CVE-2009-2334 – WordPress Core <= 2.8 - Sensitive Information Disclosure
https://notcve.org/view.php?id=CVE-2009-2334
wp-admin/admin.php in WordPress and WordPress MU before 2.8.1 does not require administrative authentication to access the configuration of a plugin, which allows remote attackers to specify a configuration file in the page parameter to obtain sensitive information or modify this file, as demonstrated by the (1) collapsing-archives/options.txt, (2) akismet/readme.txt, (3) related-ways-to-take-action/options.php, (4) wp-security-scan/securityscan.php, and (5) wp-ids/ids-admin.php files. NOTE: this can be leveraged for cross-site scripting (XSS) and denial of service. wp-admin/admin.php en WordPress y WordPress MU antes de v2.8.1 no requiere autenticación administrativa para acceder a la configuración de un plugin, lo cual permite a atacantes remotos especificar un archivo de configuración en la página de parámetros para obtener información sensible o modificar este archivo, como se demostró por los ficheros (1) collapsing-archives/options.txt, (2) akismet/readme.txt, (3) related-ways-to-take-action/options.php, (4) wp-security-scan/securityscan.php, y (5) wp-ids/ids-admin.php. NOTA: esto puede ser aprovechados para vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) y denegación de servicio. • https://www.exploit-db.com/exploits/9110 http://corelabs.coresecurity.com/index.php?action=view&type=advisory&name=WordPress_Privileges_Unchecked http://securitytracker.com/id?1022528 http://wordpress.org/development/2009/07/wordpress-2-8-1 http://www.debian.org/security/2009/dsa-1871 http://www.exploit-db.com/exploits/9110 http://www.osvdb.org/55712 http://www.osvdb.org/55715 http://www.securityfocus.com/archive/1/504795/100/0/threaded http://www.securityfocus.com/bid/ • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-287: Improper Authentication •
CVE-2009-2431 – WordPress Core < 2.8 - Sensitive Information Disclosure
https://notcve.org/view.php?id=CVE-2009-2431
WordPress 2.7.1 places the username of a post's author in an HTML comment, which allows remote attackers to obtain sensitive information by reading the HTML source. WordPress v2.7.1 coloca el nombre de usuario del autor de un post en un comentario HTML, lo cual permite a atacantes remotos obtener información sensible mediante la lectura del código fuente HTML. • http://corelabs.coresecurity.com/index.php?action=view&type=advisory&name=WordPress_Privileges_Unchecked http://securitytracker.com/id?1022528 http://www.osvdb.org/55716 http://www.securityfocus.com/archive/1/504795/100/0/threaded http://www.vupen.com/english/advisories/2009/1833 https://exchange.xforce.ibmcloud.com/vulnerabilities/51733 • CWE-20: Improper Input Validation CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2008-6762 – WordPress Core < 2.8.1 - Open Redirect
https://notcve.org/view.php?id=CVE-2008-6762
Open redirect vulnerability in wp-admin/upgrade.php in WordPress, probably 2.6.x, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the backto parameter. Vulnerabilidad de redirección abierta en wp-admin/upgrade.php en WordPress, probablemente v2.6.x, permite a atacantes remotos redirigir a los usuarios a sitios Web a su elección y llevar a cabo ataques de phishing a través de una URL en el parámetro backto. • http://archives.neohapsis.com/archives/bugtraq/2008-12/0226.html http://osvdb.org/52213 http://www.debian.org/security/2009/dsa-1871 https://exchange.xforce.ibmcloud.com/vulnerabilities/50382 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVE-2008-6767 – WordPress Core < 2.7 - Denial of Service
https://notcve.org/view.php?id=CVE-2008-6767
wp-admin/upgrade.php in WordPress, probably 2.6.x, allows remote attackers to upgrade the application, and possibly cause a denial of service (application outage), via a direct request. wp-admin/upgrade.php en WordPress, probablemente v2.6.x, permite a atacantes remotos actualizar la aplicación, y posiblemente causar una denegación de servicio (caída de la aplicación), a través de una solicitud directa. wp-admin/upgrade.php in WordPress up to and including 2.6.1, allows remote attackers to upgrade the application, and possibly cause a denial of service (application outage), via a direct request if WordPress is not yet setup by creating an empty database, which will prevent future installations from succeeding. • http://archives.neohapsis.com/archives/bugtraq/2008-12/0226.html http://www.debian.org/security/2009/dsa-1871 https://exchange.xforce.ibmcloud.com/vulnerabilities/50384 • CWE-400: Uncontrolled Resource Consumption •
CVE-2008-5278 – WordPress Core < 2.6.5 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2008-5278
Cross-site scripting (XSS) vulnerability in the self_link function in in the RSS Feed Generator (wp-includes/feed.php) for WordPress before 2.6.5 allows remote attackers to inject arbitrary web script or HTML via the Host header (HTTP_HOST variable). Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la función self_link en el RSS Feed Generator (wp-includes/feed.php) para WordPress versiones anteriores a v2.6.5 permite a atacantes remotos inyectar web script o HTML de su elección a través de una cabecera Host (variable HTTP_HOST). • http://osvdb.org/50214 http://secunia.com/advisories/32882 http://secunia.com/advisories/32966 http://securityreason.com/securityalert/4662 http://wordpress.org/development/2008/11/wordpress-265 http://www.securityfocus.com/archive/1/498652 http://www.securityfocus.com/bid/32476 https://exchange.xforce.ibmcloud.com/vulnerabilities/46882 https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00000.html https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •