CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2006-4743 – WordPress Core 2.0.2 - 2.0.5 - Sensitive Information Disclosure
https://notcve.org/view.php?id=CVE-2006-4743
WordPress 2.0.2 through 2.0.5 allows remote attackers to obtain sensitive information via a direct request for (1) 404.php, (2) akismet.php, (3) archive.php, (4) archives.php, (5) attachment.php, (6) blogger.php, (7) comments.php, (8) comments-popup.php, (9) dotclear.php, (10) footer.php, (11) functions.php, (12) header.php, (13) hello.php, (14) wp-content/themes/default/index.php, (15) links.php, (16) livejournal.php, (17) mt.php, (18) page.php, (19) rss.php, (20) searchform.php, (21) search.php, (22) sidebar.php, (23) single.php, (24) textpattern.php, (25) upgrade-functions.php, (26) upgrade-schema.php, or (27) wp-db-backup.php, which reveal the path in various error messages. NOTE: another researcher has disputed the details of this report, stating that version 2.0.5 does not exist. NOTE: the admin-footer.php, admin-functions.php, default-filters.php, edit-form-advanced.php, edit-link-form.php, edit-page-form.php, kses.php, locale.php, rss-functions.php, template-loader.php, and wp-db.php vectors are already covered by CVE-2006-0986. The edit-form-comment.php, vars.php, and wp-settings.php vectors are already covered by CVE-2005-4463. The menu-header.php vector is already covered by CVE-2005-2110. • http://www.securityfocus.com/archive/1/445374/100/0/threaded http://www.securityfocus.com/archive/1/445471/100/0/threaded http://www.securityfocus.com/archive/1/445604/100/0/threaded http://www.securityfocus.com/archive/1/445711/100/0/threaded • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 1CVE-2008-0194 – WordPress Core <= 2.0.3 - Denial of Service
https://notcve.org/view.php?id=CVE-2008-0194
Directory traversal vulnerability in wp-db-backup.php in WordPress 2.0.3 and earlier allows remote attackers to read arbitrary files, delete arbitrary files, and cause a denial of service via a .. (dot dot) in the backup parameter in a wp-db-backup.php action to wp-admin/edit.php. NOTE: this might be the same as CVE-2006-5705.1. Vulnerabilidad de salto de directorio en wp-db-backup.php de WordPress 2.0.3 y anteriores permite a atacantes remotos leer y borrar archivos de su elección, y provocar una denegación de servicio mediante un .. (punto punto) en el parámetro backup en una acción wp-db-backup.php de wp-admin/edit.php. • http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059439.html http://secunia.com/advisories/29014 http://securityreason.com/securityalert/3539 http://securityvulns.ru/Sdocument755.html http://websecurity.com.ua/1676 http://www.debian.org/security/2008/dsa-1502 http://www.securityfocus.com/archive/1/485786/100/0/threaded http://www.securityfocus.com/bid/27123 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-400: Uncontrolled Resource Consumption •
CVSS: 10.0EPSS: 1%CPEs: 4EXPL: 0CVE-2006-4028 – WordPress Core < 2.0.4 - Privilege Escalation
https://notcve.org/view.php?id=CVE-2006-4028
Multiple unspecified vulnerabilities in WordPress before 2.0.4 have unknown impact and remote attack vectors. NOTE: due to lack of details, it is not clear how these issues are different from CVE-2006-3389 and CVE-2006-3390, although it is likely that 2.0.4 addresses an unspecified issue related to "Anyone can register" functionality (user registration for guests). Múltiples vulnerabilidades no especificadas en WordPress anteriores a 2.0.4 tienen impacto y vectores de ataque desconocidos. NOTA: debido a la falta de detalles, no está claro por qué estos problemas son diferentes de CVE-2006-3389 y CVE-2006-3390, aunque es probable que la versión 2.04 solucione un problema no especificado relacionado con la funcionalidad "cualquiera puede registrarse" (registro de usuario para invitados). • http://bugs.gentoo.org/show_bug.cgi?id=142142 http://secunia.com/advisories/21309 http://secunia.com/advisories/21447 http://security.gentoo.org/glsa/glsa-200608-19.xml http://unknowngenius.com/blog/archives/2006/07/26/critical-announcement-to-all-wordpress-users http://unknowngenius.com/blog/archives/2006/07/27/followup-on-wordpress http://wordpress.org/development/2006/07/wordpress-204 http://www.osvdb.org/27633 http://www.securityfocus.com/bid/19247 http://www.vupen. • CWE-285: Improper Authorization •
CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 0CVE-2006-3389
https://notcve.org/view.php?id=CVE-2006-3389
index.php in WordPress 2.0.3 allows remote attackers to obtain sensitive information, such as SQL table prefixes, via an invalid paged parameter, which displays the information in an SQL error message. NOTE: this issue has been disputed by a third party who states that the issue does not leak any target-specific information. index.php en WordPress 2.0.3 permite a los atacante remotos, obtener información sensible como los prefijos de una tabla SQL, a través del parámetro inválido paged, el cual muestra la información en un mensaje de error SQL. NOTA: este asunto ha sido discutido por terceros quienes plantean que el asunto no filtra un información con un objetivo específico. • http://secunia.com/advisories/20928 http://secunia.com/advisories/21447 http://security.gentoo.org/glsa/glsa-200608-19.xml http://securityreason.com/securityalert/1187 http://www.securityfocus.com/archive/1/438942/100/0/threaded http://www.securityfocus.com/archive/1/439031/100/0/threaded http://www.securityfocus.com/archive/1/439062/100/0/threaded http://www.securityfocus.com/archive/1/440127/100/0/threaded http://www.securityfocus.com/bid/18779 http://www.vupen.com&#x •
CVSS: 5.3EPSS: 1%CPEs: 1EXPL: 0CVE-2006-3390 – WordPress Core < 2.0.4 - Full Path Disclosure
https://notcve.org/view.php?id=CVE-2006-3390
WordPress 2.0.3 allows remote attackers to obtain the installation path via a direct request to various files, such as those in the (1) wp-admin, (2) wp-content, and (3) wp-includes directories, possibly due to uninitialized variables. WordPress v2.0.3 permite a atacantes remotos obtener la ruta de instalación a través de una petición directa a varios ficheros, tal como aquellos en el (1)wp-admin, (2) wp-content, and (3) directorios wp-includes, posiblemente debido a variables sin inicializar. • http://secunia.com/advisories/20928 http://secunia.com/advisories/21447 http://security.gentoo.org/glsa/glsa-200608-19.xml http://securityreason.com/securityalert/1187 http://www.securityfocus.com/archive/1/438942/100/0/threaded http://www.securityfocus.com/archive/1/439062/100/0/threaded http://www.securityfocus.com/bid/18779 http://www.vupen.com/english/advisories/2006/2661 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •