Author: jmm-guest Date: 2006-03-11 11:33:04 +0000 (Sat, 11 Mar 2006) New Revision: 3591 Modified: data/CVE/list Log: new wordpress issue NFUS readjust severity of a previous wordpress issue, upstream indicated that the second one is a genuine problem Modified: data/CVE/list ==================================================================--- data/CVE/list 2006-03-10 21:42:31 UTC (rev 3590) +++ data/CVE/list 2006-03-11 11:33:04 UTC (rev 3591) @@ -230,43 +230,42 @@ NOT-FOR-US: UkiBoard CVE-2006-1018 (SQL injection vulnerability in poems.php in DCI-Designs Dawaween 1.03 ...) NOT-FOR-US: DCI-Design Dawaween -begin claimed by jmm CVE-2006-1017 (The c-client library 2000, 2001, or 2004 for PHP 3.x, 4.x, and 5.x, ...) - TODO: check + NOT-FOR-US: c-client CVE-2006-1016 (Buffer overflow in the IsComponentInstalled method in Internet ...) - TODO: check + NOT-FOR-US: Windows CVE-2006-1015 (Argument injection vulnerability in certain PHP 3.x, 4.x, and 5.x ...) TODO: check CVE-2006-1014 (Argument injection vulnerability in certain PHP 4.x and 5.x ...) TODO: check CVE-2006-1013 (PHP remote file include vulnerability in index.php in SMartBlog (aka ...) - TODO: check + NOT-FOR-US: SMartBlog CVE-2006-1012 (SQL injection vulnerability in WordPress 1.5.2, and possibly other ...) - TODO: check + - wordpress 2.0.1-1 CVE-2006-1011 (LetterMerger 1.2 stores user information in Access database files with ...) - TODO: check + NOT-FOR-US: LetterMerger CVE-2006-1010 (Buffer overflow in socket/request.c in CrossFire before 1.9.0, when ...) - crossfire 1.9.0-1 CVE-2006-1009 (M4 Project enigma-suite before 0.73.3 (Windows) has a default password ...) - TODO: check + NOT-FOR-US: M4 Project enigma-suite CVE-2006-1008 (Multiple cross-site scripting (XSS) vulnerabilities in N8cms 1.1 and ...) - TODO: check + NOT-FOR-US: N8cms CVE-2006-1007 (Multiple SQL injection vulnerabilities in N8cms 1.1 and 1.2 allow ...) - TODO: check + NOT-FOR-US: N8cms CVE-2006-1006 (Multiple SQL injection vulnerabilities in sendcard.php in sendcard ...) - TODO: check + NOT-FOR-US: sendcard CVE-2006-1005 (agencyprofile.asp in Parodia 6.2 and earlier might allow remote ...) - TODO: check + NOT-FOR-US: Parodia CVE-2006-1004 (Cross-site scripting (XSS) vulnerability in agencyprofile.asp in ...) - TODO: check + NOT-FOR-US: Parodia CVE-2006-1003 (The backup configuration option in NETGEAR WGT624 Wireless Firewall ...) - TODO: check + NOT-FOR-US: NETGEAR hardware issue CVE-2006-1002 (NETGEAR WGT624 Wireless DSL router has a default account of ...) - TODO: check + NOT-FOR-US: NETGEAR hardware issue CVE-2006-1001 (SQL injection vulnerability in the board module in LanSuite LanParty ...) - TODO: check + NOT-FOR-US: LanSuite LanParty Intranet System CVE-2006-1000 (Multiple SQL injection vulnerabilities in Pentacle In-Out Board 3.0 ...) - TODO: check + NOT-FOR-US: Pentacle In-Out Board CVE-2006-0999 RESERVED CVE-2006-0998 @@ -289,7 +288,6 @@ RESERVED CVE-2006-0989 RESERVED -end claimed by jmm CVE-2006-0988 (The default configuration of the DNS Server service on Windows Server ...) NOT-FOR-US: MS Windows issue CVE-2006-0987 (The default configuration of ISC BIND, when configured as a caching ...) @@ -298,7 +296,7 @@ CVE-2006-0986 (WordPress 2.0.1 and earlier allows remote attackers to obtain ...) - wordpress <unfixed> (bug #355055; unimportant) CVE-2006-0985 (Multiple cross-site scripting (XSS) vulnerabilities in the "post ...) - - wordpress <unfixed> (bug #355055; unimportant) + - wordpress <unfixed> (bug #355055; medium) CVE-2006-0984 (Cross-site scripting (XSS) vulnerability in inc_header.php in EJ3 TOPo ...) NOT-FOR-US: EJ3 TOPo not in debian CVE-2006-0983 (Cross-site scripting (XSS) vulnerability in index.php in QwikiWiki 1.4 ...)