CVSS: 10.0EPSS: 1%CPEs: 4EXPL: 0CVE-2006-4028 – WordPress Core < 2.0.4 - Privilege Escalation
https://notcve.org/view.php?id=CVE-2006-4028
Multiple unspecified vulnerabilities in WordPress before 2.0.4 have unknown impact and remote attack vectors. NOTE: due to lack of details, it is not clear how these issues are different from CVE-2006-3389 and CVE-2006-3390, although it is likely that 2.0.4 addresses an unspecified issue related to "Anyone can register" functionality (user registration for guests). Múltiples vulnerabilidades no especificadas en WordPress anteriores a 2.0.4 tienen impacto y vectores de ataque desconocidos. NOTA: debido a la falta de detalles, no está claro por qué estos problemas son diferentes de CVE-2006-3389 y CVE-2006-3390, aunque es probable que la versión 2.04 solucione un problema no especificado relacionado con la funcionalidad "cualquiera puede registrarse" (registro de usuario para invitados). • http://bugs.gentoo.org/show_bug.cgi?id=142142 http://secunia.com/advisories/21309 http://secunia.com/advisories/21447 http://security.gentoo.org/glsa/glsa-200608-19.xml http://unknowngenius.com/blog/archives/2006/07/26/critical-announcement-to-all-wordpress-users http://unknowngenius.com/blog/archives/2006/07/27/followup-on-wordpress http://wordpress.org/development/2006/07/wordpress-204 http://www.osvdb.org/27633 http://www.securityfocus.com/bid/19247 http://www.vupen. • CWE-285: Improper Authorization •
CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 0CVE-2006-3389
https://notcve.org/view.php?id=CVE-2006-3389
index.php in WordPress 2.0.3 allows remote attackers to obtain sensitive information, such as SQL table prefixes, via an invalid paged parameter, which displays the information in an SQL error message. NOTE: this issue has been disputed by a third party who states that the issue does not leak any target-specific information. index.php en WordPress 2.0.3 permite a los atacante remotos, obtener información sensible como los prefijos de una tabla SQL, a través del parámetro inválido paged, el cual muestra la información en un mensaje de error SQL. NOTA: este asunto ha sido discutido por terceros quienes plantean que el asunto no filtra un información con un objetivo específico. • http://secunia.com/advisories/20928 http://secunia.com/advisories/21447 http://security.gentoo.org/glsa/glsa-200608-19.xml http://securityreason.com/securityalert/1187 http://www.securityfocus.com/archive/1/438942/100/0/threaded http://www.securityfocus.com/archive/1/439031/100/0/threaded http://www.securityfocus.com/archive/1/439062/100/0/threaded http://www.securityfocus.com/archive/1/440127/100/0/threaded http://www.securityfocus.com/bid/18779 http://www.vupen.com&#x •
CVSS: 5.3EPSS: 1%CPEs: 1EXPL: 0CVE-2006-3390 – WordPress Core < 2.0.4 - Full Path Disclosure
https://notcve.org/view.php?id=CVE-2006-3390
WordPress 2.0.3 allows remote attackers to obtain the installation path via a direct request to various files, such as those in the (1) wp-admin, (2) wp-content, and (3) wp-includes directories, possibly due to uninitialized variables. WordPress v2.0.3 permite a atacantes remotos obtener la ruta de instalación a través de una petición directa a varios ficheros, tal como aquellos en el (1)wp-admin, (2) wp-content, and (3) directorios wp-includes, posiblemente debido a variables sin inicializar. • http://secunia.com/advisories/20928 http://secunia.com/advisories/21447 http://security.gentoo.org/glsa/glsa-200608-19.xml http://securityreason.com/securityalert/1187 http://www.securityfocus.com/archive/1/438942/100/0/threaded http://www.securityfocus.com/archive/1/439062/100/0/threaded http://www.securityfocus.com/bid/18779 http://www.vupen.com/english/advisories/2006/2661 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 2%CPEs: 1EXPL: 2CVE-2006-2702 – WordPress Core < 2.0.3 - IP Address Spoofing
https://notcve.org/view.php?id=CVE-2006-2702
vars.php in WordPress 2.0.2, possibly when running on Mac OS X, allows remote attackers to spoof their IP address via a PC_REMOTE_ADDR HTTP header, which vars.php uses to redefine $_SERVER['REMOTE_ADDR']. • http://retrogod.altervista.org/wordpress_202_xpl.html http://secunia.com/advisories/20271 http://secunia.com/advisories/20608 http://www.gentoo.org/security/en/glsa/glsa-200606-08.xml http://www.osvdb.org/25935 http://www.securityfocus.com/archive/1/435039/100/0/threaded http://www.vupen.com/english/advisories/2006/1992 https://exchange.xforce.ibmcloud.com/vulnerabilities/26688 • CWE-348: Use of Less Trusted Source •
CVSS: 8.8EPSS: 12%CPEs: 1EXPL: 2CVE-2006-2667 – WordPress Core < 2.0.3 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2006-2667
Direct static code injection vulnerability in WordPress 2.0.2 and earlier allows remote attackers to execute arbitrary commands by inserting a carriage return and PHP code when updating a profile, which is appended after a special comment sequence into files in (1) wp-content/cache/userlogins/ (2) wp-content/cache/users/ which are later included by cache.php, as demonstrated using the displayname argument. • https://www.exploit-db.com/exploits/6 http://retrogod.altervista.org/wordpress_202_xpl.html http://secunia.com/advisories/20271 http://secunia.com/advisories/20608 http://www.gentoo.org/security/en/glsa/glsa-200606-08.xml http://www.osvdb.org/25777 http://www.securityfocus.com/archive/1/435039/100/0/threaded http://www.securityfocus.com/bid/18372 http://www.vupen.com/english/advisories/2006/1992 https://exchange.xforce.ibmcloud.com/vulnerabilities/26687 • CWE-94: Improper Control of Generation of Code ('Code Injection') •