[Secure-testing-commits] r10177 - data/CVE

nion at alioth.debian.org nion at alioth.debian.org
Mon Oct 27 09:01:27 UTC 2008


Author: nion
Date: 2008-10-27 09:01:25 +0000 (Mon, 27 Oct 2008)
New Revision: 10177

Modified:
   data/CVE/list
Log:
NFUs
CVE-2008-4671 does not affect wordpress


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2008-10-27 08:50:06 UTC (rev 10176)
+++ data/CVE/list	2008-10-27 09:01:25 UTC (rev 10177)
@@ -149,14 +149,13 @@
 CVE-2008-4672 (Cross-site scripting (XSS) vulnerability in search_results.php in ...)
 	NOT-FOR-US: buymyscripts Lyrics Script
 CVE-2008-4671 (Cross-site scripting (XSS) vulnerability in wp-admin/wp-blogs.php in ...)
-	- wordpress <unfixed> (low; bug #503642)
-	NOTE: http://lists.grok.org.uk/pipermail/full-disclosure/2008-September/064748.html
+	- wordpress <not-affected> (Vulnerable code only in mulitiuser wordpress)
 CVE-2008-4670 (Cross-site scripting (XSS) vulnerability in search.php in Ed Pudol ...)
 	NOT-FOR-US: Ed Pudol Clickbank Portal 
 CVE-2008-4669 (Cross-site scripting (XSS) vulnerability in search.php in Dan Fletcher ...)
 	NOT-FOR-US: Dan Fletcher Recipe Script
 CVE-2008-4668 (Directory traversal vulnerability in the Image Browser ...)
-	NOT-FOR-US: additional Joomla! module
+	NOT-FOR-US: com_imagebrowser for Joomla!
 CVE-2008-4667 (Directory traversal vulnerability in rss.php in ArabCMS 2.0 beta 1 ...)
 	NOT-FOR-US: ArabCMS
 CVE-2008-4666 (SQL injection vulnerability in webboard.php in Ultimate Webboard 3.00 ...)
@@ -170,21 +169,21 @@
 CVE-2008-4662 (Directory traversal vulnerability in admin.php in LokiCMS 0.3.4, when ...)
 	NOT-FOR-US: LokiCMS
 CVE-2008-4661 (Cross-site scripting (XSS) vulnerability in the Page Improvements ...)
-	NOT-FOR-US: Page Improvements module for typo3
+	NOT-FOR-US: sm_pageimprovements for Typo3
 CVE-2008-4660 (SQL injection vulnerability in the M1 Intern (m1_intern) 1.0.0 ...)
-	NOT-FOR-US: M1 Intern module for typo3
+	NOT-FOR-US: m1_intern for Typo3
 CVE-2008-4659 (SQL injection vulnerability in the Mannschaftsliste ...)
-	NOT-FOR-US: Mannschaftsliste module for typo3
+	NOT-FOR-US: kiddog_playerlist for Typo3
 CVE-2008-4658 (SQL injection vulnerability in the JobControl (dmmjobcontrol) 1.15.4 ...)
-	NOT-FOR-US: JobControl module for typo3
+	NOT-FOR-US: dmmjobcontrol for Typo3
 CVE-2008-4657 (SQL injection vulnerability in the Econda Plugin (econda) 0.0.2 and ...)
-	NOT-FOR-US: Econda plugin for typo3
+	NOT-FOR-US: econda for Typo3
 CVE-2008-4656 (SQL injection vulnerability in the Frontend Users View (feusersview) ...)
-	NOT-FOR-US: Frontend Users View module for typo3
+	NOT-FOR-US: fersview for Typo3
 CVE-2008-4655 (SQL injection vulnerability in the Simple survey (simplesurvey) 1.7.0 ...)
-	NOT-FOR-US: Simple survey module for typo3
+	NOT-FOR-US: simplesurvey for Typo3
 CVE-2008-4653 (SQL injection vulnerability in makale.php in Makale 0.26 and possibly ...)
-	NOT-FOR-US: XOOPS module
+	NOT-FOR-US: Makale module for XOOPS
 CVE-2008-4652 (Buffer overflow in the ActiveX control (DartFtp.dll) in Dart ...)
 	NOT-FOR-US: Dart Communications PowerTCP FTP
 CVE-2008-4651 (Multiple SQL injection vulnerabilities in Jetbox CMS 2.1 allow remote ...)




More information about the Secure-testing-commits mailing list