[Secure-testing-commits] r7250 - data/CVE
thijs at alioth.debian.org
thijs at alioth.debian.org
Thu Nov 8 21:28:24 UTC 2007
Author: thijs
Date: 2007-11-08 21:28:23 +0000 (Thu, 08 Nov 2007)
New Revision: 7250
Modified:
data/CVE/list
Log:
awffull issue unimportant: xss but no valuables to steal
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-11-08 21:14:09 UTC (rev 7249)
+++ data/CVE/list 2007-11-08 21:28:23 UTC (rev 7250)
@@ -6925,7 +6925,9 @@
CVE-2007-3300 (Multiple F-Secure anti-virus products for Microsoft Windows and Linux ...)
NOT-FOR-US: F-Secure
CVE-2007-3299 (Cross-site scripting (XSS) vulnerability in AWFFull before 3.7.4, when ...)
- - awffull 3.7.4final-1 (low)
+ - awffull 3.7.4final-1 (unimportant)
+ NOTE: awffull (a webalizer fork) does not have any cookie based authentication
+ NOTE: or other sensitive data that could be leaked through this
CVE-2007-3298 (SQL injection vulnerability in Spey before 0.4.1 allows remote ...)
NOT-FOR-US: Spey
CVE-2007-3297 (Multiple PHP remote file inclusion vulnerabilities in Musoo 0.21 allow ...)
More information about the Secure-testing-commits
mailing list