Author: fw Date: 2007-06-16 14:04:25 +0000 (Sat, 16 Jun 2007) New Revision: 6019 Modified: data/CVE/list Log: CVE-2007-2681: b2evolution non-issue Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-06-16 13:30:52 UTC (rev 6018) +++ data/CVE/list 2007-06-16 14:04:25 UTC (rev 6019) @@ -1255,7 +1255,10 @@ CVE-2007-2682 (The installer for Adobe Version Cue CS3 Server on Apple Mac OS X, as ...) NOT-FOR-US: Adobe CVE-2007-2681 (Directory traversal vulnerability in blogs/index.php in b2evolution ...) - TODO: check + - b2evolution <unfixed> (unimportant) + NOTE: This is a register_globals=on issue. + NOTE: More than just blogs/index.php is affected (that file isn''t + NOTE: installed by the Debian package). CVE-2007-2680 (Cross-site scripting (XSS) vulnerability in the management interface ...) NOT-FOR-US: Canon CVE-2007-2679 (PHP file inclusion vulnerability in index.php in Ivan Peevski gallery ...)