-12-02
roundcube -- remote execution of arbitrary code	2008-12-30
roundcube -- webmail script insertion and php code injection	2009-03-16
rsnapshot -- local privilege escalation	2005-05-01
rssh & scponly -- arbitrary command execution	2004-12-02
rssh -- file name disclosure bug	2004-09-21
rssh -- format string vulnerability	2004-10-25
rssh -- privilege escalation vulnerability	2006-02-16
rsync -- off by one stack overflow	2007-08-21
rsync -- path sanitizing vulnerability	2004-08-26
rsync buffer overflow in server mode	2004-02-12
rsync path traversal issue	2004-05-02
rt -- Session fixation vulnerability	2009-12-09
ruby - multiple vulnerabilities	2006-07-29
ruby -- arbitrary command execution on XMLRPC server	2005-06-23
ruby -- BigDecimal denial of service vulnerability	2009-06-13
ruby -- CGI DoS	2004-11-13
ruby -- cgi.rb library Denial of Service	2006-12-04
ruby -- cgi.rb library Denial of Service	2006-11-04
ruby -- DNS spoofing vulnerability	2008-08-16
ruby -- DoS vulnerability in WEBrick	2008-08-16
ruby -- heap overflow vulnerability	2009-12-09
ruby -- multiple integer and buffer overflow vulnerabilities	2008-06-21
ruby -- multiple vulnerabilities in safe level	2008-08-16
ruby -- vulnerability in the safe level settings	2005-10-27
Ruby insecure file permissions in the CGI session management	2004-08-16
rubygem-rails -- evaluation of ruby code	2006-08-10
rubygem-rails -- JSON XSS vulnerability	2007-11-28
rubygem-rails -- session-fixation vulnerability	2007-11-27
rubygem-rails -- SQL injection vulnerability	2008-09-10
rxvt-unicode -- buffer overflow vulnerability	2005-03-13
rxvt-unicode -- restore permissions on tty devices	2006-01-04
samba -- buffer overflow vulnerability	2007-12-12
samba -- Exposure of machine account credentials in winbind log files	2006-04-05
samba -- format string bug in afsacl.so VFS plugin	2007-03-16
samba -- integer overflow vulnerability	2004-12-21
samba -- memory exhaustion DoS in smbd	2006-07-10
samba -- multiple vulnerabilities	2007-05-16
samba -- multiple vulnerabilities	2007-11-21
samba -- nss_info plugin privilege escalation vulnerability	2007-09-21
samba -- potential Denial of Service bug in smbd	2007-03-16
samba -- potential leakage of arbitrary memory contents	2008-11-29
samba -- potential remote DoS vulnerability	2004-11-12
samba -- remote file disclosure	2004-09-30
Samba 3.0.x password initialization bug	2004-02-12
samba3 DoS attack	2004-09-14
scponly -- local privilege escalation exploits	2005-12-22
screen -- combined UTF-8 characters vulnerability	2006-10-29
sdl_image -- buffer overflow vulnerabilities	2008-05-02
sendmail -- Incorrect multipart message handling	2006-06-14
sendmail -- race condition vulnerability	2006-03-24
serendipity -- multiple cross site scripting vulnerabilities	2008-04-25
Serendipity -- XSS Vulnerabilities	2006-10-21
seti@home remotely exploitable buffer overflow	2004-02-12
setsockopt(2) IPv6 sockets input validation error	2004-03-29
Several remotely exploitable buffer overflows in gaim	2004-02-12
Several vulnerabilities found in PHPNuke	2004-07-03
sge -- local root exploit in bundled rsh executable	2006-01-23
sharutils -- buffer overflows	2004-10-13
sharutils -- unshar insecure temporary file creation	2005-05-01
shmat reference counting bug	2004-04-07
shoutcast -- cross-site scripting, information exposure	2006-07-11
shtool -- insecure temporary file creation	2005-07-09
silc -- pkcs_decode buffer overflow	2008-03-26
silc-client -- Format string vulnerability	2009-08-04
silc-toolkit -- Format string vulnerabilities	2009-09-08
