CVE-2008-4769 – WordPress Core <= 2.3.3 - Directory Traversal
https://notcve.org/view.php?id=CVE-2008-4769
Directory traversal vulnerability in the get_category_template function in wp-includes/theme.php in WordPress 2.3.3 and earlier, and 2.5, allows remote attackers to include and possibly execute arbitrary PHP files via the cat parameter in index.php. NOTE: some of these details are obtained from third party information. Vulnerabilidad de salto de directorio en la función get_category_template en wp-includes/theme.php en WordPress v2.3.3 y anteriores y v2.5, permite a atacantes remotos incluir y posiblemente ejecutar archivos PHP de su elección a través del parámetro "cat" en index.php. NOTA: parte de estos detalles han sido obtenidos de terceros. • https://www.exploit-db.com/exploits/31670 http://secunia.com/advisories/29949 http://trac.wordpress.org/changeset/7586 http://www.debian.org/security/2009/dsa-1871 http://www.juniper.fi/security/auto/vulnerabilities/vuln28845.html http://www.securityfocus.com/bid/28845 https://exchange.xforce.ibmcloud.com/vulnerabilities/41920 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2007-6013 – WordPress Core 1.5 - 2.3.1 - Authorization Bypass
https://notcve.org/view.php?id=CVE-2007-6013
Wordpress 1.5 through 2.3.1 uses cookie values based on the MD5 hash of a password MD5 hash, which allows attackers to bypass authentication by obtaining the MD5 hash from the user database, then generating the authentication cookie from that hash. Wordpress versiones 1.5 hasta 2.3.1, usa valores de cookies basados ??en el hash MD5 de un hash MD5 de contraseñas, lo que permite a atacantes omitir la autenticación mediante la obtención del hash MD5 desde la base de datos del usuario, y luego generar la cookie de autenticación a partir de ese hash. • http://lists.grok.org.uk/pipermail/full-disclosure/2007-November/058576.html http://osvdb.org/40801 http://secunia.com/advisories/27714 http://secunia.com/advisories/28310 http://securityreason.com/securityalert/3375 http://trac.wordpress.org/ticket/5367 http://www.cl.cam.ac.uk/~sjm217/advisories/wordpress-cookie-auth.txt http://www.securityfocus.com/archive/1/483927/100/0/threaded http://www.securitytracker.com/id?1018980 http://www.vupen.com/english/advisories/2007/3941 • CWE-288: Authentication Bypass Using an Alternate Path or Channel CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVE-2008-0664 – WordPress Core < 2.3.3 - Improper Authorization Checks
https://notcve.org/view.php?id=CVE-2008-0664
The XML-RPC implementation (xmlrpc.php) in WordPress before 2.3.3, when registration is enabled, allows remote attackers to edit posts of other blog users via unknown vectors. La implementación XML-RPC (xmlrpc.php) en versiones anteriores a WordPress 2.3.3, cuando el registro está activado, permite a atacantes remotos editar mensajes de otros usuarios del blog a través de vectores desconocidos. • http://secunia.com/advisories/28823 http://secunia.com/advisories/28920 http://secunia.com/advisories/30960 http://wordpress.org/development/2008/02/wordpress-233 http://www.debian.org/security/2008/dsa-1601 http://www.securityfocus.com/bid/27669 http://www.securitytracker.com/id?1019316 http://www.village-idiot.org/archives/2008/02/02/wordpress-232-exploit-confirmed http://www.vupen.com/english/advisories/2008/0448 https://bugzilla.redhat.com/show_bug.cgi?id=431547 https:& • CWE-264: Permissions, Privileges, and Access Controls CWE-639: Authorization Bypass Through User-Controlled Key •
CVE-2008-5695 – WordPress Core < 2.3.3 & WordPress MU < 1.3.2 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2008-5695
wp-admin/options.php in WordPress MU before 1.3.2, and WordPress 2.3.2 and earlier, does not properly validate requests to update an option, which allows remote authenticated users with manage_options and upload_files capabilities to execute arbitrary code by uploading a PHP script and adding this script's pathname to active_plugins. wp-admin/options.php en versiones de WordPress MU anteriores a la 1.3.2, y WordPress 2.3.2 y anteriores, no valida las solicitudes de actualización de una opción, lo que permite a usuarios remotos que tengan las capacidades manage_options y upload_files y esten autenticados, ejecutar código arbitrario subiendo un Script PHP y añadiendo la ruta de este script a los plugins activos. • https://www.exploit-db.com/exploits/5066 http://mu.wordpress.org/forums/topic.php?id=7534&page&replies=1 http://secunia.com/advisories/28789 http://securityreason.com/securityalert/4798 http://www.buayacorp.com/files/wordpress/wordpress-mu-options-overwrite.html http://www.buayacorp.com/files/wordpress/wp-blog-option-overwrite.txt http://www.securityfocus.com/bid/27633 • CWE-20: Improper Input Validation CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2007-6318 – WordPress Core < 2.3.2 - SQL Injection
https://notcve.org/view.php?id=CVE-2007-6318
SQL injection vulnerability in wp-includes/query.php in WordPress 2.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the s parameter, when DB_CHARSET is set to (1) Big5, (2) GBK, or possibly other character set encodings that support a "\" in a multibyte character. Vulnerabilidad de inyección SQL en wp-includes/query.php en WordPress 2.3.1 y anteriores permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro s, cuando DB_CHARSET está asignado en (1) Big5, (2) GBK, o posiblemente otros conjuntos de caracteres de codificación que soporten una "\" en un caracter multibyte. • https://www.exploit-db.com/exploits/4721 http://lists.grok.org.uk/pipermail/full-disclosure/2007-December/058999.html http://secunia.com/advisories/28005 http://secunia.com/advisories/28310 http://securityreason.com/securityalert/3433 http://www.abelcheung.org/advisory/20071210-wordpress-charset.txt http://www.securityfocus.com/archive/1/484828/100/0/threaded http://www.securityfocus.com/bid/26795 http://www.securitytracker.com/id?1019071 http://www.vupen.com/english/advisories/2007 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •