CVE-2009-3890 – WordPress Core <= 2.8.5 - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2009-3890
Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the mod_mime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an attachment with a multiple-extension filename, and then accessing this attachment via a direct request to a wp-content/uploads/ pathname, as demonstrated by a .php.jpg filename. Vulnerabilidad de subida de archivos sin restricción en la función wp_check_filetype en wp-includes/functions.php en WordPress anteriores a v2.8.6, cuando cierta configuración del modulo mod_mime en el servidor HTTP Apache esta activado, permite a usuarios remotos autenticados ejecutar código arbitrario posteando un adjunto con un nombre de fichero con múltiples extensiones y luego accediendo a el a través de una petición directa al nombre de ruta wp-content/uploads/, como se demuestra con el nombre de fichero .php.jpg. • https://www.exploit-db.com/exploits/10089 http://archives.neohapsis.com/archives/fulldisclosure/2009-11/0142.html http://archives.neohapsis.com/archives/fulldisclosure/2009-11/0149.html http://archives.neohapsis.com/archives/fulldisclosure/2009-11/0153.html http://core.trac.wordpress.org/ticket/11122 http://secunia.com/advisories/37332 http://wordpress.org/development/2009/11/wordpress-2-8-6-security-release http://www.openwall.com/lists/oss-security/2009/11/15/2 http://www.openwal • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2009-3891 – WordPress Core <= 2.8.5 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2009-3891
Cross-site scripting (XSS) vulnerability in wp-admin/press-this.php in WordPress before 2.8.6 allows remote authenticated users to inject arbitrary web script or HTML via the s parameter (aka the selection variable). Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en wp-admin/press-this.php en WordPress anteriores a v2.8.6 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML a través del parámetro "s" (también conocido como variable selección). • http://core.trac.wordpress.org/attachment/ticket/11119/press-this-xss-bug-11-10-2009.patch http://core.trac.wordpress.org/attachment/ticket/11119/press-this.002.diff http://core.trac.wordpress.org/ticket/11119 http://secunia.com/advisories/37332 http://wordpress.org/development/2009/11/wordpress-2-8-6-security-release http://www.openwall.com/lists/oss-security/2009/11/15/2 http://www.openwall.com/lists/oss-security/2009/11/15/3 http://www.openwall.com/lists/oss-secu • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2009-3622 – WordPress Core <= 2.8.4 - Denial of Service
https://notcve.org/view.php?id=CVE-2009-3622
Algorithmic complexity vulnerability in wp-trackback.php in WordPress before 2.8.5 allows remote attackers to cause a denial of service (CPU consumption and server hang) via a long title parameter in conjunction with a charset parameter composed of many comma-separated "UTF-8" substrings, related to the mb_convert_encoding function in PHP. Vulnerabilidad de complejidad algorítmica en wp-trackback.php en WordPress anteriores a v2.8.5 permite a atacantes remotos provocar una denegación de servicio (Consumo de CPU y cuelgue del servidor) a través de un valor largo en el parámetro "title" en conjunción con un parámetro "charset" compuesto por muchas subcadenas "UTF-8" separadas por coma, está relacionado con la función mb_convert_encoding en PHP. • http://codes.zerial.org/php/wp-trackbacks_dos.phps http://marc.info/?l=oss-security&m=125612393329041&w=2 http://marc.info/?l=oss-security&m=125614592004825&w=2 http://rooibo.wordpress.com/2009/10/17/agujero-de-seguridad-en-wordpress http://seclists.org/fulldisclosure/2009/Oct/263 http://secunia.com/advisories/37088 http://security-sh3ll.blogspot.com/2009/10/wordpress-resource-exhaustion-denial-of.html http://securitytracker.com/id?1023072 http://wordpress.org/development/2009& • CWE-310: Cryptographic Issues CWE-400: Uncontrolled Resource Consumption •
CVE-2009-2762 – WordPress Core < 2.8.4 - Forced Password Reset
https://notcve.org/view.php?id=CVE-2009-2762
wp-login.php in WordPress 2.8.3 and earlier allows remote attackers to force a password reset for the first user in the database, possibly the administrator, via a key[] array variable in a resetpass (aka rp) action, which bypasses a check that assumes that $key is not an array. wp-login.php en WordPress v2.8.3 y anteriores que permite a los atacantes remotos a forzar el restablecimiento de la contraseña para el primer usuario en la base de datos, posiblemente el administrador, a través de un key[] array variable en una acción resetpass (también conocido como rp), lo que evita un control que asume que $key no es un array. • https://www.exploit-db.com/exploits/6421 https://www.exploit-db.com/exploits/6397 https://www.exploit-db.com/exploits/9410 http://archives.neohapsis.com/archives/fulldisclosure/2009-08/0114.html http://core.trac.wordpress.org/changeset/11798 http://secunia.com/advisories/36237 http://wordpress.org/development/2009/08/2-8-4-security-release http://www.exploit-db.com/exploits/9410 http://www.securityfocus.com/bid/36014 http://www.securitytracker.com/id?1022707 https:// • CWE-255: Credentials Management Errors CWE-639: Authorization Bypass Through User-Controlled Key •
CVE-2009-2854 – WordPress Core < 2.8.3 - Missing Authorization
https://notcve.org/view.php?id=CVE-2009-2854
Wordpress before 2.8.3 does not check capabilities for certain actions, which allows remote attackers to make unauthorized edits or additions via a direct request to (1) edit-comments.php, (2) edit-pages.php, (3) edit.php, (4) edit-category-form.php, (5) edit-link-category-form.php, (6) edit-tag-form.php, (7) export.php, (8) import.php, or (9) link-add.php in wp-admin/. Wordpress antes de v2.8.3 no comprueba los privilegios de ciertas acciones, lo cual facilita a atacantes remotos a la hora de hacer modificaciones no autorizadas a través de una solicitud directa a (1) edit-comments.php, (2)edit-pages.php, (3) edit. php, (4) edit-category-form.php (5) edit-link-category-form.php, (6) edit-tag-form.php, (7) export.php, (8) import.php, o (9) link-add.php en wp-admin/. • http://core.trac.wordpress.org/changeset/11765 http://core.trac.wordpress.org/changeset/11766 http://wordpress.org/development/2009/08/wordpress-2-8-3-security-release http://www.debian.org/security/2009/dsa-1871 http://www.openwall.com/lists/oss-security/2009/08/04/5 • CWE-264: Permissions, Privileges, and Access Controls CWE-862: Missing Authorization •