Page 53 of 326 results (0.006 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

SQL injection vulnerability in options.php in WordPress 2.2.1 allows remote authenticated administrators to execute arbitrary SQL commands via the page_options parameter to (1) options-general.php, (2) options-writing.php, (3) options-reading.php, (4) options-discussion.php, (5) options-privacy.php, (6) options-permalink.php, (7) options-misc.php, and possibly other unspecified components. Vulnerabilidad de inyección SQL en options.php de WordPress 2.2.1 permite a administradores autenticados remotamente ejecutar comandos SQL de su elección a través del parámetro page_options de (2) options-general.php, (2) options-writing.php, (3) options-reading.php, (4) options-discussion.php, (5) options-privacy.php, (6) options-permalink.php, (7) options-misc.php, y posiblemente otros componentes no especificados. • http://mybeni.rootzilla.de/mybeNi/2007/wordpress_zeroday_vulnerability_roundhouse_kick_and_why_i_nearly_wrote_the_first_blog_worm http://secunia.com/advisories/30013 http://www.debian.org/security/2008/dsa-1564 https://exchange.xforce.ibmcloud.com/vulnerabilities/35719 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1

Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.2.1 allow remote authenticated administrators to inject arbitrary web script or HTML via (1) the Options Database Table in the Admin Panel, accessed through options.php; or (2) the opml_url parameter to link-import.php. NOTE: this might not cross privilege boundaries in some configurations, since the Administrator role has the unfiltered_html capability. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en WordPress 2.2.1 permiten a administradores autenticados remotamente inyectar secuencias de comandos web o HTML de su elección a través de (2) la tabla Options de la base de datos en el Panel de Administración, accedida a través de options.php;o (2) el parámetro opml_url de link-import.php. NOTA: esto podría no cruzar fronteras de privilegios en algunas configuraciones, puesto que el rol de Administrador tiene la capacidad unfiltered_html. • http://codex.wordpress.org/Roles_and_Capabilities http://mybeni.rootzilla.de/mybeNi/2007/wordpress_zeroday_vulnerability_roundhouse_kick_and_why_i_nearly_wrote_the_first_blog_worm http://osvdb.org/46994 http://osvdb.org/46995 http://secunia.com/advisories/30013 http://www.debian.org/security/2008/dsa-1564 https://exchange.xforce.ibmcloud.com/vulnerabilities/35720 https://exchange.xforce.ibmcloud.com/vulnerabilities/35722 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 2

Cross-site scripting (XSS) vulnerability in the Temporary Uploads editing functionality (wp-admin/includes/upload.php) in WordPress 2.2.1, allows remote attackers to inject arbitrary web script or HTML via the style parameter to wp-admin/upload.php. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la funcionalidad de edición Temporary Uploads (wp-admin/includes/upload.php) de WordPress 2.2.1, permite a usuarios remotos inyectar scripts web o HTML de su elección a través del parámetro style en wp-admin/upload.php. • http://mybeni.rootzilla.de/mybeNi/2007/wordpress_zeroday_vulnerability_roundhouse_kick_and_why_i_nearly_wrote_the_first_blog_worm http://osvdb.org/36621 http://secunia.com/advisories/26296 http://trac.wordpress.org/attachment/ticket/4689/4689.diff http://trac.wordpress.org/ticket/4689 http://www.securityfocus.com/bid/25158 http://www.vupen.com/english/advisories/2007/2744 https://exchange.xforce.ibmcloud.com/vulnerabilities/35718 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

WordPress before 2.2.2 allows remote attackers to redirect visitors to other websites and potentially obtain sensitive information via (1) the _wp_http_referer parameter to wp-pass.php, related to the wp_get_referer function in wp-includes/functions.php; and possibly other vectors related to (2) wp-includes/pluggable.php and (3) the wp_nonce_ays function in wp-includes/functions.php. WordPress anterior a 2.2.2 permite a atacantes remotos redireccionar a los vistantes a otros sitios web y potencialmente obtener información sensible a través del parámetro (1) the _wp_http_referer en wp-pass.php, relacionado con la función wp_get_referer en wp-includes/functions.php; y posiblemente otros vectores relacionados en (2) wp-includes/pluggable.php y (3) la función wp_nonce_ays en wp-includes/functions.php. • http://osvdb.org/40802 http://secunia.com/advisories/30013 http://securityreason.com/securityalert/2869 http://www.debian.org/security/2008/dsa-1564 http://www.securityfocus.com/archive/1/472885/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/35272 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0

Unrestricted file upload vulnerability in (1) wp-app.php and (2) app.php in WordPress 2.2.1 and WordPress MU 1.2.3 allows remote authenticated users to upload and execute arbitrary PHP code via unspecified vectors, possibly related to the wp_postmeta table and the use of custom fields in normal (non-attachment) posts. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-3543. Vulnerabilidad e envío de archivo no restringido en (1) wp-app.php y (2) app.php de WordPresss 2.2.1 y WordPresss MU 1.2.3 permite a usuarios autenticados remotamente enviar y ejecutar código PHP de su elección a través de vectores no especificados, posiblemente relacionados con la tabla wp_postmeta y el uso de campos personalizados en anotaciones (posts) normales (sin adjuntos). • http://osvdb.org/37294 http://www.buayacorp.com/files/wordpress/wordpress-advisory.html • CWE-434: Unrestricted Upload of File with Dangerous Type •