Author: jmm-guest
Date: 2006-03-11 11:33:04 +0000 (Sat, 11 Mar 2006)
New Revision: 3591
Modified:
data/CVE/list
Log:
new wordpress issue
NFUS
readjust severity of a previous wordpress issue, upstream indicated that
the second one is a genuine problem
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-03-10 21:42:31 UTC (rev 3590)
+++ data/CVE/list 2006-03-11 11:33:04 UTC (rev 3591)
@@ -230,43 +230,42 @@
NOT-FOR-US: UkiBoard
CVE-2006-1018 (SQL injection vulnerability in poems.php in DCI-Designs
Dawaween 1.03 ...)
NOT-FOR-US: DCI-Design Dawaween
-begin claimed by jmm
CVE-2006-1017 (The c-client library 2000, 2001, or 2004 for PHP 3.x, 4.x, and
5.x, ...)
- TODO: check
+ NOT-FOR-US: c-client
CVE-2006-1016 (Buffer overflow in the IsComponentInstalled method in Internet
...)
- TODO: check
+ NOT-FOR-US: Windows
CVE-2006-1015 (Argument injection vulnerability in certain PHP 3.x, 4.x, and
5.x ...)
TODO: check
CVE-2006-1014 (Argument injection vulnerability in certain PHP 4.x and 5.x ...)
TODO: check
CVE-2006-1013 (PHP remote file include vulnerability in index.php in SMartBlog
(aka ...)
- TODO: check
+ NOT-FOR-US: SMartBlog
CVE-2006-1012 (SQL injection vulnerability in WordPress 1.5.2, and possibly
other ...)
- TODO: check
+ - wordpress 2.0.1-1
CVE-2006-1011 (LetterMerger 1.2 stores user information in Access database
files with ...)
- TODO: check
+ NOT-FOR-US: LetterMerger
CVE-2006-1010 (Buffer overflow in socket/request.c in CrossFire before 1.9.0,
when ...)
- crossfire 1.9.0-1
CVE-2006-1009 (M4 Project enigma-suite before 0.73.3 (Windows) has a default
password ...)
- TODO: check
+ NOT-FOR-US: M4 Project enigma-suite
CVE-2006-1008 (Multiple cross-site scripting (XSS) vulnerabilities in N8cms
1.1 and ...)
- TODO: check
+ NOT-FOR-US: N8cms
CVE-2006-1007 (Multiple SQL injection vulnerabilities in N8cms 1.1 and 1.2
allow ...)
- TODO: check
+ NOT-FOR-US: N8cms
CVE-2006-1006 (Multiple SQL injection vulnerabilities in sendcard.php in
sendcard ...)
- TODO: check
+ NOT-FOR-US: sendcard
CVE-2006-1005 (agencyprofile.asp in Parodia 6.2 and earlier might allow remote
...)
- TODO: check
+ NOT-FOR-US: Parodia
CVE-2006-1004 (Cross-site scripting (XSS) vulnerability in agencyprofile.asp
in ...)
- TODO: check
+ NOT-FOR-US: Parodia
CVE-2006-1003 (The backup configuration option in NETGEAR WGT624 Wireless
Firewall ...)
- TODO: check
+ NOT-FOR-US: NETGEAR hardware issue
CVE-2006-1002 (NETGEAR WGT624 Wireless DSL router has a default account of ...)
- TODO: check
+ NOT-FOR-US: NETGEAR hardware issue
CVE-2006-1001 (SQL injection vulnerability in the board module in LanSuite
LanParty ...)
- TODO: check
+ NOT-FOR-US: LanSuite LanParty Intranet System
CVE-2006-1000 (Multiple SQL injection vulnerabilities in Pentacle In-Out Board
3.0 ...)
- TODO: check
+ NOT-FOR-US: Pentacle In-Out Board
CVE-2006-0999
RESERVED
CVE-2006-0998
@@ -289,7 +288,6 @@
RESERVED
CVE-2006-0989
RESERVED
-end claimed by jmm
CVE-2006-0988 (The default configuration of the DNS Server service on Windows
Server ...)
NOT-FOR-US: MS Windows issue
CVE-2006-0987 (The default configuration of ISC BIND, when configured as a
caching ...)
@@ -298,7 +296,7 @@
CVE-2006-0986 (WordPress 2.0.1 and earlier allows remote attackers to obtain
...)
- wordpress <unfixed> (bug #355055; unimportant)
CVE-2006-0985 (Multiple cross-site scripting (XSS) vulnerabilities in the
"post ...)
- - wordpress <unfixed> (bug #355055; unimportant)
+ - wordpress <unfixed> (bug #355055; medium)
CVE-2006-0984 (Cross-site scripting (XSS) vulnerability in inc_header.php in
EJ3 TOPo ...)
NOT-FOR-US: EJ3 TOPo not in debian
CVE-2006-0983 (Cross-site scripting (XSS) vulnerability in index.php in
QwikiWiki 1.4 ...)
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