sircd -- remote operator privilege escalation vulnerability	2007-01-15
sircd -- remote reverse DNS buffer overflow	2007-01-15
skype -- multiple buffer overflow vulnerabilities	2005-11-01
slim -- local disclosure of X authority magic cookie	2009-05-30
smbd -- buffer-overrun vulnerability	2004-11-17
smbfs -- chroot escape	2006-06-09
smbftpd -- format string vulnerability	2007-12-12
snort -- Back Orifice preprocessor buffer overflow vulnerability	2005-10-18
snort -- DCE/RPC preprocessor vulnerability	2007-02-21
socat -- format string vulnerability	2004-11-10
SoX buffer overflows when handling .WAV files	2004-08-26
SpamAssassin -- denial-of-service in tokenize_headers	2004-08-23
spamdyke -- open relay	2008-05-27
sppp -- buffer overflow vulnerability	2006-08-23
SQL injection vulnerability in phpnuke	2004-02-25
sql-ledger -- multiple vulnerabilities	2006-12-18
sql-ledger -- security bypass vulnerability	2007-03-16
squid -- buffer overflow in WCCP recvfrom() call	2005-01-28
squid -- buffer overflow vulnerability in gopherToHTML	2005-01-12
squid -- confusing results on empty acl declarations	2004-12-23
squid -- correct handling of oversized HTTP reply headers	2005-02-08
Squid -- Denial of Service Vulnerability	2007-12-04
squid -- Denial of Service vulnerability in DNS handling	2010-02-01
squid -- Denial of Service vulnerability in HTCP	2010-02-14
squid -- Denial Of Service Vulnerability in sslConnectTimeout	2005-09-04
squid -- denial of service with forged WCCP messages	2005-01-12
squid -- denial-of-service vulnerabilities	2005-06-03
squid -- DNS lookup spoofing vulnerability	2005-05-19
squid -- DoS on failed PUT/POST requests vulnerability	2005-04-10
squid -- FTP server response handling denial of service	2005-11-01
squid -- HTTP response splitting cache pollution attack	2005-01-22
squid -- no sanity check of usernames in squid_ldap_auth	2005-01-19
squid -- NTLM authentication denial-of-service vulnerability	2004-08-16
squid -- possible abuse of cachemgr.cgi	2005-05-19
squid -- possible cache-poisoning via malformed HTTP responses	2005-01-24
squid -- possible denial of service condition regarding NTLM authentication	2005-09-15
squid -- Possible Denial Of Service Vulnerability in store.c	2005-09-04
squid -- possible information disclosure	2004-12-09
squid -- remote denial of service vulnerability	2009-02-09
squid -- several remote denial of service vulnerabilities	2009-07-27
squid -- SNMP module denial-of-service vulnerability	2004-10-12
Squid -- TRACE method handling denial of service	2007-03-21
squid ACL bypass due to URL decoding bug	2004-03-26
squidGuard -- multiple vulnerabilities	2009-10-22
squirrelmail -- _$POST variable handling allows for various attacks	2005-09-17
squirrelmail -- Cross site scripting in HTML filter	2007-05-21
squirrelmail -- Cross site scripting vulnerability	2008-12-04
squirrelmail -- cross site scripting vulnerability	2004-11-12
squirrelmail -- multiple vulnerabilities	2006-02-24
SquirrelMail -- Plug-ins compromise	2009-08-02
squirrelmail -- plugin.php local file inclusion vulnerability	2006-06-05
squirrelmail -- random variable overwrite vulnerability	2006-08-12
squirrelmail -- Session hijacking vulnerability	2008-09-23
squirrelmail -- Several cross site scripting vulnerabilities	2005-06-18
squirrelmail -- XSS and remote code injection vulnerabilities	2005-06-01
SSH.COM SFTP server -- format string vulnerability	2006-03-04
streamripper -- multiple buffer overflows	2008-11-23
subversion -- heap overflow vulnerability	2009-08-06
subversion -- WebDAV fails to protect metadata	2004-09-26
