Author: enerv-guest
Date: 2007-01-22 21:44:58 +0100 (Mon, 22 Jan 2007)
New Revision: 5327
Modified:
data/CVE/list
Log:
some NFUs.
new mambo and joomla issues.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-01-22 20:14:11 UTC (rev 5326)
+++ data/CVE/list 2007-01-22 20:44:58 UTC (rev 5327)
@@ -1,15 +1,15 @@
CVE-2007-0397 (The Cisco Security Monitoring, Analysis and Response System
(CS-MARS) ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2007-0396 (Unspecified vulnerability in HP-UX B.11.23, when running
IPFilter in ...)
- TODO: check
+ NOT-FOR-US: HP-UX
CVE-2007-0395 (PHP remote file inclusion vulnerability in ...)
TODO: check
CVE-2007-0394 (HP HP-UX B11.11 does not properly verify the status of file ...)
- TODO: check
+ NOT-FOR-US: HP-UX
CVE-2007-0393 (Sun Solaris 9 does not properly verify the status of file
descriptors ...)
- TODO: check
+ NOT-FOR-US: Sun Solaris
CVE-2007-0392 (IBM AIX 5.3 does not properly verify the status of file
descriptors ...)
- TODO: check
+ NOT-FOR-US: IBM AIX
CVE-2007-0391 (Format string vulnerability in the log creation functionality
of ...)
TODO: check
CVE-2007-0390 (Cross-site scripting (XSS) vulnerability in index.php in
sabros.us 1.7 ...)
@@ -21,9 +21,9 @@
CVE-2007-0387 (SQL injection vulnerability in models/category.php in the
Weblinks ...)
TODO: check
CVE-2007-0386 (Unspecified vulnerability in the rating section in PostNuke
0.764 has ...)
- TODO: check
+ NOT-FOR-US: PostNuke
CVE-2007-0385 (The faq section in PostNuke 0.764 allows remote attackers to
obtain ...)
- TODO: check
+ NOT-FOR-US: PostNuke
CVE-2007-0384 (Cross-site scripting (XSS) vulnerability in preview in the
reviews ...)
TODO: check
CVE-2007-0383 (** DISPUTED ** ...)
@@ -31,7 +31,7 @@
CVE-2007-0382 (Multiple SQL injection vulnerabilities in letterman.class.php
in the ...)
TODO: check
CVE-2007-0381 (Multiple SQL injection vulnerabilities in ATutor 1.5.3.2 allow
remote ...)
- TODO: check
+ NOT-FOR-US: ATutor
CVE-2007-0380 (DocMan 1.3 RC2 allows remote attackers to obtain sensitive
information ...)
TODO: check
CVE-2007-0379 (Cross-site scripting (XSS) vulnerability in DocMan 1.3 RC2
allows ...)
@@ -39,17 +39,20 @@
CVE-2007-0378 (Multiple SQL injection vulnerabilities in DocMan 1.3 RC2 allow
...)
TODO: check
CVE-2007-0377 (Multiple SQL injection vulnerabilities in Xoops 2.0.16 allow
remote ...)
- TODO: check
+ NOT-FOR-US: Xoops
CVE-2007-0376 (Cross-site scripting (XSS) vulnerability in Virtuemart 1.0.7
allows ...)
TODO: check
CVE-2007-0375 (Joomla! 1.5.0 Beta allows remote attackers to obtain sensitive
...)
- TODO: check
+ - joomla <not-affected>
CVE-2007-0374 (SQL injection vulnerability in (1) Joomla! 1.0.11 and 1.5 Beta,
and ...)
- TODO: check
+ - mambo <unfixed>
+ - joomla <unfixed>
+ NOTE: Mantainer working in new upstream version of Joomla and waiting
patch
+ NOTE: for Mambo.
CVE-2007-0373 (Multiple SQL injection vulnerabilities in Joomla! 1.5.0 Beta
allow ...)
- TODO: check
+ - joomla <not-affected>
CVE-2007-0372 (Multiple SQL injection vulnerabilities in Francisco Burzi
PHP-Nuke 7.9 ...)
- TODO: check
+ NOT-FOR-US: PHP-Nuke
CVE-2007-0371 (A certain ActiveX control in the Common Controls Replacement
Project ...)
TODO: check
CVE-2007-0370 (Unrestricted file upload vulnerability in index.php in phpBP
RC3 ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
