[Secure-testing-commits] r5883 - data/CVE
micah at alioth.debian.org
micah at alioth.debian.org
Sat May 19 16:17:00 UTC 2007
Author: micah
Date: 2007-05-19 16:16:59 +0000 (Sat, 19 May 2007)
New Revision: 5883
Modified:
data/CVE/list
Log:
couple NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-05-19 14:37:16 UTC (rev 5882)
+++ data/CVE/list 2007-05-19 16:16:59 UTC (rev 5883)
@@ -89,7 +89,7 @@
CVE-2007-2675 (SQL injection vulnerability in search.php in Pre Classifieds Listings ...)
NOT-FOR-US: Pre Classifieds Listings
CVE-2007-2674 (SQL injection vulnerability in detail.php in Pre Shopping Mall 1.0 ...)
- TODO: check
+ NOT-FOR-US: Pre Shopping Mall
CVE-2007-2673 (SQL injection vulnerability in censura.php in Censura 1.15.04 allows ...)
NOT-FOR-US: Censura
CVE-2007-2672 (SQL injection vulnerability in index.php in PHP Coupon Script 3.0 ...)
@@ -139,7 +139,7 @@
CVE-2007-2650 (The OLE2 parser in Clam AntiVirus (ClamAV) allows remote attackers to ...)
TODO: check
CVE-2007-2649 (Deutsche Telekom (T-com) Speedport W 700v uses JavaScript delays for ...)
- TODO: check
+ NOT-FOR-US: Speedport W 700v
CVE-2007-2648 (Stack-based buffer overflow in the Clever Database Comparer 2.2 ...)
NOT-FOR-US: Clever Database Comparer
CVE-2007-2647 (Static code injection vulnerability in admin/admin_configuration.php ...)
@@ -722,7 +722,7 @@
NOTE: only be considered vunerabile if they process confidential data.
NOTE: The frameworks should be fixed in any case.
CVE-2007-2382 (The Moo.fx framework exchanges data using JavaScript Object Notation ...)
- TODO: check
+ NOT-FOR-US: Moo.fx framework
NOTE: see http://www.fortifysoftware.com/servlet/downloads/public/JavaScript_Hijacking.pdf
NOTE: This allows to steal data from affected websites. Therefore web applications should
NOTE: only be considered vunerabile if they process confidential data.
More information about the Secure-testing-commits
mailing list