subversion date parsing vulnerability	2004-05-19
sudo -- arbitrary command execution	2006-02-16
sudo -- certain authorized users could run commands as any user	2009-02-06
sudo -- environmental variable CDPATH is not cleared	2005-01-21
sudo -- local race condition vulnerability	2005-06-20
sudo -- privilege escalation with bash scripts	2004-11-13
sudo -- Privilege escalation with sudoedit	2010-03-01
sudo -- sudoedit information disclosure	2004-09-20
sudoscript -- signal delivery vulnerability	2004-12-01
sup -- format string vulnerability	2005-02-27
suphp -- multiple local privilege escalation vulnerabilities	2008-04-05
swfdec -- exposure of sensitive information	2008-05-07
sylpheed -- buffer overflow in header processing	2005-03-23
sylpheed -- MIME-encoded file name buffer overflow vulnerability	2005-07-31
sympa -- buffer overflow in "queue"	2005-06-01
syslog-ng2 -- startup directory leakage in the chroot environment	2008-11-18
tcl/tk -- buffer overflow in ReadImage function	2007-10-05
TCP denial-of-service attacks against long lived connections	2004-04-23
tcpdump -- infinite loops in protocol decoding	2005-06-18
tcpdump ISAKMP payload handling remote denial-of-service	2004-03-31
tdiary -- cross site scripting vulnerability	2006-12-02
tdiary -- injection vulnerability	2006-12-13
Teamspeak Server -- Directory Traversal Vulnerability	2009-01-20
texindex -- temporary file privilege escalation	2006-01-27
thunderbird -- javascript execution	2006-04-07
tiff -- buffer overflow vulnerability	2005-07-30
tiff -- directory entry count integer overflow vulnerability	2005-01-06
tiff -- divide-by-zero denial-of-service	2005-01-18
tiff -- multiple integer overflows	2004-10-13
tiff -- RLE decoder heap overflows	2004-10-13
tiff -- tiffdump integer overflow vulnerability	2005-01-06
tikiwiki -- multiple vulnerabilities	2006-09-30
tikiwiki -- multiple vulnerabilities	2007-11-09
tin -- buffer overflow vulnerabilities	2006-10-05
tkdiff -- temporary file symlink privilege escalation	2006-10-15
tnftp -- mget does not check for directory escapes	2005-01-07
tnftpd -- Remote root Exploit	2006-12-11
tnftpd -- remotely exploitable vulnerability	2004-08-17
tomcat -- multiple vulnerabilities	2007-07-24
tomcat -- Tomcat Manager cross-site scripting	2005-06-01
tomcat -- XSS vulnerability in sample applications	2007-07-24
tor -- diffie-hellman handshake flaw	2005-08-17
tor -- information disclosure	2005-06-24
tor -- malicious tor server can locate a hidden service	2006-02-16
tor -- multiple vulnerabilites	2009-02-13
tor -- remote DoS and loss of anonymity	2004-10-15
tor -- unspecified memory corruption vulnerability	2009-01-29
tor-devel -- DNS resolution vulnerabiliity	2009-06-23
torrentflux -- User-Agent XSS Vulnerability	2006-10-07
tptest -- pwd Remote Stack Buffer Overflow	2009-12-17
trac -- cross site scripting vulnerability	2007-03-09
trac -- file upload/download vulnerability	2005-06-20
trac -- potential DOS vulnerability	2008-11-09
trac -- reStructuredText breach of privacy and denial of service vulnerability	2006-07-07
trac -- search module SQL injection vulnerability	2005-12-07
trac -- Wiki Macro Script Insertion Vulnerability	2006-05-02
turba -- Cross site scripting vulnerabilities in several of the address book name and contact data fields	2005-12-11
twiki -- Arbitrary code execution in session files	2008-09-14
twiki -- arbitrary shell command execution	2004-11-15
twiki -- multiple file extensions file upload vulnerability	2006-07-10
twiki -- multiple vulnerabilities	2008-12-30
typespeed -- arbitrary code execution	2007-07-03
