Author: stef-guest Date: 2007-01-08 21:02:11 +0100 (Mon, 08 Jan 2007) New Revision: 5224 Modified: data/CVE/list Log: - new centericq issue fixed - wordpress fixed Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-01-07 20:14:16 UTC (rev 5223) +++ data/CVE/list 2007-01-08 20:02:11 UTC (rev 5224) @@ -1,3 +1,6 @@ +CVE-2007-XXXX [CenterICQ buffer overflow] + - centericq 4.21.0-17 + NOTE: http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/051663.html CVE-2007-XXXX [drupal XSS] - drupal 4.7.5-1 (low) NOTE: DRUPAL-SA-2007-001 @@ -5,10 +8,10 @@ - drupal 4.7.5-1 (low) NOTE: DRUPAL-SA-2007-002 CVE-2007-XXXX WordPress Trackback Charset Decoding SQL Injection Vulnerability - - wordpress <unfixed> (medium) + - wordpress 2.0.6-1 (medium) NOTE: http://www.hardened-php.net/advisory_022007.141.html CVE-2007-XXXX WordPress CSRF Protection XSS Vulnerability - - wordpress <unfixed> (medium) + - wordpress 2.0.6-1 (medium) NOTE: http://www.hardened-php.net/advisory_012007.140.html CVE-2007-0050 (** DISPUTED ** ...) NOT-FOR-US: OpenPinboard @@ -195,7 +198,7 @@ CVE-2006-6809 (Multiple PHP remote file inclusion vulnerabilities in process.php in ...) NOT-FOR-US: buratinable templator (aka bubla) CVE-2006-6808 (Cross-site scripting (XSS) vulnerability in wp-admin/templates.php in ...) - - wordpress <unfixed> (bug #405299) + - wordpress 2.0.6-1 (bug #405299) CVE-2006-6807 (SQL injection vulnerability in list.asp in Softwebs Nepal (aka Ananda ...) NOT-FOR-US: Ananda Real Estate CVE-2006-6806 (SQL injection vulnerability in newsdetail.asp in Enthrallweb eMates ...)