micah at alioth.debian.org
2007-May-19 16:17 UTC
[Secure-testing-commits] r5883 - data/CVE
Author: micah Date: 2007-05-19 16:16:59 +0000 (Sat, 19 May 2007) New Revision: 5883 Modified: data/CVE/list Log: couple NFUs Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-05-19 14:37:16 UTC (rev 5882) +++ data/CVE/list 2007-05-19 16:16:59 UTC (rev 5883) @@ -89,7 +89,7 @@ CVE-2007-2675 (SQL injection vulnerability in search.php in Pre Classifieds Listings ...) NOT-FOR-US: Pre Classifieds Listings CVE-2007-2674 (SQL injection vulnerability in detail.php in Pre Shopping Mall 1.0 ...) - TODO: check + NOT-FOR-US: Pre Shopping Mall CVE-2007-2673 (SQL injection vulnerability in censura.php in Censura 1.15.04 allows ...) NOT-FOR-US: Censura CVE-2007-2672 (SQL injection vulnerability in index.php in PHP Coupon Script 3.0 ...) @@ -139,7 +139,7 @@ CVE-2007-2650 (The OLE2 parser in Clam AntiVirus (ClamAV) allows remote attackers to ...) TODO: check CVE-2007-2649 (Deutsche Telekom (T-com) Speedport W 700v uses JavaScript delays for ...) - TODO: check + NOT-FOR-US: Speedport W 700v CVE-2007-2648 (Stack-based buffer overflow in the Clever Database Comparer 2.2 ...) NOT-FOR-US: Clever Database Comparer CVE-2007-2647 (Static code injection vulnerability in admin/admin_configuration.php ...) @@ -722,7 +722,7 @@ NOTE: only be considered vunerabile if they process confidential data. NOTE: The frameworks should be fixed in any case. CVE-2007-2382 (The Moo.fx framework exchanges data using JavaScript Object Notation ...) - TODO: check + NOT-FOR-US: Moo.fx framework NOTE: see http://www.fortifysoftware.com/servlet/downloads/public/JavaScript_Hijacking.pdf NOTE: This allows to steal data from affected websites. Therefore web applications should NOTE: only be considered vunerabile if they process confidential data.