CVSS: 8.1EPSS: 1%CPEs: 34EXPL: 2CVE-2008-4106 – WordPress Core < 2.6.2 - Arbitrary User Password Reset
https://notcve.org/view.php?id=CVE-2008-4106
WordPress before 2.6.2 does not properly handle MySQL warnings about insertion of username strings that exceed the maximum column width of the user_login column, and does not properly handle space characters when comparing usernames, which allows remote attackers to change an arbitrary user's password to a random value by registering a similar username and then requesting a password reset, related to a "SQL column truncation vulnerability." NOTE: the attacker can discover the random password by also exploiting CVE-2008-4107. WordPress anterior a v2.6.2 no maneja adecuadamente las advertencias MySQL relacionadas con la inserción de nombres de usuarios con un tamaño superior al ancho de la columna del user_login, y no maneja correctamente los espacios a la hora de comparar nombres de usuario, lo que permite a atacantes remotos modificar las contraseñas de usuarios de su elección a un valor aleatorio registrando un nombre de usuario similar y posteriormente realizando un reinicio de contraseña, relacionado con la "Vulnerabilidad de truncado de columna SQL" (SQL column truncation vulnerability). NOTA: el atacante puede descubrir la contraseña aleatoria explotando la vulnerabilidad CVE-2008-4107. • http://marc.info/?l=oss-security&m=122152830017099&w=2 http://secunia.com/advisories/31737 http://secunia.com/advisories/31870 http://securityreason.com/securityalert/4272 http://securitytracker.com/id?1020869 http://wordpress.org/development/2008/09/wordpress-262 http://www.debian.org/security/2009/dsa-1871 http://www.openwall.com/lists/oss-security/2008/09/11/6 http://www.securityfocus.com/archive/1/496287/100/0/threaded http://www.securityfocus.com/bid/31068 http: • CWE-20: Improper Input Validation CWE-197: Numeric Truncation Error •
CVSS: 6.4EPSS: 0%CPEs: 6EXPL: 2CVE-2008-4671 – WordPress MU < 2.6 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2008-4671
Cross-site scripting (XSS) vulnerability in wp-admin/wp-blogs.php in Wordpress MU (WPMU) before 2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) s and (2) ip_address parameters. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el archivo wp-admin/wp-blogs.php en Wordpress MU (WPMU), en versiones anteriores a 2.6, que permite a los atacantes remotos inyectar arbitrariamente una secuencia de comandos web o HTML a través de los parámetros (1) s y (2) ip_address • https://www.exploit-db.com/exploits/32444 http://lists.grok.org.uk/pipermail/full-disclosure/2008-September/064748.html http://secunia.com/advisories/32060 http://www.securityfocus.com/bid/31482 https://exchange.xforce.ibmcloud.com/vulnerabilities/45512 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 45EXPL: 0CVE-2008-3747 – WordPress Core < 2.6.1 - Cryptographic Weakness
https://notcve.org/view.php?id=CVE-2008-3747
The (1) get_edit_post_link and (2) get_edit_comment_link functions in wp-includes/link-template.php in WordPress before 2.6.1 do not force SSL communication in the intended situations, which might allow remote attackers to gain administrative access by sniffing the network for a cookie. Las funciones (1) get_edit_post_link y (2) get_edit_comment_link en wp-includes/link-template.php de WordPress antes de 2.6.1 no fuerzan comunicación SSL en las situaciones previstas, lo que podría permitir a atacantes remotos obtener acceso administrativo siguiendo la red para una cookie. • http://trac.wordpress.org/ticket/7359 http://www.openwall.com/lists/oss-security/2008/08/19/1 http://www.openwall.com/lists/oss-security/2008/08/20/3 http://www.securityfocus.com/bid/30750 https://exchange.xforce.ibmcloud.com/vulnerabilities/44569 • CWE-264: Permissions, Privileges, and Access Controls CWE-757: Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') •
CVSS: 10.0EPSS: 2%CPEs: 2EXPL: 2CVE-2008-3362 – Downloads Manager <= 0.2 - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2008-3362
Unrestricted file upload vulnerability in upload.php in the Giulio Ganci Wp Downloads Manager module 0.2 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension via the upfile parameter, then accessing it via a direct request to the file in wp-content/plugins/downloads-manager/upload/. Vulnerabilidad de subida de ficheros sin restricción en upload.php en el módulo Giulio Ganci Wp Downloads Manager 0.2 para WordPress, permite a atacantes remotos ejecutar código de su elección subiendo un fichero de su elección con una extensión ejecutable a través del parámetro "upfile", y posteriormente accediendo a él con una petición directa al archivo en wp-content/plugins/downloads-manager/upload/. The Downloads Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation on files supplied via the 'upfile' parameter in versions up to, and including, 0.2. This makes it possible for attackers to upload arbitrary files on the affected sites server which may make remote code execution possible when accessed from the wp-content/plugins/downloads-manager/upload/ directory. • https://www.exploit-db.com/exploits/6127 http://securityreason.com/securityalert/4060 http://www.securityfocus.com/bid/30365 https://exchange.xforce.ibmcloud.com/vulnerabilities/43987 • CWE-20: Improper Input Validation CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.2EPSS: 0%CPEs: 54EXPL: 3CVE-2008-3233 – WordPress Core < 2.6 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2008-3233
Cross-site scripting (XSS) vulnerability in WordPress before 2.6, SVN development versions only, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en versiones de WordPress anteriores a la 2.6, sólo en versiones de desarrollo SVN, permite a atacantes remotos inyectar scripts web o HTML arbitrario a través de vectores sin especificar. • https://www.exploit-db.com/exploits/32053 http://trac.wordpress.org/ticket/7220 http://www.openwall.com/lists/oss-security/2008/07/15/5 http://www.openwall.com/lists/oss-security/2008/07/16/5 http://www.openwall.com/lists/oss-security/2008/07/16/6 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •