Author: enerv-guest Date: 2007-01-22 21:44:58 +0100 (Mon, 22 Jan 2007) New Revision: 5327 Modified: data/CVE/list Log: some NFUs. new mambo and joomla issues. Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-01-22 20:14:11 UTC (rev 5326) +++ data/CVE/list 2007-01-22 20:44:58 UTC (rev 5327) @@ -1,15 +1,15 @@ CVE-2007-0397 (The Cisco Security Monitoring, Analysis and Response System (CS-MARS) ...) - TODO: check + NOT-FOR-US: Cisco CVE-2007-0396 (Unspecified vulnerability in HP-UX B.11.23, when running IPFilter in ...) - TODO: check + NOT-FOR-US: HP-UX CVE-2007-0395 (PHP remote file inclusion vulnerability in ...) TODO: check CVE-2007-0394 (HP HP-UX B11.11 does not properly verify the status of file ...) - TODO: check + NOT-FOR-US: HP-UX CVE-2007-0393 (Sun Solaris 9 does not properly verify the status of file descriptors ...) - TODO: check + NOT-FOR-US: Sun Solaris CVE-2007-0392 (IBM AIX 5.3 does not properly verify the status of file descriptors ...) - TODO: check + NOT-FOR-US: IBM AIX CVE-2007-0391 (Format string vulnerability in the log creation functionality of ...) TODO: check CVE-2007-0390 (Cross-site scripting (XSS) vulnerability in index.php in sabros.us 1.7 ...) @@ -21,9 +21,9 @@ CVE-2007-0387 (SQL injection vulnerability in models/category.php in the Weblinks ...) TODO: check CVE-2007-0386 (Unspecified vulnerability in the rating section in PostNuke 0.764 has ...) - TODO: check + NOT-FOR-US: PostNuke CVE-2007-0385 (The faq section in PostNuke 0.764 allows remote attackers to obtain ...) - TODO: check + NOT-FOR-US: PostNuke CVE-2007-0384 (Cross-site scripting (XSS) vulnerability in preview in the reviews ...) TODO: check CVE-2007-0383 (** DISPUTED ** ...) @@ -31,7 +31,7 @@ CVE-2007-0382 (Multiple SQL injection vulnerabilities in letterman.class.php in the ...) TODO: check CVE-2007-0381 (Multiple SQL injection vulnerabilities in ATutor 1.5.3.2 allow remote ...) - TODO: check + NOT-FOR-US: ATutor CVE-2007-0380 (DocMan 1.3 RC2 allows remote attackers to obtain sensitive information ...) TODO: check CVE-2007-0379 (Cross-site scripting (XSS) vulnerability in DocMan 1.3 RC2 allows ...) @@ -39,17 +39,20 @@ CVE-2007-0378 (Multiple SQL injection vulnerabilities in DocMan 1.3 RC2 allow ...) TODO: check CVE-2007-0377 (Multiple SQL injection vulnerabilities in Xoops 2.0.16 allow remote ...) - TODO: check + NOT-FOR-US: Xoops CVE-2007-0376 (Cross-site scripting (XSS) vulnerability in Virtuemart 1.0.7 allows ...) TODO: check CVE-2007-0375 (Joomla! 1.5.0 Beta allows remote attackers to obtain sensitive ...) - TODO: check + - joomla <not-affected> CVE-2007-0374 (SQL injection vulnerability in (1) Joomla! 1.0.11 and 1.5 Beta, and ...) - TODO: check + - mambo <unfixed> + - joomla <unfixed> + NOTE: Mantainer working in new upstream version of Joomla and waiting patch + NOTE: for Mambo. CVE-2007-0373 (Multiple SQL injection vulnerabilities in Joomla! 1.5.0 Beta allow ...) - TODO: check + - joomla <not-affected> CVE-2007-0372 (Multiple SQL injection vulnerabilities in Francisco Burzi PHP-Nuke 7.9 ...) - TODO: check + NOT-FOR-US: PHP-Nuke CVE-2007-0371 (A certain ActiveX control in the Common Controls Replacement Project ...) TODO: check CVE-2007-0370 (Unrestricted file upload vulnerability in index.php in phpBP RC3 ...)