CVE-2004-1584 – WordPress Core <= 1.2 - HTTP Response Splitting
https://notcve.org/view.php?id=CVE-2004-1584
CRLF injection vulnerability in wp-login.php in WordPress 1.2 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the text parameter. • https://www.exploit-db.com/exploits/570 http://marc.info/?l=bugtraq&m=109716327724041&w=2 http://secunia.com/advisories/12773 http://wordpress.org/development/2004/10/wp-121 http://www.gentoo.org/security/en/glsa/glsa-200410-12.xml http://www.securityfocus.com/bid/11348 https://exchange.xforce.ibmcloud.com/vulnerabilities/17649 • CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') •
CVE-2003-1598 – WordPress Core < 0.72 - SQL Injection
https://notcve.org/view.php?id=CVE-2003-1598
SQL injection vulnerability in log.header.php in WordPress 0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the posts variable. Una vulnerabilidad de inyección SQL en el archivo log.header.php en WordPress versión 0.7 y anteriores, permite a los atacantes remotos ejecutar comandos SQL arbitrarios por medio de la variable posts. • http://osvdb.org/show/osvdb/4610 http://seclists.org/oss-sec/2012/q1/77 http://secunia.com/advisories/8954 http://www.kernelpanik.org/docs/kernelpanik/wordpressadv.txt http://www.securityfocus.com/bid/7784 https://exchange.xforce.ibmcloud.com/vulnerabilities/12204 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2003-1599 – WordPress Core <= 0.70 - Remote File Inclusion
https://notcve.org/view.php?id=CVE-2003-1599
PHP remote file inclusion vulnerability in wp-links/links.all.php in WordPress 0.70 allows remote attackers to execute arbitrary PHP code via a URL in the $abspath variable. Una vulnerabilidad de inclusión de archivo PHP remota en archivo wp-links/links.all.php en WordPress versión 0.70, permite a los atacantes remotos ejecutar código PHP arbitrario por medio de una URL en la variable $abspath. • http://www.kernelpanik.org/docs/kernelpanik/wordpressadv.txt http://www.openwall.com/lists/oss-security/2012/01/06/3 http://www.osvdb.org/4611 http://www.securityfocus.com/bid/7785 https://exchange.xforce.ibmcloud.com/vulnerabilities/12205 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •