[Secure-testing-commits] r9327 - data/CVE
nion at alioth.debian.org
nion at alioth.debian.org
Sun Jul 13 15:44:03 UTC 2008
Author: nion
Date: 2008-07-13 15:44:02 +0000 (Sun, 13 Jul 2008)
New Revision: 9327
Modified:
data/CVE/list
Log:
CVE-2007-2326 non-issue
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-07-13 12:56:01 UTC (rev 9326)
+++ data/CVE/list 2008-07-13 15:44:02 UTC (rev 9327)
@@ -18732,9 +18732,13 @@
CVE-2007-2327 (PHP remote file inclusion vulnerability in _editor.php in HTMLeditbox ...)
NOT-FOR-US: HTMLeditbox
CVE-2007-2326 (Multiple PHP remote file inclusion vulnerabilities in HYIP Manager Pro ...)
- - smarty <unfixed> (medium; bug #488523)
- - moodle <unfixed> (medium; bug #488525)
- - gallery2 <unfixed> (medium; bug #488527)
+ - smarty <unfixed> (unimportant; bug #488523)
+ - moodle <unfixed> (unimportant; bug #488525)
+ - gallery2 2.2.5-2 (unimportant; bug #488527)
+ NOTE: this is a non-issue
+ NOTE: to exploit this, the smarty files need to be installed in a http daemon accessible directory
+ NOTE: (should be the case for embedded copies), however
+ NOTE: additionally this relies on register_globals being switched on
CVE-2007-2325 (PHP remote file inclusion vulnerability in include.php in MyNewsGroups :) ...)
NOT-FOR-US: MyNewsGroups
CVE-2007-2324 (Directory traversal vulnerability in file.php in JulmaCMS 1.4 allows ...)
More information about the Secure-testing-commits
mailing list