Author: fw Date: 2007-04-21 09:03:22 +0000 (Sat, 21 Apr 2007) New Revision: 5695 Modified: data/CVE/list Log: NFUs, disputed CVEs Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-04-21 08:49:32 UTC (rev 5694) +++ data/CVE/list 2007-04-21 09:03:22 UTC (rev 5695) @@ -799,7 +799,7 @@ CVE-2007-1749 RESERVED CVE-2007-1748 (Stack-based buffer overflow in the RPC interface in the Domain Name ...) - TODO: check + NOT-FOR-US: Microsoft Windows CVE-2007-1747 RESERVED CVE-2007-1746 @@ -918,7 +918,8 @@ CVE-2007-1696 (SQL injection vulnerability in ViewNewspapers.asp in Active Newsletter ...) NOT-FOR-US: Active Newsletter CVE-2007-1695 (** DISPUTED ** ...) - TODO: check + - phpbb2 <not-affected> (requires register_globals to exploit) + NOTE: Vulnerability is disputed, but is a non-issue anyway. CVE-2007-1694 RESERVED CVE-2007-1693 @@ -950,7 +951,8 @@ CVE-2007-1680 (Stack-based buffer overflow in the createAndJoinConference function in ...) NOT-FOR-US: AudioConf ActiveX control CVE-2007-1679 (** DISPUTED ** ...) - TODO: check + NOTE: Allegedly a duplicate of CVE-2006-4255. + NOTE: The other issue needs a CSRF attack to exploit. CVE-2007-1678 (Cross-site scripting (XSS) vulnerability in the Fizzle 0.5 extension ...) NOT-FOR-US: Fizzle 0.5 extension for Firefox CVE-2007-1677 (Multiple buffer overflows in the ISO network protocol support in the ...)