thijs at alioth.debian.org
2007-Nov-08 21:28 UTC
[Secure-testing-commits] r7250 - data/CVE
Author: thijs Date: 2007-11-08 21:28:23 +0000 (Thu, 08 Nov 2007) New Revision: 7250 Modified: data/CVE/list Log: awffull issue unimportant: xss but no valuables to steal Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-11-08 21:14:09 UTC (rev 7249) +++ data/CVE/list 2007-11-08 21:28:23 UTC (rev 7250) @@ -6925,7 +6925,9 @@ CVE-2007-3300 (Multiple F-Secure anti-virus products for Microsoft Windows and Linux ...) NOT-FOR-US: F-Secure CVE-2007-3299 (Cross-site scripting (XSS) vulnerability in AWFFull before 3.7.4, when ...) - - awffull 3.7.4final-1 (low) + - awffull 3.7.4final-1 (unimportant) + NOTE: awffull (a webalizer fork) does not have any cookie based authentication + NOTE: or other sensitive data that could be leaked through this CVE-2007-3298 (SQL injection vulnerability in Spey before 0.4.1 allows remote ...) NOT-FOR-US: Spey CVE-2007-3297 (Multiple PHP remote file inclusion vulnerabilities in Musoo 0.21 allow ...)