CVE-2008-4769 – WordPress Core <= 2.3.3 - Directory Traversal
https://notcve.org/view.php?id=CVE-2008-4769
Directory traversal vulnerability in the get_category_template function in wp-includes/theme.php in WordPress 2.3.3 and earlier, and 2.5, allows remote attackers to include and possibly execute arbitrary PHP files via the cat parameter in index.php. NOTE: some of these details are obtained from third party information. Vulnerabilidad de salto de directorio en la función get_category_template en wp-includes/theme.php en WordPress v2.3.3 y anteriores y v2.5, permite a atacantes remotos incluir y posiblemente ejecutar archivos PHP de su elección a través del parámetro "cat" en index.php. NOTA: parte de estos detalles han sido obtenidos de terceros. • https://www.exploit-db.com/exploits/31670 http://secunia.com/advisories/29949 http://trac.wordpress.org/changeset/7586 http://www.debian.org/security/2009/dsa-1871 http://www.juniper.fi/security/auto/vulnerabilities/vuln28845.html http://www.securityfocus.com/bid/28845 https://exchange.xforce.ibmcloud.com/vulnerabilities/41920 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2008-0196
https://notcve.org/view.php?id=CVE-2008-0196
Multiple directory traversal vulnerabilities in WordPress 2.0.11 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the page parameter to certain PHP scripts under wp-admin/ or (2) the import parameter to wp-admin/admin.php, as demonstrated by discovering the full path via a request for the \..\..\wp-config pathname; and allow remote attackers to modify arbitrary files via a .. (dot dot) in the file parameter to wp-admin/templates.php. Múltiples vulnerabilidades de salto de directorio en WordPress 2.0.11 y anteriores permiten a atacantes remotos leer archivos de su elecció mediante un .. • http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059439.html http://securityreason.com/securityalert/3539 http://securityvulns.ru/Sdocument762.html http://securityvulns.ru/Sdocument768.html http://securityvulns.ru/Sdocument772.html http://securityvulns.ru/Sdocument773.html http://websecurity.com.ua/1679 http://websecurity.com.ua/1683 http://websecurity.com.ua/1686 http://websecurity.com.ua/1687 http://www.securityfocus.com/archive/1/485786/100/0/threaded • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2008-0193 – WordPress Core 2.2.3 - '/wp-admin/edit.php?backup' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2008-0193
Cross-site scripting (XSS) vulnerability in wp-db-backup.php in WordPress 2.0.11 and earlier, and possibly 2.1.x through 2.3.x, allows remote attackers to inject arbitrary web script or HTML via the backup parameter in a wp-db-backup.php action to wp-admin/edit.php. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en wp-db-backup.php de WordPress 2.0.11 y anteriores, y posiblemente 2.1.x hasta 2.3.x, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante el parámetro backup en una acción wp-db-backup.php a wp-admin/edit.php. • https://www.exploit-db.com/exploits/30979 http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059439.html http://secunia.com/advisories/29014 http://securityreason.com/securityalert/3539 http://securityvulns.ru/Sdocument755.html http://websecurity.com.ua/1676 http://www.debian.org/security/2008/dsa-1502 http://www.securityfocus.com/archive/1/485786/100/0/threaded http://www.securityfocus.com/bid/27123 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2007-6013 – WordPress Core 1.5 - 2.3.1 - Authorization Bypass
https://notcve.org/view.php?id=CVE-2007-6013
Wordpress 1.5 through 2.3.1 uses cookie values based on the MD5 hash of a password MD5 hash, which allows attackers to bypass authentication by obtaining the MD5 hash from the user database, then generating the authentication cookie from that hash. Wordpress versiones 1.5 hasta 2.3.1, usa valores de cookies basados ??en el hash MD5 de un hash MD5 de contraseñas, lo que permite a atacantes omitir la autenticación mediante la obtención del hash MD5 desde la base de datos del usuario, y luego generar la cookie de autenticación a partir de ese hash. • http://lists.grok.org.uk/pipermail/full-disclosure/2007-November/058576.html http://osvdb.org/40801 http://secunia.com/advisories/27714 http://secunia.com/advisories/28310 http://securityreason.com/securityalert/3375 http://trac.wordpress.org/ticket/5367 http://www.cl.cam.ac.uk/~sjm217/advisories/wordpress-cookie-auth.txt http://www.securityfocus.com/archive/1/483927/100/0/threaded http://www.securitytracker.com/id?1018980 http://www.vupen.com/english/advisories/2007/3941 • CWE-288: Authentication Bypass Using an Alternate Path or Channel CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVE-2007-4894 – WordPress Core < 2.2.3 & WordPress MU < 1.2.5a - SQL Injection
https://notcve.org/view.php?id=CVE-2007-4894
Multiple SQL injection vulnerabilities in Wordpress before 2.2.3 and Wordpress multi-user (MU) before 1.2.5a allow remote attackers to execute arbitrary SQL commands via the post_type parameter to the pingback.extensions.getPingbacks method in the XMLRPC interface, and other unspecified parameters related to "early database escaping" and missing validation of "query string like parameters." Múltiples vulnerabilidades de inyección SQL en Wordpress versiones anteriores a 2.2.3 y Wordpress multi-user (MU) versiones anteriores a 1.2.5a permiten a atacantes remotos ejecutar comandos SQL de su elección mediante el parámetro post_type en el método pingback.extensions.getPingbacks en el interfaz XMLRPC, y otros parámetros no especificados relativos a "escapado temprano de base de datos" y omisión de validación de "cadena de consulta como parámetros". • http://fedoranews.org/updates/FEDORA-2007-214.shtml http://secunia.com/advisories/26771 http://secunia.com/advisories/26796 http://trac.wordpress.org/ticket/4770 http://wordpress.org/development/2007/09/wordpress-223 http://www.buayacorp.com/files/wordpress/wordpress-sql-injection-advisory.html http://www.vupen.com/english/advisories/2007/3132 https://bugzilla.redhat.com/show_bug.cgi?id=285831 https://exchange.xforce.ibmcloud.com/vulnerabilities/36578 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •