CVE-2009-3622 – WordPress Core <= 2.8.4 - Denial of Service
https://notcve.org/view.php?id=CVE-2009-3622
Algorithmic complexity vulnerability in wp-trackback.php in WordPress before 2.8.5 allows remote attackers to cause a denial of service (CPU consumption and server hang) via a long title parameter in conjunction with a charset parameter composed of many comma-separated "UTF-8" substrings, related to the mb_convert_encoding function in PHP. Vulnerabilidad de complejidad algorítmica en wp-trackback.php en WordPress anteriores a v2.8.5 permite a atacantes remotos provocar una denegación de servicio (Consumo de CPU y cuelgue del servidor) a través de un valor largo en el parámetro "title" en conjunción con un parámetro "charset" compuesto por muchas subcadenas "UTF-8" separadas por coma, está relacionado con la función mb_convert_encoding en PHP. • http://codes.zerial.org/php/wp-trackbacks_dos.phps http://marc.info/?l=oss-security&m=125612393329041&w=2 http://marc.info/?l=oss-security&m=125614592004825&w=2 http://rooibo.wordpress.com/2009/10/17/agujero-de-seguridad-en-wordpress http://seclists.org/fulldisclosure/2009/Oct/263 http://secunia.com/advisories/37088 http://security-sh3ll.blogspot.com/2009/10/wordpress-resource-exhaustion-denial-of.html http://securitytracker.com/id?1023072 http://wordpress.org/development/2009& • CWE-310: Cryptographic Issues CWE-400: Uncontrolled Resource Consumption •
CVE-2009-3703 – WP Forum <= 2.3 - Multiple SQL Injections
https://notcve.org/view.php?id=CVE-2009-3703
Multiple SQL injection vulnerabilities in the WP-Forum plugin before 2.4 for WordPress allow remote attackers to execute arbitrary SQL commands via (1) the search_max parameter in a search action to the default URI, related to wpf.class.php; (2) the forum parameter to an unspecified component, related to wpf.class.php; (3) the topic parameter in a viewforum action to the default URI, related to the remove_topic function in wpf.class.php; or the id parameter in a (4) editpost or (5) viewtopic action to the default URI, related to wpf-post.php. Múltiples vulnerabilidades de inyección SQL en el plugin WP-Forum para WordPress antes de v2.4 permiten a atacantes remotos ejecutar comandos SQL arbitrarios a través de (1) el parámetro 'search_max' en una acción de búsqueda a la URI por defecto, en relación con wpf.class.php; (2) el parámetro 'forum' a un componente no especificado, en relación con wpf.class.php; (3) el parámetro 'topic' en una acción de la vista del Foro de la URI por defecto, en relacion con la función remove_topic en wpf.class.php, o el parámetro 'id' en una acción (4) 'editpost' o (5) 'viewtopic' a la URI por defecto, en relación con wpf-post.php. WP-Forum versions 2.3 and below suffer from remote SQL and blind SQL injection vulnerabilities. • https://www.exploit-db.com/exploits/10488 http://www.securityfocus.com/archive/1/508504/100/0/threaded http://www.securityfocus.com/bid/37357 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2009-2762 – WordPress Core < 2.8.4 - Forced Password Reset
https://notcve.org/view.php?id=CVE-2009-2762
wp-login.php in WordPress 2.8.3 and earlier allows remote attackers to force a password reset for the first user in the database, possibly the administrator, via a key[] array variable in a resetpass (aka rp) action, which bypasses a check that assumes that $key is not an array. wp-login.php en WordPress v2.8.3 y anteriores que permite a los atacantes remotos a forzar el restablecimiento de la contraseña para el primer usuario en la base de datos, posiblemente el administrador, a través de un key[] array variable en una acción resetpass (también conocido como rp), lo que evita un control que asume que $key no es un array. • https://www.exploit-db.com/exploits/6421 https://www.exploit-db.com/exploits/6397 https://www.exploit-db.com/exploits/9410 http://archives.neohapsis.com/archives/fulldisclosure/2009-08/0114.html http://core.trac.wordpress.org/changeset/11798 http://secunia.com/advisories/36237 http://wordpress.org/development/2009/08/2-8-4-security-release http://www.exploit-db.com/exploits/9410 http://www.securityfocus.com/bid/36014 http://www.securitytracker.com/id?1022707 https:// • CWE-255: Credentials Management Errors CWE-639: Authorization Bypass Through User-Controlled Key •
CVE-2009-2853 – WordPress Core < 2.8.3 - Authorization Bypass
https://notcve.org/view.php?id=CVE-2009-2853
Wordpress before 2.8.3 allows remote attackers to gain privileges via a direct request to (1) admin-footer.php, (2) edit-category-form.php, (3) edit-form-advanced.php, (4) edit-form-comment.php, (5) edit-link-category-form.php, (6) edit-link-form.php, (7) edit-page-form.php, and (8) edit-tag-form.php in wp-admin/. Wordpress anterior a v2.8.3 permite a atacantes remotos conseguir privilegios a traves de una peticion directa a (1) admin-footer.php, (2) edit-category-form.php, (3) edit-form-advanced.php, (4) edit-form-comment.php, (5) edit-link-category-form.php, (6) edit-link-form.php, (7) edit-page-form.php, y (8) edit-tag-form.php en wp-admin/. • http://core.trac.wordpress.org/changeset/11768 http://core.trac.wordpress.org/changeset/11769 http://wordpress.org/development/2009/08/wordpress-2-8-3-security-release http://www.debian.org/security/2009/dsa-1871 http://www.openwall.com/lists/oss-security/2009/08/04/5 • CWE-264: Permissions, Privileges, and Access Controls CWE-862: Missing Authorization •
CVE-2009-2854 – WordPress Core < 2.8.3 - Missing Authorization
https://notcve.org/view.php?id=CVE-2009-2854
Wordpress before 2.8.3 does not check capabilities for certain actions, which allows remote attackers to make unauthorized edits or additions via a direct request to (1) edit-comments.php, (2) edit-pages.php, (3) edit.php, (4) edit-category-form.php, (5) edit-link-category-form.php, (6) edit-tag-form.php, (7) export.php, (8) import.php, or (9) link-add.php in wp-admin/. Wordpress antes de v2.8.3 no comprueba los privilegios de ciertas acciones, lo cual facilita a atacantes remotos a la hora de hacer modificaciones no autorizadas a través de una solicitud directa a (1) edit-comments.php, (2)edit-pages.php, (3) edit. php, (4) edit-category-form.php (5) edit-link-category-form.php, (6) edit-tag-form.php, (7) export.php, (8) import.php, o (9) link-add.php en wp-admin/. • http://core.trac.wordpress.org/changeset/11765 http://core.trac.wordpress.org/changeset/11766 http://wordpress.org/development/2009/08/wordpress-2-8-3-security-release http://www.debian.org/security/2009/dsa-1871 http://www.openwall.com/lists/oss-security/2009/08/04/5 • CWE-264: Permissions, Privileges, and Access Controls CWE-862: Missing Authorization •