Author: djoume-guest Date: 2007-01-16 22:17:48 +0100 (Tue, 16 Jan 2007) New Revision: 5278 Modified: data/CVE/list Log: It''s been a long time since my last commit! neon26 remote DoS (medium) gforge XSS (low) Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-01-16 20:33:51 UTC (rev 5277) +++ data/CVE/list 2007-01-16 21:17:48 UTC (rev 5278) @@ -58,7 +58,7 @@ CVE-2007-0190 (PHP remote file inclusion vulnerability in edit_address.php in edit-x ...) NOT-FOR-US: edit-x ecommerce CVE-2007-0189 (** DISPUTED ** ...) - TODO: check + NOT-FOR-US: GeoBB CVE-2007-0188 (F5 FirePass 5.4 through 5.5.1 does not properly enforce host access ...) NOT-FOR-US: F5 CVE-2007-0187 (F5 FirePass 5.4 through 5.5.2 and 6.0 allows remote attackers to ...) @@ -85,7 +85,7 @@ - mediawiki 1.7.1-6 (bug #406238; medium) NOTE: vendor advisory: http://sourceforge.net/forum/forum.php?forum_id=652721 CVE-2007-0176 (Cross-site scripting (XSS) vulnerability in search/advanced_search.php ...) - TODO: check + - gforge <unfixed> (low; bug #406244) CVE-2007-0175 (Cross-site scripting (XSS) vulnerability in htsrv/login.php in ...) - b2evolution <not-affected> CVE-2007-0174 (Multiple stack-based multiple buffer overflows in the BRWOSSRE2UC.dll ...) @@ -129,7 +129,8 @@ CVE-2007-0158 RESERVED CVE-2007-0157 (Array index error in the uri_lookup function in the URI parser for ...) - TODO: check + - neon26 0.26.2-3.1 (medium; bug #404723) + NOTE: neon25 doesn''t have the uri_lookup macro CVE-2007-0156 (M-Core stores the database under the web document root, which allows ...) NOT-FOR-US: M-Core CVE-2007-0155 (HarikaOnline 2.0 stores sensitive information under the web root with ...)