[Secure-testing-commits] r31493 - data/CVE

[Helmut Grohne]

Author: helmutg
Date: 2015-01-18 11:27:02 +0000 (Sun, 18 Jan 2015)
New Revision: 31493

Modified:
   data/CVE/list
Log:
WordPress plugin NFUs

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-01-18 11:17:03 UTC (rev 31492)
+++ data/CVE/list	2015-01-18 11:27:02 UTC (rev 31493)
@@ -209,7 +209,7 @@
 CVE-2015-1056 (Cross-site scripting (XSS) vulnerability in Brother MFC-J4410DW ...)
 	TODO: check
 CVE-2015-1055 (SQL injection vulnerability in the Photo Gallery plugin 1.2.7 for ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin Photo Gallery
 CVE-2015-1054 (Cross-site scripting (XSS) vulnerability in the Games feature in ...)
 	TODO: check
 CVE-2015-1053 (Cross-site scripting (XSS) vulnerability in the administrative backend ...)
@@ -1592,7 +1592,7 @@
 	NOTE: Upstream patch: http://github.com/mantisbt/mantisbt/commit/6d47c047 (1.2.x)
 	NOTE: https://www.mantisbt.org/bugs/view.php?id=17938
 CVE-2014-9570 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin MyWebsiteAdvisor Simple Security
 CVE-2014-9569 (Multiple cross-site scripting (XSS) vulnerabilities in SAP NetWeaver ...)
 	NOT-FOR-US: SAP NetWeaver Business Client
 CVE-2014-9568
@@ -2934,7 +2934,7 @@
 CVE-2014-9309
 	RESERVED
 CVE-2014-9308 (Unrestricted file upload vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin WP EasyCart
 CVE-2014-9307
 	RESERVED
 CVE-2014-9306
@@ -7218,9 +7218,9 @@
 CVE-2014-7958 (Cross-site scripting (XSS) vulnerability in ...)
 	NOT-FOR-US: BulletProof Security plugin for WordPress
 CVE-2014-7957 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Pods ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin Pods
 CVE-2014-7956 (Cross-site scripting (XSS) vulnerability in the Pods plugin before 2.5 ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin Pods
 CVE-2014-7955
 	RESERVED
 CVE-2014-7954