thijs at alioth.debian.org
2008-Sep-29 18:09 UTC
[Secure-testing-commits] r9901 - data/CVE
Author: thijs Date: 2008-09-29 18:09:06 +0000 (Mon, 29 Sep 2008) New Revision: 9901 Modified: data/CVE/list Log: wordpress fiX0rR3d Modified: data/CVE/list ==================================================================--- data/CVE/list 2008-09-29 16:12:54 UTC (rev 9900) +++ data/CVE/list 2008-09-29 18:09:06 UTC (rev 9901) @@ -3,7 +3,7 @@ - ftpd <unfixed> (bug #500278) CVE-2008-XXXX [possible script injection via /etc/wordpress/wp-config.php] - wordpress <unfixed> (bug #500295; unimportant) - NOTE: bigger problems, if attacker has access to /etch/wordpress/* + NOTE: bigger problems, if attacker has access to /etc/wordpress/* CVE-2008-XXXX [Unexpected behavior of url.redirect / url.rewrite config options] - lighttpd 1.4.19-5 (low) NOTE: http://www.lighttpd.net/security/lighttpd_sa_2008_05.txt @@ -200,7 +200,7 @@ CVE-2008-4107 (The (1) rand and (2) mt_rand functions in PHP 5.2.6 do not produce ...) - php5 <unfixed> (bug #500087) CVE-2008-4106 (WordPress before 2.6.2 does not properly handle MySQL warnings about ...) - - wordpress <unfixed> (bug #500115) + - wordpress 2.5.1-8 (bug #500115) CVE-2008-4105 (JRequest in Joomla! 1.5 before 1.5.7 does not sanitize variables that ...) - joomla <itp> (bug #326398) CVE-2008-4104 (Multiple open redirect vulnerabilities in Joomla! 1.5 before 1.5.7 ...)