CVSS: 10.0EPSS: 1%CPEs: 5EXPL: 0CVE-2008-4796 – Feed2JS File Disclosure
https://notcve.org/view.php?id=CVE-2008-4796
The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3 and earlier, as used in (1) ampache, (2) libphp-snoopy, (3) mahara, (4) mediamate, (5) opendb, (6) pixelpost, and possibly other products, allows remote attackers to execute arbitrary commands via shell metacharacters in https URLs. La función _httpsrequest function (Snoopy/Snoopy.class.php) en Snoopy 1.2.3 y versiones anteriores, cuando es usada en (1) ampache, (2) libphp-snoopy, (3) mahara, (4) mediamate, (5) opendb, (6) pixelpost y posiblemente otros productos, permite a atacantes remotos ejecutar comandos arbitrarios a través de metacarácteres shell en URLs https. Feed2JS uses MagpieRSS for parsing the feeds, and MagpieRSS uses Snoopy library for fetching the documents. The version of Snoopy in use suffers from a local file disclosure vulnerability. • http://jvn.jp/en/jp/JVN20502807/index.html http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000074.html http://secunia.com/advisories/32361 http://sourceforge.net/forum/forum.php?forum_id=879959 http://www.debian.org/security/2008/dsa-1691 http://www.debian.org/security/2009/dsa-1871 http://www.openwall.com/lists/oss-security/2008/11/01/1 http://www.securityfocus.com/archive/1/496068/100/0/threaded http://www.securityfocus.com/bid/31887 http://www.vupen • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.1EPSS: 1%CPEs: 34EXPL: 2CVE-2008-4106 – WordPress Core < 2.6.2 - Arbitrary User Password Reset
https://notcve.org/view.php?id=CVE-2008-4106
WordPress before 2.6.2 does not properly handle MySQL warnings about insertion of username strings that exceed the maximum column width of the user_login column, and does not properly handle space characters when comparing usernames, which allows remote attackers to change an arbitrary user's password to a random value by registering a similar username and then requesting a password reset, related to a "SQL column truncation vulnerability." NOTE: the attacker can discover the random password by also exploiting CVE-2008-4107. WordPress anterior a v2.6.2 no maneja adecuadamente las advertencias MySQL relacionadas con la inserción de nombres de usuarios con un tamaño superior al ancho de la columna del user_login, y no maneja correctamente los espacios a la hora de comparar nombres de usuario, lo que permite a atacantes remotos modificar las contraseñas de usuarios de su elección a un valor aleatorio registrando un nombre de usuario similar y posteriormente realizando un reinicio de contraseña, relacionado con la "Vulnerabilidad de truncado de columna SQL" (SQL column truncation vulnerability). NOTA: el atacante puede descubrir la contraseña aleatoria explotando la vulnerabilidad CVE-2008-4107. • http://marc.info/?l=oss-security&m=122152830017099&w=2 http://secunia.com/advisories/31737 http://secunia.com/advisories/31870 http://securityreason.com/securityalert/4272 http://securitytracker.com/id?1020869 http://wordpress.org/development/2008/09/wordpress-262 http://www.debian.org/security/2009/dsa-1871 http://www.openwall.com/lists/oss-security/2008/09/11/6 http://www.securityfocus.com/archive/1/496287/100/0/threaded http://www.securityfocus.com/bid/31068 http: • CWE-20: Improper Input Validation CWE-197: Numeric Truncation Error •
CVSS: 7.5EPSS: 0%CPEs: 45EXPL: 0CVE-2008-3747 – WordPress Core < 2.6.1 - Cryptographic Weakness
https://notcve.org/view.php?id=CVE-2008-3747
The (1) get_edit_post_link and (2) get_edit_comment_link functions in wp-includes/link-template.php in WordPress before 2.6.1 do not force SSL communication in the intended situations, which might allow remote attackers to gain administrative access by sniffing the network for a cookie. Las funciones (1) get_edit_post_link y (2) get_edit_comment_link en wp-includes/link-template.php de WordPress antes de 2.6.1 no fuerzan comunicación SSL en las situaciones previstas, lo que podría permitir a atacantes remotos obtener acceso administrativo siguiendo la red para una cookie. • http://trac.wordpress.org/ticket/7359 http://www.openwall.com/lists/oss-security/2008/08/19/1 http://www.openwall.com/lists/oss-security/2008/08/20/3 http://www.securityfocus.com/bid/30750 https://exchange.xforce.ibmcloud.com/vulnerabilities/44569 • CWE-264: Permissions, Privileges, and Access Controls CWE-757: Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') •
CVSS: 7.2EPSS: 0%CPEs: 54EXPL: 3CVE-2008-3233 – WordPress Core < 2.6 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2008-3233
Cross-site scripting (XSS) vulnerability in WordPress before 2.6, SVN development versions only, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en versiones de WordPress anteriores a la 2.6, sólo en versiones de desarrollo SVN, permite a atacantes remotos inyectar scripts web o HTML arbitrario a través de vectores sin especificar. • https://www.exploit-db.com/exploits/32053 http://trac.wordpress.org/ticket/7220 http://www.openwall.com/lists/oss-security/2008/07/15/5 http://www.openwall.com/lists/oss-security/2008/07/16/5 http://www.openwall.com/lists/oss-security/2008/07/16/6 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 1%CPEs: 1EXPL: 0CVE-2008-1930 – WordPress Core < 2.5.1 - Authentication Bypass
https://notcve.org/view.php?id=CVE-2008-1930
The cookie authentication method in WordPress 2.5 relies on a hash of a concatenated string containing USERNAME and EXPIRY_TIME, which allows remote attackers to forge cookies by registering a username that results in the same concatenated string, as demonstrated by registering usernames beginning with "admin" to obtain administrator privileges, aka a "cryptographic splicing" issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2007-6013. El método de autenticación por Cookie en WordPress 2.5 confía en un hash de la cadena que resulta de concatenar USERNAME y EXPIRY_TIME, lo que permite a atacantes remotos falsificar cookies registrando nombres de usuario que resulten en la misma cadena concatenada, como se demostró registrando nombres de usuario que comenzaban con "admin" para conseguir privilegios de administrador, también conocido como asunto "empalme criptográfico". NOTA: Esta vulnerabilidad existe debido a un parche incompleto para la vulnerabilidad CVE-2007-6013 • http://secunia.com/advisories/29965 http://wordpress.org/development/2008/04/wordpress-251 http://www.cl.cam.ac.uk/users/sjm217/advisories/wordpress-cookie-integrity.txt http://www.securityfocus.com/archive/1/491356/100/0/threaded http://www.securityfocus.com/bid/28935 http://www.securitytracker.com/id?1019923 http://www.vupen.com/english/advisories/2008/1372/references https://exchange.xforce.ibmcloud.com/vulnerabilities/42027 • CWE-287: Improper Authentication CWE-288: Authentication Bypass Using an Alternate Path or Channel •