Author: stef-guest Date: 2007-01-07 18:50:16 +0100 (Sun, 07 Jan 2007) New Revision: 5218 Modified: data/CVE/list Log: - CVE-2006-6808: another wordpress issue - openoffice fixed Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-01-07 16:03:04 UTC (rev 5217) +++ data/CVE/list 2007-01-07 17:50:16 UTC (rev 5218) @@ -1,7 +1,9 @@ CVE-2007-XXXX WordPress Trackback Charset Decoding SQL Injection Vulnerability - - wordpress <unfixed> (bug #405299; medium) + - wordpress <unfixed> (medium) + NOTE: http://www.hardened-php.net/advisory_022007.141.html CVE-2007-XXXX WordPress CSRF Protection XSS Vulnerability - - wordpress <unfixed> (bug #405299; medium) + - wordpress <unfixed> (medium) + NOTE: http://www.hardened-php.net/advisory_012007.140.html CVE-2007-0050 (** DISPUTED ** ...) NOT-FOR-US: OpenPinboard CVE-2007-0049 (Geckovich TaskTracker Pro 1.5 and earlier allows remote attackers to ...) @@ -187,7 +189,7 @@ CVE-2006-6809 (Multiple PHP remote file inclusion vulnerabilities in process.php in ...) NOT-FOR-US: buratinable templator (aka bubla) CVE-2006-6808 (Cross-site scripting (XSS) vulnerability in wp-admin/templates.php in ...) - TODO: check + - wordpress <unfixed> (bug #405299) CVE-2006-6807 (SQL injection vulnerability in list.asp in Softwebs Nepal (aka Ananda ...) TODO: check CVE-2006-6806 (SQL injection vulnerability in newsdetail.asp in Enthrallweb eMates ...) @@ -612,7 +614,7 @@ CVE-2006-6629 (lib/WeBWorK/PG/Translator.pm in WeBWorK Program Generation (PG) ...) NOT-FOR-US: WeBWorK CVE-2006-6628 (Integer overflow in OpenOffice.org (OOo) 2.1 allows user-assisted ...) - - openoffice.org <unfixed> (unimportant; bug #404105) + - openoffice.org 2.0.4.dfsg.2-3 (unimportant; bug #404105) NOTE: No code injection possible, just a crash CVE-2006-6627 (Integer overflow in the packed PE file parsing implementation in ...) NOT-FOR-US: BitDefender