NotCVE - vendor:"Wordpress" product:"Wordpress" version:" <= 3.1"

Page 28 of 307 results (0.004 seconds)

CVSS: 5.3EPSS: 29%CPEs: 10EXPL: 2

CVE-2014-9034 – WordPress Core < 4.0.1 - Denial of Service via Long Password

https://notcve.org/view.php?id=CVE-2014-9034

wp-includes/class-phpass.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to cause a denial of service (CPU consumption) via a long password that is improperly handled during hashing, a similar issue to CVE-2014-9016. wp-includes/class-phpass.php en WordPress anterior a 3.7.5, 3.8.x anterior a 3.8.5, 3.9.x anterior a 3.9.3, y 4.x anterior a 4.0.1 permite a atacantes remotos causar una denegación de servicio (consumo de CPU) a través de una contraseña larga que no se maneja debidamente durante la creación de hashes, un problema similar a CVE-2014-9016. A vulnerability present in Drupal versions prior to 7.34 and WordPress versions prior to 4.0.1 allows an attacker to send specially crafted requests resulting in CPU and memory exhaustion. This may lead to the site becoming unavailable or unresponsive (denial of service). • https://www.exploit-db.com/exploits/35414 https://www.exploit-db.com/exploits/35413 http://advisories.mageia.org/MGASA-2014-0493.html http://core.trac.wordpress.org/changeset/30467 http://openwall.com/lists/oss-security/2014/11/25/12 http://www.debian.org/security/2014/dsa-3085 http://www.mandriva.com/security/advisories?name=MDVSA-2014:233 http://www.securitytracker.com/id/1031243 https://wordpress.org/news/2014/11/wordpress-4-0-1 • CWE-19: Data Processing Errors CWE-400: Uncontrolled Resource Consumption •

CVSS: 8.1EPSS: 0%CPEs: 14EXPL: 0

CVE-2014-9037 – Wordpress Core < 4.0.1 - Hash Collision

https://notcve.org/view.php?id=CVE-2014-9037

WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to obtain access to an account idle since 2008 by leveraging an improper PHP dynamic type comparison for an MD5 hash. WordPress anterior a 3.7.5, 3.8.x anterior a 3.8.5, 3.9.x anterior a 3.9.3, y 4.x anterior a 4.0.1 podría permitir a atacantes remotos obtener el acceso a una cuenta ociosa desde el 2008 mediante el aprovechamiento de una comparación indebida del tipo dinámico de PHP para un hash MD5. • http://advisories.mageia.org/MGASA-2014-0493.html http://openwall.com/lists/oss-security/2014/11/25/12 http://www.debian.org/security/2014/dsa-3085 http://www.mandriva.com/security/advisories?name=MDVSA-2014:233 http://www.securitytracker.com/id/1031243 https://wordpress.org/news/2014/11/wordpress-4-0-1 • CWE-310: Cryptographic Issues CWE-916: Use of Password Hash With Insufficient Computational Effort •

CVSS: 6.4EPSS: 0%CPEs: 12EXPL: 0

CVE-2014-9035 – WordPress Core < 4.0.1 - Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2014-9035

Cross-site scripting (XSS) vulnerability in Press This in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en Press This en WordPress anterior a 3.7.5, 3.8.x anterior a 3.8.5, 3.9.x anterior a 3.9.3, y 4.x anterior a 4.0.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://advisories.mageia.org/MGASA-2014-0493.html http://openwall.com/lists/oss-security/2014/11/25/12 http://www.debian.org/security/2014/dsa-3085 http://www.mandriva.com/security/advisories?name=MDVSA-2014:233 http://www.securityfocus.com/bid/71236 http://www.securitytracker.com/id/1031243 https://wordpress.org/news/2014/11/wordpress-4-0-1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.4EPSS: 12%CPEs: 9EXPL: 0

CVE-2014-9031 – WordPress Core < 4.0.1 - Cross-Site Scripting via Shortcode Brackets

https://notcve.org/view.php?id=CVE-2014-9031

Cross-site scripting (XSS) vulnerability in the wptexturize function in WordPress before 3.7.5, 3.8.x before 3.8.5, and 3.9.x before 3.9.3 allows remote attackers to inject arbitrary web script or HTML via crafted use of shortcode brackets in a text field, as demonstrated by a comment or a post. Vulnerabilidad de XSS en la función wptexturize en WordPress anterior a 3.7.5, 3.8.x anterior a 3.8.5, y 3.9.x anterior a 3.9.3 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del uso manipulado de paréntesis de código corto en un campo de texto, tal y como fue demostrado por un comentario o un post. • http://advisories.mageia.org/MGASA-2014-0493.html http://klikki.fi/adv/wordpress.html http://openwall.com/lists/oss-security/2014/11/25/12 http://seclists.org/fulldisclosure/2014/Nov/62 http://www.debian.org/security/2014/dsa-3085 http://www.mandriva.com/security/advisories?name=MDVSA-2014:233 http://www.securityfocus.com/bid/71237 http://www.securitytracker.com/id/1031243 https://wordpress.org/news/2014/11/wordpress-4-0-1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 93%CPEs: 122EXPL: 0

CVE-2014-5266 – WordPress Core < 3.9.2 - Denial of Service via XML #2

https://notcve.org/view.php?id=CVE-2014-5266

The Incutio XML-RPC (IXR) Library, as used in WordPress before 3.9.2 and Drupal 6.x before 6.33 and 7.x before 7.31, does not limit the number of elements in an XML document, which allows remote attackers to cause a denial of service (CPU consumption) via a large document, a different vulnerability than CVE-2014-5265. La libraría Incutio XML-RPC (IXR) , utilizado en WordPress anterior a 3.9.2 y Drupal 6.x anterior a 6.33 y 7.x anterior a 7.31, no limita el número de elementos en un documento XML, lo que permite a atacantes remotos causar una denegación de servicio (consumo de CPU) a través de un documento grande, una vulnerabilidad diferente a CVE-2014-5265. Wordpress XMLRPC parsing is vulnerable to a XML based denial of service. This vulnerability affects Wordpress 3.5 - 3.9.2 (3.8.4 and 3.7.4 are also patched). • http://cgit.drupalcode.org/drupal/diff/includes/xmlrpc.inc?id=1849830 http://cgit.drupalcode.org/drupal/diff/modules/openid/xrds.inc?id=1849830 http://www.debian.org/security/2014/dsa-2999 http://www.debian.org/security/2014/dsa-3001 https://core.trac.wordpress.org/changeset/29404 https://wordpress.org/news/2014/08/wordpress-3-9-2 https://www.drupal.org/SA-CORE-2014-004 • CWE-399: Resource Management Errors CWE-400: Uncontrolled Resource Consumption •

1...26 27 28 29 30