CVE-2008-5278 – WordPress Core < 2.6.5 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2008-5278
Cross-site scripting (XSS) vulnerability in the self_link function in in the RSS Feed Generator (wp-includes/feed.php) for WordPress before 2.6.5 allows remote attackers to inject arbitrary web script or HTML via the Host header (HTTP_HOST variable). Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la función self_link en el RSS Feed Generator (wp-includes/feed.php) para WordPress versiones anteriores a v2.6.5 permite a atacantes remotos inyectar web script o HTML de su elección a través de una cabecera Host (variable HTTP_HOST). • http://osvdb.org/50214 http://secunia.com/advisories/32882 http://secunia.com/advisories/32966 http://securityreason.com/securityalert/4662 http://wordpress.org/development/2008/11/wordpress-265 http://www.securityfocus.com/archive/1/498652 http://www.securityfocus.com/bid/32476 https://exchange.xforce.ibmcloud.com/vulnerabilities/46882 https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00000.html https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2008-4796 – Feed2JS File Disclosure
https://notcve.org/view.php?id=CVE-2008-4796
The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3 and earlier, as used in (1) ampache, (2) libphp-snoopy, (3) mahara, (4) mediamate, (5) opendb, (6) pixelpost, and possibly other products, allows remote attackers to execute arbitrary commands via shell metacharacters in https URLs. La función _httpsrequest function (Snoopy/Snoopy.class.php) en Snoopy 1.2.3 y versiones anteriores, cuando es usada en (1) ampache, (2) libphp-snoopy, (3) mahara, (4) mediamate, (5) opendb, (6) pixelpost y posiblemente otros productos, permite a atacantes remotos ejecutar comandos arbitrarios a través de metacarácteres shell en URLs https. Feed2JS uses MagpieRSS for parsing the feeds, and MagpieRSS uses Snoopy library for fetching the documents. The version of Snoopy in use suffers from a local file disclosure vulnerability. • http://jvn.jp/en/jp/JVN20502807/index.html http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000074.html http://secunia.com/advisories/32361 http://sourceforge.net/forum/forum.php?forum_id=879959 http://www.debian.org/security/2008/dsa-1691 http://www.debian.org/security/2009/dsa-1871 http://www.openwall.com/lists/oss-security/2008/11/01/1 http://www.securityfocus.com/archive/1/496068/100/0/threaded http://www.securityfocus.com/bid/31887 http://www.vupen • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2008-4106 – WordPress Core < 2.6.2 - Arbitrary User Password Reset
https://notcve.org/view.php?id=CVE-2008-4106
WordPress before 2.6.2 does not properly handle MySQL warnings about insertion of username strings that exceed the maximum column width of the user_login column, and does not properly handle space characters when comparing usernames, which allows remote attackers to change an arbitrary user's password to a random value by registering a similar username and then requesting a password reset, related to a "SQL column truncation vulnerability." NOTE: the attacker can discover the random password by also exploiting CVE-2008-4107. WordPress anterior a v2.6.2 no maneja adecuadamente las advertencias MySQL relacionadas con la inserción de nombres de usuarios con un tamaño superior al ancho de la columna del user_login, y no maneja correctamente los espacios a la hora de comparar nombres de usuario, lo que permite a atacantes remotos modificar las contraseñas de usuarios de su elección a un valor aleatorio registrando un nombre de usuario similar y posteriormente realizando un reinicio de contraseña, relacionado con la "Vulnerabilidad de truncado de columna SQL" (SQL column truncation vulnerability). NOTA: el atacante puede descubrir la contraseña aleatoria explotando la vulnerabilidad CVE-2008-4107. • http://marc.info/?l=oss-security&m=122152830017099&w=2 http://secunia.com/advisories/31737 http://secunia.com/advisories/31870 http://securityreason.com/securityalert/4272 http://securitytracker.com/id?1020869 http://wordpress.org/development/2008/09/wordpress-262 http://www.debian.org/security/2009/dsa-1871 http://www.openwall.com/lists/oss-security/2008/09/11/6 http://www.securityfocus.com/archive/1/496287/100/0/threaded http://www.securityfocus.com/bid/31068 http: • CWE-20: Improper Input Validation CWE-197: Numeric Truncation Error •
CVE-2011-0700 – WordPress Core <= 3.0.4 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2011-0700
Multiple cross-site scripting (XSS) vulnerabilities in WordPress before 3.0.5 allow remote authenticated users to inject arbitrary web script or HTML via vectors related to (1) the Quick/Bulk Edit title (aka post title or post_title), (2) post_status, (3) comment_status, (4) ping_status, and (5) escaping of tags within the tags meta box. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en Wordpress en versiones anteriores a v3.0.5, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro (1) Quick/Bulk Edit title (también conocido como post title or post_title), (2) post_status, (3) comment_status, (4) ping_status, y (5)saliendo de tags sin usar tags meta box . • http://codex.wordpress.org/Version_3.0.5 http://core.trac.wordpress.org/changeset/17397 http://core.trac.wordpress.org/changeset/17401 http://core.trac.wordpress.org/changeset/17406 http://core.trac.wordpress.org/changeset/17412 http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056412.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056998.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/057003.html http://openwall.com/lists • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •