Page 45 of 301 results (0.011 seconds)

CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0

Unrestricted file upload vulnerability in WordPress 2.5.1 and earlier might allow remote authenticated administrators to upload and execute arbitrary PHP files via the Upload section in the Write Tabs area of the dashboard. Vulnerabilidad de subida de ficheros sin restricciones en WordPress 2.5.1 y versiones anteriores podría permitir a administradores remotos autenticados subir y ejecutar archivos PHP arbitrariamente mediante la sección de Subidas en el área de Escribir Pestañas del panel de Gestión. • http://securityreason.com/securityalert/3897 http://www.securityfocus.com/archive/1/492230/100/0/threaded http://www.securityfocus.com/bid/29276 https://exchange.xforce.ibmcloud.com/vulnerabilities/42561 • CWE-20: Improper Input Validation CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 9.3EPSS: 1%CPEs: 68EXPL: 2

Directory traversal vulnerability in the get_category_template function in wp-includes/theme.php in WordPress 2.3.3 and earlier, and 2.5, allows remote attackers to include and possibly execute arbitrary PHP files via the cat parameter in index.php. NOTE: some of these details are obtained from third party information. Vulnerabilidad de salto de directorio en la función get_category_template en wp-includes/theme.php en WordPress v2.3.3 y anteriores y v2.5, permite a atacantes remotos incluir y posiblemente ejecutar archivos PHP de su elección a través del parámetro "cat" en index.php. NOTA: parte de estos detalles han sido obtenidos de terceros. • https://www.exploit-db.com/exploits/31670 http://secunia.com/advisories/29949 http://trac.wordpress.org/changeset/7586 http://www.debian.org/security/2009/dsa-1871 http://www.juniper.fi/security/auto/vulnerabilities/vuln28845.html http://www.securityfocus.com/bid/28845 https://exchange.xforce.ibmcloud.com/vulnerabilities/41920 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 2

Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) inviteemail parameter in an invite action to wp-admin/users.php and the (2) to parameter in a sent action to wp-admin/invites.php. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en WordPress 2.3.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de los parámetros (1) inviteemail en una acción invite a wp-admin/users.php y (2) to en una acción sent a wp-admin/invites.php. • https://www.exploit-db.com/exploits/31356 https://www.exploit-db.com/exploits/31357 http://securityreason.com/securityalert/3732 http://securitytracker.com/id?1019564 http://www.hackerscenter.com/index.php?/Latest-posts/114-WordPress-Multiple-Cross-Site-Scripting-Vulnerabilities.html?id=114 http://www.securityfocus.com/archive/1/489241/100/0/threaded http://www.securityfocus.com/bid/28139 https://exchange.xforce.ibmcloud.com/vulnerabilities/41055 https://exchange.xforce.ibmcloud.com/vulnerabilities&# • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 1%CPEs: 15EXPL: 5

Cross-site scripting (XSS) vulnerability in wp-db-backup.php in WordPress 2.0.11 and earlier, and possibly 2.1.x through 2.3.x, allows remote attackers to inject arbitrary web script or HTML via the backup parameter in a wp-db-backup.php action to wp-admin/edit.php. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en wp-db-backup.php de WordPress 2.0.11 y anteriores, y posiblemente 2.1.x hasta 2.3.x, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante el parámetro backup en una acción wp-db-backup.php a wp-admin/edit.php. • https://www.exploit-db.com/exploits/30979 http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059439.html http://secunia.com/advisories/29014 http://securityreason.com/securityalert/3539 http://securityvulns.ru/Sdocument755.html http://websecurity.com.ua/1676 http://www.debian.org/security/2008/dsa-1502 http://www.securityfocus.com/archive/1/485786/100/0/threaded http://www.securityfocus.com/bid/27123 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1

Multiple directory traversal vulnerabilities in WordPress 2.0.11 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the page parameter to certain PHP scripts under wp-admin/ or (2) the import parameter to wp-admin/admin.php, as demonstrated by discovering the full path via a request for the \..\..\wp-config pathname; and allow remote attackers to modify arbitrary files via a .. (dot dot) in the file parameter to wp-admin/templates.php. Múltiples vulnerabilidades de salto de directorio en WordPress 2.0.11 y anteriores permiten a atacantes remotos leer archivos de su elecció mediante un .. • http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059439.html http://securityreason.com/securityalert/3539 http://securityvulns.ru/Sdocument762.html http://securityvulns.ru/Sdocument768.html http://securityvulns.ru/Sdocument772.html http://securityvulns.ru/Sdocument773.html http://websecurity.com.ua/1679 http://websecurity.com.ua/1683 http://websecurity.com.ua/1686 http://websecurity.com.ua/1687 http://www.securityfocus.com/archive/1/485786/100/0/threaded • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •