NotCVE - vendor:"Wordpress" product:"Wordpress" version:" >= 4.4

Page 23 of 135 results (0.011 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2017-5493 – WordPress Core < 4.7.1 - Weak Multi-Site Activation Key for User and Site Signup

https://notcve.org/view.php?id=CVE-2017-5493

wp-includes/ms-functions.php in the Multisite WordPress API in WordPress before 4.7.1 does not properly choose random numbers for keys, which makes it easier for remote attackers to bypass intended access restrictions via a crafted (1) site signup or (2) user signup. wp-includes/ms-functions.php en la API Multisite WordPress en WordPress en versiones anteriores a 4.7.1 no elige adecuadamente los números aleatorios para claves, lo que hace que más fácil para atacantes remotos eludir las restricciones destinadas al acceso a través de una inscripción del (1) sitio o (2) usuario manipulado. • http://www.debian.org/security/2017/dsa-3779 http://www.openwall.com/lists/oss-security/2017/01/14/6 http://www.securityfocus.com/bid/95401 http://www.securitytracker.com/id/1037591 https://codex.wordpress.org/Version_4.7.1 https://github.com/WordPress/WordPress/commit/cea9e2dc62abf777e06b12ec4ad9d1aaa49b29f4 https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release https://wpvulndb.com/vulnerabilities/8721 • CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) •

CVSS: 9.8EPSS: 96%CPEs: 3EXPL: 9

CVE-2016-10045 – PHPMailer Sendmail Argument Injection

https://notcve.org/view.php?id=CVE-2016-10045

The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code by leveraging improper interaction between the escapeshellarg function and internal escaping performed in the mail function in PHP. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-10033. El transporte isMail en PHPMailer en versiones anteriores a 5.2.20 podrían permitir a atacantes remotos pasar parámetros extra al comando de correo y consecuentemente ejecutar código arbitrario aprovechando una interacción inapropiada entre la función escapeshellarg y un escape interno realizado en la función mail en PHP. NOTA: esta vulnerabilidad existe debido a una incorrecta reparación de CVE-2016-10033. • https://www.exploit-db.com/exploits/42221 https://www.exploit-db.com/exploits/40969 https://www.exploit-db.com/exploits/40986 http://openwall.com/lists/oss-security/2016/12/28/1 http://packetstormsecurity.com/files/140286/PHPMailer-Remote-Code-Execution.html http://packetstormsecurity.com/files/140350/PHPMailer-Sendmail-Argument-Injection.html http://seclists.org/fulldisclosure/2016/Dec/81 http://www.rapid7.com/db/modules/exploit/multi/http/phpmailer_arg_injection http://www.securityfocus& • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 9.8EPSS: 97%CPEs: 3EXPL: 26

CVE-2016-10033 – WordPress PHPMailer Host Header Command Injection

https://notcve.org/view.php?id=CVE-2016-10033

The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property. La función mailSend en el transporte isMail en PHPMailer en versiones anteriores a 5.2.18 podrían permitir a atacantes remotos pasar parámetros extra al comando mail y consecuentemente ejecutar código arbitrario a través de una \" (barra invertida comillas dobles) en una propiedad Sender manipulada. PHPMailer version 5.2.17 suffers from a remote code execution vulnerability. • https://www.exploit-db.com/exploits/41962 https://www.exploit-db.com/exploits/42024 https://www.exploit-db.com/exploits/41996 https://www.exploit-db.com/exploits/40974 https://www.exploit-db.com/exploits/42221 https://www.exploit-db.com/exploits/40970 https://www.exploit-db.com/exploits/40968 https://www.exploit-db.com/exploits/40969 https://www.exploit-db.com/exploits/40986 https://github.com/opsxcq/exploit-CVE-2016-10033 https://github.com/GeneralTesler/CVE- • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •

CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2016-7168 – WordPress Core < 4.6.1 - Authenticated Stored Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2016-7168

Cross-site scripting (XSS) vulnerability in the media_handle_upload function in wp-admin/includes/media.php in WordPress before 4.6.1 might allow remote attackers to inject arbitrary web script or HTML by tricking an administrator into uploading an image file that has a crafted filename. Vulnerabilidad de XSS en la función media_handle_upload en wp-admin/includes/media.php en WordPress en versiones anteriores a 4.6.1 podría permitir a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios engañando a un administrador para subir un archivo de imagen que tiene un nombre de archivo manipulado. • http://www.debian.org/security/2016/dsa-3681 http://www.openwall.com/lists/oss-security/2016/09/08/19 http://www.openwall.com/lists/oss-security/2016/09/08/24 http://www.securityfocus.com/bid/92841 https://codex.wordpress.org/Version_4.6.1 https://github.com/WordPress/WordPress/commit/c9e60dab176635d4bfaaf431c0ea891e4726d6e0 https://sumofpwn.nl/advisory/2016/persistent_cross_site_scripting_vulnerability_in_wordpress_due_to_unsafe_processing_of_file_names.html https://wordpress.org/news/20 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2016-7169 – WordPress Core < 4.6.1 - Authenticated Directory Traversal to Arbitrary File Access

https://notcve.org/view.php?id=CVE-2016-7169

Directory traversal vulnerability in the File_Upload_Upgrader class in wp-admin/includes/class-file-upload-upgrader.php in the upgrade package uploader in WordPress before 4.6.1 allows remote authenticated users to access arbitrary files via a crafted urlholder parameter. Vulnerabilidad de salto de directorio en la clase File_Upload_Upgrader en wp-admin/includes/class-file-upload-upgrader.php en el cargador del paquete de actualización en WordPress en versiones anteriores a 4.6.1 permite a usuarios remotos autenticados acceder a archivos arbitrarios a través de un parámetro urlholder manipulado. • http://www.debian.org/security/2016/dsa-3681 http://www.securityfocus.com/bid/92841 https://codex.wordpress.org/Version_4.6.1 https://github.com/WordPress/WordPress/commit/54720a14d85bc1197ded7cb09bd3ea790caa0b6e https://wordpress.org/news/2016/09/wordpress-4-6-1-security-and-maintenance-release https://wpvulndb.com/vulnerabilities/8616 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

1...21 22 23 24 25