NotCVE - vendor:"Wordpress" product:"Wordpress" version:"1.5.2"

Page 44 of 261 results (0.010 seconds)

CVSS: 5.3EPSS: 96%CPEs: 2EXPL: 3

CVE-2009-2335 – WordPress Core & WordPress MU < 2.8.1 - Username Enumeration

https://notcve.org/view.php?id=CVE-2009-2335

WordPress and WordPress MU before 2.8.1 exhibit different behavior for a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. NOTE: the vendor reportedly disputes the significance of this issue, indicating that the behavior exists for "user convenience." WordPress y WordPress MU anterior a v2.8.1 expone un comportamiento diferente para un intento fallido de acceso en función de si existe la cuenta de usuario, lo cual permite a atacantes remotos enumerar nombres de usuario válidos. NOTA: el proveedor informa de que cuestiona la importancia de esta incidencia, indicando que el comportamiento existe para conveniencia del usuario. • https://www.exploit-db.com/exploits/17702 http://corelabs.coresecurity.com/index.php?action=view&type=advisory&name=WordPress_Privileges_Unchecked http://securitytracker.com/id?1022528 http://www.exploit-db.com/exploits/9110 http://www.osvdb.org/55713 http://www.securityfocus.com/archive/1/504795/100/0/threaded http://www.securityfocus.com/bid/35581 http://www.vupen.com/english/advisories/2009/1833 https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00597.html https&# • CWE-16: Configuration CWE-204: Observable Response Discrepancy •

CVSS: 10.0EPSS: 0%CPEs: 66EXPL: 0

CVE-2009-2144 – FireStats <1.6.2 - SQL Injection

https://notcve.org/view.php?id=CVE-2009-2144

SQL injection vulnerability in the FireStats plugin before 1.6.2-stable for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en el plugin FireStats en sus versiones anteriores a 1.6.2-stable de WordPress permite a usuarios remotos ejecutar comandos SQL de su elección a través de vectores de ataque desconocidos. • http://firestats.cc/wiki/ChangeLog#a1.6.2-stable13062009 http://secunia.com/advisories/35400 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.8EPSS: 0%CPEs: 67EXPL: 1

CVE-2009-2143 – FireStats < 1.6.2 - Remote File Inclusion

https://notcve.org/view.php?id=CVE-2009-2143

PHP remote file inclusion vulnerability in firestats-wordpress.php in the FireStats plugin before 1.6.2-stable for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the fs_javascript parameter. Vulnerabilidad de inclusión de fichero remoto PHP en firestats-wordpress.ph del plugin FireStats de WordPress en sus versiones anteriores a 1.6.2-stable. Permite a usuarios remotos ejecutar código PHP de su elección a través de una URL en el parámetro fs_javscript. • http://firestats.cc/wiki/ChangeLog#a1.6.2-stable13062009 http://secunia.com/advisories/35400 https://www.exploit-db.com/exploits/8945 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •

CVSS: 7.2EPSS: 43%CPEs: 74EXPL: 1

CVE-2008-5278 – WordPress Core < 2.6.5 - Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2008-5278

Cross-site scripting (XSS) vulnerability in the self_link function in in the RSS Feed Generator (wp-includes/feed.php) for WordPress before 2.6.5 allows remote attackers to inject arbitrary web script or HTML via the Host header (HTTP_HOST variable). Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la función self_link en el RSS Feed Generator (wp-includes/feed.php) para WordPress versiones anteriores a v2.6.5 permite a atacantes remotos inyectar web script o HTML de su elección a través de una cabecera Host (variable HTTP_HOST). • http://osvdb.org/50214 http://secunia.com/advisories/32882 http://secunia.com/advisories/32966 http://securityreason.com/securityalert/4662 http://wordpress.org/development/2008/11/wordpress-265 http://www.securityfocus.com/archive/1/498652 http://www.securityfocus.com/bid/32476 https://exchange.xforce.ibmcloud.com/vulnerabilities/46882 https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00000.html https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 10.0EPSS: 1%CPEs: 5EXPL: 0

CVE-2008-4796 – Feed2JS File Disclosure

https://notcve.org/view.php?id=CVE-2008-4796

The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3 and earlier, as used in (1) ampache, (2) libphp-snoopy, (3) mahara, (4) mediamate, (5) opendb, (6) pixelpost, and possibly other products, allows remote attackers to execute arbitrary commands via shell metacharacters in https URLs. La función _httpsrequest function (Snoopy/Snoopy.class.php) en Snoopy 1.2.3 y versiones anteriores, cuando es usada en (1) ampache, (2) libphp-snoopy, (3) mahara, (4) mediamate, (5) opendb, (6) pixelpost y posiblemente otros productos, permite a atacantes remotos ejecutar comandos arbitrarios a través de metacarácteres shell en URLs https. Feed2JS uses MagpieRSS for parsing the feeds, and MagpieRSS uses Snoopy library for fetching the documents. The version of Snoopy in use suffers from a local file disclosure vulnerability. • http://jvn.jp/en/jp/JVN20502807/index.html http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000074.html http://secunia.com/advisories/32361 http://sourceforge.net/forum/forum.php?forum_id=879959 http://www.debian.org/security/2008/dsa-1691 http://www.debian.org/security/2009/dsa-1871 http://www.openwall.com/lists/oss-security/2008/11/01/1 http://www.securityfocus.com/archive/1/496068/100/0/threaded http://www.securityfocus.com/bid/31887 http://www.vupen • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

1...42 43 44 45 46