Page 49 of 344 results (0.010 seconds)

CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 1

WordPress 2.9 before 2.9.2 allows remote authenticated users to read trash posts from other authors via a direct request with a modified p parameter. WordPress v2.9 anterior a v2.9.2, permite a usuarios autenticados remotamente leer mensajes eliminados de otros autores a través de una petición directa con una modificación en el parámetro "p". • https://www.exploit-db.com/exploits/11441 http://hakre.wordpress.com/2010/02/16/the-short-memory-of-wordpress-org-security http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052917.html http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052932.html http://secunia.com/advisories/38592 http://secunia.com/advisories/42871 http://tmacuk.co.uk/?p=180 http://wordpress.org/development/2010/02/wordpress-2-9-2 http://www.osvdb.org/62330 https: • CWE-264: Permissions, Privileges, and Access Controls CWE-639: Authorization Bypass Through User-Controlled Key •

CVSS: 8.8EPSS: 2%CPEs: 1EXPL: 1

Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the mod_mime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an attachment with a multiple-extension filename, and then accessing this attachment via a direct request to a wp-content/uploads/ pathname, as demonstrated by a .php.jpg filename. Vulnerabilidad de subida de archivos sin restricción en la función wp_check_filetype en wp-includes/functions.php en WordPress anteriores a v2.8.6, cuando cierta configuración del modulo mod_mime en el servidor HTTP Apache esta activado, permite a usuarios remotos autenticados ejecutar código arbitrario posteando un adjunto con un nombre de fichero con múltiples extensiones y luego accediendo a el a través de una petición directa al nombre de ruta wp-content/uploads/, como se demuestra con el nombre de fichero .php.jpg. • https://www.exploit-db.com/exploits/10089 http://archives.neohapsis.com/archives/fulldisclosure/2009-11/0142.html http://archives.neohapsis.com/archives/fulldisclosure/2009-11/0149.html http://archives.neohapsis.com/archives/fulldisclosure/2009-11/0153.html http://core.trac.wordpress.org/ticket/11122 http://secunia.com/advisories/37332 http://wordpress.org/development/2009/11/wordpress-2-8-6-security-release http://www.openwall.com/lists/oss-security/2009/11/15/2 http://www.openwal • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0

Cross-site scripting (XSS) vulnerability in wp-admin/press-this.php in WordPress before 2.8.6 allows remote authenticated users to inject arbitrary web script or HTML via the s parameter (aka the selection variable). Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en wp-admin/press-this.php en WordPress anteriores a v2.8.6 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML a través del parámetro "s" (también conocido como variable selección). • http://core.trac.wordpress.org/attachment/ticket/11119/press-this-xss-bug-11-10-2009.patch http://core.trac.wordpress.org/attachment/ticket/11119/press-this.002.diff http://core.trac.wordpress.org/ticket/11119 http://secunia.com/advisories/37332 http://wordpress.org/development/2009/11/wordpress-2-8-6-security-release http://www.openwall.com/lists/oss-security/2009/11/15/2 http://www.openwall.com/lists/oss-security/2009/11/15/3 http://www.openwall.com/lists/oss-secu • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 3%CPEs: 1EXPL: 2

Algorithmic complexity vulnerability in wp-trackback.php in WordPress before 2.8.5 allows remote attackers to cause a denial of service (CPU consumption and server hang) via a long title parameter in conjunction with a charset parameter composed of many comma-separated "UTF-8" substrings, related to the mb_convert_encoding function in PHP. Vulnerabilidad de complejidad algorítmica en wp-trackback.php en WordPress anteriores a v2.8.5 permite a atacantes remotos provocar una denegación de servicio (Consumo de CPU y cuelgue del servidor) a través de un valor largo en el parámetro "title" en conjunción con un parámetro "charset" compuesto por muchas subcadenas "UTF-8" separadas por coma, está relacionado con la función mb_convert_encoding en PHP. • http://codes.zerial.org/php/wp-trackbacks_dos.phps http://marc.info/?l=oss-security&m=125612393329041&w=2 http://marc.info/?l=oss-security&m=125614592004825&w=2 http://rooibo.wordpress.com/2009/10/17/agujero-de-seguridad-en-wordpress http://seclists.org/fulldisclosure/2009/Oct/263 http://secunia.com/advisories/37088 http://security-sh3ll.blogspot.com/2009/10/wordpress-resource-exhaustion-denial-of.html http://securitytracker.com/id?1023072 http://wordpress.org/development/2009& • CWE-310: Cryptographic Issues CWE-400: Uncontrolled Resource Consumption •

CVSS: 7.5EPSS: 91%CPEs: 1EXPL: 4

wp-login.php in WordPress 2.8.3 and earlier allows remote attackers to force a password reset for the first user in the database, possibly the administrator, via a key[] array variable in a resetpass (aka rp) action, which bypasses a check that assumes that $key is not an array. wp-login.php en WordPress v2.8.3 y anteriores que permite a los atacantes remotos a forzar el restablecimiento de la contraseña para el primer usuario en la base de datos, posiblemente el administrador, a través de un key[] array variable en una acción resetpass (también conocido como rp), lo que evita un control que asume que $key no es un array. • https://www.exploit-db.com/exploits/6421 https://www.exploit-db.com/exploits/6397 https://www.exploit-db.com/exploits/9410 http://archives.neohapsis.com/archives/fulldisclosure/2009-08/0114.html http://core.trac.wordpress.org/changeset/11798 http://secunia.com/advisories/36237 http://wordpress.org/development/2009/08/2-8-4-security-release http://www.exploit-db.com/exploits/9410 http://www.securityfocus.com/bid/36014 http://www.securitytracker.com/id?1022707 https:// • CWE-255: Credentials Management Errors CWE-639: Authorization Bypass Through User-Controlled Key •