typo3 -- cross-site scripting and information disclosure	2009-02-11
typo3 -- email header injection	2007-06-04
typo3 -- multiple vulnerabilities	2009-02-09
typo3 -- multiple vulnerabilities in TYPO3 Core	2009-11-05
uim -- privilege escalation vulnerability	2005-10-01
uim -- privilege escalation vulnerability	2005-03-01
unace -- multiple vulnerabilities	2005-02-22
unarj -- directory traversal vulnerability	2004-11-26
unarj -- long filename buffer overflow	2004-11-26
unrtf -- buffer overflow vulnerability	2005-01-16
unzip -- permission race vulnerability	2005-09-13
unzoo -- Directory Traversal Vulnerability	2006-11-14
up-imapproxy -- multiple vulnerabilities	2005-01-02
urban -- stack overflow vulnerabilities	2005-09-02
URI handler vulnerabilities in several browsers	2004-05-18
uudeview buffer overflows	2004-03-18
varnish -- Varnish HTTP Request Parsing Denial of Service	2009-02-14
verlihub -- insecure temporary file usage and arbitrary command execution	2009-01-11
viewcvs -- information leakage	2004-12-08
vim -- Command Format String Vulnerability	2007-07-27
vim -- multiple vulnerabilities in the netrw module	2009-01-02
vim -- Vim Shell Command Injection Vulnerabilities	2008-06-21
vim -- vulnerabilities in modeline handling	2005-01-06
vim -- vulnerabilities in modeline handling: glob, expand	2005-07-31
vinagre -- format string vulnerability	2008-12-31
virtualbox -- privilege escalation	2009-10-07
vlc -- arbitrary code execution in the RealMedia processor	2008-12-06
vlc -- cue processing stack overflow	2008-11-08
vlc -- format string vulnerability and integer overflow	2007-06-18
vlc -- stack overflow in MPA, AVI and ASF demuxer	2009-11-03
vnc - authentication bypass vulnerability	2006-05-18
vorbis-tools -- Speex header processing vulnerability	2008-05-11
vtiger -- multiple remote file inclusion vulnerabilities	2006-10-15
Vulnerabilities in H.323 implementations	2004-02-22
w3m -- format string vulnerability	2007-01-03
web browsers -- window injection vulnerabilities	2005-01-24
webcalendar -- "noSet" variable overwrite vulnerability	2007-04-08
webcalendar -- information disclosure vulnerability	2006-06-16
webcalendar -- remote file inclusion vulnerability	2005-10-15
WebCalendar -- unauthorized access vulnerability	2006-02-20
webmin -- cross site scripting vulnerability	2007-06-09
webmin -- insecure temporary file creation at installation time	2004-09-14
webmin, usermin -- arbitrary file disclosure vulnerability	2006-07-02
websvn -- multiple vulnerabilities	2009-02-09
weex -- remote format string vulnerability	2005-10-02
wget -- multiple vulnerabilities	2004-12-14
win32-codecs -- multiple vulnerabilities	2006-09-14
wine -- information disclosure due to insecure temporary file handling	2005-03-24
wireshark -- LWRES vulnerability	2010-02-10
wireshark -- Multiple problems	2007-07-06
wireshark -- multiple vulnerabilities	2009-05-09
wireshark -- multiple vulnerabilities	2009-03-22
wireshark -- multiple vulnerabilities	2007-12-19
wireshark -- PCNFSD Dissector Denial of Service Vulnerability	2009-05-30
wireshark -- SMTP Processing Denial of Service Vulnerability	2008-12-07
wordpress -- cross-site scripting	2007-11-01
wordpress -- full path disclosure	2006-04-23
wordpress -- header rss feed script insertion vulnerability	2008-11-29
wordpress -- multiple vulnerabilities	2009-11-14
wordpress -- multiple vulnerabilities	2005-07-05
wordpress -- multiple vulnerabilities	2005-07-05
wordpress -- remote admin password reset vulnerability	2009-08-12
wordpress -- remote privilege escalation	2008-10-22
wordpress -- remote sql injection vulnerability	2007-09-21
wordpress -- snoopy "_httpsrequest()" shell command execution vulnerability	2008-10-24
wordpress -- unmoderated comments disclosure	2007-06-09
wordpress -- XMLRPC SQL Injection	2007-06-09
wordpress -- XSS in administration panel	2004-10-13
wu-ftpd -- remote globbing DoS vulnerability	2005-04-04
wu-ftpd ftpaccess `restricted-uid'/`restricted-gid' directive may be bypassed	2004-03-08
wv -- Multiple Integer Overflow Vulnerabilities	2006-12-13
wv2 -- Integer Overflow Vulnerability	2006-12-13
wzdftpd -- remote DoS	2004-11-03
X11 server -- pixmap allocation vulnerability	2005-09-15
x11vnc -- authentication bypass vulnerability	2006-08-13
xapian-omega -- cross-site scripting vulnerability	2009-09-13
xchat remotely exploitable buffer overflow (Socks5)	2004-04-23
xerces-c2 -- Attribute blowup denial-of-service	2004-10-13
xfce -- multiple vulnerabilities	2008-01-22
XFree86 opens a chooserFd TCP socket even when DisplayManager.requestPort is 0	2004-06-28
xfs -- multiple vulnerabilites	2007-10-08
xine -- multiple remote string vulnerabilities	2006-04-23
xine-lib arbitrary file overwrite	2004-05-02
xli -- integer overflows in image size calculations	2005-06-03
xloadimage -- arbitrary command execution when handling compressed files	2005-06-03
xloadimage -- buffer overflow in FACES image handling	2005-06-03
xloadimage -- buffer overflows in NIFF image title handling	2005-10-20
xorg -- multiple vulnerabilities	2008-06-15
xorg -- multiple vulnerabilities	2008-01-23
xorg-server -- privilege escalation	2006-03-21
xpcd -- buffer overflow	2007-06-21
xpdf -- buffer overflow vulnerability	2004-12-23
xpdf -- disk fill DoS vulnerability	2005-08-12
xpdf -- integer overflow vulnerabilities	2004-10-25
xpdf -- makeFileKey2() buffer overflow vulnerability	2005-01-26
xpdf -- multiple remote Stream.CC vulnerabilities	2007-11-12
Xpdf -- Multiple Vulnerabilities	2009-10-20
xpdf -- multiple vulnerabilities	2009-04-18
xpdf -- stack based buffer overflow	2007-07-31
xpm -- image decoding vulnerabilities	2004-09-15
xshisen -- local buffer overflows	2005-01-11
xterm -- DECRQSS remote command execution vulnerability	2009-01-05
xtrlock -- X display locking bypass	2005-06-01
xv -- exploitable buffer overflows	2004-10-05
xv -- filename handling format string vulnerability	2005-03-21
xview -- multiple buffer overflows in xv_parse_one	2005-06-01
yamt -- arbitrary command execution vulnerability	2005-01-23
yamt -- buffer overflow and directory traversal issues	2005-06-03
ypserv -- Inoperative access controls in ypserv	2006-06-09
zabbix -- php frontend multiple vulnerabilities	2009-03-16
zebra/quagga denial of service vulnerability	2004-03-29
Zend Framework -- Local File Inclusion vulnerability in Zend_View::render()	2009-02-18
Zend Framework -- multiple vulnerabilities	2010-01-11
zenphoto -- XSS vulnerability	2008-02-09
zgv -- exploitable heap overflows	2005-01-18
zgv, xzgv -- heap overflow vulnerability	2006-04-23
zhcon -- unauthorized file access	2005-01-25
zinf -- potential buffer overflow playlist support	2004-10-12
zip -- long path buffer overflow	2004-12-01
ziproxy -- multiple vulnerability	2009-04-15
zlib -- buffer overflow vulnerability	2005-08-05
zlib -- buffer overflow vulnerability	2005-07-06
zoo -- stack based buffer overflow	2006-04-05
zope -- cross-site scripting vulnerability	2007-04-05
zope -- expose RestructuredText functionality to untrusted users	2005-10-11
zope -- information disclosure vulnerability	2006-07-14
zope -- restructuredText "csv_table" Information Disclosure	2006-09-22