Author: jmm-guest Date: 2006-04-06 13:04:52 +0000 (Thu, 06 Apr 2006) New Revision: 3763 Modified: data/CVE/list Log: phpbb2 not-affected checked two older firefox non-issue Modified: data/CVE/list ==================================================================--- data/CVE/list 2006-04-06 09:22:40 UTC (rev 3762) +++ data/CVE/list 2006-04-06 13:04:52 UTC (rev 3763) @@ -45,7 +45,12 @@ CVE-2006-1604 (Unspecified vulnerability in Exponent CMS before 0.96.5 RC 1 has ...) TODO: check CVE-2006-1603 (Cross-site scripting (XSS) vulnerability in profile.php in phpBB ...) - TODO: check + - phpbb2 <not-affected> (According to Jeroen a non-issue, see notes) + NOTE: <jvw> jmm: unable to everify, the variable in question is only printed + NOTE: at one single page, and there it doesn''t get taken from GET nor POST in my tests + NOTE: <jvw> and, shock, the password isn''t saved unhashed in the DB, so having + NOTE: javascript in your password can''t be exposed otherwise + NOTE: <jvw> I''d forget about it unless someone comes with a proof of concept CVE-2006-1602 (PHP remote file inclusion vulnerability in ...) TODO: check CVE-2006-1601 (Unspecified vulnerability in SunPlex Manager in Sun Cluster 3.1 4/04 ...) @@ -8013,8 +8018,6 @@ - isoqlog 2.2-0.1 (bug #254101; bug #202634) CVE-2002-XXXX [libnss-ldap: DoS through truncated DNS queries] - libnss-ldap 199-1 (bug #169793) -CVE-2004-XXXX [Firefox doesn''t clear all cookies] - - mozilla-firefox <unfixed> (bug #203034; bug #235932; low) CVE-2004-XXXX [Insecure temp files in amanda''s chg-manual] - amanda 1:2.4.5p1-1 (bug #226139; low) NOTE: Woody and Sarge affected @@ -9504,8 +9507,7 @@ CVE-2005-2603 (Cross-site scripting (XSS) vulnerability in index.php for My Image ...) NOT-FOR-US: My Image Gallery (Mig) CVE-2005-2602 (Mozilla Thunderbird 1.0 and Firefox 1.0.6 allows remote attackers to ...) - - mozilla-firefox <unfixed> (bug #324907; low) - TODO: file/clone bugs for mozilla-browser and mozilla-thunderbird + - mozilla-firefox <not-affected> (According to Bugzilla Windows/Mac only) CVE-2005-2601 (SQL injection vulnerability in MidiCart allows remote attackers to ...) NOT-FOR-US: MidiCart CVE-2005-2600 (FUDForum 2.6.15 with "Tree View" enabled, as used in other products ...)