CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 1CVE-2008-4796 – Feed2JS File Disclosure
https://notcve.org/view.php?id=CVE-2008-4796
30 Oct 2008 — The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3 and earlier, as used in (1) ampache, (2) libphp-snoopy, (3) mahara, (4) mediamate, (5) opendb, (6) pixelpost, and possibly other products, allows remote attackers to execute arbitrary commands via shell metacharacters in https URLs. La función _httpsrequest function (Snoopy/Snoopy.class.php) en Snoopy 1.2.3 y versiones anteriores, cuando es usada en (1) ampache, (2) libphp-snoopy, (3) mahara, (4) mediamate, (5) opendb, (6) pixelpost y posi... • https://packetstorm.news/files/id/127352 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 1%CPEs: 34EXPL: 2CVE-2008-4106 – WordPress Core < 2.6.2 - Arbitrary User Password Reset
https://notcve.org/view.php?id=CVE-2008-4106
08 Sep 2008 — WordPress before 2.6.2 does not properly handle MySQL warnings about insertion of username strings that exceed the maximum column width of the user_login column, and does not properly handle space characters when comparing usernames, which allows remote attackers to change an arbitrary user's password to a random value by registering a similar username and then requesting a password reset, related to a "SQL column truncation vulnerability." NOTE: the attacker can discover the random password by also exploit... • http://marc.info/?l=oss-security&m=122152830017099&w=2 • CWE-20: Improper Input Validation CWE-197: Numeric Truncation Error •
CVSS: 9.8EPSS: 0%CPEs: 45EXPL: 0CVE-2008-3747 – WordPress Core < 2.6.1 - Cryptographic Weakness
https://notcve.org/view.php?id=CVE-2008-3747
15 Aug 2008 — The (1) get_edit_post_link and (2) get_edit_comment_link functions in wp-includes/link-template.php in WordPress before 2.6.1 do not force SSL communication in the intended situations, which might allow remote attackers to gain administrative access by sniffing the network for a cookie. Las funciones (1) get_edit_post_link y (2) get_edit_comment_link en wp-includes/link-template.php de WordPress antes de 2.6.1 no fuerzan comunicación SSL en las situaciones previstas, lo que podría permitir a atacantes remot... • http://trac.wordpress.org/ticket/7359 • CWE-264: Permissions, Privileges, and Access Controls CWE-757: Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') •
CVSS: 7.2EPSS: 0%CPEs: 54EXPL: 3CVE-2008-3233 – WordPress Core < 2.6 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2008-3233
15 Jul 2008 — Cross-site scripting (XSS) vulnerability in WordPress before 2.6, SVN development versions only, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en versiones de WordPress anteriores a la 2.6, sólo en versiones de desarrollo SVN, permite a atacantes remotos inyectar scripts web o HTML arbitrario a través de vectores sin especificar. • https://www.exploit-db.com/exploits/32053 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 3%CPEs: 68EXPL: 2CVE-2008-4769 – WordPress Core <= 2.3.3 - Directory Traversal
https://notcve.org/view.php?id=CVE-2008-4769
25 Apr 2008 — Directory traversal vulnerability in the get_category_template function in wp-includes/theme.php in WordPress 2.3.3 and earlier, and 2.5, allows remote attackers to include and possibly execute arbitrary PHP files via the cat parameter in index.php. NOTE: some of these details are obtained from third party information. Vulnerabilidad de salto de directorio en la función get_category_template en wp-includes/theme.php en WordPress v2.3.3 y anteriores y v2.5, permite a atacantes remotos incluir y posiblemente ... • https://www.exploit-db.com/exploits/31670 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2008-2068 – WordPress Core <= 2.5 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2008-2068
25 Apr 2008 — Cross-site scripting (XSS) vulnerability in WordPress 2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en WordPress 2.5, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de vectores no especificados. • http://secunia.com/advisories/29965 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2008-1930 – WordPress Core < 2.5.1 - Authentication Bypass
https://notcve.org/view.php?id=CVE-2008-1930
25 Apr 2008 — The cookie authentication method in WordPress 2.5 relies on a hash of a concatenated string containing USERNAME and EXPIRY_TIME, which allows remote attackers to forge cookies by registering a username that results in the same concatenated string, as demonstrated by registering usernames beginning with "admin" to obtain administrator privileges, aka a "cryptographic splicing" issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2007-6013. El método de autenticación por Cookie en WordP... • http://secunia.com/advisories/29965 • CWE-287: Improper Authentication CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2008-2392 – WordPress Core <= 2.5.1 - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2008-2392
25 Apr 2008 — Unrestricted file upload vulnerability in WordPress 2.5.1 and earlier might allow remote authenticated administrators to upload and execute arbitrary PHP files via the Upload section in the Write Tabs area of the dashboard. Vulnerabilidad de subida de ficheros sin restricciones en WordPress 2.5.1 y versiones anteriores podría permitir a administradores remotos autenticados subir y ejecutar archivos PHP arbitrariamente mediante la sección de Subidas en el área de Escribir Pestañas del panel de Gestión. • http://securityreason.com/securityalert/3897 • CWE-20: Improper Input Validation CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 2CVE-2008-1304 – WordPress Core <= 2.3.2 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2008-1304
05 Feb 2008 — Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) inviteemail parameter in an invite action to wp-admin/users.php and the (2) to parameter in a sent action to wp-admin/invites.php. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en WordPress 2.3.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de los parámetros (1) inviteemail en una acción invite a wp... • https://www.exploit-db.com/exploits/31356 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 1%CPEs: 15EXPL: 5CVE-2008-0193 – WordPress Core 2.2.3 - '/wp-admin/edit.php?backup' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2008-0193
10 Jan 2008 — Cross-site scripting (XSS) vulnerability in wp-db-backup.php in WordPress 2.0.11 and earlier, and possibly 2.1.x through 2.3.x, allows remote attackers to inject arbitrary web script or HTML via the backup parameter in a wp-db-backup.php action to wp-admin/edit.php. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en wp-db-backup.php de WordPress 2.0.11 y anteriores, y posiblemente 2.1.x hasta 2.3.x, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección media... • https://www.exploit-db.com/exploits/30979 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •