CVE-2006-5705 – WordPress Core <= 2.0.4 - Directory Traversal
https://notcve.org/view.php?id=CVE-2006-5705
Multiple directory traversal vulnerabilities in plugins/wp-db-backup.php in WordPress before 2.0.5 allow remote authenticated users to read or overwrite arbitrary files via directory traversal sequences in the (1) backup and (2) fragment parameters in a GET request. Vulnerabilidad de directorio transversal en plugins/wp-db-backup.php en WordPress anterior a 2.0.5 permite a un atacante remoto leer ficheros de su elección a través de secuencias de directorio transversal en parámetros no especificados relacionados con el backup de fragmentos de ficheros. • http://bugs.gentoo.org/show_bug.cgi?id=153303 http://markjaquith.wordpress.com/2006/10/17/changes-in-wordpress-205 http://secunia.com/advisories/22683 http://secunia.com/advisories/22942 http://trac.wordpress.org/changeset/4226 http://wordpress.org/development/2006/10/205-ronan http://www.gentoo.org/security/en/glsa/glsa-200611-10.xml http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.027-wordpress.html http://www.securityfocus.com/bid/20869 http://www.vupen.c • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2006-6017 – WordPress Core <= 2.0.4 - Denial of Service
https://notcve.org/view.php?id=CVE-2006-6017
WordPress before 2.0.5 does not properly store a profile containing a string representation of a serialized object, which allows remote authenticated users to cause a denial of service (application crash) via a string that represents a (1) malformed or (2) large serialized object, because the object triggers automatic unserialization for display. WordPress anterior a 2.0.5 no almacena adecuadamente un perfil que contiene una representación de un objeto serializado en una cadena, lo cual permite a usuarios remotos autenticados provocar una denegación de servicio (caída de la aplicación) mediante una cadena que representa un objeto serializado (1) mal formado o (2) grande, debido a que el objeto dispara una deserialización automática para mostrarse. • http://bugs.gentoo.org/show_bug.cgi?id=153303 http://trac.wordpress.org/ticket/2591 http://www.gentoo.org/security/en/glsa/glsa-200611-10.xml • CWE-400: Uncontrolled Resource Consumption •
CVE-2006-6016 – WordPress Core < 2.0.5 - User Metadata Information Disclosure
https://notcve.org/view.php?id=CVE-2006-6016
wp-admin/user-edit.php in WordPress before 2.0.5 allows remote authenticated users to read the metadata of an arbitrary user via a modified user_id parameter. wp-admin/user-edit.php en WordPress anterior a 2.0.5 permite a atacantes remotos autenticados leer la metainformación de un usuario de su elección mediante un parámetro user_id modificado. • http://bugs.gentoo.org/show_bug.cgi?id=153303 http://trac.wordpress.org/ticket/3142 http://www.gentoo.org/security/en/glsa/glsa-200611-10.xml • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2006-4743 – WordPress Core 2.0.2 - 2.0.5 - Sensitive Information Disclosure
https://notcve.org/view.php?id=CVE-2006-4743
WordPress 2.0.2 through 2.0.5 allows remote attackers to obtain sensitive information via a direct request for (1) 404.php, (2) akismet.php, (3) archive.php, (4) archives.php, (5) attachment.php, (6) blogger.php, (7) comments.php, (8) comments-popup.php, (9) dotclear.php, (10) footer.php, (11) functions.php, (12) header.php, (13) hello.php, (14) wp-content/themes/default/index.php, (15) links.php, (16) livejournal.php, (17) mt.php, (18) page.php, (19) rss.php, (20) searchform.php, (21) search.php, (22) sidebar.php, (23) single.php, (24) textpattern.php, (25) upgrade-functions.php, (26) upgrade-schema.php, or (27) wp-db-backup.php, which reveal the path in various error messages. NOTE: another researcher has disputed the details of this report, stating that version 2.0.5 does not exist. NOTE: the admin-footer.php, admin-functions.php, default-filters.php, edit-form-advanced.php, edit-link-form.php, edit-page-form.php, kses.php, locale.php, rss-functions.php, template-loader.php, and wp-db.php vectors are already covered by CVE-2006-0986. The edit-form-comment.php, vars.php, and wp-settings.php vectors are already covered by CVE-2005-4463. The menu-header.php vector is already covered by CVE-2005-2110. • http://www.securityfocus.com/archive/1/445374/100/0/threaded http://www.securityfocus.com/archive/1/445471/100/0/threaded http://www.securityfocus.com/archive/1/445604/100/0/threaded http://www.securityfocus.com/archive/1/445711/100/0/threaded • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2008-0194 – WordPress Core <= 2.0.3 - Denial of Service
https://notcve.org/view.php?id=CVE-2008-0194
Directory traversal vulnerability in wp-db-backup.php in WordPress 2.0.3 and earlier allows remote attackers to read arbitrary files, delete arbitrary files, and cause a denial of service via a .. (dot dot) in the backup parameter in a wp-db-backup.php action to wp-admin/edit.php. NOTE: this might be the same as CVE-2006-5705.1. Vulnerabilidad de salto de directorio en wp-db-backup.php de WordPress 2.0.3 y anteriores permite a atacantes remotos leer y borrar archivos de su elección, y provocar una denegación de servicio mediante un .. (punto punto) en el parámetro backup en una acción wp-db-backup.php de wp-admin/edit.php. • http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059439.html http://secunia.com/advisories/29014 http://securityreason.com/securityalert/3539 http://securityvulns.ru/Sdocument755.html http://websecurity.com.ua/1676 http://www.debian.org/security/2008/dsa-1502 http://www.securityfocus.com/archive/1/485786/100/0/threaded http://www.securityfocus.com/bid/27123 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-400: Uncontrolled Resource Consumption •