Author: alec-guest Date: 2006-06-13 00:03:41 +0000 (Tue, 13 Jun 2006) New Revision: 4182 Modified: data/CVE/list Log: * Two knowledgetree vulns (low) * Debian doesn''t ship affected pyblosxom plugins * DokuWiki vulnerability (high) is pending Modified: data/CVE/list ==================================================================--- data/CVE/list 2006-06-12 20:56:20 UTC (rev 4181) +++ data/CVE/list 2006-06-13 00:03:41 UTC (rev 4182) @@ -90,9 +90,9 @@ CVE-2006-2887 (Multiple SQL injection vulnerabilities in myNewsletter 1.1.2 and ...) TODO: check CVE-2006-2886 (view.php in KnowledgeTree Open Source 3.0.3 and earlier allows remote ...) - TODO: check + - knowledgetree <unfixed> (bug filed; low) CVE-2006-2885 (Multiple cross-site scripting (XSS) vulnerabilities in KnowledgeTree ...) - TODO: check + - knowledgetree <unfixed> (bug filed; low) CVE-2006-2884 (SQL injection vulnerability in index.php in Kmita FAQ 1.0 allows ...) TODO: check CVE-2006-2883 (Cross-site scripting (XSS) vulnerability in search.php in Kmita FAQ ...) @@ -102,11 +102,11 @@ CVE-2006-2881 (Multiple PHP remote file inclusion vulnerabilities in DreamAccount 3.1 ...) TODO: check CVE-2006-2880 (Cross-site scripting (XSS) vulnerability in the Contributed Packages ...) - TODO: check + NOT-FOR-US: pyblosxom package doesn''t ship plugins CVE-2006-2879 (SQL injection vulnerability in newscomments.php in Alex News-Engine ...) TODO: check CVE-2006-2878 (The spellchecker (spellcheck.php) in DokuWiki 2006/06/04 and earlier ...) - TODO: check + - dokuwiki <unfixed> (bug #370369; high) CVE-2006-2877 (PHP remote file inclusion vulnerability in Bookmark4U 2.0.0 and ...) TODO: check CVE-2006-2876 (Cross-site scripting (XSS) vulnerability in cat.php in PHP Pro Publish ...)